Counter Terror Business 27 by PSI Media

www.counterterrorbusiness.com | ISSUE 27

NEWS: BASTILLE DAY NICE ATTACK OF AN ‘UNDENIABLE TERRORIST NATURE’ TRANSPORT SECURITY

UK SECURITY EXPO

COUNTER TERRORISM

CYBER SECURITY

EXERCISING YOUR CYBER RESPONSE

Business advice to combat the dangers of a cyber attack FORENSICS

DANGEROUS CHEMISTRY The long and short-term effects of possible chemical attacks on critical national infrastructure

test The la siness b ce u defen ws p31 ne NCE

ZINE

AGA ESS M

EFE FOR D

USIN THE B

f ence o In def counter ive effect rism p33 r r e t o

COUNTER TERROR BUSINESS

Liberté, Equalité and... Fatalité

www.counterterrorbusiness.com | ISSUE 27

Last week saw yet another shocking terrorist event on French soil, with 84 people confirmed dead following the splintering of a celebrating Bastille Day crowd by a terrorist truck driver in the French city of Nice.

NEWS: BASTILLE DAY NICE ATTACK OF AN ‘UNDENIABLE TERRORIST NATURE’ TRANSPORT SECURITY

UK SECURITY EXPO

Comment

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

COUNTER TERRORISM

CYBER SECURITY

EXERCISING YOUR CYBER RESPONSE

The attack on 14 July was deemed an act of ‘an undeniable terrorist nature’ by French President Francois Hollande, who has kept the nation in a state of emergency since last November’s Paris attacks, in which 130 people died.

Business advice to combat the dangers of a cyber attack FORENSICS

DANGEROUS CHEMISTRY

The long and short-term effects of possible chemical attacks on critical national infrastructure

est The lat siness ce bu defen ws p31 ne CE

ESS MAGA

ZINE

FOR DEFEN

THE BUSIN

ce of In defencounter ive effect ism p33 terror

The national state of emergency has, nonetheless, not deterred terrorists from targeting France. Since the start of last year, France has suffered terrorist attacks at the Charlie Hebdo magazine offices, a kosher food market, the Bataclan concert venue, the Stade de France, terrace restaurants in Paris, and now, along a Nice promenade. Terrorism is hitting the heart of French culture, by residents from its own disenfranchised communities. A shrinking territory for ISIL in Syria and Iraq, caused by increased US-led airstrikes, which includes a number of French warplanes, is equating for further calls to target the country. Shock and horror are turning to anger and disgust. Liberty, equality and fraternity are the bedrock values of French identity. The words themselves instigate images of unity and solidarity. France is proud of its cultural offering, but diversity should never be at the expense of brotherhood.

Follow and interact with us on Twitter: @CTBNews

Since our last issue, the UK has left the European Union, has a new Prime Minister and a reshuffled cabinet office. Theresa May has said that the UK must redouble its efforts to defeat terrorism. Now that the reality TV aspect of British politics dwindles to a conclusion (at least momentarily), our government must refocus on its obligation to counter the threat of terrorism and protect lives. Michael Lyons, editor

P ONLINE P IN PRINT P MOBILE P FACE TO FACE If you would like to receive 4 issues of Counter Terror Business magazine for £100 a year, please contact Public Sector Information, 226 High Road, Loughton, Essex IG10 1ET. Tel: 020 8532 0055, Fax: 020 8532 0066, or visit:

www.counterterrorbusiness.com PUBLISHED BY PUBLIC SECTOR INFORMATION LIMITED

226 High Rd, Loughton, Essex IG10 1ET. Tel: 020 8532 0055 Fax: 020 8532 0066 Web: www.psi-media.co.uk EDITOR Michael Lyons ASSISTANT EDITOR Rachel Brooks PRODUCTION EDITOR Richard Gooding PRODUCTION DESIGN Jacqueline Lawford, Jo Golding PRODUCTION CONTROL Sofie Owen WEB PRODUCTION Victoria Leftwich ADVERTISEMENT SALES Chris Jones, Harry Harris BUSINESS DEVELOPMENT MANAGER Martin Freedman PUBLISHER Sally Brockman ADMINISTRATION Vickie Hopkins, Charlotte Cassar REPRODUCTION & PRINT Argent Media

© 2016 Public Sector Information Limited. No part of this publication can be reproduced, stored in a retrieval system or transmitted in any form or by any other means (electronic, mechanical, photocopying, recording or otherwise) without the prior written permission of the publisher. Whilst every care has been taken to ensure the accuracy of the editorial content the publisher cannot be held responsible for errors or omissions. The views expressed are not necessarily those of the publisher. ISSN 1362 - 2541

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

The Holmatro Door Blaster Holmatro presents its latest innovation in door breaching. As fast as explosives, without the flying debris. Remote operation allows you to step away from the door and activate the door opener from a distance. The system is easy to carry, install and operate by one person. Add to this itâ&#x20AC;&#x2122;s extremely quiet operation and you have a groundbreaking solution for forcible entry!

Breaking barriers. www.holmatro.com

CONTENTS 07

07 CTB NEWS

Terrorist attack in Nice on Bastille Day; Theresa May becomes new Prime Minister; and Amber Rudd becomes new Home Secretary in cabinet reshuffle

12 UK SECURITY EXPO

The UK Security Expo will be opening its doors at London’s Olympia venue on 30 November. Here, the show organisers reveal top industry advice on how to manage the issue of public security at large events

15 TRANSPORT SECURITY

Transport security expert Chris Stevens draws on his extensive experience on how counter terrorism measures can be effective within transport environments

19 CYBER SECURITY

Andrew Scott analyses the chances of your organisation suffering from a potential cyber threat and the best ways to prepare for the attack

24 EMERGENCY SERVICES SHOW

All those involved in emergency prevention, response and recovery will be attending the Emergency Services Show on 21-22 September at the NEC in Birmingham. Counter Terror Business reveals what the show will present to the industry

27 FORENSICS

Peter Bennett, from security consultancy Covenant and formerly of the UK National Counter Terrorism Security Office, discusses the possibility of chemical attacks on critical national infrastructure, examining both the short and long-term effects

31 DEFENCE NEWS

MPs vote in favour of renewing Trident weapons system; RAF Typhoon deal set to save £500 million; and the Ministry of Defence orders new fleet of Apache helicopters

THE

BUS

INES

SM AGA Z

INE

FOR

DEF

ENC

Tur for th n to page 3 e la 1 b u s i n test defen ce e and fes s n e w s atures

Contains public sector information licensed under the Open Government Licence v3.0

Contents

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

Counter Terror Business

www.counterterrorbusiness.com Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

MULTIPLE PERSONALITY ORDER Manage multiple identities seamlessly and securely on one device. In today’s world, police and security officers face ever-greater physical and electronic risk. WorkFone® reduces this risk by delivering multiple professional identities on a single smartphone, increasing control while securely handling all communication needs, including voice and SMS. It’s simple and it’s familiar. If you can use a phone, you can use WorkFone.

WorkFone. For every you.

Now Available in Over 30 Countries

www.workfone.io

TERROR ATTACKS

Shocking Nice attack of an ‘undeniable terrorist nature’ French President Francois Hollande has condemned the attack in France which has left 84 people dead, including children, as having an ‘undeniable terrorist nature’. The attack involved a driver ploughing a lorry through a crowd in Nice amid evening celebrations on Bastille Day. The driver drove for 1.2 miles on the Promenade des Anglais at about 23:00 before being shot dead by police. A number of witnesses reported that the lorry appeared to swerve from side to side in order to injure more people, with police confirming that guns and grenades were hidden inside the lorry, although more recent reports have deemed the weapons as fake. The state of emergency which has been in place since November’s Paris attacks, carried out by ISIL militants, has been extended by a further three months. The identity papers of a 31-year-old French‑Tunisian were reportedly found in the truck. The driver was named by local media as Mohamed Lahouaiej Bouhlel and was known to police for previous petty crimes. It is believed that he was only recently radicalised, which may explain why he escaped the authorities notice, with police having not yet found evidence that he pledged allegiance to radical groups or had contact with known extremists. French Prime Minister Manuel Valls was heckled and booed as he attended a minute’s silence in Nice, as members of the crowd shouted ‘murderer’ and ‘resign’ at him. Former President and current centre-right opposition leader Nicolas Sarkozy has accused Valls and the government of failing to provide security. He has called for any foreign nationals

with links to radical Islam to be expelled from France, and for electronic tagging for those who are at risk of potential radicalisation. UK Prime Minister Theresa May said she would speak to President Hollande ‘and make clear that the United Kingdom stands shoulder to shoulder with France today as we have done so often in the past.’ May added: “If, as we fear, this was a terrorist attack then we must redouble our efforts to defeat these brutal murderers who want to destroy our way of life.” May is due to travel to France as part of her first European visit as Prime Minister on 20 July.

Mass migration and terrorism linked Key figures in Hungarian politics have claimed that mass migration is responsible for the terror attacks in Europe, including the recent Nice attack which killed 84 people. The ORIGO news service has reported that, when speaking on Hungarian radio, Antal Rogán, cabinet office chief, explained that ‘illegal immigration and terrorism go hand in hand’. Rogán also expressed his opinion that it was time for the European Union (EU) to enact a radical change on refugee policy and to stop mass migration, a view shared across many parts of Hungary. Believing that migrations should be halted rather than incentivised, Hungary is reportedly set to hold a referendum on migration policies in October – which will likely lead to the closing of borders. READ MORE:

tinyurl.com/z8vt4n2

Church concerns over counter-terror laws

READ MORE: tinyurl.com/hhhnv46

EU LAW

Snoopers Charter compatible with EU law The European Court of Justice has indicated that the Investigatory Powers Bill, dubbed the Snoopers Charter by its critics, is legal, so long as it complies with ‘strict requirements’. Deputy Labour leader Tom Watson and new Brexit Minister David Davis brought forward the case to the UK High Court, arguing that parts of the Bill are illegal and do not respect the right to privacy. However, the EU’s highest court has suggested that retaining data from telephone calls and emails is legal if law enforcement agencies use it to tackle crime. The preliminary ruling brings European data retention practices closer in line

with the debate over the passage of the UK’s Investigatory Powers Bill over what safeguards should be imposed for bulk interception and retention of data. It is argued that only the data associated with calls and emails is retained, not the content of messages. The government believes that the surveillance powers offered through the Bill will help it fight terrorism. It is awaiting final approval in the House of Lords. READ MORE: tinyurl.com/z9jvjsh

tinyurl.com/jgon9db

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

www.marshalls.co.uk/pas68

BAM Construction Case Study

Problem For the completion of a modern glass fronted shopping, retail and leisure park, Marshalls were approached by the client to supply physical perimeter protection in fitting with the aesthetics of the project. A key consideration for the product specification was a 200mm depth restriction in the landscape due to underground services. Whatâ&#x20AC;&#x2122;s more, the client also required a range of other street furniture products such as cycle stands and motorcycle stands. Solution By working closely with the client, Marshalls were able to find a solution to satisfy a number of issues outlaid in the initial brief. The depth restriction was overcome with the recommendation of the RhinoGuard 25/40 Shallow Mount bollards which require a foundation depth of only 152mm. To avoid delays, Marshalls worked closely with BAM to ensure that they could excavate foundations prior to the products being delivered to site to enable them to move on to other areas of the project. The client opted for Stainless Steel Sleeves, which offer a sleek and modern aesthetic to the products. All of the chosen products are PAS68 rated, reassuring clients and space users of the safeguarding of the space, people and infrastructure. Benefit Marshalls worked closely with the client to overcome a number of restrictions throughout the project to ensure a high quality result. The chosen bollards offer the required level of protection whilst also allowing for shallow installation and enhancing the aesthetics of the project.

UK Security Expo

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

EVENT PREVIEW

The challenge of public safety in crowded places With UK Security Expo opening its doors at London’s Olympia venue on 30 November, the show organisers reveal best practice advice on how to manage the issue of public security at large events Sadly the events in Paris and suicide bombing of Brussels airport and Metro have underlined the difficulties of protecting crowds in public spaces. There is certainly a recognition within Europe that more can and should be done at stadiums, transport hubs, venues, shopping centres and other public spaces. So what can the authorities do to dial-up public protection at a time when multiple, marauding attacks – like Brussels, Paris, Tunisia, Mumbai, and 7/7 in London – and, lone wolf incidents such as those visited on Ottawa and Sydney, are very much on an upward trajectory? EURO 2016 At Euro 2016 – the world’s second-largest football tournament – French Interior Minister, Bernard Cazeneuve offered reassurances following a Council of Ministers’ meeting about ‘strengthened security requirements for the fan zones, for example, by tightening

entry controls by means of the systematic frisking of spectators and the use of CCTV in all fan zones’. Beyond this, Cazeneuve went on to confirm that the number of stewards and private security guards had been reviewed upwards. With the failed attempts by suicide bombers to enter the Stade de France last November still fresh in the memory renewed fears over stadium security in France were also raised back in May after flares were smuggled into and set alight at a football game between PSG and Marseille. CITY ON LOCK-DOWN Returning to the action governments took post Paris, the Belgium government shutting down its schools, and even the metro system for close to a week, and

having soldiers patrolling the streets, may have had deterrent value, but, practically, is just not sustainable in a Western democracy over an extended period of time. Sadly as we all know, ultimately, these efforts were to no avail as only months later both Brussels International Airport and a Metro station were hit by terrorists on the same day. For many security experts it is intelligence‑driven raids to arrest and disrupt the activities of suspects, and the sharing of information across borders, that is really at the heart of a proactive anti-terrorism effort to protect public spaces. This is something which Mike O’Neill, MD of UK-based Optimal Risk Management Limited was in agreement on following August’s ‘lone wolf’ incident on a high‑speed train travelling from Amsterdam to Paris. O’Neill was keen to stress that work ‘behind-the-scenes’ by the security services to identify individuals ahead of time is the real game-changer here.

’s Londonitan ol Metrop ited the nv Police i a terrorism o media t ng exercise traini ht into the FOR TERROR for insigthat officers OnTRAINING this side of the English Channel, tackling terrorism tactics d employ remains high on the agenda too. woul

Over six months we have witnessed a series of anti-terrorism exercises – at the Trafford Shopping Centre in Manchester and, further south, the emergency services training in a large warehouse containing a mock-up of the London Underground. The evacuation of the Old Trafford stadium, close to kick-off of the Manchester United and Bournemouth match, after a suspicious device was found by a member of the public in a toilet block, also brought the potential dangers of international terrorism to the public’s attention. Thankfully in this case it turned out to be a practice device left, accidentally, by a private security firm. Given the large loss of life at the Bataclan theatre, in particular, it is clear that when the worst happens, time is definitely of the essence. London’s Metropolitan Police invited the media to a terrorism training exercise for insight into the tactics that officers would employ, given the reality that today’s terrorists are not necessarily looking to negotiate their way out of a siege-type situation but rather will keep on killing those

COUNTER TERROR BUSINESS MAGAZINE | Issue 27

EVACUATION Post-Paris, Lee Doddridge, director at security consultancy Covenant, believes that those responsible for major facilities should revisit action plans should they find themselves in the firing line. He reveals that when scenarios are brought up many people may want to evacuate inside a site like a shopping centre – and do a dynamic lockdown. But, according to Doddridge, that doesn’t necessarily work if the terrorists are already in your facility. Instead it is advisable to get people away as quickly as you can. Added to this, Doddridge explains that employees need to change their mind-set compared to what is the norm in a less threatening situation. He said: “It is amazing when we run through [a terrorist attack] people say we can’t use that entry/exit because it is staff only but then you make them realise in this life or death situation these things go out the window.” SITUATIONAL AWARENESS When there is the potential for incidents to escalate where crowds may be gathered simultaneously, stretching resources, a smarter joined-up approach to real-time situational awareness could, potentially, help the authorities get a handle on what is happening. Some may look to replicate the route taken by Rio de Janeiro, and the Operations Centre (ROC) there. Although not instituted to deal with terrorism specifically, the facility at Cidade Nova brings together 30 departments and agencies from across the municipality, and, in so doing, has helped slash response times by an impressive 25-30 per cent. As a result of advanced urban systems for visualisation, monitoring, and analysis, the Centre is breaking down the barriers which have constrained the way things function, not just in South America, but globally. ADDING ANALYTICS Turning to Rustom Kanga, CEO of iOmniscient which specialises in video analytics, he confirms that the company has supplied a solution to the Royal Thai Police to automate

UK Security Expo

around them. The Metropolitan Police’s assistant commissioner, Patricia Gallan – who is Scotland Yard’s head of specialist crime and operations – told the BBC that officers would ‘go forward’ to confront gunmen in the event of a Paris-style attack which may mean having to ‘walk over casualties’. The public also has a role to play in keeping themselves and others safe, whether that is remaining vigilant for suspicious activity or educating themselves about what to do in the event of an attack where they may need to seek safety before the police can reach them. Interestingly, the National Counter Terrorism Policing in the UK has released a film detailing specific advice entitled: ‘Stay Safe: Firearms and Weapons Attack’. This sets out three key steps, under headings: ‘run, hide, and tell’.

The public also has a role to play in keeping themselves and others safe, whether that is remaining vigilant for suspicious activity or educating themselves about what to do in the event of an attack their policing efforts following the devastating bomb attack on the Erawan Shrine near the Hyatt Hotel in Bangkok last summer that left 12 people dead and 125 injured. In light of what happened, Kanga reports that the Thai police were keen to upgrade their existing systems by implementing a face recognition solution, to make Bangkok a ‘smart city’. The Royal Thai Police already has an Oracle database of faces of people of interest so, reports Kanga, the iOmniscient system is the first step, in the process of automating how this resource is used. FOCUSING ON PINCH POINTS On the question of the application of video analytics to pick out individuals in crowds, Bill Flind, chief executive at Ipsotek, offers a note of caution: “There is a desire to use facial recognition in crowded places but you can’t just look into a crowd and accurately do face recognition – you need to apply that kind of security to pinch points. So rather than looking at the area as a whole you would deploy the face recognition to work where people are entering.” For safety in very large venues where thousands people are gathering, Flind adds that video analytics-based solutions can readily help to monitor the overall density of the crowd and raise alerts for particular areas. Of course it is not just access to publicly‑owned video surveillance and other security assets that can help with situational awareness. Andrew Elvish at Genetec points out that a ‘federation’ capability such as that unlocked through a ‘unified security platform’ makes sense for cities. This means, essentially, that cameras from a sports stadium or other sites in a city can be tied into a real-time crime centre run by the police. For example, Elvish warns that

in the event of an unpredictable situation like Paris the police and first responders can get eyes on that venue very quickly. STAND-OFF SCREENING The ability to conduct stand-off screening of individuals for concealed object detection in busy public spaces, such as train stations or an airport, is something which Mark Marriage of Digital Barriers believes is likely to gain more traction. He explains that this employs not only CCTV but also a terahertz camera to receive and interpret the natural terahertz energy emitted by individuals and the surrounding environment. In terms of police involvement in crowd control, rapidly deployable command vehicles equipped with mobile digital CCTV recording technology can act as a powerful ‘force multiplier. Not only can such vehicles mast-mounted cameras provide a highly visible presence to deter trouble but careful positioning of the vehicle helps the police to manage the dynamic of the crowd, keeping rival fans apart and preventing clashes and bottlenecks developing. PROTECTING CROWDED PLACES A Protecting Crowded Places Conference will take place at UK Security Expo 2016 examining innovative design considerations, effective surveillance, target hardening and pioneering policing methodologies. There will also be an Immersive Demonstrator in association with SIDC on behalf of the Home Office and CPNI. Using the event venue itself as the place to be protected, the aim is to provide an integrated experience showing innovative technologies and techniques in operation. L FURTHER INFORMATION www.uksecurityexpo.com

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

SECURITY IN DESIGN

Transport security expert Chris Stevens draws on his extensive experience to provide information on how terrorism and counter terrorism measures can be effective within transport environments This article acknowledges the efforts made by the security services and police across the world in attempts to infiltrate, obtain intelligence and disrupt terrorist groups and activity, whilst also recognising that there will inevitably be success on both sides. What is intended in this short editorial is to recognise that there are measures which can be introduced, either to reduce the opportunity to commit a terrorist act or at least minimise the impact of such an incident. Physical security measures introduced as part of ‘Security in Design’ either for new build or retro during refurbishment can be effective in reducing loss of life and casualty numbers. The style of terrorist attack methodology has altered from being primarily anti‑establishment and economic targeting to a clear intent towards intended death and casualty numbers. As much as terrorist intent has changed so in its self has the style of attack. There has been a clear move away from placing or concealing an explosive device to detonating by suicide bombers, such as London 7/7 and Brussels. Equally, and even more difficult to both prevent and react to are the marauding armed individuals,

whether alone or as a group member, they can cause total mayhem and death in their path. Nevertheless, it should always be remembered and not forgotten that history can repeat itself and accordingly successful methodologies of the past could return. It would be wrong, for designers and architects, to alter tried and tested practices of designing out alcoves, flat surfaces and recesses. EFFECTIVE RESILIENCE Operational security measures incorporating armed police and high profile staffing have long been considered to be effective in reducing terrorist activity. There is little, or no, evidence supporting this approach to target hardening and it is most likely offered as a comfort provider to the travelling public. From a firearm attacker perspective there is no evidence that the presence of armed police has any realistic deterrent meaning as was witnessed in Paris and Brussels. Recognition that transport hubs and environments need to operate in the manner that they are intended and excessive or potentially disruptive measures

Written by Chris Stevens

Countering terrorism within the transport environment

Transport Security

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

need to be avoided. It is important that security consultants should be knowledgeable in the field that they are advising on to ensure operational considerations are both understood and included in the assessment and recommendations. The experience gained from being engaged in counter terrorism for twenty five years, and explosive testing of materials for more than fifteen, gives credence to the approaches contained in this short article. There needs to be acceptance that in the event of a terrorist incident occurring there will almost inevitably be loss of life. This is an unfortunate consequence of being targeted by the gunmen spoke of, or in close proximity to the detonation of explosives. This article focuses on the fact that ‘Security in Design’ can reduce casualty numbers in the event of an explosive terrorist incident. This is achieved through following an effective process of assessing and introducing appropriate E

Des should ign a be aimi lways achieve ng to objectivthe clear ‘death a e that number nd casualty s ar minimis e to be ed’

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

PROTECT YOUR PEOPLE AND YOUR ASSETS... WITH SECUREWEST’S TRAVEL RISK MANAGEMENT SOLUTIONS With an ever increasing threat posed to international businesses the Securewest Risk Management solutions PREPARES, SAFEGUARDS and RESPONDS to travel risk. PREPARE bespoke mitigation measures to secure people, assets and reputation by; • Pre-travel advisory and training • Emergency planning and preparation • Threat analysis and assessment • Country briefs • Lone worker travel application • Global tracking solutions • Travel risk consultancy SAFEGUARD your travel risk by; • Personnel and asset monitoring 24/7 • Security movement and journey management • In-country support • Intelligence updates and alerts RESPOND to emergency situations by; • Emergency and crisis support in-line with emergency plans and protocols • Emergency advisory • Medical advisory • Evacuation assistance • Specialist risk consultants (crisis management, kidnap & ransom, evacuation, disaster)

+44 (0)1548 856001 info@securewest.com www.securewest.com

Transport Security

SECURITY IN DESIGN  countering measures. Brussels airport and the nearby Metro on 22 March 2016 became the latest locations to be targeted with explosive devices by terrorists. The terrorists’ targeted ‘soft’ locations of crowded places, a practice that ensures their intent of death, maiming and fear are realised whilst for some creating martyrs for the cause. DESIGN CONSIDERATIONS There are some critical approaches when advising on transport environment design to be considered. These evolve around layout, defining and securing private space, material selection and elements of specialist engineering to ensure the structure is robust and fixtures and fittings remain in place. It is the following of tried and proven methods of Crime Prevention through Environmental Design (CPTED) and then taking such ideas to a higher level to reduce the impact of a terrorist incident is the approach followed. Fundamentally terrorism is and always will be a crime no matter in which way it is politically packaged or excuses made. It is therefore considered that basic principles of target hardening, the creation of a hostile environment whilst ensuring those that own, manage or use the space are able to do so confidently thereby increasing safety and security. The counter terrorism security characteristics which reduce the risks come about by ensuring that materials selected offer minimal fragmentation properties as this can greatly decrease casualty numbers. Pictures from the Brussels airport incident showed particles of glass showering down on people. Glass is known to be one of the highest reasons people are injured in the event of an explosion. Glass can be specified to resist explosive forces resulting in many less casualties. Cladding panels were seen to have detached from walls and ceilings inside the airport building. Solid cladding panels can be designed to be retained to the structure or as a minimum remain within close proximity through the use of concealed tethering. A cladding panel flying though the air would almost certainly cause serious injury and possibly worse. This should be designed so as not to detach under such an extreme load. There is comparability when considering the area pre-screen searching of an airport, often referred to as landside, and railway stations. The fact is that both environments are publicly‑accessible spaces where people are able to freely move about. In many instances there is an encouragement to enter, muse and dwell within restaurant and retail opportunities. Such shopping centre use, of what were originally clear open spaces where surveillance opportunities were abundant, create additional burden from a security perspective. As well as the introduction of restricted views, there is the added risk of locations in which to conceal a device. There is the fact that the actual structures can be an issue by adding

Physical security measures introduced as part of ‘Security in Design’ either for new build or retro during refurbishment can be effective in reducing loss of life and casualty numbers to the debris and potentially the weaponry itself. Accordingly, the recommendation is that any retro‑fitted units should be carefully considered with regards location and the design receives the same degree of attention as the new build or refurbished facility. Explosions occurring within railway carriages, due to the close proximity of persons to the device will almost certainly result in a number of deaths and seriously injured. Such incidents as Madrid, London and Brussels have shown that terrorists target in this manner with the consequent success of detonating a device in a very confined space so they are almost always certain of achieving their objective. When a detonation occurs the pressures and forces disrupt and dislodge items which are not designed to resist such an incident. This can be minimised through reducing equipment within the passenger areas, ensuring glass is correctly specified and fixing methods adequate to retain in a secure manner. A SUCCESSFUL PROCESS It is essential to outline a successful process which will ensure that the physical security measures are appropriate, proportionate and critically going to be effective when delivered. Threat Analysis – this is an essential tool to have outlined at the earliest opportunity. Created in conjunction with the security services and taking into consideration the global as well as domestic terrorist threats. Importance of the location and location in relation to other potential targets can influence the perceived threat. Vulnerability – assessing how vulnerable individual sectors within the overall facility and environment may be from a variety of targeting methodologies. Risk – recognition that to carry out reduction or mitigation measures has to be practical and possible. Equally each aspect has a cost and a part of the risk element of the process needs to consider all facets of risk. It is

recommended that the all risks are recorded, regardless as to whether measures are introduced or not, this enable an auditable trail to be maintained should there be any subsequent investigation or inquiry. Assessment – this necessitates involving people knowledgeable of the environment to be engaged in a workshop approach to create a risk register. This should identify sectors within the overall facility and environment which can later be considered for mitigation or enhancement measures. By following what is essentially such a simple process there is a strong likelihood that in the event that an incident were to occur in a well designed, engineered and constructed facility using tested materials casualty numbers would be less than otherwise would be the case. It is the opinion and submission of this article that nobody should be killed or injured as a result of a terrorist detonating a device outside of the area of lethality. This can and will only be achieved if architects and designers receive adequate notice of requirements and are assisted throughout the design process. It should be the collective responsibility of all persons involved in design, not solely of transport facilities, to consider the same approach for all publicly accessible locations. Design should always be aiming to achieve the clear objective that ‘death and casualty numbers are to be minimised’. It cannot be acceptable, when it is known that threats exist and equally risks can be identified, not to design and build facilities to the very highest standards. Stations have a design life expectancy of 120 years. Designing and delivering them right first time will ensure that the objective is achieved from day one when to do so although with a cost to achieve appropriate security this is considerably less than if attempted to accomplish remedially. L FURTHER INFORMATION www.sidos.co.uk

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

Advertisement Feature

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

CYBER SECURITY

HERE, THERE, RANSOMWARE

Resolving modern computer virus infections can be a specialist job, but Simon Vernon, senior cyber consultant at cyber defence specialists e2e-assure Ltd, has some useful advice As a user of the internet you may well have come across websites that contain harmful content, typically when your anti-virus program tells you that it has blocked a threat. The modern home computer system, whether it is your Windows machine, your Apple Mac or your smart phone, contains security systems that help prevent much of the bad traffic getting through and doing any damage. The broadband router and your web browser may also provide further layers of protection for you. The whole of the system, from your Internet Service Provider, through to your home connection and then to your computer, with its anti‑virus software is known as ‘defence in depth’, and most of the time works well. Commercial companies work with very similar systems, but with many more layers of control and analysis. For example, your high street bank will have one of the highest possible levels of threat detection on all of its internet traffic, and will have a dedicated Security Operations Centre (known as a SOC) which deals with all aspects of cyber security, from monitoring traffic that is being sent out over the internet, to diagnosis of potentially hazardous traffic and responding to cyber incidents. These mechanisms are key to making sure that you can safely use your online banking, blissfully unaware of the dedicated hard work that is going on behind the scenes to make the system secure. OUR SECURITY OPERATIONS CENTRE IN FULL OPERATION It is reasonably rare nowadays for an up to date, modern computer to become compromised due to ‘malware’ but the flip side of having modern defensive measures in place is that if anything does get through, it is most likely going to be a quite serious problem. The malware only needs to find one weakness that it can exploit; a missing patch, out of date software or a means of tricking you into running it. One of the latest types of threats is known as ‘ransomware’ and is a particularly unpleasant piece of malware. Ransomware will encrypt or scramble all of the contents of your computer into an unreadable format. All of your photographs, documents, emails and personal information will be made inaccessible. This will include any connected drives and USB sticks. For businesses, a single infection

COUNTER TERROR BUSINESS MAGAZINE | Issue 27

can encrypt all of the networked data. You will then be presented with a screen that demands that you pay £100-£300 or so to get your personal information decoded. Simon Vernon works as a senior cyber consultant monitoring and defending customer networks. He also spends time Sadly, at this point there is nothing you can realistically do as your data is already lost. You may have read elsewhere in the press that ‘some of the code for this ransomware has been decoded...’, but what is often missed out from articles like this is the end of the sentence... ‘by academics at a university, and the method of getting your data back will be so complicated and expensive as to be completely impractical’. Resolving modern computer virus infections can be a specialist job. For the average home user there really is no cure for this type of nasty malware, so the Victorian adage of ‘prevention is better than cure’ has never been so true.

Business users: Ensure all users do not have privileged access to their computers and are given awareness training. Review the access to and permissions of key network drives and data. Block selected attachments that contain macros. Send out test phishing emails to users. Review and test the back-up and restore procedures. Ensure that back-up data cannot be encrypted by ransomware. Create a specific incidence response plan and practice it for this type of threat. Unfortunately, if you have been infected by ransomware, the only thing you can really do is rebuild/reinstall your computer operating systems and load the previously backed up files onto the new system. L

WHAT SHOULD YOU DO? Here’s what you should do to help mitigate any effects and reduce the likelihood of becoming infected by modern ransomware, split into four different categories depending upon your computer knowledge and experience: Beginner: Buy a brand new, high-capacity USB stick from your local store, plug it in to your computer when you want to save a photo or document, and put a copy of them on the USB stick. Then unplug the USB stick and put away in a draw somewhere safe. Do not use this USB stick for any other purpose. Do this regularly and make sure you keep your operating system and antivirus systems as up to date as possible. Think before you click on any website or links in an email. Create a ‘non admin’ user and use that on your computer. Reasonably capable: Use external storage devices as above, and consider using a synchronised online back-up system as offered by many internet-based companies. Experienced: By far the best way of protecting your computer system is to use virtual machines, and limit your external communications to one of these virtual machines which you label as ‘dirty’. Never transfer data from the dirty virtual machine to elsewhere on your system and if you become infected, just throw away the virtual machine and spin up a new one.

e2e-assure has developed an industry leading security monitoring and proactive cyber defence capability to actively defend organisations large and small. There is simply no other supplier on the market with its security credentials and no other supplier with the technology and team to deliver security-as-a-service at the same level. Security depth, quality and service excellence set it apart from the competition.

e2e-assure Ltd is an SME with 20 years’ experience of providing military grade cyber security and specialises in the provision of secure cloud and cyber defence services to government and commercial organisations.

Simon Vernon works as a senior cyber consultant monitoring and defending customer networks. He also spends time analysing malware including ransomware. FURTHER INFORMATION www.e2e-assure.com sales@e2e-assure.com

BUSINESS CONTINUITY

Andrew Scott, of the Business Continuity Institute, analyses how likely it is that your organisation will suffer from a cyber attack and the best ways to combat the danger Cyber security incidents seem to be more commonplace these days. It is rare to open a newspaper, switch on the news, or scroll through your social media timeline, without hearing about some poor unfortunate organisation that has suffered the consequence of such an event. Of course, usually the poor unfortunate organisation is a huge multinational that has invested millions into protecting its IT and the data behind it, so that doesn’t give much hope to the rest of us who don’t have such resources to invest. That being said, it is not always big multinationals. There has recently been a spate of ransomware attacks on hospitals in the US, whereby the hacker encrypts data held within the IT system and only unencrypts it once a ransom has been paid. A ransomware attack creates two hard choices for businesses – either spend multiple days recovering locked files from backups that may not be up-to-date, or pay a ransom to criminals who will then be incentivised to launch further attacks. But these are the high profile incidents, how likely is it that your organisation will suffer from a cyber attack? ARE YOU AT DANGER? In the Business Continuity Institute’s (BCI) recently published Cyber Resilience Report, it was revealed that two-thirds of respondents to a global survey had experienced a cyber security incident during the previous twelve months, and that 15 per cent of respondents had experienced at least ten during that same time period. Phishing and social engineering attacks were the main cause of attack with three-fifths of respondents claiming their organisation had fallen victim to the theft of information by hackers masquerading as a trustworthy source. This was followed by malware (45 per cent), spear phishing attacks (37 per cent), denial of service (24 per cent) and

out-of-date software (21 per cent). It is easy, therefore, to see why cyber attacks are worrying for business continuity professionals, as identified in another piece of research published by the BCI – the annual Horizon Scan Report – which identified that the number one threat to organisations was cyber attack. 85 per cent of respondents to a global survey expressed concern about this type of attack materialising, while 80 per cent expressed concern about the possibility of a data breach. It does not seem to matter the size of the organisation when it comes to cyber attacks. The findings of the Cyber Resilience Report echo those of another study carried out by the Federation of Small Businesses which revealed that two thirds of small to medium sized businesses (SMBs) had also experienced a cyber security incident during the past year. Likelihood may be the same, but what about impact? The main disadvantage that small businesses have is that they are less likely to have the resources or skills required to combat such a threat, and so potentially leave themselves more vulnerable to the consequences of such an incident. It has even been suggested that SMBs are deliberately targeted as they are considered

HOW TO COMBAT THE Figures CYBER THREAT? indicate Very often the intrusion into that the your systems comes down to human error so what cost of average the mo is most important is to severe s t improve user awareness o n breach line security of cyber security. Make e sure that your employees £1.5 mi s range from are able to recognise llion to £3.1 suspicious links, emails or million fo activities and know how to businesr big report it. Make sure they know s’ to use passwords that cannot be

Written by Andrew Scott, senior communications manager, Business Continuity Institute

How to combat the cyber threat

to have weaker security than larger businesses, but then provide a backdoor into those larger businesses. And just because a disruption is in the virtual world, it does not make it less disruptive or less costly than one that occurs in the physical world. UK government figures from the 2015 Information Security Breaches Survey indicated that the average cost of the most severe online security breaches range from £1.5 million to £3.1 million for big business and from £75,000 to £311,000 for SMBs. The good news is that there is something that can be done to protect your organisation from the impact of cyber attacks – invest in business continuity. A study by the Ponemon Institute showed that companies that have predefined Business Continuity Management (BCM) processes in place are able to find and contain data breaches more quickly, discover breaches on average 52 days earlier and contain them 36 days faster than companies without BCM. The Cost of Data Breach Study found that the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of $3.23 million, breaches that were found after the 100 day mark cost over $1 million more on average ($4.38 million).

Cyber Security

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

easily guessed, or aren’t written on a Post-It note next to their computer. Have a robust password policy which requires password changes at regular intervals. Conduct anti-phishing user training – this starts with awareness, but some companies go so far as to send fake phishing emails as training E

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

BUSINESS CONTINUITY  exercises. If the user clicks on the link, they are taken to a short training film. If they report the email to the security team, they receive a congratulatory response. Make sure that you have email filtering and controls – blocking certain types of attachments or file extensions, or not allowing links in emails to open when clicked. Ensure that users know to control all the assets in their possession, and keep them in their possession. Create a bring your own device (BYOD) policy which guards against employees introducing viruses to your network through their own mobile devices. If your systems have become disrupted then you need to assess whether they are completely out of action, and whether they could be replicated elsewhere? If so then make sure that these back up systems aren’t prone to the same attacks as the main system. Conduct regular data back-ups, and segregate them from production data. Many organisations moved away from tape back-ups to mirroring or live replication between production and disaster recovery environments due to availability needs. Organisations should look to increase the separation between those environments through either firewalls, restricted access, additional security scanning, or a type of ‘tape delay’ whereby the data from production is held in a ‘safe mode’ for some period of time. If no IT is available then you do have the capability to operate manually. Like Lincolnshire County Council did when they experienced a ransomware attack last year, get the pens and paper out and use these. Business continuity is not necessarily about working normally during a crisis, it is about working in as normal a way as possible. Whatever the crisis, it is essential to respond swiftly as the longer you delay any action then the more disruptive it could become. Communicate to all your stakeholders what is going on and what you are doing to resolve it. People are a lot more understanding when you’re being transparent and they can see you’re making an effort to sort things out. MANAGING THE THREAT How well would your organisation be able to manage a cyber incident? There are two ways to find out. The first is during a cyber attack, but this is probably a bad time to find out that you have no effective response. The second is during an exercise, so always make sure you exercise your plans. This can be done as a table top exercise where the main players sit round a table and discuss the response. This way is quicker and cheaper, but it may not accurately reflect how you would handle a real incident. You could therefore run a live exercise where an incident is simulated in real time. This would take more time and resources, but would give a more accurate reflection of your response. Disruptive events will always occur, whatever form they may take. By having an effective business continuity programme in place, it should mean that, in the event of an incident, a drama doesn’t turn into a crisis. L

LIGHTEN THE LOAD

Cyber Security

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

When size, weight and performance matter MiniMax 06 Up to 12 power and signal contacts in just 10 mm

New

Single fiber FO1 High optical performance with easy cleaning

New

Andrew Scott is the senior communications manager at the Business Continuity Institute.

Rugged Flash Drive

FURTHER INFORMATION www.thebci.org

Safe storage of sensitive data USB 3.0

New

THE RELIABLE EXPERT

www.ﬁscherconnectors.com

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

PROTECTING YOUR

BUSINESS FROM INSIDER THREAT

Data Security Specialists

CYBER SECURITY

THE UNINTENTIONAL INSIDER THREAT

The real threat and biggest risk to confidential data is the negligent employee, more commonly categorised as the Unintentional Insider Threat. At a recent webinar, organised by ObserveIT, Dr. Eric Cole, former CTO of McAfee and founder of Secure Anchor, implored cyber security professionals to implement an insider threat program, using the foundations of educate, deter, detect and investigate to protect your company from the Unintentional Insider Threat. He said that when the cyber security professional attempts to speak with C-level management about mitigating and even preventing the Insider Threat, the feedback they receive may be along the lines of: ‘Everyone here is happy. We don’t have disgruntled employees, so we don’t have to worry about Insider Threat.’ Perhaps that is true. But, if you turn the conversation on its head and talk about the Insider Threat as unintentional threats; employees who make mistakes, inadvertently causing harm, executives will begin to listen. REPORTS A Verizon 2015 data breach investigation report shows that ‘Insiders’ are responsible for 90 per cent of security incidents and of these, 29 per cent are deliberate and malicious whilst 71 per cent are unintentional, with misuse of systems, log-in/log-out failures with cloud storage leading the way. There is no doubt that organisations that understand, address and focus on minimising

the damage from the Insider Threat are going to be the companies that win. So perhaps now is the time to assess how well your organisation is doing with regard to the issue. One way of doing this is by drawing up a report card with the following headings: policy, procedures, awareness, training, technology, administration and executive support. Against each heading, give yourself an ‘A’ if you are addressing the issue and an ‘F’ if you are ignoring it. This will quickly show you where your greatest risks are. Remember, even if your technologies are not obsolete you will still need to augment your security protocols for Insider Threats and Unintentional Insider Threats. VULNERABILITIES Many people think about Firewalls and other deterrents to keep an outside threat from accessing systems. However, with an ‘Insider’ most vulnerabilities that exist can’t be removed because, of course, you need your employees to be productive and, in order for them to be so, they need access and special permissions to perform their jobs. Having clear visibility into employee actions is critical. For example, what happens when the employee wants to download software, or click on an attachment that will not run unless it runs with an administrative login? Your employee has to assess the threat on their own, even though they may not be qualified to do so. Your user believes the threat to be low, but the cyber security professional knows that this particular risk is high.

SOLUTION One solution is to use an activity-monitoring tool such as that offered by ObserveIT. With this system the employee who is performing a risk assessment ‘on-the-fly’ and chooses to download an attachment they are not supposed to, will be shown a pop-up window. The window will tell them that they are working outside of the established cyber security policies. This simple pop-up can stop employees from being tricked or manipulated. You won’t have users determining what is an acceptable risk, because they will receive a policy notification that they do not have permission to perform a task. In short, employees will learn as they go.

Written by Colin Tankard, Managing Director, Digital Pathways

Traditionally, the term ‘insider threat’ invokes images of malicious employees lurking in the shadows of an office attempting to steal company secrets or bring down the system. The reality is that this form of ‘evil insider’ is infrequent at most companies, with instances of these types of threats occurring once in a ‘blue moon’

Advertisement Feature

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

EDUCATION PROCESS It is an employee education process and the benefits of creating policies to limit Insider Threat attacks are great and include: a steep decline in the number of inappropriate accesses; a reduction in the amount of time spent detecting and investigating incidents; a heightened awareness of security throughout the organisation; or a dramatic shift in the culture of security and compliance. Our experience has shown that as we reduce the number of user errors in handling data it enables the organisation to focus on the real threats such as rouge users. We liken it to reducing the size of the haystack to make finding ‘the pin’ that much easier. ObserveIT enables, through its analytics, to easily see which users are doing ‘risky stuff’, record their actions and block any malicious threats to company data. FOR BETTER OR WORSE? The Insider Threat is not going to get any better nor is it going to go away as an issue. In fact the opposite is true. So now is the time to take steps to limit your company’s risk to Insider Threats whether innocent or not. L FURTHER INFORMATION Colin Tankard Managing Director Digital Pathways T: 0844 586 0040 E: intouch@digitalpathways.co.uk

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

Emergency Services Show

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

EVENT PREVIEW

Bringing the emergency services together All those involved in emergency prevention, response and recovery will be attending the Emergency Services Show. Counter Terror Business reveals what the show will present to the industry The Emergency Services Show will be taking place on 21-22 September at Hall 5 of Birmingham’s NEC. The additional space provided by the move to Hall 5 this year will allow for show to grow and will mean that it can offer visitors more features and seminars during their visit. There will be free seminars available to all visitors covering five main areas. These are: ICT Innovations; PPE; The Learning Zone; Drone Zone; and Home Safety.

Each n atio skills st ide the FINDING THE RIGHT ZONE v Aimed at developing relationships will proity to learn n and partnerships between u t r oppo et hands-on voluntary organisations and g he latest and the bluelight services, with t s, products The Collaboration Zone is a networking focus of the ue techniq echnology show. There will be around 80 companies, government and t bodies, charities and other organisations exhibiting in this area alone, ensuring a wealth of opportunities to share and catch up with new developments. The Drone Zone is the area to meet the suppliers of the latest kit, and learn at the Drone Zone seminars. As well as showcasing drone suppliers, the new Drone Zone will bring together industry specialists and end-users who will be making presentations on UAV technology and sharing their experiences with delegates. The programme includes a presentation on risk management for Remotely Piloted Aircraft Systems (RPAS) and the factors affecting RPAS operational safety in both civil airspace and commercial space. Other sessions will cover privacy, security implications and legislation. Elsewhere, water rescue demonstrations are planned for the Pendigo Lake, adjacent to the outdoor exhibition area outside Hall 5.

HOME SAFETY 2016 This is a new event within The Emergency Services Show looking at new products on the market and the approaches being taken by emergency services to help people live safely in their homes. For the fire and rescue service, the move from response to prevention is nothing new, but one area of safety in the home that fire and rescue services have looked at is the hazards to older people around slips, trips and falls. The impact on an older person of a fall in the home can be substantial and puts pressure on ambulance and other health services, which are already experiencing increasing levels of demand. Anything fire and rescue service staff can do to prevent falls happening in the first place is a real benefit. Fire and rescue services are increasingly working with the NHS through Clinical Commissioning Groups. This partnership working has in part led to the development of the concept of the Safe and Well visit. Much of the work between fire and health is underpinned by data. One new dataset available to fire and rescue services is Exeter Data. The Chief Fire Officers’ Association (CFOA) and NHS England have an information sharing agreement that means that all fire and rescue services can now identify people over 65 who are registered with a GP. The Centre of Excellence for Information Sharing recently published a

COUNTER TERROR BUSINESS MAGAZINE | Issue 27

case study setting out Cheshire Fire and Rescue Service’s ‘Innovative use of the Exeter Health Data’1. It looks at how an organisation can deal with a large quantity of data – in the case of Cheshire, this amounted to 206,000 records. Through a process of strategic intelligence analysis, Cheshire was able to create its own categories of risk using four indices: personal risk, geo‑demographic risk, lone person risk and response risk. As a result it was able to hone in on the data and get that large dataset down to lists closer to 20,000. TRAUMA CARE TRAINING This year’s Emergency Services Show will feature a new CPD-accredited Trauma Care Training & Education Zone. Comprising CPD skills stations for individuals to compete at, and a training suite where teams take part to perform a primary survey under pressure, the interactive zone is open to anyone involved in pre-hospital care, with any skill level. Free to attend CPD skills stations will cover: airway management and ventilation; catastrophic haemorrhage control, explaining how to control a full spectrum of bleeding; splinting and immobilisation, which will take place in a simulated car, looking at pelvic stabilisation; and burns,

Head over heels – the world’s most comfortable FR Balaclava, ever Armadillo Merino® design kick ass socks to protect your feet from the heat of the front line but its latest innovation is more cerebral. The recent focus is on heads over heels to improve head protection by incorporating new yarns and garment features. The new FR Balaclava is unique by combining a superfine FR merino yarn with seamless whole garment technology. The new balaclava draws on Formula One and Special Forces expertise in designing specialist headwear that helps optimise wearer performance when operating in high-risk environments. The balaclava is super-soft next-to-skin without abrasive seams and generates less heat, sweat and smell. Armadillo Merino® designs and manufactures next-to-skin protective clothing specifically to improve the safety of professional operators. These technical garments are constructed for

demanding environments using high performance merino fabrics that deliver superior safety and comfort to wearers by exploiting the unique performance properties of merino fibre. Armadillo Merino® protects professionals around the world including astronauts; special forces; fire; ambulance; search and rescue; and other remarkable professionals that want to work safer, harder, faster, stronger and for longer. FURTHER INFORMATION Tel: +44 (7891) 284224 sales@armadillomerino.com www.armadillomerino.com

Emergency Services Show

examining a wide variety of dressings and techniques to address a full spectrum of burns. Each skills station will provide the opportunity to learn and get hands-on with the latest techniques, products and technology. Registration is for all four skills stations which will be completed in a circuit, lasting 20 minutes on average. Over the two days of the show, teams will compete for prizes in the inaugural Trauma Care Skills Challenge. The scenario-based test will take place in a fully immersive suite featuring world-leading technology with highly realistic, high-fidelity manikins and role models, and will be streamed live to visitors on screens outside the suite. To enter a team for the challenge, delegates must pre-register by 24 July 2016. Successful applicants will be provided with learning materials which they can add to their CPDme portfolios and use to prepare for the potential scenarios in the challenge.

the Pre-Hospital Environment; What’s new in Sepsis?; Trauma in Pregnancy; Positive Mental Health; Emergency Childbirth : Antepartum haemorrhage; Decisions in Trauma Care within the Pre-Hospital Environment; and The hidden killer – sepsis in obstetrics.

FIND A NEW PRODUCT Over 450 exhibiting companies and organisations will be showcasing the latest solutions in communications, emergency medical care, protective clothing and COLLEGE OF PARAMEDICS uniforms, training and outsourcing. The free 30-minute CPD workshops Companies exhibiting vehicles and will be delivered from the expanded vehicle equipment for the ambulance College of Paramedics area on stand sector will include Baus, O+H, Terberg J51, where CPD certificates will be DTS, Cartwright, Volvo, Allied Fleet, issued to all those attending. BMW, Mercedes-Benz and Ferno. Workshops cover: Emergency Childbirth – New exhibitors include Bariquins which ESS16general178x125.qxp_Layout 1 26/05/2016 Page 1its bariatric training Breech Birth; Decisions in Trauma Care within will18:30 be exhibiting

mannequins for the first time in the UK, and Defib Store which manufactures outdoor defibrillator cabinets and works closely with the ambulance services. Private ambulance company Salop Medical Services will also be exhibiting for the first time. Around the show there will be valuable opportunities to network with other blue and amber light services, which are increasingly working together in emergency situations. Over 80 secondary responders, voluntary sector partners and NGOs will feature in The Collaboration Zone. Key associations including BASICS, the Independent Ambulance Association, Association of Air Ambulances and Ambulance Services Institute will all be represented. L FURTHER INFORMATION www.emergencyuk.com

Bringing the Emergency Services together to improve public safety A unique event for everyone who works in the emergency services • Network with like-minded emergency staff

• Gain CPD points from our free College of Paramedics workshops

• Source new kit and save money

• Learn from past emergency situations at the free seminars

• Meet the market leaders in emergency services products

• Get up to speed on UAV technology in the Drone Zone

• Get updated on collaboration and multi-agency plans

• Watch live water rescue demo's

• See the newest products on the market

FREE visitor entry and parking at www.emergencyuk.com

ESS - the only show for the entire spectrum of the Emergency Services www.emergencyuk.com Show supporters and sponsors include COLLEGE OF

paramedics leading the development of the paramedic profession

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

A radically faster solution for video analysis

See it in action at our UK release event at the UK Security Expo 30 Nov â&#x20AC;&#x201C; 1 Dec 2016, Olympia London. SeeQuestor has been developed with leading Law Enforcement Agencies to provide fast and effective post-event analysis, empowering your team to quicklyÂ find persons of interest within thousands of hours of video data. Email us at info@seequestor.com for more details.

WWW.SEEQUESTOR.COM

CHEMICAL ATTACKS

Forensics

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

Written by Peter Bennett, consultant, Covenant

How likely is a chemical attack on the UK? Peter Bennett, from security consultancy Covenant, discusses the possibility of chemical attacks on critical national infrastructure, examining both the short and long-term effects It is more than likely that all countries in the world contain some groups and individuals who harbour a desire to perpetrate an attack against something or somebody. Amongst those people there are some who favour the use of chemicals as a means to inflict harm. So what exactly is the threat? There is inherent threat in much of our daily lives through the activities we undertake, from accidents and disasters, and of course from deliberate acts designed and intended to cause harm. We discuss chemical attacks in terms of a large scale event resulting in a high number of fatalities, numerous injuries and major disruption – in essence the question posed seeks to provide some sort of considered answer to the likelihood of an event like that taking place on our soil. So how do we assess threat? Simply put, a threat must be credible for it to have a chance of materialising. This credibility is driven by three factors: the intent of a threat actor to deliver; the opportunity for that threat to be delivered; and the capability of a threat actor to deliver. If all three factors are present then you can consider the threat to you as credible. ACTING WITH INTENT Intent depends very much upon the beliefs and motivations of the threat actor. Extremist views can be strongly affected by individual and group ideals and perceptions of other external influences. The UK government is attempting to reduce the threat from terrorism in the UK through its counter terrorism programme, referred to as ‘CONTEST’. One of

the strands of this is ‘PREVENT’, which aims to steer those at risk of radicalisation away from joining terrorist organisations – however this programme is largely focused upon Muslim communities. There are those who just won’t be diverted from their particular course and will continue to develop plans regardless. ISIS and other terrorist organisations clearly use the UK foreign policy as one justification for their actions, whilst other attacks have been motivated by different issues, such as the politics of hate. David Copeland, the London ‘Nail Bomber’, harboured neo-Nazi views and in 1999 placed three explosive devices in London, aimed successively at the black community in Electric Avenue, Brixton, the Bangladeshi community in Brick Lane, and the LGBT community at the Admiral Duncan pub, in Soho. He was also exploring a bio development and was trying to produce material in home-made petri dishes. His stated political aim was to instigate a ‘racial war’ and create an upsurge of support for the British National Party. Anders Breivik, who was responsible for the July 2011 attacks in Oslo and Utoya, has been described as extreme right wing

and Islamophobic, yet described himself as a ‘conservative nationalist’. He successfully avoided discovery by the authorities by creating an agricultural business allowing him access to purchase certain materials. He obtained 100kg of chemicals from an internet site and later bought approximately six tonnes of chemicals usually associated with fertiliser. Very recently, Thomas Mair, reported as the person responsible for the murder of Labour MP Jo Cox, gave his name in court as ‘death to traitors, freedom for Britain’. There are suggestions he subscribed to a magazine with pro-apartheid views and was against the expansion of Islam and multi-cultural societies.

A lar scale atge require tack s la amoun ts of m rge aterial and the acq it is during s ui that att sitions stage acke be mos rs can vulnera t ble

WHEN THE OPPORTUNITY ARISES Opportunity varies according to several different factors, but if we look at it simply in terms of ‘are there places where a chemical attack could be deployed?’, then the answer is equally simple. Routine access to public spaces where large numbers of people gather is always going to be possible to some degree, even if there are entry requirements. Potential attackers will assess site attractiveness, the likely impact of their attack and the most effective methodology for the level of opportunity available amongst their planning considerations. E

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

RApID RESpoNSE. pRovEN pERfoRMANCE.

IMASS™, a robust and reliable solution for military and 1st responders n n

Integrated sampling and assessment n Ergonomic design n Low training burden Compact and rugged n No power requirements n Sample retention

Biothreat Detection IMASS™ assesses a single sample against assays for eight Biothreat agents simultaneously with results within 15 minutes. Explosive Detection IMASS™ assesses a single sample against assays for Military grade explosives (TNT/PETN/RDX) and Home Made Explosive components with results within 3 minutes.

Contact: info@bbidetection.com Go to: bbidetection.com

BBI DETECTIoN LISTENS, INNovATES, DELIvERS AND PRoTECTS

MEET uS AT: NDIA Annual CBRN Conference 2nd – 4th August, USA 2016 at booth 22

Part of BBI Group

CHEMICAL ATTACKS  The UK Critical National Infrastructure (CNI) is divided into thirteen activity sectors. The most likely aim of a chemical attack will be to cause mass casualties, but the nature of business activity at many of these CNI sites does not attract large numbers of people, so they are less attractive as a target for a chemical attack. However, with the broad range of activities across the CNI sectors these sites may be considered for other attack methodology, depending upon the attacker’s chosen aims and any perceived or identified site vulnerabilities. It is also significant to look at whether a threat actor has access to sufficient materials and equipment necessary to prepare and deliver an attack of this nature. A large scale attack requires large amounts of materials and it is during the acquisition phase that attackers can be most vulnerable to detection. This can have an impact upon methodology and their perception of likelihood of success, but it also leaves a trail of information for the authorities. This trail has been misunderstood before, with indicators being discovered in a post-incident investigation rather than early enough to disrupt an attack. Anders Breivik is a good example. The German Wings pilot, although not considered a terrorist, is another, as there were several triggers in his behaviour which, if identified sooner, may have averted the crash. CAPABILITY Capability varies enormously between threat actors. Knowledge is key – you have to know what you want to do and how to do it if you require a chance of success. The science of chemical properties, how to produce certain chemicals and information about those materials used as chemical weapons is already available and provided in great detail. Unsurprisingly, the internet provides huge amounts of information to fill knowledge gaps, with a straightforward search able to deliver very detailed information on the range of chemicals, their properties and their availability. Instructions on how to prepare them are widely accessible and the hazards involved widely documented, but that is only part of the picture. Some of the more well‑known chemical weapons, such as Sarin, are dangerous to manufacture safely even in small quantities and a significant level of knowledge and skill would be needed to manage the risks posed in their production. Resources are the next vital element. Small quantities of some highly toxic materials can be produced in a basic chemistry laboratory or illicit kitchen lab set up and the raw materials for many of these are not that difficult to obtain. However, this depends a great deal on the chosen substance, as many of these require precursors or generate by-products which in themselves are highly toxic, flammable and/ or explosive, so they can be just as unpleasant as the final material. This hazard is regularly demonstrated in illicit drugs laboratories

where the participants have managed to blow themselves up or set their rooms alight. ATTACK PLANNING IN TOKYO This is the point where capability becomes a problem for attack planning. As with biological attacks, the intent to attack us is present, the opportunities to do so can be identified, the knowledge required to prepare the chosen materials is also available and the materials themselves can be relatively easy to acquire. However, there are two major hurdles to overcome and it is these two issues which have the greatest effect on the likelihood of a large scale attack being perpetrated and, most importantly, being delivered with a high degree of success. A look at the attacks in Matsumoto and on the Tokyo subway system, perpetrated by the Aum Shinrikyo group in 1994 and 1995, sheds some light on these difficulties. Both of these attacks used Sarin as the weapon of choice. In 1994, in Matsumoto City, Nagano, members of the Aum Shinrikyo group released Sarin gas into the atmosphere in the vicinity of a pond, resulting in the deaths of seven people and leaving 274 others seeking treatment. On 20 March 1995, members of the same group launched an attack on the Tokyo subway system in the early morning rush hour, targeting a number of different rail routes. They used liquid Sarin transported in sachets, which they pierced with sharpened umbrella tips on the floor of the train carriage before making good their escape. The Sarin leaked out and began to evaporate quickly, with rapid effects. Ultimately there were 12 recorded deaths, with over 5,000 people being treated for exposure, some in a critical state, others described as ‘worried well’. In the subsequent investigation it

Forensics

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

was revealed that Aum Shinrikyo had manufactured the Sarin used in the subway attack at their own facility, which comprised a three storey purpose made manufacturing plant, constructed over a period of years at Yamanashi, near Mount Fuji. They also had facilities in several other countries and had been working with Sarin, as well as other harmful agents, for a number of years. The group was well-funded and resourced, with extensive facilities and expertise utilised over a significant period of time. Some time later, a United States sub‑committee estimated that, had the group chosen a more effective delivery method for their Sarin, many thousands, perhaps tens of thousands of people would have been killed. Chemical agents have a toxicity threshold which must be reached before they can have a lethal effect. Obviously this varies according to the agent, but it is without doubt that to achieve this level across a large, public, open area or network can be very challenging. Additionally, dispersal of the agent usually occurs very quickly, so enormous quantities are required to reach lethal dose thresholds over large areas. If your intent is to cause mass casualties then the amount of toxic material required would be very large indeed. Developing a system which will successfully deploy a highly toxic material into a public space or network in sufficient concentration to reach lethal thresholds is also challenging. To release an agent in sufficient quantities to cause mass casualties represents a difficult technical task that requires knowledge and resources but it is achievable. The use of Sarin in Syria has been widely reported, with the use of Chlorine in Iraq and suggestions of Mustard also being deployed there further supporting this. E

If we look at it simply in terms of ‘are there places where a chemical attack could be deployed?’, then the answer is simple. Routine access to public spaces where large numbers of people gather is always going to be possible

Issue 27 | COUNTER TERROR BUSINESS MAGAZINE

Forensics

THE BUSINESS MAGAZINE FOR SECURITY TECHNOLOGY – www.counterterrorbusiness.com

CHEMICAL ATTACKS  LONG-TERM CONSEQUENCES It is worth briefly discussing impact, too. Although a slightly different type of attack, the anthrax letters sent out in September and October 2001 in the United States demonstrate how even a relatively unsuccessful attack in terms of casualties can have significant and long‑lasting consequences. It is believed that about 11 of these letters were sent, although only four were ever recovered, each containing a very small amount of anthrax spores. There were five deaths and at least 17 people treated for effects of anthrax inhalation. The four recovered letters all passed through the postal facility at Hamilton, New Jersey on their way to their ultimate recipients, contaminating that facility as they did so. The clean-up programme that ensued was extensive, with dozens of buildings affected. Brentwood postal facility took 26 months to decontaminate at a cost of $130 million, Hamilton cost $65 million to clean up and was closed until 2005. One FBI estimate put the overall cost at over $1 billion. To this day, people are well aware of postal deliveries containing suspicious white powders, with significant numbers of incidents being reported to authorities year on year. Public fear of being exposed to a harmful substance is a powerful driver in influencing

Chemical agents have a toxicity threshold which must be reached before they can have a lethal effect. To achieve this level across a large, public, open area or network can be very challenging behaviour. Should there be a large scale chemical attack at an iconic location, a popular crowded place or perhaps a large transport hub, there will be an effect upon the willingness of individuals to visit or transit through that location for some time, although eventually that fear will decline. How many will be concerned and for how long is very hard to define. Costs to clean up will be high, that is without doubt. So what of the likelihood then? This question really needs to be clarified. It should ask: ‘How likely is a large scale chemical attack in the UK, and will it be successful in achieving mass casualties?’. Based on available information and the limitations as they are understood right now, the likelihood of there being a large scale chemical attack on the UK can currently be considered as low, but the impact of such an attack would be very high. The likelihood of such an attack resulting in mass casualties is more difficult to assess

as there are many variable factors to be applied. Much of the effect of a released agent is dependent upon where it is released and the weather conditions prevailing there at the time. Public reaction to it is also relevant, as it is probable that injuries and evenfatalities could occur as large numbers of people rush to escape a threat, even if they are not actually affected by the agent itself. Our emergency response is important too. Ongoing efforts to improve and refine emergency response capabilities, supported by continued public awareness, industry compliance and collaboration, academic engagement and a host of other initiatives all add value to our resilience and the level of deterrence we present. Complementing and integrating those with proportionate security regimes and sensible, effective regulatory controls is key to keeping the threat and likelihood as low as we can. L FURTHER INFORMATION www.covsec.co.uk

Recognize AND Analyze Is he a known suspect? How old is he? When, where did she enter? Is she an employee?

Premier face recognition technology for real-time video screening and anonymous people analytics www.cognitec.com • info@cognitec.com

COUNTER TERROR BUSINESS MAGAZINE | Issue 27

Is she authorized to enter this zone? How often was she here this week? Is it too crowded in this area?

NUCLEAR WEAPONS

NEWS IN BRIEF

MPs vote to renew Trident weapons system