Welcome to 2024!
After leaving Substack last month, this month I’m experimenting with a new newsletter service. Let’s see how it goes.
If you’re receiving this newsletter, it’s because I’ve exported your email from Substack into this new service. Of course, if you’re no longer interested in receiving these monthly updates, you can unsubscribe at any time.
What we’ve been doing, where we’ve been travelling, and what’s next.
This month, I supported the Asia Crisis and Security Group (ACSG) in Jakarta by running a crisis simulation exercise for their members. The brief was for us to provide a realistic and engaging exercise for six teams, simultaneously. Not an easy task. The good news is that it went well and I managed to avoid destroying my professional reputation in front of some of the region’s senior security leaders. The role player support provided by the Grab Jakarta team was outstanding.
The scenario was based on civil unrest relating to the 2024 general election, which is one of the more significant risks in the region in 2024.
Separately from my little segment of the activity, the overall event was excellent. Several speakers and a panel focused specifically on risks relating to the general elections. Other speakers focused on highly relevant topics such as AI and cybersecurity. Congratulations to Craig and the other members of the Steering Committee for conducting another high quality event.
I’m currently in slightly cold and very dusty Kathmandu.
My focus while here is to develop detailed contingency plans for a client. I’m looking at safe places to stay, places to avoid, and different ways to get out should things go south. One of the options is to literally go south, to India. That would be quite the drive though, and the road conditions aren’t great.
This is the first time I’ve been to Nepal during ‘normal’ times. My very first visit to Kathmandu was during the state of emergency in 2005. My last visit was immediately after the major earthquake in 2015. Tourism seems to be back after the COVID pandemic, but I’m not seeing tourists in huge numbers (probably too early in the season).
Anyway, it’s nice to be back here after so long.
Training workshops and customised training solutions.
Over the last few years, I’ve received a lot of enquiries to run training for individuals. I’ve been struggling to find a way to do this that’s going to deliver a great experience but also reward me for the time and effort spent in designing and delivering the training.
As an experiment, I’ve reinvigorated an old project - Grey Catalyst. I’ve built a new website and added a few courses. Ignore the dates and pricing for now. There’s still a few things I need to work out before I’m able to confirm the details.
Updates on our applications.
I deployed Incident Manager to production the night before the ACSG simulation exercise in Jakarta, and made the application available to teams during the exercise. I’d pre-loaded the app with resources relevant to the scenario, along with a playbook relevant to the scenario.
It was a bit of a stealth soft launch, and to be honest I don’t think people realised what they were looking at. But it was a huge milestone for me to have people interact with the application in a production environment. It’s one thing to play around with an application in a development environment on your laptop versus having people you don’t know (and some you do) accessing your application on a range of different devices during a simulated incident.
In addition to the application, I’ve built a companion website focused on crisis management, called Pivotal Crisis Response. Pivotal isn’t a new idea - I bought the domain and set up a basic website in January 2021. This time, however, I’ll be building in the Incident Manager app as one of Pivotal’s core offerings. The website is still under development and I’ll be making small improvements over the coming month.
In the next few weeks, I’ll be reaching out to individuals who have already shown interest to provide them an account so they can kick the tires. If you’re interested in trying the application, please reach out (corporate security managers only, please).
Updates on our in-house gear, sharing a behind-the-scenes look at our design and manufacturing processes.
In my last update on Station XV bag production, I mentioned that the webbing was late to arrive, delaying production. Turns out that the delay was the least of it. After inspecting the webbing, 44 m (of 378 m) of one of the styles of webbing was found to be defective and couldn’t be used in production. So there was another delay while we waited on the webbing supplier to replace the defective webbing. That process was expected to take 3-4 weeks. (I just received word from the factory a few hours ago that it may have been delivered, which is great). The webbing isn’t the only issue, however.
In December, the factory started the first stage of production, which is cutting the main fabrics to make the various panels that will subsequently get sewn together. As a result of quality control checks after cutting, 94 m of UltraWeave 400X (the primary material) was rejected for quality reasons. This is obviously bad, but it also demonstrates the benefit of working with first rate manufacturing partners. The factory has ordered replacement fabric from the US. Again, there’s a delay while this material ships (assuming it’s in stock).
The factory has been extremely diligent in identifying quality issues with materials, for which I’m extremely grateful. One of the imperatives from the factory’s perspective is to avoid a situation where I reject finished bags due to quality issues. Better to find these issues before the bags go into production.
I received a WhatsApp from the team at the factory earlier today that production should be finished by 27 February. I’m not holding the factory to that, so please don’t hold me to that. But it seems like all of the issues have been sorted and things are moving forward.
The Station XV website is up and running on a production server, but not quite ready for public access. The next step is to take proper product photos and add these to the site. I brought some of the bags to Nepal, hoping to take some photos here if I can find the time. I also need to finalise pricing once I receive the final bill of materials from the factory. After that, I’ll need to work out how to manage purchases. The two options at this stage are to either continue with SendOwl (which I’ve been using for digital products) or use the Shopify buy button.
So, still lots to do. Appreciate everyone’s patience. It’s been quite the journey.
Links to our latest articles.
I’ve started the process of editing Dangerous Travels articles and compiling them into the Dangerous Travels book. I’m aiming to edit one article a day. My target is to have the book finished by the end of March 2024. All paid subscribers to the Dangerous Travels publication in 2023 will receive a free copy of the book in PDF format.
I’ll be continuing to publish to Business of Security this year. I’ve already fallen behind in posting due to an overwhelming workload this month. I’ll get back to it in February.
I still haven’t found a good email solution for Business of Security, but for now you can find the articles here.
We’ve published a number of books on crisis management, travel security and security evacuations. These books have been purchased by travellers, security professionals, several global companies, and at least one prestigious university.
I’ve started the process of reviewing and updating The Guide to Travelling in Higher-Risk Environments. As mentioned in my end of year review, this year I’m also aiming to update and re-release The Crisis Response Handbook. I won’t be rushing these edits. If you purchase these books now or at any time before the new version is released, you’ll get notified when the new versions are available and will be able to download them for free.
Several highly regarded organisations (and one prestigious university) have purchased copies of our books for their teams. If your team would benefit from the knowledge and experience contained in our books, please reach out. We can provide discounts for bulk orders.
Links to interesting articles worth your time. This month: Risks for 2024, AirDrop security flaw, views on China’s approach to Taiwan, risks of regional war in the Middle East, and other topics.
Surveying the Seas. China’s Dual-Use Research Operations in the Indian Ocean (CSIS). Read here.
Beijing Won’t Allow Taiwan’s Democracy to Survive. The very prospect of a free election is a threat (The Atlantic). Read here.
Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up. Chinese authorities are exploiting a weakness Apple has allowed to go unfixed for 5 years (Ars Technica). Read here.
Attack of the week: Airdrop tracing. (Matthew Green). Read here.
The politics of Apple’s AirDrop security flaw. And how protests in China brought the problem into focus (Rest of World). Read here.
Iran’s regional strategy is raising the stakes of Hamas-Israel war. While Iran has denied involvement in the Hamas attacks on Israel, its backing of a regional ‘axis of resistance’ means it will have a major influence on whether the conflict spreads (via Chatham House). Read here.
Beijing Grows Assertive As Chinese Private Military Companies ‘Come Out Of The Shadows’. (Eurasia Review). Read here.
48,000 companies sent Facebook data on a single person. A Consumer Reports study found that thousands of companies contribute to Facebook’s data stores on each person (The Verge). Read here.
Can a Regional War Be Avoided in the Middle East? (CSIS). Read here.
The Top Risks and Opportunities for 2024. (Atlantic Council). Read here.
War warnings everywhere: Global risks are heating up. While the U.S. has been focused on Gaza and Ukraine, several other long-simmering global threats are getting hotter (Axios). Read here.
Trauma’s Impact on Memory: Sharper Recall After Negative Events. A new study uncovers a unique aspect of human memory: our ability to recall events is sharper after experiencing negative emotions (Neuroscience News). Read here.
Russian cyber and information warfare in practice. Lessons observed from the war on Ukraine (Chatham House). Read here.
Nightshade: a tool that turns any image into a data sample that is unsuitable for model training. Read here.
Surveying the Experts: U.S. and Taiwan Views on China’s Approach to Taiwan. This survey provide valuable insights into areas of convergence and divergence in how U.S. and Taiwan experts evaluate China’s approach to Taiwan (CSIS). Read here.
Rocket-Powered Corruption: Why the Missile Industry Became the Target of Xi’s Purge. (War on the Rocks). Read here.
Kidnappings: Concern mounts over crowdfunding for ransom. Amid killings, banditry, kidnappings, among other security challenges bedeviling most parts of the country, Nigerians, in a rather distressing trend, are now resorting to crowdfunding to secure the freedom of their family members and relatives (Daily Post). Read here.
The China Challenge. Part of the CSIS 2024 Global Forecast—A World Dividing. Read here.
Midnight Blizzard: Guidance for responders on nation-state attack. Analysis of the SVR attack on Microsoft’s corporate email system (Microsoft Threat Intelligence). Read here.
The Taliban’s curious love of SIM cards. Afghanistan’s extremist rulers learned what all governments now know: SIM cards are worth every penny (Rest of World). Read here.
Identifying Small Drones from Screenshots and Displays. (Bellingcat). Read here.
That’s it for this month, folks.
Thanks for reading and stay safe out there.