A U S T R A L A S I Aâ€™ S L E A D I N G S E C U R I T Y R E S O U R C E F O R B U S I N E S S A N D G O V E R N M E N T
ISSUE #106 MAR/APR 2017
ISSN 1833 0215
Mapping the future Of Security Technology
$9.95 inc GST / $10.95 NZ
THE SHAPE OF THINGS TO COME
NEED SERIOUS SECURITY? THE ANSWER IS EZI!
Ezi Security designs, manufactures and installs a premium range of electronic perimeter security products designed for both vehicle and pedestrian control. These consisting of a wide range of security products suitable for low to high-risk applications. Ezi Security Systems has been manufacturing quality security products for over twenty-one years with equipment is installed in some of the very harshest of environments the planet has to offer. And all with outstanding results. While Ezi has a commitment to innovative design and quality products we also fully understand the importance of easy and efficient after sales service. Ezi Security Systems services and maintain the products we sell to ensure that your critical infrastructure and personnel are protected at all times. “ALL EZI SECURITY SYSTEM PRODUCTS ARE BUILT TO LAST A RELIABLE THIRTY YEAR (PLUS) PRODUCT LIFE SPAN WHEN MAINTAINED”
Ezi Security Systems has the most extensive offering of Hostile vehicle barrier products (HVB’s) and has the expertise to design and secure any critical infrastructure or site of national importance. Ezi has an extensive range AVB and HVB Crash Certified products such as the world famous TruckStopper, the renowned K12 Wedge, crash boom beams and crash rated static and automatic bollards. Ezi Security Systems has all the realistic solutions to meet your high security requirements while maintaining an aesthetically pleasing solution for your site. All Ezi Security System AVB & HVB have been vigorously crash tested and certified to meet all ASTM, IWA and PAS 68 stipulations. Ezi Security and its partners continue to the push boundaries on all crash products with our in-house R&D security experts providing market leading products designs. This specialist ability also involves our renowned installation expertise and advice with the all important civil work design & engineering. Ezi Security believes in pushing design frontiers for its products to keep pace with marketplace and security priorities. This year alone Ezi and PPG have successfully worked with CTS and crash tested to Pas 68 in 2016 the following products:
M30 Bollard Performance rating V/7500[N2]/48/90:0.0/0.0
M50 Bollard Performance rating V/7200[N3C]/80/90:5.5
Wedge II Performance rating V/7500[N3]/80/90:0.0/20.7 (tested with 4 m blocking width)
With our highly chosen business partners being the best in their field and coupled with our own Ezi Security R&D in house design team Ezi Security continue to push boundaries on market leading and state of the art crash rated designed products. Our ability also involves installation expertise and advice with all important civil work design & engineering.
Ezi also takes pride to provide our clients with more than just perimeter security solutions. We also offer a quality range of internal pedestrian control products from Werra Entrance Control. The Werra Entrance Control range compliments perfectly the already strong offering of pedestrian security control that Ezi Security currently offers to the market. The range includes a wide variety of systems suitable for pedestrian access management that includes the ability to hold and isolate persons of interest and/or concern. Ezi Security again has a quality product for every threat and contingency for building personnel security. All products offer quick access for authorised persons and reliable protection against unauthorised access. With a flow rate of up to 35/min even large flows of people can be monitored and controlled effectively. Werra Entrance Control not only stands for innovative for the individualâ€™s passage of person, but also is an extension for our philosophy of being a professional fullservice provider of all components within perimeter security and access control. Ezi Security Systems, and their business partners, are privileged to be protecting some of the most prestige and iconic man made marvels of the modern era from the Burj Khalifa Tower in Dubai to Australiaâ€™s very own Parliament House in Canberra.
IF SERIOUS SECURITY IS YOU REQUIREMENT, LOOK NO FURTHER THAN EZI! FIND OUT MORE ABOUT US!
1300 558 304 11 Cooper Street Smithfield NSW 2164 www.ezisecurity.com.au email@example.com
CUSTOMISABLE ELECTRIC HEIGHT ADJUSTABLE SIT STAND CONSOLES
Does your control room meet
Australian Ergonomic Standards?
Clayton VIC 3168
Safe Work Australia, Nov 2015
â€œ...in 2012-13 the cost impact of work-related injuries and illnesses was estimated to be just over $61 billion...â€?
State-of-the-art ergonomic lifting technology Lifetime Australia phone support AS/NZS 4443:1997 & ISO 11064
+61 3 9574 8044
COVER STORY: THE SHAPE OF THINGS TO COME
Nobel Prize-winning physicist Niels Bohr once remarked, “It is difficult to make predictions, especially about the future.” This somewhat comical observation is no less true today than it was when it was first made back in 1962. In fact, with the pace of technological innovation continuing to increase exponentially, especially over the last 20 years, predicating ‘the next big thing’ with any great certainty is arguably becoming more and more difficult. Cutting-edge technologies rise only to fall to the wayside before reaching completion in favour of newer, more exciting, reliable and affordable solutions to the same problem. We look at some emerging technologies with the potential to revolutionise the security industry.
THE GROWING THREAT OF TERRORISM IN AUSTRALIA The recent release of the respected 2016 Global Terrorism Index carries some worrying implications for Western nations such as Australia. Of particular concern is the increasingly migratory nature of the kind of fury that inspires terrorism in other parts of the world. Dr David WrightNeville examines the growing threat of terrorism in Australia.
THE KEY CONSIDERATIONS FOR IMPLEMENTING A CRISIS AND RECOVERY MANAGEMENT PLAN ACROSS BORDERS A corporate crisis can strike at any moment, in any location. Indeed, a crisis relates to an incident, human or natural, that requires urgent attention or action to protect life, property, environment or reputation. Barry Thomas looks at the four fundamental phases of dealing with a cross border crisis.
HOW TO SECURE YOUR SUPPLY CHAIN AGAINST CYBER THREATS IN 2017 In a world where data has become a form of currency, and modern business continues to shift heavily into the online environment, the need for businesses not to lose focus on the basics and ensure they stay informed about potential cybersecurity threats is as important as ever.
CREATING A RESILIENT ORGANISATION It is often said that the only thing you will ever get two risk management professionals to agree upon, is what the third one is doing wrong. Jason Gotch looks at the issue of resilience with a view to better understanding what this term means in a corporate context.
004 SECURITY SOLUTIONS
NEW INT-QUADIP For PB- Series Quad Beams
IP INTERFACE MODULE
With the new IP interface module, our intelligent PB- series Quad Beams are as easy as IP cameras to install and integrate with leading VMS solutions.
Most intruder detection systems rely on legacy technologies which require a number of third-party products and man-hours to install. The INT-QUADIP module utilises infrastructures already in place with CCTV, Access Control, and other security systems; dramatically reducing installation costs whilst providing a fully integrated security system which can be easily expanded and configured as desired.
KEY SPECIFICATIONS ● ● ● ●
PoE Class 3 IEEE 802.3af VMS Compatible Direct control for cameras including: - Axis - Bosch - Hikvision - Sony
● Plug & play web browser interface ● No software installation required ● One cable installation
PB-IN-HF/HFA The ultimate in trouble free perimeter detection for distances up to 200m.
1300 366 851 www.seadan.com.au
PB-F/FA Single channel quad beams ideal for simple perimeter systems.
PB-IN-100AT Anti-crawl beam for high security perimeters up to 100m.
PB-KH TAKEX quad beam performance for use in beam towers.
(02) 9427 2677 www.sprintintercom.au SECURITY SOLUTIONS 005
036 ALARMS What is the role of CEPTED in security system design?
LETTER FROM THE EDITOR
012 LEADERSHIP Jason Brown looks at ways leaders can more 014
OPERATIONS Richard Kay presents the second part of his special on
effectively align their leadership style to a particular situation.
ways in which security companies can better recognise and manage post trauma stress.
CYBER SECURITY How vulnerable is Australia’s credit card system to
044 CCTV Gary Palmer looks at the challenges and pitfalls of presenting CCTV footage as evidence in court.
016 RESILIENCE How can you better understand the interface between
048 BUSINESS How can you build an effective risk culture within your
organisational and infrastructure resilience?
HUMAN RESOURCES Learn how you can more effectively conduct workplace investigations with a view to better managing human resources. 020 RISK MANAGEMENT Is the DERK model for assessing human threats to facilities still relevant 25 years on?
022 COMMUNICATIONS Why is information sharing vital to the future of security?
LOSS PREVENTION Do retailers make better loss prevention managers
than security personnel?
072 AVIATION What is the value of the ‘what if’ test in aviation security? 076 ACCESS CONTROL We look at the opportunities for installers and locksmiths in the growing smart home market.
THINKING ABOUT SECURITY Why is it that the government seems to exhibit a lack of respect for the security profession?
080 PROFESSIONAL DEVELOPMENT What security lessons can be learned from the recent assassination of the Russian ambassador to Turkey, Andrei Karlov?
028 EVENTS A look at upcoming industry events.
LEGAL Q&A We look at the laws and your rights when using dash
SHOPTALK Company announcements from within the industry.
006 SECURITY SOLUTIONS
SECURITY SOLUTIONS 007
Editorial Editor: John Bigelow firstname.lastname@example.org Sub-Editing: Helen Sist, Ged McMahon
Contributors: Jason Brown, Karissa Breen, Greg Byrn, Rod Cowan, Kevin Foster, Jason Gotch, Leon Founche, Richard Kay, Steve Lawson, Bill Nesbit, David Wright-Neville, Gary Palmer, Rita Parker, Anna Richards, Alexei Sidorenko, Anne Speckard, Barry Thomas, Ami Tobin, Don Williams.
Advertising email@example.com Phone: 1300 300 552
Marketing & Subscriptions firstname.lastname@example.org $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)
Design & Production Graphic Design: Jamieson Gross email@example.com Phone: 1300 300 552
Accounts firstname.lastname@example.org Phone: 1300 300 552
ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: email@example.com Disclaimer The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein. The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.
RS A DE VI
ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: firstname.lastname@example.org
RALIA LTD UST FA
Written Correspondence to:
Or i g i n a l Si z e
O C I AT I
Y P R OVI D
AU S T R A L I A
STRALIA LTD AU
Official partners with:
SSOCIAT IO N
RS A DE VI
blue colour changed to this colour green.
COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................
008 SECURITY SOLUTIONS
SECURITY SOLUTIONS 009
LETTER FROM THE EDITOR We undoubtedly live in interesting times which, depending on your point of view, can be either a positive or negative thing. For example, if your world view is shaped by events directly relating to global security, then one might believe that while the civil unrest occurring in countries like the US, across parts of Europe and in the Middle East is ‘interesting’, it would not typically be categorised as positive. Alternatively, if your world view focuses more on the amazing technological changes occurring at breakneck speed across a wide and seemingly unending array of industries, including the security industry, then these ‘interesting’ times in which we live are marked by amazing innovations, developments and technological advances that have the power to fundamentally change the way we live. Therefore, interesting becomes positive. In reality, there is no separating the two; we take the good with the bad. It all simply comes down to your personal disposition. Are you the type of person who focuses on the positive aspects of something over the negative, or vice versa? In the last issue, we presented a piece by Dr Colin Wight on the potential global security impact of a Trump-led US Government – a situation which is being played out in the mainstream media as an ongoing three-ring circus. In this issue’s cover story, in an attempt to provide a sense of balance with regard to the argument around what sort of interesting times we might be living in, we have focused on pending technological developments set to have a major impact on not just the security industry, but the world as a whole. Typically, emerging tech articles of this type tend to focus on new products (usually those of the magazine’s advertisers) which are due to hit the market within the next six months. However, we have taken a slightly different approach, looking instead at the new and emerging technologies that are set to shape and radically alter the nature of the products we use every day – from deep machine learning to alien channels, atomic storage and speed of light communications. I hope that you enjoy this issue’s cover story and that, more importantly, it gets the juices flowing and promotes interesting ideas as we head into yet another interesting year. What type of interesting it turns out to be is up to you. You can either choose to focus your time and attention on the growing media circus that is US politics and lament the current state of global instability, or you can put your energy into looking at new and amazing opportunities in the security market that could change the way the industry operates. Have a great year!
John Bigelow Editor
010 SECURITY SOLUTIONS
Contact us on 1300 364 864 Follow us on
Delivering Proven Solutions for Security & Safety We Protect People & Assets www.magneticautomation.com.au
LEADERSHIP Aligning The Leader With The Situation
The two outer levels – public and private leadership – are what the leader must do behaviourally with individuals or groups to address the four dimensions of leadership (Scouller, 2011). These are: 1. A shared, motivating group purpose or vision 2. Action, progress and results 3. Collective unity or team spirit 4. Individual selection and motivation.
By Jason Brown As individuals, leaders come in all shapes, sizes, beliefs, sexual orientation and ethnic origins. The personal traits, the adaptive capacity and especially the capacity to emphasise particular styles of leadership behaviour in the face of changing and often complex situations separate those who fail as leaders and those who succeed. The Situational Leadership Model is a model developed by Paul Hersey and Ken Blanchard while working on Management of Organizational Behavior. In the late 1970s to early 1980s, the authors both developed their own models using the situational leadership theory; Hersey – Situational Leadership Model and Blanchard et al – Situational Leadership II Model. The fundamental underpinning of the Situational Leadership Model is that there is no single best style of leadership. Effective leadership is task relevant, and the most successful leaders are those who adapt their leadership style to the performance readiness (ability and willingness) of the individual or group they are attempting to lead or influence. Effective leadership varies, not only with the person or group that is being influenced, but it also depends on the task, job or function that needs to be accomplished. The Situational Leadership Model rests on two fundamental concepts; leadership style and the individual or group’s performance readiness level. Hersey and Blanchard categorised all leadership styles into four types of behaviour, which they named: • Telling – is characterised by one-way communication in which the leader defines the roles of the individual or group and provides the what, how, why, when and where to do the task. • Selling – while the leader is still providing the direction, he or she is now using twoway communication and providing the socio-
012 SECURITY SOLUTIONS
emotional support that will allow the individual or group being influenced to buy into the process. • Participating – this involves shared decision making about aspects of how the task is accomplished and the leader is providing fewer task behaviours while maintaining high relationship behaviour. • Delegating – the leader is still involved in decisions; however, the process and responsibility has been passed to the individual or group. The leader stays involved to monitor progress. No one style is considered optimal for all leaders to use all the time. Effective leaders need to be flexible and must adapt themselves according to the situation. The model has had some criticism and other researchers have named styles such as autocratic, democratic, laissez faire; the names give the characteristics away! An interesting model is James Scouller’s in Three Levels of Leadership (2016). The three levels referred to in the model’s name are public, private and personal leadership. The model is usually presented in a diagram form as three concentric circles and four outwardly directed arrows, with personal leadership in the centre. The first two levels – public and private leadership – are outer or behavioural levels. Scouller distinguished between the behaviours involved in influencing two or more people simultaneously (what he called public leadership) from the behaviour needed to select and influence individuals one-to-one (which he called private leadership). The third level – personal leadership – is an inner level and concerns a person’s leadership presence, know-how, skills, beliefs, emotions and unconscious habits. The idea is that if leaders want to be effective, they must work on all three levels in parallel.
The inner level – personal leadership – refers to what leaders should do to grow their leadership presence, know-how and skill. It has three aspects: 1. Developing one’s technical know-how and skill 2. Cultivating the right attitude toward other people 3. Working on psychological self-mastery. In the next few columns, I will examine these and other models to see if some commonalities can be synthesised. In the next edition, I will look at the characteristics of leadership in a post-tragedy or disaster situation.
Jason Brown is the National Security Director for Thales in Australia and New Zealand. He is responsible for security liaison with government, law enforcement and intelligence communities to develop cooperative arrangements to minimise risk to Thales and those in the community that it supports. He is also responsible for ensuring compliance with international and Commonwealth requirements for national security and relevant federal and state laws. He has served on a number of senior boards and committees, including Chair of the Security Professionals Australasia; Deputy Registrar Security Professionals Registry – Australasia (SPR-A); Chair of the Steering Committee for the International Day of Recognition of Security Officers; member of ASIS International Standards and Guidelines Commission; Chair of Australian Standards Committee for Security and resilience.
• INNOVATIVE PRODUCT DESIGN • BULLET RESISTANT CERTIFIED • BURGLARY RESISTANT CERTIFIED • UNIQUE HPJ CONCEPT
High Security Anti-Tailgating Portals
YEARS IN SECURITY
With over 40 portals in the range here is a closer look at two C3 Security Portal
HPJ140 Security Portal
The C3 Security Portal offers
The HPJ140 Security portal offers
Ultra Sonic Tailgate Detection
Unique Half Portal design to ‘cap’ an existing access controlled door
890mm entrance for DDA compliance
Ultra Sonic Tailgate Detection
Open design for maximum user comfort
900mm to 1200mm entrance for DDA compliance
P1A all the way up BR4 and WK4 glass construction
P1A all the way up BR4 and WK4 glass construction
Phone: 1300 750 740 SECURITY SOLUTIONS 013
CYBER SECURITY #creditcards By Karissa A. Breen
Every day there are thousands of credit card transactions that occur around the world. But have you ever wondered how the transactional process works for transferring credit card funds? I have. I have always been fascinated about the mechanics of how our credit cards transact and talk to each other. So, off I went in search of further understanding of the geometrics of the payment card industry (PCI) and understanding the importance of this. In all honesty, compliance does not excite us at all, although it definitely plays an important role in our security world. I interviewed Jay Hira, who has an extensive background working with PCI and security compliance, to find out why. What is a merchant? The technical term: a merchant is any business that maintains a merchant account that enables them to accept credit or debit cards as payment from customers (cardholders) for goods or services that they provide. I like to think of it as you are David Jones (the merchant) selling clothes and shoes to consumers who buy them on their Amex cards. How does the transactional flow work? Imagine you are a consumer and you present your MasterCard issued by ANZ to the merchant (David Jones) at the CBA point of sale (POS) to buy a new pair of shoes. After you tap your credit card on the terminal, your credit card details are sent to the acquiring bank, in this case ANZ. The acquiring bank, or processor,
014 SECURITY SOLUTIONS
forwards the credit card details to the credit card network. The credit card network acts as a conduit between the two. The credit card network requests payment authorisation from the issuing bank. The issuing bank sends an approval to the credit card network to validate whether funds are available. The credit card network sends a ‘thumbs up’ to the acquiring bank. At that point in time, you see ‘Approved’ on the POS terminal. Off you go with your new pair of shoes! Who enforces the merchants? PCI Security Standards Council (SSC) develops and regulates the standards; the not so fun stuff, but still heavily important. The council is formed by the card brands, including VISA, MasterCard, American Express, Discover and JCB who create and set the PCI Data Security Standards (DSS). The banks are then responsible for enforcing the standards amongst their merchants, as well as reporting on a regular basis to the card brands on the status of compliance. PCI DSS is a set of requirements designed to ensure that the cardholder data is transmitted, processed and stored in a secure manner. Any merchant that accepts, processes or transmits cardholder data must comply with PCI DSS requirements. This helps to keep cardholders safe from any malicious interference. What happens if merchants fail to be compliant? Any merchant who fails to comply with PCI DSS is at risk of potentially having a major data breach. The risk increases depending
on the number of transactions the merchant makes per annum. Subsequently, there are other repercussions of non-compliance, which includes higher interchange fees charged by banks or even loss of merchant accounts and fines due to failure to comply. Why is PCI important? As a merchant, you want to ensure you are engendering trust with your clients. You do not want your company on the front page of the newspaper because their credit card details have now been breached and have permeated around the globe. It creates an inconvenience to consumers to then go and renew their credit cards. It may have impacts from a brand reputational point of view as being the untrusted merchant. As part of working within the cybersecurity market, it is crucial to uphold your company’s integrity, security posture and confidentiality to help protect your clients and ensure their trust is sustained. The next time you are shopping at David Jones you will understand the importance of PCI and you will have some insight into how the transactional flow operates and why PCI exists.
Karissa Breen is currently working as a BDM for Green Light who are an IT service provider and has a background in Cyber Security and has consulted to financial institutions. Karissa publishes her own IT blog.
S K Y H AW K FOR VIGILANT SURVEILL ANCE
L E A R N M O R E AT S E A G AT E . C O M / A U
SECURITY SOLUTIONS 015
RESILIENCE Understanding Interfaces Between Organisational And Infrastructural Resilience By Dr Rita Parker
In my previous article, I focused on the relationship between human and organisational resilience, and in this article I will extend attention to the interface between organisational and infrastructural resilience. Quite often, distinctions are drawn about different types of resilience in an attempt to explain them. However, in doing so, the connectivity between concepts and important application is often lost. In this article I will highlight the importance of keeping in mind that all forms of resilience are part of a connected complex system – particularly in the context of security. Security is as much a state of mind as it is a physical condition; indeed, for many the term ‘security’ has become a symbol of fear rather than a tool for strategic reasoning and judgement. It is in such circumstances that security professionals have a role in providing lucid reasoning and actionable solutions to top risks and threats. Part of the role of the security professional is to impart understanding to others about the relevance of resilience in security terms by developing and promoting a common understanding of, and body of knowledge about, resilience. This can be achieved by being clear about the relationships between and the importance of different types of resilience – that is, resilience in all its forms and applications is part of an integrated and
016 SECURITY SOLUTIONS
Quite often, distinctions are drawn about different types of resilience in an attempt to explain them. However, in doing so, the connectivity between concepts and important application is often lost.
interconnected system. Resilience is the ability of a complex system to absorb shock without losing normal function, and different types of resilience will depend on whether it is dealing with a chronic or acute disruption. The key point to keep in mind is that human, organisational and infrastructural resilience are all connected and interdependent. As we know, critical infrastructure underpins the delivery of essential services such as power, water, health, communications and banking, as well as our defence and national security. Importantly, some elements of critical infrastructure are not assets, but are in fact networks or supply chains. All these services contribute to our economic and social wellbeing. To operate effectively, we know that critical infrastructure needs coordinated planning across sectors and networks and requires flexible, timely and responsive recovery measures. Having such a resilience-based approach to organisational and critical infrastructure resilience means being better able to adapt to change, reduce exposure to risks and to be better able to survive and thrive. In practical terms, this means reduced failure probabilities, reduced consequences from failures and reduced time to recovery.
Dr Rita Parker is a consultant advisor to organisations seeking to increase their corporate and organisational resilience and crisis management ability. She is an adjunct lecturer at the University of New South Wales at the Australian Defence Force Academy campus where she lectures on resilience and nontraditional challenges to security from non-state actors and arising from non-human sources. Dr Parker is also a Distinguished Fellow at the Center for Infrastructure Protection at George Mason University Law School, Virginia, USA. She is a former senior advisor to Australian federal and state governments in the area of resilience and security. Dr Parker’s work and research has been published in peer reviewed journals and as chapters in books in Australia, Malaysia, the United States, Singapore and Germany, and presented at national and international conferences. Rita holds a PhD, MBA, Grad. Dip., BA, and a Security Risk Management Diploma.
Why do you have to do a strange dance to try and open a door?
Instinctive technologies for a world without constraint
Tap Tap mode
Hands free mode
Be STid, be smart Intuitive solutions for mobile access control
SECURITY SOLUTIONS 017
HUMAN RESOURSES Conducting Workplace Investigations By Greg Byrne
Welcome to 2017. The festive season is always busy for the security and law enforcement industries in Australia and around the world. I hope that you all had a great Christmas and New Year, and your company and family prosper throughout 2017. We are in a period of increased social and political conservatism, which is heralding great change for us all, and no more so than for the security industry. With that change comes increased regulation and increased regulatory reporting. Human resources (HR) will of course be one of the leading sources of change. For the greater part of this year, I am going to keep readers updated on those changes as well as participate in some of the trends that the Security Solutions Magazine will follow throughout the year. In this edition, this column will start to address the issue of workplace investigations, outlining the first two of the four suggested steps. In the next edition, this column will participate in that issue’s theme of recovery from a crisis. I will detail how an organisation would best recover its HR functions and processes following any form of serious interruption to normal business, such as terrorist strike, the catastrophic meltdown of IT infrastructure including loss of HR records, destructive fire, or theft of HR and customer records. In the following edition, I will address the final two steps of the investigation process and in the edition after that, I will outline some of the pitfalls and suggest a process that should put an organisation on solid ground when attempting to manage workplace relationships, employee performance and/or breaches of policy/ procedure.
018 SECURITY SOLUTIONS
The Process There are four main steps to conducting a workplace investigation: 1. Preparation and information collection 2. Interviewing the relevant parties 3. Making a finding and report 4. Resolution activities. It is vitally important to ensure that communication and feedback take place throughout the investigative process so that all relevant parties are in the loop and understand what and why things are occurring. This includes communication with managers, team leaders and involved parties (where appropriate). Please note that this article is an overview of the workplace investigation and not a definitive stepby-step guide on how to conduct a workplace investigation. A workplace investigation should be conducted by a suitably qualified individual or organisation. It is vitally important, especially if the Fair Work Commission (FWC) or a court of any kind is the outcome, that due process is followed and most importantly that the investigation is fair. Preparing for a Workplace Investigation • Establish that there is need to conduct a workplace investigation in the first place. These processes can be very disruptive to a workplace and the decision to conduct one should not be taken lightly. • Is the appointed investigator the right person? Is there a conflict of interest, does he/she have the required skills and knowledge, are there any relationships that could/will affect the credibility of the outcome and so on. • Is it the right time for an investigation to take place?
• Do you have a suitable location for the investigation? • Identify the parties to the matter and their location and availability. • Conduct all relevant research, including: o obtaining the record of complaint o establishing any relevant policies and procedures and codes of conduct o identifying legislation that will affect the process and possible outcomes of the investigation o identifying all relevant training records o identifying relevant position descriptions (PDs) o locating any employment contracts and applicable award or workplace agreement and any relevant term(s) or obligations o obtaining past performance reviews, employment records and CVs o determining if there are any previous incidents/investigations or complaints and how were they managed o determining if there is an observed pattern of behaviour. Additionally, prepare an interview plan and ensure the manager has viewed and agrees with it. Plan for a second interview with both the complainant and the respondent to provide feedback on either the outcome or the process and to allow for clarification of prior statements or outcomes of interviews with others on the periphery of the issue/investigation. Interviewing Involved Parties Ensure: • that those being interviewed or who are affected or aggrieved in any way are offered adequate representation or support • that if any of the involved or aggrieved have special needs, that those needs are addressed;
HUMAN RESOURSES for example, non-English speaking people should be offered an interpreter (note: if there is a chance that the issue could end up at FWC or any type of court that a registered interpreter is used) • that if the interviewee is a member of a union, that a union representative is at least in the loop and, where appropriate, is present during the interview (as a support person) • the interviewee is fully aware of his rights and fully understands the allegation or reason for the interview and investigation • the complainant understands the process and is aware of the relevant policies/options open to him in having his complaint handled. Also consider: • confidentiality, including the need to protect the integrity of the investigation process • how information and material will be communicated to the respondent(s) • how statements and interviews will be recorded, for example, typed or audio recorded (ensure permission to audio record the conversation and,
given that, that permission is recorded somehow) • how notes and records will be stored, documented and lawfully obtained • that as much specific detail (evidence) as possible has been obtained • that there is a thorough (and dynamic) list of potential witnesses • that the information being gathered is relevant, reliable and fair • that the probative value of the information obtained is tested and that it is current • that, where possible, claims and gathered evidence is/are corroborated. When finalising interviews: • ask the interviewee if he has any further questions • explain timings and when the interviewee can expect feedback • ensure that (where required/appropriate/lawful) statements, records, exhibits and documents are reviewed and signed by interviewees or owners of the records.
When considering recommendations, also consider: • the appropriateness of existing work arrangements, having regard to the issues raised/ detected during the investigation • if investigtors are managing emotions and being empathetic where appropriate • how the interviewee is feeling, the impact of the issue being investigated, and the impact the interview process has or is having on him • if any ongoing support is required, for example, an Employee Assistance Program (EAP).
Greg Byrne is the Managing Director of Multisec Consultancy Pty Ltd. He lectures part-time at the Western Sydney University for an undergraduate diploma in policing and is a sub-editor for and board member of the Australian Police Journal. His academic qualifications include Master of Management, Diploma of HR, Grad Cert in Leadership and a Diploma a Security Risk Management. Greg can be contacted via email email@example.com
FAST. SILENT. STYLISH. Our award winning speedgates keep your building secure with style. Find out which speedgate is right for you.
1300 858 840 www.entrancecontrol.com.au SECURITY SOLUTIONS 019
RISK MANAGEMENT The DERK Model For Assessing Human Threats To Facilities – Still Relevant 25 Years On? By Dr Kevin J. Foster A security risk assessment for a facility is a relatively simple process and it should always follow that described in ANSI/ASIS/RIMS RA.12015. However, a risk assessment that is inadequate can result in inappropriate, insufficient or unnecessary security measures. Therefore, a sound risk assessment is critical to effective risk management. An important element of a security risk assessment is the threat assessment. There are many ways of completing a threat assessment, but in this article I will introduce a method that I have found useful. While it goes under a few different names, it will be referred to here as the DERK method. I presented this model to a Security in Government conference in 1992 and have been using it for 25 years, especially when conducting protective security risk assessments. The theoretical basis of the DERK threat assessment model is a combination of two ideas. Firstly, to understand whether a person, an organisation or a nation is a threat, it is important to understand his/its intent and capability. Robert Jervis has described this in detail in his publications on threat perception. Secondly, Victor Vroom’s expectancy motivation theory suggests that for someone to be motivated to engage in a threatening activity, there usually needs to be a ‘valence’ attached to his desired outcome or goal. This is the importance the person places on the outcome. In a security context, this might be labelled as the adversary’s desire, for example, to steal information; or perhaps in the case of a terrorist, his desire to use fear or destruction for the purpose of amplifying the political point he wishes to make. The adversary must also have some level of expectancy that he can achieve his desired outcome. In a threat context, this would be instrumental upon him having the capability to achieve his goal, and specifically the resources and knowledge necessary. In the DERK model, the intent can be defined by describing the adversary’s desire
020 SECURITY SOLUTIONS
or objective and his expectance of success. The threat is not always from an adversary; sometimes it can come from a friend or competitor. The term ‘threat source’ is sometimes used instead of ‘adversary’ when conducting threat assessments. To understand the threat posed by a criminal, a terrorist, a competitor, a nation, or anyone, it is necessary to understand the following four factors: • The threat source’s Desire or goal: in practice, this may be expressed as the likelihood that his objective, if realised, will cause either deliberate or consequential harm to people. • The threat source’s Expectance of success: in practice, this is security’s best guess about how confident he would be of achieving his objective. Any deterrence that can be created in the security design might affect his expectance. This factor can be expressed as the probability of him expecting to succeed. Some people will be more easily deterred than others. • The threat source’s Resources needed to achieve his goal: this factor can be expressed as the likelihood that he has the resources necessary to achieve his objective. Improving security by hardening or building more layers may increase the resources necessary for the adversary to succeed in his objectives, thus reducing the likelihood that he will succeed. At a theoretical level, the ratio of resources available to resources required is being assessed. At a practical level, this would often be expressed using words such as likely or unlikely rather than numbers. This means security professionals can use the same or similar descriptors that they typically use in risk matrices. • The threat source’s Knowledge needed to achieve his goal: this factor can be expressed as the likelihood that he has the knowledge necessary to achieve his goal. By improving security, it is possible to increase the knowledge required for him to succeed, thus reducing the likelihood that he will have the knowledge required to succeed.
With an understanding of the D, E, R and K probability factors, it is possible to deduce the level of threat an adversary might pose. In this model, intent is described as a probability that someone has the desire and expectance of achieving a goal that would pose a threat. Capability is described as a probability that someone has the resources and knowledge to achieve his goal. The probabilities can be described using definitions taken from Standards Australia HB167:2006 Security Risk Management. However, these criteria need to be modified to suit the threat context. Intent and capability can then be combined in a threat matrix which provides the threat likelihood that can be used in a risk assessment.
I can describe this threat assessment model in more detail in future articles and provide case study examples. While I may be a little biased, I think this model is just as relevant now as it was in 1992. The difference today is that far more security professionals are familiar with risk assessment principles and therefore, arguably, this DERK model is easier to use now than it was 25 years ago. Dr Kevin J. Foster is the managing director of Foster Risk Management Pty Ltd, an Australian company that provides independent research aimed at finding better ways to manage risk for security and public safety, and improving our understanding of emerging threats from ‘intelligent’ technologies.
MULTIPLE CAPABILITIES SUPERIOR SOLUTION
Volvo Group Governmental Sales Oceania
IN HOSTILE ENVIRONMENTS, ITâ€™S IMPORTANT THE SYSTEMS THAT YOU DEPEND ON CAN
STAND THE TEST OF TIME.
At Volvo Group Governmental Sales Oceania, our core business is the manufacturing, delivery and the support of an unparalleled range of military and security vehicle platforms; a range of platforms that are backed by an experienced, reliable and global network with over one hundred years of experience
superior solutions, providing exceptional protected mobility SECURITY SOLUTIONS 021 www.governmentalsalesoceania.com
COMMUNICATIONS Why Information Sharing Is Vital To Your Future By Rod Cowan
Lack of recognition for the vital role security plays results in too many security managers and agency security advisors – and to those readers who do not fit this profile, I apologise in advance, but it is nonetheless true of many others – being in the position because they are either parked there or waiting out their time to retirement. Precious few in the business would see themselves as leaders within their organisations, far less society. In some ways, the culture is changing already, albeit slowly, with a younger breed of security operatives joining the ranks and actually choosing security as their future. Culture is complex, however, and change is more than a rebranding exercise with a new coat of paint in the hope no one looks under the hood. It is necessary to first develop an ethos – values – and ways of thinking in order to plot a course. Then that philosophy needs to be embodied in the stories shared, heroes applauded and rituals created. One small step has been establishing an industry-based medals program recognising bravery and contribution. Another is the creation of the Outstanding Security Performance Awards (OSPAs), which is growing into a global event. More is needed, as technology is changing the shape of business, government and society, especially in the way people organise, communicate and collaborate, which in turn is changing the way people view authority and power. Nowhere is that more evident than in information sharing, especially in a world of cognitive capital, where knowledge has become
022 SECURITY SOLUTIONS
Thinking must move beyond extensions of bureaucratic control to establish networks, which inevitably means sharing information. an asset of institutions and organisations and a resource traded for money, social influence and political clout, creating barely-understood risks as well as opportunities. Letting go of old values and beliefs can be challenging in bureaucratic mindsets where knowledge is power, bringing to mind a poster on the wall of an Australian intelligence organisation’s office depicting a toad in the mouth of a crane, with the toad’s hands around the throat of the bird and a caption, “Whatever you do, don’t let go”. While the security, intelligence and law enforcement old guard refuse to let go, younger generations – so-called digital natives who are young adults and not kids anymore – accept sharing as part of life. All too often, solutions revolve around education and, preferably, control, and rarely innovative or fresh approaches, no matter what the marketing spin or political rhetoric
advises. Thinking must move beyond extensions of bureaucratic control to establish networks, which inevitably means sharing information. Information sharing, however, is what is known in policy development as a wicked problem; wicked not in the sense of evil – though some may see it that way – but in terms of being intractable because its complexity defies definition far less solution. A big help would be the academic and research community contributing beyond looking for funding opportunities. Industry insiders – government and corporate – also need to play their part. And they need the right environment to do so. In 2003, the Federal Attorney-General’s Department established the Trusted Information Sharing Network (TISN). For a while a promising initiative, of late the TISN has been waxing and waning to a point of being almost moribund;
When a high level of security is essential, dormakaba turnstiles and full-height gates provide the ideal solution. The robust turnstiles and full-height gates are especially suitable for securing the perimeter of buildings and property.
Secure your perimeters
Benefits include versatality in design, safe passage, minimal power consumption and lasting quality for any indoor or outdoor installation. For the complete range of smart and secure access solutions, contact dormakaba. 1800 675 411 www.dormakaba.com.au
SECURITY SOLUTIONS 023
COMMUNICATIONS The reality is the industry, or for that matter the country, cannot afford to wait for the government to fix problems; corporate security, individual agencies and all levels of government need to engage and support a TISN if it is to be anything more than a tick-a-box exercise.
almost because it has just enough of a pulse for the Government to publicly deny its ill health, thanks to some areas, such as the finance sector, working well together. The public water sector has made great strides too. Therein lies some precedents. As such, preventing the TISN’s death, thankfully at this stage, may mean CPR as opposed to open heart surgery. The UK’s Project Griffin, established in 2004 in the City of London to help the financial sector protect itself against terrorist threats, is often cited as an example of public/private information sharing. What is forgotten is that it was the banks that pushed for its inception. The reality is the industry, or for that matter the country, cannot afford to wait for the government to fix problems; corporate security, individual agencies and all levels of government need to engage and support a TISN if it is to be anything more than a tick-a-box exercise. The hard work of creating links and connections with knowledgeable individuals and networks, admittedly difficult given the nature of security, is needed to develop different avenues of engagement with embedded accountability. To date, organisations and governments have stuck to superannuated consultants, credentialled
024 SECURITY SOLUTIONS
academics, media darlings and other trusted insiders rather than seek fresh input. Given rapid change, how anyone could claim to be an expert in what is essentially new knowledge is hard to see. Not that that has stopped an entire courage industry growing around advising on cybersecurity, with people deemed ‘experts’ because they work for a university, prancing around glibly spreading fear as facts with less understanding than the spotty 12-year-old Ohio schoolboy known as glitterstick_007. “In an age of turbulent and unpredictable transition, institutions most need the very things – innovation, picking up the early signs of disruption, a capacity to move quickly and responsively – that tend to be found at the edge of large systems in dispersed networks of expertise close to people’s lives and experiences, rather than the more slower and more distant structures of power at ‘head office’,” writes Martin StewartWeeks and Lindsay Tanner in Changing Shape: institutions for a digital age. “Institutions in the digital age still need to access and exercise power and authority. But that will increasingly happen through their connections with surrounding networks of energy, insight and creativity.”
Historically, major change has always occurred at the edges of society. Finding that edge and having it feed back into the practices and culture in order to change larger systems entails learning new habits of influence and practices of persuasion that emerge from the process, thereby cultivating a network mindset and leadership through active participation, openness and decentralised decision making. In short, command-and-control – hanging on like the toad – no longer cuts it. And the rapid speed of change means even those who are parked or waiting out their time for retirement may have no choice but to contribute, or learn to enjoy the ride.
Rod Cowan is editor-at-large for Security Solutions Magazine and director of SecurityIsYourBusiness. com. He can be contacted via email: firstname.lastname@example.org
SECURITY SOLUTIONS 025
Government’s Lack Of Respect By Don Williams Governments issue security and emergency advice to the community and private sector operators that can, at times, be both disrespectful and demeaning. The Australia-New Zealand Counter-Terrorism Committee Improvised Explosive Device Guidelines for Places of Mass Gathering April 2016 is one example. Two main issues arise: a lack of understanding of those currently responsible for protecting such places; and a lack of respect for the knowledge and experience that exists in the private sector. There are at least 12 occasions in this particular example where managers are advised to consider factors or undertake tasks which are already their responsibility. Managers are advised to “do what they can to: save and protect life, facilitate the evacuation of those at risk, contain the incident or threat, (and) support emergency response and investigation activities” and “Planning and initiating evacuation should be the responsibility of the incident/security manager”. Managers know that they have responsibility for the safety and security of those on site and they seek to fulfil their legal, contractual, social and moral responsibilities. To suggest otherwise demonstrates a lack of knowledge and appreciation of the capabilities of the private sector. The guidance also states that “Owners and operators of places of mass gathering should consult with local law enforcement agencies when developing their plans.” This is essential, not only so the police can tell the managers what they expect, but so that managers can explain
026 SECURITY SOLUTIONS
the responsibilities, processes, procedures and considerations that they already have in place, and which are designed to protect the business as well as life and property. Consultation could result in a transfer of knowledge – not just oneway directives from emergency services. Government agencies, specifically the emergency services, have undeniable skills, knowledge and expertise that is required when planning for and responding to crises. But, not all knowledge resides within government; in fact, it could be suggested that the larger knowledge base is in the commercial, professional and academic libraries. Security is a management discipline in its own right, with a wealth of research and literature. Few government employees are members of the relevant security, emergency or facility professional organisations and even fewer have internationally recognised certifications such as Certified Protection Professional (CPP), Physical Security Professional (PSP) and Certified Facility Executive (CFE). Such certifications are becoming the standard in the corporate world, both as recognition of knowledge and experience, and as showing commitment to ongoing professional development. It would appear obvious that the authors of government advice would approach the major professional bodies, seek the advice of recognised subject matter experts and avail themselves of the wealth of information held in the professional libraries and academia. There are protestations that consultation is undertaken. But, going back
to the Improvised Explosive Device Guidelines for Places of Mass Gathering example and talking to the Facility Management Association of Australia (FMA), Venue Management Association (VMA), ASIS International, Australian Security Industry Association Limited (ASIAL) and the relevant organisations, no one who was consulted was identified. The result is that government produces advice that does not reflect current best practice, does not include the latest research and does not best help the corporate sector manage the issue raised. Perhaps government advice should be limited to the role and functions of government entities such as the emergency services? If the advice is to be broader, then it must recognise and respect the knowledge, skills and experience of the private sector. In return, the private sector must represent best practice; that is, be professional. It is up to managers to generate the respect they deserve and to ensure they have the skills and knowledge to underpin that respect.
Don Williams CPP RSecP ASecM can be contacted via email: email@example.com
THE ALL-NEWTXF-125E BATTERY OPERATED QUAD BEAM Introducing the eagerly anticipated TXF-125E; a high performance Quad Beam sensor designed for battery operation - perfectly suited for rapid deployment in creating temporary or permanent secure perimeter intruder systems. With 4 selectable frequencies, multiple beam sets can be used without crosstalk, whilst adjustable detection distance allows a single beam set to be re-deployed in a variety of installations throughout its operational life. Two 3.6V (17Ah) batteries power each unit for up to 5 years of service.
ACTIVE IR BEAMS The ultimate in trouble free perimeter detection for distances up to 200m outdoor / 400m indoor.
+61 (3) 9544 2477
HIGH-MOUNT PIR Triple mirror optics for maximum detection performance at 2 to 6m.
BEAM TOWERS Rugged floor and wall mounted enclosures in 1/1.5/2/3m heights.
INDOOR PIR Spot, 360°, wide angle, and curtain detection from 2 to 4.9m height.
OUTDOOR PIR Hard-wired or battery operated outdoor PIR up to 180° x 12m .
1300 319 499 csd.com.au www.takex.com
TAKEX AMERICA SECURITY SOLUTIONS 027
VIC: Mulgrave, Tullamarine NSW: Northmead, Waterloo ACT: Fyshwick QLD: Loganholme SA: Marleston WA: Balcatta
EVENTS Total Facilities 29–30 March 2017 International Convention Centre, Sydney Total Facilities presents two days of discussion and discovery for FM and like-minded professionals. It combines Australia’s largest offering of innovative facility products and services with forward-thinking strategies to optimise facility and workplace performance. A thriving exhibition floor featuring over 150 leading brands will showcase real solutions to meet operational challenges, whilst freeto-attend educational seminars offering bold perspectives and latest FM thinking will raise methodologies to drive business performance. Join Australia’s largest community of FM minds for unrivalled networking and engaging discussion for enhancing our living-working environments.
Learning options Three categories of attendance have been devised to provide attendees and their organisations with flexibility and return on investment: 1. Conference: for senior and aspiring leaders in need of the most complete learning experience, including keynotes, masterclasses, executive sessions and exhibition access. 2. Training: for team members and managers seeking to gain focused, practical skills with well-defined learning outcomes. 3. Show Pass (exhibition + technology & solutions track + career centre): for professionals primarily interested in dialogue with leading innovators and advisors about designing future-proof security solutions and professionals seeking advice and experience sharing to boost their security management career
For more information visit: www.totalfacilities.com.au
Visit www.asiseurope.org for full details on the packages available and applicable fees.
ASIS Europe 2017 From Risk To Resilience 29–31 March 2017 Mico, Milan, Italy
ISC West 5–7 April 2017 Sands Expo Centre, Las Vegas
At a time when the Internet of Things is making established lines of responsibility obsolete and the risk of terrorism and political turmoil mean physical threats remain all too real, ASIS Europe 2017 tackles the most challenging issues. Cyber-physical threats in hyper-complex, connected environments are the core themes of the event. ASIS, as a global community of security practitioners tasked with the protection of assets – people, property and information – is uniquely positioned to deal with enterprisewide risks. If you are responsible for keeping organisations secure, sustainable and resilient, join ASIS in Milan in March 2017.
ISC WEST is the largest security industry trade show in the US. At ISC West you will have the chance to meet with technical reps from 1,000+ exhibitors and brands in the security industry and network with over 28,000 security professionals. Find out about new and future products and stay ahead of the competition. Encompassing everything from access control to Facial Recognition software, you are sure to find products and services that will benefit your company and clients. This year don’t miss our new IT Pavilion featuring the latest cyber security solutions.
028 SECURITY SOLUTIONS
Working with SIA, ISC also features world class education to learn about every facet of the security industry. For more info on SIA Education@ISC visit: www.iscwest.com
Safeguarding Australia 2017: Turning Points in Security 3–4 May 2017 QT Canberra, Canberra Competing priorities, growing threats and increasing complexity will continue to present fundamental challenges to Australia’s national security agenda in the coming years. Public and private security professionals – policy makers, practitioners and providers – will be forced to address a wide range of issues which have developed over recent decades and continue to grow, such as violent extremism, cyber threats (from lone and state actors), border control and legislation. In coming years, they will need to also contend with the security issues inherent in societal issues, adding known-unknown dimensions to an already complex national security agenda, most notably an ageing population, technology creeping into all facets of life and diversity in the workplace reflecting an increasingly cosmopolitan society. Safeguarding Australia 2017 will help face those challenges and shape the security agenda, by taking on its most demanding theme to date: Security at a Turning Point – Innovation, Leadership and Diversity. For over 14 years, the Research Network for a Secure Australia (RNSA), a not-for-profit network of security policy makers, professionals and academics, has gathered at the Safeguarding Australia annual national security summit to hear from high-level speakers representing both government and corporate
Recognize and Analyze How often was he here this month?
Is he a known suspect?
How old is she?
Are they employees?
When, where did she enter?
Is this valued customer Mia Clark?
How many people are here? Is it too crowded in this area? New: Recorded media import and advanced investigation tools upload sets of videos recorded at a specific location and time to track possible participants in a crime find a person enrolled in an image database or search for an unknown person locate appearances in multiple videos make use of filters that specify age ranges, gender, ethnicity and glasses
FaceVACS-VideoScan uses premier face recognition technology to detect and identify persons of interest while computing demographic and behavioral data, supporting security staff, marketing teams and operations management.
SECURITY SOLUTIONS 029
EVENTS viewpoints, exchange ideas, debate issues, and learn about techniques, cases studies and ground-breaking research, to meet the security challenges of today and the solutions for tomorrow. In addition to briefings on current policies, trends and activities, Safeguarding Australia 2017 will go further by drawing on local and international experts to examine three overarching themes affecting the way security and risk is managed to protect the nation, namely: 1. Innovation – exploring knowledge around technology, standards and research. 2. Leadership – focusing on the next generation, the greying population and education. 3. Diversity – in particular, the role of communications as a security tool addressing disparate ethnicities, genders and culture. In addition to a pre-conference workshop currently being designed, Safeguarding Australia 2017 will begin by outlining current challenges and activities and lead into defining future directions and solutions. Safeguarding Australia is the only high-level conference run by and for leading thinkers, policymakers and practitioners in the national security domain, working across wholeof-government at state and federal levels, including law enforcement and intelligence agencies, as well as engaging with corporate and private security practitioners and providers. Past attendees and current bookings include: • senior representatives from security, intelligence, military and law enforcement • risk and security managers and consultants • agency security advisors • critical infrastructure owners and operators • engineers, scientists, technologists, researchers and academics
030 SECURITY SOLUTIONS
• corporate and business executives responsible for security and risk. Visit safeguardingaustraliasummit.org.au for more information.
IFSEC International 20–22 June 2017 ExCeL London The global stage for security innovation and expertise IFSEC International is the biggest security exhibition in Europe taking place over three days between 20 to 22 June 2017 at London ExCeL. IFSEC welcomes over 27,000 global security professionals to experience the latest technological innovations and hear from industry leaders – all under one roof, over three days. The event caters to everyone within the security buying chain from manufacturers, distributors, installers, integrators and consultants to end users. With over 600 exhibitors showcasing over 10,000 products, you will be able to find the perfect security solution your business is looking for. There’s more to it than just security. IFSEC International is co-located with FIREX International, Facilities Show, Safety & Health Expo and Service Management Expo, catered for those working across many platforms in building management and protection of people and information. For more information or to register please visit www.ifsec.co.uk
Security Exhibition & Conference 2017 26–28 July 2017 International Convention Centre, Sydney In 2017 the Security Exhibition & Conference is heading back to Sydney to the brand new International Convention Centre. This stateof-the-art precinct over looks beautiful Darling Harbour and is a short walk away from Sydney’s vibrant city centre. The new venue features a total of 35,000sqm of exhibition space presented in a smart, stacked layout to capitalise on the inner-city location and provide much improved loading facilities. Plus the halls feature customised registration and ticketing areas and dedicated meeting rooms. ICC Sydney will be Asia Pacific’s premier integrated convention, exhibition and entertainment precinct, underpinning Sydney’s position as one of the world’s most desirable meeting and event destinations. The entire team is looking forward to reuniting the industry once again in sunny Sydney where Security 2017 will connect more than 4,500 security professionals with over 150 leading suppliers. For over three decades the event has provided a showcase for new and innovative security technologies and solutions. Whether you are looking for a solution to protect your property, people or assets, the Security Exhibition & Conference provides the opportunity to discover the solution that is right for your organisation. Make sure you put July 26–28 in your diary; and we look forward to seeing you again in Sydney for the Security Exhibition & ASIAL Conference! To register now visit securityexpo.com.au
TALL. FAST. STYLISH. Our award winning speedgates combine state-of-the-art optical technology with a high barrier height to protect your building.
• • • •
Barrier heights up to 1800mm Fast throughput (up to one person per second) Ideal for Disability Discrimination Act compliance Choose from a number of models, including the LX, SPT, SG, IM or LG • Custom pedestals with an array of attractive finishes EASYGATE LX
Find out which security gate is right for you.
1300 858 840
FULL HEIGHT TURNSTILE
The Growing Threat Of Terrorism In Australia
By Dr David Wright-Neville The recent release of the respected 2016 Global Terrorism Index carries some worrying implications for Western nations such as Australia. Of particular concern is the increasingly migratory nature of the kind of fury that inspires terrorism in other parts of the world. The report drives home the point that, in the 21st century, anger does not need a passport. It travels quickly and efficiently so that resentments fuelled by events in, for example, the Middle East, increasingly merge with local frustrations to form a highly combustible rage that has erupted in the streets of Paris, Nice, an Orlando nightclub and other spaces once considered safe. Although much of this increase in terrorist violence in the West has been inspired by Islamic State – 18 deaths caused by ISaffiliated attacks in the Organisation for Economic Co-operation and Development (OECD) countries in 2014 rose to 313 deaths in 2015 – it would be incorrect to credit the group as the only reason for the growing incidence of terrorism in the West. Terrorism has been trending upwards globally for over a decade, a development from which Western countries have not been immune, as witnessed by tragedies such as the attacks on the public transport systems in Madrid (2004) and London (2005) – killing 192 and 56 people respectively – the killing of 77 people in Oslo by the right wing extremist Anders Breivik (2011) and, among others, the Boston marathon bombing (2013). Over this period, there have also been a series of near misses with a combination of good luck and good police and intelligence work avoiding mass casualty attacks in places ranging from Copenhagen to Times Square. And, of course, Australia has not been immune from this trend, with a series of smallscale terrorist attacks and a few larger scale strikes interrupted by police and security services before being carried out, suggesting that like comparable Western nations, terrorists reside among Australians and public spaces no longer offer protection. Just a small sample of these incidents occurred in September 2014, when the 18-year-old Numan Haider was shot and killed by police after stabbing two officers outside a Melbourne police station. Several months later in December, a refugee from Iran, Man
Haron Monis, took 17 people hostage in the Lindt café in inner Sydney, resulting in three deaths (including Monis). Then in February 2015, two men from Sydney (a 24-year-old and a 25-year-old) were arrested and charged with preparing to commit an act of terrorism. A homemade Islamic State flag was discovered in their possession. In May 2015, a 17-yearold boy from the outer Melbourne suburb of Greenvale was arrested after being discovered in possession of homemade bombs. This was followed in October 2015 when a 15-yearold Iranian-born Kurdish refugee shot dead 58-year-old accountant Curtis Cheng outside the Paramatta police station in Sydney. More recently, in September 2016, a 22-year-old student was arrested after allegedly stabbing a pedestrian in a park in the Sydney suburb of Minto – a copy of the Islamic State’s online magazine Dabiq was reportedly found on his computer. Although not on the same scale as attacks in Western Europe and the United States, the attacks in Australia have nevertheless impacted significantly on the national psyche and rendered the threat of terrorism as an organising principle for many aspects of public policy. In many respects, Australia’s reaction to the threat of terrorism can be explained by the nation’s comparable lack of experience with terrorism. Until the events of 9/11 – when 11 Australians were among the 2,996 people killed – the nation had been relatively immune from the threat. Small, isolated acts in the name of Irish nationalism during the late 1800s; an attack on a picnic train by two Turkish nationalists near Broken Hill on new year’s day 1915; a series of bombings and shootings targeting Turkish, Yugoslavian and Jewish interests in Sydney and Melbourne in the 1970s and 1980s; the 1978 bombing of the Sydney Hilton during the Commonwealth Heads of Government Meeting (CHOGM), and a series of small-scale arson attacks by white supremacist groups in the 1990s meant that acts of terrorism were small and rare compared to equivalent Western societies in Europe and North America. But since 9/11, Australians have changed the way they think about their safety, about the right of government to pry into their private affairs in the name of security, and in the
way they treat people of different faiths and backgrounds. Terrorism, or fear of terrorism, is now firmly embedded within the Australian consciousness and is a fixed part of the political landscape. It now informs Australia’s foreign policy, its willingness as a society to trade away key rights for the dubious promise of ‘safety’, its approach to refugees and asylum seekers, and even local planning laws (witness the long debate over the construction of a mosque and Islamic cultural centre in the small Victorian rural town of Bendigo). In the wake of these episodes, it is now understood that a terrorist might be the young person at the tram stop, a neighbour’s teenage son, a nephew or niece, or sadly for a growing number of parents, even their own children. Yet despite this, many Australians continue to labour under a troika of misperceptions about the nature of the terrorist threat confronting the country. Grounded in hysteria and a seemingly irresistible urge to reduce the complex phenomenon of terrorism to glib clichés and headlines, an informal alliance of politicians and media seem to have become addicted to peddling these non-sequiturs. In short, what is needed is a calmer approach to discussing the nature of the threat faced by Australia, beginning with the dispelling of three enduring myths. Myth 1: Terrorists hate Australia for its way of life In the aftermath of any significant terrorist attack it is common to hear politicians attribute the actions to the terrorists’ ‘hatred’ of Australia’s way of life. People are told that terrorists, particularly those linked to Al Qaeda or Islamic State, hate freedom and democracy and are hell bent on its destruction. This reduction of terrorist motivations to a single obsession glosses over some important nuances and diverts attention from a more detailed and sophisticated understanding of what drives terrorists to kill. Stripping away the surface-level rhetoric of terrorists and examining the life histories of those who commit such acts reveals that the violence is very rarely motivated by any existential contempt for the accoutrements of modern liberal democratic lifestyles. Although they might not agree with the universal
franchise, the consumption of alcohol, licentious behaviour or the wearing of revealing clothing, this disagreement is not enough to trigger the urge to kill. Rather, violent rage is more often based on the belief that the dominance of these lifestyles leaves little room for alternatives. In the case of groups such as Al Qaeda and Islamic State, anger with the West is given added momentum by foreign policy where support for repressive regimes in the Middle East is conflated with a general hostility towards Islam and a desire to prevent Muslims from pursuing the kinds of social choices that are taken for granted in the West. This view was articulated clearly by Osama bin Laden himself after the 9/11 attacks when he rejected the view that the attacks were motivated by a hatred of freedom per se but were the result of opposition to American foreign policy. “I say to you that security is an indispensable pillar of human life and that free men do not forfeit their security, contrary to Bush’s claim that we hate freedom. If so, then let him explain to us why we don’t strike, for example, Sweden?” he said. The same is true of Islamic State and its recent attacks by its supporters’ targets in the West. It is important to note that until the commencement of the Western-led bombing campaign in August 2014, the group’s message focused on trying to attract Western recruits to assist in consolidating the so-called caliphate declared by its leader Abu Bakr al-Baghdadi. This only changed with the commencement of Western-led airstrikes and overt Western actions designed to roll back Islamic State’s successes. Of course, this is not to argue that the international community, particularly the West, should not have involved itself in the struggle to defeat Islamic State, whose grotesque use of violence posed both a moral and political challenge to the entire international community. But it is wrong to argue that Islamic State’s actions against the West are motivated by an existential hatred of Western society and a desire to obliterate democratic freedoms in the West. Myth 2: Terrorists are insane Another myth about terrorism is that those who perpetrate the violence must be insane
or in some way mentally impaired, with the most common diagnoses suggesting either psychosis or paranoid or narcissistic personality disorders. Until very recently, there was no evidence to support this view. In fact, most research suggested that the vast majority of terrorists were as ‘sane’ as ordinary members of the public. Some research even suggested that the rate of psychopathological illnesses within terrorist communities is slightly lower than their incidence among the general population. This research makes sense when the difficult circumstances under which terrorist groups exist are considered – the need to remain alert to police and intelligence operations militates against the presence of mercurial personalities within terrorist networks, particularly those prone to erratic or unpredictable behaviour likely to attract the attention of the authorities. It is true that some research suggests this might be changing with the growing phenomenon of lone wolfs and solo actors. The development of digital communication technologies and the associated emergence of virtual terrorist communities has certainly opened a space for personality types which in previous times would not have struggled to find a place within terrorist groups. However, research in this area is still in its infancy and a clearer picture is still some time away. Myth 3: Religion causes terrorism As demonstrated by the research of Peter Neumann and others, a large number of those fighting for Islamic State have been attracted to the organisation, not because of its religiosity – for they themselves are often religiosity illiterate – but because membership addresses deeper feelings of inadequacy and social impotence. Whereas once they felt powerless and weak, as part of Islamic State they feel empowered and important, imbued with a social significance and authority they could never have dreamed of in their previous mundane lives. In other words, it is not religion per se that fuels their violence; it is a complex set of grievances and psychological dispositions that are given a veneer of religiosity through their attachment to a highly selective use of Islamic thought. In the same vein, it would be wrong to blame Christianity as a whole for the actions
of Eric Rudolph, the man convicted of the Atlanta Olympics bombing and a series of attacks against abortion clinics and a lesbian bar, despite his affiliation with the shadowy Army of God. Rather, Rudolph – a loner with long-standing grievances against women and homosexuals – was angry and primed for violence before gravitating towards a terrorist network whose warped interpretation of Christian scripture provided a pseudo-religious justification for Rudolph to act out his preexisting anger under the guise of religiosity. Reducing terrorism to these myths partly explains why after over 10 years of the incremental erosion of human rights and civil liberties in the name of security – the so-called freedom-security trade off – the nation is no safer. Indeed, the data released by the Institute for Economics and Peace suggest the nation is at greater risk than ever before. There is no denying that Australia’s police and intelligence services do an outstanding job in anticipating and eliminating threats as they emerge. But it is also true that they remain hamstrung by a lack of political and social leadership and are more often than not reactive rather than proactive when dealing with the terrorist threat. This lack of leadership is epitomised by the ease with which political leaders and journalists retreat into the easy stereotypes discussed above. Holding to these myths not only obviates the need for deeper reflection and more honest explanations about the complexity of the threat, but also feeds a public expectation that defeating terrorism is simply a matter of killing, capturing or incarcerating irrational fanatics who hate Australians for their way of life. But this is precisely what Australia has been trying to do for more than a decade and, despite its efforts, the threat continues to grow. Surely it is time for a more honest public discussion about the complexities of the challenge that confronts Australia.
Dr David Wright-Neville is a Senior Political Risk Analyst at Globe Communications. He can be contacted via email: firstname.lastname@example.org
SECURITY SOLUTIONS 035
CPTED: The Glue That Holds Security Programs Together And Provides A Unified Sense Of Purpose
036 SECURITY SOLUTIONS
By William Nesbitt
Crime Prevention Through Environmental Design (CPTED) as a security strategy has been steadily on the rise for the last 30 years or so. CPTED affects human behaviour by affecting perceptions. The goal is to discourage negative behaviour, while encouraging positive behaviour. This notion is very much in line with the behaviour modification theories of B.F. Skinner (the father of behavioural psychology). By design, CPTED is intended to evoke behaviour modification. CPTED methodologies are applicable to both internal and external environments. The threat of internal criminality has long been the downfall of a variety of business enterprises. External criminality can affect public perceptions, which may also result in business failures and losses affecting reputation, including premises liability lawsuits. CPTED has the capacity to have a positive impact and discourage negative behaviour. This is the psychology of CPTED – the reinforcement of positive and desirable behaviour.
The application of CPTED principals, like most security strategies, is to ensure that the result produces the outcome that the whole is greater than the sum of the parts. This means that CPTED should become the linchpin forming the basis for a holistic and synergistic security program; it should be an integral component of every security program. Crime prevention programs are effective only when they are perceived as legitimate. Video surveillance that is not monitored in real time will quickly lose utility and legitimate deterrent to criminal behaviour. Security technology lacking
a CPTED environment will quickly be rendered impotent. For those who doubt this assertion, just try watching the sixo’clock news some night. CPTED is applicable to many verticals, such as schools/universities and houses of worship. It is applicable to high-rise buildings, sports and entertainment venues and residential communities; to manufacturing enterprises, the biotech industry and healthcare facilities, along with shopping malls and office parks. The bottom line is that CPTED is a strategic adjunct to any security program and is a reasonable methodology to deter both the internal and external threat of criminality. To put it another way, the lack of CPTED may render otherwise effective security programs impotent, especially those enterprises that afford public access. CPTED is also applicable to internal environments such as supply chain facilities, hospitals, hotels and shopping malls. Storerooms and warehouses that appear to be in disarray and exude a perception of poor housekeeping and maintenance send a message of permissiveness and wanton disregard. The great thing about CPTED is that once one understands the fundamental components of the discipline, the situational application of these principals is only limited by one’s imagination. For anyone considering the inculcation of CPTED strategies, the best place to start is at the property line. When employees understand the application of CPTED values, they can actively become part of the solution. A few months ago, we had the opportunity to work with a large hospital group. One of the thematic architectural design features of most of these hospitals was the prodigious use of glass. This design feature produced 360 degrees of natural surveillance. I subsequently suggested that employees be encouraged to observe the surrounding
SECURITY SOLUTIONS 037
environs by looking for suspicious persons. Anytime such persons were observed, we encouraged them to contact the security team to check out those identified individuals. Obviously, 95 percent of those identified were legitimate visitors to the campus. Most times, the security officers simply offered good customer service. However, the implicit message to potential perpetrators was, “We are paying attention”. Natural surveillance became a proactive tool. The components of effective CPTED design include: • good lighting (preferably LED) • landscape maintenance (minimising areas of concealment) • unobstructed fields of view • wayfinding by design (external and internal) including the identification of restricted areas • establishment of recognisable boundaries and property lines • redundancy (circles of protection) for high-value/restricted areas.
The Security Solution Hierarchy, depicted here, represents a hierarchical approach to the development of a practice and effective security program. The hierarchy presents a progression of security strategies, moving from the least costly to the costliest (security personnel). Depending on the ambient threat environment, all levels may not be required. Please note that CPTED is the first level of the hierarchy. It is also the least costly over time. In some cases, CPTED may suffice. The great thing about CPTED is that, once it is understood, its dimensions are boundless, limited only by the inability of creative thinking.
038 SECURITY SOLUTIONS
CPTED has the capacity to have a positive impact and discourage negative behaviour. This is the psychology of CPTED – the reinforcement of positive and desirable behaviour.
Finally, the essence of almost any successful security program is proactive employee participation. Employee participation does not occur in a vacuum. The values and participative aspects of successful security and loss prevention programs require training and ongoing reinforcement. If employees are asked to be aware of suspicious people they must be given the skill sets to do so. If CPTED programs are to attain maximum effectiveness, the role of each employee must be defined. Consider this scenario: Assume there are two strip malls across the street from one another. Mall One is unkempt and looks neglected – there is trash blowing about the car park, the landscaping is overgrown and not maintained, some of the overgrown vegetation conceals a homeless encampment, some of the lights are not working and there are cracked windows here and there. Across the street, Mall Two is pristeen, well maintained and well lit. There are no signs of graffiti or broken windows and the perimeter of the mall is well defined by a well-trimmed border
hedge. Shop owners are provided with basic crime prevention training. Which of the two has more criminality, all other things considered equal? Finally, CPTED is very cost effective because it will negate the need for more costly traditional security modalities, and ensure that those more traditional modalities are more effective. Inversely, a well-designed security program will likely be marginalised if it is lacking CPTED. With just a little imagination, CPTED can be a positive adjunct to almost every aspect of any security program, including access management, perimeter control, asset and inventory protection, and it can even provide a positive contribution to workplace violence mitigation. CPTED design will also help to mitigate premises liability claims. Among the plethora of security measures, CPTED is likely the most cost effective. William H. Nesbitt, CPP is a certified CPTED practitioner and is president of Security Management Service International, Inc. (www.smsiinc.com). He can be contacted via email email@example.com
ZKTeco Biometric technology, the next generation of access control is at your finger tips. Make your life sparkle with biometric innovations
EDUCATION | HEALTH | GOVERNMENT | FINANCE | HOSPITALITY | OFFICE SUPPLY | CHAIN RETAIL RESIDENTIAL | CONSTRUCTION | PROPERTY MANAGEMENT | REAL- ESTATE | PUBLIC FACILITIES Standalone Bio Finger RFID Backlit Keypad Face Recognition Finger and Vein
IP based Door Access Control Management C3 â€“ 100/200/400 TCP/IP and RS-485 communication Built -in auxiliary inputs and outputs Advance access control functions 1 door, 2 door, 4 door models Lift controls and Expansion boards
www.mainline.com.au VICTORIA 221 Nepean Hwy Gardenvale, VIC 3185 +61 3 9596 6688
QUEENSLAND 54 Caswell St. East Brisbane, QLD 4164 +61 7 3891 2222
www.zktecoaustralia.com.au WESTERN AUSTRALIA Unit 8/14 Halley Rd Balcatta, WA +61 8 9344 2555
SECURITY SOLUTIONS 039
Post-Trauma Stress: Officer Wellbeing Post Confrontation [ Part 2 ]
By Richard Kay Part one of this two-part article introduced readers to the diagnostic criteria of posttraumatic stress disorder (PSTD) and the range of emotional reactions officers may experience after a traumatic event. As discussed, while officers may have little control over when confrontations occur, they do have control over how they respond to these events before, during and after. This article concludes the discussion by considering the debriefing process and protocols to follow post-incident. Debriefing A debriefing is any post-event discussion that assists officers to come to terms with and learn from it. Hopefully, it helps to gain closure so the event will not continue to cause emotional distress. An informal debriefing can be a discussion that arises spontaneously post event, while a formal debriefing is organised and facilitated to ensure it helps everyone. There are two primary functions of a critical incident debriefing: 1. It is needed to reconstruct the event from the beginning to the end, to learn what was done rightly/wrongly and to help develop operational lessons. 2. It is a time to put everyone back together. There might be memory loss, memory distortion, irrational guilt and a host of other factors that cloud the ability of the officers to deal with everything that happened. Debriefing is a tool to sort out these matters, and to restore morale and unit integrity. It can make lives healthier and sometimes it even saves them. The first objective is to capture and preserve the event in the minds of the participants, so the information can be dissected and everyone can learn from what happened. The first step in maximising memory retention is to have everyone involved make a report immediately after the occurrence. To get detailed information, participants need to be kept calm and collected. From the very beginning, the goal is to delink the memory from the emotions. Initially, participants should be removed from where the stressful event took place, as there are many associations there that can act as powerful stressors. Sometimes, for legal purposes, investigators are
concerned about ‘contaminating’ the memory process. In those situations, encourage everyone involved not to rehash the event with others, but rather go home and get a good night’s sleep to help recover additional memory. Sleep helps them achieve a calmer mental state, which in turn helps them consolidate information into their long-term memories. The next day, a second interview can be conducted, and then they can conduct their own informal debriefings with each other. To prevent their memories from being contaminated, instruct the participants not to read the paper or watch the news. After the first night’s sleep, an interview can be conducted at the location, but it may be necessary to help the participants separate their emotions from their memories. Anticipate that the interview might have to be stopped to help an especially emotional person through the tactical breathing process, because by returning to the scene, the participants are exposed to memory cues that facilitate their recall of how the event unfolded. Objects that seem to be inconsequential to people who were not involved just might provide the missing link that brings all the information together. The day after the incident, agencies should conduct a group ‘critical incident debriefing’. Everyone involved in the incident should attend. The idea of a group critical incident debriefing is to ‘get back on the train’ and derive specific memory cues from each other. All this is not without its flaws. A process called ‘memory reconstruction’ is unavoidable in a group debriefing. What happens is that some participants reconstruct, or fill in their missing pieces of memory with information learned from other participants. The mind hates a vacuum, so they might fill in the gaps and ‘remember’ it as if it had actually happened to them. Some degree of memory reconstruction is inevitable, but the group debriefing is still the best possible tool for giving participants accurate information to help them remember, for helping them learn from mistakes, and for helping them on the path to returning to normal after a horrific incident. Consider conducting a second debriefing 24–48 hours later. This allows participants to get another night or two of sleep, which often provides for further memory consolidation.
An informal debriefing can be a discussion that arises spontaneously post event, while a formal debriefing is organised and facilitated to ensure it helps everyone.
The first thing officers must understand is their obligation to participate in a critical incident debriefing. Unmanaged stress is a major factor that can destroy officers and devastate their families. PTSD is ‘the gift that keeps on giving’. When officers are impacted by stress symptoms, their families are also impacted and if it is left unchecked, they will continue to be affected in the years to come. One key tool to prevent PTSD is the critical incident debriefing. There are always those people who say something like ‘Debriefing? I do not need a debriefing!’ But the debriefing is not necessarily for them; it is for their colleague, partner, spouse and their children. It is important to let participants know that any thoughts or reactions they experienced during a critical incident debriefing are okay. Once they realise that the physical and emotional responses they experienced are normal, then they are more likely to relax and open up, and these reactions no longer have the power to hurt officers. The most important objective of a debriefing is to separate the memory from the emotions, delinking the memory of the event from the sympathetic nervous system arousal. Officers need to make peace with that memory, so that it does not haunt them. As the debriefing unfolds and they work their way through the memory of the event, know that anything and everything is permitted, except anxiety. Post-Incident Protocol After surviving a force response encounter, many officers are further traumatised in word and deed. Because of the treatment they receive, they feel betrayed and abandoned by their own people, and the psychological injuries they experience can hurt more than their physical injuries. Often, fellow officers unwittingly inflict trauma because they do not know how to appropriately relate to a colleague who has been involved in a critical incident. Here is a post-event protocol that will heal rather than harm: First words: The initial response by peers and command staff should be, ‘I am glad you are safe’. This suggests concern, care and support and very effectively eases the immediate emotional trauma that the involved officer may be experiencing.
Make contact: Avoiding an officer after an incident may make him feel he has done something wrong. Sometimes peers are ordered not to contact the officer so as not to damage an investigation, but this leaves the officer feeling alone and anxious. At a minimum, if the incident cannot be discussed or others do not know what to say, they should give the officer a handshake, a hug, or an understanding nod. These nonverbal gestures can be a powerful indication of support. Avoid second guessing: No one was in the officer’s shoes during the incident; no one saw it evolve from his perspective. Others may think they would have acted differently, but no one knows for sure how they will act in a violent encounter until they are actually in one. Do not second guess another officer’s actions, and discourage him from second guessing himself. He likely had only milliseconds to make his decisions, and usually on only partial information. Second guessing could lead to dangerous hesitation the next time around. Share experience: Those who have been in a similar critical incident should lend an empathetic ear and share their experience. They can help normalise how the officer is thinking, feeling and acting. If the officer is having some adverse reactions, it is particularly important to emphasise that he is not crazy but is responding normally to an abnormal and crazy event. Officers that have had counselling after an event can ease another officer’s concerns about ‘seeing a shrink’. Watch humour: Black humour is traditionally used as an effective coping mechanism in everyday life. But after a critical incident, be sensitive to the effect of humour on an involved officer. Use restraint: Do not lionise the officer – he may not feel heroic, especially if he had to take a life. At the same time, do not dehumanise the subject who forced the officer into responding – especially if the officer had eye contact with the subject as he was injured or dying, the officer may see the subject in very human terms and resent denigrating comments. Encourage talking: Do not allow the officer to withdraw from the world. When that happens, intrusive thoughts about the incident tend to become overwhelming. For legal reasons, it may be best to avoid discussing details of an incident,
The first thing officers must understand is their obligation to participate in a critical incident debriefing. Unmanaged stress is a major factor that can destroy officers and devastate their families. but without pressuring him, be ready to actively listen and not judge while the officer unloads about his emotions. A subject can potentially leave psychological skeletons in an officer’s emotional closet. Helping the officer unload emotional garbage by encouraging him to talk can be very beneficial. Talk over coffee, though, not over alcohol. Show respect: An officer surviving a threat to his life deserves to be honoured with dignity and respect, not in the manner of bitterness and resentment. He has followed his training and survived the most extreme of threats to carry out the duty bestowed on him to ensure public safety. These are important and require an openness and sensitivity that many officers find challenging if not downright intimidating. There is no hesitation is responding to an officerneeds-assistance call on the street. Officers will risk injury and even death to save another person’s life. But when a response is needed to an officer-needs-emotional-assistance call, it is often a different matter. That is something to think about, because responding appropriately to that kind of call is sometimes exactly what is needed. Richard Kay is an internationally certified tactical instructor-trainer, Director and Senior Trainer of Modern Combatives, a provider of operational safety training for the public safety sector. For more information, please visit www.moderncombatives.com.au
SECURITY SOLUTIONS 043
044 SECURITY SOLUTIONS
Presenting CCTV Evidence In Court: A Case Study
SECURITY SOLUTIONS 045
By Gary Palmer
With Internet Protocol (IP) and highdefinition (HD) CCTV now a part of everyday life for residential, retail and corporate business, it is more important than ever that the fundamentals of basic operation and system objectives are met. If not, the likely outcome will be a very expensive set of electronics that now provides little or no useful information to prosecute an offender. As an example, and to highlight the issues related to providing useful CCTV, the following scenario will be of benefit when designing, installing and maintaining a surveillance system. A few years ago at a licensed premises, which included a gaming facility, there was a confrontation between two individuals resulting in the death of one. Almost all of the activity was captured successfully on an analogue digital video recorder (DVR). The DVR was recovered and removed from site by police and a technician. To fully secure the evidence, the unit was stored in a secure vault within the court complex. At the time, we suggested to police that a backup be made of all video data for the full 24-hour period surrounding the incident from all 16 cameras on-site in case of a hard disk failure while the unit was in storage. Following consideration by police and the court, a copy of the video data was transferred onto a new hard disk drive supplied by police. During the process of backing up video data, the supervising officer (also the officer that attended the venue on the night of the incident) asked how best to ensure that the DVR would be fine and ready for use in court when the need occurred. This posed a number of issues. The question was raised regarding how long might it take before the evidence on the original DVR could be presented. The answer was understandably vague, as the processes involved in preparing the case, which involved both police and the court, were very detailed and would take considerable time to complete. The main issues surrounding the preservation of the DVR were as follows: • that the unit not undergo any significant
046 SECURITY SOLUTIONS
or unnecessary movement • under no circumstance could the unit be dropped during relocation • the unit should not be opened or manipulated unnecessarily in any way. The last point triggered a bigger issue that had not been considered previously. All of the people involved in the handling and storage of the DVR to this point were supremely confident that the data stored on the original unit was intact and that it was encrypted and watermarked in such a manner that would be acceptable for use in a court environment. They could also be reasonably confident that the unit would not need to be moved or relocated and certainly not dropped. The unit was tagged appropriately and boxed with its polystyrene packaging and carton and stored securely, so “all should be well when we get to court” we all said with a sigh of relief. We shall return to this particular incident in a moment. After a couple of weeks had passed, a shoplifting incident occurred at an unrelated site and video data was backed up from the ageing DVR and provided to police. It was noted during the process of completing the on-site backup that, although the incident had occurred during daylight savings time, the DVR had not automatically updated its time correctly as the time server IP address in the DVR was no longer valid. Upon further investigation, it was found that the CMOS battery on the motherboard was dead, resulting in the time and date on the unit being reset to the unit’s default, most likely following a complete power re-boot. This initially triggered some concern about the ability to retain secure video data on older models of DVRs. However, further thought led us to explore the necessity of ensuring that systems are maintained in a manner that would reduce the risk of unreliable video evidence. This incident immediately prompted concern regarding the previously discussed DVR, which was being held for evidentiary purposes by the court, with my immediate thought being ‘what if’. A concern which would very soon become pertinent.
Contact was made with police to point out that if the DVR in question was going to be held in a secure evidence store for an extended period of time, the CMOS battery might fail, which would not corrupt any of the existing video data on the drives, but could and probably would reset the system time to the default 01-01-2000. Furthermore, on power up, the unit would begin recording from that date. Therefore, surely when the unit was used in court to provide evidence, the recorded video history would clearly show that the most recent video data recorded appears to be up to eight years older than the video being presented for evidence. Did this render the video evidence of the incident unusable or unreliable? It was decided that during the lead up to trial, the DVR would be periodically brought out of the evidence store and run up in a secure environment within the court facility with a police and court witness present at all times. This would ensure and confirm that the DVR would be functional and ready to present the video data recorded at the time of the event from its original source, not a backup. It was also decided that during the trial, I should be available to present factual evidence with regards to the construction of the DVR, the software used to create the recordings and original installation, maintenance, recovery and continued care of the unit. The positioning of cameras on-site was considered at the time of installation and, of course, had evolved during the life of the CCTV system to reflect the growing needs of the venue. We had discussed during the installation that the balance between the length of recorded history and the number of frames each camera would capture each second was a critical decision, but could be easily adjusted over the initial month to get the best possible outcome. The eventual frame rate agreed upon was seven frames per second. It was felt that this would provide around 60–70 days of recorded history and all at a very good motion detect sensitivity. The cameras utilised were of relatively
good quality, with some even being reused when the system was upgraded. The cameras were at least 500TVL day/night, so good images were produced, regardless of the local lighting and weather conditions. A number of the cameras were inside the building and a couple were on the external facade to cover car parks and entry points. The Trial The trial ran over a number of days, with my attendance being required for the duration of the hearing. Although I had attended many court cases to provide support to police or the court, this was the first that involved the death of a person clearly recorded on CCTV. Coincidentally, the camera that captured the final event was not an expensive 600TVL day/night camera with sens-up or clever backlight compensation (BLC) adjustments; it was an older, full-bodied camera in a dome housing that had been installed some years before. My initial court attendance involved being required to re-install the DVR into the actual courtroom where the trial would commence later that day and then training prosecution and defence barristers on the use of the unit’s playback characteristics. I was present when the incident was shown to the court and was then questioned at length on the construction, programming and security of the recorded video data. I was also asked about my personal experience and longevity in the security industry, including my historic knowledge of this particular DVR and software. All of the aforementioned questions were answered with little need for further questioning. However, it should be remembered that when giving such evidence, one must only state the facts and no assumptions may be made regarding any part of the evidence provided and to remain calm and confident in your answers. I would like to say at this point that the idea of having to provide evidence in court is an easy thing to do, but it is not. It is stressful and sometimes disconcerting. The most difficult points to relay to the court were the understanding of video compression (why
does it need to be compressed), frame rate (explaining what might have been missed in the other little bits of that one-second period recorded), motion detection (what bits do not get recorded) and the watermarking of video (security), all of which would have a direct bearing on the final outcome of the trial. To make these points clearly and concisely in a manner that the court could understand, a large whiteboard came in very handy. The outcome of the trial was never going to be positive for the individuals involved, but it proved that the best possible CCTV evidence is a critical component for police and the court to come to a definitive decision. As a result of my involvement with this and other court cases, I have been able to develop a number of key points which need to be taken into account when considering the implementation and maintenance of any CCTV system. They are: • Regularly maintain the system, including camera mounting, cleanliness, focusing and alignment to the subject.
• Check the system time against a known correct source frequently and correct accordingly. • Retain records of system maintenance. • Only use recording equipment that records watermarked images and therefore cannot be manipulated, altered or changed in any way. • Restrict the number of employees that have access to the CCTV equipment. • Provide training to key staff on the use of the system, ensuring they can backup video for police on request. • Remember that the person that provides the video data to police will become a witness; they should have a good understanding of the CCTV system and be able to give evidence of the steps they took to make a backup copy of the video data supplied to police. Some guidance on camera location, purpose and objective is provided below, in accordance with South Australian Police requirements for closed circuit television.
Entrance and exit
Identify all persons entering and leaving the premises
Identify and clearly record actions of customers and staff
Clearly record actions of customers and staff
Pay points (customer side)
Clearly record actions of customers at the payment point
Pay points (business side)
Clearly record actions of staff at the payment point
Clearly record entry and departure of all vehicles
Shop floors/display areas
Identify customers and staff and establish their movements
Determine the date and time of persons and vehicles in the area
Fuel station forecourts
Record images of vehicles and persons re-fuelling vehicles
Fuel station forecourts
Identify all vehicle number plates
Clearly record actions of customers and staff at the counter
Gary Palmer is the general manager/director of AlarmLogic Electronic Security and passes his 40th year in the security industry this year. Gary has spent six years as president of The Security Institute of South Australia (formerly The National Security Association of Australia - SA) and, following many appearances in court to assist in technical-related issues, was appointed as an industry assessor by the Attorney General in the state of South Australia. As such, he is considered by the South Australian courts to be an expert court witness in matters related to CCTV. Gary can be contacted via email firstname.lastname@example.org or call 08 82857455.
SECURITY SOLUTIONS 047
048 SECURITY SOLUTIONS
Building Risk Culture Is Easier Than Making Hot Dogs By Alexei Sidorenko Yes, building risk culture is that easy! Before I explain, let me first clear some misconceptions about risk culture that have been floating around in the nonfinancial companies.
Making decisions under uncertainty is not natural for humans Back in the 1970s, scientists had a breakthrough in understanding how the human brain works, what influences peopleâ€™s decisions, how cognitive biases impact on their perception of the world and so on. Daniel Kahneman and Vernon Smith received a Nobel prize in Economic Sciences back in 2002 â€œfor having integrated insights from psychological research into economic science, especially concerning human judgment and decision-making under uncertaintyâ€?. It is amazing how many risk managers and consultants continue to simply ignore this research. Identifying, analysing and dealing with risks is against human nature. They need to stop kidding themselves. The sooner the professional community accepts this, the easier it will be to integrate risk management into decision making.
SECURITY SOLUTIONS 049
Managers do not take risks into account by default One of the biggest deceptions floated around is that most business processes already take into account risks and decisions that are made by management after careful consideration of risks. Not so. Naturally, managers do consider some of the more obvious risks and there are exceptional cases where risk analysis is already integrated into the decision making. For the other 95 percent of companies, existing processes and management tools barely account for inflation and ignore or purposefully hide significant risks. If risk managers, instead of running useless risk workshops, had a deep hard look, they would soon discover that budgets are overly optimistic, project plans are unrealistic and some corporate objectives are borderline naïve. But then again, maybe not, because the rest of the company is fine with how things are and will do everything to stop risk managers from getting involved.
Making risk management everyone’s responsibility is just wishful thinking There seems to be an idea that strong, robust, risk-aware culture is the ultimate objective. It is the end result. While it sounds great, it is physically impossible. This is why so many risk managers have failed and so many more are struggling to make an impact. They are trying to move the rock that is not meant to be moved. This is probably the most important point of this article: The only person in the company who thinks strong risk culture is a positive thing is the risk manager. The rest of the organisation sees risk management as a direct threat to their personal interests, their income and their position in the corporate world. Most managers ignore risks and take uncalculated risks for a reason. Most, but not all managers, and not all the time. That is where the risk manager comes in, trying to change the culture of certain individuals some of the time.
Risk management culture is not about hearts and minds Hopefully by now, readers realise that management does not care about risk culture. They will still say the right words when the risk manager is present but, deep down, nobody will care. The only chance for risk culture to stick is if it makes business sense for the individuals. This does not mean soft things
050 SECURITY SOLUTIONS
like transparency, corporate governance and other nonsense; it means the direct impact on the bottom line or the personal security of an individual. The best examples of managers suddenly becoming very risk aware are when they can be shown that, by better managing risks, individuals could protect their role, avoid prosecution, have better business case for investors, save on insurance, save on financing costs or to get higher bonuses.
The only chance for risk culture to stick is if it makes business sense for the individuals. So… Takeaway Instead of Hot Dogs? Despite everything above, building risk culture is a piece of cake. Risk managers just have to realise that they will not be able to convert everyone and some people are beyond help. There is also no single solution that will do the job. It is all about finding what makes each individual tick. It is time consuming yes, but not difficult at all. Hence, it can be equally applied by large corporations and smalland medium-sized businesses. Here are some practical ideas to get started: • Develop high-level risk management policy. It is generally considered a good idea to document an organisation’s attitude and commitment to risk management in a high-level document, for example, in a risk management policy. The policy should describe the general attitude of the company towards risks, risk management principles, roles and responsibilities and risk management infrastructure, as well as resources and processes dedicated to risk management. Section 4.3.2 of ISO31000:2009 also provides guidance on risk management policy. • Integrate risk appetites for different risk types into existing board-level documents; do not create separate risk appetite statements. • Regularly include risk items on the board’s agenda. • Consider establishing a separate risk management committee at the executive level or
extend the mandate of the existing management committee. • Reinforce the ‘no blame’ culture by finding a number of arguments for different situations and different people on why it makes more business sense to disclose and account for risks. • Include risk management roles and responsibilities into existing job descriptions, policies and procedures and committee charters, not into a risk management framework document. • Update existing policies and procedures to include aspects of risk management. • Review and update remuneration policies. • Provide risk awareness training regularly. • Use risk management games. • Most importantly, get personally involved in business activities. More ideas about integrating risk management into day-to-day operations and building risk culture can be found in the book that will be available to download next month for free at http://www.riskacademy.ru/en/download/risk-management-book
Alexei Sidorenko is an expert with over 13 years of strategic, innovation, risk and performance management experience across Australia, Russia, Poland and Kazakhstan. In 2014 Alex was named the Risk Manager of the Year by the Russian Risk Management Association. As a Board member of Institute for strategic risk analysis in decision making, Alex is responsible for G31000 risk management training and certification across Russia and CIS, running numerous risk management classroom and e-learning training programs. Alex represents Russian risk management community at the ISO Technical Committee 262 responsible for the update of ISO31000:20XX and Guide 73 since 2015. Alex is the co-author of the global PwC risk management methodology, the author of the risk management guidelines for SME (Russian standardization organization), risk management textbook (Russian Ministry of Finance), risk management guide (Australian Stock Exchange) and the award-winning training course on risk management (best risk education program 2013, 2014 and 2015).
VIC 8th Avenue Watch Co., Emporium Melbourne, 03 9639 6175 | 8th Avenue Watch Co., Westfield Doncaster S/C, 03 9840 6304 8th Avenue Watch Co., Chadstone S/C, 9569 7652 | Temelli Jewellery, Highpoint S/C, 03 9317 3230 | Temelli Jewellery, Southland S/C, 03 9583 2633 | Temelli Jewellery, Westfield Knox City S/C, 03 9800 0799 NSW Lewis Watchmakers & Jewellers, Coffs Harbour, 02 6651 1612 | Melewah Jewellery, Haymarket, 02 9211 5896 | Vintage Watch Co., Sydney, 02 9221 3373 | Hennings Jewellers, Narellan, 02 4647 8555 WA The Watch Spot, Perth, 08 9421 1093 | Leon Baker Jewellers, Geraldton, 08 9921 5451 QLD 8th Avenue Watch Co., Pacific Fair S/C, 07 5575 4883 | Hatton Garden Jewellers, Beenleigh, 07 3287 1230 | Watch Tech, Brisbane, 07 3012 7023
SECURITY SOLUTIONS 051
052 SECURITY SOLUTIONS
THE SHAPE OF THINGS TO COME Mapping the future Of Security Technology
SECURITY SOLUTIONS 053
By John Bigelow Nobel Prize-winning physicist Niels Bohr once remarked, “It is difficult to make predictions, especially about the future.” Although the Danish physicist passed away in 1962, his somewhat comical observation is no less true today than it was when he won his Nobel Prize back in 1922. In fact, with the pace of technological innovation continuing to increase exponentially, especially over the last 20 years, predicating ‘the next big thing’ with any great certainty is arguably becoming more and more difficult. Cutting-edge technologies rise only to fall to the wayside before reaching completion in favour of newer, more exciting, reliable and affordable solutions to the same problem. That said, the security industry appears to be one of the few exceptions to this seemingly inexorable technological evolution. On the surface, it would appear that, aside from some minor innovations with regard to things like video resolution, analytics and mobile access solutions, not much has really changed in the security space in the last decade. Admittedly, the security industry has undergone a significant migration from a primarily analogue world to one which is increasingly digital, but that was well over a decade ago. Other than 4K video and cloud applications, one might be forgiven for thinking not much of any real significance has occurred in the security space since the move to Internet Protocol (IP) based systems. However, it appears that is all about to change. A quick examination of new and emerging technologies reveals that what has been seen to date is nothing compared to the potentially massive changes that are coming; and with big change comes big opportunities. In recent years, a slew of new CCTV cameras has been launched, ranging from HD to megapixel and, most recently, 4K. And while many 4K cameras still have some issues around low-light performance and wide dynamic range, there can be little doubt that these technologies will improve in the coming 12 months – but to what end? Are they already out of date? While some manufacturers are already talking about 8K, there are a handful of companies that have already leapt so far forward that it is almost incomprehensible. Case in point, Forza Silicon, a US-based leader of advanced image sensor and mixed-signal integrated circuit (IC) designs, announced
054 SECURITY SOLUTIONS
recently that they had, in conjunction with researchers at NHK (Japan Broadcasting Corporation), successfully developed the design architecture and specifications for an unprecedented 133 megapixel (MP), 60 frames per second (fps) CMOS image sensor. According to information put forward by Forza Silicon, conventional image sensors for 8K applications have up to now used 8MP and 33MP solutions in large optical formats. However, researchers at Forza Silicon believe that most, if not all, of these sensor solutions have failed to effectively manage the trade-offs that occur between size and resolution. In order to eliminate the bulky lens/colour-prism optical system of previous generation cameras, the team working on the project developed a single-chip 133MP image sensor. The sensor takes advantage of Forza Silicon’s Gen 3 readout architecture to achieve a frame frequency of 60fps. The Gen 3 readout architecture uses a pseudocolumn parallel design with 14-bit redundant successive approximation register analogue to digital convertors (ADCs) to achieve a throughput of 128 gigabytes per second (Gbps) at full resolution and frame rate. With this joint development, NHK and Forza have reached the next milestone in high-resolution, high frame-rate broadcast technology. Or so it was thought, until Canon announced only 12 months later that it had developed an APS-Hsize (approx. 29.2 x 20.2mm) CMOS sensor incorporating approximately 250 million pixels (19,580 x 12,600 pixels). According to reports by Canon, when installed in a camera, the newly developed sensor was able to capture images enabling the distinguishing of lettering on the side of an airplane flying at a distance of approximately 18km from the shooting location. While this type of technology is still very much in the developmental stages, one cannot help but marvel at the potential of being able to capture the kind of detail at the sorts of distances that this type of technology can achieve. Of course, current technology around data transmission and storage means that even if such massive advances in resolution were to become commercially available within the near future, the use of such cameras would be unfeasible, even with the latest developments
A quick examination of new and emerging technologies reveals that what has been seen to date is nothing compared to the potentially massive changes that are coming; and with big change comes big opportunities.
in compression (H.265 or High Efficiency Video Encoding – HEVC) and data storage. However, these issues may also soon be resolved based on work currently being undertaken. Way back in 1959, renowned physicist Richard Feynman gave a famous speech at CalTech titled "There’s Plenty of Room at the Bottom". He spoke about the promise of writing with individual atoms, musing on how exactly one could store a fantastically large amount of data in an inconceivably small space. Taking inspiration from his work, a team of nanoscientists led by Sander Otte at Delft University of Technology in the Netherlands last year unveiled the densest method ever developed to store re-writable digital data. By scooting around individual chlorine atoms on a flat sheet of copper, the scientists were able to write a one kilobyte message at 500 terabytes per square inch. To put that in context, that is approximately 100 times more info per square inch than the most efficient hard drive ever created. According to lead researcher Sander Otte, this method of data storage could theoretically fit every book ever written onto a flat copper sheet the size of a postage stamp. The new storage device is outlined in the journal Nature Nanotechnology. “This density is two to three orders of magnitude beyond
SECURITY SOLUTIONS 055
current hard disk or flash technology. An advance of this size is remarkable, to say the least,” according to Steven Erwin, a theoretical physicist with the U.S. Naval Research Laboratory who was not involved in developing the new technique, in an essay accompanying the scientific paper. Otte’s team found that they could put chlorine atoms onto a cold grid of copper metal and get them to form into perfect squares. Think of it like a checkerboard. Any empty spot that was missing a chlorine atom would be like a dark square on Otte’s checkerboard. Next, the researchers found they could scoot around the chlorine atoms on this grid, sort of like a sliding block puzzle, and thus rearrange where the dark spots on the grid are. It is done with a tool called a scanning tunnelling microscope, which is a bit like an ultra-thin needle that can nudge atoms up and down, left and right. To create the data storage device, Otte starts with a copper plate that has been randomly peppered with chlorine atoms, leaving plenty of blank spaces. He then scoots around the atoms until he has formed a larger 12 x 12 grid with chunks of ordered atoms and darker blank spaces. If any of these 144 chunks has some fatal error – say the copper underneath has some elemental impurity – Otte can mark off that box as defective with a tiny 4-atom symbol in its upper left-hand corner. The arrangement of atoms and blank spaces translates to individual bits of data. A blank space followed by a chlorine atom is a 0, while the reverse (a chlorine atom and then a blank space) is a 1. Using this method, Otte can store any digital information, be it lines from a speech or small segments of computer code. The scientists keep their copper tablets from being jumbled by storing them at hyper-cold temperatures and isolated in a vacuum – not really something one can replicate on a thumb drive. As such, the practical storage of data on an atomic scale is still some way off. However, Otte believes that this achievement has made atomic data storage significantly more possible. Aside from the complicated and expensive technology involved in the process, the other major challenge with this kind of storage is that, for now, it is painfully slow to use. Reading a few short sentences on one of the copper blocks takes around one to two minutes and writing them takes 10. However, Otte’s team
056 SECURITY SOLUTIONS
While super highresolution cameras, atomic data storage and terabyte data transmission are still a way off, the concept of ambulatory security surveillance by way of autonomous security bots is already here.
has been investigating new methods they believe could speed up their writing and readout speeds by an incredible amount, up to about one megabyte per second (Mbps), about a fifth as fast as the average Australian computer downloads data online. So, with advances in image sensors and data storage, one can potentially capture higher resolution images than ever before thought possible, and the huge volumes of data created in the process could even be stored. This still leaves the issues of getting such vast amounts of data from the camera to the storage device. Despite their best efforts, I do not believe that even the impending National Broadband Network (NBN) could cope with such highvolume traffic – not in its current configuration. A recent joint research project between teams from the French telecoms company Alcatel-Lucent and British Telecom (BT) has resulted in the development of a new method for transmitting data over the internet up to 1,000 times faster than the best current fibre optic speeds. What is more, it does not require any kind of fancy new hardware. This new internet protocol, named Flexigrid,
allows users to lay multiple (seven) signals over the top of each other in a single cable, enabling data to speed from point A to point B in parallel. When layered all together, seven 200Gbps channels form one, mega ‘Alien Super Channel’ that offers the 1.4 terabytes per second (Tbps) speeds across a 410km stretch of fibre that already exists between the BT Tower in London and a BT research campus in Suffolk. Of course, the immediate question most people might ask is just how fast is 1.4Tbps? In rough terms, a person could stream any one of the following in approximately one second: • 64 hours of HD Netflix • 38 hours in 3D or 4K • 36,409 songs from Spotify. Such transmission speeds not only make it feasible, but highly achievable to stream 8K video (and higher) over existing fibre optic cable infrastructure without the need for any new technology. Just some minor tweaks to the way the information is packaged and transmitted and it is done. But what about wireless (Wi-Fi)?
Researchers at Germany’s Karlsruhe Institute for Technology and the Fraunhofer Institute for Applied Solid State Physics last year reportedly managed to break records for the world’s fastest Wi-Fi connection. Results were measured at a speed of 100Gbps and a signal distance of 66 feet, something the researchers are hoping to fine-tune. What might such potentially quick wireless data speeds mean for security? Imagine being able to take high-resolution cameras and make them mobile rather than fixed. The ability for cameras to move around a site gathering and transmitting data back to a security operation centre where it could be analysed and acted upon in real time could be invaluable. While super high-resolution cameras, atomic data storage and terabyte data transmission are still a way off, the concept of ambulatory security surveillance by way of autonomous security bots is already here. Knightscope, a US-based tech business, has developed and deployed a series of what it refers to as Autonomous Data Machines (ADMs), which are, in the company’s words, autonomous robots that provide a commanding but friendly physical security presence. Knightscope explains that the K3 and K5 (the two models currently available) gather important real-time, on-site data through their numerous sensors, which is then processed with advanced anomaly detection software to determine if there is a concern or threat in the area. When a threat is detected, an event is created with an appropriate alert level and a notification is sent to the proper authorities through the Knightscope Security Operations Center (KSOC), a browser-based user interface. According to Knightscope, its ADMs are designed for use in many industries and environments. The motivation for
developing the ADM stems from the company’s belief that a human’s attention span during monotonous, boring tasks is only 5-10 minutes. And with employee turnover rates as high as 400 percent, the security industry is rightfully seeking innovative solutions. Knightscope’s primary goal is to allow customers to utilise the best of Silicon Valley to put machines to work in those routine and sometimes dangerous situations, thus freeing up humans to do the more hands-on and strategic activities. Corporate campuses, data centres, shopping malls and hospitals are among the many clients already engaged today (think employee safety, corporate espionage, rogue networks, asset protection and so on). While the Knightscope ADMs do not carry any type of weapon (thank goodness), they are armed with an extensive array of cameras and sensors to enable them to monitor their surroundings. Such devices will initially include light detection and ranging (LIDAR) devices; high-definition, low-light video cameras;
Using deep learning, one could expect to see video analytics and camera systems that can begin to detect aberrant patterns of behaviour without those patterns first being programmed. thermal imaging; automatic licence plate recognition (ALPR); directional microphones; proximity sensors; inertial measurement unit; wheel encoders; and a global positioning system (GPS). It boggles the mind to imagine what might be achieved if cutting-edge technologies like video
analytics based on new and emerging facial recognition software, movement tracking, heat mapping, contrast-based analytics and, more interestingly, deep learning were incorporated into such devices. According to Wikipedia, deep learning (also known as deep structured learning, hierarchical learning or deep machine learning or deep unsupervised learning) is a branch of machine learning based on a set of algorithms that attempt to model high-level abstractions in data. To try and break this concept down to its most basic aspects, deep learning is based around the idea of teaching a machine to solve problems that would otherwise be extremely difficult to write a computer program for based on the number of variables in the problem. For example, in the case of a video analytics program, learning to distinguish the difference between a cat and a dog. A computer program cannot be written because not all cats and dogs are identical in size, shape, movement and so on. However, they have similarities that can be learned. So instead of trying to write a program, programmers try to develop an algorithm that a computer can use to look at hundreds or thousands of examples (and the correct answers), and then the computer uses that experience to solve the same problem in new situations. Essentially, the goal is to teach the computer to solve by example, very similar to how a young child might be taught to distinguish a cat from a dog. Using deep learning, one could expect to see video analytics and camera systems that can begin to detect aberrant patterns of behaviour without those patterns first being programmed. Imagine a mobile guard bot that can distinguish between normal and suspicious behaviour and then report that activity back to a control room. If the research currently underway is taken as any indication of what might be seen emerging in the very near future, then it is reasonable to assume that the next five years will see some significant and major innovation occurring across the security market.
SECURITY SOLUTIONS 057
Q&A Anna Richards
Can The Police Force Me To Turn Off My Dash Cam? I was recently pulled over by the police. When they went to question me, they noticed my dash cam and told me to turn it off. When I asked them on what basis they could require me to do so, they would not answer. In the end, I thought I had better not rock the boat and turned it off. My question is whether or not the police have the power to force me to turn it off? Dale Griffith, Victoria. As you would be aware, a dash cam is a recording device that records both sound and images and is usually placed on the dashboard of a car. Its main use seems to be to provide evidence of the circumstances of collisions and what has come to be known as road rage incidents. Before answering the question about the power of the police and their right to demand a dash cam be switched off, the first question that needs to be addressed is whether or not a person can legally record events such as interactions between occupants of the car and a police officer. Hence, the even broader question would be whether a person can record events occurring on the road, regardless of whether they involve police officers or not.
to indicate that the parties to it desire it to be observed only by themselves, but does not include: • an activity carried on outside a building; or • an activity carried on in any circumstances in which the parties to it ought reasonably to expect that it may be observed by someone else. Therefore, surprisingly, if what would otherwise seem to be a private activity is carried on outside of a building, then it would appear that, in Victoria at least, it would not be a private activity. Further, section 3 of the Act describes a private conversation as one carried on in circumstances that may reasonably be taken to indicate that the parties to it desire it to be heard only by themselves, but does not include a conversation made in any circumstances in which the parties to it ought reasonably to expect that it may be overheard by someone else. So, for example, if people are conducting what appears to be a private conversation on a train, where they ought to expect that their conversation may be overheard, then their engagement in that conversation would not been treated as a private activity.
Public Versus Private There is a clear distinction drawn in legislation (Parliament made law) between what can be recorded, depending upon whether those events occur within the public realm or the private realm. That is, private activities versus public activities. The legislation in each state and territory of Australia provides some guidance as to what amounts to a private activity as opposed to a public one. Some readers will be surprised by some of the differences between those laws. However, for the purpose of this article, I will focus on Victoria. In Victoria, section 3 of the Surveillance Devices Act 1999 (the Act) states that private activity means an activity carried on in circumstances that may reasonably be taken
Restrictions On Recording Private Activities What are the restrictions imposed by the law on the recording of private activities? Once again, readers may be somewhat surprised by some of the differences between the laws in the different states and territories in Australia. In general: • if a person is not a party to a private activity, that person is prohibited from secretly recording it; however, • if a person is a party to a private activity, then: o In Victoria, Queensland and the Northern Territory, that person can secretly record it; o In Western Australia, South Australia, Australian Capital Territory, New South Wales and Tasmania, that person is prohibited from recording the activity.
058 SECURITY SOLUTIONS
The following table sets out, in summary form, the position in each state and territory, on whether it is lawful to secretly record a private conversation to which the person conducting the recording is a party: State/Territory
Surveillance Devices Act 1999 (Vic)
Invasion of Privacy Act 1971 (QLD)
Surveillance Devices Act 2007 (NT)
Surveillance Devices Act (1998) (WA)
Listening & Surveillance Devices Act 1972 (SA)
Listening Devices Act 2007 (NSW)
Listening Devices Act 2007 (NSW)
Listening Devices Act 1991 (TAS)
The following is a more detailed examination of the law in Victoria. Listening devices Section 6(1) of the Surveillance Devices Act 1999 (Victoria) (the Act) states: “Subject to subsection (2), a person must not knowingly install, use or maintain a listening device to overhear, record, monitor or listen to a private conversation to which the person is not a party, without the express or implied consent of each party to the conversation.” The penalty for breaching this section of the Act is: • In the case of a person – a maximum of 2 years’ imprisonment or a fine of 240 penalty units (which currently equates to up to $37,310.40), or both. • In the case of a body corporate – 1200 penalty units (which currently equates to $186,552). So, it is clear there are very severe penalties for breaching this legislation.
Q&A Optical devices Section 7(1) of the Act provides that: “Subject to subsection (2), a person must not knowingly install, use or maintain an optical surveillance device to record visually or observe a private activity to which the person is not a party, without the express or implied consent of each party to the activity.” Therefore, the position in Victoria is that a person who is a party to a private activity with another party or parties is permitted to audio and video record it, even without the permission of the other parties to the activity. This is because of the person conducting the recording being a party to the activity. However, if the activity was a private one and the person carrying out the recording was not a party to that interaction, then he or she would not be permitted to record it and would be liable for severe penalties if found to have been doing so. Recording Public Activities So, what is the upshot of recording public activities? Generally speaking, it can be assumed that most footage recorded by a dash cam is likely to be of events taking place in the public realm. That is because virtually all roadways (aside from private driveways on private property) are regarded as being within the public realm. Accordingly, providing there is no issue as to the nature of the activity – that is, that it is clearly a public activity, then the activity could be legally recorded, without needing to obtain the consent of any persons in the footage. For that reason, it is legal to record the interactions of a police officer with you when intercepted, even if it is without his or her consent. Further, the police officer does not have lawful authority to require that you turn off the camera. What About Publishing Footage? A very important and very different question which also arises from the original question posed is – what about publishing? One might think, “Given that I am legally entitled to record a private activity of which I was a part,
surely I am then permitted to publish that footage?” Publication or communication of any recording of a private conversation is prohibited in all states and territories, except in NSW where there is an exception for publication or communication made in the course of legal proceedings. Let me pose an example to provide a clearer understanding of the legal distinction between these scenarios of recording and publishing an activity and why that distinction exists. Consider an employee in a large organisation based in Victoria, Australia, who has been called in for a meeting regarding his performance. Assume that the meeting is attended by the employee, the manager above the employee and a human resources manager. Clearly, the meeting is private in nature. Hence, in Victoria, the employee is entitled to record the meeting, even without informing the others present in it. Similarly, a representative of the employer is entitled to record it. However, imagine the repercussions of that information (the conduct in the meeting) being made public. The meeting may have involved a discussion of confidential information (such as client lists and details) about the employer’s business and potentially even trade secrets. Further, it may have contained discussions about private issues being faced by the employee. Obviously, if the footage was to be published, then there could be enormous damage done to the employer, including in the form of: • potential loss of contracts (for instance, from clients of the employer objecting to their confidential information being publicly released) • potential law suits from clients of the employer for damage to their businesses • potential loss of income resulting from competing companies becoming aware of the trade secrets and confidential information. Similarly, if the employer was to publish the footage from the meeting, there could be many deleterious consequences for the employee, such as:
• other employees becoming aware of the employee having laid some blame on them • potential bullying from other employees following the above • the employee being embarrassed about the public awareness of his personal issues and alleged conduct (giving rise to the meeting) discussed in the meeting • potential changes in the employee’s attitude to defending himself against the allegations about his performance arising from the embarrassment and anxiety arising from the disclosure and him potentially resigning from his position of employment. In some strictly controlled circumstances, the recordings have been assessed by third parties (meaning parties who were not parties to the private activity); for instance, in court cases where the court made an order that the footage could be presented as evidence. This is becoming more common in, for instance, the Fair Work Commission (which deals with employment disputes), claims for property damage arising from car accidents and criminal matters such as assaults. So, in summary, the law (legislation) in the different states and territories is divergent. Further, the penalties for breaching the legislation appear to be quite severe. So, be sure to carefully assess the position before you proceed to record an activity and, particularly, before deciding to publish any footage arising from such a recording. Anna Richards is the Legal Director and a lawyer from Victorian Legal Solutions Pty Ltd and practices in the areas of Commercial Law including Commercial litigation and other areas. Anna Richards and Victorian Legal Solutions can be contacted on: (03) 9872 4381 or 0419 229 142. Whilst every effort has been taken to ensure its accuracy, the information contained in this article is intended to be used as a general guide only and should not be interpreted to take as being specific advice, legal or otherwise. The reader should seek professional advice from a suitably qualified practitioner before relying upon any of the information contained herein. This article and the opinions contained in it represent the opinions of the author and do not necessarily represent the views or opinions of Interactive Media Solutions Pty Ltd or any advertiser or other contributor to Security Solutions Magazine.
SECURITY SOLUTIONS 059
060 SECURITY SOLUTIONS
The Key Consider ations For Implementing A Crisis And Recovery Management Plan Across Borders
SECURITY SOLUTIONS 061
By Barry Thomas
A corporate crisis can strike at any moment, in any location. Indeed, a crisis relates to an incident, human or natural, that requires urgent attention or action to protect life, property, environment or reputation. In the age of digital media, it can be business as usual one day and, without prior warning, the following day an international corporate crisis can be in full swing. With an almost immediate news cycle these days, increased scrutiny and the high expectations of consumers and company stakeholders alike, such a crisis can transform an international company’s reputation overnight. Every organisation, irrespective of where it is situated, is different and faces unique risks to its capability to function. How well a business emerges from a corporate crisis is not related to where it is located on the map, but is usually reflective of preparations and the execution of a well thought out crisis management plan. When developing a crisis and recovery management plan across borders, there are four fundamental phases to consider:
Planning: There is no excuse not to and the rewards are significant Some markets are inherently riskier than others and conducting a crisis management audit of each site is the first port of call to assess the organisation’s capability to respond to and recover from a crisis. For example, it would seem prudent to consider a continuity plan in the event of an earthquake for Japanese operations. Equally, operations that include manufacturing capabilities will have a very different risk profile to office-based sales and marketing teams. Once the risk profile of a site is understood, effective crisis and recovery management requires a plan. The plan is a ‘living’ document, meaning it should be regularly reviewed and updated and include, as a minimum: • instructions for activating the plan effectively • contact details for a crisis team and crisis media spokesperson
062 SECURITY SOLUTIONS
In the age of digital media, it can be business as usual one day and, without prior warning, the following day an international corpor ate crisis can be in full swing.
• • • • •
contingencies in the event members of the team are incapacitated the roles and responsibilities for each crisis team member predetermined performance benchmarks for external support services, such as a call centre or distribution centre company policies and instructions to manage monitoring tools, media and local online properties specific market considerations such as relevant regulatory requirements.
When developing a plan and nominating the crisis team and spokespeople in each market, remember to consider language, as different audiences, both internal and external, may have varying requirements.
Training: Putting the planning into practice Once a suitable crisis and recovery management plan is established in all sites, it is important to ensure those with responsibilities identified in that plan are capable of performing their duties. Where necessary, incorporate regular training sessions to fill any capability gaps. These sessions should be tailored for each country to address local risk factors, such as local regulatory procedures,
social media protocols, compliance issues and safety procedures. The media is also unique in every market, so it makes sense to ensure the local spokesperson is trained to get the organisation’s key messages across effectively.
Exercise: Test and review the processes Each site’s capability to respond to a crisis situation should be regularly tested and reviewed. The organisation should assess performance criteria for incident preparedness and achieving operational continuity at each site and tailor an appropriate management system for it. One way to do this is to facilitate a simulation exercise, which is an incredibly effective method to test how things will be managed in a real-life situation. Depending on an organisation’s size and budget, simulations can be desktop exercises or full-scale emergency scenarios in conjunction with local emergency services. Each simulation should involve a typical local scenario based on the risk profile of the site. As language, operational procedures and regulatory requirements will vary from market to market, it is important to ensure each simulation is tailored accordingly. This will add to the cost, but it will ensure a realistic simulation and an effective outcome in terms of preparedness.
How well a business emerges from a corpor ate crisis is not related to where it is located on the map, but is usually reflective of prepar ations and the execution of a well thought out crisis management plan.
Managing the crisis: As it happens Once the crisis and continuity plan is activated, it is up to the crisis team leader to decide the extent to which the crisis team needs to meet and where. When the crisis is underway, there are four key stages: 1) Information gathering and assessing the crisis situation is the first phase. This intelligence is needed to evaluate the impact of what has happened and coordinate the next steps appropriately. 2) The second stage is decision making – how the issue will be handled, what key actions need to be taken and how the information is going to be communicated both internally and externally. 3) Communicating crisis-specific messages for internal and external stakeholders is the next phase and, when doing so, it is important to ensure that all messaging that is communicated is clear and concise. 4) Monitoring is a fundamental component of crisis management. Consider activating monitoring tools and specialists to observe media and stakeholder discussions about the issue and evaluate what impact the crisis has had on the organisation’s corporate reputation.
It would be naïve for management to think that a crisis will not happen to them or their organisation and it is important to remember that a crisis is not over until management decide it is over. Once a global issue is underway, they will need to assess how it is impacting each country, as again it will vary. The most important consideration is to be able to evaluate how each market has managed the issue and to feel confident that it was done so with the highest level of integrity.
Barry Thomas is the vice president and Asia Pacific managing director of Cook Australia. Barry has more than two decades of international leadership and expertise in the pharmaceutical and medical device industries and he currently spearheads the world’s fastest growing region for Cook Medical. His current position sees him working to expand the opportunities for people in Asia to access Cook Medical’s advanced and minimally invasive medical devices.
SECURITY SOLUTIONS 063
Do Retailers Make Better Loss Prevention Managers Than Security Personnel? By Murry Taylor Employing someone with a police or investigation background in the role of loss prevention manager was once seen as a logical choice for retailers. Faced with the realisation that people, both internal and external, were stealing company assets, it made perfect sense to employ someone who was already catching thieves for a living. However, loss prevention has become a reluctant expense for many retailers due to the difficulty in actually quantifying the return/value loss prevention provides the business. Retailers have never been more determined to squeeze every last piece of value out of the business and its staff than in the present environment of diminishing returns. No longer are retailers accepting that a loss prevention managerâ€™s role is just about catching crooks and interviewing staff. There is a growing expectation that the loss prevention manager can walk into a retail environment and have strong administrative skills around the back of shop and the running systems controlling stock flow/movement; an intimate understanding of the supply chain, stocktake process, mark down cycles, refund procedures and the process surrounding sales (voids, overrides, cancellations, discounts and
so forth). Add to this the ability to manage at a strategic level, deliver training across a diverse section of staff and management levels, as well as carry out investigations and interviews, and a fairly extensive set of skills and requirements exists. Which raises the original question – who would make a better loss prevention manager, somebody with a retail background or someone from a security/policing background? It is important to understand that every skill set required for this role is learnable; so, in order to answer the first question, it is necessary to answer this question – which skills are easier to learn? On one hand, when looking at the vastness of retail skills required for this position to succeed, it would be very easy to jump to the conclusion that a person with a retail background wins hands down, as the only skills totally outside of retail are the ability to conduct an investigation, the capability to interview somebody and an understanding of how to put a brief of evidence together. It is easy to assume that these three things would be easier to learn then every aspect of retail. However, before casting a vote, it is necessary to consider the requirements in more detail because, although there are more retail processes to learn, they are all just processes. Given time and a bit of capability, all of them can be learned with minimal fuss. To a certain extent, the same can be said for the interview and investigation process; an investigation, particularly a preliminary investigation, is basically a fact-finding mission, with the facts put into a particular context allowing a decision to be made regarding the next step/s to be taken. The investigation process is exactly that, a process, and in the classroom or a controlled environment, the process tends to run fairly smoothly, with the desired outcome usually being reached. However, when it comes time to actually sit down and conduct an interview with a staff member who is suspected of having stolen money or assets from the company, the process can become very different. If a person begins to realise the manager may be on to him and the manager may just have enough information to have him dismissed and possibly charged, then a very different situation than the interview training carried out in the classroom arises. All of a sudden, there is a person who could do any number of things:
Retailers have never been more determined to squeeze every last piece of value out of the business and its staff than in the present environment of diminishing returns.
become verbally aggressive or abusive, clam up and say nothing, get up and walk out or even become physically violent. This is the sort of scenario that needs to be considered when making the choice of who to select to head up a loss prevention department. To give an example: I had a loss prevention manager who came from a retail background and he was very sound in all of the business’s’ administration and operational processes. The only process left to master was how to conduct an interview. I did all the things that you do with a novice at conducting interviews. I had him sit in on interviews as a witness to purely observe the process and I had him carry out countless mock interviews covering every scenario you could think of. After a solid four weeks, he was confident and comfortable with his new-found skill sets around interviewing, so he headed off to carry out his first interview, which was a fairly straightforward theft issue. About 10 minutes in, it all went pear shaped; the staff member did not like the way he was being spoken to and suddenly jumped up, ripped his shirt off and shaped up to fight my manager. After an aggressive verbal tirade, the offender ran out of the store. One month later and several sick days in between, and my manager transferred out. While this is an example of a retailer being unsuccessful in loss prevention, there are plenty that have been successful. Woolworths, one
of this country’s largest retailers, has made a significant change in how loss prevention is run. Previously, the head of loss prevention for the Woolworths group came from a policing background and then worked up through the ranks of loss prevention to eventually hold one of the most senior loss prevention positions in the country. When he retired last year, Woolworths made the decision to replace him with a highly competent and very successful retail executive. While his background is not loss prevention, his understanding of retail and ability to manage people is at an extremely high level. Add to this the fact that he has highly competent national loss prevention managers across each brand (Big W, Dick Smith, Masters among others) who all have extensive loss prevention backgrounds and this would appear to be a structure that is destined to succeed. So, is one better than the other? Only time will tell. Murry Taylor is the chief operating officer for Group 1 Security, a boutique security firm specialising in retail and asset protection. Murry has held multiple senior managerial security and loss prevention positions at state and national levels within both the public and private sector. For more information, visit: www.group1security.com.au or email Murry on: email@example.com
26-28 JULY 2O17
26-28 JULY 2O17 ICC SYDNEY DARLING HARBOUR
RETURNS TO SYDNEY Offering innovation in abundance, the annual Security Exhibition & Conference presents solutions from world leading suppliers to overcome business security challenges. Returning to Sydney for the first time in four years, the industry will reunite for three days of networking and knowledge exchange.
FOR MORE INFORMATION VISIT SECURITYEXPO.COM.AU
LEAD INDUSTRY PARTNER
SECURITY SOLUTIONS 067
068 SECURITY SOLUTIONS
How To Secure Your Supply Chain Against Cyber Threats In 2017
SECURITY SOLUTIONS 069
By Leon Fouche In a world where data has become a form of currency and modern business continues to shift heavily into the online environment, the need for businesses not to lose focus on the basics and ensure they stay informed about potential cybersecurity threats is as important as ever. BDO, in conjunction with leading cyber emergency response team AusCERT, completed an industry-first cybersecurity survey, aimed at helping the market understand the challenges Australian and New Zealand businesses face. Many businesses understand the prevalence of cybercrimes, creating an increased sense of awareness for some of the controls that can be used to help mitigate certain risks. The trap some organisations fall into is the reliance on technical solutions for defending against the increased risk of cyberattacks. Security incidents, such as a publicly disclosed breach of customer data, will impact the reputation and financial stability of an organisation. It is essential that boards and executives educate themselves on the types of likely incidents, the likelihood they will occur and the potential impact they will have. What is also important is for the organisation to understand its capabilities to mitigate such risks and how to respond when the worst happens; understanding what is at stake, how capable the organisation is to protect itself and how it will respond when things do not go to plan. Executives, boards and senior managers need to take full responsibility for their company’s cybersecurity. However, the report found that across all industries, there are still 26 percent of respondents who admit they are not planning to implement any method of reporting cyber risk to their board or executives. Among other industry insights, the report found just 40 percent of respondents had security standards and cyber risk management guidelines in place for their supply chain – including third party providers and suppliers of cloud services. Given that so many business interactions, systems and processes are moving away from
070 SECURITY SOLUTIONS
paper systems, it is concerning that such a small proportion of businesses have security standards and cyber risk management guidelines in place for their supply chain. With so many small- and medium-sized businesses highly reliant on third party providers and applications for running their businesses, more focus and attention needs to be given to how businesses protect themselves against the cyber risks that third party relationships can present. How should these issues be addressed? Organisations can start with the simple step of identifying the key data sources and applications they have outsourced to third parties. They should formally request a description of the security measures providers have adopted and ensure there are effective security controls in place – ask providers for an independent assessment of their security posture. If they cannot provide such an assessment, commission one or choose an alternative supplier that can. Not only will this approach provide insights into the cyber risks in the supply chain, it will help identify the strategies needed to improve cyber resilience over the long term. Without proper security standards and oversight of the cybersecurity risks in their supply chain, businesses risk losing control over the security of their most valuable asset, their data. As the use of cloud solutions increases, organisations need to prepare themselves by having the right tools and processes in place to manage security risks that are directly and indirectly under their control. The report highlights another interesting statistic – that only 21 percent of respondents have a security operations centre in place to investigate and respond to security incidents that may occur, and just 49 percent regularly report cyber risks to the board. Legislative changes that have been put before the Federal House of Representatives would help raise awareness for business leaders, should they pass through the senate in 2017. The changes to the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015, which would introduce
mandatory notification of actual and suspected data breaches, means businesses would need to implement or strengthen their internal reporting methods to notify the Privacy Commissioner should a breach occur. There is a heightened level of expectation today that customers’ information is kept safe. Good security is becoming a keystone of a business’ social licence to operate. The size, type or function of an organisation matters very little when it comes to the customers’ expectations about cybersecurity. The people and process component of cyber defences must be addressed if organisations want to improve their cyber resilience. Getting back to basics and understanding the risks, defining baseline security standards to address these risks, and then implementing the standards, while monitoring how well they are implemented, is critical to improving the maturity of a business’ cybersecurity posture. The 2016 Cyber Security Survey results and supporting graphs are available for download from the BDO website (https://www.bdo.com.au/ en-au/2016-cybersecurity-survey-results).
The trap some organisations fall into is the reliance on technical solutions for defending against the increased risk of cyberattacks.
Without proper security standards and oversight of the cybersecurity risks in their supply chain, businesses risk losing control over the security of their most valuable asset, their data.
Report snapshot: • Less than 19 percent of respondents have or plan to have a senior management role responsible for cybersecurity (such as a chief information security officer). • 47 percent of respondents have implemented a cybersecurity awareness program internally. • Many respondents have already taken up endpoint and gateway controls like anti-virus (92.6 percent), website and internet filtering (75 percent), and email filtering to block suspicious emails (91 percent). • 52 percent of respondents are performing regular security risk assessments, but only 49.6 percent regularly report cyber risks to the board. • 40 percent of respondents can detect security incidents, but only 21 percent have a security operations centre in place to investigate and respond to security incidents. • 48 percent of respondents have a cyber incident response plan in place and only 41 percent have a cyber incident response team or capability in place to respond to incidents. • 44 percent of respondents have defined cloud security standards. • 43 percent have IT/cybersecurity standards/ baselines for third parties.
Leon Fouche is the National Leader for Cyber Security at BDO. He is a cybersecurity and technology risk specialist with more than 20 years’ experience and has performed numerous senior roles within this practice area, including working extensively with boards and C-level leaders in government and the private sector.
SECURITY SOLUTIONS 071
The Value Of ‘What If’ Tests
072 SECURITY SOLUTIONS
By Steve Lawson My father was involved in mechanical engineering all his life and he used to say that a good boss would often ignore one of his people staring into the distance because many times that person was considering the ‘what ifs’ of a design. It may have been that it was my dad’s excuse for just wool gathering. So, what has that to do with aviation security? Well, I have always been a fan of conducting something similar that I have come to call ‘what if’ tests. I know that many readers will say that this idea is no more than contingency planning or systems testing or product testing and, while correct, they are all of those things and more; they are people with some knowledge critically thinking about their work environment and its vulnerabilities. ‘What if’ tests have many forms, but at their core they are no more than wondering: what happens if this happens; what if I want to find out what this does; what if I press this button; and so on. Many times, they do not have a specific business goal or, rather, they have a difficult to establish business goal. I do not suggest that everyone should run off and start spending company money on ‘what if’ tests, but occasionally the opportunity will arise and stretching the boundary is worth the effort. A classic example from my career involved walkthrough metal detectors (WTMDs). The particular WTMD discussed are no longer used here – WTMD technology has moved on since then. When WTMDs were first introduced, they were tested using what was then known as the National Institute of Law Enforcement and Criminal Justice (NILECJ) Standard for Walk Through Metal Detectors for Use in Weapons Detection (June 1974). Long title, but it included several test pieces that were intended to replicate various weapons – knives and firearms. One of these test pieces – the AM3 test piece, which is intended to simulate a small handgun – is still used to test all airport WTMDs in Australia. The NILECJ gives 20 test locations that cover the inside of the WTMD, ranging from head to ankle height, and to pass a test the WTMD should find the AM3 test piece in each location.
SECURITY SOLUTIONS 073
When it was first introduced in 1974, the NILECJ standard only included test locations in a WTMD and specified the test pieces. What it did not provide was a test to show the lower end of the alarm spectrum. That is, the WTMD could be set to its most sensitive setting and it would alarm for the fillings in a person’s teeth… not really, but you get the idea. The result would be that almost everyone going through the WTMD would alarm and be subject to secondary screening. The WTMD would comply with the regulations but in effect be useless and it would fill the airport with unhappy passengers. In the years since 1974, the NILECJ, now the National Institute of Justice (NIJ), standard has been updated a number of times and now includes a test for ‘innocuous items’ – things like glasses, pens and a small number of coins – the idea being that a person should be able to go through a WTMD with these items in a pocket and not set off the alarm. So, back before 2000, I wanted to know what if I wanted to find the highest setting that would ensure the WTMD would detect the AM3 at each of these test locations but would allow innocuous items through? So, I got permission to run some tests to find that level for the AM3 test piece. Then I pushed the envelope a little and thought, what if I wanted to find every NILECJ test piece? What setting should a WTMD be set to in order to find individual test pieces at each of the 20 test locations within the WTMD? If I had been asked (which I was not), I would have said that I was contingency planning so that, if required, I could confidently provide a setting for any weapon covered by the NILECJ. At the start of the tests that was rubbish; the only legislative requirement was to find the AM3 test piece, finding the others was not necessary. I was just curious. Each time I tell this story I still feel the need to apologise to the people I gave the task to; it was boring and uncomfortable – 6,000 walkthrough tests at three airports and the factory. The guys brought the results back and I put them into a database that I had created. It gave a visual representation of a WTMD and when the name of the test piece and the setting of the WTMD were entered, the database showed which test locations could find each test piece. I must admit it was pretty cool, but then came the rub. Before September 11, knives with a blade length of less than 100mm were
074 SECURITY SOLUTIONS
allowed in the cabin of an aircraft. Like everyone else, I assumed that the setting to find the AM3 test piece would always find the test piece for a knife with a 100mm blade made of magnetic material. Then I used my database and tried to find a setting that would find the AM3 and would also find a knife with a 100mm blade. Long story short, there was not one that detected both at every test location. In effect, one could be certain to find a small handgun or a small knife, but not both. Obviously, if the WTMD was set to find the metal in people’s teeth it would, but that was not feasible. It was not a disaster (there were only a few test locations where the knife test piece did not always alarm), but it was an interesting and surprising result. As soon as I found this out, I told the predecessor to the Office of Transport Security (who really liked my database) and it was decided to use the setting that would certainly find a small handgun and have the best chance of finding a knife with the 100mm blade. Another version of considering the ‘what if’ question is bringing a large improvised explosive device (IED) into the airport terminal. Unattended baggage has always been a known issue in aviation but, back in 2010, I was doing a survey of an airport (outside of Australia) with a person from the regulator. My associate commented that the doors to the terminal we were assessing were wide enough to bring a small car with an IED into the terminal. I stopped and asked, why would you bother? Like many of my contemporaries, I had already considered what if I wanted to bring a really large IED into a terminal and it was not in a car, it was not in individual bags, it was in a number of bags using one or more baggage trollies. It was not something he had considered. Then, six years later, attackers used a very similar method in Brussels. I think that almost everyone who works at airports has considered the ‘what if’ questions, although many will not admit it, and even fewer security organisations will conduct ‘what if’ tests just to see what is possible. When my business works at airports, we usually ask to meet with as many of the airport stakeholders as possible and often those meetings are in one of the airport committee meetings. We regularly pose the question, what if you wanted to get a weapon or IED onto an aircraft or into the terminal? Quite often, we are initially met with
‘What if’ tests have many forms, but at their core they are no more than wondering: what happens if this happens; what if I want to find out what this does; what if I press this button and so on.
silence, but when we remind them that they cannot work in aviation without thinking of these things and ask them what keeps them awake at night, the gates usually open. Many times, their ideas are remarkably consistent. Which brings me, slowly, to my point. I think that ‘what if’ tests in aviation are about to make a comeback. Obviously, they will not be called ‘what if’ tests, but something more attractive like ‘red teaming’ or ‘threat/attack path analysis’, but in essence they will be a form of ‘what if’. Personally, I think that will lead to some very interesting times and it is about time. Steve Lawson has over 20 years of experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on: 0404 685 103 or firstname.lastname@example.org
29-30 MARCH 2017 INTERNATIONAL CONVENTION CENTRE SYDNEY DARLING HARBOUR
AUSTRALIAâ€™S ULTIMATE EXHIBITION FOR THE BUILT ENVIRONMENT Discussion and discovery of solutions to enhance our living-working environments and ensure the health, safety and security of our communities.
REGISTER FREE ONLINE AND ENTER PROMO CODE: SEC1 TOTALFACILITIES.COM.AU SECURITY SOLUTIONS 075
The Refinement Of Smart Homes: Opportunities For Installers And Locksmiths In 2017 By John Bigelow It is a well-established fact in the marketing and business worlds that it costs up to five times as much to attract new customers than it does to retain an existing customer. However, in service-based industries such as locksmiths or domestic alarm installation, where a customer has a very specific need that, once fulfilled, is unlikely to generate much in the way of repeat business, the question becomes, how do you generate genuine opportunities for repeat business? The rapid growth of the home automation market represents an ideal opportunity for locksmiths and alarm installers to not only revisit existing customers with exciting new products, but also to upsell future clients, thereby value-adding future sales and increasing potential sales. According to Blake Kozak, principal analyst for smart home and security technology at IHS Markit, one of the worldâ€™s leading market research firms in the areas of security and technology, this yearâ€™s
Consumer Electronics Show (CES) in Las Vegas represented a gold mine of opportunities in the home automation market. Highlights In his most recent report on the show, Kozak stated that many of the smart home announcements at this yearâ€™s show were not just about cameras or light bulbs. Instead, the announcements focused on the consumer and enriching the consumer experience through seamless integrations and feature-rich offerings that can appeal to a diverse range of needs.
SECURITY SOLUTIONS 077
Kozak went on to highlight that, in 2016, globally there were more than 80 million shipments of smart home devices with an installed base that exceeded 190 million devices, demonstrating a market with rapid growth potential. Analysis In his analysis of the show, Kozak clearly believes that cameras took centre stage. He stated, “For cameras, the smart home focus at CES was around facial recognition, 360-degree viewing, security motion detection and HomeKit (the D-Link Omna camera).” He went on to explain, “Outdoor cameras were featured as well, with announcements from Bosch and Ring, each of which had outdoor cameras connected to outdoor power sources and integrated with lighting. Baby monitors were also a trending item, with Netgear Arlo and OneLink by First Alert, each of which have advanced features such as air quality monitoring, but the OneLink camera offers video respiration detection, a feature that uses non-invasive methods to monitor a baby’s breathing.” Overall, the smart home camera market continues to expand as suppliers enhance their portfolio with cameras designed for various purposes, such as outdoors, indoors, wired, wireless and cameras with lower price points. A few new cameras that were announced combine several connectivity standards and automation features into one device (including voice control), such as the Somfy One and SmartBeings Woohoo, which will likely look to challenge the Canary and Piper products, which are already strong in the US.” Illumination On Bulbs and Sensors Kozak also highlighted the emergence of smart light bulbs and sensors as a growing market sector, with increasing potential for sales opportunities. “Light bulbs such as Lifx provide two types of illumination, one of which is infrared to assist with outdoor cameras using night vision. The infrared helps the cameras see clearer in complete darkness, which for battery powered cameras will dramatically increase battery life. Other light bulb announcements featured integrated motion detection and speakers.”
Kozak went on to explain, “Environmental sensors were also more pervasive this year at CES. Devices with embedded temperature and humidity sensors have been commonplace for many years, but there has been a spike in devices with embedded air quality sensors (VOC detection). This has also led to an increase in the number of air purifiers, ranging from portable and stationary, to robots which move through the home detecting air quality levels, purifying the air on demand.” According to Kozak, IHS Markit believes the market for environmental sensors, especially air quality sensors monitoring allergens and pollutants as well as ultraviolet (UV), will become commonplace in smart home devices. Changing Business Models And Making Things Simple Kozak explained that in addition to device refinement, business models are also changing at CES. “Many of the top service providers offering smart home products have focused on manufacturing their own devices in order to create a seamless look and feel across devices. Although partnerships will still hold great importance, service providers are looking to build up their own device portfolio and develop proprietary back-end software and artificial intelligence (AI).” Two examples of providers taking this route include Vivint and Comcast – each of which started off their smart home venture by offering a mix and match of device types and device brands – however, each now has its own devices and back end. Moreover, Vivint announced its intelligent Sky platform will rely on AI to automate the home. The consumer simply answers questions from the system while it learns behaviours. Alarm.com announced a similar offering with its Insights Engine. Meanwhile, Comcast continues to work toward owning the home through entertainment, recently enhancing its voicecontrolled remote to allow controlling of lights and other automatons. Not to be outdone, ADT announced a partnership with Amazon which permits users of ADT Pulse to arm and disarm the security system through voice control. What makes this announcement unique is that the user arms and disarms the system by
telling Alexa a personal identification number (PIN). This is significant because there have been reports of security systems being armed and disarmed from outside the home. This new partnership provides an additional layer of security, which is timed well with the recent Internet of Things (IoT) security vulnerability news. Simplifying the smart home was also a trend. Sigma Designs announced SmartStart and Comcast is partnering with Cirrent (ZipKey) to provide quick and easy connection of IoT devices. IHS believes making smart home devices easier to install for the consumer (doit-yourselfers) as well as professional installers will remove one of the biggest barriers to mass smart home adoption. Lastly, according to Kozak, “Voice assistants could be found at nearly every smart home booth at CES this year. IHS Markit believes that voice assistants will become the new user interface for the smart home, but the mobile device will continue to have its place when managing settings and advanced features. A Maturing Market Overall, there were more than 190 exhibitors with a smart home offering at CES 2017. However, despite this fragmentation, Kozak explained that it is clear the smart home market is finding maturity in North America and it is reasonable to believe Australia will follow suit. Suppliers and service providers are making strides to enrich devices and the platforms with features consumers find valuable and can easily install. Moreover, industry players in the US are looking to bring the technology and experience to the consumer through new channels, such as electronics retailers (Best Buy in partnership with Vivint), hotels (Wynn in partnership with Amazon), insurance, utilities, builders/real estate (KB Home Caldwell Banker) and rentals (Airbnb in partnership with Vivint and August Lock). This is a model that could easily be replicated here in Australia. As smart home technology is pushed to the consumer from all sides, awareness will grow and prices will fall, with one of the final hurdles being consumer imagination.
THE INTEGRATOR'S CHOICE FOR THE INTEGRATOR'S CHOICE FOR HD VOICE CLARITY OUT OF THE BOX CLARITY RIGHT OUT OFRIGHT THE BOX
PULSE Enterprise shatters the expectation that high definition (HD) voice clarity can only PULSE Enterprise shatters the expectation that high definition (HD) voice clarity can only be delivered in expensive, large scale solutions. Using advanced Audio Edge Technology, intelligible audio and dis large scale solutions. Using advanced Audio Edge Technology, intelligible audio and distributed communication is possible âˆ’ without the need for a centralized server. possible âˆ’ without the need for a centralized server.
Out of the box interoperability for Out of the box interoperability for access control and video access control and video Scalability to meet the needs Scalability to meet the needs of global implementations as of global implementations as well as small business well as small business Custom scripting for meaningful Custom scripting for meaningful solutions in IT and security solutions in IT and security
Certified Partner and Distributer of Vingtor-Stentofon communication systems and products. www.vingtor-stentofon.com
Certified Partner and Distributer of Vingtor-Stentofon communication systems and products. www.vingtor-stentofon.com
VISITSECURITY US ATSOLUTIONS STAND079B2 VIS
080 SECURITY SOLUTIONS
Lessons From The Assassination Of A Russian Ambassador By Ami Tobin
On the evening of the 19th of December, 2016, the world was shocked as news started coming out about the assassination of the Russian ambassador to Turkey, Andrei Karlov. Karlov was shot from behind as he was delivering a speech at the Cagdas Sanat Merkezi Modern Arts Center in Ankara. The assassin, off-duty Turkish police officer Mevlüt Mert Altınta, showed his police credentials in order to appear like he was assigned as Karlov’s protection officer. He then got behind Karlov as he was delivering his speech and shot him a number of times. Altıntaş then made a number of religious and political statements, and was later shot and killed by police. It is certainly not every day that an ambassador gets assassinated, much less one from a major world power. And the fact that the entire event was captured in such high-definition footage makes it all the more astounding. But why is paying attention to case studies of this sort so important?
SECURITY SOLUTIONS 081
For starters, it is very natural for people to focus all their attention on the attack itself, especially when there is such high-quality footage of it. But keep in mind that once the attack gets started, there is no longer much to learn about how it could have been prevented. Yes, there is certainly what to learn from a reactive sense, but from a proactive, preventive sense, the useful information being looked for is mostly to be found before an attack begins. Many case study articles and seminars tend to miss this point and only concentrate on the attack and its aftermath. But case studies that do not reveal specific information about hostile planning, and that subsequently have nothing to teach about how to potentially prevent hostile planning in the future, are not all that useful for those in charge of preventive security. Yes, they are fascinating, and yes, they are very useful for those in charge of reactive, forceon-force countermeasures. But for those in charge of prevention, always keep in mind that preventive security does not target the attack itself; it targets what comes before the attack. It targets hostile planning. It is, therefore, the hostile planning process that security needs to concentrate on, understand how it works, locate its weaknesses and target it in order to prevent the next attack before it happens. As the attempt is made to understand what exactly led up to this specific attack, it is important to remain patient. Security obviously want to learn what happened as quickly as they can so that they can implement the lessons from this case study, but it often takes quite a bit of time until vital information gets released (and keep in mind that neither the Turkish nor Russian authorities are known for their transparency). Still, considering the little that is known, and what can be induced from the footage, there are a few preliminary conclusions that can be reached. The first thing known is that many hostile plans involve various forms of intelligence collection – one of which coming from open sources (public information, media, various publications, and so on). Another piece of the puzzle is that it had been announced that Karlov would be attending, and speaking at, the Cagdas Sanat Merkezi Modern Arts Center for the opening night of the Russia through Turks’ eyes exhibition. This means that the information (or rather
082 SECURITY SOLUTIONS
But for those in charge of prevention, always keep in mind that preventive security does not target the attack itself; it targets what comes before the attack. It targets hostile planning. intelligence) about Karlov being in a specific location at a specific time had been made available in advance. Add this to what is known from case studies about open-sourced information collection and a pretty solid risk exists. Now, risks of this sort should be expected, especially by diplomats whose very jobs largely consist of attending various events that are announced in advance. A diplomat, unlike a clandestine operator, is supposed to be a public figure. But this is why the abovementioned risk must be mitigated (as much as possible and/or desirable) by some type of protection program. And yet, another piece of the puzzle is that no physical protection operators were present around Karlov. This, along with the fact that Russian-Turkish relations have been strained for some time, and along with the risks to Russian interests due to their involvement in the Syrian civil war, meant that a substantial vulnerability had opened up – consisting of both hostile motives and hostile opportunity. The obvious conclusion here is that it was a mistake for the Russian ambassador to attend an event that had been announced in advance without any protection. Lest this seem like hind-sighted, afterthe-fact, armchair quarterbacking, from my experience with, in and around diplomatic security in the San Francisco Bay area (which is much less dangerous than Ankara these days), I can tell you that one of the parameters for deciding if a diplomat should have a protective detail at an event is if their presence at the event has been announced in advance. And if this is standard operating procedure in the San Francisco Bay area, it should definitely have also been the case in Ankara.
Now, just in case readers think that a protective detail would have not necessarily prevented an off-duty police officer, posing as an official police representative, from executing the attack, keep in mind that this is not the main lesson to learn here. Even if it is accepted the idea that a protective detail would not have prevented the attack (not that such a thing could be proved), it still does not negate the main lesson – that diplomats (especially ones in higher risk areas) should receive a protective detail if their presence at a specific location and time is announced in advance. Remember, learning from case studies is not a retrospective game of what-if. The exact details of any attack, let alone the details of its planning, can never be completely copied and repeated. Instead, case studies are important opportunities to take actual (rather than theoretical) data and derive certain principles from them. Rather than concentrate on each detailed tree, try to take a wider angled view of the forest to learn important principles that can come into play in future events. An experienced security director, consultant, trainer, operator and business developer, Ami Toben has over 14 years of military and private sector security experience, and a successful record of providing full-spectrum, high-end services to Fortune 500 corporations, foreign governments, foundations, non-profit organisations and wealthy individuals. Ami is currently director of consulting, training and special operations at HighCom Security Services, a US-based high-end security firm specialising in protective services, security systems, consulting and training.
KeyWatcher is a reliable and extremely easy to use electronic key management system, designed to prevent mismanaged, misplaced, or stolen keys. KeyWatcher eliminates outdated metal boxes, unreliable manual logs and messy key identification tags utilising a computerised storage cabinet. The system releases keys only to the individuals with correct authorisation, recording each user transaction and providing total system accountability.
KEYWATCHER SYSTEM OFFERS to 14,400 keys and 10,000 user per site l “Site” concept uses a common database l Numerous high level interfaces for access control, contractor management and vehicle fleet systems l Longer user IDs can be up to any 6 digits, plus a 4 digit PIN l Bright 7” full colour, touch screen l “Key Anywhere” allows keys to be returned to any KeyWatcher Touch within a site l On-screen guides for users, along with voice commands l Up
Available in Australia through: AST Pty Ltd T: +61 2 8020 5555 | M: +61 417 089 608 | F: +61 2 9624 7194 E: email@example.com | www.astpl.com.au
SECURITY SOLUTIONS 083
084 SECURITY SOLUTIONS
Creating A Resilient Organisation By Jason Gotch
Resilience – what does it mean? Bounce back, bounce forward, to recover and prosper? For Global Resilience Group Director Mark Carrick, it is about moving forward and never giving up. “For me personally, the first thing I always seem to think of is Indiana Jones, relentlessly pursued by that enormous rolling ball in the original Raiders of the Lost Ark. His focus on not only avoiding the ball, but treating each setback as a minor inconvenience, and organisational and personal learning event, working our way through the challenge to safety! Resilience to me seems to be a pursuit undertaken by humans, something that can often be forgotten in a fast-paced expanding and emerging industry that now looks to engulf singular functions of organisations globally.” To say that there is both confusion and debate surrounding the subject of resilience would undoubtedly be an understatement.
In fact, it is rare to find two practitioners that agree on more than generic principles, let alone fundamental and practical application. As Foxtel’s Business Resilience Manager, Amit Bansal points out, “It is one of the interesting and frankly energising points to consider. Resilience is and should be bespoke; it is not a one-size-fits-all process and those seeking to brand, export and sell it as such will be in for quite a surprise.” By its very nature, resilience needs to be considered or applied with a clear understanding that it will be for a certain period. One organisation deemed resilient at a set point can easily be judged as disrupted and unprepared at another. Robert Crawford, Group Manager for Security and Resilience for the Thiess Group, adds, “The principles of resilience call for unification, silo breaking, communicative business units
and management support, all aligned to best prepare for and respond to disruption.” While this aspirational goal sounds both interesting and justifiable, does it mean that global organisations are clambering to invest time, money and resources into resilience? The answer it would seem is yes and no. As an emerging industry, resilience now sits in an interesting position of having no owner, yet with many suitors. According to Ken Simpson, Managing Consultant of the VR Group, there is still plenty of debate on where resilience sits and with whom. “For several years, the business continuity and risk management communities have played tag with adoption, likewise in recent years crisis, security and emergency management practitioners have all launched a campaign of association. In more recent times, cities, communities and infrastructure have all
SECURITY SOLUTIONS 085
contributed and placed a bid for alignment if not ownership. This interest, while productive in building awareness, has not exactly embedded resilience or established it as a must have; rather, for many it is seen as a nice to have.” So, while the world debated, a group of Australian resilience practitioners, backed by the Risk Management Institute of Australasia (RMIA), decided to put some thought into the local scene. Supported by the RMIA’s Special Interest Group (SIG), the chair of the committee, Jason Gotch, outlined how the group was formed. “It was during the 2015 RMIA National conference, I approached the RMIA President Anthony Ventura and asked if he was interested in setting up a SIG specifically focused on considering the links between risk and organisational resilience. At that stage, it was just an idea, but I felt if I could get a group of well-known practitioners together, lock them away for a year, we would be able to come up with something of interest.” Recalling Jason’s enthusiasm for the project, Anthony Ventura says, “Jason is always convincing as he brings a high level of drive and commitment to all of the projects that he is involved in. While resilience and risk are somewhat related, just how and where the areas converge is up for debate. I felt that our members would benefit from knowing more about the subject. It is important to have a tangible benefit from these activities, so we felt that an industry-based whitepaper would be of interest and value.” While there were plenty of volunteers interested in assisting with the project, getting them focused and in one location was not always that straightforward. Jason recalls, “I was keen to get a real mix of practitioners with varied backgrounds, many of the groups working on resilience projects are made up of all the same type of people or often come from the same background. I feel any investigation into resilience should be made up of practitioners from as many of the disciplines as possible. Resilience is not owned by business continuity, risk or security. Perhaps a cliché, but it is the parts that make the whole.” With the group being composed of both embedded resilience staff and freelance consultants, there were often times when not all parties agreed. As Pete Gervasoni, Senior Risk Partner at Victoria’s TAC recalls, “It is all pretty competitive to be honest, with consultants and internal staff often at odds
086 SECURITY SOLUTIONS
By its very nature, resilience needs to be considered or applied with a clear understanding that it will be for a certain period. One organisation deemed resilient at a set point can easily be judged as disrupted and unprepared at another. with each other over the direction of resilience. For example, I am coordinating a large program here at the TAC, it takes time and considerable energy to gain engagement and buy-in. On the other hand, consultants often work faster and to some extent in a lighter fashion, meaning they can move quickly from one organisation to another.” This meeting of minds, while occasionally problematic, proved to be a benefit in terms of creativity. Lisa Cameron de Vries from Phoenix Resilience agrees, “It was a fantastic experience to look through both lenses, for the embedded practitioner there are challenges around management buy-in and availability of resources while working towards implementation. Initiating change in organisations in any case is a challenging and time-consuming process and certainly embedding resilience in everyday decision making can take some time. As a consultant, we are often working to very fast delivery times and set budgets, with high expectations that our work delivers industry best-practice outcomes that also strengthen the internal competencies.” While the group felt that a whitepaper focused on the viewpoints of practitioners would be of benefit, a guiding principle was to avoid an academic approach. Phillip Wood, Head of Department, Security and Resilience, at Bucks New University explains, “I was interested in assisting with this project for the very reason that it was not an academic exercise. Those types of papers are everywhere these days, in fact there are so many of them it gets quite confusing for those people either just starting out in the industry or for those already in it.” Jason Gotch adds, “We decided as a group that the outcome of the project would be to produce a practitioner’s view of resilience, written by those already working within the industry. Anyone who truly understands resilience will tell you that it is always relevant. Relevant to environment, to a point in time,
to an organisation, the whitepaper is also an opinion piece, one based upon our own experiences. It is not designed to be a definitive guide or to be dismissive of any other research into the field. We hope that it will add to the debate on resilience and contribute to helping people understand an evolving and very exciting industry.” Launched at the 2016 RMIA National Conference in Melbourne in November, the whitepaper has already been downloaded over 1500 times and shared widely within both Australia and globally. The 2017 SIG will commence from February, with an international committee made up of practitioners from Australia, the United Kingdom, the United States, Sweden, Hong Kong, Indonesia and Singapore. Co-chair for 2017 Pete Gervasoni adds, “Jason has been able to bring together a fantastic group for this year, with a wide and varied set of skills and backgrounds. I am excited to be able to co-chair and work alongside so many great practitioners.” Internationally renowned crisis management specialist Bob Jensen, managing director at the US-based STRAT3 consulting firm, also feels that this year’s group should be able to develop something interesting given the wide backgrounds. “I am super excited to be again joining the group. Last year was a wonderful experience. I gained a huge amount from being involved in the process and expect to learn and share plenty this year.” Visit www.rmia.org.au or dynamiqglobal. com/news-insights/news/rmia-whitepaper for more information. Jason Gotch works for Dynamiq, an international risk management company, as a business development manager, specialising in the areas of business resilience and travel risk management. Jason is a well-known and senior member of the Australian risk and resilience community, having formed several resiliencerelated associations.
Securityatat a turning point: Security a turning point: leadership, diversity, innovation leadership, diversity, innovation
If you fit the profile, donâ€™t miss out, book now at: www.safeguardingaustraliasummit.org.au
www.safeguardingaustraliasummit.org.au www.safeguardingaustraliasummit.org.au SECURITY SOLUTIONS 087
SECURITY STUFF C O N T E N T S
Aiphone GT Intercoms
Bomb Safety and Security:The Managerâ€™s Guide 102
Bosch launches Video Management System 7.0
Cognitec's Terry Hartmann 107
Hikvision Blazer Express
FLIR FC-Series ID
HID FARGO HDP5600
Turbine Mini IP Substation 105
Axis appoints Sektor in NZ 111
TAKEX INT-QUADIP 88 SECURITY SOLUTIONS
High Security Portals
SECURITY SOLUTIONS 89
IGH T SPO TL
PathMinder Introduces Alluser PathMinder are the exclusive distributor for the Alluser Industries range of security portals. Alluser Industries is a European manufacturer with over 44 years of experience designing and manufacturing the most technically advanced and widest range of high-security portals to provide the ultimate access control for your facility. This range of security portals are designed to: • control access even when the site is unmanned: PathMinder anti-tailgating portals are designed to prevent any attempts to gain unauthorised access. PathMinder security portals maintain the balance between speed of throughput, ease of use and high-security access. • protect against attack – for threat levels from casual vandalism to ballistics: choose the level of resistance your site requires. These interlocking doors can provide certified resistance against vandalism, manual attacks and ballistics. • maintain the highest security levels: set the security level to meet your needs – integrate personal identification methods such as biometric readers, CCTV or add metal detectors to reduce violent crimes. • provide simple deployment and building integration: with over 40 portals in the range, coupled with the customisation flexibility, these interlocking doors will blend in with the design of the rest of your site. Function PathMinder high-security portals are extremely flexible and can be tailored to be used in a wide variety of applications and implementations. The portals can be used for any combination of the following functions: • anti-tailgating: PathMinder portals come with state-of-the-art ultrasonic tailgate detection built in and the interlocking doors stop all tailgating and piggybacking attempts.
090 SECURITY SOLUTIONS
• attack resistant: PathMinder portals are available in different certifications from P1A, P4A, WK3, WK4, BR3, BR4. • man trap: the interlocking doors on PathMinder portals ensure that there is always at least one door locked during its operation. A user enters through the first door, which must lock behind him before the second door opens, allowing access to the secured zone. • metal detection: PathMinder portals can be fitted with industry-proven metal detectors designed to stop guns being brought into a facility. Features PathMinder portals are feature-rich and seem to have all the features that could be required. Standard features include: • ultra-sonic tailgate detection to prevent tailgating • P1A burglary resistant safety glass • FB4 certified metal structure (roof in accordance with FB2) • fire alarm signal opens secure and/or non- secure side • internal emergency mechanical unlocking devices • external emergency mechanical unlocking devices • external intercom • remote multi-function control panel • battery backup in the event of power failure • traffic lights to guide users • internal light in the portal • infrared safety sensors • anti-crush torque monitoring • anti-slip flooring to prevent injury • internal halogen light • choice of RAL colour paint finishes • motorised doors • work with any access control system.
Applications Typical applications for PathMinder portals include: Data centres In data centres, there are two principal areas where security portals can be deployed: • at the inner door that separates the visitors from the general building staff. This will be where identification or biometrics are checked to issue a proximity card for building access. The WK4 certified attack resistant design of PathMinder security portals can make an invaluable extra layer of security at this point, as this will delay any attempted break-ins to allow more time for a response to take place. • at the entrance to the data floor. Usually, this is the layer that has the strongest ‘positive control’, meaning no tailgating is allowed through this check. Access should only be through a proximity access card and all access should be monitored by CCTV. The tailgate prevention capability of PathMinder security portals make them an ideal barrier at this point. Offices PathMinder security portals can meet a wide range of security requirements in an office building: • key internal doors: At certain points in an office building, be it IT/server suites, research and development areas, cash handling or other similar high-security areas, you want to make sure that your access control system is not beaten and good manners of holding doors open for people does not compromise your security. Unlike other tailgate detection systems which only alert you to an unauthorised event, PathMinder security portals stop such events from happening. The interlocking doors and ultrasonic tailgate detection work together to
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
quickly and effectively prevent unauthorised entry, whilst allowing authorised staff members access to the important parts of your building. • out-of-hours entry: During the day, the main entrance to an office building needs to be welcoming and provide easy access. Revolving doors with security gates at reception are often the preferred option, but these can be vulnerable after hours when security staff are not available to monitor them. PathMinder security portals provide secure out-of-hours access. Their ultrasonic tailgate detection and interlocking doors will stop any unauthorised entry attempts. Unlike security gates, our portals cannot be jumped over or tailgated through and need no manned response. • security lockdown: Many office buildings, either by their location or by the nature of their business, may be subject to attack from protestors and saboteurs. It is at these times a high-security door is required to stop any mob attacks from entering the facility and causing a significant delay for an appropriate response to occur. Unlike most other security portals available on the market, which need to be in lockdown mode to meet their certification, PathMinder security portals are certified WK3 and 4 even when operational. This allows the security portal still to be used at these critical times to allow emergency entry and exit when it may be most needed. Research and development facilities By their very nature, the high value work that goes in research and development facilities means that security is at a premium, either to protect the investment of a company or to stop the theft of dangerous materials. In addition, some research and development facilities can be subject to attack from protestors and saboteurs. PathMinder security portals anti-tailgating features make it an idea solution to key sensitive areas inside the building whilst the attackresistant features of the portals make them ideal options for the main entry point.
Product Highlights With over 40 products in the PathMinder range, there are many options to consider. Four of the most popular products include: E1 Classic The E1 is the smallest footprint and most cost-effective product. This classic squareshaped portal is customisable, making it ideal for a wide range of uses, and is suitable for both small buildings where space is limited or large buildings. C3 Elite The C3 cylindrical security portal is an interlock system that provides wider access and is designed for areas where there is a higher level of throughput. The C3 security portal can be customised to a bi-parting four-door or standard two-door configuration, enabling quicker transit through the portal. The wider entrance provides easier access and is suitable for wheelchairs. The portal can be customised to meet different customer security requirements. C190 Prestige The C190 is the largest portal, with a 1,200mm opening, and is specifically designed to replace revolving doors for busy areas with a high throughput requirement and an out-of-hours, high-security requirement. The portal can either be used as a prestigious entrance way allowing the transit of multiple people at the same time or, after hours when security needs to be
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
elevated, it can be transformed into a highsecurity interlocking door to prevent tailgating and unauthorised entry attempts. HPJ Half Portal The HPJ140 is a half security portal designed to ‘cap’ any existing access controlled door that needs to increase its security level to stop any tailgating or unauthorised entry attempts through that doorway. The HPJ140 features a 900mm opening for DDA compliance and is one of our few security portals that are fail safe in the event of a power failure. The HPJ140 is an ideal solution to retrofit to an access control door where tailgating has become a problem. Conclusion Alluser Industries has been manufacturing security portals since 1976 and now distributes its products through 40 countries and is the approved security portal of choice for many governments. With over 40 products in the range, there is bound to be one that will meet your needs. PathMinder, the local representative with 10 years of experience in the Australian entrance control market place, prides itself on its project design, delivery and ongoing support and offers supply only to full turnkey installation project implementation and has a variety of flexible support and maintenance options to ensure the ongoing reliable operation of its security portal solutions.
SECURITY SOLUTIONS 091
Introducing Cortex: A Smart-City Appliance Revolutionising Urban Life And Public Infrastructure
Since launching in July 2015, Cortex has won multiple industry awards – including three Australian Security Industry Association Limited (ASIAL) Product of the Year Awards for Communications and CCTV Technology – and a Top 50 listing in Anthill’s 2016 Smart100. Why so many awards? Maybe because Cortex is an innovative, Australian-made, safe and smartcity appliance that not only upgrades, digitises and integrates amenities to define new world standards of services, but also reduces the cost of provision by 47 percent.
92 SECURITY SOLUTIONS
The product’s patented design revolutionises public service and safety delivery by wrapping more than 20 new and in-demand applications that include health, safety, tourism and telecommunication services into one responsive device. It represents smart infrastructure spending that satisfies government’s need to deliver on community safety improvements and to satisfy community demand for smarter transport systems and their thirst for digital telecommunications ontap. Services provide citizens with free, optimised Wi-Fi and voice over Internet Protocol (VOIP) calls, 360-degree multi-megapixel CCTV coverage, public address, duress and Automated External Defibrillator (AED) systems, convenient charge stations, news streaming, weather and more. In short, this technology improves life. Cortex simultaneously allows one to connect with the family or the office and to discover local cultural highlights; it makes waiting for the bus infinitely more entertaining or productive and makes outdoor spaces safer. Due to the sheer capability of the product, the range and variety of applications for Cortex is almost endless. Its sophisticated technology is protected by a robust 316 stainless steel housing that withstands the toughest outdoor conditions, making it suitable for roadsides, malls and transport terminals, and yet its understated design complements modern indoor shopping malls and airports. “The concept for Cortex finally came together when I was walking around my hometown of Brisbane,” said Mark Hartmann, CEO of Sylo. “Having years of international experience dealing with the best possible security and related industry tech, I became frustrated by the volume of ageing public amenity installations that clutter our parks,
malls and stations; take a look around – I am sure you’ll be shocked to notice the inefficiency and wastage from installing and maintaining decentralised CCTV cameras, static signs, maps, Emergency Help Points and Wi-Fi routers that are apparently at odds with one another. I built Cortex to offer smarter and more efficient security, safety and digital public services in our outdoor living spaces,” he said. Built by Sylo Pty Ltd – the Australian innovator that introduced Avigilon products to the AsiaPacific region in 2008 – Cortex’s strength remains in security. Best-of-breed componentry – from its megapixel CCTV cameras to audio, air monitors and duress systems – are networked to generate a sensory security device more powerful than the sum of its parts. A holistic set of audio and visual analytics constantly monitors and detects unusual behaviour and other known security threats, generating notifications which are then streamed to stakeholders – from emergency services, to police and asset owners – optimising response. Operators can also remotely trigger an emergency override to announce audio and visual public notifications on Cortex 65” digital displays as required to assist crowd control or in the instance of a natural disaster. Further, Cortex units are networked to maximise coverage, with advanced features including tag and track analytics to improve security response times. In addition, every Cortex captures real-time analytic data – from foot traffic to public transport peak times and air pollution levels – assisting government with smarter infrastructure planning and investment. As a proud Australian innovation, Cortex sets the new standard for integrated security technology. Mark Hartmann is keenly engaged with governments and large corporations; get in touch to join the conversation via email firstname.lastname@example.org
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
FILE PRO SECURITY SOLUTIONS 93
Be STid, be smart
Intuitive solutions for mobile access control
Instinctive Security Technologies Contactless identification technologies are increasingly used in today’s world. The term refers to all technologies used to make smart objects that communicate with the world around them. Guy Pluvinage understood the importance of this upand-coming technology when he founded STid in 1996. His deft intuition paid off, because STid, now managed by Vincent Dupart, has become a market leader in corporate security services. How has a French enterprise become the benchmark setter in an international market? We asked Vincent Dupart to explain. The French company STid and its team of 40 employees focus their business on protecting people and business data. STid makes security a top priority and was the first access control reader manufacturer to be awarded First Level Security Certification by the French Network and Information Security Agency (ANSSI). But Vincent Dupart’s ambitions were bigger still, “By using technology to meet security requirements, you are addressing a primary need – ensuring that anyone going through a door is authorised for entry. But when you analyse all user needs, the solution also has to be scalable, interoperable and extremely easy to use.” Employees use their access badges an average of 11 times a day and 98 percent of them feel that this is a burdensome activity. Times are changing though, and people should no longer have to fumble around at the bottom of a bag or remember to get their badge out every time. STid has developed a new contactless identification system where a person’s smartphone is his door key. “A technological revolution is underway, based on interconnected resources, shifting access control towards new uses and new devices. Smartphones offer new ways of interacting with access readers and resolve issues generated by increasing staff mobility,” adds CEO Dupart.
094 SECURITY SOLUTIONS
These social changes have led STid to draw on its experience to develop the STid Mobile ID solution. STid Mobile ID has been developed with RFID, NFC and Bluetooth Smart technologies, transferring an access badge to a smartphone, to work alongside or replace traditional badge technologies. These days, everyone comes to work with their mobile phone. “[Mobile] phones have become an essential everyday item, with all of the freedoms and functions they offer. Using smartphones can help employees accept the company security policy, by making usage instinctive and user friendly,” explains Vincent Dupart. The virtual badge offers a range of intuitive and easy-to-use methods that can be tailored to any situation. Hands-free mode can be used for identification without requiring any user action, or other methods implemented, such as doubletapping the phone (even in the user’s pocket), or raising a hand to the reader, even if one is already on a call. This solution is the most instinctive on the market and has won STid three technology prizes, including the Gold Trophy at the 2016 Security Awards. The future is bright for STid. Its ability to think out of the box has enabled it to offer these user-friendly innovations.
STid, a French champion In a challenging economic climate, STid has held its own and developed. Success has been due to the team’s ability to anticipate future needs and innovate, along with its unique and clear market positioning. “Our partners have chosen to remain free by adopting open technology, leaving them fully independent and in control of their security,” explains Vincent Dupart. The figures speak volumes. In the mature and competitive access control market, which saw four percent growth in 2016, STid grew by more than 20 percent. New frontiers for 2017 Given the company’s development plans, it does not look likely that STid’s growth will slow any time soon. According to the latest forecast from the Gartner technology research and advisory firm, 20 percent of organisations will be using smartphones instead of traditional access badges within the next three years. STid’s corporate strategy is ambitious, but the approach taken on the ground fits these goals. “We have focused on developing innovative, high-value products before starting to invest in international sales development. That now leaves us in a strong position to penetrate new markets.” In 2017, STid is setting its sights on North America, among other key markets. For more information, visit www.stid.com, email email@example.com or phone 02 9274 8853.
When a high level of security is essential, dormakaba Security Interlocks provide the ideal solution. Benefits include accurate people processing and the highest degree of separation.
Maximum security for sensitive areas
Security levels can be set according to individual requirements, including authorisation of access by external card reader, and additional interior checks, such as biometric verification, weight checking and two-zone contact mats. To learn more about our complete range of smart and secure access solutions, contact dormakaba. T: 1800 675 411 www.dormakaba.com.au
SECURITY SOLUTIONS 95
Another Strapping Success for Leda Leda Security Products' supplier, Cova Gates designed and engineered the worldâ€™s first crash tested PAS68 certified Bi-folding Speed Gate. This ground-breaking design and technology was developed in response to situations where alternative crash rated vehicle barriers were deemed unsuitable to be used as a point of controlled vehicular access into a building perimeter. Bi-folding Speed Gates operate rapidly with a nine second opening time and 11 second close time. These 100% duty cycle, continuousoperating gates are best suited to locations looking to preclude vehicle tail-gating with high traffic flow. The Leda / Cova gates blend effortlessly into any building facade or perimeter line discreetly enabling the deployment of a hostile vehicle mitigation barrier solution across a range of various site applications. The Bi-folding Gate's broad spectrum of applications is made possible due to the incorporation of composite strap technology into its arresting mechanism and shallow in-ground civil structure. Getting a gate to stop a speeding vehicle which hinges right in the middle presents a number of engineering challenges as hinges form the weakest point along the enforcement line. Composite straps are used in this case as they are adequately flexible to hinge where required, while enhancing all the energy stopping properties inherent with this technology. A bi-product when incorporating composite strap technology into Bi-folding Gates is its ability
096 SECURITY SOLUTIONS
to absorb energy, minimising load transfer at point of vehicle engagement into the civil foundation structure. This has resulted in this Bi-folding Gate having a shallow embedment of only 280mm, which allows it to be used in areas where underground services are present.
The Leda / Cova Bi-Folding Gate is able to accept most enhancements over and above its standard construction; it lends itself to the continuation of any high security fencing specification, powered fence or security toppings across the normally vulnerable vehicular entrance to a site.
A R T EX A R T EX ADVERTORIAL
! t i t u o b a Read all
your email address here
Security Solutions Magazine eNewsletter Sign up to our eNewsletter and receive up-to-date valuable information regarding all things Security.
SECURITY SOLUTIONS 97
Safe Campus Powered by P2 Wireless Mesh Technologies Recent news events have heightened the need for greater security. Campus, educational and commercial security is more important now than ever. P2's patented MeshRanger provides a robust, affordable, easy-to-install wireless network that is compatible with most existing security surveillance systems. The MeshRanger network boasts the astonishing capacity to carry 80 x full HD simultaneous streaming videos, or 20 x 4K videos. Its always-up and self-recovery mechanism with fail-over redundancy path and unique controller-independent architecture provides unrivalled performance, reliability and security. Made to withstand harsh weather conditions, P2's MeshRanger is the perfect security partner. The MeshRanger recently met the challenge to achieve a centralised wireless security surveillance system for a suburban educational campus spanning over 100,000m2 in Hong Kong. The campus was originally managed through four separate wired networks using different security surveillance systems that were purchased at different times. The MeshRanger provided one comprehensive wireless network integrating all surveillance video streams to one control room for efficient monitoring. MeshRanger enabled full HD camera monitoring for all entrances, indoor and outdoor areas, pedestrians and vehicle pathways to increase the security team's efficiency and effectiveness in preventing violence and theft. Furthermore, MeshRanger extended the wireless network to cover outdoor areas, such as sports grounds and the area between various
098 SECURITY SOLUTIONS
building clusters. MeshRanger removed blind spots by creating wireless network where cable lines were previously not feasible. MeshRanger also supported the wireless transmission of full HD PTZ camera for the sports ground, overseeing student's safety during outdoor activities and supported the live broadcast of sport events. Each IP camera is connected with P2 virtual fiber ring without complex cabling works between buildings or across sports ground. A smooth multi-
hop transmission of full HD video streams was enabled by P2's MeshInfinity technology. MeshRanger was deployed throughout the entire campus within one day. MeshRanger's simple cable-free deployment ensures short lead time and drastic cost reduction for installation, also minimising disturbance to business and regular activities. P2's revolutionary MeshRanger maximises current resources and is future-proof for the next generation surveillance systems.
SEE US AT TOTAL FACILITIES EXHIBITION SYDNEY ICC
March 29-30 2017 STAND B19
high speed doors for improving security and access control
Carparks Prisons Warehouses Emergency Stns Courthouses Defence Airports Casinos
DMF International Pty Ltd
Email firstname.lastname@example.org www.dmf.com.au
ph 1800 281170
Exclusive Australian licensed agent
SECURITY SOLUTIONS 99
Magnetic Automation is setting the standard for security solutions in the area of access and entry control
With over 30 years experience in the Australian market, our prime expertise is in drive and control technology; particularly in conceptual and project assignments. What is more, we deliver proven solutions for your projects involving access control for pedestrians and vehicles. Magnetic is also certified to ISO9001, ISO14001 and OHS18001. Access control Boom Gates Controlling access of vehicles and persons has become ever more important in recent times. The Magnetic.Access barriers are complete, costoriented solutions for access controls at public car parks, company premises or other entranceways. Our seven models include the right solution for every use. The MHTM™ drive unit (servo technology) used in all barriers is a technological milestone, operates maintenance-free and is energy efficient. The MGC drive unit employed offers a variety of enhancement options, depending on the version, and offers a high level of operating convenience. Parking Boom Gates Whether for a parking garage, underground parking or an open-air car park: the barrier is always the central element. Magnetic.Parking barriers are especially developed for high-traffic areas. Their appeal lies in durability and quality, low maintenance and low operating costs, as well as optimal ease of integrating them into existing systems and environments. In short: Magnetic.
100 SECURITY SOLUTIONS
Parking barriers are the first choice for parking garage operators and solution providers for reliable entrance and exit controls in parking garages, underground parking and open-air car parks. • High functionality. • 10 million opening and closing movements. • Award-winning design. • Low power consumption. • Safety control in compliance with EN 13849. • High operating convenience due to ideal accessibility. Vehicle Sliding and Swing Gates As standard, all of our medium and heavy duty gates are 100% duty cycle, hot dip galvanised and made from Australian steel. They are fitted with industrial motors and control systems, can be connected to any standard access control system, and use two forms of safety devices - PE beams and in ground induction loops. Gates can be customised to specific length, height, surface finish (powder coating) and infill/cladding. The Magnetic Swing Gate has been a market leader for more than 30 years. It has been designed for high end commercial and industrial applications. The swing gate provides maximum control of vehicular passage at security access points and can be tailored to suit specific applications and customised to suit site requirements. The MSGB BiFold speed swing gate provides maximum control of vehicular passage at security access points. The gate is designed for high end commercial and
industrial applications particularly where opening space is limited. Specialist Engineering Services As part of a global group we have access to international product development. We also develop our own local product range via our own inhouse engineering which partners with our efficient manufacturing facilities. Manufacturing Capabilities Our manufacturing facility is located in Melbourne and we have a high level of manufacturing integration which optimises our quality and flexibility to customise solutions for customers. Magnetic Automation is part of the global FAAC Group – a world leader in access control and automation since 1965. To ensure the highest levels of service and support, Magnetic Automation maintains a presence in every state, with a Head Office in Victoria and branches in Western Australia, Queensland and New South Wales. In this way, you can be assured that whether you require a consultation, service technician, installation or just have a question, a Magnetic Automation staff member is only ever a phone call away. Why not turn to a name you can rely on and trust the next time you need someone to provide proven solutions for security and safety to help protect your people and assets. Contact Magnetic Automation 1300 364 864 or visit www.magneticautomation.com.au
FILE PRO SECURITY SOLUTIONS 101
PRO DU CT
S E S A C W O H S AIPHONE GT APARTMENT INTERCOMS Aiphone has released two new monitors (7” and 3.5”) for the GT apartment intercom system range. The 7” monitor (GT-1C7) features better visibility with a 170-degree wide angle. The 3.5” monitor (GT-1M3) is suitable for large apartments where budgets are typically tight. From July 2017, the GT system will be a hybrid-IP intercom system following the release of its Internet Protocol (IP) module, which allows the system to handle up to 5,000 tenants and 120 common entrances. This new product is available through Aiphone’s respected, authorised distribution channels. In Australia, they are Seadan Security & Electronics, Sprint Intercom & Security, Mainline Security, Freeway Security Wholesalers, NetDigital Security, Radio Parts, Delsound, Comtel Technologies, Nidac and, most recently, CSD (Central Security Distribution), whom Aiphone welcomed into its distribution network in October 2016. New Zealand distribution partners include National Fire & Security and Zone Technology. Visit www.aiphone.com.au or call 02 8036 4507 for more information.
BOMB SAFETY AND SECURITY: THE MANAGER’S GUIDE by Donald S Williams Like so many aspects of security, bomb safety and security has become a topic of significant concern to every organisation in the last decade. Any business, regardless of how large or small it might be, how innocuous it might appear, could and possibly will be subject to some type of bomb related incident through the course of its operating life. Whether it be through disgruntled employees, or as a result of operating in a target rich environment such as a large retail shopping centre or strip, or as the result of a misunderstanding or poor communication or could even simply be wrong place wrong time. The fact remains, the explosive growth (pardon the pun) of extremist activity combined with the proliferation of information freely available via the world wide web means that anyone with the motivation, means and opportunity can instigate an explosives related threat. This is why I believe this book is an important read for anyone responsible for the safety of people and/or property, from facility managers through to retail, event, business and security managers. Unlike other security related texts, this book has been written in a way that makes it accessible to everyone. You do not need years of experience in security or a grasp of convoluted acronyms and complicated security theory to get the most from the book. Full of easy to understand, no nonsense explanations and insights, Bomb Safety and Security: The Manager’s Guide help readers understand how to not only develop and implement appropriate bomb safety and security measures to safeguard life, property, and reputation, but more importantly, to do so while minimising unnecessary disruption, maintaining operations and protecting profitability.
102 SECURITY SOLUTIONS
The book provides guidance on how to prepare for and respond to: • Bombs of various types • Threats • Unattended items • Post-Blast situations. Drawing on 20 years experience as a bomb technician, follow by a successful career in security including such positions as the Bomb Risk Manager for the Sydney 2000 Olympics and Paralympics and the Defence Officer at a National Bomb Data Centre, Don has done an enviable job of providing practical common sense approaches to problems that will make sense to both security professionals and non-security professionals alike. Available from http://asrc.com.au
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.
CT DU PRO
SHO WC ASE S dormakaba ACCESS SOLUTIONS When a high level of security is essential, dormakaba turnstiles and full-height gates provide the ideal solution. The range of sturdy turnstiles from dormakaba are especially suitable for reliably securing outdoor areas. When used in conjunction with card readers, they can reliably control access without the need for monitoring by personnel. Thanks to its patented end-point locking, it is impossible for anyone to become trapped in the event of power failure or attempted unauthorised access. With only one hinge door, the dormakaba full-height gates are predominantly used outdoors for barrier-free access, often in conjunction with a matching design of turnstile. dormakaba fullheight gates are also suitable for barrier-free access in outdoor premises. Versatile versions enable individual combinations of multiple units to be put together. Two, three and four-winged units with straight or U-shaped bars can be combined with each other. The same applies for units with bicycle doors, integrated doors, an emergency exit function or in resistance class WK2. The roofs fit with any of the single, multiple or space-saving double units. dormakaba turnstiles also feature a quiet, low-energy drive which consumes very little energy and adapts to the speed of the person entering. To further add to the safety of their products, dormakaba turnstiles feature an end-point locking solution which prevents people from becoming trapped or jammed. After release, the turnstile may be stopped at any time and rotated backwards, as long as it has not yet completed half of its rotation. Once the turnstile has completed half of its rotary motion, the unit can only be exited in the released direction. Additional features of the dormakaba turnstile range include the availability of space-saving double units; turnstile columns and bars which are made of robust stainless steel; the ability to freely determine turnstile behaviour in the event of a power failure; ideal for use in regions with harsh environmental conditions; the option to include a secondary identification requirement for additional security and added spacing between shearing edges to help eliminate the risk of injury. Visit www.dormakaba.com.au for more information.
FLIR FC-SERIES ID The new FC-Series ID fixed thermal camera combines best-in-class thermal image detail and high-performance edge perimeter analytics together in a single device that delivers optimal intrusion detection in challenging environments and extreme conditions. FLIR has long been recognised as a leader in the field of thermal imaging. However, with the release of its newest FC-Series ID cameras, users can now also enjoy the benefits of high-performance intrusion detection by way of reliable on-board analytics with one of the lowest false-alarm rates on the market. The camera also features auto calibration for depth setup, enabling a simple and reliable configuration. No additional measurement tools are needed, meaning that these cameras can be quickly and easily set up by a single installer. This new camera also enables analytics in corridor mode, reducing the number of cameras required per site and improving the total cost of ownership. Furthermore, added flexibility within the camera software means that users can choose to mask out areas of a scene either manually and/or automatically. In addition to the on-board analytics, FLIRâ€™s industry-leading image processing provides superior image quality in low-contrast conditions. Combined with FLIRâ€™s custom Automatic Gain Controls (AGCs), which provide unmatched image contrast, Dynamic Detail Enhancement (DDE), which creates sharp edges and contrast that improve analytics performance, and an expanded selection of high-performance lenses to ensure optimal detection ranges in all conditions, it is easy to see why the FC-Series ID camera is set to become the go-to low-light camera. Visit www.flir.com or call 03 9550 2800 for more information.
SECURITY SOLUTIONS 103
PRO DU CT
S E S A C W O H S HID FARGO HDP5600 ID CARD PRINTER AND ENCODER The HID FARGO HDP5600 ID Card Printer and Encoder is a costeffective and reliable solution that features a high-resolution 600dpi printing option for superior text and image quality. This all-in-one solution is ideal for government agencies, universities, corporations and healthcare facilities that need to routinely produce large volumes of high-definition IDs or multi-function smart cards. With the new HPD5600, you can print clear, crisp images, text and barcodes – even precise, complex characters such as Kanji, Arabic or Cyrillic are clearly defined and easy to read. And because the HDP5600 also features a versatile, modular design, you can field-upgrade the printer as your needs change. The printer also offers high-quality resin printing, enabling clear, crisp images, text and barcodes. Optional data encoding allows production of highly secure contact and contactless, multi-function smart cards that address your specific needs and connect to other systems, such as visitor management, physical or logical access control, time and attendance, or cashless vending. The unit also features a versatile, modular design. The HDP5600 has several field-upgradeable features that can be added to the printer as your needs change. For example, an optional dualsided, printing module can add company- or employee-specific information to the back of a card, such as when a barcode or digital
signature is also desired. Or select the dual-card hopper option to simultaneously produce both employee and student or contractor IDs in a single pass. The design of the HDP5600 is simple and intuitive. Cards, ribbons and overlaminate cartridges load quickly and easily, making it easy to operate and maintain over time. Only one card printer offers 5th generation re-transfer technology for every need. From sharp and vibrant photo ID cards to multi-functional, high-security applications, the HDP5600 delivers on the promise of ultimate image quality and printer reliability, affordably. Visit www.hidglobal.com for more information.
OPTERA With Optera’s Panomersive Experience, take in the whole panoramic scene while simultaneously drilling down into crisp, detailed immersive views where you can pan, tilt and zoom into areas of interest. Optera optimises the images from each of the four sensors and then seamlessly stitches and blends them at the boundaries to present you with a natural, continuous panorama. No more worries about poor alignment between sensors, having to manually sequence images, or gaps in information. Thanks to Anti-Bloom technology and proprietary image processing, SureVision 2.0 produces high-quality images in extreme low light without ever leaving wide dynamic range mode. Panoramas this smooth, video this clear and technology this advanced must be experienced firsthand. • constant, seamless situational awareness • multiple immersive pan, tilt, zoom views at the video management system • zoom in for detail live or retrospectively with client-side dewarping • up to 12 megapixel resolution for better detail at distance • up to 15ips at 9 megapixel resolution • SureVision 2.0 for simultaneous wide dynamic range and low- light performance • 8 Pelco video analytic behaviours • ONVIF Profile S and Profile G conformant
104 SECURITY SOLUTIONS
• • •
compatible with Pelco VideoXpert, Digital Sentry NVS and third-party VMS partners 180°, 270° and 360° models available in a variety of colours and mounts 3-year warranty.
Visit www.pelco.com or email email@example.com for more information.
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.
CT DU PRO
SHO WC ASE S
COMPACT AND ELEGANT INDOOR IP INTERCOM The Turbine Mini IP Substation (TMIS-1) from STENTOFON is designed for indoor use. This station is typically used as a communication, information or emergency point and connects directly to the Internet Protocol (IP) network, making it easy to deploy anywhere and at any distance. The station can be flush mounted or mounted using an on-wall box. Like all IP stations in the Vingtor-Stentofon Turbine series, the Turbine Mini IP Substation utilises the latest technology to create unparalleled audio quality. The combination of the many features listed below and more than 70 years of experience with acoustic technology represent but a few of the many factors that contribute to the superior audio quality synonymous with STENTOFON. The Turbine Mini IP Substation (TMIS-1) features: • background noise cancellation • durable construction including a robust die-cast aluminium frame • support for a wide set of IP and networking standards • white thermoplastic front plate featuring a single button • ideal for building security and public environments. Intelligible Audio With any intercom, the primary challenge is always to produce loud and clear audio which can be easily understood. When security matters and seconds count, crystal-clear audio is essential.
Integrated Communication Efficient communication requires a single integrated communication platform. The Turbine Mini IP Substation (TMIS-1) from STENTOFON supports open protocols such as Session Initiation Protocol (SIP), making it simple and easy to do all your communication from one central console. Integrated Security Reliable communication between different systems is equally important. STENTOFON shares information through common protocols or dedicated drivers with other parts of the security system, such as access control and video cameras, to enable automated processes. This makes it easier for the security team to work a lot more efficiently in case of a critical event. The combination of 71 years in critical communications and a host of classleading intercom solutions makes STENTOFON one of the most trusted names in communications. Contact STENTOFON Australia on 03 9729 6600 or firstname.lastname@example.org for a demonstration, or see them at stand H36 at ASIAL 2017 in Sydney.
INT-QUADIP IP INTERFACE MODULE FOR PB-SERIES QUAD BEAMS TAKEX has launched an all-new Internet Protocol (IP) interface module, INT-QUADIP, designed for PB-IN-HF/HFA, PB-F/FA, PB-IN-100AT and PB-KH series photoelectric beam sensors. Whilst network alarms and Power over Ethernet (PoE) are standard on IP cameras, most intruder detection systems rely on mechanical relays and require a separate power source. Integrating a beam sensor to a modern IP security system using these legacy technologies requires a number of third-party products and man hours. With the TAKEX IP interface module, our photoelectric beams are as easy as IP cameras to install and integrate with leading video management systems (VMS); start recording when a perimeter is breached, direct a pan, tilt, zoom (PTZ) camera to the location of an intrusion, or activate lighting or sounder equipment. With IP and PoE, only an Ethernet cable from the product to the nearest PoE switch is required, utilising existing IP infrastructure already in place with CCTV, access control and other security systems. This dramatically reduces the costs associated with installation and provides a fully integrated security solution which can be easily expanded and configured to customer and site requirements as desired. The TAKEX INT-QUADIP module is designed around industry-standard protocols and can be easily integrated with leading third-party VMS solutions as a generic device. In addition, the module supports direct control of an ever-increasing list of cameras, including Axis, Bosch, Hikvision and Sony – ideal for budget-conscious installations. Other features include a plug and play web browser interface for configuration and a digital output for connecting auxiliary equipment. Key specifications: • PoE Class 3 • IEEE 802.3af • VMS compatible • supported cameras for direct control include Axis, Bosch, Hikvision and Sony • plug and play web browser interface • no software installation required • one cable installation. Visit www.takex.com.au for more information.
SECURITY SOLUTIONS 105
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Bosch launches Video Management System 7.0 – enabling higher quality and more secure video streaming
Bosch has just released its Video Management System 7.0 software (Bosch VMS 7.0), which will empower security operators to effectively manage high-resolution video streams in their day-to-day work. At the rate that video cameras are evolving, keeping track of an ever-growing amount of high-resolution video data is becoming even more challenging. In places like metro stations and airports where many cameras are needed, the burden on a workstation is very high. If a workstation is overloaded, the client application will often lag. This is a great obstacle for security operators who need to view many cameras at once in order to maintain a complete and uninterrupted overview of a location, such as an airport terminal. With the new Bosch VMS 7.0, however, the user is able to keep multiple UHD (Ultra High Definition) cameras open without having to worry about slowing down the application. Bosch VMS 7.0 uses the technology “streamlining”. This technology automatically shows the optimal video resolution on the screen. If an operator needs to view many cameras simultaneously, the Bosch VMS 7.0 automatically uses a lower-resolution stream. When enhanced pictures are required to zoom in or view on a full screen, for instance, a higher-resolution stream is automatically chosen. This feature uses the multi-stream capabilities available on Bosch IP video cameras and runs on existing workstations. Another new feature of Bosch VMS 7.0 is the encrypted communication between Bosch cameras and the Video Management System. A security manager can choose to encrypt all control communications and videos through a secure HTTPS connection, reducing the risk of the system being hacked. Bosch VMS 7.0 also offers customers an IT security guide, which explains how to set up a secure system. The document describes how to configure Bosch VMS for Windows operating systems and how to secure video cameras against unauthorised access. Bosch Security Systems Ph: 13000 BOSCH (26724) www.boschsecurity.com.au
106 SECURITY SOLUTIONS
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Cognitec Hires Terry Hartmann as Vice President to Drive Growth in the Asia Pacific Biometrics Market Renowned biometrics pioneer Terry Hartmann will lead business development and client relations as Vice President Asia Pacific at Cognitec Systems Pty Ltd. Hartmann will direct an international sales and support team to meet the demands of an expanding biometrics market in the region. Governments in Australia, New Zealand and many Asian countries are investing heavily into large-scale biometric projects, and many of them have trusted Cognitec’s market-leading face recognition technology for more than a decade. “Face biometrics is now a proven technology, yet has so much potential for growth. Asia Pacific is certainly the place where innovation can be realised,” said Hartmann. “I am excited to leverage Cognitec’s products into numerous security and facilitation benefits to prospective clients, integrators and their customers.” Cognitec gains Hartmann’s world-wide leadership experience in the identity and security domains. Most recently, he led the transportation business in the US and Canada for Unisys, and before that managed their solutions for industry applications globally. Hartmann became an internationally acknowledged thought leader on applying biometric and chip technologies to border control/identity management during his tenure with the Australian Passport Office. He was the author of the ISO/ICAO international standards for face recognition in ePassports, and has won numerous international awards. Organisations around the world have invited him as a key speaker. “Terry brings to Cognitec a long-standing, remarkable reputation as an industry expert,” said Cognitec CEO Alfredo Herrera. “We are certain that his passion for advancing biometric technologies, and his experience with global applications and projects, will perfectly align with Cognitec’s growth strategy in the Asia Pacific region and further strengthen our business position and relationships.” About Cognitec Cognitec develops market-leading face recognition technologies and applications for enterprise and government customers around the world. In various independent evaluation tests, our FaceVACS® software has proven to be the premier technology available on the market. Cognitec’s portfolio includes products for facial database search, video screening and analytics, border control, ICAO compliant photo capturing and facial image quality assessment. Corporate headquarters are located in Dresden, Germany; with other offices in Rockland, MA and Sydney, Australia. For more information visit www.cognitec.com or email email@example.com
SECURITY SOLUTIONS 107
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Hikvision Blazer Express, an easy retail iVMS solution Hikvision, the world’s leading supplier in innovative video surveillance products and solutions, has introduced Blazer Express, an easy-to-use and highly efficient intelligent video management software (iVMS) station, designed specifically to meet the needs of small- to medium-sized retail surveillance applications. Catering for up to 16 or 32 network surveillance cameras, Blazer Express (supplied with preinstalled operating system) offers individual shops, multi-site stores and petrol stations, centralised video management and easy operation, along with quick and easy installation via its set-up wizard, and automatic device discovery to recognise any connected Hikvision devices. User-friendly functionality Helping SMB retail operations to manage and secure their businesses in a more effective manner, Blazer Express is packed with a host of powerful features, supporting retail users to increase their business efficiency. On-board functionality allows users to select a target or event for a number of uses, such as to retrieve video footage to review employee performance for training or sales evaluation, as well as to protect assets and staff. Blazer Express supplies live, playback and alarm camera viewing functionality via its user-friendly interface, enabling easy location of relevant video footage via multiple video search options: including tag, lock, interval and segment. Displaying a complete visual overview of all camera locations, an on-screen E-map permits per camera related live video, playback and alarm activated events to be directly accessed for quick identification, alerting the retail operator to manage situations with an appropriate response. Designed for small- to medium-sized retail application, Blazer Express supports seamless integration with existing POS system, associating POS transaction data with the relevant CCTV footage, further helps to identify and review suspicious transactions, as well as to provide evidence for any customer disputes. Suitable for petrol stations, car parks and vehicle entrance/exit management, Blazer Express also comes as standard with automatic number plate recognition (ANPR). Whilst a people counting function can provide valuable data for retail operators to gain an understanding of people flow across different periods of time. The product is further engineered with pluggable mSATA design for convenient system maintenance. A helpful system health-check function monitors service, storage, and camera running status, to provide assurance for system operators. Advanced and scalable operation Blazer Express iVMS stations can be installed at multiple remote sites, with cascade mode used to deploy centralised video management. In multi-site mode, Blazer Express allows operators to access video and alarm information from remote retail branches. Allowing easy system expansion, if and when a new store needs to be accommodated, it’s simply a case of connecting a new Blazer Express to the system, and multisite systems can be configured to enable a Blazer Express client to manage all stores’ video footage and alarm information centrally, maximising human resource and response efficiency. Further enhancing remote management, Blazer Express based iVMS systems can be accessed at anytime and from anywhere in the world using multiple free clients. Supporting installation flexibility and saving valuable budget, Blazer Express supports third-party ONVIF compliant cameras or private protocols, with Hikvision providing a SDK for seamless third-party systems integration. Further information about Hikvision’s Blazer Express iVMS Station can be found at http://www.hikvision.com/en/VMSNProductsdet_710.html
108 SECURITY SOLUTIONS
Securing Emergency Services’ Assets
Locking down a high security area isn’t always as simple as installing an off-the-shelf solution. Often, different spaces can present unique challenges requiring unique solutions, which is why Magnetic Automation were recently approached to design a custom solution for a hightraffic emergency services site. A gate was needed to block off the entry and exit points to the site to prevent vehicles and pedestrians using the car park as a thoroughfare. However, conventional slide or swing gates would not fit due to space restrictions. Furthermore, the area had limited run-off space, and fast opening times were a necessity to ensure emergency vehicles could exit quickly. Magnetic Automation staff worked with the client to designed a site-specific solution using two MSGB trackless bi-fold speed gates. The gates, which boast a 6.4-second opening time, were customised to the client’s requirements and installed on the site to provide protection against external foot and vehicle traffic. Beyond simply meeting the needs of the client, the Magnetic Automation team had to coordinate and work closely with other security service providers, landlords, consulting engineers and the client to complete the project. For more information regarding our MSGB bi-fold gates or any other Magnetic Automation products, please contact our head office on 1300 364 864 or email firstname.lastname@example.org YouTube link: https://www.youtube.com/watch?v=NJuSjM5VwKY
MOBOTIX Develops “MxActivitySensor 2.0” For Intelligent 3D Motion Detection MOBOTIX kicks off the New Year with several new innovations, including MxActivitySensor 2.0, a proprietary network switch, perfect for installations in smaller spaces, and an update to the Video Management Software MxMC 1.3. This video motion detector, which has been integrated in the camera since 2013, differentiates between events that are relevant and irrelevant to alarms and thereby reduces the number of false alarms. This motion analysis reliably detects moving objects and does not trigger any false alarms in the event of interference such as rain, snowfall or moving trees or poles. With MxActivitySensor 2.0 MOBOTIX has gone a step further: thanks to intelligent 3D motion detection, false alarms caused by common types of motion from birds or small wild animals can be reduced. In this way, the camera keeps a constant watchful eye on the scene, only triggering alarms in response to security relevant events. Alongside MxActivitySensor 2.0, which is available in the latest firmware version (126.96.36.199), MOBOTIX now offers a new four-way sensor: MxMultiSense. This sensor records information such as the noise level, movement (PIR), temperature and brightness, and is an inexpensive supplement to camera installations. It also monitors areas that cannot be captured by cameras. For the first time, MOBOTIX also introduced a PoE+ capable network switch. MxSwitch is a compact DIN rail module that can be used to directly connect and power up to four MOBOTIX Door Stations, cameras or other PoE/PoE+ devices. It is very well-suited for IP installations in small systems and, thanks to its minimal mounting height, it guarantees quick and simple installation into any electrical cabinet. For instance, MxSwitch also reduces cabling during the process of installing the fully preconfigured T25 Smart Access Set 2. This set is an easy-to-start security solution featuring smart home technology. The set is particularly well-suited for use in single-family homes and small businesses. The new firmware version (188.8.131.52) is available on the MOBOTIX website for download. MOBOTIX is also continually developing in terms of software. The latest video management version of MxManagementCenter, the MxMC 1.3, was recently released and was downloaded over 10,000 times in the first five weeks after its launch. MxMC 1.3 offers many new functions that make the software even more efficient and easy to use. For instance, a tree structure in the device bar (which can be expanded on the side) provides a clear overview and enables simple navigation between cameras and camera groups. For more information visit www.mobotix.com
SECURITY SOLUTIONS 109
Survey: Cyber Security Skills Gap Leaves 1 in 4 Organisations Exposed for Six Months or Longer ISACA to address the growing skills gap as demand for qualified cyber security professionals continues to outstrip supply Sophisticated cyber security defenses are increasingly in high demand as a cyber security attack is now viewed as an inevitability. However, a majority of surveyed organisational leaders fear they are ill-equipped to address these threats head-on. According to a new cyber security workforce study by ISACA’s Cybersecurity Nexus (CSX), only 59 percent of surveyed organisations say they receive at least five applications for each cyber security opening, and only 13 percent receive 20 or more. In contrast, studies show most corporate job openings result in 60 to 250 applicants. Compounding the problem, ISACA’s State of Cybersecurity 2017 found that 37 percent of respondents say fewer than 1 in 4 candidates have the qualifications employers need to keep companies secure. More than 1 in 4 companies report that the time to fill priority cyber security and information security positions can be six months or longer. In Europe, almost one-third of cyber security job openings remain unfilled. Cyber Security Qualifications: A Moving Target Most job applicants do not have the hands-on experience or the certifications needed to combat today’s corporate hackers, ISACA’s report found. The report also highlighted where hiring managers’ expectations are shifting most as they consider candidates for open cyber security positions: • 55% of respondents report that practical, hands-on experience is the most important cyber security qualification • 25% of respondents say today’s cyber security candidates are lacking in technical skills • 45% of respondents don’t believe most applicants understand the business of cyber security • 69% of respondents indicate that their organisations typically require a security certification for open positions and most view certifications as equally, if not more, important as formal education. Closing the Gap ISACA offers five recommendations to help employers find, assess and retain qualified cyber security talent: 1. Invest in performance-based mechanisms for hiring and retention processes. ISACA’s upcoming CSX assessment capability will help employers assess performance level of prospective and current staff members. 2. Create a culture of talent maximisation to retain the staff you have. Even when budgets are tight, there are things that can be done that don’t impact the bottom line: alternative work arrangements, investment in personnel growth and technical competency, and job rotation to help round out skills and minimise frustration with repetitive (but necessary) tasks. 3. Groom employees with tangential skills—such as application specialists and network specialists—to move into cyber security positions. They are likely to be highly incented to do so and it can help fill the gap in the long term. Having a path in the organisation to do this can be a solid investment, as it can be cheaper to fill those gaps and help support employee morale. 4. Engage with and cultivate students and career changers. An outreach program to a university or an internship program can help with this. 5. Automate. Where security operational tasks can be automated, it can decrease the overall burden on staff and thereby help make best use of staff that an organisation already has. To download a complimentary copy of the workforce report, visit www.isaca.org/state-of-cyber-security-2017. The second volume of the State of Cybersecurity study, featuring threat landscape and security governance data, will be available later this year.
110 SECURITY SOLUTIONS
Axis Communications appoints Sektor as New Zealand distributor
Axis Communications, the market leader in network video, appoints Sektor as New Zealand distributor. Under the agreement Sektor will distribute the entire range of Axis network cameras, access control, IP audio and video products. Wai King Wong, Axis Country Manager, South Pacific region says “Sektor provides us with new market opportunities in the IT realm plus the comprehensive support of their market leading Distribution capabilities. We’ve been really impressed with Sektor’s professionalism and drive. They are a great match for Axis as a company and the innovative products we have in the pipeline.” Sektor’s Andre van Duiven (GM Security) says “we see video technology combining with Big Data for some major growth in the coming years. Axis is the most technologically advanced brand in the market and continues to lead the world with video innovation. We have been working on several industry specific solutions and combining these with Axis presents some major growth opportunities for our reseller partners and Axis alike.” Sektor went live as a distributor with full product support and inventory on 1 February 2017. There will be a nationwide roadshow in the coming months. For more information visit www.axis.com
EZI Security Systems adds High Security Portals to its range PathMinder has appointed EZI Security Systems as its exclusive partner reselling its range of high security portals to the government sector in Australia. PathMinder Pty Ltd are the master distributor in Australia and New Zealand for Europe’s most advanced range of high security portals manufactured by AllUser Industries. AllUser security portals are made up of 2 interlocking doors and a sophisticated ultra-sonic tailgate detection system to ensure access is limited to authorised people only. As standard the units are designed to be burglary resistant and are certified as P1A. Options for each model include vandal, attack and bullet resistant solutions up to BR5 in certain models. Other customisations include metal detectors to stop weapons being brought on to a premise. With over 40 fully customisable models in the range PathMinder can offer a solution to meet most security needs. The range is made up of classic, cylindrical and the unique half portal concept that is designed to cap an existing access controlled door to stop any unauthorised access attempts. ‘Our security portals are already the portal of choice for many international governments so working with a partner who understands the sales process and is able to provide the right service is key for our growth in this sector in Australia’ says Max Nais, Export Sales Director for the portals Italian manufacturer, AllUser Industries. ‘We see the AllUser range of security portals as having some major advantages over the existing products being offered in this sector’, says Troy Donnelly of EZI security Systems. ‘We are already very established with our high security gates in the government sector and have had several enquiries for this type of high security pedestrian control. As such this range of security portals is an obvious add on to our extensive range of security solutions.’ For more information on PathMinder PTY LTD Systems visit www.pathminder.com.au
SECURITY SOLUTIONS 111
SUBSCRIBE Security Solutions Magazine, Level 1, 34 Joseph St, Blackburn, Victoria 3130 | Tel: 1300 300 552
I wish to subscribe for:
oONLY $62 per annum!
Credit Card oBankcard
Card Number: ........................................................................................................................................................................ Exp: _ _ / _ _ Card Name: .................................................................................................................................................................................................................... Signature: ....................................................................................................................................................................................................................... When payment has been received and funds cleared, this document serves as a Tax Invoice. Interactive Media Solutions ABN 56 606 919 463. If this document is to be used for tax purposes, please retain a copy for your records.
Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...
Subscribe to Security Solutions Magazine for
ONLY $62 per annum!
Simply fill in the form or call 1300 300 552
112 SECURITY SOLUTIONS
What will the future of security technology look like?