Counter Terror Business - Communications & CNI

Managing massive mission critical video for first responders

Polly Jones — Thu, 09 Jan 2025 16:00:15 +0000

^{Image credit: Modirum Platforms}

Video is one of the most promising and versatile technologies for improving operational efficiency and effectiveness for first responders. Video is now widely considered as a significant capability to improve safety, coordination, collaboration, and quality decision-making, particularly during high stakes, end-user operational scenarios.

A new white paper from TCCA explores what public safety agencies and operators need to consider to successfully deploy video services supporting mission-critical operations, especially where the scale of its usage is considered ‘massive’. This term describes situations where the amount of video could potentially saturate network resources, if not appropriately managed. The overall objective is to ensure that first responders and public safety agencies (and by implication other critical communication sectors) can use video effectively and for operational benefit.

Identifying the key questions and challenges posed by mass use of video was achieved by surveying representatives from government agencies and the critical communications industry. The most frequent key challenges related to: (i) being able to set priorities and maintain control over the video flows, (ii) ensuring seamless communications across different systems, and (iii) avoiding network flooding due to excessive video traffic.

Key use cases representing different categories of operations are documented, i.e. day-to-day routine operations, pre-planned events, and major incidents. When analysing these use cases, identifying video producers and consumers is fundamental to understanding the overall problem domain, and those identified include actors such as first responders, officers, dispatchers, operators, government agencies, and other stakeholders.

"This white paper was created by a task force that gathered together the views from a cross-section of experts from the user community, government agencies, commercial operators, industry vendors and partner associations. The findings offer a new perspective on our understanding of how video is currently used and expected to evolve,” said Jason Johur, TCCA Board member, vice-chair of TCCA’s Broadband Industry Group and a member of the white paper task force.

“The paper provides insights from user community early adopters and the opportunities and challenges involved in the operational use of massive mission critical video, as well as what is likely to be demanded from the technologies involved, and the networks and services that will ultimately deliver them.”

Using video requires some forward planning and appropriate design of the network platforms to be used, especially in the case of massive video use situations. The white paper provides a set of recommendations intended for public safety agencies, network operators and solution providers/developers. It provides initial guidance for the successful use of massive mission-critical video, ensuring solutions can meet mission-critical operational needs.

The white paper ‘Guidance for the successful usage of Massive Mission Critical Video’ can be downloaded from here.

The main points will be covered in a webinar Guidance for the successful usage of Massive Mission Critical Video on 21 January at 14.00 GMT – please register here to join.

About TCCA
On behalf of its members, TCCA supports all standard mobile critical communications technologies and complementary applications. Our members are drawn from end users, operators and industry across the globe. We believe in and promote the principle of open and competitive markets worldwide through the use of open standards and harmonised spectrum. We drive the development of common global mobile standards for critical broadband and maintain and enhance the TETRA Professional Mobile Radio (PMR) standard. TCCA is the 3GPP Market Representation Partner for critical communications and our members actively contribute in 3GPP working groups. TCCA supports the ETSI MCX Plugtests™, and is a member of the MCS-TaaSting project.

To find out more, please visit https://www.tcca.info/ and https://www.critical-communications- world.com/

Organised crime and critical national infrastructure

Robyn Quick — Tue, 20 Aug 2024 11:18:30 +0000

Communications & CNI

Michael Kolatchev and Lina Kolesnikova investigate the threat that organised crime poses to critical national infrastructure.

Last April, Karim Bouyakhrichan (alias Taxi), the “most wanted and dangerous criminal in the Netherlands”, was released by order of the Provincial Court of Málaga without the High Court activating an arrest warrant to extradite him. He’s known as one of the top capos of the Mocro mafia, a Dutch-Moroccan criminal network based in the Netherlands and Belgium, which has defied the state with threats to Princess Amalia, Prime Minister Rutte and some Belgian officials.

The Mocro mafia is one of Europe’s largest cocaine trafficking cartels, and is believed to have smuggled billions of Euros worth of drugs from South America into the EU through the Belgian and Dutch ports of Antwerp and Rotterdam over the past 15 years.

The level of infiltration and the operations of cartels at these ports appear, nowadays, to be beyond the capacity of authorities to control them. The scale and audacity of their operations pushed the mayors of Amsterdam and Rotterdam to warn of a “culture of crime and violence that is gradually acquiring Italian traits”. The buzzwords ‘narco state’ or ‘narco state 2.0’ filled the headlines in Dutch, Belgian and international mass media.

Organised crime groups – we are in business to be successful, not to be loved

Digital revolution, technological advances, globalisation, corruption and connection to governmental institutions opened new avenues for organised crime. Organised crime groups are always looking for opportunities to infiltrate into the legal economy (investments, public procurement etc).

We talk a lot about the risk of criminal activities to critical national infrastructure (CNI), typically, assuming threats come from outside of CNI. In recent years we have witnessed an increase in organised crime networks considering CNI as a means of use and mis-use of convenient, publicly available legitimate infrastructures to their benefit.

Sectors of CNI such as transportation (airports, ports, railway and road transport); the financial sector, telecommunications, government facilities (e-government), and security are becoming very attractive for local and international criminal groups.

Let us consider any organised crime group as a sort of an enterprise, which must be profitable. When we identify the needs and related capabilities of such an “enterprise”, we can map it into CNI to get some examples of what such entities would want to use and, potentially, to control.

Without trying to be exhaustive, there are several things an enterprise may need.

Internal operations - making up a product or a service to sell. This might be a real product (e.g. drugs or raw materials, arms and munitions, illegal content), material appropriated from someone else (e.g. a stolen piece of art or personal data), or a service of advice or facilitation of something (e.g. money laundering, fraud-oriented call centres or dispute resolution in the style of legitimate world’ arbitration arrangements).

In terms of internal operations, they may also need storage, distribution and logistics (physical/electronic or both); personnel and HR service; finance and accounting, the ability to disburse funds for internal purposes; security, risk and compliance; and internal management and operational systems.

They may also need external operations towards customers: sales channels, agents and partners; marketing, prospecting, and, ultimately, a customer service, including communication channels and the ability to collect funds. This also includes supply management and communication channels, and the ability to transfer funds as payment to suppliers.

Just like any enterprise, a criminal group would want to control its existing market, while looking for opportunities to enter other market(s). If we consider illegitimate activities as underground business, then, more often, such underground business directly or, rather, indirectly, will give rise to something pushing through to the legitimate side. The “upper world” activity is usually less risky compared to the underground activity. Communication, services and money flows between underground and above ground worlds should be assured.

Mapping enterprise needs to CNI

The next step is to see which needs of an enterprise could raise interest in particular CNI. A smaller enterprise may operate independently of critical infrastructures or almost independently. But the larger ones will not.

Let us consider the production activities which would typically need energy. Small remote locations can be served by local energy production. However, as an enterprise scales, local energy production might be far less cost-efficient than possible alternatives.

Cutting into existing gas pipelines or electrical grids gives access to a significantly higher supply at a significantly lower cost, especially, if such cutting in is hidden and the energy is stolen (taken free of charge). For the best efficiency and longer operation, an enterprise will want to achieve a higher degree of resilience by, potentially, building in some sort of redundancy in their access to these critical infrastructures, on one side, while having the ability to monitor, if not control.

Personnel of an enterprise, its customers and suppliers may use proprietary, fully controlled radio systems for communication. For scaling and international operations, an enterprise could even dream of building its own satellite communication platform, but that is going to be expensive and hardly cost-efficient, and, surely, a degree of resilience of such infrastructure will be limited. Here again, telecommunications infrastructure of the legitimate world brings a benefit of scale and the existing inter-connectivity across cities, countries and continents, giving the ability to reach both suppliers and customers wherever they need to.

An enterprise would build its own communication overlay or, and it happens all the time, misuse an existing legitimate overlay for its purposes (e.g. web and dark web, social networks and messengers). Just like in the case of energy infrastructures, an enterprise will look for possibilities to control or, at least, monitor and play out investigations or activities which might disrupt their communications. An interesting example would be fraud-oriented call centres that might appear legitimate businesses in their home countries as they do not commit crime against their own citizens. Manipulating calling numbers brings a benefit of hiding the cross-country nature of calls.

Victims then perceive attackers as calling locally, while they are not. Latency in identifying and reaching the source through two often significantly different legal systems make catching a calling fraudster very lengthy and costly process for any authority. There could be a political reluctance of such investigations etc. Thus, many such operations keep operating as dismantling them is too difficult, for as long as there is no close cooperation between two countries.

Beyond producing something and communicating, an enterprise will need to pay its suppliers and will need to get paid by its clients. Carrying a huge bulk of cash might still be possible, but this has serious costs and risks attached. Using modern financial infrastructures brings unprecedented advantages, with even instant transfer available in many countries, as well as simple international transfers. Keeping in mind that an enterprise usually needs funds in the legitimate world as well, the money launderers come in handy, facilitating untraceable or almost untraceable transfers from the underworld to the upper world, and vice versa.

UNODC estimates between two and 5 per cent of the global GDP is laundered each year. That’s between EUR 715 billion and 1.87 trillion. Risk and compliance requirements keep growing. Consequently, money launderers need more insight into financial infrastructures and associated legal disclosure and/or non-disclosure regimes to keep making money from money. One of the particularities is the risk and fraud monitoring capabilities. There is an ever-growing number of electronic payments, faster and immediate payments, in particular, there is an important dilemma of “block a payment and then investigate” versus “allow a payment and then investigate”.

One can expect that monitoring policies will shift more to blocking decisions, as with the proliferation of instant payments, even one second after the initial payment could be too late to remediate, funds will already be transferred somewhere else. Like in many other domains, shrinking time windows for risk decisions demand more and more automation of such decisions. Such automation runs a serious risk and, once there, infrastructure operators will have no other means to react.

That means such automation cannot be switched off anymore even if found faulty, as there might be no adequate compensatory mechanisms in place. Consequently, automation might be manipulated and mis-used to achieve specific objectives of those manipulating.

In the modern digitalised world, more and more data is collected in centralised databases, for example, government databases and the ones of large financial and infrastructural institutions. Such huge databases really are attractive targets as data is the new oil. Apart from selling data itself, access to it can bring improvements in various people and activities monitoring, for example, segmenting attack targets (victims) or closing on potential clients.

Apart from individual infrastructures, enterprises might make use of combining their access to several infrastructures at once. For example, e-government infrastructures often come with the ability to make instant electronic deals like selling a house or taking credit. Hack into e-government infrastructure and an enterprise could sell multiple houses or take out loans without the need to spend time and effort on tricking owners into such deals.

Another example would be stealing from someone’s account. In more advanced countries, financial institutions would notify their clients of any operations on their accounts by sending an SMS or a push notification to a mobile app. Intercepting, diverting or somehow manipulating such messages on telecommunications or other infrastructures, can assure a longer period for criminals achieving their objectives like emptying out a bank account.

A similar situation with breaking into information technology systems may permit working around customer authentication, which often relies on one-time access codes being pushed through as SMS, mobile app notification or an email, over telecommunication networks.

Organised crime groups have long focused on speeding up the transportation (logistics) of people, drugs and other illicit goods by using ships, containers or aircrafts and have been able to transport even larger amounts across the globe. There are determinants other than just passenger and trade volume, such as low risk of interdiction, shifts in criminal markets and the specific geolocation of transporatation hubs and nodes that enable criminal actors to exploit the “transportation business”.

Ports are part of national and international critical infrastructure. Some of them are enormous entities and, as they have restricted access, present parts of cities which are fertile ground for their “own” hidden activities.

But we have to consider that some ports ARE places of crime with a high level of infiltration by organised crime groups. Even more – ports have become one of the most valuable parts of complicated criminal schemes with billions at stake. Europe’s biggest ports – Antwerp, Rotterdam, Hamburg and Le Havre have become the El Dorado for drugs traffickers and contrabandists and, consequently, have contributed to the skyrocketing increase of drugs consumption, drugs-related crimes and urban violence in Europe.

(Almost) any good infrastructure is attractive

In the past, criminal enterprises used to create their own infrastructures to be independent from the legitimate world.

Nowadays, adequate service offerings are very costly and time-consuming to achieve, necessary infrastructures could be too large to be hidden. Therefore, criminals do not have an interest anymore in creating their own critical infrastructures. Instead, those legitimate critical (and non-critical) infrastructures which bring modern services, whatever the domain is, will be used more and more by criminals, leading to criminals needing a foot in such infrastructure, having influence, building a purposefully tailored overlay and even controlling position.

Current threats to critical communications

Robyn Quick — Wed, 01 May 2024 15:28:53 +0000

Communications & CNI

Ken Rehbehn, principal analyst at CritComm Insights and representative of TCCA (The Critical Communications Association) investigates the different threats to the physical and digital aspects of critical communications.

Current threats to critical communications

Robust and reliable wireless critical communications networks are essential for a healthy and safe society. As vital underpinnings of a community, these networks must be protected from a wide range of threats that menace public safety operations. Peril comes from challenges to physical infrastructure, digital assets, and radio transmissions. But the good news is that multi-layered resilience can mitigate these current threats.

Physical infrastructure challenges

Critical communications wireless transmissions require physical tower sites supported by power and links to the network core. Because these physical assets must be distributed across the coverage region, the sites may be vulnerable to damage from natural or criminal events.

Traditional government-operated transmission sites are hardened, which means they are designed to meet stringent requirements for physical security, power resilience, and backhaul redundancy. In this model, site access is protected with multiple layers of physical barriers and intrusion monitoring.

Hardening also includes solutions for long-term power redundancy, including a combination of battery capacity for rapid power failover and a local generator set fuelled with multiple days of fuel. Plans for fuel resupply must consider the possibility of a transportation grid collapse following a wide-area natural disaster.

Ultimately, it may be necessary to airlift supplemental fuel.

The last dimension of hardening involves the backhaul connectivity that links a transmission site to other sites and the network core. Fibre connectivity must be carefully designed to ensure true route diversity that ensures multiple independent paths.

The type of fibre or microwave route must also be considered. Fibre mounted to poles is at risk of sabotage, wind damage, or fire damage. Microwaves may be subject to wind damage or the loss of relay points.

In contrast to government networks, the approach to hardening infrastructure deployed by mobile network operators is sensitive to cost and, consequently, less demanding. Cellular service economics relies upon high capacity in the cell sector, resulting in lower transmission power and extensive frequency reuse. These characteristics mean the cell system base station grid is far denser than a government Professional Mobile Radio (PMR) network.
With the need to host many more sites, the mobile network operator has a reduced expectation for site hardening. Site access may be prevented by something as simple as a lock on a cabinet door. Incidents of attacks on 5G antenna sites by citizens fearful of radiation included the burning of 5G transmission antennas in the UK. Likewise, power resilience on cell sites is typically designed for hours of backup instead of days. A single strand of fibre may be all that is available for a link to the core network.
Nations that plan to move push-to-talk group voice communications from PMR networks to a mobile network must establish plans for both transient and long-term failures of the cell network.

Following a massive natural disaster, recovery of the mobile network will be an extended process compared to recovery for a PMR network. Deployable cell sites help speed the process, but those deployable sites are subject to the same low power and poor spectrum propagation as standard fixed cell sites. The deployable cell site coverage can be very spotty.

The soft digital underbelly

Modern critical communications are marvels of software innovation. But that achievement brings complexity, expanding the threat vectors for digital attack or human failings.

Cyber attacks on communications infrastructure can capture sensitive information or disrupt traffic. The good news is that PMR and mobile networks are designed with extensive protection against cyber attacks. Unlike typical enterprise networks subject to ransomware attacks, core communications network elements are based on UNIX and are isolated from general internet traffic by security gateways.

Unfortunately, the complexity of cellular networks has resulted in a pattern of incidents triggered by human error. Errors in IP route reachability with the BGP protocol crippled a top-tier Canadian mobile network in 2021. The AT&T mobile cellular network supporting FirstNet failed due to an error while expanding the network in 2024.
Attacks on the digital infrastructure also include the disruption of GPS/GNSS time signals. Accurate time signals are required for synchronising cellular handsets and the network. Because these time signals arrive from the satellite constellations at very low power, a local jamming source can easily overwhelm the space-based signal. Coping with failure

From an operational perspective, we must assume that critical communications will fail. The failure may be trivial and local, such as a fibre cut, or complex and national, as with a mobile core network configuration error. Though not frequent, these failures occur often enough to make resilience planning an essential element of any critical communications design.

The acronym PACE is a valuable framework for addressing resilience: primary, alternate, contingency, and emergency. Primary is the standard day-to-day communications channel. If the primary channel fails, an independent alternate link is required.

A backstop contingency mechanism must be identified in the unlikely event that both the primary and alternate fail. Finally, an emergency approach must be identified in case none of the other routes are available, and an urgent message must be relayed.

Providing these multiple layers of resilience requires planning and investment. Regrettably, many critical communications deployments fail to support a complete PACE plan due to cost or lack of vision.

Enter the vehicle as a node resilience concept

One of the most promising approaches to multi-layer resilience emerged in Australia following the catastrophic 2019 bushfires in New South Wales. In response, the New South Wales Fire and Rescue Service designed a vehicle node that combines P25 PMR connectivity, an LTE alternative, and a GEO satellite contingency. This Vehicle-as-a-Node (VaaN) solution is being deployed across their fleet.

In the New South Wales approach, a fire appliance communicates with the control room over P25 voice communication when within range of a P25 tower. If the tower is out of service or beyond range, the vehicle’s P25 radio switches to a P25 over IP using an ethernet link. A vehicle router forwards the IP traffic to a cloud-based gateway.

With no LTE signal, the vehicle router forwards the IP traffic over a low-speed satellite connection.

Central Pierce Fire and Rescue in Washington State, USA, is implementing a reduced approach to VaaN. In this approach, a primary communications channel is LTE-based push-to-talk over cellular (PTToC) combined with an LEO-based satellite alternative.
The primary benefit of the VaaN approach is that each individual network option can be less than perfect. The combination of alternatives boosts the resilience to levels far higher than can be achieved with a single super-hardened network.

An additional benefit is that the VaaN concept can be further extended with ad-hoc mesh network connectivity to link teams that travel on foot from the vehicle in isolated regions. The resulting communications deliver high-quality, resilient communications supporting situational awareness, command, and control. Benefit from the wisdom of the crowd TCCA’s Critical Communications World 2024 brings together the top experts on critical communications from around the globe.

Ministerial officials and industry innovators will gather to discuss the latest approaches for resilient, high-performance critical communications. The conference and exhibition provide a valuable opportunity for local and national officials to hone the expertise needed to meet the critical communications mission.

Critical Communications World takes place from 14-16 May 2024 in Dubai. Moving forward with mission critical services certification The Global Certification Forum (GCF) is working together with TCCA to develop an industry certification program for mission critical products and solutions where conformance to 3GPP standards will be checked and verified and thus ensure interoperability between different solution providers.
The work on establishing this certification program will progress at a dedicated workshop on May 17, following Critical Communications World.

This workshop, the third in the series, will aim to gather input to the future development of the MCX certification programme, and will provide an opportunity to hear from local stakeholders to understand regional requirements and ensure alignment with industry.

The workshop is open to all GCF and TCCA members, and to non-members subject to approval.

CritComm Insights is a member of TCCA.

Emerging threats to critical infrastructure

Robyn Quick — Tue, 13 Feb 2024 16:30:23 +0000

Communications & CNI

Michael Kolatchev, principal consultant at Rossnova Solutions and Lina Kolesnikova, consultant at Rossnova Solutions, investigate potential threats to critical infrastructure.

Critical infrastructures are complex, interconnected systems and operations that are subject to a wide range of hazards and threats. Disruptions to critical infrastructure can affect or even jeopardise delivery of essential services. Threats, when realised, may lead to severe social effects, negative economic consequences, and human casualties. The risk to critical infrastructure is increasing as new threats emerge.

Threat is more vaguely defined compared to a hazard, and that makes it more suitable for categorisation and analysis. Without attempting a scientific definition here, one can think of a threat as a danger. There are general threats (amount of danger) and specific threats.

Categorisation of threats

To permit a generalised and consistent analysis of critical infrastructure, it is important to build a generalised catalogue of threats, which can then be uniformly used. Using the catalogue permits comprehensible analysis.

Attempts at creating catalogues often occur within specific industries, and rarely span beyond one or two industries. These attempts often fall short of ambition to go beyond one restrictively defined scope. Among the more advanced, while restricted, one may notice the IT domain, and more broadly, Information Security, which has, among others, catalogues of threats like ISO 27001 or NIST MTC, specific threats (due to vulnerabilities) like CVE as well as catalogues of controls aiming to protect against threats and risks like ISO standard and NIST 800-53. When going about categorisation of threats across various CIs, we should stay at high level, summarising threats into broad categories.

Below are some of the more prominent categories, which now demand higher attention.

Threat categories

Geopolitics

This topic plays a particuarly crucial role. Tensions between countries and/or regions, strategic competitions, state rivalries - all these might challenge critical infrastructure. Threats are related to both supply and demand dependences in fossil fuels, particularly raw or processed materials, food, workforce, technologies, data, etc.

Meanwhile, in the interconnected world, critical infrastructures are not passive sites to be used in the service anymore but can themselves be used to project someone’s power if getting blocked or challenged in some ways. The term infrastructural geopolitics came into life in 2020.

Technological developments in recent decades have brought forward something that did not really exist before - the geopolitics of technology. It is all about the role of Big Tech companies in the modern world, their technological superiority and control over products, and more importantly about their knowledge, expertise and very ability to produce and maintain such products (let alone capability to further develop them). Many technological products crossed borders and their owners (mainly, private businesses) are now setting rules.

This brings multiple types of new threats. Associated commercial threats are being gradually addressed, though slowly, by antitrust (anti-monopoly) laws of different countries. However, private control of international technology services and platforms, means private individuals in boards of these businesses make decisions. International payment industry with SWIFT, Visa and Mastercard, and a few key payment backbones, can be an example, where arbitrary decisions apply. Top international social networks represent another obvious example, where so-called rules and policies are often vague and are applied arbitrarily.

As well as arbitrarily applying “private” decisions and arbitrary rules, such businesses might also be forced by their national governments to do things which become realised threats to other countries. Growing understanding of this situation, e.g. US control of key payment industries, leads to growing discussions on technological and digital sovereignty. In payments, more countries are now looking at setting payment chains in such way that their intra-national markets are less impacted by eventual foreign decisions. It is possible that we will see a return of “national” and, possibly, arrival of new “regional” or “group” infrastructures, or, at least, the arrival of less-dependent alternatives more equally accommodating the needs of their different stakeholders.

Electronics, another example, depends on chips. The most powerful modern chips are expensive to design and to produce with quality. This requires years and decades of expertise which is scarce. Very few producers in the world hold leading positions. Among them are ARM (UK) in design and ASML (The Netherlands) in production of advanced manufacturing equipment. ASML is particularly important as it seems to be holding the hand on production of the most advanced EUV (extreme ultraviolet lithography) manufacturing equipment. Other important players are from Japan, South Korea, Taiwan and China. The latter is an example where the threat of geopolitics of technology is being realised – i.e. China is denied access to the latest technology and, it seems, decided to invest massively in their own technology. Geopolitics clearly shaped the set objectives to “re-shore” more components of chip production supply chains – both in the US (CHIPS for America and FABS Acts bring previously missing subsidies, due to threat assessment) and in China (due to sanctions). One thing is clear – geopolitics of technologies is now one of the major considerations.

Privately made decisions by technology-holders, and geopolitically funded supply chain changes, are big threats. Transnational deployment of technologies highlights another group of threats; in the “ownership” and “applicable governance” area as well. Submarine cables are part of critical infrastructure and depend a lot on geopolitics. Even though each cable has its owner, most critical inter-continental cables themselves lay on the ocean’s floor, the “no man’s land”. Technically, they are open to anyone’s physical access, even though, very few countries in the world currently have the capability to reach them. Given the growing criticality of the internet and capabilities built upon it, and telecommunication in general, such cables give rise to important threats spanning beyond its immediate critical infrastructure.

There are obvious and non-obvious dependencies in supply chains (in both, “physical” and “digital”). Covid has shown some of them, especially, in transportation and healthcare. All of a sudden, previously healthy supplies of basic healthcare materials (masks, etc.) got strongly disturbed. So much of the material was manufactured abroad (e.g. in China) that world transportation problems had an immediate negative effect, sometimes leading to bitter rivalries for supplies even between otherwise friendly states. Japan’s decision to dump radioactive water into the Pacific Ocean is a more recent example. Fishing and sea product delivery (in the East), almost overnight, got disturbed as some countries banned or introduced stricter controls on Japanese supplies.

Outsourcing is another dependency which has grown a lot in past decades. Outsourcing is an approach used in many industries. Foreign companies delivering outsourced services are subject to their own rules and national regulations (and, of course, geopolitics). If significant changes should happen there within short periods of time, companies within critical infrastructure might become lacking in some of their critical capabilities. As a result, regular “third party security” considerations might need to be expanded.

Natural hazards

Natural hazards (earthquakes, flooding, fires, space weather…) and climate change are expected to heavily affect infrastructure through heatwaves, floods and droughts. According to the EU Joint Research Center, annual damage to Europe’s critical infrastructure could increase ten-fold by the end of the century under business-as-usual scenarios due to climate change alone, from the current EUR 3.4 billion to EUR 34 billion. The transport and energy sectors are expected to suffer the highest losses to climate-induced disruption.

Ownership and control

Change of control and ownership elements. Most critical infrastrucutres are in private ownership and/or part of big entities. They could have complex structures, affiliation, HQs in other countries. More and more states and critical infrastructure increasingly depend on infrastructure and assets that are partially or completely located outside their jurisdiction and over which they have little or no control. For example, financial institutions often use outsourcing of data processing services and customer services to companies abroad. Those companies may experience change of control, and new owners might event be from yet another country, with another set of policies and geopolitical objectives. How could one continue to ensure threat control? Privatisation and nationalisation add to it.

One may rely on certain existent infrastructures but what would happen, and would infrastructures remain reliable if certain state-owned infrastructures become privately owned, where owners might decide differently due to their commercial or personal interests, or may impose their own rules? The same comes with nationalisation, where currently “open-to-all” capabilities might become unavailable to some players outside of national borders due to local political or geopolitical decisions. Accessibility of services and systems will see new threats too, in particular, new threat scenarios.

Forced delivery failure by globalised infrastructures, brings forward fragmentation. In turn, this may lead to incompatibility, beyond purely technical terms. Rules associated with accessibility and the use of such services and systems might become contradictory, for example, rules associated with certain services versus national regulations. Industries dependent on such services and systems need to re-visit their threat scenarios. If the fragmentation trend is not reversed, and, there are no signs that it can be reversed at this stage, related existing and new threats will grow in importance, due to the spreading lack of interoperability and further path to a failure of standardisation. Fewer global standards could be then reached, again fuelling fragmentation.

Unpredictable events

Black Swans, unforeseen events of massive scale which are hard to predict. By definition, such events can be geopolitical, economic or something else by nature. It is not necessarily a totally new category of threats, as such. But, at least, re-assessment of threats and re-visiting assumptions is a critical task to carry out. We all witness “unthinkable” things becoming perfectly real. Previously respectful and reliable partners might become totally unreliable or unwanted within hours or days. Threats associated with manmade catastrophes are there too. In the past, this would be primarily linked to bugs and faults in systems.

Nowadays, new threats need to be considered due to overreliance on automation, proliferation of the AI-powered solutions and approaches, growing issues and maintenance costs.

For example, AI is a hot topic. Imagine, AI might be considered as an “algorithm” defining how a system can build and continuously modify its decision algorithms. This might mean that no one would know the decision algorithm of an AI-powered system at any future moment in time. If so, what will you test your system against? Consider a shift from any deterministic logic to measuring acceptability of outcomes and input-fuzzing; a “what” without “how”.

Organised crime

The risk of criminal activities to critical infrastructure used to assume threats come from outside. Nowadays, some critical infrastructures (ports and airports, for example) ARE the places of crime with high infiltration by organised crime groups.

Ports have become one of the most valuable parts of complicated criminal schemes with billions at stake. The largest ports like Antwerp, Rotterdam, Hamburg or La Havre have become the El Dorado for drugs traffickers and contrabandists and, consequently, contribute to the skyrocketing increase of drugs consumption, drugs-related crimes and urban violence in Europe. Activism Political and social activism with potential sabotage of activities by trade unions, eco or anti-capitalist movements or others can be both physical and cyber in nature and cause significant service disruptions.

Changes of human behaviour, autochthonous and allochthonous - this might be changing working attitudes, especially, in the forthcoming generations, with such things as a no night-shifts attitude, home- and tele-working, or cultural attitudes. Apart from the obvious effects, there might be some less obvious.

Skills

Loss of expertise, skills. Long-term failures in school curriculums, and in general, changing societal attitudes, has led to a decrease of graduates in particular domains. And, often, these are critical domains on which critical infrastructures depend.

For example, nuclear energy and some other critical infrastructures with lack of fresh “national” skills and expertise, which might lead to either decline in such industries, or necessity to open such critical infrastructures to external foreign workforce. Without even mentioning “old and evolving” threats such as terrorist and cyber-attacks, the unlawful use of drones, hybrid threats and so on, we are witnessing a growing number of emerging threats. With changes and conflicting agendas at many levels, different international and national decisions, the unthinkable becomes real.

Fragmentation, potential failures in interoperability and standardisation, due to global lack of trust; human behaviour, who needs “the job” the most, ultimately, – a company or a worker? One can go on and on...

What are the threats to critical comms?

Robyn Quick — Mon, 12 Feb 2024 17:22:58 +0000

Communications & CNI

In the most recent risk register published by the UK government, when grouped together with cyber attacks on infrastructure, a cyber attack on telecommunications systems was given a 5-25 per cent likelihood rating Telecommunications makes up part of the communications critical national infrastructure sector and includes fixed line communications and mobile communications, as well as internet infrastructure.

The risk register considers them a valuable target for cyber criminals, and as such it is important to build security and resilience capabilities. It is the communication providers who are responsible for assessing risks and then taking the appropriate measures to ensure the security and resilience of the networks.

The Telecommunications (Security) Act was introduced in 2021, which sets out requirements for providers. In the scenario imagined by the risk register, a cyber attack against a major telecoms provider would affect millions of customers – including customers on other networks that connect or route through the impacted network. It could also impact services provided by other CNI sectors.

It could also mean that customers are unable to call the emergency services. It is anticipated that disruption could last for up to 72 hours, but could last weeks or even months. It could be difficult to identify the attacker – whether state threat, cybercriminal or hacktivist – and the cause and extent may not be immediately known. Some state actors have already displayed the capabilities needed to attack telecoms networks. It is hard to predict how an attack such as this would unravel, without having specific intel. Since a major cyberattack on the telecommunications system has not yet taken place on a large scale in the UK, the potential variations in terms of attack vector and scale and the services and sectors impacted are hard to estimate. The impact of a physical attack on infrastructure should also be considered.

The risk register highlights the possibility of damage to transatlantic telecommunications cables. Damage to these cables, which carry large volumes of data which facilitate telephone communications and internet access, would cause widespread disruption across the UK and elsewhere. The risk register points out that the system is generally resilient, so the likelihood of a total loss of transatlantic telecommunications is unlikely. The risk register considers as a worst-case scenario that transatlantic subsea fibre optic cables would be damaged over a period of several hours and would therefore be inoperable. This would lead to considerable disruption to the internet and essential services which rely on offshore providers of data services. Repair for damage of this scale would take several months.

A physical attack on infrastructure should not be considered unheard of or impossible. At the end of last year, a man was convicted of planning an attack on vital national infrastructure. Oliver Lewin was convicted of planning a terrorist attack by performing reconnaissance, purchasing equipment and tools and seeking to recruit like-minded individuals to help him, with vital national infrastructure, including communications masts, being the main targets of his planned attacks. He was found guilty of preparing acts of terrorism at Birmingham Crown Court on 19 December 2022. The 38-year-old’s main targets were major communications infrastructure. In a notebook, he had written a target list, which included: “Media, Transport, Infrastructure, Power, Comms, Roads & Rail”. He had drafted a document entitled “Civilian Resistance Operations Manual”, which was recovered from his laptop. The manual encouraged the reader to join the cause and commit attacks: “For now there are several things that we can collectively do to cause significant damage to the country and send a message that we are serious in our mission”.

The investigation found that Lewin had collected a large amount of military-style equipment and tools, whilst also being in possession of three air rifles. In a telegram group, which he joined in July 2021, Lewin wrote: “we are at war people make no mistake...Peaceful marching has not and will not do anything. You have to choose a better strategy. I have one that I think will work but it involves staying out in the wild for a few days at a time.” Lewin used the group to search for others to help him in an attack on national infrastructure. He dug hide-outs in woodlands, which he explained to the group were to escape detection. Before he was arrested, he visited the Bardon Hill transmitter communications mast in Leicestershire at night, taking videos of the location and manhole covers which housed fibre communications equipment. He also visited communications masts at Markfield Hill and Copt Oak and took photos. It was later proved in court that this was reconnaissance to help him plan terror attacks.

Smart cities: challenges & security threats

Freya — Tue, 03 Oct 2023 11:57:30 +0000

Communications & CNI

Michael Kolatchev, principal consultant/Rossnova Solutions (Belgium) and Lina Kolesnikova, consultant/Rossnova Solutions (Belgium) discuss the security threats facing the growing number of “smart cities”

Cities are the most complex objects created by humans. Modern cities face the challenge of combining competitiveness and sustainable urban development simultaneously.

The notion of a “smart city” came into our lives in 2006. Nowadays there are more than 150 definitions of the term. The International Telecommunications Union defines “smart city” as “ a sustainable city… which uses ICTs to improve people’s quality of life, make urban operations and services more efficient, and boost its competitiveness, while ensuring that it meets the economic, social, environmental, and cultural needs of present and future generations”

The growing number of urban problems pushes city authorities (not only metropolises but also medium and small cities) to look for innovative solutions to make cities resilient, sustainable and livable. In this context, the term “innovative solution” most commonly boils down to a technical solution facing a large number of people, or a technology in broad sense. That is where a smart city loaded with technical solutions to non-technical problems go to the front. Smart cities make use of known technologies to optimise what often already exists in other forms, but maximises the outcomes to smooth the operation. In essence, the mass of input data is analyzed in (near) real-time to adjust configuration of city control systems to achieve “best currently achievable” outcomes defined using pre-defined criteria and rules.

As one can see, a smart city essentially demands the myriad of data collection input points and devices, strong capable networks delivering collected data promptly to appropriate destination(s), and the central brain that makes use of input data to adjust the environment for its users (habitants, transport, etc.). The latter immediately implies that the environment (“the smart city”) is flexibly adjustable and configurable at the most detailed level possible, down to configurability of individual devices and procedures installed at any place in the city. With such an elaborate network of devices, processing capabilities and communications, the trust in data and algorithms, access control to and usage of powerful capabilities comes to be a crucial element on its own.

When talking about smart cities, we immediately witnessed the concerns of citizens that smart cities effectively create an environment of total surveillance and control and push towards unwelcomed intrusion into personal life. For convenience, safety and perceived shielding from today’s challenges and pressures, people are readily giving away their independence and privacy. For example, the old artistic idea of TV watching people rather than people watching TV is now absolutely feasible, with subject and object exchanging places. End-user devices are continuously “listening” to their users and feeding this information to central systems to define the next actions or suggestions (even though, this intent is convenience and not spying as such). The notion of smart cities has settled firmly in conspiracy theories.

Risks and threats
Undoubtfully, smart cities aim to remediate certain risks and downplay certain threats. For example, extended surveillance, fast processing and quick response units. Meanwhile, security professionals voice concern with challenges and, paradoxically, new vulnerabilities and security threats that come with smart cities, while some old ones still persist.

Vulnerability is psychological, sociological, or physical characteristics that can leave the asset unprotected or exploitable for attack. Despite our wishes and effort, there are blind spots and defects, which could be missed during risk planning and vulnerability assessments.

We find ourselves in a situation where technologies, which have their own vulnerabilities, as no technology can be 100 per cent secure, are used by players who bring their “old” vulnerabilities to the new and more complex system, and which, in their own way create new vulnerabilities for the whole system. The situation is even more difficult because the new system, smart system, can become very complex and is based on the principle of interdependency.

Cyber security
Data, information and knowledge are crucial elements of smart cities. A smart city is a hub of transformation of data into information and knowledge, further transformed to configuration adjustments and actions. We are talking here about BIG data. Such data should be collected, stored and analysed properly. Such data includes a significant amount of sensitive information as well, therefore, its protection is crucial.

Smart city technologies could be disrupted in one or more of the following dimensions: confidentiality attack, such as a privacy breach, data loss or identity theft; integrity attack, such as device hacking for planting malware or viruses, data pollution and manipulation; availability attack, such as Denial of Service, manipulated or provoked full or partial shutdown of a system; or traceability attack, such as data manipulation aiming at hiding or generating false mis-leading traces.

Either due to an intentional (attack) or unintentional (defect or human error) event, system disruptions render part or a whole of a smart system unusable, or, worse, usable for malicious purposes, leading to undesirable outcomes.

Given there are no unlimited budgets available, security of a system, smart city in our context, will likely follow best practices which are fundamentally based on security assessments, identifying and prioritising remediation efforts in function of risks and vulnerabilities.

New vulnerabilities
Vulnerabilities would be weaknesses of various sorts in systems and technologies, integrations and processes using such systems and technologies, as well as in procedures executed by humans. Some vulnerabilities are the same as those faced by any organisation today, such as weak security, inadequate data encryption and protection overall, programming bugs or elementary human errors (even though, the latter are not specifically categorised as vulnerabilities and are largely addressed by smart cities via mass automation and digitalisation).

However, there are new vulnerabilities as well. CIs in Europe, for example, often use old soft- and hardware. Such a situation creates a “bad heritage” problem, when these old technologies with their large technical debt are integrated into smart city system, a system of systems.

Smart city systems are very complex and very much interdependent. No person or organisation can say how all the things work, individually or in combination, what risks they have and how to mitigate them. Given interdependency, there is always a risk of a cascading effect in case of disruption of one of the system’s components. Building and maintaining a knowledge base in the hands of smart city architects, analysts, managers and operators, is a daunting task but shall be addressed.

Another concern is the cost of keeping infrastructure, systems and technologies, operations and personnel up-to-date and maintained. In a complex system of systems, even fully automated testing of a small patch in one of them, might be a long and effort-demanding exercise, as a correctly representative copy of a real system of systems shall be offered for best quality assurance and assessment of undesired impacts on one and all systems. With modern iterative development methods, we all know what this might lead to, provided existing and expected budgetary constraints across multiple countries. Testing might become limited in scope and depth. Building-in redundancy in the smart city system and its components is required but will also impact testing and deployments of changes.

Smart cities have many necessary physical objects (sensors, CCTV cameras, lighting systems etc) which are produced outside of a smart city, often not even in the same region, or in another country. The pandemic has shown that disruption of supply chains could be disastrous. In times of geopolitical instability, the question of having long-term vendor-user agreements is crucial but not always reachable. Therefore, redundancy in suppliers might be needed.

In ageing Europe, we risk the problem of the digital exclusion and/or digital illiteracy of many people, who could be targeted by organised criminal groups. Smart cities are not built and operated by themselves – people and institutions are doing so. The smart city and digital literacy rates are low not only among ordinary users but also among decision-makers and many stakeholders. Strong governance is needed as to define a sound foundation on which a smart city can be established, architected, constructed and operated in its entirety.

Protecting offshore oil and gas installations

Freya — Fri, 10 Feb 2023 14:38:31 +0000

Communications & CNI

Debbie Rafferty MSc(Debz) has more than thirty years’ experience in the security and counter terrorism industry, she is currently researching a PhD in Criminology and Sociology at The University of Abertay. The following article is based on a Counter Terrorism Studies Masters Thesis titled “How do energy companies manage and mitigate the security of offshore oil and gas installations?” submitted to Liverpool John Moores University in 2020, and presented at the recent International Security Expo in London last September In the 1970s, offshore maritime terrorism was identified a clear and present insidious danger. What is the menace? Oil and gas installations are susceptible to attacks - disruption by an operative or saboteur who permeates the crew, appropriation by an effective and organised terrorist faction, subaquatic attack by a diver or submarine and an unrestrained strike by an antagonistic power (Townsend, 1975). However, this is the 21st century and evidentially subversive attacks could be launched in many more sophisticated guises, including but not limited to, cyber, insider threat, insurgency infiltration via small boat, drones, light aircraft, safety boat, and helicopters used to transport rig staff, coupled with the current cold war enigma installations in the North Sea, the oil and gas infrastructure is increasingly vulnerable. So much so the UK has launched an exigent security review of North Sea energy pipelines after Russian ‘sabotage.’ Increasingly, extreme political groups have resorted to sabotage and hijacking in Britain and throughout the world. The foremost antidote relating to prevention was identified as a ternary stratagem comprising of Planning, Preparedness, and Performance. Therefore, from the aforesaid, one may presuppose that the past informs the present and subtly seeps into the future. The online magazine Rigzone reported that from 22 May 2022, in the Bay of Campeche, Mexico, there have been six maritime terrorism events. The attacks involved three supply vessels and offshore oil installations (MSTA) (Exarheas, 2022). Rewinding and reflecting on these events as to the why and wherefores of the incursions should supplement existing security knowledge. Further, highlighting what mitigating and moderating procedures are desirable in order to prevent similar incursions on exposed oil and gas installations in, for example, the North Sea. Circa 26 September 2022 events in Danish waters erupted because of “an act of ‘Sabotage’ on the Nord Stream gas pipe” (Sky News, 2022). It is thought the saboteur set off a series of explosions to damage the pipeline. Had this been a petroleum supply line, the environmental damage would have catastrophic. In a time of increased aggressive acts against the oil and gas industry why is the UK not taking potential threats seriously? My recent presentation on how oil and gas companies manage and mitigate security in the North Sea highlighted security failings, along with the potential for impending occurrences. Failings that are not “secret” in nature but available to the general populous.. The Main Points There remains an endemic culture of postulation and procrastination within the industry, with regard to the issue of insurgency and the role of the Offshore Installation Manager (OIM) in this context. This phenomenon is known as a presumption of knowledge or ‘imagined’ idea that, the OIM has specialised training to manage an unquantifiable level of security risk. This can be traced to a perceptible gap in current training and is supported by the findings of Hollnagel (2006 p.86) who alludes to risk evaluation as “work as imagined” and “work as done.” The OIM ‘captain’ of an oil rig is supposed to maintain safe operating practises in an exceptionally hazardous environment while at the same time maximising production of a product with significant economic return to the British Government. During an interview for research purposes, rig personnel believed if there was an illegal ‘boarding’ on a rig in the North Sea the OIM would have the necessary training to deal with this situation and instruct everyone what to do. Further enquiry into the prerequisite training needed to be an OIM highlighted that there was in fact no training in the prevention of insurgency. Any training was restricted to incidents that may occur within Standard Operating Procedures, with a focus on “slips trips and falls.” Hazard Management tools need revisiting and revamping in terms of the prediction of physical projected threats. The majority of those standardised evaluation systems used across the oil and gas industry are located within the “lessons learned” and “pass process failures prevention.” Thus, there is a necessity to step back from the ‘knee jerk’ responses and a move towards a proactive dynamic predictive process. A note should be made that if the sector exists in a bubble of “the past is a reflection of the past” then why is data not collated to inform the future. Collating data from for instance, the Bay of Campeche events would inform the structure and content of training modules to mitigate and manage similar incursions. Threat defence mechanisms remain focused on threats such as, the negligent and malicious insider. The attitude that although the threat is not perceptible does not mean it does not exist. External threats from anti-petroleum movements who plant explosives on gas lines are becoming more frequent, and yet there is no Tactical Evaluation simulations or pre-emptive response training across the industry. Current response mechanisms are outdated, and although may appear expedient on paper there is an ever-increasing gap between the reaction procedures and actual real life ‘planned responses’ if there is an event. A constant reminder is the Piper Alpha in the North Sea tragedy when a substantial leakage of gas condensate on the rig caused an unprecedented disaster. This took all of 22 minutes to unfold, 167 souls were lost and the Occidental Petroleum Corporation settled to pay $180 million in reparation to victims’ families and survivors. Overall, the Piper Alpha tragedy incurred a $3.4 billion USD loss in revenue. There are defence mechanisms in place, in the shape of a ‘safety vessel’ nonetheless inquiry has shown that often these vessels are not fit for purpose. On the other hand, Norway employs custom-built boats, while the UK relies on antiquated trailers and tugboats. Likewise safety zones and existing maritime measures are not ideal, short comings were identified by Assaf Harel (As far back as 2012). Hitherto, the frequent incursions by environmentalist groups have had little effect on the up to date ‘be prepared training’. Response at National level is now restricted, largely by location. Amalgamation and relocation of military and maritime defences has increased an estimated response time more than 4 hours, even though Piper Alpha was devastated in 22 minutes. Lack of external learning was cited in the Cullen report (Reid 2020). Therefore, illustrating the difficulty that companies have in learning from disasters that occur elsewhere. Government strategies have continually been challenged by scholars, and on closer inspection emergency strategies appear robust and integral on paper these strategies have not been rehearsed by the sector and/or policy makers. Legal devolution has resulted the division of the UK. This division has brought about national policies that satisfy English and Scottish law. Given the importance of the human resources, sector and commodities produced, there is a lack of investment into specialised trained and qualified response personnel to manage extremist threats. Solutions The initial research carried out regarding ‘How oil and gas companies manage and mitigate security in the North Sea’ reveals conspicuous and concerning vulnerabilities. There are however uncomplicated solutions to overcome these weaknesses in the North Sea. Include pre-emptive training of all oil and gas personnel, specific to anti incursion and proactive responses to intended threats. Intensify the powers of arrest for the OIM and inclusion of a counter insurgency module as part of the OIM course. Include an Offshore Security Manager who can conduct on location risk assessments and design practical standard operating procedures (one per rig). Employ a researcher within the company framework who can investigate and review the under currents of global socio-political-economic developments that may precipitate insurgent events. Further, this person could liaise with the Operations Security Manager to utilise the ‘lessons learned’ to generate effective processes and procedures in response to evolving threat situations. There may be those readers who perceive that the information contained within this article will update unscrupulous individuals about national offshore security integrity and weaknesses. In response to this is that the existing vulnerabilities are already common knowledge. Finally, this is not a fictitious issue there is an imminent clear and present danger, and evidence indicates that this is accelerating. There is an expenditure effective solution which can be implemented to manage/mitigate and protect personnel, installations and avoid financial loss. Thanks to Margaret A. McLay (MA, MSc, MEd) who contributed to the research and presentation of this article.

CTB Interview: Nuclear facilities and terrorism

Michael Lyons — Mon, 10 Feb 2020 09:44:28 +0000

Communications & CNI

Counter Terror Business (CTB) talks to Duncan Worsell (DW), Assistant Chief Constable of the Civil Nuclear Constabulary, the man responsible for all operational deployments, armed or otherwise, at civil nuclear power stations in the UK

CTB: How does the Civil Nuclear sector work to secure our nuclear facilities from the threat of terrorism?

DW: Each element of the civil nuclear sector must be licensed by the government, and the license holder is termed as the duty-holder, and the overall responsibility and legal accountability for the safety and security of every site falls to its duty-holder. Each duty-holder will have a Nuclear Site Security Plan which, among many other things, will detail the arrangements for deterring, preventing and responding to the threat of terrorism.

The plans are drawn against a postulated threat and where they include a dedicated armed response, they will detail the arrangements for the deployment and activation of the Civil Nuclear Constabulary.

Intelligence and deterrence play a key role in keeping the industry secure, as do the physical security infrastructure, personnel security, and access control arrangements. In the highly unlikely event that these elements are compromised then the Civil Nuclear Constabulary will respond to deny access to and defend nuclear facilities, and to recover control should this ever be necessary.

CTB: The CNC’s mission statement is to defend and protect those sites to which it is deployed, with a specific view to denying unauthorised access to nuclear material. With the cyber threat growing, from both large national threats and lone rangers, how has this objective changed in the last five/ten years?

DW: The primary objective has stayed the same. It is correct to say that the threat has diversified, and it was perhaps the realisation that the terrorist is not only deadly and determined but is also prepared to sacrifice their own life in the name of their cause that directed the most significant change in thinking to address that objective.

The emergence of the cyber threat, like other capabilities that have preceded it, has undoubtedly focused our attention, and it is the blending or mixing of these capabilities in innovative and unpredictable ways that poses the hardest challenge.

The Civil Nuclear Constabulary, like all of the best organisations with a remit to meet the threat of terrorism, must remain vigilant and agile, our response must be effective and robust, and the protection of the public, through safeguarding nuclear material, remains our primary aim.

CTB: Amongst the 2018-2021 CNC priorities is a line stating that ‘maximising the full potential of our new Tactical Training Centre will be key’. Could you expand on why this is the case?

DW: The Griffin Park Tactical Training Centre will become the centre of excellence for all CNC firearms training, it is where our armed police officers will learn and test their skills. Not only will the training for our officers, and therefore their capability become more effective, the nature of the facility is such that we will be able to do this in a much more efficient way, having multiple training areas in use within the same building for concurrent training activities.

CTB: Around the world, nuclear power stations are carefully guarded, but armed police officers are still not common in the UK. How important is training and public engagement in making sure that the CNC retains its role in protecting UK sites?

DW: CNC officers are trained to UK College of Policing (CoP) standards, our facilities, training staff, training content and associated processes are subject to regular and intrusive assurance checks by the CoP and we are fully licensed to conduct our role.

Achieving and maintaining this standard is vital, it assures HM Government, the nuclear regulator, other stakeholders and the general public that the CNC is a fit for purpose organisation and that the service we provide is aligned to the high standards that the public and others expect of any UK policing organisation.

Actively engaging and assuring the public of this is often a challenge, we engage to as greater degree as we can, and we are now making much more use of social media to put our message of professionalism, excellence and reassurance as far and as wide as we are able.

Civil Nuclear Constabulary

A layered approach to public safety

Michael Lyons — Thu, 06 Feb 2020 12:13:21 +0000

Communications & CNI

A layered approach to physical security barriers is an effective way of thwarting vehicle-borne attack on Critical National Infrastructure and public spaces. Here, Iain Entwistle looks at some of the options available

Physical security barriers are designed to provide perimeter protection to a defined area and can control vehicular access even those driven at speed by people with wilful intent. These Hostile Vehicle Mitigation (HVM) solutions can be deployed around Critical National Infrastructure assets, buildings and public spaces. They encompass a wide range of products of varying designs, including bollards, track sliding gates, quick bi-folding gates and road blockers.

Vehicle-borne threats can be anything from criminal activity through to serious terrorist incidents. If terrorists choose a vehicle with a load-carrying capability it can be either packed with payload to increase its destructive force, loaded with explosives or, more worryingly hijacked and used as a means of attacking innocent people. It is not just premises that are vulnerable to these kinds of threats, but as we have seen with recent events, public spaces, where there are large numbers of people, are all vulnerable. HVM solutions therefore need to be able to withstand these threats, and there are several internationally recognised approvals that apply when specifying these products, including PAS68, IWA14-1 and ASTM.

Protection of Critical National Infrastructure (CNI) is a priority for governments especially as terrorism is now viewed as a threat that will exist over the long term. CNI such as banking, finance, telecommunications, data centres, emergency services, transport systems, healthcare, food processing/manufacturing, energy and water supplies all require a joined-up approach to security. An attack in just one of these areas would cause immediate chaos that could potentially spread to other sectors. For example, knocking out a transport network may prevent delivery of medicines. It is little wonder that protection of these critical areas of infrastructure using HVM solutions has advanced considerable in recent years.

Protecting Critical National Infrastructure
Prevention is at the core of decisions around how best to protect the public and Critical National Infrastructure. One of the most effective ways of preventing vehicle attack, either aimed at buildings and their contents, or people, is to install Hostile Vehicle Mitigation (HVM) measures at the perimeter.

Criminals will use a variety of techniques to breach a perimeter barrier, not just vehicle-borne attack; false documents, encroachment (tailgating an authorised vehicle), duress or a combination of attack methods on the physical barrier using mechanical tools. Increasingly, and more worryingly, the threat of a vehicle-borne attack appears to be increasing considering recent events in London. When calculating the most appropriate HVM for these scenarios there are several specific factors that need to be considered – type and weight of the vehicle, and speed. PAS68, IWA14-1, ASTM and CPNI offer guidance and there are useful industry websites such as Perimeter Security Suppliers Association (PSSA) HVM Hub and Secured by Design.

There are other factors that security specifiers and architects need to consider, too. For instance, many vulnerable locations are public spaces, and so aesthetics, access, traffic management, health & safety and cost all form part of the decision process. The threats obviously need to be addressed, although it should be done in a way that ensures the public space remains open and inclusive, or that the premises don’t appear too fortress-like.

With events in London and around the world highlighting the real threat from vehicle-borne terrorism, we entered an agreement with Perimeter Protection Group (PPG) to supply and install their HVM solutions in the UK. The HVM products meet PAS 68 (British Standard), IWA14-1 (International Standard) and ASTM (American Standard).

Security works best when it is part of a layered approach, starting at the perimeter with Hostile Vehicle Mitigation measures. The next layer would be the entrance to the building, with LPS1175 Issue 8 Security Portals or Security Revolving Door. Meeting this important standard demonstrates that the Security Portal or Revolving Door can withstand a forced attack using a range of tools, should perpetrators proceed on foot past the HVM measures. For low to medium secure areas, standard Security Portals or Speed Gates provide a single-person authenticated entry that prevents tailgating.

In combination, this layered approach is designed to delay any attack as it advances towards the asset, meaning, ultimately, they are prevented from ever reaching their target.

The answer
Disrupting our way of life is something that all terrorists are intent on achieving. Irrespective of whether they carry out an attack, they take some satisfaction from knowing that more security checks, longer delays and a fearful public is somehow an achievement. However, careful choice of HVM as part of a layered approach can help mitigate some of these consequences and without being obtrusive or causing inconvenience to people.

The likelihood of a vehicle ramming attack is often underestimated, although recent events have proven that it is more common than it should be and when it happens it can have very serious consequences. Taking steps now by deploying HVM measures can harden your perimeter to vehicle-borne attack, whilst still maintaining an open and inclusive aesthetic as part of a proportionate and risk based approach to security.

HVM solutions are now routinely specified to provide perimeter protection for a wide range of applications from government, utility, logistics centres, data centres through to stadiums. Vehicle borne attacks appear to be on the rise, which is why a multi-layered approach to security is the best way of slowing and ultimately thwarting criminals and terrorists before they reach the intended asset. The key to choosing the appropriate HVM is to take a methodical and risk-assessed approach to determine project objectives and highlight security vulnerabilities. This is where a qualified specialist security consultant can provide further advice as there may be other factors that should be considered. Based on the outcome of this assessment, it is then possible to specify a range of HVM solutions that can form part of a layered approach as part of a wider security strategy.

Iain Entwistle is product marketing manager at Meesons A.I. Ltd.

www.meesons.com

Future of resilience in communications

Michael Lyons — Mon, 05 Nov 2018 11:38:45 +0000

Communications & CNI

The critical communications sector needs to provide new solutions and technologies that not only meet existing challenges posed by emergency situations, but can also be integrated
into existing technologies as well. Our panel of experts explore the extent to which blended communications are the future of resilience in communications

The development of the terrorist threat over the last few years, never mind the last couple of decades, has meant that security services and emergency responders must be prepared to deter and react to a number of differing threats from a number of differing places.

Since 9/11, the UK government and international security departments have had to contend with weapons of mass destruction, a concerning rise in cyber attacks, the possibility of biohazard airborne attacks and, most recently, vehicular attacks from home grown radicals.

In fact, using 9/11 as our example, an excerpt from the 9/11 Commission Report highlighted the damage of not having an emergency communications protocol in place. It said: “Effective decision-making in New York was hampered by problems in command and control in internal communications… The Port Authority’s response was hampered by the lack both of standard operating procedures and of radios capable of enabling multiple commands to respond to an incident in unified fashion.”

Closer to home, Inspector Simon Davies of the Greater Manchester Police and the North West Counter Terrorism Unit gave a presentation at a BAPCO event in Newcastle on the work he and colleagues completed as Airwave Tactical Advisors following the bombing of the Manchester Arena on 22 May 2017 which killed 22 people. The audience sat in near silence as he talked about the issues of the operation which lasted weeks, rather than the days most of us would think about. There was no doubt that communications were vital to all of those agencies involved and to ongoing public safety.

As important as providing the right equipment to allow responders to do their job, is providing the right systems and assistance to allow them to communicate. In this day and age that starts with the first person to report an incident, usually a member of the public, rather than after a control room has received a call and dispatched resources.

The ability to collect, interpret and share the information provided by a caller already at the scene can be vital in providing the best and most appropriate response to an incident. By harnessing the technology carried by most members of the public, emergency services can get ahead of the game in their response times and actions. Ask once, record properly and share as often as necessary has to be a requirement of really working together and providing the best response.

Yet while steps have been taken to increase preparedness against these attacks in the last 15 years, with the recent Budget announcing an extra £160 million on counter terror policing next year and expensive and protective measures being implemented for President Donald Trump’s Summer visit, how much attention is being given to the glue that holds preparedness and response together: communications?

Connected communications
As we become more connected – so do our lives and daily routines. In 1987 the means of communication was limited to landlines, analogue CCTV, limited data over command systems and analogue duplex radio. Today, how would you manage to get through a typical day without your mobile phone for example? It seems almost impossible when you consider its use for making calls, social media, getting directions or even adjusting the temperature of your home. It is clear that we are more efficient when we are connected and the same applies to responders in the field – by being able to carry out important tasks remotely, responders reduce duplicating efforts and workflow inefficiencies.

The fluctuating availability of terrestrial networks poses a serious challenge for responders trying to access and share reliable content remotely and can often become unusable in situations when it matters most. Lessons learned show that communication plays a significant role in the outcome of an event and due to the unpredictable nature of responses, terrestrial networks should not be solely relied upon.

Emergency Responders need a variety of solutions to ensure maximum resilience so that operational assets are fit for purpose. A resilient and private data network over multiple bearers, such as 3G, 4G, LTE, COFDM and Satellite, ensures that responders are able to share time-critical data, video and voice securely in all environments. This includes instances when terrestrial networks are congested, under threat or suffering from disruption.

The public expect their services to be using at least the same technology as them and the best available. Broadband is the new expectation. 4G and even 5G are the new buzzwords along with LTE. It’s no longer enough just to talk to pass information, it’s vital to be able to share data and to share it immediately. Public safety communications and technology is following what is available to the public and to business. There is a move away from the ‘old’ radio systems to the ‘new’ communication systems.

The UK is at the forefront of implementing the new technology. The government’s Emergency Services Mobile Communications Programme (ESMCP) will deliver a new Emergency Services Network (ESN) using the same technology we are all familiar with for our mobile phones and based on a commercial, rather than a bespoke, network provided by a commercial partner.

Expert in radio communications, Nick Paris says that combining ‘broadband’ communication methods, including the aforementioned Wi-Fi, 4G and LTE, with a traditional radio is an exciting proposition. Whilst two-way radio is highly resilient and reliable, its limitation is that it only allows a limited amount of data to be transmitted to the device making transmission of photos, videos or large amounts of information out of the question. Adding broadband capability into the device breaks down this barrier, and opens up many more possibilities.

The next evolution in radio is the arrival of LTE, or PTT-over-cellular, devices. Instead of using traditional RF radio to talk to other users, these devices communicate to a server in a data centre over Wi-Fi or a 4G/LTE network. This will mean that traditional radio coverage constraints no longer exist, whilst also opening up the possibilities for convergence with other platforms, applications and systems.

The Internet of Things
Information and data are the lifeline of any organisation. If not available, and shared freely, responders in the field will struggle to collaborate with one another as well as other responding agencies. The growth of IoT (Internet of Things) represents our increasing ability to share information globally. By sharing data between vehicles, assets and people, the most up-to-date, accurate information is readily available for continuity of knowledge and shared situational awareness.

The convergence of IoT and incident response enables a fully connected incident ground with any number of integrated ‘smart’ technologies. With a resilient and secure communications infrastructure in place, responders are able to monitor the unfolding situation and share those insights in real-time with commanders whether they are in the field, on-board a command and control unit or back at headquarters. Current applications include mapping, command software, vital signs monitoring, access to the cloud, video streaming and more.

In order to evolve into a new efficient digitally enabled organisation, learning from past events, analysing the current capability and staying tuned into current developments are effective methods for carrying out a true gap analysis and needs assessment. True digital transformation can only happen when a clear understanding of what your organisation and most importantly the people you serve expect today and will expect in the future.

Blended communications
Without a working and effective communications system, an emergency response operation will not be able to be carried out properly. As Jackson White points out, blended communications is important because it delivers the ability to fuse data – where different architectures, devices and systems all deliver data to one system – which gives security organisations a tactical advantage. It provides the ability to handle, manipulate and analyse data from a myriad of systems and IoT devices – ANPR, CCTV, bodycams, smart devices, AR etc. This form of blended communications gives operational advantages and provides greater inherent resilience because of how it draws down and disseminates data and communications.

A strategy around blended communications needs to recognise the vital role of inter-agency interoperability in terms of how the services work together on operations and the communications protocols they use. The differing communications systems and the differing procurement cycles of government departments means that we’re not going to see a common architecture at any time soon. Consequently, the security services base their planning for resilient communications on open architecture that will allow all key stakeholders to integrate their communications.

Innovative technologies
Designed with ease of use in mind, Excelerate’s new Portable Hub enables real-time data, video and voice applications – with enhanced roaming capability. This smart 4G Hub can plug in to any fleet vehicle or be deployed elsewhere within the incident ground for enhanced and extended communications capability. Connex Hub, a vehicle-based compact box, has the addition of a built in CPU for Excelerate’s Digital Dashboard Management Interface (DDMI). DDMI, combines all systems and applications in to one easy-to-use interface and is currently being utilised by the majority of our customer base. This solution is fully scalable and customisable to user-needs and supports 3rd party integration.

Returning to radios, last year’s release of the Hytera PDC760 advanced multi-mode radio was a game-changing moment for the radio industry. It not only provides a fully featured DMR radio for true critical narrowband voice communications but it also combined a full-sized Android smartphone, opening up the possibilities for data rich organisation-specific platforms, such as building management, customer relationship management or point-of-sale applications. The next evolution in radio is the arrival of LTE, or PTT-over-cellular, devices. These devices communicate to a server in a data centre over Wi-Fi or a 4G/LTE network. This will mean that traditional radio coverage constraints no longer exist, whilst also opening up the possibilities for convergence with other platforms, applications and systems.

Jackson White, Getac UK
Jackson White is business development director at Getac UK where he is responsible for growing the organisation’s defence, security and first responder customer base. After joining the Royal Corps of Signals at 16, where he looked after general communication systems, Jackson supported Special Forces operations for 10 years. He then moved into the corporate world where he oversaw future technologies and innovation for video surveillance and communications systems organisations.

Final thoughts: “Rolling out a new system can take 18-24 months, by which point the technology can be almost obsolete. We see that time and again with delays to deploying any bleeding-edge infrastructure, where the desire to deploy the newest technology is thwarted by the time it takes to build and deploy it. So open architecture provides the means to ensure robust, future-proofed systems, while also fulfilling the need for backward compatibility. It’s our strategy to be compatible with legacy, current and future technologies, so we never force in the latest technology at the cost of legacy. We find a way to enable both.”

Nick Paris, Roadphone NRB
Nick Paris is one of the radio industry’s most experienced system designers. Nick has designed, installed and supported systems using a wide range of technologies, from conventional analogue, MPT1327, DMR Tier II and Tier III solutions. His installation experience includes large skyscrapers in London’s financial district and nuclear power stations. He also sits on OFCOM’s technical advisory group, and has pioneered the design and specification of Endurance Technology®.

Final thoughts: “Equipping users with lots of pieces of technology, each with their own specific function, is expensive, difficult to maintain, and lacks the level of cross-platform integration required for an efficient workplace. Providing users with one reliable device such as the Hytera PDC760 which fulfils all of their needs, operating on a clients wholly owned resilient critical infrastructure whilst also allowing access to data rich third party services is a very compelling option.”

Simon Hill, Excelerate Group
Simon Hill is an experienced technical director at Excelerate Technology Ltd, with a demonstrated history of working in the telecommunications industry. Simon is skilled in service delivery, technical support, mobile communications, Radio Frequency (RF) and VSAT.

Final thoughts: “As technology becomes smaller, innovation has continued to grow with the launch of a number of new products. The demand for these solutions is rising, as responders adopt a more digital way of working and with a need for portable devices that can be used on the move – feeding back information en route to speed up processes, enabling more efficient working, supporting interoperability and improving overall safety. We are continually developing offerings to ensure that customers have the right solutions to address their converged technology needs. Our in-house R&D department monitors leading edge technologies to understand if they can benefit our customers and complement our overall offering.”