Report on DC Kenny Taylor’s talk – Fostering Security in the workplace
City-centre security incl threat awareness – 23rd and 30th April 2008
The Business Matters Trust is very grateful to McGrigors and Baillie Gifford for their hospitality in the provision of the venues and generous buffet lunches.
Iain Archibald (at McGrigors) and Eric Smith (at Baillie Gifford) welcomed those attending this second talk in the series on Fostering Security in the Workplace and introduced DC Kenny Taylor, a Special Branch Counter Terrorist Security Advisor working with Lothian & Borders Police.
Kenny described the background to his work and the overall security situation in Britain, gave us a clear idea of what initiatives and measures are in place to deal with potential terrorist threats and touched on what each of us, as members of the business community, should do in order to minimise the chances of attacks happening and the consequences on our staff and businesses.
Kenny indicated in broad terms the role of a Counter Terrorism Security Advisor and spoke about the training received, covering such diverse topics as threat intelligence (the ability to notice and respond to suspicious behaviour before any situation becomes critical), security surveys, vehicle and pedestrian access control to sites / areas, and personnel and IT security.
He identified that, nowadays, the intent of the terrorist is not, as epitomised in previous years by the IRA and similar organisations, to strike at the infrastructure of society with some human casualties, but rather to inflict maximum casualties and death by the tactic of employing multiple “backpack” devices to be triggered at or around the same time in highly populated and crowded places, usually without any warning. Examples of such places would include shopping centres and high streets, stadia, transport systems, government or iconic sites and even the crowds of people who may be present in the aftermath of a previous incident.
Kenny used some very telling video footage to demonstrate to us that “things are different now”. The London 7/7 bombings and the incident at Glasgow Airport showed us very clearly that great devastation is the goal, and is carried out by terrorists in ways quite different from a few years ago. He reminded us that no security system can be set up and left alone but that constant review is necessary in order to ensure that it is fit for purpose. Footage of the President of the United States extolling the virtues of a border security area which clearly in the background was not working even as he spoke served as a light-hearted way to drive this point home.
Kenny described the various threat levels from “low” to “critical” which are used to indicate the current risk level. The highest of these, “critical” can only be maintained for 72 hours without review but the others can be ongoing. Kenny stated that the current level is “severe”, meaning that an attack is highly likely, and that this level has been maintained for a number of months now and is not likely to reduce in the short term. The threat level is not universal and different sectors such as the rail network, UK aviation, central London, military bases etc. all have separate threat assessments and ratings. Economic Key Points or EKPs are assessed on a case by case basis. Kenny gave the example of an imminent EKP with the statistic that, once the proposed bioscience park at Edinburgh Royal Infirmary is complete, Edinburgh will have one of the highest concentrations of bioscience industry resource in the world, second only to Japan.
Kenny defined terrorism as “the use or threat of action designed to influence government or intimidate the public and made for the purpose of advancing a political, ideological or religious cause”. As adjuncts to this, terrorism involves some or all of the following: serious violence against the person; endangering life other than that of the person committing the action; creating a serious risk to the health or safety of the public or a section of it; serious damage to property; interfering with or seriously disrupting an electronic system.
What is in place to address these issues?
Kenny outlined Operation DELPHINUS, the National Security Seven Point Programme covering:
- Policing plans
He indicated how this was implemented at Divisional level within the Police Force and highlighted the need for regular briefings, both of police and civilians, for good flow of knowledge and information and for the formation and enhancing of partnerships between the police and the community. All of this contributes to the authorities being able to respond to any situation in a proportionate manner.
The Government has identified ten sectors of Critical National Infrastructure covering:
- Emergency Services
- Government and Public Services
- Public Safety.
The Government Counter Terrorist Strategy (CONTEST) nowadays, in contrast to a reactive approach in the 1970s, is based on risk reduction arising from threat and vulnerability reduction, which in turn arises out of prevention, pursuit, protection and preparedness.
Other initiatives which are taking place locally include ARGUS, a DVD-based table-top exercise run by himself or his colleagues. Kenny was keen to mention the benefits of this exercise and said that our businesses would be welcome to participate in this 3-4 hour exercise. See below for more on this. Other initiatives which were reassuring to hear about included GRIFFIN (the use of trained non-police security staff for non-critical roles in the event of an incident) and moves to reduce the strength of commercially available Ammonium Nitrate, a favoured explosive.
What should we do as businesses to help ourselves?
Kenny suggested that we should manage the risks by:
- Identifying the threats against our organisation, our premises and our neighbours
- Establishing our vulnerabilities and what we need to protect
- Identifying measures to reduce the risks, producing security plans and identifying improvements
- Reviewing our security measures and rehearsing our business continuity plans
He briefly described the extensive list of resources which are available to us all via the internet and reassured us that, if we did visit the MI5 website, then we would not receive a visit from him or one of his colleagues the next day! The resources and organisations mentioned included: National Counter Terrorism Security Office (NaCTSO), MI5, and Business Publications.
Kenny urged us to accept our responsibility as members of the wider business community and outlined such strategies as having “buddy” companies in another part of the UK whose resources we could use in the event of an incident and who might even have listings of our employees. Why? To allow them, in the event of our phone lines here being disabled at the locus of a terrorist attack, to contact other branches of our operation and next of kin.
He referred to the BSI standard BS25999 as being a useful tool in this area and provided us with a list of contact numbers and web addresses which I reproduce below.
Anti-terrorist Hotline 0800-789-321
To quote one of his final slides, “Our response to terrorism is not just the sole responsibility of the enforcement services: it is the responsibility of the whole community, and only by all communities working together will there be any hope of success”.
Questions and Answers included
“What should we do if we see something suspicious?” Kenny reassured us that calling the hotline or indeed himself was not something to hesitate or be embarrassed about, since often as not we are the best placed people to notice anything unusual going on in or around our businesses. He gave examples like noticing “hostile reconnaissance”, including seeing people taking photographs in unusual places such as service areas, seeing people pacing out entrance doorways (perhaps sizing them up for a vehicle attack), or observing the same stranger in the same place in our building on consecutive days (perhaps checking for times when the maximum number of people and hence potential casualties would be in the area). If we are concerned that there may be a possible threat, we should not hesitate to call 999. No one will criticise us for doing so.
“What should we do if we find ourselves in the middle of a terrorist attack/situation?” Kenny said: above all, make yourself safe. Don’t necessarily evacuate the building, since this may be exactly what the terrorists are hoping for. Know and rehearse your security plans. This made us ask ourselves: Does our office have a security plan? Do I know all I should about it? Does everyone know what it is? Have we rehearsed it? We have already had a G8 summit nearby. That alone should have alerted us to the need to have such a plan in place.
“Will it take an incident in Edinburgh to make people take this threat seriously?” Kenny indicated that any incident happening locally will inevitably ratchet up awareness, but highlighted that the proactive embracing of threat assessment and involvement in initiatives such as ARGUS is greatly to be preferred to doing nothing and hoping that it won’t happen here.
After thanking Kenny, on behalf of business matters, there was the opportunity, taken by a good number, to talk with him and network with others with similar concerns to ourselves.
Two final comments:
ARGUS: we at business matters are very willing to coordinate enquiries from companies large or small who may wish to take part in an ARGUS session. It lasts a morning. There is no cost involved. Only a venue with DVD facilities needs to be found. The minimum number of participants needed is 20. We are happy to pool names and to build up a list to achieve the minimum number. This will especially interest SMEs who on their own may not have the minimum number of takers. Please let us know if you are interested.
Lastly, it was timely that on 1st May, as I was preparing this report, an article appeared in The Scotsman on precisely the topic of complacency in this regard and the risk it poses. The link to the article is here.
Consultant to business matters