Facilities Security Requires a Comprehensive Approach
Burns Engineering’s Security Practice Leader Rene Rieder Jr. Talks Facilities Security, the Importance of Communication and How to Balance Form with Function in Ways that Enhance Security
CURTIS MARQUARDT JR:
Please tell our readers about yourself and your experience working in security.
RENE RIEDER JR:
Certainly! I have nearly three decades of security design and engineering experience involving planning, development, design, project management, construction, installation and commissioning of electronic and physical security solutions. I currently serve as the Vice Chair of the ASIS Security Architecture Engineering Council and the Education Chair overseeing the Facility Security Design (FSD) course. Recently, I led the development of the new ASIS Physical Asset Protection (PAP) Design Standard.
CURTIS MARQUARDT JR:
That’s an impressive background! So happy you can join us to talk security. Utilities are facing increasing physical attacks. Many make headlines, but many don’t. What threats should utilities be thinking about more?
RENE RIEDER JR:
While there are multiple other threats to consider, two common examples I include with my assessments are insider threat and services provided by a third party that are critical for operations. The insider threat is a constant and difficult to predict threat to any organization. When I complete security assessments, I look at training records, security policies and procedures, access privileges, change control systems, user access control/entry monitoring procedures, to name a few.
An example of the second threat may include natural gas supply, which is supplied by a third party to power the generator. Although, the concern is: where are the shut offs, are they protected and who is responsible for protecting these valves? Understanding these critical factors, which may not be in the control of the utility, are a critical part of the security assessment.
CURTIS MARQUARDT JR:
Can you share some best practices utilities should consider when they look to balance the form and function of security?
RENE RIEDER JR:
Security for utilities must be effective yet integrated into the environment, in such a way that protection is not achieved at the expense of operational efficiency. A balanced security strategy is a layered defense that considers natural surveillance, physical barriers and technology. Principles such as Crime Prevention Through Environmental Design (CPTED) can guide the placement of access control, optimized lighting and clear sightlines to minimize vulnerability while also maintaining openness and functionality in a space. Security solutions should enhance, not encumber, daily operations, so employees, contractors and visitors can move about with ease while remaining safe from undue risk.
CURTIS MARQUARDT JR:
For those utility security professionals who might have limited resources to make impactful changes to their facility security, what are some easier, more budget friendly things they might consider prioritizing to improve security?
RENE RIEDER JR:
I would recommend starting simply by figuring out if there is an established, documented and current security program/policy that is approved by leadership. At a minimum, the security policy should define the level of protection for the facility, security responsibilities/response procedures and expectations for employees and visitors.
Additionally, when considering capital program improvements, focus on muti-department projects and wins. For example, thermal cameras at remote unmanned substations could greatly increase security monitoring and the ability to detect unauthorized access, but this type of camera can also be used to detect when a piece of equipment exceeds a temperature threshold, identifying potential equipment overload. So, this type of camera may be cost prohibitive for a security department, but the fact that its cost could be shared across multiple departments provides a better pathway for deployment.
CURTIS MARQUARDT JR:
You’ve also worked internally with many organizations and have seen some of the human interaction that shapes the strategy and planning process. What are some recommendations you would give utility security professionals as it relates to getting buy in, working with other departments, etc. in ways that ensure greater security success?
RENE RIEDER JR:
Communication is key. Utility organizations have very strong safety cultures because they train all staff to know and understand their role in contributing to a safe working environment. Unfortunately, security is often looked at as “ the security team’s problem” to address.
A strong security culture—just like a strong safety culture—requireseveryone at the organization taking ownership and levels of responsibility. The resulting impact is that buy-in on the security project is greatly increased because different departments understand their role in creating a secure culture for the organization.
Additionally, security needs to have a seat at the table. Successful security groups have seats at the table and are part of all planning, upgrade and construction projects. While a project may not require security upgrades today, security professionals always need to consider dynamic and changing threats.
CURTIS MARQUARDT JR:
Last, if you could see into the future, what are the security challenges that exist in that time that aren’t perhaps front of mind or pervasive today?
RENE RIEDER JR:
For me, the two biggest areas of concern are homegrown violent extremists and the use of drones. Utility companies should be looking into identifying funding investments in drone detection and response technologies to be fully prepared for this emerging threat.
About René Rieder Jr.:
René Rieder Jr, PSP, CPP, CSC is the Security Practice Leader for Burns Engineering, with over 25 years of experience in designing security solutions. His expertise spans vulnerability assessments, security master planning, and the design of access control, video surveillance, and risk mitigation systems. Known for his innovative yet practical approach, René helps clients navigate operational, financial and regulatory challenges while enhancing their security posture.