Should the principals of CONTEST be used more widely?
05 August 2019
There are commonalities across the board when it comes to approaches to Security. The Governments Counter Terrorism Strategy, CONTEST, reviewed last year kept at its heart the ‘four P’ work strands of Prevent, Pursue, Protect and Prepare. These work strands fall perfectly into the concept for physical security priorities in looking at Design, Secure and Respond.
Obviously Prevent and Prepare fall into the design category, protect is secure and pursue ties in with respond, but is that a model that should be used across the board for all aspects of security whether counter terror, cyber or what is traditionally physical priorities? Can one model be developed that fits all so that the industry begins to speak with one voice?
Philip Ingram MBE has a go at the unenviable task of suggesting a common terminology but under the umbrella of knowing that his thoughts can be debated in detail at the International Security Expo at Olympia on 03 and 04 December where all of the major stake holders are coming together and the opportunities to discuss these matters of understanding both in a formal and an informal setting, abound.
So, prevent: to stop people becoming terrorists or supporting terrorism, and prepare: to mitigate the impact of a terrorist attack, both equate well to design. With protect: to strengthen our protection against a terrorist attack, linking easily to protect and respond links perfectly to pursue: to stop terrorist attacks there is synergy in the language use already. That language is easily transferrable to other aspects of Security, in fact the ‘four P’ model has strong adaptability across the security spectrum.
Taking a look at Cyber; Prevent people utilising the cyber environment for criminal purposes, pursue cyber criminals, protect assets from cyber-attack and cyber-crime and Prepare by mitigating the impact of any cyber-attack.
If we look at the NCSC’s Cyber Essentials programme, the most basic level of cyber awareness recommended they recommend 5 steps:
- Use a firewall to security your internet connection
- Choose the most secure settings for your devices and software
- Control who has access to your data and services
- Protect yourself from viruses and other malware
- Keep your devices and software up to date
What is interesting about these principals is they all fall into the protect bracket? Is cyber missing something?
We keep talking about convergence in security, about the importance of thinking of security from a holistic perspective. Surely the first step would be a common approach, equally applicable in the physical, cyber, CT, serious and organised crime, aviation, financial, maritime, or whatever area of security.
Having read many of the ‘doctrines’ [doctrine is defined as the formal articulation of what is taught] and looked at the principals and approaches that fall out of these different approaches, the need for commonality screams out. Of all of the approaches CONTEST seems to be the most comprehensive, most adaptable and probably the easiest to develop a common language and therefore common definitions from.
Therefore, I propose a holistic security approach of:
- prevent: to stop people becoming terrorists/criminals/cyber criminals or supporting criminality/cyber-crime/terrorism
- pursue: to stop terrorist/criminal/cyber attacks
- protect: to strengthen our protection against a terrorist/criminal/cyber attack
- prepare: to mitigate the impact of a terrorist/criminal/cyber attack
I am being deliberately simplistic so that we can start a debate, but all elements of what is proposed in this article, including many of the senior decision makers from across the industry will all be at the International Security Expo. Let us get the debate really going or ideally sorted there.