“a WA Local Government engaged a Project Manager to handle a $200,000 public CCTV Surveillance project which is to be paid for by WA Police as part of the CCTV Infrastructure Fund. cyber security, the relevance of convergence between physical and cyber security, perspectives on law enforcement, and the potential role of private security in responding to cyber crime. There is now a wealth of information on the scale of cyber crime, including on the so called Dark Web, and there are a host of authorities confirming that the costs are astronomical, not least the cost of protection, that the impact can be significant, affect many, and appear to be increasing. In addition, there is evidence that the response is inadequate, and often under resourced, leaving businesses searching for the right solutions. Eric Hansleman speaking at IFSEC 2015 highlighted the current problematic position, ‘In the last year, businesses spent $70bn on cyber security. Meanwhile criminals will have made 10-20 times that amount’. The threat is international and just by way of example, the ACSC Threat Report 2015 summarised ‘the cyber threat to Australian organisations is undeniable, unrelenting and continues to grow. If an organisation is connected to the internet, it is vulnerable. The incidents in the public eye are just the tip of iceberg’. So what are our police and government regulators doing about this whilst stilling trying to regulate the physical security sector? Not much other than effectively restricting physical and cyber security professionals from cooperating and working together at a national level. To highlight continued breaches of state security legislation, most commonly around the element of security technology, a WA Local Government engaged a Project Manager to handle a $200,000 public CCTV Surveillance project which is to be paid for by WA Police as part of the CCTV Infrastructure Fund. The Fund guidelines stipulate compliance to the Security and Related Activities Act. The Project Management company does not hold a security agent or security consulting licence. In WA, the security industry is bound by a WA Police Code of Conduct formulated under the provisions of Section 94 of the Security and Related Activities (Control) Act 1996. The Code of Conduct requires to follow all the parameters to be professional, truthful, ethical and with the public interest in mind and Part 8 places the obligation on the licence holder to inform the Regulator of non-compliance with the Act. Having raised this breach with WA Police licencing, the confusing and wilfully inaccurate interpretation from the Officer in Charge read as follows: “The State CCTV Strategy has been developed following analysis of crime trends involving offences against the person, not property. I have been advised the main purpose of the Strategy is to provide a surveillance role to protect against offences against the person, to create a safer community. The future positioning of cameras is based around this goal. The Security & Related Activities Act (the Act) requires an installer to be licensed to install CCTV equipment for a security purpose.
34 | Australian Security Magazine
While a ‘security purpose’ is not individually defined in the Act, a security officer and a security consultant is defined as a person who for remuneration watches, guards or protects property, or advises on such matters. To this end, I have interpreted a security purpose as watching guarding or protecting property, not persons. Watching persons could be described as surveillance, which is not covered by the Act. The WA Police have drafted amendments to the legislation to make the Act clearer and remove such ‘loopholes’. The drafts are not expected to be introduced before parliament until well after the State election next year, and it is intended the industry will be consulted about the amendments before that occurs in any event. While the Strategy is structured toward a surveillance purpose, they recognise the knowledge and experience of the security industry and as such have included requirements for suppliers of services to be licensed, notwithstanding the surveillance purpose rather than a security purpose. As a result, I believe no offence has been committed.” This interpretation is intentionally confusing, wilfully inaccurate or otherwise shows police don’t understand the very legislation they are duty bound to enforce. Reports from ASQA earlier in the year on the security training sector confirmed that licensing was “a mess”. In Queensland last month the state government directed its interim training ombudsman to review security training following the deregistration of a security training organisation and advising 236 former students that their qualifications were no longer valid. ASQA had found the RTO was essentially handing out certificates without providing any training. The industry called for the inquiry to be extended to licensing and for the federal government also take a “serious look” at the mutual recognition law, and give states more power over licensing. The frustrating aspect to this is the Federal Government was willing to call a snap meeting of state and federal energy ministers following the South Australian statewide blackout, which prompted calls from the Coalition for a nationally consistent approach to energy security and was seen as a ‘wake up call’. Regrettably this meeting only resulted in another review but the point here is those conducting this work should have the wisdom to link energy security to public safety in the full context that ‘security’ deserves. The security sector does deserve and should continue to demand this attention and having asked for reform now for the last ten years, continuing to ignore it for the next ten will only result in the formation of other crises events and yet other ‘wake up calls’. As regional and military tensions rise along with the risk of war, Australia’s national security is interdependent and requires a holistic approach – there is no point regulating a security officer at the front door but letting an information security consultant enter without probity and vice-versa. Nor is there any point in regulating the installation of the physical intruder detection system and ignoring regulation of the network’s IDS – doing so makes the entire approach a halfhearted farce. The responsibility rests with our legislators to adopt a national approach to Australia’s security, that includes energy as well as social, physical and cyber security. Anything less is clearly inadequate and derelict of the government’s duty of care to all Australians.