Counter Terror Business - Threat Landscape

Assessing the terror threat on opposite sides of the Atlantic

Michael Lyons — Tue, 19 Apr 2022 10:26:24 +0000

On the surface, the terrorism threat facing both the UK and the US looks very similar. Certainly, the threat of violence from religious extremism is very real, with the terror threat level remaining high in both nations, and both face dangers from numerous disaffected groups and cyber terrorists.

Yet the two countries’ history and experiences of terrorism are very different. As such, there are differing perceptions and approaches to this threat on opposite sides of the Atlantic. The threat of terrorism in the UK has existed for many decades, primarily with the armed paramilitary campaign by the Provisional Irish Republican Army (IRA) waged between 1969 until 1997. In fact, during the 20th century, more terror attacks were carried out on the British mainland by the IRA than any other group. The 1970s – 1990s also saw the Animal Liberation Front becoming particularly active in the UK, firebombing life sciences facilities and at one time sending letter bombs to all four major party leaders.

While certainly the U.S. had experienced atrocities such as the Oklahoma bomb in 1995 – the worst act of homegrown terrorism in the nation’s history – many regard 9/11 to be the point when terrorism first hit the mainland. This marked the first major, ‘non-domestic’ terror attack carried out on US soil and 9/11 has greatly informed and defined the US understanding of terrorism.

US authorities tend to view terrorism as either domestic or non-domestic, with acts of violence committed by US citizens classed as a �鶹��land Security issue, not terrorism. This is reflected in the Terrorism Risk Insurance Act (TRIA), which will only react if an event is classified as non-domestic terrorism i.e., if it was carried out by a foreign national/s. The Boston bombing, therefore, was not deemed a terrorist event because it was committed by US citizens.

Considering the threats today, certainly religious extremism still exists and remains a very real threat in both countries. With most terrorist incidents in Britain during the 21st century linked to Islamic fundamentalism, it would be premature to consider religious extremism a spent force, with the attack outside a Liverpool Women's Hospital in November last year serving as a stark reminder of that.

Adapting to new challenges
The terror threat facing both nations has however broadened in recent years, with the danger of homegrown, lone actors rather than foreign-national groups posing a greater threat in the US now than at any other time. Social media and readily available internet access is facilitating this, making it far easier for groups such as ISIS and others to conscript the disenfranchised. Some of these groups are highly adept at grooming and recruiting disaffected individuals, creating affinities and allegiances with great speed as part of the radicalisation process. There is a sense that the opportunity to radicalise during the pandemic and various lockdowns has not been missed. ISIS, along with other groups and the rest of society, instructed its members to isolate and the result of radicalisation during that time is as likely to surface in the UK as it is in the US very soon.

Beyond religious extremism, recent years have seen a surge in the number of other groups motivated by nonreligious ideologies on a global scale. As insurers, we’re seeing the threat posed by these groups, with their increasing ability to commit acts of terror and civil unrest, grow more rapidly than religiously motivated extremism, both in the US and the UK. This encompasses an array of movements from militant environmental activists through to Antifa and, at the opposite end of the political spectrum, far right groups and white supremacists, which in the US are increasingly inciting deadly violence.

Far right extremism in the UK is almost exclusively based on the assumption of superiority of white people over other races. However, while ideologically similar to the US, during the last 30 – 40 years, far right groups in America have also been motivated by religion, possibly even more so than race, with Jewish populations a notable target.

Keeping track of the sheer number and activities of more recently formed ideologically motivated groups is a considerable challenge for law enforcement agencies, governments, insurers and private security firms. A key motivating factor in both nations is the disaffection felt toward governments. Many believe those in power do not represent them, their worldview or recognise important changes happening in society, culture or the environment, and have been inspired to form movements to bring about changes they feel are necessary.

Those once considered to be fringe groups are now able to create platforms that can mushroom into global networks. Some quickly gain media attention, propelling their agendas into the popular consciousness, which attracts additional support in terms of funding that can then be used to generate further awareness and pressure for change. However, not all groups manage to achieve change in this way and some, driven by frustration, have the potential and resources to resort to more extreme measures, especially if they feel they are not being heard or taken seriously.

Certainly 9/11 gave birth to the notion, among those minded to carry out extreme acts for their cause, that terrorism can be an effective way of getting their message across. Similarly, the inventiveness of ISIS in using everyday objects as deadly weapons, be that knives, motor vehicles or materials to create IEDs, has informed terrorist activity. Copycat terror attacks have tended to be carried out by similarly religiously motivated groups, but those motivated by non-religious ideologies are increasingly mimicking these tactics on both sides of the pond. While each group across the spectrum has its own power structure and modus operandi, these are increasingly becoming variations on a theme, with all accessing similar online resources to find the most effective methods to achieve maximum impact and ultimately their aims. As such, while difficult, monitoring for shifts in patterns of behaviour is an essential part of keeping track of groups likely to go to extremes.

It is true for the US and the UK that with the tactics of religious and non-religiously driven groups becoming increasingly similar, whether an act is classified as terrorism or not often comes down to the motivation behind it, even though the tactics and the intention to terrorise are the same. Lone shooter incidents can be hugely problematic as, with many perpetrators ending up a victim themselves, it can be impossible to discover what motivated them.

This is one of the key reasons why the insurance industry developed ‘active shooter’ or ‘active assailant’ insurance to cover the grey area between a lone shooter and a lone terrorist. The lone gunman has long posed this conundrum, with some individuals in the past classified as serial killers, who, had they been part of an organisation, would have been labelled terrorists.

While these dynamics and challenges are similar in both the US and the UK, geography cannot be overlooked. As an Island with a considerably smaller landmass than the US, the UK is inherently more difficult to gain entrance to. Another key distinction is the relatively easy gun access, attitudes toward firearms and far more relaxed gun laws in the US compared with the UK.

Of course, now, much intelligence gathering effort is focusing on the escalating Russia /Ukraine situation as war can be a catalyst for acts of terrorism. Often wars leave behind displaced people, abandoned munitions and military hardware – a combination that can result in a wave a terror attacks in its wake. This conflict certainly has the potential to produce that cascade effect, as others have, which will be a security concern for both nations.

The threat of related cyber terrorism is also now equally real for both nations, raising the issue of where cyber terrorism stops and cyber warfare begins when state funded actors are involved. At time of writing, no such incidents had been reported however, depending on a range of factors, particularly the perceived success of the campaign within Russia and abroad, this could change very quickly. For example, with Russia banned from international payment system SWIFT, this could become a target, with little for Russia to lose in hacking it.

Russia certainly has highly effective cyber capabilities, as does the US and the UK, and in the event, the nation willing to dedicate the most resources could be the deciding factor. Russia’s close links to China may also become significant. China possesses considerable cyber capabilities, where, evidence suggests, there are warehouses of people hacking on an industrial scale. Cyber terrorism or cyber warfare is very low cost, anonymous and largely victimless from a bodily injury perspective. As physical conflict can give rise to acts of terrorism, successful state-sponsored cyber attacks are likely to inspire copycat action by ideologically motivated groups and others.

As for the rest of society, the terror threat the insurance industry faces is changing. When terrorist attacks are aimed directly at causing civilian casualties rather than property damage, an entirely different set of underwriting criteria must be applied and the insurance market needs to keep up to ensure policies are relevant and can protect clients from the perils they face.

While terrorism and the causes of it are rapidly evolving, a sophisticated ecosystem of intelligence gathering specialists, government agencies, law enforcement, risk carriers and others exist to mitigate this. Insurers that underwrite terrorism risks in both the US and the UK are able to participate in intelligence networks in both nations, which helps ensure the best possible customer protection. The combined efforts of these agencies have proven highly effective in thwarting planned attacks in both the UK and US in recent years. As surveillance techniques improve and as these agencies work in ever-closer collaboration, both nations continue to deepen their ability to adapt and respond in the fast-evolving fight against terrorism.

Written by Chris Kirby, Global Head of Political Violence & Terrorism at Optio Group.

How the pandemic is changing the terror threat

Michael Lyons — Wed, 19 Jan 2022 08:20:19 +0000

Threat Landscape

Covid-19 emerged and was quickly followed by a slew of lockdowns and restrictions. At first, these events seemed to play into the hands of law enforcement and all those engaged in counter-terrorism. Put simply with people stuck at home and not gathering on public transport, at venues, or in office skyscrapers, terrorist targets were hugely reduced. Then right at the end of last year UK police said they had foiled what they called seven ‘late stage’ terrorist attacks since the start of the pandemic. For obvious reasons they were shy of releasing any specific details, but this was good news particularly as it meant more than 30 such attacks had been frustrated in the last four years. Unfortunately, as the pandemic progresses, the outlook is changing with the unexpected mingling of ideas and actions by those on very different sides of the political spectrum.

UN warns that lockdown may contribute to radicalisation
The UN’s Counter-Terrorism Committee published a paper on the impact Covid is having on terrorism, counter-terrorism and countering violent extremism. The paper concludes that the pandemic is ‘likely to have increased the underlying drivers and structural factors that are often conducive to terrorism’.

The report warns there is a growing frustration and anger among populations at Covid restrictions that many see as disproportionate and unjust which contributes to ‘conditions conducive to radicalisation to terrorism’.

They note that: ‘Several terrorist groups are already exploiting the pandemic to cultivate authority and legitimacy, expanding their recruitment and radicalization tactics through charity, the provision of food or monetary resources, and other related support.’

Anti-vax groups also get a look-in with the report saying that violent extremist groups have sought ‘to develop ties with anti-vaccination communities’. We will return to the anti-vax movement in a moment.

Dark journey
During lockdown everyone has spent a great deal of time at home; often this time was spent searching the net. Those susceptible to radicalisation were able to indulge their fantasies. Damian Hinds, the UK’s Minister of State Security and Borders, recently told the Daily Telegraph newspaper: ‘Clearly, logically, when you have more people who are spending more time in their bedrooms at their computer … you are going to get a growth in that tiny proportion of people for whom that is a dark journey.’

He said there had been an increase in extreme right-wing terrorism but went on: ‘Islamist extremism terrorism, though, remains a potent threat. And we also have quite a few people who you might describe as having a sort of mixed or unclear or unstable mindset. Sometimes [they are] looking at flirting with different ideologies, different groups, sometimes apparently mutually exclusive, very, very different types of ideology.’

Conspiracy theories travel from right to left
This was a theme explored recently by George Monbiot in the Guardian where he looked at how left wingers were being lured by far-right conspiracy theories.

He wrote: ‘On an almost daily basis I see conspiracy theories travelling smoothly from right to left. I hear right-on people mouthing the claims of white supremacists, apparently in total ignorance of their origins.’

As he points out, this is not the first time there has been an overlap between left or liberal ideas with those of the far right. The Nazis were propogandists for astrology, organic farming, forest conservation and ecology.

Monbiot believes the anti-vaccine movement is a perfect vehicle allowing far-right groups to penetrate those on the left.

Pro-militia activists and white supremacists
Jonathan Jarry on the McGill website takes up this theme saying: ‘Anti-vaccine sentiment is strongly associated with conspiracy thinking and protection of individual freedoms, traits that are finding a home among far-right groups.’ As Jarry points out anti-vax protests ‘often show people holding signs slapped with anti-vaccine rhetoric next to pro-militia activists and white supremacists’.

Typically, there are links between anti-vaxers and those with an interest in conspiracy theories particularly those who believe restrictions are being placed on their freedoms.

Political prisoner
Novak Djokovic, following his recent tussle over his Australia visa, and his subsequent ejection from the country has become something of a poster boy for the anti-vax community. Social media platform Telegram which is often home to conspiracy theories and anti-vax sentiment has seen anti-vax groups calling Djokovic ‘a political prisoner’. One respondent asks the question: ‘If this is what they can do to a multimillionaire superstar, what can they do to you?’

If you look at what Djokovic has said about vaccines, he is often more equivocal than his fans on Telegram would have you believe. In April 2020, he said he was ‘opposed to vaccination’ but later said he would keep an open mind and ‘choose what’s best for my body.’ And he ‘wouldn’t want to be forced by someone to take a vaccine.’ Notwithstanding that, he ultimately refused to be vaccinated and lost out on being able to defend his Australian Open tennis title.

‘Burn down MPs’ offices’
It is worth reflecting on another anti-vax adherent. Piers Corbyn, brother of the former Labour leader Jeremy Corbyn, undoubtedly sees himself as a figure on the radical left but many of his actions and comments would be entirely at home with those who stormed the Capitol building in Washington DC on 6 January 2021.

Corbyn was arrested on ‘suspicion of encouraging people to burn down MPs’ offices’. He was captured on video at an anti-vax protest telling supporters to: ‘hammer to death those scum who have decided to go ahead with introducing new fascism. You’ve got to get a list of them … and if your MP is one of them, go to their offices and, well, I would recommend burning them down, OK. But I can’t say that on air. I hope we’re not on air.’

Just before New Year anti-vax protesters entered a Covid testing site, believing it to be a vaccine centre, and shouted abuse at staff and were reported stealing pieces of equipment. Jeff Wyatt, a right-wing UKIP candidate, and Piers Corbyn were both part of this so-called Freedom Rally protest. So extreme left and right points of view were both represented. Strange bedfellows for strange times.

Alpha Men Assemble
You may say this is hardly terrorism, but police are troubled about the direction of travel some anti-vax groups are taking. Of particular concern is a group known as Alpha Men Assemble. A Daily Mail reporter was present at one of their training sessions at a park in Staffordshire where those present were told to: ‘hit vaccine centres, schools, headteachers, colleges, councillors and directors of public health in every area’.

The training was conducted by a former member of the armed forces who said those present should prepare for a ‘war on the government’ and called on them to ‘take it to the Old Bill’ and warned the fight was ‘not for the faint-hearted’.

Synagogue Siege
At the time of writing, it is Islamic terrorism that’s making the news once again. Information is emerging about the terror attack at a Synagogue in Colleyville, Texas. The BBC reported that three men including the synagogue’s rabbi were taken hostage. The rabbi, Charlie Cytron-Walker, helped all the men escape by throwing a chair at the terrorist.

Cytron-Walker released a statement saying security training had helped him and his fellow hostages survive. He said: ‘Over the years, my congregation and I have participated in multiple security courses from the Colleyville Police Department, the FBI, the Anti-Defamation League, and Secure Community Network. We are alive today because of that education. I encourage all Jewish congregations, religious groups, schools, and others to participate in active-shooter and security courses.’

The terrorist identified as British citizen Malik Faisal Akram, was shot dead by police. Akram, from Blackburn Lancashire, is thought to have arrived in the US two weeks prior to the attack and secured a handgun on the street.

In an indication of the international nature of both terrorism and counter-terrorism, US and UK police are liaising. Greater Manchester Police announced they have arrested two teenagers in England in connection with on-going enquiries into the Synagogue siege. Whether the pandemic had any bearing on this man’s actions it is too early to tell.

Unlikely alliances
Perhaps the big takeaway to be drawn from all these events is the merging of the rhetoric and sometimes the direct action taken by those on very different sides of the political spectrum. These groups have lockdown time and the easy ability to disappear down some unwholesome internet rabbit-holes. As left and right conspiracy theorists merge, counter-terror officials have their work cut out to unpick and challenge this new and unlikely assembly of threats.

Written by Jim Preen. Jim is a freelance crisis management and communication consultant. He designs and delivers crisis simulation exercises, writes crisis communication plans and presents crisis management webinars. In another life he was a journalist working at ABC News (US) where he covered stories including the Gulf War, the Bosnian conflict, and the Concorde crash. He won two Emmys for his work.

Contact: jim@jimpreen.co.uk

The evolving terror threat in 2021

Michael Lyons — Wed, 23 Dec 2020 12:43:34 +0000

Threat Landscape

Covid-19 has accelerated a variety of global trends. Some of these are perhaps ultimately good, for example moves towards more investment in AI and automation, or a growing focus on taking this opportunity to making lasting changes to benefit the environment. Many others are, however, quite concerning. Continued threats to the global order, the likelihood of states testing the resolve of the new US administration, and increasingly polarised populations are all factors that will dominate 2021.

Terrorism, similarly, is a global trend that is experiencing something of a resurgence due to the consequences of the Covid crisis. From 2016, Sibylline’s quantified ASTRA model showed that this was one of the few risk areas that had experienced a fall globally. This was mainly driven by the reduction of Islamic State in Syria and Iraq, the limitations on the previously high-threat al-Qaeda in the Arabian Peninsula, and a fall in activity across North Africa. Although the Sahel, West Africa, Somalia and Afghanistan continued to see jihadist activity, and there were also numerous attention-grabbing attacks in countries such as the UK, US, and across Europe, these did not offset the global decline in the threat posed by the main jihadist organisations.

Despite the declining prominence of international jihadist groups over the last two years, terrorism and associated political violence remains a major concern and we expect this to be exacerbated by a variety of region-specific factors in the year ahead. This upturn in risk trends will be catalysed by the consequences of Covid, with the situation offering substantial opportunities to would-be threat actors. Drivers include increased economic hardship in many countries most impacted by terrorism; international distraction mitigating effective responses to threats; the ability to exploit and benefit from inter-state rivalries, for example Turkey employing former Syrian fighters in Nagorno-Karabakh; and over-stretch of domestic security services. Lockdowns have also given people time to research and radicalise, with societal divisions and stress hardening mindsets.

The close of 2020 has aptly demonstrated the capacity for cultural and religious fault lines to generate tensions, either inadvertently or deliberately, following hostile rhetoric towards France and French interests from leaders in the Muslim world. This arose as a consequence of President Emmanuel Macron’s assertion of the right to freedom of expression in the wake of Islamist terror attacks, but exemplifies the differences in societal values and norms that have the capacity to provoke violence when sensitivities are either misunderstood or ignored. The response both in the form of a public embargo of French goods in Islamic countries and, of concern, violent attacks was swift and highly impactful – showing how serious such issues can be.

This will likely prove a lasting problem. The cultural divisions exposed by Macron’s attempts to crackdown on political Islam in France risk a return to threat levels not seen for several years in Western Europe. The hostility to Islam and lack of respect many otherwise moderate Muslims believe the president has demonstrated risk sparking a surge of lone-wolf attacks against soft targets, which will be extremely difficult to police. Moreover, as Western leaders increasingly feel obliged to defend Macon’s secularist position, they risk their own countries becoming targets in the short term.

This is not to suggest that the kind of sophisticated and consistent attacks coordinated by Islamic State across Turkey and Europe from 2014-16 are set to return in 2021. The once-powerful network has been effectively contained within its primary sphere of operations. In the former ‘Caliphate’, however, IS will continue to threaten Western interests. This is of greatest concern in Iraq, where the political instability of the last year has only fuelled historic concerns among the Sunni community that proved an effective recruiting tool for the militant group and its antecedents over the last decade.

Now, however, militancy in Iraq is once again increasingly driven by Shia factions, whose anti-American sentiment and substantial resources have seen increasing IED and rocket attacks on US interests rise substantially throughout 2020. This is likely to spike in through 2021, as the Iranian leadership seeks to test the resolve of the new US administration ahead of Tehran’s own leadership elections.

It is Africa, though, that has seemingly taken on the mantle of the Middle East as the cradle of jihadism. Endemic government failures have seen long-running insurgencies escalate over 2020 and many now threaten to spread into new theatres. Mozambique has seen the most significant development in militancy over the last year, with the Islamist insurgency in Cabo Delgado threatening to establish territorial control over urban centres and launch more frequent operations into neighbouring Tanzania. While this is not likely to spread fully along the continent’s east coast, networks nonetheless run from north to south, and link into criminal interests. This has long been the trend in the north-west of the continent, where Nigeria and the Sahel countries remain unable to rein in Islamist and tribal militants that have essentially displaced state authorities in rural areas. Levels of activity are increasing and this is drawing attention from Western countries, with military action gradually escalating in an attempt to contain the threat.

Meanwhile, long-running militant violence in South Asia threatens to spike in 2021, especially on the Afghanistan-Pakistan border and in Kashmir. Narendra Modi’s bullish approach to the latter will provoke militant groups to launch new campaigns, with any backlash among Hindu nationalists threatening to the spread of politicised sectarian violence in India more broadly.

Political violence will not be constrained to traditional militancy in the year ahead, however, nor necessarily to developing nations. The increase in right-wing terrorism and political violence has arguably been the greater threat in the US during the Trump presidency and tensions have peaked around the recent election. Despite Biden’s victory, the recent campaign along with the summer’s anti-racial injustice protests and subsequent backlash, have created a febrile environment and mistrust in institutions.This could easily lead to radicalised individuals launching lone-wolf attacks against political opponents or religious targets, which will prove hard to prevent. Meanwhile, the more sophisticated plots by right-wing militias targeting Democrat politicians in response to their imposition of Covid-19 restrictions may continue, spurred on by Trump’s rhetoric. These are much more likely to be intercepted by law enforcement, however, but will nevertheless fuel partisan fears and radicalisation on both left and right.

For business, these challenges will be routine in many jurisdictions and, in the case of far-right extremism in the West, have been rising concerns for the last two years already. Outside of escalating insurgencies in Africa, which will continue to trouble the energy and mining sectors, the step-change in 2021 will emerge from corporate responses to touchstone social issues. Western executives are under pressure to take sides on issues from racial justice to freedom of expression, but in doing so they expose themselves and their companies to retaliation from a diverse range of extremists, from American white nationalists to radical Islamists.

The makings of a perfect storm are therefore present in both Europe and the US, given likely trends. Although the direct impacts are often minimal, the nature of terrorism is such that it has a disproportionate effect on business, and particular sectors face a growing threat. Financial services and technology firms also face an indirect challenge from increasing regulation and demands by lawmakers that they ‘do more’ to help mitigate the use of platforms by increasingly sophisticated threat actors. As the world struggles to recover, these adversaries will seek to take advantage; it behoves us to be ready.

Contributed by Justin Crump, CEO and founder of Sibylline, a British Citizen and based in the UK.

Secure or not secure? UK security in 2020

Michael Lyons — Mon, 20 Jan 2020 11:29:15 +0000

Threat Landscape

Professor Anthony Glees, from the University of Buckingham, considers the various security tools the new government will have at its disposal after 31 December 2020

Any survey of the current security threats facing the UK (and how best they are to be countered after the UK has left the EU) must begin with the fixed truth that Brexit or no Brexit, the delivery of national security is one of the few core tasks of government, and if it fails to deliver it, its effectiveness and competence will (properly) be called into serious doubt.

This is well understood by those hostile state and sub-state actors who aim to do us damage and is, after all, why they threaten and attack us: it is to rock governments and undermine the confidence of the public in their ability to keep us safe. It has also been well understood by every UK government since the London attacks of 2005 and, we should assume, by the new government led by Boris Johnson, after his landslide victory against Labour’s Jeremy Corbyn. It is not fanciful to see that Corbyn’s clear sympathy for groups that many British people regard as terrorist or revolutionary played a key part in his ignominious defeat, itself a key indicator of the importance of security in our national life.

After reflecting on the nature of the current and potential threats facing the UK at the start of a new decade, we move to consider the various security tools the new government will have at its disposal after 31 December 2020 (the likely date of our full departure from the European Union which will also entail our formal exit from numerous EU-facilitated security institutions and data sharing platforms: Europol, Eurojust, the European Arrest Warrant or EAW, Passenger Name Record Data, INTCEN, ECRIS, SIS I & II, Prum, and several others). There will be those who will insist that because national security was not an EU competence (as the Lisbon Treaty makes plain) and because many intelligence-led arrangements are bilateral and, in any case, the UK prospers from its ongoing participation in the ‘Five Eyes’ intelligence sharing partnership, Brexit itself makes no difference to our national security position. Indeed, a few angry voices, such as those of Sir Richard Dearlove, former head of SIS or Richard Walton, former Met chief, either insisted the UK would be more secure post-Brexit or that tools we shared via our EU membership, for example Europol, would be unaffected. The current �鶹�� Secretary, Priti Patel, has suggested that Europol could easily be replaced by Interpol as an agency promoting police intelligence sharing after 2020.

As we shall see, the argument that Brexit may make little difference to our security toolkit is perhaps not incorrect but not because such ‘ourselves alone’ claims are correct (they are not) but because the delivery of national security is so vital to any government, however ideological, that when push comes to shove it is unthinkable that the new tools that have been constructed over the past decade together with our former EU partners will not, in some form or another, be given new life. There are very few current security or intelligence chiefs who have not spoken out in favour of very close sharing relationships post-Brexit, including the outgoing heads of MI5 and SIS, and for a very good reason.

The scale of the threat
First, however, key incidents over the past year or so demonstrate beyond any question that the UK faces major national security threats (officially described currently as ‘substantial’ rather than ‘severe’, a change made, somewhat fatefully just before the second Islamist attack at London Bridge at the end of November 2019). They emanate from internal and external sources, from home-grown and foreign actors, from domestic subversive organisations as well as state actors, in particular (as our intelligence chiefs state publicly) Russia (responsible for the attack on Sergei Skripal in Salisbury in early 2018, Iran and China albeit all behaving differently when it comes to killings in the UK but in similar ways where digital subversive activity is concerned.

What we can see at once is that foreign states impact gravely on our national security coming at us from outside our own borders, not least (but also not only) in cyber space. In the case of Russia, its intelligence officers feel entitled to come to our shores and assassinate their targets over here (the Salisbury attack is but one in a long and depressing series over the past decade). At a stroke it becomes plain that to counter this, our foreign intelligence service, SIS, is as much part of the picture as our domestic one, MI5 and why it is that both must work intimately with our cyber intelligence agency, GCHQ and with the counter-terror police.

But we are not talking only about states. Sub-state networks and individuals from home and abroad, both Islamist and neo-Nazi, represent real threats to our national security. In today’s global environment, linked by digital highways by electronic media, an evil individual in one country can be inspired to murder and maim by real-time video shots of killings by another individual whom they do not know on the other side of the world. The neo-Nazi ideology (grounded in Fascist Hitler worship) is as dangerous as (if mercifully less widespread) than Islamist ideology (grounded in a cult of violence and killing).

The message for the new inter-connected decade is all current threats exist in a domestic and foreign context, and all are international and transnational in all key respects. ‘�鶹�� and abroad’ have lost all meaning in this sphere.

In January 2020 a 17-year-old man (who cannot be named) was jailed for six years for planning a neo-Nazi terror attack in Durham which included setting fire to synagogues. He was inspired by Anders Breivik the Norwegian neo-Nazi who murdered 77 people in 2011, and was obsessed with the history of the Third Reich. Just a few weeks earlier, at the end of November 2019, a British Muslim, Usman Khan, killed two on London Bridge. Khan had been jailed in 2012 for being a member of a nine-man Al Qaeda group (inspired by Osama Bin Laden) that had planned to bomb the Stock Exchange (this followed the 2017 London Bridge attack in which five victims and three attackers died).

Beyond our shores, a lone Islamist attacker in Paris killed one person and wounded another almost exactly five years after the 2015 attack on the Charlie Hebdo magazine when two Islamist brothers killed twelve, itself preceded by the Bataclan attack two years earlier that had killed 60 in Paris.

In the Autumn of 2019, Germany had to confront the murder of two people at a synagogue in Halle, eastern Germany by a neo-Nazi gunman whilst the trial began in Chemnitz, also in eastern Germany of eight neo-Nazis who were planning a rampage in Berlin. In Hungary, a neo-Nazi mob attacked a Jewish centre in Budapest.

It is not surprising that we were told (in May 2019) by the then �鶹�� Secretary Sajid Javid and the UK’s counter-terror chief, Neil Basu, that ‘the tempo of terror attacks is increasing’, that in the period 2017-19 nineteen major attacks had been thwarted, of which fourteen were Islamist and five neo-Nazi. Just two years earlier, Sir Andrew Parker the director general of MI5 stated that 20 terror attacks had been foiled in the previous four years, many through ‘early intervention’ and that 379 terror related arrests had been in the same period. He added that seven attacks had been disrupted in the previous seven months, of which four had been Islamist and one neo-Nazi. 3,000 individuals were being investigated in 500 ‘live’ operations at that time. Noting that ‘terror breeds terror’ Parker concluded that this was a ‘scale and pace we have not seen before’ and that this was a ‘long haul for the UK’.

Various estimates suggest there are from 23,000-35,000 potential jihadists in the UK; some 30,000 European Muslims travelled to fight for the so-called Islamic State (of whom 5-6,000 came from the UK, of these some 30 per cent had returned to the UK; yet only 25 per cent of the returnees were investigated and a handful restrained in some way).

Whilst it would be right to point out that, individually, none of these terror attacks resulted in large-scale deaths and even more important to emphasise that the vast majority of terror attacks in Europe were successfully disrupted by security forces before they could be launched, it is equally correct to highlight the fact that terror attacks, from Islamists and neo-Nazis are rapidly becoming established as serious national security threats across Europe.

Small wonder then that the UK’s key current and former security heads (of MI5, SIS and GCHQ) have made speeches since Brexit stressing the importance of transnational cooperation and the need to re-create existing EU tools after 2021 precisely because they are convinced they are needed. Even Sajid Javid (by this stage an ardent Brexiter) made it clear in his May 2019 speech that ‘whatever the outcome from Brexit we will continue to work together with partners’ adding that ‘in the event of a no-deal Brexit the UK and Germany would intensify cooperation and swiftly conclude any necessary bilateral security arrangements’.

It is obvious that when the UK has finally left the EU, almost certainly on 31 December 2020, we will have to find effective and robust ways of replicating these key relationships that are consistent with the decision to quit the EU. Assuming that the deal negotiated by Boris Johnson is in most respect similar to Theresa May’s (we cannot yet be certain) what must be re-invented over the next year (a very tall order) will include: re-entry into Europol (perhaps as a third country under a bespoke agreement) to provide access to its data-sharing systems, SIENA I & II and its extradition arrangements, especially the European Arrest Warrant (the EAW). 40 per cent of Europol’s case work has a UK focus, some 2,500 UK cases have cross-border implications; the UK (in 2018) was involved in 40 major joint Europol investigations; from 2009-2017 the UK extradited 8,000 EU citizens via the EAW, receiving almost 1,000 by the same process of whom 300 were UK nationals. Without the EAW extradition would take three times as long and cost four times as much.

The UK accessed the SIENA systems, which had 76,000,000 alerts on it, 539,000,000 times in 2017, and it registered 9,832 UK hits of which 94 per cent involved terrorists and sex offenders. In 2016 alone ECRIS, the criminal investigation data base passed to the UK 155,000 cases of criminal convictions handed down outside the UK but of interest to the UK.

It is of course true that the EU27 have benefited hugely from the UK contribution; the UK spends a vast amount on its intelligence and security work and has shared the fruits very generously with them. In 2019 alone the UK sent 30,000 conviction notices to ECRIS (receiving 16,000 in return). Whilst things do not always flow smoothly (we have been told that for five years errors in the system meant we failed to send the system notices of 75,000 convictions) in general the UK is regarded as a key partner. For every one person arrested under the EAW issued to the UK, eight are arrested by the UK for the EU; and the UK has had the largest single liaison bureau in Europol (with seventeen full time officers).

As we look to the post-Brexit future, only a fool could believe that the institutions developed on a platform provided by the EU had not helped keep us safe and were not worth preserving in one form or another. As the previous Prime Minister, Theresa May, concluded at the Munich Security Conference on 17 February 2018 ‘our ability to keep people safe depends ever more on our working together’. Even if this contradicted the Brexit narrative at the time, to ignore this would not just be to defy common sense and ignore the evidence, it would increase, dramatically, the risk to our people. Our security community has done a relatively good job to keep us ever more safe since 2005. This should not be thrown away.

http://www.buckingham.ac.uk/research/bucsis/news

Terrorism risk strategies: mitigate, manage, transfer

Michael Lyons — Thu, 08 Aug 2019 11:00:00 +0000

Threat Landscape

Ed Butler, chief resilience officer at Pool Re, discusses how businesses can be better prepared and proactive to protect themselves against the risk of terrorism

We have come a long way over the past 40 years in our efforts to combat terrorism risks. Experiences gained by UK authorities and security agencies during the Troubles in Northern Ireland placed the UK in a stronger position than many other countries who had to deal with the chaotic aftermath of global Islamic terrorism post 9/11. Yet the counterterrorism experts and security organisations that work tirelessly to reduce the impact of terrorism are in a constant arms race with terrorist threat actors who employ a wide range of attack methodologies to inflict mass casualties. The constantly evolving threat landscape exposes new vulnerabilities for businesses, especially SMEs, during the ‘new age’ of terrorism which has emerged since 2014. It is therefore essential to adopt a rigorous, analytical, and realistic approach to this peril, one that minimises the full spectrum of the downside consequences.

A strategy comprising six components can be extremely effective when organisations are confronted with terrorism risk. An organisation may not be directly targeted by a terrorist group or an individual attack but may instead suffer the indirect consequences of a cordon set up after the attack, or loss of attraction following a nearby attack, or contagion risks associated with terrorist activities in another area. Variation in vulnerability now lies primarily in the degree of likelihood that a threat will manifest (a probability which, unfortunately, is frustratingly difficult to calculate). Therefore, all organisations should consider the potential impacts of any terrorist attack happening on their doorstep (and within their systems, since cyber terrorism is a growing threat), and how best to minimise them.

Six actions contribute to a comprehensive risk and resilience strategy for dealing with terrorism risk: understand; assess; mitigate; manage; transfer; and accept.

Understanding
Developing risk awareness and knowledge are the critical first steps. Having a basic understanding of the threat an organisation might be exposed to goes a long way in protecting its assets, people, and shareholder value. Unfortunately, too many people still say ‘it will never happen here’. As has been demonstrated over the last four years, contemporary terrorists prefer soft and easy targets, and those which have little physical security in place. Increased protection of transportation hubs and iconic buildings has driven attackers towards urban markets, seaside promenades, and concerts for youth. Post-event reflections on ‘why were we caught up in all this horror’ do not form the basis of a sound security plan.

Risk assessment advances
Assessment is the second essential underpinning of any effort to manage terrorism risk. A general understanding of terrorist threats and their changing nature goes a long way, but these threats must be matched against a company’s vulnerability assessment. A comprehensive risk assessment will provide this. VSAT, Pool Re’s Vulnerability Self-Assessment Tool, provides an easy and simple way to assess potential terrorism exposures and business continuity threats. It delivers a risk score, alongside practical advice to treat identified risks and vulnerabilities. Other terrorism risk assessment tools include blast and explosion analysis (which considers the impact of bomb attacks on specific buildings); structural stability and progressive collapse analysis (an engineering-driven process); and assessment of chemical, biological, nuclear, and radiological threats.

Advances in blast modelling have made the assessment of specific buildings’ vulnerability to explosions much more accurate. Pool Re’s model, calibrated by experts at Cranfield University, uses Computational Fluid Dynamics to show where and how blast waves travel. The technique predicts the changing flow of blast pressure following an explosion as it radiates down roads and alleys, and swirls between and bounces off buildings. It allows much greater risk analysis than simple radial or 3-D line-of-sight modelling.

Mitigate, manage
Each action taken in the treatment of an organisation’s identified risks will fall under one of the remaining four components of a terrorism risk programme. The four must be assessed and carefully balanced within the context of the organisation’s risk profile and appetite, its resources, and its goals.

Risk mitigation comprises essentially the avoidance of risks. Ocean-going vessels have long practised risk mitigation when piracy makes certain sea routes less safe than usual: they simply sail around high risk sea channels (in extreme cases this decade, passing the Cape of Good Hope rather than risk dangerous waters beyond the Suez Canal), or employ on-board armed security guards. Similarly, recent, possibly state-backed bombings of vessels in the Gulf of Hormuz have prompted some masters and owners to take alternate routes where possible. The potential to suffer terrorism at the hands of activists has led some companies to withdraw from certain activities, including vivisection. However, risk mitigation is often not an option.

Risk management is essential in the many cases where terrorism risk cannot be avoided through mitigating actions. It includes actions taken to reduce the likelihood that risk transform into loss events. Measures range from the installation of barriers that prevent vehicles from entering pedestrianised areas, to the development of emergency response plans intended to reduce the impact of an attack which has not been avoided or thwarted. Many activities lie in between, such as instructing staff on threat identification, and bag searches for anyone entering a building.

Risk transfer through insurance
Security agencies around the world have become highly proficient at averting terrorist atrocities, which has made them excellent anti-terrorism centre-forwards and goal keepers. However, they can never guarantee to interdict all terrorist plots, every time. Risk transfer – essentially, the purchase of insurance – is the next component. When risk mitigation and management measures fall short and terrorists are successful in their attacks, terrorism insurance is the underpinning backstop which ensures resilience. It allows organisations to get back to business within the shortest possible time, and with the minimum possible impact on their balance sheet.

Terrorism risk transfer is Pool Re’s business. We provide, indirectly through conventional insurance companies, the insurance backstop which provides cash indemnity and supporting services designed to ensure that organisations will have the resources necessary to recover as quickly as possible from a terrorist attack. We rely largely on our own capital and that of retrocessionaires – companies that provide reinsurance for reinsurers – but above that capital sits a loan facility from Her Majesty’s Treasury, which will cover reinsured terrorism losses that exceed the member retentions and our own capital pool (claims exceeding £9 billion).

In the past only the largest companies were able to acquire insurance against terrorism risks, but today, in the UK and many other countries, cover is easily obtained through the usual insuring channels due to the involvement of state-backed terrorism reinsurance risk pools such as Pool Re. Insurance is now an essential part of any company’s terrorism risk strategy and business continuity planning and is an acceptance that we live in a changing terrorism threat landscape.

In Britain terrorism insurance is now available and affordable for all organisations. Claims can be made for losses due to an act of terrorism even when a terrorist attack has done no physical damage. For example, customers were denied access to businesses trapped behind the police cordon at Borough Market for over a week following the London Bridge attack. Many small traders suffered considerable losses from a drop off in footfall and spoilage of consumables. Since the event, Pool Re has created affordable ‘non-damage business interruption’ coverage for terrorism related losses.

The threat of terrorism is persistent, and it isn’t just about London. Small and medium sized organisations across the country are equally likely to be affected, either directly or indirectly. Taking a risk by not buying terrorism insurance, and instead adopting the belief ‘it will never happen here’ is a high-risk strategy in a world where terrorism is now, sadly, part of everyday life. Companies, large and small, can reduce the impact of terrorism by having a comprehensive risk strategy which covers all aspects of this diverse and unpredictable peril. An intelligence-led approach and plan will ensure effective and enduring resilience. Transferring risk through appropriate insurance is a must.

www.poolre.co.uk

Tracking terrorism trends: Successes and failures

Michael Lyons — Wed, 10 Oct 2018 08:17:54 +0000

Threat Landscape

If tasked with pinpointing the catalyst for the spate of terrorist attacks that have taken place across Europe over the last few years, most commentators would highlight the events of Paris in 2015, beginning with the attack at the offices of Charlie Hebdo and culminating with the atrocities of the Stade de France and Bataclan theatre.

However, in retrospect, when considering terrorism trends it may be better suited to treat the Paris attacks as a stand alone incident, instead focusing our attention on the events of March and July the following year, the threat of which police have successfully helped prevent happening again in one case, and the other still plaguing cities across the continent.

On the morning of 22 March 2016, two suicide bombings shook Brussels Airport in Zaventem, while a third coordinated bombing took place at Maalbeek metro station in the centre of Belgium’s capital. The ISIS-claimed attacks collectively killed 32 civilians and injured at least 300 more, but remains the last high-scale, successful attack at a transportation hub across Europe. That is because, since then, European authorities have heightened security at airports, train stations and ports, with British Transport Police now operating Project Servator across the entirety of London, and recently being implemented at Manchester Airport in April and at Birmingham Airport last month.

As part of the initiative, highly visible deployments take place at any time and at any location in and around the airport or station in question, with both uniformed and plain clothed police officers trained to identify anyone wanting to commit crime, supported by specialist police resources such as search dogs and armed officers.

Readiness over likelihood
In the Art of War, Sun Tzu advised to ‘rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him’. Airport security has advanced a lot since attacks in Madrid in 2006, Glasgow in 2007 and the plan to bomb the John F. Kennedy International Airport the same year, so much so that the tragedies of Brussels and Turkey’s Atatürk Airport in 2016 triggered further funding and planning into how to secure aviation travel further. In other words, they prioritised ‘readiness’ over likelihood.

The same cannot be said of vehicular terrorism, which appears to be moving on an upward curve since the Nice attack on Bastille Day two years ago. Since that incident, in which 87 people lost their lives, there have been attacks of a similar nature across the continent. In December 2016, a truck was deliberately driven into the Christmas market in Berlin, leaving 12 people dead, while pedestrians were struck down on La Rambla in Barcelona in the summer last year, as Younes Abouyaaqoub killed 13 people and injured at least 130 others.

Closer to home, a terrorist attack took place outside the Palace of Westminster in March as Khalid Masood drove a car into pedestrians along Westminster Bridge, killing five people. The attack was somewhat mirrored a few months later when a van was deliberately driven into pedestrians on London Bridge, before the attackers entered Borough Market and stabbed nearby civilians. In total, eight people were killed and 48 were injured.

Since then, an inquest has been running and is drawing to its close. While questions are being asked of the Metropolitan Police, who have angered many by not accepting its share of responsibility for the death of one of its own officers in the attack until a coroner forced them to do so, perhaps a wider inquest should ask why, given increasing incidents of vehicular attacks, attention has not been given to preventative measures. At the start of October, the inquest claimed that Transport for London needed to ‘raise its game’ to protect people from the threat of terrorism, saying that the risk of a vehicle being used as a weapon to target pedestrians on the city’s bridges had not been appreciated at the time, despite the attacks on the continent. Readiness was not the reaction.

Ultimately, it should not take an inquest to force the UK’s security and police forces, or those across Europe, to fully commit to protecting people, places, events and transport hubs, such as airports, from the threat of attack. The counter argument will claim that the attack posed will always change to find soft targets, but as airport security has shown, and as the Westminster inquest is divulging, our pavements, bridges and walkways should not be seen as ‘soft’.

Rob Wainwright: Tracking the terrorist threat

Michael Lyons — Fri, 26 Jan 2018 14:42:14 +0000

Threat Landscape

As executive director of Europol, Rob Wainwright will once again be part of an array of leading security and counter terrorist specialists speaking at this years Security & Counter Terror Expo. As premier media partner to the show, Counter Terror Business talks with Rob ahead of his session on tracking extremists in Europe. CTB: Once again, you are leading an extensive speaker line up at this year’s Security & Counter Terror Expo. What topics can we expect you to be discussing come March? I am looking forward to sharing with delegates my thoughts on how the terrorist threat in Europe continues to evolve and, in some respects, grow in scale and complexity. A total of 25 terrorist attacks hit Europe in 2017, confirming the serious nature of the threat we are currently living with across Europe. But, there has also been a marked increase in the level and effectiveness of police and intelligence service cooperation between countries in response, which Europol has played an important role in facilitating. CTB: Back in March 2016, you said that it would be a ‘serious miscalculation’ to withdraw from security cooperation with the EU. Now, nearly two years on from the UK’s EU referendum, how important is European cooperation to the security success of the UK? My views have not changed on this subject throughout the pre and post Brexit periods. The terrorist threat faced by the UK and the rest of Europe today, along with other serious security concerns such as cyber crime, is so complex, large-scale and transnational in nature that a maximum level of cross-border police cooperation is an essential pre-requisite in any effective response strategy. This is clearly an opinion shared by the leaders of the law enforcement community in the UK, their counterparts across Europe, and their respective governments. I think security is a very important part of the Brexit process and will get the attention it deserves in the negotiations to come in 2018. CTB: In light of a number of terrorist attacks last year, most notably in London, Manchester and Barcelona, how integral will Europol’s approach to threat intelligence be in 2018? Europol’s increased focus on facilitating counter-terrorist cooperation in Europe over the last two years has brought significant dividends, with enormous increases in the scale of the amount of intelligence collected, exchanged and analysed through a dedicated, secure communication network run by the agency. In turn, that has allowed Europe to identify new opportunities for counter-terrorist investigation and to support hundreds of cross-border cases each year. That provides the agency with a very strong basis on which to help national authorities in Europe deal with new threats and investigations that 2018 will bring. CTB: Your contract at Europol expires in April this year. What do you envisage the role of Europol to be over the next few years? Today Europol is regarded as a serious global security institution and one of the most important in Europe. Its unique capabilities, of providing an effective platform to inter-connect a huge law enforcement community for the purposes of intelligence exchange and operational coordination, have become an essential element in the continent’s response to more serious security threats, such as terrorism, cyber crime and people smuggling. I have no doubt it will go from strength to strength in future. Europol is the European Union Agency for Law Enforcement Cooperation. Headquartered in The Hague, the Netherlands, Europol supports the 28 EU Member States in their fight against terrorism, cyber crime and other serious and organised forms of crime. Rob Wainwright will be holding a session at the Security & Counter Terror Expo on 7 March 2018 at 14:30, discussing tracking the movement and intentions of extremists within Europe. Click here to book a ticket to the expo: https://www.counterterrorexpo.com/welcome

www.europol.europa.eu

Current national security challenges

Michael Lyons — Mon, 09 Oct 2017 13:09:34 +0000

Threat Landscape

Professor Anthony Glees, director at the Centre for Security and Intelligence Studies, part of the University of Buckingham, explores the current security threats to the UK, and how security should be maintained in Brexit negotiations Speaking on 15 September 2017, after the latest terror attack in the UK, �鶹�� Secretary Amber Rudd said that 2017 had so far been ‘a year like no other’: Britain had been hit by five terrorist attacks in nine months, the Security Service (MI5) and counter terrorist police had disrupted a further six plots but were immersed in 500 counter terrorist operations. Earlier this summer, Security Minister Ben Wallace, disclosed that there were now 23,000 potential jihadists in the UK - 20,000 more than the previous estimate provided two years earlier. This is just the threat Britain faces from Islamism. We are also challenged by neo-Nazism. By the end of September, 14 people, including two members of our armed forces, were arrested on neo-Nazi terrorism and two neo-Nazi groups, ‘Scottish Dawn’ and ‘NS131’, were proscribed (‘National Action’, their predecessor, was banned in 2016, following the killing of Jo Cox MP by a member). To date, the British government has banned 71 organisations in all, of which 70 have an international presence, proscribed under the Terrorism Act 2000, with a further 14 banned in Northern Ireland. That the threat from terrorism to Britain’s national security is currently set at ‘Severe’ is hardly surprising (in September it reached the highest level, ‘Critical’, for a short time). Yet home-grown Islamist and neo-Nazi terrorism are not the only security challenges the UK now faces. As we leave the European Union, whether in ‘soft’ or a ‘hard’ mode, we are, in security terms, entering decidedly choppy and uncharted waters. Some of these threats have to do with the transnational nature of external Islamist and neo-Nazi terrorism and the self-evident truth, fully accepted by the Prime Minister, that they require both national and Europe-wide cooperation if they are to be withstood. Others stem from the perceived and actual current position of the UK at a time of huge transition and volatile domestic politics: this must be a trigger to ‘predators’, whether states - particularly Russia, who sees a straightforward political advantage to itself in promoting instability and division - or sub-state external actors including serious organised criminals. The Brexit effect In the future, Britain will become even more vulnerable if Brexit does not follow the government’s current chosen path as outlined in the Prime Minister’s Lancaster House speech and, more clearly and attractively, to the EU27 in her Florence speech. A ‘global’ UK, entirely cut out of any EU connection after March 2019 will become even more vulnerable to attack because we will lack the support of EU-promoted agencies, with whom we have previously been joined at the hip, and because if the UK becomes initially less prosperous, there will be less cash for security. Prior to the Brexit vote in June 2016, May, then �鶹�� Secretary, had declared that ‘remaining a member of the EU means that we shall all be more secure from crime and terrorism’ and that ‘leaving the EU did not mean we would be as safe as if we remain’. Outside the EU, she said, we would have no access to the European Arrest Warrant which had allowed the UK to extradite 5,000 people since 2011 and bring 675 suspects or convicts to the UK. Britain had used the EU Schengen Information Database System 514,160,087 times in 2016. There are some 70 billon items in the Brussels database tracking 28,472 persons of interest to British intelligence, 1768 firearms and 113,414 vehicle records. There are still other vital national security challenges to be addressed by a Brexiting Britain: mainly how to control immigration into Britain from myriad of ports and minor airports as well as major hubs, and how to police the new borders with the EU27 that will have to be constructed. Whilst the government may insist that a ‘seamless border’ is possible in Northern Ireland, in reality this is a meaningless oxymoron. Borders cannot at once be borders and ‘seamless’; IT cannot counter smuggling, illegal immigration or serious organised crime because it cannot do so now (indeed IT often promotes it). So what is to be done? In respect of the Brexit-related challenges, one answer would indeed be provided if the Prime Minister’s security offer were accepted by the EU27 and the European Commission. It should be. Theresa May is plainly keen that we should continue to have an effective security and intelligence relationship with the EU27 after Brexit. This is not just because the UK’s obvious strength in this sector is a bargaining chip in the trade negotiations with the EU27, but because she understands the vital importance of the security relationships that function within the umbra of the EU. Indeed, this is so important to her that in her Florence speech of 22 September 2017 she offered not just a new security treaty with the EU27 but said the UK would be ‘unconditionally committed’ to this. But Brexit, whether hard or soft, inevitably means the UK will be required to leave INTCEN, the Open Source (OSINT) Division, the EU Situation Room and the Consular Crisis Management Division as well as the Counter-Terrorist Group (Whitehall Briefing, 2016). The UK will also have to quit Europol which is now an EU institution. Britain will no longer participate in the Common Security and Defence policy, the Political and Security Committee, the EU Satellite Centre (SATCEN), Galileo, as well as a host of OSINT research groups, such as the Single Intelligence Analysis Capacity. If Brexit is soft, the UK could apply for re-entry. However, all these bodies require members to accept the ultimate jurisdiction of the European Court of Justice. As the UK government’s refusal to do so is a ‘red line’, it is hard to see how Britain will have these resources at its disposal after 2019. We will therefore have to do these things alone, as best we can. In respect of the fight against home grown extremism and terrorism, the first thing the government needs to do is to deliver measures it already has at its disposal whilst developing new ways of combating jihadism. It should increase the number of counter terrorist police and the size of MI5 as speedily as possible, as both major UK parties promised during the election. It must also develop new strategies to contain what looks increasingly like an endemic spread of jihadism amongst Britain's young Muslims where one ‘success’ energises others to try their hand at terror. All will have to be carefully targeted and intelligence-led if the increase is not to become exponential. Large number of immigration officers will be needed and, in the case of Northern Ireland, there are both land and sea borders that must be controlled if the smuggling of people and goods from the EU into Northern Ireland, and thence into the UK, is to stand any chance of being prevented. Budget cuts to the police will need to be reversed and increased funding to intelligence-led agencies maintained. Other measures of control are now required and the ‘Prevent’ counter extremism policy, far from being scrapped, should be extended, to involve MI5 in the process to ensure targeting is as successful as possible. The legal apparatus exists in the form of the Investigatory Powers Act 2016. Prevent has, in fact, frequently worked: in 2015-16 7,500 people were referred to Prevent, 20 a day, and it is thought at least 150 people were stopped by it from travelling to join ISIS. Finally, in respect of Russian subversion, the 1989 Security Service Act placed on MI5 the statutory duty of ‘protecting national security…from actions intended to overthrow or undermine parliamentary democracy by political…or violent means’. MI5 must get cracking on this as well.

www.buckingham.ac.uk

How likely is a chemical attack on the UK?

Michael Lyons — Wed, 20 Jul 2016 09:38:16 +0000

Threat Landscape

Peter Bennett, from security consultancy Covenant, discusses the possibility of chemical attacks on critical national infrastructure, examining both the short and long-term effects It is more than likely that all countries in the world contain some groups and individuals who harbour a desire to perpetrate an attack against something or somebody. Amongst those people there are some who favour the use of chemicals as a means to inflict harm. So what exactly is the threat? There is inherent threat in much of our daily lives through the activities we undertake, from accidents and disasters, and of course from deliberate acts designed and intended to cause harm. We discuss chemical attacks in terms of a large scale event resulting in a high number of fatalities, numerous injuries and major disruption – in essence the question posed seeks to provide some sort of considered answer to the likelihood of an event like that taking place on our soil. So how do we assess threat? Simply put, a threat must be credible for it to have a chance of materialising. This credibility is driven by three factors: the intent of a threat actor to deliver; the opportunity for that threat to be delivered; and the capability of a threat actor to deliver. If all three factors are present then you can consider the threat to you as credible. Acting with intent Intent depends very much upon the beliefs and motivations of the threat actor. Extremist views can be strongly affected by individual and group ideals and perceptions of other external influences. The UK government is attempting to reduce the threat from terrorism in the UK through its counter terrorism programme, referred to as ‘CONTEST’. One of the strands of this is ‘PREVENT’, which aims to steer those at risk of radicalisation away from joining terrorist organisations – however this programme is largely focused upon Muslim communities. There are those who just won’t be diverted from their particular course and will continue to develop plans regardless. ISIS and other terrorist organisations clearly use the UK foreign policy as one justification for their actions, whilst other attacks have been motivated by different issues, such as the politics of hate. David Copeland, the London ‘Nail Bomber’, harboured neo-Nazi views and in 1999 placed three explosive devices in London, aimed successively at the black community in Electric Avenue, Brixton, the Bangladeshi community in Brick Lane, and the LGBT community at the Admiral Duncan pub, in Soho. He was also exploring a bio development and was trying to produce material in home-made petri dishes. His stated political aim was to instigate a ‘racial war’ and create an upsurge of support for the British National Party. Anders Breivik, who was responsible for the July 2011 attacks in Oslo and Utoya, has been described as extreme right wing and Islamophobic, yet described himself as a ‘conservative nationalist’. He successfully avoided discovery by the authorities by creating an agricultural business allowing him access to purchase certain materials. He obtained 100kg of chemicals from an internet site and later bought approximately six tonnes of chemicals usually associated with fertiliser. Very recently, Thomas Mair, reported as the person responsible for the murder of Labour MP Jo Cox, gave his name in court as ‘death to traitors, freedom for Britain’. There are suggestions he subscribed to a magazine with pro-apartheid views and was against the expansion of Islam and multi-cultural societies. When the opportunity arises Opportunity varies according to several different factors, but if we look at it simply in terms of ‘are there places where a chemical attack could be deployed?’, then the answer is equally simple. Routine access to public spaces where large numbers of people gather is always going to be possible to some degree, even if there are entry requirements. Potential attackers will assess site attractiveness, the likely impact of their attack and the most effective methodology for the level of opportunity available amongst their planning considerations. The UK Critical National Infrastructure (CNI) is divided into thirteen activity sectors. The most likely aim of a chemical attack will be to cause mass casualties, but the nature of business activity at many of these CNI sites does not attract large numbers of people, so they are less attractive as a target for a chemical attack. However, with the broad range of activities across the CNI sectors these sites may be considered for other attack methodology, depending upon the attacker’s chosen aims and any perceived or identified site vulnerabilities. It is also significant to look at whether a threat actor has access to sufficient materials and equipment necessary to prepare and deliver an attack of this nature. A large scale attack requires large amounts of materials and it is during the acquisition phase that attackers can be most vulnerable to detection. This can have an impact upon methodology and their perception of likelihood of success, but it also leaves a trail of information for the authorities. This trail has been misunderstood before, with indicators being discovered in a post-incident investigation rather than early enough to disrupt an attack. Anders Breivik is a good example. The German Wings pilot, although not considered a terrorist, is another, as there were several triggers in his behaviour which, if identified sooner, may have averted the crash. Capability Capability varies enormously between threat actors. Knowledge is key – you have to know what you want to do and how to do it if you require a chance of success. The science of chemical properties, how to produce certain chemicals and information about those materials used as chemical weapons is already available and provided in great detail. Unsurprisingly, the internet provides huge amounts of information to fill knowledge gaps, with a straightforward search able to deliver very detailed information on the range of chemicals, their properties and their availability. Instructions on how to prepare them are widely accessible and the hazards involved widely documented, but that is only part of the picture. Some of the more well‑known chemical weapons, such as Sarin, are dangerous to manufacture safely even in small quantities and a significant level of knowledge and skill would be needed to manage the risks posed in their production. Resources are the next vital element. Small quantities of some highly toxic materials can be produced in a basic chemistry laboratory or illicit kitchen lab set up and the raw materials for many of these are not that difficult to obtain. However, this depends a great deal on the chosen substance, as many of these require precursors or generate by-products which in themselves are highly toxic, flammable and/or explosive, so they can be just as unpleasant as the final material. This hazard is regularly demonstrated in illicit drugs laboratories where the participants have managed to blow themselves up or set their rooms alight. Attack planning in tokyo This is the point where capability becomes a problem for attack planning. As with biological attacks, the intent to attack us is present, the opportunities to do so can be identified, the knowledge required to prepare the chosen materials is also available and the materials themselves can be relatively easy to acquire. However, there are two major hurdles to overcome and it is these two issues which have the greatest effect on the likelihood of a large scale attack being perpetrated and, most importantly, being delivered with a high degree of success. A look at the attacks in Matsumoto and on the Tokyo subway system, perpetrated by the Aum Shinrikyo group in 1994 and 1995, sheds some light on these difficulties. Both of these attacks used Sarin as the weapon of choice. In 1994, in Matsumoto City, Nagano, members of the Aum Shinrikyo group released Sarin gas into the atmosphere in the vicinity of a pond, resulting in the deaths of seven people and leaving 274 others seeking treatment. On 20 March 1995, members of the same group launched an attack on the Tokyo subway system in the early morning rush hour, targeting a number of different rail routes. They used liquid Sarin transported in sachets, which they pierced with sharpened umbrella tips on the floor of the train carriage before making good their escape. The Sarin leaked out and began to evaporate quickly, with rapid effects. Ultimately there were 12 recorded deaths, with over 5,000 people being treated for exposure, some in a critical state, others described as ‘worried well’. In the subsequent investigation it was revealed that Aum Shinrikyo had manufactured the Sarin used in the subway attack at their own facility, which comprised a three storey purpose made manufacturing plant, constructed over a period of years at Yamanashi, near Mount Fuji. They also had facilities in several other countries and had been working with Sarin, as well as other harmful agents, for a number of years. The group was well-funded and resourced, with extensive facilities and expertise utilised over a significant period of time. Some time later, a United States sub‑committee estimated that, had the group chosen a more effective delivery method for their Sarin, many thousands, perhaps tens of thousands of people would have been killed. Chemical agents have a toxicity threshold which must be reached before they can have a lethal effect. Obviously this varies according to the agent, but it is without doubt that to achieve this level across a large, public, open area or network can be very challenging. Additionally, dispersal of the agent usually occurs very quickly, so enormous quantities are required to reach lethal dose thresholds over large areas. If your intent is to cause mass casualties then the amount of toxic material required would be very large indeed. Developing a system which will successfully deploy a highly toxic material into a public space or network in sufficient concentration to reach lethal thresholds is also challenging. To release an agent in sufficient quantities to cause mass casualties represents a difficult technical task that requires knowledge and resources but it is achievable. The use of Sarin in Syria has been widely reported, with the use of Chlorine in Iraq and suggestions of Mustard also being deployed there further supporting this. Long-term consequences It is worth briefly discussing impact, too. Although a slightly different type of attack, the anthrax letters sent out in September and October 2001 in the United States demonstrate how even a relatively unsuccessful attack in terms of casualties can have significant and long‑lasting consequences. It is believed that about 11 of these letters were sent, although only four were ever recovered, each containing a very small amount of anthrax spores. There were five deaths and at least 17 people treated for effects of anthrax inhalation. The four recovered letters all passed through the postal facility at Hamilton, New Jersey on their way to their ultimate recipients, contaminating that facility as they did so. The clean-up programme that ensued was extensive, with dozens of buildings affected. Brentwood postal facility took 26 months to decontaminate at a cost of $130 million, Hamilton cost $65 million to clean up and was closed until 2005. One FBI estimate put the overall cost at over $1 billion. To this day, people are well aware of postal deliveries containing suspicious white powders, with significant numbers of incidents being reported to authorities year on year. Public fear of being exposed to a harmful substance is a powerful driver in influencing behaviour. Should there be a large scale chemical attack at an iconic location, a popular crowded place or perhaps a large transport hub, there will be an effect upon the willingness of individuals to visit or transit through that location for some time, although eventually that fear will decline. How many will be concerned and for how long is very hard to define. Costs to clean up will be high, that is without doubt. So what of the likelihood then? This question really needs to be clarified. It should ask: ‘How likely is a large scale chemical attack in the UK, and will it be successful in achieving mass casualties?’. Based on available information and the limitations as they are understood right now, the likelihood of there being a large scale chemical attack on the UK can currently be considered as low, but the impact of such an attack would be very high. The likelihood of such an attack resulting in mass casualties is more difficult to assess as there are many variable factors to be applied. Much of the effect of a released agent is dependent upon where it is released and the weather conditions prevailing there at the time. Public reaction to it is also relevant, as it is probable that injuries and even fatalities could occur as large numbers of people rush to escape a threat, even if they are not actually affected by the agent itself. Our emergency response is important too. Ongoing efforts to improve and refine emergency response capabilities, supported by continued public awareness, industry compliance and collaboration, academic engagement and a host of other initiatives all add value to our resilience and the level of deterrence we present. Complementing and integrating those with proportionate security regimes and sensible, effective regulatory controls is key to keeping the threat and likelihood as low as we can.

www.covsec.co.uk

The growing fear of a physical security incident

Rachel Brooks — Mon, 21 Mar 2016 14:17:04 +0000

Threat Landscape

With cyber threats remaining a top concern for many organisations, Andrew Scott, of the Business Continuity Institute, says that physical threats are not be ignored either. The Business Continuity Institute (BCI) recently published its annual Horizon Scan Report – a report that looks at what the biggest concerns are to business continuity professionals across the world – and yet again it has shown that the greatest of those concerns is a cyber attack. In fact, all of the top three concerns relate to IT infrastructure with data breach coming second and IT/telecoms outage coming third. 85 per cent, 80 per cent and 77 per cent of respondents to the global survey conducted by the Institute expressed concern at the possibility of one of these threats materialising and resulting in a disruption to their organisation. Perhaps that is not surprising considering the increasing likelihood there is of such an attack taking place. One study carried out last year by NTT Com Security (Risk:Value Report 2016) indicated that two-thirds of organisations predicted that they will suffer a data breach at some point in the future. It is also perhaps not surprising given the damage they can cause, not only financially, but to an organisation’s reputation as well. Target, Sony, Ebay, the BBC all suffered a sizable attack in recent years with downtime or subsequent fines if data is stolen hitting the bottom line significantly. The rise of physical threats What was a surprising finding in the Horizon Scan Report was the rise of physical security as a major concern for organisations, with security incidents such as vandalism, theft, fraud or protest moving from sixth place in 2015 to fifth place this year, and act of terrorism moving from tenth place to fourth. Of course it needs to be kept in mind that the events in Paris at the end of 2015 will still have been fresh in peoples’ minds, and will have got them thinking about what impact an act of terror could have on their organisation. You don’t need to be targeted directly to be disrupted by a security incident or an act of terror, any organisation in the vicinity of such an event has the potential to be disrupted. When the hostage situation was taking place at the Lindt Café in Sydney, many offices in the surrounding area had to be evacuated. One thing that is worth highlighting that the Horizon Scan Report focuses on concerns, and is not a risk assessment looking at impact or likelihood. It may be that another incident is more likely to occur and/or have a greater impact should it occur, but that does not in itself make it a concern. There may be other factors involved in respondents’ decision‑making, such as how prepared their organisation is for a particular incident unfolding. The BCI’s Horizon Scan sets the baseline and shows what the overall threats are. It does break these threats down by size of organisation, sector and location, but it is important that all organisations conduct their own horizon scan in order to assess the threats specific to them. If you know the threats your organisations faces, then you are better placed to know what the potential consequences of those threats materialising could be, and therefore what the potential disruptions could be. From here you have the foundation for a business continuity plan. Putting a plan in place Whatever the crisis, it is essential that organisations have plans in place to be able to deal with the consequences, and have that business continuity plan in place. With physical infrastructure, whether the cause is a fire, flood, or act of terror, if the building is out of action then you need to ensure there are plans in place to work elsewhere. Is there a nearby workspace that can be used instead, or can staff work from home? The technology that is available, either by enabling employees to log in to the server remotely or by using the cloud, makes this a perfectly feasible solution without too much disruption. If the disruption is on a much wider scale, for example New York City after Superstorm Sandy, the important work can be transferred to a separate location but within the same organisation. Again it comes down to ease of access to data, and perhaps size of organization. Smaller organisations may have less flexibility to absorb any disruption, and are less likely to have back‑up facilities that could be used. On the other hand, the smaller the organisation, the less its requirements will be, so it may have more flexibility to relocate elsewhere. Regarding digital infrastructure, it doesn’t matter whether it’s a cyber‑attack or a power failure, if the IT is out of action then you need to have plans in place to manage through this. Can it be replicated elsewhere? There are many data replication solutions available that can migrate all of your data to a secondary system, removing the potential single point of failure that could result in you losing all of your data in the event of an IT disaster. With the increasing use of the cloud, in theory people should be able to uproot themselves and move virtually anywhere to get their work done, and in office based environments, this is certainly the case. It is also essential to respond swiftly to any crisis as the longer you delay any action, the more disruptive it could become. Communicate to all your stakeholders what is going on and what you are doing to resolve it. People are a lot more understanding when you’re being transparent and they can see you’re making an effort to sort things out. The supply chain power chain Of course making sure your own house is in order is one thing, but in the globally connected and often complex world that we live in, most organisations are dependent on many other organisations that are contained within their supply chain. A supply chain is only as strong as its weakest link so it is also important to make sure that the organisations you deal with have their own business continuity plans in place so they can manage any disruption that occurs to them. A recent piece of research by the BCI – the annual Supply Chain Resilience Report – highlighted that nearly three quarters of organisations surveyed had experienced at least one supply chain disruption during the previous twelve months, and that 14 per cent had suffered cumulative losses in excess of €1 million as a result. Furthermore, nearly three quarters of organisations claimed they did not have full visibility over their supply chains and half admitted that any disruptions occurred below the tier 1 supplier. If you have a better understanding of your supply chain and manage it more effectively, then you stand a much greater chance of withstanding any disruption that may arise. What is perhaps the key part of any business continuity plan is the validation phase – does it work? During an incident is a great way of finding out whether your plan works or not, but if the answer is that it doesn’t then it could leave your organisation in a bit of a mess. Testing and exercising ensures that the plan can be effectively assessed in an environment where it doesn’t matter if it goes wrong. There are several ways of exercising the plans and these range from table top exercises whereby the key players discuss different scenarios and what they would do if those scenarios occurred to a live exercise in which an incident is played out as if it were for real. Disruptive events will always occur, whatever form they may take. By having an effective business continuity programme in place, it should mean that, in the event of an incident, a drama doesn’t turn into a crisis. The sunny-side of business continuity A lot of business continuity planning and horizon scanning involves analysing the threats that organisations face, and it can often come across as being rather fear‑mongering, however it is worth noting that there are positive aspects to business continuity as well. It is these positive aspects that are being focussed on during Business Continuity Awareness Week (16-20 May 2016) which has the theme ‘return on investment’. Being seen as a reliable customer/supplier can lead to reduced insurance premiums and can also be used as a bargaining chip during contract negotiations. The analysis phase of the business continuity programme can often find efficiencies and cost savings within an organization as it looks in close detail at business processes. Exercises held as part of the business continuity programme can often act as effective team building exercises as they see how people respond and work together when put in a challenging environment. Andrew Scott CBCI is the senior communications manager at the Business Continuity Institute. Andrew has over ten years experience at the Ministry of Defence working in a number of roles including communications and business continuity. Further Information www.thebci.org