Nothing left to chance
Martin Fullard delves into what goes on behind the security screens at the political party conferences
Parliament might be prorogued [at the time of press], but the Westminster circus never sleeps. It’s the time of year when the UK’s political parties hold their annual conferences. It’s a time for great merriment and joy... if you’re a sadist. But forget the Tories’ secret No-Deal Brexit plans and Labour’s constant flip-flopping, running these conferences is no picnic.
Security alone is the biggest challenge faced by these conferences. Despite the apparent machinations of our chums in Westminster, a fine line must be observed between appropriate security and allowing the democratic right of peaceful protest. To find out more about what planning goes into these conferences, I spoke to Lloyd Major, CEO and co-founder of Crest Planning.
“There is an intricate web of people involved in large political conferences,” says Major. “The event organiser will usually start the planning at least one year in advance, partner agencies and blue light services will attend the de-brief of the previous event to share things they would like to see improve for the following year. Throughout the year before the event, fine details are tweaked at regular intervals with the venue, the police and the security company. If there is information or intelligence that the conference may attract protest or crime then the police will review this to ensure the event is peaceful for the attendees and the protestors alike, balancing everyone’s rights and needs.”
What basic principles underline security at such high-profile events, I ask Major. He says: “When it comes to basic security principles at political conferences, there are three key things security teams and the police will be dealing with: the security envelope, crowd management and media management. The security envelope includes the physical security measures, numbers of security guards, numbers of stewards, numbers of entrances/exits, searching on entry, specialist resources like dogs, licensed search officers, counter terrorism security co-ordinators, any hostile vehicle mitigation, public order tactical advisors, operational planners and public order commanders.”
The big question is how are risks assessed in practical terms? Major illustrates: “Security teams and the police will make use of the ‘National Decision Model’ to sift through information and intelligence to inform what resources they put in place. Actually, our company designed one of the threat assessment systems the police use to determine what level of resourcing is proportionate to the event and we now share this with the private sector so they can calculate their own level of resourcing too. Lots of security companies ask us for training on what we call ‘Integrated Threat Management.’ This is very different and much more fit for purpose than a generic ‘risk assessment’ taking into account a broader range of threats and how to mitigate them.”
Quite so. You may recall October 2018’s Conference News cover story explored the reasons behind the Conservative Party’s mobile app flaws. “Security now also extends to planning, crisis management planning, emergency planning, command and control (who reports into who and who the decision makers are) as well as the emerging threat of cyber risks,” says Major. “In 2018, for example, the app at the Conservative Party conference wasn’t as secure as it needed to be. A major flaw made the private data of senior party members accessible to anyone that logged in as that particular conference attendee.”
Logistically, how do security services manage crowds? Major adds: “When it comes to crowd management the police and security teams will look at the ‘traditional’ methods but also the crowd experience. This includes travel to and from transport hubs being prepared for additional capacity, queue lanes and search lanes moving at an acceptable pace, movement around the venue, access to refreshments and these days good Wi-Fi and using social groups such as Twitter and LinkedIn to push items of interest out to delegates.
There’s no point in having a great data security policy if it’s just kept in a drawer. Your staff need to be properly trained on your policy and to know what they can and can’t do
“In terms of media management, this forms part of the whole physical production and social media system. The physical production needs to accommodate the world press and increasingly the ‘citizen journalist’ who has a vital voice in the online free press era that we now live in, who better to hold politicians to account than the public?
“Of course, there is a balance. Recently there have been convictions for people calling MPs ‘Nazis’ while live on air, so it’s fair to say the political atmosphere in Britain right now is highly charged, particularly as we head towards Brexit. MPs have reported feeling threatened by some citizen journalists who may more be appropriately described as protestors in these cases. The parties themselves will have internal and possibly external media zones where interviews can take place and an accreditation system can be a vital tool in managing this.”
Major says that the use of software technology is important, and is successfully used to help deliver safe conferences. He says: “Systems that allow different functional areas to communicate into one central hub while maintaining GDPR/DP rule so incidents aren’t shared with people who don’t need to see them are key. Likewise, these systems should really track the position of resources so key areas are covered, it's a benefit if video calling between these units and the control room can be achieved and ideally that a system might also safely and legally share images. Our multi-award-winning system, Halo, does all of this and more and is unique in the marketplace, leading the industry in many ways. From significant CT Marauding Terrorist Firearms Attacks to the routine-like photographs of search seals to maintain the integrity of deliveries from the Strategic Holding Area to the venue itself.”
Major pointed to the increased risk of cyber threats. These threats now require a different type of security that goes beyond the physical means. Simon Clayton, chief ideas officer, RefTech, is
an expert on the
matter. He says: “Cyber security covers literally everything to do with electronic data; it covers the collection, storage, and movement of all data.
“The key fundamentals for every company to be aware of are data storage limitations and data purpose limitations – or in other words, making sure that you don’t keep data for longer than you need, and that you don’t actually collect data that you don’t need or can’t justify collecting. The more data you have and the longer you keep it for, the greater the risk of a breach or hack.
“When it comes to event registration data, your venue probably won’t need access to this, but your staff and suppliers may do. As an organiser you will need to ensure that staff and suppliers who do need access are fit for purpose – especially in light of GDPR where it is your responsibility to ensure this. One of the easier steps to take is to make sure your registration data partners and event management system suppliers have ISO 27001 or at the very least the ‘Cyber Essentials’ certification.
“There’s no point in having a great data security policy if it’s just kept in a drawer. Your staff need to be properly trained on your policy and to know what they can and can’t do.
“Unfortunately, we still see clients trying to transfer data via spreadsheets over email to each other, but our staff know that this is a very insecure method.
“Another consideration is revenue protection – many paid-for conferences could lose money if registration security is slack and enables a delegate to easily claim a lost badge and get someone else in for free.
“The legislation covering data is the General Data Protection Regulation (GDPR) which covers the collection and storage of data and the Privacy and Electronic Communications Regulations (PECR) which covers its use in electronic marketing.”