8/10/17

Proposals for security measures against terrorist ramming attacks by car

U.K., Westminster car ramming attack. Photo source: BBC

One of the most common methods used by Jihadists recently, is to attack soft targets by using ramming cars. Authorities are having a hard time preventing that, as cars are a common tool for all and they can’t be tracked or limit access to them.



However, by studying most recent attacks m.o. , cars used by terrorists were mostly rented and that was done always by paid cash and not by the use of a credit card as law demands. (at least for major companies)

Now when contract is signed by the customer, he is supposed to provide his driving license and another form of id. These details are registered either on a company’s database or on a piece of paper(hard copy contract) which will eventually get in a digital record at some point. In not so many words, there are cases where crosscheck of driver’s details is not thoroughly followed, before he gets the car and drive away.
Last but not least, customer trail will not be easy to follow, even with a GPS on board.

So by examining the above we are to pinpoint 3 failure points in terms of security.

  • Rented Cars could be available to anyone with a fake/falsified driving license as long as he has the cash to do rent one.
  • There are cases where procedures to crosscheck details of the driver are not thoroughly followed
  • Cars even if pinpointed by GPS, there is no way to immobilize them if needed.
By considering these weak links in security chain and by referring to these rented cars as “rented property” and not “private property”, I am thinking of the following as suggestions to narrow down the possibility of using a rented car as a weapon.
  • No car should be rented unless there is a credit or debit card presented. These cards should be crosschecked on the fly, nationwide/worldwide over a “persons of interest” database via banks or authorities. Now by following the new GDPR regulation(privacy regulation in power on 25/5/2018), no details will be stored of customers but if matched with a “suspect” then by following GDPR rules, this can be used as a legal tool to block rent of a vehicle (privacy is valid until security of nation or/and society is under threat)
  • Renting a car should be done 1 or 2 days before someone will be able to get it. This will leave enough time to crosscheck the validity of provided details by driver. If there is an urgency to rent a car then waiting time should be considered the one needed to complete a screening procedure.
  • Since these cars are not sold but rented, they are still considered as property of the company. It is in the companies own interest not just to install a GPS on board but also place a “kill module” on car’s CPU which will be activated if there is truly a need to use it. Since there is a privacy issue here (GPS signal constant transmission) again by GDPR compliance, no details will be recorded unless driver is considered to be a threat.
Now please consider that these are draft thoughts and not technically refined. There will be  some legal issues to examine along with methods of how to make this “transparent” for customers and businesses, in order to get the proper feedback that authorities need and not get neglected by many. Also need to underline here that this is not a 100% fail safe to block terrorists from using cars as a weapon, however it will give enough tools to prevent and react when such an attack is an issue to prevent or react upon.

(Proposal was set on Debate Security Plus forum and got marked as constructive contribution on the issue)

 Alexandros Niklan
Sr. Security Consultant
========================================== 

Ιδιοκτησία πνευματικών δικαιωμάτων του Geopolitics & Daily News - © 2017. Το περιεχόμενο του site αποτελεί πνευματική ιδιοκτησία του Geopolitics & Daily News. Οποιαδήποτε πληροφορία (κείμενο, εικόνες, γραφικά) περιέχεται στο site μπορεί να χρησιμοποιηθεί μόνο για προσωπική, μη εμπορική χρήση. Είναι παράνομη η αντιγραφή, αναπαραγωγή, τροποποίηση με οποιονδήποτε τρόπο, μέρους ή του συνόλου των περιεχομένων του site χωρίς προηγούμενη έγγραφη συγκατάθεση ή αναφορά της σελίδας