Print Post Approved PP255003/10110
THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au Feb/Mar 2014
The public face of privacy reform Are you ready for the legislation change?
Securing Australia’s North West frontier Steve Lewis CEO, Dampier Port Authority, WA
The season of change in mass transit Full powers of arrest and detention
Unmanned vehicles - their critical role in securing us $8.95 INC. GST
TechTime | Movers & Shakers | Women in Security and much more...
Memories. iFly Singapore, the world’s largest indoor skydiving simulator,
uses Milestone XProtect® Enterprise surveillance software to monitor park grounds and give visitors a lasting memory. Flying at speeds of up to 186 miles per hour, the software records each skydiver’s flight and information using Radio Frequency Identification (RFID). After their flight, a video souvenir helps visitors relive all of the adrenaline-fueled moments. Proving again that XProtect is more than security.
Milestone XProtect® is the world’s leading IP video surveillance management software and is reliable, future proof and easy to use. It supports the widest choice in cameras and seamlessly integrates with business and security solutions such as RFID. Which means your possibilities are unlimited and you can keep your security options open. See our new products and the new ways to use XProtect at: www.milestonesys.com
Milestone Systems Australia Теl: +61 3 9016 7877
Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Senior Editor Loreta Cilfone Marketing Manager Kathrine Pecotich
Editor's Desk 3 Quick Q & A 4 Movers & Shakers 6 Feature Interview Steve Lewis – CEO, Dampier Port Authority 8
National The public face of private reform The season of change in mass transit Security beyond 2014 – brace for challenges Space to the subsea – emergence of agnostic integrated systems: part 2
12 15 18 Page 12
International Gunning for gays 24 India is a strategic market for EMC 26
Women in Security Art Director Stefan Babij Correspondents Sarosh Bana Sergei DeSilva-Ranasinghe Adeline Teoh Contributors Damian Comerford John Cunningham Steve Furmedge
Bronwyn Paul: Order in the house 28
Cyber Security A new standard for security leaders Social engineering: Mitigating stealthy risk
Frontline Mature retail loss prevention Unmanned vehicles: Enhancing security, rescue and natural disaster management capability: part 1 Reduce your surveillance costs and increase your closure
TechTime - The latest news and products Bookshelf
38 42 44 56
Prince Lazar Jos Maas Pasucal Marques Peter Moroney
Copyright © 2014 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T: +61 8 6465 4732 | E: email@example.com E: firstname.lastname@example.org
Sarosh Bana All Material appearing in Australian Security Magazine is copyright.
Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the
information to particular circumstances.
Peter Moroney 2 | Australian Security Magazine
Editor's Desk “Indeed, history is nothing more than a tableau of crimes and misfortunes” - Voltaire (1694
here are a number of debates underway in Australia, which directly influence the security sector on which we focus. Contemporary issues include alcohol-related street violence and liquor controls impacting frontline officers, through to infiltration of organised crime into the building and construction industry, impacting on corporate risk profiles and personnel security. These debates are occurring around the country and are further evidence that a national approach to community security and safety is not only warranted, but becoming increasingly needed. One positive indicator is the recent decision by the Australian Skills Quality Authority’s strategic review program to review security training programs. The review has reportedly been prompted by ongoing community concerns about the quality and adequacy of training being offered to security guards. In 2013, we reported a breach of Western Australia’s Security and Related Activities (Control) Act (‘the Act’) by five companies awarded security installation contracts with the WA Public Transport Authority. WA Police determined it was a ‘technical’ breach, citing some confusion with the WA Rail Safety Act 2010, and not in the public’s interest to prosecute. Three of the five companies subsequently made application to get licensed. My question left unanswered was what happened with the other two? Within weeks, we observed yet another ‘technical’ prima facie breach, this time involving a high profile investigation initiated in WA by a Commonwealth Government agency. The circumstances of at least two breaches of the Act, relating to the need to be a licensed investigator and a licensed security consultant, have again been presented to the WA Police Licensing Enforcement Unit and WA’s Honourable Minister for Police. Whilst ‘technical’ breaches continue to be ignored, it again brings to the surface the actions and oversight of the regulatory framework we are required to operate under in Australia. In 2010, Western Australia went to the trouble of significantly increasing fines and penalties for breaches of ‘the Act’. If these ‘technical’ breaches are to be tolerated then why did I recently decline to assist a client in Victoria on the grounds they would not wait the eight weeks it takes to get a licence – should or could I have just ignored the
provisions? This approach will repeatedly put the regulator in the position of determining ‘public interest’ – eventually they’re either going to get it wrong or be open to criticism, nepotism or worst case, corruption. It will be interesting to monitor the outcomes as the industry continues to call for national legislative and regulatory reform of the security industry. Having recently read WA’s Hansard records from the debates on the WA Act from 2007/2008 and 2009/2010, it is clear that politicians have absolutely no idea what the security industry involves and how it should best be regulated. Taking a broader, national view point, it is evident that organised crime, in particular Outlaw Motorcycle Gangs (OMCGs), have infiltrated a number of industries, as well as, our local communities. Following our article (Rebels with a clause) in the Dec/Jan 2014 issue, there have been wider revelations of OMCG’s infiltration of the building and construction union, the CFMEU. In a political response, the Abbott Government is giving consideration to a Royal Commission. I would strongly urge the Government to focus the Royal Commission onto OMCGs – rather than their involvement with unions – they are a cancer infecting all aspects of society – it’s not just one sector! There are OMCG Chapters in every State and reaching beyond the cities to our regional centres – and here they can have the greatest impact. With all this in mind, we have an interesting and diverse range of content which emphasises the different context of societal changes underway and emerging technology. We are also launching a new media brand – DRASTIC – to deal with the litany of exciting developments in the fields of Drones, Robotics, Automation, Security, Technologies, Information and Communications. We intend to delve in and examine the DRASTIC applied sciences, commercialisation activity, business opportunities and projections, and timeframes. Will the capability to build and launch military drones and robots cause or deter conflict? I only leave you with that question as China commences building its second aircraft carrier and Australia takes possession of the first two Romeo navy helicopters – signifying the connection to our Part 2 article on Lockheed
Martin International (page 20) and the next generation of agnostic integrated military hardware, being shared between western allies. The future remains too interesting to ignore. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.
Yours sincerely, Chris Cubbage
CPP, RSecP, GAICD
OUR NETWORK Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.
Australian Security Magazine | 3
....with Elisabetta Zaccaria
Advisor to the Board of SQR Systems and Advisor to the Board of Cytora
Elisabetta Zaccaria sits in a steadfast position after a burgeoning career in security spanning across the past ten years. How did you get into the security industry? I started working for Global Strategy Group in 2003, as an advisor on legal, corporate governance and compliance matters. I was then appointed as the Group Head of Corporate Affairs (20042005) and subsequently offered the role of Group Chief Operating Officer & Chief Strategy Officer (2006-2012). I worked alongside the founder and CEO of Global Strategies Group for nine years and grew the business organically and inorganically from an early stage UK private security company, into an international portfolio of defence technology and integrated security companies with revenues of USD 0.5 Billion, over 5,000 workforce and operations in US, MENA and APAC, in a few years. We delivered cyber security, intelligence, data analytics, C4ISR systems and solutions as well as integrated security services for critical infrastructure protection to the Intelligence Community, Department of Defence, Department of Homeland Security and federal law enforcement agencies of the United States, other Governments and corporate clients. How did your current position come about? Since June 2013, I have been working with technology entrepreneurs. I support small and medium-sized technology businesses experiencing challenges due to lack of growth management expertise. SQR Systems Ltd and Cytora Ltd are two of the companies I currently work with, and in my view, their disruptive technologies are very relevant to the security industry. SQR Systems combines disruptive encryption and compression technologies for secure and optimised wireless communication over low bandwidth networks. Cytora is a data analytics platform, which offers predictive insight on political risk. I met both companies through a center for entrepreneurship in the UK. What are some of the challenges you think the industry is faced with? Cyber security is projected to be among the fastest
4 | Australian Security Magazine
growing segments of the IT sector in the next three to five years. The main drivers for growth appear to be the increased adoption of wireless communication, cloud computing and data centers. The threats to these new technologies are sophisticated, however, the responses to address them are still in their infancy. Networks and storage remain unregulated and insufficiently protected and have become the new frontier for cyber criminals who increasingly use advanced methods to implement attack vectors that are nontraceable and difficult to take down. Where do you see the industry heading? The next decade of the security industry will be most likely characterised by the emergence of more small and medium companies specialising in cyber security that can address current and emerging issues. Larger companies in the IT, defence, professional services and telecommunication sectors will increase their interest in M&A activity in the cyber security sector to maintain their competitive advantage. The security companies that will not realign their strategies to embrace these new market opportunities will most likely stay behind.
I think we will see new disruptive technologies such as secure cloud services and secure endpoints for Bring Your Own Device (BYOD) schemes. This will allow the use of personal computing devices and infrastructure in the corporate and Government world without compromising the security of the system. Unconventional approaches to dealing with malware will also emerge that can quickly and effectively isolate the malware by preventing it from persisting or spreading through an infected system. These technologies would work alongside antivirus software to ensure that when malware does get through, the damage it can do is very limited. Along with existing tried and tested technologies, new and more efficient ways of working will be enabled where security has traditionally been a barrier. Just as good security needs a systemic approach that takes into account the human element, good security technology must account and allow for the human and social trends in the way technology is used. To achieve this, we may also see new players entering the security industry such as advisors specialised in psychology, sociology, neurolingustics etc.
For all the latest in CCTV products and news. www.cctvbuyersguide.com
that arise from a concentration of large telcos, fast mobile adoption and being at the forefront of emerging technologies. “The growing scope and variety of cyber threats facing businesses, Governments and individual users means no one can afford weaknesses in their cyber security platforms. My aim is to ensure we continue to provide the best solutions and advice on how to protect valuable data from attackers,” says Duca.
Michael Sentonas and Sean Duca
McAfee has announced the promotion of Michael Sentonas to the role of Global Chief Technology Officer (CTO) for Security Connected, and Sean Duca to the role of CTO for Asia Pacific. The CTO leadership role changes come as McAfee accelerates its Security Connected platform by ensuring effective alignment of technical expertise on cyber crime across all geographies and markets. The changes allow McAfee to provide scale to the organisation while improving the company’s core focus on critical areas in the security landscape. As Sydney-based Michael Sentonas steps up from his role as CTO for the Asia Pacific region to his new global role, he will serve as a champion for better integration of new and existing technologies to ensure a stronger security posture for consumers, Governments and businesses. “The Security Connected platform differentiates McAfee from other vendors as it is a framework that allows each of our products to work together. Our goal is to enable organisations to select the most appropriate technologies as part of their defence strategy and provide the means to do it in the most secure and efficient way possible,” says Sentonas. Sean Duca, steps into the role of CTO for Asia Pacific and will focus on ensuring appropriate strategies are implemented to accommodate the region’s unique security challenges such as those
6 | Australian Security Magazine
Arbor Networks has announced the appointment of Matthew Moynahan to the position of President, replacing Colin Doherty. Moynahan had been Senior Vice President of Product Management and Corporate Development at Arbor since 2012. During the course of his 23-year career, Moynahan has held a variety of executive and leadership positions within fast growing private as well as very large public companies. Prior to joining Arbor Networks, Matt was president and chief executive officer of Veracode, a leader in application security. Previously, he served as a vice president at Symantec in several roles, including the consumer products and client and host (server) security divisions. “I’m excited by the opportunity to lead this great team. The solution portfolio is dynamic and exciting, but the company culture that Colin has fostered is what truly makes this a special place to work,” says Moynahan. “The company is well positioned, united around our strategy and committed to delivering for our customers, partners and each other.”
RIMS, the risk management society™, has announced that Carolyn Snow, CPCU, will lead the Society as president for the 2014 term. Snow is the Director of Risk Management
for Humana Inc. She has been a member of RIMS for 14 years and on its Board of Directors for seven years. Previously, Snow served as the society’s Treasurer, Secretary and Director of External Affairs. She is a member of RIMS Kentuckiana/Bluegrass Chapter. “Risk management has arrived,” says Snow. “Business leaders around the world realise that this business function can do more than just protect assets. Risk practitioners are being called on to identify and create value for their organizations and, now, have a tremendous opportunity to contribute to their companies’ strategic direction.”
Avigilon Corporation has announced it has completed the acquisition of VideoIQ, Inc, for cash consideration of US$32 million. Founded in 2006, VideoIQ has grown to become a leader in real-time intelligent video analytics solutions for security and business intelligence applications. VideoIQ has a developed portfolio of video analytics intellectual property, with 23 patents granted or pending, trade secrets and know-how. Headquartered in Billerica, MA, its highly skilled and experienced workforce will extend Avigilon’s growing team. VideoIQ’s proprietary technology includes live detection, event verification and instant notification, and self-learning capabilities.
Brady Corporation Asia Brady Corporation Asia has achieved the feat of being the first company in Singapore and Asia to be awarded with the NASPO (North American Security Products Organisation) Class III Certification, which has only been achieved by 29 companies and 37 plants world-wide. The NASPO Class III Certification recognises that Brady demonstrates a high awareness of possible fraudulent actions and the threat that they pose to the value of security products, is able to implement countermeasures targeted at preventing such threats from being realised, and have plans that can be implemented to mitigate the effects in the event that such fraudulent acts occur. It also recognises Brady efforts in maintaining a compliance with the operational protocols of ANSI/NASPO-SA-2008 Security Assurance Standard. If you have an entry for Movers & Shakers please email details and photo to email@example.com
Where technology meets business
5TH – 7 TH MAY 2014 SYDNEY OLYMPIC PARK
Y O U R
B U S I N E S S
understand today, own tomorrow How do you keep ahead of the almost breathless rate of technological change? How do you master this change and turn it to your advantage? How do you meet those you need to know? Empower your business at CeBIT ’14! Cyber Security @ CeBIT is THE place to go to stay abreast of the changing cyber security landscape. • • • •
Ramp up your knowledge on managing cyber security in an increasingly interconnected world. Discover how to manage the weakest link – the human factor. Gain powerful insights at the hands on workshop on how to develop a robust security strategy and secure your data. Get to know people who can help you understand your organisations cyber risk profile.
In a rapidly changing world the fast, the adaptable and the innovative survive and thrive, the rest are left standing on the side of the road.
The power to shape tomorrow’s business is in your hands.
CYBER SECURITY CONFERENCE 2014 5 May ‘14 | cebit.com.au/security TH
*Offer expires 25 April 2014
for Australian Security Readers*
SECURE YOUR CONFERENCE TICKET ONLINE NOW TO SAVE $100 promo code: asmceb14
Securing Australia’s North West Frontier For decades there has been an ongoing and intensifying debate about the security of the North West of Western Australia, which is coveted for its abundant natural resources, particularly in oil and gas reserves. In an exclusive interview, the CEO of the Dampier Port Authority, Steve Lewis, articulated his views to Sergei DeSilva-Ranasinghe, on the importance of the Dampier Port, North West maritime security, perceived threats to the region, how Defence sees the North West, the feasibility of creating a large and permanent population base in the Pilbara, and the need to have greater ADF visibility in the region. To start with, can you explain why the Dampier Port is considered to be so important to the national interest?
By Serge DeSilva-Ranasinghe Correspondent
8 | Australian Security Magazine
ampier is the third-largest bulk export port in the world; Port Hedland is the second-largest, while the largest is in China. Dampier is the second largest tonnage port in Australia because we have iron ore as well as the oil and gas industry here. However, Dampier is the most active port in Western Australia in terms of those ship movements, cargo handling – but we’re not the biggest port by tonnage; that is Port Hedland and about 89 percent of their trade is iron ore. While we have a lot of iron ore export, it’s the other trade that really creates a lot of the activity here. Dampier is a gateway port and a protected harbour port which about is 20 km wide and 30 km out into the ocean. The 42 islands just out from here break up the wave movements so you will find that we have a reasonably good sea state most days, not without exception. Dampier Port is one of the eight State owned ports in Western Australia. Construction of the Dampier Port started back in 1962 and the Dampier Port Authority (DPA) itself didn’t come along until 1989. It’s
one of the few places along the Western Australian North Coast with sheltered areas which are good for mooring, so we have 230 odd moorings in the port. We have a lot of smaller industry crafts, barges, cranes and tugs, which can fit in this port quite well because of that island configuration. About 99 percent of the assets in the port are privately owned. In total, we’ve got six berths here and a salt berth. In terms of berths we can start to the West of us where we have Rio Tinto’s facilities. The first of those is a single salt berth at Mistaken Island. Next to that they have East Intercourse Island which has got two berths where they can load about 40 million tons, while the remainder of their tonnage in Dampier is done out of Parker Point, which has four berths. Rio Tinto has its own channel in the port, and is sailing three ships on a tide and operating a very efficient operation. If we come over to the eastern side of the port we’ve got LNG berths, two are with the North West Shelf venture and one is with the Woodside Pluto Project. And then for general cargo the DPA has a cargo wharf which was built by the North West Shelf venture when DPA first started and was later transferred to the State. The State extended this in 1994-95. So you can berth six or seven vessels over at the Rio side, and
on the eastern side you can berth four vessels. We also have seven berths on the general cargo for the smaller vessels. As for the numbers of vessels entering major WA ports in the North West, it would probably be upwards of 10,000 vessels, but Dampier alone has over 6,400 ships visit annually. About 1,300 of those are bulk carriers and LNG vessels, which is the major trade of the port. All the others are the rig tenders and cargo vessels. While general cargo is a small part of our trade in tonnage terms, it’s actually a large part of our activity because for the offshore oil and gas industry of the North West Shelf. Dampier is where they service and supply their vessels in the main and a lot of our activity is just that. We get around 21,000 vessel movements in the port and a lot of shifting of cargo, food and supply for the rigs offshore and the floating platforms. Just about any type of vessel that you can think of is somewhere in the port of Dampier; barges, cranes, jack-up rigs, maintenance vessels and rig tenders. The size of the ships that enter the ports in the Pilbara region are around 140,000-160,000 Dead Weight Tons (DWT) which is the capesize class that loads iron ore. At Cape Lambert you’ll get in more 160,000-180,000 DWT capesize, but you’ll find that in Port Hedland they can get in ships up to 350,000 tons. Between the three ports in the area we account for just under 40 percent of Australia’s exports by dollar value, and by volume WA has 74 percent of the nation’s export by tonnage. Obviously the Pilbara is a high percentage of that. You can see WA is significant in the national economy because it’s a big resource State but also the ports in the Pilbara are quite significant. It’s also in the Indian Ocean with our nearest neighbours such as Indonesia. Being up here in the Pilbara you get a clear sense that we are the part of Australia that is the closest to the rest of the world. The growth is in Asia and India, so the Pilbara is well placed. Moving to the topic of the region’s security, can you describe the maritime security concerns that are unique to the North West of WA? We’ve got the Browse Basin, at the top there, then you come down to the North West Basin, and then you go down to the Carnarvon Basin where there’s all of our local gas fields, so there’s floating platforms, drilling programs and gas platforms. That’s our economy churning along out there and some of it’s up to 200km offshore – it’s over the horizon well and truly, it’s not seen by anybody directly. Obviously you hope that it’s seen by radar, but it’s sitting out in our Commonwealth waters and needs to be managed. At the moment we are confident that the responsible people in Canberra are aware of it and plans are in place. The private companies themselves are making their own arrangements as they see appropriate. From the Port’s point of view, our interest is obviously in State waters and the facilitation of trade. Tell us about the more general security concerns that are characteristic of the North West region Certainly it’s not an every day topic, but it will come up from time to time when something occurs elsewhere, which brings it to the public’s attention. I don’t know whether we feel that we’re any more or less vulnerable than any other
“The size of the ships that enter the ports in the Pilbara region are around 140,000-160,000 Dead Weight Tons (DWT) which is the capesize class that loads iron ore. At Cape Lambert you’ll get in more 160,000-180,000 DWT capesize, but you’ll find that in Port Hedland they can get in ships up to 350,000 tons. ” West Australian, but I think we have a general sense that because we’re on this side of Australia that there’s a latent vulnerability to our whole coastline. Periodically we’ll see the State or Federal Government with some interest in defence work on the Indian Ocean, but I don’t see it in the daily conversation. I think there’s a sense of isolation anyway – we’ve got plenty of flights in and out here, but it’s more how quickly can the rest of Australia respond to an emergency up here – is really the underlying question. And it doesn’t have to be a terrorist attack, it can be a gas processing incident, it could be some introduced marine pest, it could be some other calamity. We know that we have to be the first responders and so there’s a good regional response mechanism here. But the thing is, that’s only the initial response. If we have a major oil spill here obviously the port’s got to be geared up at least to a first response, but if the event goes past an initial response, and the State response, then it becomes a national matter and the question then is around how long before the rest of the cavalry arrives. Fortunately, we have a good track record of no major incidents and the port is well-trained to respond to those few incidents we have had. From a national defence point of view, if for some reason something did happen of a more sinister nature, the questions I ask are how quickly can we respond? What have we got locally? What have we got from a State point of view? And how quickly can we get a national response if we needed one? I think when you go down those lines of discussion, the Pilbara is still perceived locally as being vulnerable. So those sorts of things focus the attention, and obviously from time to time the Government will look at its overall defence capabilities, its responsiveness, its emergency response, and all of those things overlap. Where are the resources based and how quickly can we deploy them? And how much intelligence gathering do we have up here? A portion of your defence is to do with what are you seeing and what’s unusual. I don’t have a window into that but you would hope that somewhere in the scheme of our national capability we’ve got a bit of an idea of what is happening up here and how Australia responds. How often do Defence delegations come to Dampier and what has transpired from these visits? A minimum of once a year and probably twice a year. We do get the Defence Academy bringing some of their cadets over and people out of the office in Canberra and the Staff College also. From time to time we get some people out here from the Department of Defence; they’re coming through and just
Australian Security Magazine | 9
“If you don’t see Navy ships, well that’s because they’re out there doing their job, and that’s a good thing.” If they’re out there and actually doing their patrol that’s good, but I think from time to time it’s good for the community and the port to actually see one come into port just to remind us all that they’re that close” looking at the situation generally. So it’s not that we don’t see people, it’s just you don’t always hear what came out of those visits and what has changed, if anything, in terms of where things are going. But the Port can be a good supporter and the more we’re entwined in it, the more we can help – because we live here, we work up here, we’ve got a sense of the place and its future development potential. To what extent do people in Dampier really see a need to augment the ADF posture in WA’s North West? Well my perspective is that it’s not as visible to industry. That doesn’t mean that the people in charge of those things do not have an awareness of what the response would be and how it would be done, but we’re not seeing Navy vessels coming to the port and berthing every few weeks. On a more visible note, it gives you a level of confidence that there’s a permanent Reserve regiment here [the Pilbara Regiment], that’s been here since the early 1980s. The Navy presence here closed around 2006-7 and we don’t see navy ships here anymore, though I assume they’re patrolling. Somebody said to me once: ‘If you don’t see Navy ships, well that’s because they’re out there doing their job, and that’s a good thing.’ If they’re out there and actually doing their patrol that’s good, but I think from time to time it’s good for the community and the Port to actually see one come into port just to remind us all that they’re that close. There have been reductions in Customs and Border Protection because of budgetary cuts by the last Federal Government, so instead of expanding they’re actually contracting. There’s actually no Federal Police officer that I’m aware of in Dampier. We used to have one up here and then he got posted to Broome. I’m not aware of our having one now. The message that comes from those things I think is important. We had a good surge of activity in 2006 and before that the Navy built facilities and put a Navy presence here. We had rotations from Darwin to Karratha on the patrols. It didn’t last, probably for good reason, because they didn’t find it was a practical place necessarily to do crew changes. But that shouldn’t detract from the Navy popping into the Port from time to time. But obviously the biggest bang for buck is when they’re out patrolling the waters, and that is critically important. Because of Australia’s population we’ve got to take a risk-based approach, we have to have enough ability to use technology and other things to be able to assess the threats and our capabilities. But I think it would probably be overkill at the moment to have a big presence of people up here when the history here has been of a lot fewer incidents – certainly nothing that would encourage a big
10 | Australian Security Magazine
deployment here. But I think the forward defence planning and security planning should be thinking further out, saying “What do we do if our population gets to 150,000 or industry gets to a certain critical mass?” Due to the environmental conditions and the high cost of living that characterises WA’s North West, do you think it is feasible that ports like Dampier could develop a large and permanent population base from a mostly fly-in-fly-out culture? For some companies it’s not seen as cost-effective to relocate families up here and fly-in-fly-out is probably more costeffective to serve operations, but for the DPA we’ve brought 40 odd people to the town since I started. It’s what you make it, and the thing for me is there’ll be a positive tipping point that any town has when it gets a certain population and amount of infrastructure to all of a sudden go past that tipping point. Though we’re not at that tipping point yet. We’ve got a high school here and connections to Perth universities. Presently, we’ve also got those that want to send their kids to a Perth high school, but a good portion of people who come up here to live with a predetermined time frame in mind. For example, they actually plan to come up here for five years. We see some really young people up here that have got these targets and they know what they’re up here for. They work really hard and leave here in five years’ time and they’re very financially set up. Also, we’ve got people in the town that have been here 20-30 years. I think the longest residency is about 45 years so you either like it or you don’t. For people to live up here, it’s being able to get to a coffee shop, to have reasonable customer service, having a good supply chain so that you know when to go to the two supermarkets here. That way the distance doesn’t seem as obvious and then of course you’ve got to enjoy your work. I think Federal and State Governments and the private sector are continuing to invest, and eventually there will be that tipping point. The economy will drive it, if you want to come up here and live, it’s seen that you can work close to home. So yeah I’m very optimistic about the Pilbara. You’d be aware that given the ongoing demand for skilled workers from the resources sector, Defence legitimately fears that their personnel will be poached by industry should the ADF presence increase in the North West. How can industry help to mitigate this dilemma? People will make choices. We employ people up here and we don’t pay anywhere near what the mining companies may
“We’ve got people in the town that have been here 20-30 years. I think the longest residency is about 45 years so you either like it or you don’t.” pay. You can do no better than be a good employer, and that doesn’t necessarily solve your problem, as people can still go. But if you’re a good employer and you look after your people then I think your people will be loyal. People like being in the Defence Force, they like being in it for a reason, so I would think that I’d be looking internally if I had those concerns. Pay is important, but it’s not all about pay and lifestyle. There would be some elements of that, but it’s about ownership, belonging and purpose – what are we actually up here to do?
demonstrate some capability, and that’s been great. The port makes its facilities available, we’ve got our own control tower and our own port intelligence up here, and usually it’s very easy in a response situation for somebody to come to the port and be able to manage a response from the port because we’re actually geared up for it. In terms of being able to influence the triggers that would bring those decisions to deploy more resources, I think they’re the sort of things where we would want to feed into our State Government to make those decisions. We need people higher up to be able to see the full picture of Australia – all we’re saying is don’t forget the Pilbara. It does seem as if there is some interest at the moment, at least in the Indian Ocean basin, so that’s all helpful.
Given your sentiment, what do you think Dampier could do to incentivise an increase in the ADF posture in the region? I haven’t really thought about that too much. We’ve had joint exercises here, we’ve hosted different things over the years that the State and Federal Governments have wanted to do, to
Control SyStemS: Cyber SeCurity training This course provides training in advanced techniques to penetrate and defend control systems networks and infrastructure. Over the five days you will be trained in: • Reconnaissance and fingerprinting networks • Social engineering • Network defence skills • Physical security (Firewall, IDS, Honeypots) • Reporting • Exploitation and attack • Exploit development The training includes: • Full day Red v Blue exercise • CERT Australia presentation and briefing
• An opportunity to discuss the ethical, legal and reporting requirements
pertaining to the types of activities undertaken during training
Our Team The training is delivered by a team of security professionals with over eight decades of experience between them. SRI members have all undergone training from the US Department of Homeland Security, and are recognised leaders in their field. Available dates in 2014: 17-21 March, 5-9 May, 14-18 July, 22-26 September or 8-12 December. Location: Security Research Institute, Edith Cowan University, Joondalup Campus, Perth Western Australia Cost: $2500 per person - includes course materials and group dinner on Thursday night (travel and accommodation not included) Contact: Emma Burke by emailing: firstname.lastname@example.org or phoning: 08 6304 5176
reachyourpotential.com.au 303 LOWE ECU10604 CRICOS IPC 00279B
Tel: 134 ECU (134 328) E: email@example.com
★★★★★ TEACHING QUALITY ★★★★★ GRADUATE SATISFACTION the good universities guide 2014
The public face of privacy reform In the age of Wikileaks, Edward Snowden’s revelations about the USA’s National Security Agency spying activities and phone hacking scandals galore, comes Australian law reforms that compels organisations to develop a policy around the collection, storage and retrieval of confidential information and report data breaches when they occur. But are Australian organisations ready for the legislation?
C By Adeline Teoh Correspondent
ompared to technology, legislation moves at a glacial pace. Parliament needs to balance the practicalities of implementing a new law against the need for legislation, then there’s the process of asking for stakeholder input, and the subsequent debate and deliberation that occurs before the Bill comes into effect. The Privacy (Enhancing Privacy Protections) Act 2012, due to commence on 12 March 2014, is on-trend with results from a survey conducted by the Office of the Australian Information Commissioner (OAIC) last year that revealed Australian attitudes towards online privacy. A majority of Australians (60 percent) indicated they had declined to deal with a company due to concerns regarding how their personal information would be used. It seems their concerns are well founded, with data breaches a common occurrence. Privacy in principle When the privacy amendments come into effect, organisations will need to adhere to the new Australian Privacy Principles, which cover how entities must collect
12 | Australian Security Magazine
and hold personal information; the purpose for which they may collect information; how individuals may access and seek correction of their information; how individuals may complain about privacy breaches; and what to do if an entity is likely to disclose personal information to overseas recipient. The fine for non-compliance is up to $1.7 million per organisation, or $340,000 per individual. Rob Livingstone, a fellow of the University of Technology Sydney Faculty of Engineering and Information Technology, who also runs his own IT advisory practice, says the amendments show the law has taken community attitudes seriously. It will also help organisations refocus on what controls they have including checking if software security controls and measures are up to a standard that would be defensible. Michael Toms, ANZ Regional Director of information security company Clearswift, says good policy can’t be broad, it needs to detail what information the organisation will collect and why. “If you have a clear policy and procedure on how you’re going to deal with a person’s information or another entity’s information, if you can cover that in a
In the dark More than one-third of Australian businesses and 73 percent of IT decision makers are unaware of amendments to the Privacy Act that will come into effect on 12 March 2014. The amendments require organisations to report data breaches to stakeholders or face a fine of up to $1.7 million for non-compliance. Alarmingly, of the businesses surveyed, 24 percent suffered some form of data security incident in the past 12 months and 44 percent believe the source of the breach came from their own employees in the form of human error and personal devices in the work environment. Additionally, a further 20 percent of respondents say data breaches originate from ex-employees and 21 percent believe trusted partners such as customers or suppliers are the sources of breaches, which highlights the threat from the ‘extended enterprise’. Source: Clearswift’s ‘The Enemy Within’ report (October 2013)
meaningful way, I think you’re on a very good path.” Despite the era it has taken for the privacy amendments to come to fruition, however, it turns out that there is still a significant portion of Australian organisations that are in the dark about the law. According to research conducted by Clearswift (see box above), 35 percent of Australian businesses and 73 percent of IT decision makers are unaware of the changes and what it might mean for their information gathering, storage and retrieval processes.
When data leaks “Data breach is when the confidentiality and the integrity of personal information held in trust by other organisations is compromised. That could include loss, corruption, unauthorised disclosure,” says Livingstone. Management of data involves a number of steps, from the secure collection and storage of information to its retrieval, a continuous process. “Essentially it’s about implementing and maintaining the appropriate governance controls and security processes with the appropriate levels
of ongoing integrity. It’s not a one-off thing – it has to be embedded in the whole organisation.” Innocent leaks, such as when individuals disclose unsolicited information, need to be handled with care as well, adds Toms. “The entity must, within a reasonable period of receiving that detail, determine whether it could’ve been collected under the privacy principles. The unsolicited information [section] is important because what we will see is circumstances where you have to destroy data as well as collect, you can’t just keep collecting stuff that’s not core. If you’re not meant to see that detail, you’re probably better off not receiving it, or removing it from the information flow. Yes you’re going to collect data, but what are you going to do about what you don’t need?” Where there’s a huge challenge is in the notification of a breach. “The fundamental issue is to drive the proactive management of data breaches,” says Livingstone of the amendments. “If there’s a legal obligation to publicly report a serious breach of privacy, then it’s a big disincentive for the organisation to sweep it under the carpet.” But requiring an organisation to alert its stakeholders to
Australian Security Magazine | 13
overseas outsourced provider is actually
factors that should be considered where normal procurement process would be lacking. The legal side is important but it is no substitute for the appropriate level of due diligence to be done on that provider.”
quite difficult,” Livingstone warns. “An
Is it enough?
Australian organisation typically has no
The legislation will provide more transparency to individuals about what information is being collected and why. “People are going to get a lot more exposure to where their information is going,” says Toms. Unfortunately, it won’t change the threat landscape, which he says is rapidly evolving. Livingstone calls it an arms race between Governments and cyber criminals and says legislation alone is no guarantee of the maintenance and retention of trust between an organisation and an individual. One issue is budget cuts. “Organisations are keen to cut unnecessary costs and the attraction of cutting investment needed is a constant tradeoff, especially if there has been no history of data breaches,” he explains. “If it has never happened, why mitigate against it?” Meanwhile, cyber criminals are investing in more sophisticated attacks. He maintains that organisations serious about maintaining their own internal governance processes should have breach notification as standard practice and use it like they would a burglar alarm. “That degree of rigour should be applied to all aspects of the organisation that are critical to its liability. And if the breach occurred through you, it’s good practice to tell your customer so they know you are actively managing it.”
“Reporting a data breach by an
control over the actual operation of the business, they are relying on the terms of the contract and the penalties associated with that.” a data breach could lead to further attacks, Toms speculates. “When those kinds of breaches are posted online it actually formulates interesting research material for hackers. Posting those breaches may actually appeal to more capable people who have ideas of how to do that again.” Add the fact that two-thirds of breaches are not discovered until months after the incident and the majority by an external party to the leaker, according to Verizon’s 2013 Data Breach Investigations Report, and the legislation starts to show some cracks. Having a flag raised immediately when there’s unauthorised access or misuse of data information is a key control issue, Livingstone says. Data breach notification should work like a burglar alarm; alert the breached organisation, which investigates and determines if the breach was genuine. If genuine, the organisation should notify the affected parties. “The issue of alerting is only one of a suite of good practice controls – prevention needs to play a part. Absolute guarantees are not feasible in this hyper connected world, but the issue of notification is an important step in the right direction.”
Your private checklist Not sure if your business is ready? Follow this basic checklist.
A global reach
The principles specifically make provision for the global nature of data collection. Any Australian organisation that outsources data collection or storage to an overseas entity needs to be aware that the overseas provider is also subject to this legislation. This includes offshore call centres and cloud computing providers. “If organisations are doing business in Australia, they have to detail to you how your data is being dealt with and protected if it’s being held overseas,” Toms points out. “Reporting a data breach by an overseas outsourced provider is actually quite difficult,” Livingstone warns. “An Australian organisation typically has no control over the actual operation of the business, they are relying on the terms of the contract and the penalties associated with that.” He says Australian organisations should not only draw up new contracts that explicitly include the new privacy principles, but should also conduct more thorough due diligence of overseas providers. “There are a whole lot of
14 | Australian Security Magazine
The season of change in mass transit “There is a time for everything, and a season for every activity, a time for war and a time for peace, a time to tear down and a time to build, a time to scatter stones and a time to gather, a time to plant and a time to uproot.” - Ecclesiastes 3:1-15 In all businesses, corporations and large organisations there is a time to metaphorically embrace this perspective – that life is about the feast and the famine. Through both seasons, equilibrium and continuity can be maintained by planning and risk mitigation. By
Challenging conventional thought
here is considerable research and many differing opinions on how to achieve consistent service provision, growth and sustainability. At one stage ‘integration’ was in vogue, touted as the formula for success. But integration – bringing together separate elements to work together or form a whole unit – does not really measure success, which is about the outcome rather than the whole or the functionality. As an outcome-based concept, ‘synergy’ serves much better – the interaction of two or more agents or forces so that their combined effect/result is greater than the sum of their individual effect/results. Effect and results; that is the bottom line. All integration must have its effectiveness assessed through synergy. Just as the same words configured in a different order can change the meaning and effectiveness of a sentence, the test of synergy is in the outcome. Take mass transit. Growing urban populations place ever-increasing demands on public transport systems, no more so than in Western Australia, which has the highest population growth in the nation. A booming economy, urban sprawl and a large expanse creates opportunities for highvolume public transport use. Public transport use carries with
it community expectations about their personal safety and security. Though policing mass transit is problematic over a large network, the public do not lower their expectations on service or safety. Within the community, increases in generalised crime, anti-social behaviour and a deteriorating social value system cannot be used as an excuse for diminishing the sustainability of public transport as the preferred mode of travel for the public. Public transport offers affordability, accessibility and mobility, which lends itself to a cross-section of society and social classes, a mix which can sometimes affect the comfort, enjoyment and perceptions of the patrons it services. While acknowledging the diverse demographic of its customer base, the Public Transport Authority of Western Australia (PTA) strives for one basic expectation from which all patrons can derive confidence ‘To create an environment where members of the public can carry out their day-today activities without fear or disruption while using public transport systems.’ To achieve this, the PTA’s Security Services branch must help mitigate a range of threats which can include safety and security concerns (both real and perceived), spiralling costs as a result of fare evasion, and a lack of customer service or a reduction in standards.
Australian Security Magazine | 15
It is not just about the traditional guns, guards and gates philosophy of security, it is about a multi-faceted approach using a series of integrated measures.
Just as terrorists will seek out soft targets to ensure a high degree of success, the anti-social elements in our society seek out the same sort of soft environments. Though this aberrant behaviour can manifest itself in a wide number of ways, there is also an element of commonality, which means the risk mitigation measures initiated by the PTA to address one behaviour can often help in the minimisation of another. It is not just about the traditional guns, guards and gates philosophy of security, it is about a multi-faceted approach using a series of integrated measures. In this way a greater synergy is achieved by not limiting the mediums utilised and embracing the environmental factors of mass transit. These mediums complement each other and provide security layering and physical environs that enhance public confidence. Technology Transit authorities globally have recognised the need for significant investment in technology. Locally, the PTA undertook a five-year Urban Security Initiatives Project (USIP), establishing an extensive digital closed-circuit television surveillance and monitoring system encompassing all stations and interchanges. A CCTV system on its own has limited deterrent properties – it needs support through: •
• • •
24/7 monitoring – the PTA has a control room with live-time monitoring and all vision recorded and logged for investigations and/or legal proceedings; Emergency help buttons on all trains and station platforms for live-time interaction; Enhanced security lighting to all stations, interchanges and car parks; Smartcard ticketing incorporating barriered stations, creating access controls.
Personnel The PTA has an internal security branch comprised of officers with full legislative powers of arrest. Transit Officers are trained to observe and identify suspicious activities or abnormal behaviour, all precursors to illegal or antisocial activity. Transit Officers offer a guarding function by providing a visible presence. They also provide early detection of any illegal activity or anti-social behaviour and a timely, appropriate response when required. Likewise, all employees with a customer interface have intimate knowledge of their working environment and can quickly identify any abnormalities or activity. For these reasons, personnel are a crucial component to security provisions on public transport and all employees provide an integral role. •
16 | Australian Security Magazine
Transit Officers, with full powers of arrest and detention on PTA property, uniformed and carry accoutrements – (batons, handcuffs, pepper spray); Customer Service Assistants/Passenger Ticketing Assistants are authorised to issue infringements for ticketing matters and have a customer service role. They monitor and report anti-social behaviour or suspicious activity; Security Contractors are uniformed and have powers of
detention. They target interchanges and undertake mobile patrols of bus routes for rapid response; Revenue Protection Officers are authorised to issue infringements for ticketing matters. They ride trains and buses, and monitor and report anti-social behaviour or suspicious activity; State Police attached to the Police Transit Unit, targeting crime trends and serious crime.
Strategies As in all organisations, resources are limited. It becomes more and more prudent to maximise the impact of existing assets and expand their effectiveness through a series of strategies. The PTA and the WA Police have a strategic partnership and exchange information on a daily basis. Joint agency operations targeting specific behaviour at designated hot spots are conducted regularly based on this intelligence. A current joint operation targeting graffiti, code-named Operation Clean skin has netted very positive results. This operation uses plain clothes Transit Officers, CCTV from trains and platforms, and police to conduct further investigations. While transport authorities across the nation spend many millions of dollars every year on graffiti clean-up, Operation Clean skin has sharply reduced the incidence of graffiti and the cost of clean-up in Perth. Other strategies incorporated in improving safety in mass transit include: •
• • •
Public awareness campaigns about personal safety ... making people more aware and more responsible for their own safety through personal choices; CPTED (crime prevention through environmental design) design of railcars, stations and station precincts to deter anti-social or illegal activity through an enhanced perception of detection and consequence; Intelligence-led targeted policing – specific operations in liaison with police to address hot-spot areas of crime or anti-social behaviour based on customer feedback and daily intelligence reports; CT (Counter Terrorism) awareness training for staff, incorporating an Employee Eyes and Ears campaign; Public intervention programs to enhance public confidence, involvement and awareness; Empowered officers dedicated to the Transport system (promoted through campaigns, as seen on opposite page).
In WA, the PTA introduced the X-Plan. This segregates rail lines into separate depots where staff work only on one line or are centrally based in Perth servicing the city-based platforms. Transit Officers also engage with community organisations in and out of working hours, through youth discos, activity nights, local youth talk-back radio and school based programs. This segregation creates line ownership and has provided a range of benefits: • •
Greater supervision; Enhanced staff engagement with the organisation through better communication;
• • • •
Synergy between each section and business unit; Improved individual performance through pride and peer development; Identification of line specific problems and trends; and Greater interface with the public, creating relationships, both with regular customers and identifying adverse regular users and educating them on appropriate behaviour.
Through this integrated approach, the PTA has seen marked improvements to both tangible KPIs and subjective perceptions through passenger survey monitors. Perception is the public reality and the PTA closely reviews its annual Passenger Survey Monitor (PSM). The latest PSM produced the highest satisfaction levels ever recorded and has shown a sustained level of satisfaction during the past three years. At the same time, fare evasion on the rail system is less than one percent (the lowest in the country) compared to 10-12 percent in some States at a cost of 80 to 100m per annum. While patronage levels continue to rise, total rail boarding’s in 2012/13 were 68.7 million, an increase of 90 percent during the past six years. Assaults against Officers on the rail system have decreased by 27 percent during the last 12 months and assaults against the public now equate to only one assault in every 400,000 boarding’s (in considering this, it must be borne in mind that most assaults occur between parties known to each other). When comparing the offence statistics in 2012/13 to 20009/10, the past financial year demonstrates significant reductions in damage offences (down by 25 percent), objects thrown (down 29 percent), substance abuse (down 30 percent), offensive behaviour (down 43 percent) and substance abuse (down 30 percent). These figures are the synergistic outcome of an integrated approach to a social problem. At the PTA, they have integrated all the resources – people, training, equipment, technology and management support. These five elements have added up to a positive result for the organisation and the provision of quality services to the travelling public. In the PTA security services portfolio, they have a special ethos; “We are outcome-driven, not process-driven ... but we recognise that without a process you won’t get the outcome.” It’s all about synergy. About the Author Steve Furmedge is a 28-year Law enforcement/security professional. During his career with the Western Australian Police Service he spent 13 years with the Bureau of Criminal Intelligence in the specialist field of Covert Operations. After completing university degrees in Judicial Studies and Corporate Security Management, Steve further enhanced his studies in Criminology, Psychology and behaviour modification techniques. In 2002, Steve was appointed to his current position, and is the Director of Security Services in charge of all security provisions for the Public Transport Authority of WA. Image courtesy of The Sunday Times.
Australian Security Magazine | 17
Security beyond 2014 - brace for challenges Professional in-house security personnel work diligently to achieve robust and leading-edge security programs within all areas of their organisations. They strive to create security programs that will protect their organisation’s people and assets, including the organisation’s brand. They know this will demonstrate to stakeholders the organisation’s commitment to protecting the privacy and security of their clients. Security is often undermined by cost-cutting
18 | Australian Security Magazine
oday, all organisations are under significant economic pressures and have no choice but to search for areas that can yield savings. It is inevitable that security programs will face cost-cutting reviews. And responsible program managers have to be prepared to scrutinise programs to find ways to squeeze out costs without jeopardising safety and security. Nevertheless, we often hear political leaders respond to the economic crisis by saying organisations must act like that of a family when faced with tough economic realities – ‘tighten their belts and cut back on the non-essentials’. But no responsible politician would ever tell a family that they could cut costs by not installing smoke detectors, or by cancelling their home alarm service, or by not renewing their fire insurance, or by not screening the home care provider that looks after their children or elderly parents. One of the most costly ways of providing security to an organisation is to do as little as possible until after a significant incident occurs. The message to many Business Heads/CEOs on sanctioning appropriate budget for security would be, ‘Do what you would be willing to do the day after an incident, and if you do it now, it will be less costly and no one will have gotten hurt.’ Everyone is responsible for keeping costs down. One way of doing this in a security program is by building a security
culture within your organisation. Asking all employees to contribute by keeping security ‘top of mind’, lessens the cost of security. Working together you can access and manage the risks that your organisation confronts on a daily basis so that you are not merely preparing to respond to incidents. Managers at all levels must accept responsibility for building a security culture within their organisation. It must be embedded in our business practices. Create a security culture and you will create a shield of deterrence against those who could put your people or your organisation at risk. This is a key way to ensure your organisation is resilient and has the agility to survive through difficult times. We must strive for continuous improvement to our security programs by constant monitoring, evaluating, exercising, and analysing our programs. Resiliency isn’t one simple security plan, or a checklist – it is a culture, a philosophical approach and a way of ensuring your organisation has a future. Security risk assessments cannot be based on guesswork. (Security Survey, Security Audit, Security Inspection, Risk Analysis, Threat Assessment, Vulnerability Assessment) Security risk assessments cannot be based on guesswork and therefore a lot of hours are to be allocated to study and analyse the security risk and threats, prevailing security posture and the security requirements of the clients. Research
is conducted to determine the best possible solutions for unique and individual needs and vulnerabilities as revealed throughout the assessment. Unfortunately, a thorough and indepth assessment takes time. There is a need to investigate the property systematically to identify all threats or weaknesses within your physical security. In many cases, it is just disappointing that 80 percent of Business Heads/Owners feel that conducting a risk assessment, identifying their top 20 percent vulnerabilities and loss potentials, calculating Probability x Frequency x Impact, is a waste of time. It isn’t any wonder that 80 percent of Business Head/Owners who deploy a security system or program have just wasted their money, and are in more danger than before due to the false sense of security derived. Ideally, building in security from the onset is the best approach. Just as when someone has to construct a new building, determining the risks and incorporating security during the construction phase is much cheaper than doing it after the building is finished. Starting a new program or creating a new service should include a security risk assessment from the beginning. Trying to fix security problems afterwards doesn’t work for buildings and doesn’t work for programs or services. Playing catch up with security after the organisation’s name is dragged through the mud because no one had the foresight to examine the risks of fraud, theft, misappropriation of assets until the media called to ask what was going on, is not a way to deliver a program cost-effectively. It is a well-known fact that a majority part of the security systems turn out to be ineffective (unless reviewed and upgraded periodically), and provide a false sense of security. This is ascribed purely to the failure of the system integrator and Business Head/Owner to apply the necessary planning. Since many people currently installing CCTV systems are computer whiz kids, or DIY types who know how to connect cables, security systems are no longer designed by physical security experts. One example, is where a whiz kid convinces the owner or CEO that the license plate detection is an absolute necessity for an access control system for monitoring vehicle movement, and proceeds to deploy the latest greatest megapixel camera. On quizzing on the purpose of license plate recording, and how long after the fact that the recordings will be reviewed, and informing the fact that 90 percent of plates used during crime are fake, the responses are quite interesting and does not fall into the logic of effective security. The result is that these systems are focused on hardware performance issues; such as getting the best quality picture, or using the latest, greatest compression, but does nothing to address real security issues. Since this breed of installer has not been able to address real security and shrinkage issues, security systems are now regarded as expenses that must be procured at the cheapest possible price. Part of the security design process often goes beyond where to install a camera or beam but probes the reasons for doing so, and the action that will be initiated when the observation or detection is made. It is amazing how few Business Heads/Owners are able to define why they need to observe something, do not discern that other people in their
facility would be better able to observe the event than they would, and fail to have the resources to carry out the actions required to respond to a detection. In the past several years, in particular in the US since the Federal Office Building bombing in Oklahoma City, the World Trade Centre attack, in combination with the Sandy Hook tragedy and the recent mall shooting in Nairobi, architectural design has evolved to the point and proved that structures are better able to mitigate security threats. Granted, architectural and construction on the front end have risen, but with amortisation of those cost over time, coupled with the improved available security technology, there is always a net cost savings. These are among emerging CPTED strategies which will go a long way in shaping the security trends in the future. The go-a-long to get-a-long approach, no longer works. Anyone wishing to draw a line in the sand, as a starting point from which to move forward, conduct a comprehensive security assessment, lest the mistakes of the past gets repeated while expecting a different result. Economic pressures are not going to make the job of sustaining effective security programs any easier. Strategies like CPTED (Crime Prevention Through Environmental Design) and improved technology can help on both counts. And it all starts with a comprehensive risk assessment. Future of security The economic indicators for 2014 and beyond, are that security budgets will continue to be squeezed. Additionally, the costs of doing business, continues to rise – there will be increasing stress on cutting cost, mostly at the expense of security. Tight money and economic stagnation both is going to impact security programs. Security managers have to do more with less, while at the same time, the demand for effective security continues to rise resulting from the growth of external and internal crime, especially property crime. The pressure on security operations is not to get bigger, but to rather get better. Traditionally, the largest cost factor for a majority of security budgets is manpower. On the positive side of the ledger, the costs of many technologies have gone down, such as video surveillance systems, which are now networkable. Video analytics has the potential to deliver significant savings while reducing security liability. Access management systems have reduced dependence on manpower and facilitate quick reaction with techniques such as automated lockdowns. The goal should be to create a security program where the end product is greater than the sum of the parts. About the Author Prince Lazar is an experienced Security Professional, Business Analyst and Resiliency Specialist with more than 24 years of varied experience in the Military and the security industry. Lazar is currently based in Kuala Lumpur and has immense expertise in the field of Threat Assessment/Risk Management, Commercial Security & Profit Centre Management, Business Development, Corporate Security, Security/Protection Design/ Plan using the CPTED concept and wide knowledge of technical integration of electronic security systems. Lazar can be contacted at firstname.lastname@example.org
Space to the subsea - emergence of agnostic integrated systems Last issue we brought you Part 1: An insight in to the business of Lockheed Martin International, by Executive Editor, Chris Cubbage, who visited Lockheed Martinâ€™s facilities across the USA during September 2013 â€“ for briefings on their activities in the space, aerospace, maritime, cyber intelligence and defence domains. Special thanks to Trevor Thomas and Lockheed Martin International for the privilege. Here follows Part 2.
THAAD Weapon System Achieves Intercept Of Two Targets At Pacific Missile Range Facility
20 | Australian Security Magazine
By Executive Editor
ockheed Martin’s Military Space Programs are structured under operational, developmental and future. Verticals include protected communications, wide band, narrow band, OPIR (Space based Infra-Red), PNT (navigation GPS), defence weather and space protection. LMI’s Protection Programs involve protecting against nuclear attack in space through to jamming attacks against satellites. The GPSIII Satellite to be launched in Quarter 2 (Apr/Jun) 2014, will make GPS coordinates three times more accurate and eight times more secure against jamming. The increased anti-jamming security comes from the power required to intercept the signal. Wide band involves Advanced Extremely High Frequency (AEHF) with frequencies from 2GHz through to 20-40 GHz ranges. LMI will ultimately have up to eight AEHF satellites, purchased by the Dutch, British and Canadians. Narrowband involved the MOUS (Mobile User Objective System) satellites which will have three times more M-code power, for greater accuracy and with 30 more satellites on the order books. The launch program included the AEHF, launched on 18 September 2013, the Defense Meteorological Satellite Program (DMSP) in US Quarter 1 ( January-March) 2014, and GPS III in US Quarter 2 2014. The DMSP is the longest running production satellite program ever, with 50 years’ service. Russia and China have updated their nuclear missiles and US is working to keep ahead with effective defense systems. The THAAD (Terminal High Altitude Area Defence) is a 0-60 mile air defence system – with the capability of like shooting a bullet with a bullet. On the Marshall Islands, 11 September 2013, Lockheed Martin’s THAAD Weapon System and the Aegis Ballistic Missile Defense System (BMDS) successfully conducted a complex missile defense flight test resulting in the intercept of two mediumrange ballistic missile targets in what was deemed in an operationally realistic environment. Add to this the ADAM (Area Defense Anti-munitions) system, which is a 10-100kw laser system which can target UAVs, small boats, short range rockets with ‘aim point maintenance’. Application potential is unlimited with an impressive demonstration available on MySecurity TV.
Solar science Contary to the belief of many, humans remain at a great deal of risk today, both man-made and natural. Given the degree of space situational awareness, the tracking of debris and risk of significant solar events means Governments and corporations need to have contingency plans for major events in space that will affect power grids, GPS readings, telecommunications and ultimately defence and security systems. Using a sensory telescope called SUVI (Solar Ultraviolet Imager), (pictured on page 22), LMI scientists are researching solar weather and sun behaviour. Solar Science has uncovered frequent solar events, with a worst case scenario involving a Coronal Mass Ejection, which may take as less than eight minutes or up to 30 days to reach earth. The 1859 Solar Superstorm took just 17.6 hours to reach earth and resulted in an Aurorae, seen around the world. Telegraph systems all over Europe and North America failed, in some cases giving telegraph operators electric shocks. Telegraph pylons threw sparks. Some telegraph systems continued to send and receive messages despite having been disconnected from their power supplies. Compasses and other sensitive instruments reeled as if struck by a massive magnetic fist. That was 154 years ago. In June 2013, a joint venture from researchers at Lloyd’s of London and Atmospheric and Environmental Research (AER) in the United States, used data from the Carrington Event to estimate the current cost of a similar event to the world economy at $2.6 trillion (£1.67tr). Why the recent study by insurers? The Earth is nearing the peak of the 24th cycle of 150 year events. The Canadian Government invested more than a billion Canadian dollars on capacitors to block massive electrical surges following a solar storm in 1989 that struck Quebec, knocking out the Quebecois power system in less than two minutes, and cost CD$13 billion. Solar storms, even smaller ones do have a cumulative effect on transformers and the reported lead time for large transformers is three years, with the world-wide capacity of only a few hundred a year. It has happened in the past, so will occur again with certainty, it’s just a matter of when and how strong the electrical attack can be. Information Systems and Global Solutions Information Systems and Global Solutions, based in Gaithersburg and lead by Sandra Barbour, Executive VP, is the ‘glue ware’ provider for LMI as the company’s mission integrator. Keith Moore, VP for International Business Development outlined how LMI currently provides 60 percent of world air traffic information services, has a million users in the US airforce, will analyse 93 million fingerprints in 6 months, handles a million operational messages a day, defends against 2 billion cyber attacks a month and processes 200 million Census forms annually. Key contracts include building NATO Headquarter’s IT Networks and the UK’s Ministry of Justice IT Networks. LMI confirmed Australia as a key expansion market and is already involved in air traffic control services and contracts with the Department of Defence and Australian Taxation Office. Customers include the civil, defence and military sectors and processes are based on CMMI Level 5, ITIL,
Australian Security Magazine | 21
increasingly being warned to improve their online defence awareness with Arnie Shimo, Director of Global Operations for the Lockheed Martin NexGen Cyber, Innovation and Technology Centres (NCITE) stating many CISO’s claim to be ‘below the security poverty line’ when it comes to receiving the resources necessary to protect their corporate data and system integrity. Taking a look at the efforts LMI is taking, it would seem beyond the scope of most corporations to make inroads – hence the business opportunity LMI is realising. MEADS - Medium Extended Air Defense System
Lockheed Martin Kaman K-MAX at Yuma Proving Ground, AZ, January 2010
Solar Ultraviolet Imager is a telescope that observes the Sun in the extreme ultraviolet (EUV) wavelength range. It provides full-disk solar images with approximately five arcsec spatial resolution at ten second imaging cadence around the clock, except for brief periods during eclipses. Six EUV bandpasses covering spectral lines of iron and He II cover the entire dynamic range of solar EUV features from coronal holes to X-class flares and enable the estimation of coronal plasma temperature and emission measure.
22 | Australian Security Magazine
ISO 9000 and ISO 270001. LMI’s Security Intelligence Centre (SIC) is used for cyber research and development and with a strategic charter in building a global customer base and collaboration of ICT research. Key areas of research are in cloud computing, enterprise mobility, big data and enterprise IT services. In terms of ‘big data’ LMI is working in the realm of Eco-bytes, or 1,000 Petra bytes. After exo-bytes comes yotta-bytes. A research project of particular interest is FOPEN which uses unique synthetic aperture radar processing to penetrate tree canopy foliage as areas are flown over for surveillance. This technology has natural implications for law enforcement in drug crop detection. Other projects include SP2772 battlefield awareness systems, with LMI the world’s top provider for geo-spacial intelligence and is breaking new ground in data links and compression algorithms. To list more of the 14 active research projects, with more than $20 million in investments, is indicative of the extent of the company’s capabilities. Such projects include JEDI, a joint environment demonstration, Cyber Fusion, SOLAS, StarVision, Next Gen Designs and Mission focus beyond traditional OSINT. Chandra McMahon, VP Commercial Markets, formerly LMI’s CISO (Chief Information Security Officer), confirmed LMI offers the full spectrum capability in the cyber security domain. The first APT (advanced persistent threat) incident against LMI occurred in 2003, and a successful ‘double supplier’ attack occurred via cyber security giant RSA in May 2011. The SIC battles daily with APTs from suspected Nation State actors, with widespread compromises possible and long standing campaigns remaining active and taking an ‘intelligence driven defence’ approach. LMI is monitoring more than 30 active cyber attack campaigns. “Emails are often the first line of a cyber attack,” explains McMahon. From its experiences, LMI has developed the ‘Cyber kill chain’ process to raise awareness. The process of intrusion, sequential attacks and ultimately leading to an attack campaign has identified indicators typical of ‘human behaviour’ from Nation State actors. Western companies are
Unmanned aerial vehicles Having looked at and considered UAVs from around the world, it was great to have had the opportunity to personally visit LMI’s base in Owego, New York, the home to one of the most advanced UAV systems in the world, the ‘K-MAX’. With a briefing from K-MAX Business Development Lead, John McMillan, this revolutionary helicopter offers new dimensions to the modern day battlefield or emergency theatre. First validated for the US Army in 2010, the K-MAX has lifted more than 1.6 million kilograms whilst on missions in Afghanistan – equivalent to 300 7-tonne trucks, 300 security vehicles and 30,000 man hours. The innovation has been with the intermeshing main rotor blades and absence of a tail rotor, providing a 1:1 lift ratio. With a robust unmanned control system LOS/BLOS the K-MAX is able to deliver to a GPS way point to drop loads and has a ‘hot hookup’ for collection and can be fully integrated across all military assets, with obvious applications for fire fighting and humanitarian aid missions. The K-MAX, along with all LMI vehicles, is being designed to operate with an agnostic capability and on an agnostic platform, using 3D topography for autonomous landing point selection, static and dynamic (moving) obstacle avoidance and Drop Zone selection. Imagery is sent via Ka and Ku bands via BLOS with the unique capability to transmit HD video through the rotors allowing the Antenna to be beneath the rotors. With a USD$1,400 per hour to fly, and a near matching maintenance man-hour per flight ratio of 1:3 the cost and safety advantages of the K-MAX is impressive. In terms of small UAS (Unmanned Aerial Systems) Lockheed Martin International has been active with acquisitions of Procerus, February 2012, Chandler, May, November 2012, and CDL Systems in December 2012. The Indigo provides a 2.5kg UAV with a 5-10km range, Desert Hawk III at 4kg with a 15km range and the Desert Hawk EER Surge V at 8kg and a 25km range and a battery target life of 10 hours. The Fury is a 190kg UAV with a 15+ hour flight time. All are capable of a common ground control system Ground Control Station. With the recent delivery (December 2013) to the Royal Australian Navy of the first two MH-60R ‘Romeo’ helicopters from the US Navy in a ceremony at the Lockheed Martin’s facility in Owego, NY and the continuing trajectory of integrating western allies’ military hardware, from submarines to satellites, Lockheed Martin will remain a global security and aerospace giant, vital for the world’s supply of leading research, design, development, manufacture, integration, and sustainment of advanced technology systems, products, and services.
LEADING INDEPENDENT SECURITY CONSULTANTS www.amlechouse.com Amlec House Pty Ltd Independent Security, Risk and Investigation Management Consultants
Security Design, Reviews & Auditing Services Studies, Investigations & Reviews Background & Criminal History Checks Due Diligence Services Specialist Technical Services Security & Risk Awareness Workshops Cyber Security, Online Safety & OSINT Workshops
Australian Security Magazine | 23
Gunning for gays In a retrograde judgment that denigrates the liberalism that India espouses, the Supreme Court the highest court of the world’s largest democracy has held homosexuality to be illegal and criminal, and punishable with imprisonment for life.
Sarosh Bana Correspondent
24 | Australian Security Magazine
n a verdict widely derided as an attack on individual freedom, privacy and choice, the Supreme Court on 11 December 2013, reversed the July 2009 ruling of the Delhi High Court that had decriminalised gay sex between consenting adults in private. In one fell swoop, the two-judge bench of the apex court rendered India’s estimated 2.5 million gays vulnerable to blackmail, intimidation, police harassment and extortion. Many among the sexual minority had started living together following the Delhi court’s ruling. But now they face an uncertain future as gay sex is illegal and their status has become that of criminals once again. Just 0.2 percent of India’s population is HIV/AIDS afflicted owing to the country’s successful AIDS control programme, but there is now the fear that these patients may no longer be able to access public health facilities without risking harassment or arrest. Central to the opposing orders of the two courts was Section 377 of the India Penal Code (IPC), enacted in 1860 by the British when India was their colony. It states: “Anyone who voluntarily has carnal intercourse against the order of nature with man, woman or animal, shall be punished with imprisonment of either description which may extend to life, or to ten years, and shall also be liable to a fine.” This archaic legislation is not only anomalous to India’s liberal thought that had given the world the Kama Sutra, the ancient Sanskrit treatise on love and sexuality, it is entirely at odds with prevailing jurisprudence. For instance, an
Indian youth, Alistair Pereira, who had, in 2006, run his car over 15 labourers sleeping in the streets of Mumbai, killing seven of them and maiming seven others, was sentenced to a three-year term by the Bombay High Court, the verdict subsequently upheld by the Supreme Court. The sentences were delivered under the IPC Sections 304 A – culpable homicide not amounting to murder; and 337 – causing hurt by act endangering life or personal safety of others. Politicians including senior ministers, charged with large-scale plunder that has wiped out almost two percent of the GDP and has denied benefits from reaching the underprivileged, roam free. A year ago, then Law minister of India, Salman Khurshid (now External Affairs minister), got away scot free after issuing death threats against an eminent civil rights activist when he could have been prosecuted under IPC Section 506 that provides a jail-term up to seven years for ‘threat to cause death or grievous hurt’. In its landmark judgment of 2009, the Delhi High Court struck down Section 377, saying it violated the Indian constitution, which guarantees protection of life and personal liberty, and prohibits discrimination on grounds of religion, race, caste, sex or place of birth, beside enjoining a life of dignity and freedom of expression to all citizens. The twojudge bench contended: “If there is one constitutional tenet that can be said to be the underlying theme of the Indian constitution, it is that of ‘inclusiveness’.” The bench of Justices GS Singhvi and SJ Mukhopadhaya
of the Supreme Court, however, upheld the constitutional validity of Section 377, contending it ‘does not suffer from the vice of unconstitutionality’. The judges said, “In the light of plain meaning and legislative history of the section, we hold that IPC Section 377 would apply irrespective of age and consent.” They also affirmed, “It is relevant to mention here that IPC Section 377 does not criminalise a particular people or identity or orientation. It merely identifies certain acts, which, if committed, would constitute an offence. Such prohibition regulates sexual conduct regardless of gender identity and orientation.” LGBT activists broke down inside the court room, while the judgment was hailed by many political, social and religious groups that consider homosexuality ‘unnatural’. The apex court lobbed the ball in the Government’s court, maintaining that it is Parliament that is authorised to repeal Section 377. AIDS Bhedbhav Virodhi Andolan, an organisation fighting on AIDS-related human rights issues, that in 1991 initiated an effort to repeal Section 377, mentions that while convictions under this law were rare, it has nonetheless been used for blackmail, violence and the denial of basic human rights of sexual minorities. It has moreover been used to harass HIV prevention efforts among men who have sex with men. Terming the judgment a ‘disgrace’, celebrated gay novelist and poet, Vikram Seth (A Suitable Boy, An Equal Music, The Golden Gate et al), hoped it would be reviewed by the apex
court. Article 137 of the constitution empowers the Supreme Court to review its orders if the review petition is filed within 30 days of the judgment. A curative petition is moreover provided for even after dismissal of a review petition. Pointing to the many Indians in small towns and villages who live a life of ‘quiet desperation’ within a conservative social milieu, Seth said of the judgment, “It takes us back to a position of barbarism and it is squarely in the province of the Supreme Court to decide the rights of equality and equal treatment, non-discrimination and the right to lead your life should have been upheld.” The petitioners, Naz Foundation, have said they will seek a review of the order. The Government too, has pledged support to anyone seeking a review. There is besides a widening demand that it amend or repeal Section 377. But weakened by corruption and recent electoral setbacks, the Government is unlikely to pursue this anytime before the general elections due in March-April 2015. Currently, 77 countries outlaw homosexuality, with Iran, Mauritania, Sudan, Saudi Arabia and Yemen prescribing capital punishment for gays. Kuwait has newly developed a medical test that will be used to ‘detect’ homosexuals and prevent them from entering the country or any of the Gulf Cooperation Countries (GCC) that comprise Bahrain, Qatar, Oman, Saudi Arabia and the United Arab Emirates, besides Kuwait.
Currently, 77 countries outlaw homosexuality, with Iran, Mauritania, Sudan, Saudi Arabia and Yemen prescribing capital punishment for gays.
Training for a better future in...
Security at Brisbane Security Training Centre
Our highly respected industry specialists provide Security Operations training and advice to leading security businesses around the state. Let us help you secure the skills you need to become an effective security operator. Call Wide Bay Institute of TAFE’s Brisbane Security Training Centre on 3806 9633 for further information.
1300 656 188
www.widebay.tafe.qld.gov.au 40 - 44 Johnson Road, Browns Plains, Queensland 4118
• • • •
Defensive Tactics Edged Weapons Introduction to Terrorism Private Investigator - Certificate III in Investigative Services (CPP30607) • Certificate IV in Security and Risk Management (CPP40707) • RPL available
“A ZB of storage capacity is equivalent to approximately 1,000 exabytes (EB), each exabyte equalling 1.07 billion gigabytes (GB)”
India is a strategic market for EMC Cloud Computing will evolve into a US$4.5 billion market in India by 2016, accounting for up to 35 percent of the country’s overall IT spend.
Sarosh Bana Correspondent
26 | Australian Security Magazine
riven by an increasingly interconnected world, the ‘digital era’ is transforming business and society. Digital Information is doubling every two years and by 2020 it will be 50 times the staggering 1.8 zettabytes (ZB) it measured globally in 2011. A ZB of storage capacity is equivalent to approximately 1,000 exabytes (EB), each exabyte equalling 1.07 billion gigabytes (GB). This surge in Digital Information is creating unprecedented challenges for businesses, individuals and Governments to store, manage, secure and access it. Once a fraction of the entire IT spend and a back-end piece, storage is now vital in the expanding Digital Universe. Technologies of Cloud Computing and Big Data analytics that address the entire lifecycle of Digital Information hold the key today. Digital Information in India too, is poised to explode 23-fold by 2020. Digital bits captured or generated each year expected to grow from 177 EB in 2012 to 2.9 ZB by 2020. The country’s storage market had been largely disk-
based (part of server or PC) and worth US$97.82 million (calculated at Rs61.85 to a US dollar as on 12 December 2013) in 2002, but by 2012, it had grown to US$266 million and was network-based. Cloud Computing is projected to evolve into a US$4.5 billion market by 2016, accounting for up to 35 percent of India’s overall IT spend, the private cloud market alone creating 100,000 jobs by 2015. This is being driven world-wide by proliferation of devices such as PCs and Smartphones, increased internet access within emerging markets, boost in data from surveillance cameras and smart meters, increasing machine-to-machine communication (M2M), falling costs of technology and digitisation of TV. Bill Scannell, President for Global Sales & Customer Operations of the US’s EMC Corporation, says his company, a leader in the storage market in India and globally, sees immense business potential. “EMC in India leads the industry with a 25.5 percent market share and has been
“Since its entry into India in 2000, as a pure play storage vendor, EMC has scaled up its presence to more than 3,500 employees, a customer portfolio of 3,800 across 190 cities, and a sales and marketing infrastructure that includes a 200-plus partner network.” investing ahead of the curve to lead this transition,” says Scannell, who was in Mumbai recently to attend the EMC Forum 2013, the annual flagship event held by his Hopkinton, Massachusetts-based company in various cities around the world. With revenues of US$21.7 billion in 2012 and 60,000 employees world-wide, EMC provides IT storage hardware solutions to promote data back-up and recovery and to facilitate Cloud Computing. India is a strategic market for EMC, presenting, like China, a long-term growth opportunity for the company in the region. “Businesses in India are increasingly seeing transformative benefits of using analytics to enable better resource management, gain competitive and market insights and enable truly transformational business decisions,” notes Rajesh Janey, President, EMC India & SAARC. “There is consensus in the business community that data would enable better decision-making and EMC is committed to working with businesses on this transformational journey.” Since its entry into India in 2000, as a pure play storage vendor, EMC has scaled up its presence to more than 3,500 employees, a customer portfolio of 3,800 across 190 cities, and a sales and marketing infrastructure that includes a 200plus partner network. Its revenues in India have grown from US$88.12 million in 2002 to US$285.53 million in 2012, with top customers including Asian Paints, Reliance, Hero Motors and ICICI Bank, and partners like Cisco and HCL. EMC’s incremental investment of US$1.5 billion during five years (2010-14) has brought its cumulative planned spend from 2003 to US$2 billion. The investment is being used for expansion of sales and marketing infrastructure, growing the information infrastructure market, and strengthening the R&D presence it has had in India since 2003. The India Centre of Excellence (CoE) was formed in 2007 to advance EMC’s globalisation goals and accelerate R&D efforts and services in information infrastructure by leveraging the skills available in India. EMC is building a resource pool of skilled and certified storage professionals to address the storage knowledge gap in industry. The education strategy of the EMC Academic Alliance (EAA) programme involves an open curriculum based on technology rather than product. Since its inception in India in 2005, EAA has more than 300 academic partners and has educated more than 120,000 students, with more than 100 new institutions joining in 2012 alone.
Scannell says EMC has a customer portfolio of 3,800 across 190 Indian cities “This is just the beginning, as India invests in building a digital backbone in the National Optic Fibre Network and puts in place initiatives like unique identification (UID), National Data Sharing & Accessibility Policy, and Electronic Services Delivery Bill,” says Scannell. “EMC looks forward to continuing to lead the transformation in India, just as we are doing around the world.”
Australian Security Magazine | 27
Women in Security
Order in the house Bronwyn Paul wanted to be an architect but because girls weren’t allowed to take technical drawing, she became the co-owner of a security business and chairperson of the New Zealand Security Association instead. Architecture’s loss was security’s gain.
T By Adeline Teoh Correspondent
28 | Australian Security Magazine
his man came up to me. He came really close and he pointed his finger at me. He said, ‘there is no place for a woman in this industry’.” Bronwyn Paul’s first New Zealand Security Association (NZSA) conference was hardly welcoming, but the co-owner of AlarmGuard and Wanganui Security Services is now the chair of the organisation, thanks to the very person who told her she had no place in it. That man was the late Ian Dick, after which the NZSA’s award for Security Officer of the Year is named. “He actually turned out to be my biggest mentor and biggest supporter,” says Paul. “He was an amazing man, a mentor to so many people in the industry and I was one of the very fortunate ones he ended up taking under his wing.” Her encounter with Dick came at a time when she was already grappling with doubt about her aptitude for security services. At aged 12, Paul wanted to be an architect but, because girls weren’t allowed to take up technical drawing, she ended up in an analytical role at a management consultancy firm in Wellington. She then married husband Mark Simmonds, and the pair settled in Wanganui, a coastal river town about 200 kilometres north of the capital on the North Island. Simmonds owned Wanganui Security Services and
Paul began working in the business. “I started in 1986 but I didn’t know anything about security then. I was really thrown in the deep end,” says Paul of her first taste of the security industry. Because the business was small and the security industry at the time was immature, Paul ended up working on a range of security services, from monitoring alarms to doing welfare checks, learning on the job from suppliers and customers and reading as much as she could. Her persistence paid off. “At the beginning there were no systems in place, there were no policies or procedures or step-by-step ‘this is how you do this’. I had to pretty much just use common sense and then as time went on and the business started to develop, I was in a position to train other people,” she explains. Today, people are a lot more specialised, she says, but should school themselves across the spectrum to help customers. “Become as knowledgeable as you can about the service you’re providing but also have a good understanding of other services that people may ask you questions about. Even if you don’t know the answer, you may be able to direct them to the right place to get the answer.”
Women in Security
Building a name Paul and Simmonds began to attend a number of international conferences and also underwent training overseas, a process that helped them introduce new technology to the New Zealand market. “We brought back the idea of home detention monitoring,” she recalls. “We ended up working with the Government to get them to accept that as a form of incarceration for prisoners, and then worked with them to change the law. We ended up implementing it and monitoring it right throughout the pilot scheme, which lasted almost five years.” During this time, the man who told her she had no place in the industry became her biggest advocate. In 2011, Dick nominated her to the board of the NZSA, the only woman among seven men. Then, in August 2012, her name came up as a candidate to replace the outgoing chair. “I didn’t put my name forward because I was sick, I was going through cancer treatment, but the guys talked me into it,” she says. “I thought ‘this is probably exactly what I need to get over the last year, this is a challenge I need to get me back up and running again’.” In addition to Paul’s cancer, Simmonds had spent a year seriously ill with acute lead poisoning. With both owners out for the count for two years, the business stagnated. Paul has since learnt her lesson in risk management. “For both of those years we should have had a person to come in and manage it for us. We never put into our business plan that we were both going to be so sick two years in a row. We should have had a contingency for that. When everyone is well you never think there’s a day when it could all turn to custard,” says Paul. “Apart from that, I absolutely applaud my staff because they did an amazing job keeping everything going. It was a speed bump, not a roadblock.” Now she’s keen to provide value for NZSA members through professionalisation of the security industry. New licensing, registration and training standards have come into play and mandatory training for security personnel is now law, thanks to the association. But Paul thinks there’s more to do. “I would love to see the NZSA have a bigger role in the licensing act and maybe do a little more, like push for compulsory membership, because then you know everybody in the industry is working to a code of practice, they’re working to a recognised training program, they’re all licensed. Then the customer knows that everyone in the membership is fit for purpose.”
“If you’re talking about fitting alarms in homes, a lot of women are the decision makers on how they want the alarm to function, what it is they want it to do. And there has been a general acceptance that women do have a place in business and industries such as security.” our house from burning down last night’ – it’s a reward just knowing you’re making a difference and protecting people’s lives and property.” These days she has a different kind of customer and a different relationship with property. Shrugging off the early snub from architecture, Paul taught herself how to use a computer aided design (CAD) program and now designs houses and buildings in her spare time. She and Simmonds also try to take their boat out as often as they can. “There’s not much spare time, but the spare time we have we make the most of,” she says. “We live at the beach so we can partly be on holiday when we’re not working!” And as for the security industry being ‘no place for a woman’? “It has totally changed,” Paul reports. “If you’re talking about fitting alarms in homes, a lot of women are the decision makers on how they want the alarm to function, what it is they want it to do. And there has been a general acceptance that women do have a place in business and industries such as security.” Her favourite part of the security industry is this everchanging nature. “No two days are ever the same,” she says. “I’m an entrepreneurial person and just love that the industry is evolving.”
Customers first Paul is fiercely devoted to her customers. Much of her passion for the industry comes from being able to solve their security problems, and both AlarmGuard and Wanganui Security Services are known for their attention to detail and attention to customers, she says. “In our industry, technology and innovation is hugely important, but I still rate serving the customer as the most important. Knowing your customers, knowing what they want, is really important.” She admits she wishes she had more time to contact customers, though it seems many of them contact her. “I love having them ring and say we do a great job, ‘you saved
Day Staff at work premises
Australian Security Magazine | 29
A new standard for security leaders A new IBM study of security leaders reveals they are increasingly being called upon to address board-level security concerns and as a result are becoming a more strategic voice within their organisations.
he findings reveal that a constantly evolving threat landscape, emerging technologies and budgetary restraints are requiring security leaders to play a more active role in communicating with C-suite leaders and with their boards, as the rise in security incidents impacts brand reputation and customer trust. Additionally, cloud and mobile adoption continues to grow as a focus area for the majority of security leaders. The 2013 IBM Chief Information Security Officer Assessment takes the pulse of security leaders from Fortune 100 and midsized businesses. Below is an excerpt from the report. Business practices challenge: Managing and tracking brand reputation Many security leaders understand what their C-suite is concerned about. This is good – it shows that they are engaged and communicating across the organisation. More mature leaders tend to meet more regularly with their Board and C-suite, thereby improving relations. Not surprisingly, though, each C-suite executive has a different top security worry (Figure 1). The interviewees said that their CEOs are most sensitive about negatively impacting brand reputation or customer trust. CFOs fret about financial losses due to a breach or incident. COOs lose sleep over operational downtime. Finally, CIOs have a broad set of concerns, including breaches, data loss and implementing technology investments. This broad spectrum of worries poses a difficult challenge – what criteria should security leaders use as guidance? What should they track? How do they know if they are making progress? Security leaders believed, on average, that a loss of
30 | Australian Security Magazine
brand reputation or customer trust was the most important business concern across the organisation. Breaches and the theft of customer data can impact stock prices and overall brand value, and it can take a fair amount of time to recover. According to the IBM 2012 Global Reputational Risk and IT Study, data breaches/data theft/ cybercrime is the number one reputational risk – more than systems failures, data loss and compliance failures. You would think that reputational risk is something security leaders regularly track, but it’s not. Only 24 percent of the leaders we interviewed track the impact of a security compromise on brand reputation and customer trust – it was last on the list (Figure 2). Some of the security leaders interviewed are using managed security services for brand and executive reputation monitoring, and more of them want this capability in the future. To adequately address this difficult challenge, however, additional work needs to be done. Below is a synopsis of other findings Technology Trends – Moving beyond the Foundational: Mobile security is the number one ‘most recently deployed’ initiative, with one-quarter of those surveyed deploying it in the past 12 months. According to the findings, while security leaders are looking to advance mobile security beyond technology and more about policy and strategy, less than 40 percent of organisations have deployed specific response policies for personally owned devices or an enterprise strategy for bring-your-own-device (BYOD). Nearly 76 percent of security leaders interviewed have deployed some type of cloud security services – the
“...security leaders need to focus on finding the delicate balance between developing a strong, holistic security and risk management strategy, while implementing more advanced and strategic capabilities...” most popular being data monitoring and audit, along with federated identity and access management (both at 39 percent). While cloud and mobile continue to receive a lot of attention within many organisations, foundational technologies that security leaders are focusing on include identity and access management (51 percent), network intrusion prevention and vulnerability scanning (39 percent) and database security (32 percent). Business practices – Catching the Vision: The security leaders interviewed stress the need for strong business vision, strategy and policies, comprehensive risk management, and effective business relations to be impactful in their roles. Understanding the concerns of the C-suite is also critical as more seasoned security leaders meet regularly with their board and C-suite leaders. The top trends that they discuss include identifying and assessing risks (59 percent), resolving budget issues and requests (49 percent) and new technology deployments (44 percent). When asked what advice they would give to new security leaders, respondents recommended a strong emphasis on vision, strategy and policies, comprehensive risk management and effective business relations. “Building the trust of the C-suite and the board is critical to the success of a security officer”, says Ken Kilby, Chief Information Security Officer, BB&T Corporation, one of the largest financial services holding companies in the United States. “Beyond internal relationships, developing relationships with law enforcement, industry partners and legislators is crucial in fostering greater public and private communication and will ultimately help to reduce the total attack surface and protect an organisation’s data.” Measurement – Providing the Right Feedback: Security leaders continue to use metrics mainly to guide budgeting and to make the case for new technology investments. In some cases, they use measurements to help develop strategic priorities for their security organisations. In general, however, technical and business metrics are still focused on operational issues. For example, more than 90 percent of respondents track the number of security incidents, lost or stolen records, data or devices, and audit and compliance status – fundamental dimensions security leaders would be expected to track. Far fewer respondents are feeding business and security measures into their enterprise risk process even though security leaders say the impact of security on overall enterprise risk is their most important success factor. “It’s evident in this study that security leaders need to focus on finding the delicate balance between developing a
Figure 1: According to security leaders, each member of the C-suite has a different top security concern.
Figure 2: Risk to brand reputation is the least tracked business metric.
strong, holistic security and risk management strategy, while implementing more advanced and strategic capabilities such as robust mobile security that includes policies for BYOD,” says David Jarvis, co-author of the report and manager at the IBM Center for Applied Insights. About the Report Authors Marc van Zadelhoff, Vice President, Strategy and Product Management, IBM Security Systems. In this role, he is responsible for overall offering management, budget and positioning for IBM’s global security software and services portfolio. Kris Lovejoy, General Manager, IBM Security Services In this role, she is charged with development and delivery of managed and professional security services to IBM clients world-wide. Prior to her role in Services, Kris was IBM’s VP of Information Technology Risk and Global CISO, responsible for managing, monitoring and testing IBM’s corporate security and resiliency functions globally. David Jarvis, Manager, IBM Center for Applied Insights. David specialises in fact-based research on emerging business and strategic technology topics. He is coauthor of a number of IBM security studies including the 2012 IBM CISO Assessment and Cybersecurity Education for the Next Generation.
Australian Security Magazine | 31
Social engineering: Mitigating a stealthy risk Can an organisation get victimised by social engineering? And if so, what can that organisation do about it? Social engineering is everywhere and used constantly by everybody. Mostly in a quiet, harmless matter and not intended to harm an organisation or person. However, these skills are also used more and more by professionals for criminal activities. By
ocial engineering is hard to detect if you are not trained. This article will inform you about proactive security and how you can use it to see and moreover prevent a social engineering attack. What is social engineering? Before I explain proactive security to you, it is important to understand social engineering, in the context of information security. This refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access. It differs from a traditional â€˜conâ€™ in that it is often one of many steps in a more complex scheme. Techniques and terms related to physical security All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases are exploited in various combinations to create attack techniques. Three of them are listed here:
32 | Australian Security Magazine
1. Pretexting Pretexting is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. An elaborate lie, it most often involves some prior research or set-up and the use of this information for impersonation to establish legitimacy in the mind of the target. This impersonation can be to act like a doctor, new co-worker, lost patient, etc. This technique can be used to fool a security guard or staff member into disclosing information about areas of interest, security measures, authorisation levels and other information to gain access to highly attractive areas. Examples of highly attractive areas can be but is not limited to the patient administration/archives, maternity unit, medical supply areas, IT department/areas, logistics and financial department. The information can then be used to establish even greater legitimacy under tougher questioning when accessing one of these targeted areas of high risk and/or attractiveness. Pretexting can also be used to impersonate co-workers,
police, bank, supplier, tax authorities, clergy, insurance investigators – or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases, all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one’s feet to create a pretextual scenario. 2. Diversion theft Diversion theft is exercised by professional thieves, normally against a transport or courier company. The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere – hence, ‘round the corner’. Medical files or goods that are shipped from the mailroom/logistics. An imposter could use envelopes/packages and signs/marks it with the necessary authorisation to ship mail and packages to himself without setting off any alarms. Example: - Social engineering impersonates as a co-worker - Gains access to a department - Gains access to envelopes/boxes, punches and the like - Gains access to eg, Smartphones - Mails himself those Smartphones via organisation mailroom using to correct forms, punches, boxes and the like - If successful, this may repeat itself. 3. Tailgating An attacker, seeking entry to a restricted area secured by unattended, electronic access control eg, by RFID card, simply walks in behind a person who has legitimate access. Following common courtesy, the legitimate person will usually hold the door open for the attacker. The legitimate person may fail to ask for identification for any of several reasons, or may accept an assertion that the attacker has forgotten or lost the appropriate identity token. The attacker may also fake the action of presenting an identity token.
Organisational environment Social engineering is used against an organisation to obtain information, competitive advantage, products and/or steal private property like cameras and wallets. An imposter can use these skills to gain entrance to offices or storage rooms impersonating as a vendor, supplier or new co-worker. The list of possible scenarios that can occur are almost unlimited. A social engineering attack is launched in the following four stages: 1) Information Gathering, 2) Development of Relationship, 3) Exploitation of Relationship, 4) Execution to Achieve the Objective. For an organisation, stages 1 and 2 can make the difference. In those stages the attacker is most likely to visit the organisation and his/her behaviour can be better detected and labeled as ‘suspicious’. During stages 3 and 4, it is up to the staff members who encounter the attacker to notice the threat and raise alarm. For stages 3 and 4, a security awareness program could be implemented to mitigate the threat in those stages. For stages 1 and 2, the organisation can use proactive security to mitigate the threat of a social engineering attack. Proactive security What is proactive security? Proactive security is the ‘science’ to prevent a (social engineering) attack in the earliest stages based on intelligence, behaviour and information gathering. Proactive security puts all the pieces needed for a successful social engineering attack together. This gives the organisation intel about a possible attack. You can implement this in your risk based scenarios. What scenarios are relevant that could make a social engineering attack successful? And what scenarios are likely to occur using social engineering? A bow-tie analysis tool will assess the steps within all relevant scenarios for social engineering to successfully attack your organisation. In the example in Figure 2, you will see how the bow-tie analysis is used to breakdown every scenario in individual acts, which the social engineering attacker has to overcome or establish, to make the social
Figure 1: The social engineering attack cycle. Source: GartnerG2 © 2002
Australian Security Magazine | 33
Figure 2: Template example for a bow-tie analysis for a social engineering attack
“When detecting a possible social engineering attack, react immediately. The social engineering will notice the
Immediate response. When detecting a possible social engineering attack, react immediately. The social engineering will notice the additional security measures and will retreat.
additional security measures and will
At the beginning of this article I asked you if an organisation can be victimised by social engineering. The answer is yes, it can. But being aware of social engineering and using proactive security to forecast the most likely scenarios and necessary acts for your organisation, you can do a lot to prevent and mitigate this stealthy threat.
engineering attack successful. The scope of proactive security is for prevention purposes only, not to repress the threat after the social engineering attack. The outcomes of the bow-tie analysis are used in your risk based analysis. Are the steps visible in your risk analysis and did you take countermeasures? If not, what countermeasures can you take? There will always be a residual risk and methods left to gain access to the targeted area. But are those residual risks and methods acceptable and/or realistic to occur? With proactive security you use information from (incident) reports, observations of security guards and other sources to ‘see’ a possible social engineering attack in the early stages. After processing all the information and mutual agreement of a possible attack, countermeasures can be taken immediately. Countermeasures Implementation of proactive security is not implementing new countermeasures. It is the awareness that various countermeasures have proactive security as a part already in them. It is up to you to combine all of the intelligence from these countermeasures. Below are a few points to consider when implementing proactive security. • • • •
34 | Australian Security Magazine
Be aware of all the acts social engineering needs to accomplish a successful attack Educate and train all staff to be aware of the risks in their own department Use tools to analyse the risks using mystery guests/ security site visits Use information/incident reports to tie the pieces together to forecast a possible social engineering attack
About the Author Jos Maas is a consultant providing services regarding information security and business continuity by using a broader view than solely IT security. He is also CISM certified and chairman of the IAHSS Europe chapter.
Mature retail loss prevention The first instances of dedicated loss prevention, or ‘security’ programs being used by retailers dates backs to the early 20th century where there was largely a culture of secrecy aligned to them. This was primarily due to their core objective of ‘catching’ dishonest employees or customers. By
The journey so far
or many retailers, limited change in terms of evolution or maturity within their Loss Prevention program has taken place since the start of 20th century. Many retailer’s Loss Prevention programs are still focused on the issues of theft, either by staff or customers, as their sole contribution to their organisation’s efforts to reduce the impact of shrinkage on their profit. This arguably is in direct contrast to the wider retail industry which has evolved dramatically, particularly during the last 20 years. For example, core functional areas such as Human Resources, IT, Merchandising, Marketing and Supply Chain have all matured in their approaches thereby broadening their value propositions to retailing. More importantly, they have seen that they had to operate outside their traditional thinking and approaches to truly support Retailers. What that said, for a few fortunate Retailers, significant maturing has taken place in their Loss Prevention programs since the start of the 21st century and this maturing has resulted in significant improvements within their shrinkage. See Figure 1. Fortunately, there is a clear path in terms of maturity levels that a Retail Loss Prevention program can progress through. And whilst there are distinct differences in each of these levels, it is important to understand that the program does not fully cast aside the operational requirements of the less mature levels. In fact, a key indicator of success is that whilst the mature program is judged less on the ‘younger’
program’s requirements, it in fact, finds that the fulfilling of these requirements is much easier. Level 1 - catching the bad guys A key driving characteristic of a program within this stage of maturity, is that it is largely reactive in its approach and the most talked about and engagement relates to the topic of catching and prosecuting of dishonest employees and customers. Other characteristics that may be present include; • Input may be sought in relation to the physical security of stores and other facilities, however, this is usually reactive only; • Their primary and in most cases only internal interface (not business partner or stakeholder) is retail operations and to a less extent, the Warehousing and Distribution department (not Supply Chain); • The most frequent topic of conversation with members of other departments within the organisation revolves around ‘how many crooks have been caught’. Unfortunately, a function operating at this level, more than likely, finds it very difficult to be heard within the organisation when raising, sometimes very relevant concerns.
Australian Security Magazine | 35
The Evolution Time of Retail Loss Prevention & Shrinkage Management
Figure 1: The different maturity levels of Retail Loss Prevention programs
Level 2 – risk and compliance Within this level, a program has developed and implemented some form of ‘audit’ or ‘compliance’ base assessment program. However, it is largely targeted towards the retail stores and is very ‘security’ based in terms of cash register and safe disciplines, key control etc, and a perception of Loss Prevention being there to ‘catch people out’ is largely felt by those who are the subject of the audit. Some more notable characteristics include; • A focus of Audit & Compliance Security; • Point of Sale transactional data rating staff member dishonesty and customer refunds; • Some analysis at product level in terms of loss and shrinkage is undertaken, however, the outcome is more than likely in-store based actions surrounding the ‘protection’ of the products identified from theft; and • An awareness or focus program on reducing shrinkage has usually been developed and implemented within the retail operations area only focusing on theft prevention. In terms of strategy, it is largely (and unfortunately) a cookie-cutter ‘back to basics’ approach that is taken. It will be focusing largely on the ‘4 Buckets’ of shrinkage with the emphasis being on the reduction of crime, as opposed to helping the business succeed as a retailer. Most import to note here is that whilst the program does realise that it requires, and legitimately seeks greater assistance throughout the business to reduce loss, it is seen as very myopic in its approach to what is required from the other departments. In short, most discussions with other functions are likely limited to the topic of theft prevention, anti-theft packaging, source tagging etc. Because of these above mentioned factors, true collaboration across the business to reduce loss is rarely, if ever obtained by a program operating at this level of maturity as they are seen as a driver of their own agenda, not the business’s agenda. Level 3 – loss and shrinkage management subject matter expertise and collaboration To state that there is deep-seated shift in the Loss Prevention program between this level of maturity and the previous level is an understatement. This shift, which sets the foundations for
36 | Australian Security Magazine
the next level of maturity, is largely driven by a fundamental change in philosophy and approach in what are the causes of shrinkage and loss within the retail environment. At a strategic level, the traditional ‘4 Buckets’ approach is put aside for a more grounded approach to identifying the root cause and disconnect between an organisation’s strategy and execution of the strategy that result in shrinkage and loss. The head of the Loss Prevention program will only refer to the ‘4 Buckets’ approach when emphasising to the organisation its limited value. Other key characteristics of a program operating at this level of maturity include; • •
End To End Supply Chain Knowledge of Shrinkage/ Loss ‘Touch-points’; Inventory Physical Flow and Information Flow Effects on Shrinkage and Loss and the root cause driving them at these ‘Touch-points’; The 3 Buckets of shrinkage are only the symptoms, not the causes; Sustainable and Mutually Beneficial Relationships based on collaboration.
In terms of the team members of the Loss Prevention function, they will still be required to have the core skills relating to investigating, interviewing and auditing. However, these skills will be required to be also applied to situations or problems that are far wider in scope than a simple dishonesty or theft matter, such as, undertaking end-to-end process flow analysis to identify a facilities ‘4 Walls’ failures in terms of preventing loss and shrink. Also, they will be required to have a much higher level of business acumen particularly in terms of the ability to negotiate and influence. The leader of the program particularly, will be required to have not only internationally recognised qualifications in terms of Security Management, they will be able to display
Benefit to Retail Organisation
The Maturity Levels of Retail Loss Prevention programs
Loss Prevention Program Maturity Level Figure 2: Reframing stakeholder’s expectation – retailers need to expect more from loss prevention
the level of business acumen that would be expected of any effective, high performing retail executive. Level 4 – organisation wide and external business partner engagement True partnerships between a Loss Prevention program, internal business partners and key external business partners in proactively identifying and addressing the root causes of shrinkage and loss across the entire organisational supply chain, is the distinguishing attribute of a fully mature Loss Prevention program. These attributes are realised, in part through the existence of the following; • Up Stream and Down Stream ‘True’ Causes of Shrinkage and Loss Identification; • Vendor Shrinkage Engagement and Metrics; • Functional metrics of success as a Retailer; • A clear understanding across the business that behaviour and disciplines are the primary drivers of shrinkage and loss. Arguably, the most important characteristic of this level of maturity within a retail loss prevention program is the existence of a functioning, enterprise wide Team Member Shrinkage and Loss Prevention educational and engagement
program. This program would not only be tailored towards and relevant to the different functions within the business, it will be tailored and relevant to the different leadership levels that may exist within the organisation. See Figure 2 above. Retail organisations expect much more from other programs and functions such as Supply Chain, IT, Marketing etc, that support their core business than they did 20 years ago. Likewise, far more should be expected from their Loss Prevention program than what was back in the early 1990s, let alone the start of 20th century. It is only from the initial step of gaining a clear understanding of these different levels of maturity that at very hard assessment of an organisation’s existing Loss Prevention program can be done. From this, the Loss Prevention program leader has an opportunity to change their business’s expectations of them. Otherwise, a Loss Prevention program will be at risk of just being seen as responsible for ‘catching the bad guys’. About the Author Damian Comerford has been working within retail loss prevention for more than 20 years having first joined the industry in a floor level position, to now holding the senior most position in loss prevention within a leading Australian retailer. In his position, Damian is directly responsible for the national loss prevention and shrinkage reduction program.
Australian Security Magazine | 37
Unmanned vehicles: Enhancing security, rescue and natural disaster management capability Unmanned ground (UGV), maritime (UMV) and aerial (UAV) vehicles offer increased capability in security missions, rescue operations, and the management of natural disasters. State border protection demands monitoring very large areas during an extended period of time. The US Customs and Border Protection (CBP) agency uses six Predator UAVs to patrol the southwestern and northern borders of the US. In Europe, the FRONTEX agency responsible for border security of Schengen member States supports the relentless monitoring of the northern coasts of the Mediterranean using unmanned aircraft in view of the current political climate in North Africa. By
John Cunningham and Dr Pascual Marques
38 | Australian Security Magazine
nstead of sending first responders directly to the potentially hazardous site of a disaster, unmanned vehicles can explore the area and collect valuable information without risking the lives of rescuers. Furthermore, vehicles equipped with sophisticated sensor systems detect hazards earlier and much more reliably than humans. By combining the capabilities of an experienced rescuer with those of a remotely operated vehicle, a powerful system is created that can deal with a large variety of security threats and dangers. In the aftermath of severe natural disasters such as earthquakes, hurricanes, and tsunamis, soldiers and rescue teams are deployed to provide humanitarian assistance.
Rescue teams benefit from rapid intelligence and analysis of the situation, which is best provided by robotic platforms that are versatile, have long endurance and provide live imagery essential for the movement of rescue teams and the safe transportation of vital equipment, food, drinking water and medical supplies. In this article, we review the current capability of robotic UGVs, the need for integration of UMVs into current manned operations, and the critical role of UAVs to increase security and rescue efforts, and conduct effective surveillance of large geographical areas.
Adaptation of robotic UGVs to increase security and rescue efforts There is an ever-increasing threat and need to improve security methods to prevent Improvised Explosive Devices (IEDs), suicide bombers, car bombs, and nuclear/biological/ chemical devices being used against both military personnel and civilian targets. As the techniques being used to emplace IEDs are constantly evolving, there is emerging a growing need for a system capable of remotely removing rubble, which might be covering/concealing these devices, and clearing paths to reach these devices, which might otherwise be inaccessible. In addition, when severe natural disasters such as earthquakes, hurricanes, and tsunamis occur, soldiers and rescue teams are often called upon to provide humanitarian assistance. Thus, soldiers and rescue teams need a mobile robotic platform that is simple, versatile, and easy to transport. To support these needs, unmanned ground vehicle platforms must be quickly adapted to support a wide range of uses; specifically generator power, lights, powered tools, security sensors, camera systems, debris removal, and other.
Robotic and manually controlled fire fighting vehicle to support first responders (ARGUS Robotics, USA)
Robotic and manually controlled underground vehicle to support mine rescue and escape teams (ARGUS Robotics, USA)
Robotic systems assist security teams Currently addressing this need, soldiers and civilian security teams are using on-site roadblocks, vehicle inspections, and inspecting rubble and debris piles for concealed IEDs. Unfortunately, with the ease that IEDs can be placed in a car, hidden adjacent to the road, or on insurgents themselves, these soldiers and security teams are easy targets, thus the potential is great to lose many personnel. With the increasing threat there is a need to put into place a robotic system to remove soldiers and rescue teams from this threat and provide a physical and visual deterrent to the insurgents that also allows the insurgents to be easily and safely captured. Adapting a robotic multi-task ground vehicle that remotely uncovers potential explosive hazards will allow the application of other systems and techniques to perform neutralisation of such improvised weapon systems. In addition, such robotic vehicles will be able to clear small rubble/debris from a route after determining whether it contains an explosive hazard, to avoid impeding the movement of ground forces or leaving a location suitable for concealing an explosive hazard. Such designs can be controlled with a series of manual, robotic, or autonomous control systems. Search and rescue UGVs There is a constant world threat of dangerous and damaging storms, earthquakes, tsunamis, hurricanes, tornados and other natural disasters. Compounding this is the disastrous situation to the population after the initial event. Such problems often include lack of water, food, communication, transportation, medical assistance, and much more. When these events happen there is a call for international support, which military and first responder teams immediately mobilise to help. Such events occurred recently in 2013, in the Philippines and the USA. Therefore, having a series of multi-task ground vehicles can quickly support a wide range of needs. In addition, such vehicles can provide psychological support to the rescue teams
and local population, plus augment security to help prevent looting. Other disasters, such as underground fires and mine accidents, can also benefit from a versatile multi-task vehicle; for there is a need in the world to support miner safety, mine rescue teams, and the addition of escape vehicles to rescue trapped miners. In addition, there is a need to support the removal of landmines from abandoned war zones. Current estimates place the number of landmines scattered around ex-conflict zones at more than 100 million. These landmines are deadly to the local population. A multi-task vehicle design must be able to support detection, marking, and removal of such devices. The vehicle should also have the means to be used as a construction tool to support local rebuilding. In addition, such designs should help wounded soldiers who have lost legs and arms due to IEDs. Specifically, with both manual and robotic controls the commercial vehicle should be used as a construction tool that will help these soldiers regain community re-integration and quality back into their lives. The ARGUS robotic vehicles Modifying a current Commercial on the Shelf (COTS) vehicle and developing the necessary unmanned system control capabilities, presents the quickest and least expensive method of meeting such needs. Multi-task ground vehicles
Australian Security Magazine | 39
Robotic and manually controlled ground vehicle equipped with a landmine detection wand to support humanitarian demining (ARGUS Robotics, USA)
“With the need to support miner safety and the poor performance of existing rescue systems, these UGV design components and techniques make a viable system. The vehicle can be used for mine rescue, and includes a series of indicator lights that are set to warn of dangerous levels of gases such as oxygen, methane, carbon-dioxide, carbon-monoxide or others.” have been designed by ARGUS Robotics (USA) to support military use, rescue, transport, and explosives detection and removal. These multi-task motorised vehicles include a vehicle body with a rigid frame on a wheeled platform. The vehicle includes a rotary mounting platform on top of the vehicle configured to interchangeably mount and remove various secondary systems or components, thereby permitting the multi-task motorised vehicle to change functions. The secondary systems include at least one of a high performance gun platform, a missile platform, a speaker platform, a multi-light platform, a UAV launch platform, a robot arm, a multiple imaging platform, or a multiple gun platform, for military applications. Secondary components may also include a robot arm, an imaging platform, a camera, a waterspout, or an oxygen tank for use in mine rescue and firefighting situations. The vehicle includes a jib crane for mounting and demounting the secondary systems to and from the vehicle. Other features and configurations of the multi-task vehicle concept include a front end loading bucket; backhoe bucket mounted to the rear; a set of controls for manual operation of the vehicle; indicator lights that warn about dangerous levels of toxic gases; a tandem set of levers to recover the vehicle when the vehicle has flipped over due to terrain or an explosion; a plurality of modular internal
40 | Australian Security Magazine
compartments including oil system, fuel system, drive system, or engine compartments; and a multiplicity of upstanding threaded mounting studs. With the need to support miner safety and the poor performance of existing rescue systems, these UGV design components and techniques make a viable system. The vehicle can be used for mine rescue, and includes a series of indicator lights that are set to warn of dangerous levels of gases such as oxygen, methane, carbon-dioxide, carbon-monoxide or others. The ARGUS design supports performance components and designs from other industries, such as dust containment chambers for electronic functions that could be applied to dust problems with military vehicles. The design can advance wireless communication systems to support underground mine use for personnel location during a mine accident, as well as advance the design of maintenance systems that support other engineering industries. To support humanitarian demining, a standard commercial vehicle has been converted into a fully robotic control vehicle. With a dual set of controls, manual and robotic, the vehicle can be used as a true construction device to help with the general needs of the region, and then quickly adapted to assist technicians to find, mark and remove buried explosives or similar devices. The vehicle is small compared to a bulldozer, it can be easily transported to remote geographical regions, and with the ease of operation and repair, it requires no specialised technicians. This capability increases the amount of land that can be cleared of landmines per day. To support wounded soldiers the ARGUS backhoe loader is a fully functional construction vehicle that was modified at the request of the US Department of Defense (US-DoD). One of the Key Point Parameters (KPP) is that such a design has operator controls that can quickly be switched between robotic and manual, in less than ten seconds. The major benefit is that an amputee soldier can control the vehicle’s function from his or her wheelchair or from the operator’s seat within the vehicle. Once trained, such operators can become private contractors and offer services to support general construction and earthwork.
An important feature of the ARGUS designs is the interchangeability of vehicle components between industries to support changing needs. Such interchangeability increases performance. One example is adapting the electrical control system to meet the required standards for underground mine vehicles so as to eliminate dust damage. In addition, the ARGUS design serves as an educational platform presented to engineering and technical colleges to teach students the functions and operations of hydraulics, electro-hydraulic control systems, robotics, steering systems, and wheeled vehicle design. The most important aspect of the ARGUS design philosophy is to support imagination, creativity, and innovation to meet ever changing needs in a wide range of security, rescue and humanitarian applications. In our next issue (Apr/May 2014) we bring you Part 2 of this article, commencing from: Integration of UMVs into current manned maritime security and surveillance operations. About the Authors John Cunningham is the Owner and Founder of Area Reconnaissance Ground and Urban Support Robotics (ARGUS), USA. John received his BS degree from West Virginia University in Mining Engineering and MS Degree from Marshall University in Technology Management-Manufacturing. For 24 years John oversaw design and manufacturing of thousands of wheeled and
tracked commercial construction vehicles for domestic and international markets. The US Department of Defense approached John requesting commercial vehicles to be made in both manual and robotic functions for anti-IED efforts. Such vehicles were quickly made and exceeded all key point parameters. From this request a series of vehicles have been designed on a common platform to meet a wide range of security and humanitarian needs around the world. Dr Pascual Marqués is the Owner and Executive Director at Marques Aviation Ltd (UK) and the International Director (United Kingdom) of Unmanned Vehicle University. Dr Marqués is an expert in Aerodynamics and Flight Stability. At Marques Aviation Ltd he oversees the design and manufacture of novel fixed-wing and rotor unmanned aircraft developed by the company. Dr Marqués acts as the Chair for the World Congress on Unmanned Systems Engineering (WCUSEng) and the International Aerospace Engineering Conference (IAEC). He is also the Editor-inChief of the International Journal of Unmanned Systems Engineering (IJUSEng). Dr Marqués regularly lectures in Aerodynamics and Numerical Analysis at Unmanned Vehicle University where he is a member of Faculty.
For a comprehensive list of security events happening in Asia Pacific this year, visit
Reduce your surveillance costs and increase your closure rate Gone are the days of paying for excessive hours of surveillance that yield little results. Contemporary investigation methodology is cleverly moving investigations online, which can speed up case closure rates in an extremely cost-effective way. By Peter Moroney
42 | Australian Security Magazine
ndertaking in-depth online searches is far more advanced than a simple Google search, and can often uncover critical information that can be used to close cases before the more expensive traditional surveillance or factual (circumstance) is required. Online investigation (or desktop investigation) should be used to complement other investigative methods such as surveillance or factual (circumstance) investigations. In the past, insurance claims officers would use competent surveillance and investigative personnel to establish legitimacy of and investigate claims. However, as all claims officers will concur, the deployment of surveillance and investigations can be costly due to the
length of time required to establish whether or not the Claimant is legitimate in their purported claim. Identifying the most appropriate time to deploy surveillance can be largely ad-hoc, and the results can often be hit-and-miss. The cost of online investigation can be half that of deploying actual surveillance, and when applied correctly, can aid in identifying and calculating the most opportunistic time for deploying surveillance (or an interview) that has the best chance of obtaining success whilst reducing costs. In simple terms, an online investigation is a thorough examination of the Claimant to identify what information exists online with relevance to their purported injury. The majority of society today lives life to varying degrees online â€“
gathering socially online, advertising and managing businesses online. Therefore, it is not surprising that most of us have some aspect of our lives captured and preserved online. A competent online (desktop) investigation goes beyond a simple search of Google, Facebook, White Pages and Twitter, and will normally take anywhere from 7-20 hours – sometimes longer depending on what is uncovered. It is a systematic untangling of everything electronic that can be identified and analysed about the Claimant with particular respect to their purported injury. As little as $700 can be spent to save on claims worth several hundreds of thousands of dollars over the identified insurance period. In addition to knowing how and where to source evidence that will aid in the case, competent online investigations can add tremendous value by capturing, storing and presenting evidence so that it can be used effectively in relation to the claim – and this is often where the majority of cases fall down. The days of wilfully allocating hour after hour on surveillance operatives should slowly start to fade as insurance companies benefit from the use of online investigations to aid in strategically investigating and closing claims. The end result should be reflected in reduced investigative costs due to the more appropriate deployment and use of investigation tools. Example one: A male Claimant had a life insurance claim where he was receiving approximately $8,000 per month to the age of 65. At the time of the claim he was 47. So, for the remainder of the claim period there was a potential to pay out $1.2 million dollars. However, a several hundred dollar online desktop investigation identified that this male subject had been running a business whilst in receipt of the insurance money. Despite the male subject’s best efforts to hide the registration of the business (it was in another person’s name), desktop enquiries were successful in connecting him to the ownership, management and day-to-day running of the online organisation. Surveillance would not have ever established he was actively involved in an online business. But an online desktop investigation, coupled with the strategic deployment of surveillance to cover advertised demonstrations, achieved the result that surveillance alone could not.
About the Author Peter Moroney is a Director of Nemesis Consultancy Group – a next generation investigative and security management consultancy co-founded with his father, former NSW Police Commissioner, Ken Moroney. Moroney is a leader in the investigations and security industry. As a former Detective Sergeant in the NSW Police Force, and more recently as the Investigation’s Manager, NSW Crime Commission, Moroney has in-depth widespread knowledge of managing and conducting criminal investigations. Having tracked terrorists and worked with former UK intelligence in deploying counter-terrorists measures, Moroney is at the forefront of the industry and is now applying these skills to change the way investigations are undertaken and more importantly the outcomes they achieve.
“In addition to knowing how and where to source evidence that will aid in the case, competent online investigations can add tremendous value by capturing, storing and presenting evidence so that it can be used effectively in relation to the claim – and this is often where the majority of cases fall down.
Example two: In another similar scenario, a female Claimant had been in receipt of an insurance benefit for approximately five years at an average of $6,800 per month ($408,000). During the life of the claim, approximately 25 hours of surveillance had been undertaken. The Claimant was not sighted. The approximate cost of surveillance was $5,000. However, for the cost of an online desktop investigation, a new address was established for the Claimant that had not been previously provided to the insurance organisation. Surveillance was then mounted on the new address with nearly five hours of video evidence obtained that showed contradictory behaviour against the Claimant’s stated medical incapacity. The address would not have been identified if it wasn’t for the use of online desktop investigation. NB: For the protection of identity, all information that may lead to the identification of person/claim in examples 1 and 2, has been changed.
Australian Security Magazine | 43
Frontline Available online! See our website for details
1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE
6 print issues per year for only $88.00 SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, 6 issues (1 year). ☐ ☐
Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag), 6 issues (1 year).
No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.
Salutation: __________First Name: __________________________________________
Please find enclosed my cheque/postal order (made payable to MySecurity Media )
for $ __________________ or debit my:
Job Title: ______________________________________________________________ Company: _____________________________________________________________ Postal Address:__________________________________________________________ Suburb: _____________________State: _________ Postcode: ____________________ Country: ______________________________________________________________ Email: ________________________________________________________________
44 | Australian Security Magazine
Card Holders Name: __________________________________________ Signature: _________________________________________________
Interested in our e-news service? Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)
Expiry Date:________________ Todays Date: ______________________
PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155
FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059
GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056
To have your company news or latest products featured in our TechTime section, please email email@example.com
Canon has unveiled the world’s smallest full high definition (HD) pan-tilt-zoom (PTZ) surveillance camera. See Page 47
JETprotect’s automated safety and protection product, ActiveSentry™. See page 48
Latest News and Products
TechTime - latest news and products
SALTO launchs new Clay cloud-based access control SALTO Systems is pleased to announce the official Australian launch of its award winning new product ‘Clay by SALTO’. Clay™ by SALTO is a ground-breaking product that offers vastly better functionality and performance than is possible in a traditional mechanical solution, and with a flexible management system that requires no cumbersome software installation or cost of a fully-wired electronic product. Designed initially for use in the SME (Small Medium Enterprise) market, many such companies have been unable to take best advantage of many of the top technological solutions in access control largely because of the cost and complexity of those systems. Clay™ combines a cloud-based intuitive software platform that is easy and fast to understand and manage, with high quality and design hardware that is easy and quick to
install, providing the same features as wired systems at less than 70 percent of the cost. Its increased security comes from users being able to easily and intuitively establish, consult, change and cancel specific access rights by person and place and time, and all in real-time, thus eliminating the problems and limitations of their existing mechanical solutions, such as the costs associated with changing locks, keys, and cylinders when keys get lost. Clay™ incorporates SALTO Systems’ wireless hardware, capitalising on SALTO’s outstanding products that have seen the company become one of the world’s top electronic lock manufacturers, with more than one million electronic locks installed globally. The key hardware element is the Clay™ IQ that serves as the hub between the wireless lock and the cloud, and is so simple to set up, users need only plug it into a standard electrical
socket. Neither router configuration, nor any other cabling is required. “SALTO has grown to be the market leader in Data-on-Card and wireless access control solutions by focusing on and delivering what the market needs to stay secure not just today, but tomorrow as well,” says David Rees, Managing Director, SALTO Systems Australia (Pty). “Our revolutionary new Clay™ product utilises the versatility of the cloud to give owners of SME businesses the ability to control their building access remotely and manage it in realtime via any device with an internet connection, providing security that is both flexible and future-proof.”
Volkswagen Commercial Vehicles rolls out CyberArk’s privileged account security solution Volkswagen Commercial Vehicles, part of the Volkswagen AG group, has implemented CyberArk’s privileged account security solution to optimise its password management. As part of a security infrastructure project, Volkswagen Commercial Vehicles in Hanover, Germany, has introduced CyberArk’s Privileged Identity & Privileged Session Management suites to manage non-personalised privileged user accounts automatically, ensure compliance with uniform password policies, and maintain a central, auditable password repository. Volkswagen Commercial Vehicles turned to CyberArk due to its strong presence in the European market, and ultimately chose CyberArk for the solution’s flexibility and ease of integration with its existing infrastructure. The CyberArk solution also passed Volkswagen Commercial Vehicles’ internal security test with flying colours. Currently in the first stage of deployment, the system is integrated with the company’s servers running multiple operating systems including Windows, Unix and Linux. Firm plans exist for expansion to further target systems. Databases are set to follow later this year, and the CyberArk solution is slated to be rolled out to virtual systems, service accounts and manufacturing systems in the future. CyberArk partner Computacenter, is supporting the implementation of the
46 | Australian Security Magazine
system and its integration in the Volkswagen Commercial Vehicles infrastructure. In addition to integrating new systems, the IT service provider is also training staff to ensure a smooth transition. “The CyberArk solution has shown itself to be an ideal interface between corporate regulatory frameworks and the managers of our IT landscapes,” notes Juan Ramos Rincon of the Volkswagen Commercial Vehicles IT Services Department, who is also responsible for planning new IT services. “We can now offer IT managers an out-of-the-box solution that meets the full set of requirements, reducing their workload and giving them security in their actions.” “Managing administrative accounts in complex IT environments is a major challenge for any business,” says Jochen Koehler, Regional Director, DACH, CyberArk. “The credentials for privileged user accounts on numerous servers, databases, applications and network components must be protected, yet they also need to be accessible at all times. Meeting these conflicting demands is the key to preventing unauthorised access while maintaining uninterrupted business operations.” The Hanover-based company intends to introduce an additional component of CyberArk’s privileged account security solution, the Privileged Session Manager. With this
product, Volkswagen Commercial Vehicles can secure remote access with precision. CyberArk’s Privileged Session Manager would ensure that external service providers, for example, can only access the resources specifically relevant to them.
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
Canon presents world’s smallest Full HD PTZ surveillance camera Canon has unveiled the world’s smallest full high definition (HD) pan-tilt-zoom (PTZ) surveillance camera, VB-S30D alongside other new network cameras including the VB-S31D, VB-S800D and VB-S900F. Despite their ultracompact form, the network cameras boast ease of use, high quality image capture as well as best in-class low light capabilities among other enhanced features. “Apart from providing wide angle recording and superior quality image capture in various settings, we understand the need for making network cameras smaller to blend in with its environment,” says Edwin Teoh, Assistant Director for Consumer Business Marketing, Canon Singapore. “With its ultra-compactness, VB-S30D would be a perfect fit for retail and commercial environments, to aid in managing building security and providing operations surveillance.” Ease of use and ability to blend seamlessly into environment With a diameter of approximately 120mm and height of approximately 54mm, the domeshaped VB-S30D is the world’s smallest Full HD PTZ surveillance camera. Through its pantilt-zoom and auto-focus zoom functions, the camera supports remote operation and wide overhead area coverage with wide angle view of 77.7 degree. This allows for maximum image capture, despite its ultra compact form. Similarly, both VB-S31D and VB-S800D are dome-shaped network cameras, sharing the same dimensions as VB-S30D. While VB-S31D
is a pan tilt-fixed focus camera, VB-S800D is a fixed camera. Both cameras enable monitoring across a large viewing area with wide 95 degree horizontal angle of view. The VB-S900F, on the other hand, takes the form of a compact fixed box-type camera which facilitates widearea monitoring with 96 degree angle of view. Additionally, it is equipped with a Digital PTZ feature which allows users to crop and display part of a camera image in the image display area. The ultra-compactness of the new network cameras means they are able to blend into most environments with ease. Although primarily designed for indoor monitoring, the new network cameras can be used outdoor with appropriate housing for optimal performance. High quality image capture and efficient video recording Equipped with DIGIC DV III image processor and DIGIC NET II processors used in Canon’s high-end cinema cameras, all four new network cameras are able to capture exceptionally high quality images, with vivid colours and reduced image noise. Furthermore, the DIGIC NET II video compression and streaming processor enables high speed image compression and the transmission of Full HD images at up to 30 frames per second with no loss in frame rate. Coupled with multiple streaming capability, user will have the option of recording the video in varying compressed formats, effectively lowering resolutions to extend recording capacity. All four network cameras also offer the highest number of intelligent functions in its
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
class, which includes Moving Object detection, Abandoned Object detection, Removed Object detection, Camera Tampering detection, Passing detection and Volume detection. These allow for maximum flexibility in various types of recording situations. Best in-class low light capabilities The new line of network cameras achieve best low light performance among full HD compact network cameras in their own class – with VBS30D being the ideal choice for night and lowlight setting surveillance due to its exceptional ability to capture low-noise colour video with little more than the illumination provided by a candle’s flame. It is able to achieve minimum subject illumination4 of 0.95 lux for colour video, and 0.5 lux for black and white video in night mode. Enhanced with Auto Smart Shade Control, a new feature which adapts to changing lighting conditions, the new network cameras will analyse the brightness of the scene and automatically select the optimal exposure and darkness compensation level to ensure that subjects remain sharp and clearly visible even in backlit conditions or dark settings. The new network cameras VB-S30D, VBS31D, VB-S800D and VB-S900F are at Canon authorised dealers.
Australian Security Magazine | 47
TechTime - latest news and products
Cartell gate openers now compatible with any solar automatic gate opener Preferred Technologies Group, maker of the Cartell gate openers and vehicle detection systems, is pleased to announce compatibility with any solar automatic gate opener. The GateMate (CP-3) has the lowest current draw in standby than any other free exit system on the market. It requires just 90-150 Microamps in standby. That’s 85-90 percent lower current draw than its closest competition. A critical aspect of any solar-powered gate opener is the battery. The more accessories attached to a solar gate opener, the less power is available when it needs to open or close. The last thing a gate opener needs is an accessory that uses a significant amount of power when in standby, drawing current 24/7.
in one Milliamp; so you see, there’s no comparison.”
or key fob to exit their property; they also like the fact that visitors can let themselves out.
“Our engineers have worked tirelessly for years to lower the power consumption of our free exit system,” says Jonathan Bohannon, President/CEO of Preferred Technologies Group, maker of the Cartell lines of products. “It humours me when I hear our competition boasting about their standby current being in the low Milliamps. Cartell is working in Microamps. There are one thousand Microamps
The Cartell GateMate (CP-3) is a onepiece system containing all its electronics in the sensor probe that gets buried beside the driveway. It has universal voltage (VAC and VDC) and connects directly to any gate operator. When hidden beside the driveway, it will detect a vehicle and open the automatic gate for a hand-free egress. Customers appreciate not having to use a remote, keypad
And now, with the lowest standby current usage in the industry, Cartell allows solarpowered gate operators to work longer on a single charge.
Securing airport perimeters against unauthorised activity JETprotect’s automated safety and protection product, ActiveSentry™, was independently tested at a US international airport. Intrusion scenarios and environmental monitoring were included in the evaluation. ActiveSentry™ is comprised of three layers to protect and take action against airfield threats; • cSENTRY™, part of the ‘ground’ layer, provides continuous monitoring of up to seven square miles by fusing radar and camera sensors to perform uninterrupted surveillance in day, night, smoke, fire, fog, rain or snow. cSENTRY™ includes a precision pan/tilt to point high-zoom cameras at distant intruders detected by the VFR™ radar for threat evaluation. If needed, cSENTRY™ can push back trespassers with focused high-intensity pulsating light or audio deterrents; • Cortex™ site software, the second layer, is the brain of the operation and is hosted on a 1U Blade EDGE server. Cortex™ communicates with multiple cSENTRY™’s
48 | Australian Security Magazine
and existing sensors at the airport to form an umbrella of surveillance. Alerts are triggered by Cortex™ under a set of rules that establish behaviour of detected persons or vehicles in and around the airfield. Geographical Zones are crafted to warn of breaches at the perimeter or in any Object Free Areas (OFA) on the airfield. The management of the Zone activity is controlled by a ‘Transition Table’ that coordinates each Zone with a set of actions in response to trespassers moving into, out of and through the Zone; • Lieutenant™, the top layer, is the responder portal to receive instant Alerts and pictures of the intruders. It also gives airport operations personnel and VIP’s access to the site to view live sensor and map data. With Apple’s iPad and iPhone mobility products, responders on location, or in separate distant sites can monitor and control any of the ActiveSentry™ assets.
For the independent testing, airfield perimeter fence lines and OFA’s were defined in Cortex™ from a satellite map. Zones were created by simply clicking on the map to generate polygons to establish areas matching the security goals at the airport’s perimeter. Each Zone is assigned a set of Rules to initiate actions. “ActiveSentry™ is built and tested for harsh environments and has been in operation since 2011,” says Greg Johnston, CEO of JETprotect.
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
Canon unveils a brand new category of projectors with the latest XEED Models Canon introduces a new multimedia projector category that combines the exceptional picture quality of larger installation projectors with the plug-and-play convenience of portable models. Designed for short-throw use, the new Canon XEED WUX400ST and XEED WX450ST Compact Installation LCOS Projectors are equipped with an advanced Genuine Canon 1.35x zoom lens with generous horizontal and vertical lens-shift adjustability for distortionfree image quality in environments where the projector must be located close to the screen or display surface. “LCOS panels often have contrast and brightness limitations. Canon’s new XEED WUX400ST and XEED WX450ST incorporate Canon’s proprietary AISYS optical system, which maximises the performance of LCOS panels, giving users brighter and sharper images without the effect of the grid,” says Edwin Teoh, Assistant Director for Consumer Business Marketing of Canon Singapore. “This new category of multimedia projector offers classrooms, small conference rooms and other small spaces the exceptional colour and clarity not often found in short-throw projectors.” All of Canon’s new Compact Installation LCOS Projectors employ a new Canon AISYS 5.0 optical engine that helps improve the management of light through the projectors’ next-generation Canon LCOS display panels. The result is the projection of high-resolution images with intricate detail, crisp contrast, high brightness, deep blacks, precise colour, and reduced blur during fast-moving movie scenes. The XEED WUX400ST deliver WUXGA (1920 x1200) resolution imagery with 4000 lumens of brightness while the XEED WX450ST provide WXGA+ (1440 x 900) resolution imagery with 4500 lumens. Installation flexibility Approximately 25 percent smaller than their predecessors, the XEED WUX400ST and XEED WX450ST Compact Installation LCOS Projectors are ideal for short-throw environments with the capability to project 100” image at 1.2 meters and 1.23 meters respectively. Both come with a built-in 1.35x distortion-free zoom lens, a 0-75 percent vertical and ± 10 percent horizontal lens-shift adjustment feature.
Imaging versatility Although integrating many unique technologies, the new Canon XEED WX450ST, and XEED WUX400ST Compact Installation LCOS Projectors are simple to operate and provide easy set-up features. An innovative four-point keystone-adjustment function enables users to adjust each corner of the image independently while also keeping focus consistent, and to achieve true diagonal projection as well as moiré reduction. An easy-to-use built-in edge-blend function with precision luminance ramp adjustment and pixel-overlap control enables the new Canon XEED Projectors to be used in multi-projector configurations for the display of large, seamless images with precisely matched edges. Advanced management and connectivity The XEED WX450ST and XEED WUX400ST are Crestron RoomView™-compatible. Key networking features also include a content-streaming capability, which allows one or more PCs to connect to a projector over a
standard LAN to share content. This NMPJ (Network Multi Projection) system has the ability to display content from four different PC’s on a single screen. Content can be streamed from any point with a network connection to a projector, either within a room or in multiple locations, simplifying installation. Input terminals on the new XEED Projectors include a USB port for ‘PC-less’ presentations of JPEGs and other content directly from a thumb drive or other USB-equipped flashmemory data storage device (and for firmware updates). Other inputs include DVI, component video, HDMI, and two mini-jack audio inputs. A special Picture-by-Picture Processor allows for the simultaneous use of HDMI and DVI in split-screen mode. A 5-watt mono speaker is built-in for audio playback without peripheral components. The XEED WUX400ST and WX450ST will be available in June 2014, at Canon’s authorised dealers at the recommended retail prices of SGD9,000 and SGD8,000 respectively.
Australian Security Magazine | 49
TechTime - latest news and products
Face detection and recognition by AirLive AirLive introduces new cameras with the IVS face detection and recognition function – MD3025-IVS and BU-3026-IVS. Intelligent Video Surveillance (IVS) system, face detection and recognition provides advanced, accurate video analytic that can be used to search, track, classify, and identify faces of people in the monitored area. This function automatically detects and captures a person’s face in a special database. The system alerts the operator when a face is detected in the frame of the image. The function provides security shield at the entrance to prevent the stranger, to guard the resident, and to allow you to create a
database of employees and other people. The camera located at the entrance can record all who pass by the front door and save their faces into the database. If a face is detected and it’s not stored in database, proper information will be displayed. Traditional access control systems allow use of an access card by an unauthorised person. The IVS authenticates the card owner by automatically comparing his face with the image stored in the database. IVS is an excellent solution for use in public places such as airports, stadiums, border crossings, offices, shopping mall, and buildings.
For more information visit www.airlive.com
HID Global acquires IdenTrust HID Global®, a world-wide leader in secure identity solutions, has announced it has acquired IdenTrust, Inc. (IdenTrust®), a leading provider of solutions for globally interoperable digital identities that can authenticate, encrypt, and create electronic signatures for every type of transaction or activity where proof of identity is essential. The acquisition significantly expands HID Global’s ability to provide some of the most secure identity solutions to Governments, corporations, and financial institutions around the world. IdenTrust is the largest supplier of digital
identities for the Department of Defense’s External Certification Authority (ECA) program and the General Services Administration’s Access Certificates for Electronic Services (ACES) program, and it provides identity management solutions for more than 20 of the world’s largest financial institutions. In the United Kingdom, IdenTrust digital certificates secure more than six billion payment transactions annually, with an aggregate value exceeding $7 trillion. “The acquisition of IdenTrust complements the previous acquisition of ActivIdentity and
considerably strengthens our HID Global value proposition around secure authentication, providing us with a Trust Framework for issuing, authenticating and using digital identities based on open standards,” says Denis Hébert, President and CEO of HID Global. “This acquisition, long in the making due to regulatory requirements, is very positive for IdenTrust, its customers, other shareholders and employees,” says Karen Wendel, President and CEO of IdenTrust.
New software release from Genetec Genetec™, a leading provider of unified IP security solutions, has announced that the latest service release of Security Center (5.2 SR4) provides integration with more than 80 new video devices from 13 technology partners, including many new models from Arecont, AXIS Communications, Samsung, Sony and Vivotek. The release follows the launch of new Security Center plugins for partner solutions including Software House C•CURE 9000 access control, Barco CMS video wall, Southwest MicroPoint perimeter detection devices and DSC PowerSeries intrusion panels. Available now for download to all Security Center 5.2 customers and to those with an active software maintenance agreement (SMA), this service release provides customers access to new software updates and feature options, with support for many of the latest edge devices on the market. Security Center 5.2 SR4 provides support for a number of new encoders, including the AXIS M7016 and P7216, offering analog
50 | Australian Security Magazine
customers highly cost-effective 16-channel encoder options. The release also integrates with a large number of new megapixel IP cameras from Genetec technology partners, including support for additional models of Arecont SurroundVideo® panoramic cameras. The number of Security Center technology partners also continues to grow with the addition of a number of new and updated 3rd party plugins. The recently updated Software House C•CURE 9000 access control plugin for Security Center provides bidirectional integration between the two systems, enabling operators to monitor C•CURE alarms, and other information within Security Center, and view access control events with their associated video as well as video Security Center video from the C•CURE workstations. A new Barco CMS plugin provides the seamless management of Barco video walls from Security Center, allowing operators to display and remotely control tile layouts and cameras on video walls through simple drag-and-drop.
Integration with Southwest Microwave INTREPID MicroPoint Cable and MicroPoint II perimeter fence detection systems offers customers a field-proven interface enabling operators to receive alarms from perimeter fences and monitor surveillance video associated with events from Security Center. Security Center also adds support for a new intrusion detection partner, the PowerSeries 1864 intrusion panel from DSC. “Through collaboration with Genetec technology partners, we are able to deliver frequent updates and integrations to Security Center and provide our customers access to the latest technologies,” says Jimmy Palatsoukas, Senior Manager of Product Marketing at Genetec. “Our unified security platform allows end users to take advantage of our partners’ security capabilities through a single intuitive application.”
TechTime - latest news and products
Imperva discovers emerging attack vector Imperva, pioneering the third pillar of enterprise security with a new layer of protection designed specifically for physical and virtual data centers, has released its latest Hacker Intelligence Initiative report, ‘Assessing the Threat Landscape of DBaaS’. Through an in-depth analysis of malware that used a shared hosting database for its Command and Control and drop server, Imperva discovered a new malware platform for cybercriminals: Database as a Service (DBaaS). The report concludes that by bringing data one step closer to hackers, DBaaS makes it possible for hackers to compromise an organisation’s database without accessing its network – ultimately increasing the risk of a data breach.
“Our research suggests that we will soon see autonomous malware targeting internal databases within organisations – which we believe would lead to a greater risk of infection and compromise within a network,” says Amichai Shulman, Chief Technology Officer at Imperva. “Organisations need to take the risks posed by cloud services into consideration as they decide which data they want to store externally, and adopt a mitigation strategy accordingly.” While the perceived risk of cloud services is already high, the report identifies two factors in particular that increase risk to corporate data; the relative ease of accessing cloud databases, as well as the ease of quickly turning a legitimate
foothold on these servers into a privilege escalation attack. Key findings also include: • Malware is now capable of connecting to both local and remote databases to retrieve, manipulate and exfiltrate information; • Malware can leverage DBaaS for botnet management (eg, Command & Control as well as Dropper functionality); • Cloud databases are prone to attacks via both privilege escalation and exposed vulnerabilities, as opposed to on-premise databases, which are mostly compromised via privilege escalation.
SolarWinds enhances security offerings SolarWinds, a leading provider of powerful and affordable IT management software, has announced enhancements to several of its security management solutions, including SolarWinds Log & Event Manager, SolarWinds Firewall Security Manager and SolarWinds Patch Manager. These solutions allow organisations of every size to effectively manage security and compliance. SolarWinds security solutions are designed to provide powerful automation, ease of management, and rapid time to value with a low cost of ownership to help alleviate the ever-increasing security and compliance management burden for tightly resourced IT and security departments. The latest updates to SolarWinds’ security solutions further these values through key enhancements to improve IT security management across the business. Automation In today’s multi-tasking IT environment, gaining insight into security activity can often get deprioritised. SolarWinds Log & Event Manager now provides additional automatic scheduling, distribution and notification of security and network activity, empowering IT pros with greater assurance that regular reviews are being performed and additional support to ensure strong security monitoring and compliance management practices are met. Ease of management In smaller IT environments, administrators have the daunting task of managing the infrastructure
from end-to-end. The latest version of SolarWinds Firewall Security Manager, which automates heterogeneous firewall configuration and change management, provides integration with SolarWinds’ centralised management console. Now, administrators can quickly identify high-risk firewalls, recent and upcoming configuration changes and firewall compliance status in SolarWinds’ single pane of glass for managing network, systems and security. Rapid time to value To ensure patch management processes are optimised, SolarWinds Patch Manager has been enhanced with step-by-step wizards, enabling users to be up and running quickly and significantly reducing the time it takes to get vulnerable machines patched and protected. “Security may be the most daunting task for IT pros, but in most cases today, ensuring security is no longer an option – it is a legal and ethical responsibility,” says Chris LaPoint, VP Product Management, SolarWinds. “These product enhancements are a testament to our focused efforts to deliver strong security management capabilities to organisations of every size and budget.” SolarWinds security solutions also include SolarWinds Network Configuration Manager, which provides automated network configuration and change management; SolarWinds User Device Tracker for automatic endpoint tracking and switch port management; and Serv-U Managed File Transfer, which allows organisations to maintain secure file sharing.
Australian Security Magazine | 51
TechTime - latest news and products
Avigilon introduces next-generation HD Pro camera series Avigilon Corporation has introduced the HD Pro camera series to its product portfolio. The new HD Pro camera delivers high-resolution images with Avigilon’s next-generation bandwidth management technology to effectively provide maximum detail and coverage of expansive areas. Available in 8 MP, 12 MP and 16 MP resolutions, the HD Pro camera provides high quality, detailed coverage of vast areas with fewer conventional cameras required. The HD Pro camera provides exceptional low-light performance and smooth capturing of moving objects due to its increased frame rates. When used in combination with the Avigilon Control Center software, the HD Pro camera provides a
for innovation in the industry. The HD Pro series now raises the bar even higher as we have broken new ground to enable end-users to have the highest quality images possible,” says Bryan Schmode, Executive Vice President of Global Sales and Marketing at Avigilon.
“This new technology combined with the latest version of our Avigilon Control Center software pushes the boundaries of innovation as we continue to deliver the most effective surveillance solution that is unmatched in the industry.”
superior surveillance solution. “When we introduced our JPEG 2000 Pro series cameras in 2007 we set a new precedent
PPSS Group launch slash resistant Homeland Security base layers New type of slash resistant base layers have been launched by PPSS Group, after identifying that prison and correctional officers all over the world operate within an environment where such realistic and clear risks and threat have
to be breathable, lightweight, thin, 100 percent concealable and of course cost-effective. Robert Kaiser believes these new slash resistant base layers are the answers to the prayers of many officers who sometimes fear
been identified. According to PPSS Group CEO, Robert Kaiser, it is a well-known fact that the risk of a prison or correctional officer being slashed and suffering from immediate rapid blood loss is real and has been well documented during the recent years. “One of my now closest friends survived one of the most brutal assaults on prison officers in the UK in 2010, which resulted in his Axillary Artery being slashed, leading to irreparable physical injuries and permanent psychological distress. “My team and I have spent countless hours communicating with more than 100 frontline professionals within prison and correctional institutions in countries around the world to identify exactly what type of protective equipment or clothing these professionals demand or require.” When discussing the detailed operational requirements with these frontline professionals, PPSS Group was made aware of it right from the start that its ultimate protective garment had
for their lives or are anxious every day they go to work. “This new piece of Personal Protective Equipment (PPE) is entirely focussing on the protection of the key arteries. We came to the conclusion that any stabbing injury could only be prevented by stab resistant armour and the issuing of such equipment was something that was perceived by almost everyone we discussed this matter with as too confrontational, aggressive and authoritative. “PPSS slash resistant base layers have been developed with only one objective in mind, and that is the effective protection of key arteries from being cut or slashed. “We strongly believe that a more effective garments in terms of weight/performance/ cost-effective ratio is not available or possible with today’s manufacturing capabilities and technologies. “We believe these slash resistant base layers we have now designed following 100 plus hours of extensive research is the ultimate type of personal protective garment, leading to a
52 | Australian Security Magazine
massive reduction of workplace violence related injuries and future loss of lives within the prison and correctional institutions.” For more info email firstname.lastname@example.org
TechTime - latest news and products
AirLive IP video surveillance project in warehouses at Chile The Grupo Magal, developer of large building projects in the Chilean real estate market, relied on AirLive’s IP video surveillance solutions to monitor the stores that are rented by its customers. Challenge The area to cover had seven warehouses aligned over an area of 140 meters long by 60 meters wide. The spaces of surveillance included three corridors and two gates. The following is a list of each of the places that required monitoring and security: a) b) c) d)
Corridor north-facing 140 meters long Corridor east of 60 meters long Corridor west of 60 meters long Vehicular access gate located on the west side e) Main vehicular access gate located in the east of the complex. Solution Due to the importance of surveillance and security of the goods stored in large spaces, the integrator, Ivar Michelena Viti, from IP Ingeniería Ltda recommended to install on warehouse Lampa I, at Magal, four cameras; two of AirLive’s FE-200VD and two of AirLive’ POE5010HD cameras. The AirLive FE-200VD were located at seven meters height above the northeast and northwest corners of the warehouses with tailored extension arms. On the other hand, the AirLive POE-5010HD were placed 15 meters away from the gates and two meters high with a 30 mm lens set. Results The POE-5010HD cameras installed allowed to obtain a record clear of vehicle IDs, drivers’ faces, the presence of companions, among other details. With the FE-200VD they obtain images of cars at 75 meters away from the camera. Across both cameras, the target moves away from one, the other is approaching, so it is always possible to identify the vehicle in its travel.
Australian Security Magazine | 53
TechTime - latest news and products
SafeXs 3.0 XT a secure USB strong enough to pull a London bus CTWO Products AB, a leading provider of encryption solutions, has announced SafeXs 3.0 XT, a secure USB drive forged in a solid strong custom alloy metal housing and utilising USB 3.0 speeds, the XT (Xtreme) has an exterior with an impact strength greater than 15 times over other metal based competitors which enables the XT to pull a London Double Decker Bus without breaking. The new casing gives SafeXs 3.0 XT, high impact strength, high durability and excellent corrosion resistance for high performance even in the roughest of environments. Dropped in the deep ocean, dragged through the desert, crushed against the mountain SafeXs XT withstands all. James Baker, Vice-President of Sales and Marketing at CTWO products says, “With the release of SafeXs 3.0 XT, it really gives us a chance to sell into verticals where we haven’t been so strong in the past, companies that need a heavy duty secure USB device with high wear
resistance and impact strength will be suited to this device. Then there are also the office workers that seem to live to torture their office supplies. You would not believe the pictures we have seen. All that ends with XT, it is tortureproof. Yes, that is a dare.” Companies will also be pleased to hear about the management opportunities available for SafeXs 3.0 XT as well as other SafeXs devices. BlockMaster’s SafeConsole enables administrators to monitor, track and trace, remote wipe deployed SafeXs devices no matter where in the world the devices are, and the only requirement is an Internet connection. Still the majority of USB drives used within companies and Government are insecure. Analysts predict the total sale of more than 250 million units for 2013. The vast majority of these devices are not protected with a password or encryption in the manner that SafeXs is. Anders Kjellander, Chief Security Officer and CISSP, at BlockMaster, adds, “The combination
of incredible USB 3.0 transfer speeds, stateof-the-art hardware encryption and a robust exterior plays nicely with the capabilities of SafeConsole. It is even possible to share files securely amongst XT users over the Internet when using ShieldShare client-side encrypted file sharing. The Snowden leak has piqued the interest for this type of hardware solution that provides offline data and key storage.”
Altium and Nimbic announce partnership and showcase new power integrity product Altium Limited, a global leader in Smart System Design Automation, 3D PCB design (Altium Designer) and embedded software development (TASKING) along with Nimbic, a leading provider of electromagnetic simulation solutions for signal integrity, power integrity and EMI analysis, have announced a new development partnership. This will make Nimbic the newest developer partner to join Altium’s newly formed Altium Developer program. The agreement consists of a strategic alliance between the two companies and the introduction of a new power integrity solution – Altium PI-DC. Altium PI-DC gives users the ability to validate DC voltage and current performance in their designs before prototype and production. Now, designers can avoid issues with power delivery and are better able to identify potential failure points. This includes high via currents that could cause fusing, or high resistance neck-down regions resulting in excessive voltage drop. Built from the ground-up, Altium PI-DC is based on Nimbic’s specialised 3D full-wave electromagnetic solver, and is designed to address the requirements of large-scale power integrity problems. Unlike other solutions in the
54 | Australian Security Magazine
market, the Altium PI-DC delivers fast solution times without compromising on accuracy. “Nimbic views this relationship with Altium as a significant opportunity to expand our market presence,” says Bala Vishwanath, Chief Marketing Officer of Nimbic. “With Altium’s PCB knowledge and Nimbic’s Electromagnetic Simulation expertise, we have the ability to raise the bar and introduce solutions that are no longer cost prohibitive allowing companies not only to increase productivity, but also design for reliability.” Altium PI-DC integrates into Altium Designer as an optional extension, giving engineers a seamless environment for DC analysis. Nets for analysis are selected in Altium Designer with
DC voltage drop and current density results displayed directly over the layout. This allows a designer to interactively identify and fix issues with no guess work about what layout structure might be causing the issue. “BGAs have hundreds of power and ground pins with numerous supply rails requiring complex networks of capacitors to manage ‘pure’ power. The sophistication of the PDN (power distribution network) requires engineers to be able to effectively analyse and make corrections early on in the design process,” says Daniel Fernsebner, Director of Technical Partnerships for Altium. “This partnership with Nimbic introduces a robust integrated power integrity solution to our customers.”
TechTime - latest news and products
Raytec lighting helps military in fight against terror A UK military site has chosen Raytec VARIO White-Light LED illuminators as part of a high security, anti-terrorism operation, concerning 24/7 vehicle inspection. To maintain the highest level of security at all times the military site must inspect all vehicles entering and leaving the site. Security staff are required to check all vehicles within a gated compound area for foreign objects and improvised explosive devices (IEDs). However, when inspecting vehicles at night, the compound required additional illumination, both under and around the vehicles. Security planners for the site specified that the chosen lighting must be installed at ground level, delivering a minimum of 100 lux along the centre line of the road, and also be energy and cost efficient. Planners explored multiple
in designing detailed lighting schemes for individual and bespoke customer requirements. They produced a unique design that met the 100 lux requirement using VARIO w8 White-
All stakeholders were very impressed with the light output of the VARIO fittings. The crystal clear, even White-Light illumination is currently allowing security staff to effectively inspect
lighting solutions none of which could provide the combination of high light levels, energy efficiency and military grade durability. Babcock International Group, an engineering support services company was consulted to help find a suitable product. “Having dealt with Raytec on another project I was confident that they could provide a solution to our problem,” comments Christopher MacFarlane, Senior Electrical Engineer at Babcock. Raytec’s lighting design team specialises
Light illuminators. Crucially all Raytec LED illuminators have an extremely low power consumption, offer a long ten-year life and require zero maintenance. This has allowed the site to forecast significant energy and running cost savings as a result of using Raytec LED lighting over old energy hungry technology such as halogen lighting. The savings for this project are estimated at around £5.7K in the first year and in excess of £57K over the lifetime of the installation.
vehicles entering the compound at all times, especially at night; all whilst while keeping costs to an absolute minimum. MacFarlane comments further on the design and installation process, “For any subsequent LED lighting projects I wouldn’t hesitate to consult with the team at Raytec. They have an excellent knowledge of their products and LED lighting technology”. For more information visit www.rayteccctv.com
Be prepared with Raytec’s free Lighting Survival Kit Raytec is offering a free ‘Lighting Survival Kit’ to ensure that all CCTV systems are fit for winter. The Lighting Survival Kit is designed to help security professionals achieve better images at night and save energy and money, at a time of year when lighting is on for longer, when more crime occurs during darkness, and when cameras are most vulnerable. The Free Lighting Survival Kit consists of two services to get security systems through nights. 1. Free Lighting Design Service: Raytec’s team of expert lighting designers can help you to design a lighting system that guarantees excellent images during the hours of darkness and is tailored to your individual requirements. Raytec offers both 2D and 3D lighting design plans highlighting the best possible lighting positions, number of fittings and detailed lighting levels.
2. Free Energy and Cost Saving Report Service: Bad lighting accounts for a surprisingly large proportion of electricity use – as much as 40 percent for many organisations. Along with a free lighting design, Raytec can provide information on the efficiency of your lighting
system. The reports detail the return on investment and the energy and cost savings to be made over one, five and ten years, by switching to Raytec LED illuminators compared to a traditional lighting solution. For more information, or to ask for a free lighting design and energy and cost saving report, email email@example.com
Australian Security Magazine | 55
Review by Susan Gallagher
Corporate Security in the AsiaPacific Region: Crisis, Crime, Fraud, and Misconduct By Christopher J. Cubbage, CPP, and David J. Brooks CRC Press; crcpress.com; 242 pages; $79.95; also available as an e-book.
56 | Australian Security Magazine
his book provides insight into the challenges of the practice of security in a region of the world that is as disjointed and independent as it is diverse. The variety of pressures faced by security practitioners is truly varied, and the authors try to pull together the region’s distinctiveness and range of security issues while also telling the story of the day-to-day reality for the security practitioner. While it focuses on the Asia-Pacific region, the book provides commonsense advice for security practitioners anywhere in the world – with an overlay of the regional issues, history, statistics, and trends – addressing security topics that are common concerns in the corporate environment. Some interesting comparisons and trends are included in the text, particularly as they relate to the Asia-Pacific region’s differentiation relative to European or American regions. These comparisons can help security practitioners from other areas of the world get a sense of underlying problems that may be well-entrenched issues in this region. Australasia has developed a well-established and robust security risk-management environment, and the book’s authors – with their strong ties to the Australasian security community – do not disappoint. They guide readers with practical and effective risk management advice to help the professional tease out priorities. The guidance provided can help create a better understanding of how to apply these sound principles to their enterprises in an effective manner. The vast and varied threats that are emerging in this region are difficult to pull together in one book, and at times it is evident that the region’s lack of cohesiveness, coupled with the great variety of cultures, makes it a difficult subject to wrap up in a tidy manner. The latter part of the book seems somewhat fragmented and lacks a narrative, as it is simply a collection of examples of fraud and misconduct from this and other regions of the world followed by a listed synopsis of each nation-state. Overall, it is the breadth of topics that the authors have at their disposal from this vast region of the world that makes this a valuable book for corporate security libraries anywhere in the world. Security professionals in the Asia-Pacific region will see many trends and issues that they are all too familiar with, and security professionals in other areas of the world will also enjoy comparing and contrasting the book’s examples with their own experiences. Review published courtesy of ASIS International. Published in the Jan/Feb edition of the ASIS International Dynamics.
About the Reviewer Susan Gallagher is director of Susan Gallagher Consulting Ltd in Canada and New Zealand, and is an independent specialist in security management for the Government and private sector. She is a member of ASIS International.
Have you recently published a security related book? Or have you just read a new, great security book? Please email us at firstname.lastname@example.org
Drones Robotics Automation Security Technology Information Communications
www.drasticnews.com Like us on facebook! www.facebook.com/drasticnews
Providing national Security
BY THE CONTINENT National security extends beyond the battlefield, and so does Lockheed Martin. Our leading-edge technologies in aircraft design, pilot training systems, air traffic management, and satellite communications are helping Australia meet its security challenges on multiple fronts. Along with our game-changing defence systems like the F-35, the Aegis Combat System, and the MH-60R helicopter, Lockheed Martin is committed to meeting the security challenges of today â€” and tomorrow.