Happy International Women’s Day to all the women making a difference to our organisation and our wider global communities. As a Group, ICTS is committed to a gender-balanced international workforce which enables and celebrates the professional success of all. Together, we are a stronger team; more creative, innovative and driven. On this day and every day, we urge you to #breakthebias and strive for a world free of prejudice, stereotypes, and discrimination. Acknowledge the valuable role of the women around you.

ICTS Hellas signs new contract with the Ministry of Climate Crisis and Civil Protection. ICTS Hellas has signed a new contract with the Ministry for Climate Crisis and Civil Protection to secure one of the mass vaccination centres in Patras. ICTS Hellas is responsible for enforcing Covid-19 measures, such as the wearing of face masks and social distancing at the vaccination centres. Stylianos Chrysomallos, CEO of ICTS Hellas commented: “Along with significant changes to the way we travel, shop, and work, the Covid-19 crisis has also had an extraordinary impact on the role, service requirements, and demand for qualified security personnel. Among the newly adopted skills are management and implementation of new safety procedures and Covid-19 vaccination certificate verification services. We are delighted that the ICTS Hellas Team has quickly adjusted to the new requirements caused by the pandemic. We are pleased to be able to contribute to the battle against Covid-19.”

ICTS Cyprus is delighted to announce that DP World has extended its partnership with ICTS Cyprus for the provision of guarding and security screening of cruise passengers at the Limassol Port. “ We are delighted to continue our business relationship with Dubai-based DP World, the biggest Port Operator in the world,” said Panagiotis Fistedis. “We have supported DP World since 2017 and look forward to strengthening our successful cooperation in the years to come!”

A place holder for the secondary title and a short brief. Paragraph 1 Heading #1 Paragraph 2 Heading #2 Paragraph 2 Heading #3 Paragraph 3 Heading #4 Paragraph 4

Title. Paragraph 1 place holder Sub title Paragraph 2 place holder Sub title Paragraph 3 "Quotes by ICTS expert" Closing Statement Closing statment

What do data centres, Wilhelm Tell and Apollo 13 have in common? On the virtues of preparedness and precision: Who isn’t familiar with the story of Wilhelm Tell and the apple shot? As the tale goes, the Swiss folklore hero, having refused to bow before an evil Vogt, was given a terrible choice: execution, or with one shot from his crossbow, split an apple placed on his son’s head, 100 meters away. The thought of finding yourself in Tell’s pointy leather shoes is enough to make your toes curl in dread. Many believe that Wilhelm Tell was a real person, not just a fictional construct; that all of this took place one autumn day in 1307 – one of many audacious exploits that generations of proud Swiss ascribe to the expert marksman. Mr Tell (and his son) lived to tell the tale, and many more besides. But none have endured so well or resonated as universally as the apple shot. And why not? It is a tale of courage in the face of tyranny, skill and canny – and it comes with a happy(ish) ending. It inspired a nation to rebel and was repeated in countless poems, plays, music and movies.Still, amidst the lauding of the celebrated shot, lest we neglect the moments just before the bolt was launched. Imagine what goes through the archer’s head as he fixes his sights on the apple, gauging the wind, praying the boy doesn’t move. So much is at stake; so many things can go wrong. When you can’t afford to fail, how do you develop the skills and tools necessary to ensure that you get it right? ICTS Europe has been asking these questions for thirty years, and we are still coming up with new answers. We take pride in being the go-to security partner to organisations where security failure is not an option. High-risk, global organisations trust us with their business and their customers. In addition to securing assets, reputation, life and limb, we safeguard Bits and Bytes for data centres that view security as a critical success component. For data centre operators, outage is the ultimate risk. Despite steady improvements in infrastructure and practice, outages remain a significant concern. A recent Uptime Institute survey reports that 44% of data centre operators are more concerned about outages now than they were one year ago. Indeed, 74% of surveyed data centres experienced some form of outage during 2020. Crucially, three out of ten experienced outages with significant or higher impact. The precise impact of outages is hard to measure because most outage incidents are not reported. As seen below, according to surveyed data centres operators, only 16% of outage incidents in 2020 carried a total price tag above £750k. However, research by Statista suggests that in 39% of cases, the collateral cost of one-hour outage/downtime is $1 million or more, while the most common events cost $300k - $400k for each downtime hour. While the industry finds it hard to agree on calculating impact, there is a standard agreement on the causes of outage and downtime. In the past, the most common culprit was technical failures - mainly of power supply and switching systems. In recent years, outages are increasingly caused by misconfigured IT and network systems. There is general agreement that cybercrime is rapidly becoming a prevalent threat to uptime. Human error also continues to play its part in most outages. As much as 75% of significant downtime incidents were caused by human error that could have been avoided with better management or processes, according to respondents of the Uptime Institute’s Annual Survey, 2020. With cybercrime threats on the increase, reducing the probability of human error becomes an absolute priority. How would these notions help us in constructing a fail-safe approach to delivering optimal security to data centres? This is where Apollo 13 comes into play. Long before ‘failure is not an option’ became a catch-phrase for the 1995 Apollo 13 movie, it was the underlying credo of NASA’s missions. Many studies have been undertaken to identify the key elements of NASA’s approach to fail-safe planning and execution. Typically, teamwork and leadership occupy the top spots on the list. Diversity of skills and expertise is another key ingredient, as is the ability to assimilate lessons and experience quickly. But the most vital component of critical failure avoidance is Situational Awareness. In NASA’s research paper Intelligent Automation Approach for Improving Situational Awareness, three levels of awareness and impact are identified: This is a powerful blueprint for delivering optimal security to data centres. Ultimate situational awareness enables us to work today to reduce the probability and impact of outages in the future. It does not negate the need for a Plan B but reduces the likelihood of deploying such resilience measures. This leads us back to our hero – who also had a Plan B. when preparing for his ‘single shot’, he took two bolts from the quiver. Moments later, apple pinned to tree and son unharmed, Tell was asked what the second arrow was for?... We leave our readers to guess (or Google) Tell’s reply which turns his story into one of resilience; a topic so critical, it deserves individual attention or an article of its own. Watch this space!

Bridging the gap between Covid testing and border processes Borders have rarely been under as much scrutiny or pressure as they have experienced during the Covid pandemic. Alongside border closures, nations needed information on those intending to enter their countries that had never been requested before such as health information and medical test results. ICTS Europe has been providing Border Management solutions for 40 years, and many of the airlines and airports we work with asked us to help them with both these needs. We were able to adjust our Advance Passenger Information System (APIS) solution to help nations deny boarding to all but residents and citizens, or those from countries (or even airports) that the nation deemed high risk. Similarly, we took our experience of building and running the first integrated Electronic Travel Authorization (ETA) system, to develop a Health ETA that acted as a combined Declaration, Attestation and Passenger Locator Form (PLF) solution. This web-based solution also includes risk analysis and security clearance to allow nations to issue approvals to travel. Both these solutions help nations protect their citizens and get valuable information on travelers. It should also be noted that in response to the Covid pandemic, we were trying to connect two complex and highly regulated industries: healthcare and testing laboratories, and travel and transportation. Each had their own rules, regulations, and formats pertaining to personal data, sharing, and privacy – and there were little similarity or mapping between them. The most obvious of these was related to identity verification and binding. For example, some test labs use name and insurance policy details as identity verifiers – not information that is particularly useful to international travel, which relies on government issued passports or ID cards. The industry is looking at how these issues can be resolved. It is very positive to see how well technology providers, carriers, port authorities, and integrators have come together to work on collaborative solutions. Much of the initial work was on how to get test results to airlines – mainly utilizing health pass apps, such as those from IATA, AOK or The Commons Project. These apps also acted as the decision-making engine by assessing the validity of the test against the Covid rules imposed by the relevant government authorities, generating an “OK/NOT OK” result. There have been some very successful tests of these apps and they have gone some way to demonstrate to the authorities that health status information can be safely and securely processed electronically. However, this is only one part of the challenges facing the industry to get us back operating at any level of volume. Perhaps the most obvious challenge is that it is virtually certain that there won’t be a single app for the industry. Airlines, alliances, and countries may have preferred solutions, but they as well as airports and government authorities, will have to work with a vast variety of apps, and of course paper-based information. There has been work to try and align the apps with standard, interoperable underlying technology. However, even when this works, there remains the issue that personnel have to intervene in the travellers journey to scan the app or QR code to verify the results and give the go ahead to move to the next step in the process. This intervention is happening at least twice – at check in and immigration – and potentially several additional times too, with significant time and cost penalties for all stakeholders. Clearly, we cannot operate these additional, non-aligned checks if we are to return to sustainable volumes of passengers, but just as clearly, we need to maintain the integrity of the borders. While some airline system providers can integrate multiple pass schemes into their systems, this only applies to their airline customers. Similarly, this does not allow for easy integration with declarations required by governments or with passenger processing automation in airports. For this reason, ICTS is working with pass scheme providers and other stakeholders to develop the Health Protect ecosystem, connecting our own solutions, such as the declaration capabilities of Health ETA, in airport Passenger Processing and denial of boarding or check in with APP Protect, with third parties. Importantly, Health Protect integrates with the existing airline, airport, and government process, allowing the health status checks to be carried out simultaneously and as invisibly as possible. At the heart of this is the Health Hub, a gateway that allows travelers to share health information either from the declaration system or from scheme providers, and for this to be securely shared at the right time to the right stakeholder. This will allow governments to more easily combine data from declaration or passenger locator forms with health pass or self-entered information, in a machine readable way. This will allow existing automation, such as immigration eGates to be reactivated and significantly reduce the delays of five or six hours seen at some ports. Similarly, we can rely on outbound automation to ensure checks are effective, timely, and part of the processes that have been safely and securely checking travelers for years. The industry is coming together to restore confidence in travel. Hopefully, authorities will join this journey. #aviation #covid19travel

For over 40 years, ICTS has been partnering with dozens of organizations while evaluating the performance of their security programs. Our involvement provided access to a variety of customers in several industries, each with their own unique needs. What matters most Our conversations often include the perspective and concerns of leaders from ownership, procurement, property management, facility operations, and the security program. Despite their varying responsibilities, these prospective customers all shared a desire to design a value-driven, cost effective security program which protected their company assets, ensured the safety of their environments, provided peace of mind to employees and guests, and exceeded their quality standards. Admittedly, every Request for Proposal (RFP) process is different , and every organization defines their own evaluation criteria in weighing one vendor against another. However, in looking back on the success of these assessments, I believe there are three key questions which must be answered in creating an optimal security program. What is the hourly wage paid to the security officer? Prospective customers often expressed frustration at the quality of the security officers assigned to their facility. The lack of attentiveness to the post orders, poor attendance, and an unprofessional appearance which did not align with company’s image, were often the biggest complaints. These issues can often be directly tied back to below market compensation for the security officer. While wage is not the only factor in attracting and retaining the most suitable officers, a better wage will often enable an organization to hire a security officer with greater experience, education, and professionalism. If a security vendor attempts to staff their program with poorly compensated officers, the facility will not only receive an officer who lacks the experience, education, and engagement necessary for a quality security program but the amount of turnover within the security team may lead to inconsistent performance. Retaining a greater proportion of officers experienced in your environment contributes to higher performance, ensures understanding of the finer details of the post orders and contributes to greater operational stability. Perhaps most importantly for organizations attempting to create a welcoming culture is that higher retention builds trust between employees and the security officers. Constant wage-driven turnover results in a lack of recognition and relationship between employees and the security staff and leads to diminished faith in the facility’s security team to respond to the company’s changing needs. These issues also ignore the larger concern: If the wage is not sufficient, particularly in these challenging economic times, the security vendor might not be able to adequately staff your site. There could be few, if any, applicants to staff your security posts. Low pay could also result in a pool of applicants which does not align with the reputation or hiring mandates of your organization. Collectively, the shortcomings caused by a below market wage can be prevented by pressing a prospective vendor on what hourly compensation they will provide their security officers. “What management oversight will your organization provide and how will they be involved in the performance of the security team?” To reduce their expenses and supplement the profitability of their accounts, many security organizations have reduced or eliminated middle management from their operational set-up. This level of leadership often served as the connection between an organization’s branch executives and the frontline officers who protect a client’s site. The middle management would support the security team, addressing concerns from the officers, integrating changes requested by the customer, and ensuring the satisfaction of both parties – employee and customer. Unfortunately, this reduction has left many security officers exposed in the field. They lack a supervisor with whom they can elevate issues, ask for guidance, or obtain training. Prospective customers identified the predicament to me as “An officer on an island by themself.” Since every security program should evolve as the organization’s needs change, the lack of connection with experienced security managers to shepherd the guarding staff through day-to-day operations, as well as occasional adjustments, caused confusion and chaos, not only for the officers but often the client, their employees, and guests. A prospective customer should be able to decipher if the security company is investing in its operational team and providing the resources necessary to deliver upon their promises. Ask how often middle management will visit your site. Can you, as the paying customer, expect weekly, monthly, or quarterly visits? Identify the key performance indicators (KPI) which these leaders will be evaluating during their meetings with the security staff and how their discoveries, both positive and concerning, will be reported to you. These answers set clear expectations for regular interaction between management and the security force as well as standards for the topics which will be covered during quality assurance meetings. With management providing a detailed report of their visits, the customer remains engaged in the security operation and receives assurance that the officers in their facilities are supported, not left alone on an island. “What are the key components of your compliance program which drive quality assurance and satisfaction?” How can a prospective customer trust that their security vendor will conduct the duties assigned to them? What assurance can the security provider give to demonstrate that their officers are responsible in completing the post orders as defined by their client? Many organizations simply rely on “Daily Activity Reports” or DAR, to show what a security officer accomplished during the shift. These reports detail patrol routes, unusual circumstances uncovered, or potential threats which should be addressed. Unfortunately, many security officers fail to complete these forms, as requested, or provide a truthful explanation of their activities. Therefore, the customer is left questioning whether the responsibilities entrusted to the officer have been fulfilled. The best solution in driving compliance is for collaboration between the customer and the vendor. Initially, this interaction should result in the definition of KPIs which will be tracked and reported. This sets a base expectation from the customer of the officers’ responsibilities and the oversight from management in ensuring these duties are completed on-time, each time. By defining these together, the partnership is forged as the customer clearly defines their expectations and the vendor demonstrates their plan. Showing how the duties will be accomplished is the result of a compliance program in which senior management is engaged with their staff to ensure they are fulfilling the duties assigned. If security cameras are present, ideally the security vendor will be provided access so “spot checks” can be conducted, infractions identified, and training administered in meeting the customer’s expectations. If technology is not available, the responsibility rests with middle management to conduct random inspections of the security force. During these visits, management can check the details of the DAR, identify potential security gaps, and coach the officers in documenting the KPIs. The outcomes of these visits should be reported to the customer, demonstrating their dedication to fulfilling the quality assurance standards defined at the start of the partnership. Finally, a security vendor should regularly test their staff to ensure not just that they are completing assigned duties, but that the security program is actually mitigating potential threats. This is done through frequent and consistent testing of employees including standardized observation for compliance, audits to test knowledge, and conducting drills to ensure that the correct response to a security threat is made when presented with a simulated threat, whether a person, item, or scenario.

Before Prometheus gave man his first fire, our evolutionary great-great-grandparents already had two feet on the ground. Big headed bipeds with opposable thumbs gave us some of the most vital instincts that we carry today. An innate ability to identify a threat before it ate you was and one worth keeping - something you could pass along to the kids, along with the thumbs. Several species and four hundred thousand (or so) generations later, we are no longer on the menu. But we still face potentially dangerous and threatening situations. Keeping safe remains the top priority for an instinct that took millions of years to develop and may take as many to alter. As we pass it on, it changes its names, but not its nature. For ICTS Europe, keeping safe is more than an instinct – it is our mission. Rapidly becoming a leading force in securing data centres, in the past two years we expanded our services to some forty data centres across six European countries. A growing number Colocation and Hyperscale operators now talk to us about their challenges and how we can help them achieve an effective, cost-optimal physical security. This conversation is critical as data centres are increasingly seeking specific security expertise to match the risk profile they are facing. So we asked our clients a simple question: What are the most important qualities and attributes they would expect to find in their physical security providers? We offered five options to rate, and the result is striking! As seen below, the vast majority placed two attributes at the very top. Notice that the top priority – trustworthy & dependable - is all about human qualities. Interesting, but hardly surprising. Research shows that most security failures in data centres are caused by human errors. Hence, it is only natural that data centre security professional would value a physical security provider that they can trust and rely upon. Equally noticeable is the emphasis on the capacity to increase compliance and resilience. First, data centres want to see improvement on what they were able to achieve in the past. Simply maintaining quality and reducing costs is no longer sufficient. As threats develop, as risk complexity intensifies, as colocation clients increase their demands – data centres have to push security performance up. And, it has to come with both compliance and resilience. For compliance, which is by virtue a means of measuring inputs, is only part of the performance picture. Resilience is nowadays the Holy Grail, the critical output that data centre security – physical and digital combined – is judged on. Human qualities and the capacity to drive service outputs upwards – that’s what data centre security professional are telling us they need. Experience, cost optimisation, technology and innovation remain, of course, important. But only if such capacities serve the ultimate purpose. And certainly not on the expense of working with people you can trust. So let's talk about trust With its variety of definitions, our concept of ‘Trust’ plays a part in every interaction. It guides decision, shapes expectation and influences conscious behaviour. Instinctive trust interacts directly with our primal brain – the area which controls automatic self-preserving behaviour. Our capacity and ability to trust is rooted here as it determines our ability to detect and respond to threats. On a basic level, it helps us differentiate between the threatening and non-threatening, to instantly spot the difference between familiar and unfamiliar. The unknown we treat with more caution or suspicion until we have assessed it. But can we measure trust? Maister, Green & Galford believe we can. In their business classic The Trusted Advisor (Free Press, 2000) they identify four behaviour patterns that, combined, produce trust: Credibility (what I say and how I say it), Reliability (what I do and when I do it), Intimacy (how comfortable or safe I make someone feel) and Self-Orientation (the extent to which I am focused on myself). Expressed in an equation, we can actually see how it works: High degrees of credibility, reliability and intimacy build trust. Below the line, focus and attention on the other reduces self-orientation to boosts trust levels higher up. Or, in our world of data centres security, trust means professional credibility, operational dependability and obsessive client focus. It is an important lesson that we take to heart and hold precious, together with all the other human qualities bestowed upon us by Prometheus.