“The leadership of this organization makes it easy for me to do my job. They are extremely supportive and of the highest moral character and because of that they understand security and know that we need to protect our employees. It’s easy working for and with the executive team because of their compassion for what we do. I know many others who don’t have that endorsement. It makes it easy for me to walk up to (Centrica CEO) Deryk King’s door and say ”˜Have you got a minute?’ and give him the heads up about something and he will thank me for it,” says Weir.

He manages much of the operation with the assistance of networked security technology — a good deal of it is accessible from his laptop.

“Because of the geographical size of what we have to deal with ”“ our operations go from Newfoundland to California — and for us to physically see these place we have to use technology. Our access control systems are also centralized whether it’s in Toronto or Houston. In a global economy, technology has to be used,” he says.

Weir is a big fan of PPM 2000’s Perspective Premium for reporting — all incidents in the company flow through there and employees are educated to report incidents through the company intranet and they then flow through Perspective.

“We started using PPM’s product five years ago and graduated to Perspective Premium last year. I do quarterly reports to the operational committees and it allows you to qualify what you’re doing,” he says. “Not long after I joined the company our CEO joked to me, ”˜Well, we didn’t have these problems before you joined the company.’

“It’s great because I can assign a problem to another business unit, for example to IT security or to HR, or I can accept it as one of my own and then assign it to a team member or place it in pending because it needs more information.”

And by creating a one-stop portal for employees to file their concerns about security-related incidents, it means there are far more eyes watching out for the corporate brand.

During an employee’s first day at Direct Energy, whether it is Pittsburgh, New York or Toronto, there is an online introduction to company policies such as code of conduct, brand values, information security and physical security.

“Any employee at Direct Energy can go into the portal and report an incident,” he says. “If a service technician on the road has something stolen from their van they can report it to their line manager who would then submit it.”

He also uses NetVu Connected from Dedicated Micros to view camera feeds from remote locations, such as a power plant located one mile from the Mexican border.

“The controller for the camera is in the control room at the power plant, but if someone is moving in the landscape it will pick up and follow it if there is something there that is not normally there. If there is an alert, the control centre at the power plant will get the alert — if needed they notify us. I don’t normally dial-in unless someone at the site has contacted me to say, ”˜Take a look at the cameras in this location. The cameras are a great tool for investigating after something is happening, but it’s also an essential tool for the power plant workers,” says Weir.

When it comes to security issues related to Direct Energy’s critical infrastructure Weir has reached out to N-Dimension Solutions of Richmond Hill, Ont., which assists critical infrastructure organizations with the protection of their control systems and information systems by providing them with cyber security solutions that facilitate compliance with industry-specific security standards such as NERC CIP, IEEE P1711 (AGA12), and other directives, including those proposed by the U.S. Department of Energy and the U.S. Department of Homeland Security.

“They do the evaluation on NERC and critical infrastructure and they are probably the best in the world right now — a lot of U.S. companies are using them.”