The 26th Consec, the annual conference of the Association of Security Consultants (ASC), was the first virtual one. Like the others it was, as ASC chairman Joe Connell said afterwards, ‘fascinating listening’. Consec 2020 like past Consecs provided a horizon-scan for the year ahead. It was striking, reports Mark Rowe, how little covid-19 featured on the radar of the three speakers.
Of the three topics yesterday, two were threats, of the sort that a head of security or security consultant can usefully have in mind – not so much to mitigate with an extra guard on a gate or a cyber tool, but to inform the board of, and to take in as handy occupational knowledge as an informed professional. They were counter-terror policing; and ‘inter-state digital communication campaigns’. The third could be termed something that you can do about such threats; business resilience.
To take the ‘inter-state conflict’, also known as ‘hybrid warfare’ as used by Russia in Ukraine. Add to the startling fact that Facebook has already closed down billions of fake accounts – in other words, more accounts than real ones – the unsettling truth that never mind the Pentagon and all the research and development for the arms trade; the ‘digital arms manufacturers of the world’, the likes of Facebook and Microsoft, are spending many billions of dollars more. That was not to suggest the tech firms are doing anything wrong, but that their tools are misused – seven countries named were Russia, China, Iran, India, Pakistan, Venezuela and Saudi Arabia – for political ends. To physical warfare and politics, and cyber ‘denial of service’ attacks we must add ‘informational conflict’.
News stories are invented, re-tweeted and taken up by the internet; ditto ‘deep fake’ videos peddle views that make the western world look bad and the country or viewpoint of the makers good; and no longer do the makers of online fakery have to steal images of real people; the Consec audience was shown examples of ‘completely computer-generated people’, as fronts for fake online accounts. Social media spreads disinformation, to push or suppress ideas; covid-19 has proven just another excuse for disinformation, to confuse and obscure. With typical dry wit and acuteness the day’s chair, the former SIA chief exec Bill Butler confirmed that he was real (pictured). That served neatly to sum up; the sheer scale of disinformation – only to become greater with 5G networks – has grave implications for the trust we can put in anything online.
The online world and covid-19 has a relevance for counter-terrorism; as schools and universities were locked down from Easter to September, not only did the flow of intelligence about possible radicalisation to the UK authorities (under the legal ‘Prevent’ duty) dry up, it begged the question whether some people were influenced by online propaganda they picked up online (concerned parents and friends can click here for official advice). The radicalisation, it was made clear, could be extreme right-wing, or ISIS; counter-terror police are investigating, and preventing terror acts, by the extreme right besides Islamists.
While the UK has not seen attacks on the scale of 2017 since, Consec was told not to be complacent – for one thing, the methods of the attackers of 2017 were low-sophistication, by individuals rather than groups (the Westminster Bridge, Manchester Arena, London Bridge, Finsbury Park mosque and Parsons Green attackers were not known to each other) using knives, vehicles as weapons, or home-made explosive devices; total cost of the tools in all cases, only in the thousands of pounds. In other words, little except radicalised motivation stands in the way of more plots and attempted attacks, for police to counter; as they are doing.
A connection between the two topics was that on the plate of UK counter-terror police is also such ‘hostile state acts’ as the Salisbury and Amesbury poisonings; besides war crimes; Official Secrets Act investigations; and counter-espionage – a wider remit than many might appreciate.
These are the background to doing business; how is a business, whether on a high street or office or campus-based, to be resilient – whose staff may be travelling and need to be accounted for, whose buildings may be in the vicinity of an incident, or whose supply chains may be affected. Consec heard the case for resilience bringing corporate security and business continuity, and indeed incident reporting (from flood or fire to armed robbery to Streatham high street-like acts of terror) and whistle-blowing, under one umbrella. That besides allows a security-resilience department to make the case for its very indispensability, given that in covid conditions a business may be looking to cut budget. Such tools for a resilience business are, in a word, apps that allow reporting and spreading of good practice (handy also in a crisis to push out authoritative statements, rather than leave employees and customers to turn to the internet and social media for disinformation). The official and still developing ACT app (as launched in March) was hailed.
While the case for the security manager and consultant to make themselves the ‘conductor of resilience’ was well-made, and heartfelt, Consec did not come up with all the answers for a safe world; it never can. Cyber risk is if anything greater for remote workers, because each in their homes they do not have workmates physically to turn to, to check about a suspicious email or attachment. Consec did hear of ‘home working fatigue’, that those listening to the event – though attendance was larger than for the usual London physical event, suggesting a larger appetite for such conferences, and a market for hybrid conferences, a physical gathering streamed online, even after the coronavirus recedes.
As Bill Butler summed up, ‘I always go away having learned stuff, and that’s never a bad thing’, which made it possible for the 2020 attenders to feel better for the new experience of Consec, even if, like Bill Butler admitted, we missed seeing one another – and not only the venue coffee and cake. And we parted best not wondering what the topics of Consec 2021 might be.
