If the security challenges for 2018 weren’t challenging enough what will 2019 bring? Last year we saw the first use of the deadly Novichok nerve agent anywhere in the world, making a household name of a substance only very few had heard of before. Then we have the growth of terror that Andrew Parker the Head of MI5 described as working at unprecedented levels and the CT Police highlighting that the number of active investigations going on at once had grown from 500 to over 700. We also see security challenges caused by Gatwick airport being shut for 36 hours over a peak holiday getaway period because of a drone or drones in its airspace.
So, what does 2019 hold for the Security community in the UK? More of the same or are we likely to see anything new?
The biggest challenge that is occupying many people’s minds is that of BREXIT and the implications that will have on wider security architecture. Peter Franciscus Van-Osselaer, Head of Operations, European Counter Terrorism Centre, EUROPOL told Philip Ingram MBE that, “even in the event of a ‘no deal BREXIT,’ the UK had in place bilateral and other agreements to ensure security working arrangements would remain as close to as they are today with the UK in the EU. No one, not on the UK side or the EU side wanted to lose the working relationship that was in place today.”
Putting BREXIT to one side, the Cyber threat is all pervading through society, continually morphing and finding new ways to threaten networks, businesses and personally identifiable data. The biggest threat we are likely to see in 2019 is through Artificial Intelligence or AI. This will be three-fold, the first, the threat to AI enabled business practices, the second, the criminal use of AI to break into networks and the third is the use of AI to protect networks.
Tied into this growing risk area is the growth of the ‘attack surface’ through the proliferation of Internet of Things (IoT) devices, the always connected and everything connected society we seem to be growing into and this will become worse with the roll out of the 5G data network that is up to 1000 times faster than the current 4G networks.
The traditional ransomware and data theft attacks will continue but we will see a rise in manipulation attacks, manipulating data to create undue influence and potentially reputational damage.
Threats will range from the home based ‘geek’ through to state sponsored like we saw with Wannacry and notPetya and are seeing with increasing wariness for governments to allow tech giants with potential Chinese government influence such as Huawei and ZTE from increasing their access to faster networks such as 5G. The clear message from these attacks are the threat state actors can have on not just enterprise businesses but also SME. However, it is important to balance this ‘wariness’ out as nothing has been proved against the Chinese firms despite intensive testing whereas CISCO had 7 back doors discovered in their equipment’s in 2018, some of which were blamed on the NSA. Security vulnerabilities are as much an economic tool as they are spying tool.
The focus on alleged illicit state activity in the use of manipulated and targeted data in various elections around the globe is being investigated, 2019 will likely be the year of the consequences of those investigations becoming public. However, what this is likely to do, is emphasise the potential of information being used as a weapon designed to cause an effect and in industry that effect could be reputational. Public Relations will probably move a little more towards the centre of risk mitigation activities.
The closure of Gatwick Airport outside London for 36 hours before Christmas brought the drone threat firmly back onto the agenda. The UK Civil Aviation Authority Drone Risk Assessment of January 2018 makes no mention of the use of drones to deliberately disrupt a working airfield and the lack of equipment to deal with the threat shocked a large number of people. One airline working out of Gatwick say the incident cost then £15 Million but the full cost of the incident hasn’t been calculated yet.
A scare at London Heathrow Airport in January was dealt with in less than an hour with only one runway closed, but highlighted the very real threats that drones provide to the safe operation of airports and a after several incidents in the Middle East, the Emirates Authority for Standardisation and Metrology (ESMA) estimated the cost of closure at $100,000 per minute, meaning drone detection technologies would very quickly fall into the cost effective bracket!
Thank goodness our news headlines are not filled with stories of continuing successful terror attacks as seemed to happen in 2017. However, the threat hasn’t gone away and in the words of Andrew Parker the head of the UK Security Service MI5, the threat has reached “unprecedented levels.” This is reflected in the growth of active investigations from 500 in 2018 to 700 towards the end of the year and into 2019 with 3000 active suspects and another 20,000 on a terror watch list.
With the squeeze to near elimination of the ground so called ISIS held in Syria and Iraq it would be easy to assume the terror threat was waning. Not the case says Vasco Amador of the cyber Intelligence Company Global Intelligence Insight, who track extremists online. “In recent months was have seen a relaunch of so-called ISIS cyber capability that used to be called the ‘United Cyber Caliphate’ and has been rebranded as the ‘Caliphate Cyber Shield’ with new leadership and new energy. The groups they operate online have thousands of active followers across the globe,” he said.
The final security threat we must watch out for in 2019 falls into the unknown bracket. Who would have thought a deadly military grade nerve agent would have been used on the streets of England by another state. We don’t know what the next novel threat will be but we can confidently say, 2019 will be an interesting year.