CONSEC 2017 returned to the Marriot Hotel, Heathrow on 12 October. The conference was opened by Joe Connell, who thanked the sponsors and exhibitors and welcomed faces old and new.
Joe explained that the conference theme, UK security: Independent, but not alone – maintaining security in a global context – reflected the challenges and uncertainties facing security professionals. The speakers would provide the opportunity for delegates to look forward and more widely at the issues they face in their work.
Bill Butler again chaired the conference and opened by reflecting on the happenings around the world of the past twelve months – extreme weather, terrorist and cyber attacks in the UK, political upheaval and the ongoing Brexit soap opera. He encouraged delegates to join in sessions by asking the speakers questions and taking full advantage of the exhibition.
The keynote speaker was Lord James Bethell, who has a twenty-year track record working across government, media and industry, was a founder of Portland Communications and is also the patron of the Association of Security Consultants. James gave a wide-ranging and incisive analysis of the current political environment and the considerable uncertainties facing the UK over Brexit. He discussed the current terrorism agenda and how that changed. His suggestion was that the solution to the current terrorism issues was not through war or the criminal justice system, rather it needed community solutions. His concern was that policing resources are under pressure and that this has an adverse impact on community policing and issues of policing consent within communities.
The second speaker was Ed Butler who, following a distinguished military career, is now Head of Risk Analysis at Pool Reinsurance, the government backed terrorism reinsurance scheme. Ed talked about the development of current terrorism risks and the escalation of violence to people. He described an analysis based on Volatility, Velocity, Vulnerabilities and Vacuums. He shared the analysis work being done by Pool Re. and stressed the importance of sharing analysis across the broader security community.
CONSEC delegates enjoyed a comprehensive exhibition and practical demonstrations from a broad range of providers during the breaks and were able to network with fellow security professionals. Old acquaintances were renewed and fresh ones made with positive feedback on the quality of business-related introductions.
Sir Hugh Orde, a former senior police officer with 38 years of policing experience, including 7 years as Chief Constable of the Police Service of Northern Ireland was the third speaker. Hugh, reflecting the Northern Ireland experience, said that we should remember that terrorism ends – eventually. He suggested that key elements of this were the role of negotiation, the role of the private sector in building protective capacity and the role of community policing. Hugh shared the concern that the pressure on policing resources was undermining this key element.
The final conference speaker before lunch was Cath Golding, Head of Information Security at Nominet, the company that runs the ”.uk” and a Board Member of the Women’s Security Society. Cath was the first of two speakers focussing on cyber security risks and mitigation. Cath said that the Domain Name System (DNS) was like the plumbing – you only notice it when it stops working. Cath provided a simple and understandable explanation of how DNS works and the threats it faces, giving practical examples. Cath described how Nominet monitor the internet to anticipate and identify attacks, and stressed the importance of the effective analysis of data in doing this. However, Cath emphasised that the risk of attacks was such that organisations must prepare for a successful attack and have in place resilience and continuity plans to handle this.
Before lunch, delegates received a presentation from the main conference sponsors, Dallmeier. The Marriott Hotel once again provided a good choice of buffet lunch. The exhibition stands were busy with around 200 delegates and exhibitors circulating and chatting, many carrying on conversations with the morning’s speakers.
The afternoon programme commenced with the presentation of the ASC Imbert Award for Security Associations. The Award was presented by Joe Connell to Dr Alison Wakefield for her considerable contribution to the professionalisation of the security sector.
The afternoon speaking programme commenced with a presentation from Paul Heffernan, Group CISO for the Unipart Group of Companies. Paul started his career as an “ethical hacker” and has worked at board level to help organisations secure trusted global commerce. Paul continued the cyber theme, speaking about protecting globalised supply chains from cyber risk. Modern supply chains were highly complex and the visibility of those involved down the supply chain, including sub-contracting, multiplies the vulnerabilities and risks, particularly as the nature of the chain requires some openness of data. Paul gave practical examples of how organisations had been penetrated as a result of initial breaches in the security of the supply chain. Risk could be mitigated by active management of the risk with suppliers, requiring best practice certification and sharing intelligence and security testing.
The next speaker was Aiden Anderson, an independent security consultant with a background in army intelligence. Aiden spoke about how organisations can benefit from protection against diverse threats through independent security advice. Organisations face threats from many sources and outsourcing elements of operations and support services makes the threat and risk more complex – as Paul Heffernan had described in the cyber context. An independent consultant could bring a broader view to the threats and risks and, from a properly independent perspective, challenge preconceptions.
The final speaker was Shaun Hipgrave, head of the government’s Joint Security and Resilience Centre (JSaRC), part of the Home Office. Shaun opened by setting out developments in the context of the Prime Minister’s statement that “enough is enough”, following the terrorist incidents earlier in the year. A review of the CONTEST approach was underway and Paul stressed the government’s determination that there should be proper private sector engagement in the process. There was significant investment to support this and also funding in other areas, notably cyber. In practical terms, the task force was now up to 25 people and there were now active projects in partnership with the private sector, including work on effective screening technology for large scale venues. There remained challenges, including being able to release data and the procuring flexibly to include SMEs, but progress was also being made.
CONSEC2017 again concluded with a lively panel debate, of Hugh Orde, Ed Butler, Dr Alison Wakefield and Shaun Hipgrave and chaired by Bill Butler. Bill opened by seeking the Panel’s views as to whether security could be “independent but not alone”. The need for operational independence of key elements, such as the police, was recognised, but the panel’s view was that the threats and risks faced requires joined up approaches, locally, nationally and internationally. The audience then joined in and a lively debate took place, covering the importance of better sharing and co-operation between government and private sector organisations and the need for better community and local based policing and intervention. The point was made strongly that successful community relations depended on the community recognising itself in those it was asked to work with.
Bill Butler concluded the conference by setting out his view on the themes that had emerged:
- The need for community based solutions, including the need for sufficient funding and a better reflection of gender and ethnicity in the sector to improve understanding.
- The need to share intelligence and expertise more widely between government and private providers
- The broad range of threats and the need to have plans in place to respond.
- Hugh Orde’s view that, although terrorism was terrible, it ends - eventually.
Overall, CONSEC was a successful opportunity for delegates to hear some authoritative views on the world in which they work and to engage in debate in the conference and the margins on the issues that they have heard about.
The CONSEC Brochure can be downloaded here
08.30 - 09.30 REGISTRATION / COFFEE / EXHIBITION / NETWORKING
09.30 - 09.35 Welcome to CONSEC 2017 - Joe Connell - ASC Chairman
09.35 - 09.45 Introduction by Conference Chair: Programme and house rules Bill Butler LLB, CPFA, CSyP
09.45 - 10.15 Keynote address: ‘UK Security Independent But Not Alone: Maintaining Security in a Global Context ‘ Lord James Bethell, ASC Patron, Westbourne Communications
10.15 - 10.45 Global Threats - A business insurance perspective Ed Butler, CBE, DSO Brig. Gen. (retired), Head of Risk Analysis at Pool Re Reinsurance Ltd
10.45 - 11.15 MORNING COFFEE / EXHIBITION
11.15 - 11.45 Protection against threat – A global enforcement perspective Sir Hugh Orde, OBE QPM, ASC Patron, Former Chief Constable of Northern Ireland and President of Association of Chief Police Officers
11.45 - 12.15 Protecting critical national infrastructure from cyber threats Cath Goulding, Chief Information Officer, Nominet
12.15 - 12.30 A Word from CONSEC 2017 main sponsor Dallmeier
12.30 - 13.30 LUNCH and EXHIBITION
13.30 - 14.00 The Imbert ‘Associations’ Prize 2017
Awarded to an individual in recognition for their significant contribution to the security sector for the year.
14.00 - 14.30 Protecting the cyber risk of globalised supply chains Paul Heffernan, Group Chief Information Security Officer, Unipart Group
14.30 - 15.00 Protection against diverse threats: The role of the independent security consultant Aidan Anderson, Red Leaf Consultancy
15.00 - 15.30 UK government & UK Security Industry working effectively together through the Office of Security & Counter Terrorism and JSaRC Shaun Hipgrave, Head of Joint Security & Resilience Centre (JSaRC), Home Office
15.30 - 16.00 Panel Discussion: ‘UK Security Independent But Not Alone: Maintaining Security in a Global Context ‘ Hosted by Bill Butler, CONSEC 2017 Chairman
16.00 - 16.10 Vote of Thanks and Prize Draw - Joe Connell - ASC Chairman
16.10 - 16.30 AFTERNOON COFFEE / EXHIBITION
The Association of Security Consultants‘ chairman Joe Connell opened CONSEC 2016, thanked the sponsors and exhibitors and welcomed faces old and new to the best attended CONSEC to date. He writes:
I explained the threat comes in all shapes and sizes and so must the responses. ASC is adapting to reflect that broader scope of experience and has expanded over 25 per cent in the last year. All ASC events are aimed at ‘Learning, Sharing and Networking’ with like-minded professionals, but CONSEC is specifically aimed, not just at examining the here and now, but also taking a peep over the horizon at the emerging threat and the future threats; and considering how best we together, as advisers and providers of solutions legal, technical and human, can be best prepared and to provide effective solutions for our wide-ranging base of clients. I referred to the rich selection of speakers drawn from government, industry and academia, the strong representation of technical exhibitors, and the diverse audience all contributing to the value of CONSEC 2016. Quoting Henry Ford that ‘The only real security that a man will have in this world is a reserve of knowledge, experience, and ability’ I claimed that’s exactly what CONSEC is about: Knowledge, Experience and Ability.
The retired SIA chairman Bill Butler again appeared as the conference chair. Bill, who has a long held interest in security, assisted in putting the programme together and wanted specifically to draw on the question of the future skills that would be required in the security field. Bill’s services to the ASC and to CONSEC were rewarded with his appointment as an Honorary Member of the ASC.
The keynote speaker, Jane Cannon MBE, comes to government as Director of Security Sector Engagement. An engineer by profession, Jane has a long and successful career in the commercial sector and understands it very well. Jane spoke with passion about building trust between government and engaging the private sector in achieving objectives that support UK policy and in making that knowledge available in government circles. Jane mentioned a specific workstream, particularly relevant to the commercial security sector, the new Joint Security Resilience Centre, which would be near Cambridge and work to support the government’s review of the “contest” strategy. This initiative is attracting significant government investment of £11m, matched by private sector sponsorship. It aims will include the provision of better two-way communication between government and industry.
CONSEC’s second speaker provided a global security forecast. Frances Nobes, as Head of Risk Analysis at World Vision, needs to take a truly global view in her day to day business which spans operations in over 90 countries. Speaking on the persistent threats of political and civil unrest, terrorism, and preparation for spontaneous incidents, Frances emphasised that these risks had to be properly assessed and managed by organisations and the essential corporate responsibilities for their duty of care to employees.
CONSEC delegates enjoyed a comprehensive exhibition and practical demonstrations from a broad range of providers during the breaks, and the opportunity to network with fellow security professionals. Old acquaintances were renewed and fresh ones made with positive feedback on the quality of business-related introductions.
John Vine, former Chief Constable of Tayside and the first Independent Inspector of Borders and Immigration, was the next speaker. This topical subject, which has attracted a lot of knee-jerk reaction in the media, was put in perspective by John, drawing on his experience as Chief Inspector. He pointed out that the current mass movement of populations for a variety of reasons is greater than at any time since the Second World War (40 million displaced people following WW2, 65.5 million today). The removal of internal borders, e.g. in the European Schengen area to facilitate commerce, has implications in a time of heightened security threat. As well as educating the audience, John gave practical examples of security issues relating to establishing individual identity, using and developing intelligence, and enhancing sensible border control activities.
Who better to speak on terrorism than Richard Walton, who recently vacated the role of Head of SO15 Counter Terrorism Command? Richard, now a consultant, speaker and writer on terrorism is a recently appointed member of the ASC. Richard gave a frank overview of the causes of terrorism. He emphasised that terrorism is a criminal activity and in civilised societies must primarily be combatted through the Rule of Law and criminal procedure. He referred to specific terrorist cases and drew attention to the UK’s global leadership in disrupting and detecting terrorism, keeping populations safe at home and overseas. He predicted a continuation of terrorist attacks, possibly more sporadic and designed to shock.
CONSEC’s chosen venue The Marriott Hotel, Heathrow Airport proved once again what a fine choice it is over a superb lunch, and a completely revamped and modernised conference centre. The exhibition stands were busy with almost 200 delegates and exhibitors circulating.
The afternoon commenced with awards and presentations. The finalists for the ASC Imbert Award for Security Associations were Prof Martin Gill (nominated by ASIS and Security Institute), Lynn Wats Plumkin (nominated by IPSA) and Pauline Nortsrom (nominated by BSIA). A close-run race, and each a winner in their own right, the overall winning prize went to Prof Martin Gill of Perpetuity.
Three new members of the ASC were welcomed and received their membership certificates from Joe Connell and, of course, trademark ASC tie. These were Richard Walton, John Lewes and Maurice Humphries.
The afternoon speaking commenced with a presentation from the Centre for the Protection of Critical National Infrastructure (CPNI) on the insider threat, particularly in the context of Civil Aviation. As usual, the security and procedural advice from CPNI was clear and logical, referring to ongoing personnel security, vigilance campaigns and the threats from social engineering, and supported by practical advice and guidance. Special comment was made by members of the audience on how useful CPNI’s many security advisory products are in practice.
No security conference is complete without reference to cyber. This year’s CONSEC heard from Dominic Cockram, CEO of Steelhenge and a specialist in Crisis Management. Dominic emphasised the contribution made to cyber threat by human interaction, with 80pc of events due to error, lack of awareness or malicious intent. He used the Talk Talk incident as a case study to outline the various challenges faced during a cyber crisis eg. the uncertainty, unfamiliarity, speed and complexity, and the consequences needing external help, public and staff outrage, loss of trust. He outlined how cyber-crime can, in effect, make the victim look like the villain. Dominic’s advice included knowing what information is at risk, what that risk is, having a crisis leadership structure, and rehearse, rehearse, rehearse!
The final CONSEC speaker was Dr Alison Wakefield from University of Portsmouth. Having heard the range of topical threats and risks both in front and over the horizon, Alison’s task was to assess what future skills may be necessary in the security sector and how best to harness and develop them. Alison referred to the move from the original ‘Green Shack’ unsophisticated security solutions toward the ‘Total Asset Protection’ approach of today. She identified the need for security departments and professionals to show enhanced thinking and capabilities, and for end users to be helped to become more security aware, especially relating to opportunities and risks surrounding information. Enhanced information literacy may lead to greater learning opportunities, specialisation and possible outsourcing.
CONSEC 2016 concluded with a panel of Dr Alison Wakefield, Richard Walton and Jerry Hart, Global Risk Analyst at SGS, chaired by Bill Butler. With Alison as the academic, Richard as a practitioner, Jerry who is completing a work based learning doctorate seemed to fill the evolving role of ‘Pracademic’. According to Alison, this trend for practitioners to develop skills, experience and learning through academia is influencing the developing security environment. Jerry added, that being the practitioner is about asking ‘How?’, whereas the academic element is about asking Why?’ All three of the panel spoke positively about the UK’s leading role in public sector security, with police and military solutions admired the world over. They agreed this may also apply to the UK’s private security sector, acknowledging the difficulty in defining competence over qualification. The efforts of the keynote speaker Jan Cannon in her role at the Home Office are to be welcomed in this regard.
Bill Butler concluded by setting out his view on the themes that had emerged:
• Recognising the central role of the individual, as victim, as migrant, as employee.
• The importance of trust and cooperation.
• The challenge to our traditional conceptions of civil rights and the sensitivities of recognising this.
• The significance of the role of social media.
Overall, CONSEC succeeded in its objectives of encouraging the ‘Learning, Sharing and Networking’ required to keep the security industry ahead of the game. It gave participants a lot to think about on their immediate horizon, and permitted them a peep over the top at what may be coming!