S1E2 – The COVID-19 pandemic has had a major impact on security around the world. In this episode, we talk to Richard Wylde, Director for Government and Defence, and Chair of the UK Security in Complex Environments Group (SCEG). We ask Richard what the UK security sector has learned from COVID-19 and how we can ensure high standards are maintained and human rights respected across the sector during this time. Richard provides his insights on this and other risks on the horizon that we should also be preparing for.
This podcast was originally published June 18, 2020
Today’s episode is titled Managing Risks COVID-19 and Lessons Learned for the Future of Responsible Security. Podcast host Chris Galvin is joined by Richard Wylde, director of Government and Defense at Control Risks and ICoCA Certified Member, company and Chair of the UK Risk Industry Body Security in Complex Environments Group, otherwise known as SCEG. Richard, can you tell us a bit about yourself? You worked in government for many years, so what is it that drew you to the security sector?
I’m very grateful to be here talking today. I was in the British Foreign Office for a little short of 30 years and served in a lot of places like Thailand, Cambodia, Italy, Afghanistan, and ended up in the end in Germany working in the embassy as a political counsellor. And when I retired from the Foreign Office, I was keen to take on a challenge that meant that I could both employ some of the talents and the skills that I’ve learnt over many years. I interested in work overseas, but also add value to areas where things were not so easy. And I think working in the risk industry and in some countries that have particular security and complicated challenges fitted well with what I wanted to do. I wanted to encourage people to go to places, get on planes, do things, try and put things right in the world. And that may sound kind of very much as if I was on a mission, I’m not. I’m conscious that these things take a very long time to evolve, but I’m also conscious of that Edmund Burke thing that all it needs for evil to triumph is for good men to do nothing. And I hope I’m a good enough man to at least contribute a bit. So that’s really where I’m coming from. As a young man, I worked in the British Foreign Office with the UN in Thailand, so I was aware of the broader picture and the use of multinational and multilateral firms in trying to find solutions to some of the more difficult problems. So, I hope that kind of answers my background.
Thank you for that. These are not easy times, getting on planes and visiting places at the moment is certainly not so easy. So before we focus on future trends, I’d first like to get your perspective on the present situation, particularly on COVID-19. So, six months ago we held a workshop, as you’ll remember, on future security trends. It was the day before ICoCA’s annual General Assembly. And little did we know then that within a few months much of the world would be in lockdown. So what’s COVID-19 meant for control risks operations around the world, and what’s the company learned from the pandemic?
Thanks, Chris. Well, what I think the company has learned is what the other members of SCEG have also learned. I think it’s fair to say it’s something that extends across the risk industry. That being prepared for things isn’t just a case of saying to firms that you work with, have a plan on standby. It’s trying to believe them that get them to believe in the culture. I think a lot of firms were extremely surprised that this went on for longer than we originally people intended. But actually, that is that is part of the whole crisis management process. But what I would say without kind of trying to emphasize the kind of philosophy too much, very practically, what came across is that firms and institutions that were already in places were much better suited to ones that weren’t. And this is slightly countercultural to the world before COVID-19 in that the idea was that, well, perhaps you could have a very narrow footprint in a country and you could visit because why not? You could get on a plane and be there in days. What we’re finding now is that actually being somewhere is terrifically important. A lot of firms are saying we actually can’t get people in. And if we can, they are so locked down, they can’t move around. We need a whole variety of advice from, “could you visit the firm that we’re trying to get PPE from or trying to get products with or trying to sign contracts with”, to, “can you also advise us on the risk environment that obtains in that country?” And I think that’s the second thing that I might highlight is that risks have risen and there’s no two ways about talking about that. Sorry, for avoiding it.
And that is that certainly in things like social changes, there is a lot of social unease about what’s happened. There’s a great deal of frustration. There’s just not just the frustration of the country, the country’s problems, but it’s just pure frustration of not being able to go and see people, not being able to see your relatives, not being able to look after them. And this has changed the atmospherics in a lot of places. And with that behind it, shortly comes the actual impact of illness. Can people be expected to do what they used to do before? Are your public services going to become under strain? So, it’s quite clear that in the risk arising, there’s also cyber. It’s a big issue that I’d highlight is that a lot of firms have found themselves being subject to much, much higher levels of cyber attack and fraud than they have heretofore. And I think that’s going to continue for a bit.
My third point, I’d say, just to answer your question, we can obviously carry on this theme is that it’s going to be at least a medium-term problem in Western Europe. Countries are talking about their societies and their economies stabilising in about 18 months to two years time. So that, I think, is a kind of good rule of thumb across the world. So those are the main points I’d highlight is there’s the practical step of being somewhere, being able to do something. There’s the fact that risk is rising. And then finally, there’s the point that this is going to be something with us for a time. But there are also other points which I’m very happy to discuss.
One which I’d like to turn to is and this impacts ICoCA to some extent is that given the restrictions on international travel that are still in place and given that many countries are still in some state of lockdown, including many that might be described as complex environments, what does this really mean for maintaining high standards across the private security sector? Because tried and tested methods for ensuring standards like audits and in-country visits aren’t possible at the moment. So how should oversight mechanisms be adapted to ensure that companies are operating responsibly? Technology has played such an important role in so many areas of social interaction during this crisis. How is it really being embraced as a tool to help monitor private security company operations, for example?
This was absolutely the issue that I wanted to raise after my preamble, just to make the point that high standards are absolutely essential for an ICoCA membership like my firm. If we lose sight of that, it’s not just the issues that will challenge those organisations, it will actually have a huge impact on society and industry and business right across the sector. It’s taken us many years to to implement these high standards. It’s essential that we preserve them. But you make a very good point about the practical thing. I’m obviously not someone who’s in an assessment group, but I do prize that they do exist independently of us to give us that independent oversight. So, I can’t really explain what they’re going to do, but I do know they’re working on it and I think they deserve our full support. But there are some things there that I think they might look at. And absolutely, the use of technology. And I do understand that people say, well, we certainly couldn’t get another firm, let’s say, in the security sector, to carry out a survey of one of its competitors. But I think you could be thinking about doing quite a lot online in terms of the bureaucracy of review. You know, have you gone through all these various stages, which in a sense the paperwork we do essentially expecting people to fill it in accurately. But when you go beyond that, you get on to kind of physical checks. I think there are things that we can do at a very big scale.
You can look at satellite photography. If you’ve got a huge area that needs to be kind of monitored to make sure that there haven’t been violations of standards. I think you can use drone surveys with drone technology and drone flights over places to video things. I was very struck many years ago. I heard about people in slightly inventive way in Afghanistan in the early 2000 trying to monitor crops introduction to replace opium. We’re using video links via satellite phones to try and prove that these various products were being used properly. So, there’s all that on technology side. There’s also the question of kind of what I might call longer deployments. I think if you did get assessors and this obviously would be a challenge for them personally, but brought into countries properly equipped, properly isolated when they need to be. And instead of having a trip in where you’d spend, let’s say, 3 or 4 days checking various standards, I think you might find that you had to be deployed for 2 or 3 weeks, but you could try and cover as much as possible. But I think the issue here is also medium term. I think we will hopefully come to a position in about 18 months time where life can be much more normal. It won’t always be the same, but I think the trick is at the moment to make sure that we cover next 18 months and some of those ideas might help.
We look forward to those normal days. But in the meantime, private security companies have been deemed an essential service in many countries. There are guards protecting many sites that include hospitals. And this raises a lot of questions. Some of these are who’s acts as assessor or implementer of a lockdown in a pandemic situation.
Given that they’re on the front lines, what kind of surveillance role might security companies play in tracking COVID-19 and potentially future pandemics? What have been the supply chain impacts for security companies and what human rights violations might occur? And that’s both to and by private security personnel. Can you give us your perspective on on some of these issues?
Again, Chris, a great question. And of course, I’m giving you some ideas and they’re very much personal ones. I think you’re absolutely right that we will have to add pandemics much further up to the implementation stage of our planning. We’ve always the risk industry has always put actually pandemic flu at its highest level, knowing about the potential implications of it. And I think along with all the other challenges of urbanization and climate change, which are kind of tied into the implications that came out of pandemics, we’re going to have to take these seriously. I think we’re going to have to move much more into an integrated information environment in the security field. And what I mean by that is having integrated solutions, which means that you’re both interested in the information available as well as the practical aspects which need to be faced in finding security solutions. So understanding, let’s say, the political and economic context in a place. Is it possible that private security firms could do more within the confines, obviously, of what’s legal, decent and honest? Whether or not you do to need to do due diligence on many more institutions, whether cyber threat is going to be a major part of what’s going to create the problems that you’re going to have to sort out and think that slightly more far sighted view of the security solution is going to be essential.
So that instead of us saying we’ve got security products and systems to stop people doing things, we’ve got to work out why they’re doing them in the first place and see if we can advise people to do things differently. Some of the unrest that’s happened around the world, people are now looking with hindsight saying, actually, if we’d done things differently a few years ago or we put into train things today that could start to defuse some of these tensions, we wouldn’t need extensive security solutions. On the same topic, though, I think we’re also going to find the arrival of non-state actors in greater numbers now. Obviously, mercenaries are something that everyone immediately thinks about when they talk about this topic. I don’t think they’re going to go away. And it’s essential that that ICoCA and its sister institutions like SCEG monitor this very closely with our international colleagues and governments to make sure that that type of approach to life is firmly put in its box.
But it’s other things also that I think we have to bear in mind. Rising perhaps insurgency in places where people haven’t got the access to basic foodstuffs or water. These are going to become issues which may not be driven by people connected to ideologies or foreign governments. But we’re also going to be finding, as I said earlier, I think a lot more about cyber and fraud. I’ve made those two things quite distinct. There’s cyber fraud and cyber threat, of course, and there’s just common or garden fraud or elements of it. I think those are both going to come up the agenda quite considerably in the coming years. And part of the solutions, just to hark back to that again is preparedness, social awareness and training. I think we’re going to expect much higher levels of training and preparedness. It’s strange that we in most countries, we employ a fire service, which of course isn’t in its emergency situation that often. And when it isn’t, it’s preparing, training and educating its population. But we don’t mind having those people, in a sense, doing their Tier two jobs for much of the time because we need them when they want to rise up to their Tier one jobs. I think there’s going to be a similar attitude to that.
I’m just interested you mentioned if we’d done things differently, we wouldn’t necessarily need some of the security solutions that we have now. Have you got a particular example in mind that would illustrate that?
Well, I think it’s a broader question of us being able to influence when he asks, I mean, the security community influencing, let’s say, decision makers in big firms or in governments, especially in the developing scenario, to say you do realise that by virtue of our experience on the ground, we see your alienating parts of your society. And if you can do more about that, then you’ll find that you’re going to have far fewer security challenges. Now I think there’s a truth to power issue here. Now, whether or not, of course, many of our firms want to do that at this stage is a question. But I think you could say to certain governments and certain bigger institutions, if we’re taking on this tender to help you on such and such, can we try and include the fact it may not be allowed to, but we should report to you on what’s going on at a certain level. And I don’t mean, of course, violating any levels of human rights or invasions of privacy, but actually saying, do you know, we think you’ve got a problem here? I think you may need solutions for that, may be that that’s simply not part of the process, may not be that anyone’s interested in it. But it’s an interesting issue because it may be that that is potentially part of the solution.
Now, you’ve kind of alluded to one of the topics of the discussion at the workshop last year, which was the role of non-state actors. And it seems over the last couple of years, even the last six months, there have been more and more stories involving mercenaries, whether that’s the Wagner Group apparently active in various kind of African states or whether it’s the recent failed coup in Venezuela. So why do you think the use of mercenaries is on the rise? And is this a trend that ICoCA, whose role is to raise private security industry standards, should really be concerned about?
Well, again, like all my comments, they are very much a personal view of what’s going on. Yes, of course, ICoCA should be because we want to make a clear distinction between the reasonable, proper use of security, security advice and, as I say, increasingly integrated approach to perhaps some of the challenges like climate change and the environment and pandemic flu, obviously. But where we have to draw a line. We are not in the game of being able to resolve that question of mercenaries. I think we have to say this is something for governments to talk about, but I think we can also make a point of making it clear to governments where we come across this practice. We find situations where people are tending towards this or the use of security for the wrong reason. So, I don’t think we can solve it. And I’d obviously have to leave this to a much broader community to discuss, but I think we should be seriously concerned about it. I think people still find it difficult sometimes to make a distinction between proper, proportionate, legal and effective security advice from security providers and what you see in mercenaries in certain parts of the world. I think it’s important that we keep up that distinction.
You’ve already mentioned two risks cyber and fraud as trends that are happening now and may define things in the kind of near and medium term. I’d be interested to get your kind of insights on what you think the angle is from ICoCA here in terms of responsible security. Are there human rights issues that we should be aware of? And are there any other kind of industry trends going on that we’ve not mentioned so far that you think we should be thinking about?
I think what we may find is and obviously I’m guessing here a bit, is that security becomes a slightly hybrid version in the future. I think people have heretofore tended to see security as doing one main mission. But I imagine there may be an element of having to review the health and safety aspects of certain situations so that you might do leave, for example, questions about whether people should be allowed to come to work if they haven’t proven their health status. Should it be left to HR to make that decision at the front gate or should it be left to security or a combination of it? Now, I don’t have any solution to that, but think security will be more part of that debate than heretofore. And we may find that actually we change the title of security into risk because it is managing risk. And there may be times when someone says, well, this is really for the people who maintain security at our front door to say, I’m sorry, you can’t come in or say yes you can, you you’ve actually passed the criteria needed to be allowed in. And so, dealing with problems like pandemic flu have a parallel with someone who you want to be certain doesn’t pose a security or a fraud risk or any other risk being allowed into your building, or indeed someone sending you emails with attachments. That is a kind of a security risk too. So, I’m not sure we have an answer yet, but I think what I’m really saying is that the security industry should be alert to these things and aware of them and be imaginative in trying to see how you can solve or someway some of these problems.
Now you’ve mentioned a few of the of the trends which are also discussed. So, increasing urbanization, climate change. You’ve already mentioned technology. How do you think managing and delivering particularly responsible security is going to evolve given these trends that are going on? And obviously now we have to add pandemics to the mix. But clearly for many companies, they’d already put that at the top of the agenda
I mean, should how does it ICoCA cover this issue of cyber and fraud? I’m not sure I know. I think I think the thing is that we it’s quite important to put it on an agenda so you can try and examine what one can and can’t do about it. And you’re quite right, there are human rights and privacy issues involved. Do you say to everyone in your firm, I’d like to have access to your computer so I can put in a good safety net and security patch patches to make sure that you don’t have vulnerabilities? That’s quite difficult. A lot of firms say you can do that with your laptop that’s owned by the firm, but you can’t obviously do it if you’ve got a home laptop. So, I think there’s going to be problems about that. And I think on fraud, I think there are aspects of fraud like computer fraud, where you can start to train your staff and your security element in your firm should possibly be responsible for that, too, making sure that people are very much better aware of phishing attacks about people trying to get access to your computer and your files and your data illegally. But actually, working it through will take some time. And what I can’t predict, obviously, is how technology moves on. We may find that actually quite quickly. Fingerprint or facial recognition gives us a degree of security. That means that actually your information is better protected. But I’m slightly dodgy on this. All I can say is I think it has to be on the agenda.
The views and opinions presented in this article belong solely to the author(s) and do not necessarily represent the stance of the International Code of Conduct Association (ICoCA).