Risk Mitigation
Counter-measures can help reduce the level of threat to the security of roads and highways and mitigate the potential for disruption. The decision whether to accept identified risks or implement mitigation measures, (and what measures to deploy) may fall to different parties according to the circumstances. It may be:
- the employer or owner – for example, of a traffic control centre
- the contractor involved in some aspect of managing and maintaining equipment and infrastructure
- the road authority or road operator – because of possible legal liabilities
- the financer or investor where privately-owned assets are involved
- or the state, as a matter of public policy.
The decision about what mitigation measures will be implemented will depend on a number of factors:
- the cost of the measure and its implementation
- the anticipated reduction in the identified risk
- any undesirable impacts which the mitigation measure may have
- the potential for the measure to introduce other vulnerabilities
- whether the proposed measure has any benefits in addition to an improvement in security
Damage or disruption to the construction, operation or maintenance of the highway network arising from intended events – such as civil protests and strikes, malicious attacks, or theft of equipment – may be managed by improving security. For example:
- protective physical measures being placed around sites vulnerable to threats
- enhanced stakeholder management, for example early community engagement and consultation
- planning on traffic routeing and the implementation of works – which take into account, the outcome of the security risk assessment.
- It may also be necessary – depending on the level of criticality – to develop appropriate and proportionate plans and processes for dealing with different potential outcomes – in case mitigation measures fail.
- Unintentional, non-directed and unpredicted events (such as severe weather events, pandemics, hazardous materials, and disruption to other transport modes) will also need managing – to reduce the risk of damage and disruption to the infrastructure’s safety, sustainability, serviceability and resilience.
- In all cases it is advisable to have in place appropriate and proportionate plans and processes for dealing with different types of incident.
Network Operating Systems
Damage or disruption to the highway network operating systems and associated information can have a serious impact on road users and network performance. The outcome is unlikely, though, to pose a major danger to road safety or network serviceability. For example, the loss of satellite navigation can be inconvenient and difficult to prevent. In the event of a failure – so long as there is adequate directional signage on the highway – it is unlikely to have a significant impact on the ability of the network to meet users’ needs.
Equipment Security
Measures relating to the design, location and physical security of equipment cabinets, sensors and cabling routes – which may be at risk from theft or other malicious attack – should be taken into consideration when the assets are first introduced. For existing assets, physical security measures will need to be proportionate – when balancing cost and constraints against the impact of the loss, compromise or failure of the network and associated assets.
Software Systems and ITS Infrastructure
A security minded approach can manage the risk of loss, theft or corruption of software systems, systems for processing financial and/or personal data, and systems providing communications or power supply. This approach is based on the implementation of appropriate and proportionate policies, processes and procedures focusing on four areas – people, business process, physical security, and cyber-security. (See Network Security)
Where wireless technologies are employed in the system, consideration needs to be given to the impact of jamming or interference, and appropriate measures adopted to protect system confidentiality, integrity and availability. Depending on the criticality of individual systems, a variety of business continuity and disaster recovery solutions may also need to be developed.
Weather events
It may be possible to mitigate some of the effects of severe weather on the road pavement, structures, drainage systems and sensors – by:
- carefully selecting the most appropriate design, materials, methods and systems used in new infrastructure
- incorporating these into the existing network as and when improvement works are undertaken
- anticipating where severe weather or flooding may occur and installing weather monitoring an flood warning systems (See Weather Management)