Security services ‘missed chances to put Salman Abedi under surveillance ahead of Manchester Arena attack’
Security services missed opportunities to put Salman Abedi under surveillance ahead of his deadly attack at Manchester Arena, it has been claimed. MI5 missed key intelligence warnings that potentially could have identified the bomber as a high-priority target before the May 22 blast, The Sunday Times reports. The paper today claims that an internal MI5 review has found that security services received at least two items of intelligence regarding Abedi s suspicious behaviour , which suggested he posed a serious threat before the Manchester attack.
A sea of flowers left on St Ann’s Square in memory of the 22 who lost their lives in the Manchester Arena bombing
The internal report, which also examines the London Bridge attack in June, was reportedly commissioned by MI5 chief Andrew Parker and Met Police commissioner Cressida Dick.
It focuses on all intelligence received in the build up to the attacks and information passed to an MI5 regional office ahead of the Arena bombing. That information was not considered of high significance when received, according to the Sunday Times report . However it was reportedly later considered to have been enough to raise concerns about Abedi. The paper has quoted an anonymous intelligence source who told their reporter: There were a few calls made regarding several bits of intelligence which, if judged differently at the time, would have turned Abedi into a high priority case.
Met Police commissioner Cressida Dick
And when a target is judged a high priority, you should place them under surveillance . The greater the threat, the more resources you deploy for surveillance.
However a Whitehall source is said to have told The Sunday Times that the key intelligence received was not deemed definitive of a specific plot.
Manchester Arena (Image: Peter Byrne/PA Wire)
Earlier this week, Greater Manchester Police released new information about the Arena bomb as part of their investigation. Senior officers revealed that 175 children, aged 10-18, were in the foyer of the venue when Abedi detonated the device . In total, 79 were wounded.
The blast directly impacted 512 people either through injury or profound trauma , according to GMP s Assistant Chief Constable Russ Jackson.
There are still two people being treated in hospital and dozens of others are now learning to live with severe injuries.
‘The best way to learn about cyber security is to engage in realistic scenarios, such as the competition that we ve just hosted . Saturday s event created a scenario that really tested a candidate s ability to perform under pressure, think strategically, work as a team and display leadership skills’ This weekend, Barclays and Cabinet Office-backed security initiative Cyber Security Challenge UK1, hosted an immersive competition to test the skills of thirty cyber enthusiasts.
The competition required contestants to adopt the role of interns at a fictitious cyber security firm, who had to defend their company from a cyber-attack, triggered by an insider, all while their superiors were on a team-building canoeing adventure. >See also: The cyber security challenge for retail branch IT2 The competition is the last of 2017 s Cyber Security Challenge UK face-to-face competitions to unearth the UK s hidden cyber talent and place these individuals in public and private sector cyber security roles to fill the critical cyber security skills gap . Not only does cyber security offer an exciting and varied career, but a lucrative one too with roles averaging over 60,000 per year after training. The competition took place in national heritage site and grand country house, Radbroke Hall, which is also the current site of Barclays Technology Centre . In the scenario, the interns , who were staffing a fictitious security firm called Research4U , had to spring into action after a hacking group launched a large-scale cyber attack on the company, stealing confidential technology, source code and client data . The story saw hackers demand a ransom of 10m to prevent releasing the data to the press. Competitors had to infiltrate and stop the fictional hacker group in order to destroy the leaked information before it could be released to the press . Leading cyber specialists from Barclays and other leading industry organisations assessed the contestants on their vulnerability assessment, reconnaissance, attack strategies and espionage skills in order to rank their performance and suitability for careers in the industry.
>See also: The security challenges with the Internet of Things3 The winning team was team Wormhole: Carolyn Yates, Isabel Whistlecroft, Kajusz Dykiel, Peter Campbell and Waldo Woch. The eight contestants that have qualified for next month s Masterclass grand finale were: Cameron Howes, Asher Caswell, Tom Brook, Vlad Ellis, Mohammed Rahman, David Young, Rajiv Shah and Isabel Whistlecroft .
They will join the previous F2F winners from earlier in the year at Masterclass where they will compete against each other and have the opportunity to network with industry experts, in addition to winning career-enhancing prizes including degree scholarships, training courses, technology and gadgets and industry memberships. Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said: This year s scenarios have been varied in nature in order to demonstrate the range of cyber threats that this nation faces as well as the sheer breadth of sectors that need cyber security professionals from banking and finance, to automotive and even retail . Sponsors, like Barclays make this possible and, in turn, help to open the door to dozens more careers . I would like to encourage any budding cyber security specialist, or white hat hackers , to consider applying for our competitions . The nation faces a growing cyber security threat, so we are in real need of talent that can keep organisations, and the public, secure . Why not Challenge Yourself today?
>See also: Cyber security the unrelenting challenge for leadership4 The competition mirrors recent high profile attacks, such as WannaCry, where hackers held organisations to ransom across the globe . With the Public Accounts Committee revealing earlier this year that the Government s ability to protect Britain from high-level cyber attacks is undermined by a skills shortage, the need to find individuals with cyber skills has never been greater. Troels Oerting, Barclays Group Chief Security Officer (CSO) and Group Chief Information Security Officer (CISO) said: The best way to learn about cyber security is to engage in realistic scenarios, such as the competition that we ve just hosted . Saturday s event created a scenario that really tested a candidate s ability to perform under pressure, think strategically, work as a team and display leadership skills . A career in cyber security requires various skills, including the ability to second-guess hackers and make critical decisions quickly .
It was very encouraging to see students so immersed in solving the challenge we set them, and I wish all the candidates the very best in their careers.
- ^ Cyber Security Challenge UK (www.cybersecuritychallenge.org.uk)
- ^ The cyber security challenge for retail branch IT (www.information-age.com)
- ^ The security challenges with the Internet of Things (www.information-age.com)
- ^ Cyber security the unrelenting challenge for leadership (www.information-age.com)
While many organisations in the public sector are going in the right direction, more needs to be done to tackle cyber attacks and prevent breaches . Patching the network is not enough Cyber security is no longer just a matter of protecting data, but also preventing dangerous attacks, which could cost money and or potentially put lives at risk . The WannaCry ransomware attack affected more than 300,000 computers globally1, and heavily disrupted the operations of many major companies and institutions from a variety of sectors. However, one of the worst affected areas was the public sector specifically the NHS . The attack was so severe that hospitals and doctors surgeries from at least 16 health service organisations2 had to turn away patients and cancel appointments, seriously affecting patients wellbeing . The fact that the NHS bore the brunt of the ransomware attack shines a light on the vulnerabilities of the public sector. The threat of a breach cannot be taken lightly, and the need to bolster cyber defences is imperative . The Department for Digital, Culture, Media and Sport (DCMS) recently warned that essential services organisations could face fines of up to 17m or 4%3 of global turnover separate to any fines from GDPR if they fail to protect themselves from cyber-attacks.
>See also: The growing cyber security threat to the UK education sector4 This further reinforces the need for organisations to improve their cybersecurity . The impact of cyber attacks has spurred the Government to act5 and bolster the sector s cyber security systems with a 21m investment, but the right steps must be taken to prevent data breaches altogether.
Criticisms of the NHS and the wider public sector have varied from not replacing old computer systems to not investing in protection from new threats . In the wake of WannaCry, the NHS has attempted to address this in signing a partnership between its digital arm and Microsoft, which will include updates and patches for all computers still using Windows XP. While updating infrastructure will help, more needs to be done to keep data truly safe . Updates and patches are not enough to cover the wide range of factors that cause breaches . One extremely important aspect of cybersecurity is training . If public sector organisations want to prevent attacks like ransomware, which are mostly caused by phishing, they need to ensure that staff have basic cyber-hygiene . This would mean knowing the basics of how to prevent a breach, how to spot potential attacks and taking responsibility for how they conduct themselves around data whether inside or outside of work, as well as understanding the implications of their actions on the organisation. >See also: The public sector and it s approach to the cyber threat landscape6 Despite numerous attacks on firms, this is something that is still neglected .
A recent survey7 of the FTSE 350, by the Government, showed that a shocking 68% of board members had not been trained to deal with cybersecurity incidents. Public sector firms are no exception . The consequences of staff not being cyber-literate is a leading cause of breaches in security, with recent research from CompTIA8 finding that 60% of UK businesses blame human error as a major contributor to security breaches . General carelessness and staff failing to follow policies are the primary contributors, which suggests the lack of knowledge and awareness amongst employees to protect data is a major concern across the board. The NHS therefore needs to expand its cybersecurity practices far beyond simple software updates and patches . It needs to train staff to ensure they can remain secure and avoid leaving data exposed . Organisations must ensure they have all the information to teach staff to stay vigilant against threats . Awareness and knowledge are the best tools to guard against malicious attacks. It is also vital that organisations hire certified IT and security staff to help regulate these processes .
The value of certified staff is clear to see, due to their up-to-date and versatile knowledge of systems, current and emerging technologies . The fact that a CompTIA report reveals that 89%9 of organisations believed that IT-certified individuals were more efficient than non-IT-certified individuals in similar job roles is a testament to their worth to any organisation. >See also: 7 cyber security threats to SMEs and how to secure against them10
The need for cyber security training must involve the entire IT team . It starts with the help desk and technical support personnel, the first line of defence against cyber threats . It extends to the cybersecurity analyst, who uses data analytics to identify potential risks and vulnerabilities so that resources can be allocated where they are most needed before an intrusion happens. While many organisations in the public sector are going in the right direction, more needs to be done to tackle cyber attacks and prevent breaches . Patching the network is not enough . The NHS needs to set an example by making sure that staff are cyber security trained and that IT staff are certified to demonstrate their capabilities . It is imperative that the public sector improves its cybersecurity to prevent attacks like WannaCry ever happening again.
- ^ 300,000 computers globally (www.telegraph.co.uk)
- ^ 16 health service organisations (edition.cnn.com)
- ^ 17m or 4% (www.bbc.co.uk)
- ^ The growing cyber security threat to the UK education sector (www.information-age.com)
- ^ spurred the Government to act (healthcare.governmentcomputing.com)
- ^ The public sector and it s approach to the cyber threat landscape (www.information-age.com)
- ^ survey (www.gov.uk)
- ^ research from CompTIA (www.comptia.org)
- ^ 89% (certification.comptia.org)
- ^ 7 cyber security threats to SMEs and how to secure against them (www.information-age.com)
- ^ CompTIA (www.comptia.org)