Anything but a liability

04 Dec 08

The private security industry had been hopeful that the UK Government’s first National Security Strategy published last March (‘Plan of action’, SMT, May 2008, pp30-32) would recognise its essential role in delivering national security objectives.

An indication of how the Government would develop a closer relationship with industry and make even fuller use of its capabilities – particularly in view of the ‘severe’ terrorism threat posed – was also anticipated but, in truth, the report made limited references to the contributions of the private sector. Where they did exist, they were positive.

It’s encouraging that the Government is looking to develop its relationship with industry in delivering national security. Given the private sector’s important role as both a consumer and provider of security, we need a concrete method by which a closer strategic partnership can be achieved.

To date, what progress has been made by the Security and Resilience Industry Suppliers Community (RISC)?

The security industry’s concern around the existing potential for unmanageable third party liability exposure following acts of terrorism – either in the UK or across the European Union (EU) – would be a useful issue upon which to develop closer partnership working. It’s certainly a major issue that affects the breadth of the security industry. It’s also one where US experience shows that, if addressed, stronger co-operation between public and private security operations can be achieved. The UK Government should consider implementing a similar liability protection programme on home shores.

Industry as essential provider

Public and private sector partnership working is an increasing trend in delivering national security objectives. Consider the private sector’s role in the UK’s e-borders programme or its participation in the London 2012 Olympic Games security operation as being reflective of the trend.

Notwithstanding the Government’s principal responsibility for ensuring UK security, it’s generally accepted that the private security industry will continue to play a key role in supporting the Government, the Armed Forces, law enforcement agencies and civil first responders with the services, equipment, systems and new technologies required for ensuring UK security.

Looking to the future, it’s also anticipated that security suppliers will play an increasing role in supporting private operators to protect the Critical National Infrastructure (CNI), and in helping the Government to deliver other identified National Security Strategy priority areas relating to the ‘resilience’ agenda (for example, coping with natural disasters).

Managing the security of major events will become an increasing focus. Border protection also continues to draw upon private sector capability to support the reform underway. In summary, responses to the priority themes outlined in the National Security Strategy and its supporting National Risk Register (NRR) – be they efforts to counter terrorism or respond to natural disasters – will demand significant private sector contributions.

Partnership working to date

The Home Office has long since recognised industry as a key player in security provision. The establishment of the Private Security Industry Act 2001, for example – the impacts of which have been well documented in Security Management Today (SMT) – signalled the Government’s recognition of the private sector’s role in security guarding provision.

It’s encouraging that the National Security Strategy recognises a need to work with the private sector on national security matters. Specifically, the Government actively states that it “will build on the coalition of public, private and third party sectors already involved in counter-terrorism.”

Since 2007, the Government has encouraged the establishment of more robust mechanisms to support closer public and private working on national security matters. The UK Security and Resilience Industry Suppliers Community (RISC), set up at the request of the former Home Secretary John Reid and since endorsed by security minister Admiral Lord West, has developed into an overarching body representing suppliers across the much broader security sector. RISC is an alliance of trade associations, suppliers, academia and Think Tanks (including RUSI and Chatham House) designed to provide a single industry voice and channel of communication for Government on strategic issues affecting national security and resilience.

The RISC engages the Government to bring UK security industrial capability in support of counter-terrorism policy and practice, and is now in dialogue with the Office for Security and Counter-Terrorism (OSCT) within the Home Office to establish processes for Government, industry and the CNI to develop further collaboration methods.

Key industry advisory groups

In April 2008, the OSCT invited RISC to form four pilot security ‘industry advisory groups’ to allow for specific dialogue on key areas pertinent to the terrorism threat posed. These groups currently focus on Chemical, Biological, Radiological and Nuclear (CBRN) protection, CNI protection, information and communications technology and stand-off detection of suicide bombers.

In a security lecture given only last month, the Home Secretary Jacqui Smith reinforced her commitment to working with industry. “We also need to be working with industry. We are world leaders in security and defence technologies, and we have on our doorstep great expertise and creativity, prepared to help us solve some of the problems we face. We do not want to miss that opportunity. We have worked hard to develop new forms of engagement and new mechanisms for sharing problems and ideas.”

New forms of engagement and new mechanisms through RISC have expanded significantly to consider both domestic and international industrial security elements. For example, RISC is currently working on the industrial aspects of the proposed EU Defence and Security Procurement Directive. A dialogue has also emerged on the delivery of the Home Office’s 2007 Security and Counter-Terrorism Science and Innovation Strategy. Significant progress is being seen in terms of harnessing industry’s valuable role in national security.

However, it’s still felt that the relationship could be developed. In this regard, the question of risk ownership in the delivery of security is an ongoing issue. If developed appropriately, a shared strategy for proportionality of risk allocation could forge a more robust working partnership between Government and industry.

Appropriate risk share?

Industry providers (services, equipment and systems) are currently potentially exposed to unconstrained liability following terrorist atrocities in the UK or across Europe. In view of the regrettably high likelihood of further terrorist attacks on (or originating from) UK or European soil over a sustained period, and the potential for the emergence of unforeseen threats that by definition we can not reasonably protect against, the fairness and proportionality of existing liability distribution has been questioned.

It’s because of the absence of liability-limiting legislation and the fact that the insurance market is not seen to provide industry with comprehensive solutions to meet the potentially unlimited exposure that might follow new attacks that this is considered to be an important issue. The proportionality of terrorism-related risk levels borne by industry is also questionable when compared to overseas arrangements. To demonstrate this, let’s turn our attentions briefly to the United States. Following the terrorist attacks of September 11 2001, the US Government passed the Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 (otherwise known as the SAFETY Act) which provides legal liability protection to sellers of “qualified anti-terrorism technologies” designated by the Secretary of the Department of Homeland Security (DHS).

Legally speaking, the Act established a scheme of liability protection to sellers of any product or service which is designed, developed, modified or procured for preventing, detecting, identifying or deterring acts of terrorism or limiting the harm such acts might otherwise cause. The SAFETY Act applies to a broad range of technologies, including products, services and software (or combinations thereof).

To be eligible for liability protection, a seller must submit its ‘technology’ (ie any product, equipment, service [including support services], device, or technology [including information technology]) design for approval by the DHS Secretary, who is exclusively responsible for determining whether it will perform as intended, conforms to the seller’s specifications and is safe for use.

Albeit subject to a number of conditions and caveats, once a technology is approved and placed on an ‘Approved Product List for Homeland Security’, the seller enjoys – among other protections – a presumption of a defence to any lawsuit which can eliminate any liability on the part of the seller, as well as immunity from punitive damages.

On February 21 this year, the DHS approved the 200th Qualified Anti-Terrorism Technology under the SAFETY Act.

In industry’s view, the US legislation and its supporting mechanisms have helped to create an environment whereby closer public and private collaboration is more easily achievable, thus helping to mitigate the threat posed by terrorism more effectively. Some of the Think Tanks agree. One US analyst explains: “The SAFETY Act programme encourages businesses to engage and do what they do best – create and innovate.”

Similar UK (or EU) legislation would help mitigate the challenges presented by what the Home Secretary has described as a “sustained and severe” terrorism threat. Developing improved liability protection for the private security industry in the UK would be to both the Government’s and industry’s advantage because of the resulting benefits. These include the encouragement of security technology innovation and stronger product quality control.

It would also support the approach and aims outlined in the Security and Counter-Terrorism Science and Innovation Strategy, which include engaging “imaginative entrepreneurs” who operate in Small and Medium-Sized Enterprises and develop innovative ideas. Under current arrangements, smaller companies are the least able to manage the risks arising from potential liability exposure, and thus the most likely to be inhibited from putting new products into the marketplace.

More generally, a stronger strategic partnership could be achieved. In the strategy’s own words, the role of science and innovation “is about forging an environment that fosters creativity and innovation in order to generate the knowledge and technologies that can reduce the risk from terrorism.”

A partnership approach is required to forge and maintain such an environment.

Industrial efforts to date

Various industry players have been working hard to address this issue at a European level. The Aerospace and Defence Industries Association of Europe is campaigning for equivalent EU legislation (an ‘EU Safety Act’) designed to limit industrial liabilities. The Association has developed a communication link with the US Aerospace Industries Association on this matter.

The European Aviation Security Association (EASA) and the Confederation of European Security Services (better known as COESS) have also been active. Their May 2004 joint position paper entitled ‘Third Party Liability and the European Aviation Security Industry’ is regarded as a useful foundation document. EASA has also been developing a public voice on the issue.

RISC signalled its support in principle for co-ordinated industrial action when its chairman wrote to the Home Office in June 2008. The letter’s aims were to add UK industry’s weight to the broader campaign for improved recognition of the problem, and to highlight the momentum-gathering EU legislation drive.

Resolution of the problem will not be achieved by passing liability-limiting legislation alone – new institutional arrangements will also be required. To help deliver the National Security Strategy, the OSCT should consider working closely with RISC to implement a new UK private security industry Liability Protection Programme for approving security technologies.

The initiative would need careful development incorporating legal and technical expertise, but it would not necessarily demand re-invention of the wheel. This is because the US process for providing industrial liability protection isn’t dissimilar to how the UK Home Office Scientific Development Branch (HOSDB) already evaluates new equipment designed to help provide security.

The HOSDB publishes the results of security equipment testing in its ‘Manual of Search and Detection Equipment’ (the otherwise named ‘Blue Book’) which is available to a broad range of public agencies and companies responsible for key parts of the national infrastructure. However, without statutory provisions and in view of its ‘restricted’ status, ‘Blue Book’ endorsement doesn’t currently assume immunity in the same manner as the US SAFETY Act. That said, a new Liability Protection Programme could build upon the principles of this existing framework.

Collaboration with Europe

In its mid-term and long-term strategy for civil security research and innovation, the European Security Research and Innovation Forum (ESRIF) has proposed that “greater efforts at EU-wide standardisation and certification” of security technologies may be required. It continues: “To develop a more competitive European security market introduction of a ‘European Security Label’ would be advisable, and ESRIF will elaborate the necessary proposals.”

It’s likely that a national private security industry Liability Protection Programme would require significant additional OSCT resources to define the parameters of action (which, owing to the issue’s scale, would probably need to adopt a staggered, ‘sector-by-sector’ approach) and manage the emerging programme. Currently, OSCT is reported to comprise 300 staff. Within the US’ Department of Homeland Security, “about 420 experts are now available to review (SAFETY Act) applications, including 90 trained reviewers in seven threat areas: in cyberspace and the economy, as well as chemical, biological, explosive, radiological and human threats.”

To ensure success, the UK Government and industry bodies would need to commit significant political will and additional resources to this initiative.

Get the latest stories first with info4security's newsletters: Click to signup

Post and bookmark this story at the following sites:

What is this?

del.icio.us	Digg	Reddit	Google	Newsvine