Having completed his Keynote Address, The Security Institute’s chairman Mike Bluestone handed conference chairmanship responsibilities to Greymans’ managing director – and fellow Institute Board member – Mike O’Neill (who, by the way, did a sterling job of keeping the speakers to time).
First ‘external’ speaker on Day One at conference was Jamie Stephen. A Fellow of the Institute and formerly with Mitig8 Specialist Risk Services, Stephen is now an independent management consultant.
Having retired from the Metropolitan Police Service in 2006, since then – in his capacity as a consultant – Stephen has worked on numerous projects for both private and public sector clients at home and overseas.
Now, he also represents the Institute on the British Standards Institution’s Risk Management and Societal Security Management Committees and leads the Working Group at the Institute tasked with providing a Good Practice Guide on Risk Management.
That, in fact, was the subject of his talk (entitled ‘Publish… and be safe!’)
A man who knows about risk
With Jerry Woods having offered a general ‘promo’ for the Good Practice Guide series (there’s a desire to produce three or four “high quality documents” every year from hereon in), Stephen told us of his 30-year Met career. Of running firearms ops, overseeing murder investigations and heading up the diplomatic protection service.
Clearly, this is a man who knows a shed load about risk.
Woods has ‘mentored’ Stephen during production of the Good Practice Guide on Risk Management, the latter admitting to “knowing nothing” about what it takes to piece such a document together.
“During the process, I’ve likened Jerry to my wife,” said Stephen, who clarified the statement. “When I’m painting a room in our house, I’ll think it’s finished, then my wife will say: ‘What about the skirting board?’ Similarly, when I feel I’ve finished a section of the Guide, Jerry will point out areas that I’ve missed or others he suggests need further development.”
As far as Stephen’s concerned, at first blush risk management “is a science”. That said, he has been encouraged to keep the Good Practice Guide simple. “In some cases simple is good, and this is one of them,” he added with a contented smile.
Looking back to the original brief
The original brief for Stephen and his co-authors (Microsoft’s EMEA security manager Phil Moch MSc MSyI, Gary Poole DMS MCIHT MCIM MInstLM ASyl, Mark Chapple MSyI and Glen Kitteringham FSyI) was to draft a ‘tight and bright’ 10,000-word document.
One year on, there are presently 17,300 words written and saved in draft format. Looks like some careful editing will be needed.
Following an e-blast sent out by Institute hq, 56 responses were received from members in relation to various questions about the Good Practice Guide’s proposed contents. There was also an initial review of the existing British Standards in the area of risk management.
“This Guide is not intended to be Best Practice,” said Stephen. “The initial research led us towards 40 different methodologies. As far as risk management’s concerned, where there are inconsistencies is in the terminology used.”
The typical risk management framework was duly outlined by Stephen. Report the risk, monitor and review it, establish the context, identify it, analyse and evaluate and then formulate the appropriate response.
“In terms of establishing the context, the security professional needs to examine the risk environment, the categorisation of risk, the risk criteria and the risk appetite,” explained Stephen.
Risk identification: where’s the focus?
Risk identification focuses on preparation for identification, critical asset identification, assessing the threat and assessing vulnerabilities.
Interestingly, Stephen then focused on the response to risk. “Of course, stakeholder engagement and partner relations are vital in this regard,” opined Stephen. “There will need to be a revision of the original risk assessment, a consideration of options and the techniques and tools to be employed as well as an overview of the options to control risk.”
Tellingly, Stephen continued: “Sometimes, security is seen as a ‘tick box’ operation. To improve that situation, there needs to be recognition at the highest level of the value the Security Department can bring to the corporate table. If that Department’s role is to grow and flourish, we need to apply a little more art to the process, in turn demonstrating and proving the contribution that we make.”
Before closing his excellent address, Stephen spoke of the risk monitoring and review process. “You need to work out the foundations for monitoring and review and the topics underpinning both processes on a periodic basis. The techniques and tools deployed for the monitoring and review processes are crucial. Get those right and the benefits will be self-evident.”
For Stephen, going forward the ‘art’ in risk management is all about “leading the way towards synergy”. He’s sure the soon-to-be-published Institute Good Practice Guide on this subject will be a useful document. I for one don’t doubt that statement for a second.
Some more words on the Good Practice Guides
David Gill gave a brief overview of the Good Practice Guide on Workplace Investigations launched at the recent Members’ Evening (see the link on the right hand panel of this page for my report).
With his co-author Gus Darroch-Warren unable to attend conference due to the fact that he was in court giving evidence, Gill thanked Chris Brogan and Bill South for their considerable efforts in relation to the document, and encouraged everyone present who hadn’t read it to do so.
Unbeknown to me, Gill and Darroch-Warren scripted 16 drafts before arriving at something they were entirely happy with. This just goes to show the extra curricular work dedicated Institute members carry out to better the ‘lot’ of their professional colleagues.
“For what it’s worth,” chipped in Gill by way of closing his mini polemic, “security is an art, not a science.”
The Art of The Forger
Back to ‘stage front’, Mike O’Neill then introduced detective sergeant Mike Burt to us all.
A true Scot who works for the Grampian Police, for the last five years Burt has been seconded to the UK Border Agency’s (UKBA) Crime Team and trained by the National Document Fraud Unit to give expert examination and opinion in court regarding counterfeit and forged passports (as well as other Government issue security ID documentation).
To be honest, I’d seen and heard this presentation already as Burt delivered his engaging words at a recent SIA Approved Contractor Scheme Forum up in Edinburgh (at which I gave a talk of my own on The Worshipful Company of Security Professionals’ excellent Security Benevolent Fund).
No matter. I didn’t write that one up for you all to digest, so now’s the time to give you a flavour of what it is that Burt focuses on in his seconded role.
Burt has been a serving police officer for just over 21 years now, his current remit at the UKBA being to investigate organised immigration crime. In turn, this necessitates regular engagement with organisations such as Interpol, Europol, SOCA, our own Department of Work and Pensions and, of course, the numerous police forces serving England and Wales.
Burt’s presentation was designed to heighten awareness on forged passports. If the remainder of my Institute colleagues sat in The Windsor Suite at The Oakley Court Hotel feel the same way as I do about Burt’s delivery, they’ll have derived so much from what was an engaging and massively informative 45 minutes.
Billion dollar business for the crooks
Forged and counterfeit passports are now being rendered on an industrial scale. It’s a huge security problem for the authorities, and a billion dollar incentive for the crooks. In this day and age terrorists need swift, clandestine mobility. The way they try and achieve that aim is by way of passports.
Burt recalled a Case Study from mid-February this year when UK authorities launched an inquiry into how fraudulent British passports were used by the alleged killers of a Hamas commander in Dubai.
You may remember the Serious Organised Crime Agency reviewing how passports bearing the names of six British-Israelis were linked to the murder of Mahmoud al-Mabhouh.
Burt mentioned James Earl Ray’s fake Canadian passport. This, of course, was the man who assassinated Martin Luther King.
He also recited stories of fake documents surrounding Andreas Baader, Ramzi Yousef (who was involved with the World Trade Centre bombing of 1993), his associate Ahmad Mohammed Ajaj and none other than Radovan Karadzic during the latter’s attempts to flee the authorities in his own country.
Learning a lesson or two from down under
“On the international scale,” explained Burt, “back in 2004 the New Zealand Government called in an Israeli diplomat and demanded the Israeli Government hand over any New Zealand passports they might have. This was as a result of a suspected Mossad operative being arrested in New Zealand for attempting to obtain a false New Zealand passport having come into the country on a Canadian passport.”
On a national level, in London back in 2007 no less than 1,800 counterfeit passports and driving licenses were recovered in a flat along with printers, computers, scanners and false immigration stamps. Burt showed us some of the photos taken at the scene. It was a proper little production line.
North of the border, and again in 2007, Grampian Police dealt with a nasty fraud. Ukranian Vladamire Petruk was found guilty of a GB pound 625,000 ‘sting’. In his possession he held one counterfeit Greek passport and three forged Latvian passports.
“Make no mistake that this type of crime does significant economic harm to the UK,” stated Burt. “Fraud losses alone cost the UK something like GB pound 30 billion per annum. On a more positive note, though, the National Document Fraud Unit (NDFU) in London detects about 6,000 counterfeit or forged passports every year. These guys are brilliant.”
Continuing the upbeat theme of criminals being stopped in their tracks, the Identity Cards Act was introduced in Scotland four years ago. Since then, Burt told us all, the Scottish Immigration Crime Team has removed GB pound 1 million worth of forged documents being used in organised immigration crime. A fantastic result by any standards.
Who would want to use such counterfeit documents? “Terrorists, facilitators and people traffickers, criminals such as drug couriers and fraudsters and, of course, illegal immigrants,” suggested Burt.
Why do they do so? “To conceal their own identity, assume another identity, hide an adverse immigration or travel history, avoid visa requirements or try to circumnavigate the attentions of the police,” explained Burt.
In addition to passports, other documents beloved of the forgers and counterfeiters are specific types of immigration document, national ID cards and driving licences.
Counterfeits and forgeries: what’s the difference?
At this stage in what was a quite brilliant presentation, Burt made sure we all understood the difference in definition between counterfeits and forgeries.
“A counterfeit is a complete reproduction of a genuine document,” stressed Burt, “while a forgery’s represented by a genuine document that has subsequently been unlawfully altered.”
The remainder of Burt’s delivery involved direct interaction with the audience. Going on to describe how documents like passports are actually falsified or rendered counterfeit, Burt passed around genuine and false documents with an array of magnifying glasses and ultraviolet lamps so that we could all see the scams the crooks are perpetrating.
There was talk of watermarks, the paper used to produce fake documents and background printing processes.
Will the new UK passport design, with its enhanced security features, make life a little easier for Burt and Co?
Only time will tell, but Burt ended his presentation by urging employers to keep photocopied records of passports for employees as their “get out of jail card” should a worker from overseas be unmasked as, for example, not having the right to reside or be employed here in the UK.
In Part Three of SMT Online’s exclusive round-up of Day One at The Security Institute’s 2010 Annual Conference, Brian Sims reviews the presentations by Rachel Briggs and Giles Miskin
