Counter Terrorism: Potential Indicators of Terrorist Activities or It's Probably Nothing, But....

'It's probably nothing' but your call could save lives - that's the message of a Metropolitan Police Service (MPS) counter-terrorism publicity campaign which seems to get reincarnated each year. It's supported by radio, poster and 1.4m leaflet drop to households in London.

Overall its actually a good campaign and asks the public to question the norm - just in case it's something much more.

This however compares to the recently publicised FBI campaign which includes these actions as deemed 'suspicious':

• Using multiple mobile sim cards 
• Pays with cash 
• Communicates using VOIP 
• Uses encryption 
• Trying to shield your computer screen from others 

Sound familiar? Some of these are basic security measures which I and people I know do, but are we terrorists - I think not! The full details of the 25 FBI campaigns can be viewed here.

So its MPS 1 - FBI 0

In the UK call the confidential 

Anti-Terrorist Hotline

FBI’s Robert Mueller Reflects On The Escalation Of Insider Threats

This is a really interesting account from the Director of the FBI. It demonstrates his top priorities, details some recently publicised incidents and explains how the threats from terrorism, espionage and cyber attacks are evolving.

I think we sometimes forget the excellent work that law enforcement and intelligence agencies carryout on a daily basis to protect us all, and this applies both at home and abroad.

It's quite lengthy (but well worth a read) so I have included a link to the source document, click here.

The Prevent Strand Steps Up

The government’s revised Prevent counter-terrorism strategy was published today. It outlines that the Home Secretary Theresa May will promise to spend more on identifying threats in prisons, universities and the health service. Plans will be unveiled to prevent computers in schools, libraries and colleges from accessing extremist material on the internet.

 

Mrs May has criticised universities for their "complacency" in tackling Islamic extremism on campus, saying that for too long they have not been sufficiently willing to recognise what is happening.

Lord Carlile of Berriew QC, Independent Reviewer of Terrorism Legislation 2001-10, comments on the issues surrounding Preventing Violent Extremism including outcomes of the Prevent review.

"It is crucial for universities to be able to identify possible threats and be aware of what is happening on campus. National Security will focus on all aspects of securing the nation and is a vital learning opportunity for institutions that are vulnerable to incubating extremism".

Posted by Richard using BlogPress from my iPhone

The Threat Within

Who is the insider?

But what exactly is the insider threat? What, or rather who, is an insider? Security professionals and government agencies all have their own definitions and all of these that I’ve read differ in their own little way, but fundamentally the meaning is the same.

  

I am not going to quote each and every definition (please use the web links opposite to visit some of the specific sites), but the important thing to remember is that an insider is a person to whom you have given legitimate access to your assets. In my opinion a former employee does not fall into this definition (and so is not an insider) as they no longer have legitimate access. In fact, their activities are likely to constitute a criminal offence in themselves.  



In the counter terrorism arena we talk a lot about capability vs motivation. Terrorists have motivation in buckets but most lack the capability - for example they cannot access the materials to build an effective IED. On the flip-side the insider has the motivation but also the capability as they have the in-depth knowledge of your organisation and the way in which you go about your business.

Companies are understandably slow to come forward and admit about their insider incidents as it could demonstrate a weakness in their internal processes or systems. This weakness could lead to uncomfortable questions from shareholders and governing bodies. The majority of insider incidents are reported by co-workers who experience suspicious activity but many still go undetected.

An Insider can be anyone in your organisation, anyone from the part time cleaner right up to a member of senior management. There is no ‘one size fits all’ profile for the insider, but there are a number of warning signs which could identify that you have a problem (we will cover these in future articles). It is important to remember though that current staff can become an insider, so 'Jim' who has been at his middle management role for 6 years and has a clean record may have a sudden change in personal circumstances (he could fall into financial difficulties) and could become a threat!

There is a massive misunderstanding and a lack of experience when it comes to the insider threat and this stems from no one department taking responsibility for it. The HR department generally deals with pre-employment screening (although in our opinion the security team should), IT systems are taken care of by the IT geeks wearing sci-fi t-shirts and musical ties, and any resulting investigation is dealt with by the security team.

There are various different types of insiders and the threat they pose will be different to each of you but in general they are:

• Single Action Groups (animal activists or swampy students) – to cause harm, damage or media coverage
• Terrorists - to cause large scale harm and to maximise media coverage
• The Lone Wolf - because they want to and can! They are not part of any other group
• Journalists – to identify an loop hole and to sell more newspapers
• Foreign Intelligence Service
• Competitors (corporate espionage) - trying to gain trade secrets, insider trading information or just to gain the upper hand over you
• Disaffected Staff – revenge for not giving them that promotion/pay rise or someone who thinks they know better then the organisation itself.
• 3rd Party Facilitation – helping somebody else to gain entry or supplying someone else with the data to commit crime, admin account login/password or giving them your building access card.
• Unknown Pawns - exploited via various means but one way could be via social engineering or 'water cooler talk'. Normally these types of insider are unaware of the information they are supplying others with.

Why do these people do what they do?

• Kudos
• Reward 
• Personal Mission
• In the name of Public Interest
• Identify an issue or wrong doing
• Revenge
• Intelligence
• Facilitation of Crime

The effects of an insider can be far reaching but may include: 

• Reputational Damage – poor media coverage, loss of investment opportunities
• Financial Loss – Loss of sales or fines imposed by the ICO or regulating authorities (e.g.: Ofcom or the FSA).
• Physical Damage
• Unrest Internally with Staff – potential a lack of trust between staff
• Loss of Operational Service
• Loss of IT Service (normally via denial of service attacks)
• Theft
• Fraud
• Poor International Relations

I keep coming back to it, but the single most important factor to consider is that these people have legitimate access, but what does it mean?. For me, this means they have already bypassed the majority of your physical and electronic security measures which protect you. Insiders are placed into organisations for the long term to build your trust, to gain a very in-depth understanding of your processes and the assets they are interested in. Even law enforcement are concerned that people with clean records will join in entry level roles and will raise through the ranks in order to supply serious organised criminals with information to assist them in committing crimes.

There have been numerous incidents of insiders

There are many tools in organisations to prevent these threats and most fall under the security specialism of Personnel Security, some of these are:

• A robust pre-employment screening regime (most potential insiders can be detected at this stage - especially journalists and people that have clearly lied on application forms or CV’s)
• Having a staff exit (leavers) procedure
• Having a positive security culture – where staff are aware of the security risks that your organisation is susceptible to
• Good policies and procedures, which staff are aware of and read
• Awareness of the potential warning signs (we will cover some of these in a future articles)
• Support from the board and senior management
• A robust security audit process including auditing 3rd party providers (make sure all contracts include a 'right to audit 'clause)
• Utilising the electronic tools you have in place – system logs, forensic tools etc

Whatever approach you decide for your business, it must be risk-based and targeted. Each organisation’s risk appetite will be different, but one thing for sure is you ‘will’ experience an incident as a direct impact from insider action – it is purely a matter of when, and how significant the impact is.  

The insider threat is a very vast subject and something that is impossible to cover in a single blog post. In my future articles I will give you some more details on this risk but until then expect the unexpected, these people are very difficult to detect but are easier to prevent.

CPNI Hostile Vehicle Mitigation (HVM) Public Realm Intergration

This week the Centre for Protection National Infrastructure (CPNI) released a Public Realm Integration document which although looks like it has been designed by Saatchi & Saatchi it offers some very good information about when and what you should consider when deploying any HVM in the public realm. It is arguably that it provides quite a bit of detail which could be used to combat the hostile vehicle threat but its available in open source on their website, so one would consider it has passed any vetting.


Click on the image to view
the document



In any case we post it to support the continued interest and development of this area and to share with our visitors who otherwise would not visit the CPNI website.

 

We would be interested in any comments you have in relation to this and maybe continue a discussion through other postings. In the meantime, Enjoy.

The document mentions 'CPNI is keen to encourage public realm designers to consider protective security at project inception. There is a need to design innovative and integrated solutions that protect sites deemed to be vulnerable to vehicle borne threat, whilst not diminishing functionality or aesthesis'.

INSTINCT at HOSDB 2011

This week myself and Paul attended the Home Office Sceintific Development Branch (HOSDB) exhibition in Farnborough, Hampshire. HOSDB in conjunction with UK Trade & Investment Defence & Security Organisations is the UK's platform for showcasing to the world the some fo the new security applications, technologies and solutions that are available to international law enforcement, agencies and public security professionals.

Now, not only was it probably the best day's weather we have had for a long while, but the exhibition itself was actually quite good. Clearly there is very good reason and interest for the UK to market its wears and demonstrate some of its cutting edge technology and the usual companies and faces were there. But it was more the TD2 airport exhibition on the other side of the airbase that caught my eye.

In recognition of the role that technological innovation has to play in CONTEST, the Office for Security and Counter Terrorism (OSCT) with the support of The Ministry of Defence, HOSDB, the Centre for the Protection of National Infrastructure (CPNI) and the Association for Chief Police Officers (ACPO) established INSTINCT (Innovative Science and Technology in Counter Terrorism) INSTINCT is a cross-government programme involving more than a dozen departments and agencies and focuses primarily on improving our understanding of how technology can be best deployed to counter the threat of terrorism. Following a couple of foiled or failed attacks in the aviation environment INSTINCT commissioned its second Technology Demonstrator Project (TD2) and Thales UK was selected to deliver it.

The exhibition itself was laid out just like an airport terminal and by using your boarding card (show material, not actual) you progressed throughout the terminal being confronted by the security technology and of course any sales and marketing staff until your reached your airside area. Upon reaching airside (again, not actual) we were treated to a 10-15 minute presentation and Q&A session that visually demonstrated the process we had just undertaken, describing the joint up thinking and approach given to applying an intergrated security system that could enable early detection and identification of individuals posing a risks to airports and to protect passengers against those possible risks safely and with minimal or no intrusion.

For me this exhibition felt different than any other I've recently been to, as the providers of these applications were not necessarily selling their product directly, it felt more like selling the concept, which for me is a lot easier to 'buy in' to than the hard sale and of course in my opinion action always sounds louder than words. To those of you who didn't get the chance to visit and want to know more about a strand of the CONTEST strategy that doesn't seem to get much of a mention please take the time to visit the Home Office links provided.

News - The Threat Within

This is an excellent example of the threat an insider can pose to an organisation (and in this case potentially the public). Rajib KARIM deliberately sought a job in the UK that he could exploit for terrorist purposes.

KARIM was convicted on four counts of engaging in conduct in preparation of acts of terrorism, contrary to section 5 of the Terrorism Act, following a trial at Woolwich Crown Court.

For more information on the case visit The Met Police website.

 Security, security assurance, counter terrorism, personnel security,  Security, security assurance, counter terrorism, personnel security,  Security, security assurance, counter terrorism, personnel security,  Security, security assurance, counter terrorism, personnel security,  Security, security assurance, counter terrorism, personnel security,

Counter Terrorism Publicity Campaign Launched In London Today

"It's probably nothing" but your call could save lives - that's the message of a new (??) counter-terrorism publicity campaign launched by the Metropolitan Police Service today (although is does appear to be a reincarnation of previous campaigns). I do think the message is a good one and at the end of the day the Police can't be everywhere but they really need to step things up a little to fully engage the public and commercial businesses - which after all is what they are trying to achieve at a national level! 

The four week campaign consists of two 40-second radio adverts and three press adverts which will feature on radio stations and in newspapers across London.



Just one piece of information could be vital in helping disrupt
terrorist planning and, in turn, save lives 

Police want people to look out for the unusual - some activity or behaviour which strikes them as not quite right and out of place in their normal day to day lives e.g.:

• Terrorists need storage - Lock-ups, garages and sheds can all be used by terrorists to store equipment. Are you suspicious of anyone renting commercial property?
• Terrorists use chemicals - Do you know someone buying large or unusual quantities of chemicals for no obvious reason?
• Terrorists need funding - Cheque and credit card fraud are ways of generating cash. Have you seen any suspicious transactions?
• Terrorists use multiple identities - Do you know someone with documents in different names for no obvious reason?
•  Terrorists need information - Do you someone taking an interest in security, like CCTV cameras for no obvious reason?
•  Terrorists need transport - If you work in commercial vehicle hire or sales, has a sale or rental made you suspicious?

The radio ads are available here Advert One and Advert Two via Audioboo.

The Washington Metro Are To Conduct Random Bag Checks

Metro anti-terrorism teams will immediately start random inspections of passengers' bags and packages to try to protect the rail and bus system from attack.

Police using explosives-screening equipment and bomb-sniffing dogs will pull aside for inspection about every third person carrying a bag, Metro Transit Police Chief Michael Taborn said. The searches might be conducted at one location at a time or at several places simultaneously. The inspections will be conducted 'indefinitely'.

The inspections over the far-flung transit network, which has 86 rail stations and 12,000 bus stops, will be conducted by several dozen officers at most. Metro's trains and buses carry more than 1.2 million passengers every weekday, and officials acknowledge the limitations of the plan.

The screening will be conducted before passengers pay to enter the rail system or board a bus, and customers who refuse the inspections will be "free to leave," Taborn said. But there is a possibility that those who decline screening will be questioned further.

Will this work? Is this enough to deter a terrorist? Isn't the 'MO' to detonate at first point of contact? 

Still something is certainly better than nothing!

If You Suspect It, Report It!

This the message the MPS has put out as part of its latest counter terrorism publicity campaign. It's an old message put a very relevant one. Click here for the MPS new radio advertisement.

The MPS want people to look out for the unusual - some activity or behaviour which strikes them as not quite right and out of place in their normal day to day lives e.g.:  

• Terrorists need storage - Lock-ups, garages and sheds can all be used by terrorists to store equipment. Are you suspicious of anyone renting commercial property?
• Terrorists use chemicals - Do you know someone buying large or unusual quantities of chemicals for no obvious reason?
• Terrorists need funding - Cheque and credit card fraud are ways of generating cash. Have you seen any suspicious transactions?
• Terrorists use multiple identities - Do you know someone with documents in different names for no obvious reason?
• Terrorists need information - Do you someone taking an interest in security, like CCTV cameras for no obvious reason?
• Terrorists need transport - If you work in commercial vehicle hire or sales, has a sale or rental made you suspicious?  

I do find it a bit poor that the Met's own website actually spells 'suspicious' incorrectly (although I admit that my spelling isn't much better)!