Trying to out-fox criminals is a demanding challenge, and while being open and transparent with security sounds counterintuitive, Jemena’s Operational Delivery Risk Manager, Justin Morghem, insists this type of collaboration and cooperation makes corporations and communities more resilient to crime.
Mr Morghem knows a thing or two about security. With nearly 25 years in the intelligence industry, he has served on police forces in the UK and Australia, and worked with the coalition forces in Iraq, training the National Police. His career has taken him from a ‘Bobby on the beat’ to managing major incident rooms and operating in war-torn military zones.
“It’s not about being paranoid or jumping at shadows, but we have to acknowledge that we are operating in a particularly sensitive sector – energy. We have a duty to protect the nation’s energy networks and ensure communities, including our employees, are safe,” Mr Morghem said.
“Until recently, we, like many other companies, worked in isolation. Sharing news was thought to be a sign of weakness. But technology has changed the way we operate. It has opened the door to s
ome negative changes, such as cyber-crime, hacking and data breaches, but it has also enabled real-time information, high performance soft and hardware and greater connectivity.
“Today, technology has encouraged greater openness and transparency and we find we regularly share information across different platforms with partners, which is a significant change in mindset.”
Industry shares, community benefits
In a recent example of greater collaboration, Jemena installed new high-tech surveillance software at one facility and was so impressed by its connectivity that it recommended the system to other energy companies, some of them considered rivals.
This has enabled a compatible network of like-minded organisations, acting as eyes and ears not just for themselves, but for each other, and beyond.
Utility companies, infrastructure developers, transport organisations, governments, agencies and a whole gamut of critical infrastructure providers are increasingly becoming connected. As the net widens, the knowledge deepens and the resilience increases.
“The availability of critical infrastructure can no longer be considered in silos. We are all in the same fight against threats and criminality, so we are stronger by working together in an interlinked environment,” Mr Morghem said.
And Jemena has seen an important flow-on effect to the group at the heart of its activities – its customers.
“We have had customers, who were initially hesitant about new security systems being installed on assets near their home, now thanking us, because criminals who had targeted the area have now moved on,” Mr Morghem said.
“CCTV, sirens and facial recognition cameras are just some of the systems we deploy. We openly share this information as we want would-be criminals to know they will be identified and arrested.“
Jemena is a member of several formal industry bodies dedicated to Critical Infrastructure Resilience, and cyber security has emerged as one of the key discussion points within these networks.
After high-profile cyber attacks on Ukraine’s energy grid in late 2017 and the UK’s National Health Service mid-2018, cyber security has become one of the leading challenges of today.
In addition, the last twelve months saw a number of cyber ransom campaigns, whereby systems were compromised and payments demanded from victims to regain access. In many cases, companies didn’t know they had been infiltrated until months after the initial breach.
“The impact of data and online breaches can be devastating, and we take them seriously. But security is a 360 degree approach and it is about ensuring all defences are equally strong and well supported. Investing in cyber response capabilities is vital, ignoring the risks can have serious consequences,” Mr Morghem said.
And that is why, when Jemena established a new cyber security unit, it was important for it to collaborate across other internal security areas to share intelligence, information and resources.
“We are a data rich organisation and we rely on online technology, therefore it is essential to constantly review and update our security measures. The lessons we learn will be fed into training across our corporate resilience approach, and shared with industry,” Mr Morghem said.
Morghem’s watchwords: collaboration, teamwork and training
Collaboration and teamwork are Mr Morghem’s watchwords. As is training – and for good reason.
As a fresh-faced Metropolitan Police recruit in London, two weeks after leaving cadet college, he was travelling in a police car when a chase with a stolen car began. Quickly, the pursuit became a foot chase, and, with his two colleagues running after two of the car’s occupants, the rooky set off after the driver. With no handcuffs and only an old fashioned, standard-issue wooden truncheon to protect himself, he successfully arrested the culprit and in the process, received the first of many commendations in a highly decorated career.
“Even though I was wet behind the ears, I was confident. I knew the law, I knew the procedure and I knew I was physically and mentally ready for a situation like that. My training had given me the capacity to do my job in a challenging situation. That’s why I am so passionate about training of any type. Training is the time to ask questions, push limits and test knowledge because you never know how soon you’ll need it,” Mr Morghem said.
Jemena runs a number of in-house training exercises throughout the year to test processes and build internal capability. The exercises are kept as realistic as possible by combining a risk-based approach, using case studies and real-life scenarios.
“Like most working environments, we have a number of internal security protocols, which are constantly reviewed and tested. For us, it is imperative that staff have the tools they need to recognise threats and follow protocols. New starters receive building and access security advice during their induction and we empower our employees to assess risk and report suspicious behaviour,” Mr Morghem said.
“For us, these skills are not just for the benefit of the company, but they are life skills which benefit the individual and their community. Personal resilience is just as important to a company as firewalls and CCTV cameras and essential as corporations develop a culture of all-round systems of resilience to detect and deter crime.”
And when it comes to online security, Mr Morghem’s team keep a constant vigil.
“If there’s a change in a data pattern, we ask ourselves, what does it mean? From this we can consider the severity of a situation and implement well-rehearsed procedures. We conduct regular drills and exercises to ensure all stakeholders know what to do and when,” Mr Morghem said.
Maturing corporate security
Organisations such as Jemena work closely with a range of national and state-based agencies both in terms of cyber security issues, as well as physical and corporate threats.
Mr Morghem says that across the board, there is a better understanding that stand-alone approaches can create gaps, whereas multi-functioning, highly connected and technology-led systems are more efficient and effective.
“When you then add the increasingly positive attitude towards collaboration with communities, industry and agencies, you start to see that what was once a patchwork of security measures, is now a big picture approach,” Mr Morghem said.
“This is exciting, and while there will always be ‘bad guys’ out there, we should have confidence that we are well equipped, well informed and well trained to continue to protect our national assets.”