Episode 2 - Perspective from a real life former Anti-Corruption Police Officer
The programme follows the exploits of AC-12, a fictitious covert police unit, charged with investigating police corruption at the highest levels.
Last week we had an ambush, three dead police officers, another left wounded and the theft of a large amount of heroin.
The 2nd episode didn’t disappoint!
Managing corruption and the insider threat is one of the most difficult and time-consuming issues for police to deal with. This week, several real-life issues and challenges were highlighted. Blurring the lines again between what is fact or fiction in this gritty drama.
There are a few things that stood out for me this episode which have direct parallels with organisations I talk to and work with today:
The AC12 boss, Superintendent Ted Hastings complained that his department were not informed of an anti-corruption investigation going on. Even though it was his unit that had responsibility for all such operations.
All organisations, regardless of whether they are the police or civilian, have teams and business units with their own remit and agendas, and which operate without the knowledge of what other parts of the organisation are doing. This is quite normal.
The one place where this shouldn’t happen however is in governance and compliance matters. The insider risk cannot be managed when an organisation doesn’t talk and communicate between itself. There should always be oversight. One unit or body of people with knowledge of what is going on in the organisation. That body should have the ability to assess organisational risk in full knowledge of all the facts.
A statement was made in one scene that could not have been truer. It went along the lines of
“You will only find corruption if you look for it”.
Corruption and the insider risk cannot be ignored and if you don’t keep a watching eye on the problem, it will become endemic and all pervasive.
This episode saw what is called in the police, “Noble Cause Corruption”– Corruption being excused because it leads to a greater good. This might be justifiable under certain circumstances by some. So that, for example, a known criminal is at least convicted of something, lest he escape “scot-free”.
This attitude of – my wrongdoing isn’t as bad as theirs – can be seen in the business world too. When an employee decides that the project that they have worked on whilst in the employ of their company belongs more to them than it does the company themselves.
Or, because of bullying, unfair treatment or some other perceived wrong. That employee decides to leak sensitive information to those who shouldn’t have it. And they attempt to justify this release of information by saying that its “Not really wrong”, or its not as bad as the other persons wrong?
How do you deal with this? - By having acceptable behaviour policies, standards and ethics. Ethics enshrined within employee contracts and entrenched within the organisational culture.
Policy, discipline and culture combined will define how wrongdoing and corruption is viewed.
The Insider Threat
This episode also revealed that the officers killed, and the one officer spared in the first episode, were all corrupt. They were directly involved in the theft of the drugs and were shot in order to protect and cover the tracks of the crime bosses.
All were vulnerable to corruption because of the secrets and lies in their personal lives.
The woman police officer “spared” was having an affair and another, was a regular user of prostitutes.
Corrupt colleagues and criminals were able to use these sordid secrets to blackmail the officers into aiding and abetting in the theft of the heroin.
This is exactly how nation states, criminal organisations and competitors steal company sensitive information and intellectual property from private firms and government organisations.
Managing the “Insider Threat”, Cyber Security can only be done by managing risk holistically, across the business and it cannot be done piecemeal.
ESID Consulting are the experts in dealing with these threats.
Call us now if you would like to talk more about how to manage your insider risk and cyber security vulnerabilities. If you would like our help to do so. Or if you have any questions at all.
Web www.esid.co.uk Email firstname.lastname@example.org Tel +44 (0) 844 3582362
Episode 1 - Perspective from a real life former Anti-Corruption Police Officer
So, after a 2 year wait the hit BBC series “Line of Duty” is back on TV. Its first episode this week received some of the highest ratings ever for a police drama on the BBC.
The programme follows the exploits of AC-12, a fictitious covert police unit, charged with investigating police corruption at the highest levels.
The show begins with an ambush, that leaves three police officers dead and another wounded and the theft of £100m worth of heroin that was being moved from a police warehouse to an incinerator.
Although this is a fictional series. The plots, methods and politics could easily come from real life anti-corruption investigations - Albeit in real life, investigations of this sort involve huge resources and specialist techniques – not just a team of 3!
Managing corruption and the insider threat is one of the most difficult and time-consuming issues for police to deal with:
1) Enquiries must be carried out extremely carefully and quietly, so that corrupt police officers and the criminals paying them, aren’t tipped off.
2) Nothing comes together this easily! Remember, police officers know how to investigate, they know the law enforcement techniques used, the operational security employed, and they know capabilities - And a lot of the “bent” coppers I investigated were actually very good at their jobs.
This first episode sees the route taken by police to the incinerator leaked by a police employee – who happens to be the cousin of a serving AC12 police officer (PC Maneet Bindra) who has already been compromised in a previous series after providing (she assumed legitimately) sensitive information to another corrupt senior police officer.
Her cousin, the employee who leaked the drugs information in the first place had a gambling habit and was being forced to provide information because of his debts, making him vulnerable.
PC Bindra, knowing what was going on and desperate to protect her job, her family, and having already compromised herself previously, keeps quiet and gets herself into deeper trouble – Ultimately leading to her untimely demise.
The issues described above (uncontrolled gambling habit, debt, fear for losing one’s job and a failure to report concerns or wrongdoing) are classic “Insider Threat” red flags – not just relevant to police – They are relevant to all organisations, including yours!
There are sure to be many more twists and turns as this series progresses. One of the main characters Steve, is still in pain from previous injuries and he’s popping painkillers like its gone out of fashion….and the boss is getting divorced, living in a hotel room and is behind in his rent. And this is only episode 1!
Granted, most organisations don’t hold data of the sort of sensitivity we are talking about in this episode and nor do they generally transport huge shipments of Class A drugs around the country. However, companies and organisations do handle “sensitive” information – either belonging to their own employees, their patients, or their customers.
Companies also hold an enormous amount of valuable Intellectual Property (IP) or company sensitive information.
This information has a value to criminals and competitors. It should be protected in much the same way as police information is and assessed on the basis of risk.
A few pointers to protect your information – there are more which I will cover in later posts.
Get in touch now if you would like to talk more about how to manage your insider risk and cyber security vulnerabilities. If you would like our help to do so. Or if you have any questions at all.
www.esid.co.uk Email email@example.com Tel +44 (0) 844 3582362
There has been much talk about the Russian cyber attacks against the US Presidential elections in 2016 and others and the release of stolen emails and political campaign information resulting from those hacks.
I've put together this mindmap to demistify how it all happened and to show why it is critical to manage the insider threat / employee risk holistically - alongside your information security and your IT risks.
The mindmap shows that by using open source research and social media the hackers were able to socially engineer members of political organisations and campaigners in order to trick them into clicking on links and allowing the hackers "in" to their networks. From there they were able to gain access to other related organisations and eventually Hillary Clinton's private email server.
The information stolen was then passed to a variety people and groups - all of whom had a use for that information or found value in knowing the content. From political opponents to lobbiest and protest groups. A knowledge of the risks and threats posed and how attacks happen would have gone along way in mitigating these issues.
If you would like to talk more about protecting your business. Get in touch.
“The manufacturing sector is the third most targeted sector for cyber-attacks; yet it is one of the least prepared and protected sectors of the economy”.
These are the findings of a report published by the Manufacturers organisation, the EEF, in partnership with insurance firm AIG and RUSI, the Royal United Services Institute.
Many cyber-incidents (those that are discovered) go unreported; however, there have been a number of notable attacks on manufacturing companies in the recent past that have been widely acknowledged:
At the end of 2014, a German steel mill suffered a cyber-attack. The attack caused the office network to become compromised and prevented the shutdown of the blast furnace itself, resulting in massive damage to the foundry; in 2017, an attack on the industrial control systems of the Saudi Arabian petrochemical company, designed to cause an explosion, failed – only because the developers of the malicious software made an error in the code, the attack still caused the system to shut down, but it did so it in a safe manner.
Both of these attacks, are thought to have been assisted by “insiders”, with extensive access to systems and information.
Report – Headlines
The EEF report found that:
48% of manufacturers polled said that they had been the victim of a cyber-incident and ½ of them had suffered financial loss or business disruption as a result of the incident;
35% of manufacturing businesses are not embracing digitisation where possible, due to cyber security concerns and are therefore missing possible business opportunity to their competitors, who have modernised;
41% of manufacturing don’t believe they can assess the cyber risk properly because of a lack of information and advice and 45% don’t believe that they have the right tools to do the job;
Worryingly, 12% of manufacturers have no systems or measures in place at all to defend against the threat of cyber-attack and the resulting disruption that it would cause.
Cyber-security however is more than just dealing with the threat of technology and control systems being compromised to inflict damage and financial loss on a company.
Cyber-attacks can result in a multitude of different outcomes, including but not limited to the theft of sensitive information, the loss of access to control and IT systems and the loss of competitive advantage through Industrial espionage.
There is also another information loss vector that is often overlooked and should be considered – “Competitive Intelligence”.
All information leakage, legal or otherwise, can potentially be damaging to your business. The first thing to make clear is that the practice of competitive intelligence is not in any way illegal. It is a legitimate and respected business intelligence function, that provides extremely valuable information for those companies using it and is for this reason being included in my definition of “threat”.
An interesting paper, “Are we being innovative enough with composites”, written by Alison McMillan, PhD (a consultant at WOT-I Ltd) and published at the SAMPE Europe conference last year, suggests how it would possible for a competitor to discover likely “technology insertion timeframes” in manufacturing companies.
The full paper can be accessed at the following link;
“Technology Insertion Timeframes” can be identified by analysing the number of patent applications and comparing them against the rate of publishing of those applications and then looking for the peak. The report illustrates how easy it can be to identify the timeframe of a product coming to market.
When combined also with sophisticated data analysis, Alison McMillan demonstrates that this form of competitive intelligence could be an extremely powerful and predictive tool.
From my own conversations with Dr McMillan. In the circumstances described above, Patent and IP protection, held in a small number of major customer countries is likely to be sufficient to protect IP for a product globally. This is not the case however for manufacturing processes.
In order to protect manufacturing processes, Dr McMillan observes that companies should consider expanding the number of countries bound by IP protection measures, to include as many countries as possible with the advanced manufacturing and design capability, to provide the greatest possible protection. Without such action, a determined competitor could analyse the patent(s) and simply move the manufacture of “their” competing product to a country with a high-tech manufacturing capability, where the patent is not in force – combining information from design data and inferred manufacturing processes to gain competitive advantage.
“In many cases keeping manufacturing processes secret can be a much more effective means as a protection strategy” [than relying on IP protection alone].
[There are cases where a patent can be a necessary option – it protects the original inventor from another company patenting the same idea, and thereby being excluded from using it]
– Alison McMillan.
The danger posed through the use of competitive intelligence analysis, the increasing use of cyber-attack, industrial espionage and the theft of intellectual property, to steal the lead on a competitor, makes the need for that target firm to secure its information more important than ever.
Without “active” measures to secure and protect information against these threats, the route to manufacture for competitors and foreign governments alike, becomes a much more achievable one.
So, how do you protect your IP and your manufacturing processes?
The way to protect your company and your IP is to implement an Information Security Management System (ISMS) within your organisation.
A tailored system, incorporating cyber / information security and business continuity should be simple, measurable and achievable. It will ensure you have robust, risk based defences, with appropriate measures, tools and systems to prevent information leakage or to deal with incidents when they occur.
Implementation of an Information Security Management System within your business, aligned with international standards such as ISO27001 for Information Security will ensure that all cyber and business resilience risks are identified and controlled appropriately. Protecting you, your organisation and your Intellectual Property from risk.
For information on how ESID Consulting can help you to defend against the cyber threat please contact us
at firstname.lastname@example.org or Tel +44 (0) 844 358 2362
Gary is CEO and Founder of ESID Consulting. An Insider Threat & Information Security consultancy.