Energy Title
Transport Title
Public Sector

The Process Security Landscape

Fresh from presenting at the European SANS SCADA & Process Control System Security Summit in Rome, Andrew Wadsworth, Amor’s Head of Process Control Security, shares his thoughts on the conference and the current state of process control systems’ security.  

“SANS is a great opportunity to catch up with leaders in process control security from all over the world.  A number of themes stood out this year with process control systems getting more attention with reports of vulnerabilities to the US ICS-CERT up 753% this year.  Researchers are posting proof-of-concept or full exploit code on the internet, making it increasingly easy for the “bad-guys” to launch effective attacks.  

“Second, confirming Amor’s experience, very few organisations have a complete inventory of their control systems.  We say this is essential because if you don’t know what you have you can’t secure it.  Third, aside from plant performance logs, there is very little logging of what’s happening on the control network and machines.  Good logs and, critically, log analysis, help identify problems and are vital for forensic analysis of incidents.  

“Robust and tested response plans are a rarity for when (and it is when, not if) security incidents occur, assuming they are even detected.  

“Lastly, the Australian Defence Signals Directorate has identified application whitelisting as one of the four most important things you can do to secure your systems.  The full list is available here.  Amor was the only company at the conference with experience of implementing whitelisting on live systems and in a position to help companies implement this technology.  

“The potential human and economic impact of incidents together with growing evidence of attacks targeted at process control systems is pushing security up the agenda.  Secure supply of electricity, water, gas, communications, health services, etc. is a major concern at Government level and to companies in those industries, but any company in which production relies on control systems is a possible target with potentially major impact on their people, reputation and shareholder value.  

“Security needs serious, concerted and enduring effort.  Mostly, it’s not rocket science but neither is it easy needing time and the right resources.  Security complements process safety and process optimisation to assure companies and Governments that production processes continue to operate as they should.  Simply, that means the lights stay on, water comes out of the taps and gas heats our homes, offices, hospitals, factories, and day-to-day life and business carries on as normal.”

Making Process Safety Risks Visible

processsafety_transparent_resizedWhat if Process Safety risks were are visibile as Health & Safety risks? Would you feel more in control?

Would you be able to act upon increasing risks quicker?

Control loops on manual, shift handovers not completed, modifications not documented, these are just some examples of failures in operational controls which have been contributory factors in major process safety incidents such as Texas City.

Often these warning signs are hidden in disparate management systems making it almost impossible to easily see the true status of risks across your organisation at any given moment.

To help on the journey to becomng a high reliability organisation Amor Group, in cojnuction with ScottishPower, has commenced a series of webinars that examine key areas of process safety.

The first of these looked at ScottishPower's award winning approach to Process Safety and how this has enabled numerous and significant business transformations with Martin Sedgwick, Head of Engineering and R&D Technical Services. 

Held on 7th December, the content of webinar is now available in a variety of formats:

If you like this content, we'll be hosting a series of 7 further webinars taking a more in-depth look at each of the key elements of process safety excellence, starting with Culture & Leadership. These webinars will include further participation from ScottishPower and the UK's HSE and will begin at the end of January.

Visit amorgroup.com/news-and-events/ in early January to sign up for the webinar.

Taking Cyber Security Stateside

Cyber security appears to be a buzzword that is pervading each and every key industry across the world, but for Amor it is a critical part of our toolset that is helping Energy operators secure their assets, globally. 

processsecurity_notag

Most recently, Amor has been working on a project on the US West coast with a large oil & gas producer who called on our expertise to help ensure their process security policy and procedures continued to be in line with industry best practice, ensuring their strategic production assets were not vulnerable to attack. 

In order to service the contract Amor has mobilised their Houston, Texas based team of Security Consultants alongside members of Aberdeen, Scotland based process security team to the US West coast.

Dave Bruce, Energy Sector Director said: 

We are delighted with this success in the US market, particularly in a key strategic region that can be supported via our Houston office. Winning new business with a leading organisation is testament to the talent of the team we have across our global network. The US economy is the biggest in the world and this offers us a foothold to gain further new business in the Americas.

This deal underlines our expertise in providing services and IT support to the Energy sector. I am pleased that we are working with another international client that underlines our growing global footprint.

Expanding CDM in to Terminal Operations

The challenges of queuing at immigration have been brought to the fore by the recent UKBA revelations and strike action which saw many inbound flights in to major London airports cancelled.

There is no disputing security has to be paramount at all borders including Airports. However, increased security measures have undoubtedly had an impact on passengers’ progress through airports. There is mounting pressure on the powers that be to address queue times at passport control – particularly at key hubs such as Heathrow, especially in light of the forthcoming Olympics.

Currently there are a number of different stakeholders at airports, including airlines, ground handling operators, retailers and, of course, immigration. All of them run their operational systems in silos. This divergent approach means that identification of potential issues that could negatively impact passengers are not shared and therefore problems are confounded.

If airport stakeholders work in unison, sharing demand forecasts and tactical readjustments in real time, then the likelihood of service levels dipping and the resultant security compromising actions would be diminished. These initiatives are already prevalent in the Airport environment with a concept known as Collaborative Decision Making (CDM). CDM is targeted at ensuring Airports, Airlines and Air Navigation Service Providers around the world implement a common platform for information sharing across airside operations.

This is not an impending silver bullet for the operational challenges around immigration however. To adequately respond to the challenge, CDM must extend beyond the gate, deep in to terminal operations and across a greater number of stakeholders throughout the airport operation – truly facilitating what operators understand to be a real time airport.

By implementing systems to manage queues using the latest technology to track pinch points in real time, this joined-up approach allows airports and their stakeholders (including immigration) to work together to put resources in place to manage issues immediately. While the issues facing the UKBA depend on having the available resources, this approach has already been proven to make a difference.

This collaborative decision making approach is supported by industry body, Airports Council International. Given the implications for the UK in terms of tourism and reputation as a commercial centre, we cannot return to queues of two to three hours for visitors from outside the European Union. We need to act now.

WiFi - current or future technology?

Anyone with a passing interest in mobile technology will not have failed to notice Google taking their comprehensive mapping quest indoors to provide interactive wayfinding inside a select number of airports and retail locations across USA and Japan. 

Many claim to have cracked indoor location tracking and wayfinding, but has Google finally provided a robust and accurate solution? 

In airport terms, no. The rationale for utilising Bluetooth, A-GPS or WiFi for indoor location tracking within the airport environment is two-fold. First is to provide passengers with enhanced wayfinding, ensuring their journey through the terminal is as relaxed and smooth as possible. It's sole purpose is to deliver passenger through security in to revenue generating retail environments ready to spend. Charles De Gaulle airport is the most recent example of airports embracing this type of enhance mobile wayfinding, facilitated by offering free WiFi for enhanced accuracy and hoping the trade off in increased retail revenue is significant.  

Second amonst these is to allow airport operators to better understand passenger dwell, flow and queue metrics throughout the terminal. This is the stage where Google's new indoor mapping falls short in terms of being a viable operational improvement tool. 

Dropping from GPS and using only standard cell triangulation provides accuracy of only 200m-1000m. By adding WiFi to the mix, Google hopes to get this accuracy down to approximately 10m - although this will require co-operation with the airports to undertake full surveys. In an airport operational environment this is good, but not accurate enough to measure queue length, dwell time in an area or even locate delayed passengers for an express pass to their transfer flight. Using a different methodology, existing Bluetooth technologies offer 1m-5m positioning accuracy and represent a more convincing technological argument than WiFi currently. That is not to say that they cannot both be implemented further down the line, with Amor currently trialling augmented WiFi positioning at 2 European airports utilising the existing Bluetooth tracking infrastructure. 

In airport operations, there is no silver technology bullet to solve all operational issues. As outlined by Transport Sector Director, Martin Bowman and Mazhar Butt, Head of Service Delivery at Dubai Airports in a recent presentation at Airport Exchange 2011 in Abu Dhabi; operators must embrace a technology eco-system customised to the airport's specific passenger and operational profile. WiFi will become part of this eco-system in due course, but the solution is not mature enough to become a key operational tool in its current guise. 

For a copy of Amor and Dubai's presentation "Delivering the Real Time Airport at DXB", head over to Slideshare.

ARINC and Amor announce N.American partnership

arinc_logoARINC Managed Services, leading provider of managed IT systems for the aviation industry, is entering a strategic partnership with Amor to offer a 'best-of-breed' proposition to the US aviation marketplace.

ARINC Managed Services will leverage its airport IT resources throughout North America to provide a delivery and support network for the Amor PAXPath+ suite of airport technologies, including BLIPTrackTM automated wait time measurement.

Chris Forrest, Managing Director, ARINC Managed Services said of the partnership:

ARINC Managed Services (AMS) is a world leader in managed IT services and support for airports. We are pleased to expand our IT maintenance services to support this new technology. Predicting waiting times in front of security is another way to enable an improved passenger experience

The Chroma Suite consolidates disconnected terminal and airside systems, processes and operations including automated wait time solutions; ensuring passengers remain the ultimate focus. It enables truly collaborative decision making across some of the world's largest and most efficient airports, delivering the Real Time Airport, today.

Martin Bowman, Transport Sector Director commented: 

This agreement with ARINC delivers a powerful proposition to the US aviation industry. ARINC are experts in integration and support with an outstanding  track record in this US aviation market.  The combined knowledge of airport operations from our two companies is unrivalled anywhere in the world. With a robust support network in place, ARINC are able to provide customised services to the North American market. 

Acquisition Brings Clinical Expertise to Public Services

Amor’s recent acquisition brings on board a dedicated healthcare IT systems and services company, Invisys.  With a team of clinical IT specialists, Invisys has extensive experience and subject matter expertise within their team. Having worked with over 20 NHS Trusts and strategic health authorities throughout the UK and internationally, Invisys compliments Amor’s existing offerings within public services.

Recent examples of this include a strategic review for a newly merged acute and community Trust in North West England and the deployment and establishment of informatics to support a new Private Finance Initiative hospital in South East England. 

Managing Director of Invisys, Tony Corkett, a former radiographer, says “Currently there has been a substantial level of change within the NHS information management in England. With Amor, we can now offer our customers a comprehensive range of services and products Supporting areas such as Patient Archive Communication System (PACS) and RIS, which account for almost 80% of the contracts let under the National Programme for IT. We bring to Amor an experienced team that supports all aspects of radiology IT from specification and business case development to procurement and implementation.”
Amor Group Chief Executive Officer John Innes said: “This deal reflects our growth strategy of delivering sustainable organic growth augmented by complimentary acquisitions.  It helps expand our global reach with best-of-breed products that drive international revenues.  We are well on track to achieve our goal of £100m revenues by 2013.  Bringing Invisys into the fold allows us to extend our offering in the vibrant healthcare sector that is increasingly demanding more enhanced, intelligent systems.”

The change of direction towards how IT is provided and what is required to deliver an electronic patient record means that hospitals require flexible systems, who, in the current climate, are looking for a more cost effective and manageable option.  Amor provides a range of clinical and IT support systems that are manageable, flexible and cost effective to the healthcare market. It currently supporting clinical departments with solutions for infection control auditing and for IT services a PC power management system to reduce carbon emissions and save on energy costs. For more information please contact info@amorgroup.com

Delivering the Flagship eProcurement Scotland Service

sglogoSecuring its biggest ever single contract, Amor will manage and deliver the flagship eProcurement Scotland Service (ePS) for the Scottish Government. The contract win, which is worth £18.5m over four years, will deliver cost savings whilst significantly reducing carbon footprint levels. 

Alex Neil, the Scottish Government’s Cabinet Secretary for Infrastructure and Capital Investment said “The procurement exercise was highly competitive. The award of this contract builds upon Scotland’s successes in the deployment and management of public sector eProcurement technologies. It also showcases Scotland’s supplier capability to host and manage what is regarded as one of the leading government eCommerce services.” 

As part of the contract award, Amor’s new Purchase to Pay (P2P) Service Management service went live on 5th November 2011.  The service provides direct support to over 100 Public Sector organisations throughout Scotland, including Health Boards, Universities, Colleges, Local Authorities and multiple Government Agencies and Bodies.  P2P allows purchases to be processed electronically from requisition to payment. It supports electronic sourcing activities undertaken by public sector procurement professionals. 

The service will be delivered by Amor Group from a range of locations around Scotland. The Scottish Government’s Saughton House in Edinburgh will be the main hosting centre. User support services will be provided from the Amor Assist Service Desk in Aberdeen which offers 24x7 support for all users. Finally, support for the integration and transition process will come from Amor Group’s India of Inchinnan headquarters, just outside Glasgow.

John Innes, Chief Executive Officer of Amor Group said: “Efficient and effective procurement is at the heart of delivering savings through quality services, which is fundamental to supporting a successful Scotland. We will enable public service organisations to become more effective and respond to local needs by facilitating better buying decisions through ePS.” 

Amor will continue to consolidate the on-going services as well as implementing a service improvement phase. This phase will include improving the performance of data provision from the PECOS Service and continuing with the implementation of new primary and secondary data centres in Scotland. 

Effectively Managing University Entitlement

In an age of information, it is a paradox that a learner chooses their further and higher education (FHE) options using the ‘emotional lottery’ method, rather than by logical analysis.  Choosing a course seems to be based on location and perceived institution reputation rather than the actual teaching experience, the cost of the course and level of outcome.  Reality is starting to bite; the introduction of tuition fees has a material impact in the decision making process, with recent reports of University applications down 13%. An interesting question remains as to the motivation for a FHE establishment offering a more affordable set of tuition fees and whether they can deliver as good a quality course as one who is able to command the higher prices.

In a world where competition for funding is tough and there is pressure to cut costs, do we not need to know how and where funding is allocated at course level, particularly when FHE providers have been largely freed to set their own fee rates?

From a governmental perspective, the management of entitlement to courses and funding crosses many departmental boundaries: 

  • - BIS: via the SFA – targeted funding of lifelong learning
            • - DfE: at the edge, where students pass through the hands of UCAS and SLC to HE, in the NEET category and in additional Special Needs support
            • - DWP: the impact of training and courses on benefits for the unemployed.  Re-training of individuals allowing them to gain employment. How do they know what they might be able to re-train in? How do individuals recognise and utilise transferable skills
            • - MoJ: tracking training and benefits in relation to the prevention of re-offending

There is a real need - and benefit – to managing entitlement.  The Personal Learner Record is the start of this journey, allowing learners to access some of the information they need, but there is so much more that can be achieved; funds allocated effectively and appropriately - reducing administration, providing better authentication, reduced duplication or misdirection of funds; more informed learners (fewer drop-outs or course changes); a better skilled workforce (more able to meet the demands of opportunities in the economy’s recovery); and management Information (better insight into need, benefit and outcome to drive future strategy).

To deliver this in a seamless manner with commonality of data appears sensible.  The art will be in maximising the benefit of the collateral already in existence and opening data standards within central government.  This will need a significant behavioural change, but the benefits that can be realised in cash savings alone should open the eyes of even the most entrenched, given the economic climate and pressure on public spending.

Seasons Greetings

It's that time of year when it's perhaps appropriate to reflect on 2011 and to look ahead at what the future might bring. 

It was a very good year for Amor! We employed 200 more people, grew our sales and profits, expanded internationally, made several key acquisitions, won our largest ever contracts and fostered our Charity and Community partnerships. We transformed our performance management systems, continued our cultural journey to creating One Amor and established Triple A - a best in class assist, assurance and advance service. 

None of that stuff was easy - the list isn't exhaustive either! But we did it because of our remarkable team of people that always works to be the best. There are many challenges that lie ahead; the macro economy is uncertain, cash remains tight and we must continue to manage our costs tightly to ensure the long term health of the business.

I look forward to speaking to many of you in the New Year and wish you all the best over the festive season. 

 

John Innes

CEO

This e-mail address is being protected from spambots. You need JavaScript enabled to view it