Now incorporating 112 Review, Community Safety Review & Military Review

CIA warns businesses to beware hackers

Just weeks after MI5 warned banks and utility owners that hackers are targeting systems that control critical national infrastructure, the CIA has issued a similar warning to US operators.

CIA senior analyst Tom Donahue told an international Sans Instituteprocess control security conference last week that the agency had evidence from outside the US that hackers were blackmailing victims.

"We have information, from multiple regions outside the US, of cyber intrusions into utilities, followed by extortion demands," he told 300 officials, engineers and security managers from electric, water, oil & gas and other critical industry operators from the US, UK, Sweden, and the Netherlands.

"We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge," he said. "We have information that cyber attacks have been used to disrupt power equipment in several regions outside the US. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the internet."

In December the UK's Centre for the Protection of National Infrastructure wrote to 300 UK firms warning of hack attacks by "Chinese state organisations".

The UK and US authorities have developed checklists for any firm that believes it might be a target. For more information on the US's SCADA and Control Systems Survival Kit e-mail scada@sans.org. The CPNI's advice was updated last week.

Security guards hired to spy on illegal migrants

Is this the beginning of the privatisation of the British Police Service?

This is about the same, though probably worse, as what has happened when it comes to the eviction of illegally encamped Gypsies and Travellers where private thugs, though called bailiffs, are being employed by the councils.

PRIVATE security guards have been secretly hired to spy on illegal immigrants in an apparent breach of the law, a leaked Home Office document has revealed.

The security guards will take part in “reconnaissance” missions to find suspected foreign criminals, illegal migrants and failed asylum seekers, targeted for arrest and deportation.

They will be given access to sensitive police intelligence on suspected illegal immigrants, and help to draw up intelligence reports and risk assessments, according to the document prepared by the Border and Immigration Agency.

Only authorised government law enforcement officers, such as immigration officers or police, are “warranted” to carry out surveillance and make arrests. Employees of private firms do not have the legal authority to carry out such tasks.

This is NOT the job for private agencies but a job for Customs & Immigrations and BorderPol together with the local police service.

This weekend the Home Office was accused, and rightly so, by MPs and civil liberties groups of trying to privatise the criminal justice system.

Shami Chakrabarti, director of Liberty, said: “Privatising law enforcement is a grave step in any democracy that believes in accountability for state power. If the Home Office gets away with delegating immigration control to big business without parliamentary approval, ordinary policing will be sure to follow.”

John Tincey, of the Immigration Service Union, which represents border agency staff responsible for deporting illegal migrants, said the Home Office was “bending the law” by giving private security guards the role of government law enforcement officers.

Liam Byrne, the immigration minister, defended the move. “We will not hesitate to use every means possible to track down illegal migrants,” he said. The Home Office denied that contractors were being asked to carry out “police-style” activity.

A pilot contract to allow a private firm to conduct reconnaissance on the homes of suspected illegal immigrants was signed last month with Serco, a security company.

The ones that must be most concerned here are our colleagues in the various services, such as the police and the C&I/BorderPol, as it is jobs on the line, while at the same time the rest of us should be concerned as to where this is headed.

Michael Smith (Veshengro), January 2008

Useful business continuity websites to keep your company on the ground

When 2007 blew in with heavy storms, car bomb attacks and tornados the pressure mounted on businesses to have a secure business continuity plan in place. This year is already set to be eventful with snow storms in the North and businesses having to use remote working to stay afloat.

Similarly 2007 proved to be a bad year for the Government with mass data record losses which failed to assure the general public that they could securely manage and safely retain information. Their data loss record was pretty abysmal with one disaster after another being exposed, with cases of senior civil servants laptops going missing, the HMRC fiasco, the numerous data loss scandals at the DVLA and DVA as well as the thousands of NHS patients who now have their records at large!

However, in the real world of competitive business in order to stay standing after an incident it has to be a very different case! You have to have contingency plans and resilience systems in place to survive and stay ahead of the game. In essence Business continuity is all about good business practice, creating a strong framework with the right IT infrastructures and procedures in place so that when a disaster of any kind does hit the business can continue to operate successfully.

As businesses are fast expanding it is proving imperative for businesses to implement an effective business continuity strategy in order to minimise business interruption and maintain operation continuity in the face of any adverse situation. Richard Fitzhugh – Content Director for Business Continuity Expo 2008 cherry picks the top business continuity websites for 2008, click online to discover how to maintain your business throughout a disaster.

www.Continuitycentral.com
Continuity Central provides a constantly updated one-stop resource of business continuity news, jobs and information.

www.bs25999.com
BS25999.COM has been created by a team of industry specialists with the intention of providing both experienced practitioners and industry newcomers relevant information, useful content and a number of interactive capabilities concerning BS25999.

www.ncc.co.uk
The National Computing Centre (NCC) is the single largest and most diverse corporate membership body in the UK IT sector.
NCC champions the effective deployment of IT to maximise the competitiveness of its members' business, and serves the corporate, vendor and government communities.

www.thebci.org
The Business Continuity Institute – (BCI) - The Business Continuity Institute’s mission is to promote the art and science of Business Continuity Management worldwide. The BCI promotes the highest standards of professional competence and commercial ethics in the provision, maintenance and services for Business Continuity Management (BCM).

www.theirm.org
Institute of Risk Management is risk management's professional education body. Established as a not-for-profit organisation, the Institute is governed by practising risk professionals and has strong links to leading universities and business schools across the world.

www.contingencytoday.com
Contingency Today is a web-based magazine and the only publication, online or print, dedicated to the challenges and opportunities of Critical National Infrastructure protection. Critical National Infrastructure can be defined as those assets, services or systems which, if destroyed or damaged, threaten the social or economic well-being of the nation, including by the infliction of mass casualties. Contingency Today covers all significant threats to the Critical National Infrastructure, including electronic attack and the sophisticated misuse of computer systems; physical attacks by terrorist organisations and other criminals; the effects of climate change; and other natural disasters, including pandemics, fire and flood.

www.cirmagazine.com
Continuity Insurance & Risk is the UK's leading bi-monthly risk management and insurance journal. The magazine has rapidly established itself as a key weapon in the risk and insurance professional's armoury. Continuity Insurance & Risk offers a unique combination of editorial elements to provide an essential, practical tool in today's business environment.

www.strategicrisk.co.uk
Magazine aimed at people who have to deal with risk at a strategic level and with the necessary responsibility for corporate governance.
“StrategicRISK is affiliated to AIRMIC, the UK-based Association of Insurance and Risk Managers, and is the only publication that receives their official endorsement."[2] StrategicRISK covers all the aspects of risk management that confront large organisations of all types throughout Europe.

www.businesscontinuityexpo.co.uk
Business Continuity Expo is the only event dedicated to managing operational risk, resilience and recovery. With a unique format combining a comprehensive exhibition, a highly popular free-to-attend seminar series and a stimulating and thought-provoking conference, the show brings together professionals spanning the growing Business Continuity and risk management industry. Business Continuity Expo is a unique opportunity to explore best practice, identify industry trends and cement vital relationships to help ensure operational continuity before, during and after an incident. The event will be held on 2-3rd April 2008 at the ExCel, London.

Plague a growing but overlooked threat: study

Tuesday, January 15, 2008
Reuters

Plague, the disease that devastated medieval Europe, is re-emerging worldwide and poses a growing but overlooked threat, researchers warned on Tuesday.

While it has only killed some 100 to 200 people annually over the past 20 years, plague has appeared in new countries in recent decades and is now shifting into Africa, Michael Begon, an ecologist at the University of Liverpool and colleagues said.

A bacterium known as Yersinia pestis causes bubonic plague, known in medieval times as the Black Death when it was spread by infected fleas, and the more dangerous pneumonic plague, spread from one person to another through coughing or sneezing.

"Although the number of human cases of plague is relatively low, it would be a mistake to overlook its threat to humanity, because of the disease's inherent communicability, rapid spread, rapid clinical course, and high mortality if left untreated," they wrote in the journal Public Library of Science journal PloS Medicine.
Rodents carry plague, which is virtually impossible to wipe out and moves through the animal world as a constant threat to humans, Begon said. Both forms can kill within days if not treated with antibiotics.

"You can't realistically get rid of all the rodents in the world," he said in a telephone interview. "Plague appears to be on the increase, and for the first time there have been major outbreaks in Africa."

Globally the World Health Organization reports about 1,000 to 3,000 plague cases each year, with most in the last five years occurring in Madagascar, Tanzania, Mozambique, Malawi, Uganda and the Democratic Republic of Congo. The United States sees about 10 to 20 cases each year.

More worrying are outbreaks seem on the rise after years of relative inactivity in the 20th century, Begon said. The most recent large pneumonic outbreak comprised hundreds of suspected cases in the Democratic Republic of Congo in 2006.

Bubonic plague, called the Black Death because of black bumps that sometimes develop on victims' bodies, causes severe vomiting and high fever. Victims of pneumonic plague have similar symptoms but not the black bumps.

Begon and his colleagues called for more research into better ways to prevent plague from striking areas where people lack access to life-saving drugs and to defend against the disease if used as a weapon.

"We should not overlook the fact that plague has been weaponized throughout history, from catapulting corpses over city walls, to dropping infected fleas from airplanes, to refined modern aerosol formulation," the researchers wrote.

Source:

Safe Can - Product Review

Store your valuables where thieves won't find them.

SafeCan is a ground-breaking product which makes it easy for people to hide their valuables in ‘dummies’ of everyday objects, like cans of beans or books. Branded products from household names, like Heinz or Collins Dictionaries, mean the dummy containers can be concealed with other household objects for maximum safety. The brands are fully licensed from their parent companies, so they look exactly the same! In other words, a very subtle low cost safe.

SafeCan is a exciting product that could help people protect their property, whether in their homes, their garage, in a caravan or a boat.

Recognised by Police Forces, Neighbourhood Watch Groups and Insurance Companies Worldwide as an excellent deterrent to theft. The SafeCan is the ideal place to hide money and jewellery.

Upon attending DIY & Garden and Totally Tools every visitor, including us media guys, were handed a goody bag at the door sponsored by Henkel which had a Can Safe in the form of a spray can of a Henkel product in it.

This is, I most say, the first time that I had a chance to get a closer look at one of those little low cost safe solutions and I can only say, “ingenious”.

More information on SafeCan, now part of the Sterling range of security solutions, can be found at www.sterlinglocks.com.

Blood risk for UK soldiers and civilians

Friday, January 11, 2008
Telegraph

Contaminated blood provided by the American military might have infected more than 24 British military and civilian personnel, it has been revealed.

Potentially fatal illnesses such as HIV/Aids and a cancer causing virus might have been transmitted into very seriously injured British troops, the Ministry of Defence confirmed.

The infections could have occurred any time between 2001 and last year to soldiers or civilian security guards who needed emergency blood transfusion while being treated in American field hospitals in Iraq or Afghanistan.

Poor record keeping and a less rigorous testing system led the US authorities to inform the British that they could not be certain that the blood was clean.

Source

Tunnel security exercise staged

Sunday, January 13, 2007
BBC News

A security exercise has been staged in the Channel Tunnel by police, fire and ambulance services from both England and France.

Eurotunnel said it was to test the co-ordinated emergency response if an incident were to occur in the tunnel.

A spokeswoman said it was to simulate a "particularly demanding problem" on board a train, and involved nearly 300 extras, assessors and observers.

Services were suspended overnight and customers were informed, she said.

Source

Gumshoes angry after Whitehall steps on their toes

Private investigators insist there is no need for licences and training.

The Observer, Sunday January 13 2008

It's enough to make Sam Spade, Dashiell Hammett's fictional private eye immortalised by Humphrey Bogart, breakfast on a quadruple bourbon. Gumshoes, who have a reputation for bending the law to dig out sensitive information, face being bound up in red tape. For the first time, the government wants to regulate them.

Proposals due to be published next week are expected to see the Security Industry Authority (SIA) move to license investigators, place them on a publicly accessible database, and force them to undergo training. The proposals come in the wake of its decision in 2001 to license the security industry.

The idea has some of the most powerful investigation firms in the UK up in arms. Though they do not object to being licensed, they fear the government might go down a road that could compromise the identity of undercover detectives working on sensitive cases that involve organised crime or high finance.

'I think they have failed to understand the breadth of our industry and the players in it,' says John Cunningham, global director of corporate investigations at industry giant Control Risks.

Jeff Katz, chief executive of Bishop International, who made his name by establishing that Italian banker Roberto Calvi did not commit suicide but was murdered, says: 'It would appear that the authors of the proposals are uninformed about the nature of investigations, particularly those carried out in connection with organised crime.

'For the purposes of such investigations, it is often necessary to pose as something other than an investigator. If, in those circumstances, someone was found to be carrying [SIA] identification, they could be in danger of losing life or limb. The suggestion illustrates a gross ignorance of investigative work.'

Some believe that the government crackdown on investigators was prompted by the inability 18 months ago to sentence two private investigators, who supplied personal information on a huge range of individuals to hundreds of journalists, to more than a conditional discharge.

At the time, the government's information commissioner, Richard Thomas, said: 'A custodial sentence is needed to deter people from this trade.'

Richard Newman, president of the Association of British Investigators, says his organisation has been campaigning for investigators to be licensed for the past 50 years and broadly welcomes the move. He points to a case in which a man charged with paedophilia offences set up an agency to trace lost children immediately on his release: 'This behaviour is not something we can countenance. We asked the Criminal Record Bureau if they ran checks, and were told that it wasn't their job.'

Source

Thomas Cook collaborates for crisis control

Bob Boyce, Director of UK Operations for Thomas Cook Group shares how he is using the latest BC technology to overcome communication obstacles during emergency procedures.

Thomas Cook Group plc is a leading international leisure travel group, created by the merger of MyTravel Group plc and Thomas Cook AG in June 2007. Each year more than 19 million people choose to travel with the Group, buying their holidays from a network of more than 3,000 owned or franchised travel stores, online or through call centres. It employs 33,000 people globally, operates a fleet of 97 aircraft and either through direct control or via franchise arrangements, also operates 46 hotels and other resort properties.

It is unquestionably a very sophisticated operation, with a portfolio of market leading travel brands across Europe and North America. Protecting the reputation of these brands is paramount and the Group insists on good practice and responsible decision making within all its operations. This is no more so than in the field of business continuity and incident management.

Four years ago, Bob Boyce, Director of UK Operations began a project to change the way information was distributed during an emergency. Boyce was looking for a solution that broke down the barriers of communication when he and his incident management team faced disruption during normal operations. The global nature of the company means that team members are located in different offices, creating obstacles of location and geography when accessing, updating and sharing information. This problem needed to be eradicated.

Boyce required a solution that facilitated real-time information management during an incident: software that could provide a platform for the rapid capture of information, its validation and quick distribution of the facts to those that need to know, enabling a more effective decision making process. Boyce wanted software that enabled members of the crisis team to confidently fulfil their business continuity obligations, safe in the knowledge that they were acting on all the relevant information available. Delivering the right information to the right people in this way could save lives, protect resources and maintain corporate reputation.

Following an evaluation of what was available on the market, Boyce decided to work with Solcara, an organisation his was familiar with through work that Solcara had successfully conducted with the Thomas Cook Media Relations Team. Together they implemented the Solcara Crisis Control Centre.

Acting as a virtual command and control facility, members of the Thomas Cook emergency procedures team, wherever they are (at the scene, at home, in the office, on holidays!) and with the appropriate privileges can record and distribute records pertaining to an incident. Information filtering enables the senior executives to quickly review and react appropriately to the facts, assess the impact and identify and prioritise the actions required to establish normality.

“To be effective it is important that it is easy to invoke an incident and that the team find the system easy to use,” says Boyce. Solcara Crisis Control Centre has enhanced the existing emergency procedures at Thomas Cook, “by making everything easily accessible, ensuring everyone is up-to-date and thereby avoiding confusion about what’s going on.”

Information is posted in electronic status boards that are easily configurable to a particular incident type or division of the organisation. Each record posted can be categorised to reflect its type, or importance level – for example, ‘requires action’, ‘information only’, “draft”, ‘confirmed for distribution’. Security determines who can add, edit or view information on which whiteboards and in what states. “Invoking an incident takes seconds and entering data is simple” says Boyce; it has to be, for time wasted on setting up complicated systems in the golden hour could be critical.

“It is a very powerful tool and such is the functionality of the Crisis Control Centre that I am looking for other deployments of this technology within Thomas Cook,” said Boyce. “I’m looking forward as well, to the enhancements other users will bring to the Control Centre, as part of Solcara’s commitment to user-led development.

The Solcara Crisis Control Centre meets Thomas Cook’s incident communication needs. Boyce advises that “when considering the implementation of an emergency procedure communication system, it is important not to over-complicate the process. Go for a best of breed approach selecting a group of tools for your purposes rather than stretching one tool too far.”

It is impossible to mitigate all risks in the operations of business and the delivery of public services. When things go wrong, however, it is important that organisations have the best tools to help their crisis teams to speed up the recovery of the business, and to learn lessons so that bad practices are not repeated. Solcara Crisis Control Centre is helping Thomas Cook achieve this and is now an integral part of their crisis management plans. Its adoption has lead to the protection of corporate and executive reputation and will highlight any operational deficiencies that can be eradicated, thereby preventing the recurrence of past mistakes.

Solcara will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk

78% of Fire Safety Professionals Unsure About New Fire Law

Firex South 2008 – 11-12 March 2008 – Sandown Park, Surrey
London, 3 December 2007. Findings from a recent poll reveal that 78% of fire safety professionals are unsure about their responsibilities under last year’s Regulatory Reform (Fire Safety) Order (RRO). In a poll of visitors to the Firex South 2008 website, when asked “How aware are you of the Regulatory Reform Order and its implications?”, over 3 quarters of respondents answered “I’m unsure about it”.

The RRO was introduced in October 2006, and places the responsibility for fire safety and risk assessment on the building owner or manager. Following the spate of recent fatal fires around the country, the implications of ignoring this legislation are obvious.

A successful prosecution under the RRO has a number of consequences, including a conviction against the responsible person and a penalty fine, and in some instances, imprisonment.

Commenting on the importance of compliance with the RRO, Lancashire's Chief Fire Officer, Peter Holland, states, "Our research tells us that just 32% of firms in Lancashire have carried out a fire risk assessment on their premises, putting themselves, their staff and customers at risk from fire and facing massive bills due to fire losses. I have no reason to suppose that this low figure for compliance is by any means exceptional in the UK."

"The average cost of a fire in commercial property is £44,000, with fires costing the national economy £7.03 billion every year. The RRO has placed the responsibility for fire risk assessments with business owners."

"Commercial financial losses apart, if people are not aware of their responsibilities and in the worst case someone dies, they face the full weight of the law. We want to apply a light touch and educate rather than prosecute defaulters, but with such terrible consequences in prospect, when it comes to raising awareness of the legislation we have no hesitation in promoting high-profile prosecutions as a wake-up call for businesses out there."

Aimed at installers, specifiers, and end-users of fire protection and prevention products, Firex South 2008 takes place from 11-12 March 2008 at Sandown Exhibition Centre, Esher, and is the ideal place to receive independent advice from the leading fire safety experts in the country.

For the first time, Firex South 2008 will feature a high level conference focusing on the implications of the RRO, including presentations from the Building Research Establishment (BRE), AXA Insurance, the Fire Industry Association (FIA) and ADT.

Entry to the show is free and visitors can register online at www.firexroadshows.co.uk, where the latest event information, news and conference programme are available. Companies interested in participating at this year’s event should contact Peter Poole on +44 (0) 207 921 8342 or email ppoole@cmpi.biz.