“Security threats are very broad in nature and infrastructure can be affected by all of them,” explains Gregory, founder and managing director of the Harnser Risk Group. He works with NATO Allies and partners to advise them on how best to protect the infrastructure networks that keep all of our lives going.
“The key objective is to make sure the owner and/or operator of the infrastructure has a process in place for identifying, evaluating, measuring, mitigating and monitoring the threats they have found,” he adds. Without such clear protection objectives it is hard to assess the value of expenditure on protection.
Gregory brings his knowledge, and that of Harnser Group, to the table to be shared with Allies and partners, helping to streamline the different countries’ performance and risk-based security methodologies.
“Having a consistent approach to evaluating a nation’s tolerance for security risks across all its facilities is critical. Otherwise, there can be no comparisons made, no assurance about how things are being managed, and that is a dangerous position to be in,” he says.
Gregory finds working with the Alliance to be a “wonderful way to discuss some of the serious challenges we face today with colleagues who are endeavoring to reach the same objective. The nature of NATO allows for these exchanges in a forum that gives context and value, which cannot be underestimated.”
Responding to threats
Before founding Harnser Group, Gregory worked on behalf of the United Kingdoms Government. It was during this period that he began to advise companies about responding to the increased government interest in the protection of critical infrastructure.
“There is a growing agenda in the world where security threats are real and damaging to companies and governments,” explains Gregory. “Certainly over the last few years the threat from protestor activity has grown in some locations – energy infrastructure, in particular, is a visible target which attracts publicity. Some activity is benign, some causes damage, but the approach adopted to deal with any action depends on the legislation in the country concerned.”
How a country responds to these types of threats, or actual aggressive actions, can have reputational consequences, he explains. Part of Gregory’s work is to share his experience and knowledge about how to respond appropriately, since often it is not widely known, and attacks are rare and varied.
“In many countries where there has been political upheaval, foreign owners and operators of energy infrastructure can face serious security threats as symbols of a discredited regime,” he says. “Whilst it’s easy to think of high profile events that put security on the radar, it is often the less obvious and more insidious threats that can affect owners and operators.”
A complex environment
The ever-changing, complex and increasingly ‘busy’ stakeholder environment around critical infrastructure has been one of the most challenging aspects of work in the sector over the last twenty years. It reflects the increasing recognition of the importance of critical infrastructure protection within national governments as well as within organizations like NATO.
“Achieving consensus in policy and practice across countries with sometimes conflicting political objectives is a challenge,” he says with relish. “Talking to different stakeholders and raising awareness is something we spend a lot of time on because we believe passionately that this is a subject of the utmost interest in the world today.”