• Home
• About Us
  • Services
  • Case Studies
  • Clients
  • Framework Agreements
  • Certifications and Accreditations
  • Memberships
  • History
  • Contact Us
• In Focus
  • Improving Data Handling
  • UK National Security Strategy
  • UK Cyber Security Strategy
  • Information Superiority
  • Information Sharing
  • Information Exploitation
  • London 2012 Olympic and Paralympic Safety and Security Strategy
  • Managing Efficiency
  • Connecting to Secure Government Networks
  • Acquisition Reform
  • Through Life Capability Management (TLCM)
  • Business Continuity Planning and Management
  • Addressing Sustainability
• Services
  • Understanding the Enterprise
  • Exploiting Technology
  • Securing Cyberspace
  • Assuring Programme Delivery
• Markets
  • Defence
  • Security
  • Civil Government
  • Transport
• Newsroom
  • Press Releases
  • Events
  • Media Contacts
• Publications
  • White Papers
  • Case Studies
  • Brochures
• Careers
  • Opportunities and Development
  • Our value to clients
  • VEGA People
  • Consultants
  • Career Events
  • Vacancies
  • Cyber Security Job Opportunities
  • Careers Contacts
• Contact Us

Olympic Park Security Challenges – Modelling the complex to inform practice and preparation

In the London 2012 Olympic and Paralympic Safety and Security Strategy – first published in July 2009 and updated in March 2011 – the Government set out its vision for delivering a “safe and secure Games in keeping with the Olympic culture and spirit”, including a key focus on being “prepared”. With more than ten million people expected to visit the Olympic Park throughout the six weeks of the Olympic and Paralympic Games, adequate preparation for the breadth of possible security and safety-related scenarios will be essential. This article, by VEGA’s Alan Rowe, an experienced Enterprise Architect, explores the sophisticated modelling techniques that can be applied to address the many layers of security facing the loose, yet complex, challenge of the Olympic Park.

Beyond the single enclosed arenas and facilities that add up to the London Olympic experience, will be a more open challenge – the Olympic Park. It is a widespread, open space that will be open for access to non-ticket-holding members of the public. People visiting the Park will not be subject to the identity and security controls exercised at point of ticket sale and at access to a venue. They will, however, be in close proximity to Games facilities and moving amongst large numbers of people.

This area will welcome a potentially large number of people, but will not have a particular schedule for entry and exit, nor any prescribed flow of movement – people will linger, perhaps for hours in a chosen spot, bringing with them bags, foodstuffs, and spare clothing, and leaving some of these items lying around as they move away. Whilst mostly innocent, the threat of more malicious action can be hidden in the debris.

The objective is to make the Games safe, secure and a positive experience for all, yet there are many potential threats. Lessons learned from past experiences will come into play. For example, the lessons from the Centennial Park bombing at the Atlanta Games in 1996 are particularly pertinent. Here, the limitations of communication and connection between co-operating agencies were severe.

Similarly, large gatherings for extended periods suffer other threats, and the experience of a widespread flu outbreak at the Nagano Winter Games in 1998 introduces another dimension to planning and response.

Each event learns from prior experience as successes are reinforced and weaknesses addressed. A number of connected themes are present in the testimony of The Honorable Mitt Romney, Governor of The Commonwealth of Massachusetts at a Senate Competition, Foreign Commerce, and Infrastructure Hearing in May 2004, reflecting his experiences as Chairman of the Organising Committee of the Winter Games at Salt Lake City in 2002. Many of his points remain true as we prepare for the London Games in 2012.

His themes include co-ordination between entities with responsibility, both in the protection and response areas; the importance of intelligence and communication where many contributing agencies and bodies are collaborating; detailed planning, early mobilisation and lots of practice. These ideas are equally valid for preparatory actions prior to the event and for command and control aspects of managing the event in progress.

Using tools and techniques of Enterprise Architecture Modelling of the end-to-end risk profile around the Olympic Park would extend existing preparatory actions into a more widespread collaboration between agencies and organisations. This could stimulate connected action to avoid or better respond to the threats and consequences of incidents.

Using a combination of classic risk management techniques, placed within an enterprise model of a venue, it will be possible to identify and manage risks in a more holistic way. There are many parties involved in the preparation and staging of an event, and their interconnections and dependencies are rarely fully understood or explored. This becomes more pressing when the complexity level rises as a result of many events occurring in parallel, and this complexity is stressed by events.

It is possible to create an enterprise model to represent a facility, the processes and flows through it, and the people and organisations involved. In this way, we can create a model of the ‘system’ that is the Olympic Park and those that move through it.

Similarly, events or incidents can be identified and their impacts assessed. These may be deliberate, malicious actions, or accidental co-incidence such as clustering of people at a bottleneck passage. These events can be regarded as a stimulus to the system, and to which the system will respond as a series of causes and effects. If the system model is sufficiently wide-reaching we can see the effects of an incident – how it ripples through the venue and how organisers can co-ordinate response to best effect.

Traditional risk management techniques will aim to identify the stimulus, assess the probability of it occurring, quantify its effects and prepare prevention, reduction, transfer, acceptance or contingency actions in order to respond. Typically, several risk management plans exist, but the scenario itself will hand off cause and effect between parts of the infrastructure or involved parties. Linking them together in a total view of the system offers a more inclusive view. A compound approach presents an end-to-end capacity for a co-ordinated view of the facility, consequently enabling analysis across the wider picture, and decision making with greater confidence through insight and understanding.

This leads us neatly into a challenge of understanding. Such a complex collection of facilities, technology, processes and human factors is a little daunting. However, there are means by which we can capture parts of the problem, and piece by piece build up a picture that can help us to disentangle the problem. There are computer analysis and modelling techniques that will let us get closer, so what is theoretically possible?

The Art of the Possible

A static model

We can capture characteristics to build a model of the Olympic Park environment. This is a static model containing information about everything that is relevant. This amounts to whatever information is needed to evaluate and assess risk scenarios. The model will capture details of physical things such as buildings, but not in the traditional way of building a physical scale model. In this case, it is more about capturing information about the building.

As a result, we can model a venue in terms of its physical structure (facilities, access control, pathways), its operational structure (organisations involved), and its information structure (information about schedules, visitor numbers, events, etc.).

A process model

Against the backdrop of the physical or static model, we can imagine a set of scenarios (use cases) or process models that represent the processes that need to be undertaken to manage the environment. This includes the roles involved (people, organisations etc.) and the processes they undertake, and allows the creation of maps that show relationships between organisations, roles and responsibilities, and data flows between roles. The significance of this evolution is that the models allow ‘dynamic’ analysis of scenarios as they change over time. They allow us to see the effects of incidents as they unfold.

A risk model

This is the next layer of sophistication and requires the ability to attach defined risks (with their probability and impact) to all elements of the model. The result is a catalogue of possible threat events, with their probabilities within a specified period of time.

All of the events that could happen in parallel would probably need to be represented in some way in the dynamic model. A truly dynamic risk model will need to recognise the idea of a cause and effect chain – when one thing happens, there is a ripple effect of other things happening that may not have occurred by themselves or without that stimulus. The effect of a causal event would impact the probability of other events occurring, and this too can be captured and modelled.

Static analysis of the risk model

Recognising that we now have quite a complex model, understanding the risks can appear daunting. The evaluation of risks can be simplified in the first analysis by limiting matters to an aggregate of the risks associated with particular use cases. In effect, this freezes the risks with a starting condition of probability and impact, which is useful but not entirely accurate as events move through time.

Simulation of an event or incident could involve changes in the probability of given risks occurring. The impact of those risk events that occur following a given event (or combination of events) could be assessed via static analysis of the model. In this way, one could assess the overall risk profile of the model following an event.

Dynamic simulation of the risk model using a robust rules engine

Seeing the effect of an incident requires sophisticated systems known as exploitation tools to be able to visualise those effects and reflect reality with a little more fidelity. For this to be effective and present usable output, there needs to be enough information in the architecture model to drive them.

Obtaining all this information for all cases, and against the unpredictable flows and arrival rates of people, would require some mathematically expressed rules and a rule engine capable of simulating different scenarios for arrival, departures and movements between facilities.

Information on possible threat events would be those required as parameters of the rules engine, so that the effect of specified events on crowd movements within the defined facility could be assessed.
Simulation of an event or incident could be linked to the parameters controlling the rules engine, so that resulting movements of people could be visualised.

At this point the complexity argument is in danger of circling back on itself as the tools to visualise a complex scenario are themselves growing ever more complex. This has the potential to render this type of analysis self-defeating.  Expert analysts and architects believe that selective and sensitive application of these tools can deliver great advances in understanding of complex risk scenarios, and that this is worth the analysis and computing power required to construct the models.

Using results to define roles that cover all risk responsibilities

Risk management information would be generated as a result of either the static or dynamic analyses. Risk management plans would be modelled as a process model linked to the roles that undertake them and the facilities they require. The effect of prevention, reduction and contingency actions would be to change the probability of defined risks occurring, so the resultant model could be reassessed following introduction of these activities.

The role definitions would then be complemented by a list of the processes within which the role is engaged and those that impacted upon it. This is typically depicted using a RAIC matrix (Responsible, Accountable, Informed, Consulted) of roles and processes.

Plan and run rehearsals

The clearly defined and validated set of role and risk management process definitions, combined with the dynamic risk model of all threat events and their consequences, provides the basis for planning and running rehearsals of reactions to given events.

Real World Opportunities

In theory it is possible to capture information about the venue, the organisations and people connected with it, the roles and information flows, plus the risk scenarios, and wrap them all up in a set of algorithms to predict and practise the outcomes to single or combinations of events occurring at the site.

In the real world however, it is probably not as easy as all that. So, what is practically possible?

Practicality is governed by the limited time frame. A great deal of work would be needed to establish a useable model available in time to plan and run a suitable set of assessments and rehearsals before 2012. Additionally, the technology risk of a suitable rule engine and rules representing different scenarios for arrival, departures and movements of people is yet to be explored. This does not mean it is too hard though, and the value of understanding even a little more than we do today should not be underestimated. A practical set of activities might include:

• Developing a static model
• Developing a process model
• Static analysis of the risk model
• Using results to define roles that cover all risk responsibilities
• Planning and running rehearsals

Problems and priorities of the practical solution

If the rules-engine-based simulations were attempted, they should be used only for planning and rehearsals. Any attempt to use them in real time to actually control the Olympic Park should be vigorously rebuffed since the safety case for such an idea would be extremely fraught. People must be left to act (after rehearsals) according to their best judgement at the time.

So, even if we can fully understand the cause and effect relationships, and visualise what might happen, there is no substitute for trained people using their skill and judgement to manage the situation that lies before them. But for all of us, how many times do we feel more comfortable doing something we have done before?

About the author
Alan Rowe has over 30 years’ experience of IT and business change, especially in architecture management and the analysis of complex business and technical requirements. He has extensive experience of the management of projects and teams in business change programmes, application delivery and software product development, as well as consultancy in Enterprise Architecture, IS Strategy, Analysis and Design methods and Project Management both in the UK and Continental Europe. Demonstrating that methods are transferable skills, Alan has acted as guide and mentor to management and teams across a variety of business sectors as they use analytical tools to support their complex business problems.

Contact VEGA for more information about the London 2012 Olympic and Paralympic Safety and Security Strategy