London 2012: A game of risk?
Written by Christopher Andrews
CIR considers the development of capabilities required to respond to the additional risks posed to businesses by London hosting the 2012 Olympic Games
London was still celebrating its Olympic bid win over Paris on 7 July 2005 when the unthinkable happened: four suicide bombers struck the centre of the capital, killing 52 people, injuring more than 770 and disrupting the flow of London for weeks, if not months, after.
That was nearly five years ago, and no doubt those explosions continue to ring in the ears of the Olympic Security Directorate. The OSD has an unenviable task ahead of it - strap-lined 'delivering a safe and secure Games', it says it recognises the need to strike a balance between effective and visible security while providing a 'welcoming and friendly atmosphere for all involved in the Games'; the job is huge.
In fact, the OSD has described this as one of the largest, most complex security challenges the UK has ever faced. While the Games are centred on the Olympic Park in Stratford, East London, there are 34 separate venues spread across the capital and across the country which will all need to be secured. This is in the face of an influx of a predicted 250,000 accredited people, including 14,000 athletes, with an additional 6,000 coaches and officials and some 20,000 media representatives. An estimated nine million tickets are likely to be sold.
This will create enormous challenges for public order, crowd management and safety, transport, and road traffic, and that's before the headline-grabbing possibilities surrounding serious crime, emergency planning and, of course, counter-terrorism.
All of this will require a mind-boggling coordination of effort between a range of stakeholders, including the OSD, the London Organising Committee for the Olympic and Paralympic Games, the Olympic Delivery Authority, the Government Olympic Executive and other government departments, police forces, emergency services, security agencies, and the list goes on. These organisations will in turn need to coordinate with local authorities, police authorities, businesses and local communities.
The OSD is keen to ensure the public that it has matters under control, particularly around terrorism. Generally, it says, its approach to security will be flexible, based on risk, intelligence gathering and regular threat assessments, enabling it to respond to changes in terrorist methodology and any unexpected events that may occur between now and 2012.
The Olympic Delivery Authority, as well, says that it has developed a comprehensive programme to reduce security risks through venue design, to protect the Olympic Park during construction, and to put infrastructure in place for additional security measures during the period of the Games.
The ODA says it aims to achieve 'Secured by Design'(the police standard which focuses on crime prevention at the design, layout and construction stages of homes and commercial premises) for all the venues it constructs.
So, while the stakeholders involved in securing the Olympics appear to have their acts together, the same cannot be completely said of businesses likely to be affected by the Games. Last month a somewhat worrying survey was published by BT Global Services, finding that the majority of UK companies were unprepared for how the Games will impact their business and staff. Nearly half (44 per cent) of board-level executives surveyed said they were unaware what activities would be happening in their area (which one would think is a pretty basic consideration), and a third of companies said they had not made assessments for how the Games would affect their staff, with only 22 per cent having a fully-implemented, flexible working policy in place.
These businesses need to get on the ball, as disruption is a real possibility - even if there are no malicious activities, just the sheer numbers of people using public transportation, for example, will affect staffing. It is by no means too late, however, and there is still time to put plans in place between now and 2012. As James Royds of Security Risk Management points out: "It's two and a half years away, and even if they've done no business continuity planning at all, if they started the process now they could have it swept up by the middle of 2010. From a standing start to having plans in place - at say a company with 400 employees - you're talking about six to nine months to get a plan together. You wouldn't necessarily get everyone trained in that time but then the next phase would be to culturally embed the process throughout the organisation."
So what do businesses need to consider when planning for the specific risks posed by the Olympics? What are those risks and how can they mitigate against them? "I tend to think in terms of consequences not risk," says Royds. "If you ask what the risks are, there's going to be some high level headline grabbing things that would be the triggers, but if you start trying to work out what they all are, there are bound to be half a dozen that you haven't thought through. So we tend to look more from the other end of the telescope."
So considerations for businesses located near Olympic venues include a number of 'what ifs', irrespective of the triggers which may bring them on. What if they lose power, lose network connectivity, lose information or lose members of staff? In the event of a major disruption like terrorist attack, the likelihood is that businesses will be caught up in the cordon put in place by emergency services. This means denied access to staff, and depending on the nature of the disruption, organisations might need to plan for a horizon of anything between three and five days, or possibly a week without access to their premises.
"Does that mean that the organisation comes to a grinding halt?" says Royds. "Well not really. If the network is intact, and lines of communications are open, then people can work from home or from another location. But these are the sort of things that people need to start thinking about now."
The BT survey would imply, unfortunately, that many are not. "I see the issue principally as businesses getting caught up in somebody else's incident, indirectly in a way in which they haven't got much control. Particularly if they're not going to be able to gain access to premises, then their planning should revolve around what do we do if we can't get to our place of work. The network's up, it's just redeploying people, relocating people. How quickly can we do that and who's going to coordinate it internally.
"Again, should we be concerned too much about what the event is? You're still going to respond in the same way, the same sort of people are going to stand up to make decisions, whether it's a terrorist incident or all the water drains away from the Olympic swimming pool and floods the local area."
Businesses, as well as government, will need to ensure communications systems are up to scratch as well. The massive influx of people attending the Games will create logistical challenges for any communications system put in place, says James Golding, marketing manager at Vocal. "Sending out concise information quickly to residents, businesses and stakeholders will be vitally important, and should an incident occur all eyes will be on how the London authorities react," he says.
"From a communications viewpoint, the 7/7 bombings saw many business continuity plans fail as mobile networks fell due to the volume of traffic received as news of the bombings filtered around the world," he continues. "So the main challenge for any business will be resilience, without it all of your business continuity communication plans fall down."
Golding emphasises the need for communications tools that are robust enough to cope with the demand placed upon them, potentially almost instantly, in the event of an emergency. "This could mean hundreds of thousands of messages being sent.. the focus needs to be on creating a strong and resilient communications network between the controlling authorities such as the City of London Police and the residents and businesses around London."
Again, the stakeholders involved in securing the Games are steadily plodding along, and there is still time for businesses that aren't prepared to get systems in place - and they need to get those systems in place, as the Games are not merely some distant possibility. "This isn't an event that's not going to happen," says Royds. "Unless the country goes completely bankrupt by then, the Olympics will happen. We know it will happen in 2012. And working back from then, that's plenty of time for organisations to do an awful lot of self help."