Cyber-attacks bring a host of new challenges
We have seen a pronounced shift in the way terrorists are attacking the very core of our society in the past two years. In addition to ‘traditional’ terror cells, we have seen an increasing number of so-called lone wolf attackers using vehicles and knives to murder innocent civilians in some of our major European cities.
Where terrorism was once the domain of dedicated counter-terrorism units, these lone operator attacks have put increased pressure on mainstream police officers and first responders. In the response to the attack at an Ariana Grande concert at Manchester Arena in May 2017, during which 22 people were killed and 59 others injured, three quarters of the security resources deployed came from mainstream policing
Terror threats are, however, not limited to violent attacks of course. Cyber-attacks are becoming an ever-prevalent threat to critical national infrastructure (CNI) operators and to major corporations.
A category one cyber-attack, the most serious tier possible, will happen “sometime in the next few years”, a director of the National Cyber Security Centre has warned. According to the agency, which reports to GCHQ and has responsibility for ensuring the UK’s information security, a category one cyber security incident requires a national government response.
In the year since the agency was founded, it has covered 500 incidents, according to Ian Levy, the technical director, as well as 470 category three incidents and 30 category two, including the WannaCry ransomworm. Speaking at an event about the next decade of information security, Levy warned that “sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cyber security.
The Wannacry attack in May 2017, using hacking tools widely believed by researchers to have been developed by the US National Security Agency, hit international shipper FedEx, infected more than 300,000 computers in 150 countries and crippled the UK’s National Health Service. The result was that operations had to be cancelled, ambulances diverted and documents such as patient records were made unavailable in England and Scotland. Organisations had just a few days to pay the ransom or face losing their files forever. In mid-October a security expert at Belgian university KU Leuven, Mathy Vanhoef, discovered a weakness in the wireless security protocol WPA2, which could affect every Wi-Fi connection in the world. The Key Reinstallation AttaCK (KRACK) had broken the security protocol used to protect the vast majority of Wi-Fi connections, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks. At the time of writing, technology organisations are all working hard to release patches that will protect their customers. The advice being given for now is to make sure you have a password on your Wi-Fi and not to use any unsecured Wi-Fi networks.
A New Approach to Training Security Critical Agents
Just as one cannot afford to stand still as the threats to our civil society are constantly evolving, so also is an innovation taking shape in how the police and other Security Critical Agents (SCA) are trained. SCAs include counter-terrorism units, border guards and first responders (police, firefighters, ambulance services, civil security agencies or critical infrastructure operators).
Innovative serious gaming techniques and a range of training scenarios are being developed as part of TARGET (Training Augmented Reality Generalised Environment Toolkit), a project that has received almost €6 million in funding from the European Commission under the Horizon 2020 research and innovation programme. Using a combination of augmented and virtual reality, TARGET is delivering a pan-European serious gaming platform that features new tools, techniques and content for training, but also incorporates methodology to assess the skills and competencies of SCAs. The project also includes a number of command post exercises, one of which focuses on the impact of a cyber-attack on an energy grid. This particular trial was hosted by Cleveland Fire Brigade, one of the partners in the TARGET project. Mixed reality experiences will immerse trainees at operational, tactical and strategic command levels, who will use a combination of both real and training weaponry, radio equipment, command and control software, decision support tools, real command centres and vehicles. A web-based Geometry Store has been created, which already contains over 250 AVR human models of first responders and civilians, as well as vehicles and equipment. These will be added to and animated, as the project continues. A Photogrammetry Survey Drone, unavailable on the open market, has also been deployed to generate 3D modelling of landscapes and buildings. Social and ethical content will also play an important role throughout all aspects of the project.
An important milestone in the TARGET project has now been reached, as each of the end user agencies is trialling the Beta versions of the mixed reality solutions and Training Contents (TC). By evaluating them in real-life training environments with operational SCAs, the six trials will provide extremely useful feedback to the technical teams for the continued development of the software.
CBRN Incident in a Clan Lab
Hosted by the International Security and Emergency Management Institute in the Slovak Republic with the support of the Slovak Police (Department for Detection of Hazardous Substances and Environmental Crime) and the Slovak Fire and Rescue Corps, TC1 is an augmented and virtual reality exercise with field-based components. Police officers in gas tight HazMat suits, wearing Hololens headsets projecting 3D imagery, are required to act properly and to collect forensic evidence in a mock clandestine laboratory containing simulated radioactive and chemical materials.
Protecting CNI During Mass Demo
TC2 is a senior level command post exercise, hosted by Fachhochschule der Polizei des Landes Brandenburg in Germany. Inputs to the command team are from CCTV and heli-teli views of the incident scene, radio communications, social media, as well as information from their own command and control systems. Asset location and status information is presented on the TARGET trainer/trainee user interface from project partner Fraunhofer IVI.
Steve McAllister, Cleveland Fire Brigade; Ian Harrington, Cleveland Police; Simon Weastell, Cleveland Fire Brigade
Cyber-attack on Energy Grid
Cleveland Fire Brigade is the host for TC3, in which a sustained attack on a region’s power grid is simulated. This exercise addresses the strategic and policy level of operations and will be delivered to a senior multi-agency command team in Cleveland’s strategic command centre. The scenario focuses on the critical infrastructure components and key locations, including the effects to power stations, hospitals, railway stations, residential areas, resultant major incidents and the prioritisation of responses.
Tactical Firearms in Confined Spaces
The Institut de Seguretat Publica de Catalunya with Guardia Civil are hosts in Barcelona to TC4. Firearms teams attempt to break into structures and affect rescues or interventions against possibly hostile and armed individuals. This is a tactical level exercise involving the practice of very physical skills and utilising real weaponry, equipped with blank rounds. The trainees will be wearing Hololens headsets throughout, allowing them to interact with a variety of threats in the form of digital holograms.
Police Respond to Violent Individuals
In TC5, police officers at the École Nationale Supérieure de la Police near Lyon have been asked to resolve a complex and threatening situation after a car accident, involving a potentially violent individual and a bystander. This is a tactical level exercise, using small arms instrumented with trackers to record when a weapon has been deployed. The participants are interacting with holographic characters and objects, but also have to contend with a real motor vehicle in the environment.
Major RTC with Multiple Fatalities
Deutsche Hochschule der Polizei in Münster hosts TC6, a command post exercise that takes place in a simulated command unit. Operational commanders have to contend with a complicated motorway road traffic collision, involving over 80 motor vehicles and lorries over a wide geographic area. A monitor inside the command unit shows commanders the scene from its location and participants are also be able to use a virtual reality headset to add another perspective to the exercise.
TARGET will deliver an extremely realistic and flexible AVR simulation solution incorporating a range of dynamic and variable scenarios. A multi-language, online exercise creation and management tool will be available, allowing agencies throughout Europe to use the training content. Special support will also be provided to translators to assist the creation of local language versions of the training content modules.
The final outcome will be a highly immersive training solution, resulting in superior and more effective training experiences for SCAs. The vision of the project is to make the TARGET Open Platform the reference for SCA training using serious gaming across Europe – something that does not exist currently.
Anyone interested in finding out more about TARGET is invited to browse the website and to join the TARGET Community at http://www.target-h202 0.eu
Write a Comment