Print Post Approved PP255003/10110
THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au Jun/Jul 2014
In the shadows of the Dragon China’s booming bodyguard and security industry
The use of social media in emergencies
and missing links of flight MH370
The commercial argument for security technologies $8.95 INC. GST
Peter Lockwood The Navy’s Commodore Senior Officer West Australia
TechTime | Movers & Shakers | Women in Security and much more...
*VBH41 PTZ camera in beige or black *VBH41 PTZcamera camera silveravailable orblack blackavailable available from nationaldistributors distributors *VBH41 PTZ ininsilver or from national
• • • •
Full HD Range
Compact Full HD Range
VBM40 – PTZ w/ 20 X optical zoom VBM600VE – IP66 fixed dome w/ optical PTZ-R during setup VBM600D – Fixed dome w/ optical PTZ-R during setup VBM700F – Wide angle full body w/ optical zoom during setup
• • • •
VBH41 – PTZ w/ 20 X optical zoom VBH610VE – IP66 fixed dome w/ optical PTZ-R during setup VBH610D – Fixed dome w/ optical PTZ-R during setup VBH710F – Wide angle full body w/ optical zoom during setup
• • • •
VBS30D – Compact PTZ w/ 3.5 x optical zoom VBS31D – Compact PT dome VBS800D – Compact fixed dome VBS900F – Compact Full body
BECAUSE CLARITY MATTERS
The World’s smallest FULL HD PTZ (VB-S30D) & PT (VB-S31D) cameras. 1
CAPTURE EVERYTHING IN THE HIGHEST OF QUALITY Learning and listening to end users and integrators on what they want from an IP camera drives Canon’s innovation – And with over 75 years of imaging excellence our range encompass all of our expertise & knowledge in camera and lens design. When Clarity matters, choose the premium quality range you can rely on. As 2014 Asatat1 March June 2014
For more information visit canon.com.au/networkcameras call 1800 021 167 or email email@example.com
Contents Editor's Desk 3 Quick Q & A with Alex Webling 4 Movers & Shakers 6 Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Senior Editor Loreta Cilfone Marketing Manager Kathrine Pecotich Art Director Stefan Babij Correspondents Sarosh Bana Serge DeSilva-Ranasinghe Adeline Teoh
MARKETING AND ADVERTISING Kathrine Pecotich T | +61 8 6361 1786 firstname.lastname@example.org SUBSCRIPTIONS
T | +61 8 6465 4732 email@example.com Copyright © 2014 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E | firstname.lastname@example.org E: email@example.com All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.
Feature Article Syrian Recruitment: Battle for the hearts and minds – Part II 8 Feature Interview Peter Lockwood – the Navy’s Commodore, Senior Officer West Australia
International Malaysian Airlines MH370: The mystery and missing links Five crisis management lessons from flight MH370 Asia Pacific war games briefing: March of the carriers
14 17 20
Women in Security Learning to shine
Frontline Social media and disaster information: Lessons from New Zealand Chinese bodyguards: Personal protection in the land of the Dragon – Part I On a wing and a prayer Mailbox Roulette: To be handled with care
25 28 30 32
Cyber Security Silent stalker: Who are the victims of big data? Cybrecrime: Not a matter of ‘if’ but ‘when’
CCTV The commercial argument for security technologies The beginning of the end: Public Safety Initiative – Ipswich City Council
TechTime - the latest news and products Bookshelf
Page 8 - Syrian recruitment Part II
Page 14 - Flight MH370: The mystery and missing links
Correspondents Page 40 - Public Safety Initiative Ipswich City Council
CONNECT WITH US www.facebook.com/apsmagazine www.twitter.com/apsmagazine www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about
Paul Johnstone www.drasticnews.com
Read Asia Pacific Security Magazine online!
2 | Australian Security Magazine
Dr Robyn Torok
Editor's Desk “It may be doubted whether anyone will ever master it in the sense of exhaustive and detailed understanding of it, continually up-to-date.” - Bret Walker SC, Independent National Security Legislation Monitor (INSLM), Annual Report 2011. Update - The Abbott Government will close the INSLM.
he immediate future of the Australian security and defence industry is looking quite bright. We have provided online a full overview of the Abbott Government’s Defence, Justice and Security related spending, presented in the 2014 Federal Budget – it is an extensive read but important to all those from across each of the relevant security sectors. As touched on in the last issue, we have sought an insight into the disappearance of Malaysia Airlines flight MH370. We had the fortune to speak with the Navy’s Commodore Peter Lockwood, Senior Officer West Australia, currently the senior-most ADF position in WA, about the importance of WA in the ongoing search for the wreckage in the southern Indian Ocean. We examine the circumstances around the two stolen passports used by passengers known to be on board and have an important and thought provoking critique of the crisis management and communications by Malaysian Airlines and the Malaysian Government. All articles justify why learning outcomes must be made from this incident – despite waiting until when the plane is located. The Australian Government has budgeted $89.9 million over two years as part of the contribution to the search for MH370. Funding of $27.9 million will be provided to the Department of Defence for the costs of its activities in searching. Two million dollars will also be provided to the Department of Infrastructure and Regional Development for the costs of establishing the Joint Agency Coordination Centre ( JACC). The JACC was established on 30 March for an initial period of six months. Further funding of up to $60 million will be provided to the Australian Transport Safety Bureau for the next phase of the search. At the time of writing, the search is on hold awaiting equipment from the US and repairs in Geraldton. The actual cost will depend on a number of factors, including the outcome of procurement processes for specialist services, the length of the search, and the extent of contributions from other countries. As per the quote above, deeper aspects of the Federal Budget included the announcement of $1.3 million in savings from the closure of
the INSLM function. For those who like to get lost in the bureaucracy, the objective of the INSLM was to assist Ministers in ensuring that Australia’s Counter Terrorism Laws are effective in deterring and preventing terrorism, are effective in responding to terrorism, are consistent with Australia’s international obligations and contain appropriate safeguards for protecting the rights of individuals. Job done? Good news for those involved with biometrics – the Australian Government will provide $2 million in capital funding for biometric systems software and equipment to expand the Offshore Biometrics Programme. The Government proposes to achieve savings of $18.6 million over four years by expanding the programme beyond the 20 countries where it currently operates and wants to introduce a user pays arrangement for visa services and biometric collection services with third party service delivery partners. Of particular interest, the Government will move to full cost recovery of its biosecurity services for imports and live animal exports. Fees for import clearance, seaports, post entry animal quarantine and live animal exports will be set to recover expected operating costs for 2014-15 in line with the provision of services on a user pays basis – there is a research opportunity there for anyone inclined to ask – just how much does security cost? As if to highlight the Government’s $50 million business case for new CCTV grants, we have a special CCTV feature issue with a unique insight from Larry White, Safe City Security Coordinator at the City of Ipswich, the qualified views of CCTV consultant Luke Percy-Dove, a review of Tony Caputo’s second edition book “Digital Video Surveillance and Security” and a product review of WD Purple’s surveillance hard disk drives. As promised – and who doubted them? - the Abbott Government will establish the Safer Streets Programme making local communities eligible to apply for grants to fund the installation of CCTV cameras and better lighting in known crime hotspots. The Government will also provide $18 million over three years to establish the Schools Security Programme to protect schools and pre schools
facing risk of attack, harassment or violence stemming from racial or religious intolerance. Critically, the Government will provide $10.2 million over three years for the Australian Federal Police to establish a dedicated Western Australian Anti Gangs Squad to fight organised crime at a local level – with the support of national tools, resources and intelligence. Within the same week as this announcement, WA Police made arrests over bikie extortion attempts against businesses in the central parts of Perth, WA. Given the Australian Crime Commission estimates organised crime is costing the nation $15 billion per year, let us hope the funding is not too little, too late. Just how radical do we need to get when fighting organised crime? We have Part II for the Battle of Hearts and Minds with Australia’s connections to the war in Syria and some great articles covering the burgeoning security and bodyguard industry protecting China’s billionaires, securing the Red Bull Air Race, use of social media in emergencies and with war continuing to brew in our region, we have a briefing on the regional power’s increasing deployment of aircraft carriers. Some thought provoking material and so much more to touch on! Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.
Yours sincerely, Chris Cubbage
CPP, RSecP, GAICD
OUR NETWORK Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.
Australian Security Magazine | 3
....with Alex Webling
Director, Resilience Outcomes Australia; BSc, BA (Hons), Gdip Comms, GdipEd, RSecP
Commencing in the security industry in the mid90s and holding a number of positions such as Foundation Director of the Australian Government Computer Emergency Response Team; Founder of the Trusted Information Sharing Network – Resilience Community of Interest; Founder of the Australian Government’s Chemicals of Security Concern program; and Head of Protective Security Policy responsible for launching the revised Protective Security Policy Framework and the single information classification system for the Australian Government, Alex Webling, is now Director of his own company which is a boutique consultancy specialising in organisational resilience, longevity and information security. How did you get into the security industry? If you don’t count several years in the Army Reserve whilst at uni, I suppose my first security job was in the Federal Attorney-General’s Department as the secretary to SAC PAV. Whilst the acronym is typically arcane ((Standing Advisory Council (Commonwealth State Cooperation) Protection Against Violence)), it was the predecessor of the NCTC in the years pre 9/11. In any case, I learnt a lot there about how Australia’s domestic security apparatus works (or doesn’t). I also got to meet and work with some senior people at the Federal and State/Territory level and see how they resolved issues. How did your current position come about? In 2012, I decided I needed to leave the APS. I saw demand from organisations that needed help understanding their information security at a strategic level. There was an opportunity to work with organisational leadership teams on a holistic resilience approach that aligned with their goals. I chose to start Resilience Outcomes to deliver that vision. What are some of the challenges you think the industry is faced with? It is very difficult to bound ‘security’ in our modern society. Concepts of security become more complex as the society itself becomes more complex. In the same way as it is not possible for any one doctor to be across every aspect of medicine, it is no longer possible for any one security professional to be across every aspect of security.
4 | Australian Security Magazine
That said, if there is a way to define the industry, then the best way seems to be in terms of the people in it who share a common way of defining the world in terms of risk. I am fortunate to be surrounded by many clever people who show this ability in everything they do. Unfortunately, there are a few who don’t and they taint the view that society has of the security industry. Which is a roundabout way of saying that professionalisation is an issue that I care a lot about and why I became a member (now treasurer) of the Australasian Council of Security Professionals. Security is complex and evolving, so it is only people who are security professionals who have even a reasonable hope of identifying their peers. For this reason, I support the Registry of Australasian Security Professionals as the best way that professional standards can be maintained and improved.
We can also be certain that it will also become more brittle as a consequence. It follows that if the security industry is to remain relevant, growth will be seen in areas that help the society as a whole become less brittle. There will continue to be a need for the specialists with skills in the intricacies of security treatments, however, there will be increasing demand for experts who take a holistic view and can help organisations become more resilient. These people are rare. The problem is that most security takes a band-aid approach and does not always take the cascading dependencies into account. A lot of the conceptual underpinnings that I was trying to achieve in the development of the PSPF are embodied in this.
Where do you see the industry heading?
Apart from spending time with kids, family and our new dog, I try to get an hour or two of exercise in every day, either walking or cycling, during which time I listen to any number of podcasts ranging from Nature and BBC Click to the RN Media Report.
In many ways we are at a crossroads. Our society is a complex system and consequently subject to the laws of entropy. I think we can be certain that society will continue to become more complex.
What do you do when you’re not working?
de Haan is seen as an excellent fit for Imperva Pacific. “As our latest asset, Robert extends the breadth of our experienced management team. We believe that his expertise in both channel and direct sales areas across regions and countries will have a deeply positive impact on our relationships with partners and customers,” outlines Jason Burn.
Steve Simpson ES2 Australia has announced that Steve Simpson has recently joined their growing organisation as Security Principal. Steve plays a key role in strengthening the security advisory services in Western Australia, headed up by Andy Battle, Security Architect and ES2’s Enterprise Security Lead. In this new role, Simpson brings a wealth of experience and expertise and will further evolve ES2’s Governance, Risk and Compliance (GRC) services and offerings, whilst continuing to act as a trusted Security Advisor to his long list of loyal clients. Hiring Steve was aligned with ES2’s growth strategy, and its ongoing approach to attracting and retaining the ‘best’ consultants that are recognised leaders in its field. ES2’s guiding principle is to be a trusted advisor to our clients. ES2 Australia is a Perth, WA, based Service Provider specialising in Enterprise Security, Enterprise SharePoint Services and Training Delivery. ES2 is the largest Security Service Provider in the State.
RIMS the risk management society™, has announced that Amber Levy has joined the Society as its new director of membership and constituent programs. “The strength of this Society relies upon our vast network of risk professionals whose varying experiences contribute to the overall value of RIMS’ membership,” says Mary Roth, RIMS Executive Director. “Amber has a profound understanding of the member association dynamic, and has had tremendous success identifying new opportunities to engage, grow and retain members. We look forward to tapping into Amber’s expertise to enhance the member experience.” Prior to joining RIMS, Levy was the National Director, Hotel Sales Northeast Region for the Los Angeles Tourism & Convention Board. At RIMS, Levy is responsible for the expansion of RIMS membership programs including the development of membership value initiatives, educational programming and products and identifying trends, gaps and opportunities to benefit the Society’s membership of more than 11,000 risk management professionals. “Key to delivering value to any association is understanding who the members are, what their needs might be and anticipating how those needs might evolve,” says Levy. “I am extremely excited to share my experiences but, more so, learn from RIMS’ already outstanding membership and professional development teams.”
Robert de Haan Imperva, pioneering the third pillar of enterprise security with a new layer of protection designed specifically for physical and virtual data centers, has announced the appointment of Robert de Haan as Regional Sales Manager. He has business development responsibility for territories spanning Queensland, Northern Territory, New Zealand and the Pacific. He reports to Jason Burn, Area Vice President - Pacific. During his extensive career, de Haan has developed relationships across multiple industries and technologies including cloud computing, mobility, virtualisation, security and networking. He has experience in product sales, professional services, consulting, and managed services with respected corporations such as Cisco, IronPort, Clariti, JTEC, Volante, and Tektronix.
6 | Australian Security Magazine
SecurEnvoy – Steve Watts The IT company SecurEnvoy was one of the winners of the 2014 Queen’s Award for Enterprise. It is the most significant and
most prestigious business award across the commonwealth and rest of the world and this year was presented on 21 April, Queen Elizabeth II’s birthday. SecurEnvoy received the award, in the ‘International Trade’ category, for its invention of tokenless two-factor authentication. The success of SecurEnvoy is attested by the London-based company’s world-wide sales network, which now covers every continent. Queen Elizabeth herself presented the award to the company’s founders, Steve Watts and Andy Kemshall. “We feel hugely honoured to receive the 2014 Queen’s Award for Enterprise from the Queen,” comments Steve Watts, Co-Founder, and Sales and Marketing Director of SecurEnvoy. “For years we have focused on the expansion and globalisation of our sales network. It’s great that the resulting success of our products has been acknowledged and has even resulted in an award from such a prestigious body. After having already won the Queen’s Award for Innovation in 2011 and having been able to meet the Queen then, we are all the more pleased to be able to see Queen Elizabeth at the award ceremony again this year.”
Simon Howe Simon Howe, previously Sales Director Mobility Solutions at backup specialist Acronis, has been appointed Director of Sales (Australia and NZ), LogRhythm. Howe is responsible for developing a channel of security-focused partners that will deliver LogRhythm’s award-winning security intelligence platform to the ANZ market. “Increasingly, organisations are realising that breaches are inevitable. As such, they are looking for solutions that can help them substantially improve their ability to detect and respond to threats and breaches sooner. Today, LogRhythm’s Security Intelligence Platform delivers that visibility to more than 1500 organisations around the globe,” says Simon Howe. If you have an entry for Movers & Shakers please email details and photo to firstname.lastname@example.org
Syrian recruitment: The battle for hearts and mind In Part I of Syrian Recruitment: The battle for hearts and minds, key discourses and systems of ideas were considered that were aimed at coercing and enticing people to follow the path of jihad and martyrdom in the battlefield of Syria. These discourses were specifically outlined with an emphasis on achieving martyrdom. Here follows Part II. By Dr Robyn Torok
Risk fighters pose on their return
ighters from many nations including the West continue to travel to Syria to take part in the conflict. In late April 2014, it was estimated that there were about 11,000 foreign fighters in Syria. Not only is Australia represented, it has one of the largest sources of foreign fighters per capita from the West. Given the large number of foreign fighters, questions need to be raised about their return and what risk they may pose, and this is the focus of the article. Western Governments including Australia have been open and vocal about their concerns over the return of Syrian fighters. In fact, Syria is regarded as the latest and most concerning development in global terrorism. Of particular concern are the links to al-Qaeda and the encouragement to conduct attacks on home soil. Coupled
8 | Australian Security Magazine
with increased ideological motivation is that these individuals have developed key terrorist skill sets as well as intricate systems of networks. Making matters worse is the difficulty in profiling potential terrorists or suicide bombers with individuals subscribing to a set of discourses or beliefs rather than personality traits. In addition, a recent news report of French nationals going to Syria found that a large proportion were not from a Muslim background but were in fact disaffected youth. Of major concern here is that these individuals may find a purpose and not stop until that purpose is fulfilled. Coupled with this are concerns that in some Western nations like the UK, not enough is being done to monitor those returning from the battlefield or as some would argue the latest terrorist training ground. Current Australian fighters in Syria may pose a risk upon return. Not only do they acquire greater skills in fighting,
‘Means of attack is commonly outlined online with social media literature indicating the use of any type of crude weapon for jihad including; home-made bombs, gas bottles, 3D-printable guns, aeroplanes, cars, rifles, pistols, mobile phone detonators, and even swords, knives and martial art type attacks on single disbelievers.’ but also the development of networks and contacts that can further their jihadi agenda. It’s not just those fighting in Syria that pose a risk, but those Australian’s who are currently training in jihadi camps in Lebanon and Turkey that are linked with the fighting in Syria. While returning fighters may not pose an immediate threat upon their return, the fact that they have further radicalised views, a hardened fighting mentality, and already subscribe to war-hardened terrorist’s thinking poses a possible threat in the future. Such a threat is further increased if fighters returning on home soil are not known to agencies. Types of martyrs and their rewards Given that martyrdom is central as both a recruitment tool used in Syria, as well as a risk posed upon return, it is important to understand the types of martyrs which are all based on intent of the jihad fighter. For the Muslim martyr, the more one has ascribed to the act with ‘pure’ intent, the higher the reward is in Jannah (heaven). Intents range from a love of Allah and Islam to seeking paradise and the need for self-defence down to the lowest intent of financial reward and the need for recognition. These give rise to the three types of martyrs from the ‘pure’ to the impure intention: 1) Shaheed (martyr) in this world and the hereafter; 2) Shaheed only in the hereafter; 3) Shaheed only in this world. While a superficial view of social media would indicate that recruiters aim to focus on recognition, in depth discourses outlining the details of jihad and martyrdom are continually circulated including ‘jihad as the pinnacle of Islam’ – fighting in the path of Allah. Recruits are reinforced with the notion that ‘nothing is equivalent or comparable to it (jihad and martyrdom) from all the actions (good deeds) in Islam.’ Much is discussed on social media about a popular jihad text regarding the disbeliever (kuffar) and the Muslim who kills them for the sake of Allah. It is noted that the Muslim is greatly rewarded for killing the disbeliever and in doing so is uniting the Ummah and raising the black flags and making Allah most high. Disturbingly, discussions take place regarding the Muslim who kills a disbeliever will actually take their place in Jannah (heaven). In other words: ‘Imagine how many places in Jannah the Mujahid who does martyrdom operations will take from all the disbelievers he kills in his operation. Try to imagine that he killed hundreds of them and all this was done in a few minutes or maybe even seconds. How great is the reward he got in those few minutes’. Basically, the more disbelievers a Muslim kills during a
martyrdom operation, the more reward for that muhjid. This is stated as encouraging jihadi fighters to carry out attacks and martyrdom operations in the West. Preparation and training for Martyr operations “And prepare for them all you can of power, including steeds of war to terrorize the enemy of Allah and your enemy” - Al-Anfal When talking about committing an operation on home soil, preparation is key. Discourses related to physical and skill set training is vital as supported by interactions on social media. Muslims are encouraged to keep fit, go to the gym, and take boxing and martial arts as well as sword or fencing classes. Training together (brothers together) is vital to not only foster a sense of belonging, but also to encourage each other and unite the cause. Time away in a secluded location on a farm or forest is seen as vital. In addition, training is recommended in firearms, rifles, and even joining a gun club. Also, skills within close fighting with knifes is vital to undertake. Any military style training is encouraged as well as gaining as much information about your enemy. Finally, money is the bread and butter for an operation; therefore money acquirement is mentioned as well. Method of lone wolf attacks and possible targets Means of attack is commonly outlined online with social media literature indicating the use of any type of crude weapon for jihad including; home-made bombs, gas bottles, 3D-printable guns, aeroplanes, cars, rifles, pistols, mobile phone detonators, and even swords, knives and martial art type attacks on single disbelievers. While bombs are mentioned in lone wolf type attacks, it is not the only source of attack that can be used in such operations. Shootings and knife attacks are just as important to the jihadi in lone wolf operations. Types of targets are usually only described in general terms such as the kuffar (non-believer), single sources have pointed to a variety of targets such as military bases, commercial buildings, car racing events and sporting events. More important than the means of attack or type of target selection is the media coverage and the associated terror aimed by any such attack. In addition, any such attack on the home soil of a Western nation gains much greater media coverage than attacks in the Middle East and these have been evident even in smaller scale attacks such as the public brutal attack on a British soldier and the subsequent ‘interview’ given by one of the killers. This concept is summed up by the following social media quote: “NOTHING HARMS THE KUFFAR MORE THAN A BOMB IN THIER OWN BACKYARD!” and “INDIVIDUAL JIHAD IS THE ANSWER!”
Australian Security Magazine | 9
Unidentified rebel of the Free Syrian Army inserts cartrige full of inflammable cotton into home made gun in Aleppo, Syria
‘The key concept of black suit jihad is the unknowing of when terrorism will strike and who will bring that terror. It is the blending in of the one who is intent on striking with the general population.’ Inspire magazine – issues 11 and 12 – promote lone wolf operations as the key to successfully conducting a jihad operation. The Boston marathon bombings are given as an example of what can be done with lone wolf operations. In addition, the forthcoming new magazine put out by al-Qaeda, ‘Resurgence’ , also promotes lone wolf attacks.
Black suit jihad and lone wolf operations The phrase ‘black suit jihad’ is one I have coined based on a popular jihad image and message found in a leading jihad text on being a martyr and seeking the highest levels of Jannah (heaven) which is routinely circulated and discussed on social media platforms as the focal point for martyrdom and success in this life. This image is used to encourage lone wolf operations on western soil. It shows a well-dressed man in a black suit with jihad head gear and a message directly addressed to the Kuffar that they do not know when the lion (the one who will strike terror on home soil) is coming: ‘kuffar, await the lone wolf.’ The most important tenet is ‘jihad against the unbelievers’ – attacks in the West. The key concept of black suit jihad is the unknowing of when terrorism will strike and who will bring that terror. It is the blending in of the one who is intent on striking with the general population. In other words, the lone wolf will fit in so well into the Australian community, that the attack will come when not expected by someone off the radar of surveillance and in a way not expected or necessarily thought of. Following is an outline of a number of factors which make black suit jihad more concerning: 1) Failure of profiling: The literature is clear that extremists and terrorists do not fit a psychological profile and have in fact demonstrated significant variation in many factors including race, education, background and personality type. Given the significant number of foreign fighters, this makes identifying those which pose a more significant risk more difficult. Gender is also another factor that is gaining increasing focus with an increasing number of women joining the conflict in Syria. The risk posed by women returning from Syria also needs to be considered. 2) Emphasis on lone wolf operations: Although online magazines such as Inspire have long promoted lone wolf operations, the most recent additions of the
10 | Australian Security Magazine
3) The ‘success’ of the Boston marathon bombings: In issue 11 of the Inspire magazine, there is an article about the Boston bombings and the power of online media including the Inspire magazine itself. As the following quote indicates, Western targets are still very much being promoted. The Boston Bombings have uncovered the capabilities of the Muslim youth, they have revealed the power of a Lone Jihad operation. And by the Will of Allah, future attacks will force the enemy to place his knees on a rough ground. So take things into your hands. You are a Muslim, it is your obligation. 4) Contribution of social media: Although there is concern that those returning from Syria may become recruiters and trainers, social media is still viewed as the key recruitment and training ground. In fact, these skills are still being honed whilst in Syria with recruitment videos continually being made and circulated online. Such actions lend support to al-Qaeda’s belief that social media and the internet are more significant recruitment tools than individuals who have had first-hand experience in a conflict. 5) Emphasis on Western online ‘preachers’: Interestingly, it is not Syrian or Middle Eastern preachers or Imams that exert the greatest influence of social media, rather it is Western preachers. When al-Qaeda was at its peak, US born cleric, Anwar al-Awlaki, was arguably one of the greatest influences on social media and even after his death, his ideas and discourses have continued to circulate widely. In fact, al-Awlaki is still one of the most influential clerics that recruiters use toward gaining Western recruits. Key clerics from the US, UK and Australia are regarded as important figures on social media and are followed online even in Syria itself. Their discourse continues to be a key weapon in the battle for hearts and minds and poses a significant risk to the West. While Western nations have radical clerics, they also have the responsible Imams that have dissuaded followers to travel to Syria. While some argue that they have not
SYRIA REFUGEE RESPONSE
The boundaries, names, and designations used on this map do not imply official endorsement of the United Nations or UNHCR. All data used were the best available at the time of map production. Data Sources:- Refugee population and location data by UNHCR as of 30 April 2014. For more information on refugee data, contact Rana G. Ksaifi at email@example.com GIS and Mapping by UNHCR Lebanon. For further information on map, contact Jad Ghosn at firstname.lastname@example.org, Aung Thu WIN at email@example.com, James Léon-Dufour at firstname.lastname@example.org
LEBANON Time-series Syrian Refugees Registered by Cadastral in Lebanon as of 30 April 2014
Total No. of Refugees
! ! !! !! !! !!! !! !!!! !!! !!! !!! !! !!! !!! ! ! ! ! ! ! !!!! ! ! ! !!! !!! ! !! ! ! ! !! ! !! !!!! !! !! !! !!! ! !!!!!!!!!!! ! ! ! ! !!!! !!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! ! ! ! ! !! !! ! ! ! !! !!! !! !! ! ! !! ! ! !! ! !! !! ! !! ! !! ! ! 1 - 500 !! !! !! ! !! !!! !!! ! !!! ! ! ! ! ! !! ! ! !!! ! !!!!!!! !!!! ! !!! !! ! ! ! ! ! ! ! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !!! !! !!! ! ! ! ! ! !!!!! ! ! ! ! !!!! ! ! !! !! !!! ! !!! ! !! ! !! ! ! !! ! 501 - 2,500 ! ! ! !!! ! !!! !!! ! ! ! !! !!! !! !! !! ! !!!!!!!!!!! !!!!!! !!!! ! ! ! ! ! ! !! ! !! !! ! ! !! ! ! ! ! !! !! 2,501 - 8,000 !! ! ! ! !! ! ! !! !!!! ! ! !! !! ! ! ! ! ! !!! ! ! !!!!! !! !! ! ! ! ! ! ! ! ! ! !!! ! ! !! ! ! ! ! ! ! ! ! ! ! ! ! !! ! ! !!! ! ! ! ! !! ! !!!! ! !! !! ! ! !! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! ! !!! ! North ! !! ! ! ! !!!! ! ! !! ! !! ! ! ! !!! ! 8,001 - 15,000 !! ! !! !! ! !! ! !!!!!!!!!!!!!!!!!North ! !!!!!!!!!!!!!!!!!!!!!! ! !! !!!! ! !! ! ! !! !! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! !!! !!! !!!!!!!!!!! !!!!! ! !!! !!! !!!!!!!!!!!! !!!! ! !! !!! !!!!!!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! 15,001 - 33,523 !! !! ! !!! !! ! !! ! ! ! !! !! ! ! !!!!! !!! ! !!!!!!! ! ! ! ! ! ! ! ! !! ! !!! ! !!! !! !! ! !!! !! ! ! ! ! ! ! ! ! ! !! !! !!!!! ! !! !! ! ! ! !! !!! !! !! ! ! !! ! !! ! !! !!!! ! !!!! !!! !!! !! ! !!!! ! ! !! !!! !! ! ! !!! !!! ! !! !!!! !! !! !! ! ! ! !!! ! !! ! !! ! !!! !! ! !!!! !! !!! ! ! !!! !! ! !!! ! ! ! ! ! !! ! ! ! ! ! ! ! ! ! ! !!! ! ! ! ! ! ! ! ! !! ! !! ! !!!! ! ! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !!! ! ! ! ! !!! !! ! ! ! !!! ! ! ! !! ! !! !! !! ! ! ! ! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! !!!!!!! !!!!!!!!!!! !!!! ! ! ! !! ! ! ! ! ! ! ! ! !!! ! ! ! !!!!! !! ! !! !! !!! !! ! ! ! !! !! ! ! ! ! !!! ! ! ! ! ! !! ! ! ! !! ! ! ! !! ! !!! !!!!! ! !! ! !!! ! ! !! ! !!! ! !! ! !! !! ! ! !! ! ! !! !!! ! ! ! ! ! ! !! ! ! ! ! ! ! ! ! ! ! ! ! ! !!! ! ! ! !! ! !! ! ! !!!!! !!!! !! ! ! ! ! !! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Bekaa ! ! Bekaa Bekaa ! !!! ! !!!! !! !! ! !! ! !! !!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !!! !!! ! !! ! ! !! ! !!!!! ! ! !! !! !! !! ! !! ! ! ! ! !!!!! ! ! !!!! !!! ! ! ! !! !! ! !!! !! ! !! ! ! !! !!!! ! ! ! ! ! ! !!! !!! !!! ! ! ! ! !!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !!!!!!!!!!! !!!! !!! ! ! ! ! ! !!!!!!! ! ! !!!! ! !! ! ! ! ! ! ! !! ! ! ! !!!! ! !Mount ! ! !! ! ! !! ! ! ! !!! ! ! ! ! ! ! !! ! !Mount!Lebanon ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! ! ! ! ! ! Mount Lebanon ! ! ! Beirut Beirut Mount Lebanon ! ! Lebanon !! Beirut Lebanon ! !! ! !! !! ! Lebanon !! ! ! ! ! !! !!!! ! ! !!! ! ! ! !!! !Mount ! ! ! ! ! !!!! ! ! !! ! ! ! !! ! ! !! ! !! ! ! ! ! !Mount ! ! ! !! !!!!! ! ! !!! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !!! ! ! ! ! ! !!! ! ! ! !! ! !!! ! ! !! ! !!!! !! !!!!! ! !!!!!! ! !! !! ! ! !! ! ! ! !! ! ! ! !! ! ! ! ! ! ! ! !! ! ! ! ! ! ! ! !!!!! !!!! ! !!!! ! ! ! !! ! ! ! ! !! !!! ! ! !!! ! !!! !! !! ! ! !! ! ! !! !! ! !!!! ! ! ! !!!! !! !!!!!!! !!!! !! !! ! ! ! !! ! ! !! ! !! ! !!! !! !!!! ! ! !!! ! ! ! !! ! ! ! ! ! ! ! !! ! ! !!! !! ! !! ! !!!!! !! ! !! !! ! !! ! !! !! ! ! ! ! ! !!! ! ! ! !! !!! ! ! ! ! ! !!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! ! ! !! !!! ! !!!! !!! ! !! !! ! !! ! ! !!!! ! ! ! !! ! ! ! ! !! !! ! ! ! !! !!! !!! !! !! ! !!!! ! ! !!! ! ! !!! !! !! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !!!!! ! !!!! ! !! ! !!! ! !!! !! !!! !! !! !! ! ! ! ! ! !! ! ! ! ! ! ! !! ! ! ! ! !! ! !!!! ! ! !! ! !!!! ! !! !!!!! ! ! ! ! !! ! !!!!! !! ! !!!!! !!! ! ! ! !! ! !! ! !! ! ! ! ! !!! !!! ! ! !! !! ! ! ! ! !!!!!! ! ! ! ! !!! ! ! ! ! !!!!!!!!!!!!!! !!!!!!!!! ! ! !! ! !!! !! ! ! ! ! !!!! !!! ! ! ! ! ! ! ! ! ! ! ! ! ! !!!! ! ! !!!!!! !! ! ! !!!!!!!!!!!! ! !! ! !! !!!!!! ! ! ! ! ! ! ! !! !! ! ! ! ! ! !!!!!! !!!!! ! !!!! !! !! !! ! ! !! ! ! !! ! ! ! ! !!!!!! !! ! ! !!!!!!!!! ! !! ! ! ! ! ! !! ! !! ! !! !! !! ! !! !! !! !! !!!!! ! ! ! ! ! ! ! !!! ! !!! !! !! ! ! ! ! ! ! ! !!!!!!!!!!! ! ! ! ! ! ! ! !!! !!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! ! ! ! ! !! !! ! !!! ! ! !!! ! ! ! !!! !! ! ! ! ! ! ! ! ! ! !! ! !! !! ! !!! ! ! ! ! ! !! ! !!!!!!!!!!!!!!!!!!!! ! ! ! ! ! ! !!!!! ! ! ! ! !! ! !! ! !! ! ! ! !! ! !!!!!!! !! !! ! ! !!! ! ! ! ! ! ! ! ! ! ! ! ! !! ! !!! !! ! !!! ! !! ! ! !!! ! ! ! ! ! ! ! !! ! !!!! !! !! ! ! !! !!!! !!! ! ! ! !!!!! ! ! ! ! ! ! ! !! ! !! ! !! ! ! ! !! !! ! !!! !! ! !! ! !! !! !!!!! !!!!!! !! !! !! ! ! ! ! ! ! !! ! ! !! ! !! ! ! !!! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! !! !! ! !!! ! ! ! ! ! !! ! ! !! ! ! ! !! ! ! ! !! ! ! ! ! ! ! !! ! !!!ElEl Nabatieh !! !!!! !! !! El Nabatieh ! El !! ! ! ! !! !!!!!!!!!!! ! ! !!!ElEl !Nabatieh ! !! !!!!!! !! ! !! !! !! ! ! ! ! !! !! !South !!! ! !!! ! ! !!! ! South South South !! South ! !!!!! ! ! ! ! ! ! !!!!!!! ! !!!! ! ! South ! ! ! ! ! ! ! ! ! ! ! !! ! ! ! !!!! ! ! ! !! ! ! !!!!! ! ! ! ! ! !! ! ! !! ! ! ! !! ! ! ! !! !! ! !!!!!! !! ! ! !! !! !!!! !! !! !!! ! !! ! ! ! !!!! ! !! ! !! ! ! ! ! ! ! !!!!!!!! ! ! ! ! ! !!!!!! ! !! ! ! ! ! ! ! ! ! ! ! ! ! !!! ! ! !! ! ! ! !!! !!! ! ! ! ! !! ! ! ! !! ! ! ! ! !! ! ! ! ! ! ! ! !
! !!! ! !!! !! ! !!! !! ! ! !! !!!! !! ! !! ! ! !! ! ! ! ! !!! ! ! ! ! !! ! !! ! !! !! ! ! ! ! ! !! ! !!!! ! ! !! !! ! ! ! ! ! !! !! !!!!! ! ! !!! ! ! !!!!! ! ! !! ! !! ! !! !! !! ! ! ! !!! !! North!!! ! ! !! !! !! ! ! !!! ! ! ! ! ! ! !! ! ! ! ! ! ! ! ! !! ! ! ! !! ! ! ! ! ! !
! !! ! !
!!! ! !!!!! ! !! ! ! ! ! !
! ! ! ! ! !
! ! !! ! !! ! ! ! ! ! ! ! !! ! !!
! !!! !! !
! ! ! !
!! !!!!!! ! ! !! !
!! ! ! !!
806K 480K 25K Jun 2012
129K Dec 2012
done enough, Imams have come under heavy criticism from extremist elements in the Muslim community for their stance and perceived support of Western notions and policies. 6) The power of discourse: In the battle for hearts and minds nothing is more significant than the system of ideas or discourse that is circulated especially through social media as previously mentioned. Following is a summary of the key discourses driven against Australia, in particular what radicals term the ‘unjust’ discrimination by the Australian Government toward Australian Muslims who follow ‘pure’ Islam and the Sunnah (habitual practice of Muslims). Like a prosecutor presenting evidence, social media posts by extremists circulates the case against Australia (and likewise other Western nations). This is designed to negatively paint and portray the Australia Government as guilty by stating that the Australian Government is manipulating and controlling the affairs of the Muslim community. Consequently, these elements have been used by radicals to encourage given elements in the Muslim community to not only speak out, but to encourage action. This in turn, may increase the future risk of home grown terrorism and an
increased risk of lone wolf operations on Australian soil. These discourses are combined with a continual call to action (jihad and martyrdom) that can be summarised in the following quote: “The call has been made, the flags have been raised.” In other words, the battle for hearts and minds is well and truly raging with implications well beyond the conflict in Syria and extending to the home soil of Western nations. The risks posed by those returning from Syria need to be carefully considered and addressed. Editor’s note: This article has been edited – the full version is available online. About the Author Dr Robyn Torok is undertaking a second PhD in Security Science at Edith Cowan University in Western Australia. Torok’s research focuses on the role of the internet (social media) in recruitment of terrorists to jihad, in particular, to martyrdom operations. Robyn specialises in home-grown terrorism and the threat lone-wolf terrorism poses to Western nations, including Australia’s, and how this threat will impact the country’s national security. Robyn’s research is leading the way to enable better understanding of how the internet is used to influence, steer, guide and change a person from moderate views of Islam to more extreme views leading to terrorist recruitment.
Australian Security Magazine | 11
The ADF’s significant security focus As Western Australia’s north-west region is increasingly important to the nation’s economy, during the past few years the ADF has made a concerted effort to bolster the security of this vulnerable region. In early April 2014, the Navy’s Commodore Peter Lockwood, Senior Officer West Australia, currently the senior-most ADF position in WA, spoke to Serge DeSilva-Ranasinghe about the ADF’s posture in the north-west of the WA, the contingencies in place to secure the region, the frequency of ADF engagement and exercises in the area, and the importance of WA in the ongoing search for the wreckage of the downed Malaysian Airlines plane in the southern Indian Ocean. By Serge DeSilva-Ranasinghe
12 | Australian Security Magazine
Tell us about the presence of the ADF in the north-west? How large is it and how is it deployed throughout the region?
How is the ADF reassuring the region that it can respond to any situations that could threaten security and stability?
Defence maintains a presence in the north-west region under Operation RESOLUTE in support of Operation SOVEREIGN BORDERS, the whole-of-Government effort to provide security for north and north-west Australia and its offshore resources. Defence routinely provides up to seven Armidale Class Patrol Boats (ACBPs), two Major Fleet Units (MFUs), AP-3C Orion Maritime Patrol Aircraft and approximately 800 personnel to Operation RESOLUTE. Regional Force Surveillance Units are based in the north and west of Australia including Karratha (Pilbara Regiment – 600) and Darwin (NORFORCE – 600). These units conduct surveillance activity across northern Australia with up to 50 personnel routinely assigned to Operation RESOLUTE. Defence and Customs and Border Protection assets assigned to Border Protection Command (BPC) conduct offshore oil and gas infrastructure Augmented Security Patrols in both the North West Shelf and the Joint Petroleum Development Area. Patrols are informed by regular threat assessments and augmented by aerial surveillance carried out as part of routine surveillance operations. The Government, through BPC, deploys assets using an intelligence led, risk based approach. For operational security purposes, BPC does not disclose details about operational activity or the locations of BPC assets; however, patrols are conducted based on ongoing assessments of operational priorities across all maritime security threats. The ADF is prepared for contingencies in the north-west and is able to deploy additional forces to the region from its bases in Western Australia and the Northern Territory.
On a routine basis, Defence and Border Protection Command, with industry representatives, attend the biannual meetings of the Oil and Gas Security Forum led by the Department of Infrastructure and Transport. The forum provides an opportunity for discussion on the threats and risks for the north-west environment. Defence conducts an annual consultative forum meeting with the State Government of Western Australia. The scope of this forum includes consultation on planned developments in north-west Australia for the purpose of identifying areas for mutual and collaborative work. Defence is also taking steps to engage the oil and gas industry directly on security issues in the northwest: Defence’s focus is on increasing awareness of Defences’ supporting role and response options. This type of leadership engagement is designed to strengthen Defence’s relationship with industry and enhance understanding and situational awareness of north-west Australia and its security challenges. Furthermore, as part of the implementation of the ADF Posture Review, Defence created the position of Senior Officer West Australia to serve as the liaison between Defence and other stakeholders in Western Australia. The initial response to a disaster and the primary responsibility for the protection of life, property and the environment in emergencies, short of war, rests with the State and Territories. However, where civilian resources are inadequate, unavailable or cannot be mobilised in time, emergency Defence Assistance to the Civil Community arrangements enable the ADF to contribute in order to save human life, alleviate suffering and prevent or mitigate property loss. Provision
of Defence assistance follows a request from the relevant State or Territory Government to Emergency Management Australia. Defence is contributing to the development of the Government’s policy regarding northern Australia. The Government has also committed to delivering a new Defence White Paper within its first 18 months in office. Defence will make any adjustments to its north-west Australia policy as required by the Government. Defence is also committed to working with our neighbours to ensure a secure Indian Ocean, in which Australia has a vital strategic interest. The Royal Australian Navy hosted the 4th Indian Ocean Naval Symposium and Conclave of Chiefs in Perth, Western Australia, from 25-28 March 2014. The Indian Ocean Naval Symposium is an important, emerging international forum covering a vast maritime area containing some of the world’s busiest sea lines of communication. Participating navies discussed issues affecting the Indian Ocean, with a specific emphasis on this year’s theme – ‘Protecting the Ability to Trade in the Indian Ocean Maritime Economy’. What exercises does the ADF undertake in WA to demonstrate its commitment to defending the State and its vitally important resources sector? The ADF has a significant security focus on the north-west, as part of whole-of-Government monitoring and protection mechanisms. Not all of the ADF’s contributions and activities are necessarily publicly apparent. The north-west is being used for a number of exercises planned by Navy, Army and Air Force in 2014, and the north and north-west are used within other exercise scenarios for the protection of critical infrastructure such as the multinational BELL BUOY series of maritime trade protection exercises when hosted by Australia. Submarines regularly exercise in the waters of the north and north-west, while the Pilbara Regiment and the North West Mobile Force (NORFORCE), both Army Reserve regional force surveillance units, regularly conduct training and surveillance in the north and north-west. In 2013, HMAS Sydney, Warramunga and Sirius participated in Exercise BLUE RAPTOR in the North West Shelf area. Exercise BLUE RAPTOR was a maritime security exercise which tested communications, procedures and protocols between the Navy ships, other units of the ADF and the oil and gas installations in the area. The exercise is part of a number of routine patrols conducted by the Navy in the region and was supported by a RAAF AP-3C Orion. In September 2013, Special Operations Command conducted a maritime counter-terrorism based activity, Exercise IRON MOON, also in the North West Shelf area. The tactical aspect of the exercise was conducted using the onshore facilities at RAAF Learmonth, Exmouth and Karratha, with maritime aspects being enabled and conducted on off-shore commercial shipping and oil and gas industry platforms in consultation with industry partners. The exercise saw the forward-deployment of more than 300 ADF personnel and assets from all three services, this large-scale exercise entailed the deployment of multi-agency stakeholders to the region, including Western Australia Police, Australian Federal Police and BPC. In addition, Special Operations Command also
conducts the offshore energy installation recovery training exercise, Exercise DAY SHARK twice-yearly. The 2013 Defence White Paper stated specific planning is underway to develop a joint activity in 2014, Exercise NORTHERN SHIELD, to build upon current single service activities in the north and north-west. This exercise will incorporate elements from all three Services and the US Marine Rotational Force-Darwin. In developing Exercise NORTHERN SHIELD it has been important to frame it within the reality of Australia’s current Defence posture across the north-west of the nation – that is a sustained maritime, air and land presence that often goes unnoticed by most Australians. The importance of the significant offshore energy infrastructure, onshore resource industry, maritime trade routes and distant sovereign Australian territory in the Indian Ocean have been well recognised by the ADF which has sustained a presence in the region for many years. Exercise NORTHERN SHIELD will be held in and around the north-west of Australia. The Australian Defence Force aims to plan and conduct rapid operations, involving more than 1000 ADF personnel, to safeguard a remote region of Australian territory which is as important to our economy. The exercise will consist of a joint force pre-positioning activity in the north-west of Western Australia. It will entail the deployment of land forces by air and sea as well as the establishment of an enhanced RAAF presence in the region. NORTHERN SHIELD ranks among the most significant activities we have staged in Australia for many years. Most importantly, however, the NORTHERN SHIELD scenario will introduce the complexity of simultaneous military security tasking on both sides of Australia. The beauty of this exercise is that the challenges associated with lodging a force in a remote part of Australia are similar to those we face when deploying a force offshore. Australia’s approach to the Defence of this region is characterised by one word, ‘presence.’ Through sustained surface and air surveillance and continual rehearsal of likely contingencies, the ADF has built and maintains a great understanding of this part of the country. Most of this work, however, goes unnoticed by our citizens as it occurs well outside the view of the majority of Australians. It is the routine of the everyday that enables the ADF to effectively protect the homeland. The ADF has recently demonstrated its capability to operate in the remotest of areas. At the time of this interview, the ADF has at short notice deployed four AP-3C Orion patrol aircraft, HMA Ships Success and Toowoomba, and Defence contracted vessels Ocean Shield and Seahorse Standard to support the Australian Maritime Safety Authority (AMSA)-led search of the southern Indian Ocean for Malaysia Airlines Flight MH370. The aircraft are operating out of RAAF Base Pearce near Perth, W.A, and the ships are supported from the HMAS Stirling naval base just south of Perth. The ADF has also stood up a dedicated Task Force Headquarters in Western Australia to coordinate the ADF support for the search. These events highlight the ADF’s preparedness to operate in Western Australia, its approaches, and the wider Indian Ocean region.
Australian Security Magazine | 13
Malaysian Airlines MH370: The mystery and missing links
On March 8 2014, Malaysian Airlines MH 370, a scheduled flight from Kuala Lumpur to Beijing, disappeared. It has become the biggest mystery in the history of modern aviation. By Prince Lazar
espite a concerted international search and rescue effort, from the initial search zones in the South China Sea and Malacca Straights, to the deep waters of the Southern Indian Ocean, by early May, efforts have failed to find a shred of physical evidence. As long as physical evidence remains out of reach, the story of MH370 remains an untold story, in its entirety. The current status, as at mid-May 2014, is that search operations are now relying on sub-sea robotics and remain the most challenging sea search for an airplane ever undertaken, and will be a formidable forensic challenge once located. The events and issues surrounding the loss of flight MH370 have created concerns around the vulnerabilities of international air travel, aviation security and passenger safety. Already identified are a number of security gaps, system non-compliance, procedural failures and lapses in the process and controls of the relevant airport and flight management surrounding MH370. The ‘red flags’ during the processing of passengers boarding MH370, and it then going missing, highlights how critical systems will succumb to vulnerabilities and highlights the need for review and where relevant, revamping of security policy and control procedures. Flight controls and communication Air traffic systems rely almost entirely on on-board transponders to detect and monitor aircraft. For MH370,
14 | Australian Security Magazine
those systems appear to have been deactivated around the time the aircraft crossed from Malaysian to Vietnamese airspace responsibility. Satellite and radar data clearly showed the plane’s communications systems were disabled, one after another, and it changed course away from the intended path – and then flew on, for hours. Analysis of these movements indicate deliberate action by someone or persons on the plane, with an intention to avoid detection and sever communication. The most obvious reason for turning-off the transponders would be to make the plane invisible to commercial radar or other nearby planes. This supports speculation that the actions of someone on-board were deliberate, to avoid being tracked to where ever the plane was heading. At the very least, the incident looks set to spark calls to make it impossible for those on-board an aircraft to turn off the transponders and allow a passenger airliner to disappear. Airport security breach: Passports and identity controls The review of passports and passport control has been a long standing issue. MH370 had two passengers on-board with stolen passports, having passed multiple check points undetected or without response. With an ever growing demand to get passports via illegal and fraudulent means, matched by a significant number of international travellers
Top 3 tweeters to stay current with the unfolding mystery 1)
being added to the travelling population, the chances of detection gets much reduced when screening measures are not complied with. The MH370 incident highlights just how often breaches in controls are occurring and where precisely the routine and regular lapses are in verification systems. These vulnerabilities in the system are most likely, now at least, to have been identified and exploited by traffickers and terror groups. It has emerged that the two passengers, who impersonated the bona fide passport holders and boarded MH370, had allegedly bought their tickets at the same time in Thailand. The passports they used were also allegedly stolen in Thailand, in the previous two years. With this in mind, the disappearance of MH370 has raised difficult questions about security protocol at airports in Malaysia. The Immigration Department and the Department of Civil Aviation in Malaysia, are yet to come up with proper answers as to how two men with questionable documents could have gotten on-board the flight without being detected. It clearly raises concern about passport checks and immigration controls. The Preliminary Report by the Chief Inspector of Air Accidents, Ministry of Transport, Malaysia, dated April 9 2014, did not make mention of the passenger and passport investigations. The focus of these issues also point to the counter personnel who had allowed the holders of two stolen passports through, after failing to identify and match their
@MH370 News, is an unofficial account tweeting news from a great range of media sources in the US, UK, Australia, Malaysia, and India. @AMSA, Australian Maritime Safety Authority is coordinating the search for the MH370 in the Indian Ocean. @H2OComms, is a feed set up to report news on the MH370 from Malaysia’s minister of defence and acting minister of transport Hishammuddin Hussein.
nationalities, as well as other details. It is obvious that the Airline and airport staff missed a number of ‘red flags’ prior to the take-off of MH370. Does 9/11 come to mind? The 9/11 Commission Report found that 19 hijackers got through security checkpoint systems assisted by false statements on visa applications, not recognising manipulated passports; not expanding no-fly lists to include names from terrorist watchlists; and not searching airline passengers identified by the computer-based CAPPS screening system.The two MH370 flight tickets that were bought with stolen passports were bought in Pattaya, Thailand. Furthermore, they were one-way tickets, they were paid in cash and they were numbered consecutively. The travel agent did not check booking numbers and did not check the passport serial numbers, nor did China Southern Airlines, which was the ticket issuer under a codeshare arrangement with Malaysian Airlines. The security lapses continued once the false passport holders arrived in Malaysia. The two stolen passports, reported to their Embassies, provided the serial numbers to be entered into an international database and made available to all airlines and border control agencies – this data is relatively easy to be checked. It should have been picked up at multiple points – by the travel agent, by China Southern Airlines or by the Malaysian border control authorities. Why there were so many lapses may be a red flag in itself. Just weeks before MH370 disappeared, the Director of
Australian Security Magazine | 15
...It is a record that in 2014, it remains possible for a large commercial aircraft to become lost, whilst completely devoid of stealth features. Analysts and officials point out that this incident indicates that much of the airspace over water – and in many cases over land in South East Asia region – lacks sophisticated or properly monitored radar coverage. Interpol issued a warning that Governments are not doing enough to monitor stolen passports. According to Interpol, the failure to use Interpol’s stolen passports database is creating a major gap in the ‘global security apparatus’. The failure to use the database has led to a gaping hole in aviation security, and estimates are four out of every ten international passengers are still not screened against the database. Interpol’s Stolen and Lost Travel Documents (SLTD) database currently contains 40 million records from 167 countries, and despite being incredibly cost-effective and deployable to virtually anywhere in the world, only a handful of countries are systematically using SLTD to screen travellers. To identify criminals using fraudulent documents before they try to cross a border or board a commercial aircraft, Interpol has developed I-Checkit – an initiative which will allow private sector partners in the travel, hotel and banking industries to screen documents against the SLTD database when customers book a plane ticket, check into a hotel or open a bank account. However, it points to these extensive database or links were not used to screening or verification of the passengers boarding MH370. Based on analysis and studies, the security at most airports is found ineffective to stop or thwart the risk posed by intelligent, coordinated and capable threat groups. There remains a lack of consistency between the application and implementation of aviation security policies and practices, internationally, across all airports. This encourages the potent threat of criminal or terror groups in seeking out and exploiting the vulnerable, accessible channels which is emerging to be a major risk. Appropriate treatment will need a cohesive and integrated approach, without focusing on random, individual acts and creating appropriate perception of current threats and incident prevention requirements. Regional air defence and air space management MH370 has highlighted that an aircraft can fly, unchallenged, through the skies of the Asia Pacific in what appears to be major gaps in regional air defences. It is a record that in 2014, it remains possible for a large commercial aircraft to become lost, whilst completely devoid of stealth features. Analysts and officials point out that this incident indicates that much of the airspace over water – and in many cases over land in South East Asia region – lacks sophisticated or properly monitored radar coverage. The gaps in South East Asia’s air defences are likely, therefore, to be mirrored in other parts of the developing world, and may be much greater in areas with considerably lower geopolitical tensions. Nevertheless, this would serve for several nations, to be an embarrassing situation concerning their airspace awareness.
16 | Australian Security Magazine
The review of commercial air space across Asia would provide for an incomplete picture. Regional divisions of power existing within the geographies make it impossible to achieve the kind of open, rapid and efficient exchange of information between Asian countries, at the level essential for a ‘live and developing’ emergency. A lot of the initial hours were spent chasing false leads and assessing data that turned out to be flawed or badly communicated. Airliner Takeoff and Landing are closely monitored during all the interactive stages of domestic and international air movements and with limited interaction in the air space of the Government Civil and Military systems. Monitoring is clearly not consistent and nor is it universal the world over. Conclusion and updates Although we are yet to fathom the full implications of this event, the immediate issues and concerns relevant to the international travelling public includes the coordination and integration of international airport resources and airspace management, tracking and remote power technology deficiencies, international crisis management, air-traffic threat sources, general aviation security and border controls and management practices. The events of 9/11 paved the way for change across the entire dynamics of aviation security and passenger safety. To a large extent, MH370, Malaysia’s 9/11, has highlighted a range of issues and vulnerabilities. The retrospective admissions and revelations that MH370 verified into airport security anomalies, may eventually lead to more drastic changes in international air travel – and as an industry, we hope it leads to consistency and professionalism of the security and safety procedures in aviation. There remains an inevitable drive for innovation in aviation security and one only looks to MH370 to underline why it remains critical to passenger safety. About the Author Prince Lazar is an experienced Security Professional, Business Analyst and Resiliency Specialist with more than 24 years of varied experience in the Military and the security industry. Prince is currently based in Kuala Lumpur and comes with immense expertise in the field of Threat Assessment/Risk Management, Commercial Security & Profit Centre Management, Business Development, Corporate Security, Security/Protection Design/Plan using the CPTED concept and wide knowledge of technical integration of electronic security systems. Prince can be contacted at email@example.com
Five crisis management lessons from flight MH370 Incidents and events surrounding the disappearance of Malaysia Airlines flight MH370 have been complex and varied. How the crisis has been managed provides some very clear lessons for crisis leadership and crisis management development for other businesses and executive managers. By Tony Ridley
ntelligent Travel has been monitoring the incident and its impact from the beginning, along with providing updated analysis and advice. Here are the five top crisis management lessons from flight MH370 based on the data collected and input from Intelligent Travel’s expert crisis team. Remember, we qualify a crisis as ‘an unplanned incident or several simultaneous incidents that significantly affect a business’. Ordinarily, this event would have been coordinated by ‘incident management’ or ‘priority management’ teams as there would have been effective teams, plans and preparations for this scenario as a plausible outcome of operating an international airline. As we see this as lacking or ineffective, we qualify this event as a crisis. 1. Ownership and authority Malaysia Airlines and the Malaysian Government are not one in the same. One is the commercial provider of services and the operator of flight MH370, the other is the country’s Government and point of departure for this national/flag
carrier. One should be the focal point for all communications and engagement with stakeholders, while the other is a stakeholder. This delineation has not been maintained, clear or preserved throughout the incident with each entity communicating over the top of each other or their views and comments causing issue for the other. The net result is that both entities have suffered due to a lack of clear ownership of the issue and defined authority on who does what and when. This issue of ownership or authority should have been quickly identified and managed throughout the course of the incident. While it may not have resolved the overwhelming negative or neutral sentiment around the handling of the incident, modifiers and better crisis leadership measures could have been implemented. It should be clear to all stakeholders, including the media, who is responsible and in charge of a crisis or significant incident such as this and that status should be maintained throughout, unless there is very good reason to alter this status and that too much be clearly and consistently communicated.
Australian Security Magazine | 17
Sentiment Analysis: Flight MH370
2. Scenario mapping Numerous scenarios, interests and issues can arise from any critical incident or crisis. It is important to map all the likely and plausible events and develop counter plans and communications for each of these scenarios. A failure to do so means you are constantly chasing the lead issue and responding to opinion or developing topics. This is what happened with flight MH370. Each time there was a wild theory or relatively accurate assumption, story or even claim, the focus of the crisis management response was to follow and counteract the issue, not lead and plan in advance. By not having these complete scenarios in advance, it has resulted more in ‘crisis pursuit’ than leadership and management. Some of the key scenarios and counter plans should have included acts of terror, course deviation, plausible causes, popular myths, technical facts, inter-country collaboration, etc. 3. Public education Despite the public’s opinion or understanding that aviation is now a rather simple and straightforward affair, it is simply not the case. Therefore, there is a lot of education and technical communications that needs to be presented to the public in order for them to understand the specific answer or appreciate why things are not instantaneous. Including just how many stakeholders are involved in even the most simple of events, perceived events when it comes to flying across multiple
countries and travelling thousands of kilometres in a single flight. This wasn’t done effectively. Too much speculation or education (both accurate and inaccurate) was left to the public forums and media outlets to educate and dominate the conversation, leading to even more questions and response requirements for those handling the crisis. Breakdown the message, separate technical data and education from the updates and information of the event. Pre-prepare many of these elements in advance and use them when/where relevant. Don’t just talk about the actions and plans, without explaining some of the technical limitations or issues that affect the decision or success of the plan. Assume nothing. Educate, inform and empathise in unison. 4. Endurance It is surprisingly shocking and common how ill prepared businesses or crisis management teams are for a protracted event. Crisis events may last for days, weeks, or months before returning to something close to the tempo experienced prior to the event. Some businesses meet their end as a result of a poorly managed crisis, or simply ‘limp’ along in a greatly diminished capacity post incident. While there was a lot of activity and response in the initial hours and days of the incident, the ability to maintain the tempo required faltered very quickly. Key appointments, information updates, points of contact and many other elements of the crisis response
Topic Trends: Flight MH370
18 | Australian Security Magazine
Primary Media Sources: Flight MH370
“Gone are the days where you can force a single press conference or scheduled information update to all interested and
were intermittent in their availability or contribution, allowing for massively significant third party influence in their absence. This in turn resulted in having to manage that influence and respond to non-scheduled issues, which in turn consumed the time and resources of the crisis team when they did again surface. Gone are the days where you can force a single press conference or scheduled information update to all interested and affected parties. It is a 24/7, global news environment now and has been for over a decade. There are many more channels in which an effective crisis leadership response much engage and communicate via in the modern era. Immediately plan for sustained engagement and prolonged activity at the outset of a ‘crisis’. You can always stand down resources or scale back but surging in fits and starts yields poor results and will not contribute to a successful outcome. People need to eat, sleep and rest but your priority management systems cannot be permitted to do so. 5. Objective analysis A very, very small percentage of the audience most interested in flight MH370 originated from Malaysia. Most of the interest, pressure and news coverage originated from outside of Malaysia. This key stakeholder group needed to be better catered for, not only due to their interest but also the influence
they had on the rest of the world and families affected. Step away from cultural norms and internally accepted practices and consider the demand and impact from the perspective of objective and third party influences, if necessary. Objectively evaluate your performance and results through the eyes of those you need, must or want to influence. This includes victims, families and directly affected stakeholders, not just the media. Schedule information and communication updates to correspond with key time zones and peak periods in your stakeholder locations, ie, news updates that might be late at night or early morning for you but morning, afternoon and evening news update periods for your biggest or most influential audience. Our sympathies and condolences to the families and victims of flight MH370 on behalf of Intelligent Travel.
affected parties. It is a 24/7, global news environment now and has been over a decade.”
About the Author Tony Ridley is CEO of Intelligent Travel and is responsible for the leadership and delivery of Intelligent Travel’s corporate and commercial operations, intelligence and consulting services to clients around the world. Tony is a career security professional with more than 20 years as a subject matter expert and more than a decade of senior executive and leadership roles.
Top Country Interest: Flight MH370
Australian Security Magazine | 19
The Indian Navy’s two operational carriers, INS Vikramaditya and INS Viraat
Asia Pacific war games briefing: March of the carriers Aircraft carriers are finding favour with Indo-Asia-Pacific countries keen on bolstering their defences in an increasingly volatile neighbourhood.
By Sarosh Bana
20 | Australian Security Magazine
ith simmering territorial disputes inflaming the Indo-Asia-Pacific, countries in this fastest growing economic region in the world are making all efforts to buttress their defences. But this military build-up is raising tensions even higher in the region and will likely provoke an otherwise avoidable arms race. There are currently 37 active aircraft carriers in the world within 12 navies. The growing appeal of the aircraft carrier as a viable capital ship of a fleet – that in the past had replaced the battleship – lies in its capacity of being a credible force multiplier. As the centerpiece of naval operations, these floating airfields are geared for sea control, enabling the navies to project their maritime and air power far beyond their areas of operations. They can also serve as powerful platforms for ISR (Intelligence, Surveillance and Reconnaissance), logistics and close air support, anti-submarine and anti-surface missions, and land assault. As many as 18 flatdecks have been or are being bought, built or are being operated by the six regional powers of China (five), Japan (four), India (four), Australia (two), South
Korea (two) and Thailand (one). In August 2013, India launched its 37,500 tonne Indigenous Aircraft Carrier, the Vikrant, while Japan launched its 19,500 tonne Izumo, modelled more as a destroyer with a flight deck that can embark helicopters. With the Vikrant, India is now part of an exclusive group of countries like the UK, the US, Italy, Spain, Russia and France that can make these floating airfields. China is building its maiden aircraft carrier at the Beijing-based China Shipbuilding Industry Corporation, which is scheduled for completion in 2018. Four such conventionally powered carriers are planned to be eventually built. Beijing at present has a lone carrier, Liaoning (exVaryag), that it bought in an unfinished form from Ukraine in 1998, and which joined the People’s Liberation Army Navy (PLAN) in 2012, after major refurbishment at the Dalian naval shipyard in northeast China. Australia decommissioned its sole aircraft carrier, HMAS Melbourne, in 1982, but is currently building two 27,800 tonne Canberra class Landing Helicopter Docks
South Korea commissioned the 18,000 tonne ROKS Dokdo in 2007 and plans another
A flatdeck’s air support is an immense force multiplier
Readying the HMAS Canberra hull to serve the Royal Australian Navy
(LHDs). South Korea launched the 18,000 tonne ROKS Dokdo in 2005, and commissioned it two years later. One more of the class has been planned. Thailand operates the smallest operational aircraft carrier in the world, the 11,485tonneHTMS Chakri Naruebet, constructed in Spain and commissioned in 1997. Global attention is evidently on an assertive China that is taking concerted strides towards becoming a dominant military power in the Pacific, with a commensurate navy that can project its maritime power across the littoral. The United States and its allies in the Asia Pacific and Indian Ocean were taken aback when Beijing in November 2013, announced an Air Defence Identification Zone over much of the East China Sea, cautioning all foreign military or civilian aircraft to report their flight paths through the zone to China. The Chinese Government followed this up in March, by budgeting almost US$132 billion for its military for 2014, a 12.2 percent rise over last year. This marked a rate of growth in spending greater than that of recent years, 10.7 percent in 2013, and 11.2 percent in 2012. China has often been criticised by its neighbours like Australia, Japan and Taiwan for lacking transparency in its military growth, by keeping much of its funding for developing new technologies out of its official figures. It is hence widely assumed, that Beijing
will be spending more than US$200 billion on its military in 2014. Even by its official pronouncements, China spends almost four times more on defence than India, which has a defence budget of US$37 billion, and more than Japan, South Korea, Taiwan and Vietnam combined. Indeed, China’s military spending is the second largest in the world, though remains well behind that of the United States, which for FY 2015, has allocated US$495.6 billion. But though Washington plans to reduce its active force from 572,000 at present to the smallest size – 440,000 to 450,000 – since before World War II, when the US Army was a force of 570,000, it is disquieted enough by the developments in the Asia Pacific to heighten its already formidable presence there. US President Barack Obama’s ‘pivot’ strategy in the Asia Pacific is based on the premise of ‘rebalance’ that entails the relocation of 60 percent of the US’s naval assets – up from 50 percent today – to the region by 2020. The Chinese actions have prompted regional players like Japan and Australia to boost their military spending. Budgeting US$46 billion for its defence in 2014, Japan has also proposed to increase by five percent its military expenditure during the next five years, to US$238 billion for the period 2014-2019. Australia too, feels it cannot remain complacent about its languishing defence budget, which was AU$25.3 billion for 2013-14. It has announced it will not prune defence spending in the May budget, but has yet to reveal when the defence sector will start being apportioned the target of 2 percent of gross domestic product. The Defence White Paper released in May 2013 bases the defence funding model on the four-year Forward Estimates Budget cycle, determined annually on the basis of strategic economic and fiscal circumstances and a subsequent six-year general guidance for defence planning purposes. Canberra will thus, provide defence with AU$220 billion of funding guidance from 2017-18 to 2022-23. With the Asia Pacific having become a cauldron of intense emotions, other countries in the region also are investing as much as they can in security. Thailand’s defence budget is US$5.39 billion, while its external debt is US$133.70 billion, and Indonesia’s is US$8 billion. As of now, the unpredictable, and oftentimes combative, regime of North Korea, has no plans for carrier inductions. But if it ever did, battle-lines in the Asia Pacific would be drawn even tighter. There is an inevitability in budget escalations as they enable more of these regional countries to make more expensive and major inductions like aircraft carriers.
“Indeed, China’s military spending is the second largest in the world, though remains well behind that of the United States, which for FY 2015, has allocated US$495.6 billion.”
Australian Security Magazine | 21
Women in Security
Learning to shine When Lyndall Milenkovic trained as a teacher at the start of her career, little did she know it would include several Olympic ceremonies, the occasional music festival and the prospect of stabbing inflatable beavers. Lyndall Milenkovic
I By Adeline Teoh Correspondent
22 | Australian Security Magazine
t’s a bright Sydney afternoon in Autumn and I’m trying to find out why self-confessed sun lover Lyndall Milenkovic decided to live in Vancouver for three months during a Canadian winter. The year was 2010, and the director of The Riskworks Network had taken a job working on emergency management for the Winter Olympics. Her role? To oversee the opening and closing ceremonies, as well as the nightly medal ceremonies and concerts, from an emergency and safety perspective. “Often the creative people want to make those events as challenging as they can,” she explains. “In Vancouver they had giant inflatable beavers that filled the roadway underneath the stadium which, in their requirements, had to be left clear at all times for emergency access. My plan was that the person in charge of each team had to have a sharp implement in their belt that they could stab it with if necessary.” Stabbing inflatable beavers is just one part of the Milenkovic risk treatment and it’s challenges like these that keep her engaged in her work. That, and the people. “It’s the integration between safety, emergency and security. I’m not a security consultant but a lot of what I do sits on the edge of that so it’s important for me to have a working understanding of what the challenges are. I like that, and I like working with them,” she says. Over her 22-year emergency management career, Milenkovic has become an event specialist. With four Olympics under her belt, starting with the Sydney 2000 Olympic Games, she has also been a part of two Commonwealth Games, the Shanghai World Expo, music festivals, Australia Day celebrations and more. A casual
observer would never guess this dynamic career began in the classroom; Milenkovic studied to be a teacher but slid into emergency management unexpectedly. “I had trained as a teacher and then I left after about six months. I did sales and three years in recruitment. Every time I took on a role, I’d get promoted to a national role – national sales manager, national recruitment training manager,” she recalls. “After I had bubs I didn’t know what I wanted to do so I went back to a recruitment company I had worked with. I had worked with the general manager previously and she said ‘why don’t you join our training department?’” Milenkovic then found herself training people in emergency procedures, including a stint doing warden training with Optus that ranged from building evacuation to handling bomb threat calls. “I’d do warden training in clubs, shopping centres and high rise buildings for other people and it grew. In 1998, I got a call from a gentleman who wanted warden training for a new building. It turned out he was the operations manager at the new Olympic Stadium and we won the contract to do the training.” Making it big With her business partner at the time, Milenkovic started to build a reputation for large-scale work; not just high rise buildings and stadiums but big events as well. “The Olympic authorities saw our work and we ended up working for SOCOG [the Sydney Organising Committee for the Olympic Games] looking at different venues and safety for
NSW Chapter Conference and Luncheon 2014 Date Time Venue
Keynote speakers include...
Tuesday 29th July Registration open 7:45; The Four Seasons Hotel 199 George St, Sydney $365 (Members) $425 (non-members)
The Past – The Year in Review – Chris Cubbage, Executive Editor and Director, Australian Security Magazine. Chris will highlight some of the
significant moments and stories from the last year starting with the Boston Bombing Session 2
The Present – Important Current Issues in Australia – Jenny Muldoon, Head of Security, Sydney Opera House. Jenny’s background and current position has enabled her to have an eagle eye overview of issues in our Security Community. Jenny will present the overall issues and then
introduce a representative from NSW Police to bring us up to date to the threats of Fraud and Identity Theft. Jenny will finish off the session with a worked example of Managing an Active Shooter as the new threat at Public Venues and Events. Session 3
The Future – Dr Keith Suter, Global Thought Leader. Dr Suter is well known from his Channel 7 appearances. At the ASIS conference he will cast
Dr Keith Suter
light on what the future may hold for The Shape of the Security Environment 2030 Session 4
Panel Discussion – facilitated by Steve Longford, Managing Director, New Intelligence. This fast paced panel discussion will be engaging our members with questions and answers from both the
For more information visit www.asisnsw.org.au/events.htm
panel facilitator and the conference participants.
Women in Security
“Making a difference in Australia, making something that people think is hard simple, helping venues establish their control rooms and giving them solutions is also very rewarding.” venues. The day after the Paralympics [in 2000] finished we hopped on a plane and went to Salt Lake City where the next Winter Olympics were going to be.” The secret to managing large-scale events like Olympic ceremonies is to look at environment and activities as the two key points, she says. “Environment can be the social environment, the political environment – what sort of risks, incidents or threats are there? You then also look at the legal requirements of the country as to what you need to measure up to, and then look at the activities; what are they going to be doing?” In 2002, she left the business and struck out on her own carving a niche for herself doing emergency work for opening and closing ceremonies, including two more Olympics. But while she says there’s nothing like being part of the ceremony (“I’d ask if we could open the window so I could smell the pyrotechnics from the control room”), since her stint in Vancouver she has largely stayed in Australia, deriving just as much satisfaction from smaller jobs. “Making a difference in Australia, making something that people think is hard simple, helping venues establish their control rooms and giving them solutions is also very rewarding.” Part of this was burnout, she admits. “After travelling so much I made a decision to stay in Australia. When I lived in Vancouver for three months I found it a very lonely existence. I had two days off in three months; my shortest week was 70 hours and my longest week was 119 hours. So you’re exhausted, and when you go back to your hotel room there’s nobody there. It’s not a great life.” Now she runs The Riskworks Network and is the deputy chair of the NSW Chapter of ASIS International, an association designed to bring together security practitioners for networking and professional development. “I’m the first female to be on the executive in New South Wales,” she states, adding that part of her mission is to look at diversity in the security industry, not just better inclusivity of women but also people of different ethnicities as well as Indigenous participation. “Basically I want to show there’s a spectrum of people who work in security, beyond AngloSaxon males.”
some quite uncomfortable arrangements. That’s something I’m struggling with because you don’t want to be seen as someone who is difficult to work with.” For many women it is the industry that is difficult to work in considering its long, sometimes unsociable hours, and exposure to risk. While all security practitioners have such qualms, Milenkovic says there are fewer women in security management because they still tend to be the primary carers of children. Her own experience in bringing up three of her own is the exception that proves the rule; her then-husband was obligated to become the primary carer while her career took off. Although she loves spending time with her (now adult) children, she concedes the arrangement may have cost her marriage. “I got a bit pig-headed after a couple of lofty jobs,” she recounts. “My husband was still a teacher at the same school he’d been teaching at for over 20 years. He never coped with the fact that I wasn’t also teaching and the fact I kept getting promoted and I kept travelling. He felt he was left at home with small children to look after.” But giving him the role of primary carer was not the clincher. Milenkovic then changed the way she dealt with her absence. “I used to run around and prep everything; here’s the schedule, meals were cooked and everything was done. Then one day at the school gate I heard all these other mums talking about their husbands travelling and [the husbands] didn’t do anything to prep their family for their absence. So I stopped,” she says. “That was probably the downfall.” Today, she wraps that anecdote into a cautionary tale about work/life balance and the effect of an accelerating career on significant others. “Identify what goals you want to achieve and then find a way to achieve them but don’t forget to bring your partner along for that ride,” she advises. “Communicate those goals and how you want to achieve them to those who are sharing your life.” Only then will you enjoy your time in the sun.
The untamed shrew Over two decades, Milenkovic has learnt a lot about being a woman in a male-dominated industry. “Guys don’t like to be told. Asset managers in particular, guys who deal with buildings, feel threatened.” And these days she has less and less time for unnecessary jibes. “As I’ve aged I’ve become less tolerant. The older I get, the shorter my temper is,” she acknowledges. “Before I was able to laugh off the fact that guys would go ‘what does she know?’ but now I do not suffer fools easily and that makes for
24 | Australian Security Magazine
“Basically I want to show there’s a spectrum of people who work in security, beyond Anglo-Saxon males.”
Social media and disaster information: Lessons from New Zealand
Image - Wellington, New Zealand
GeoNet is New Zealand’s Geological Hazard monitoring service, funded by the New Zealand Earthquake Commission (EQC), and designed, built and operated by GNS Science; hundreds of sensors all over the country are used to monitor earthquakes, tsunami, landslides and volcanoes. Due to New Zealand’s position across two tectonic plates we have no shortage of these events and locate, for example, more than 20,000 earthquakes a year. By Sara Page
eoNet’s journey into social media started off slowly and a bit one-sided, Twitter and Facebook accounts were set up and posts were made via automatic RSS feeds of our recent earthquakes and news. There was a bit of interaction following the 2010 Chilean tsunami, where members of the public were asked to post feedback and photos, unfortunately the page was left to its own devices after this. Following the devastating earthquakes in Canterbury 2010/2011, GeoNet quickly became a household name, from under 400 page ‘likes’ this quickly grew to 4,000 and continued with each large earthquake, and the page ‘likes’ are now more than 40,000. It was during this that we discovered the importance of social media to get information out to large numbers of people quickly.
Shortly after the first earthquake in Christchurch, the public noticed the GeoNet Facebook page and began to ask questions and share their fears and concerns, and the page ‘likes’ quickly rose. It was around this time that I asked to take on the page and began to answer the questions and post information, pictures etc. Looking back, with what I know now, that was a crazy decision! For one person to look after a site that had thousands of followers and hundreds of comments and questions every day, it was a massive undertaking. Back at this time, GeoNet had duty officers on call who would manually locate the earthquakes and it would take around 20 minutes for the detailed event information to get posted, social media allowed us to post comments such as ‘Latest shake in ChCh will be posted shortly – looks to
Australian Security Magazine | 25
Facebook and Twitter has allowed people to ask us questions, share information and experiences, and also give us vital information. Another great thing is that it allows you to quickly dispel rumours and misinformation, as well as get important information out in an instant. be about 4.5’ which gave the public some information and helped them feel reassured to see that we were busy working, and they would have the information out as soon as possible. It did take a while to get across that we didn’t have someone online 24/7 to answer their questions though, people would post angrily if you hadn’t replied in a short time-frame, or during the night. And then there were the internet ‘trolls’ – these people who start arguments, upset people or post messages with the intent to provoke. It really surprised me to come across this sort of behaviour at such a sensitive time; luckily Facebook gives you the ability to ban people, and most pages end up with a virtual community that often self-regulate the bad and incorrect information as well as offer each other support. We had a lot of issues with this when the infamous ‘MoonMan’ began to ‘predict’ large earthquakes based on the moon. His ‘predictions’ caused a great deal of panic and stress and people were even moving out of Canterbury on the dates he gave. Of course, there is no way to predict an earthquake, even with the moon, so we had to do a bit of work dispelling these claims and banning the groups of followers that went around posting nasty comments to anyone who didn’t believe it. Facebook and Twitter have allowed people to ask us questions, share information and experiences, and also give us vital information. Another great thing is that they allow you to quickly dispel rumours and misinformation, as well as get important information out in an instant. After talking with the Queensland Police Department, who have done fantastic things in social media, I started doing some ‘myth busting’. This really helped during times of crisis, as some really bizarre information can come out and because of social media, spread quickly. One such myth was that following the earthquakes in Canterbury, the volcanoes in the South Island would erupt again, luckily for all those in the South Island all of the volcanic activity is in the North Island. We are now finding that the news will often source information direct from our social media updates instead of calling for quotes, this is especially handy for spreading information and in this case it helped squash another rumour that was going around. Another great social media tool is blogging, blogs are a great way to give science information a more personal touch, and let people see a more ‘behind the scenes’ view of how things work. I started my blog ‘GeoNet – Shaken not stirred’ by following our rapid response team head down to Christchurch and install temporary instruments (to better locate the many aftershocks) and it allowed the public to
26 | Australian Security Magazine
see what we were doing in response to the earthquakes, and see that we were people too, and not all old scientists with socks and sandals (though we have a few of those as well). My topics have ranged from behind the scenes and out in the field, to bizarre things we see on our volcano cameras. My most popular blog post, which ended up going on websites around the world, was the Foo Fighters concert showing up on our instruments. The value of social media was again shown during 2012 and 2013, when two of our volcanoes were erupting. White Island our most active volcano and Tongariro, which hadn’t erupted since the 1800s, both erupted in August 2012. Tongariro erupted again in November and then it was back to White Island which erupted twice in 2013. The public have grown to expect information from social media as soon as possible, an hour later is just too late in this day and age, even if you put something up as simple as ‘White Island has erupted, more information out shortly’ people appreciate it. This is also true with website issues, mistakes or delays in information, people will appreciate your honesty and forgive you for saying something. If you don’t say anything at all, they will voice their options and it’s generally negative. 2013 then brought us more damaging earthquakes in Central New Zealand, beginning with two quakes in the Cook Strait/Seddon areas and then the most recent Eketahuna quake which occurred on Wellington Anniversary. All quakes were felt by thousands of people and caused a great deal of damage to the small towns they occurred near to, as well as the more documented capital city. Social media has shown us that people want information right now, and in 2012, GeoNet changed to a new automated earthquake system, allowing detailed earthquake information to be posted within minutes of an event. Unfortunately, there were a few teething issues at the beginning and a large overseas quake would be reported as two moderately sized local events. Following these events we could quickly post that some ‘ghost quakes’ had occurred and we were fixing the system. People now check our website daily and will always notice when there is an event, this is especially true with our live quake drums which are sensitive enough to pick up earthquakes from overseas. A simple post and screenshot can quickly explain exactly what the public are seeing. We have also created a Smartphone app so people can get this information instantly, and we are constantly looking at ways to improve this. I have learnt much in the four years since I took over our social media, and thoroughly enjoy how much it has changed my role at GeoNet. I hope to continue to learn new ways of using social media to get our information out to the public and share the lessons with others who are starting out in this sector. About the Author Sara Page is a Public Information Specialist at GeoNet. She has grown the GeoNet name throughout New Zealand and abroad, through social media and presentations, with a goal of increasing awareness of what GeoNet does and how people can use the science information available. She also works on the website geonet.org.nz and is the Editor of the biannual magazine ‘GeoNet News’.
RiskLogic releases additional modules for its business continuity software, BC-3 RiskLogic has released additional modules for its award-winning BC-3 Software
RiskLogic’s Manager, Technology Solutions, Anita Gover says, “BC-3 now
platform. These new modules have been designed to address the ever-increasing
delivers a more holistic approach to business continuity software which is
demand for a total resilience solution.
not offered by any other product in the Australasian market. These additional modules provide an even more powerful tool, and the future enhancements will
Incident Management Module: This module is delivered as part of the
build on an already user-friendly system to make it a truly mobile experience.”
standard system for all clients. It provides a real-time online working environment that can be used during an incident to collaborate and respond efficiently. The Incident Management module is integrated with an organisation’s prepared crisis management and business continuity plans •
Communications Module: This is an integrated communications module that includes two-way SMS and email notifications that is integrated with the BC-3 contacts and with the Incident Management module. This module can be provided for a minimal additional fee that is drastically reduced from the cost of other notification systems on the market.
BC-3 is well known for its usability and is now making strides in the market as an innovator of resilience solutions. Additional features will be released later in 2014, to further develop the user interface and provide more dynamic exercise management capability. Enhancements will be made to the mobile apps to also include some of the administrator functions.
Security on the move
SRI SecuRIty congReSS, 1-3 DecembeR 2014 Over three days ECU’s SRI Security Congress will bring together all areas of security professions and disciplines as part of a holistic engagement with the wider security community. Scholars of the following disciplines are encouraged to participate: strategic studies, public affairs, communication studies, international politics, criminology, business and management, information and computer science, political science, social science, psychology and cognitive science, and security studies. All submissions will be subject to a double blind peer review process and best papers will be considered for publication in selected journals. The 2014 SRI Security Congress will host 5 security based conferences over 3 days 15th Australian Information Warfare Conference 12th Australian Digital Forensics Conference
12th Australian Information Security Management Conference 7th Australian Security and Intelligence Conference 3rd Australian eHealth Informatics and Security Conference
Edith Cowan University 270 Joondalup Drive, Joondalup WA 6000 Tel: +61 8 6304 5176
Congress Coordinator – Emma Burke Tel: +61 8 6304 5176 E: firstname.lastname@example.org W: http://conferences.secau.org/venue.php
Paper Submission Deadline – 30 June 2014 Acceptance Notification – 15 August 2014 Camera Ready Papers – 10 October 2014 Early Bird Registration – 2 November 2014
TEACHING QUALITY ★★★★★ ★★★★★ TEACHING TEACHING QUALITY QUALITY Tel: 134 ECU (134Tel: Tel: 328) 134 134 ECU ECU★★★★★ (134 (134 328) 328) ★★★★★ GRADUATE SATISFACTION ★★★★★ ★★★★★ GRADUATE GRADUATE SATISFACTION SATISFACTION E: email@example.com E: E: firstname.lastname@example.org email@example.com the Good universities Guide the the Good 2014 Good universities universities Guide Guide 2014 2014
reachyourpotential.com.au reachyourpotential.com.au 303LOWE ECU10745 A CRICOS IPC 00279B
ECUSRI Edith Cowan University Security Research Institute
Chinese bodyguards: Personal protection in the land of the Dragon Being rich in China can be dangerous – unless you have a bodyguard. The security business in China is booming. by Paul Johnstone
28 | Australian Security Magazine
n a cold January morning, visitors streamed in and out of the Southern Chinese Shanxi office of Li Haicang. Nothing was out of the ordinary until a lone assassin produced a sawn off rifle and fired a bullet into Li’s body. Until that fateful moment, Li was the Chairman of a multinational company and 27th on the Forbes list of China’s richest people. Only several weeks later in February, a Chinese millionaire from the wealthy enclave on Wenzhou in Zhejiang Province, was stabbed to death by five men outside his home in a pre-planned assassination attack. Various media reports indicated that in 2004 alone, around 4,000 people were kidnapped in China. Well known actor, Wu Ruofu, was abducted whilst driving his BMW and hid in the north of Beijing by a notorious Chinese organised crime group who demanded a ransom, but police were able to track them down after several hours and freed Wu. These incidents are just several in part of a growing number of occupational hazards for China’s emerging ultrarich; assassination and kidnapping and a reason why many of China’s rich are undertaking precautionary measures which are becoming more and more necessary for the emerging class of millionaires and billionaires. With around 30 percent of China’s millionaires believed to be women and a widening wealth gap has made safety an issue for the rich, it’s easy to see that private security and in particular, Baobiao, the
Chinese word for Bodyguard, is taking off as the nation struggles with some of the side effects of its booming growth. A 2004 media report in the China Daily newspaper stated that in Guangzhou alone, the private security industry employed no fewer than 5,000 personal bodyguards. This is just a small step in the great wall of Chinese security and protection firms opening up throughout the country. There are even Chinese firms now specialising in kidnap insurance and from accounts; business is booming. Australian Jason Watson is an industry expert based in Beijing, who is leading the way in developing new training programs and services for the Chinese market. A former Australian soldier and United Nations Peace Keeper, he has been operational for the past decade in Afghanistan, Iraq and China conducting close personal protection and training specialist teams for hostile environments. He is also the China representative for the Australian Institute of Defence, Science and Technology. During his time in China, Watson has trained officers from the police, law enforcement and the growing number of corporate firms offering Bodyguards. He has also been instrumental in designing training programs for Chinese mining companies venturing into Africa. Watson states that a large number of China’s private bodyguards are retired police and or soldiers from elite units, or
former Chinese secret-service members, and furthermore, that there has also been a large number of wealthy Chinese who are turning to female bodyguards in a measure of protection. Watson recalls a local executive, who had received threats that his child would be kidnapped, hired a female bodyguard to escort his child to and from school. He says that employers of bodyguards in China are successful people like senior executives of foreign or private businesses, as well as entertainers and a growing number of entrepreneurs. Watson states that like anywhere in the world, there are those who are jealous of, or simply hate the rich and successful for their lavish and enjoyable lifestyle. He says that there are bodyguard training programs designed for females advertised at martial arts schools where the training curriculum includes instruction in driving, computer skills, self-defense related laws and ‘polite conversation’. The teachers at these schools are veteran martial artists, former Special-Forces soldiers and operational bodyguards. Female bodyguards are becoming more and more popular as businessmen want them to protect wives, girlfriends and children. A female bodyguard from Watson’s team said that woman in China today are more confident in venturing into careers that in years gone past, would have been forbidden or perceived as male dominated. He says that there has also been a growing demand for private bodyguards being hired by Taiwanese pop singers and prominent entertainers when visiting mainland China. When asked who makes the best bodyguard, he is quick to note that the Chinese have long prized Manchurian bodyguards for their physical size, loyalty and bravery, and female bodyguards have many advantages of their own. Furthermore, many bodyguard training programs place a large emphasis on fitness and physical exercise and often the bodyguard will double as a coach in fitness training for their ‘bosses’. Many former career military and police officers turned entrepreneur have identified the specialist market of private security and its success in western society and have now turned their focus on China. More than just a decade ago the industry didn’t legally exist. Although there have been several security firms who have received China’s Ministry of State approval to do business if their founders have at least five years of security experience, the employment of personal bodyguards in China is still a grey area as far as the law goes and there are no laws yet in China completely governing the industry. Watson said that the word ‘bodyguard’ has had a very negative image in China and because of the lack of legal clarity surrounding the private bodyguards, it means that their work is often described as ‘personal assistant’ or ‘advisor’ and their multi-functions are also reflected in the job description. Some firms have also resorted to calling their bodyguard firm a ‘business etiquette’ firm, although of late, the Ministry of State insists that the word ‘security consultant’ be used to avoid comparisons with the bodyguard image in America and other western nations. Many lawyers believe that what is not specifically forbidden by law should be legal, however, Government officials claim that no firm can legally be registered as a private bodyguard service. There have been a number of
‘...the Chinese have long prized Manchurian bodyguards for their physical size, loyalty and bravery, and female bodyguards have many advantages of their own. Furthermore, many bodyguard training programs place a large emphasis on fitness and physical exercise and often the bodyguard will double as a coach in fitness training for their ‘bosses’.’ occasions where firms have been shut down by the Public Security Bureau. Watson states that as far back as the early 1990s there was a special course in Wuhan, Central China, which offered young women the opportunity to train as bodyguards. In 1999, he was invited to teach at the Dalian Peoples Police College where he witnessed firsthand a large number of young, fit and attractive females being trained as bodyguards by a specialist unit within the police. These ladies had been trained in all aspects of body guarding including firearms and Chinese martial arts. An example of the popularity of females attending these programs was highlighted in a Chinese media report which stated that the Wuhan College of Physical Education received 3,000 enquiries when it first announced that it would begin offering a six month training program to teach women how to become bodyguards. The report stated that of that number, more than 700 women formally applied and 150 were accepted. Part II of this article will feature in our next issue Aug/ Sep 2014. About the Author Paul Johnstone is a former Federal Agent with the Australian Federal Police and a former Soldier with the Australian Army. Paul has performed a number of specialist protective security intelligence and counter-terrorism roles during his combined 25 years of service and is a Government accredited Instructor in a number of specialist fields. Paul has been formally recognised by the Governments of the United Kingdom, Bosnia and Herzegovina for outstanding police investigations pertaining to complex fraud and war crimes and he has lectured and trained law enforcement, security and military personnel throughout Australia, Peoples Republic of China, Afghanistan and the Pacific Rim. Paul is the founder and principal director of Defensive Measures International which is a consultancy firm offering specialist services throughout Australia, Peoples Republic of China, India and the Asia Pacific
Australian Security Magazine | 29
On a wing and a prayer The Red Bull Air Race series is one of the world’s most exciting, most ambitious, promotional exercises, but how does the brand combine its daring reputation with the safety and security requirements of an emerging motorsport?
S By Adeline Teoh Correspondent
peed. Skill. Agility. Mental and physical toughness. And the ability to withstand forces of up to 12G. That’s what it takes to be a Red Bull Air Race pilot according to Luke Robinson, Global Head of Safety and Security for the Red Bull Air Race. What he doesn’t list, although it becomes apparent, is what is required of being in charge of safety and security of what is surely one of the most complex promotional exercises in the world. The Red Bull Air Race is a slalom style course flown by aerobatic pilots. The series takes place over a number of cities per year, with eight races in seven countries scheduled for 2014. The series began in Abu Dhabi (United Arab Emirates), followed by Rovinj (Croatia) and Putrajaya (Malaysia), with the Gdynia (Poland) race set for 26 July and Ascot (UK), Fort Worth and Las Vegas (USA) and China to come. After Red Bull has identified suitable host sites – a combination of market analysis and location scouting – Robinson and his team will meet with local authorities, blue light services and first responders to ‘get them really comfortable with the fact that something that looks zany and crazy is actually a very controlled environment that remains safe’. Location, location Brand and perception go hand-in-hand and Red Bull’s daredevil reputation can be both an asset and a drawback.
30 | Australian Security Magazine
On the plus side, Robinson can stand in front of the host city’s police, civil defence, fire and rescue, and Government authorities beside a table of Red Bull and show them a video of race highlights and excitement simply builds itself. The flipside is dispelling myths and convincing them that he can meet their safety and security requirements. “A lot of what I do is manage perceptions initially and then, after getting some context, getting to know their requirements and expectations,” he explains. “Most of the planning process is about public safety, because the perception is that a plane will fall out of the sky and crash into the crowd – how are you going to plan for that? What are you going to do if it happens? These questions happen in every one of these locations.” He is also careful to scope the work so Red Bull doesn’t take on things they are not equipped to deal with. It defers concerns about national security, for example, to the local security intelligence agency but remains in partnership with them so the race operates within a framework that’s acceptable to the organisation. The toughest part is the diversity of locations, which gives rise to differences in culture and approaches to security across the host cities. Robinson says traversing this can be tough in terms of communication as well as implementing safety standards. The UK and the USA share similarities with Australia, but places like Asia and the Middle East require a more diplomatic approach to tease out the truth behind
‘face’, the polite but sometimes infuriating way of talking around a topic. And some countries simply do not have safety standards that meet Red Bull’s minimum requirements, so occasionally there’s education and training involved in employing locals. And let’s not forget the dynamic of public and private security personnel, which differs from place to place. “Globally there is funny dynamic between private security and law enforcement,” notes Robinson. “One of the first things I’ll try to understand is, locally, what is the expectations of private security and the expectations of policing?” Race around the world Despite the diversity of locations, the set up process for each race tends to run according to the same plan. Two weeks out from the first race day the Red Bull team descends on the host city and starts building the race infrastructure, which Robinson oversees from a work health and safety perspective. Five days out, in excess of 500 people – crew, pilots and teams – arrive ahead of the flying days, which includes a training day, a qualification day and then the race. In addition to work health and safety, Robinson’s role involves both setting up the command and control centre and overseeing asset protection. Command and control occurs on three tiers; race control (‘getting planes up to a race track and on the ground safely’), intelligence security (‘what’s happening outside the event site – a lot of it is traffic management and keeping the city flowing’) and emergency liaison (‘management of our guests in the house’). Asset protection occurs at both a physical level, for example reducing opportunities for theft or damage to the planes, which are worth around $750,000 each, but also at a brand level. In Robinson’s case, security is there to support the brand; any incident, from a work health and safety issue to an aviation incident, has the potential to damage the Red Bull name.
undercover rather than uniformed guards so the environment is less imposing, which will allow people to enjoy themselves more. It takes work, but eventually the strength of the partnership allows these concessions. This is my goal, to develop the relationship. I start as a stranger, sometimes a little bit adversarial because of people’s perception of what the event is, but I generally leave as a pretty good mate.” In more than 50 air races, there has only been one aviation incident, a pretty good record for so daring a promotional activity, though good safety and security of the event will not determine the sport’s longevity. “Fundamentally, the Red Bull Air Race is a motorsport but it’s about selling a little can,” says Robinson, who has no problem admitting his role is to support and protect the Red Bull brand. “If we don’t get that spike in sales after each event, the event hasn’t been successful according to the Red Bull board.” That’s the only thing that will continue to give it wings. Follow the race at www.redbullairrace.com Luke Robinson spoke as part of an event organised by ASIS International’s NSW Chapter. For more information visit www.asisaustralia.org.au
With more than 100,000 people expected for each event, and with a record 1.4 million people turning up in Barcelona in 2009, it isn’t a small piece.
Following the crowd The last piece in Robinson’s safety and security jigsaw puzzle is crowd safety. With more than 100,000 people expected for each event, and with a record 1.4 million people turning up in Barcelona in 2009, it isn’t a small piece. Again, protection of the brand via an emphasis on fun plays strongly here, from the ratio of private security personnel among the audience to the care of Red Bull’s two VIP areas, its Race Club and Sky Lounge, the latter being a high-end hospitality area for Government dignitaries, corporate leaders and celebrities. This is where Robinson’s negotiations skills come in. Host city authorities may want a ratio of 1:100 security personnel in the crowd, but Robinson will step in to find a happy medium. “When you have a crowd of over 100,000 people, that’s a lot of visi-vests in a public area, which affects the public’s perception of the event,” he says. “We’re negotiating the 1:100 by saying it’s not just private security but info staff as well. I always have in each area a team of six to twelve highly skilled security personnel with a bit of muscle but also a really good speaker who can then go around and deconflict issues.” Robinson adds, “And the personnel in Sky Lounge will be
Australian Security Magazine | 31
Mailbox Roulette: To be handled with care Exploitation of the postal system and mail services for criminal or illegitimate purposes is extensive. Bombs, poisons, drugs and extortion attempts can all be delivered through the postal service, reducing the need for an offender to be physically present during an attack. By Clint Tomlinson
ail and parcel bombs in particular, saw an upsurge in popularity with terrorist groups in the 1970s, and have since experienced periods of peaks and troughs. Offenders have ranged from drug traffickers, organised crime groups, extortionists and jealous lovers to revenge seekers â€“ targeting a range of individuals, officials, politicians, companies and buildings.
History 1994: Detective Sergeant Geoffrey Bowen was killed when he opened a parcel delivered to the Adelaide office of the National Crime Authority (now the Australian Crime Commission). The attack was linked to the world of Italian-Australian organised crime and the marijuana trade in Australia in the 1970s and 1980s. 2001: The United States experienced a number of Anthrax attacks over several weeks beginning immediately after the September 11 attacks. The letters were mailed to several media offices and two Democratic US senators, killing five people and infecting 17 others. 2013: A parcel bomb exploded at the residence of a
32 | Australian Security Magazine
judge in Athens. The device had been placed in a folder for documents and delivered to the judge who was involved in a case against a terrorist organisation. The judge identified that the package appeared suspicious and threw it on the floor where it exploded. 2014: Six packages containing white powder were discovered in Western Australia addressed to the Premier, Treasurer and to The West Australian (the offices of the Stateâ€™s daily newspaper). Tests on the powder revealed it was not hazardous and at least three of the packages contained a typed threat notifying of further attacks.
Mail security risk Organisations must be mindful of what is being delivered to their mail room. In an ever increasing digital age where online shopping is becoming more and more prevalent, personal deliveries to the work place are becoming widespread. Without appropriate procedures in place and sufficiently trained mail room staff, an organisation is accepting a greater risk to personnel safety. While mail bombings and anthrax attacks may appear
unlikely, particularly within the private sector, it is important to consider the risk profile of a company and implement appropriate risk management principles identifying the likelihood and consequence of an attack. Judges, lawyers, politicians, police and other public servants may all be at higher risk, as they interact with the criminal community on a more regular basis. Private companies on the other hand, should consider the risk of a rogue offender, jealous lover, recently terminated employee or a drug or mental impairment. The risk and public profile of a company may change rapidly and may be associated with staff turnover, new or existing projects or the public nature of company activity or incident.
Delivery red flags Mail and packages sent within Australia undergo limited screening, with the primary focus given to delivering the mail to the correct address in an appropriate time frame. Express post in particular, is subject to limited screening procedures and provides an avenue of transport for illegitimate and illegal products. Although the postal service implements appropriate policies, procedures and risk management practices when identifying and investigating hazardous and suspicious articles, and liaises with local law enforcement authorities, the risk of hazardous materials transiting the national mail service is much higher when compared to international deliveries governed by border protection and customs agencies. Recent incidents in Western Australia were only identified after the mail had been delivered, and by chance when a sorting machine tore an envelope in the mail sorting centre, revealing its contents and raising the alarm. In the case of letter bombs, packages do not normally contain timing devices, as the mail is too unpredictable for timing devices to be practical. A device which transits the mail is subject to rough handling and therefore letter or parcel bombs must be robust and are generally victim activated, ie, by opening it or removing it from its package. A variety of possible methods of delivery for letter and parcel bombs or contaminants are possible, for example: • They could be sent through the mail; • They could be personally delivered by the offender, paid messenger, or professional courier; or • They could be placed by the offender or a designate.
Risk identification It is important at an organisation level to ensure the people handling the mail are appropriately trained and remain vigilant and cautious. All employees handling mail items should be aware of the potential threat and emergency procedures for identifying and responding to suspicious articles, to ensure the safety of the organisation and its people. Any dangerous or hazardous items should be immediately reported to local law enforcement authorities. Hazardous materials may be packaged in a variety of ways, with size characteristics ranging from small envelope and cigarette packet size to table size. Previous incidents have seen hazardous materials disguised as letters, books, lollies, figurines, small statues and greeting cards. It is important
for people receiving mail not to fail to consider additional warning signs if the offender has been clever enough to use a return address familiar to the target. The Australian Bomb Data Centre (ABDC) provides recognition points for the identification of suspicious mail. The acronym EXPLOSIVE PARCEL is used to enhance identification and recognition for mail personnel and includes the following identification points: • Excessive securing material; • Xcessive weight; • Protruding wires or tin foil; • Lopsided or unevenly weighted; • Oily stains or discolouration; • Stiff or rigid envelope; • Is the package expected; • Visual distractions; • Excessive postage. • Proper names or title – not or incorrectly used; • Address – handwritten or poorly typed; • Restrictive markings – Confidential, For Your Eyes Only; • Common words misspelt; • Either unusual or of foreign origin; • Lacks address of sender. The ABDC advises the most common recognition points in Australia have been excessive weight, excessive securing material, unknown source, lopsided or uneven envelope, protruding wires and excessive postage.
Conclusion The majority of drugs and other illicit materials that are identified transiting the national postal service are identified from their smell and or poor packaging. Effective communication with local law enforcement also identifies higher risk periods when drugs and other substances are more likely to be sent. However, as the primary goal of the postal service is to deliver mail in an appropriate time frame, it is important for security personnel to ensure mail room employees are well trained and remain vigilant when handling incoming and outgoing mail. Effective and early identification of suspicious articles and hazardous materials can reduce the likelihood of an incident and limit the consequences of that incident through a corporate environment. Appropriately trained and prepared personnel supported by effective response policies and procedures will enhance the preparedness of an organisation in the event they encounter illegal and or illegitimate activity using the postal or mailing service. About the Author Clint Tomlinson is a Security Consultant at Amlec House and has conducted a range of risk management, organisation and corporate security, CCTV and public safety projects for a variety of public and private clients. Clint possesses a Bachelor of Science (Security) with a Major in Management from Edith Cowan University.
Australian Security Magazine | 33
Silent stalker: Who are the victims of big data? The explosion of big data and the proliferation of tools to analyse vast amounts of information leads to many questions, the primary one being; what are the ethics behind data analytics?
B By Adeline Teoh Correspondent
een comparison-shopping on the web lately? Chances are, whatever you’ve recently looked at will start to follow you around as you catch up on your favourite blogs. If you’re lucky, the ads will be quite useful; you’ve just bought a camera and now the ads are showing camera accessories you might like to purchase. Occasionally, you’ll get legacy junk that is not helpful at all; once, after hiring a car in Hawaii, I came home to an inbox full of Hawaiian car rental deals. If the prospect of your favourite search engine knowing more about you, than even you do, is a scary thought, here’s something more frightening; paired with open data from Government records and the small, seemingly inconsequential details you give freely through social networks, anyone can form a complete profile of who you are, what you do, what you like and whether or not you’re likely to buy Taylor Swift’s latest album. (Even if you pretend to your friends and colleagues that you don’t like Taylor Swift). Commercial interests Organisations use big data under the guise of being helpful, but it’s a soft form of exploitation says Katina Michael, Associate Professor in the School of Information Technology and Computer Science at the University of Wollongong. “Initially it’s about convenience, then it’s about customer care and then it’s about control. All companies start off with ‘I’m doing this to make life easier for you’, then they move
34 | Australian Security Magazine
towards the rhetoric ‘I’m doing this because I care about you’,” she explains. “Companies are there to make money. We should not forget that. There’s nothing wrong with making money but we mustn’t allow them to think ‘because I exist for profit maximisation, I can conduct predatory practices to get more money out of each individual’.” Frank Buytendijk, Research Vice-President at Gartner and author of Socrates Reloaded: The Case for Ethics in Business & Technology, says the issue centres on the individual becoming data sets and the commoditisation of that data. “If you don’t buy the product, you are the product. It’s easy to say ‘evil Facebook, they are trying to get as much data out of me as possible, that’s why they have these shitty privacy settings,’ but the reality is more complex. It has to get paid from somewhere, so obviously there’s another stakeholder – the advertisers.” But just like Michael, he adds that that doesn’t absolve them from addressing the ethics behind data analytics. “That doesn’t mean you can exploit. If you go too far with that, people will see even though it’s free it’s just not worth it and then they will walk away. If there’s no value symmetry it won’t work.” It’s this value symmetry that forms the crux of an ethical argument. The first part is really about who benefits from the data and how they benefit. At the moment there are a number of businesses making a profit and you, the data and consumer, are certainly being short-changed. Buytendijk says the ethical thing to do would be to start with transparency, where
businesses reveal what they know about an individual. “In principle you should be willing to share the profile that you have of a user with that user. If there’s a page somewhere that you can log onto with all the data they’ve collected about you and what they deduce from that, what it means to them, with a value of $X, that is when you start to build in the idea of symmetry,” he says. “Then, share the profits.” Michael agrees that individuals should get a cut. “I’m giving this data away and someone else is making money from me. If you want to use my data, give me a few cents from the profit you’re generating, come clean on your privacy policies, and come clean about how you’re securing my data.”
found, most of which are around infrastructure development. A lot of people in less developed countries have huge mobile telephony usage. I want to see where we can crowdsource information and help the needy, where we need to develop infrastructure.” In the end, whether you care about what Google thinks of your choice in music is up to you. But in this technologically driven society it is nearly impossible to go ‘off the grid’ when from birth you’re put on a register and you need everything from an email address to a bank account just to gain employment. Buytendijk says, “If we recognise there is no choice, then that comes with a certain responsibility.”
Beware of the share
For more information
The second part of value symmetry pertains to control of the data. Again, Buytendijk believes this should be user-led; the individual not only sees that they’re fairly represented by the data, but it also creates buy-in and a more reliable data set. “Why not make data updating part of the continuous action you have with a customer? What you’re left with is a better qualified database.” At this point in time there is almost no way of knowing which organisation knows what about you, which gives rise to the possibility that inaccuracies could be harming you in ways you don’t realise. Michael says decisions based on data affect some of the most vulnerable people in society – the sick, the elderly and the young – so that data needs to be clean. “I’m worried about dirty data, after you’ve collected all this information on the individual, how accurate is it? If a decision is being made about X or Y – remember the debacle about Cornelia Rau? Suddenly she ends up in a detention centre. That was in 2005. These anomalies happen.” Problems also arise when the data is used for a purpose other than the one for which it exists. “Security is not just about making sure that the data doesn’t get stolen, security is about making sure that data gets used in the intended ways, which is beyond access control,” Buytendijk says. “It’s metadata; for what purpose was this data measured? For what purpose can this data be used? If you want to use the data for other purposes then there should be permission sought on a case-by-case basis.” This is not just a case of your favourite ticketing website asking if they can tell third party marketers that you like Taylor Swift, it is much more serious than that, says Michael. “People forget that World War II was not even 100 years ago and they forget how certain segments of the population were segregated. I’ve interviewed survivors from Auschwitz and they won’t fill out a census form. They don’t want to mention what religion they are and that comes from the risk of being exploited.” Better uses for data The other ethical question raised about big data is with regard to what it is not being used for – to help the needy. In other words, profiting from consumers is an opportunity cost for other more worthy uses of data analysis. “We’re thinking about the cream of the rich instead of making life better for all,” notes Michael. “When we look at collective intelligence, there are definitely benefits to be
This topic has a number of complexities covered in numerous papers. Here is a starter pack to give you a foundation: Australian National Data Service: ands.org.au David Vaile, Adjunct Lecturer, Executive Director of the Cyberspace Law and Policy Centre at the University of NSW: www.law.unsw.edu.au/profile/david-vaile Frank Buytendijk: www.frankbuytendijk.com Katina Michael: works.bepress.com/kmichael Marcus Wigan, life member of the Australian Privacy Foundation: www.mwigan.com Roger Clarke, chairperson of the Australian Privacy Foundation: www.rogerclarke.com Sally Applin, author of the PolySocial Reality model: posr.org The Common Data Project: www.commondataproject.org
Case study: Transactions in Thailand Your bank may know almost everything about you, but will it use big data for your benefit? According to this case study, yes. Global bank fraud is a multi-billion dollar industry. Financial institutions have been working hard to implement technologies which better protect them and their customers. Fortunately, this is one area where big data can make a significant difference. If somebody’s card is being used to take out money in Bangkok when they have never been to Bangkok before, that may be a red flag in terms of fraud detection, but does a bank want to leave somebody stranded in Bangkok without money? Fraud detection relies on relational data and non-relational data. Our banks know where our home branch is and they know within a standard range of incidences how often we take out money or use our cards. They know where we work and the types of transactions we make most commonly. But the nature of human beings is that we do not always stick to the path most travelled. For every transaction, a bank or a card issuer dynamically analyses data and weighs up the risk of fraud. There are many types of data, unrelated even to the individual which can quickly be referenced – in split seconds thanks to the power with which big data is processed – from data relevant to that individual, such as past travel habits, to data relevant to the nature of the suspect transaction. If the card is normally used in Berlin it will be relevant to analyse current trends of German-registered cards being used fraudulently in Thailand, for example. The quick answers derived from the data reservoir may suggest, however, that this is a customer who often goes on holiday at this time of year and the recent data created by the card may suggest it has been offline long enough for the owner to have flown to Bangkok in the intervening hours. Recent transactions at Berlin airport may support the theory they are on their travels. They may never have been to Bangkok before but their profile may be very similar to others who have, and their transaction may be well within the normal bounds of their financial activity when on their travels. As such, no red flags are raised and the transaction continues. The customer goes on to enjoy the rest of their holiday. An extract from Oracle’s ‘The World of Big Data’
Australian Security Magazine | 35
Cybercrime: Not a matter of ‘if’ but ‘when’ Cyber attacks against information security systems can be some of the most pernicious and challenging threats facing modern business. The volume of a typical organisation’s internal operations and external transactions conducted online, and the amount of data stored digitally, means all modern businesses are potential targets. Given the severe financial, operational and reputational damage that can ensue, companies, banks and financial institutions are not required to publicise that they have been victims of cybercrime, leaving few cases of crime to learn from.
Courtesy of PwC
his may explain why cybercrime is the most misunderstood economic crime. It may also explain why the level of perceived risk posed by cybercrime to organisations is low and why the controls put in place can vary widely. “Many companies don’t fully appreciate the risks of cybercrime to their business until it is too late,” says John Donker, Lead Partner Forensic Services, PwC China and Hong Kong. The 2014 PwC Global Economic Crime Survey (GEC Survey) may be instructive here. (http://pwc.to/ QTfy8w). Launched in February and based on polling of more than 5,000 executives worldwide, the survey sheds light on a number of issues pertaining to economic crime facing organisations across almost 100 countries and territories worldwide. Issues covered include the perception of cybercrime related risks and costs. Of Hong Kong and Macau-based respondents who encountered economic crime, 37 percent said they had experienced cybercrime. Only 14 percent believed that they were at risk of cybercrime in the next two years. In addition, 45 percent of Asia Pacific respondents said they had perceived the risk of cybercrime to have increased during the previous two years, and 26 percent expected to encounter it again during the next 24 months. Regional perception of the risks of cybercrime has increased during the past 24 months “Countering the cyber threat begins with an honest assessment of an organisation’s information security capabilities, including asking hard questions of their
36 | Australian Security Magazine
information security systems and strategies,” says Megan Haas, Partner, Forensic Services, PwC China and Hong Kong. “These questions include whether the organisation is making best use of precious information security budgets and looking at the problem holistically.” According to the PwC Global State of Information Security Survey 2014 (GSIS Survey; http://pwc. to/1h8ON6b), the number of detected security incidents in 2013, (defined as adverse incidents that threaten any aspect of computer security) increased by 21 percent n Asia Pacific. Of course, this could be seen as a positive development and point to organisations improving their capabilities to detect security breaches, if it were not for the fact that the number of respondents who did not know the frequency of these breaches also increased. In addition, the average reported cost of these incidents increased by 25 percent globally, while nearly a quarter of respondents reported losing data as a result of security incidents. Implications for organisations Lessons can be drawn from these surveys and from the experience and observations of PwC’s specialist information security consultants and forensic accounting and technology teams. Firstly, information security is most effectively handled when the risks are viewed as an organisational threat. Organisations should identify their most valuable data, know where it is stored, monitor who has access to it, and prioritise resources accordingly. Secondly, suppliers and business partners should be strongly encouraged to adhere to organisations’ security policies and practices.
In addition, educating workforces to be aware of the threat posed by cybercrime is crucial in an age of social media scams and social engineering, where attacks can be extremely subtle or disarmingly bold. “The high-tech security breaches where hackers defeat state-of-the-art firewalls have long been glamorised by the media and the big screen,” says Ramesh Moosa, Lead Partner, Forensic Technology Solutions, PwC China and Hong Kong,. “Cybercrime is borderless. Organisations are not being attacked by computers but by people attempting to exploit human frailty as much as technical vulnerability. ” Indeed, one of the most worrying trends threatening organisations’ information security highlighted by the GSIS Survey is the threat posed by employees. Most respondents to the GSIS Survey attributed security incidents to insiders, and regarded criminal activity by employees (and former employees) as a more prevalent threat than the headlinemaking, but less frequent, external threats. This might be deliberate dishonesty on the part of the employee, but it might equally be the result of error or manipulation by external parties. (Interestingly, this concern was echoed by respondents in some key markets to PwC’s GEC Survey. For instance, Mainland China-based respondents who had encountered economic crime said that the perpetrator in almost four out of every five cases was an employee of the organisation in question). The 2014 PwC Global Economic Crime Survey and the Australian experience The growing number of reported instances of cybercrime remains a key theme of the 2014 GEC Survey in Australia, just as it was in the 2012 GEC Survey, according to Australiabased respondents. Awareness of the issue has also grown significantly with 73.4 percent stating that their perception of cybercrime risk has increased since 2012. The Survey’s findings also suggest a greater awareness of the range of cyber threats and effects, particularly on corporate reputations. In addition to cybercrime and in line with the global trend, Australia-based respondents also reported increasing procurement process fraud, often associated with bribery. This is reflected in the increasing numbers of incidents of corruption involving the bribery of employees and subsequent fraudulent overcharging by suppliers and contractors, particularly in the construction and mining industries. Offshore risks, particularly related to corruption and regulatory action, are another increasing area of focus for Australian organisations with operations offshore. While enforcement of Australian regulations around this issue is arguably not as robust as in some other economies, Australian respondents report that they are well aware of the reputational risks of getting it wrong. Many are performing detailed risk assessments and additional due diligence procedures on business partners, agents customers and employees. The two sides of technology If misuse of technology can pose serious challenges to organisations, technology can also be used to great effect in the fight against fraud, cybercrime and money
John Donker, Lead Partner Forensic Services, PwC China and Hong Kong.
laundering. Data Analytics, for instance, is widely used in many global markets to detect economic crime. Data Analytics can be used to take complex analysis normally hidden on a spreadsheet and present it in a dashboard format using charts, bars, graphs, maps, and assorted graphics. This flexible technology can be tailored to meet specific needs. Banks and financial institutions use it to monitor financial transaction trends such as credit card usage, for instance. However, the GEC Survey suggests that organisations across Asia Pacific, and in key markets of Hong Kong, Macau and Mainland China, may not be making use of this technology to detect internal economic crime as much as they could. At PwC we are building an extensive Data Analytics capability across many markets in Asia Pacific. Our experts can help clients gain much greater insights into red flags, and to monitor any suspicious transactions or patterns of behaviour. They can also draw on capabilities and support from specialist forensic technology centres in India, Hong Kong, and China and from elsewhere to support clients should the need arise. Use of Data Analytics and Suspicious Transaction Activity combined with effective risk assessments can help better prepare organisations for the inevitable breach. But if, as the GEC Survey suggests, some organisations in Asia Pacific are not taking full advantage of these technologies and are not conducting risk assessments as often as they should (or indeed at all), then they may be missing out on invaluable and cost-efficient tools in the fight against information security breaches and economic crime.
Megan Haas, Partner, Forensic Services, PwC China and Hong Kong.
Ramesh Moosa, Lead Partner, Forensic Technology Solutions, PwC China and Hong Kong
Most serious economic crimes detected via data analytics/suspicious transaction reporting Many organisations are still trying to fight today’s battles using yesterday’s tactics. “Cybercrime and the threat to information security are not strictly technology problems; they are also, process, and people problems,” says Megan. The next step for many businesses is to ensure that information security strategies better reflect and counter these different threats.
Australian Security Magazine | 37
The commercial argument for security technologies Technology is having an enormous impact on our lives. It is changing how we work, how we socialise and how we communicate. There can be events occurring on the other side of the planet and we can watch them unfold in realtime on our tablets and Smartphones.
By Luke Percy-Dove
echnology is also having a significant impact on the security industry; in a positive way. If you keep up-to-date with market forecasts, the electronic security market is forecast to experience double digit growth until 2020 and beyond. It is as much about IP communications and systems integration today, as it is about alarm inputs and outputs. Business is learning that security technologies can bring efficiencies in areas outside of security and even generate some return on investment. This was unthinkable not so long ago. Technology versus people power A large part of a security consultantâ€™s role is helping businesses overcome their security challenges, whatever they may be. A review conducted late in 2013, for a council property, had all the usual challenges that most council depots experience. They were losing vehicles, parts and equipment on a semi-regular basis and realised their current security practices had failed. When a security review is undertaken, there are generally a lot of questions; this is to not only understand what does and doesnâ€™t work from a security perspective, but also to challenge convention. However, the security industry, by nature, is a pretty conservative group. During the review process, it was apparent that a couple of key issues had to be managed better than they currently were. Alarm events could not be verified quickly enough and alarm responses were too slow to influence the outcome. The client explained that the typical alarm patrol response
38 | Australian Security Magazine
would take up to 45 minutes or more, which meant that alarm verification also took that long. Until the patrol officer arrived, there was no understanding of what, if anything, had actually occurred. Has the security industry been caught napping? Patrol and alarm-response services have been popular with businesses for 80 or so years, and not much seems to have changed. Patrol officers in cars driving to and from premises, night after night diligently checking that doors and gates are locked and all is well. In the event of alarm activation, the patrol car will leave the patrol route and investigate the alarm event. If the patrol officer holds keys, they will often do an internal inspection of the premises, but for many buildings it will just be the outside of the building that is checked. The client also explained that they would on average have three or four alarm events, and the subsequent patrol attendance, each and every week. They also contract the same alarm response company to undertake regular patrols of their depot and other council buildings. What was clear was that their investment in security patrols and alarm-response services was in the tens of thousands of dollars a year, every year. Every client is different in terms of the required risk management strategies. Patrols and alarm-response for some applications may add enormous value. In this case they were proving quite futile, particularly when something like 95 percent of all alarm attendance are associated with false alarms.
Is deterring crime good risk treatment? The arguments for patrol services is that they provide a deterrent to criminal activity because their routes are somewhat ad hoc, meaning they don’t arrive at the client premises at the same time each night. Great in principle, but how do you measure it? How do you know if it is an effective risk treatment or not? The word deterrent comes up a lot as well with CCTV. Experience and industry knowledge tells us that if you put the right camera in the right place with the right lens, the outcome is a given. You know exactly what you will get. The deterrent factor is virtually impossible to qualify. Is having a CCTV camera looking at a doorway going to stop somebody from breaking in? It probably comes down to the motivation and confidence levels of the individual, rather than the presence of a CCTV camera or an ad hoc security patrol service. The alarm verification and response process is problematic, particularly when it takes as long as it does. From a risk management perspective, 45 minutes or more is a very long time and unlikely to provide any real value, other than give the client a trained resource to investigate on their behalf. Many alarm attendances are false alarms – this is across the industry. This particular council had nearly 200 alarm response attendances during the past year associated with their council depot. Just seven of those attendances were for genuine intrusions. Solutions are not as expensive as you may think Technology can have a positive impact and start to add some value in this given application. It comes down to establishing a reliable intrusion-detection system that includes real-time alarm verification capabilities. If the event can be confirmed as genuine, send security patrols and notify Police. Police will usually attend if a perpetrator is confirmed to be on site. If it’s possible to remotely investigate the alarm and verify it as a false alarm, there’s no need to send the patrol response, saving the $80 attendance fee in the process. To achieve this, it may mean some investment in strategically placed CCTV cameras to provide the level of coverage required. The beauty of modern CCTV cameras is that the Video Motion Detection (VMD), that now comes with many systems, is of a very high standard. It allows the cameras to not only witness and validate intrusions, but will provide additional detection capability as well. Using CCTV, virtual fence lines can be established that will allow detection inside the building perimeter, but can be programmed to ignore pedestrian and vehicle traffic outside the facility. Remote monitoring services are not expensive either. There are any number of graded control rooms that have the infrastructure in place to provide high quality, remote CCTV monitoring. The actual cost of the service would be recovered in six weeks of alarm attendances for this particular council client. Remote video monitoring allows operators to know within 90 seconds if the alarm event is genuine or not and if it requires escalation. Ninety seconds is a whole lot better than 45 minutes.
There may be some capital expenditure required to achieve the appropriate level of CCTV coverage. But again, when the combined costs of patrol and alarm attendances add up to what they can each year, an ROI period of two to three years is probably not unrealistic. There may be some capital expenditure required to achieve the appropriate level of CCTV coverage. But again, when the combined costs of patrol and alarm attendances add up to what they can each year, an ROI period of two to three years is probably not unrealistic. For sites that have existing CCTV systems as many do, the financial return could be much faster. Technology is getting smarter and cheaper Technology, market growth and the enormous number of CCTV vendors in Australia means the real cost of CCTV is coming down. CCTV systems are also getting smarter, with added features like License Plate Recognition and Biometrics becoming common in even the traditional DVR/NVR space. It’s no longer necessary to buy an enterprise level Video Management System to get features that can really add value, from both a detection and investigative perspective. VMD, Left Object, Removed Object and People Counting are becoming standard features of CCTV platforms that cost just AU$3,000 or $4,000 today. Many include mobile applications, enabling remote monitoring of the security and CCTV systems from anywhere there is mobile or internet coverage. CCTV has traditionally been about post incident investigation. The level of intelligence now built into many systems means CCTV can play a far more proactive role in securing commercial property. CCTV can be the alarm system, the impartial witness and the alarm verification service in one modular piece of hardware. The commercial argument for the use of security technologies over more traditional security practices has never been more valid, and in many instances will provide the client with a better outcome. About the Author Luke Percy-Dove is the Director and Principal Consultant of Matryx Consulting. He has been involved in the security industry for more than 19 years and has held senior advisory and management roles within national organisations. Holding qualifications in security and risk management, electronics and networking, Luke’s diverse industry experience includes perimeter security design for Government agencies, correctional facilities and defence applications. Luke has also designed large-scale networked security solutions for commercial and local Government applications throughout Australia. Luke is a licensed security consultant in Victoria, New South Wales, Western Australia and Queensland.
Australian Security Magazine | 39
The beginning of the end: Public Safety Initiative - Ipswich City Council The early 1990s invigorated various initiatives in public safety, from Crime Prevention Through Environmental Design (CPTED) to community partnerships, educational programs and the then, newly arrived Closed Circuit Television (CCTV) systems. By Larry Waite
40 | Australian Security Magazine
rowing community concerns throughout much of the country were raised on issues being from the lack of police presence and the amount of juveniles that were freely roaming the streets unsupervised. Youths were commonly observed loitering all hours of the day and night, frequently under the influence of alcohol or other substances. Fighting and assault were becoming all too common and many public spaces were now being construed as unsafe by communities. The lack of lighting in some areas were deemed to increase incidents of violence and a lot of public spaces with many buildings acting as gathering points for would-be and opportunistic offenders. The perception of crime was also high and affected how the community as a whole utilised public spaces and retail areas. The experience in the Queensland city of Ipswich was no different and Ipswich City Council decided to commence its own public safety program, with the assistance of various community groups, police and consultants. They would devise and provide support for a range of long term community safety issues within public spaces. The Councilâ€™s vision was to instigate a strategic plan and adopt a mission and vision for the city that would enhance the living, working and recreational environment of Ipswich, in addition to providing efficient and effective client focused services to its community. Ipswich City Council had previously hired part-time
security in the Central Business District (CBD) and it was noted that since the introduction of security, there appeared to be a decrease in anti-social behaviour and crimes of opportunity. In January 1994, Ipswich City Council determined to address safety and security issues in its CBD. At the time, the business community generally agreed on common issues, mainly being the lack of both police and police response, taking on average 22 minutes. A consultant was engaged and an intensive security audit was carried out, as well as, various meetings with community groups, including police, local businesses and residents. One such meeting at the time was with a local youth group who indicated they had a fear of using the city. Their main fears were of being assaulted and robbed. They also felt that alcohol played a major role in this unacceptable behaviour. At other meetings, businesses voiced concerns that loitering youths negatively impact on their business and groups of youths appeared intimidating to older members of the community. A committee was established comprising of recognised key stakeholders, including representatives from Ipswich City Council, police, community groups and businesses. Round one of the program was to have an immediate presence in the streets, particularly of an evening with not only increased police and security patrols, but representation of community
groups that could engage with youth to offer assistance and advice where required. This engagement by the community groups would lead to assistance with many issues including employment, drugs and alcohol, domestic violence and accommodation needs. Hotels and nightclubs were also recruited to assist in the reduction of alcohol related violence which would be achieved through the responsible service of alcohol and critical communications with the police and security patrols ensuring patron safety. To overview and assist with deployment of security and police response, a series of cameras were also installed. These cameras were to be monitored 24 hours a day, 7 days a week, and were to be proactively engaged by the operators, that is, the operators would methodically select each camera and utilise the pan tilt zoom (PTZ) function to analyse an area ensuring the protection of the public and its property in public spaces. If anti-social behaviour or activities were determined by the operator to be a threat to public safety, or indeed an offence, the matter was reported to security and or police for attention. The system at the time (initially nine cameras) was recorded on VHS tape and kept for 30 days. This would, during the next 20 years, grow exponentially into one of the countryâ€™s largest and most successful Public Safety Surveillance Systems. A strict governance procedure on the release and viewing of footage was also implemented to ensure that both evidence and privacy concerns were met. Each of the operators was to be licenced security personnel with additional training in detecting and determining what constitutes an offence, as well as public nuisance or public disorder. Very quickly the cameras proved to be a valuable tool in the detection of crime and a key component in assisting police with the prioritisation of a response to an incident or situation. Within a few months, a new control room had been completed to house not only the CCTV operators (Safe City Monitoring Facility), but a shared area with Police, being the first Ipswich Police Beat Office. The area set aside for the control room was ergonomically set up to ensure that monitors were 2.5 times their diameter away from where the operators were seated and that images were of a high quality to provide accurate details and identification of any would be offenders or suspects. These images were also cabled up live to the Police Communications room to assist with the prioritisation of responses after hours. During the day, police were stationed in the front area of the Monitoring Facility, the Police Beat, and made for a rapid response to an incident. This relationship was so effective that the police response time quickly dropped from the average 22 minutes to within two minutes. In the first few months, break and enters into businesses were observed by the CCTV operators almost every weekend. This soon stopped, as did bag snatches, car thefts and public order offences. The courts in Ipswich found themselves immersed into the â€˜newâ€™ technology that is CCTV and for the first time, could actually see the ferocity of an assault and the intent of an offender. This made for more fitting sentencing and in-turn public awareness of offenders being caught and
Australian Security Magazine | 41
‘Ipswich City Council’s Safe City camera system is now rolled out to many public spaces throughout some 12 suburbs of Ipswich. The cameras view literally thousands of locations, with trained operators constantly engaging the cameras 24/7, scanning for anything that is a danger to the public or property.’ duly sentenced. The implementation of better lighting, clear sight lines coupled with more cameras followed, as did the reduction in the perception of crime. In 2005, the Safe City Monitoring Facility and the Police Beat Office were relocated to a much larger, 300 m2 building. The new fit-out did away with the matrix system and eventually, video tapes. Modern digital head ends, complete with a Video Management Systems (VMS) and Network Video Recorders (NVR) were now in place. A path forward with communications was sought and optical fibre connectivity was elected as the main means of transporting the three, five megabytes per second (Mbps) images from each camera, now numbering well over 100. During the years that followed, fibre paths were tunnelled back to the new facility ensuring optimum image quality with no visible latency. A CCTV operator’s dream. Moving on 20 years later, the Safe City Monitoring Facility now has approximately 240 public safety surveillance cameras on a standalone, predominately fibre network. There are another 280 mainly static cameras that are protecting council’s assets. These are on a different network and record to a series of local Digital Video Recorders. These are for a more reactive approach to security as opposed to the proactive engagement that the Safe City Monitoring Facility employs. Ipswich City Council’s Safe City camera system is now rolled out to many public spaces throughout some 12 suburbs of Ipswich. The cameras view literally thousands of locations, with trained operators constantly engaging the cameras 24/7, scanning for anything that is a danger to the public or property. The cameras range from analogue to digital (High Definition) with a Network Video Recording system now encompassing approximately 200 terra bytes (TB) of hard drive storage. Each of the camera’s images records digitally in full 25fps, D1 (4Cif ) quality and are streaming somewhere between 3.5Mbps and 5.5Mbps each. The Video Management System allows for ease of image archiving and retrieval. The video wall houses some 28, 52” screens split into sixes, allowing for up to 168 cameras to be viewed on the wall at any given time. During the years, Safe City has proven that a six screen split on each 52” screen, as opposed to a nine or 12 is more efficient and effective in the identification and detection of incidents. Many considerations attributed to this finding, including the distance from the seats to the monitors, as well as the angles and heights of the screens. A running computer log of incidents, observations, radio and phone calls as well as visiting guests is kept by operators. This permits statistics to be generated on a regular basis to assist police with the allocation of resources, as well as the
42 | Australian Security Magazine
Safe City Program in determining new and emerging hot spots and areas or other areas of concern. The cameras, like a security net thrown over an area and with each knot in the net being a camera, has assisted police numerous times in identifying suspects and apprehending criminals. In fact, there have been more than 7,000 arrests as a direct result of information received (and footage) by the Safe City Operators since its inception in 1994. In some more serious cases, footage captured by the cameras have assisted with placing a suspect in the vicinity of the crime or establishing a time line. This has been successful in at least two murders, though not occurring in the camera coverage areas, the footage could clearly identify the time and place of a suspect or victim as they travelled through the safety net of cameras and assisted police in creating a timeline of events. The usefulness of CCTV footage for police prosecution and investigation purposes has become a standard in today’s policing and is utilised on a daily basis. In Ipswich, footage is reviewed hundreds of times a year by police and an average of 30 incidents are requested per month by police for investigation and or prosecution purposes. Every year Ipswich City Council’s Safe City Monitoring Facility reports more than 1,500 incidents in regards to public safety and it’s not all crime. The facility often locates missing people, animals that may cause harm to themselves or others, such as a deer running down the main street or a snake on a footpath, to burst water mains, loads that have fallen from vehicles, flood water monitoring and many more – too numerous to mention. The offences detected differ greatly from yesteryear, with most offences detected now being public nuisance, drink driving or locating a wanted person. With the success of the CCTV and policing strategies, Ipswich no longer has a need for night time security patrols and has seen a major decrease in the seriousness of crimes in the camera coverage areas. The perception of crime has been greatly reduced with the assistance of carefully designed public spaces with clear sight lines and sufficient lighting, a consistent police presence and alert CCTV operators. Although crimes are still detected, the installation of the CCTV system in Ipswich has greatly reduced this and as a result, made Ipswich one the most sophisticated CCTV systems in the country and one of the safest shopping environments in Queensland. About the Author Laurence (Larry) Waite, Safe City Security Coordinator, has performed services within the security industry for more than 25 years. He is specialised in CCTV and has performed services for the Ipswich Safe City Program since 1994. He has also worked with organisations such as the Brisbane City Council’s City Safe Program, Queensland Rail, Southbank Parklands, Swanbank Power Station and Arthur Gory Correctional Centre. Larry has received a range of commendations and letters of appreciation for his professionalism over the years, including for his services in assisting the Queensland Police Service, Crime Stoppers and City of Ipswich.
Available online! See our website for details
1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE
6 print issues per year for only $88.00 SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, 6 issues (1 year). ☐ ☐
Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag), 6 issues (1 year).
No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.
Salutation: __________First Name: __________________________________________
Please find enclosed my cheque/postal order (made payable to MySecurity Media )
for $ __________________ or debit my:
Job Title: ______________________________________________________________ Company: _____________________________________________________________ Postal Address:__________________________________________________________ Suburb: _____________________State: _________ Postcode: ____________________ Country: ______________________________________________________________ Email: ________________________________________________________________
Card Holders Name: __________________________________________ Signature: _________________________________________________
Interested in our e-news service? Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)
Expiry Date:________________ Todays Date: ______________________
PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155
FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059
GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056
Australian Security Magazine | 43
Honeywell Building Solutions Feature
Evolution of integrated security By Michael Brookes Honeywell Building Solutions
e live in a world where technology has become part of our lives, enabling us to do more and more with less and less. Our personal devices, Smartphones and iPads, provide a single interface to an unlimited range of applications. This trend is also happening within the corporate environment. Once disparate systems now reside on a common IP network, providing the availability and access to information across multiple business operations. Immersed in the world of technology, security systems are evolving quickly – offering more features and greater levels of integration. Indeed, security systems work best when functioning as a holistic solution to meet site-specific risks, where their full potential can be realised. This often means that the security system is integrated with other systems such as Electronic Visitor Management, Lighting, Fire Alarm, Elevator Control and even corporate IT applications. This is identifying and driving a range of business benefits, including reduced hardware requirements, improved workflow management and more effective use of personnel. One of the main challenges security managers face is that companies often focus on quick returns on capital investment, rather than the collateral long-term benefits from investment in security. Although a typical investment case may be made on the basis of risk management, demonstrating what value an integrated security system will bring to the wider business is more likely to generate interest and support from senior management. They will naturally be looking for profitability as a benchmark of success. With the implementation of integrated building solutions, operators across industries have experienced the value of leveraging security technology to increase efficiency and streamline workflows. On a wider organisational scale,
however, we are increasingly seeing these systems deliver benefits to other areas of the business outside of security. Creating links across the business provides opportunity for revenue generation for the business. By getting buy-in from other departments and stakeholders within the organisation, security managers can begin to formulate a business case for investment that goes beyond security risk aversion. Whilst the level of sophistication will vary in accordance with budget and requirements, given the modularity of today’s security offerings, it is now much easier to steadily build up an integrated solution in line with requirements and budget availability. Organisations can implement different parts of the core access, video and intruder systems over time, knowing that they are interoperable, and can eventually be combined into a holistic security system. So an integrated solution is now within any company’s reach and is undoubtedly the new standard for modern security applications. Beyond the security need With a focus on improving business process management, Honeywell Building Solutions has been contributing to this change by looking holistically at how security systems can impact the workflow of a company. This includes increasing the operational efficiency, streamlining processes so that resources are being maximised, better time management and improved standard procedures for documentation and automating reporting processes – to remove the manual element and remove risk of human error. With years of experience in evaluating these processes, across several industry sectors, Honeywell Building Solutions has also seen improvements in business outcomes for areas outside of the traditional realm of security.
New EBI R430
For current EBI customers, this is more than just an upgrade, it’s power in your hands. For more information visit www.ebi.honeywell.com/en-US/Pages/homepage.aspx
Honeywell Building Solutions Feature
By leveraging Honeywell Building Solutions’ flagship integration platform, Enterprise Buildings Integrator, organisations are able to increase productivity through eventbased, automated workflows, which in turn reduces errors and minimises manual intervention. The outcome is that resources are made available where needed most. Additionally, centralised coordinated monitoring, control and reporting provides an enterprise view of the facility by simplifying everyday tasks and reducing response times. There is now a greater desire than ever to identify ways in which the benefits of integrated security solutions can contribute to improved profitability across business areas. Most notably, these include OH&S, emergency management, HR, sales, marketing and legal departments. Digital video management solutions, either standalone applications or integrated with building management systems, are able to provide vital video information with
advanced capabilities including scrollable timelines and multiple-camera playback. Customers who implement this type of solution discover they can deliver operational efficiency improvements in areas outside of security. Improved awareness and coordination of day-to-day operations creates more time for preventative monitoring. As a result, operators are better prepared to anticipate and therefore prevent accidents and issues before they happen. This has residual benefits to occupational health and safety, staff productivity and business compliance requirements. Sales, marketing and advertising activity is another area where integrated security technology can be leveraged to generate revenue. In this case, technology is not just a tool for monitoring, but for collecting and storing data that will inform business operations. In a shopping centre for example, cameras can be used as sensors to monitor the level and locations of foot traffic through different entrances and
Why Integration Matters
S trategic control and optimized performance with Honeywell Enterprise Buildings Integrator. For more information visit www.ebi.honeywell. com/en-US/Pages/ homepage.aspx
L earn how integration enables positive business outcomes.
‘...technology is not just a tool for monitoring, but for collecting and storing data that will inform business operations.’
For more information visit www.ebi.honeywell.com/en-US/Pages/homepage.aspx
Honeywell Building Solutions Feature
a part of this conversation. And it’s not just shopping centres that are seeing this shift – critical infrastructure and transportation hubs like airports can also use data obtained from security systems to drive revenue or decrease costs. Traffic flow data obtained from camera sensor technology can be used to inform a range of decisions, such as where to place ATMs or understand crowd movements during evacuations within the surveillance zone, and what to charge tenants for retail space based on mass consumer movements. Outside of benefits to other business areas, security technology can also be leveraged to strengthen customer relationships. There is a growing appreciation of the value in delivering a tailored and personalised experience for customers that in turn drives loyalty. The gaming industry is naturally a heavy investor in security. But it is now looking at how this technology can be leveraged or modified to improve the customer experience. For casinos, delivering a memorable customer experience is paramount for creating loyalty, which in turn drives repeat business. The secret to their success. Leveraging security capabilities, like number plate recognition, can be used to recognise VIP guests arriving at the premises. This intelligence can then be used to open the gate, display a personalised greeting message on a digital screen at the entry point and the customer (or driver) can be guided to their reserved car bay. Staff can also instantly be alerted with preset instructions. Security driving change
‘Outside of benefits to other business areas, security technology can also be leveraged to strengthen customer relationships. There is a growing appreciation of the value in delivering a tailored and personalised experience for customers that in turn drives loyalty.’ within stores. Interpreting this information for marketing purposes allows the centre to justify charging premium advertising rates for digital signage or increasing rent for well situated tenants, determined by the recorded ‘hot spots’. The same methodology can be applied to identify and monitor the best product placements, by brand, price or trend and assist to drive in-store advertising and purchase effectiveness. The IT industry understands the role of data in the enterprise sector from a business management perspective, especially for operations like sales and customer management. But the security surveillance industry increasingly is becoming
In the current market environment, security managers who are used to making a ‘security’ case for investment in new technology will increasingly need to be able to make a business case for financial profitability. With the advancements in Big Data analytics, organisations will begin to search and analyse video footage for a wide array of patterns, relationships and trends that will help them improve their customer service offering. In order to get buy-in from senior management, it is critical for security managers to engage early with third-party experts to develop an understanding of how an integrated solution can be used, not just in a functional way, but also more widely across the business. Finding innovative ways to leverage the connectivity of an integrated security network requires an understanding of how each element of the system is ‘speaking’ to the other. It is also essential that the business outcomes being pitched match the unique needs of the organisation. Another critical step is to identify people outside of security that can help demonstrate benefits to the business and across the organisation. It is important to target the right stakeholders in order to secure internal support for the business case. When pitching, financial profitability should be emphasised with a focus not just on cost reduction for security outcomes, but also a demonstration of a return on investment that will financially benefit the actual bottom line. For security managers it will be increasingly important to recognise that investment in sophisticated security systems has business justification beyond their traditional uses, including operational improvements, creating cost reduction and generating revenue growth across the business.
To have your company news or latest products featured in our TechTime section, please email firstname.lastname@example.org
The new Canon VBH41 PTZ See page 48
Latest News and Products
TechTime - latest news and products
The Comprehensive Surveillance Solution Canon - the choice for high quality network video solutions. With a 75 year imaging heritage and focus on innovation, Canon offers everything you need to monitor and protect your environment.
High Quality Network Cameras with HD and FULL HD resolutions Canon’s range of surveillance cameras offer a wide choice of sizes, construction, field of view and video compression formats – so you can select a model that’s tailer-made for your workload.
VB-H Camera Range The VB-H series feature 4 camera models with the following specifications: VBH41 - PTZ Camera (available in black or silver) 2.1MP FULL HD 1080P | 20 X optical zoom | Built-in Image stabilisation | Wide Angle VBH610VE - Fixed Dome Camera 2.1MP FULL HD 1080P | Remote Optical Pan/Tilt/Zoom/ Rotate during installation | 3 X optical zoom | IP66 rated | Ultra Wide Angle VBH610D Fixed Dome Camera 2.1MP FULL HD 1080P | Remote Optical Pan/Tilt/Zoom/ Rotate during installation | 3 X optical zoom | Ultra Wide Angle VBH710F - Full Body Camera 2.1MP FULL HD 1080P | Remote Optical Zoom during installation | 3 X optical zoom | Ultra Wide Angle | Strong Low light performance
VB-M Camera Range VBM40 PTZ Camera (available in black or silver) | HD 720P | 20 X optical zoom | Built-in Image stabilisation VBM600VE Fixed Dome Camera HD 720P | Remote Optical Pan/Tilt/Zoom/Rotate during installation | 3 X optical zoom | IP66 rated | Wide Angle VBM600D Fixed Dome Camera HD 720P | Remote Optical Pan/Tilt/Zoom/Rotate during installation | 3 X optical zoom | Wide Angle VBM700F Full Body Camera HD 720P | Remote Optical Zoom during installation | 3 X optical zoom | Wide Angle
VBS800D - Fixed Compact Dome Camera 2.1MP FULL HD 1080P | Manual Lens Rotation VBS900F Compact Full Body Camera 2.1MP FULL HD 1080P | Wide angle
Strong Features across the Whole Range of Cameras High Quality Image Capture & Efficient Video Recording Equipped with powerful DIGIC DV III image and DIGIC NET II network processors used in Canon’s professional cinema EOS cameras, the range of Canon network cameras are able to capture exceptionally high quality images, with vivid, accurate colour and reduced image noise. All cameras also now support Windows 8.1 and Internet Explorer 10* Strong in Low Light Environments With decades of experience in capturing accurate colour, quality imagery in low light and bright light areas and scenes where lighting conditions change dramatically has enabled Canon’s range of cameras to feature some of the strongest low light performance in each class. These range of cameras have the exceptional ability to capture low-noise colour video with little more illumination provided by a candle’s flame. An added functional benefit is that all cameras have extremely strong Wide Dynamic Range – what Canon calls, Auto Smart Shade Control. This is a new feature which can automatically change the lighting conditions of the scene or subject the camera is looking at. The cameras analyse the brightness of the scene and then select the optimal exposure and darkness compensation level to ensure that subjects remain sharp and clearly visible even in backlit conditions or dark environments.
enabling high quality recordings without driving up storage costs. Innovative keyword tagging and filtering features make it very easy to analyse data. It is available in three versions to support up to 9 cameras (RM9), 25 cameras (RM25) and 64 cameras (RM64). Additional viewer licenses are also available for networks larger than 64 cameras. Third Party Software All Canon network cameras support the ONVIF standard. Canon is also working with VMS companies globally to rapidly expand deeper integration of each model within market leading platforms. Develop your ideal solution – using your choice of software together with Canon network cameras. Extended integration or support for specific applications may also be possible with the use of Canon’s Software Developers Kit** On the right hand page you will see our current VMS partners which we are working with and their VMS platforms support the range or selected Canon cameras.*** Contact us at email@example.com For more information visit www.canon.com.au/networkcameras *Free online firmware from Canon’s service and support website may be required. **Not for general public issue. Available on a case-by-case basis under strict NDA agreement. ***Third party VMS integration is varied and constantly changing. Some Canon cameras are supported through ONVIF and/or others through dedicated drivers. Please check specific integration before making purchase.
Advanced Intelligent Functions at the Edge Across the Canon range of cameras you will find six intelligent functions built into each camera. These include Moving Object Detection, Abandoned Object Detection, Removed Object Detection, Camera Tampering Detection, Passing Detection and Volume Detection. The cameras are sophisticated enough and powerful to do these analytics at the edge reducing the workload on your network.
VB-S Camera Range VBS30D - Compact PTZ Camera (World’s Smallest FULL HD Compact PTZ camera) | 2.1MP FULL HD 1080P | 3.5 X optical zoom VBS31D - Optical PT Compact Dome Camera 2.1MP FULL HD 1080P | Optical Pan/Tilt | 4 X Digital Zoom
48 | Australian Security Magazine
Canon RM Software Canon’s, “RM” is a quality, affordable platform for individuals and organisations wanting an easy-to-use Video Management Software. It supports H.264 compression
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime TechTime- -latest latestnews newsand andproducts products
Information presented in in TechTime is provided byby thethe relevant Information presented TechTime is provided relevant advertiser and areare notnot necessarily thethe views of of MyMy Security Media advertiser and necessarily views Security Media
Australian AustralianSecurity SecurityMagazine Magazine| 49 | 49
TechTime - latest news and products
CASA questions the safety of drones The world of Unmanned Aerial Surveillance has come a long way. Just a few short years ago, the thought of having a remote control ‘drone’ as part of police and security accoutrements was beyond cost feasibility. Now, the South Australian Police have done just that. Not only are Government agencies, at all levels, adopting their use (from conducting surveys and inspections to responding to crime and emergencies), the public are getting their hands on them to take amateur aerial footage or to check out their neighbour’s backyard. Small units cost less than $100. Control systems will allow pilots to fly using smart devices – meaning most amateur techies will think they can be instant adopters. Naturally, already there have been operators misusing them, causing danger to not only the public and infrastructure on the ground, but to airborne commercial aircraft as well. Australia was the first country in the world to regulate Remotely Piloted Aircraft (RPA), with the first operational regulation for unmanned aircraft in 2002. In early July 2014, the Civil Aviation Safety Authority (CASA) used the Sir Richard Williams Foundation Lecture to highlight the new rules and regulations the Civil Aviation Safety Authority would have to put in place for RPA. There are very slight differences between RPA, Drones or UAVs, if any at all. The CASA working group is looking at developing a special set of regulatory provisions that will allow the use of RPA in emergency situations, in a responsive manner whilst operating safely. CASA supports the belief that RPA can provide a very valuable benefit for emergency services and have the potential to provide emergency services in the form of fire spotting, for example using Defence RPAs, the Heron, the Shadow 200 or the Scan Eagle. One of the first concerns CASA has with the RPA is how easy the public can get their hands on one. CASA acknowledges, if misused, the RPA can be very dangerous, so much so that it can destroy an Airbus’s jet engine. A near miss between a RPA and a passenger jet at Perth Airport in 2010, demonstrated why CASA is so concerned. In that incident, the RPA operator flew within 30 metres of a Pacific Blue 737-800, and was caught in the wake turbulence, causing it to spiral towards the ground. This incident could have been a lot worse than it initially appears to have been. On 2 October 2013, an Unmanned Aerial Vehicle (UAV) filmed its collision with the Sydney Harbour Bridge and was found the following
50 | Australian Security Magazine
day. CASA, naturally, took this event very seriously and initially alerted Counter-Terrorism officers. Police later determined the RPA was being used recreationally by Mr Edward Prescott, who was in Sydney as part of the support crew for the Rhianna Tour. Mr Prescott said that he did not fly that close to the bridge, intentionally. As a safety precaution, CASA advises that RPA should not be operated within 30 metres of people and away from large structures like bridges, buildings, and crowds. CASA also suggests that owners should always contact the local City or Shire Council to question what airspace is available or allowed to fly in. In the Sydney Harbour Bridge case, the airspace around the bridge was restricted for all aircraft, including light aircraft. CASA has questioned whether RPA are safe for use in the civilian world. With the capability of flying low in residential areas, as well as high into busy airspace – and with an estimated 100 RPA taking to the skies each week, CASA needs to respond quickly with laws that are designed to prevent serious injuries or crashes that may occur. At the moment, there are rules for hobbyists, who are the most common pilots, and do not need any training, or need to register their light drones. They are required to: • Fly below 400 feet; • Operate only in daylight; and • Stay well away from airports and highly populated areas. With the growing popularity of RPA, globally, they are going to develop a strong and multidiverse market. A 2013 study by Teal Group suggests that the US defence force will spend more than double RPA expenditures during the next decade – from US$5.2 Billion annually, to US$11.6 Billion, spending more than US$89 Billion all together during the next decade. CASA has also established a process to obtain an Operating Certificate to fly a RPA. The
By Will Evans and Chris Cubbage
number of certificates being issued shows the growth and demand for RPAs in Australia. In February 2012, there were 15 total Operator’s Certificates, that doubled the following year, then rose to more than 40 in 2014. One of the certification requirements is to sit a similar exam to those of an aspiring private pilot and equates to 90 percent of a pilot’s course. So, evidently, getting a certificate isn’t the simplest of tasks. The more commonly available RPA are the types that weigh less than seven kilograms. These are inexpensive and can be bought in retail or online stores. These may be flown without applying for an operating certificate. There are, however, many variants of unmanned vehicles. For example, the US Military has a ranking system to select the more appropriate UAV for the job at hand. Ranking criteria ranges from Low Altitude (Tier I) UAVs to High Altitude (Tier III or IV) variants. The diversity of drones available today, is a clear indicator of how this technology is progressing and will continue to evolve. CASA has acknowledged the use of RPA will continue to expand as technologies and performance characteristics lead to longer flight durations, covert operational capabilities, and reduced operational costs. As RPA develops and mature they will naturally serve many sectors, such as law-enforcement, security, agriculture and environmental sectors. CASA has also reasonably foreseen RPA roles which could expand to include more complex operations and eventually, possibly even carrying passengers and conceivably routine unmanned commercial cargo flights. For many entering the RPA and UAV industry, it may indeed be only a blue sky from here. About the Author Will Evans has recently joined the My Security Media team as an Aeronautics and Media Student as part of his Vocational Training.
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
How to avoid Heartbleed or similar SSL related vulnerabilities By Albert Ching
The latest disclosure of Heartbleed, an OpenSSL encryption bug, is yet another reminder of the security threats we continue to face. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users, and to impersonate services and users. This bug has resided in production software for more than two years and is described as ‘catastrophic’ by leading security experts. The immediate solution is to identify affected systems, apply the fix and update the SSL certificates. Users also need to be informed to change their passwords and track misuse of the exposed information. Even if the bug is patched today, there is no guarantee that a similar type of bug does not resurface or stay hidden in software undiscovered. Such vulnerability with similar impact could arise in the future from another SSL library or application product. It also leads to questions whether Secure Socket Layer (SSL) is sufficient to protect data confidentiality and integrity of online transactions. How can enterprises manage the risk of future data leak through web services and convince their customers that their data is safe from eavesdroppers? Would it have been possible to have done something to mitigate the risk of such an event? To prevent exposure of sensitive data even if SSL encryption is broken, enterprises need a strong data protection solution such as endto-end encryption (E2EE) to protect passwords and sensitive transaction data. E2EE ensures that sensitive data stays encrypted even within the memory of vulnerable web or application servers. It offers protection to the HeartBleed type of bug as well as prevents insiders such as software developers or DBAs from leaking sensitive data accidentally or deliberately. In fact, both Monetary Authority of Singapore (MAS) and Hong Kong Monetary Authority (HKMA) have mandated financial institutions to adopt E2EE for protection of passwords as well as critical transaction data in the e-banking sites. Like many financial institutions, organisations should adopt the same best
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
practices to encrypt the password and sensitive data and send the encrypted data over a communication channel in addition to the SSL protection. This can be done by using an encryption library and key data to encrypt the data at the point of entry (user desktop/ smartphone) before submission to the server side. This data remains encrypted all the way to the web server and even the application server. The data may be decrypted at the application server, however, in the case of passwords, they remain encrypted and are verified inside an HSM. HSMs are cryptographic devices using tamper resistant hardware built to meet the FIPS standards. Thus, the passwords are encrypted from the point of entry to the point of comparison. Apart from mitigating against Heartbleed type of vulnerabilities, this ensures that nobody in the intranet has access to the password in clear during transit and storage, as well as protecting against internal fraud. In summary, effective data protection requires a combination of layered security solutions and the right processes. Organisations should not wait for the next web server vulnerability and should look into implementing End to End Encryption solutions at the application layer to protect their confidential information instead of relying on SSL protection.
About the Author Albert Ching is CEO & CTO of i-Sprint Innovations, a global Identity and Access Management software company – a company which helps its clients address their application security challenges, compliance requirements and technology risk needs. Albert has been in the IT industry for more than 27 years and has held various IT executive positions in the US and Singapore for IT strategic planning, enterprise architecture, security and infrastructure planning and application development.
TechTime - latest news and products
Maintaining surveillance equipment using lowering devices By Jeremy Lee
It’s no wonder the camera surveillance industry has grown up and out. Grown up, because the technology has improved, enabling cameras to be hung at greater heights, covering larger areas. Grown out, because cameras are being used nearly everywhere. With all of this growth in the surveillance industry, one very critical area continues to be overlooked – camera maintenance. Camera systems are easier to install, and easier to replace at ground level. They’re cumbersome to trouble shoot. While camera surveillance is generally understood to be a good thing, it’s the maintenance piece of most camera installations that creates the bulk of ongoing issues, and results in lost time and money.
Technology at play In 2003, security cameras were designed with large CCDs, imagers, digital signal processors, and lenses. Nowadays, cameras are tiny, sensitive pieces of hardware. The trend, studies show, indicates that some warranty periods have been cut in a third to as much as a half by many manufacturers, especially in outdoor camera models. So while the environment for surveillance hardware hasn’t changed, the hardware has. Whether the camera technology is IP or analog, new or old, several factors decrease the mean time between failures of cameras. This includes hot and cold environments, unbalanced power loads, and vibration due to wind. The message to the surveillance industry is clear: Cameras are sensitive pieces of hardware. Other less expensive system components housed in protected environments, receive
52 | Australian Security Magazine
better maintenance. But, when the camera image cannot be viewed, it is assumed that the camera – not peripheral equipment – for example a control box, is most likely the culprit and must be examined. If there was ever a time to pull a camera down and service it, that time would be now. Lowering devices offer camera maintenance convenience A lowering devise is a solution to simplify camera maintenance. Originally conceived for use with other products, the lowering device was designed to service street lights. Companies which maintained lights in urban areas had two fee schedules; the one for the technician who serviced lights at ground level, and the one for the technician who had to go up in a lift or on a ladder to service them in the air. The cost difference was dramatic. And so was born the idea to bring lights to the ground for servicing. Usually hand cranked and purely mechanical by design; this same technology exists today. Where lights and cameras are similar is the maintenance schedule that should be maintained to yield optimal performance. Light enclosures collect dust, bugs, and other particulate matter; power leads corrode; condensation builds in the housing, and accumulates on the enclosure which dims the light and reduces its lumen yield over time. And, of course, lights need replacement. Sound familiar? Precisely. Why would a camera’s needs be any different than the average light bulb? In fact, when one considers the average camera costs twice as much as the average street light, perhaps the camera’s preventive maintenance needs should not be ignored. From an ROI standpoint, the answer is in the numbers. Camera repairs often result from poor maintenance. Cracked enclosures, foggy or distorted images, power failure, even network-related troubles, often result from poorly maintained connections and neglect of periodic cleaning schedules of leads, domes, and lenses. To quantify the cost associated with not maintaining a camera, security directors may look at the cost to their organisation to repair just one camera. While lowering devices continue to grow in popularity, on highways, in maritime applications, and critical infrastructure areas
within the power generation industry, they have been slow to take off in other areas, like corporate offices and schools. Perhaps the industry needs to see more cost taken out of them to drive home the ROI point, or maybe the aesthetics need some fine tuning, and all signs point to strides most manufacturers have made in these areas. In critical areas, however, like increasing the lifespan or maintaining camera performance, there is no better solution. About the Author Jeremy Lee is Regional Manager, South East Asia and Taiwan at Moog Inc www.moog.com.
TechTime - latest news and products
Technical Review: Moore’s Law applies to the WD Purple Surveillance-Class Hard Drive Line We have been fortunate to live in a time to experience Moore’s Law at work, with devices continuing to get smaller, cheaper and most importantly faster, smoother and more reliable. There continues to be major advances in technology – and data storage is one such example. Not that long ago we were seeing much larger hardware systems being required for RAID 5 Storage Arrays, suitable for video surveillance, yet already we are seeing RAID 6 arrays in small and more efficient NAS and NVRs using the very latest storage technology. The changes in the video surveillance and IP CCTV technology markets during the past decade are a clear example of Moore’s Law having an effect. With this in mind, it was a pleasure to conduct a technical review of the WD Purple Surveillance-Class Hard Drive, supplied to our office with a review kit containing the following: • ENR -1000 4 Channel NVR (With 2 x WD Purple 4TB HD installed, formatted and ready for use) • Viostar 2 Bay NAS (With 2 x WD Purple 4TB HD installed, formatted and ready for use) • Planet 8 Port POE switch • ACTi D72 Dome Camera • Axis Network Camera M1054 with 2 port POE switch • Axis Q1604 Camera We operated the NAS for 11 days and the NVR for eight days within the office, so there was reasonably limited movement within the camera’s field of view (FOV). After the trial recording period we used storage calculation tools, including CCTV Design Software to calculate an estimated storage requirement based on each of the camera’s resolution, frame rates and bitrate. In contrast to these storage calculations, the WD Purple 4TB HD used significantly less than the storage calculations estimated. Each of the cameras were set to different resolutions (1280 x 720 @ 25ips; 640 x 480 @ 12ips and 1920 x 1080 @ 30imps) and we estimated that during the review period between 500GB-700GB would be required to allow 24/7 recording – subject to scene activity. On our determination of the actual storage amount used, the WD Purple HD used less than 400GB during the 11 day period. We verified our calculations using different storage calculation tools – there is no precise number but each calculation tool landed consistently in
a much higher range. Therefore, the WD Purple HD operated with a high indication of much greater efficacy in storage capacity than existing storage algorithms. We also observed quiet operation and low heat output. The review kit substantiated that the WD Purple has been built for integration with new or existing video surveillance systems, designed and tested to surveillance class standards compatible with leading chassis and chip-sets – quite an achievement considering there isn’t an industry standard. Having reviewed and operating the NAS and NVR devices using the
WD Purple HD, our findings support the claim of superior performance for the WD Purple purpose-built line of 3.5inch, high capacity hard drives for surveillance applications. And WD is so popular you’re probably already using one of their products – we were. A Compatibility Selector is available to assist with choosing a selection of surveillance drives at www.wd.com Technical review conducted by Chris Cubbage and Clint Tomlinson, Security Consultants, AmlecHouse.com
Australian Security Magazine | 53
TechTime - latest news and products
Genetec introduces new network security appliance to product line-up Genetec™, a leading provider of unified IP security solutions, has announced the SV-32, the latest offering in its line of turnkey network security appliances. Designed for customers that require a small size Network Video Recorder (NVR) – such as retail and banking organisations – the SV-32 will be able to support up to 32 cameras, and will offer local viewing and recording capabilities. The SV-32 network security appliance is expected to be available in late spring 2014, to Genetec channel partners and customers in the America, Australia, Europe and select countries in Asia.
54 | Australian Security Magazine
Powered by Genetec Security Center, the SV-32 will ship with pre-installed software, verified hardware configurations, and a new intuitive Installer Assistant tool. The new Installer Assistant tool, which will be included with the entire line of SV network security appliances, will further facilitate and accelerate the configuration and commissioning of customers’ surveillance systems. The tool will provide automatic discovery and enrollment of cameras and video devices on the network, while also allowing technicians to rapidly select and configure desired camera settings, recording
modes and schedules in Security Centre. “With the ability to manage video monitoring and recording locally, the SV-32 will provide customers with a simple, turnkey solution to facilitate the replacement of their DVRs and migrate to an IP system,” says Francis Lachance, Director of Product Management at Genetec. “Customers will benefit from the Security Centre platform, giving them the ability to monitor multiple sites and work with an intuitive user interface that enables operators to rapidly respond to incidents, and access to powerful search and reporting tools to help accelerate their investigations,” adds Lachance. SV-32 customers will be able to choose from a wide range of HD and megapixel cameras from industry-leading edge device partners, as well as cost-effective video encoders to leverage existing analog hardware to cut down on the cost of transitioning to a fully network-based system. For end users requiring a surveillance system that spans multiple sites, the SV-32 network security appliance can be installed in distributed locations and monitored centrally using the Genetec Federation capability. Federation allows customers to deploy the SV-32 in multiple independent sites, while extending monitoring capabilities to other locations and operators, helping to facilitate and centralise surveillance operations, as part of a single virtual system. The advanced architecture of the SV-32 will be able to synchronise cameras and all related events and alarms between sites in real-time, with no manual intervention required, while still retaining the local autonomy of individual sites of their own monitoring and configuration requirements.
TechTime - latest news and products
Raytec launches industry first network illuminators VARIO IP is the first network CCTV illuminator in the security industry. With VARIO IP, users can not only adjust their IP cameras remotely, but they can now control their lighting in the same way too, via web interface or video management system. Recently an IFSEC product award winner for Best CCTV System of the Year, VARIO IP is now available with PoE capability. Available in both Infra-Red and WhiteLight LED, it provides dedicated IP lighting for network cameras, allowing for remote set up, commissioning, operation and maintenance of your lighting scheme, from anywhere on the network 24/7. Users have full control over their lighting at all times to respond to live events in real time, using lighting to deter crime. They can also alter settings in response to operational changes for the best CCTV images and safety at all times. VARIO IP makes it much easier to operate large CCTV systems in a more secure and
LEADING INDEPENDENT SECURITY CONSULTANTS
much greener way. VARIO IP can be controlled individually or in groups by a variety of other security technologies e.g. cameras/detectors, and scheduled using a timer for activation only when needed, to reduce electrical consumption even further. An API is available for seamless VMS integration, allowing quick and easy operation of your lighting within your overall security system. VARIO IP reduces visits to site, minimises labour time and costs, whilst ensuring maximum performance from your
system at all times. VARIO IP is also the first CCTV illuminator to be fully integrated into Milestone’s XProtect video management system. For more information on VARIO IP visit www.rayteccctv.com
Secure Key ManageMent Getting a key is as easy as 1 2 3
www.amlechouse.com Amlec House Pty Ltd Independent Security, Risk and Investigation Management Consultants
Security Design, Reviews & Auditing Services Studies, Investigations & Reviews Background & Criminal History Checks Due Diligence Services Specialist Technical Services Security & Risk Awareness Workshops Cyber Security, Online Safety & OSINT Workshops
The BenefiTs are simple…
Saves money – no lost keys
Organised layout – all keys are kept in one place
Ensures you always know who has which set of keys
Modular system gives total flexibility for expansion
Only authorized staff can access keys
The Keytracker system is the simplest and most cost effective key management system currently available. Ranging in size from single units, 5 capacity then in multiples of 5 up to a maximum of 300 keys, the Keytracker system is Ideal for Security Companies, Car & Motor Cycle Dealers, Police, Hospitals, Schools…or anywhere where lots of keys are handled by lots of staff where the chance of misplaced or lost keys is high.
1 Insert your personal colour coded access peg...
Twist to release the desired key...
3 Remove key!
Access peg cannot be removed until key is returned
For more information visit www.keytracker.com.au or call us on 1800 814 716
Review by Chris Cubbage
Digital Video Surveillance and Security – Second Edition By Anthony C Caputo
56 | Australian Security Magazine
here is a great sense of achievement in writing a book – no less a technical book like Anthony (Tony) Caputo’s Digital Video Surveillance and Security (2010, Butterworth- Heinemann). However, the best sign of success for any book is to go to a second edition, to remain so relevant and at the forefront of an industry is something special and to be very proud of. Tony has achieved just that with his Second Edition. Since first meeting Tony in Sydney in 2011, where he was a keynote speaker and I was the conference chair of CCTV World, I took the opportunity of grabbing a copy of Digital Video Surveillance and Security. Glad am I and so should a number of our clients, because as a security and surveillance consultant, the book has spent many hours sitting open on our office desks as it gets referred to, discussed, checked, verified and did I mention, referred to again. As Tony came to finish his manuscript for the second edition, we were able to catch up for lunch in Chicago in 2013. Along with projects in the US and Middle East, Tony has since still been able to find time to contribute another two CCTV articles to us and has been a regular contributor to the Australian Security Magazine’s CCTV Feature Series. Whether you have the first edition or not, the Digital Video Surveillance and Security, Second Edition (2014, Butterworth- Heinemann) looks like the best one worth having. From the time you open the first few pages you get the sense Tony has put everything into this work – including expanding the Preface to go back to the true source of his interest in his field – including a link to the assassination of John F Kennedy. This gives a valuable insight into the author and the motivations not just behind this book but also, indeed why video surveillance technology has emerged as a major driver of the security sector in the modern world. Digital Video Surveillance and Security, Second Edition talks to the student, practitioner and fellow expert of all levels and interest. Written in the first person with the sense of Tony’s Chicago wit, this book allows simple and graphical explanations and case studies of digital video principles, equipment and hardware systems, networks and networked video systems, wireless networks and architectural designs. The basis of designs are provided in depth, including site surveys, software selection, archiving and storage, project management and system integration. A
great aspect is the troubleshooting segments to a majority of the chapters – given Tony’s expertise and experience, this is a valuable asset to have in any technical book. These aspects are further supported with Site Survey Checklist Templates and Survey Forms. And whether you are a consultant in Australia or an installer in the US, UK, Hong Kong or Singapore, the technical and applied science is the same. There are very few true experts in the field of CCTV – and frankly if you are in the CCTV and Video Surveillance System industry either as a student, installer, engineer, designer, integrator, sales or consulting – then this book should be within arms-reach and once it is, you are likely to keep it very close to you for your next CCTV and Video Surveillance Project. Author Anthony C Caputo
Have you recently published a security related book? Or have you just read a new, great security book? Please email us at firstname.lastname@example.org
CIOs, IT Leaders and decision makers • Big data • Communications • Cloud computing • Technology systems • Interviews with industry thought leaders plus much more.
Published on Jun 11, 2014
The Australian Security Magazine is the country’s leading government and corporate security magazine. It is published bi-monthly and is dist...