www.counterterrorbusiness.com | ISSUE 44
BORDER SECURITY
PERIMETER SECURITY
EVENT SECURITY
KEEPING TERRORISM ON THE AGENDA The return of spectators to venues may have been delayed, but mitigating the terrorist threat should not be ignored
DRONES
COMMENT
COUNTER TERROR BUSINESS 5
www.counterterrorbusiness.com | ISSUE 44
BORDER SECURITY
PERIMETER SECURITY
DRONES
PRIORITISING EVENT SECURITY IN 2021 In September, the government announced that there will be a further six month hiatus before venues, stadia and arenas can fully open their doors to the public. In light of this, there has never been a better time to thoroughly examine safety and security protocols, implement new technology and revise the risk management strategies needed to securely open up the events industry again in 2021.
EVENT SECURITY
KEEPING TERRORISM ON THE AGENDA The return of spectators to venues may have been delayed, but mitigating the terrorist threat should not be ignored
Follow and interact with us on Twitter:
@CTBNews
Some of these key security questions and relevant issues were discussed in length at the CTB365 ‘Event Management Security’ online interactive event on 8 October. We were proud to invite Figen Murray, mother of Martyn Hett, and former National Counter Terrorism Coordinator Nick Aldworth to discuss the progress being made with Martyn’s Law, something that the whole industry agrees needs implementing. We also heard from Rick Mounfield, chief executive of the Security Institute, and Paul Jeffrey, chairman of the Perimeter Security Suppliers Association, amongst others. If you missed the event, I strongly encourage you to visit the CTB365 platform to watch it on demand: https://365.counterterrorbusiness.com Michael Lyons, editor
ONLINE // MOBILE // FACE TO FACE To register for your FREE Digital Subscription of Counter Terror Business, go to: www.counterterrorbusiness.com/digital-subscription or contact Public Sector Information, 226 High Road, Loughton, Essex IG10 1ET. Tel: 020 8532 0055
www.counterterrorbusiness.com PUBLISHED BY PUBLIC SECTOR INFORMATION LIMITED
226 High Rd, Loughton, Essex IG10 1ET. Tel: 020 8532 0055 Web: www.psi-media.co.uk EDITOR Michael Lyons PRODUCTION MANAGER & DESIGNER Dan Kanolik PRODUCTION CONTROL Lucy Maynard WEB PRODUCTION & ADMINISTRATION Victoria Casey PUBLISHER Jake Deadman
Counter Terror Business would like to thank the following organisations for their support:
© 2020 Public Sector Information Limited. No part of this publication can be reproduced, stored in a retrieval system or transmitted in any form or by any other means (electronic, mechanical, photocopying, recording or otherwise) without the prior written permission of the publisher. Whilst every care has been taken to ensure the accuracy of the editorial content the publisher cannot be held responsible for errors or omissions. The views expressed are not necessarily those of the publisher. ISSN 2399-4533
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
3
www.frequentis.com
Counter UAS solutions: Mitigating safety and security threats
If used in accordance with present regulation, unmanned aerial systems or vehicles – UAS/UAVs (i.e. drones) can be a great asset. However, not all drones are here to serve us. As UAV traffic increases, airports, law enforcement, and air navigation service providers (ANSPs) face new safety and security challenges. How do we ensure quick response times and appropriate action when it comes to drone incursions that threaten safety, security, and business continuity? When a rogue drone disrupted British airport Gatwick, in December 2018, hundreds of flights were cancelled after it refused to cooperate with air traffic control (ATC). German airport, Frankfurt, recently suffered a similar incident, forcing up to 70 aircraft to divert. How could this be avoided and how do we ensure serious harm is prevented? Frequentis, along with defence and security sensor specialist HENSOLDT, has created the next generation of integrated counter UAS solutions so that incidents, like those at Gatwick and Frankfurt, can be dealt with swiftly and effectively. A dedicated consulting team creates the concept of operations, including roles, responsibilities, procedures, KPIs, operational requirements and best-fit third party sensor/effector systems and technology, based on best practice, developed with customers, regulators and authorities.
A system that fuses Ait Traffic Management, UAS Traffic Management, Drone Detection, Visual Reports, and Blue Force Tracking into a common air / ground situation, ensures common situational awareness in complex drone incidents. Thanks to integrated communications and incident management, all organisations can work together on the same goal, focusing on the procedures, and minimising response times in the event of drone incursions. Watch how organisations and systems are integrated, to enable full visibility and reduced response times in drone incidents. Click here to read our whitepaper: Frequentis-Counter-UAV-White-paper
www.linkedin.com/company/Frequentis
4
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
www.twitter.com/Frequentis
CONTENTS
CONTENTS CTB 44 07 NEWS UK police will be ‘unable to cope’ without EU data sharing after Brexit; new funding support for victims of terrorism; and MPs warn that 5G development could open the UK up to security risks
13 EVENT SECURITY With the date for when spectators can return to event venues pushed back again, because of coronavirus, Iain Moran explains why tackling the terrorist threat must be kept on the agenda of event organisers
18 EVENT MANAGEMENT The current coronavirus pandemic has meant that legislation for Martyn’s Law has been tabled. However, as our recent CTB365 event highlighted, the need for it has never been greater. Zac Kelly helps explain why
25 PERIMETER SECURITY On behalf of the Perimeter Security Suppliers Association, Debbie Heald explains why pedestrian security must be prioritised if towns and cities want to recover from the current health crisis
28 SECURITY The question being posed is whether the security industry is a hidden workforce? Security is everywhere, but to what extent have the events of 2020 rendered it forgotten? The British Security Industry Association explore
32 INTERNATIONAL SECURITY WEEK Following the postponement of the International Security Expo until September 2021,International Security Week has been launched in its place. Organisers Nineteen Events provide the details of what to expect
36 BORDER SECURITY Behind all the coronavirus headlines across Europe, the small issue of the UK’s departure from the EU is ongoing. Here, Tony Smith revisits the idea of ‘tacking back control’ of our borders after 1 January 2021
38 AIRPORT SECURITY Adrian Timberlake examines how intelligent technologies work to weave together the bigger picture to spot threats of terror on the horizon, and how digital transformation in the aviation sector is upscaling the implementation of counter terror measures
42 DRONES While its greatest asset, the mobile drone’s versatility remains a doubleedged sword. Anna Jackman shares her thoughts on the rise in drone use across the UK and how best to counter their threat
46 INTERNATIONAL RELATIONS One of the main issues arising from the frictions between the UK and China over policy in Hong Kong is data privacy. Here, Amy Pope explains the cyber security, geopolitical, and global business impact, and what companies can do about it
48 INFORMATION SECURITY With the number of Internet of Things devices within organisations expanding, it is becoming more important to locate, update and patch them. Steven Durbin, of the Information Security Forum, considers how best to manage such vulnerabilities
50 DERADICALISATION The backlash that follows cases of recidivism raises the significance of considering how de-radicalisation is percieved and understood. Gordon Clubb, from the University of Leeds, shares his insights into one of the industry’s trickiest issues
Counter Terror Business magazine // www.counterterrorbusiness.com ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
5
WORLDWIDE WORLD CLASS PROTECTION The Westminster Group Plc is a trusted global brand delivering strategic security solutions, managed services and best in class equipment to keep people safe, secure assets and maximise prosperity in high growth and emerging markets around the world. The Westminster Group operates in over 50 countries, serving blue chip clients, governments and infrastructure - providing training, consultation and support in threat and risk management as well as the provision of skilled manpower and specialist equipment.
www.wg-plc.com enquiries@wg-plc.com +44 1295 756300
KEEPING PEOPLE SAFE
Westminster Group PLC, Westminster House, Blacklocks Hill, Banbury, Oxfordshire OX17 2BS
CTB NEWS BREXIT
UK police ‘unable to cope’ without EU data sharing
David Anderson has warned that police in the UK ‘will be increasingly unable to cope’ in the event of a no-deal Brexit because existing data-sharing agreements with the EU will be cut. The former independent reviewer of terrorism legislation has lent his voice to increasing concerns that a failure to strike a Brexit deal could have a serious impact on Britain’s ability to fight cross-border crime, as UK-EU talks remained stalled. The
growing standoff in negotiations between London and Brussels has raised the prospect that no agreement will be reached on security and law enforcement cooperation because it is bound up with the overall deal. In the event of a no-deal, Anderson said that the UK would lose real-time access to EU databases of criminal records, arrest warrants and passenger information, dramatically slowing investigations. The crossbench peer stressed that, without the ability to exchange data and intelligence across frontiers, law enforcement will be ‘increasingly unable to cope’, saying that ‘everything from extradition to notification of alerts, crime scene matches and criminal record searches will be much slower, at best’. Currently police in the UK can obtain fingerprints and DNA information from their EU counterparts in 15 minutes using the Prüm system. Before the
system was used in the UK, police said it used to take four months to receive the same information. There has been no clear alternative put forward if access to the system was withdrawn. Equally, British police checks via the European Criminal Records Information System are instantaneous. Similar checks via alternative systems would take, on average, 66 days, according to evidence given by the Metropolitan Police to a Lords committee earlier this year. Anderson said that he hoped that ‘mutual self-interest’ would kick in at some point and a security agreement would at least be reached, and has urged both the UK and EU ‘to mitigate the damage as far as possible’, which ‘means putting operational concerns ahead of ideology’.
CLICK TO READ MORE
MI5
CYBER SECURITY
Russian and Chinese threats to UK ‘growing in severity’
GRU cyber attacks against Olympic Games condemned
Ken McCallum has claimed that the spy threats posed by China and Russia to the UK are ‘growing in severity and complexity’ while the terror threat from ISIS and the far right ‘persists at scale’. Delivering his first public speech as the new boss of MI5, McCullum focused on risks from hostile states, singling out ‘the differing national security challenges presented by Russian, Chinese, Iranian and other actors’ which the agency believes are ‘growing in severity and in complexity’. He also highlighted the challenges of states undermining ‘the integrity of UK research’ on a coronavirus vaccine. In July the UK accused Russia of attempting to steal coronavirus secrets by hacking into research labs in the
UK, Canada and the US. Russian activities also include efforts to discredit western vaccines on social media. MI5’s work has been dominated by counter terrorism in the last two decades, revealing in its last update that it had thwarted 27 terror plots in the last four years, including eight from the far right. McCullum said the threat from the far right was ‘sadly rising’ and there were particular concerns that young people are being attracted to far-right thinking – although unlike with Islamist terrorism, the movement remained fragmented with no unifying group to bring focus to terror plots.
CLICK TO READ MORE
The UK has exposed malicious cyber activity from Russia’s GRU military intelligence service against organisations involved in the 2020 Olympic and Paralympic Games before they were postponed. The activity involved cyber reconnaissance by the GRU targeting officials and organisations involved in the Games, which had been due to take place in Tokyo during the summer. Because of the global coronavirus pandemic, the games have now been postponed until next year. In the attacks on the 2018 Games, the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games. The incidents were the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games, with the UK also revealing details of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.
CLICK TO READ MORE
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
7
www.durabook.com
Endless customisation for performance when it matters
Communication and technology are undeniably at the centre of emergency service, public safety, anti-terrorist and defence personnel daily work lives. Implementing the latest technologies is critical to driving improved productivity, efficiency and communication; automating and streamlining operations; greater access to intelligence and data; and keeping one step ahead. But with so much technology available and squeezed budgets, organisations must consider efficiency over complexity, and ensure assets are able to perform to the maximum throughout their lifecycle. Rugged devices are fast becoming the linchpin of all of these technologies as they enable organisations to realise even greater benefits. The Durabook Z14I rugged laptop offers boundless customisation capabilities that organisations benefit from the latest technologies such as Edge computing, IoT, Augmented Reality and AI/machine learning. Only rugged devices like the Z14I have the power and functionality to seamlessly integrate with these technologies while withstanding the harsh environments of field work. Durabook’s Z14I rugged laptop’s expansion box is one of the most powerful enhancement tools, especially for field based missions. By simply connecting via either of two PCIe slots, it enables the laptop to transform quickly into an ultra-portable workstation, a remote control/radio system for robots or unmanned aerial vehicles (UAV) for example. Additional connectors allow more graphics cards, RAID cards, Wi-Fi cards, or SSD add-on cards, so that field teams can do more faster and with less effort.
The latest dual band wireless AC 9260 and Bluetooth® V5.0 ensure that all data can be instantlysynchronised and fed back to the command centre without interruption. With the latest 8th Generation Intel® Core™ processor and graphics capabilities, the Z14I can effortlessly handle data intensive tasks, such as mapping and geotagging, which public safety, emergency and defence personnel rely on during emergency situations or completing routine checks. The device withstands even the harshest of environments, with IP65 rating, MIL-STD 810G certification and resistant to drops of up to six feet. It has also been tested for explosive atmospheres, solar radiation, salt fog, and fungus resistance, which goes beyond testing standards compared to other rugged devices in its class.
Here’s a full list of features and functionality . Contact us at marketing@durabook.com
8
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
/durabook
CTB NEWS FUNDING
New funding support for victims of terrorism and support to those who have been affected by terrorist attacks. Victim Support will run a 24-hour assessment service which will ensure each person receives tailored help after being impacted by terrorism. South London and Maudsley NHS Trust will provide specialist clinical mental health screening and therapy. Cruse Bereavement will provide specialist bereavement support for victims who would not otherwise be eligible through the existing homicide service, such as witnesses and first responders. The Peace Foundation’s UK-wide service will focus on providing a longterm peer support network for victims of terrorism, connecting them to others who have had similar experiences.
The Home Office has announced that new funding will be provided to improve the services which support victims of terrorism. The government says that £500,000 will be split equally between four successful bidders following the
conclusion of a competitive fund which was announced by the Home Secretary in March. Victim Support, South London and Maudsley NHS Trust, Cruse Bereavement Care and the Peace Foundation will each receive £125,000 to provide advice
DSTL
PUBLIC SPACES
New counter terrorism facility opened by The Queen
Security an ‘afterthought’ in pedestrianisation drive
Her Majesty The Queen and the Duke of Cambridge have officially opened the Defence Science and Technology Laboratory’s new £30 million Energetics Analysis Centre. The Energetics Analysis Centre is a state-of-the-art building from which hundreds of scientists conduct worldclass research and analysis to give the UK military and security advantage, protecting against terrorist and criminal threats. The expert team’s impact extends across government, reaching the Ministry of Defence, Home Office, Department for Transport and other agencies. Hosted by Dstl’s Chief Executive, Gary Aitkenhead, The Queen and The Duke viewed interactive displays and met a number of scientists ho explained how Dstl’s science and technology keeps the public safe by detecting explosives, helping to identify terrorist networks and analysing vital forensic evidence to help bring those involved in terrorism to justice. This included those involved in providing a rapid operational response to the Novichok incident in 2018.
CLICK TO READ MORE
CLICK TO READ MORE
Nearly half of urban design professionals believe that the recent rise of pedestrianisation in city and town centres is making public spaces more vulnerable to attack. Temporary pedestrianisation of key locations has suddenly become commonplace as a result of the coronavirus pandemic, offering an effective means of facilitating social distancing and increasing outdoor seating capacity for struggling bars and restaurants. However, a survey of leading architects, planners and specifiers found that many are concerned about the potential security risks of widespread pedestrianisation. They say that without the appropriate security solutions in place, large numbers of pedestrians gathered in a confined
area greatly increases the threat of vehicle-as-a-weapon attacks. In response to this increased security threat, 30 per cent of those surveyed said that investing in temporary security measures that can be installed and removed as needed will be essential to ensure the ongoing safety of civilians. The research also found that many urban design professionals believe there is now a clear need for public spaces that can be easily adapted to respond to our changing needs, including security measures that can be replaced or upgraded whenever necessary. According to 43 per cent of those surveyed, this will be the key to futureproofing our cities going forward.
CLICK TO READ MORE
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
9
4 DAYS OF FREE TO ATTEND CERTIFIED CPD CONTENT!
Incorporating
www.internationalsecurityexpo.com
www.internationalcyberexpo.com
www.disasterresponseexpo.com
International Security Week is a 4 day virtual event from 30 Nov – 03 Dec 2020, featuring world renowned speakers covering the most topical subjects in security, counter terrorism, cyber and disaster response. ISWeek will bring you exclusive, free-to-watch, CPD certified content all broadcast from a real studio setting.
DAY ONE: International Matters
DAY TWO: Cyber Threats
Sponsored by:
Sponsored by:
Lead Media Partner:
Incorporating terror, crowded places, aviation and transport. A discussion of the priorities for Counter Terror Police UK being balanced against the new Protect Duty, or Martyns’ Law, and real in-depth discussion about what it means for some of our iconic places.
What are the future cyber trends and how have they been influenced by the Pandemic? We get exclusive insights that will give businesses that edge and further detail on UK government priorities, plus discussions of cyber threat mitigation and human factor awareness training.
DAY THREE: Protecting CNI and Adapting Law and Order Serious and Organised Crime has adapted to the pandemic but so has the approach from law enforcement. We will provide a unique insight into issues that are affecting policing and understand the UK governments priorities for innovation before spending some time looking at securing critical national infrastructure.
DAY FOUR: Disaster Response and Communication The UK leads the world in many aspects of disaster planning, provision of capability and resources. Day four will look at real life changing disasters including a unique insight into the Novichock incidents, migrants who are risking their lives crossing the channel and the response to the COVID pandemic.
Access ISWeek live 30 Nov – 03 Dec or OnDemand after!
Register your free pass here: www.internationalsecurityexpo.com/register-your-pass-ctb
CTB NEWS 5G
5G development opens UK up to security risks
The Defence Committee has warned that the development of 5G will increase our dependency on mobile connectivity, opening the UK up to security risks such as espionage, sabotage or system failure. The committee’s report, The Security of 5G, makes a number of
recommendations on working with allies, developing a better response to vulnerabilities in our existing and new systems, as well as the risks of working with Huawei. The inquiry found that there is clear evidence of collusion between Huawei and the Chinese state, which supports
the decision to remove them from the UK’s networks. MPs argue that the designation of Huawei as a high-risk vendor by the government is appropriate and completely justified with the correct steps being taken to remove them from the UK’s 5G. In the meantime, however, the committee is content that Huawei has been, and continues to be, sufficiently distanced from sensitive defence and national security sites. Nonetheless, the committee supports the government’s goal of removing Huawei from the UK’s 5G networks by 2027. However, the committee note that developments could necessitate this date being moved forward, potentially to 2025 which could be considered economically feasible.
CLICK TO READ MORE
PREVENT
No training for Prevent officers of London Bridge killer Officers from Prevent responsible for monitoring convicted terrorist Usman Khan had ‘no specific training’ in handling terrorists, an inquest has been told. Khan stabbed Cambridge University graduates Saskia Jones and Jack Merritt during a prisoner rehabilitation event at Fishmongers’ Hall on 29 November last year. Two other women were injured in the attack on London Bridge.
Khan, who was armed with two knives and wore a fake suicide vest, was tackled by members of the public with a narwhal tusk, a decorative pike and a fire extinguisher. The attacker, who had been living in Stafford, was then shot dead by police on London Bridge. A pre-inquest hearing has been told that there was already evidence of a ‘systemic problem’. Nick Armstrong, a lawyer for Merritt’s family said that ‘all
the Prevent officers from Staffordshire [said] they had no specific training in handling terrorist offenders. A full inquest, due to start at the Old Bailey on 12 April next year, will examine how the terror attack happened and if it could have been stopped.
CLICK TO READ MORE
RETAIL
Revamped BRC toolkit to boost cyber defence in retail The National Cyber Security Centre has said that the British Retail Consortium’s refreshed Cyber Resilience Toolkit will help retailers boost cyber defences. The toolkit is an actionable guide specifically designed for non-cyber experts, such as board members, those in senior strategic roles, and start-up businesses, aiming to help them reduce the threat of a successful cyber attack. It highlights the threats faced by retailers, key questions to consider when developing cyber resilience strategies, and guidance on the types of protections retailers should implement.
The toolkit outlines recommended actions for retailers in: preventing breaches through stronger protections; preparation to mitigate the impact of a successful breach; recovering after a cyber
attack; and developing and embedding a positive cyber resilience culture at board level.
CLICK TO READ MORE
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
11
Apstec’s Innovative HSR™ High-Throughput Security System Delivers Low Contact, Free-Flow Security Screening
Securing crowded places from the threat of terrorism with proportionate, effective, practical and affordable security measures is extremely challenging. Traditional aviation style security approaches are not well suited to securing events and crowded public places. They are typically too slow, overly intrusive, require a high level of staffing and can cause large queues at the entrance. Moreover, in light of the Covid-19 pandemic, traditional security checkpoints are very high risk, putting people in close proximity to each other and requiring high levels of physical contact. Apstec Systems is leading the way in providing seamless security for events and public spaces with HSR™ -- the fully automatic walkthrough system that uniquely combines unparalleled levels of high throughput with a positive visitor experience. HSR is a free flow system that enables low contact security screening of thousands of people an hour. It offers a practical solution and simple operational concept to meet the challenges of protecting crowded places from terrorism. HSR uses a number of complementary technologies, www.apstecsystems.com
12
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
combined with sophisticated algorithms and artificial intelligence, to discriminate explosives and weapons from benign materials, with a high degree of accuracy. It detects non-metallic as well as metallic threats, enabling the detection of low metallic improvised explosive devices. HSR is perfectly designed to support social distancing and low contact security screening. The inspection zone of HSR is several meters wide and up to 6 metres deep, allowing the free flow of people through the system. HSR also offer a much-improved personal experience for people being screened. No divestment is required and personal contact is avoided for the vast majority of people. HSR is cost effective with one system delivering the throughput and security effect of around 15 or more conventional screening lanes. HSR has been widely tested and recognised by numerous police forces and government agencies internationally. Customers deploy HSR to improve security in crowded places such as exhibition centres, stadiums, entertainment venues, transport hubs and the entrances to airports. info@apstecsystems.com
EVENT SECURITY
STADIUM SECURITY: WHY TERRORISM MUST BE KEPT ON THE AGENDA A
fter many months of misery, professional sports clubs and supporters were dealt another crushing blow in September. While it had seemed that there was finally light at the end of the tunnel, with spectators set to return to stadiums from the 1 October – albeit in significantly reduced numbers – these hopes were dashed following the announcement of a range of new coronavirus restrictions. While this is hugely disappointing for everyone involved, particularly given the last-minute nature of the U-turn, the delay to fans’ return does at least provide stadium managers and event organisers with more time to ensure that every aspect of safety and security is covered prior to re-opening.
In the wake of the Covid-19 pandemic, there has understandably been massive emphasis on preventing the spread of the virus through social distancing measures. In preparation for the 1 October, venues had made comprehensive changes to enable those in the crowds to keep at least two metres apart from one another. However, with all of our energies currently channelled into keeping the pandemic under control, we run the risk overlooking the other serious threats to fan safety. GROWING TERROR RISK In recent years, stadiums and arenas across the world have become key targets for terrorist attacks, due to the regular heavy E
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
13
P E O P L E
C O U N T I N G
A N D
V I S I T O R
O C C U P A N C Y
S Y S T E M
How many is too many? Can your venue demonstrate compliance to government guidance that gives your visitors confidence that their safety is your priority? Whether you manage business or sporting events, operate busy museums, large shopping centres or other popular venues, your organisation’s ability to implement and demonstrate measures
that ensure visitor safety and compliance rules are followed will be essential to enable you to operate safely, remain open, analyse and grow your business footfall.
Occupancy Alerts
Easy to Use Dashboards
Accurate Visitor Data
Real-time monitoring that will alert you when your venue’s maximum safe occupancy levels are about to be reached.
Customisable dashboards to provide venue operators with visitor occupancy, visitor footfall, and people movement data analytics.
Instant, easy to access configurable reports to analyse your visitor data. Highly accurate, cost-effective and proven people counting solution.
ABACUS is a well proven and leading people counting and occupancy solution, using the latest smart technology and sensors. It has been successfully installed across multiple museums, large retail outlets, sporting venues and visitor facilities across the UK.
Book a FREE demo Contact us now for a FREE CONSULTATION and DEMO to assess how ABACUS people counting and analyse can help get your business re-opened and analyse your visitor footfall in real time.
“
“
Visual Management Systems Ltd T | 0141 643 3070 E | abacus@vmsuk.com www.peoplecountingmadeeasy.com
EVENT SECURITY
footfall in and around the venue and often high-profile nature of their events. In 2017, Manchester suffered a devastating attack at its arena, in 2016, a football stadium in Istanbul was hit by two simultaneous bombings, and in 2015 we saw co-ordinated attacks on the national football stadium and a concert venue in Paris. In the UK, the Manchester Arena incident tragically highlighted the vulnerability of large entertainment venues, and led to government plans for new legislation that would require venue operators to provide greater protection from the threat of terrorism. Unfortunately, the consultation for this legislation has been delayed as a result of coronavirus. Meanwhile, a public inquiry has recently begun to investigate the circumstances of the attack. It will report and make recommendations in due course. With no new laws in place, and the number of spectators permitted into a venue potentially as low as 1,000 when stadiums do eventually re-open, there is the distinct possibility that the risk of terrorist activity will be dangerously underestimated. Given that the Home Secretary warned of the ‘growing’ threat of ‘lone wolf’ terrorists in June this year, this could have terrible consequences and is something we must make sure to avoid. The good news is that carefully planned anti-terror measures can also help with social distancing, ensuring that fans, staff and players are all as safe as possible, and
REDUCED VISITOR NUMBERS WILL HAVE THE BENEFIT OF MAKING SECURITY SIGNIFICANTLY EASIER TO MANAGE, WITH IT POSSIBLE TO CONDUCT MORE COMPREHENSIVE CHECKS ON EACH VISITOR free to enjoy the sports they love after an achingly long wait. ASSESSING THE THREAT Best practice for stadium security of course begins with a thorough risk assessment. Only by identifying potential hazards and threats can they be effectively minimised. All stadium managers will undoubtedly have carried out a risk assessment for Covid-19, which will have resulted in significant changes to the ways in which they will operate upon re-opening. Consequently, any pre-existing anti-terror risk assessment may well now be out of date, and so they should undertake a new assessment taking into account any changes to the current security climate, as well as how the pandemic and social distancing may have impacted a terrorist’s intentions or capabilities. Once the threats have been identified, it must then be established what or who needs to be protected, and whether there are any particular vulnerabilities. Priorities should fall under the categories of people (staff, contractors, spectators, visitors), physical assets (the fabric of the
stadium and its contents), information (electronic and non-electronic data), and processes (supply chains and procedures), but, aside from people, what is most important will likely vary from venue to venue. Given the financial strain that coronavirus has placed on the industry, security priorities may have now shifted. For example, it might be more crucial to ensure no damage to physical assets, as the repair costs would now be prohibitive. Once these steps have been completed, the appropriate measures to reduce risk can then be successfully be implemented. PERIMETER SECURITY Recent years have seen a sudden rise in vehicle as a weapon attacks; according to the University of Maryland’s global terrorism tracker, 152 of the 183 hostile vehicle attacks that have occurred globally since the 1970s have happened since 2010. This is largely because heavy goods vehicles are relatively easy to acquire, making them one of the most dangerous weapons readily available in countries that have strict firearm controls. E
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
15
ADVERTISEMENT ADVERTISEMENT FEATURE
EVENT SECURITY
TIME TO MOVE ON…. SECURITY SCREENING IN THE POST PANDEMIC ERA Steve Cooper, Chief Operating Officer of Apstec Systems, explains why it is very difficult to envisage traditional security regimes being part of the post-pandemic era The London bombings of 2005, coming the day after the announcement that London had won the bid to host the 2012 Olympic and Paralympic Games, were a wake-up call to the world. Suicide attacks were no longer a feature of some discrete and distant conflict, they had just become a mainstream tactic of international terrorism. It was clear from the outset that such a dramatic change in terrorist attack methodology could not be met by an equally radical security response. With few options, the natural reaction was to turn to systems and approaches that had been developed with aviation security in mind. The use of archway metal detectors, baggage x-ray systems and large-scale manual search operations became widespread. Whilst this approach succeeded in delivering an immediate security response to events, it also resulted in unintended consequences. Queues to enter venues grew, the degree of disruption was significant and the quality of the experience of attending events deteriorated. Most seriously, the queues caused by these measures offered an attractive mass casualty target to attackers and this would become formally recognised as such by Islamic State in due course. Furthermore, there were commercial consequences. Not only did additional security measures cost money to implement but they also delayed the spending public from entering the venue; a double whammy. This was not a good outcome but in the absence of any practical alternatives, this approach would have to endure until specific solutions were arrived at. In 2015, as Europe reeled under the first of a new wave of mass casualty attacks, technologies designed specifically to screen large numbers of people entering venues started to emerge. Some of these systems provided automatic and real-time screening for thousands of people an hour without the need to divest or remove bags and outer garments. A range of active and passive millimetre wave scanners was developed to detect explosive devices and weapons. No
16
longer confined to detecting metal, now these systems could find low metallic IEDs and bulk explosives as well. They offered a practical solution for protecting crowded places but no longer looked like traditional checkpoints and called for a different way of doing things. At last, there were practical and bespoke solutions that were more efficient and costeffective, and which enhanced the visitor experience. However, the security industry is a traditional and naturally risk-averse organisation. Whilst far from ideal, the initial approach derived from aviation security had become established and accepted as the norm. In these circumstances, there were no burning drivers for change, and diverging from the accepted approach could be considered a risk. Despite this situation, the demand for high throughput screening technology is growing rapidly. Whilst this growth was initially threatened by coronavirus, the pandemic may actually become an irresistible catalyst for change. It is clear to most people that traditional security is not appropriate in a world where we are at risk of widespread infectious disease. An approach to security screening that features high throughput, that has no queues, minimises contact between people and which allows for social distancing, makes a significant contribution to mitigating health risks associated with coronavirus or any other pandemic. If venues are to open sooner rather than later, the authorities need to be convinced that they can be opened safely. A University of Nottingham and Finnish National Institute of Health and Welfare study reviewing health risks within public transport networks, concluded that security checkpoints, the very same as those generally used for event security, are thought to be the highest risk areas when it comes to transmitting infectious diseases. This high-risk scenario is not likely to be acceptable to the authorities or the public; things need to change. High footfall security screening systems are at the heart of a number of projects in mainland Europe specifically aimed at
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
opening up venues and getting businesses moving again. In practice, it is very difficult to envisage traditional security regimes being part of the post-pandemic era. Businesses that do not wake up to the fact that security now needs to be part of the solution are unlikely to survive; even if they’re allowed to open by the authorities the public may still take some convincing. Contemporary high footfall screening systems can offer automatic and real-time security solutions that are simple to operate. These systems do not offer aviation standard security but they don’t need to. They do deliver robust technology and enable a practical response that constitutes an effective deterrence to terrorism, whilst providing vastly improved levels of service to the public. They offer the opportunity for large savings in operational expenditure and further add to the bottom line by getting people into venues when they would otherwise be standing in large queues; this is now a win-win situation. But most significantly in the current climate and perhaps for the foreseeable future, they enable venues to manage health risks, satisfy decision makers that public safety has been addressed and allow venues to open. Perhaps this is the watershed moment, as venues move away from traditional security approaches that were designed with other needs in mind. Many businesses are already integrating this new generation of technology into their plans for operations in the post-pandemic era; others may do well to do likewise, sooner rather than later. L
FURTHER INFORMATION www. www.apstecsystems.com
EVENT SECURITY Although the numbers of fans will likely be strictly limited, reducing the amount of crowding inside a venue, the two-metre social distancing rule has the potential to result in much longer queues of people outside a stadium waiting to enter. These people would be extremely vulnerable to hostile vehicle attacks without the right physical security solutions in place. While some stadiums do now have permanent hostile vehicle mitigation measures installed around their perimeters, social distancing procedures may mean that the areas requiring protection have changed. Stadium managers may therefore wish to consider deploying temporary, surfacemounted barriers in key new locations where queueing might now occur. A range of products are now available that have been specifically designed to prevent vehicle attacks and can be deployed by just a few people in a matter of hours with no machinery. These lightweight systems can either be
BEST PRACTICE FOR STADIUM SECURITY OF COURSE BEGINS WITH A THOROUGH RISK ASSESSMENT. ONLY BY IDENTIFYING POTENTIAL HAZARDS AND THREATS CAN THEY BE EFFECTIVELY MINIMISED rented or bought, making them a costeffective option, and their compact, modular design means that they are easy to transport and store as needed. The barriers are designed to allow people to flow in and out of an area with minimal disruption, which prevents the unnecessary build-up of crowds. Vehicle access points can also often be added to allow authorised emergency service vehicles to gain access in just minutes in the event of an emergency. ACCESS CONTROL A well-controlled reception area is essential when it comes to both preventing a terror attack and
facilitating social distancing. For optimum security, access points should be kept to a minimum, in order to maintain order, and there should be clear boundaries between the public and private areas of the building. Investing in good quality access controls such as magnetic swipe ID cards will help to ensure that only authorised people have access to sensitive areas. Reduced visitor numbers will have the benefit of making security significantly easier to manage, with it possible to conduct more comprehensive checks on each visitor. The random screening of bags and body searches upon entry to a venue are highly effective deterrents, with organisers within their rights to refuse entry to anyone who doesn’t agree to be searched. With smaller numbers of people attending events, security personnel can pay closer attention to each visitor, which may help them to pick up on suspicious behaviour that would be missed in normal times. Importantly, access control shouldn’t just start upon entry to the building; stadium managers should also consider traffic and parking controls outside the venue. In order to minimise the potential risk from vehicle bombs, all vehicles should be kept at a safe distance – ideally at least 30 metres from any buildings. Those requiring access, such as suppliers, should be identified in advance and checked thoroughly before being allowed in. In light of the pandemic, and the recent string of tragedies, there will be an unprecedented amount of pressure on event organisers to ensure they are doing all they can to protect attendees and the wider public when they do eventually reopen. Event security parameters are constantly in flux and there is no one-size-fits-all solution. Fortunately, event organisers have a wide range of options available to counter threats. By diligently assessing the level of risk for each venue, personnel can ensure they install the ideal combination of measures to help prevent incidents and enable social distancing. L
Written by Iain Moran, director at ATG Access.
FURTHER INFORMATION
www.atgaccess.com
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
17
MARTYN’S LAW
MARTYN’S LAW: WHAT IS IT? AND WHAT NEXT? O
n 22 May 2017, an Islamist extremist suicide bomber detonated a shrapnelladen homemade bomb as people were leaving the Manchester Arena following a concert by Ariana Grande. Twenty-three people died, including the attacker, and 139 were wounded, more than half of them children. One of those killed was Martyn Hett, Figen Murray’s son. Since that fateful day, Figen has campaigned tirelessly to get legislation passed by the Government to have a series of safety protocols put in place for venues nationwide – Martyn’s Law. On 8 October, CTB365, the digital events arm of Counter Terror Business, hosted a webinar on Event Management Security, looking at the delayed return of spectators to stadia across the UK, whether the the Covid-19 pandemic has affected the publics’ confidence in attending events and whether the industry is prepared and supportive of Martyn’s Law. The event began with Figen Murray and Nick Aldworth, former National Counter Terrorism Coordinator, CT Policing, setting the scene, explaining a bit more about Martyn’s Law and future legislation for the protection of public places. As anyone who has heard Figen speak will know, her’s is an emotive
18
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
story, both in the sense of her experience of the attack and the subsequent struggle to see change embedded across the UK event venue sector. It was Figen Murray’s belief that, following the attack in May 2017, ‘venues would have learnt their lesson and would have put stringent security checks in place’. This was not the case, and whilst changes are happening, unified change still remains far away, especially given delays to legislation due to coronavirus. Martyn’s Law puts a number of requirements on businesses, venues and events. The five requirements are: engaging with freely available counter terrorism advice and training; conducting vulnerability assessments of their operating places and spaces; mitigating the risk created by the vulnerabilities identified; developing and implementing a counter terrorism plan; and a requirement for local authorities to plan for the threat of terrorism. The requirements are not designed to come at a massive financial cost, but are designed to mitigate, to the best of everyone’s abilities, any further terrorism incidents in the UK and to prevent any further loss of life. As Zac Kelly says in his Martyn’s Law report, the term ‘as far as is reasonably practicable’
MARTYN’S LAW
is used over and over again in health and safety and security guidelines. Why should your business, venue or event security be any different? Each of the requirements detailed in Martyn’s Law are ‘reasonably practicable’ for any business, venue or event in the world! ENGAGE WITH FREELY AVAILABLE COUNTER-TERRORISM ADVICE It is proposed under Martyn’s Law that a business, venue or event which is accessible by the public, should have in excess of 45 per cent of their staff Counter Terrorism Awareness trained and proposes that in fact it should become part of mandatory induction training for new starters. This doesn’t have to be a case of getting all your staff into a classroom and having a day of ‘death by PowerPoint’. There are a number of fantastically interactive E-Learning platforms already available such as the NaCTSO package. It is also proposed that any business, venue or event should at all times have at least one on-duty manager who has completed an ‘ACT Operational’ and/or ‘ACT Strategic’ course. These courses are readily available from local police forces.
VULNERABILITY ASSESSMENTS Vulnerability assessments are a crucial piece of work that should be carried out in order to look at measures that you need to implement in order to address the vulnerabilities identified. You wouldn’t think of opening your business without a Health and Safety Risk Assessment – so why should this be different for counter terrorism? There are a number of online vulnerability assessments readily available and can be carried out with relative ease. Vulnerability assessments should also be carried out by venues and events over the ‘last-mile’ or ‘zone x’ to mitigate any risks which are brought about due to increased crowds as a direct result of your venue or event. This is a common issue with sporting stadia and music festivals or concerts. Martyn’s Law, however, not only puts the emphasis of this onto the venue or event but also onto the local authority. Meaning that Event Safety Advisory Groups and Community Safety Partnerships will need to take an increased interest in this during the planning and management of public places.
MITIGATING THE RISKS It is believed that often, vulnerabilities can be mitigated at little to no cost. Which as a business, venue or event, is music to your ears I’m sure. Little to no cost mitigation can include a range of things and could be as simple as implementing a search policy at your business, venue or event. Good security will with its very nature, often bring good counter terrorism security and mitigating policies, procedures and protocols.. A COUNTER TERRORISM PLAN Again, with this I reflect to other policies and procedures that you will already have in your business, venue or event. You will already have a ‘Business Continuity Plan’ or a ‘Fire Evacuation Plan’, so again, why should a ‘CounterTerrorism Plan’ be any different? The government actively promotes the ‘Run – Hide – Tell’ advice, and whilst this is a great piece of advice, it has been found that when people react in such a way when in crowded environments and mass gatherings, it increases the risk of serious injury through crush and stampede injury, but also increases the sense of panic and confusion. It is therefore the proposal E
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
19
MARTYN’S LAW
of Martyn’s Law that businesses, venues and events should adopt advice that reflects responsibility towards densely crowded spaces and mass gatherings. PROPOSED PRINCIPLES The principles proposed by Martyn’s Law are ‘Guide – Shelter – Communicate’. Guide – Direct people towards the most appropriate location. This could be invacuation as well as evacuation. Shelter – Understand how your business, venue or event might be able to lock-down and shelter people within it for several hours.
20
Communicate – Have a means of communicating effectively and promptly with users of your business, venue or event and have staff capable of giving clear instructions to your patrons. You must also have the means of integrating with any response or rescue operations by providing things like building plans, site plans or other documents which may be of relevance.
counter terrorism planning in the Local Resilience Forum and have only recently been issued guidance on what Counter Terrorism planning should actually look like. Martyn’s Law proposes that the Local Resilience Forum be obligated to consider terrorism as a threat or risk and should develop and implement a local response and recovery plan to a range of threat methodologies.
A REQUIREMENT FOR LOCAL AUTHORITIES Local authorities have had an obligation to create a multi-agency Local Resilience Forum since the implementation of The Civil Contingencies Act in 2004. However, they have no obligation to consider
SUMMARY In summary, what does this all mean? Well, I believe that it means that for too long businesses, venues and events in the United Kingdom have failed to recognise terrorism as the threat that it is. And now, with such a piece of legislation as Martyn’s Law, that
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
MARTYN’S LAW
won’t be permitted and businesses, venues and events will have to evaluate the threat of terrorism to its full extent and implement better analysis, planning, training and security measures as well as better collaboration between local authorities and businesses, venues or events, to mitigate the threat of terrorism as far as is reasonably practicable. A phrase that most people will be all too familiar with and is applicable to so many different scenarios, but perfectly describes what Martyn’s Law is trying to avoid. Businesses, venues and events have too often failed to implement the minimum counter terrorism
GOOD SECURITY WILL WITH ITS VERY NATURE, OFTEN BRING GOOD COUNTER TERRORISM SECURITY AND MITIGATING POLICIES, PROCEDURES AND PROTOCOLS measures required to mitigate vulnerabilities identified during the risk analysis. It is now time for that to change! L
This article uses content from the Martyn’s Law report produced by Zac Kelly, managing director of Manchester-based security company UltraSec.
Zac is starting a Master’s (MSc) in Crowd Safety & Risk Analysis at Manchester Metropolitan University and is a member of the Security Institute.
FURTHER INFORMATION
www.ultrasecsecurity.com www.security-institute.org
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
21
CTB Q&A
CTB Q&A: EVOLV TECHNOLOGY O
n 15 October, Evolv Technology sponsored our CTB365 Event Management Security event. Nathan Bailey, Sales Director, EMEA, and co-founder Anil Chitkara shared some thoughts on industry preparation for a return to live event venues. Here, we pose some further questions to Peter George, Evolv Technology CEO.
CTB: HOW CAN EVENT ORGANISERS BEST USE THIS TIME TO ENSURE THAT SECURITY IS AT THE STANDARD REQUIRED? Forward-thinking venue security leaders had already put incident response plans and tabletop exercises in place prior to the world shutting down due to the pandemic – helping to keep patrons and employees safe by thwarting threats and bad actors targeting their venues. Such leaders can serve as mentors to their peers at other venues who are in the process of fortifying their security strategies by sharing best practices. Being part of, or forming, a consortium within their industry will also prove invaluable especially as the world reopens and new safety protocols are mandated and rolled out. For those in charge of venue security, a must-have is a threat assessment and vulnerability analysis or a risk assessment that identifies security gaps, and includes a combination of people, processes and technology to address those shortcomings. Implementing ongoing formal training for both security staff and employees will allow them to be more vigilant and aware of signs of danger. This is a key part of the overall security plan. Security leaders should also work with law enforcement and/or an outside firm to assist. Additionally, they should ramp up various sources of intelligence to help them understand and identify the threats to their venues and, if applicable, to the people performing at the venues. These sources stream in from various local and central government or fusion centers, through a range of companies providing intelligence-as-a-service, and through the venue’s own network of individual contacts. Making changes to processes and technology is also critical. These may include fortifying the perimeter with bollards, installing CCTV cameras, and improving visitor security screening. The latter must now offer a touchless experience that allows for proper social distancing, thus security directors
22
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
should look at advanced security technology for screening that won’t create long lines and invasive (now considered dangerous) screening methods. Implemented effectively, process and technology changes can multiply the available forces while enabling significant improvements to the effectiveness and efficiency of the overall security operation. With more venues in various stages of reopening, adhering and adjusting to local and central/federal government guidelines and regulations is an ongoing requirement. Depending on the country in which one’s venue is located, this will vary. In the UK, Martin’s Law, which is temporarily on hold due to the pandemic, will require venues to have increased physical security, training, incident response plans and exercises for staff on what to do during an attack.
CTB: HOW DOES EVOLV BRIDGE THE GAP BETWEEN SAFETY AND VISITOR EXPERIENCE? Evolv is dedicated to making the world a safer place to live, work, learn and play. The company is leading the digital transformation to touchless security screening—one that addresses the ‘new normal’ threat of viruses and pandemics as well as weapons. Unlike traditional metal detectors, Evolv Express™ is powered by a combination of artificial intelligence software and powerful sensors to identify threats in real-time without requiring visitors to stop and empty pockets or remove bags. It can tell the difference between everyday items (mobile phone, keys and coins) and weapons. The system precludes the need for intrusive pat downs and hand wanding of visitors and employees while keeping the venues and facilities safe from threats such as mass shootings and terrorist attacks. It also reduces health risks promoted by unnecessary human contact. People simply walk through naturally, alleviating long lines and bottlenecks at entrances while greatly reducing contact between visitors and security staff. The visitor experience is rapid, accurate, respectful and safe – all priorities in a post-Covid world. Evolv Express can screen 3,600 people per hour for weapons. The system is 10 times faster than metal detectors, which use nearly century old technology and result in substantial physical contact. To date, Evolv’s systems have been used to screen more than 75 million individuals in an expedient, respectful manner and have prevented more than 5,000 weapons
CTB Q&A from entering a range of venues and places of work. Notably, Evolv is second only to the U.S. Department of Homeland Security’s agency, the Transportation Security Administration (TSA), in terms of numbers of people screened by its systems.
CTB: WHAT ROLE DOES TECHNOLOGY HAVE TO PLAY IN HELPING PEOPLE SAFELY GATHER AT A TIME WHEN GATHERING ITSELF IS NO LONGER CONSIDERED SAFE? Like never before, visitors and employees are, or will soon be, scrutinising how venues and workplaces are handling the new normal of the pandemic and weighing the risk versus rewards of entering. Visitors, patrons and employees will expect security screening processes to be very different than the days before the virus. Simply put, Covid-19 has changed the ‘risk profile’ of how people gather. Outdoor venues, workplaces, conferences, schools and essentially all other organisations must adopt a pandemicaware security posture if they are to survive and, hopefully, thrive. Technology has become even more of a critical component in helping people gather in a post-pandemic world. For example, Evolv recently introduced the Evolv Thermal Imaging Package for Evolv Express, an optional capability to allow screening of each visitor or employee for elevated skin temperature followed by touchless weapons screening. It’s the industry’s only integrated touchless health and weapons screening system. Enhancing concept of operation (conop) procedures, venue personnel can direct those with elevated readings to secondary screening. As a result, venues reduce the risk that their security staff, visitors and employees are exposed to individuals presenting signs of virus infection. Security investment must deliver more capable security systems that allow for fluid detection and a better visitor experience. That can only be accomplished by capitalising on new technologies.
CTB: CONTACT, AT LEAST IN THE WAY WE KNEW BEFORE, IS NO LONGER A VIABLE OPTION FOR VENUE SCREENING. WHAT SHOULD THIS NEW TOUCHLESS VISITOR EXPERIENCE LOOK LIKE? One thing that venues certainly understand post-pandemic is that there is no going back to using invasive, analog methods of security screening such as metal detectors, hand wands and pat downs. Metal detectors were not designed to handle modern facilities, crowds, manual bag inspections and other dynamics that result in bottlenecks.
The future of people screening must be touchless and digital in order to deal with the realities of today’s threats, while preparing for tomorrow’s threats. Venues are required to implement new regulations and mandated protocols that now include social distancing. Visitors and employees will demand a very orderly, safe screening process that allows people to walk through while maintaining adequate social distancing, with little to no close contact. The touchless security screening experience is something that Evolv Express provided even before the pandemic took the world by surprise. For venues using the system, visitors and employees walk through at their natural pace without stopping, removing bags or backpacks, or emptying pockets of everyday items because the system spots weapons while ignoring harmless personal items. The touchless experience is welcoming, allowing families or groups of people to walk in together. It’s a respectful, uninterrupted security and threat screening that is accurate, fast and gets visitors to their seats and other destinations within the venue quickly. If a potential threat is detected while a person is walking through the system, real-time image-aided alarms show security guards precisely where the potential threat is on that person or in his or her bag. This greatly reduces the amount of physical contact required between security staff and those being screened and their belongings, while allowing security staff to act quickly and efficiently. Many venues during the re-opening phase have added thermal imaging for identifying guests with elevated body temperature as well as touchless security screening as part of their socialdistancing procedures. We are seeing the beginning of a new trend of multithreat screening that is fundamentally and permanently changing security for venues and guest experiences. CTB: HOW CAN ORGANISATIONS DIGITALLY TRANSFORM PHYSICAL SECURITY? Many of today’s physical security solutions have lagged in an age of digital transformation. In fact, most security screening technologies haven’t really changed much since the 1920s and are devoid of digital data. Metal detectors, hand wands and manual bag searches are outdated approaches, based on analog technologies that are getting left behind in a modern, post-pandemic world. The lack of advanced technology in physical security has created even greater burden on security staff who face an ever-growing list of responsibilities— such as manually checking guests for prohibited items, monitoring for suspicious or bad behavior, helping
guide guests, handling minor yet distracting incidents, maintaining a clean atmosphere in and around security checks, along with numerous other tasks. In the new normal, many security staff are responsible for conducting temperature checks, which puts their own health at risk. Serving on the frontline, they’re also now more exposed to volatile societal situations given the stresses of the pandemic; with that volatility increasing due to extended job loss, lack of access to services for those dealing with mental illness, increased sales of guns and liquor and other dynamics. The future is touchless and digital. It’s a post-pandemic re-imagining of security screening that leverages modern technologies like Evolv Express to deal with the realities of today’s threats such as health and safety concerns, while being able to quickly address the threats of tomorrow. Evolv is on the digital transformation journey and embracing a new vision and technology architecture that is emerging – the ‘Digital Threshold’. This vision applies the proven patterns of digital transformation to everything that happens in the places where people gather as they enter and exit today’s modern venues and organisations. It’s within this vision that these venues can intelligently use data to create a touchless experience for patrons and employees to enhance the overall experience instead of detracting from it, as we often encounter today. Making security screening faster and more precise is part of the Digital Threshold vision. Take a look into the future. Imagine if the entry experience integrated both digital health screening and health credentialing into the screening process? What if electronic ticketing, VIP identification, and ‘be on the lookout’ (BOLO) alerts could also be part of that seamless flow? What if the Digital Threshold generated useful analytics that facilitated data-driven decisions about system adjustments and the movement of people entering and moving about within the walls of a venue? All of these scenarios are part of Evolv’s Digital Threshold vision that not only addresses the current environment, but also creates the ability to adapt to manage future requirements when and where needed. The Digital Threshold vision holds vast promise. We’re in the initial stages of implementing that today. L
FURTHER INFORMATION
evolvtechnology.com
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
23
Highway Care is a name you can trust to secure your people and your places. Contact us today: +44(0)344 840 0088 • info@highwaycare.com
• Highway Care is a leading installer of Hostile Vehicle Mitigation (HMV) barriers, perimeter security fencing and protection products. • Tested to the highest of industry standards our products provide leading protection creating dynamic and functional security solutions •
HVM Perimeter security • SecureGuard • Temporary solutions • Permanent Solutions • Fencing • Gates • HCS Bollards • Drop & Go • Pedestrian Portals
highwaycare.com ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
PERIMETER SECURITY
On behalf of the Perimeter Security Suppliers Association, Debbie Heald explains why pedestrian security must be top of the agenda if towns and cities want to recover from Covid-19
THE SECURITY RISKS OF LOCKDOWN MEASURES T hroughout most of the lockdown, we’ve been encouraged to meet outdoors to minimise the spread of the Covid-19 virus. Businesses have been impacted by having to restrict the number of people they can have on their premises, and pop up pedestrianised areas have also been implemented across towns and city centres to allow businesses to service their customers outside and those commuting by foot or bike to do so safely. At the outbreak of the pandemic, lengthy queues outside supermarkets and other essential shops were a regular sight. Months down the line we continue to see queues outside of shops, both on the high street and out of town shopping centres, and with increasing rates of infection and local lockdowns, it’s likely to continue for some while longer. The White Rose in Leeds, for example, has closed one of its car parks to create a one-way system for its visitors to its Primark store, with those looking to enter having to queue outside in the car park.
On the other hand, many individuals are enjoying the opportunity to visit their favourite coffee shop, bar or restaurant and having the chance to sit outside watching the world go by. It represents a lifestyle most often found on the continent, allowing those of us who haven’t had a foreign holiday this year to have a taste of what we’re missing. More recently, curfews imposed on bars and restaurants have sprung up challenges with an increased footfall on the streets at closing time, leading to concerns that it could cause more harm than good. While these measures might help to stop the spread of Covid-19, it presents an ideal opportunity for those looking to commit crimes using a vehicle as a weapon. Although the most recent UK vehiclerelated terror attack happened back in 2018, there has been a spate on localised crimes in which vehicles have been used to cause injury and even death. In contrast, in the USA, reports are indicating that there have been 104 separate vehicle attacks taking E
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
25
PERIMETER SECURITY
WHEN IT COMES TO SECURITY MEASURES IN THE PUBLIC REALM, THEY SHOULD BE UNOBTRUSIVE, ALLOWING INDIVIDUALS TO GO ABOUT THEIR BUSINESS WITH LITTLE ACKNOWLEDGEMENT THAT THESE MEASURES ARE IN PLACE place since 27 May 2020 as scores of protests take place. With tensions around how the UK and members of the public are handling the pandemic, it is likely that it won’t be long before we see vehicles being used as a weapon on the rise once again. THE FUTURE FACE OF THE HIGH STREET While many cities and town centres have already implemented measures to secure visitors in the wake of a rise in vehicle attacks in recent years, some still have a long way to go to ensure adequate security measures are in place. To support the economic recovery of our towns and cities, councils are going to have to enhance how outdoor spaces are used to attract visitors, who in turn spend money on local high streets if they want to prevent businesses closing down and further job losses. An Arts Council England report titled Arts and Place Shaping: Evidence Review points to growing evidence that demonstrates cultures’ role in revitalising the high street by promoting social cohesion and supporting local economies in towns, cities and villages throughout the country.
26
Culture Secretary Oliver Dowden said: “These reports prove what we already know to be true, that culture is at the heart of our towns and cities. It creates jobs and makes our local communities across the country better places to live, work and visit. Several councils already had ideas like this in mind before the outbreak of the Pandemic, with Kirklees Council, for example, outlining plans for a Cultural Quarter in the town centre of Huddersfield, something which it anticipates will be a catalyst for change in the town by acting as a cultural heart where families, visitors and residents can congregate and enjoy leisure, arts and music with the ambition of attracting more people into the town centre. Leeds City Council has also put out calls for expertise to transform Leeds City Square to make the city more dynamic and inclusive as part of the council’s Our Spaces strategy to transform and create world-class inclusive spaces across Leeds which contribute to an improvement in the health and wellbeing of its residents along with attracting visitors to the area.
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
If councils want to protect businesses and jobs in their areas, these are changes that are going to need to be driven through quickly to minimise the broader casualties of this virus. At the same time, pedestrian safety can not be overlooked. EFFECTIVE SECURITY MEASURES The way we live and work is likely to speed up the pedestrianisation of town centres, with it already being reported that bike sales are up 60 per cent as a result of the pandemic according to the research firm, Mintel. It’s therefore vital that not only towns and city centres but the commuter routes leading to them have the required security measures in place if a revival of town centres is to be seen. One of the biggest challenges, however, is retrospectively securing locations without it impacting on the aesthetics of the area. While some councils have acted quickly to put in place security measures, in some instances, these are ones that should only be in place temporarily or are not effectively crash tested. Plastic or metal barriers separating vehicles from pedestrians or cyclists are most likely to create a false sense of security, but if impacted can result in more disastrous consequences than if the measures weren’t there in the first place. On social media, a video has been circulating of a driver in Brighton intentionally driving through ‘wands’ implemented to create a cycle lane. While the driver didn’t collide with a cyclist, the outcome could
PERIMETER SECURITY
IT IS VITAL THAT NOT ONLY TOWNS AND CITY CENTRES BUT THE COMMUTER ROUTES LEADING TO THEM HAVE THE REQUIRED SECURITY MEASURES IN PLACE IF A REVIVAL OF TOWN CENTRES IS TO BE SEEN Ineffective and garish security bollards are also unnecessary, especially when there are many on the market which can blend in with their surroundings, or can be customised to do so. As individuals have to adapt to the use of face masks and other restrictions, the last thing people want to see is security measures which can further heighten fears about the challenges faced in our modern-day society. When it comes to security measures in the public realm, they should be unobtrusive, allowing individuals to go about their business with little acknowledgement that these measures are in place.
have been very different and does not instil confidence in those who might wish to switch to cycling for commuting or leisure purposes.
ENABLING ACCESS Another consideration is whether or not the perimeters being secured allow access to permitted vehicles. While effectively securing a perimeter is vital, access may still be required by delivery vehicles and emergency services. Often town cities adopt temporary measures which cannot meet these needs, potentially leading to unforeseen
consequences on local businesses and if an emergency was to happen within the perimeter being secured. From conversations with town planners and security professions, often the issue holding back the implementation of sufficient security measures is existing underground infrastructure. But over the last few years, manufacturers have developed innovative security measures which require little, if any excavation, while still offering a crash-tested solution. While the rest of the year and even 2021 is set to be a challenge for many, I hope to see our towns and cities thriving again, with outdoor events, concerts and arts helping to bring people back together after what has been almost a year of keeping our distance. L
Debbie Heald is managing director of perimeter security manufacturer, Heald Ltd.
FURTHER INFORMATION
www.pssasecurity.org
Guaranteed safety ●
NEW: Mobile vehicle barriers for temporary events
●
Low maintenance High Security bollards with electromechanical operator
●
NEW: Permanently installed High Security bollards with a fitting depth of just 200 mm
01530 516868 doorsales.lei@hormann.co.uk
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
27
SECURITY
SECURITY, A HIDDEN WORKFORCE? C
oronavirus, furlough, pandemic, and lockdown. Four words which have governed our lives for a large chunk of 2020 in every aspect from the way we work, to the produce we eat. The world has never experienced this level of lockdown due to a virus and the ill-prepared shine through. Needless to say, there are 100s if not 1,000s of ways which the virus and government measures have impacted the private and professional security industry. The UK is the fifth largest economy in the world after USA, China, Japan and Germany and the three main sectors which contribute most to the UK’s gross domestic product (GDP) are services, manufacturing, construction and tourism. The services sector is naturally the largest including a wide range of different industries from food to retail to finance. But have you ever taken the time to think how security plays a role in each and every sector? Don’t believe us? There are few sectors which do not use electronic devices in some part of their business process and passwords (amongst other protective software) are cyber security. Tourism requires border control and security measures to ensure passengers fly/travel safely with personnel supporting police roles. Manufacturers produce the alarms, locks and electrical equipment for homes,
28
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
schools, and businesses. Physical security officers look after premises to ensure our safety, both day and night when necessary. Engineers install vital security measures and training centres provide the invaluable knowledge to tomorrow’s workforce today. Security is everywhere you look, you may not see it, but it is there, not to mention it goes hand in hand with health and safety. Funnily enough, for security reasons the industry has not always been at the forefront of people’s minds. It flows nicely into our daily lives which means it does not always need to be waving for attention. As with any major global event, industries, businesses, and people begin to emerge who may not have been visible before to all. In March 2020 the UK government announced a list of key workers after closing schools in an attempt to stem the spread of Covid-19. Only children of ‘key workers’ would be allowed to continue their schooling at their school premises, the rest were sent home. Among these key industries ‘public safety and national security’ was named, although this only referred to police, support staff, Ministry of Defence civilians, armed forces personnel, fire and rescue staff, as well as those responsible for border security, prisons and probation staff. E
SECURITY
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
29
Secure home working – Working to improve cyber security for home workers As many organisations face the realities of home working for the majority of staff, cyber security best practice for mobile comms becomes a serious issue. Staff need the most appropriate tools for the job, even if using their own devices. However, the use of unmanaged devices opens up the business to a whole range of security risks and unsafe or unregulated working practices including contraventions of GDPR. Here are five immediate benefits of using a specialist app to ensure that confidential conversations stay that way. Protect all sensitive data – including metadata - Enterprise-grade apps have more sophisticated security features than simply encrypting your messages. Metadata (details of who you called, where you made the call, how long you talked, for example) is also protected, and remains under your complete control (either on your premises or in a secure cloud). Secure collaboration and increased productivity – Enterprise apps have many more features that enable secure
collaborative working. Elements such as voice, video, conference, attachments and group messaging. Features that business people need to communicate and share information, enabling colleagues to collaborate productivity, knowing that sensitive corporate data is fully secured, even when on the device. Limit the life of time sensitive information – some enterprise apps provide features where the lifespan of messages, documents, videos can be timed to self-delete (burn) after a set time. The time is chosen by the sender and can be a certain time after the message has been sent, or after it has been read. This ensures that sensitive information
Armour Mobile
VS
and documents are not saved or stored inappropriately. Optional Audit – For regulated industries, conversations can be recorded for audit purposes, so even when using their own devices, staff are still compliant for business operations. Fast One-click Provisioning – When assessing enterprise apps it is important to find a solution that is easy for end users to install and for central IT to commission and control. To maintain security best practice, it should also be equally quick and easy to decommission should a device be lost or compromised, or a staff member leave the organisation. Having a special app to use for business communications reminds staff that even though they are working from home, they still need to be professional, and their employer cares enough to provide them with the right tools for the job – even when they are using their own devices. FURTHER INFORMATION www.armourcomms.com
Consumer apps
Cloud or On-Premises Solutions Contacts and attachments encrypted on device Third Party Certification Technical Support Encrypted sent and received files Protected metadata Contacts are not accessed and exploited for marketing purposes
Independently tested by:
30
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
Contact Armour Communications Ltd 1st Floor Millbank Tower London, UK, SW1P 4QP Tel: +44 (0)20 36 37 38 01 Email: sales@armourcomms.com
SECURITY The professional security industry is so much more than one sector. We are a blanket force of protection and safety, the first layer of response when an incidence occurs. So where did the government list leave the professional security industry in their key worker list? A CLOSER LOOK Without members, the BSIA would not be an authoritative voice and reliable source of information. These companies drive us to be our best and it is imperative they feel listened to, not just in times of crisis, but always. Just like that, the UK went into a state of lockdown and businesses were forced into relying on remote working or no work at all. Employers across all industries who were not prepared, faced many challenges including dealing with outdated equipment and connecting to files and servers via cloud services. For the BSIA it was up to us and our close ties with government and industry to have security formally recognised on the key worker list. Thankfully prior to lockdown some meetings with BSIA members took place and their knowledge of dealing with unknown situations allowed many others to prepare in advance for what was to come. Businesses in security systems saw themselves following the government’s guidelines in terms of carrying out essential works only. These included key installations and emergency support for contracted clients in the event of faults or breakdowns, which also meant a suspension of periodic routine inspection visits until guidelines eased. One member spoke to us about being awarded ‘Key Worker Contractor’ Status from their local NHS Hospital. Their requirements have been dynamic with wards being converted to Covid 19 restricted access spaces. Security systems are there to support the frontline staff and ensure safety with access controlled doors and video surveillance in place. The vacant property sector also noticed a change as businesses and offices began to close. Gideon Reichental, Commercial Sales Manager at Clearway Services, said in June: “These are exceptional times. The high street, retail & trade parks and so much more are closed down and streets are empty. No one really had the time to sit and ponder this situation and the impact that it may have - as specialists in vacant property we have. We have been sharing our insight into vacant property protection to assist property managers and the simple steps they can take to ensure that their premises remain safe. From ensuring security systems are working correctly to safely storing or removing stock and valuable items.
SECURITY SYSTEMS ARE THERE TO SUPPORT THE FRONTLINE STAFF AND ENSURE SAFETY WITH ACCESS CONTROLLED DOORS AND VIDEO SURVEILLANCE IN PLACE Up until now these have been issues that have only affected property that is vacant/empty because it is being sold or let but with the lockdown being extended a further three weeks this is now affecting a whole range sites that have closed down.” We asked Don Robins, chair of the BSIA Information Destruction section, for three environmental pros and cons to the lockdown. On the former he said: “Firstly, the roads are quieter, saving up to 20 per cent of time travelling between clients. Secondly, there is an opportunity for the world to now see the positive impact that less planes and general travel is having on the environment as a whole. Thirdly, throughout this pandemic, we have seen a greater sense of community and kindness. This has shown the positive effect of supporting each other to make things happen and the importance of protecting those who are vulnerable.” Discussing the cons, Robins said: “Firstly, Covid-19 has heavily impacted the tourism and entertainment industry, now and into the future, and this will greatly affect the amount of security required to support this industry. Secondly, home working and vulnerability to cyber-attacks will need to be considered carefully. Thirdly, the new attitude towards
home working may accelerate the trend towards going paperless, potentially reducing the requirement for as much confidential shredding.” The question remains are we, the professional security industry a hidden workforce? That’s up for each member of the industry to discuss, but here are a few perspectives we received when we asked that very question: “I believe they are probably the forgotten workforce as they provide support services.” Naz Dossa, CEO, PeopleSafe. “I believe it is because we are seen as protecting property and not directly saving human lives. Our role is still vital but of course naturally is hidden behind more direct and obvious industries related to emergency services, NHS and Social Care. I don’t see that anything needs changing in this regards as long as it is recognised that we are essential workers too.” Sharon Ramsey, General Manager, Elmdene International Ltd. L
Written by the British Security Industry Association.
FURTHER INFORMATION
www.bsia.co.uk/hidden-workforce
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
31
IS WEEK
WELCOME TO INTERNATIONAL SECURITY WEEK F
ollowing the postponement of the live International Security Expo until 28-29 September 2021, show organisers Nineteen Events have launched an innovative four-day virtual event. Incorporating International Security Expo (ISE), International Cyber Expo (ICE) and International Disaster Response Expo (IDR), ISWeek will deliver a wealth of information during a series of exclusive, free-to-watch innovative sessions that elevate the event beyond the typical slide presentation and webcam format seen at most virtual conferences. Filmed in a television studio setting, with high production value, leading experts from around the globe will be interviewed by veteran security and intelligence journalist, Philip Ingram, during high-level interactive panel discussions and ‘fireside chats’. In the UK alone, funding for counterterrorism policing will grow to £906 million for 2020/21, a £90 million year-on-year increase. ISWeek offers viewers a chance to hear from a
32
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
host of different perspectives on the challenges being faced by nations and businesses, from both the public and private sectors, as well as those affected first-hand by terrorism. Opened each day by ISE’s chairman, Admiral the RT. Hon. Lord West of Spithead GCB DSC PC, the week will be split into four key sections that will be available to watch live or on demand via the ISE website. ISWeek is CPD certified by The Security Institute, so attendees will receive CPD points for every session watched. DAY ONE: INTERNATIONAL MATTERS While Covid-19 has impacted the public’s ability to move around freely, both internationally and within individual countries, aviation security and tackling transnational organised crime remains a high priority for the security sector. The inaugural day of ISWeek is sponsored by HS Security, a group of market-leading companies specialising in advanced physical security solutions and
IS WEEK engineering, developed to protect people and property around the world. Starting the week with a state of the nation presentation will be Lucy D’Orsi, Deputy Assistant Commissioner of Specialist Operations at Counter Terrorism Policing on the current threats to the UK, such as Islamist terrorism, and the rise of far-right extremists. Attendees will then hear from a panel of those working to protect the public in the UK and abroad, including Paul Crowther, Chief Constable at British Transport Police; Dr. John Coyne, head of Strategic Policing and Law Enforcement and head of the North and Australia’s Security, ASPI.
Barry Palmer, head of Safety and Security at the Tate Gallery; Fay Tennet, Deputy Director of Security Operations, Parliamentary Security Department Houses of Parliament; Shaun Hipgrave, Senior Home Office Official and Figen Murray, whose son Martyn Hett was tragically killed in the 2017 Manchester terror attacks, will speak about the ‘Protect Duty’, which aims to provide UK citizens with better protection from terrorism. There will also be an exclusive session with Aimen Dean, former member of al-Qaeda turned MI6 Spy, who will discuss how Islamic-based terrorism is developing, and what the security sector should look out for.
DAY TWO: CYBER THREATS With the average cost of cybercrime increasing by 32 per cent for businesses in 2019 , the ever-evolving threat of cyber hacks and data leaks must be understood by the cyber security industry. Day two covers cyber security in detail and is sponsored by Tripwire, a trusted leader for establishing a strong cyber security foundation, protecting the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. In a not-to-be-missed session, Philip Ingram and Anthony Leather, co-founder and director of Westlands Advisory, will discuss the consultancy’s latest cyber research that will launch exclusively E
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
33
IS WEEK
during ISWeek, including the latest data on key industry trends, technology and market growth. Complementing discussion around the report’s findings, Emma Philpot, CEO of IASME Consortium; Graham Ingram, Chief Information Security Officer at Oxford University; Dr Henry Pearson, UK Cyber Security Ambassador at Department for International Trade (DIT) and cryptographic expert Ian ThorntonTrump of Cyjax will discuss current and future trends affecting cyber security, including the impact of Covid-19. Exploring the ‘human factor’ in cyber terrorism will be Jenny Radcliffe, also known as the People Hacker, with Tracy Buckingham, Deputy Director of Security and Cyber Security Exports at DIT presenting her bounce back plan for the UK’s security and cyber exports. Those looking to protect themselves or their organisation from cyber crime should attend the training
34
session from Cyber Griffin, founded by the City of London Police. DAY THREE: LAW & ORDER In an unstable economic climate, there is nothing more important than avoiding disruption to Critical National Infrastructure (CNI). During ISWeek, a panel of experts from a number of CNI sectors will come together to explain their role in protecting nations’ assets through policy and implementation, as well as discussing the wider cyber perspective; including Chris Fitzgerald, head of Business Resilience & Security, Thames Water; Justin Lowe, an industry leader in Cyber Resilience of Energy, Utilities and Critical Infrastructures; Andrew Sieradzki, director of Security at Buro Happold; Dan Webb, director of Intelligence for Mitie; Jonathan Schulten, Vice Chairman of The Security Institute Senior Home Office Official, Angela Essel will outline the projects and
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
priorities of the government, and how the wider security industry can assist to tackle key issues. Addressing the challenges for the UK’s intelligence sharing operations as a result of Brexit will be Ian Dyson, Commissioner for the City of London Police. Additionally, executive director Claudia Sturt from Her Majesty’s Prison and Probation Service (HMPPS) will examine the internal and external threats to our prisons in her session. As the nature of crime changes, so does law enforcement. Roy McComb, former deputy director of NCA and Julian Platt, Deputy National Co-Ordinator of Protect & Prepare, NCTPHQ will look at how criminals have adapted to the pandemic to continue running international networks and people trafficking. DAY FOUR: DISASTER RESPONSE Averting a crisis is the highest priority for security professionals, but when
IS WEEK disaster occurs it is vital to be prepared. For the final day, Anne-Marie Trevelyan, MP for Berwick-upon-Tweed, former Minister for International Development, will give the keynote speech, followed by Tracy Daszkiewicz, Deputy Director of Population Health & Wellbeing at Public Health England who will explain how to manage a crisis – based on her real life experience with the Salisbury poisonings. Viewers can enjoy a fireside chat about disaster communications between journalist Paul Peachey at The National and the founder of PR agency Conduit Associates, Sheena Thomson. Closing the week will be Jason Towse, managing director of Soft Services at Mitie, looking at how the UK government responded to the Covid19 crisis, building a 3,000-bed hospital in 10 days and opening Nightingale Hospital facilities across the country. Speaking about the forthcoming ISWeek, Event Director Rachael Shattock said: “ISWeek comes at an important time for many security, counter terror and disaster response professionals. We continue to live in uncertain and unprecedented times, but the threats remain and it is vital nations and businesses continue to evolve their security to protect citizens and employees. “We are truly delighted to be able to bring the high-quality content and thought leadership, that International Security Expo portfolio visitors have come to expect, to people’s homes from 30 November – 3 December. While we would all prefer to be meeting face-toface and connecting with colleagues around the world, we are excited for attendees to experience the high-level style of production and studio setting for the panel discussions, where we’ll
DURING ISWEEK, A PANEL OF EXPERTS FROM A NUMBER OF CNI SECTORS WILL COME TOGETHER TO EXPLAIN THEIR ROLE IN PROTECTING NATIONS’ ASSETS THROUGH POLICY AND IMPLEMENTATION, AS WELL AS DISCUSSING THE WIDER CYBER PERSPECTIVE
cover the latest insights and future trends in physical and cyber security.” L
Counter Terror Business is the Lead Media Partner for Day 1 of the new International Security Week, starting on 30 November. International Security Expo is the only flagship event bringing Government, industry, academia and the entire enduser community in charge of regulation & procurement together to debate
current challenges and to source the latest security technologies and services. ISE, and the colocated events, are partnering organisations for the CTB365 digital event platform. More information on CTB365 can be found here: 365.counterterrorbusiness.com
FURTHER INFORMATION
www.internationalsecurityexpo. com/international-security-week
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
35
BORDER SECURITY
TAKING BACK CONTROL OF OUR BORDERS: WHERE ARE WE NOW? I n January 2019 I wrote a piece in these pages about Brexit and the UK government’s quest to ‘Take Back Control’ of our Borders. At the time it was still unclear how or when the UK would actually leave the EU, or when ‘free movement’ would end. Fast forward two years. On 1 January 2021, the Brexit Transition period will come to an end; as will the freedom of EU/EEA citizens to come to the UK to live, work and settle here without prior permission. We will finally ‘take back control of our borders’. Or will we? On 13 July 2020, the Home Secretary published further details of the new UK Points Based Immigration System. This will take effect on 1 January 2021, whereupon the free movement of EU/EEA nationals entering and remaining in the UK will theoretically come to an end. Citizens of all countries (except the UK and Ireland) will thereafter require a ‘permission’ to enter or remain in the UK. Over four million EU/EEA citizens already residing in the UK have now applied to stay here under the EU Settlement Scheme (EUSS), with the vast majority having been granted. The Scheme will remain open to those who enter before 31 December 2020 and apply for it before 30 June 2021; whereupon it will close.
36
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
Otherwise, EU/EEA visitors will still be admitted at the border without visas for six months; but those coming for more than six months (eg to work/study/settle in the UK) should apply ‘on-line’ for permission to do so, in the same way as non-EU/EEA citizens do now. According to the government’s plan, all visitors and migrants (including EU/EEA nationals) coming to the UK will ultimately require either a visa or a new electronic travel authorisation (ETA) to enter. It says that who are given permission to stay will be given ‘written confirmation’ of their immigration status; but they will not be issued with any physical token or permit. The plan also suggests that to work/rent/study etc will be verifiable by a new ‘on-line’ service - thus reducing the need for employers/landlords to check paper documents. With just three months to go until the end of the transition period, it is still not clear how these changes will work in practice, either at the border or inland. At the border, the UK Border Force continues to rely heavily upon ‘e gates’ to admit EU/EEA passengers to the UK. Even with the huge reduction in traveller volumes caused by the Covid-19 pandemic, there is no indication that they intend to diverge from this course. Indeed
BORDER SECURITY the government has demonstrated in the past that it has been willing to extend the use of e gates to cohorts of passengers who are already subject to immigration control, and would normally require an examination and leave to enter in writing from an immigration officer at the UK Border. It is hard to see how this strategy aligns with the concept of ‘taking back control’, at least in the short term. Leaving aside the very visible means of evading UK Border Control via small boats on the English channel, or the less visible means of entering illegally by way of false or counterfeit documents, the most common method to evade immigration controls is to enter as a visitor and then overstay and work illegally. In my day as an immigration officer at Heathrow, all foreign nationals (including EU/EEA nationals) needed to obtain permission to enter from one of my colleagues or myself to enter the country. This would only be given if we were satisfied that (a) the passenger had a valid passport (and entry clearance if required); and (b) that they met the requirements of the immigration rules. In the case of visitors this meant finding out how long they were going to stay and why; and whether we believed they were going to stick to their time limit. If we were so satisfied, leave to enter would be given in writing by way of an entry stamp in the passport, which was plain for all to see. If we were not so satisfied, the passenger would be refused entry and returned quickly whence they came. Indeed, many of my early refusals were passengers a from European countries who were seeking entry for a short period; when further examination indicated that their true intention was to remain in the UK permanently. Which brings me back to today. E gates cannot do the job I used to do; interrogate passengers as to purpose and duration of stay. They cannot grant or record leave to enter. They were designed specifically to verify the nationality and identity of passengers who were not subject to immigration control. The only eligibility test to pass through an e gate is the possession of an ‘e passport’ (to check the holder’s face against the image on the digital chip in the passport) and age (because facial recognition technology only works above a certain age). The gates can conduct checks against the UK watch list, and the date of entry and name record may be retained. But any passenger wishing to avoid letting on the real purpose and duration of stay could easily meet these requirements, pass through the UK Border and remain undetected in the UK for an indefinite period. In normal times we would expect to see about 30 million EU/EEA passport holders coming to the UK, with the vast majority entering by way of an e gate. The Home Office has conceded that under the
current system it is impossible to say how many people are staying in the UK illegally. Estimates suggest that there may already be over a million people remaining in the UK without permission, with an additional 100,000 overstayers added to the total each year. This is before we even consider the prospect of EU/EEA overstayers when freedom of movement ends, and how to deal with them. A NATIONAL IDENTITY REGISTER Which brings me to the vexed question of immigration enforcement. Although records are kept of those who have been granted temporary or permanent permission to remain under the EU Settlement Scheme, no physical evidence has been issued to them. There may well be many more who have been living in the UK for many years who have not yet applied for settled status. With the Home Office still smarting from the Windrush scandal, this raises concerns that there will still be categories of people in the UK (including EU citizens) who will not automatically feature on the new ‘digital register’; and may improperly be denied employment or accommodation under the new system. I have long argued that the only effective way to control illegal migration in the UK is to build a national identity register. The idea of everyone clutching an ID card - and it being demanded by sinister officials – was always nonsense and is out of date now. We have the means of providing everyone with online ‘accounts’ to manage the evidence of their existence – a virtual version of the tin box stuffed with the papers that live under our stairs. Like that box, its contents belong to the individual; and they can share it with whomsoever they choose. This would ensure that everyone residing in the UK had some form of token or credential which recognises their status as either a British or Irish citizen, or as a foreign national who has temporary or indefinite permission to remain in the UK. Then – and only then – could the government consider a return to a compliant environment whereby third parties such as employers and landlords could reasonably ask to make judgements as to whether their employees or tenants have lawful status in the UK. Without this, we are already seeing signs that some EU/EEA nationals
may be denied tenancies because they cannot show lawful residence in the UK - and the potential development of a second wave Windrush disaster. As things stand, there is little that border officials or enforcement officers can do to verify how long or how many times EU/EEA nationals have been here. In most cases they will not be given the opportunity to examine passengers to determine admissibility on arrival, like I was. Their best hope is that the promised ETA system will deliver a more rigorous form of examination prior to travel; but that is still some two– three years away. Equally, it is reasonable to suppose that immigration enforcement will not arrest and deport thousands of EU/EEA nationals for failing to produce evidence that they have never needed before, even where there is no other independent evidence of their lawful status in the country. A readily accessible register of all foreign nationals (including EU/EEA nationals) lawfully residing in the UK would be required to enable them to do so; and that still seems some way off. So, it is hard to see how we will be ‘taking back control’ of EU/EEA immigration on 1 January 2021. More likely we will see ‘business as usual’, with virtual free movement continuing, at least until the UK ETA is implemented. A more likely target date for delivering effective immigration controls over EU/ EEA migration is 2025, assuming that the new strategy can be implemented by then. Meanwhile, we can only conclude that taking back control of our borders – at least insofar as EU/ EEA immigration control is concerned – remains very much a ‘work in progress’ rather than a ‘fait accompli’. L
Written by Tony Smith CBE. Tony is a former Director General of the UK Border Force with over 40 years’ government experience in immigration and border control. He is now an independent border management consultant, managing director of Fortinus Global Ltd, and chairman of the International Border Management and Technologies Association.
FURTHER INFORMATION
www.ibmata.org
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
37
AIRPORT SECURITY
Adrian Timberlake examines how intelligent technologies work to weave together the bigger picture to spot threats of terror on the horizon, and how digital transformation in the aviation sector is upscaling the implementation of counter terror measures
NEW TECHNOLOGIES ARE THE WAY FORWARD FOR COUNTER TERROR IN CIVIL AVIATION A
s the civil aviation industry continues to deal with the threat of terror attacks, new technologies that use AI are quickly evolving to meet the counter terror needs of critical civil infrastructure and the challenge of upholding national security in the modern world. To the general public, airports would appear to be some of the most secure buildings in the world. While security
38
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
practices in civil aviation are far more stringent than almost any other form of travel excluding rail networks that involve a border crossing, civil aviation’s usefulness to our national economy, businesses and quality of life, unfortunately makes airports vulnerable to terror. Since 9/11 and the global upscale of airport security, terrorists are becoming ever more inventive and varied in methods.
AIRPORT SECURITY Threats not only consist of terrorists posing as flight passengers; there’s the risk of ‘insider’ threats, interference from unauthorised unmanned aircraft (i.e.. drones) and attacks on IT infrastructure to prepare against. SPOTTING THREATS ON THE HORIZON Early awareness and intervention is the key in preventing terror attacks, and it’s within these areas that technologies that use AI prove useful as counter terror solutions. AI is being used to analyse data in real time to report intelligence, as it is able to spot both patterns and inconsistencies faster than a human. Software incorporating the technology can be programmed to send alerts to security staff, law enforcement or intelligence agencies on recognising ‘red flags’. This helps to foster early awareness of potential threats and also provides time for security teams to prepare and evacuate the public.
Current security solutions for outsider threats, such as perimeter electronic fencing and CCTV, only becomes useful once the threat is already on the doorstep. In this scenario, there’s a risk of security teams meeting the attacker indoors or later at passenger checkpoints. But modern counter terror software, that can be programmed to combine various new technological capabilities including facial recognition, objects recognition (including weapons and drones) and MAC mobile phone address alerts, is capable of spotting approaching threats from miles away, whether it be land or air-based, a known-terror suspect or a stolen vehicle, given that the software is housed within the right optics. To tackle insider threats, counter terror software can be programmed to capture a facial recognition reading which can then raise the alert if a member of staff is on a police or intelligence agency’s ‘watch-list’ –
a known subject of interest to law enforcement – or can raise the alert of a potential threat if a member of staff repeatedly explores areas outside of their parameters or is inexplicably on-site on days off. Technology that uses AI can also act as a force-multiplier when integrated into cameras across a wide area; essentially, the technology acts as extra pairs of eyes that can provide entire site coverage while security teams are on patrol. Furthermore, modern software can be retro-fitted into most existing equipment, including CCTV, body-cams or gates. UPSCALING COUNTER TERROR SOLUTIONS The building of Heathrow T5 is often credited with setting the standard for new terminal construction. Central to the project’s aspirations was a SME (single model environment) - later CDE (common data environment) - E
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
39
Ensure Your Advantage DRONE DOMEâ„¢ Never Allow Any Intrusion
www.rafael.co.il
AIRPORT SECURITY
which made core project information available to all who needed it. This increased understanding, teamworking and formed a single source of information which helped to increase quality and consistency. Due to use of innovative software, including CAD (computer aided design) models, and a data-focused approach, the T5 project achieved its major design and construction goals on time and on budget. Planning the incorporation of new technologies into the very foundations of critical infrastructure in the early stages of a project’s design allows project leaders to integrate the antiterror solutions that would best safeguard the public and suit the conditions of the environment. As an example, for the construction of Ramon International Airport (Israel), landside security infrastructure and technologies had been adapted to accommodate the desert terrain and local weather. As terror threats to civil aviation become increasingly varied and sophisticated, counter terror security must also continue to adapt to provide intelligence on early warning signals to help on-site security teams and law enforcement agencies to neutralise terror risks before they become threats to public safety and national security. L
Adrian Timberlake is chief technical officer at Seven Technologies Group (7TG).
FURTHER INFORMATION
EARLY AWARENESS AND INTERVENTION IS THE KEY IN PREVENTING TERROR ATTACKS, AND IT’S WITHIN THESE AREAS THAT TECHNOLOGIES THAT USE AI PROVE USEFUL AS COUNTER TERROR SOLUTIONS
COUNTER TERROR AWARDS: TRANSPORT SECURITY The winner of the 2020 Transport Security Award at this year’s Counter Terror Awards was Heathrow Airport.
followed widespread disruption at Gatwick Airport in December 2018 due to a drone sighting.
Europe’s busiest travel hub, Heathrow Airport deployed a ‘bespoke set of anti-drone systems’ last year, designed to block unmanned aerial vehicles from entering its airspace following a string of recent attempts. Designed by UK-based firm Operational Solutions, the system detects and tracks drones in surrounding airspace, with the ability to locate the drone pilot and show their location, using technology from several manufacturers. The airport has said the fast and accurate detention of drones would keep passengers and staff safe, and minimise delays. Heathrow Airport has not disclosed how it will then take down the drone, or how much the system cost because of safety reasons, but there is no denying that the move
In June last year, Heathrow also announced the rollout of new computed tomography (CT) security equipment throughout the airport over the next few years. When fully deployed, the 3D equipment could end the need for passengers to remove their liquids and laptops from cabin baggage when passing through security. The new CT technology is the latest generation of security equipment, providing even better images of cabin baggage more quickly. The move to install this equipment airport-wide will make the screening process even more robust, helping the airport’s teams to provide a more efficient and seamless search experience. Once the rollout is complete, likely by the end of 2022, it will have the potential to transform the journey through the airport.
www.7techgroup.com
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
41
DRONES
LOOKING UP: EVOLVING DRONE THREATS W e are in the midst of a global turn to the drone. Following their emergence as central tools of military arsenals in the conduct of remote control warfare, 95 countries worldwide are now estimated to possess drones in active inventory. While we often think first of iconic drones such the MQ-1 Predator and MQ-9 Reaper, military drones are in fact far more varied in size, role, and capability. Comprising a vast ecosystem, military drone fleets span platforms for the use and purview of the military only, to those commercially available off-the-shelf. Consumer drones are themselves experiencing a global embrace. Small drones are increasingly deployed and developed as tools across a growing range of roles, from inspection and infrastructure monitoring, security provision, emergency service assistance, image capture and videography, to the delivery of commercial and medical goods. In the UK alone, the number of certified commercial drone operators has leapt from around 400 five years ago, to over 5,500. This growth is echoed too in the growing number of drone hobbyists, casual users flying drones for fun or sport. Estimates place the number of consumer drones sold monthly worldwide
42
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
at around 200,000. As drones have become more accessible, affordable and popular, so too have concerns grown around their potential as dangerous and disruptive deployable devices. DRONE THREATS While large military drones have long sought technological advantage over adversaries and communities under their violent watch, non-state actors have taken steps to turn the tables. Here, small drones have proved effective tools; deployed, modified and built by a growing number of non-state actors and militant groups. A growing number of such groups have employed drones both to gather surveillance imagery and propaganda, and to conduct attacks. Ranging from the airborne dropping of targeted explosives to fitting drones with explosives designed to detonate when the platform is being inspected on the ground, small drones have emerged as a malleable feature of contemporary battlegrounds. Given that, as drone scholar Arthur Holland Michel writes, drones have emerged as the ‘weapon of choice for non-state groups’, concerns mount around the potential of terrorist weaponised drone deployment in nonbattlefield domestic contexts. This concern E
DRONES
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
43
DRONES
acted as a pillar for the UK Government Defence Committee’s Inquiry into the ‘Domestic Threat of Drones’. As those providing evidence to the Inquiry noted, there is notable precedent here. In August 2018 a C4-laden commercially-available drone was flown towards Venezuelan President Nicolás Maduro as he delivered a speech at a military parade. Remotely triggered in mid-air, the explosion marked what was widely reported as the first assassination attempt via consumer drone. In mapping drone threats more fully, it’s valuable to distinguish between reckless and malicious drone use. Reckless drone flights include those by individuals not following relevant regulation. This has to date included both those flying unsafely (though without malice) - resulted in cuts, lost eyes, and concussions, as well as those seeking (tourist) imagery of high profile sites including The Colosseum, Eiffel Tower, and the White House. Reckless flights are however increasingly accompanied by malicious ones, whereby individuals are deliberately and intentionally misusing drones in undertaking criminal activities. Here we can understand drone weaponisation as the desire to both inflict harm and cause damage and disruption more widely. Events at Gatwick Airport in December 2018 are of course notable here. Following reports of drone sightings, the airport suffered serious disruption for over 30 hours – to 800 flights, 120,000 passengers, and at a cost of around £50 million, an event which has as yet has not resulted in a conviction. These events further acted to inspire climate-activist group Extinction Rebellion to propose launching drones near Heathrow Airport in seeking operational disruption. While Gatwick arguably remains the largest drone event at an airport, it is far from
44
alone, with many more global airports experiencing smaller-scale operational halts prompted by drone incursions. Disruption is, however, not all that is feared at and around airports. Citing growing close-call and drone sighting figures from the UK Airprox Board, The British Airline Pilots Association (BALPA) continue to vocalise concerns around the potential risks of a drone-aircraft collision, those which it fears harness the potential to cause ‘critical damage’ to aircraft. We also are increasingly witnessing illegal drone presence beyond our airfields. Given that drones are primarily associated with the capture of aerial imagery, we are seeing a growth of drones deployed with the aim of obtaining sensitive or personal imagery. These have spanned those targeting individuals – such as drone ‘stalking’ and flying over cash points, as well as corporations – such as flying over Apple’s campus or film sets, incursions that researchers at the ‘Remote control’ project argue demonstrate the potential for ‘corporate espionage’ via drone. Drones too have been spotted over a range of sensitive facilities, such as international embassies and naval, submarine and nuclear bases, with governments globally vocalising mounting concern around the vulnerability of critical infrastructure to both unauthorised data collection and drones equipped with harmful materials such as explosives or chemicals. Here there also lies precedent, with operators equipping drones with a growing range of items, exploiting their carrying capacity. In seeking to convey a political message, operators have, for example, launched drones carrying flags over football stadiums, banners over political rallies, and even radioactive sand over the Prime minister of Japan’s office. In the context of organised crime,
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
globally both prisons and borders have emerged as key sites for drones-ascarries. In the case of prisons, drones have reportedly carried items as diverse as phones, USB sticks, hacksaw blades and knives, sim cards and DVD players directly into prison windows. Criminal actors have similarly deployed drones in large-scale smuggling operations, ranging from drugs across the US-Mexico border and mobile phones between China and Hong-Kong. Drone-enabled crime is growing in scale and scope. While existing malicious drone applications certainly prompt pause, we need also to undertake ‘horizon scanning’ and think with emergent capabilities and their potential to become weaponised. After all, just as drones are becoming more accessible, they are becoming more capable too. In the case of higher end consumer drones, advancements in ‘intelligent flight’ are of note. Referring to types of flight mode, intelligent flight (as advertised by leading drone manufacturer DJI) includes the ability of drones to lock onto and follow particular points/ objects/ persons, and to increase speed or ascend/ descend rapidly. While marketed as cinematographic techniques, the ‘Committee on Counter-Unmanned Aircraft System Capability for Battalionand-Below Operations’ warned of the potential of such techniques to “invite creative thinking and engineering”, potentially re-imagined and weaponised to target an individual or object. Similarly, partnerships between higher end consumer drone manufacturers and social media giants such as Facebook are enabling users to live-broadcast drone footage, an innovation which could facilitate the live-streaming of drone-captured propaganda. Such developments are accompanied by the re-imagination of drone itself. While small drones are commonly understood as ‘low and slow’, the emergence of the aerial sport ‘drone racing’ has seen this status shift. Purportedly capable of travelling 60 - 160 miles-per-hour, such small and swift drones represent the potential to disrupt and overwhelm a site, cordon or security provision. Similarly, while often imagined in isolation, both within and beyond military environments experimentation continues apace in the area of drone swarming – namely drones flying collaboratively in group formation. Such cooperative drones could too act to disrupt and overwhelm, as was in 2018 demonstrated by a group of criminals who deployed a small swarm of drones overhead an FBI hostage operation to keep an eye on their actions, resulting in an official stating that high speed low passes left the FBI ‘blind’. Such deployments speak to a second kind of drone re-imagination, one that drone researcher Don Rassler refers to as ‘improvised innovation’ or DIY drone modification. Here, to more fully
DRONES understand potential drone threat, we can turn to hobbyist community experiments with drones. As is readily visible on Youtube, DIY drone hobbyists have equipped drones with both functioning weapons - including flamethrowers, chainsaws, handguns, tasers, paintball and BB guns, as well as other appendages – graffiti cans, fireworks, lighters, and DIY agricultural sprayers. While predominantly not maliciously designed, rather playfully undertaken, such DIY experimentation nonetheless reveals how drones could be adapted in the infliction of harm, causing of damage, or to disrupt a site or event. COUNTERING DRONES How then to counter drones? As articulated in a report authored by researchers at the US ‘Center for the study of the drone’, a suite of responses to errant and rogue drones have emerged – ranging in form from regulatory and
WHILE GATWICK ARGUABLY REMAINS THE LARGEST DRONE EVENT AT AN AIRPORT, IT IS FAR FROM ALONE, WITH MANY MORE GLOBAL AIRPORTS EXPERIENCING SMALLER-SCALE OPERATIONAL HALTS PROMPTED BY DRONE INCURSIONS legislative to the technological. Profiling 537 counter-measures, the report details the range of styles making up the current technological counter-measure market – from those alerting you to a drone’s presence, to those blocking and even taking over control. While a flourishing market, as the report details, many counter-measures remain confounded by challenges spanning the short decision-making window (given the drone’s speed of travel and countermeasure device range), potential hazards of the drone if rendered a falling object,
counter-measure legality and potential interference with communications systems, cost, and lack of testing data. When combined with the challenges posed by increasingly accessible drones (including those available through second hand and informal selling), the ability to pre-programme flights, the potential distance of the operator from their drone, and ambiguity of what a drone might be doing – a picture of the drone as a challenging object to govern and police emerges. As the UK’s Brandon Lewis MP and Baroness Vere of Norbiton remind us, it remains that ‘there is no technological silver bullet suitable for use against all drones’. It is to this end that those regulating and legislating drones in UK airspace have actively pursued both raising education (see Drone Safe website) and accountability (via mandatory registration and amendments to the Air Navigation Order), while increasing police powers. October 2019 further saw the launch of the UK’s ‘Counter-Unmanned Strategy’, outlining an approach to assess evolving risk, build relationships with industry, and empower police. While laudable to see growing resource dedicated to mitigating and managing rogue drones, as the UK’s own airspace shifts to welcome growing numbers of commercial and civil drones, the complexity of this task also grows. As skies may busy, so too might nefarious operators adapt – copying platform markings or duplicating flight patterns of legitimate users to cause confusion. While its greatest asset, the mobile drone’s versatility remains too a double-edged sword. L
This article was written by Dr Anna Jackman, lecturer in Political Geography at Royal Holloway, University of London. Anna is an active drone researcher and has published on consumer drone threats. Anna was appointed Specialist Adviser for the House of Commons Science and Technology Committee Inquiry into the ‘Commercial and recreational use of drones in the UK’, and contributed evidence to the Defence Committee’s ‘Domestic threat of drones in the UK’ Inquiry.
FURTHER INFORMATION
www.royalholloway.ac.uk
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
45
INTERNATIONAL RELATIONS
CHINA & HONG KONG
HONG KONG AND CHINA: A PERSPECTIVE Amy Pope explains the cyber security, geopolitical, and global business impact of UK opposition to China’s moves in Hong Kong, and what companies can do about it
46
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
INTERNATIONAL RELATIONS
T
he recent national security law imposed by China on Hong Kong has fuelled the ongoing concerns around human rights abuses within the region, as well as raising serious concerns around data privacy, business continuity, and autonomy across the global community. Indeed, following promises of amnesty for Hongkongers fleeing the conflict by the British Government, China warned the UK would ‘bear all consequences’ should it grant residency to those seeking to escape Hong Kong. The backlash from the conflict is far-reaching, with tensions spilling over into the business world, as the security law continues to put pressure on Hong Kong-based organisations to publicly back the law’s sanctions. THE SECURITY LAW’S IMPACT ON BUSINESS From a national security point of view and from a business security perspective, the law should give businesses and governments some serious pause. It cements concerns that China has little intent in respecting traditional expectations around the safeguarding of information or protecting of intellectual property. That’s not to say that every single Chinese business is on a one-stop mission to sweep up all information from their users and put them in a compromised position. Chinese businesses represent a significant lynchpin upon which much of the world’s economy is growing. The real issue is the point at which the Chinese Government decides to interject and demand or appropriate user information without meaningful fear of repercussion. It is increasingly apparent that Chinese businesses have very little leverage to push back on these demands. It is for this reason that so much conjecture exists around Chinese-owned brands like TikTok and Huawei. The polemic isn’t centered on the services these brands offer, or even necessarily their corporate governance. The fear arises from the Chinese Government possessing the ability to use them as a conduit for accessing information that would, ordinarily, be secure and private. Underpinning this concern is the broad arrest authority under the new law with little regard for due process, as well as provisions allowing suspects to be sent to the Chinese mainland for trial. The vague wording of the law raises serious concerns about its potential impact on the business world, leaving little recourse to individuals caught in its crosshairs. TIME TO TAKE A STANCE: HOW SHOULD BUSINESSES SAFEGUARD? For businesses operating in Hong Kong, an immediate first step is to cordon off their Hong Kong branch and establish some blue water between their Hong Kong
based businesses and their global houses. Businesses must assure their clients, investors, and governments that their affiliation with Hong Kong based entities does not fundamentally compromise their users’ data or other sensitive information. Some businesses are taking a step further and relocating their employees to nearby countries outside of Chinese jurisdiction. More fundamentally, businesses must weigh the short-term monetary ramifications of maintaining their business in Hong Kong with the longterm impacts of a policy that allows the government to put a heavy hand on business practices. The issues will not go away. It is more likely that the ability to conduct business in a country that lacks transparency, due process of law, and sufficient respect for privacy and safeguarding of intellectual property will become untenable. While businesses will be reluctant to get involved in Chinese politics, it is nonetheless important to communicate that these privacy and security risks can negatively impact foreign investment and investor confidence. For businesses outside Hong Kong and China, the most pressing concern is the Chinese Government – or affiliated state actors – backdooring access into their infrastructure – a threat made more real in the face of the British government’s response to Huawei, the Hong Kong protests, and Covid. In my experience in both government and the private sector, Chinese state affiliated actors may sit inside an organisation’s server, undetected, scraping information without opposition. Businesses need to be alive to the fact that they are likely targets, especially if they operate within a sector that represents particular interest to the Chinese Government, such as travel or banking. COLLABORATION BETWEEN THE PUBLIC AND PRIVATE SECTOR Aside from the obvious basics (regular cyber health hygiene checks, employee training on phishing attacks, routine software updates), one of the strongest defence mechanisms against cyber attacks is improving the connectivity between the private and public sector. I was working on the National Security Council at the White House at the time of the Sony Pictures hack of 2014. That breach (which was not attributed to a Chinese state affiliate) yielded 100 terabytes of sensitive data as well as proved reputationally damaging to the company, forcing us to reconsider and improve information sharing between the private sector and US Federal Government entities. Ultimately, as a result of that and other hacks, we wrote new policies on how the US Government should work with the private sector to proactively
share information about cyber targets. We recognised that the only way to counter the threat was to do so handin-hand with the private sector. The United States has certainly not mastered the art of information sharing, but unfortunately, there are precious few examples of governments finding ways to proactively share this information with the private sector targets of the attacks. For countries – and businesses -- to have the best chance of fending off such attacks, there must be much better flow of information between the two entities. It’s mutually beneficial -- the government learns about the most common intrusions targeting the private sector, and businesses are privy to vital information about the tactics and methods being used within their industry. This approach means fundamentally changing the ‘name, shame, and blame’ culture that’s rampant in the business world when it comes to cyberattacks. In the UK, the ICO plays an incredibly important role in ensuring businesses are taking seriously their responsibility to protect data. If a breach occurs, the ICO can come down hard, with serious fines and business-crippling consequences. Absolutely, there must be consequences – especially if a company has failed to take basic cyber security precautions. But the government should not shift the responsibility entirely onto the shoulders of business – especially when these attacks are instigated by sophisticated foreign state actors. Instead, we must encourage higher levels of collaboration between the regulators, the private sector, and government bodies. By joining forces, rather than resorting to harsh punitive measures, we can learn from each other and prevent similar breaches from taking place in the future. That’s the balance that needs to be struck.
Formerly US deputy homeland security advisor to the president of the United States, Amy Pope has managed a range of high-profile, diverse challenges at the highest levels of US government from countering violent extremism to promoting refugee resettlement to leading its comprehensive effort to combat Zika, Ebola, and other public health threats. L As a partner at Schillings, she now advises corporate and individual clients on responding to and mitigating crisis. Prior to joining the White House, Amy worked in several positions at the US Department of Justice and served as counsel in the US Senate.
FURTHER INFORMATION
www.schillingspartners.com
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
47
INFORMATION SECURITY
MANAGING VULNERABILITIES IN A DIGITISED WORLD T
oday’s digital and physical worlds are on an irreversible collision course. Over the next few years, organisations will be plunged into crisis as ruthless attackers exploit weaknesses in immature technologies and take advantage of an unprepared workforce. At the same time, natural forces will ravage infrastructure. As new technologies emerge, organisations will need to adapt to the changing norms and values of society. Information security teams will need to consider the suitability of implementing evolving or poorly secured technology within the organisation. Failure to protect against pervasive attacks will leave operations exposed to significant negative financial impacts and damage to brand reputation. In the coming years, Internet of Things (IoT) infrastructure will become unmanageable and impossible to secure effectively, with attackers discovering a growing number of abandoned, network-connected devices and subsequently compromising them. Organisations will find themselves unable to patch, update and operate a range of IoT devices that will be phased out of production
48
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
by manufacturers who have gone out of business or have discontinued support. These devices will be forgotten by organisations and abandoned by their manufacturers. They will be left vulnerable and remain embedded in places such as underground pipes, air conditioning ducts and factory assembly lines, yet will continue to connect to networks. Frequent overhauling of IoT estates will result in a combination of new IoT ecosystems coexisting with old and forgotten ones. Not only will these abandoned devices create an ingress point for attackers within a corporate network, they may also pose real hazards to related machinery and critical infrastructure. The Internet of Forgotten Things (IoFT), as we call it, will leave a dangerous legacy of connected devices that are unpatched, unprotected and vulnerable to a range of attacks, which will come back to bite organisations. Nation states, organised criminal groups and hackers will take advantage of these devices. They will exploit homogeneous vulnerabilities and use forgotten IoT devices as an entry point into many organisations, causing financial and operational damage.
INFORMATION SECURITY WHAT IS THE JUSTIFICATION FOR THIS THREAT? Organisations’ desire for data and analytics, fuelled by high speed connectivity, will drive the IoT to grow at a frightening speed. With the growing development of 5G networks, devices will spread further into offices, homes and factories. Studies have found that 90 per cent of senior executives in technology, media, and telecommunications industries said that IoT devices are critical to some or all lines of their business. Ericsson estimates that more than 22 billion IoT devices will require a critical end-to-end security framework over the coming years, but currently devices lack the required security. With incredibly short production times, heightened consumer demand for new products and high turnover rates of IoT devices, the ability of manufacturers to continue supporting a range of IoT devices will reduce. A report by CSS Cyber Defence stated that there is an alarming number of unsecured or obsolete consumer and industrial IoT devices no longer supported by their manufacturers, however, are still being used. This number is expected to grow as device manufacturers phase out support for devices or go out of business. When IoT manufacturers or retailers go out of business, valuable data will be lost – including confidential or personal information. Gartner estimates that a quarter of cyber attacks will involve IoT devices in 2020 and beyond. With vulnerabilities being shared among devices and a lack of devices being updated and patched, it is plausible that an epidemic similar to the Mirai virus – where attackers turned exploitable IoT devices into botnets – may soon impact devices that are currently embedded within organisations but have lost manufacturer support. As IoT estates grow and organisations become more dependent upon their efficacy to operate, the number of opportunities attackers will have to exploit organisations will amplify. Many Western governments and regulators are beginning to introduce security guidelines for IoT manufacturers. However, the lack of uniformity between these international guidelines will continue to be a problem for organisations. In addition, chip manufacturers across China and Southeast Asia, with vastly different or non-existent IoT regulations, continue to be critical component manufacturers for IoT devices made and used across the US and Europe. The widespread proliferation of the IoT across a growing number of industry and consumer markets means that, if inappropriately managed, it will fast become a major security concern and risk to organisations. IoT hardware researchers are currently struggling to protect IoT devices, as they are built into a range of proprietary operating
systems with differing communication protocols. This makes it incredibly difficult to develop monitoring and defensive countermeasures that run across an entire estate of devices. The IoFT will intensify this already alarming risk. With the number of devices growing both in the workplace and homes, combined with an unmanageable supply chain, the threat of forgotten, unpatched and unsupported devices coming back to bite organisations cannot be ignored any longer. HOW SHOULD YOUR BUSINESS PREPARE? With the number of IoT devices within organisations expanding, it will become increasingly important to locate, update and patch them. In the short term, organisations should conduct a discovery exercise to create an IoT asset inventory and run an active decommissioning or reactivation program for discovered IoT devices. In the long term, create microsegmentation architecture for IoT devices. Additionally, incorporate IoT into the IT sourcing strategy, ensuring that rigorous procurement procedures are included. Finally, insure that IoT devices do not create operational dependencies. SECURITY STARTS AT THE TOP As man-made, natural, accidental and malicious attacks intensify, organisations of all sizes will need to secure their physical and digital properties or face destruction. Technical infrastructure must be hardened and protected against new and traditional attacks, or strategic decisions must be made to transfer risk away from the organisation. The requirement to maintain, improve and harden infrastructure to withstand the threats posed by people, technology and the elements has become an operational necessity. Abandoned, unsupported and forgotten assets will increasingly pose a hidden risk to organisations. While new architectural approaches may seem tempting, failure to maintain oversight of these new
network ecosystems will prove disastrous. In the face of rising, global security threats, organisations must make systematic and wide-ranging commitments to ensure that practical plans are in place to acclimate to major changes soon. Employees at all levels of the organisation will need to be involved, from board members to managers in non-technical roles. Enterprises with the appropriate expertise, leadership, policy and strategy in place will be agile enough to respond to the inevitable security lapses. Organisations can no longer afford to ignore cyber security and must build both a strategy and a workforce that can not only protect against attacks, but also thrive in today’s digital era. This is not something that will be a quick fix; when it comes to investing in security, the return has historically been hard to quantify and as workforces become more diverse, new and old habits create a multitude of challenges. But with the right approach, achieving a successful strategy is possible – and will give businesses a competitive advantage. Above all, organisations rely on trust – and in the digital world, innovative technologies can be misused to erode that trust, and digitally naïve employees can be exploited, endangering the relationships between organisations and their key stakeholders. To remain steadfast, organisations will need to improve operational transparency, update business continuity plans and overhaul or evolve technical security controls to consider the range of disruptive technological and human threats. Careful protection of the brand will remain high on the corporate agenda, with information security playing a key role in ensuring that the reputations of organisations are maintained. L
Steve Durbin, managing director of the Information Security Forum.
FURTHER INFORMATION
www.securityforum.org
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
49
DERADICALISATION
SELLING DE-RADICALISATION TO THE PUBLIC I
n 2008, Time Magazine listed deradicalisation as one of ten future revolutions and since then deradicalisation programmes have proliferated across the world as a measure to counter and prevent terrorism. In short, these programmes have aimed to facilitate the abandonment of radical ideology and to reduce the risk of reoffending of participants upon their release from programmes. De-radicalisation had been referred to as a fad following the development of the first wave of programmes, yet despite early scepticism of whether the
50
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
programmes were necessary or desirable, deradicalisation programmes have continued to diffuse across the globe as a solution to deal with terrorism and violent extremism. The rise of Islamic State in the Middle East and the upsurge in foreign fighters across the world triggered a push to developing de-radicalisation programmes – deradicalisation has become global. And yet, the global diffusion of de-radicalisation has faced one challenge which has been neglected, namely what the public thinks about these de-radicalisation programmes.
DERADICALISATION In November 2019, Usman Khan murdered Jack Merritt and Saskia Jones at an offender rehabilitation conference in London. Khan had been released from prison in 2018 on license after serving a sentence for a terrorism offence and having took part in de-radicalisation programmes. The attack led to the effectiveness of de-radicalisation programmes being questioned publicly with Prime Minister Boris Johnson, following another similar incident in February 2020, questioning the extent de-radicalisation can work. The two cases demonstrated how vulnerable the programmes were to public backlash, which has been a problem in other countries such as Nigeria. It also posed a potential conundrum for de-radicalisation insofar as its PR battle may be lost from the outset because it indicated that no level of success in its own terms, such as recidivism rates or evaluations, may not be enough to be successful in the eyes of the public. The public’s opinion of de-radicalisation programmes is important: community
support is necessary to facilitate the important stage of re-integration; the extensive amount of resources given to de-radicalisation programme globally is due to political will and public support or acquiesce. Public opinion of de-radicalisation programmes matters to ensure the programmes are effective, yet these programmes have understandably not been concerned with what the broader public thinks. Yet the backlash that follows cases of recidivism raises the significance of considering how de-radicalisation is perceived and understood. ATTITUDES TOWARDS DE-RADICALISATION To provide insight into this issue, we conducted an experimental survey to ascertain whether attitudes toward the rehabilitation and re-integration of terrorist offenders change if the programme includes or excludes deradicalisation. The research provides indications of the public’s attitudes to de-radicalisation in comparison to a programme with a similar objective but
without de-radicalisation, which allows us to isolate the effect of de-radicalisation on the respondents’ attitudes. The research found that a de-radicalisation programme increased support for the rehabilitation and reintegration of terrorist offenders by a low amount (although statistically significant). In other words, a de-radicalisation programme for re-integrating terrorist offenders may be supported more by the public than a programme which refers to disengagement and does not seek to change the offenders’ ideology. However, we also find that while de-radicalisation increases support, it also decreases perceived effectiveness, leading respondents to feel it makes the country less safe and less likely to reduce the re-offending rate than if the programme excludes de-radicalisation. This paradox indicates that support for de-radicalisation is shaped by factors other than effectiveness and it presents practitioners with a dilemma insofar as the framing of a programme in terms of de-radicalisation may make the goals of the programme seem unrealisable. E
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
51
DERADICALISATION From a practitioner perspective, this trade-off between (slightly) increased support and decreased perceived effectiveness might be an opportunity or a constraint. Frontline practitioners may benefit from generating support for a programme among the wider public and at first glance it may appear that our study indicates that de-radicalisation would make people more willing to support the re-integration of foreign fighters. While we need to exercise caution on the generalisability of the findings, we can see this as potentially important where there is resistance to re-integration such as in Nigeria – arguably extensive framing of re-integration in terms of de-radicalisation can increase support at least relative to other measures.
52
However, it is worth mentioning that while de-radicalisation framing (in the label and content of a programme) may increase support for a re-integration programme among a potential ‘general population’, the impact of this treatment was relatively small and it cannot be assumed that a small increase in support would occur among sections of society most useful in delivering the programme and the most requiring support in order to facilitate reintegration. If de-radicalisation does not increase support among members of society who are integral to the success of reintegration, for example if it decreases support among communities whose co-operation is important, then framing a programme as de-radicalisation could be counter-productive.
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
Thus, in terms of generating public support, there appears to be a potential advantage in not using a de-radicalisation framing. Instead, framing a policy in terms of disengagement and desistance, while to some extent generating relatively less support, was more consistently supported and raised less opposition. De-radicalisation, on the other hand, polarised opinion. Once again the trade-off is dependent on which audience the practitioner is targeting – increasing general support among the population may be more desirable than the public thinking the programme works, although dropping the language of de-radicalisation when in engaging with target communities may be preferable.
DERADICALISATION
PROMOTING DE-RADICALISATION Based on this research and an upcoming book on the media framing of deradicalisation, several points may be useful in guiding how practitioners approach the PR of de-radicalisation programmes. Firstly, it is reasonable to expect a large amount of support from the public in general, there is no indication it is unpopular (although recently conservative UK newspapers have turned against de-radicalisation). Secondly, governments tend to be shy about promoting de-radicalisation, leaving the media to pick up more critical voices, whereas newspapers where reporting is overwhelmingly supportive of de-radicalisation are in contexts where there is a clear effort by government, police and military officials to advocate de-radicalisation. Communications resources of de-radicalisation programmes rightfully prioritise reaching target communities however we would
PUBLIC OPINION OF DE-RADICALISATION PROGRAMMES MATTERS TO ENSURE THE PROGRAMMES ARE EFFECTIVE, YET THESE PROGRAMMES HAVE UNDERSTANDABLY NOT BEEN CONCERNED WITH WHAT THE BROADER PUBLIC THINKS recommend that practitioners and governments be more open publically with their activities and to not fear a public backlash – in effect, its the fear of the public backlash and not selling deradicalisation which makes the generation of public support more challenging. Thirdly, the story of de-radicalisation needs to be logically consistent and more favourable narratives are better at making the targets of a programme ‘de-radicalisationable‘, emphasising their vulnerability and reformability. Fourthly, de-radicalisation is a hybridised
concept – it pulls together rehabilitation and security and if promoted correctly it can mobilise support and resources toward the objectives of rehabilitation and recidivisim reduction. L
Written by Gordon Clubb, lecturer in International Security at the University of Leeds.
FURTHER INFORMATION
www.leeds.ac.uk
ISSUE 44 | COUNTER TERROR BUSINESS MAGAZINE
53
SECURITY IN A BACKPACK Rapid deployment. High quality images. Fast decisions. Introducing the new, robust and powerful ThreatScan®-LS3. Designed in collaboration with first responders, this is a small, lightweight and compact unit that’s designed to be rapidly deployed. High quality, real-time X-ray images (305 x 256mm), materials discrimination, pan, zoom, DeepFocusTM, 3D Emboss, measurement and annotation all enable rapid and accurate decision-making. The complete system fits in a backpack and is also suitable for robot integration.
www.3dx-ray.com
The complete x-ray security solution
3DX-RAY Ltd is a global market and technology leader in line‑scan x-ray imaging systems for security inspection, having supplied systems worldwide directly and through partners, agents and distributors. The company’s systems combine high image quality with ease of use and competitive pricing. Portable, mobile and fixed systems are offered to meet a wide range of inspection needs and 3DX-RAY’s quality management system is certified to ISO 9001:2015. The portable ThreatScan® systems allows bomb technicians to perform rapid and accurate threat assessment in a wide range of operational scenarios. Each system consists of a generator, a detection panel and an imaging station as
54
standard. The detector panel is lightweight and incredibly thin, and is available in a large format imaging area of 600 x 460mm, or a compact imaging area of 462 x 273mm. The complete system can penetrate up to 34mm steel at 120kV while producing high quality, sub‑millimetre resolution images. ThreatScan® can be used to inspect suspect bags and packages in mass transit areas as well as general security inspection by first responders such as police, military and private and government security agencies. Specialising in x-ray inspection. When it matters most, 3DX-RAY Ltd has the insight you need. FURTHER INFORMATION
www.3dx-ray.com
COUNTER TERROR BUSINESS MAGAZINE | ISSUE 44
ADVERTISERS INDEX The publishers accept no responsibility for errors or omissions in this free service APSTECH International Trading 12,16 Armour Communications 30 Durabook 8 Frequentis 4 Frontier pitts IFC Highway Care 24 HROC 27 Rafael 40 Visual Management Systems 14 Westminster International 6
To register for your FREE Digital Subscription of Counter Terror Business, go to: www.counterterrorbusiness.com/digital-subscription or contact Public Sector Information, 226 High Road, Loughton, Essex IG10 1ET. Tel: 020 8532 0055
Follow and interact with us on Twitter:
@CTBNews
THE NEW INTERACTIVE ONLINE EVENT SERIES FROM COUNTER TERROR BUSINESS
COMING SOON SOON... WATCH OUT FOR ANNOUNCEMENTS OF OUR NEXT EVENT ON
MISSED OUR 8TH OCTOBER EVENT - EVENT MANAGEMENT SECURITY? YOU CAN CLICK HERE TO REGISTER AND WATCH IT ON DEMAND
CTB365 ON DEMAND – NEVER MISS ANOTHER CTB EVENT. EVER.