The security control centre, as the nerve centre of an airport’s security operations, is changing. This evolution is driven by a combination of factors including: increasing digitisation and information system integration, a drive towards integration of security functions with other airport operations, impact of the Internet of Things (IoT), new ways of visualisation and collaboration, distributed rather than centralised intelligence, and increasing complexity and changing context of use for the agents. All these factors in turn need to be taken into account in an environment of evolving security threats. With this in mind, the traditional considerations which have influenced the design and planning of such control centres need to be refreshed. Arup’s Manan Shah and Mandana Kazem discuss how these drivers are impacting the transformation of security control centres.
One of the key investments an airport authority needs to make is in their security control centre(s). Airports undergoing new developments can take time from design to construction to operational readiness with programme durations spanning anything from three to ten years. A common question from the airport security manager in that time will be: What should my security control centre ‘look like’ when the airport opens in 2025 – 2030? The construction director also wants to know how ‘big’ should it be? There is no simple answer.
SECURITY OPERATIONS: A SHIFT IN EMPHASIS
Security is present throughout the entire airport’s operations, whether it concerns assets, facilities, passengers, cargo, baggage, airlines or multi-modal transport. Yet, why is it so common that the security control centre is designed and managed as a standalone function and asset?
Can this misalignment be corrected? There is a noticeable shift globally where the security and other airport and airline operations departments – landside, airside, terminal, retail, facilities and IT operations – are working in a much more integrated and collaborative manner than traditionally seen. This increased integration must therefore be mirrored in the control centre and between the control centre and operational personnel. On the one hand, consolidation of control room functions is occurring whilst at another level distributed control (as opposed to centralised control) is also transforming operations.
However, the airport’s security risk management arrangements and the national security regulatory frameworks under which the airport functions may call for, at times, the separation of information and management functions. The key is striking the right balance in the security control and monitoring organisation to optimise both the security specific and the broader airport business needs. A simple example includes monitoring the access control system and its usage for maintenance purposes (a business issue) but also using the same data to identify trends for assessing the insider threat vulnerability (a security and identity privacy issue).
The security function in an airport has numerous operational interfaces with other departments. These will alter over time and situations, such as during incident management. It is therefore imperative next generation security control centres’ design and planning accommodate an ‘open’ approach where required and a ‘closed doors’ operation where it is mandated. A total design approach is therefore required.
A total design is one that accommodates operations that have different demands over time and situations, the environment (spatial), human factors, information flow and technology. We continue to see projects where the control centre design is predominantly architecture-dominant or technology-dominant whereas a successful total-design will be one where the architect, technology and operational (including human factors) consultants’ outcomes complement and enhance each other and are centred around the users and the business needs.
A holistic approach to design of Control Centres (Credit: Arup)
Digital Age Beckons New Opportunities and Challenges
New Data
Today’s security control centres can be equipped with state-of-the-art technology that provide the operators with an increased amount of diverse intelligence. The centre is no longer a place to only transmit response needs such as answering critical calls, carrying out video surveillance or alarm management. It has become a centre where proactive security management decisions can be made and – critically – made in the context of a broader business environment. For example, digital transformation programmes using IoT are trialling different ways in which sensors are deployed to collect tactical information. This provides additional and invaluable data inputs on behaviour or process flow. Notable types of sensors are vibration, movement, heartbeat, temperature, pressure, infrared, presence, etc.
The control centre’s security operator will have access to such additional sensory inputs from several sources providing more granular data. Inputs from external information systems sources such as movement patterns, cyber security alarms, and any abnormal behaviour alerts from machine intelligence are also being received. These new data sources present data in a non-visual abstract manner. Whilst we might still rely on the expensive CCTV cameras we would deploy them more tactically and provide CCTV imagery in the control room in more innovative and effective ways than we traditionally are used to; ways that better align to meeting security, risk management and business needs.
“…a centre where proactive security management decisions can be made and – critically – made in the context of a broader business environment….”
These more granular sensory inputs, combined with the use of CCTV, provide the operator with a more context-based input for more effective decision making and response. A key security benefit of these additional inputs received at the control centre is the possibility of detecting, at an early stage, an increase in threat level due to a changing behaviour pattern, detection of abnormal behaviour or another operational anomaly. This is particularly important in dealing with the less controllable and unpredictable landside security threat level with so many multi-modal transport movements to consider.
Equally, other business benefits can be realised by using this increased intelligence to deploy the right resources, for example traditional security CCTV monitoring would result in the default deployment of security resources to a site of congestion in the check-in area whereas with other inputs the security control centre is able to assess the security-relevance and request the deployment of other personnel as appropriate to the situation such as airport ambassadors in the event of a customer-service related need. This not only saves on security resourcing but enhances the airport’s customer service provision.
Connectivity and Integrated Communications
A common challenge still seen at an operator’s desk is the number of wide variety of calls, often received through different devices, that the operator needs to action. These are notably:
- normal voice calls on a phone extension,
- radio calls through a dedicated despatch console,
- internal intercom calls presented through an intercom station, and
- corporate mobile phone calls.
Often compounding the situation is that the emergency services will have their own radio system(s) that also need to be considered. The next generation security control room has an integrated communication and control platform (ICP) that presents multiple channels of voice, video and messaging communications via a single seamless and unifying communications console. The ICP provides a number of advantages:
- a de-cluttering of the operator’s desk and reducing the risk of cognitive overload;
- reducing capital and operating expenditure in the form of reducing the number of devices, power and data support, training and maintenance;
- deployment of a single unifying communication solution across several control centres;
- an increase real-time collaboration between field agents, control centre agents, control agencies, emergency services and other managers at the airport using the same conferencing technology;
- if designed well, provides a feature rich multi-media (audio, voice, video, chat) communications platform; and
- enabling certain security monitoring and control functions to be more effectively distributed to front-line personnel.
Integrated Security Platforms
An integrated security management system (ISMS) platform makes a difference to the control room environment as it declutters the operator workstation by unifying and presenting the operator interface through a multi-headed single graphical user interface. The ISMS enables the operators, depending on their function, to access different security ‘services’ whether they are alarm management, or gate operations, or surveillance, or public address or a combination of functions including decision support.
An increase in productivity of 15% has been seen through workstation re-design brought about by deploying integrated solutions such as ISMS and ICP. To achieve this integration requires human factors driven workplace design and user-interface design considering the technology capabilities as well as agents’ cognitive load.
Collaborative and Distributed Challenge: the people factors
Addressing the Context of Use
Much of the technology and equipment that is used in today’s control centre has been designed with only its technical outcomes and capabilities in mind with little consideration is given to the context of use. An example is a security control centre’s wall that is full of screens; far too many for a security agent to effectively observe, let alone look for and interpret interconnected information shown on the screens, and then make a decision to deploy what are traditionally centralised resources.
“…a shift to increased digitisation, mobility and connectively has allowed for a wider use of remote and distributed operations…”
A shift to increased digitisation, mobility and connectivity has allowed for a wider use of remote and distributed operations. This includes periods other than business as usual such as issuing incident management procedures in real-time through a mobile phone app to non security front-line personnel to guide them through managing a security related incident. Rather than security decisions being made and resources deployed from the security control centre, in isolation of other business functions, the security control centre becomes a centralised co-ordinating point with other non-security functions. The benefits of this are significant but it does come with increased complexity.
The complexity is in the form of an increased number of variations in which an action may play out. No longer is it a phone call followed by the deployment of the guard from the security control centre to undertake an on-site assessment. That guard’s personal experience, training, domain awareness, instinct and role authority which informs the assessment and subsequent decision making and action now must be captured and processed remotely by technology, information, agents and at times by non-security personnel. The control centre’s agents’ context of use has changed and each element of the system therefore must be better understood to achieve the aim of effective security operations. The various elements of the agent’s system are shown in the figure below:
The mobile control room operator Context of Use needs to be modelled. (Credit: Arup)
Critical to realising the benefits of decentralised operations in the context of security control centre design, is the effectiveness of human and machine interface, otherwise known as ergonomics. This is made somewhat easier by the new generation of agents being more used to machine or computer-based stimulus rather than reliant on own experience and judgement. This machine-based stimulus has become necessary as the amount and diversity of information needing to be processed has increased.
Additionally, and as can be expected by a decentralised operational model, there is a need for greater communication between the front-line and security control centre personnel. People need to be connected in order to jointly attend to troubleshooting and optimisation tasks. This demands technology and a work environment which supports both the distributed communications i.e. to the front-line personnel as well as within the security control centre. Appreciating this context of use leads to improved decisions about the work environment design and technology selection. The ICP console as described above is a good example of such a selection decision: it provides a centralised communication input and output for the ‘centralised’ security centre agent but accommodates operations where there are remote and ‘de-centralised’ operational personnel.
Distributed Operations and Shared Mental Models
Many readers will have personally experienced the value that a live incident or field exercise provides in terms of lessons learned to be applied in the future as compared with the experience of a desktop exercise. The value is compounded when others involved in management of the incident have had the same experience. That value is realised when applying the lessons learned in future experiences, including other hypothetical or imaginary situations such as a desk-top exercise. That value comes from those involved establishing and sharing a common ‘mental model’.
Clearly the value of a security control centre is the agents are not in the same locale as the operational personnel. However, there is great value, particularly in periods of high-stress, when all personnel involved share the same (or very similar) mental model of the situation being handled regardless of their location. The design, use of technology such as an ISMS coupled with appropriate operational readiness and operation of a security control centre is critical to establishing these mental models. This can only be successfully achieved when user-based design is adopted and adopted early in design.
A Case Study
It is widely recognised that the attributes of a successful response by emergency services to a security incident is improved situational awareness by all involved and coordination of the different agencies’ tasks. It is therefore appropriate that the incident response draws on all agencies’ situational awareness information to maximise the value to all and there is a broad understanding and collegiate approach to tasks by all involved. Despite this, agencies typically have separate control rooms.
By establishing a deep understanding of individual control room operations and using that to identify commonalities, synergies and areas of overlap Arup has been able to realise resource (including monetary) savings in its recent design of a Consolidated Command and Control Centre for security and emergency services on a secure site. By adopting a user-based and total design approach information flows are coordinated thus the right people could access the right information at the right time. Furthermore, Arup’s timeline analysis informs the physical design of the facility so that the right people are at the right place doing the right thing at the right time. The total design will result in an improvement in response activity coordination, response times and situational awareness for all agencies.
In conclusion, the demand for more integrated inter-department collaboration and more effective response at the point of incident, facilitated by new digital technologies and systems integration, requires a fresh view in understanding the context of use for the operators and a re-think in how the next generation security control centres are conceived and delivered.
Manan Shah is a leader within the Arup London Advanced Digital Engineering practice. Manan works with multiple disciplines of technology, security, operations and architecture to deliver designs and provide technical assurance on control centres across different sectors. Most recently he has led the work on integrated command and control solutions for disaster and crisis management and safe city C3i projects. He is a qualified chartered engineer and member of Institute of Engineering and Technology UK.
Mandana Kazem is a principal human factors consultant, systems engineer and technical manager, supporting organisations across industries, from aerospace, telecommunications, rail, medical to automobile and nuclear, to unlock the capability of the human within the system. Mandana works within the operations advisory business in Arup.