Euro 2016 football tournament is taking place at 10 stadiums across France
No matter how strong the security planning, it will take only one small failure to
create an opportunity for unimaginable events
(Photo credit: Marco Iacobucci EPP / Shutterstock.com)

Successful security at UEFA Euro 2016 may well depend on the ability of the French to bring cohesiveness to disparate technologies. Given the scale of the threats, a variety of security solutions are being used visibly and behind the scenes – in addition to the presence of 90,000 police, gendarmerie and uniformed soldiers.

I can’t remember an event where there has been a greater need for multi-agency working than the Euro 2016 football tournament now taking place at 10 stadiums across France, a country still recovering from the Paris attacks in November, torn apart by ethnic tensions, and in the grip of labour strikes. The security backdrop to the tournament is already dampening what should be a joyous festival for 2.5 million spectators watching the 51 matches over four weeks. Despite the comprehensive resources available to France and her neighbours, I see little cause for optimism.

Security communications

Starting at a macro level, there will be an enormous signals intelligence (SIGINT) operation in an attempt to intercept and analyse information from suspected terrorist cells, potential “lone wolf” jihadists and anybody whose communications arouse suspicion. The French government has been fighting a protracted battle to have voice over Internet protocol (VoIP) communication services (notably Skype, which is a known favourite of terrorists) registered as telecoms operators and thus subject to stricter regulation. 

The French government has been
fighting a protracted battle to have
VoIP communication services
registered as telecoms operators
and thus subject to stricter regulation

Internet communication may yet solve rather than cause problems during the tournament with the release of a mass notification phone App. In the event of an attack, the App will alert users on a geo-location basis and in a discrete manner should they be near an incident. Users will also be able to pre-program up to eight geographical zones that they might be visiting in order to receive context-specific information and advice on how to minimise risk.

Hooligans distract police attention from terrorism

During the first weekend, the tournament was already marred by fighting between Russian and English fans (with involvement from locals) in the port of Marseille, where tear gas and water cannon have been deployed. An England supporter is critical after suffering a heart attack while being beaten senseless. UK politicians have been quick to denounce these incidents but also to make the broader point that hooliganism distracts French police from vigilance against terrorism.

The England vs Russia game in Marseille has thrown up concerns at many levels. Toward the end of the match, Russian fans donned gum shields and martial arts gloves, turned their t-shirts into masks and charged English fans including family groups who were forced to jump over perimeter barriers with 10-foot drops in order to escape. Neutral observers complained about a lack of police presence and ineffective stewarding.

Inappropriate security scanning

As if this wasn’t bad enough, Russia’s equalising goal in the final minutes saw one of their supporters using a flare gun. Yes, a flare gun, which is larger than a handgun. This was accompanied by smoke bombs. A photo is doing the media rounds of a Russian holding two flares, each the size of a Coke bottle. One doesn’t have to speculate long on what might have happened if these containers were filled with plastic explosives.

Russia’s equalising goal in the final minutes saw one of their supporters using a flare gun
During the first weekend, the tournament was already marred by fighting between Russian and English fans
(Photo credit: Marco Iacobucci EPP / Shutterstock.com)

Am I alone in thinking that terrorists, seeing how lax security must be at the Stade Vélodrome, may be tempted to smuggle in more sophisticated explosives? The presence of the fireworks is doubly embarrassing since security at the Stade de France failed miserably in May during a domestic cup final when dozens of firecrackers were brought into the ground despite what was claimed to be vigilant searching of fans.

Debate over fan zone

The French are flexing their technological muscle and have made much of the fact that there is anti-drone technology at the 90,000-capacity fan zone beneath the Eiffel Tower. This is to guard against a possible terrorist “spectacular” such as a chemical or biological attack of the kind hinted at in data found on a laptop used by Paris attacker Salah Abdeslam. The future of the fan zone is uncertain. Former president Nicolas Sarkozy sees it as a sitting duck for a terrorist attack and has asked for it to be scrapped while police chief Michel Cadot wants it to operate only during games played outside the two Parisian stadiums.

Am I alone in thinking that
terrorists, seeing how lax
security must be at the Stade
Vélodrome, may be tempted to
smuggle in more sophisticated
explosives?

Generally, the French government prefers a concentration of fans rather than dispersed groups. Of course, commerce should not be a factor, but there will inevitably be behind-the-scenes pressure from advertisers to retain fan zones since their merchandising potential is enormous. If they go ahead, the zones will feature CCTV surveillance, bag searches and even body-frisking should police suspicions be aroused.

Conducting mock disaster drill to improve emergency response

I recently reported on a disaster scenario exercise in London, and the French are conducting exhaustive equivalents in order to test response techniques should there be an attack at a stadium or fan zone. One such operation saw volunteers pretend to be fans at a mocked-up Northern Ireland vs Ukraine game in Lyon where actors, pretending to be jihadists, conducted a suicide bombing. Other drills have simulated chemical attacks, and in Nîmes over 1,000 cadet police officers acted out the role of spectators at a fan zone while colleagues in protective clothing went through decontamination routines.

Violence likely to overshadow Russia vs. Ukraine match

In terms of fan behaviour, what are the upcoming games with the most potential for violence? Turkey vs Croatia has passed off peaceably despite grave concerns. One nightmare scenario that UEFA must be dreading is if Russia were to come top of their group and Ukraine qualify as a third-placed team. Then the tournament has the prospect of the two sides meeting in Paris. Anybody who thinks this would be a sporting contest is misguided. The game would be a hate-filled microcosm of the recent Russian annexation of Crimea and the war in east Ukraine.

No matter how much planning and technology the French authorities have at their disposal, it will take only one small failure to create an opportunity for unimaginable events. All we can hope is that sport will soon disappear from the front pages of our newspapers and be relegated to the back with the tournament remembered for sporting achievement rather than security lapses.

Read more about security at UEFA Euro 2016 here

 

Download PDF version

Author profile

Jeremy Malies European Correspondent, SourceSecurity.com

Jeremy Malies is a veteran marketeer and writer specialising in the physical security sector which he has covered for 20 years. He has specific interests in video analytics, video management, perimeter intrusion and access control.

In case you missed it

Where is it inappropriate to install video cameras?
Where is it inappropriate to install video cameras?

Video cameras are everywhere, and hundreds more are installed every day. Our society appears to be reaching a point of perpetual surveillance. It certainly feels as if we are always being watched even though it is not yet the case. But as cameras are becoming more common than ever, we are also entering a new era of privacy concerns and sensitivities, as evidenced by GDPR and other such initiatives. We presented this quandary to this week’s Expert Panel Roundtable: Surveillance cameras can go anywhere, right? Where is it “not OK?”

How SecuriThings boosts cybersecurity across multiple IoT devices
How SecuriThings boosts cybersecurity across multiple IoT devices

As Internet of Things (IoT) devices go, networked video cameras are particularly significant. Connected to the internet and using on-board processing, cameras are subject to infection by malware and can be targeted by Distributed Denial of Service (DDoS) attacks. Hacking of cameras also threatens privacy by allowing unauthorised access to video footage. The performance of hacked cameras can be degraded, and they may become unable to communicate properly when needed. Ensuring cybersecurity is a challenge, and the fragmented structure of the video surveillance market contributes to that challenge. A variety of companies are involved in manufacturing, integrating, installing and operating video systems, and cybersecurity threats can enter the picture at any stage. “It’s not always clear who is responsible,” says Yotam Gutman, vice president of marketing for SecuriThings, a cybersecurity company. “However, the only entities who can ensure cybersecurity are the security integrator and the service provider. They will bear the financial pain and are willing to pay for cybersecurity. An extra $1 or $2 per camera per month is not expensive.” SecuriThings’ “lightweight software agent” runs in the background of video cameras, sending information to an analytics system in the cloud IoT device security management At the recent IFSEC trade show in London, SecuriThings unveiled its IoT Device Security Management (IDSM) approach to enable integrators to ensure cybersecurity. Founded in 2015, the company has around 20 employees in Tel Aviv, Israel, and operates a sales office in New York City. SecuriThings’ “lightweight software agent” runs in the background of video cameras, collecting metadata on camera processes and connections and sending information back to an analytics system in the cloud. Drag-and-drop deployment enables a camera to begin generating data within seconds and requiring only two mouse clicks. The cloud system analyses data, pinpoints abnormalities, identifies new users, detects multiple entry attempts and tracks other camera processes to identify any cyberattacks. It monitors all devices, gateways, users and APIs to detect threats in real-time and mitigate the threats based on a pre-determined security policy. Machine learning tools also analyse more subtle activities that can indicate insider abuse. For example, a user support center can identify if cameras are being accessed improperly by employees, thus preventing insider abuse. Certified vendor agnostic software SecuriThings is working with camera manufacturers and video management system (VMS) manufacturers to certify operation of its software agents with various camera models and systems. Working through integrators, such as Johnson Controls, is the fastest route to market, SecuriThings has determined. The system can be added after the fact to existing installations for immediate monitoring and remediation, or it can easily be incorporated into new systems as they are launched. “We have a strong sales team in the United States focusing on bringing the technology to more local and national integrators,” says Gutman. Certification ensures SecuriThings’ software agent can be installed in most modern camera models without negatively impacting operation; the software is vendor agnostic. Another eventual route to market is to work with camera manufacturers to install the SecuriThings software agent in cameras at the factory. In this scenario, the system can easily be “clicked on” when cameras are installed. The SecuriThings cloud system generates a dashboard that tracks system activities to identify any cybersecurity threats IoT Security Operations Center SecuriThings operation is transparent to the VMS, and the company works with VMS manufacturers to ensure the code operates seamlessly with their systems. Cloud analytics generate a dashboard that tracks system activities, and/or a managed service monitors the system and notifies customers if there is a problem. “We monitor it from our IoT Security Operations Center, a fully managed service that ensures the real-time detection and mitigation of IoT cyber-threats,” says Gutman. “We found that end-customers don’t have the manpower to monitor the system, so our experts can guide them.”Access control and cloud-based access control will be the next systems under cyberattack, and they are almost as vulnerable" A benefit for camera manufacturers is the ability of a system like SecuriThings to “level the playing field” on issues of cybersecurity, says Gutman. The approach provides a higher level of cybersecurity confidence for integrators and users, including those using cameras that have previously had cybersecurity problems such as “back door” access. SecuriThings has certified its software for use with Hikvision cameras and is in the process of certifying with Dahua, says Gutman. “Western manufacturers say their products are more secure, but we can help all camera manufacturers prove that they are just as secure,” says Gutman. “Integrators and users can log into a device and see all the activity.” Securing connected devices from cyber threats Beyond video, SecuriThings’ products target the full range of connected devices in the Internet of Things (IoT). The SecuriThings security solution enables real-time visibility and control of IoT devices deployed in massive numbers in smart cities, physical security, building automation, home entertainment and more. Video surveillance is an early focus because of market need, an opportunity to gain traction, and the critical nature of security applications. But the challenges are much broader than video surveillance. “We are seeing similar risks to other devices,” says Gutman. “Access control and cloud-based access control will be the next systems under cyberattack, and they are almost as vulnerable. If you can disable the access control system, you can cause a lot of problems.” Other connected devices that could be at risk include building automation and heating and cooling (HVAC) systems.

Social media data provides security professionals with real-time situational awareness
Social media data provides security professionals with real-time situational awareness

Twitter has around 350 million active users a month, all eagerly posting 280-character “tweets” about the world around them. It’s a vast amount of data from all over the globe. Security professionals have begun to appreciate the value of mining all that data for insights to help them protect people, assets and operations. One company leveraging the Twitterverse to provide real-time situational awareness to corporate security end users is Dataminr.Dataminr assembles this information flow into a useful timeline that summarises the ongoing sequence of events Algorithms for actionable security signals The New York-based technology company has developed algorithms that comb through the full Twitter dataset to provide actionable signals to security professionals around the world about security-related events as they unfold. For corporate security, early information about an unfolding event enables them to take action faster in order to secure their people, locations and business operations. “OMG! Just heard a loud bang on the quad,” a tweet might declare. Combined with location information gleaned from a mobile phone, such a tweet could be the first indicator of an unfolding security incident. As an event unfolds, hundreds of such tweets are likely to be posted from the surrounding areas, collectively offering a running narrative of developing events. Dataminr assembles this information flow into a useful timeline that summarises the ongoing sequence of events. Many times, tweets are the first information available from an incident even before the arrival of first responders.Dataminr’s information is provided in a variety of platforms, from a web-based dashboard to a mobile app or notification via email “Early notification allows security professionals to be more proactive,” says Dillon Twombly, SVP, Corporate Sales at Dataminr. “We have a broad range of users across Fortune 1000 companies, and also including country security managers, security operations centers, and executive protection. "In retail, we provide information for security operations or loss prevention. Events sometimes have a potential to spin out of control, and we allow security professionals to react faster and get ahead of an event proactively.” Various security platforms Dataminr’s information is provided in a variety of platforms, from a web-based dashboard to a mobile app or notification via email. The system can be integrated with a company’s workflow, and the software interfaces with various security platforms, such as physical security information management (PSIM) systems. Another corporate use for Dataminr is in public relations, where social media could be a source of misinformation or rumors about an issue or event Dataminr addresses all regulatory and legal concerns, and it is GDPR-compliant. However, privacy is generally not a big concern because Twitter data is posted publicly, and Dataminr gleans information related to a specific event, not a specific Twitter user’s individual data. “Over the past couple of years, we have grown the security vertical,” says Twombly. “The market is receptive to the value of social media as a tool for users tasked with responding in a comprehensive way to a range of issues.”The company’s services are useful across the full range of vertical markets in the security industry Public safety and security In addition to security and public safety applications, Dataminr also provides services to financial companies and even media outlets. In fact, the 9-year-old company started in finance, where stock or currency traders were able to leverage breaking news notifications to make decisions faster. In the media vertical, Dataminr provides information to 500 newsrooms globally. Public safety and security uses have evolved, and Twombly currently spearheads the company’s work in corporate security, calling on his experience in the security world. Another corporate use for Dataminr is in public relations, where social media could be a source of misinformation or rumors about an issue or event.Customers can customise the kind of information they want to receive, and Dataminr algorithms use the full publicly available data set of Twitter Tracking Twitter posts enables a company to get ahead of an evolving story and help to shape the narrative. Twombly says Dataminr has “deep and broad relationships” with corporate customers and delivers information that can possibly be used by multiple departments in an organisation. The company’s services are useful across the full range of vertical markets in the security industry, from transportation to major industrials to financial services to energy. In the education vertical, major universities are customers, as are local school districts. Customers can customise the kind of information they want to receive, and Dataminr algorithms use the full publicly available data set of Twitter. Twombly says the company’s software is constantly evolving and being fine-tuned in response to changing needs. Dataminr is a “strategic partner” of the social media giant and works closely with them on product development, he adds.