Page 31

ITSReviewAnnual2015 31 and fully integrated into systems architecture and not as a ‘bolt-on’ option. The failure to include this vital aspect of any systems infrastructure can have far-reaching and long-term consequences. A comprehensive array of technical telematics support is now available to vehicles whilst in motion – much of it in ‘real-time’. This currently includes Bluetooth, GSM, GPS technologies however the spectre of being able to access the Internet whilst driving looms in the future. One only has to assess the illegal use of mobile phones and text messaging to consider the impact that that would have. However if the business models and personal demands insist on their introduction then there is a chance that this will become a reality. Vehicles wirelessly ‘connected’ to an infrastructure are a reality, as are ‘autonomous vehicles’ and ‘platooning’, and although mass deployment is a number of years away there is an impetus to integrate them onto the road network as ‘just another vehicle’ – which they evidently are not! Each of these technologies potentially exposes vulnerabilities that were considered unnecessary hitherto when road vehicles were an independent entity. No longer is this the case as they increasingly have external ‘wireless’ connections. These arguments can be applied equally to other transport modes – except that the only requirement to be in charge of a car on the highway is a rudimentary test of driving skills competence; all other modes necessitate graduated levels of competence to be demonstrated and regularly refreshed. There is considerable research into the development of autonomous vehicles however the main focus of cyberattacks relates solely to road safety. This is a crucially important aspect as it should be emphasised that safety resilience should not be confused with security risk resilience. They are not the same thing therefore strenuous efforts need to be devoted to ensuring that both issues are not mixed up and that they are both incorporated. In recent months the SRIG made a contribution to the revised CCTV Code of Practice by commenting that the use of CCTV in criminal and civil roles should be incorporated. The Information Commissioner’s Office issued its first Code of Practice under the Data Protection Act 1998 (DPA) which covered the use of CCTV. There is value in including extracts from the revised CCTV Code’s Foreword. ‘The Code was developed to explain the legal requirements operators of surveillance cameras were required to meet under the Act and promote best practice. The Code also addressed the inconsistent standards adopted across different sectors at that time and the growing public concern caused by the increasing use of CCTV and other types of surveillance cameras. A lot has changed since this time and, while the original code was updated in 2008, further legal, practical and technological developments mean that updated guidance is required’. CCTV have progressed from being a camera on top of a pole in our local town centre where the images were recorded on to video tapes, to much more sophisticated operations using digital and increasingly portable technology. The use of Automatic Number Plate Recognition (ANPR) is now commonplace and body worn cameras are being routinely used by organisations, such as the police. Surveillance cameras are no longer a passive technology that only records and retains images, but is now a proactive one that can be used to identify people of interest and keep detailed records of people’s activities, such as with ANPR cameras. The use of surveillance cameras in this way has aroused public concern due to the technology no longer being used solely to keep people and their property safe, but increasingly being used to collect evidence to inform other decisions, such as the eligibility of a child to attend a school in a particular area. The unwarranted use of CCTV and other forms of surveillance cameras has led to a strengthening of the regulatory landscape through the passing of the Protection of Freedoms Act which has seen the introduction of a new surveillance camera code issued by the Secretary of State (since June 2013) and the appointment of a Surveillance Camera Commissioner to promote the code and review its operation and impact. The Information Commissioner’s Office has contributed to this tougher regulatory landscape by taking enforcement action to restrict the unwarranted and excessive use of increasingly powerful and affordable surveillance technologies. While the title of this Code has changed to highlight its focus on the data protection implications of using CCTV and other forms of surveillance cameras, its objectives remain the same. The Information Commissioner’s Office has developed the CCTV Code of Practice to help those who use surveillance cameras to collect personal data to stay within the law’. The SRIG remains alert to existing and emerging challenges to threats to individuals and organisations and this article is intended to serve as a reminder of the scale of the problem. It also shows how the SRIG is contributing to exploring the dynamic balance of protection which lies somewhere in the indistinct zone of the relationship between safety and security measures and the intrusion into personal and organisational freedom and unfettered access to physical or data infrastructure. ◆ Transport systems have always been the preferred area of penetration for terrorist groups as they represent the ‘soft underbelly’ targets.

To see the actual publication please follow the link above