ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 1
INTERNATIONAL
TM
Newsletter SUMMER 2017
UNITED KINGDOM CHAPTER 208
ASIS NEWSLETTER OF THE YEAR – WINNER 2015, 2013, 2012, 2008 & 2003 – HONOURABLE MENTION 2011, 2006.
Chairman’s notes Q2 2017 Dear Colleagues It with heavy heart that I write to you. Over the past few months the UK has borne witness to some of the most devastating terrorist attacks on UK soil. The Westminster attack in March was a prime example of just how easy it is for a determined adversary to cause widespread harm and panic in moments using unsophisticated, everyday items such as a car and knife to launch an attack. This was a game changer for the police, UK security services and security professionals everywhere – as well as the public. This was followed by the horrendous Manchester attack where a person borne IED was detonated and caused an unprecedented amount of harm to children and families who were enjoying a night out at a concert. I think we all thought the appetite for this type of attack had gone away in favour of less sophisticated attacks, like Westminster. Then London Bridge and Borough Market were subjected to more unsophisticated attacks using bladed weapons and a vehicle. The immediate Police response was swift and highly effective, clearly lessons had been learned but again we saw how easy it is to launch an attack on innocents. In my view these three attacks have created a watershed moment, a historical change that means we may well in future regard 2017 in the UK as pre and post 2017. Pre 2017 being a period when we thought we were reasonably well protected, resilient and able to respond effectively to a given threat
– and people went about their business feeling safe and secure. Post 2017 being a period where we know we aren’t as well protected as we want or need to be; we’re not as resilient to threats and the ability to respond is not as effective as we hoped it would be. Because of these attacks, it feels that every trip to we take to a high street, a venue, a transport hub potentially puts us and those we care about at risk. This is an unprecedented time in our country, we are no longer safe, every journey, every activity outside of our front door feels like it could put us at risk. Statistically, there is more risk of being bitten by a shark than being a victim of terrorism. We can mitigate against shark attacks by not going into the sea . . . we are vulnerable. ASIS UK and organisations like us are in a position to help reduce these risks and vulnerabilities. As security professionals we all need to do that much more, to help and support the police and security services – and each other. We can share ideas more, we can share information and intelligence more, we can share best practice – we can help those who don’t have our level of training, qualifications, experience and expertise. There are many people who do not share our capabilities and I firmly believe that it is our job, indeed our duty to help protect and support them – it’s why we do what we do, it’s why we’re in the security industry. We can do this not just through physical and technical measures but through increased awareness and response capabilities, through
smarter and pragmatic education, better information sharing, identifying more informed and easily achievable ways of protecting ourselves and others from those who wish to cause harm. We need to change the way we think, the way we act and the way we respond. We need to collaborate more and be bold in our views, our assessments, our measures and our advice – both inside and outside of our work and membership organisations. I call upon all ASIS UK members, indeed all security membership organisations and all security professionals to do more, to take responsibility, to support and help the police, to support and help the security services, the emergency services – and each other in every way we can. I call upon us all – to do more, to do better, to do more together. TOGETHER, BETTER. Your Chairman David
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 2
ESRM AND CSM STRATEGY
How Vendors Can Support ESRM and CSM Strategies that Converged Security Management (CSM) utilizes an approach that brings together physical and logical security professionals in teams to get beyond the silos that have traditionally restricted a single view of security risks. The paper considers • why now is an important turning point for many security teams to take action • what stakeholders need to do to support a converged, buying security team A new white paper examines effective Enterprise Security Risk Management (ESRM) and in particular the issue of buying and selling to siloed physical and logical security teams. The authors, James Willison and Sarb Sembhi, explain
2
SUMMER
2017
• product information and support to stakeholders throughout the product lifespan ensuring clear messaging on the security of the devices/systems and their contribution to the overall solution of ESRM
• security of the product and its design. By acting on these areas, physical security vendors will not only be able to level the playing field compared with logical security vendors, but in some cases, overtake them in terms of maturity in integration. The white paper, sponsored by Axis Communications, is available at www.axiscommunications.com/convergedsecurity.
UK Chapter Member, James Willison is Vice Chair of the ASIS European Convergence/ESRM committee, which supports the ASIS board-level commission on ESRM. James is founder of Unified Security Ltd and Sarb Sembhi is past President of the ISACA London Chapter.
www.asis.org.uk
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 3
DIARY
28–29 Jun
Congresso Latinoamericano de Sequridad, ASIS Mexico
04 Jul
Security TWENTY 17, North
18 Jul
SASIG
10 Aug
ASIS UK CPE Day
05 Sep
Security TWENTY 17, Scotland
13 Sep
ASIS UK Autumn Seminar
25–28 Sep
ASIS 63rd Annual Seminar & Exhibits Dallas, TX
03 Oct
Security Institute AGM
05 Oct
ASIS CSO Center meeting, London - By Invitation
11 Oct
ASIS UK Midlands Meeting, Wolverhampton
16–17 Oct
Total Security Summit
17 Oct
Joint Security Associations Fundraiging Event
5–7 Nov
ASIS Middle East 2017, Bahrain
02 Nov
ASIS CPE Day
02 Nov
Security TWENTY 17, London
09 Nov
National Association for Healthcare Security Conference, Birmingham
14–15 Nov
Universities & Healthcare Estates and Innovation
22 Nov
IFSEC Fire and Security Excellence Awards
23 Nov
International Arts and Antiquities Security Forum
29–30 Nov
UK Security Expo
06 Dec
ASIS UK Winter Seminar and AGM
07 Mar 18
ASIS UK Spring Seminar
18–20 Apr
ASIS Europe 2018, The Hague
www.asis.org.uk
SUMMER
2017
3
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 4
OBITUARY
Michael (Mike) John Tennent 14.11.43 – 02.05.17 We have lost a lovely, lovely gentleman!
“decibel” for five minutes, and that’s where it started for me!
This obituary is based upon my knowledge of Mike for a period of 29 years of which I worked closely with him in Tavcom Training for over 21 years.
Mike and I carried out the first International training in Dubai, where we had delegates from some 12 or more Arab states. Our trip to the Souk was very interesting and nothing like Dubai nowadays. Some other early international training was in Cairo. Before we got there, Mike asked “which side of the road they drive on”, I replied “the right until that’s full then the left as well!!” On that trip, Mike unwittingly shared a lift with President Mubarek and his minders! It was a very interesting course and we learnt to take into account some of the “local” needs, such as midday prayers!
Mike started in electronics when God was a boy! He was involved in electronics since his time in the RAF where he was working with components that glowed in the dark. If they didn’t glow, they were “broken”. Tubes were then still in vogue when Mike spent a number of years in South Africa, where he was instrumental in the installation of the television broadcasting system across the whole country. Back in the UK he was involved in two early CCTV companies, Vision Research where he was involved in the development of the first CCTV video multiplexer, the Krammer, and also with Frowds, where he was involved in the sales of video cameras including the 1” tube camera, the “Surveyor 6”, microwave fence perimeter detection systems and the first of the “Slow Scan” transmission systems. Tavcom was started by a great desire to bring professionalism into the “cowboy” market that we had in the early 1990s. At that time there was, to the best of my knowledge, only one other CCTV trainer around, Charlie Pearce, in the USA, who was a bit like Robin Williams on speed! Tavcom’s first training was carried out in an alarm company’s offices in the Eastleigh area in 1994. I joined Mike in training in 1996, having been conned by Mike when I visited the training centre, to see what he was doing! I was invited to talk about the
4
SUMMER
2017
Tavcom has developed to be, probably, the most extensive CCTV/security training company which has carried out training in: many Arab states, the USA, Egypt, Australia, South Africa, Zimbabwe, Pakistan. This is all thanks to Mike’s dedication and determination to improve the quality in CCTV. If you ever wanted to “wind” Mike up, all you needed to do was to say that LCD panels are better than CRT screens! Mike was also insistent that, it is CCTV not VSS, as we are now told it should be! Mike was always passionate about the quality of the training delivered by Tavcom and would not allow the general licensing of the training courses abroad, because the quality could not be controlled to his satisfaction. In the early days Mike was involved with SITO and also consulted with the SIA regarding the regulation and training of CCTV operators and managers. He was also involved in
many other committees and spent quite a bit of time on the train travelling to and from Winchester to be able to partake in meetings all over the country. Mike became a member of the ASC in 1999 and subsequently became a Board member. He had the responsibility for developing the early Marketing Plan, from which the ASC has since benefitted greatly. He was always outspoken regarding training and the standards of installation etc. Mike was an ardent photographer; he founded the local photographic club and has had a number of pictures exhibited at local exhibitions. He had, over the last few years, had a number of charity cards made from his photographs and has raised, to date, £1,600 for cancer charities from their sales. His CCTV expertise was, of course, a great benefit to his photography. This is a very sad loss both for the industry and for me personally. Mike will be very well remembered by us all. John Laws
www.asis.org.uk
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 5
THE SMA
“Security Training and the UK Domestic Terrorist Threat: Shifting The Emphasis” by Rupert Reid Managing Director TheSMA Ltd As the recent tragic events in Manchester and London have confirmed, we are now dealing with an emerging terrorist modus operandi: working alone or in small groups using home-made explosives, small arms, knives and vehicles to cause harm to their targets; with the perpetrators unconcerned for their own fate. The UK Government’s exhortation to “Run, Hide, Tell” is soundly based and has been well thought through in that it is simple, logical and intuitive; although we still need to work on the British tendency not to cause a fuss (“the driver must be feeling unwell” as the van careers towards the shopping centre). However, whilst ‘Run, Hide, Tell’ may work for the individual, it does not, I would suggest, meet the duty of care criteria of companies when contemplating how best to protect their staff, clients and visitors from such attacks. Let us be clear on the terms of reference here: it is nigh on impossible to prevent an attack of
www.asis.org.uk
the kind we are currently witnessing. As the security services struggle to cope with the influx of information being offered up by a well-meaning public in response to their appeals and make sense of the raft of intelligence being shared by the various agencies, we may need to rethink our concept of ‘prevention’. If a group of disenfranchised fanatics with little or no history of wrongdoing decides to rent a transit van and drive it into a crowded street market, there is nothing we can do to prevent the attack. We can, however, do much to minimise the harm which such an attack might cause by subtly shifting the emphasis from prevention to response. Consider the security guard watching the TV screen or checking credentials and searching handbags at the door. What if they were to be specially trained to profile and identify suspicious activity and abnormal behaviour; and had the necessary complementary technology to alert those they were protecting in the event of an incident? Let us run the scenario: the security guard outside the premises sees a van turning into the street at high speed and hits the panic button on his belt. This triggers an audible alarm in the building. The entire workforce will have been trained to recognise the significance of the alarm and the importance of moving swiftly to a predetermined safe area with any visitors being similarly marshalled. I am not suggesting for one moment that this will offer comprehensive protection for all; but it will minimise the effects of the attack and, importantly, demonstrate that the company has done all it can to mitigate the risk
and exercise its duty of care. Now, we are not talking about significant capital expenditure here, apart from a few handheld panic alarms and a very loud siren; this is primarily an awareness and training issue designed to improve early detection of abnormal activity and to engender an understanding of the need to move quickly when instructed. TheSMA’s parent company, the Chelsea Group, runs a number of very large projects in some very dangerous areas, primarily in the Middle East and Africa; and we have seen the principles work very well indeed in practice. We have therefore adapted the training for the current UK threat environment and are delivering short and focused training to companies using similar risk containment principles based on behavioural profiling and early alert; so we can reassure ourselves that the necessary measures will not be difficult to implement, nor the associated training too onerous for security staff to assimilate.
Tel: +44 (0)1491 699685 enquiries@thesma.co.uk www.thesma.co.uk
SUMMER
2017
5
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 6
TRAINING
Believe in better security… Training and development for career progression Sky plc employs 30,000 people, it is Europe’s largest pay-TV broadcaster with approximately 21 million subscribers. Creating a safe environment for its employees and those who visit its offices and operational centres throughout Europe is of paramount importance to Sky. As one of Europe’s highest profile companies, it is also committed to investing in the latest access control, intruder detection and video surveillance technology. Training Requirements Individual members of the Sky Security Team have been hand-picked because of their expertise acquired through working within the security sector. The Team felt it was important that they should continue to develop by acquiring an internationally recognised professional security management qualification. The Team felt this would raise their profile and credibility within the Sky organisation, enhance their skill sets by introducing them to the latest ideas and sector good practice, which in turn would complement existing knowledge and assist them in progressing individual careers. The Team decided that the ASIS PSP® (Physical Security Professional) certification was most relevant to their day-to-day responsibilities. Lesley Brandon, Head of Training, Development, Transformation and Communication for Sky was tasked to evaluate training providers that offer ASIS PSP® exam preparation programmes. Training Provider Selection Before embarking on her research, Lesley decided on the criteria that would select the best training partner to match their requirements. Having applied this criteria, she selected ARC Training as the company that best met the company’s needs. “I was particularly impressed with the personalities involved and their ‘fit’ with
6
SUMMER
2017
Sky’s business ethos, the proposed course content and their approach to delivery which took advantage of the tutor’s superb communication skills,” says Lesley. “Equally important, ARC Training has a proven track record of providing flexible in-house training, and the PSP course was adapted to fit in with our work commitments.” Programme Delivery The programme was divided into two parts; distance learning and 5 days in the classroom. The distance learning aspect of the programme was completed over 4 months, with the learners required to submit workbook assignments and undertake selfassessment tests. Both of these were used to ensure that the information from the reference texts was being understood and retained. On completion of each section, the ARC Training tutor participated in a conference call that allowed the group to discuss particular concepts and principles, to confirm their understanding and highlight any areas that required supplementary study. The 5-day classroom teaching clarified learning outcomes for each domain and confirmed learner understanding of the reference text. Course Feedback Mark Taylor, Technical Security Operations Manager, participated in the ARC Training preparation programme along with Sky’s Security Manager and three Regional Security Advisors. Mark has worked within the electronic security industry for fifteen years and has been a part of the Sky Security Team for the last six years. “Although I found it quite daunting when I was presented with a large number of ASIS reference books to work my way through, any concerns were quickly dispelled by the calm, patient and reassuring support of the ARC Training tutor. He helped us to put the learning material into workplace context and perspective, while focusing on the knowledge needed to pass the exam” said Mark. Acquiring the ASIS PSP® qualification is
something Mark says he is proud of and in the process of doing so, it has helped him to continually improve how he goes about fulfilling his responsibilities. “I’ve learnt much that I can put to good use for Sky,” says Mark. “For example, in terms of methodology, it has stimulated my thinking about how the application of CPTED (Crime Prevention Through Environmental Design) could benefit Sky, by taking into account the use of natural environmental factors to minimise loss and crime, whilst having a positive impact on productivity.” Success Lesley was pleased with the outcome of the training programme. “All 5 of the team passed at the first attempt and the feedback from them was that they placed a high value on the rapport that was quickly established with the trainer, as well as his excellent communication skills. He also clearly appreciated the need to balance the time needed for them to progress online through the various distance-learning modules against their need to fulfil their work duties. As a result of this initial success, we have chosen to appoint ARC Training as our preferred security management training provider.” Under the terms of an agreement between the two companies, ARC Training will provide customised in-house preparation programmes to enable Sky security personnel to achieve the ASIS CPP® and PSP® certifications. Conclusion The benefit of running an in-house course, such as that provided to Sky, is that timeframes and delivery options can be tailored to suit the organisation. This provides a programme that fits with business ethos and objectives and which maximises learning opportunities and convenience, while minimising travel and accommodation costs. Dave Anderson, Head of Security for Sky said: "Sky work to fully integrate with all partners as part of our strategy. We believe in a ‘one team’ approach,
www.asis.org.uk
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 7
ASIS YOUNG SECURITY PROFESSIONALS
developing our peoples’ skills. By working with ARC Training it helps us make life better here at Sky." Angus Darroch-Warren, Managing Director of ARC Training commented: “We’re delighted that a prestigious client like Sky plc decided to entrust us to deliver these training programmes; the blended combination of distance learning and intensive in-house
classroom based training is proving to be increasingly popular with companies such as Sky. It allows their security personnel to acquire career enhancing qualifications within the context of their busy working lives.” For further information please contact: E: enquiries@arc-tc.com T: +44 (0)1489 896 549 W: www.arc-tc.com
ASIS UK Young Security Professional Event Launched at Aon Centre The inaugural ASIS International UK Young Professionals Group session was held at the Aon Centre in London on the 13th of April. This event was an opportunity for young professionals in the security and risk management field, to meet, network and discuss opportunities, education, and advancement in the field. The Young Professional Committee Board, led by Stuart Eustace, organised a session that included a panel discussion on issues affecting young professionals in the UK and a relaxed networking and question and answer session.
professionals in the UK”. The UK Young Professional committee are keen to develop a programme that fits the needs and interests of all Young professionals and future events include a Cyber Security session at the Security and Counter Terror Expo at London Olympia on 4th May, and a businessfocussed session in the coming months. A mentorship programme will
also be unveiled towards the end of 2017 as another avenue to support members. The Committee welcomes suggestions on future events and from those interested in joining or supporting future events. Please contact Stuart Eustace at yp@asis.org.uk or James Morris, YP Committee Mentoring lead, at ypmentoring@asis.org.uk
“Attendees at the session are just a small number of the young talent in the industry and it was a pleasure to speak to so many who are eager to develop their careers. The turnout at the event, and the level of engagement and the vibrant conversation demonstrate the interest in advancement among young
Just some of the many members who volunteered to help out on the ASIS UK Stand at Security and Counter Terror Expo this year. Thanks! - we really couldn't do it without you.
www.asis.org.uk
SUMMER
2017
7
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 16:37 Page 8
TOP 50
The top 50 influencers in security & fire 2017 After extensive consultation with a panel of judges from across the industry, IFSEC revealed their roll call of the Top 50 influencers in security & fire 2017 in association with the BSIA, who celebrate their 50th anniversary along with a certain album by The Beatles.
David Clark CPP PCI PSP The Francis Crick Institute/ASIS UK Chairman
As you would expect from the world’s largest association for security professionals, there were a number of ASIS members included in the list, including two of our usually publicityshy Chapter Officers. Rumours that their signed photos are being re-sold on eBay for vast sums are entirely untrue (currently).
Mike Hurst HJA Security Recruitment/ASIS UK Vice Chairman
Peter O’Neil, FASAE CAE ASIS International SEO
Volker Wagner Deutsche Telecom/ASIS European Advisory Council
Keith Bloodworth CNL Systems
Martin Smith MBE The Security Company/The SASIG
The full list can be viewed here www.ifsecglobal.com
Prof Martin Gill CSyP The OSPAs Peter Houlis CSyP 2020 Vision Systems
Thomas Langer CPP BAE Systems Inc /ASIS International President
A culture of staff engagement must be an integral part of a business strategy “There is compelling evidence that high levels of employee engagement lead to stronger customer satisfaction, loyalty and business performance” – The Institute of Customer Service (‘The Customer Knows’ – Report 2016) A culture of engagement, where staff engagement is central to the Company’s strategy, is a vital component in the creation of a professional and effective security force, where staff are working for a purpose rather than pay, and who have the skills and drive to deliver the best possible services to, and on behalf of, Clients and the wider community. With the private security industry playing a crucial role in keeping our borders and the nation secure, it is of paramount importance to employ a workforce that is professional and capable of dealing with all eventualities. The services expected of Security are numerous and often require a
8
SUMMER
2017
very broad skills-set. Duties include, but are not limited to: airport security, explosive and drug searches, staffing front-ofhouse, administering First Aid, training in counter terrorism and risk, providing leadership in times of crisis. Security lies at the core of a Company’s business continuity strategy. Staff engagement is an on-going task; new contracts and new recruits mean that it is an everevolving cycle of development. Having an engaged workforce doesn’t necessarily mean having to invest big sums of money in specialist programmes. Vast amounts of time are spent at work and it is our duty to create a work place of moral and social significance – a place that fosters a sense of belonging, where staff can find dignity, self-esteem and are proud of their accomplishments. Employee Recognition Schemes are appreciated and are important. They allow
management to reach out and recognise the hard work of an individual staff member or team and offer a boost and incentive to the operations. Communication can be a challenge as a company grows in size and spreads geographically. The simple introduction of an intranet site can make a real difference in bridging communication gaps. It offers a platform for all to share news and ideas and brings the team closer, irrespective of department or rank within the Company. Ashley Bancroft, Managing Director, ICTS UK & Ireland
www.asis.org.uk
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 9
ISMI
Throughout 2016-17 ISMI®-prepared candidates for the ASIS CPP and PSP certification examinations have continued to achieve a 100% firsttime candidate pass rate in the examination, with two candidates this year achieving record-breaking scores by world standards “Thank-you for providing an excellent course last week - was enjoyable and extremely useful, and I appreciate the work and effort that has gone into the ISMI® materials; I definitely feel that I picked the right study course.”
As with all programmes, the ISMI® approach of “more for less” is applied to its CPP preparation courses. The Classroom Option Understanding that many candidates have limited time to spend on training courses, ISMI® has condensed the taught element of the core CPP principles into a 3day crammer programme, which strikes an optimum balance between time away from work and home study. All of the essential concepts are taught in class by David Cresswell CPP PSP, whose long-standing ASIS credentials can be found at https://ismi.org.uk/csmp/asis-cpp-and-psp-classroompreparation-programmes/about-ismis-cpp-and-pspinstructor.aspx The three days in class are followed by 200 hours of self-study during which the group, away from the classroom and working as a virtual syndicate, progresses through 700 practice comprehension questions to develop core knowledge, followed by a further 1,000 multiple choice questions (including two mock exams) to cement and reinforce that knowledge. Throughout this home-study period there is support from ISMI®, access to a mentor (recently passed CPP) and an online library rich in support material. The 100% examination pass rate validates the rigor of this process. The next 3-day classroom programme is 18-20 October (CPP) and 15-17 November (PSP). See https://ismi.org.uk/csmp/asis-cpp-and-psp-classroompreparation-programmes.aspx
www.asis.org.uk
The Distance-Learning Option The know-how developed for the classroom is available also through an entirely distance-learning programme, during which candidates have the benefit of 7-day a week access to a coach for the duration of the programme. Many candidates prefer this to the inclass option and the ISMI® Personal Tutor Programme for the ASIS CPP has candidates from the UK, US, Hong Kong, Singapore, Philippines, Kenya, Canada, UAE, South Africa, Egypt, India, Pakistan and Germany. Candidates progress at their own pace through 700 practice comprehension questions to develop core knowledge, followed by a further 1,000 multiple choice questions (including two mock exams) to cement and reinforce that knowledge. Each practice paper is fully assessed personally by David Cresswell CPP PSP and detailed written feedback provided on each answer so that the candidate can assess progress and learning gaps. Written feedback can be then followed up with a coaching call. Details at https://ismi.org.uk/csmp/asiscpp-distance-learning-preparation-programme.aspx
SUMMER
2017
9
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 10
FUTURE THINKING
Future thinking In these articles the last year or two I have gone over the recent past, and last time the present. This time, Mark Rowe writes, I want to cover the future. I have had the idea that in the future far more of us, perhaps most, will live, maybe full-time, in a virtual world. It’s hardly an original idea; it’s from the film The Matrix. The historian Yuval Noah Harari in a May article in The Guardian suggested that what he charmingly called ‘the useless class of the post-work world’ will find meaning in their lives in virtual realities. This idea that, thanks to machines, we’ll have far more time on our hands is not new; Bertrand Russell argued it 80, 90 years ago. What’s different now is that instead of people turning to art and literature, and selfimprovement, as Russell assumed, Harari implies that we’re too thick to do anything except embrace a glorified video game. Two questions for you. First, Harari and other future-thinkers assume that in these virtual worlds we’ll all be well-behaved;
10
SUMMER
2017
really? And more practically, what, if any, market will there be for private security, and indeed other services? We’ll have to wait for the future to see. But let’s assume it’s what some are already calling ‘immersive experiences’; you sit in your living room, but – whether thanks to headphones or a big screen, or who knows what sensors, inserted who knows where – it feels as if you’re sitting at Wembley, let’s say, and the England World Cup winning team are re-playing 1966, or playing today’s Barcelona team. At a price, of course. Will you be able to buy a beer, and drink it in virtual reality? If the bloke sitting behind you gets drunk, and spills his beer over your hair, what happens? Will you really feel wet – if not, it’s not that real an experience. If you are a pick-pocket, will you find pockets to pick? What if you are Bobby Charlton, for an extra fee of course, and you are a protest group, and want to show a banner? This virtual world will need the same surveillance as the real world. If you misbehave, will a control room switch you off (no refunds)? Or will there be virtual world stewards, and police - although assuming these virtual worlds are privately-owned, I can’t see a place for police as we know them. This raises the prospect of the future actually offering plenty of job opportunities, in those virtual worlds. Could you be a pub doorman in the real world at the weekend, and in virtual worlds in the week? It’d
only be a development of the invigilators called for in social media to weed out hateful and unlawful videos and comments beyond the pale. To return to the present, we do know that online worlds are not well-behaved. The National Crime Agency on April 21 brought out a report into why young people go into cyber crime, ‘based on debriefs with offenders and those on the fringes’. They do it to accomplish something, and for the respect of those they look up to, in online groups such as gaming cheat websites. In those future virtual worlds we may face more and worse con artists than we do in the real.
www.asis.org.uk
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 11
SOCIETAL TRUST
Societal Trust similar to pain. What do you think happens when people experience pain? Correct, they withdraw so they won’t experience any more pain. So, as citizens have become more withdrawn and alienated, they are less likely to engage.
Recent studies have identified that societal trust in government and state institutions is decreasing year on year – this brief article explores why this may be so, some implications and possible solutions. Recently published research on the human brain’s process areas, identified a clear separation between a frontal section which concentrates on economics and logic problems and a mid-brain deeper section which focuses on social relationships. When individuals experienced pain it was the mid-brain section which was triggered in response. The study also found that when people felt excluded - the same pain area in the brain was affected. So when governments engage badly or fail to engage, people’s experience is
www.asis.org.uk
Ask yourself, who do you trust and why? Trust researchers have developed models to explain the basis of trust and distrust. According to the models, trusting someone is based on an assessment of ability, integrity and benevolence. When you board a train or an aeroplane - do you think about the driver or the pilot’s ability? When you visit your GP, what is the basis of the trust? If a colleague calls you for an urgent meeting, what trust may be involved? Other elements involved in trust include perceptions of risk and perceptions of vulnerability. On balance, when we take a decision to trust we weigh up the risks involved and our potential vulnerability; trust is the outcome based on less risk and less vulnerability. For those involved in incident management and emergency response there may be differences that come into play these may be based on important elements such as training, rehearsal and calculated risk-taking.
So, what are the implications of reduced societal trust? US researchers have identified lower trust related to different ethnic groups, for example, the police there are less trusted by black communities. When communities don’t trust the police they are less likely to work with them on law issues. So, returning to the UK . . . have you seen any evidence of increased or decreased levels of trust? Finally, recent research from Australia and the UK has highlighted how we could rebuild trust and engagement. Key factors include rapid interventions involving apologising, demonstrations of trustworthiness, displays of benevolence and intervention to reform past deeds. Dr Allison Wylde is a faculty member with Cardiff University Business School and a Research Fellow with the Crime and Security Research Institute, enquiries please email wyldea@Cardiff.ac.uk @cardiffbusiness Cardiff University Business School #PublicValue @CrimeSecurityCU Crime and Security Research Institute
SUMMER
2017
11
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 12
CYBERSECURITY
Cybersecurity in supply chains; key to meeting GDPR challenges The General Data Protection Regulation (GDPR) is a huge consideration for businesses across the globe. The key tenets of the regulation, including fines of 4 per cent of annual group turnover or €20m, whichever is higher, should now be well known by all industries. Currently, however, only 43 per cent of organisations are said to be actively preparing for GDPR. This could result not only in increased risk displacement, exposing poorly secured businesses to threats as their counterparts invest in technology to ensure security and compliance, but also brings with it the potential for significant fines. A particular risk is the security of networked devices, with various threats utilising IoT technology as a staging ground for wider attacks. The cyber landscape is changing on an almost daily basis. As demonstrated by the recent global WannaCrypt ransomware infection, attacks are also becoming more sophisticated. The link between nationstate and organised criminal action has become far less distinctive, resulting in criminal groups gaining access to highly sophisticated malware. As the threats faced by businesses continue to rise, the need to revaluate supply chain security and ensure all employees are briefed on an organisation’s cybersecurity strategy has never been greater. Ensuring supply chain security to mitigate risk Within the surveillance industry, we have seen a significant change in the last decade – a shift away from analogue CCTV to the networked cameras in use today. This has resulted not only in greater levels of business intelligence through analytics and big data, but has increased the safety and security of different environments. Beyond the security of the device itself, the way IoT technology is deployed is key to its security and can leave organisations exposed to vulnerabilities. A worst-case scenario is when physical security systems, deployed to protect assets and information, act as the weakest link - granting an attacker access to other areas of the network. Any untested device may be a potential avenue for attack against a network
12
SUMMER
2017
ranging from an employee simply plugging in a USB device, through to untested IoT technology. Whereas security specialists once dealt with the entire process behind procuring and installing surveillance technology, the task has now become more collaborative – sitting jointly between IT departments and their security counterparts. The rate of technological advancement, when combined with unclear cybersecurity responsibility between internal stakeholders, has left something of an education gap. In real terms, this means that when it comes to supply chain management, due diligence is often not practiced – simply because those responsible for the technology do not have the breadth of information necessary to make informed decisions and mitigate cyber risks. GDPR provides the perfect motivation to meet these challenges head on. Confirming security; mitigating liability GDPR, in essence, is designed to bring businesses up to a minimum standard on damage mitigation. The regulation does not stipulate that a business must be unbreachable; only that the prerequisite planning and research has been undertaken; that compliance has been achieved to minimise the potential of a breach, and effectively react should a breach occur. Whilst GDPR specifically relates to a company that retains and loses Personally Identifiable Information (PII), this responsibility does not necessarily extend to companies in the supply chain where the unsecure technology is sourced. What this means is that while organisations within a supply chain may not be directly liable for a breach under GDPR, it provides a case for rolling the impact of GDPR fines downhill from the organisation which has purchased the device. Should an organisation suffer a data breach and subsequently be fined under GDPR, when the cause of the incident is identified, the liability will likely not remain with the original company if due diligence is practiced or can be proven. Should an organisation within the supply chain, claiming their technology is secure, then have their assertions proved otherwise, they will be potentially vulnerable to action from firms using their technology under false impressions.
The UK’s ‘National Cyber Security Strategy 2016-2021’ refers to the concept of ‘secure by default’, “ensuring that the security controls built into the software and hardware . . . are activated as a default setting by the manufacturer.” This concept is an essential element to any technology utilised today. The cybersecurity element of a modern business is a process, however, and extends far beyond a product-led approach. True security requires collaboration between user and manufacturer – no device, despite being secure by default, will remain so with default passwords enabled, for example. GDPR is designed to ensure a baseline of security across the EU and countries holding EU-related data. In meeting the compliance challenge, fines can be avoided through comprehensive reporting, data storage methods and access limitation. By implementing due diligence at every step of the supply chain, the burden is further reduced. GDPR compliance is not an issue that will be met by end-users alone. Instead, a collaborative approach where vendors, manufacturers and end-users all take responsibility for cybersecurity effectiveness will ultimately minimise the risk of a damaging breach. To find out more on how to implement a secure approach to IoT technology integration, Steven Kenny explores the latest strategies from Axis. Read the ebook here.
Steven Kenny, Business Development Manager, Axis Communications
www.asis.org.uk
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 13
ASIS EUROPE 2017
ASIS Brussels Director, Michiel Gen, ASIS International CEO Peter O’Neil FASAE, CAE and 2017 President Tom Langer CPP
Just a few of the Chapter 208 members in attendance
Why not use the lift! Former ASIS UK Chapter Chairman and exBootneck, Barrie Millett who has recently joined Wesleyan Insurance as Head of Group Security, following a long spell at Eon threw caution to the wind and himself off a building in aid of Birmingham Children’s hospital. Taking more risks than necessary for a man of his advancing years, Barrie decided to abseil down the side of the company’s offices. Rumours that someone had said, “Last one down, buys the beers” have yet to be confirmed, or denied. Please stop Barrie from any future foolhardiness by donating quoting #BootneckBarrie https://www.justgiving.com/fundraising/Wesleyan MagnoliaHouse
www.asis.org.uk
SUMMER
2017
13
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 14
CRIME AND SECURITY RESEARCH INSTITUTE
External partnerships and research collaborators IBM, the World Health Organisation, the College of Policing and the Welsh Resilience Forums
24 May 2017 Research at the Crime and Security Research Institute at Cardiff University produces new evidence and insights to help reduce crime and increase security. The Crime and Security Research Institute draws on well-established interdisciplinary expertise from the Police Science Institute, the Violence Research Group and the Research Informatics and Computing Group a new enterprise in dynamic visual technologies. Research program, key themes • behavior change • data to determine • prevention and protection • safety of the neighborhood to the nation Other research areas include • evidence-based approaches to offender management and rehabilitation • longitudinal studies of the Cardiff region in terms of urban security governance
14
SUMMER
2017
• new methodologies for gauging and understanding the impacts of crime and risks • criminal histories and the role of historic crime cases and how they question our notions of justice • applications of new predictive and visualisation technologies across a range of security environments Recent PhDs/publications Professor Shepherd’s ‘Cardiff Model’ for reducing violence in the UK; threequarters of incidents which result in hospital ED treatment are not known to police
Dr Allison Wylde FRGS FHEA PhD (London) DIC (Imperial)Allison joined Cardiff University in October 2016, she is a Research Fellow with the Crime and Security Research Institute at, she was previously with Loughborough University, London. Allison’s research examines practitioners’ decision-making specifically perceptions of trust and risk under conditions of uncertainty, both face to face and cyber-mediated, including the internet of things (IOT); she also examines the role of standards in organisational productivity and innovation. Allison is a volunteer International Commissioner with the ASIS International Commission on International Standards and Guidelines
Thesis, ‘Modelling and optimising police patrol routes’; spatial statistics, police patrol modelling, route assignment Detecting violent and abnormal crowd activity using temporal analysis of grey level co-occurrence matrix (GLCM)-based texture measures, Machine Vision and Applications
www.asis.org.uk
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 15
ASIS UK SUMMER 2017
Stuart Eustace CPP PSP and Paul Winstanley CPP PSP, from pladis global collect their PSP Certificates from David Clark CPP PCI PSP
ASIS UK Summer 2017
Andy Challen and Agnieszka Eile – Regester Larkin by Deloitte
Steve Kenny from Sponsors Axis, celebrating his birthday at the seminar.
Russell Penny CPP—receiving a Certificate of Appreciation
Aon’s James Morris CPP
Paul Barker CPP receiving his ASIS UK Veteran Certificate
www.asis.org.uk
Andrew Bull—speaking for Sponsors HID Global and Quantum Secure
ASIS Member Dr Howard Cummins—UK NACE (FCO)
SUMMER
2017
15
ASIS July17_ASIS_RiskUK_jan16 07/07/2017 15:36 Page 16
Cyber, Physical or Insider Threat? All of the above?
ASIS Europe 2018
18 – 20 april 2018 the hague netherlands www.asiseurope.org