A paradigm shift in our approach to security technology is needed… and quickly
In light of current heightened international tensions and increasing threats from cybercrime, a call to action from Jeff Little for a revolution in the security sector’s approach to developing and using technology.
As I write this copy, our National Cyber Security Centre experts are warning of the risk of a retaliatory cyber-attack by the Russian state. This follows the UK’s involvement in the air strikes on Syrian chemical weapons sites over the weekend of 14/15 May 2018.
On 27 October last year we experienced the first effects of the ‘Wannacry’ attack on our NHS IT systems. This was a relatively unsophisticated operation, but many NHS systems were found to be outdated in terms of security software and were poorly protected – major lessons to be learned. It is only a matter of time before a crippling attack takes place on other elements of the Critical National Infrastructure.
Be prepared for further attacks
The importance of having reliable back-up systems and manual reversionary modes has never been so starkly evident. Contingency planning and crisis management is taken seriously in many well-informed sectors, but others remain dangerously exposed and un-rehearsed in their response to major incidents. We are likely to see a continuance of the terror attacks of 2017 in response to the new wave of bombing.
The risk of state sponsorship of such acts, by either Iran or Russia, is now high. President Putin has already crossed yet another ‘red line’ in the sand by allegedly allowing the deployment of a military-grade nerve agent on the streets of a peaceful Wiltshire city. In the past, several terror groups have openly indicated their intent to fire a CBRN weapon such as a radiological dispersal device (RDD) and that desire must now be taken more seriously. There are significant readiness and equipment lessons to be learned from the Skripal incident in Salisbury. Not least that the UK has disbanded its one and only nuclear, biological, chemical (NBC) defence regiment, based on 3 RTR, whilst Russia has recently formed an additional ten new and well equipped such regiments.
Learn the lessons from 2017
The five extremist attacks of 2017 marked a milestone for the UK’s response to terrorism. The way in which the police and other emergency services dealt with the Borough Market incident on 3 June was quite exemplary and it is to be hoped that the officers involved will be commended and decorated for their outstanding courage and response. But there are still lessons to be learned. In a major and exceptional incident, simply religiously adhering to SOPs and protocols is just not enough.
Develop technology to improve communications
The reports into almost every major disaster in the UK for the past 40 years have highlighted problems with communications and this highlights a malaise and lack of creativity and innovation regarding technology which is apparent across the leadership of the security sector in both the public and private domains. For the past six years, this author has argued that a technological revolution in security has been under way, happening much more by accident than by design. This revolution takes place 30 years after the military underwent a similar such change which fundamentally altered the balance of warfare. This paradigm shift was especially visible in command, control and communications (C3).
A forum to oversee technological advance
Within the security sector, there is a lack of future threat assessment, requirements setting, pre-deployment trials and coordinated thinking in all areas. What is now required is a holistic view of the industry, seen from an integrated technology angle and a knowledgeable, well informed body to coordinate and steer that integration. Many other sectors of industry and commerce are already well ahead of the security sector in the areas of robotics, drones and biometrics – an area where our industry should be to the fore. Simply too many people claim that ‘it will never work’ and blame technological risk as an easy excuse not to innovate. Surely, we owe it to the public and the industry’s many clients to be more adventurous and more positive about the benefits of technology and to adopt a ‘can do’ attitude towards new capabilities?
There are one or two forward thinkers who share this view. One is Bob Forsyth of Kings Secure Technologies who recently said in his blog:
‘Our industry cannot sit back and wait to innovate: we should adopt an approach of excitement and practical implementation, trialling the new equipment in real environments to understand the need that may be required, making the technology stick in our world. The businesses that will be successful in our sector are those that get the balance right in adoption, trial and implementation, knowing that it may not always be successful but showing a clear resolve of new thinking.’
What is needed is a regular gathering of a security technology forum of clients, developers, users and service providers to produce a series of informed white papers outlining the future threats and the capabilities required to defeat such threats.
These groups have been common in the defence industry for many years and the security sector should now follow this lead. The group needs to move at commercial pace. What is abundantly clear is that the law and regulations have failed to keep pace with the advance of the use of technology and social media platforms by extremists and criminals.
Security Ambassadors to lead the debate
We now need to appoint a cohort of security ambassadors to inform and to stimulate debate, to win the political and ethical high ground in the minds of the public and to inform the press of development and advances. These ambassadors should include scientists, police officers, politicians and professionals from the private sector, with their aim being to ensure timely and coordinated action to achieve, for example, the sharing of data and intelligence across traditional boundaries. This data sharing is the key to so many intelligence-led operations and the interdiction of extremist plans prior to them being brought to fruition. It is still not being achieved after so many years trying.
There is a need to discuss the moral and political implications of new security technology in advance of its deployment and not afterwards. One example is facial recognition systems, already being deployed but with no written international standard or code of practice and only recently the subject of debate in parliament. Robotics and Artificial Intelligence are the second examples where constructive debate is needed now, prior to deployment of these new capabilities. It will not be too long before the first security robot will be fielded in the role of 21st century night watchman. How will it be equipped? What sensors will it carry? Will it have the authority or the right to detain or disable a criminal before a conventional human response arrives? Will Isaac Asimov’s three Rules of Robotics still apply?
Crime and Violence on the increase
After falling significantly for many years, crime and the use of violence is now on the increase in all areas – none more so than retail business crime, where shoplifting causes losses of over £700m per year – and the true figure likely to be much more. Those who advocate that there is no correlation between the loss of 21,000 police officers and the rise in crime are simply out of touch with reality. Law enforcement today is required to deal with a new range of crimes such as historical sex abuse cases, filling gaps in the health and social services sectors and a much higher emphasis on CT policing. The net result is that many ‘low level’ crimes will not be investigated and a continuous downward spiral will result, with the public becoming increasingly disillusioned with the forces of law and order. This is potentially most dangerous. Unless technology is mobilised and enabled to fill some of these gaps then I fear that this spiral will only worsen at a time when our country desperately needs security, stability and coherence to attract inwards investment in its exposed post-European divorce epoch.
A new and more integrated approach towards the technologies and skills needed to halt this slide into darkness is required. Creative and innovative minds are urgently needed to bring the power of science and technology to bear. At a crucial time in the nation’s history, national resilience and emergency planning staff have been drastically cut back. Not pessimism, but fact, and a line in the sand must be drawn now.
Brig (Ret’d) J (Jeff) Little OBE MBA CGIA FSyl
Co-Founder and Director, TriTectus Ltd.