An old threat returns

Mar 8, 2019

Charlie looks at the latest spate of parcel bombs and why now might be a good time to review your plans, procedures and awareness.

This week I was down in London delivering the Managing and Preparing for Cyber Incidents course. I noticed in the news at lunchtime that parcel bombs had been sent to Heathrow Airport, Waterloo Station and London City Airport. The last location was of particular interest as I was flying home to Glasgow later that day. Luckily nobody was hurt, and transport was not disrupted. On Wednesday, a similar parcel was sent to Glasgow University, and the commentary on the news suggested that it might be tied to a republic terrorist group, as it was sent from Dublin.

The threat of parcel bombs seems to have gone a bit quiet over the last few years, although occasionally one makes the news. This is a big change from twenty years ago, when there was a significant threat of parcel bombs being sent from Northern Irish terrorists and animal rights protesters. In terms of parcel bombs, we must remember that this is not just about explosive devices, but also sending parcels containing glass, razor blades and used syringes, which are designed to create fear and cause minor injury, rather than kill anyone.

Not all things sent in the post are designed to harm, sometimes they are just plain stupid. When I was the Emergency Planning Manager at Anglian Water, I was called to the mail room to look at a suspicious envelope which had been X-rayed by mail staff, and seemingly contained a needle. We very gingerly opened the package, which turned out to be a large needle put with a card which read “You have found the needle in the haystack, use us (company x) for all your marketing”. When I rang them up to complain that their marketing materials could have caused serious injury to the person who opened the letter, they were quite indignant and felt it was perfectly acceptable marketing.

I think when a new threat presents itself then we should use this as a good opportunity to review our procedures and check that our organisation is prepared, if we were to receive a suspicious package. So here is some actions I suggest you should take:

  1. Review your risk assessment and decide if your organisation could be targeted. Remember it is not just terrorists who can carry out this type of attack, it could be a disgruntled employee or customer, or someone who has a grudge against your organisation.
  2. Review the path of mail and parcels into your organisation. Who is the first person to handle them, and who delivers them to their recipient within the organisation? Check whether staff have been trained to recognise suspicious packages, and do they know what to do if they do receive one? Don’t forget delivery of fast food to the office could also be a means of delivery of a suspicious device.
  3. Once a potentially suspicious package is identified check who is going to verify whether it is in fact suspicious, and who will make the decision to call the police and evacuate the area? Check whether your existing plans cover how this type of threat will be handled and managed.
  4. If you deem yourself at high threat, consider the purchase of equipment such as an x-ray machine, which can be used to check the contents of letters and parcels. If you have an existing machine ensure that it is serviced, staff know how to use it and that it is actually being used.
  5. I have looked at some of the UK government’s guidance on recognising and dealing with suspicious packages. Most of the procedures have not changed greatly from my time 15 years ago at Anglian Water, but I always think that if you are looking for best practice and guidance, go with government and emergency services’ advice.
  6. If you are looking at your procedures, you may as well look at how you are going to deal with a ‘white powder’ incident. Again, identify who could potentially receive the letter and what steps need to be taken if white powder is found. If anyone in the organisation could get a letter, then perhaps a general staff briefing is required.
  7. Lastly, as you are already on the theme of bombs, you should dust off, if dusting is required, your bomb threat procedures!

With this latest spate of parcel bombs, luckily nobody was hurt but one device did go off and caused a very minor fire. So perhaps with the news still fresh, now might be a good time to review your plans, procedures and awareness.

Sign-up to our Newsletter

"*" indicates required fields