SIAM Security Impact Assessment Measures Past Events & Threat Scenarios Deliverable D 6.1 Past Events & Threat Scenarios Project number 261826 Call (part) identifier Interdisciplinary FP7-Security-2010-1 Center for Technology Funding scheme Analysis & Forecasting At Tel Aviv University Collaborative Project 1 13. 04. 2 0 1 2 Table of Contents Executive Summary ....................................................................................................................3 General Introduction ..................................................................................................................6 Past events & Threat Scenarios ...................................................................................................8 Methodology ............................................................................................................................8 Background ............................................................................................................................. 10 Worldwide Past Security Events ................................................................................................ 15 Country Reports - Past Security Events ....................................................................................... 20 Germany................................................................................................................................. 20 Israel ...................................................................................................................................... 43 Italy........................................................................................................................................ 64 UK .......................................................................................................................................... 73 Threat Scenarios ...................................................................................................................... 90 Findings & Conclusions ........................................................................................................... 113 References ............................................................................................................................ 116 2 Executive Summary In this report we present a summary of the efforts done in task 1 of WP6. In this task we described past threat events which occurred in mass transportation systems as air traffic systems and train platforms, covering the five threat categories our research deals with – terror (T), illegal immigration (II), cyber (C), white collar (WC) and organized crime (OC). We have covered some worldwide events, but focused on events collected by the partners, each in its country, and specifically related to each of the four case studies we base our research on – BGIA (Ben-Gurion International Airport), BER (the soon to be opened new Berlin's Airport), London's Underground and Turino's Train System. The following table maps the partners country's collected events divided by each of the threat categories: Table No. 1: Collected Past Events Categorization 3 The following table lists the threat scenarios as offered by SIAM partners: Table No. 2: Threat Scenarios List Terror (T), Illegal Immigration (II), Cyber (C), White Collar (WC) and Organized Crime (OC). No. Threat Category Scenario 1 T Toxic Gas Attack on a subway train 2 T Sniper attack 3 T Suitcase bombs, self made explosives 4 T Gun rampage 5 T Dirty bomb 6 T Missile attack on a starting/landing passenger aircraft (train..?) 7 T The junky's mummy 1 – coffin contains corpse filled with explosives (similar to #17) 8 T The deadly porter – hotel porter plants explosives/explosive device in an innocent resident 9 T The leaky passenger – terrorist with explosives in his guts 10 T Terror on a railway – remote control / pressure activated explosive device 11 T Contamination injected into fuel supply chain 12 T Armed cell trained commandos (native born) seizes control on a main station 13 T Detonation a massive Ammonium nitrate fertilizer bomb on a train in central London during 2012 Olympics 14 C / T Hacking an underground computer by a loose network of highly skilled individuals. 15 C / T Total shutdown of airport radio communication by terrorists armed with high-power radio transmitters 16 C /WC Same like #15, but caused by pirate radio nearby 17 OC The junky's mummy 2 – coffin contains corpse filled with drugs (similar to #7) 18 Other (D.O) The human flotilla – combine efforts of many people to reach certain location in order to demonstrate 4 The following table maps the offered scenarios based on the above collected country events, similarly divided by each of the threats categories: Table No. 3: Country's Threat Scenarios Map based on the collected events The data was analyzed and a list of various scenarios was obtained for further investigation. As can be seen, most of the events as well as most of the presented scenarios are related to the Terrorism category. While Cyber can be referred to as terror attack or as a crime, the three other crime categories are rarely covered and were found less relevant in relation to the mass transportation security. During the work done, certain issues were raised, regarding the five challenges that SIAM is focusing on. The first issue was about the question whether or not Illegal Immigration should be one of the challenges. An additional challenge that arose was whether the project should also focus on civil disorders in transportation systems. At this stage, the five base challenges were left as is, without change. 5 General Introduction The objective of work package 6 is to provide scenarios that give insights about possible targets for selected crimes. One of the key objectives in WP6 is to come to a deeper understanding of the security challenges that were selected in SIAM, and the impact these challenges might have on concrete targets or contexts. Work in WP6 until now has shown that such expertise is available in literature: global or regional threat assessments already exist. They provide valuable information about emerging and developing security threats on a global or regional level. But these expert reports do not provide information about likelihood or probable outcomes of security threats (occurrence, location, societal and economic cost) and it is beyond the scope of SIAM to calculate the relevant probabilities. The main objective of WP6 is to create a knowledge base of threat scenarios and security incidents representing security challenges to mass transportation systems. The focus is on airports and subways systems, which are in the core of the SIAM projects. The preparation of this knowledge base will be based on six steps: a. Collection of information on specific relevant security events, based on media discourses, interviews, etc. b. A literature review survey of current scientific research and threat analysis. c. Expert workshops to discuss the security events, scenarios, SMT's role. d. Expert workshops to discuss scenario's building techniques and risk analysis. e. Processing and integrating the security events collected into a series of structured generic threat scenarios report. f. Integration of the scenarios into SIAM's database. Security events or incidents refer to past incidents which occurred in public transportation systems (airports, undergrounds, trains, etc.) that included acts of terror, illegal immigration, or crime (cyber, white collar, organized): a. The events we were looking for could be those which happened IN transportation systems (e.g. carrying drugs through airports or using trains for illegal immigration) or those which where aimed AT the transportation systems themselves.(e.g. suicide bombing, hijacking planes) b. The above categories appeared in the proposal but we were not limited to them. The impact of the past events was expected to cover the following issues: Economy – High cost damages, potential damages to economic growth, markets, fiscal policies, taxation, industries, banks, insurance companies; Environment – potential damages to biodiversity, materials, resources, climate, pollution, wastes; Infrastructures – potential damage to energy supply, transportation systems, communications systems, etc.; People – potential damage to individuals, groups, mass populations; Political systems – Impact on the political system, potential damage to political structures, activities, leadership, power relations, stakeholders, policies; Values - Threat events might lead to changes of values, such as changing attitudes towards ethnic minorities, impact on privacy changing of the sense of safety. WP6 has begun in M1 of SIAM (2/11). 6 Following our first plan for WP6 and the discussion that took place during the kickoff meeting in Berlin, ICTAF issued guidelines to the partners for carrying out the abovementioned relevant tasks. This was later revised after the first consortium meeting in New Castle. 7 Past events & Threat Scenarios This report is a summary of the efforts done in task 1, collecting and describing past events and offering a list of suitable scenarios. These scenarios are expected to cover the five security challenges addressed by the SIAM project: acts of terror, illegal immigration, or crime (cyber, white collar, organized). In this context we use the following definitions: a. A security event - A specific event that happened in the past in which a breach of security happened in its broad sense including criminal acts, terrorism, illegal