• availability – providing access to systems and data as dictated by the functional requirements of the organization;
• integrity – ensuring that data and processes do not suffer improper modification, and ensuring that the system performs effectively and reliably;
• confidentiality – ensuring the information is protected from improper disclosure.

Make a statement

Looking at the whole control room environment, senior management should create an overarching statement of the security policy.
But operational requirements must come first: security requirements should never reduce availability by imposing overly onerous controls on systems in the interest of integrity and confidentiality.

To sum up, the developments in ICT systems and services mean that the ICCS environment can no longer operate as a separate domain or ‘island’ and, therefore, a structured approach to security policy and implementation is needed.So, how should you set your security policy?
In security planning for an emergency control room, there should be an overarching statement of the security policy – a short, yet authoritative document that is published and available to be read by all staff, and that underscores the security culture that management expect at all levels of the organization. This policy should not be specific to technology, data or processes, but general in nature.

The security policy should be supported by a series of functional policies, organized around the processes within the control room and incorporating both technical (systems, servers and infrastructure) and non-technical (employment agreements, ethics, acceptable use, change control) domains. Each functional policy should be compliant with the overall security policy, and should ensure that the availability of operational systems is paramount.

These policies will dictate appropriate security processes – and the implementation of these processes can be assisted by the use of standards (mandatory solutions and approaches) and guidelines (optional but recommended practices).  Successful compliance with the policy can be assured by regular and independent auditing of security controls by an accredited security professional.



FLEXIBLE SOFTWARE OPTIONS ENHANCE POLICE FORCE'S PERFORMANCE

Nottinghamshire Police has developed a highly flexible and resilient communications, command and control system around its dual control rooms in Nottingham and Mansfield using combined systems from APD Communications and Fortek Computers.

Since 2008, the Nottinghamshire force has been using Fortek’s Vision PX command and control system to manage operations across every workstation in the two control rooms. Vision PX enables forces to map, manage and optimize business processes across their control rooms and public service desks.

Fortek has developed interfaces for the force to exchange data with services such as the crime database and the Highways Agency, and has introduced a ‘thin client’ user interface enabling senior management to participate from outside the control rooms. Vision PX is virtualized across both control rooms to provide a single interface for sharing of contact information, intelligence, and incident and resource management.

In January last year, the force began a further upgrade of its APD systems, starting with the control room hardware and software. Physical peripherals have been replaced with APD’s software alternatives, improving resilience, cutting clutter and also saving power.

APD also updated the Cortex software Integrated Communications Control System (SICCS) software to the latest version, which offers server virtualization, enhanced performance and security, merging radio dispatch, call handling, video monitoring and web services.

“Given the importance of the control room function we have to ensure that systems remain current and robust”, commented Dean Langton, technical project manager at Nottinghamshire Police. “The upgrades have been completed through live operations in both control rooms without disruption, and maintaining the same UI for the software has minimized any training requirements – a big issue when you take into account our 300 control centre staff and 24×7 operations.”

The most significant change has been the upgrade to APD’s software Tetra port pooling function. This allows any operator, at any terminal, in any control room, to access any talkgroup, via any Tetra port. Operators can be redeployed around the control room or even to other sites, and a whole control room could be shut down while its functions are maintained through the other.