Chinese CCTV cameras are being used at Army bases over a year since they should have been replaced, it has emerged.

The Ministry of Defence (MoD) directed in November 2021 that all cameras supplied by two Chinese firms with links to Beijing’s spy agencies should have been taken down.

The Chinese technology companies Hikvision and Dahua have long been linked with the People’s Liberation Army of China, although they deny handing any data to the Ministry of State Security, an internal spy agency.

However, as both companies are subject to China’s national intelligence law, they are required to hand over any information the country’s police and intelligence services require. 

The controversial cameras are currently installed at sites including Hyde Park Barracks, home to the Household Cavalry Mounted Regiment, responsible for ceremonial duties including the upcoming Coronation of King Charles III on May 6. 

Other locations include the Royal Artillery Barracks in Woolwich, south-east London, where the King’s Troop, Royal Horse Artillery is based.

Read the full story here.

Event security remains an ever-growing concern. Public events have been the targets in the past, meaning security leaders have tightened event safety procedures. Large events, such the Super Bowl, often require additional security to keep entertainment, staff and guests safe throughout the event. However, large events can also become targets for phishing and other cyberattacks. As security leaders plan and enforce an event’s physical safety measures, an event should prepare an equally thorough cybersecurity plan. 

Rafal Los, Head of Services GTM at ExtraHop, shared his thoughts on stadium cybersecurity ahead of the Super Bowl:

What threats should security leaders watch out for during the Super Bowl?

“As with any big public events, hackers will exploit the event to try and drive users to click on or open malicious links or items. Phishing using Super Bowl themed content will likely be prevalent. Hackers count on people getting caught up in the hype of the sporting event to let their guard down and click on something that looks like it came from a friend or other trusted source, with some tie-in to the event. The inevitable goal is one of the same few — get you to divulge your credentials to something like Office 365 or your bank or install malware or ransomware on your computer.”  

IMMEDIATELY PRIOR to the Christmas recess in Parliament, Oliver Dowden (Chancellor of the Duchy of Lancaster) announced that surveillance equipment “produced by companies subject to the National Intelligence Law of the People’s Republic of China” must no longer be deployed at sensitive Government sites. Civil liberties campaign group Big Brother Watch has subsequently urged the Government to expand this planned safeguarding measure across the board.

Dowden’s statement – also reiterated in the House of Lords by Conservative Life Peer Baroness Lucy Jeanne Neville-Rolfe – begins: “The Government keeps the security of its personnel, information, assets and estate under constant review. In this context, the Government Security Group has undertaken a review of the current and future possible security risks associated with the installation of visual surveillance systems on the Government estate. The review has concluded that, in light of the threat posed to the UK and the increasing capability and connectivity of these systems, additional controls are required.”

The statement continues: “Government Departments have therefore been instructed to cease deployment of such equipment at sensitive sites where it’s produced by companies subject to the National Intelligence Law of the People’s Republic of China. Since security considerations are always paramount around these sites, we are taking action now to prevent any security risks materialising.”

Dowden adds: “Additionally, Government Departments have been advised that no such equipment should be connected to departmental core networks and that they should consider whether they should remove and replace such equipment where it is deployed on sensitive sites rather than awaiting any scheduled upgrades. Departments have also been advised to consider whether there are sites outside the definition of sensitive sites to which they would wish to extend the same risk mitigation.”

In conclusion, the statement reads: “Government will continue to keep this risk under review and will take further steps if and when they become necessary.”

Read the full story here

AN INTERNATIONAL one-stop spoofing shop has been taken down in what is the UK’s biggest-ever counter fraud operation led by the Metropolitan Police Service. More than 200,000 potential victims in this country alone have been directly targeted through the fraud website iSpoof. At one stage, almost 20 people every minute of the day were being contacted by scammers using the site and hiding behind false identities.

The scammers posed as representatives of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, NatWest, Nationwide and TSB. Scotland Yard’s Cyber Crime Unit worked with international law enforcement, including authorities in the US and Ukraine, to dismantle the website. This was a crucial phase in a worldwide operation, which has now been running out of the public eye since June last year in targeting a suspected organised crime group.

iSpoof enabled criminals to appear as if they were calling from banks, tax offices and other official bodies as they attempted to defraud victims. Those victims are believed to have lost tens of millions of pounds, while those behind the site earned almost £3.2 million in one 20-month period.

Detective Superintendent Helen Rance, who leads on cyber crime for the Metropolitan Police Service, explained: “By taking down iSpoof, we have prevented further offences and stopped fraudsters targeting future victims. Our message to criminals who have used this website is that we have your details and are working hard to locate you, regardless of where you are.”

Metropolitan Police Service Commissioner Sir Mark Rowley commented: “The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st Century. Together with the support of partners across UK policing and internationally, we are reinventing the way in which fraud is investigated. The Metropolitan Police Service is targeting the criminals at the centre of these illicit webs that cause misery for thousands.”

Rowley added: “By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows precisely how we are determined to target corrupt individuals intent on exploiting often vulnerable victims.”

BUSINESSES WILL face a historically broad and deep set of risks in 2023, posing interconnected and existential threats across geographies and sectors. That’s according to specialist risk consultancy Control Risks.

Launching its annual Risk Map forecast featuring the foremost for business, Control Risks has pointed to a combination of fractious geopolitics, armed conflict, disrupted energy systems, economic strife and disarray in digital networks during the coming year, with cyber risk at the top of the agenda.

In 2023, we can expect the emergence of a fundamental breakdown of global networks into distinct regional or even national architectures, caused by the ‘weaponisation’ of cyber space and a clash of national interests. The ambition of operating a single, global network will be significantly challenged.

Enabled by an expanded attack surface and a significant increase in automation across the entire spectrum of cyber threats, the cyber arms race will accelerate in 2023. In parallel to this ‘weaponisation’, nation states are looking to exert more control over what some have already defined as their national cyber space. Network and system resilience will be tested like never before.

Fragmenting world order

Nick Allan, CEO at Control Risks CEO, asserted: “In the fragmenting world order, the weapons of choice for many states will be found in the cyber sphere. This will either be through the spread of disinformation, aided by improving deepfake technology, or through cyber attacks or both.”

As a business operating in both the geopolitical and cyber arenas, Control Risks can see very clearly the direct correlation between geopolitical tensions and cyber aggression. “An element of uncertainty and fear provides a level of state-versus-state deterrence,” observed Allan, “but corporates find themselves as easier targets for proxy and real wars. This is made worse by the transfer of military-grade cyber capabilities to criminal or radicalised groups.”

Further, Allan explained: “2023 will see more geopolitical and economic volatility accompanied by operational challenges in energy and digital networks. The increasingly apparent effects of a changing climate will add additional stresses and strains. Resilience, insight and courage will be the watchwords for business in the year ahead.”

Supporting the top risks for 2023 is a new map, the Global Risk Forecast. This shows an holistic business risk rating for the countries of the world that draws on a selection of risks. The composite score includes Control Risks’ political, security, operational, regulatory, cyber and integrity risks and encompasses a range of environmental, social and corporate governance-related risks.

Each rating reflects Control Risks’ outlook for overall risks to business to the end of 2023, taking into account known or anticipated trends and developments that could impact the business environment.

Read The Full Story Here.

THE SECURITY Research Initiative (SRI) has just published its latest report. Entitled ‘The Role of Security in Influencing the Budget’, the aim of this latest research study – sponsored by Axis Communications, Bidvest Noonan, interr, M&S, Mitie, OCS, PricewaterhouseCoopers, the Security Industry Authority and Sodexo – was to explore the extent to which security managers are able to influence the security budget, whether (and why) this matters and how greater influence can be attained.

Results are based on the views of security professionals from both in-house and contract positions (predominantly those currently in a ‘security manager/director’-type role), collected via an online survey in addition to in-depth interviews.

The survey outcomes make for particularly interesting reading. 76% of those security professionals surveyed agreed that being able to influence the budget is key to delivering good security. Influence over the budget was considered important for several reasons. It’s deemed to afford status to security in discussions with other departments, in turn enabling security advice and proposals to commonly be listened to, while also helping to direct the allocation of resources using relevant expertise.

A lack of influence here means that security managers cannot purchase basic and essential resources or plan effectively, duly resulting in security decisions being made by non-security experts.

Levels of influence

Some 51% of respondents in a current security management role had a high level of influence on the budget. 10% were ‘not involved’. 46% of security managers/directors thought that their current budget was ‘insufficient’ (42% thought it was ‘sufficient’). Unsurprisingly, those with the highest levels of influence over the budget were the least likely to view it to be insufficient.

Reasons for the budget being considered less than required included the belief that the budget allocated did not reflect the risks faced and didn’t cover key areas such as training, travel, basic equipment and contingencies. Teams were understaffed, rising costs are not covered and it’s often a case of being asked to provide more for less.

The chances of being allocated an appropriate budget were improved if the security function was seen as being core to business (86% of respondents agreed on this assertion), an organisation understands its security threats and risks (85% agreed) and/or the security team has a high status (83% agreed).

Research participants highlighted a number of ways in which security managers can become influential. For example, they can relate security spend to reducing business risks and improving operations, highlight the dangers and risks in not meeting objectives, ensure the risk owner understands and accepts the implications/risks and use data to underpin the fact that arguments are evidence-based. Further, they can link physical security spend to cyber security (where the latter is is viewed as a greater priority, thereby attracting a bigger budget).

Overall, this latest SRI research underlines the importance of security professionals being able to influence the budget, so too the barriers to them being able to do so effectively.

Read The Full Story Here.

CHIEF CONSTABLE Gavin Stephens has been appointed to lead the National Police Chiefs’ Council (NPCC) from April 2023. Current chair Martin Hewitt will leave the post in March next year after serving a four-year term.

Chief constables were invited to apply for the post of NPCC chairin October. Chief constable Gavin Stephens applied for the post and, in accordance with election rules, has been appointed.

Stephens has worked in policing for nearly 30 years, first joining the Cambridgeshire Constabulary in 1993 and then Surrey Police in 1996, where he has been working for over two decades now, serving in every rank up to the role of chief constable.

He was initially based in East Surrey on neighbourhood policing and went on to roles in serious and organised crime, professional standards and local policing.

On a national level, Stephens has played a major role in developing and modernising neighbourhood policing. He led the implementation of the Neighbourhood Policing Guidelines in 2016.

Stephens is currently chair of the NPCC’s Finance Co-ordination Committee, as well as chair of the national Communications Advisory Group.

Read the Full Story Here.

THE NATIONAL Business Crime Centre (NBCC) is holding a national week of action to support businesses and reduce business crime across the country. The week of action runs from Monday 17 October and involves police forces and partners working together to hold targeted operations in towns and city centres, running high-profile media and social media campaigns and engaging with local businesses, retailers and the community in a determined bid to raise awareness of business crime.

The City of London Police, which plays host to the NBCC, is holding a Safer Business Action (SaBA) Day to deliver a focused operation featuring joint patrols, the targeted intervention of offenders and a range of crime prevention activity. The latter includes raising awareness of local issues with members of the general public.

SaBA Days represent a joint approach by police, business, private security, Business Crime Reduction Partnerships and Business Improvement Districts working in partnership to focus resources into a designated location and create a significant impact that leads to crime reduction.

Partnership working and days of action are all part of normal activity for police forces and their partners. Although locally based, SaBA Days bring with them a national reach. Through the SaBA Steering Group and the NBCC, there are links to a national network of contacts. Best Practice can be shared and extra resources from private businesses with a national footprint may be able to assist with a given event.

Bringing police and partners together

Superintendent Patrick Holdaway, lead for the NBCC, said: “The week of action is an opportunity to bring police and partners together to tackle the key issues of business crime in their communities. Each police force taking part will be holding various crime prevention activities and initiatives designed to increase engagement with local businesses and retail outlets and tackle some of the most prolific offenders.”

Businesses trading on High Streets and in town centres are also encouraged to become involved and display the ShopKind messaging in their stores. All of the ShopKind materials are free to download online.

Edward Woodall, the ShopKind campaign’s co-ordinator, stated: “We encourage all businesses to support the national week of action and share messages about ShopKind with their customers and colleagues.”

The NBCC social media channels on LinkedIn and Twitter will have updates of the activity taking place throughout the week.

Read the Full Story Here.