2019 a year of Security Uncertainty

2019 a year of Security Uncertainty

2019 a year of Security Uncertainty

By Philip Ingram MBE

If the security challenges for 2018 weren’t challenging enough what will 2019 bring? Last year we saw the first use of the deadly Novichok nerve agent anywhere in the world, making a household name of a substance only very few had heard of before. Then we have the growth of terror that Andrew Parker the Head of MI5 described as working at unprecedented levels and the CT Police highlighting that the number of active investigations going on at once had grown from 500 to over 700. We also see security challenges caused by Gatwick airport being shut for 36 hours over a peak holiday getaway period because of a drone or drones in its airspace.

So, what does 2019 hold for the Security community in the UK? More of the same or are we likely to see anything new?

The biggest challenge that is occupying many people’s minds is that of BREXIT and the implications that will have on wider security architecture.  Peter Franciscus Van-Osselaer, Head of Operations, European Counter Terrorism Centre, EUROPOL told Philip Ingram MBE that, “even in the event of a ‘no deal BREXIT,’ the UK had in place bilateral and other agreements to ensure security working arrangements would remain as close to as they are today with the UK in the EU. No one, not on the UK side or the EU side wanted to lose the working relationship that was in place today.”

Putting BREXIT to one side, the Cyber threat is all pervading through society, continually morphing and finding new ways to threaten networks, businesses and personally identifiable data. The biggest threat we are likely to see in 2019 is through Artificial Intelligence or AI. This will be three-fold, the first, the threat to AI enabled business practices, the second, the criminal use of AI to break into networks and the third is the use of AI to protect networks.

Tied into this growing risk area is the growth of the ‘attack surface’ through the proliferation of Internet of Things (IoT) devices, the always connected and everything connected society we seem to be growing into and this will become worse with the roll out of the 5G data network that is up to 1000 times faster than the current 4G networks.

The traditional ransomware and data theft attacks will continue but we will see a rise in manipulation attacks, manipulating data to create undue influence and potentially reputational damage.

Threats will range from the home based ‘geek’ through to state sponsored like we saw with Wannacry and notPetya and are seeing with increasing wariness for governments to allow tech giants with potential Chinese government influence such as Huawei and ZTE from increasing their access to faster networks such as 5G.  The clear message from these attacks are the threat state actors can have on not just enterprise businesses but also SME.  However, it is important to balance this ‘wariness’ out as nothing has been proved against the Chinese firms despite intensive testing whereas CISCO had 7 back doors discovered in their equipment’s in 2018, some of which were blamed on the NSA. Security vulnerabilities are as much an economic tool as they are spying tool.

The focus on alleged illicit state activity in the use of manipulated and targeted data in various elections around the globe is being investigated, 2019 will likely be the year of the consequences of those investigations becoming public.  However, what this is likely to do, is emphasise the potential of information being used as a weapon designed to cause an effect and in industry that effect could be reputational.  Public Relations will probably move a little more towards the centre of risk mitigation activities.

The closure of Gatwick Airport outside London for 36 hours before Christmas brought the drone threat firmly back onto the agenda.  The UK Civil Aviation Authority Drone Risk Assessment of January 2018 makes no mention of the use of drones to deliberately disrupt a working airfield and the lack of equipment to deal with the threat shocked a large number of people.  One airline working out of Gatwick say the incident cost then £15 Million but the full cost of the incident hasn’t been calculated yet.

A scare at London Heathrow Airport in January was dealt with in less than an hour with only one runway closed, but highlighted the very real threats that drones provide to the safe operation of airports and a after several incidents in the Middle East, the Emirates Authority for Standardisation and Metrology (ESMA) estimated the cost of closure at $100,000 per minute, meaning drone detection technologies would very quickly fall into the cost effective bracket!

Thank goodness our news headlines are not filled with stories of continuing successful terror attacks as seemed to happen in 2017.  However, the threat hasn’t gone away and in the words of Andrew Parker the head of the UK Security Service MI5, the threat has reached “unprecedented levels.”  This is reflected in the growth of active investigations from 500 in 2018 to 700 towards the end of the year and into 2019 with 3000 active suspects and another 20,000 on a terror watch list.

With the squeeze to near elimination of the ground so called ISIS held in Syria and Iraq it would be easy to assume the terror threat was waning. Not the case says Vasco Amador of the cyber Intelligence Company Global Intelligence Insight, who track extremists online.  “In recent months was have seen a relaunch of so-called ISIS cyber capability that used to be called the ‘United Cyber Caliphate’ and has been rebranded as the ‘Caliphate Cyber Shield’ with new leadership and new energy.  The groups they operate online have thousands of active followers across the globe,” he said.

The final security threat we must watch out for in 2019 falls into the unknown bracket. Who would have thought a deadly military grade nerve agent would have been used on the streets of England by another state. We don’t know what the next novel threat will be.  However, putting all security threats to one side – we can confidently predict that more people will be killed and injured by man-made and natural disasters, than will suffer similar consequences from any security incident. 2019 will certainly be an interesting year.

 

Click HERE to continue to the International Security Expos’ HQ Magazine for more great insights and content.

Sun Tzu and the Art of Fake News

Sun Tzu and the Art of Fake News

by Philip Ingram MBE

“That is #FakeNews” is one phrase that has rocketed to fame last year. President Trump’s legacy has already been left in Twitter land but why has it come to the fore, is it new and more importantly is it something that individuals or enterprise should be concerned about?  Philip Ingram MBE  takes a look at fake news, but with a 6th century twist.

There are elements of the press who seem to suggest that fake news is something new, it isn’t, and it has its roots back to the 6th century, but before I delve that far back I want to take a quick look to only 74 years ago. The Second World War shows just how important “fake news” was to the war effort; fake news, when targeted for an effect is also known as Propaganda. William Brooke Joyce, nicknamed Lord Haw-Haw, an American-born, Anglo-Irish Fascist who became the Nazi propaganda broadcaster to the United Kingdom during World War II was probably the most famous mouth of fake news, but the Japanese had English speaking female broadcasters who were nicknamed Tokyo Rose.

The use of fake news or propaganda was not limited to the Germans or Japanese and arguably the greatest military success of the Second World War, D Day, was enabled by fake news through an operation called Operation Fortitude.  With this being linked to a military operation this is where I want to bring in 6th century teachings.

Sun Tzu the 6th century Chinese general, military strategist, and philosopher, arguably the greatest military tactician and strategic thinker ever, said in his book the Art of War, “All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.” His teachings have stood the test of time!

Operation Fortitude was a massive deception operation conducted by the Allied Forces to lead the Germans to believe that they would be landing in Pas-de-Calais and Norway, masking the true invasion through Normandy.

The aim was also to make them believe that the Normandy landings in May 1944 and in the south of France in June 1944 were mere diversions, so that the German army would concentrate its troops in the wrong place. The German authorities clung to their belief that the landing would occur in Pas-de-Calais right until September 1944.  Operation Fortitude held onto the principals set out so eloquently by Sun Tzu. The bluff worked but highlights how a country with extensive national intelligence assets looking at a situation unfolding, can be deceived.

The Russian term маскировка (maskirovka) literally masking, was defined in the International Dictionary of Intelligence from 1990 as the Russian military intelligence (GRU) term for deception. Vladimir Putin would have “grown up” in an organisation where maskirovka was a normal part of everyday thinking.  At every level of my military training we studied maskirovka, so imagine my surprise when Robert Hannigan, the ex-director of the UK spy agency CGHQ, said of the Russian threat in an interview this year, ‘We didn’t see Russian use of disinformation coming‘.  It clearly demonstrates a naivety with the UK’s senior intelligence officials, charged with keeping our politicians abreast of the threat to that which underpins our way of life, democracy.

This failure highlights that those self-same senior intelligence officials have forgotten one of Sun Tzu’s most famous quotes. “If you know your enemies and know yourself, you will not be imperilled in a hundred battles; … if you do not know your enemies nor yourself, you will be imperilled in every single battle.”

Should we be worried? Well in my professional opinion, I think we should be extremely worried.  This is not just something targeted country on country, it is being exploited by terrorists and so-called ISIS are masters at it, it is being exploited to gain commercial advantage especially when rumours can be generated in the money markets, huge sums can be gained, or lost.

In May last year many respected media outlets reported concerns by the US Securities and Exchange Commission (SEC) over false reporting.  The FT outlined that the regulators were concerned that fake news was affecting investment decisions and reported evidence that seemingly independent outlets were being paid to promote stories.  They reported the SEC as saying, “keep in mind that fraudsters may generate articles promoting a company’s stock to drive up the stock price and to profit at your expense.

Supporters of so called ISIS are very quick to post across their networks details and pictures from any attack, thereby taking de facto responsibility in the eyes of their supporters even before any official statements are released.  This has the effect of stimulating potential copycat or other attacks as well as giving “oxygen” to their terror message, to paraphrase Margaret Thatcher. The manipulation of media messaging is extensively used by todays terror organisations.

The one factor that enables fake news to have such a rapid impact today is control, or lack of it.  Operation Fortitude was a carefully orchestrated national plan controlled at the highest levels, so all messaging was coherent and worked to a common aim. Today, fake news can be delivered to millions of people at the click of a button via social media and the average person in the street can send a message that the President of the US may read personally, without it going through his normal staffing and advisory chain.  The power of social media is phenomenal.

The Russians continue to use maskirovka as part of their global engagement techniques. We are already seeing proof of their involvement in the US elections and likely in the UK Brexit referendum and more.  Sun Tzu highlighted how this works when he said, “Speed is the essence of war. Take advantage of the enemy’s unpreparedness; travel by unexpected routes and strike him where he has taken no precautions.”  Remember, Robert Hannigan said he didn’t see it coming and those unexpected routes were Facebook, Twitter, big data manipulation, main stream press and good old fashioned human influence, powered by the internet.

Arguably Kim Jong Un from North Korea knows how to play President Trump using Sun Tzu.  As the 6thcentury tactician said, “If your opponent is temperamental, seek to irritate him. Pretend to be weak, that he may grow arrogant. If he is taking his ease, give him no rest. If his forces are united, separate them. Attack him where he is unprepared, appear where you are not expected.” It is this last line that is keeping the world’s breath held.  Kim Jong Un’s understanding of President Trump’s temperament is clearly excellent when he applies Sun Tzu’s principal, “If your opponent is of choleric temperament, seek to irritate him.” Trump gets irritated easily by ‘Rocket Man.’

With the ease of spread of fake news and its ability to influence, it is something that enterprise should be concerned about.  The instability caused by state on state activity is one thing but there is clear evidence of state on enterprise actions in cyberspace with the theft of IP. Fake news is another cyber enabled activity and the potential for enterprise on enterprise use of fake news is growing.

As an intelligence officer looking at a threat you ask 2 questions.  The first, does the capability exist and the answer is yes.  The second, is there intent to use it, and again the proof is that the answer is yes. Now is the time for risk managers in companies to ensure the impact of Fake News is something they plan for, remember it is a cyber enabled threat.

In one of Sun Tzu’s opening statements he said, “If your enemy is secure at all points, be prepared for him. If he is in superior strength, evade him.” The time has come for preparedness as you cannot evade this threat.

Note: If you would like any further comment from Philip, please contact him by clicking HERE