Page 1

A U S T R A L A S I A’ S L E A D I N G S E C U R I T Y R E S O U R C E F O R B U S I N E S S A N D G O V E R N M E N T

ISSUE #102 JUL/AUG 2016

Inside the Panama Papers Leak What Security Lessons Can We Learn?

ISSN 1833 0215

$9.95 inc GST / $10.95 NZ

intelligent storage the creone keybox is a new solution for management of valuables & keys. absolute control easy to use With the Creone KeyBox range you will have complete control over your keys and valuables. Whatever your requirements you can choose a basic or more advanced solution.

There is one important requirement when it comes to storage systems that are used by a number of different people: the easier to use, the better.

Creone offer everything from key cabinets and value boxes that will meet your basic needs to advanced systems that monitor every single key and user.

Creone intelligent technology automatically keeps things in good order, and thanks to the user-friendly software, it is easy for the administrator to monitor key use and control.

Total flexibility

Key Features

Creone KeyBox systems are flexible, which makes it easy for you to adapt your system when your needs change. Start with a solution that is suitable for your current needs, and expand it as your needs grow. Your storage solutions are future-proof when you invest in a Creone KeyBox to manage your keys and valuables.

• A simple and flexible solution • Over 40 different models and styles available • Easily expandable • Intuitive management software • Made in Sweden

visit us at...

Visit for more information.

Creone develop intelligent storage systems. They have being doing this since they started in 1979, and today supply solutions to companies in 30 countries. Creone have three keywords for their storage solutions; Control, Flexibility and User-Friendliness. Whatever your needs, they have a solution you can offer with security and good order – both today and in the future.

A Solution to Suit Creone’s extensive KeyBox range will offer storage solutions to a variety of industries.



Car dealerships


Hotels & Hostels




Aged care facilities


Ezi Security designs, manufactures and installs a premium range of electronic perimeter security products designed for both vehicle and pedestrian control. These consisting of a wide range of security products suitable for low to high-risk applications. Ezi Security Systems has been manufacturing quality security products for over twenty-one years with equipment is installed in some of the very harshest of environments the planet has to offer. And all with outstanding results. While Ezi has a commitment to innovative design and quality products we also fully understand the importance of easy and efficient after sales service. Ezi Security Systems services and maintain the products we sell to ensure that your critical infrastructure and personnel are protected at all times. “ALL EZI SECURITY SYSTEM PRODUCTS ARE BUILT TO LAST A RELIABLE THIRTY YEAR (PLUS) PRODUCT LIFE SPAN WHEN MAINTAINED”

Ezi Security Systems has the most extensive offering of Hostile vehicle barrier products (HVB’s) and has the expertise to design and secure any critical infrastructure or site of national importance. Ezi has an extensive range AVB and HVB Crash Certified products such as the world famous TruckStopper, the renowned K12 Wedge, crash boom beams and crash rated static and automatic bollards. Ezi Security Systems has all the realistic solutions to meet your high security requirements while maintaining an aesthetically pleasing solution for your site. All Ezi Security System AVB & HVB have been vigorously crash tested and certified to meet all ASTM, IWA and PAS 68 stipulations. Ezi Security and its partners continue to the push boundaries on all crash products with our in-house R&D security experts providing market leading products designs. This specialist ability also involves our renowned installation expertise and advice with the all important civil work design & engineering. Ezi Security believes in pushing design frontiers for its products to keep pace with marketplace and security priorities. This year alone Ezi and PPG have successfully worked with CTS and crash tested to Pas 68 in 2016 the following products:

M30 Bollard Performance rating V/7500[N2]/48/90:0.0/0.0

M50 Bollard Performance rating V/7200[N3C]/80/90:5.5

Wedge II Performance rating V/7500[N3]/80/90:0.0/20.7 (tested with 4 m blocking width)

With our highly chosen business partners being the best in their field and coupled with our own Ezi Security R&D in house design team Ezi Security continue to push boundaries on market leading and state of the art crash rated designed products. Our ability also involves installation expertise and advice with all important civil work design & engineering.

Ezi also takes pride to provide our clients with more than just perimeter security solutions. We also offer a quality range of internal pedestrian control products from Werra Entrance Control. The Werra Entrance Control range compliments perfectly the already strong offering of pedestrian security control that Ezi Security currently offers to the market. The range includes a wide variety of systems suitable for pedestrian access management that includes the ability to hold and isolate persons of interest and/or concern. Ezi Security again has a quality product for every threat and contingency for building personnel security. All products offer quick access for authorised persons and reliable protection against unauthorised access. With a flow rate of up to 35/min even large flows of people can be monitored and controlled effectively. Werra Entrance Control not only stands for innovative for the individual’s passage of person, but also is an extension for our philosophy of being a professional fullservice provider of all components within perimeter security and access control. Ezi Security Systems, and their business partners, are privileged to be protecting some of the most prestige and iconic man made marvels of the modern era from the Burj Khalifa Tower in Dubai to Australia’s very own Parliament House in Canberra.



1300 558 304 11 Cooper Street Smithfield NSW 2164



058 034

The Panama Papers have caused major reverberations around the world; in governments and businesses. There has been massive media and public interest in the content of this huge tranche of commercial documents. The disclosure of the offshore tax details of over 214 000 shelf companies has some quite extraordinary implications – including in Australia. What security lessons can we learn from this extraordinary leak?

THE TIME FOR MICRO-SEGMENTATION IS NOW Corporate security strategies are failing, so leaders must re-tool to face the latest cyber threats.


ARE YOU TRUSTING? How can you tell the difference between truth and deception?


WHEN THE WAR IS OVER: SECURITY AND RISKS TO CONSIDER WHEN WORKING IN POST-CONFLICT ENVIRONMENTS Hugh Morris, managing director at The Development Initiative, looks at the security challenges of operating a business in a post-conflict environment.


HARMONISATION OF THE SECURITY INDUSTRY Brett McCall looks at the past attempts to harmonise licensing in the Australian security industry with a view to determining if it is feasible or a disaster.


IN-FLIGHT REVENUE RISKS In-flight purchases are an important revenue stream for airlines globally, but how do you manage the associated risks to protect revenue and ensure profitability?


SECURITY 2016 SHOW GUIDE Find everything you need to get the most out of this year’s Security 2016 conference and exhibition, including floor plans, exhibitor list, conference programs and more.


touch . identify . control

First upgradable High Security range of access control readers using RFID, Bluetooth® and NFC technologies Card mode

Tap Tap mode

Place your smartphone in front of the reader.

Tap your smartphone twice while in your pocket for a proximity or a remote opening.

Slide mode

Remote mode

Place your hand to the reader without leaving your smartphone.

Control your access points remotly.

RFID leader manufacturer since 1996

France  United Kingdom  America  Australia







014 LEADERSHIP What is the difference between good and bad 016

030  EVENTS A look at upcoming industry events. 040  ALARMS What does it take to build an A1 grade control room?

CYBER SECURITY How can Australian businesses close the


cybersecurity skills gap?


the new normal rather than the exception?


018  RESILIENCE What role do exercises play in effective resiliency 020

THINKING ABOUT SECURITY Is it time that we accept that terrorism is

versus close fist use of force in public safety.

048  CCTV What role does storage play in a modern IP-based CCTV system?

HUMAN RESOURCES Just how big are the risks of non-compliance with human resources and industrial laws?

022  RISK MANAGEMENT Dr Kevin Foster reviews ARPI’s Strategic Risk


024  COMMUNICATIONS Rod Cowan looks at why security should never be

happened to Egyptair flight 804.

084  ACCESS CONTROL Dr G. Keith Still looks at the challenges and misconceptions around crowd safety.

an excuse for discrimination.

026  LEGAL How can you minimise risk by aligning with standards when contracting security services?

BUSINESS What is the key to effective communication in a crisis?

080  AVIATION Steve Lawson speculates on what might have actually

Policy for 2016.


OPERATIONS Richard Kay looks at the practical applications of open


PROFESSIONAL DEVELOPMENT Do the challenges around corporate acceptance of the security function really rest with the board, or are security professionals actually to blame?










SHOPTALK Company announcements from within the industry.





Editorial Editor: John Bigelow Sub-Editing: Helen Sist, Ged McMahon

Contributors: Gary Barnes, Rita Parker, Greg Byrn, Kevin Foster, Rod Cowan, Tony Zalewski, Don Williams, Tom Patterson, Joe Paravizzini, Richard Kay, Vlado Damjanovski, Caroline Sapriel, Neil Fergus, Brett McCall, Hugh Morris, Lizz Corbett, David Foley, Steve Lawson, Keith G Still, Colin Robbins.

Advertising Phone: 1300 300 552

Marketing & Subscriptions $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)

Design & Production Graphic Design: Jamieson Gross Phone: 1300 300 552

Accounts Phone: 1300 300 552


Interactive Media Solutions ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: Disclaimer The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein. The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.




ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email:






Written Correspondence to:

Or i g i n a l Si z e

















Official partners with:




blue colour changed to this colour green.

COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................


SPEED UP! with Aperio® V3

Experience the next generation of Wireless Access Control

WIRELESS LOCKS REACT IN A HEARTBEAT WITH THE NEW V3 PLATFORM! ASSA ABLOY’s Aperio® V3 platform is a new generation of battery-powered locks packing more powerful electronics, enabling faster response times. Its remote unlocking commands pass from access control systems to doors and locks almost instantly, providing users with an effective remote opening function. With a comprehensive lock range covering almost every door style and opening there’s no reason to delay upgrading to faster wireless access control with Aperio® V3.

Cost-effective Increased battery performance

Multi credential Supports multiple high frequency RFID technologies and SEOs mobile access

Real-time Heartbeat communication: 5-10 seconds

Scan the QR code to find out more or phone 1300 LOCK UP


LETTER FROM THE EDITOR In our increasingly digital world, we are putting more and more of our lives online every single day. In fact, according to some sources, we have created more data in the past two years than in every other year in history combined! This begs the question, where is the line between privacy and security? On one side of the argument, we have governments the world over pushing for greater access to our personal information and communications. In the UK, we have seen the recent introduction of the so-called Snoopers Charter, draft legislation proposed by Home Secretary Theresa May which would require internet service providers and mobile phone companies to maintain records of each user’s internet browsing activity (including social media), email correspondence, voice calls, internet gaming and mobile phone messaging services and store the records for 12 months. Last year saw the introduction of sweeping new surveillance laws in Pakistan, Poland, Switzerland and more. In France right now, in the wake of the Paris attacks, the government is considering introducing prison sentences and fines for companies if they refuse to comply with decryption orders. In the US, we recently saw the legal battle between the Federal Bureau of Investigation (FBI) and Apple where the FBI and US investigators working on the San Bernardino shooting approached Apple with a US court order, asking Apple to circumvent their own security and crack the iPhone of one of the shooters. Of course, in reality, the FBI were not simply asking Apple to unlock that one single phone, but were instead trying to force Apple to install a backdoor in their own software that would give the US Government access to Apple devices whenever the courts deemed it necessary. The problem, however, as Apple argued, was that once such a backdoor is created, it makes all devices running that software vulnerable to hackers, cyber criminals and a multitude of other people who might wish to exploit it. Furthermore, if Apple were to give in to the demands of the US Government, then what would stop any other government making the same demands? This demand from governments to increase surveillance of personal data arises from the argument that the proliferation of digital communications without proper oversight is making it easier for terrorist organisations to plan and execute terrorist attacks. However, experience and history show us that this argument is flawed in that a terrorist group sufficiently motivated to carry out an attack will find ways to communicate offline where they cannot be detected or monitored. On the other side of the argument, there is the belief that the average person has an inalienable right to a reasonable level of privacy. The question is, what is reasonable? This issue’s cover story by Neil Fergus looks at some of the security lessons that can be learned as a result of the recent Panama Papers leaks and the implications of those leaks for businesses, individuals and governments. The balance between security and privacy, much like the balance between security and convenience, has been and will continue to be a very fine line. Where that line rests will undoubtedly continue to be the source of much debate, but one thing remains clear – commonsense continues to be the best defence against unwanted leaks. If you do not want people to know something, then it is probably best not to communicate or store information in a manner or forum that can be easily accessed.

John Bigelow Editor


GAIN CONTROL WITH ONEVIEW Defuse situations quicker with a truly unified security control room solution Saab’s OneView is a next-generation physical security information management integration platform that provides unprecedented levels of subsystem integration in mission-critical infrastructure environments. OneView empowers operators to respond effectively and efficiently to the most stressful situations. Offering accurate intuitive situation awareness, a simple operator interface, fast detection-response and comprehensive support for post action analysis, OneView is the ultimate choice for modern surveillance and security operations. You can rely on Saab’s thinking edge to bring your control room under real control.


BRIGHT IDEAS Engineers Patent Limited-Range Projectile To Reduce Collateral Damage Imagine a bullet that could self-destruct if it missed its target. Apparently, it is not as farfetched an idea as we might think. Three employees of the US Army Armament Research, Development and Engineering Center (ARDEC) were recently awarded with a US patent for their proof of concept work on a limited-range projectile. Brian Kim, Mark Minisi and Stephen McFarlane filed collectively for the patent on 7th May 2013 and were notified of its approval on 1st September 2015. According to reports by, the official homepage for the US military, the concept for the limited-range projectile includes pyrotechnic and reactive material. The pyrotechnic material is ignited at projectile launch. The pyrotechnic material ignites the reactive material and, if the projectile reaches a maximum desired range prior to impact with a target, the ignited reactive material transforms the projectile into an aerodynamically unstable object. The practical use that the three men intended to apply the concept to is .50 calibre ammunition. However, the patent covers the idea and technology behind the concept as a whole, so it could theoretically be used in various calibres of small arms munitions. “We wanted to protect the US government’s interests and position,” McFarlane said about filing the patent.


Trial and Error Computerised modelling and simulation were performed to compare the inventive projectiles to the .50 calibre M33 projectile and the .50 calibre M8 projectile. “Conceptual designs were run through and evaluated via modelling and simulation,” Kim said. “Three concepts were submitted with the patent; however, not all were feasible,” he said. “A proof of concept test was perfected and results indicated the need for concept refinement and pyrotechnic mix improvement,” Kim said. The group states that there are significant benefits to the warfighter in using a limitedrange projectile. “The biggest advantage is reduced risk of collateral damage,” McFarlane said. “In today’s urban environments, others could become significantly hurt or killed, especially by a round the size of a .50 calibre, if it goes too far.” McFarlane said that the distance in which the round disassembles can be adjusted based on the choice of reactive material used. The benefit of this is that the round does not continue to travel, therefore reducing collateral damage. This benefit can best be described as “a design programmed maximum range” according to McFarlane. The ballistics also match and/or exceed the standard round out to the max effective range

of the round. In theory, the projectile may be any calibre from 5.56mm to 155mm. How the Disassembling Projectile Works The concepts vary; however, in theory the process would work like this: During launching of the projectile, pyrotechnic initiating material is ignited by energy produced by propellant in the cartridge case. Or, pyrotechnic initiating material may be ignited by energy produced by bagged propellant, if the projectile is a separately loaded projectile. Pyrotechnic initiating material ignites the reactive material. Prior to impact of the projectile or with a target, and while the projectile is airborne, energy produced by the ignited reactive material transforms the projectile into an aerodynamically unstable object. The transformation into an aerodynamically unstable object renders the projectile incapable of continued flight. In one concept, the projectile is rendered unstable by the melting of the copper jacket, which produces a highly irregular shape. In another, the projectile is rendered unstable by the separation of the cylindrical portion from the base portion and the separation of penetrator from the projectile assembly. Visit for more information.



LEADERSHIP The Leadership Game By Jason Brown

In my last article, I identified the need for leaders to have the ability to: • communicate effectively • recognise the developmental requirements of team members • set goals and motivate the team to achieve them • provide enthusiastic and creative encouragement • model acceptable behaviour. In summary, there are a range of positive behaviours that demonstrate good leadership and get results and there are clearly some bad ones that can lead to disaster. In this column, I will introduce readers to a leadership game that anyone can play. The Leadership Game This game is part of the process I used in the development program for middle-ranking staff. It was aimed at getting them to examine the leadership behaviours of previous bosses they had experienced and write these down on the four-part framework (see illustration). In the top left-hand quadrant, write down the negative professional/technical behaviours of your worst boss/bosses. Do not just write down a compilation of multiple bosses, but think in terms of a specific individual for each statement. For example, if ‘John’ was your worst boss ever, you might start with – ‘John pretended to know his material but bluffed his way through’ or ‘He never kept up with technical advances and suppressed innovation’.


Similarly, in the top right-hand quadrant, write down the behaviours of the better boss. For example, ‘Jane was always up-to-date and provided the newest technical information’ or ‘Her presentations were standouts’. The bottom left-hand quadrant is about bad personal behaviours. For example, ‘Mary was a bully’ or ‘She took credit for my work’. The bottom right-hand quadrant is about good personal behaviours, such as ‘Harry always had time to help with problems’ or ‘He provided praise when praise was due’. Have some fun filling them in and maybe thinking about how these behaviours made you feel about work. In the next issue, I will take you through the results of this type of activity. If you want to see your results included, just send me your chart. Draw up a chart in PowerPoint, fill it in and send it to me when it is completed.

Jason Brown is the National Security Director for Thales in Australia and New Zealand. He is responsible for security liaison with government, law enforcement and intelligence communities to develop cooperative arrangements to minimise risk to Thales and those in the community that it supports. He is also responsible for ensuring compliance with international and commonwealth requirements for national security and relevant federal and state laws. He has served on a number of senior boards and committees, including Chair of the Security Professionals Australasia; Deputy Registrar Security Professionals Registry – Australasia (SPR-A); Chair of the Steering Committee for the International Day of Recognition of Security Officers; member of ASIS International Standards and Guidelines Commission; Chair of Australian Standards Committee for Security and resilience.


A complete Intrusion and Access Control solution for your businesses.

Engineered to provide exceptional sensing and detection performance.

Superior video surveillance capabilities to meet modern commercial application needs.

Formerly Sentrol, ITI provide hard-wired intrusion detection options, including switches and magnetic contacts.

IFS® delivers cost-effective, high-performance network transmission solutions for IP Video, Access and Life Safety Applications.


1300 663 904



CYBER SECURITY How Can The Cybersecurity Skills Gap Be Closed? By Garry Barnes

There is a need for businesses to take a planned approach to cybersecurity awareness, training and education to ensure visibility and capacity to respond. According to a recent speech in Parliament, Julie Bishop, Foreign Minister, stated, “The Australian Signals Directorate detected more than 1,200 cyberattacks against Australian interests in 2015.” These attacks primarily targeted Australian government and businesses in defence, energy, finance and transport. And that is just the number of cyberattacks detected. Joint research between the Information Systems Audit and Control Association (ISACA) and RSA Conference shows that in 2015, 82 percent of Australian/ New Zealand (ANZ) IT professionals expected their business would experience a cyberattack in 2015, indicating the number is probably even higher. Unfortunately, the threats are increasing, and the cybersecurity skills gap is worsening too. There are three things that will help to narrow this gap, but it will take time and considered planning. First and most importantly, the highest levels of management need to recognise that cybersecurity is not just an IT issue – it is a business issue. According to the ISACA and RSA Conference survey, globally 82 percent of board of directors report being concerned or very concerned about cybersecurity, yet only one in seven chief information security officers reports to the CEO. With the monetary and brand damage already experienced by local businesses, cybersecurity must be viewed as a business issue and budgeted for accordingly. For businesses that do recognise the importance of the issue, another problem lies with finding staff that are adequately skilled and know how to deal with cyber threats.


According to the 2016 ISACA Cybersecurity Snapshot, the cybersecurity skills gap is a significant challenge to businesses trying to expand their cyber workforce. Close to half (47 percent) of those surveyed in Australia said they need to hire more cybersecurity professionals this year, yet a whopping 94 percent of those hiring said it will be difficult to find skilled candidates. One way to address the skills gap is to provide on-the-job training. Ron Hale, Chief Knowledge Officer at ISACA, states, “Hands-on, skills-based training is critical to closing the cybersecurity skills gap and effectively developing a strong cyber workforce.” Upskilling those already employed can reduce time spent trying to find staff in a shallow pool of applicants where determining the skill level can often be challenging, particularly with the dynamic nature of cyber threats. There are a myriad of training courses businesses can provide to staff, including those offered through ISACA’s vendor agnostic, Cybersecurity Nexus (CSX), which now includes a career road map tool that can highlight areas of future growth and development. Not only should IT professionals obtain on-the-job training, but businesses should invest in basic security training for all employees. Understanding the basics and having policies in place, especially in password protection and social engineering, allows employees to be more responsible and alert for potential threats and attacks, and enhances the protective and responsive capabilities of the organisation. Another tactic for overcoming the skills shortage is to proactively engage tertiary students. A number of major universities are providing courses in cybersecurity; however, students do not necessarily understand the job opportunities that are available to them.

Local chapters of ISACA are actively engaging students through career fairs and guest lecturers to discuss the opportunities and skills required for these roles. Businesses should do the same as a way to embolden digitally savvy students to work in the IT industry. Through this active engagement and awareness, students will be able to see the possibilities and opportunities that are available to them. Further to this, ensuring a diverse workforce is needed. According to Girls in Tech MasterCard research, which surveyed teenagers in Australia and Asia about Science, Technology, Engineering and Mathematics (STEM), young Australian women are the least interested in these subjects in the region. If this level of disinterest remains, the cybersecurity skills gap will continue to increase. The research suggests that providing positive female role models and highlighting the attractive salaries may assist in encouraging more women into IT roles. There are amazing female role models who continually inspire and provide thoughtprovoking insights into the security industry. They are leaders and pioneers, and businesses need to profile these career opportunities so that there is an even greater pool of talent to tackle the cybersecurity issue. In her address to Parliament, Julie Bishop said the Australian Government will pledge $30 million to develop a Cyber Security Growth Centre which will create business and employment opportunities for the cybersecurity industry. This is just the beginning when it comes to tackling the major cybersecurity issues within Australia. How a business approaches the concept of cybersecurity is imperative in today’s marketplace. Upskilling the current workforce and encouraging a diversified workforce are steps in the right direction to ensure an organisation is prepared and its capacity to respond is adequate.




RESILIENCE Exercises And The Resilient Organisation By Dr Rita Parker

“Any business plan will not survive its first encounter with reality. The reality will always be different. It will never fit the plan.” – Jeff Bezos, Amazon That is why the key to planning lies in creating strategies that are resilient, particularly to deal with unlikely disruptions and events. The likelihood of a complex emergency or crisis situation is a very real consideration for senior managers and security professionals and such a situation can occur with little or no warning, affecting a broad range of people and resources. When such a situation occurs, people feel the need to take action – to respond. Therefore, the governance of emergencies or crisis situations has become part of everyday life. Organisations are realising that traditional corporate strategies are not protecting them from an unexpected event. Resilience – the capacity to self-organise, to learn and to adapt to disruption – offers a useful mechanism of governing emergency and crisis situations. Resilience has been adopted into policy and response strategies because it provides a response to life-threatening situations and events that cannot be averted in time. Organisations need to be resilient to survive and thrive; they need to be able to absorb an event that necessitates change, to adapt and continue to maintain their competitive edge and profitability. The viability and sustainability of organisations continues to be tested in a world that is constantly changing and with such change comes a range of new risks, threats and challenges – often unexpected or unanticipated. This has led to a shift in security management practices for emergency events and crisis situations. This new


framework recognises that non-professionals are directly and indirectly involved in security practices. Such involvement can range from reporting suspicious behaviour to more active participation in specific resilience practices, including exercises that seek to educate and train potential or likely at-risk corporate populations. The only way to know if a plan is effective is to use it. The next best thing is to test it through an exercise. Such exercises are critical for any organisation, whether it is a multi-national corporation or a smaller company, so that people learn to function under duress in a safe environment rather than be thrown in the deep end – with only an untested plan! Conducting regular testing of existing corporate plans through exercises is part of an organisation’s duty of care to its staff and other stakeholders. However, the value of such exercises is often criticised by some senior managers and employees who argue that they are too busy to be away from ‘their real job’! They need to keep in mind they will not have a job to do if the organisation does not or cannot function properly. Conducted effectively, exercise activities develop the capabilities of managers and employees; they offer opportunities to make mistakes and to learn from them and, in doing so, validate the organisation’s resilience process and build confidence. Exercises provide an ideal opportunity to gain real hands-on experience in a safe and secure learning environment, by using realistic and relevant scenarios. Importantly, conducting relevant and timely exercises helps to evaluate organisational plans to ensure resilience processes are fit for purpose. The other key value of conducting exercises is that the findings provide valuable evidence, particularly for the

security professionals in charge of the exercises. In this 21st century of global risks and threats unheard of by previous generations of managers, the development of the human capacity of individual leaders and their enabling teams to handle unplanned eventualities is critical. The use of well-thought-out exercises helps people in organisations better understand the risks and threats, as well as their own vulnerabilities. Importantly, it allows them to put in place useful, tested and relevant plans that will help them achieve a resilient organisation that has demonstrated its duty of care to its people and other stakeholders.

Dr Rita Parker is a consultant advisor to organisations seeking to increase their corporate and organisational resilience and crisis management ability. She is an adjunct lecturer at the University of New South Wales at the Australian Defence Force Academy campus where she lectures on resilience and nontraditional challenges to security from non-state actors and arising from non-human sources. Dr Parker is also a Distinguished Fellow at the Center for Infrastructure Protection at George Mason University Law School, Virginia, USA. She is a former senior advisor to Australian federal and state governments in the area of resilience and security. Dr Parker’s work and research has been published in peer reviewed journals and as chapters in books in Australia, Malaysia, the United States, Singapore and Germany, and presented at national and international conferences. Rita holds a PhD, MBA, Grad. Dip., BA, and a Security Risk Management Diploma.



HUMAN RESOURSES The Risk Of Non-Compliance With HR And Industrial Laws By Greg Byrne

This article will discuss how important it is for all businesses, in or out of the Australian security industry, to comply with basic rules of industrial and human resource (HR) management. No better an example can be found in the contemporary Australian industrial arena than the 7-Eleven debacle of the last two years. An investigation by the Fair Work Ombudsman (FWO) and joint investigation by Four Corners and Fairfax Media uncovered systemic underpayment of wages, doctoring of payroll records and the flagrant disregard for Australia’s laws regarding employment of foreign nationals. The investigation found that the average 7-Eleven worker in Australia was being ripped off on a grand scale by one of the biggest multinational franchises in the world. Workers were being paid wages that were half that of the award; employees were mostly foreign nationals working illegally and under threat of deportation if they complained; time sheets and rosters were doctored; and, most alarmingly, head office was fully implicit. The media investigation led to an investigation by the FWO, raids on numerous franchisees and, ultimately, a scathing final report. Numerous judgements have been made, millions of dollars in fines and compensation ordered and unimaginable damage done to reputation. Headlines like these have littered the media landscape for years and will continue to do so for months to come: • 7-Eleven: Wage compensation bill may top $100 million • 7-Eleven: Fair Work Ombudsman says admit exploitation complicity • 7-Eleven store owner hit with record fine • Workers at 7-Eleven get almost $10 million in compensation. The debacle that is now the 7-Eleven investigation highlights the risk, no the catastrophic threat,


non-compliance with the Fair Work Act 2009, the National Employment Standards (NES) and the various industrial laws poses to all businesses in Australia. 7-Eleven failed at just about every step. Between 2008 and July 2009, the FWO raided dozens of convenience stores, including 7-Eleven, recovering $162,000 for 168 aggrieved staff. Again, between September 2009 and September 2010, the FWO audited 56 stores and found wideranging discrepancies in wages. Between 2014 and 2016, the FWO and the joint investigation between Four Corners and Fairfax Media uncovered numerous examples of breaches of foreign worker rules and discrepancies in wages. The Chairman, Russ Withers, and CEO, Warren Wilmot, both resigned and the company was ordered to repay millions of dollars to aggrieved workers. 7-Eleven, like all businesses in Australia, is required to adhere to the minimum wage, the NES, which are 10 minimum employment entitlements, and whatever the industrial agreement is for its workforce or industry. The minimum wage is determined annually by the specialist Minimum Wage Panel of the Fair Work Commission and takes effect in the first full pay period on or after the 1st of July every year. The NES make up the minimum entitlements for employees in Australia. An award, employment contract, enterprise agreement or other registered agreement cannot provide for conditions that are less than the national minimum wage or the NES. The ten standards are: • maximum weekly hours of 38 hours • requests for flexible working arrangements • parental leave and related entitlements • annual leave of four weeks • personal carer’s leave and compassionate leave • community service leave

• • • •

long-service leave public holidays notice of termination and redundancy pay Fair Work Information Statement must be

displayed in the workplace. Casual employees are only entitled to: • unpaid carer’s leave • unpaid compassionate leave • community service leave • the Fair Work Information Statement. Those early raids in 2008 and again in 2010 should have raised alarms with 7-Eleven management that something was amiss, but they did not. It is unimaginable to think that such a large and seemingly highly structured company, and obviously a very successful one, failed to take heed of the warning signs. The messages from this incident are clear and lessons for all are there to be learnt: the risk of non-compliance with basic industrial and HR law and agreements can be catastrophic, both financially and reputationally. The most amazing thing with this is that the rules are not hard to follow and place nowhere near the burden on the organisation that noncompliance does. Greg Byrne is the Managing Director of Multisec Consultancy Pty Ltd. He also lectures part-time at the Western Sydney University where he teaches an under-grad diploma in policing as well as working as a sub-editor for the Australian Police Journal and serving as a member of the board of directors. He possesses a number of academic qualifications including; Master of Management, Diploma of HR, Grad Cert in Leadership and a Diploma a Security Risk Management. He can be contacted via email; Also see



For over 30 years Perimeter Systems Australia has been delivering Perimeter Intrusion Detection Systems (PIDS) to Critical Infrastructure, Government, Industrial and large Commercial customers.

• • • • •

360° Asymmetrical Detection 1,000 metre detection Radius Radio Frequency Detection Drone and Operator GPS Coordinates Integrates with existing systems

Electronic Taut Wire Fence System • Utilises very reliable strain gauge technology • Software sensitivity adjustment • Each sensor can be adjusted separately • Very reliable and difficult to defeat

Don’t forget, we also have competitive pricing on Takex products. Call for a quote!

Palmgrove Business Park, D413-15 Forrester St. Kingsgrove NSW |

In the wrong hands drones literally add a new dimension to eavesdropping and spying on facilities, individuals and infrastructures in a wide variety of environments and industries. They have the power to shrink the realm of public safety, privacy and physical security. Few other technologies have this much power.

NE W !

Passive Infrared & Microwave Intrusion Protection False Alarm Free performance and lowest nuisance alarm rate possible. The only outdoor motion sensors that really works!

Call us on (02) 9150 0651 or visit SECURITY SOLUTIONS 021


RISK MANAGEMENT Review of ARPI’s Strategic Risk Policy 2016 By Dr Kevin J. Foster

A not-for-profit organisation called the Australian Risk Policy Institute (ARPI) recently published a paper entitled Strategic Risk Policy 2016. In the paper, ARPI argues that they have devised a new approach to avoiding risk that is different to conventional risk management. The paper is not an academic argument, nor is it in the form of an industry standard for practitioners. ARPI describes it as a guide to risk policy for leaders. This is distinct from risk-based policy such as defence policy, immigration policy, crime prevention policy and so on. ARPI is advocating a policy that is not necessarily specific to identifiable risks. ARPI advocates an adaptive risk culture, not just in hierarchical organisations but more broadly across networks of organisations. Of course, this concept is well known to high reliability organisations and cultural risk theorists. Indeed, the literature in the field is quite rich and not as new as ARPI suggests. ARPI argues that ‘traditional risk management’ is a relatively new discipline. This sounds like a contradiction in terms. It is assumed they mean that it is a new management discipline. This could be a flaw in the ARPI argument. Risk management is certainly not new. Human society has always managed risk. Many risk management policies and tools have been developed over thousands of years. The risk management methodologies used in some ancient civilisations were quite similar to the methodologies used today. A very good paper on this history is entitled Risk Analysis and Risk Management: A Historical Perspective, written by Covello and Mumpower and published in 1986. Many policies, laws and regulations over the centuries have been risk-based. For example, the Code of Hammurabi was written in about 1760BC. Building regulations written since then have been mostly risk-based. Indeed, many laws directed at public safety are risk-based. Insurance is a risk


management strategy used since about 3000BC. The Ashipu people in ancient Mesopotamia provided risk management advice as early as 3200BC. Any security professional knows that security decision making has always been riskbased. Perhaps ‘traditional risk management’ is a term poorly selected by ARPI. For the moment, assume that ARPI meant to use the term ‘conventional risk management’, perhaps as advocated by ISO31000:2009. ARPI argues that vulnerability is a new concept and that vulnerability needs to be considered in risk policy. Security professionals, defence experts and foreign policy analysts have always considered vulnerabilities, so this is not a new idea. However, ARPI is correct in stating that in many cases there is a need to enhance risk management systems in order to consider risks that affect networks of organisations and not just isolated organisations. While this is not a new idea, it is worthy of consideration; indeed, it is an important point. Risk researchers have been working on these ideas of reliability for a considerable length of time. Many will differentiate between simple and complex systems. A simple system might be a supply chain where any organisation downstream in the chain may be adversely affected by a failure or incident at any point upstream. Another example of a simple system is a typical building project where there are numerous subcontractors working in a hierarchy for a main contractor who, in turn, delivers the project for a client, such as a building owner. In high reliability theory, redundancy is typically used to improve the reliability of simple systems that may be disturbed by unexpected events. It is not clear if ARPI’s use of the term ‘vulnerability’ is intended to imply that redundant measures

are needed to reduce vulnerability. ARPI is not specific about how vulnerabilities should be addressed. In complex systems, the designer, builder or policy maker may not be aware of all the possible interactions between the component parts and even between subsystems. The risk analyst will consider some failure states, but uncertainties will remain about the interactions of failed components with other failed (or working) components of subsystems. This is especially true in the case of a system which is becoming increasingly complex; for example, electrical energy generation and distribution in most Australian states. The ARPI strategic risk policy model in one sense recognises that complex networks of organisations and their operating environments need to be managed in more sophisticated ways than often is the case with routine risk management processes like those described in ISO31000. However, at the same time, the ARPI model does not offer any new ways to manage complex risks; indeed, it seems mostly to ignore the wealth of ideas that have been developed in high reliability theory, the cultural theory of risk and normal accidents theory. The ARPI model is clearly not intended to reflect academic thinking on the subject of complex systems risk analysis and management. However, ARPI could produce a much better, and more useful, strategic risk policy framework if it operationalised the state-of-the-art in academic thinking in this field. Dr Kevin J. Foster is the managing director of Foster Risk Management Pty Ltd, an Australian company that provides independent research aimed at finding better ways to manage risk for security and public safety, and improving our understanding of emerging threats from ‘intelligent’ technologies.




Not In Security’s Name By Rod Cowan

For the past two months, I have been in the Middle East, teaching investigative report writing to over 200 security personnel, both men and women, from around the globe – from the Philippines to Punjab, from Guyana to Kenya. Me being the only person with English as my first language throws into sharp relief the difficulties of not only dealing with language barriers, but also cultural, gender and religious issues, in a region where every morning I read in the newspapers the latest body count of failure to communicate across such boundaries. Meanwhile, mainstream media coverage in the West on issues relating to Muslims is fuelling mounting Islamophobia. A University of Cambridge study conducted over 2015 found an “atmosphere of rising hostility” towards the UK’s 2.7 million Muslims, who comprise less than five percent of the 64 million-strong population. Reportage using negative stereotypes, however, is not restricted to the UK. In February, the Sydney Morning Herald ran an inflammatory column by Paul Sheehan on Muslim males brutally raping and bashing an off-duty nurse, with graphic details of anal, oral and vaginal rape by Arabic-speaking men. The story was quickly proven to be false. Sheehan went unpunished. How does fuelling fear and suspicion play out in practice from a security viewpoint? Take aviation security as an example. In March, an Arab– American family was offloaded from a United Airlines flight in Chicago and the only reason offered was that it was “a safety of flight issue”. In April, a Muslim woman of Somali descent wearing a headscarf was kicked off a Southwest Airlines


flight after a flight attendant said she “did not feel comfortable” with her. A few days later, an Iraqi-born immigrant studying at UC Berkeley was escorted off another Southwest flight, patted down, subjected to a bag search, questioned by the Federal Bureau of Investigation (FBI), and prevented from returning to the flight – all because a woman overheard him speaking Arabic on his mobile phone. What was he saying? “Inshallah”; a common expression (meaning God willing) used not only by Arabs but by just about everyone working in the Middle East. Southwest said, “We would not remove passengers from flights without a collaborative decision rooted in established procedures… We regret any less than positive experience on board our aircraft. Southwest neither condones nor tolerates discrimination of any kind.” Review reports of such incidents and there are common themes: • The offloaded passengers have the appearance of being Muslims or Arabs, and it seems many people conflate the two. • People making the fuss are allowed to continue on their travels unhindered; one wonders how serious they would be about their concerns if told they would be offloaded too. • The people removed are usually found to be harmless; open source research fails to reveal a single validated case. There is no logic behind the removal of these passengers and no signs of any serious risk assessment. Yet it is all done in the name of security. If these are “collaborative decisions rooted in established procedures”, someone

should take a hard look at the decision-making process and the procedures from a security and risk viewpoint. The reality is that the most troublesome – and for that matter violent – passengers on aircraft worldwide are drunk, white males. The problem is not as simple as discrimination; racism is easy to define and identify. The problem is one of fear being amped up by politicians eager for coverage and an indolent media industry all too desperate for easily manufactured clickbait. Security managers need to be aware of such developments and should act to combat them within their organisations. Although there is no research data, it is clear from anecdotal evidence and observations that security employs a high number of immigrants. It makes sense, therefore, if only from a duty-ofcare perspective, it should be an industry that does not tolerate racism and discrimination. Moreover, it is an industry that could and should openly challenge racism in all its forms in the broader community. Why? Because living in a contemporary pluralistic world means crosscultural communication is increasingly becoming a matter of necessity for global survival. Incidents of discrimination in the guise of security are not likely to dwindle in the near future. It behoves security managers and operators to act if they are to provide authentic security.

Rod Cowan is a Contributing Editor to Security Solutions Magazine. He can be contacted via email



LEGAL Contracting For Security Services: Minimising Risk By Aligning With Standards By Dr Tony Zalewski

It is well reported that many organisations have moved from in-house to contracted security services. However, outsourcing or contracting does not necessarily transfer operational risks to the contractor; it merely provides another level of risk exposure to the organisation, hence the importance of contracting appropriately. It is often argued there are many operational and financial benefits for using a contract security service. These include engagement of licensed security personnel whom have already completed pre-licensing training and probity checks; avoidance of internal human resource issues relating to in-house security staff; predictable costings for security services; access to a pool of licensed security staff if required; and potential engagement of a greater level of security-related competence. If the decision is made to move from an in-house to contracted security model or a contracted security service is to be renewed or tendered, it is important that various terms and conditions of service are clearly specified. Standards promote best or appropriate practice that can assist in this process, as they have been developed by subject matter experts and industry specialists. It is important these standards are identified and content included within any agreement as relevant to the security service and the standard(s) listed within any contract. The Australian Standard AS/NZS 4421:2011 Guard and patrol security services can assist to understand the minimum requirements that form


the basis for a contracted security service, such as: • Unless declined by the client prior to the commencement of the contract, a site inspection of the client’s premises shall be conducted by a competent person who will advise the client of the identified safety needs and will provide practical and reasonable proposals for protection (Section 2.6.1); • Further under ‘Notes’, a security survey and physical security advice are regarded as additional to the provision of security officers, which may be purely to meet the requirements of the client’s own specification and, where provided, should be the subject of additional insurance provisions in respect to professional negligence (Section 2.6.1); and • The company (security firm) shall formulate assignment instructions for the effective security of the site, dealing with emergency procedures, lines of communication and accountability. The assignment instructions should be agreed between the parties (Section 2.8). The Standard recommends that any contract for security services should be based upon agreements resulting from the security survey or instructions as agreed between the parties. Of course, if the organisation does not have appropriate security competence amongst its staff to conduct a security survey, the contract arising from the organisational requirements will more likely than not have omissions and therefore be deficient. This can be overcome by engaging an

appropriately qualified and experienced security consultant. It may seem trite that such a basic approach outlines the need for a risk assessment, operating procedures and a services contract as recommended within the Standard and discussed in this article. However, many contract providers merely introduce a generic risk document as the basis for their security services, supported by generic operating procedures. This results in a deficiency across the system of security as riskrelated issues, including vulnerabilities in the context of the relevant workplace, have not been adequately identified nor suitably treated. Prudent organisations contracting with a security provider insist that the process of risk management involves carefully thought through and agreed methods for addressing identified security risks that are relevant to the particular workplace and clearly outlined within the contract for security services. Failing to contract appropriately increases risk for all parties involved.

Dr Tony Zalewski is a Director of Global Public Safety and a forensic security specialist with qualifications in law, criminology and the social sciences. He provides advice and training to governments and the private sector in Australia and abroad on matters relating to operational risk, security and safety. He is also an expert with practical experience in some of Australia’s leading civil actions involving security and safety.

ELVOX PIXEL Video Door Entry Systems Stylish and ultra-thin, the Pixel and Pixel Heavy is the latest innovation in Video Door Entry Panels from Elvox. Pixel is available in Module panels or a Digital panel. Ideal for large apartment blocks, with capacity of up to 6,400 units. Its elegant, versatile yet tough. Intuitive functionality and easy to install.





Terrorism Is The New Norm By Don Williams

The security manager can no longer believe that terrorism is an extreme and unlikely event. It is now part of the normal operating environment and every organisation should recognise that armed assailant / active shooter, bombings and hostage takings are to be expected. There is no excuse for the defence “we did not think it could happen to us”. Terrorism is actually a definition of motive; the underlying purpose being to promote a political, cultural or religious ideal rather than for personal gain or the result of mental illness, although they are not mutually exclusive. Extreme events may not be a terrorist event by definition, but the nature of the attack and the preventative and response options are similar regardless of motive. What terrorism has done is bring awareness of these events to the forefront of the community, government and corporate minds. Therefore, there is an expectation that security managers have an awareness of the potential for such events, and plans in place to prevent and respond. Australia has a long history of workplace violence, with shootings and stabbings in office and public areas, a history of bombings for criminal and political reasons going back to the Eureka stockade and even hostage takings, usually family related but sometimes for commercial or social reasons. The arrests and convictions over the last decade of groups committed to acts of mass violence have informed society that the threat exists. But, by preventing the attacks, the arrests have made everyone complacent in that Australia has yet to suffer the atrocities seen overseas. This will change and there will be many surprised


looks and cries of “why were we not warned”. As the Lindt Café event demonstrated, any business may be a target. Those other businesses in and near the building were also victims of the event. Every business needs to have within its security and emergency plans how it will prevent, detect and respond to incidents such as an armed assailant, a bomb attack (particularly a post-blast scenario) and how it will deal with a hostage taking. The plans should address not only how they will deal with such an event on their premises, but also if it should happen next door. What can be done will, of course, depend on the size of the organisation, the resources, whether the organisation is the sole occupant or one of a number of tenants on site, the site layout and the existing management plans. Some common considerations include: the ability to recognise that an incident is occurring either on site or in a neighbour’s site/office; the ability for one person to have authority to initiate an appropriate response; the ability to communicate with staff and visitors / the public; and a clear idea of the options available to move or secure people and other assets. Terrorists have different drivers to profitmotivated criminals and, as a result, their target

selection is also different. Sometimes their selection of what is important or will help them achieve their aim exceeds rational analysis – the stabbing of police officers in Victoria may be seen as an attack on the enforcement arm of the oppressive government, but the shooting of a police accountant in Parramatta has no apparent rational basis other than he was walking out of a police building. Similarly, Timothy McVeigh’s choice of the federal building in Oklahoma City was as much a surprise as if someone was to bomb an office in Dubbo because it was their closest target. All businesses must recognise that extreme events are no longer unlikely (if they ever were) and should have plans in place to deal with them.

Terrorists have different drivers to profit-motivated criminals and, as a result, their target selection is also different.

Don Williams CPP RSecP ASecM is a recognised thought leader in the field of security management. He is a member of relevant security and engineering professional associations and often sits on their committees. Don can be contacted via email

ZKTeco Biometric technology, the next generation of access control is at your finger tips. Make your life sparkle with biometric innovations


Standalone Bio Finger

TCP/IP and RS-485 communication Built -in auxiliary inputs and outputs Advance access control functions 1 door, 2 door, 4 door models Lift controls and Expansion boards

RDF Backlit Keypad Face Recognition Finger and Vein VICTORIA 221 Nepean Hwy Gardenvale, VIC 3185 +61 3 9596 6688

QUEENSLAND 54 Caswell St. East Brisbane, QLD 4164 +61 7 3891 2222

WESTERN AUSTRALIA Unit 8/14 Halley Rd Balcatta, WA +61 8 9344 2555




EVENTS IFSEC International 21–23 June 2016 ExCel, London

Australia – A Risk Assessment Conference 28–29 June 2016 Hotel Realm, Barton

IFSEC International is the biggest security exhibition in Europe, taking place over three days between 21 and 23 June 2016 at London ExCeL. IFSEC welcomes over 27,000 global security professionals to experience the latest technological innovations and hear from industry leaders – all under one roof. The event caters to everyone within the security buying chain from manufacturers, distributors, installers, integrators and consultants to endusers. With over 600 exhibitors showcasing over 10,000 products, you will be able to find the perfect security solution for your business. There is more to it than just security. IFSEC International is co-located with FIREX International, Facilities Show, Safety & Health Expo and Service Management Expo, catering for those working across many platforms in building management and protection of people and information.

The Australian Security Research Centre (ASRC) is hosting a two-day conference with the theme of Australia, a Risk Assessment. The conference will feature a wide range of papers, presentations and discussion sessions designed to examine the actual risks to Australia and its citizens; what mitigation measures are available and/or appropriate; what they might cost; and what might the costs be of doing nothing. Featuring expert speakers from the public and private sectors, professional associations, academics and interested individuals, the presentations and discussions will cover the actual and real risks to Australia in a range of sectors. The conference program is themed into a number of sessions, including: • Defence and Security • Environment and Disasters • Law Enforcement • Economic and Financial Security • Population • Infrastructure and Resilience.

Visit for more information or to register.


Keynote speakers: • Mr Tony Pearce – Inspector-General for Emergency Management, Victorian Department of Justice and Regulation • Mr Mark Sullivan – PwC, Risk Management Institute of Australia Visit for more information.

Security Exhibition & Conference 2016 20–22 July 2016 Melbourne Exhibition Centre, Melbourne As an industry you have spoken and your event is returning to Melbourne in 2016! The Security Exhibition & Conference will return to Melbourne again in 2016 following another outstanding event last year. Having held the Security Exhibition & Conference in Sydney for 12 consecutive years, it’s great to remain in Melbourne to consolidate relationships and to nurture business in this market. For more information visit

Safe Work Australia Nov 2015

“ 2012-13 the cost impact of work-related injuries and illnesses was estimated to be just over $61 billion...”

Does your control room meet

Australian Ergonomic Standards?

State-of-the-art ergonomic lifting technology Lifetime Australian phone support AS/NZS 4443:1997 & ISO 11064


Clayton VIC 3168

+61 3 9574 8044 SECURITY SOLUTIONS 031


EVENTS The Australian Security Medals 26 August 2016 Australian War Memorial, Canberra The Australian Security Medals Foundation (ASMF) will once again celebrate the achievements of outstanding personnel in the security industry at its annual gala dinner and awards night to be held at the Australian War Memorial in Canberra on Friday 26th August. Launched in 2010, ASMF was established to publicly recognise outstanding security operatives, security professionals and their achievements and contributions to our community. The Foundation, through these awards, aims to promote security as a profession by: • raising awareness of the outstanding service(s) the medal recipients have
provided • promoting awareness of what the security industry really ‘looks like’ – beyond the ‘guns, guards and gates’ image • raising funds for beyondblue in an effort to help tackle the issue of depression in Australia.
 Money raised from the event helps to provide material support for the families and loved ones of security personnel killed or seriously injured in the line of duty. If you would like to help celebrate the outstanding achievements of the men and women of the security profession


and network with some of the industry’s leading luminaries, then be sure to book your tickets for this amazing event now. Visit for more information.

ASIAL Awards For Excellence 20 October 2016 The Westin, Martin Place, Sydney Hundreds are expected to attend the prestigious awards ceremony and dinner to celebrate winners of the 2016 Security Industry Awards for Excellence and Outstanding Security Performance Awards (OSPAs). Media personality James O’Loghlin (from Good News Week, Rove Live, Sunrise, Lateline, The Evening Show and more than 300 episodes of The New Investors) is back by popular demand and will once again emcee the awards. The OSPAs is a worldwide scheme for recognising outstanding performers in the security sector. They have also been launched in Norway and Germany and other countries are about to follow. Australia is at the forefront. The OSPAs are supported by ASIAL, ASIS

Australia and the Security Professionals Registry (although the OSPAs is independent of all groups) in an initiative that is designed to unite the security sector in celebrating the success of its outstanding performers. They are set to bring new life to security excellence. In this first year of the OSPAs, there are nine categories open to enter in Australia. They are: • Outstanding In-House Security Team • Outstanding In-House Security Manager • Outstanding Guarding Company • Outstanding Security Consultant • Outstanding Customer Service Initiative • Outstanding Security Training Initiative • Outstanding Security Installer • Outstanding Security Partnership • Outstanding Investigator Awards will be presented to winners between courses and James will provide light comedic entertainment. There will also be an opportunity to pose in front of the photo wall, have your happy snap taken by a professional photographer and network with other security professionals. Visit for more information.



The Time For Micro-Segmentation Is Now


By Tom Patterson

Corporate security strategies are failing, so leaders must re-tool to face the latest cyber threats. It could be said that 2015 was the year cybercrime became mainstream. Companies from all over the world, including the likes of Kmart, David Jones, Aussie Farmers Direct and Queensland TAFE locally, as well as JP Morgan Chase and Ashley Madison globally, all came under scrutiny as their breaches became mainstream news. It is repeatedly on the news agenda as it is pervasive and growing in complexity and persistence. Breaches are not only detrimental to business, but major brands also run the risk of reputational damage due to the inconvenience and the exposure their customers are subjected to. As a result, 2016 is the year when the priority is to shift tactics to combat the increasing number of hackers by abandoning outdated security strategies to protect intellectual property and other assets. But how can this be achieved? Security Openness Of course, as with all change, the first step is for more security leaders to admit that their current processes are falling short in the first place, and look at new strategies and methods which have a more realistic chance of protecting the organisation. These failings are no fault of the security teams and technology of old, but rather recognition that businesses function differently these days and, therefore, require a different approach to securing them. This is not a new theory by any means and is something which many experts have been stating for a while. However, despite the obvious ‘clean slate’ advantages of starting afresh with security solutions, there is still a large number of chief information security officers (CISOs) who are unwilling to let go of their sunken costs and look forward. Einstein said it best when he said, “Insanity is doing the same thing over and over again and expecting different results.” Simply put, more IT leaders in government and commercial enterprises need to realise that investing more


in yesterday’s ineffective technologies will, this year, not yield any different results. To succeed, they need to abandon the old ways of securing the organisation – with bigger walls and more event tracking – and adopt the new micro-strategy which takes advantage of network virtualisation and Internet Protocol Security (IPsec) to isolate the underlying infrastructure in a much more granular and controlled way by authenticating and encrypting each IP packet of a communication session.

Breaches are not only detrimental to business, but major brands also run the risk of reputational damage due to the inconvenience and the exposure their customers are subjected to. Year of the Micro The answer to this is micro-segmentation; it allows enterprise managers to quickly and easily divide physical networks into thousands of logical micro-segments, without the historic security management overhead. This approach gives control back to the enterprise networks, without them having to deal with the firewall rules and outdated applications, while embracing remote users, cloud-based services and third parties that have all become targets for attack in today’s world. This new micro-segmentation model will start giving the good guys the advantage in the fight against cyber attacks. With new containment strategies, organisations will have the ability to work at the IP packet level, which

makes it easier to apply anywhere a company’s data goes – from data centres to public clouds, to employees on the move, to suppliers around the world. Micro-segmentation is driven by existing identity management systems, so it is simple to establish communities of interest for authorised users across all of these technologies. It is one of the ways which CISOs can ensure that their organisations stay ahead of the pack and in the strongest position possible when it comes to security. Micro-segmentation also helps to address the question of how to secure public and community clouds. Major cloud service providers such as Amazon Web Services and Microsoft have made substantial investments in security to help ensure their subscribers’ data is safe and their cloud experience is exceptional. In fact, the security from such cloud service providers is better than in many companies’ own data centres. However, the thought of putting critical data on the cloud accessible by just about anyone is really scary and the perceived added vulnerability is preventing many organisations from fully leveraging the cloud – often they use the cloud for non-critical data such as test and development, but not for their core business applications that access their most sensitive data. New micro-segmentation offerings provide organisations with added layers of cloud security to instil the confidence they need to put more of their applications on the cloud. In doing so, they have the opportunity for tremendous cost savings, to make their products and services more globally accessible and to dynamically adjust to business conditions in real time. There are five security advantages these new micro-segmentation offerings provide to the cloud that have not previously been obtainable: 1. Micro-segmentation enables companies to use a consistent set of tools for both their local data centres and the cloud. 2. Micro-segmentation technologies provide encryption within the cloud from virtual machine to virtual machine. 3. Micro-segmentation technologies use concealment as a basis for security strategy.


4. Micro-segmentation prevents lateral movement of security infiltrations to the data centre. 5. Micro-segmentation can prevent security breaches in the cloud. A Business Priority The Ponemon Institute estimates that the total average cost of a data breach to Australian organisations was AU$2.82 million in 2015. It is clear that the impact of the major breaches ensured that security is no longer just a technology issue. Instead, it is now seen as a business issue that requires prioritisation from the top down. The security function will evolve to no longer report solely to the chief information officer. Boards will start to care and take real action and make cyber security expertise a requirement across the C-suite. Security is now a top agenda point in the boardroom as business reputations are once again at risk. Organisations will no longer be allowed to take the position of standing by and watching cyber attacks unfold – they will finally have the power to react rather than prevent. As a result, proactivity is the key word for 2016, with microsegmentation being a major player and step in the right direction for innovative organisations that are serious about security. Being seen to take such proactive measures is key to earning and maintaining consumer trust. For example, 58 percent of Australians expect a personal information data breach in the next 12 months at a telco, yet the majority of Australians say a data breach is not likely at a healthcare provider, airline and transport company, or bank (Unisys Security Insights research, 2015). Many Australians have personally experienced a data breach or have seen media reports of high-profile breaches by government and telcos, so they have a low level of trust in the ability of those organisations to protect their data. Conversely, public scrutiny around the introduction of e-health records and the resulting assurances for how data would be protected has built community trust in healthcare providers’ ability to protect personal information. Airlines and other transport companies are the most trusted type of organisations. However, they will need to


The answer to this is microsegmentation; it allows enterprise managers to quickly and easily divide physical networks into thousands of logical micro-segments, without the historic security management overhead.

work to maintain this trust as they continue to capture more and more information about their passengers in a bid to provide personalised end-to-end services – including assistance with border security measures.





Banking & Finance










Percentage of Australians expecting a data breach in next 12 months by industry

Consumer trust is not just a warm and fuzzy feeling – today’s customer is in a strong position of choice. It is easy for consumers to change their bank, telco, insurance provider or who they shop and fly with, as well as what channel they use to engage with government agencies. Previous Unisys research (2011) revealed that data breaches impact a consumer’s willingness to deal with an organisation. The majority of Australians surveyed (85 percent) said that they would stop dealing with an organisation if their data was breached. When asked if they would continue dealing with the same organisation but not use online services, only 24 percent of Australians said they would continue. Next year, let us hope that 2016 will be remembered as the year businesses faced cybercriminals head on.

For a full list of references, email:

R O B UST. S E C UR E. Our award winning full height turnstiles keep your building secure with style. Find out which high security turnstile is right for you.

1300 858 840

Centaman Entrance Control Ad 4.indd 1

17/02/2016 11:26:48 AM

MASTER LOCKSMITHS Master Locksmith Association members are highly trained, fully qualified security professionals with access to the very latest in restricted key systems, from mechanical keys and locks to the world-leading electronic master key systems.

Find your nearest locksmith and MLA member at













Building an A1 Control Room



By Joe Paravizzini

It was late last year when Staysafe Monitoring embarked on building a new A1 graded control room built to Australian Standards (AS2201) to provide a continuing level of service to its existing and new customers. Initially, the project started with a consultant from the security industry who had considerable experience with this type of project. The consultant was extremely knowledgeable and became the key to understanding the Australian standard and the requirements of the build. Other than the obvious with council regulations and building permits for the company’s existing location, the current building zoning was the first hurdle and it took a fair amount of time to get this through council. Council had interesting viewpoints that were addressed and the zoning issue was approved. Next was building permits, which required drawings and specifications for the new control room. The designers and engineers worked hard to design a control room that met the brief. Many hours were spent discussing the requirements and design to determine the size of the box itself. After three months of applications and council approvals, permits were granted to build the new control room. Some issues were encountered with the technicalities of building a box within a box. Cranes could not fit through the existing openings; however, this was overcome by building with blocks with concrete filling and reinforcement (steel). This became the most cost-effective way to build the control room. Once the blocks were complete, the engineering feat of suspending nine tons of steel as the support system for the 26ton concrete slab roof of the control room began. Countless hours were spent in the engineering design and the practical installation of this steel works. It was achieved with some difficulty – engineering is sometimes not an exact science and practicality is often an understated commodity. As they prepared to pour the suspended


The consultant was extremely knowledgeable and became the key to understanding the Australian standard and the requirements of the build.

slab on top of the control room and the ground slab, the issue of including a staircase to enable access above the room arose. With the help of a clever crew of builders and concreters, this was achieved. There was now a completed box and it was time to fit it out with many different services. Air conditioning was of great importance as the control room is sealed by doors that weigh approximately 350kg and is made of solid concrete walls all round. The contractor sourced a unit that could fit into a smaller space but still provide the correct airflows required to meet the consultants’ conditions. Door construction as per AS2201 required doors to be solid timber 45mm thick with 3mm steel on both sides. This is why the doors weighed so much. The door and hinge system was amazing to see once the doors were installed. Again, it took a few men to install and weld these doors on – achieved with ease and a professional crew. Then came the issue of disability access and a disabled bathroom that needed to be factored in. A consultant was engaged to

provide the requirements for all. Staysafe was extremely happy to be able provide this in its new control room. It supports the company’s vision for wheelchair-disabled people to be candidates for employment at Staysafe. Staysafe is looking forward to its new control room opening in the near future around July/August of this year. The importance of Staysafe having an A1 control room is for the future of the business and staff. Staysafe want be able to provide its customers with a great service that ensures growth as a company and sustains the employment of great staff. The greatest challenge over the last eight months was being the project manager for this building project; although I would do it again with the knowledge gained through this experience. It was actually fun. Joe Paravizzini is currently the owner and Manager at Staysafe Monitoring services, a fully Australian owned and operated graded Monitoring Station specialising in the electronic monitoring of Security Systems, primarily to the system installers within the security industry.

Contact us on 1300 364 864 Follow us on

Delivering Proven Solutions for Security & Safety We Protect People & Assets SECURITY SOLUTIONS 043


Open Hand Versus Closed Fist Practical Application For Public Safety


By Richard Kay Many operational safety training programs still teach closed fist strategies to officers for resolution of violence and subject control. However, with the increased incidence of severe and sometimes lethal consequence of closed hand attacks, there is little logic in officers using closed hands for control when open hands are far safer and more versatile. With regard to the open hand versus closed hand striking debate, open hands are a highly effective strategy when used correctly and in appropriate circumstances, having more positives and fewer negatives than closed fist strategies. To express this logically, the rationale will be broken into several categories. Physiological The hand is comprised of many small bones positioned end to end, designed for dexterous manipulation, not blunt force trauma. Closed fist strikes (that is, punch) require extensive training to be effective in actual combat, something which most officers do no receive nor do they dedicate the time to learn. Open hand strikes are more instinctive and require less training time to become effective in an operational context. The risk of closed fist strikes to the user in terms of self-trauma is quite high, as evidenced by the number of instances of people breaking their hands when punching (including ‘professional’ fighters such as boxers and mixed martial arts practitioners). This is usually the result of unpredictable body dynamics during actual confrontation (such as a moving target) and the fact that, in the emotion of a fight, people tend to ‘lose it’ and simply flay away at the target in general, usually the head. A hard ‘weapon’ (fist) against a hard ‘target’ (skull) creates a high risk / high success situation (high success = effect on target, high risk = effect on user). Ideally, what the user wants is low risk / high success, such that trauma is caused to the recipient without any undue trauma to the user. Open hand strikes facilitate this latter best case option. In addition to breaking the hand during the impact of striking with a closed fist, there is also the possibility of cutting the knuckles on the teeth of the recipient, a highly likely possibility if punching to the head. This situation can result in an infection in the hand of the user, analogous to gangrene if not treated properly.


The use of open hands also allows the arms / hands to stay relatively relaxed, which facilitates greater speed and power, and better reactive use. Closing the hands to punch tends to tighten up the arms, which creates tension and slows things down, both of which lessen impact potential. Additionally, closing the hands limits options; the user can only really punch. Opening the hands, in addition to relaxing the arms, also allows for numerous options for use of the hands/ arms. In addition to slaps, which is instinctive when using open hands, the hands are ready to (as required) grab, push, poke / claw / apply pressure (fingers), or with training, use different aspects of the hands (palm, fingers, edge of hand, thumb and so on). Therefore, open hands are far more versatile. In terms of the physical result from use, open hand slaps can certainly cause as much, if not more, trauma than closed fist punches. By keeping the arms relaxed, power generation through the limbs is greatly enhanced, allowing not only faster strikes, but also the ability to apply ‘heaviness’ through the strikes. This aspect not only can cause trauma to the target, but can also have an effect on the psychology of the attacker by ‘shocking’ their psyche. Open hands can also be used to great effect against the central nervous system (CNS) by creating overload trauma to the nerves from broad contact with the whole palm. CNS aspects work especially well around the head and shoulder areas, which can create shocking effects to the receiver and cause systemic disruption and shutdown (that is, unconsciousness). For the user, open hands are easier as they require far less training and are more naturally instinctive due to a person’s sense of touch through his hands. Psychological Open hand strikes have interesting psychological aspects associated with them. For the user, closed fist strikes tend to promote aggression, being that a closed fist and punch are an almost instinctive by-product of emotion, especially anger. Submitting to this impulse, therefore, and allowing free use of punches, can further fuel aggression and rage. On the other hand, open hands tend to be associated more with calming and pacifying, both to the receiver and also for

the user. However, used properly, there is no reduction in trauma capability from open hand strikes. Also, again from the point of view of onlookers, open hand strategies tend to demonstrate a more defensive mindset on the part of the user, or at least show that they do not wish to cause the attacker any undue harm. Closed fists, and punches, are commonly associated with aggression and an obvious intent to cause harm. Tactical For people who have to use weapons (such as public safety personnel), damaging their own hands during a confrontation is not advisable as it then limits their ability to escalate to a higher force option should the situation suddenly require that strategy for control; that is, escalating from empty hand to a higher force option with a weapon (spray, baton, taser, firearm and so on). If the user has damaged his hand then he will

With regard to the open hand versus closed hand striking debate, open hands are a highly effective strategy when used correctly and in appropriate circumstances, having more positives and fewer negatives than closed fist strategies.

In terms of the physical result from use, open hand slaps can certainly cause as much, if not more, trauma than closed fist punches. not be able to use his hand effectively, or at all, depending on the trauma. Open hand strategies allow for effective control through striking with minimum trauma potential for the user, protecting the hands for possible use with tools (as required), and offer versatility to the user as the situation demands.

Legal As far as use of force options go, both open and closed hand strategies are classified at ‘empty hand’ or ‘unarmed’ level. This level lies above communication, but below use of ‘tools’ to gain control. Lawfully, a person may use force that is deemed reasonably necessary and in proportion to the user’s objective in using force in the first place (e.g. self-defence). However, even though both options sit in the same category of force response, a closed hand strike (punch) is generally seen as a higher (harsher) option than an open hand one. In short, punching is (generally) deemed a greater use of force than slapping, and may therefore require greater explanation from the user to justify. Another factor that may also be relevant is witness perception. In relation to the force response logic outlined above, it may also be that closed hand strikes are seen by onlookers as more violent in the context of a confrontation. This can have an effect on the post-incident analysis, especially in legal terms and court process.

In summary, there is really no need to train officers in closed hand control strategies. Open hands offer more options, pose less risk to the officer using them, integrate easily with weapons and force escalation, and are easier to justify after the fact. Both instructors and officers should train and use strategies that comply with both natural biomechanics and lawful parameters of modern society. The aim is to train officers to ‘win’, but in a sensible, practical and safe manner.

In short, punching is (generally) deemed a greater use of force than slapping, and may therefore require greater explanation from the user to justify.

Richard Kay is an internationally certified tactical instructor-trainer, Director and Senior Trainer of Modern Combatives, a provider of operational safety training for the public safety sector. For more information, please visit




Digital Storage In Surveillance



By Vlado Damjanovski

In today’s world, all visual and audio data is now in digital format. Each new day in surveillance requires new terabytes of storage space for the thousands of cameras around various cities, major towns and regional areas; including shopping centres, factories and prisons, to name a few. The need for data storage grows exponentially with every new mega-pixel sensor and with every new technology (which was high definition [HD] video until only a year or two ago); today the 4k, tomorrow 8k and beyond. The surveillance industry is one of the largest consumers of data storage media because of the need for constant recording of information from cameras (with the associated time/date, GPS, various interfaces and so on). Hard disk manufacturers were ignorant of the CCTV and surveillance industry until it switched to digital storage. They then realised the size of this new data storage market. Short-term Storage Short-term storage is the recycling of the available storage space using the first in first out (FIFO) principle. In other words, if recorders have a drive capacity to store for only 14 days, an incident that occurred three weeks previously cannot be retrieved – it would have been overwritten by the new recording during the last 14 days. Some users call this short-term storage retention. It is very important for a surveillance manager to know what the storage retention is. If an incident occurs that operators did not notice, or the system did not pick up, then chances are it would be lost. The retention can be extended by simply adding more drives in the planning stage – some users may ask for six months or even 12 months storage – but it comes at a cost. Additionally, it takes physical space, consumes more power and takes more time for an operator to find an incident. The privacy laws and industrial laws in some countries may also limit the maximum storage retention a surveillance system can have.


Long-term Storage Long-term storage refers to indefinite storage of information. This typically happens by backing up the detected incident from the short-term storage to another media form and storing the information for a longer term by not allowing it to be overwritten or erased. Some users refer to this as archived storage. The media for long-term storage can be the same as short-term storage, or different. The current dominant storage technology is still magnetic hard disk drives, although solid state electronic storage in the form of flash drives, SD cards and solid state drives (SSD) are becoming more popular due to their affordability and capacity increase. Optical drives, in the form of CD-ROMs, DVDs, or even Blue-Ray disks are slowly becoming obsolete. Long-term storage, in theory, is not really indefinite as eventually the media will lose its properties and can no longer be read. A hard drive may lose its magnetic particle polarisation after many years, and the same can be said about optical or solid state media, although the numbers of years that it would take for this to occur has not yet been ascertained. The inability to read long-term storage of video footage after many years of it being archived will be increased because of the hardware technology designed to read the data becoming obsolete, rather than the ageing of the media itself – remember the floppy drives or zip-drives which were used by some for backing up data around 15 years ago. The life expectancy of long-term data storage goes hand-in-hand with the life expectancy of the technology that is used. Storage Capacities Today (2016) Current video surveillance technology offers much more visual details than the old analogue video. HD video, with its 1920 x 1080 pixels, offers five times the number of pixels an analogue image offers when converted to digital pixels. The latest 4k,

with its 3840 x 2160 pixel count, quadruples the HD pixel real estate, and it is 20 times the analogue pixel count. When the original full frame PAL was converted to digital, it was called 4CIF (or D1) resolution. If it was not compressed, it would occupy around 170Mb/s bandwidth. This was a vast amount of data to be stored on the old PATA (Parallel Advanced Technology Attachment) drives, especially if there were multiple channels. So, there was no choice but to start using video compression, which at the time (about a decade ago) was the broadcastproven MPEG-2. This was the same video compression used on DVDs, and visually it appeared no different to the uncompressed stream, although the 170Mb/s raw stream was squeezed down to 4Mb/s of MPEG-2. The introduction of the HD standard in surveillance over 10 years ago came after broadcast television became very comfortable with it. The uncompressed 720p HD and 1080i HD produced nearly 1.5Gb/s streams. The 1080p produced 3Gb/s stream for just one camera. Although these streams are not so difficult to handle in broadcast studios, as soon as an HD stream needed to be stored, or transmitted via cable and such, there was no choice but to compress the data. MPEG-2 was designed to cater for HD video, resulting in a stream of over 20Mb/s, which was still pretty high, so new video compression methods were sought. This resulted in H.264 video compression, which is the most common codec used today, reducing the HD video stream down to 4-6Mb/s; basically, the same stream size which was handling secure digital (SD) video using MPEG-2. Having a similar bandwidth as SD, H.264 made usage of HD very convenient for the storage length, but also for the network. The latest trend of 4k video sensors and cameras, also referred to as Ultra High Definition Television 1 (UHDTV1), is another huge leap in pixels and results in



Quantum’s multi-tier storage solution provides total usable capacity for less of the overall budget, allowing your clients to invest more in cameras, retention times, and analytics.

See us at Security Expo Melbourne 20-22 July, Booth F36 Find out more from Quantum ANZ: or 1 800 999 285 (Aus) or 0800 105 999 (NZ) © 2016 Quantum Corporation. All rights reserved.



raw streams of over 12Gb/s. Clearly, even more efficient video compression was needed. Although H.264 can compress 4k, the efficiency needed to be higher which lead to the development of H.265. H.265 offers approximately twice the efficiency of H.264, reducing HD streams to 2Mb/s and producing a 4k compressed stream of around 6Mb/s. And while H.264 video compression is computationally more intensive then MPEG-2, H.265 is more demanding yet again. Surveillance cameras would usually compress data using their built-in hardware encoders, but the viewing workstations would require all the decoding to be done in the viewing client software. The more camera streams needing to be displayed, the more decoding power that is required. This puts large demands on the operating system (whether it is 32-bit or 64-bit), as well as on the processing power of the main central processing unit (CPU) aided by the graphical processing unit (GPU) resulting in the need for relatively powerful systems to run this type of CCTV system. Data Storage Requirement with 4Mb /s Streams An average compressed stream of 4Mb/s, irrespective if it is SD with MPEG-2, or HD with H.264, or even 4k with H.265, would require storage capacities for hours, days, weeks, months, half-year and yearly recordings as shown in Table 1. So, what storage capacities are available today? Firstly, the maximum readily available magnetic hard drive today is 8TB using Serial ATA (SATA) format in its 3.5� physical form factor, available through both Western Digital and Seagate. Secondly, the largest magnetic 2.5� drives currently are 2TB, by Western Digital and Seagate. Thirdly, the largest readily available SSD is 1TB, although Samsung made a claim only two months ago (March 2016) that they have produced a 15.36TB SSD. Fourthly, the largest SD and micro-SD memory cards, which some Internet Protocol (IP) cameras are using for edge storage, are 512GB, as claimed by SanDisk.


Practical Examples So, if viewing Table 1 and wanting to have a 32-camera surveillance system, with 4Mb/s streaming of H.264, using just one 8TB drive, up to six days in continuous mode (no motion detection recording) could be recorded.

Assume now that coverage is required for a factory with 32 cameras, and motion detection triggered recording is being used. If the factory operates for eight hours a day, seven days a week, it is estimated that about one-third of that time the cameras will see movement, and therefore the surveillance system will be recording for 33 percent of the time. This is used in Table 1 as VMD with 33 percent activity. Clearly this is an approximation, as some cameras will have no movement during the eight-hour day, whereas some may have more than that (such as the reception area, visitors, cleaners attending after hours). In another scenario with the same factory example, the owners now want to have a whole year recording in continuous mode; over 480TB of storage would be required. This equates to over 80 drives (each of 8TB

capacity). No computer or recorder will host 80 drives in one chassis today; therefore, it is necessary to split this storage, keeping in mind the amount of data traffic that the network switches are capable of transferring between the cameras and the storage. The amount of data that can be written to the drives needs to be considered, and also allowances made for the playback and archiving data to be transferred out of the same storage. So, in this example, even with only 32 cameras, using 4Mb/s stream, assume this to be at least 128Mb/s (4 x 32), but at least three-fold of this number to assume a worst-case scenario of operators viewing the same 32 streams (assuming they have enough CPU and GPU power to view 32 channels) should be allowed for, plus allowance for back up. This makes it now

The life expectancy of long-term data storage goes handin-hand with the life expectancy of the technology that is used.

close to 400Mb/s of data throughput of one recorder, from the hard disks to the network switch. Do not forget that SATA standard revision 3 quotes a theoretical maximum of data throughput of 4.8Gb/s. In reality, it has sustained transfer rates of much less than that as the magnetic spinning disk has mechanical limit, which depends on the mass, the disk and the power consumed. If network overheads of at least 50 percent are added, a good 1Gb/s network is needed for the 32 cameras in the example. Often, there are more than 32 cameras in a system, on one network. This increases the network switching demand to much higher than 1Gb/s. This is where data planning is crucial for larger projects, and discussion of such

is beyond this article. Suffice to say that a non-IT person should be aware of the many bottlenecks in a digital IP system, including the camera sensor read-out speed, its video compression, network interface speed and efficiency, storing it on the hard drive, retrieval for playback and decoding ability of the viewing stations. The next big thing to consider is the imminent hard disk failures, especially when such long-term storage is required. This is where RAID-1, RAID-5 and RAID6 redundancy configurations are important. These add to the number of drives calculated above. Various RAID configurations have been documented and discussed elsewhere in various books, on the Internet and in manufacturers’ manuals, so those interested can seek further reading.

Vlado Damjanovski is an author, inventor, lecturer, and closed circuit television (CCTV) expert who is well-known within the Australian and international CCTV industry. Vlado has a degree in Electronics Engineering from the University Kiril & Metodij in Skopje (Macedonia), specialising in broadcast television and CCTV. In 1995, Vlado published his first technical reference book – simply called CCTV, one of the first and complete reference manuals on the subject of CCTV. Now in its 4th edition, and translated into four languages, Vlado’s book is recognised the world over as one of the leading texts on CCTV. Vlado is the current chairman of the CCTV Standards Sub-Committee of Australia and New Zealand. In his capacity as chief contributor, Vlado has helped create the Australian and New Zealand CCTV Standards (AS4806.1, AS4806.2 and AS4806.3). He can be contacted through his website




Why Do Companies Still Make The Same Mistakes?

By Caroline Sapriel For decades, crisis management has been institutionalised and taught at universities. Corporations and businesses have procedures in place. So why are some still making the same mistakes when facing a crisis? Recent crisis examples show the fragility of what has been taught. Are organisations forgetting these lessons when faced with the pressures of crises? Is the stress so great that primary reactions prevail? Do quick fixes obscure long-term sustained credibility objectives? What happens to the corporate values and principles organisations display in the lobbies of their office buildings? This article examines the factors behind this phenomenon. It is not intended as an anger pointing exercise, nor does it aim to analyse mistakes made in some recent notorious cases, as too many uninformed commentaries have previously attempted to do. Rather, coming from a long-standing practitioner’s reflection on what is happening in the field, it aims to remind readers of a few fundamental planning principles to avoid making and repeating these common mistakes. It is a fact that many organisations pride themselves in having wellestablished, best practice crisis management systems and competencies. Yet in times of trouble, is it enough to be committed to crisis management as a discipline or is it perhaps more useful to be committed to knowing what is the right thing to do and actually doing it during the crisis? So if it is acknowledged that much has been done to enhance crisis preparedness and improve response effectiveness, what are some of the influences and forces that seem to be at play unravelling all this good work? The first factors are leadership and commitment. Broadly speaking, in terms of crisis preparedness, organisations can be divided into three key categories: first, those that have nothing in place; second, those that have something in place that is sporadically reviewed, budget permitting; and third, those that have established processes and competency programs that are diligently reviewed, practised, maintained and updated by appointed crisis custodians.



Yet, even in the last category, when faced with a crisis, organisations with a high level of preparedness still repeat common mistakes, often overriding or ignoring their best practice systems, reacting too slowly or too quickly, divulging partial information and jeopardising reputation or public safety. “Even when organisations are aware of how to proceed, they sometimes abandon their plans when confronted with crises. There can be kneejerk reactions to stonewall, deny, or think that the crisis will go away if it is ignored. Often an organisation’s culture undermines an intelligent plan. A culture that values ambiguity and duplicity can render even the most intelligent plan useless. A culture that respects transparency and long-term success facilitates effective crisis communication efforts,” says Alan Zaremba, Department of Communication Studies Northeastern University and author of Crisis Communication, Theory & Practice. Increasing crisis resilience and vigilance must be mandated from the top of the organisation (see diagram) and implemented by all, under the watchful eyes of the crisis custodians. However, senior leaders who have assigned the mandate should not think that is enough to feel ‘safe’. They must continue to participate in the process by personally propagating and sustaining this commitment before, after and especially during the crisis.

Senior management – not only the crisis custodians – must embed and live by this commitment. In real life, this means that when a corporate crisis hits, the CEO must not jump in and override or ignore what is in place and suddenly take control. Rather, he or she must be so intrinsically familiar with the crisis leadership principles of the organisation (that she or he helped embed) to be able to hold the course through the storm, battling stakeholder attacks, events taking another turn for the worse and more. And the CEO


must do so keeping everyone focused on the vision of the aftermath of the crisis, a vision that he or she helped to articulate at the onset of it all. Effective crisis leadership is not about winning or losing or finding the perfect solution; ultimately, it is about holding the course, about doing the right thing and protecting credibility in the face of tremendous adversity and stakeholder pressure. An organisation with an embedded culture of commitment to being fit and ready to anticipate, detect, manage and learn from adversity is more likely to bounce back faster, protect its reputation and increase resilience in the process. Cost or investment is the second point. For as long as crisis preparedness continues to be perceived and considered a cost by organisations, the mindset will not shift and mistakes will continue to be made. There are numerous statistics showing the devastating costs of crises: from human lives to assets, to market share and share price, to ruined reputations and so on. Yet crisis preparedness, including processes, training and practice, testing and maintenance is often considered ‘nice to have’, but not ‘critical’. A few progressive organisations at the top of the culture ladder believe that investing in crisis preparedness not only helps improve resilience, but also helps unravel opportunities for their business. Like any other, such organisations also face budget cut cycles, but in their case the systems are so well embedded that a reduction in budget does not result in enhanced exposure. Third on the list is practice. Fortunately for most organisations, crises are few and far between. Therefore, having plans in place and teams trained is clearly not enough to build the kind of reflexes the organisation needs to face up to a real crisis effectively. Most corporate crisis teams are made up of the CEO, chief operating officer and other functional representatives (chief financial officer, human resources, legal, marketing, communications, and so on). While these senior executives have extensive business experience and acumen, as well as expertise in their respective functions, this does not make them competent crisis managers by default. In fact, at best, they may have had varying degrees of exposure to crises throughout their careers and sporadic training. Regrettably, they often feel they do not need crisis training. So when a crisis hits, in spite of their long-standing experience, and because they are often insufficiently prepared and trained for

the peculiarities and psychologies of the strains of crises, the stress can affect their effectiveness and decision-making ability and cause them to make mistakes. Crisis management best practice advocates that the optimal crisis teams are not made on the basis of functionality alone, but suitability first. Therefore, at the most senior level where crisis stakes are the highest, sustained competency development is essential, but regrettably often overlooked. Building the right mindset and reflexes comes through regular practice at the top, as well as throughout the organisation. Along with regular practice of leadership and response skills is the need to place more efforts on crisis anticipation, prevention and detection. Today, more often than not, risk management, crisis management and business continuity are managed in silos and by separate functions in the organisation, and the need to integrate all three is critical to enhance resilience and avoid costly mistakes. The next factor is that business contingency planning should be integrated. The disconnection between risk management, crisis management and business continuity is clearly a contributing factor to increased exposure. This lack of an integrated and strategic approach to crisis anticipation, mitigation and recovery creates gaps and redundancies. It can also lead management to knee-jerk reactions and to make mistakes when faced with a crisis, instead of strategically steering the course through the developing events and the web of stakeholders’ conflicting agendas. Many crises can be anticipated if not prevented, and much can be done to mitigate their escalation. Regardless, organisations will increase resilience and be less likely to make and repeat mistakes during crises by integrating the preventative, reactive and curative phases of loss. This consists of bringing lessons learnt from previous crises into the risk-management process, sharing the lessons learnt and developing competencies accordingly. Last but not least are the factors of values and culture, which are far more difficult to harness. Over and over, when companies err during crises, their mistakes express the opposite of what is claimed in statements of corporate values and principle. Accidents, negligence and product failures should not happen, but they do; fraud and ethical issues can be addressed only if organisations are determined to stand by and protect their corporate values and principles in the face of adversity at

all costs and for the long run. When ‘corporate vows’ are broken, trust is lost and stakeholders are merciless. Simply stated, upholding a culture of values by demonstrating ownership, transparency, regret and remedial measures can save the day and prevent crises from turning into reputation meltdowns. Cultural Shift Required “Business leaders have to unite and make crisis management a priority. They should push business schools to adopt crisis management in the curriculum and they should invest in joint support capacity like the chemical industry has done and be trained themselves, which would provide a strong incentive to others in the organisation. We need a shift in culture and this has to come from business leaders,” says Dr R A Boin, US editor of Public Administration, Public Administration Institute, Louisiana State University, US. Yes, organisations should establish and maintain solid crisis management systems and competencies

and create a generative crisis management culture that aims to build high reliability organisations, but they will only truly advance and stop repeating the same mistakes if leaders decide to be closer to where crisis preparedness is managed and keep their pulse on it. Top management must be more involved with their teams in fostering a vigilant and resilient culture in their organisation so that when a crisis hits, they are at the helm leading and not just reacting. A Few Guiding Principles • A leader must be intrinsically familiar with the crisis management organisation he or she mandated in order to hold the course through the crisis, keeping everyone focused on the vision of its aftermath. • Consider crisis preparedness an investment, build a generative culture that will help uncover problems early and address them proactively. • Integrate anticipation, prevention, detection,

• •

mitigation and recovery under one common framework; assign risk owners, crisis custodians; make business continuity a strategic function and not only a tactical one, and involve the CEO in the process. Practise regularly at the highest level to build the kind of reflexes and resilience the team will need to lead optimally under the stress and duress of a crisis. Build and practise on a wide range of scenarios that challenge values and cultural notions to validate and reinforce what the organisation truly stands for.

Caroline Sapriel is the founder and managing partner of CS&A International, a 25-year-old specialist risk, crisis management consulting firm operating globally from bases in Europe, Asia and North America. To see Caroline presenting on Core Crisis Leadership Competencies at the Security 2016 Conference, visit to book your conference pass.

Real Time GPRS Starter Packs SPECIAL • 1 UniGuard 12 software † • 1 Year Server Access Fee • 1 GPRS RFID Recorder OR GPRS iButton Recorder • 1 GPRS Charger • 1 GPRS Pouch • 20 iButton checkpoints or 20 RFID Passive Checkpoints • BYO Sim Card* *or ask the sales rep for additional Sim card. †

$1595 +GST $ 1 1 9 5 +G ST

Premium software pack: was $4940 NOW $3940

Offer is valid for a limited time only. Get in while it’s hot!

UniGuard management & security 1300 1333 66 SECURITY SOLUTIONS 057





By Neil Fergus The Panama Papers have caused major reverberations around the world; in governments and businesses. There has been massive media and public interest in the content of this huge tranche of commercial documents. The disclosure of the offshore tax details of over 214 000 shelf companies has some quite extraordinary implications – including in Australia. The fall out has spurred politicians and tax agencies around the world to implement a range of measures to clamp down on offshore tax avoidance and to prosecute people allegedly cheating the system. This crackdown is being applauded by everyone who pays their full tax liabilities. But there are other consequences of this case that are worthy of further consideration. However, to begin with, we need to recap on the facts – to understand what has occurred, the how and the why, so we can then reflect on what it all means. Mossack Fonseca is a Panama headquartered law firm that had offices in over 30 countries and employed over 500 staff. It specialises in providing commercial, trust and taxation advice to wealthy clients and was extremely successful in terms of its client base and revenues. In April it became public knowledge that its email server had been hacked and that a person or persons had stolen 11.5 million documents that covered the period 1970 to 2015; these are the so-called “Panama Papers”. The hacker gave all the data to the International Consortium of Investigative Journalists (ICIJ) after the latter agreed to certain conditions which the hacker had apparently negotiated with the ICIJ. The revelations that have followed relate principally to the offshore shelf companies set up by the law firm for various clients from all over the world; in various tax havens like the British Virgin Islands, Panama and the Seychelles. The firm claims it has acted legally and properly but the documents raise very significant questions about the fine line between tax avoidance – legally seeking to minimise tax – and tax evasion – breaking the law of one or more jurisdictions to avoid tax liabilities.


The hacker gave all the data to the International Consortium of Investigative Journalists (ICIJ) after the latter agreed to certain conditions which the hacker had apparently negotiated with the ICIJ.

The US Treasury has asserted that Mossack Fonseca‘s US clients have avoided paying somewhere between $40 to $70 million US dollars of tax each year for the last 30 or so years. As a consequence, President Obama and Treasury announced a raft of new legislative measures to try and close a number of tax loopholes identified in the papers. The Australian Taxation Office is reportedly investigating over 800 Australians who had their offshore commercial arrangements included in the revelations. There is no suggestion that all of these people or companies are involved in illegal behaviour. However, Fairfax Media has alleged that 80 of these Australians are identified in the Australian Crime Commission (ACC) database for persons known or suspected of being involved in serious and organised crime. The Australian Tax Commissioner, Chris Jordan, is playing a lead role engaging with approximately 30 foreign taxation agencies to coordinate an international investigation

to prosecute tax cheats identified by the Panama papers. The Australian Tax Office (ATO) has established a Serious Financial Crime Taskforce and established information exchange arrangements with around 100 foreign tax agencies. The documents have proven to be a veritable bombshell and presumably have had the effect desired by the hacker. While the identity of that person is shrouded in mystery, we have been told by the ICIJ he or she was motivated simply by a desire to expose and stop tax cheats. This is where the whole matter gets seriously intriguing. Some journalists have speculated this hacker is actually a foreign intelligence service and the Russian and US intelligence services have both been mentioned as having possibly orchestrated the public disclosure of the Panama Papers. The potential motivations that might have prompted such an intelligence operation are potentially credible but are certainly not conclusive. One hypothesis that has been mentioned

10 YEARS STRONG Only Seagate Surveillance HDD delivers 10 years of advanced technology for safer, smarter cities.

When your data is at stake, only the best is good enough. The result of 10 years of industryleading technological innovation, only Seagate Surveillance HDD combines always-on reliability with built-in data recovery to protect your data and secure your property. Why settle for less? •

Precision-tuned for high-write surveillance workloads operating 24/7

Ideal for security DVRs and NVRs

Supports 64 cameras per drive and 8+ drives per system

Reliably performs in multi-drive systems with RAID support

Consistent performance supported by RV sensors

Up to 8TB or 800+ hours of HD video

Backed by built-in Rescue Data Recovery Services



... the Russians may have been directed by President Putin to undertake the hack and released the data due to his anger over continuing western allegations that he and his so called cronies are corruptly accruing billions of dollars of assets.

is the Russians may have been directed by President Putin to undertake the hack and released the data due to his anger over continuing western allegations that he and his so-called cronies are corruptly accruing billions of dollars of assets. Some others have claimed that US intelligence services might have done it to expose the proliferation of international tax cheats and provide a basis for legislation to be put to Congress to close longstanding US tax loopholes. In both instances, it seems a rather long bow to draw and, frankly, I don’t regard either theory about covert intelligence operations as being particularly strong. However, it does highlight the problem when a server is hacked, sensitive information is stolen and then released publicly without a “whistle-blower” being identified and the claimed motivation being assessed as genuine. We should also consider the legitimate question, could a hacker have materially


benefited from the disclosures? Certainly some of the material released has impacted the share price of a number of companies in different bourses around the globe. It is possible someone could have shorted a number of shares to benefit from stock price movements that could have been quite reasonably anticipated by the hacker prior to passing the data to the ICIJ. Unsurprisingly, there has been significant damage done to Mossack Fonseca and its business; its principals and its employees. Is it deserved? That’s an interesting ethical question and probably only time will answer it fully. Certainly one of the key determinants will be to monitor how many of its clients are subsequently convicted of criminal charges relating to frauds, tax evasion or money laundering. Certainly there has been widespread public outrage at the nature and extent of the tax avoidance the firm has coordinated. But, as

the ATO Commissioner has publicly reaffirmed, minimising taxation is not illegal. Tax evasion is of course illegal and, again, it will be important to see how many of its clients are proven to have had that intent. There is another key aspect for which Mossack Fonseca might not be entirely responsible or accountable, and that involves allegations that numerous organised crime figures engaged it to park their cash and assets in tax jurisdictions away from the eyes of law enforcement agencies. Provided Mossack Fonseca did reasonable due diligence checks prior to signing new clients, which it claims it did, then it has no or only indirect culpability. But did it do professional due diligence checks on aspiring clients? Due diligence by banks and law firms involved in significant international commercial transactions is a key tool in global efforts to prevent and detect money laundering. Some companies take it quite seriously but, frankly,

Recognize and Analyze How often was he here this month?

Is he a known suspect?

How old is she?

Are they employees?

When, where did she enter?

Is this valued customer Mia Clark?

How many people are here? Is it too crowded in this area? See it in action at Security Expo in Melbourne, stand F42: FaceVACS-VideoScan C5 IP video camera combining face detection/tracking and camera technology in a single device

FaceVACS-VideoScan uses premier face recognition technology to detect and identify persons of interest while computing demographic and behavioral data, supporting security staff, marketing teams and operations management.



The lesson that governments and corporations can take from all these cases, amplified by the circumstances surrounding the Panama Papers, is electronic data needs to be appropriately protected from hackers and from potential theft by a trusted insider.


some companies do the bare minimum to satisfy the relevant regulators. Our company, Intelligent Risks, has been continuously involved in undertaking international due diligence checks for corporate clients for the last 15 years. There are obvious challenges in doing a due diligence enquiry on an individual or a company in certain jurisdictions; such as China, Iran or Indonesia. There is usually a requirement to do criminal and civil court searches and identify independent and objective referees. You also need to do the enquiries in the predominant local language. Imagine our shock when the director of a large and quite well known forensic accounting practice confidently told me his firm were managing offshore due diligence checks for their clients by doing English language internet searches from their Australian offices. This is absolutely inadequate and a complete travesty! It will be very interesting to assess the effectiveness of the due diligence framework and processes Mossack Fonseca used before signing up and acting for new clients. And of course there is another very significant element to the Panama Papers affair, one that has had minimal publicity to date. Someone illegally hacked a server in a law company and stole the data. Unquestionably, the ICIJ has rationalised this fact in the firm belief the disclosures are in the public interest and reveal, in its view, significant criminal activities. However, nobody has alleged all the persons and companies that were, or are Mossack Fonseca clients, are engaged in tax fraud or other torts. There are certainly persons whose privacy has been completely compromised who were acting legally and properly. The family of David Cameron, the British Prime Minister, was certainly in that category of Mossack Fonseca clients; and they were not the only ones. We are in an era of sophisticated hacking and significant international "whistle-blowing". The most prominent case involved Julian Assange, WikiLeaks and Bradley Manning. Some of those disclosures caused serious damage to national security in the US and elsewhere, including some damage to Australia’s national security. The release of intelligence by Edward Snowden, much of it publicly through media

organisations, but some particularly sensitive material was allegedly passed direct to the Russian government, has caused incalculable damage to western security. And most recently, sophisticated hackers were able to compromise the international banking transaction processing system, SWIFT, and successfully steal around US$100million through a series of cut-out companies and accounts. A violence free and brazen heist of major proportions and a criminal operation that has stunned central banks around the world. Another case with some indirect relevance to these considerations involves two of Australia’s leading investigative journalists, Nick McKenzie and Richard Baker of Fairfax. They are winners of multiple Walkley Awards, the media’s highest accolade for journalists, and they have broken some astounding stories about corporate corruption in recent years. Nick and Richard gained access to a large tranche of electronic data from Unaoil, apparently some tens of thousands of emails. Unaoil, a private firm located in Monaco that principally assists corporate clients to secure hydrocarbon contracts in developing markets, was accused by Fairfax of being the middle man in paying bribes to corrupt officials globally to secure lucrative contracts for its corporate clients. The intrepid Australian journalists have not revealed their sources but it is clear it involved one or more trusted insiders and, according to Nick “...the sources of this story never asked for money. What they wanted was for some of the wealthiest and most powerful figures in governments and companies across the globe to be exposed for acting corruptly, and with impunity, for years”. The lesson that governments and corporations can take from all these cases, amplified by the circumstances surrounding the Panama Papers, is electronic data needs to be appropriately protected from hackers and from potential theft by a trusted insider. Cyber crime is markedly on the rise and a company can very quickly have its reputation hurt and its share value adversely impacted if it has sensitive commercial data taken or the privacy of its clients compromised. In fact, there have been a number of

cases in recent months, including at least one case in Australia, where hackers have stolen company data and then demanded an extortion payment to return the data and not misuse it to embarrass and harm the company. And it doesn’t mean the data necessarily indicates any malfeasance or wrong doing by the company. The extortionists are often aware that disclosure will simply dent public confidence in the management of the company and cause reputational harm. Of course, there are well intentioned, ethical persons who turn “whistle-blower” in protest at the behaviours within certain companies; and it can be argued legitimately they are doing a public service when they expose corporate crime. However, there are some other so-called “whistle-blowers” who are simply disgruntled former or current employees seeking to wreak vengeance on a company they are at odds with; sometimes they have been made redundant or otherwise treated in a manner they regard as unfair and sometimes the person might have psychological issues or have even been dismissed for valid reasons. Then, as we’ve seen in the recent hacking of the SWIFT system, there are also sophisticated criminal cartels at work seeking to defeat electronic security systems – seeking to extort or steal large sums of money. So it begs the question, when will we see the next case like the hacking of the Panama Papers? And when will we see another sophisticated heist like the SWIFT case? There is one thing we can be certain of – there will be more cases where these types and companies need to consider the integrity of their systems, processes and behaviours very closely. Cyber crime is one of the fastest growing classes of crime in the world. How well protected is your organisation? Neil Fergus is the Chief Executive of the Intelligent Risks Group, an Australian headquartered management services company specialising in the delivery of risk, security, crisis management and response services to government and corporate clients internationally. It has practices in Asia, Europe and the Middle East.



Are You Trusting? By Lizz Corbett Having found myself at the age of 22 in a role designed to maintain public peace, gather information and keep people safe, I realised I needed to know about lies and deception. I considered my level of expertise on the topic and, with an honest perspective, I labelled it low. I felt certain about one thing, all humans tell lies. I knew that the policing career I had just embarked on was going to not only be packed with adventure, but also full of people hiding behind lies and misleading information. I recognised that one of the core responsibilities of a police officer was conducting interviews, and with that task came the complexity of unravelling truth from lies. I reflected on exactly how much training they had given us in the academy in distinguishing truth from lies and, as it turns out, there was little to none. Eighteen weeks in the police academy had equipped me with the ability to run for six kilometres without stopping, taught me to shoot a gun at a central point on a paper target and drummed into me the legal points of proof for at least 10 serious crimes. In training, I had seen autopsies, taken part in role plays where I had to play a grieving parent and I had also learnt how to twist someone’s wrist behind his back until he buckled and fell to the ground. I knew how to give a dummy cardiopulmonary resuscitation (CPR) and I also knew sections 458 and 459 of the Victorian Crimes Act fluently. So, if interviewing people and effectively distinguishing truth from lies were of such critical importance to my new role, why did I, and my fellow squad mates, know so very little?


I started to ponder questions I could not yet answer: “Why would someone give me critical information that was against their own selfinterest or that of others, just because I ask them to?” and “How would I know if it was the truth if I had little or no other evidence?” One of the early tests of my ability to ask effective questions and spot truth or lies came a couple of months after graduation when working at Brighton Police station in Melbourne. Myself and my more experienced Senior Constable partner were called to a train bridge that spanned across the busy Nepean Highway in Gardenvale. The report was that someone was throwing rocks from the bridge onto the road and cars. Long story short, let me just say that the 13-year-old boy I was tasked with speaking to seemed ever so convincing. Whilst my partner chatted with two other teens further down the bridge, I questioned this lad until I was convinced he had nothing to do with the dangerous behaviour I was alleging. On reflection, I am not sure how he swayed me away from suspicion and allowed me to let him happily run home to his mum. My wise partner on the other hand was furious I had let him go and could not understand how I could possibly believe that this kid was not involved. I explained that “he was really believable; he told me he did not do anything and I just did not feel he was involved.” It turns out the three of them were all equally involved, plus a fourth one who ran off when he saw the police car. I decided at that point that I desperately needed to fill the gap in my knowledge and awareness. Five years in the police force, seven years in sales, recruitment and

senior management, and 15 years in a business teaching people to conduct better interviews with a focus on evaluating truthfulness and credibility has opened my eyes to the topic of truth and lies from many different angles. I now know there is more to the topic of truth and lies than just trying to teach people to be ‘a human lie detector’. The topic is rather more complex and includes understanding ourselves better, our own filters, human behaviour and our own truths. In my view, those working in any role involving the safety of people or property should have a solid grounding in the many facets of human behaviour, including understanding how to better read people and situations. Most entry level courses do not teach these skills and if they do, it is a brief introduction to what is a complex topic. From there, most of the learning comes from being thrown in the deep end with the occasional formal skill top-up in some positions. Asking better questions, reading between the lines, understanding the impact your own behaviour has in the interaction, encouraging truth and spotting lies are not skills that can be mastered overnight. It takes ongoing education, practice and guidance to continue to develop a more comprehensive awareness. This article is the first in a series of three that aims to offer tips and insight for those involved in dealing with people where obtaining accurate information is important. Some of the tips come from courses that have been developed over the past 15 years, including the Perceptive Interviewing ® program. Other concepts are drawn from research by experts such as Dr Paul Ekman and form part of our licensed courses in evaluating truthfulness and credibility. Some of the methods and ideas will come from personal experience or from people I have trained.

assessing credibility is beneficial. There is no downside to more accurately reading a person or a situation, particularly if you are making important decisions based on that reading. One of the things I have concluded after 15 years of teaching these topics is that many people fail to realise the influence they have over how an interaction unfolds. I recall in the police force an experienced member storming out of an interview telling others that the suspect was completely ‘useless’ and there is no way that he was ever going to open up and share the critical information that was sought. I then watched as another, calmer member took over the interview, with a completely different approach. Within 30 minutes he had won the respect of the suspect, which resulted in him being much more forthcoming with information. So, was it the ‘useless’ suspect or the ‘useless’ interviewer that caused the initial road block to obtaining the required information? In subsequent articles, I will provide tips to get you thinking about how you can reduce the likelihood that you will be lied to. I call this creating a truth-telling environment or paving the pathway to the truth. Make no mistake; if a person wants to lie to you or mislead you, it is totally their choice! However, you do have more power and more influence over this than you may realise. I will also provide tips to help you notice things that people say or do that you may miss. This can help you in a number of ways, including connecting better with people and more accurately knowing what someone is thinking or feeling. As you embark on the journey to improve your skills in reading people, encouraging truth and spotting lies, let me start by dispelling four myths:

There is more to the topic of truth and lies than just trying to teach people to be ‘a human lie detector’.

Getting Started in Encouraging Truth and Spotting Lies No matter the role you are working in, if you interact with other humans, then improving your skills in correctly reading behaviour and

Myth #1 – Everyone lies Okay, so I cannot bust this statement completely because we all do lie at some time, at some level. The distinction I want to make is that not everyone tells BIG lies. It is difficult to put different types of lies on a scale but,

broadly speaking, there are high-stake and low-stake lies. Not everyone tells the highstake lies, the ones about the serious matters that can have a massive impact. These are the big ones which, if caught, could result in the end of employment, freedom, relationships, money or even life. Myth #2 – Women can spot lies better than men There is no sound research to support this. In fact, most people are terrible lie catchers. People are often wired in a way that they want to believe the liar. The truth can be difficult to accept, so often we miss clues that are there in front of us as it would be too painful to know the truth. We often cooperate in the lie without realising it. Do you really want to know if your lover is unfaithful or if your teenager was really at a friend’s house last night? Myth #3 – Psychopaths are perfect liars Psychopaths are no more skilful at lying than anyone else, but they engage in other behaviours that can either charm, distract or confuse the listener so he or she often ends up wanting to believe them. Myth #4 – Micro-facial expressions are proof of lying Super fast facial expressions can reveal an emotion that is being concealed, and that is a kind of lie, but it can depend on the reason for the emotion. Someone who is innocent may conceal fear or anger about being suspected, not because they are lying or misleading you. Either way, it is a great skill to be able to notice fleeting emotions, but be careful not to draw conclusions too quickly. Join us in the next edition and you will learn that you have more power than you may realise to influence the truthfulness, or otherwise, of others. Lizz Corbett is managing director of Training Group International. If you are interested in building skills and awareness, connecting with people, encouraging truth, spotting lies and asking better questions, then register your interest in new online training programs being launched in late 2016. Visit for more information.




When The War Is Over: Security And Risks To Consider When Working In Post-Conflict Environments By Hugh Morris

The successful execution of any project depends on the ability to identify the risks to delivery and the plan to mitigate them both at the outset and during implementation. However, when it comes to businesses entering and working in post-conflict environments, the risks to delivery are likely to be even more diverse, acute and difficult. As well as the general difficulties of carrying out operations in any environment, in a post-conflict zone these can be combined with additional issues such as an already compromised security situation through to an unstable political environment. However, the threat posed by the leftover detritus of these

conflicts, from caches of weapons to Improvised Explosive Devices (IEDs), can be the biggest threat of all to surviving these environments, let alone succeeding in them. Today, there are over 100 million laid and active landmines globally – not to mention millions of tonnes of other unexploded ordnance (UXO), such as rockets, mortars and IEDs, both from recent and historical conflict. Also, and of greatest concern, contamination is only increasing thanks to the upheaval in Iraq and Afghanistan, followed by the fallout from the Arab Spring across the Middle East and North Africa. Organisations looking to enter these countries need to be particularly aware of the risks and security threats posed. In addition to (and perhaps due to) the vast amounts of explosive remnants of war (ERW) still in situ and easily accessible in the aforementioned countries, IEDs are



becoming the weapon of choice for antigovernment forces throughout these regions. According to The Landmine Monitor, in 2015, victim-activated IEDs were being used in no less than 10 countries: Afghanistan, Colombia, Iraq, Libya, Myanmar, Pakistan, Syria, Tunisia, Ukraine and Yemen – and this does not include command-detonated IEDs, used in many more. These homemade and unregulated bombs are becoming increasingly sophisticated to generate maximum impact and avoid countermeasures. They are hard to detect and even harder to remove. However, when the conflict has come to an end, the show must indeed go on, and that goes for businesses looking to enter these areas as well. There is no doubt that dealing with ERW poses large risks, in part because it involves such a broad range of UXO. From antipersonnel and anti-tank mines to cluster munitions, from IEDs to air-dropped weapons and land service ammunition, these munitions can lie dormant indefinitely after the end of a conflict, continuing to pose a significant threat to any passing human, animal, equipment or vehicle, often even after initial clearance efforts. Many of these mines and other ERW are located in countries coming out of recent conflict, referred to as ‘post-conflict’, that are now going through a transition into peacefulness and development. This means opportunities for business, whether it be infrastructure construction/reconstruction, road rehabilitation, developmental assistance or the opening up of new lines of communication and trade routes. However, this does not mean that the areas have been cleared of explosive remnants of the preceding war, which is essential to consider when attempting business in these environments. The first step to any post-conflict environment is mine action. Below are some tips for any business or organisation on how to mitigate the risks and security threats when entering post-conflict environments. Gather Information This part may seem obvious, but knowing who to contact and the kind of questions to ask is essential for preparation and mitigation of the threats of ERW. Contacting the local National


The threat posed by the leftover detritus of these conflicts, from caches of weapons to Improvised Explosive Devices (IEDs), can be the biggest threat of all to surviving these environments, let alone succeeding in them.

Mine Action Centre (NMAC) in the theatre can help to understand the kind and size of threat potentially being faced. Will there be landmines? Anti-vehicle mines? Unexploded ordnance? If a country does not have a direct NMAC, the police or the army should have similar information or, alternatively/additionally, contacting non-government organisations (NGOs) or mine action companies who have been working in the area will shed more light. Questions such as where threats are most likely to be can help. These items can be found in places that would do the most damage to the infrastructure of a city/town/village, such as roads, bridges, power plants or water services. They can also target places where people are likely to gather or go, such as wells, other water sources and walking routes. However, due to the rise in terrorism and guerrilla tactics in certain areas, there can sometimes be little plan to their placement. For example, IEDs are vastly on the rise in countries where perhaps the ‘main’ conflict has ended but tribal/civil/religious based strife still continues. These are a lot less predictable and can be placed randomly and become booby traps once there is no one waiting to activate them.

It is critical for an organisation to build its own intelligence picture on the area, involving the offsite collation and review of as much information as possible about the proposed working area in order to determine whether or not there is likely to be the presence of ERW and, if so, what kind. As broad a base of information as possible should be sought and reviewed, ranging from old military records to news reports, in a comprehensive effort to determine whether or not a threat is likely to exist. Risk maps, showing high, medium and low risk routes or areas, may be obtained if mine action groups are working in the area. Dealing with an Identified UXO Threat If there is a definite threat of potential contamination in a working area, a business may want to seek specialist advice and bring in support to conduct a non-technical survey of the area. This entails a deployment to the area and physical assessment of the likelihood of a threat being present through discussion with local inhabitants (often the best source of information) and local authorities. They will usually then carry out their own evaluations. Based on physical evidence, the team are better able to determine the likely presence of ERW and more accurately assess which are danger areas and which can be ruled out. Seeking this advice prior to deployment of staff is suggested as it will allow peace of mind when entering a new theatre. If a threat is suspected, these teams will transition into technical survey, which requires deploying a clearance capacity into the suspected hazardous area to confirm or discredit the presence of mines or ERW. If any are found, the technical survey is of tremendous use in better defining the extent of the hazard to ensure that the most economically viable clearance solution is found, without compromising safety standards. There may be a need to engage a mine action organisation to provide full clearance and disposal if, for example, a client is building infrastructure such as a power station, laying a new powerline or rehabilitating a road. Risk Education Information about threats gathered from local communities contributes significantly to one of the most important hazard mitigation tools

for people likely to go into the area and that is risk education. Conveying information to employees, clients or contractors as to the potential menaces they may encounter, and educating them about suspicious items, will significantly reduce the chance of an incident – it is an ongoing tool that should be used all the time. Actions on what to do should one encounter ERW (e.g. do not touch or disturb the item, mark the item, avoid it or retrace safe steps and seek assistance immediately) are an important process in the risk matrix, ensuring people remain safe and aware of their surroundings at all times. Additional Considerations If going into an area where a threat is likely or even vaguely likely to present itself, preparation is everything. For example, planning to have a dedicated safety vehicle with qualified medics on board can mean the difference between life and death. This vehicle should solely be used for emergencies and not carry any other goods or people at any time, just in case of an incident. Logistical shortcomings will also undoubtedly negatively impact a project that is not thoroughly planned in advance. Often in post-conflict environments there are complex webs of bureaucracy that surround importation of equipment and issuing of visas, together with the significant distances along difficult lines of communication and these must not be underestimated. Sometimes there are places where only a satellite phone may be used, or flooding can often render a dirt route useless for road travel for months at a time. The security of the project staff and equipment is also key to its success, particularly given the potential volatility of post-conflict situations. For locations where the security situation is fluid, it is best to ensure, as much as possible, that all personnel are housed within a secure compound or base with access to emergency services. Where possible, hire security guards to guard the business’ headquarters, field camps and rented properties. These may well be uniformed policemen provided by the local police chiefs. When selecting personnel, be aware of the operational environment. Recent conflict leads to a vast number of internally displaced people, resulting in skills shortages from the majority of

locations outside of capital cities. As a result, companies need to recognise that finding suitably qualified local national staff, especially for technical elements, such as mechanics, can be very difficult in certain areas. Plan to mitigate this by deploying a professional and experienced project management team and international operational capacity with experience in hostile and austere environments onto projects. International personnel can be deployed initially and should, as an integral part of their responsibility, focus on developing the local capacity. Additionally, local or tribal conflicts must be considered when it comes to hiring a local capacity. Stay informed of potential conflicts between certain groups of people. As a final note on maintaining security in a post-conflict environment, ignorance of local culture, together with any wilful and even perceived arrogance by international staff, can result in a negative attitude within the community, which may result in project failure. Given the post-conflict situation, suspicion of outsiders is likely to be heightened and it is imperative that a good relationship be developed with all relevant government officials, local civic organisations, other agencies and NGOs. All these precautions mentioned of course do not remove nor negate the risks likely to be experienced in post-conflict environments. Where there was once hostility and violence, it is unlikely to turn to peace and prosperity overnight. However, this should not prevent companies from contributing to the development of these nations; it should just help them be more prepared.

It is critical for an organisation to build its own intelligence picture on the area, involving the offsite collation and review of as much information as possible about the proposed working area in order to determine whether or not there is likely to be the presence of explosive remnants of war.

Hugh Morris is the Managing Director at TDI (The Development Initiative), a specialist business providing commercial landmine and explosive remnants of war clearance services. Hugh is a native Zimbabwean. He served as an officer in the British Army for over 10 years, completing a 6 month tour in Northern Ireland, before moving into the commercial world. He has experience managing mine action projects in Mozambique, Bosnia, Somaliland, Kosovo, Lebanon, Eritrea, Iraq, Sri Lanka, Afghanistan and Mozambique. He joined TDI in 2005 and has been integral in developing and growing the business since.



Harmonisation Of The Security Industry

Is It A National Disaster?


By Brett McCall At a recent security industry meeting, the question was raised, yet again, why more had not been done to standardise (harmonise) regulation and training of the private security industry across all Australian states and territories, especially by industry peak bodies and associations. Harmonisation of job skills and regulation has been an industry topic since regulatory changes commenced in the early 1990s; however, momentum did not really happen until after a Council of Australian Governments (COAG) meeting in July 2008 placed Australia’s security and emergency management arrangements firmly on the agenda. It stated: “COAG agreed to adopt a nationally consistent approach to the regulation of the private security industry, focusing initially on the guarding sector of the industry, to improve the probity, competence and skills of security personnel and the mobility of security industry licences across jurisdictions. COAG asked the MCPEM [Ministerial Council for Police and Emergency Management], in consultation with the Security Industry Regulators Forum, to undertake further work on minimum regulatory standards for the technical sector of the industry by mid-2009, as well as proposals for a possible national system for security industry licensing by mid-2010.” (COAG Meeting Agenda, 3 July 2008). Whilst the focus of this meeting was on harmonisation of industry regulation, at a previous COAG meeting, Vocational Education and Training (VET) and higher education were also on the agenda, drawing a nexus between regulatory gaps and training gaps, an issue that still plagues the security industry today – but more on the training gap further in the article. The issue of transportability of security licences between jurisdictions has been the subject of much debate and occasionally even great hypocrisy. In 2006, security contractors for the Commonwealth Games in Melbourne were unable to meet the scope of supply from local resources and therefore relied heavily on personnel from other jurisdictions. Hundreds of security personnel were transported to Melbourne from many states under a mutual

recognition agreement and issued a fast-track visitor permit with minimal or no assessment of competence. This process became even more rubbery as changing demands at short notice created more and more gaps. As the national threat level hovers at the high end of ‘probable’, the demands on security providers to appropriately fulfil surge requirements, especially at major events, has never been greater. Unlike government agencies that pillage personnel from suburban and regional stations, leaving their normal areas undermanned to meet surge demands elsewhere in the state, private security firms have defined, ongoing contracts that must be fulfilled each week, limiting their ability to send personnel to one-off, short-term or ad hoc events. In locations where an incident is expected or has occurred, existing clients will request additional security, making private resources even scarcer. To that end, having access to personnel from other areas for a surge capacity makes good sense. But licensed guards and crowd control personnel are not the only ones affected by a lack of harmonisation. Security specialists, like other managerial consultants, offer their expertise across the country; however, licensing restrictions limit the ability of clients to call upon specific experts unless that consultant has a licence, and often a master licence, for each state and territory. Applying for and maintaining licences across multiple states and territories is very costly and administratively intensive, thus causing many to run the gauntlet of providing a service without the necessary licensing documentation as they move in and out of their clients’ premises with scant regard for local security laws. So, what are the impediments to harmonisation in the security industry? To get started on this question, it is worth recapping on the Commonwealth of Australia’s political history. From first colonisation in 1788, initial states and territories of Australia were partly self-governing, but under the law-making power of the British Parliament. In essence, they were like six separate countries, each with its own government, laws, defence force, stamps and collected tariffs (taxes) on goods

that crossed its borders. After much debate and a referendum by the people, Australia became a unified nation in 1901 when the colonies of New South Wales, Victoria, Queensland, South Australia, Western Australia and Tasmania united to form the Commonwealth of Australia – the federation. How does history relate to harmonisation? As Sir Robert Garran, a federation movement activist at the time, later reflected, “Colonies were united by a combination of fear, national sentiment and self-interest.” Could this fear and self-interest still be present today, thus stymieing the process of harmonisation? Why is the security industry not doing more to push harmonisation and stop states and territories operating this regime at great expense? Information can be shared nationally and therefore it is possible that licences could be administered nationally, so what are the impediments? • Administration costs. • Efficiency of services. • Management of information. • Privacy concerns. • Retention of licensing revenue by the states and territories. • Accountability of licensees: o where does the licensee normally reside o how would infringements be managed o who would undertake this function? Is a national administration the panacea of this imbroglio? Consider another industry where the federal government provides a national overlay – health care and hospitals. Currently, the federal government employs approximately 6,500 people, largely in Canberra, to administer the national health care system. They do this at great expense to the Australian taxpayer, but without holding one bandage, scalpel, hospital bed or X-ray machine within the medical sector. In fact, they have no skin in the medical game except to administer money collected by the Commonwealth then hand it back to the states and territories by way of grants after fees are taken out. If the private security industry is seeking a national licensing system administered out of Canberra, then that is potentially the same model it could expect to receive.



A more efficient and appropriate model to consider would be to leave the states and territories with ownership and control as per the status quo, but harmonise regulation and training to a consistent national framework ensuring there are no gaps in knowledge and legal requirements to accommodate licensees who move around jurisdictions to meet surge, peak and business demands. This is what is done with a drivers licence. Harmonisation of the road traffic acts has provided a framework that permits motorists to drive in any Australian jurisdiction for the purpose of travelling and visiting without the need to obtain a local licence. Should a motorist breach local road laws then they will face the same penalties and sanctions in accordance with local laws, but against their respective state or territory licence. With that as a precedent, security licences could operate the same way. Now, the elephant in the room – training – needs to be addressed. Since 2011, the Australian Skills Quality Authority (ASQA) has been the national regulator for Australia’s VET sector. ASQA regulates courses and training providers to ensure nationally approved quality standards are met so that students, employers and governments have confidence in the quality of vocational education and training outcomes delivered by Australian registered training organisations (RTOs). The Relationship between Licensing Authorities and ASQA ASQA recently tabled a report Training in security programs in Australia in which it outlines its responsibilities to ensure training delivered to the security industry is of a high quality and that the qualifications issued have integrity. It stated: “While concerted action by the licensing authorities, the training package developer and ASQA is required to address these matters, progress will be impeded until the key issue of a common set of licensing requirements is agreed. As such, this important work needs to be accorded a high priority. “The review has found that licensing authorities have held longstanding concerns about poor-quality training and assessment, including RTOs’ use of partnership arrangements for delivery and assessment


The issue of transportability of security licences between jurisdictions has been the subject of much debate and occasionally even great hypocrisy. (for example, cross-border arrangements); the prevalence of extremely short courses; RTOs’ use of online delivery; and unscrupulous RTOs issuing qualifications with questionable integrity. It is clear that licensing authorities – in addition to their detailed knowledge of the security sector – have access to considerable intelligence about the quality and integrity of training, risk and systemic issues and provider practices.” Whilst ASQA have suggested some shortcomings in the current training frameworks, the current national security training package for licensing purposes is CPP20212 Certificate II in Security Operations. This nationally recognised and generally well-accepted package has seven core units and 24 elective units from which security regulators can choose from for licensing. And here is that elephant – almost every security industry regulator has different requirements on the course electives, ranging from 10 to 16 units depending on the qualification (such as unarmed guard / crowd control). The review also found that security course durations fell significantly short of Australian Qualifications Framework (AQF) requirements for certificate II and III qualifications. Over 80 percent of RTOs assessed were delivering Certificate II courses, which are the minimum standard for licensing purposes, in less than three weeks (120 hours), and in some states less than two weeks. According to AQF guidelines, the volume of learning measure for a Certificate II is typically 600–1200 hours (approximately 16 weeks full-time equivalent) and a Certificate III is 1200–2400 hours (approximately 32 weeks full-time equivalent).

The ASQA report highlights that much of the actual and perceived failures of security personnel, especially those in the crowd control sector, stems from poor or inadequate training. So back to achieving national harmonisation: • Remove self-interest and revenue loss concerns. • Standardise and improve the national training package to incorporate all jurisdiction needs. If the security industry and government believe harmonisation of the security industry is needed to ensure appropriate supply in the future, and for technicians, consultants and industry specialists who regularly move across jurisdictions, then industry must not only support but insist that industry-specific training providers (RTOs) deliver consistent, quality training incorporating all state and territory needs. When these items are adequately addressed, there should be no argument or push-back from security regulators accepting licences from other jurisdictions when security personnel legitimately visit interstate for work. Actions • Agree on national training requirements and delivery methods – jurisdiction’s training and security regulators. • Agree on standard qualifications for security licencing – COAG and industry peak bodies. • Agree on cross border access and approvals – jurisdiction’s training and security regulators. Brett McCall has over 30 years’ experience delivering a myriad of tactical, strategic and technical security outcomes to government, corporate, major events and private sectors across many Australian jurisdictions. He is currently sub-committee chairman of the Victorian Security Industry (Police Ministers) Advisory Council (VSIAC), a founding member of the Australasian Council of Security Professionals (ACSP – now Security Professionals Registry SPR-A) and long-standing president/vice president of the Victorian Security Institute (VSI). Brett has assisted in drafting numerous industry discussion papers that have shaped the basis of industry policy and regulation. He can be contacted at


Volvo Group Governmental Sales Oceania



At Volvo Group Governmental Sales Oceania, our core business is the manufacturing, delivery and the support of an unparalleled range of military and security vehicle platforms; a range of platforms that are backed by an experienced, reliable and global network with over one hundred years of experience

superior solutions, providing exceptional protected mobility SECURITY SOLUTIONS 075





By David Foley In-flight purchases are an important revenue stream for airlines globally, with the function allowing passengers to purchase duty free items and on-board upgrades, as well as other services such as additional food, beverages, internet and telephone use. While such features are convenient for passengers, they can be susceptible to a number of risks, including staff pilferage, passenger theft of goods/services, counterfeit notes, counterfeit coupons/vouchers, counterfeit/stolen cards, declined transactions and issues relating to chain of custody of goods/ inventory management system. Since ancillary revenues have become such an integral part of airline business models, it is important that appropriate measures are taken in order to protect these revenues and ensure profitability. There are many different models which can be utilised to manage risk, such as risk matrixes, diagrams, flow charts and standards. One such standard is HB167:2006 (see Figure 1), which outlines the necessary steps to manage and mitigate risk.

Figure 1: HB167:2004 Risk Management Process


This article focuses on system upgrades and technical solutions that can treat many of these risks simultaneously. Risk Management Process Establish the context The first step in the risk management process is to establish context. In this stage of the process, risk criteria are defined and both the internal and external context are analysed, which will later be used to prioritise the risks and help decide the extent to which the risks should be treated (Bharathy & McShane, 2014). During this step of the process, it is essential to first understand the external context, which could include legal and regulatory requirements, external stakeholders and the cultural, political and legal framework the organisation is operating within. In the context of commercial aviation inflight revenue risk, this would include looking at any relevant International Civil Aviation Organization (ICAO) and International Air Transport Association (IATA) regulations, any international laws governing in-flight payments, examining the successes and failures of other airlines (although this can be difficult due to a reluctance in the industry to disclose sensitive information), and consideration of the needs and requirements of external stakeholders (such as merchant bank limitations and customer satisfaction). The internal context must also be established, which will include internal stakeholders (for example, IT, investigations unit, payments team), organisational culture (for example, do cabin crew follow procedure correctly?), current organisational procedures and policies, expected outcomes, scope, framework, and acceptable methodologies of risk management (International Organization for Standardization [ISO], 2009). In essence, establishing the internal and external context allows the risk manager a fuller picture of the limitations, expectations and minimum requirements of the organisation and its stakeholders. At this point, it is also critical to define the risk criteria. This will include elements such as causes

and consequences of the risks, how likelihood will be ascertained, stakeholder views and tolerance levels, all of which help to define the risk criteria (Bharathy & McShane, 2014). For example, the risk assessment for in-flight revenue may only seek to include revenue lost by fraud, misdeed, theft and/or pilferage and exclude revenue lost by damage incurred to goods between the manufacturer and the aircraft, as this may be outside the scope of the risk assessment and within levels of acceptability for the organisation. Identify the risks Risk can be defined as the effect of uncertainty on objectives, and the purpose of risk management is to manage and mitigate that uncertainty (ISO, 2009). To accomplish this, the risk manager must first communicate and consult with relevant stakeholders and impacted business areas (see Figure 1) to identify what the risks are. The list must be comprehensive, as any risks that are not identified at this stage will not be evaluated and treated later in the process. The risk manager must identify all the potential risks to in-flight revenues, including: • staff pilferage • passenger theft of goods/services • counterfeit notes • counterfeit coupons/vouchers • counterfeit/stolen cards • declined transactions • chain of custody/inventory management system. In this way, the risks and any knock-on effects to the business can be clearly laid out, ahead of the risk analysis. Most of the above are selfexplanatory as to why they are a risk to revenue, except for the point about inventory management. If an organisation does not have an adequate system in place to monitor, review and manage the level of stock coming in, and match it against stock on-hand (minus any stock sold), then there is no way to accurately establish if anything is missing. Similarly, it means that there is no way to identify at which point in the chain of custody items are being stolen, unless they are fully

accounted for from the moment they arrive from the supplier until they reach their final destination (customer/storage).

Since ancillary revenues have become such an integral part of airline business models, it is important that appropriate measures are taken in order to protect these revenues and ensure profitability.

Solutions and recommendations Technological advances have meant that there are now a number of options available to airlines to prevent in-flight fraud and reduce revenue risk. The most prevalent and costly risks in terms of revenue losses are the use of fraudulent cards and declined transactions, hence it is prudent to focus resources on treatment measures which would minimise or eliminate these risks. Increasingly, there are cases in which airlines have achieved this by upgrading their payment systems to a Wi-Fi-enabled system (Avanade, 2014; Hong Kong Airlines, 2015). Research indicates that there are vast benefits for airlines that embrace such technologies. Hong Kong Airlines (2015) reported large increases in overall in-flight duty free sales (78 percent), increased sales per passenger (56 percent), as well as faster processing times, allowing better customer satisfaction. The use of real-time processing also allows for the elimination of loss both due to card fraud and declined transactions and, as a result, airlines can choose to remove payment limits, which in turn allows for an increase in sales volumes. Additionally, an upgrade in both hardware and software for payment processing allows for a number of procedural benefits. Cabin crew could process purchases/ upgrades using apps via smartphones or tablets. This eliminates storage problems associated with the cumbersome handsets currently required. Additionally, the use of app-based technology means that the upgraded system can provide an end-to-end inventory management system which can track the location of goods from suppliers, to the bond store, to the aircraft and back again. This means that there is more robust accountability for the location of goods in the supply chain. The use of an app to manage purchases and inventory also allows airlines to set up automatic alerts for re-ordering stock, reduce excessive inventory by using algorithms to determine which products are most popular with customers, and easily update

the product catalogue. App-based technologies can also be easily customised to suit the needs of the business and adapted as needed if the revenue streams change. Conclusion In the short-term, the system upgrades mentioned above will be costly. They will require investment in hardware, software and training, as well as potential procedural changes for both the cabin crew and the bond store. However, in the medium- to long-term, the savings achieved from reduced fraud and declined transactions, coupled with increased revenue from in-flight sales, will prove to be a sound investment. In addition to this, system upgrades to the payments process will greatly reduce time spent by investigators on fraud cases and chargebacks, leaving them more time to perform other duties and therefore increase productivity. Another major benefit is that such an upgrade will better prepare the system for future technological advances; once an app-based system is in place, it will be much more adaptable and flexible to the needs of the business and responsive to the needs of the customer. In summary, technological system upgrades and the use of app-based systems for payment processing will provide numerous benefits to airlines, in terms of both increased revenue and customer satisfaction, and by reducing the level of loss due to decreased risk. For a full list of references, email admin@ David Foley is the 2015 winner of the Australian Security Medals Philip Ruddock International Security Study Fellowship. Currently in his final year of a Bachelor of Security, Intelligence & Counter-Terrorism (Criminology Major) at Edith Cowan University, his areas of interest include; Fraud & Investigations, Aviation Security, Organised Crime & Counter-Terrorism. David has previously worked in Fraud Investigation, Counter-Terrorism Financing and Anti-Money Laundering within the Finance Sector.



Speculation O n Speculation On Egyptair 8 04 Egyptair 804

Photo: Philip Lange /


By Steve Lawson Egyptair Flight 804, an Airbus A320, went missing on the 19th of May 2016, crashing into the Mediterranean between Greece and Egypt. The aircraft was 12 years old and the crew were reasonably experienced. On the day of the loss, the Egyptian Civil Aviation Ministry stated that Flight 804 was probably attacked. Did the Egyptian Civil Aviation Ministry know something that had not been released to the media, since nothing in the publically available information supported that conclusion? On the same day, US Presidential candidate Donald Trump tweeted, “Looks like yet another terrorist attack. Airplane departed from Paris. When will we get tough, smart and vigilant? Great hate and sickness!”, but later that day his comments were supported by a CNN report where US officials suggested this was an act of terrorism. Again on the 19th, Jean-Paul Troadec, former president of the French air accident investigation bureau (BEA) said, “We have to remain very careful after the disappearance from the radars of the Egypt Air aircraft. The priority is to begin the investigation and to find, if possible, debris from the aircraft and eventually, the site of the wreckage. We can make certain hypotheses... there is a strong possibility of an explosion on board from a bomb or a suicide bomber. The idea of a technical accident when weather conditions were good, seems also possible but not that likely. We could also consider a missile, which is what happened to the Malaysia Airlines aircraft in July 2014. “If the crew did not send an alert signal, it is because what happened was very sudden. A problem with an engine or a technical fault would not produce an immediate accident. In this case, the crew did not react, which makes us think of a bomb.” What he said was reasonable and he suggests that it is prudent to wait until all of the evidence is available, but he all but said it was an Improvised Explosive Device (IED). The 19th of May was a busy day for speculation and, since then, there has been an endless line of people speculating about, and reacting to, a terrorist incident. I have said many times before that we do not speculate about incidents until there is proof. To some extent that is true, but we do speculate within our circle of acquaintances. So I am going to start with a bit of speculation, if only

to show that the ‘facts’ can support a range of circumstances and, until all of the evidence has been collected, none of it is anything more than a mind game. On the 21st of May, the media reported the following Aircraft Communications Addressing and Reporting System (ACARS) messages from Egyptair 804. (ACARS is simply a link between the aircraft and the ground.) 00:26Z 3044 ANTI ICE R WINDOW 00:26Z 561200 R SLIDING WINDOW SENSOR 00:26Z 2600 SMOKE LAVATORY SMOKE 00:27Z 2600 AVIONICS SMOKE 00:28Z 5611100 R FIXED WINDOW SENSOR 00:29Z 2200 AUTO FLT FCU 2 FAULT 00:29Z 2700 F/CTL SEC 3 FAULT No further ACARS messages were received. I did not take much interest in the messages on the 21st since it was my birthday, but I did look on the 22nd, which was a Sunday and reasonably quiet, so l decided to look at Egyptair. Some of the experts were still saying that the smoke mentioned in the ACARS messages was a sign that this was a terrorist IED. I looked at the available evidence and considered what else would ‘fit the facts’. My speculation could be way, way off, but I thought these messages could reasonably support another hypothesis. The first message says that there is a fault with the anti-ice on the right window, the first officer’s side of the aircraft. The next indicates that there is a fault with the sliding window next to the first officer, then almost immediately (I say then because, although the times are almost the same, the order of the messages would suggest an order of events) there is ‘smoke’ in the lavatory and then ‘smoke’ in the avionics bay. Then another report of an error in the fixed window on the first officer’s side of the aircraft, then an issue with one of the autopilot control units (there are two control units) and finally something has happened to the system that controls the wings spoilers. A few weeks ago, my business partner, Bill Dent, and I were returning from Bhutan after conducting an assessment of the country’s aviation security when our aircraft was hit by hail and, among other things, both pilot’s windows were cracked, so the idea of what could happen if a window on the flight deck blew is something I have considered recently.



I am going to start with a bit of speculation, if only to show that the ‘facts’ can support a range of circumstances and, until all of the evidence has been collected, none of it is anything more than a mind game. So here is a story (pure speculation) that could fit the reports from the ACARS; but I will start with a narrative about a previous incident. In 1990, a British Airways BAC 111 had a window blow out at 17,400 feet; it was the window immediately in front of the captain. The explosion immediately filled the fuselage with condensation (mist/fog), the flight deck door blew into the flight deck jamming the throttles and the captain was sucked from his seat so that his upper body was outside of the aircraft. He was saved by a flight attendant grabbing him and holding him while the first officer flew the aircraft. This was all at 17,400 feet; 20,000 feet lower than the Egyptair aircraft. The accident was caused by incorrect screws being used to secure the window following a repair. So, on the 22nd of May, I started to speculate that the evidence from the ACARS also supported the hypothesis that a window on the side of the aircraft next to the first officer, possibly the sliding window, was damaged and blowing out from the aircraft. Remember, the aircraft is flying at 37,000 feet, so this would be a rather violent event. Many years ago, when I was in the Navy, part of my training was at RAAF Base Point Cook where one of the subjects was Aviation Medicine. As part of that subject, we had a number of exercises in a hypobaric chamber. One of those exercises was a rapid decompression and I remember the chamber filling with a reasonably thick mist; as happened in the British Airways aircraft. I do not believe that the sensors in the toilets and avionics bay can tell the difference between mist and smoke. So why did the crew not put on their oxygen masks immediately and bring the aircraft down to a safe altitude? A window blowing out at 37,000 feet would not be like a simulator exercise or a hypobaric chamber. In the British Airways incident, the whole flight deck door flew off! So here you are at 37,000 feet with a maelstrom and everything not tied down trying to fly out the hole in the side of the flight deck.


Even worse, at that altitude you have about 30 seconds of useful consciousness. At this point, I thought this was a reasonable fit for most of the ACARS messages, but it was still just a mind game. I mentioned the speculation to some friends, but that was about it. Then on the 24th I was talking to someone and they made the comment that even if the crew were killed or incapacitated, the autopilot would keep flying the aircraft, which I thought a reasonable point. I called a friend who was a training captain and ran through my speculation and the question of the autopilot. He said that the autopilot would continue to fly the aircraft but added that it used to be the practice that in the event of a rapid decompression with the possibility of an aircraft below your flight level, crew were to disconnect the autopilot and turn the aircraft 90 degrees from the airway and descend. He added that this was no longer the case, that now the autopilot should remain engaged and crew use it to get the aircraft to a safe altitude, but he thought that the previous method may still be included in some airlines’ training. I still had questions, like why the crew did not grab their oxygen masks first. I do not know, maybe they were injured and not thinking clearly, maybe they thought they had longer and just wanted to get the aircraft down quickly – 30 seconds is both a long and a short time. Similarly, I do not know about the fault with the slats. What I do know is that I had a hypothesis that fit more facts than the idea of an IED. Anyway, to the point of the article. Every time there is an aviation incident, all the talking heads put their speculation forward, generally on little evidence, and lately the first call is a terrorist incident. I understand the public’s thirst for news, but speculation can result in large amounts of money being spent (often in the wrong places), it alarms the public and makes them suspect that security at all airports is poor, it can adversely affect the economy of a country (Egypt’s tourism accounts for about 12

percent of gross domestic product – three times that of the US and Australia and it was already suffering after the loss of the Metrojet aircraft) and it can cause unnecessary grief for families as in the case of MH370 when the crew were accused on no evidence that they brought the aircraft down. As I said, I have laid out a perfectly feasible theory about what happened to Egyptair 804. It is based on a few supportable facts and I would suggest fits the facts better than the theory that an IED destroyed the aircraft. Could it be true? Certainly. Could an IED have destroyed the aircraft? Certainly. Could one of the pilots have committed suicide? Certainly. Could there be a terrorist device that has not been seen before and this was simply a test? Certainly. Should people have speculated on the 19th that this was almost certainly a terrorist event? Certainly not. Should people be speculating now about what happened? Certainly not.

Steve Lawson has over 20 years of experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on: 0404 685 103 or

Stand G32

M2M & IoT Solutions are revolutionizing the security industry - M2M One SIM cards power security solutions nationwide, including: IP Alarm Panels & Dialers

• • •

Private IP Addressing Flexible Data Plans Nationwide Coverage

Wireless IP Cameras

• • •

Failover & Redundancy

• • •

Data Plan Scaling Automatic Activation Static IP Addressing

Remote Device Access Flexible High Use Data Plans LTE Speeds

Access Control

• • •

Lone Worker Safety

• • •

Pay Per Use Pricing Instant Connectivity Emergency Voice Functionality

Secure Private Networks Connection Diagnostic Tools Aggregated Data Plans

Vehicle & Asset Tracking

• • •

Low Data Volume Plans Complete SIM Management Shared Data Pooling

Contact M2M One now to get connected | | +61 3 9696 3011



Security And Safety By Dr G. Keith Still

A few years ago, I was invited to talk about security and crowd safety to the board of directors at a major oil company headquarters in Aberdeen, Scotland. Since this was my home town, I did not think I would have any security problems when checking into the building. However, at reception, I had to produce two photographic ID references (passport and drivers licence), was checked with a wand (metal detector scan), patted down and there was a thorough search of my computer bag before being issued with a radio frequency ID badge that would open certain doors and track me through the building. Finally, I was escorted to the board room to begin my presentation. “I think you will agree, Professor Still, this is probably the safest building you have ever been in,” said the managing director, in a smug tone. He did not understand the difference between security and safety. “Suppose I wanted to destroy your business?” I said. “Would I need to enter the building?” I added, turning over the security badge to reveal ‘in case of an emergency please assemble in the main car park’, indicated with a neat little diagram of the assembly point. By coincidence, I had parked my car next to the assembly point. “No! I would phone in a bomb threat and you would evacuate the building and assemble here, right next to my parked car with the bomb. Bang! I would take out your staff, your board members, and destroy your business without going near the building.”

He looked at me, his jaw opened, and the colour left his face. That, in a nutshell, is the problem security is facing now – hardening the building security and overlooking the soft targets, such as the entry and assembly points in the system. As an example, security at airports may be increased and, as a direct result, crowds will gather in easily accessible areas. There are many such soft targets around the world that have already been attacked: airports (Brussels and Glasgow), stadia (Paris), sporting events (Boston Marathon), theatres (Paris) and transport systems (London); in fact, anywhere a crowd gathers is a potential target. Increasing access control/screening/ security will often lead to larger crowds gathering in unsecured areas. So how is security and safety balanced? How are the potential soft targets and the queueing crowds reduced? In the example above, the company thought that the business was the building. So, by securing the building,


the directors thought they had secured the company’s future, but they overlooked the fact that the the business cannot function without its staff. There are two elements to the threat – getting people into secure areas as quickly as possible and evacuating people to safe areas. Using an airport as an example again, increased security, specifically the airport screening process, results in a large number of people in a very confined space. The first part of the problem relates to the process called ‘queueing theory’, which is the analysis of the security screening process and the size of the queueing crowd. In essence, the security screening process is similar to a supermarket checkout system. Consider the situation for both systems. There is an arrival rate (the rate at which people arrive at the screening system), and a service rate (the rate at which items are checked). The objective is to minimise the queue and process all the items in the shortest time, without missing anything. The mathematics for the supermarket checkout system uses the same formulae as the security screening process. The overall system demand (most popular times for arrival) can be evaluated and the system manned to minimise the queues. The infrastructure is also similar; both systems use devices that scan items. Does Increasing Security Provide a Safer Environment? Well, it does feel safer once a person (eventually) passes the screening process, but increasing security screening does not reduce the potential threat to the crowd in the prescreening areas, as a recent BBC headline indicated.

The mathematics of the supermarket checkout reveals a hidden problem; the same problem that is being observed in the security screening process. A contingency must always be provisioned in the system for the odd item that causes a delay. The dramatic increase in the numbers of people queueing due to a slight change in the screening process needs to be understood to


balance security and safety, and to reduce the creation of soft targets. I recently passed through a security screening process that took 45 minutes; previous trips at the same airport took less than 10 minutes. The bottleneck was not the machine; it was the number of staff processing items that the machine rejected. Add one more person to the human processing/checking of items and the waiting time could have been significantly reduced. Over the last few decades of applying the principles and applications of crowd dynamics (the mathematics and psychology of crowd analysis), queueing applications have proven to be simple to explain. Any increase in the screening process will result in a much larger increase in the queueing process. The supermarket systems balance demand with the flexible checking resources (more checkouts at busier times). When equipment and space are at a premium, for example in the airport, then the efficiency of the system is entirely dependent on human factors. Bottleneck analysis and activity cycle analysis (cycle time analysis) are not complex, but do require an application of mathematics, specifically, queueing theory. Evacuating Crowds to Safe Spaces As the oil company example at the beginning of this article highlighted, the threat may be the assembly area. These were defined for fire scenarios, but the use of primary and secondary devices, where the crowd is driven towards the secondary device, is a frightening tactic. During the height of the Irish Republican Army (IRA) bombing in the UK, a stay-put approach was developed – keeping people inside buildings proved to be a safer alternative to evacuation. Organisations often create documents and procedures that consider a wide range of threats with a wide range of responses. This can lead to a complex and difficult to apply prescriptive set of conditions, with uncertainty if the threat is not in the list. A tactical approach would be to consider the options for safe evacuation. There are five possible crowd dynamics to consider: 1 Total evacuation: all exits are viable, everyone out as quickly as possible. 2 Directed evacuation: clearing the people away from the area of the threat.

3 Phased evacuation: decanting an area section by section. 4 Stay-put: the building/infrastructure offers an element of protection. 5 Invacuation: move everybody out of sight, from open spaces into buildings. When considering the above, regardless of the nature or location of the threat, the key to a successful implementation is the communication process with the affected individuals – the crowd. For example, a fire bell can alert in the first instance of the above dynamics (total evacuation), but does not communicate direction for the other scenarios. Consider the environment, how the location of the threat would be communicated to the site and the required crowd dynamic. If occupants need to be informed to leave the site via a specific route, how are they informed? Sometimes leading people away from a threat (follow me) can be more effective than pushing people (get out). If the problem is approached from the required action of the crowd (total, directed, phased, stay-put or invacuation), it can lead to a much clearer, simpler and easier to follow contingency plan. In summary, increasing security can lead to increasing the queueing crowds and creating soft targets. A balance between security and safety must be assessed, understood and applied. Understanding the process of communicating with the crowd, especially during an evacuation, is essential to both security and safety. Do not underestimate the importance of these two elements of crowd dynamics.

Dr G. Keith Still is a Professor of Crowd Science at Manchester Metropolitan University and Director of Crowd Risk Analysis (UK). He is a crowd risk analysis specialist who has lectured at the UK Cabinet Office Emergency Planning College, contributing to their crowd safetyrelated courses. If you would like to see Dr Still presenting on Crowd Safety and Risk Analysis at this year’s Security 2016 Conference, visit to book your conference pass.

FROM SECURITY TO PROTECTION — One step further in access control.

When it comes to access control products for doors, the primary focus is often what mechanical or electronic locking products should be considered. All of the locking solutions available are worthless if the door does not close and secure, so choosing the right door closer is extremely important. DORMA door closers ensure doors close smoothly and securely. DORMA. THE ACCESS.

1800 675 411

We make security look good Kaba Half-height Sensor Barriers provide convenient, aesthetically pleasing contactless passage. Operated via access card, wings close immediately after entry to avoid unauthorised access.




Security Professionals:

The Board Is Not The Problem – We Are By Collin Robbins

More and more, security professionals are grumbling about boards not understanding security issues. Is this really the issue, or is the problem that security professionals do not understand the role of the board? Do security professionals sometimes confuse the board and the company’s senior management? Role of the Board According to the Institute of Directors (IoD), the board’s key purpose “is to ensure the company’s prosperity by collectively directing the company’s affairs, whilst meeting the appropriate interests of its shareholders and relevant stakeholders.” To do this, there are five key elements to a director’s role: • stakeholder engagement • strategy development • setting policy • monitoring management • providing resources. The following looks at these elements from a security perspective, with a view to what it is reasonable to expect a director to do. Expectation is important here; security professionals sometimes expect the director to understand the minutiae – is that reasonable? The security professionals are the experts, not the directors! A director’s expertise lies in understanding the overall business context.


Stakeholder engagement This is about understanding the key stakeholders and what they expect from the business. It is then about understanding the key business risks that may impact these expectations being met. From a security perspective, it is reasonable to expect a director to have an understanding of the differing security expectations of the various stakeholders; this would include understanding the key assets that create value and the impact a cyber attack could have on stakeholders.

specific policies, such as compliance, to a specific industry standard (e.g. 27001, PCIDSS, Cyber Essentials…).



Strategy development To enable these stakeholder expectations to be met, the board will agree on a set of business strategies. These strategies will need to consider how stakeholders’ security interests are to be met.


Setting policy As part of implementing the strategies, the board will set policies. In the security context, this will include things like risk appetite. A cynical view would say this is about deciding where security professionals want to sit on the scale between doing everything possible to keep customers secure and taking a minimalistic approach, dealing with the fallout when something happens. The risk appetite may manifest itself in


Monitoring management Having set a strategy and policy, the expectation is the management team will ‘make it so’. As part of this, it is fair to expect that management reports to the board to present how they are dealing with security risks. The board’s role is to monitor the effectiveness of the management team in doing this and make changes if all is not working as expected. Authorising resources To implement the policy, the management team will need resources. From a board’s perspective, this is about making the finance available to enable the management team to set about their tasks. It is a management function to identify the resources that are needed to implement the policies (and any trade-offs that need to be made), and request the appropriate budgets as part of a business plan. The resources may not necessarily be technology, but may be drawn from the full spectrum of activities, including security awareness campaigns. Given this view, is it realistic to expect the board to engage in the finer points of security testing, protective monitoring, patching strategy or ransomware mitigation? If the



security manager presents that he needs more money to implement GPG-13 monitoring, or that he would like to run a social engineering test, or he needs to upgrade all the firewalls, or he needs more people to run effective internal audit, or more training in business continuity approaches, he is not going to hit the board’s hot buttons. These may be his challenges as a security professional, but they are not the board challenges – they are expecting the security manager to deal with it and report back on the effectiveness of the solution. How Should Security Professionals Engage? Taking the above role description, first rethink the problem – what does the problem need to look like from the board’s perspective: • Do they need help in seeing the value of an asset to the business, and the stakeholder impact of a cyber attack on that asset? • Do they need help in setting the right policies to protect the assets? • Do they need help to see that current management practices are not effective in addressing security risks? Following on from this, security professionals need to be prepared for the ‘return on investment’ question, a question that most security people are not good at dealing with. The scare tactic of ‘unless you support this initiative, the hackers will get us and it will be doom’ has been proven time and time again not to work. This needs to be put into a boardroom context. For example: “We estimate there is an X percent chance that ransomware could infect our systems. The average clean-up cost is put at $Y, plus the cost of two weeks’ lost productivity. Our proposal will reduce that risk. The choice is yours – accept the risk, or invest $Z now to reduce the likelihood of an attack.” The values for X and Y can both be approximated based on knowledge of systems and open source reports readily available; it is hard, but possible. The ‘two weeks’ lost productivity’ part needs to be put in the specific context of an individual business. By thinking this way, security professionals can start to present their issue/problem/ concern within the context of one of these sorts of questions. This will help the board


It is fundamentally the board’s role to ensure the company’s prosperity by ensuring a cyber attack does not destroy stakeholders’ interests in the business. The board does this by showing leadership by ensuring the stakeholder context is understood in the business, and the management team understand the policies to deal with the challenge and have the resources required to do so.

understand it is their problem and they will need to demonstrate leadership by setting the stakeholder context and making sure the right policies are in place, and question management to make sure the relevant resources are deployed to address the issue. This is not shifting the problem from the board to the management team. It is fundamentally the board’s role to ensure the company’s prosperity by ensuring a cyber attack does not destroy stakeholders’ interests in the business. The board does this by showing leadership by ensuring the stakeholder context is understood in the business, and the management team understand the policies to deal with the challenge and have the resources required to do so. There can be confusion in many businesses, particularly small businesses, where the board are often also the management team. Security professionals need to recognise the difference between the roles. Security’s dayto-day engagement will largely be with them as a manager, so it would be very easy to slip into the mode of ‘to mitigate this risk, I need these resources’. The challenge is they are

likely working to a budget, so security ends up competing with everything else and, being security, they do not get much to show for it. This is when they need to be forced to swap hats and put on their director hats, then the approaches described in this article can be used and the issue expressed in the wider context of the business, which will give security a much greater chance of success. This is not easy and it takes time for a message to get through. Security professionals have not been taught to think like this. But it is a necessary journey to get the resources security professionals need to make their businesses secure and meet their responsibilities to keep data secure. Collin Robbins is an executive board member of Nexor, leading the Qonex business unit. Collin’s current focus is to help customers solve cyber security problems by looking at their problems from a business outcome perspective, specifically with regard to cyber security aspects of their Internet of Things products and services.

THE INTEGRATOR'S CHOICE FOR HD VOICE CLARITY RIGHT OUT OF THE BOX PULSE Enterprise shatters the expectation that high definition (HD) voice clarity can only be delivered in expensive, large scale solutions. Using advanced Audio Edge Technology, intelligible audio and distributed communication is possible − without the need for a centralized server.

Out of the box interoperability for access control and video Scalability to meet the needs of global implementations as well as small business Custom scripting for meaningful solutions in IT and security

Certified Partner and Distributer of Vingtor-Stentofon communication systems and products.



















AME Systems




Protective Custody Reader 115





Drone Detector



Xcellis Application Server




Stentofon Exigo IP PA


Magnetic Automation




MHTM Boom Gate



114 115

M2M/IoT SIM Cards


Data Centre Power Product of the Year Award 118 Australian Security Industry Awards for Excellence 119



Cognitec Adds Advanced Video Investigation Tools to its FaceVACS-VideoScan Technology The video screening and analytics technology from Cognitec, FaceVACS-VideoScan, now allows users to perform complex searches and analyses on persons appearing in real-time camera streams and video footage. The 5.3 product version introduces a userfriendly interface to quickly import sets of recorded video and then carry out detailed investigations. For example, security and law enforcement agents can upload the video files of a specific location at a specific time to find possible participants in or witnesses to a crime. Users can find a person that was previously enrolled in an image database or search for an unknown person and find their appearances in multiple videos. Person searches can also make use of filters that specify age ranges, gender and ethnicity. Last year, Cognitec introduced a highly specialized IP video camera with built-in face detection and tracking technology as a component of its FaceVACS-VideoScan product, therefore eliminating the need to identify and source suitable cameras. The FaceVACSVideoScan C5 camera provides optimal image quality for real-time face recognition, even under challenging conditions, while requiring low computing hardware and bandwidth resources. Cognitec will introduce the product version at IFSEC International in London and show live demonstrations of the software and camera in


booth B600. In July, visitors to the Security Expo in Melbourne can see the technology in booth F42. FaceVACS-VideoScan employs leading-edge face recognition technology to analyze the count, flow, demographics and behavior of people visible in video streams. Surpassing traditional video surveillance systems, the technology detects and extracts people’s faces in live video streams or video footage and uses anonymous facial analysis to count individuals, generate demographical information, track people movement in time and space, detect frequent visitors and crowds, and much more.

For example, operators can receive an alarm if too many people gather in a specific area and measure waiting times to direct traffic. The analysis of traffic patterns and demographical statistics can provide businesses with precise visitor data to make interior design, advertising placement, staffing and other operational decisions. Since the technology can analyze a face for gender, age and ethnicity as people approach a camera, it can trigger the display of a targeted message on a digital sign or other advertising/ message devices. The product also applies Cognitec’s premier

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.


face recognition technology to compare faces to image databases and instantly find known individuals. Businesses and organizations can detect and prevent unwanted behavior in much faster and more efficient ways, as operators can track individuals in real time, or receive alerts on mobile devices to act within the immediate vicinity of a suspect. On the other hand, FaceVACS-VideoScan can identify authorized individuals or high-ranking

customers in real time. Positive authentication can prompt access to restricted areas or alert personnel to provide special treatment. Cognitec develops market-leading face recognition technology and applications for industry customers and government agencies around the world. In various independent evaluation tests, our FaceVACSŽ software has proven to be the premier technology available on the market. Cognitec’s portfolio includes products

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

for facial database search, video screening and analytics, border control, ICAO compliant photo capturing and facial image quality assessment.

More information and contact: Phone: +61-2-9006-1510



Elite ‘S’ ActivConsole Australian & International Blue-chip companies are demanding the Elite S Battling workplace health and safety is no easy fix, back and neck pain remain one of the top reasons for employee dissatisfaction and time off work in Australian workplaces. Extended sitting periods lie among the leading cause of neck and back injuries in the modern Australian workforce, with new estimates suggesting between 70-90% of Australia’s population will suffer back and neck pain at some point [1] and in “2012-13 the cost impact of work-related injuries and illnesses was estimated to be just over $61 billion [2]” To combat the increasing trend of worker injury and illness, the newly launched Elite ‘S’ operator console is creating a stir throughout the industry and achieving great success among both Blue Chip corporations and smaller independent operators. The attraction could be attributed to its sophisticated design and operation and its quick return on investment, but the driving factor is its high impact on operator health and safety. Overwhelmingly positive feedback throughout the industry has “reports of decreases in sick leave, improved morale, higher productivity and an overall increase in many key performance indicators.” Easily adjusted at the touch of a button with digital height readout, the Elite S can be raised or lowered to an accurate sitting or standing height. With arguably the largest range of movement on the market, you would be hard pressed to find a group of operators the Elite ‘S’ doesn’t adapt to. Innovative Ergonomic Technology Utilising high-quality, modern technologies throughout the console, the true genius is inside the lifting technology - the trademark behind every ActivConsole. Incredibly reliable Danish built LINAK® actuators have been a mainstay


of the ActivConsole range since its first height adjustable workstation was produced in 1992 and have been used worldwide for over 40 years. Boasting an incredible performance and safety record, the new range of LINAK® actuators in the Elite ‘S’ set it apart from its class and offer operators a first-hand glimpse at top notch ergonomics. Offering anti-collision software as standard in its four leg variant and an incredible lifting capacity and height range on its two leg design, the Elite ‘S’ tailors itself to its workplace and its operators. Built to Order and Made in Australia Customised and built to order as part of the renowned ActivConsole range, the Elite ‘S’ console allows the client to have an impact on the products final configuration, greatly assisting in delivering the perfect solution. Designed to Australian standards, the new console provides an endless amount of configurations to maximise ergonomic benefits for its operators, whilst keeping costs down for employers. Manufactured within Australia, operators can be assured that not only will they be receiving a quality Australian product, they also have access to local contacts and support.

Seemingly minor details certainly haven’t been overlooked, from the ergonomically designed NaturalEdge finish of its bench top to the simple yet innovative latch release system of its external panels, the console works well both aesthetically and functionally. Electrically height adjusted, the Elite ‘S’ utilises a digital touch pad control switch, featuring a safety lock out and programmable memory height positions. Floor mounted storage compartments offer increased hardware capacity and an innovative latch release system ensures your hardware stays locked away from dust and unauthorised access. Heavy duty inbuilt cable management ensures your cables are smartly kept out of sight whilst a large work surface optimises viewing angles and delivers an increased monitor mounting capability for extra heavy monitoring if required. Configurable internal soft-wired power and data systems makes light work of electrical requirements and interlocking base cabinets ensure an endless amount of cable free layouts are possible.

Intuitive Features Ergonomics are not the only part of the Elite ‘S’ that are worth noting.

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.



PROUD WWW (03) 95

Easy Installation & Maintenance Optional base cabinet and desk top task lighting ensure both your operators and technicians are well taken care of and can work simultaneously on the same console. Manufactured to ensure speedy installation and maintenance without unnecessary downtime, front and rear access panels allow technicians to access the hardware quickly and quietly. Maintenance free lifting actuators ensure unscheduled technical issues and interruptions are a thing of the past, whilst spacious cabin ets and slim line actuators give the technician plenty of much needed room to work. Power and data modules can be embedded into the bench top, giving operators exclusive access to fast charging and GPO sockets,

allowing external hardware, radios and devices to be charged without requiring access to wall power. Optional USB and RJ45 outlets can even be linked directly to the internal hardware to provide effortless access to external data sources without opening the main cabinets. Building on the success of each ActivConsole, the Elite ‘S’ is a pinnacle of console development and has embedded itself among the elite options available for modern, ergonomic control rooms across Australia and Asia. New sites are currently being fitted out with the new, state-of-the-art console thanks to its incredible adaptability, stunning design and outstanding ergonomic features. The Elite ‘S’ is undoubtedly a proven first step towards a healthier, more productive workplace.

For more details on the Elite ‘S’ or any ActivConsole range, visit or call us on 03 9574 8044.

[1] Australian Bureau of Statistics, 2011-12, National Health Survey [2] Safe Work Australia, Nov 2015, The Cost of Work-related injury and Illness for Australian Employers, Workers and the Community: 2012-2013 Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.



An Indispensable Resource For Security Integrators – the new Seadan Security Products Catalogue 7th Edition The security industry has changed a great deal in the last half century. As recently as only 10 years ago, the average CCTV installation consisted of large banks of video cassette recorders (VCRs) routed through matrix switches fed by long coaxial cable runs attached to analogue cameras which, compared to even the cheapest of today’s digital cameras, would be described as poor quality at best. Of course, the shift from analogue to digital CCTV has dramatically transformed the performance of the average CCTV system. However, despite these revolutionary changes, some things remain the same; for example, the need for security integrators and installers to be able to source and compare a wide variety of products in order to build the best solution for a particular job. In the mid to late 1980s, this now seemingly simple task represented a significant challenge for installers and integrators. Of course, with the rise of the Internet, such challenges have become relatively simple. The ability to be able to find a multitude of products and services over the Internet, where almost everything is just a few clicks of the mouse away, whether at home, at the office, out on a job or in the car, is now taken for granted. However, some in the industry might remember a time when this was not the case. In 1987, a couple of young and ambitious entrepreneurs in the security industry founded a company which would go on to become one of the most successful distributors of security products in Australia. From a home office in Melbourne, Seadan Security has grown into a national business with offices around Australia. Over the last 30 years, the company has grown from a humble business specialising in electric locking to a truly diversified provider of security


solutions offering a wide range of products across an array of security segments. The company lead by its directors, Ian Harris, Trevor Harris and Larry Kallenbach, had a clearly defined vision for their business – to become the genuine onestop-shop for security installers and integrators. Ian, Trevor and Larry saw a genuine need to be able to supply the trade with a range of assorted products and solutions appropriate for almost any security application, an idea which was almost unheard of at the time. Ian Harris states, “I remember putting together the first ever Seadan catalogue on my Commodore computer. It was an enormous task. However, I knew just how important it was for the security professional. What we were creating was something special for our own customers because being able to source product quickly and at the most competitive rate meant that it would give Seadan customers the competitive advantage over their own competitors.” From their own experiences of working in the field, Ian, Trevor and Larry also understood firsthand the need for having a detailed resource at their disposal for the purpose of sourcing product. Not only did it need to be a comprehensive, detailed yet easy-to-use resource, but also one with viable options for all levels of security. Almost 30 years to the day later, it is clear that, despite so much change across the rest of the industry, this one important resource is still as relevant and in demand today as it was back in 1987. Hence, the launch of the new Seadan Security Products Catalogue – 7th edition. The launch of the new catalogue represents the culmination of a huge amount of work. Undeniably one of the most comprehensive catalogues of its kind in the security industry today (possibly the largest), this edition covers multiple

options and solutions for security professionals with everything from electric locking, intercoms and CCTV equipment through to networking components, access control equipment, power supplies, exit buttons, key switches, bollards, alarm equipment, cables and connectors, tools and testing equipment as well as a wide array of accessories such as relays, timers, security mirrors, racks and enclosures and even guard tour systems. Today’s business environment is subject to constant change. The security industry has never been a more challenging and competitive environment than it is today with the constant evolution of technology, pricing fluctuations, increased competition and so on. It is for this reason that Seadan Security has also launched the catalogue in its digital format, which will be updated periodically throughout the course of the year. A complimentary copy of the catalogue can be downloaded ( to a computer or mobile device, ensuring security professionals always have access to the ultimate security products resource. For the more traditional users, a printed version of the catalogue is also available and will be sent out upon request – contact a local Seadan branch or visit the website. As one of Australia’s largest and most widely recognised security wholesalers, Seadan Security prides itself on offering the best priced products to industry professionals. However, with the international dollar constantly fluctuating, prices may be subject to slight variation, so security professionals are encouraged to contact their local Seadan branch should they need clarification on any particular product. As Australia’s Premier Dahua distributor, the CCTV section showcases a large variety of Dahua

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.


analogue, Internet Protocol (IP) and thermal cameras and an impressive array of 4K, and high definition composite video interface (HDCVI) cameras as well as digital video recorders (DVRs) and IP, super and mobile network video recorders (NVRs). In addition to Dahua, Seadan are proud distributors of Pelco and showcase their extensive range, spearheaded by their video management system – VideoXpert. Known the world over for its intuitive design and easy-to-navigate system, it allows security professionals to make fast and effective decisions when needed. The catalogue also features an impressive range of IP, Sarix, Evolution, Optera and Spectra cameras, as well as accessories, tools and NVRs. Seadan’s impressive range of intercoms consists of the world’s most widely used and recognised brands. As a major distributor of Aiphone, the catalogue features the country’s most comprehensive range of video/audio and hands free solutions from Aiphone including the JF, JK, JO, JP, GT, IX and IS range. So extensive is the Aiphone range, that it is the most comprehensive of any brand with over 50 pages devoted exclusively to Aiphone intercom solutions. Regardless of application, there is sure to be an Aiphone product to suits the needs of the customer. Exclusive to Seadan is the European designed and manufactured range of premium quality intercom solutions by Elvox. Recently released, the stylish Pixel and Pixel Heavy represent the latest innovations in video door entry panels. Pixel is also available in modular panels or a digital panel, which are both ideal for large apartment blocks with a capacity of up to 6,400 units. Known for their innovation and efficiency, Seadan is proud to stock a variety of Dahua IP intercoms which span their range of monitors, door stations, accessories

and software. Other impressive brands under the Seadan umbrella include Commax, DVICE, Dallas Delta, ITS, emfone and ECA, with multiple options of each brand. In terms of access control, the catalogue boasts an extremely impressive range of Rosslare, which spans their range of keypads, accessories, networked multi-door controllers and expanders, scalable IP networked access controller, networked access control software and the recent release of the Rosslare 825. This revolutionary new product is a state-of-the-art, four-door networked access controller and the backbone of a medium to high-scaled security system. Also unveiled is the total range of Uprox products consisting of readers, software and wireless IP control units. Other world-class products and solutions are also included from brands such as Smart, HID, Indala, Presco, BQT,

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

Protrac ID and DSX. Another extensive section of the catalogue is the range of electric locking brands and products, with an impressive array of products from brands such as Lockwood, FSH, Padde, BQT and EDH. A new addition to the FSH range is the release of the new FSS1 Series – high-security door monitoring sensors that are designed to provide a true high-security solution for door position monitoring. It is a state-ofthe-art monitoring solution with a flush mount version for new construction and a surface mount version as a superior replacement for traditional magnetic balanced reed sensors. Seadan Security prides itself on raising the professionalism of the security industry by informing and educating security professionals of the diverse products and options available to them.




Speed Up with ASSA ABLOY’s Aperio V3 As organisations look to more cost-efficient and sustainable solutions, they should consider keyless access control. ASSA ABLOY’s new generation of battery-powered locks pack more powerful electronics and guarantee a faster and more cost effective solution to supercharge your buildings. In instances where a building’s carbon footprint and energy costs need to be reduced, electronic locks are rapidly becoming the preferred solution. The Aperio V3 was developed with this in mind and through collaborative research and development within ASSA ABLOY, the world’s leader in door opening solutions. The ASSA ABLOY Group comprises more than 100 companies, producing products all over the world; meeting demanding customer needs and varying standards. Operating in more than 40 countries around the world, ASSA ABLOY is committed to continued innovation in Electronic Access Control. Aperio V3 technology was developed to complement existing electronic access control systems, providing end users with not only a simple, intelligent way to upgrade the ability to control the security level of their premises but also faster lock reaction rates. The boost in performance comes without sacrificing Aperio® class-leading energy efficiency. The heart of the Aperio range is a short distance wireless communication protocol combined with a locking mechanism, which is designed to serve as the link between an online electronic access system and a mechanical lock. The Aperio V3 technology is designed for future security demands and is fully compatible with the latest RFID technologies, including mobile credentials; providing complete flexibility for facilities to retain existing access control credentials or upgrade to the latest and most secure credentials available.


Expanding an electronic access system with Aperio V3 is cost-effective and adds to the benefit of investments already made in mechanical locks, which can easily be upgraded with Aperio V3 enabled products. Moreover, Aperio V3’s compatibility makes integration into existing access control systems easy. It offers high level control of usage with audit trails, and can be centrally controlled. Access rights are managed using the existing electronic access control management software.

According to ASSA ABLOY’s Electronic Access Control Business Development Manager, David Ward, the Aperio V3 technology is a fast, flexible, cost effective and complete wireless solution that will help security managers increase their facility security by upgrading traditional mechanical keyed doors to an online access control solution quickly and simply. With a comprehensive lock range covering almost every door style and opening, there's no reason to delay upgrading your mechanical keyed locks to faster wireless access control of Aperio V3.

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.


FILE PRO Kaba Strikes The Right Balance Between Security And Aesthetics Kaba, a 150-year old Swiss company, has a long tradition of product innovation and engineering skill. With the introduction of their range of corporate entrance control systems, they can now add design to the list. One of the most popular product lines in the entrance control portfolio, is the elegant range of Kaba Argus sensor barriers and sensor gates. Argus sensor barriers and gates provide a sensorcontrolled passage with automatic door elements in various configurations. They provide for contactless passage, even with bags or luggage. Access is granted via the presentation of authorised media, for example, an access control card. Whether you choose a barrier or gate version will depend of how you want the door wings to open. Argus HSB (Half-height sensor barriers) The ever popular HSB sensor barriers are equipped with door leaves which swing open in the direction of passage to allow authorised access. HSB sensor barriers are highly customisable, thanks to the wide range of materials and finishes. You can choose between a stainless steel housing or transparent side walls and configure either in a slender or wide profile, ensuring a design match to your existing entrance area. Moreover, the sensor barriers are available in three different lengths, depending on the sensor system used and the level of security desired. Argus HSB’s provide a high throughput rate (up to 30 per minute) while maintaining a high level of personal safety. If unauthorised access is attempted, the barrier will not open and an acoustic alarm will sound.

Argus HSG (Half-height sensor gates) The HSG sensor gates are equipped with door leaves that retract back into the side panels of the unit. HSG sensor gates come standard with a stainless steel, satin finish housing and two barrier elements made of toughened glass. During passage, the HSG’s sliding panels move swiftly into the housing. Like the Argus HSB, the HSG provides a high throughput rate (up to 30 per minute) while maintaining a high level of personal safety and can be configured to meet the desired level of security. Designed for Disabled Access Argus HSB and HSG sensor barriers are available in a 900mm width to suit disabled users. These additional versions allow you to match the design of the sensor barriers and gates, giving a seamless appearance to the entrance, whilst maintaining a convenient and secure access point for those with a disability. Part of a wider system Argus HSB and HSG sensor barriers can be programmed onto the same card as your existing access control system, making for a truly convenient solution. dorma+kaba – a new industry leader is born When the Swiss Kaba Group merged with the German Dorma Group in September 2015, they created one of the top three companies in the global market for security and access solutions. Together, the two companies offer their customers a comprehensive portfolio of products,

solutions and services for security and building access. The portfolio includes locking systems – from cylinders, keys and locks right through to fully networked electronic access solutions – but also physical access systems and automatic door systems, as well as a comprehensive range of door hinges and fittings, and door controls. These are augmented by products for time and enterprise data recording, high-security locks, horizontal sliding walls and movable partitions. The dorma+kaba Group will launch to the market in Australia on July 1, with their first major event being the Security Exhibition and Conference being held in July. To learn more about dorma+kaba, please visit or visit dorma+kaba at booth G2 at the Security Exhibition and Conference.




Protecting People & Data through Proven Solutions for Security With more than 20 years of offering high-quality, innovative products and exceptional customer service, STid is a French company with a worldwide reach that specialises in contactless identification technologies such as RFID, NFC and Bluetooth Smart. STid invents and offers RFID readers and tags for the most demanding security markets. Architect® awarded upgradable range of RFID Secure readers The latest Architect® range, distributed in Australia, Europe, Middle-East and North America, is unlike anything else currently on the market. As the first modular range of access control readers designed specifically to offer users maximum flexibility, the Architect® range enables users to create their own scalable configuration. By optimising the reader design, STid has developed a common RFID core that can be connected to a set of smart modules, such as a keypad, biometrics or a touch screen. The concept can be tailored to suit individual needs, offering an optimum solution for any situation and enabling all the functionalities and security levels to be upgraded across all readers. Users can literally build an access control system that can grow with the needs and requirements of their business, offering increased security, greater return on investment and a longer life cycle. STid is the first RFID manufacturer to have received the First level Security Certification (CSPN, awarded by the ANSSI – French Network and Information Security Agency). This certification stands as testament to the company’s


unique know-how and high security expertise. Architect® readers are built on certified strong authentication methods for data protection, giving an unprecedented level of security. STid Mobile ID® user-friendly access solution STid Mobile ID® has been developed with RFID, NFC and Bluetooth® Smart technologies, bringing the access badge onto mobile terminals such as smartphones. It can work alongside, extend or replace traditional access badges. This virtual badge offers a range of intuitive and user-friendly methods that can be tailored to use in any situation – proximity or hands-free mode, “tap tap”, remote control, touch and more. With the Online

application, a virtual badge can be sent instantly and securely to a remote user (visitor, new staff member) with an Android phone or iPhone. The Offline application can be used to create virtual badges, in the same way as conventional badges. The Online version will enable access rights to be managed in real time by remotely sending access authorisations to a smartphone. STid Mobile ID® has won the “Think outside the box” award for its innovative response to growing mobility issues for business, government and industry.

More information on, email: or call +33 (0)4 42 12 60 60

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.





Safe Campus Powered by P2 Wireless Mesh Technologies Recent news events have heightened the need for greater security. Campus, educational and commercial security is more important now than ever. P2's patented MeshRanger provides a robust, affordable, easy-to-install wireless network that is compatible with most existing security surveillance systems. The MeshRanger network boasts the astonishing capacity to carry 80 x full HD simultaneous streaming videos, or 20 x 4K videos. Its always-up and self-recovery mechanism with fail-over redundancy path and unique controller-independent architecture provides unrivalled performance, reliability and security. Made to withstand harsh weather conditions, P2's MeshRanger is the perfect security partner. The MeshRanger recently met the challenge to achieve a centralised wireless security surveillance system for a suburban educational campus spanning over 100,000m2 in Hong Kong. The campus was originally managed through four separate wired networks using different security surveillance systems that were purchased at different times. The MeshRanger provided one comprehensive wireless network integrating all surveillance video streams to one control room for efficient monitoring. MeshRanger enabled full HD camera monitoring for all entrances, indoor and outdoor areas, pedestrians and vehicle pathways to increase the security team's efficiency and effectiveness in preventing violence and theft. Furthermore, MeshRanger extended the wireless network to cover outdoor areas, such as sports grounds and the area between various


building clusters. MeshRanger removed blind spots by creating wireless network where cable lines were previously not feasible. MeshRanger also supported the wireless transmission of full HD PTZ camera for the sports ground, overseeing student's safety during outdoor activities and supported the live broadcast of sport events. Each IP camera is connected with P2 virtual fiber ring without complex cabling works between buildings or across sports ground. A smooth multi-

hop transmission of full HD video streams was enabled by P2's MeshInfinity technology. MeshRanger was deployed throughout the entire campus within one day. MeshRanger's simple cable-free deployment ensures short lead time and drastic cost reduction for installation, also minimising disturbance to business and regular activities. P2's revolutionary MeshRanger maximises current resources and is future-proof for the next generation surveillance systems.

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.





Another Strapping Success for Leda Leda Security Products' supplier, Cova Gates designed and engineered the world’s first crash tested PAS68 certified Bi-folding Speed Gate. This ground-breaking design and technology was developed in response to situations where alternative crash rated vehicle barriers were deemed unsuitable to be used as a point of controlled vehicular access into a building perimeter. Bi-folding Speed Gates operate rapidly with a nine second opening time and 11 second close time. These 100% duty cycle, continuousoperating gates are best suited to locations looking to preclude vehicle tail-gating with high traffic flow. The Leda / Cova gates blend effortlessly into any building facade or perimeter line discreetly enabling the deployment of a hostile vehicle mitigation barrier solution across a range of various site applications. The Bi-folding Gate's broad spectrum of applications is made possible due to the incorporation of composite strap technology into its arresting mechanism and shallow in-ground civil structure. Getting a gate to stop a speeding vehicle which hinges right in the middle presents a number of engineering challenges as hinges form the weakest point along the enforcement line. Composite straps are used in this case as they are adequately flexible to hinge where required, while enhancing all the energy stopping properties inherent with this technology. A bi-product when incorporating composite strap technology into Bi-folding Gates is its ability


to absorb energy, minimising load transfer at point of vehicle engagement into the civil foundation structure. This has resulted in this Bi-folding Gate having a shallow embedment of only 280mm, which allows it to be used in areas where underground services are present.

The Leda / Cova Bi-Folding Gate is able to accept most enhancements over and above its standard construction; it lends itself to the continuation of any high security fencing specification, powered fence or security toppings across the normally vulnerable vehicular entrance to a site.

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.



Do You Know This Person?

This person has made a difference to someone’s life. It may be that he or she, through an act of courage or valour, has stepped in harm’s way so that someone else may be safe. It may be that he or she has put in tireless hours, made great personal sacrifices and dedicated a career to making the security industry a better place. Please, help us find and reward this person. Nominations are now open for the 2016 Australian Security Medals. Whether you are nominating a medal recipient, making a donation to the Foundation or booking seat (or table) at the industry’s premier charitable event, you will be helping to create a more professional security industry of which we can all be proud. For more information about making a nomination or providing sponsorship, please visit the Australian Security Medals Foundation website today! SECURITY SOLUTIONS 111



Magnetic Automation is setting the standard for security solutions in the area of access and entry control

With over 30 years experience in the Australian market, our prime expertise is in drive and control technology; particularly in conceptual and project assignments. What is more, we deliver proven solutions for your projects involving access control for pedestrians and vehicles. Magnetic is also certified to ISO9001, ISO14001 and OHS18001. Access control Boom Gates Controlling access of vehicles and persons has become ever more important in recent times. The Magnetic.Access barriers are complete, costoriented solutions for access controls at public car parks, company premises or other entranceways. Our seven models include the right solution for every use. The MHTM™ drive unit (servo technology) used in all barriers is a technological milestone, operates maintenance-free and is energy efficient. The MGC drive unit employed offers a variety of enhancement options, depending on the version, and offers a high level of operating convenience. Parking Boom Gates Whether for a parking garage, underground parking or an open-air car park: the barrier is always the central element. Magnetic.Parking barriers are especially developed for high-traffic areas. Their appeal lies in durability and quality, low maintenance and low operating costs, as well as optimal ease of integrating them into existing systems and environments. In short: Magnetic.


Parking barriers are the first choice for parking garage operators and solution providers for reliable entrance and exit controls in parking garages, underground parking and open-air car parks. • High functionality. • 10 million opening and closing movements. • Award-winning design. • Low power consumption. • Safety control in compliance with EN 13849. • High operating convenience due to ideal accessibility. Vehicle Sliding and Swing Gates As standard, all of our medium and heavy duty gates are 100% duty cycle, hot dip galvanised and made from Australian steel. They are fitted with industrial motors and control systems, can be connected to any standard access control system, and use two forms of safety devices - PE beams and in ground induction loops. Gates can be customised to specific length, height, surface finish (powder coating) and infill/cladding. The Magnetic Swing Gate has been a market leader for more than 30 years. It has been designed for high end commercial and industrial applications. The swing gate provides maximum control of vehicular passage at security access points and can be tailored to suit specific applications and customised to suit site requirements. The MSGB BiFold speed swing gate provides maximum control of vehicular passage at security access points. The gate is designed for high end commercial and

industrial applications particularly where opening space is limited. Specialist Engineering Services As part of a global group we have access to international product development. We also develop our own local product range via our own inhouse engineering which partners with our efficient manufacturing facilities. Manufacturing Capabilities Our manufacturing facility is located in Melbourne and we have a high level of manufacturing integration which optimises our quality and flexibility to customise solutions for customers. Magnetic Automation is part of the global FAAC Group – a world leader in access control and automation since 1965. To ensure the highest levels of service and support, Magnetic Automation maintains a presence in every state, with a Head Office in Victoria and branches in Western Australia, Queensland and New South Wales. In this way, you can be assured that whether you require a consultation, service technician, installation or just have a question, a Magnetic Automation staff member is only ever a phone call away. Why not turn to a name you can rely on and trust the next time you need someone to provide proven solutions for security and safety to help protect your people and assets. Contact Magnetic Automation 1300 364 864 or visit

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.




than ever before

Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...




Hikvision recently introduced their new range of 4K surveillance products to provide a true ultra-high-definition video solution for real world security applications. The 4K Total System features Hikvision H.264+ Smart Codec, which reduces bandwidth and storage requirements by 50% compared to standard H.264 codecs while maximising video resolution with its optimised high-compression technology. The new 4K family includes ultra-high definition network cameras and network video recorders, all equipped with a variety of smart functions. It is ideal for applications where clear, high-resolution images and smart surveillance of large areas are required. These include city surveillance, stadiums, parking lots, and crowd management scenarios. H.264+ Smart Codec The launch of Hikvision 4K Total System comes as concerns grow about the burden placed on the transmission system and storage when CCTV cameras and NVRs lacking dedicated 4K-compatible components are installed. This is not an issue with the 4K Total System, which incorporates H.264+ optimised compression to allow users to more efficiently manage ultra-high definition video footage. With features such as background-based predictive smart encoding, enhanced noise suppression, and optimised bitrate control, Hikvision H.264+ compression saves bandwidth resources and decreases storage requirements. The result is a complete system designed for immediate practical use, providing customers with genuinely useful end-to-end smart high-resolution security video. 4K Output Advantage As a further refinement, the Hikvision 4K NVRs support the HDMI 2.0 output interface, allowing users to display 4K video for monitoring applications. As a result, Hikvision 4K family offers users a true end-to-end 4K ultra-high-resolution solution, providing users with 4K monitoring, recording, and playback. Ultra-High Definition = Ultra-High Quality Analytics The new 4K solution, which includes 4K IP dome, bullet and box cameras along with a variety of 4K NVR models, delivers Ultra-High Definition (UHD) images, providing 4K resolution in real time. The high quality images also improve video analytics performance, particularly in scenes covering large areas. Limited resolution has hindered video analysis in the past, but now the additional pixels in 4K technology allow for better resolution and improved image enhancement, which in turn allow for more information to be extracted from the scene. The result is an improvement in the accuracy and quality of video analysis and better value for users. Smart Features As a part of the Hikvision Smart product family, the new 4K products are equipped with smart features that put intelligence, efficiency, and ease-of-use at the heart of this state-of-the-art video surveillance range. SMART technologies include face detection, intrusion detection, line crossing detection, and smart focus. Smart tracking capability enables the cameras to detect any progressively moving object and follow it within the camera area of coverage, while smart video analytics includes region enter/exit, object left behind/object removed and more. For more information visit


Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.


SHO WC ASE S BQT SOLUTIONS : BT835 – PROTECTIVE CUSTODY READER Secure, safe and reliable BQT Solutions have a unique range of secure Protective Custody Readers that have been developed for applications such as correctional facilities, immigration detention centres, mental health facilities and other applications where a robust, impact resistant, secure encrypted reader is specified. The BT835 Protective Custody range has been designed to be flush mounted with security screws and has been manufactured using high impact resistant material to minimise the risk of removal and breakage. Our Protective Custody Readers come in a range of technology and formats, providing peace of mind that your facility is protected by safe, secure encrypted access control. • BT835-1 – Mifare® CSN, 32 bit weigand output. • BT835-2 – miPASS2® Card & Reader System, Mifare Classic® Crypto 1 32 bit weigand output. • BT835-3 – Mifare Classic®, Crypto1, custom key and output format. • BT835-4 – miPASS3® Card & Reader System, Mifare® DESFire® EV1, 3DES, 32 bit weigand output. • BT835-6 – Mifare® DESFire® EV1 & Classic®, AES, DES, 3DES, Crypto1, custom key and output format. Our diverse range of access control solutions is priced to provide increased returns and facilitate competitive project opportunities for the industry. BQT Solutions readers are proudly designed and developed in Australia. For more information visit

DRONE DETECTOR Perimeter Systems Australia (PSA) proudly offers Drone Detector® from Drone Labs. Drone Detector® is manufactured in the USA and is designed to secure people and property from unwanted drone intrusions. Drone Detector® warns you when drones are in the area through a proprietary process and sends alerts that can integrate with existing security protocols. Additionally, the data collected by Drone Detector® can be used in the apprehension and prosecution of violators through real-time warnings and digital evidence collection. Unlike other detection technologies, Drone Detector® can see air, ground and waterbased threats. Auditory detection alone, for example, can typically only detect aerial drones and be easily defeated. Our technology uses multi-factor authentication including GPS Detection, Radio Frequency Detection and Audio Detection, to determine the confidence level of a threat. Drone Detector® can be used virtually anywhere including Critical Infrastructure, Airports, Government Facilities, Prisons, Stadiums, Residential, etc. • GPS Detection. • Radio Frequency Detection. • Audio Detection. • Detect Flying Drones. • Detect Ground Based Drones. • Detect Autonomous Drones (drone that produces no radio frequency signature at all and is pre-programmed with GPS coordinates for flying). • Detection Distance 1,000 metres (RF). • Connection via Ethernet and/or relay output. We also have API/SDKs available for integration to third party system. For more information visit



S E S A C W O H S XCELLIS APPLICATION SERVER Quantum has just released a new server designed specifically for VMS applications which has been optimised for Quantum storage. This video surveillance specific server builds on Quantum’s 20+ year experience as the global leader in managing video files. The new Xcellis Application Server is part of the Quantum family of products which have been certified by all the leading VMS vendors. The Xcellis Application Server is paired with Quantum QXS Storage, providing class leading performance at a very competitive entry price. Also, by separating out the server from the storage, Quantum offers a platform for incremental future growth over time without doing expensive rip-andreplace upgrades. While load testing has shown Xcellis Server will run 150 1080p cameras for 30 days retention, the Xcellis server with QXS Storage is ideally suited for 50-100 camera applications. This also provides an entry point for Quantum’s tiered storage solutions, and can be the foundation for 1000+ cameras when combined with Quantum Multi-tier StorNext solutions. Using various tiers of storage allows for an increase in retention, the lowest cost storage, while meeting the performance requirements of large scale camera installation. Learn more: Quantum Australia 1800 999 285 or Or

STENTOFON EXIGO IP PA STENTOFON Australia is proud to announce it has achieved EN54-16 certification of their Exigo IP PA system for use in Voice Alarm applications. Seamlessly interfacing native IP PA with CCTV and Access Control, Exigo is both scalable and highly competitive. Exigo’s simplistic set-up and installation is designed to support current and emerging trends while providing users with an extremely robust system designed with a view to effective and efficient networking in IP environments, as well as superb system management and programming. STENTOFON delivers IP PA for Indoor, Industrial or Ex environments by using an IP network instead of the traditional centralised amplifier to distribute audio signals. Exigo offers fully monitored loss-less transmission to remote locations across both local and wide area networks. The world’s largest light rail system, Yarra Trams, relies on STENTOFON Australia’s Plug and Play IP PA to deliver their Remote Public Address System to the travelling public. For a demonstration please contact STENTOFON Australia on (03) 9729-6600 or; see Exigo at STAND B2 at ASIAL 2016 in Melbourne, or simply YouTube search ‘Zenitel Exigo’.


Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.


SHO WC ASE S SecuSafe UNIVIEW 2MP IP KIT WITH NETWORK POE CAMERA SecuSafe Pty Ltd, an Australian importer and distributor of electronic security products located in Sydney, introduces their new 2MP IP Kit with Network POE Camera for the SME (SmallTo-Medium Enterprise surveillance industry. They have partnered with Uniview Technologies, to be their Authorised Uniview IP Distributor here in Australia. As a global video surveillance provider, Uniview has been pioneering in IP-based video surveillance since 2005. In 2012, Uniview grew to be the No.3 leading manufacturer in China. Secusafe have packaged the kits to meet customer’s IP surveillance equipment requirements. For more information about our Uniview IP Kit series, please contact SecuSafe Pty Ltd at (02) 9649 4477 or email: or visit

MAGNETIC AUTOMATION’S MHTM BOOM GATE There is a Magnetic MHTM boom gate to suit any application. The range includes high-speed tollway boom gates, car park boom gates and site access boom gates, with boom lengths up to 10 metres and down to 0.9 seconds opening time. The innovative drive technology of the MHTM offers low maintenance, high performance, 75 percent less power consumption and a variety of operational modes and speeds. The MHTM can be controlled by card access systems, remote control, token or coin acceptors, or by simple push buttons. All boom gates include Magnetic’s unique VarioBoom arm, which is ergonomically designed for faster opening efficiency. Apart from typical car park boom gate installations, Magnetic Automation recently provided a pedestrian-safety solution in a warehouse by installing two MHTM boom gates in a unique loading dock area. The client required a safety solution that would prevent people from falling off the loading dock, as it had been identified as a potential safety risk. This client already had other Magnetic products installed on the premises, so they looked no further in getting Magnetic to install their new boom gates to improve the safety of the warehouse. Visit for more information. Contact Magnetic Automation via email or phone 1300 364 864.




Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

Frustrated with a lack of control, visibility & flexibility with your M2M/IoT SIM Cards? We can help! M2M One are one of Australia’s leading suppliers of SIM Cards, data plans and custom networking for wireless devices - Providing real time usage information, analytics and flexible pricing with no contracts or commitments. Powering over 45,000 devices across Australia, M2M One have a wealth of experience in the security sector supplying SIM Cards and services for alarm panels, IP cameras, access control systems, vehicle tracking and more. M2M One Provide: • Dedicated M2M services on Australia’s largest mobile network utilizing full 3G and 4G/LTE Coverage nationwide. • SIM Cards in all form factors from standard to nano including industrial rated and solder-down SIM options. • Flexible data plans ranging from 50KB – 25GB with cost control options including fixed data CAPs and group data sharing. • M2M control centre offering real-time SIM status, usage and diagnostics. • Custom networking including static IP addressing, IPSEC VPNs & Peer-to-Peer networking. 5 Reasons to work with M2M One: 1. No minimums or commitments – Grow your business at your pace, your own way. 2. Flexibility – Change your data plan, activate or deactivate services at any time without any penalties. 3. Local Support – Support is provided by our M2M experts from our Melbourne office. 4. Volume Discounts – We automatically discount your data plans as you grow. 5. We hate charging excess usage – We actively monitor your data usage to make sure you never have bill shock again.

Schneider Electric Prefabricated and Micro Data Centre Solutions Wins Data Centre Power Product of the Year Award Company’s innovative data centre solutions portfolio is recognised as an industry leader by its peers at the DCS Awards, 2016. Schneider Electric, a global specialist in energy management and automation, has won the Data Centre Power Product of the Year category at the DCS Awards 2016. The company’s industry leading portfolio of Prefabricated and Micro Data Centre Solutions allows the rapid and cost-effective deployment of infrastructure in any location, unhindered by challenges of distance, space constraints or remote environments. Schneider Electric’s Prefabricated configurations include power, cooling and IT modules to provide a flexible approach to data centre infrastructure. The building blocks are factory tested and pre-engineered before being delivered to the customer site as ready-to-deploy modules. By deploying only what’s required customers can reduce initial CapEx outlay, and take a pay-as-you-grow approach to capacity upgrades as business requirements change. Driven by the increasing volume of data from connected devices and the Internet of Things (IoT), Schneider Electric’s Micro Data Centre solutions enable businesses to meet the challenge of Big Data and latency by deploying localised data centres at the edge of networks in order to reduce costs, whilst ensuring high levels of service, reliability and resilience for customer applications. Micro Data Centre solutions are delivered in a single enclosure with integrated power, cooling and management software to support a selfcontained, secure computing environment. Schneider Electric solutions use a standardised modular architecture to reduce complexity and increase speed of deployment. The company has published a comprehensive library of reference designs, which are fully adaptable to a range of customer requirements. Prefabricated solutions can be deployed inside or outside — independently or together — to provide customers with a complete and scalable data centre solution. For more information about Schneider Electric Prefabricated and Micro Data Centre Solutions portfolio please visit:



Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.


Recognising excellence in the Australian security industry The 21st annual Australian Security Industry Awards for Excellence and 2nd annual Outstanding Security Performance Awards provide a platform for exceptional security companies and individuals to be recognised. Organised by the Australian Security Industry Association Limited (ASIAL) and World Excellence Awards, the event is designed to be both independent and inclusive, providing an opportunity for outstanding performers, whether buyers or suppliers, to be recognised and their successes to be celebrated. Over the course of two decades the Australian Security Industry Awards for Excellence has provided recognition for hundreds of Australian security companies and individuals. The event also provides a chance to showcase the outstanding pool of professionals working within the security industry. For a second successive year, ASIAL will host its awards in collaboration with the Outstanding Security Performance Awards which form part of a global initiative with events in Germany, Norway, Poland, Romania, United Kingdom and United States of America. Once a core number of national OSPAs programmes are established it is World Excellence Awards intention to enter OSPA winners into a worldwide OSPA. In all countries the aim is to encourage security associations to come together to celebrate excellence and the outstanding performers in their country. In Australia this is no different, with the following industry partners supporting the event. Nominations will be assessed by an independent panel of judges chaired by an ASIAL representative, who does not vote in selecting a winner. The 2016 judging panel includes: • Damian McMeekin, Head of Group Security, ANZ Bank • Mark Edmonds, Manager, Security Capability, Sydney Trains • Chris Beatson, Director, NSW Police Force - PoliceLink Command • Vlado Damjanovski, CCTV Specialist, ViDi Labs Pty Ltd • John Adams, Editor, Security Electronics Magazine • Sean Giddings, Director of Security Operations, Australian Parliament House. Australian Security Industry Awards for Excellence categories o Individual Achievement – General Security o Individual Achievement – Technical Security o Individual Achievement – Security Student o Gender Diversity o Indigenous Employment o Special Security Event or Project (under $200, 000) o Special Security Event or Project (over $200, 000) o Integrated Security Solution (under $200, 000) o Integrated Security Solution (over $200, 000) o Product of the Year (Alarms, Access Control, CCTV, Communication/Transmission System) Outstanding Security Performance Awards categories o Outstanding In House Security Team o Outstanding In House Security Manager o Outstanding Contract Security Company (Guarding) o Outstanding Security Consultant o Outstanding Security Training Initiative o Outstanding Security Partnership o Outstanding Investigator o Outstanding Police / Law Enforcement Initiative o Outstanding Risk Management Solution o Outstanding Cyber Security Initiative o Outstanding Female Security Professional Award nominations are now being accepted via Any company or individual working in the Australian security industry is entitled to enter. You may nominate more than once in multiple categories. Detailed information on the criteria for each of the award categories along with the conditions of entry can be found at The awards will be presented at The Westin, in Sydney’s iconic Martin Place, from 7pm on Thursday 20th October 2016. For further information on the event visit

The peak body for security professionals


SUBSCRIBE Security Solutions Magazine, Level 1, 34 Joseph St, Blackburn, Victoria 3130 | Tel: 1300 300 552

I wish to subscribe for:

oONLY $62 per annum!

Name: ............................................................................Company: ....................................................................................... Position: .........................................................................Address: ......................................................................................... Suburb:...........................................................................State: ................................. Postcode:............................................. Tel:..................................................................................Email: ................................................................. ........................... TERMS AND CONDITIONS For more information on subscriptions, or to contact Interactive Media Solutions, please phone 1300 300 552 or email to Deductions will be made from your nominated credit card every year in advance of delivery. The direct debit request and subscription price may be changed by Interactive Media Solutions from time to time, however you will always be given at least 28 days notice. The authority to debit your account every year remains valid until you notify Interactive Media Solutions to cancel your subscription by contacting Interactive Media Solutions Customer Service. No refund is given after a payment is made. In the event of a cancellation of your subscription, the subscription will simply expire twelve months from when the last subscription payment was made. Information on how we handle your personal information is explained in our Privacy Policy Statement.

Credit Card oBankcard





Card Number: ........................................................................................................................................................................ Exp: _ _ / _ _ Card Name: .................................................................................................................................................................................................................... Signature: ....................................................................................................................................................................................................................... When payment has been received and funds cleared, this document serves as a Tax Invoice. Interactive Media Solutions ABN 56 606 919 463. If this document is to be used for tax purposes, please retain a copy for your records.

Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...

Subscribe to Security Solutions Magazine for

ONLY $62 per annum!

Simply fill in the form or call 1300 300 552


Powerful insights into security and property related matters that occur in and around the work place. SIMTRACK™ is the solution of choice for organisations to manage and track security related incidents across all business sectors in a structured and unified environment. Built with complete mobile and tablet support, SIMTRACK™ allows incidents to be reported as they happen, where they happen. Intelligent insights to trends, incidents hotspots, serial offenders and more emerge through powerful inbuilt real-time reporting. Businesses can mitigate risks effectively with strategic implementation of preventative measures. l l

Hosted in Australia Incident Forensics

l l

Secured facilities Web based

l l

Full data encryption Securely Hosted

‘Locate incident hotspots, track serial offenders and identify trends as they emerge with powerful in built real-time reporting.’

20-22 July 2016

Visit us at:


STAND J 35 “providing your business with solutions to do business”™

Founded 1999

3 Dimensional Consulting 211A Swan Street Richmond Melbourne Victoria Australia, 3121

Australia: International: E-mail: Web:

1300 881 711 +61 3 8844 7550

Security Solutions Magazine Issue 102  

Security Solutions Magazine Issue 102 Digital Edition

Security Solutions Magazine Issue 102  

Security Solutions Magazine Issue 102 Digital Edition