Closing the gap: strengthening the case for business security
Sir David Venness presents the argument that recent developments in international terrorism, and the current response to the threats and risk posed, have strengthened the business case for corporate investment in security.
The presence of armed soldiers on the streets of French and Belgian cities demonstrates changed circumstances and novel dimensions of the challenge. Business leaders will wish to consider the four key factors which have led to these changed conditions:
- The threat is growing faster than the response and has created a gap in security.
- The threat and the security gap is likely to be enduring.
- The potential impact upon business encompasses staff safety and security at home and abroad.
- The changed threat and response has wide implications for business operations and thus necessitates a more integrated and comprehensive security policy.
The opportunity for business arising from these factors is to assess the need for self-help and to sharpen the corporate security posture. This opportunity extends to the business contribution to closing the security gap in the wider community interest.
A sound beginning to the process of assessment of the need for business change is to analyse the reasons for the growing threat and to appreciate the limitations upon response.
The growing threat derives from geography, groups, expanding terrorist methodology and the stated agenda of terrorist actors. Each component is explored in more detail next.
Geography, in terms of space, applies to both real locations and the virtual realms of electronic communications. Terrorists have occupied the grey spaces to develop their activities and to elude traditional counter measures. Thus, instability in Syria, Iraq and Yemen added to the existing predicament of Afghanistan and Pakistan plus parts of North, East and West African states provides a wider dimension of risk.
The Director General of the UK Security Service, Andrew Parker, emphasised the Syrian aspect in his compelling and incisive address to the Royal United Services Institute at Thames House in London on 8 January 2015. He said, “Outside Iraq and Syria, we believe that since October 2013 there have been more than 20 terrorist plots either directed or provoked by extremist groups in Syria.” He reminded his audience of events in Belgium, Canada, Australia and France. He added, “We know that terrorists in Syria harbour the same ambitions towards the UK – trying to direct attacks against our country, and exhorting extremists here to act independently.”
International terrorists have already made vigorous use of ungoverned virtual territory to incite violence, to plan, to train, to create propaganda and to communicate overtly and secretly.
Sir David Omand (Securing the State, page 72) writes, “It would seem only a matter of time before neo-jihadist terrorists acquire and use cyber-attack capabilities, possibly by buying the services of criminal hackers, although so far they have preferred the more traditional explosives and guns.”
Cyber-attack is entirely consistent with the stated international terrorist aim of causing economic harm and loss to target interests. The private sector is particularly vulnerable to this development, which reinforces the wisdom of an holistic approach to corporate security.
The FBI Cyber Division issued a detailed advisory note to private industry in September 2014 setting out the possible reaction to on-going airstrikes against ISIL. The note highlighted potential offensive cyber terrorist and hacktivist activity. The advice was aimed at US victims, but listed examples of actual incidents in the UK.
New and Old Groups
The importance of the thread of instability extends to the emergence of new groups and new forms of old groups. The result is a wider and deeper pool of terrorists. Thus, the significance of the Islamic State in Iraq and the Levant (ISIL) and its assertion of Islamic Statehood attracting volunteers from many nations. There is also the forward deployment of Al Qaeda (AQ) core to Syria and the continued activities of AQ affiliates such as Al Qaeda in the Arabian Peninsula (AQAP). Groups in North, West and East Africa, some with links to ISIL, AQ or their affiliates, add to the complexity of sources of terrorist operatives.
The overall movement of fighters from outside the country to Syria is a major factor and numerically worrisome, especially when compared to the numbers who fought in Afghanistan and went on to cause a global terrorist surge.
The implication of foreign fighters is wider than the issue of persons travelling to and from Syria. The broader consequence is the danger of greater connections between potential terrorist recruits, both in their homelands and on the move, and terrorist recruiters, trainers and technical advisers in ungoverned spaces. These connections are both real and virtual.
Another component of the growing threat is the nature of terrorist plots and attacks. Terrorist methodology is expanding from the established middle ground of guns and explosives, including suicide bombers, towards new variations at both ends of the spectrum. At the unsophisticated tier, knives and motor vehicles driven into crowds are advocated by terrorist agitators. In addition to regrettable casualties, public fear is to be expected, especially when crude attacks are carried out with great brutality, including beheading. The cumulative effect of more potential offenders, more unpredictable incidents and greater mitigating measures adds to the burden of the authorities to PROTECT and PREPARE.
The centre ground of guns and explosives remains a present menace with additional tactics of marauding attackers and variations in components and concealment of IEDs.
At the top end of the scale, terrorist innovation is a persistent dimension. Cyber-attack plus chemical, biological and radiological aspects remains pertinent. On 24 January 2015 an airstrike near Mosul in Iraq killed a member of ISIL whom US Central Command asserted had technical competence in the production and use of chemical weapons.
The Terrorist Agenda
The final key aspect of threat development is the expressed intention of international terrorist groups. Dire events since 2001 have underlined the wisdom of listening to and evaluating what terrorist groups actually say. There is a marked correlation between intended targets and actions and grim reality on the ground. A clear current example is the stated threat of retaliation aimed at members of the US-led coalition carrying out airstrikes in Iraq.
Terrorist groups in Iraq and Syria have expressed the ambition to strike at coalition member states and have urged supporters to take action wherever they are located, including specifying potential targets and attack methods.
UK membership of the Coalition conducting operations in Iraq (but not Syria) is based on the debate held in the House of Commons on 26 September 2014. Issues of national interest and the safety of the British people from the ISIL threat were convincingly articulated. The counter-terrorist case for membership of the Coalition is soundly based and membership is likely to be long-term.
Assessing the Response Capability
The consequences of terrorist reaction are an inevitable factor in the overall threat.
The combination of extended geography (both territorial and virtual), more groups and terrorists, a broadened span of attack methods and stated terrorist intentions provides the code to understanding the changed contemporary threat of international terrorism. This is markedly different from the threats which the UK has faced since the 1970s and business security should now reflect this unwanted fact.
Lord Evans of Weardale (formerly Director General of the UK Security Service), speaking in the House of Lords (Hansard – 13 January 2015 – Column 690), said, “When I left MI5 in 2013, I felt cautiously optimistic that we were over the worst as far as Al Qaeda and Islamist terrorist attacks in this country were concerned. It seemed to me that we were making significant progress. Regrettably, subsequent events have proved that judgement to be wrong.”
This cogent analysis from one of the UK’s most knowledgeable and experienced experts becomes even more powerful when the review of threat is extended to a review of response.
The stark conclusion is that the threat has increased and the response capability has not kept pace. This has produced a gap at a time when the threat level is “Severe” and an attack is assessed as “Highly likely”.
Reasons for the Gap
The limited ability of nations, including those directly threatened by terrorist attacks, to address threats at their geographic or virtual sources is critical. There are political, social and economic constraints. There are the risks of counter-productive consequences of direct action. This means that disruption and degradation of terrorist groups will take time and sustained multi-national commitment.
President Obama of the United States has warned, “It will take time to eradicate a cancer like ISIL. And any time we take military action, there are risks involved.” (Statement by the President on ISIL, 10 September 2014 – White House.).
The Report of the House of Commons Defence Committee published on 5 February 2015 underlines the myriad challenges in defining and implementing coalition strategy in Iraq and Syria.
The domestic resourcing requirements to address the growth of the threat are formidable. Investment in intelligence is the logical best choice, but the demand extends across PURSUE, PREVENT, PROTECT and PREPARE. For example, protective security for people and places requires intensive effort with high grade skills. Monitoring and surveillance generate comparable demands for well trained staff.
Lord Harris of Haringey, speaking in the House of Lords (Hansard – 13 January 2015 – Column 696), questioned whether the budgetary allocation for the Police Service was adequate for the additional demand. He also drew attention to the provision of police firearms capability.
Both the former and present Director Generals of the Security Service have underlined the pressing need to modernise properly accountable access to terrorist communications to mitigate present exploitation of dark areas. There seems little doubt that this issue is a very important reason for weakness in response without the prospect of immediate resolution.
The relationship between threat and response has been graphically described in The Economist (17 January 2015 – Page 23/24) in an article entitled “COUNTER-TERRORISM – GETTING HARDER”. The final paragraph of the article states, “The citizens of the West have grown used to the idea that their security services can protect them from the worst that might happen. Faced by a new range of threats and with counter measures apparently of rapidly declining effectiveness that may be about to change.”
The UK is extremely fortunate in having highly competent private security professionals working both within companies and for external specialist providers. The UK has an excellent tradition of corporate social responsibility in terms of business self-sufficiency, support to the public services and valued contribution to the wider safety of the community. Business representative organisations have a very constructive track record of engagement on this agenda. There is a unique range of innovative public/private initiatives such as the Cross Sector Safety & Communication Project (CSSC) and Project Griffin. There may be scope for even greater effectiveness by closer co-ordination of these elements.
The conclusion of this article is that, on the basis of analysis of the threat of international terrorism and the current response, the business case is clearly made out for a step-change for in-house corporate security and for business reinforcement of public/private security.
Sir David Veness, Senior Advisor, Pilgrims Group Limited (at time of writing)
Honorary Professor of Terrorism Studies at the University of St. Andrews.