Breadth of coverage both in terms of technology and application sectors at Body Search 2015 made it easily the most interesting technical conference
Intimate body search at airports also takes a psychological toll on the person conducting the search

SourceSecurity.com's European Correspondent, Jeremy Malies gives an account of the Body Search 2015 security conference that was held at Hounslow, London. Along with emphasis on aviation security, the conference also covered an array of safety and commercial applications. Some of the topics outlined in this article include: New techniques in body scanning, the exasperation public face during airport security checks, inflexible protocols followed by the airport security staff and some more. The breadth of coverage in terms of the technology and application sectors at Body Search 2015 made it an interesting conference.

Body Search 2015 Security Forum

“The Invasion of the Body-Scanners” was the self-deprecating tagline, and Body Search 2015 was the most interesting security forum I’m likely to attend this year. A former Israeli bomb disposal expert argued cogently that mice will outperform humans, dogs and machines in detecting explosives. In a side room, a training company would subject you to a pat-down search and then discuss the best practice for this kind of inspection. Only at such an event could you learn that extroverts conduct the best body checks. Many bookish introverts may excel in training and written examinations, but they often perform miserably in the field.

But the most memorable detail will remain with me every time I begin to feel frustrated while being scrutinized at an airport security checkpoint, and the thought will no doubt help my blood pressure. No matter how demoralizing and draining an intimate body search may be for the passenger, it is nothing compared with the psychological toll on the person conducting the search. This is an interesting viewpoint and one that should remind us that airport security personnel are performing a largely thankless task expressly to keep us safe in the skies.

Manual Airside Security Checks

In a talk covering manual airside security checks, Andrew McClumpha dealt with cultural issues against a backdrop of what will always be stressful circumstances. Despite the evolving challenges, with threats changing constantly, airport staff is required to follow inflexible protocol in their stop-and-search activity. When regulations do change, the new protocol seldom appears to have been framed with operational and motivational sustainability in mind. Integration of people, processes and technology requires organizational structures that are “flatter” than standard models, and it is vital that in a mission-critical environment such as airport security, promotion of staff should be based not on longevity of service but fitness to manage and ability to energize a workforce.

Airport Security - Higher Incidence Of Body Searches And Greater Thoroughness

Despite the evolving challenges, with threats changing constantly, airport staff are required to follow inflexible protocol in their stop-and-search activity

McClumpha looked ahead to changing European regulations in September that will require a higher incidence of body searches and greater thoroughness. From the perspective of a trade journalist who deals with related disciplines such as CCTV and access control but always pays close attention to security practice when traveling by air, it was fascinating to learn that many elements of airport security are designed not just to expose criminal acts, but to frustrate attempts at reconnaissance by would-be terrorists.

If guest speakers later in the month at IFSEC had shown half the wit of those at Body Search 2015, I would have had a more interesting three days in the lecture theatres at ExCeL. As moderator, Steve Wolff framed many of the sessions with an urbane perspective, notably when reminding the delegates that whatever their role in transport, leisure or custodial security, they will always be governed first by the laws of physics and secondly by the laws of environmental exposure, this being a neat introduction to a discussion of the myths and realities surrounding ionizing radiation and the health risks of body-scanning.

Balance Between Security And Inevitable Pressures

So what is the tipping point in terms of a balance between the most stringent possible security and the inevitable pressures to run an airport as a commercial transport hub? To what extent did the panel on the second morning of the conference feel (if at all) that the security community needs to ensure that business pressures never take precedence over striving for optimum safety? Should we be “selling” the security case even harder? These were questions posed by Philip Baum, editor of Aviation Security International and a frequent interviewee in mainstream media, most recently after the Germanwings Flight 9525 French Alps crash also discussed by SourceSecurity.com.

Just as the advent of the suicide bomber (as early as 1881 with the assassination of Tsar Alexander II) changed the security landscape, body-implanted explosives have thrown up new challenges since they cannot be detected by canines. The Body Search 2015 program gave slots to speakers from companies representing both transmission and backscatter X-ray techniques.

The Body Search 2015 program gave slots to speakers from companies representing both transmission and backscatter X-ray techniques

Transmission And Backscatter X-ray Techniques

Since I could not remember, here is a summary of the two approaches. “Transmission” (also used in medical imaging) passes X-rays through the traveler and collects the information in the form of an image on the other side while “backscatter” (at a lower intensity) does not penetrate or even transmit through the body but relies on rays being bounced off or scattered onto large detectors which create meaningful images. Repeating the frustration felt in this sector by the perceived reluctance of regulators to innovate quickly, Dr Steve Smith (of San Diego-based Tek84, inventors of the “backscatter” X-ray approach) described how implementation in the field took three years. There were significant difficulties in conveying the message that a single usage of the scanner involved a radiation dose 1,000 times lower than what even disinterested parties from other fields agreed was trivial.

This was far too sophisticated a conference for any kind of crude comparisons between the two X-ray approaches. When Konstantin Sosenko of ADANI (a company that develops “transmission” X-ray equipment) took the rostrum, the topic changed completely to cover hiding of scalpel blades about the body in prisons and theft from a diamond mine in Angola whose monthly turnover rose by 30 percent when miners realized that they would be subjected to scanning at the end of a shift.

Ultimate Goal - Complete Sharing Of Information?

Breadth of coverage both in terms of technology and application sectors at Body Search 2015 made it easily the most interesting technical conference I have ever attended. Speakers and delegates impressed not only with enthusiasm for their particular fields, but also willingness to exchange information and learn from related disciplines. If, as security professionals, our ultimate goal is complete sharing of information through the Holy Grail of “big data” then the vendors, consultants and end-users at this conference will be in the vanguard.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Jeremy Malies European Correspondent, SourceSecurity.com

Jeremy Malies is a veteran marketeer and writer specializing in the physical security sector which he has covered for 20 years. He has specific interests in video analytics, video management, perimeter intrusion and access control.

  • Related companies
  • Adani
  • View all news from
  • Adani

In case you missed it

What Is The Impact Of Remote Working On Security?
What Is The Impact Of Remote Working On Security?

During the coronavirus lockdown, employees worked from home in record numbers. But the growing trend came with a new set of security challenges. We asked this week’s Expert Panel Roundtable: What is the impact of the transition to remote working/home offices on the security market?

Water Plant Attack Emphasizes Cyber’s Impact On Physical Security
Water Plant Attack Emphasizes Cyber’s Impact On Physical Security

At an Oldsmar, Fla., water treatment facility on Feb. 5, an operator watched a computer screen as someone remotely accessed the system monitoring the water supply and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The chemical, also known as lye, is used in small concentrations to control acidity in the water. In larger concentrations, the compound is poisonous – the same corrosive chemical used to eat away at clogged drains. The impact of cybersecurity attacks The incident is the latest example of how cybersecurity attacks can translate into real-world, physical security consequences – even deadly ones.Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. The computer system was set up to allow remote access only to authorized users. The source of the unauthorized access is unknown. However, the attacker was only in the system for 3 to 5 minutes, and an operator corrected the concentration back to 100 parts per million soon after. It would have taken a day or more for contaminated water to enter the system. In the end, the city’s water supply was not affected. There were other safeguards in place that would have prevented contaminated water from entering the city’s water supply, which serves around 15,000 residents. The remote access used for the attack was disabled pending an investigation by the FBI, Secret Service and Pinellas County Sheriff’s Office. On Feb. 2, a compilation of breached usernames and passwords, known as COMB for “Compilation of Many Breaches,” was leaked online. COMB contains 3.2 billion unique email/password pairs. It was later discovered that the breach included the credentials for the Oldsmar water plant. Water plant attacks feared for years Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. Florida’s Sen. Marco Rubio tweeted that the attempt to poison the water supply should be treated as a “matter of national security.” “The incident at the Oldsmar water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals,” comments Mieng Lim, VP of Product Management at Digital Defense Inc., a provider of vulnerability management and threat assessment solutions.The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online “Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary,” Mieng Lim adds. “Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.” "This event reinforces the increasing need to authenticate not only users, but the devices and machine identities that are authorized to connect to an organization's network,” adds Chris Hickman, Chief Security Officer at digital identity security vendor Keyfactor. “If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. "If the network could have authenticated the validity of the device connecting to the network, the connection would have failed because hackers rarely have possession of authorized devices. This and other cases of hijacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point." “The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online for the first time as part of digital transformation projects,” says Gareth Williams, Vice President - Secure Communications & Information Systems, Thales UK. “While the move towards greater automation and connected switches and control systems brings unprecedented opportunities, it is not without risk, as anything that is brought online immediately becomes a target to be hacked.” Operational technology to mitigate attacks Williams advises organizations to approach Operational Technology as its own entity and put in place procedures that mitigate against the impact of an attack that could ultimately cost lives. This means understanding what is connected, who has access to it and what else might be at risk should that system be compromised, he says. “Once that is established, they can secure access through protocols like access management and fail-safe systems.”  “The cyberattack against the water supply in Oldsmar should come as a wakeup call,” says Saryu Nayyar, CEO, Gurucul.  “Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about,” she says.  Although this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results, says Nayyar. Organizations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments, she advises. Fortunately, there were backup systems in place in Oldsmar. What could have been a tragedy instead became a cautionary tale. Both physical security and cybersecurity professionals should pay attention.

How Have Security Solutions Failed Our Schools?
How Have Security Solutions Failed Our Schools?

School shootings are a high-profile reminder of the need for the highest levels of security at our schools and education facilities. Increasingly, a remedy to boost the security at schools is to use more technology. However, no technology is a panacea, and ongoing violence and other threats at our schools suggest some level of failure. We asked this week’s Expert Panel Roundtable: How have security solutions failed our schools and what is the solution?