Security Incidents

The immediate response to any incident or breach of security which impacts on the integrity of the road network, its associated assets and systems, and/or information is more likely to be effective if:

• it is based around a plan that has been prepared in advance and rehearsed
• the plan has been developed in collaboration with key stakeholders
• the plan has been kept up to date

A security response plan increases the chance that local communities, businesses, transportation and emergency services will be able to continue to function following less severe incidents – without the need for the authorities to implement contingency arrangements. Where contingency arrangements become necessary, these should include business continuity measures as well as disaster and incident recovery actions. The aim is to mitigate impacts arising in the event of failure or impairment or non-availability of part of the network or related systems. (See Incident Response Plans)

To produce a plan of this type, it is necessary to identify:

• those parts of the network or assets that are most at risk or where the consequences may be most severe. For example, where the network provides access to isolated communities or emergency services, or are part of crucial network links
• alternative network routes which can be utilised and are at lower risk
• processes of inspection, public reporting of issues and accurate record-keeping – to better establish and monitor areas where issues arise
• warning procedures to provide alerts of threats such as severe weather events
• health and safety issues specific to each threat
• the lead authority and the key decision-makers and other parties who need to be informed of the situation in the event of an incident, including the emergency services
• the processes by which key decisions should be made
• the mitigation measures to be implemented, including specific health and safety considerations
• methods for communicating with members of the public including effective working arrangements with local press and broadcast media including social media. These can, where applicable, enable presentation of timely and accurate information and advice on infrastructure condition
• training needs for staff and key stakeholders on measures and processes to be included in the plan(s)
• arrangements for obtaining reserve supplies of key resources to support a minimum resilience standard
• the business continuity measures required in the event of a failure or breach of the mitigation measures – resulting in the failure, impairment or non-availability of part of the network or related systems
• disaster or incident recovery actions
• arrangements for regular reviews of the plan to take account of changing circumstances, and to monitor of its implementation in the event of incident.

Security Incident response

In the event of a security incident, it is important that steps are taken to contain and recover from the event. (See Traffic Incidents)

During a security incident the response should include:

• measures for reducing further damage or loss
• an assessment of what has been lost, compromised, damaged or corrupted
• and if required, the collection of evidence for law enforcement purposes
• Where it is necessary to collect evidence for law enforcement – all evidence (both physical and digital) that may help investigators to identify the cause of the event and its perpetrators, should be preserved and collected before any recovery actions are taken. The exception being where immediate recovery actions are critical to saving life

It may also be necessary to notify third parties – for example, service providers, regulatory bodies, and law enforcement agencies – in order to manage the incident effectively, including management of traffic on the surrounding network, and to minimise further disruption.

The provision of appropriate and timely information and advice to members of the public will also help in the management of the incident and minimise further disruption to the network. (See Emergency Response)