Asia Pacific Security Magazine, July/Aug 2016 by MySecurity Marketplace

THE REGION’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.asiapacificsecuritymagazine.com July/Aug 2016

FEATURE SPECIAL

SECURITY IN SINGAPORE

Now is the time for multi-modal biometrics

Cloud Infrastructure & Security

Crime: Examining the mob mentality

Strategic Pillars of Change: Australia’s Cyber Security Strategy

Help from above: UAVs preventing shark attacks

The greatest threat to your business

Big data = Big business = Big risk

PLUS

$8.95 INC. GST

TechTime, Quick Q&A, Cyber Security and much more...

CYBer SecurITY

Do we have IT right?

18-20 October

The Four Points Hotel - Darling Harbour National Conference 2016

From the War Room to the Board Room, HuntsmanÂŽ Defence Grade Cyber Security Platform delivers: Advanced Threat Detection and Incident Response Continuous Compliance Serious Cyber Security ROI

Proven in the most secure and sensitive environments within the intelligence, defence and criminal justice networks across the 5 Eyes community.

LEARN MORE TODAY 1300 135 897 huntsmansecurity.com

Contents Editor's Desk 3 Industry Insights

Quick Q @ A Jason Gotch - Managing Principal, Dynamiq NSW

APSM Feature articles Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Art Director Stefan Babij Correspondents Sarosh Bana Adeline Teoh Tony Campbell Tim Mayne

MARKETING AND ADVERTISING T | +61 8 6361 1786 promoteme@australiansecuritymagazine.com.au SUBSCRIPTIONS

T | +61 8 6361 1786 subscriptions@mysecurity.com.au

Dark figure issues in maritime piracy

Now is the Time for multi-modal biometrics

Innovation drives hologram ID document protection

SITREP – The kidnap prevention mindset

Prevention is still better than cure

Locating a new weapon for Australia’s data detectives

Examining the mob mentality

Help from above: UAVs preventing shark attacks

HUNTSMAN: Building a security intelligence centre

Digital Identity

How cloud infrastructure is making enterprise more secure

The greatest threat to your business today

The road ahead - How to survive as a new Cyber Security Manager

www.facebook.com/apsmagazine

Page 8 - Dark figures issues in maritime piracy

Singapore Feature Security in Singapore

Netevents APAC summit review

SMART Facilities Management Solutions

FORTINET FEATURE

TechTime - the latest news and products

All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.

CONNECT WITH US

Professionals on borders

Page 20 - The kidnap prevention mindset

OUR NETWORK Page 32 - Help from above

Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.

www.twitter.com/apsmagazine www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about

Correspondents* & Contributors

www.youtube.com/user/MySecurityAustralia

Page 44 - Security in Singapore

www.australiansecuritymagazine.com.au

www.drasticnews.com

John Lord

John Kendall

James Valentine

Brian Henke

Adeline Teoh*

Tony Campbell*

Sarosh Bana*

Tim Mayne*

www.chiefit.me

www.youtube.com/user/ MySecurityAustralia

www.cctvbuyersguide.com

4 | Asia Pacific Security Magazine

David Stafford-Gaffney

Editor's Desk

“We are promising the Crusader nations which have aligned themselves against the Islamic State that dark days are coming” - ISIS, March 2016 in claiming responsibility for the Brussels attacks.

he threats continue and we remain at war. The war against ISIS has had recent success in the lands of Fallujah, however seems only to have brought the battle back to the cities - Istanbul, Baghdad, Dhaka, Kuala Lumpur, Brussels, Paris and Orlando. Sadly, these places are far from being the exhaustive list of attacks or thwarted attacks in 2016. Indeed, at the time of writing ISIS attacks were being reported in several Saudi Arabian cities and plots uncovered in Tehran. Smaller ISIS inspired attacks are occurring globally. What is certain is that the front line will change constantly in the war against radical Islam. Jihad will not disappear or can even be defeated, only dispersed and dissipated. The underlining danger is that the wave of attacks continue to destabilise Western society to the extent that violence spreads like a cancer. To highlight the point, alongside the rise in ISIS attacks in the months of June and July, there has been a rise in racial tensions in the United States with police coming under fire and being killed in Dallas and surges in hate crimes in the United Kingdom with over 3,000 incidents reported in just two weeks around the Brexit referendum. Australia has also seen attacks against Mosques in Melbourne, Sydney and Perth and anti-Muslim campaigner Pauline Hanson has been elected to Australia’s Senate – she is calling for a Royal Commission into Islam and CCTV to be installed in all Mosques. Hanson is Australia’s version of America’s Donald Trump, complete with an orange tinge. This is a time for the public and private security sectors to come together and develop the necessary relationships to ensure communication and information sharing is at its peak in times of civil disorder and uncertainty. Frontline officers, be they police, security, medical or emergency will be targets. In Western Australia, the local chapter of ASIS International has looked to make a difference and has developed a strong partnership with the US Department of State Overseas Advisory Committee (OSAC), formally supported with the MOU signed in 2015. The WA Chapter has initiated a number of special

security briefings on active shooters and counter terrorism requirements. The most recent hosted by Perth Airport provided assurance that agencies are engaging, communicating, planning and have the capacity to respond. Held a week following the Istanbul airport attack, the joint ASIS International and OSAC luncheon was attended by over 80 state and federal police agencies, US State Department, and Perth security and facility management professionals. Most importantly the meetings make allowances for university students studying security science to attend and learn, providing the basis of the profession moving forward over the next decade. Just as I was studying security science at the time of 9/11. To make a positive note, these meetings also demonstrate women in security are active, with Perth Airport, Australian Federal Police and ASIS International having a number of senior woman active in assisting with these events and security planning. With the terrorism threat real and probable, there are mentoring responsibilities on all security professionals, so it would be that any senior personnel who is not mentoring at least one or two students or junior members is not sufficiently fulfilling their role. Having had a 25 plus year career now I have had a number of notable mentors and role models - some more informally like Bill Forbes, formerly of Woodside and Seven Group, Keith Davis CPP in Adelaide and my academic mentors like Professors Clif Smith and Bill Hutchinson - these gents are all retired (or about to) and together take with them over a century of security experience. Likewise, any junior security professional who hasn’t reached out to a mentor nor is grabbing all their opportunities. As I experienced, expect some to turn you away, but search and network as the opportunities allow. Despite the positive examples being seen at the operational front, it remains that Australian Police Ministers continue to overlook the need for reform. I submitted to the Victorian Regulatory Impact Statement of the Private Security Regulations that cyber security activities should be covered by the Private Security Act. Information security includes physical security elements in standards and compliance requirements. This

includes cyber security professionals reviewing, assessing and designing asset and physical security under ISO27000. This is technically in breach of the Act and without fingerprint screening and criminal background checks. Regulators around the country continue to be blind to the need to balance physical and cyber security regulations. Note that organised crime continues to focus on cybercrime opportunities and government institutions continue to be attacked and infiltrated. The Victorian Police Minister’s response? Well it would all be too hard and would “place an unsustainable enforcement burden on the regulator Victoria Police.” Like an episode from ‘Yes Minister’ this is a head in the sand approach and demonstrates that security professionals generally are ready to be deregulated completely and lighten the burden on the regulators to focus only on the crowd control sector. The security industry, like many industries has suffered digital disruption and will continue to have the biggest impact on society. All electronic security systems are now being networked so the cyber cross over makes regulation of the industry a farce. Less than two per cent of cybercrime is prosecuted by law enforcement and cyber security professionals are without any legal code of conduct or probity of criminal association or criminal history. This is like regulating Taxis’ and ignoring Uber. As I have written recently, with some pessimism, if economic and social conditions continue to stagnate or indeed deteriorate, there will be a corresponding change needed in the civil and corporate security postures across the region also – so best to remain buckled up! And on that note, as always, we provide some thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.

Yours sincerely, Chris Cubbage CPP, RSecP, GAICD Executive Editor

Asia Pacific Security Magazine | 5

....with Jason Gotch

Managing Principal, Dynamiq NSW. Dynamiq’s NSW Managing Principal, Jason Gotch has a knack for networking that has seen him build a popular profile within the industry over the past 27 years. Jason has gained his experience having worked across various industry sectors throughout Australia. His current passion revolves around Organisational Resilience, the “not so new“, emerging field that combines the many protective disciplines of security, crisis, emergency and continuity management with a robust and strategic approach to organisational culture. How did you get into the security industry? The slow way! I started in guarding, event and crowd control way back in 1989, from there I worked my way up through the ranks so to speak. Since 2003 I have been involved in more senior roles working across Australia in various sectors. Whilst working at the Perth Arena, I was introduced to the concept of organisational resilience by renowned practitioner David Parsons and immediately felt that it was an area that both interested me and would grow substantially. Since then, I have worked in several resilience roles and currently contribute to the industry through working groups, networks and government committees. How did your current position come about? Whilst working at Westfield in a Risk and Security role, I engaged Dynamiq to assist with critical incident and emergency management training. This gave me an opportunity to work closely with the directors and several consultants, many of whom I knew already, so when the opportunity came to join the firm, it was an easy choice! My role works across the various divisions of the company with a particular focus on the NSW sector, working with clients on individual disciplines and resilience methodology to meet their specific organisation’s needs. What do you like about your job? Everything! Honestly, it’s a great position, with a very open playbook that allows me to build on the company’s business resilience proposition and service offering. We have a fantastic technology product in EMQ Net that has been a leader in the market since 2002, it is a very robust product with a proven track record and is currently utilised by many national and international companies. Depth of service and personnel ensures that a high

6 | Asia Pacific Security Magazine

standard of delivery, matches Dynamiq’s overall profile. What are the biggest challenges facing the industry? I think that there are a couple, from a pure security point of view. As “resilience thinking” gains further momentum, security management is going to be increasingly seen as part of a bigger picture. Whilst I think this integrated approach will be of benefit, it may be detrimental if security is not given a high enough priority within the overall framework. I’m increasingly seeing and hearing that budgets are being cut on physical security in favour of cyber security/resilience. Given the current threat environment around terrorism, it is important for organisations to take an evenhanded approach to all preventative security measures, and not just those that are the most newsworthy! What are the biggest changes you’ve seen? Really there have been so many. Who would have thought twenty years ago that the Internet would be so dominating in our lives? The threat, both real and perceived, in terms of cyber security is enormous. Whilst the challenge is significant, this new emerging industry has opened up career paths for an assortment of highly trained, educated and informed practitioners. Whilst working at Foxtel, I worked closely with the IT/Cyber team and was constantly amazed and surprised at how

resourceful and effective they were. Individuals in this field shouldn’t be stereotyped; In fact, I consider them to be at the cutting edge in terms of security thinking with a wide and encompassing view of the industry. Where do you see the industry heading? For me I think that the era of standalone security management departments is nearing an end. Resilience methodology calls for an integrated, anti-silo approach that embodies efficiency and productivity. I personally see security (physical and cyber), as one of the essential pillars of any resilience programme, with practitioners from this background equally at home in the fields of crisis, emergency or continuity management. The key attributes of situational awareness and critical thinking can be developed and perfected within the security environment, giving those that commit to a long-term career very real world skills. If resilience does end up as the umbrella of sorts, I think that security professionals will be well placed to play an important part in this new and emerging industry. What do you do when you’re not working? You know, I get asked this a lot and to be honest I’m not great at switching off ! Although I am trying, thanks to my wife and a couple of small dogs, I’m starting to realise that resilience need not be a full time job, at least not at home anyway!

Regional

Recognising excellence in the Australian security industry

he 21st annual Australian Security Industry Awards

America. Once a core number of national OSPA programmes are

for Excellence and 2nd annual Outstanding Security

established it is World Excellence Awards intention to enter OSPA

Performance Awards provide a platform for exceptional

winners into a worldwide OSPA.

security companies and individuals to be recognised. Organised by the Australian Security Industry Association

In all countries the aim is to encourage security associations to come together to celebrate excellence and the outstanding

Limited (ASIAL) and World Excellence Awards, the event is

performers in their country. In Australia this is no different, with the

designed to be both independent and inclusive, providing an

following industry partners supporting the event.

opportunity for outstanding performers, whether buyers or suppliers, to be recognised and their successes to be celebrated.

Awards Ceremony and Dinner

Over the course of two decades the Australian Security Industry Awards for Excellence has provided recognition for

The awards will be presented at The Westin, in Sydney’s iconic

hundreds of Australian security companies and individuals. The

Martin Place, from 7pm on Thursday 20th October 2016. Media

event also provides a chance to showcase the outstanding pool of

personality James O’Loghlin will emcee the event. You may

professionals working within the security industry.

recognise James O’Loghlin from Good News Week, Rove Live,

For a second successive year, ASIAL will host its awards in collaboration with the Outstanding Security Performance Awards

Sunrise, Lateline, The Evening Show and more than 300 episodes of The New Investors.

which form part of a global initiative with events in Germany, Norway, Poland, Romania, United Kingdom and United States of

For further information on the event visit www.asial.com.au

Australian Security Industry Awards

Call for Nominations RECOGNISING EXCELLENCE

Awards Ceremony & Dinner:

20 October 2016 The Westin, Sydney

Asia Pacific Security Magazine | 7

Cyber Security International

Dark figure issues in maritime piracy

iracy is a maritime security risk concern with deep historical roots that permeates all times and places. Nevertheless, this article will show that piracy embodies ambiguity in definition such that misunderstanding the crime inhibits an efficacious collective transnational response. Furthermore, due to definition limitations, the deficiencies in transnational counter piracy measures are often exacerbated by legal, procedural and financial factors, ultimately resulting in a dark figure in recorded piracy incidents. Notwithstanding that some counter measures, including the rebuilding of failed states and coordinated international cooperation have shown a degree of effectiveness. The combined rising incidence of piracy, its poorly defined nature coupled with developing disunity and instability in the S.E. Asian maritime region, undermines the viability of internationally coordinated counter-measures being implemented. Historical Snapshot The history of piracy can be traced back to 1200 B.C. in the Mediterranean, across the periods of ancient Rome and Greece to Middle Ages and through to today’s shipping lane choke points – the Gulf of Aden, the Gulf of Guinea, the Malacca Strait and off the Indian subcontinent (Figure 1). Nonetheless, current accepted definitions limit the international community’s ability to collectively counter this crime effectively.

8 | Asia Pacific Security Magazine

Definitions and Delineations Defined in Article 101 of the United Nations Convention on the Law of the Sea (UNCLOS), piracy is defined as any of the following acts: a. any illegal acts of violence or detention, or any act of depredation, committed for private ends by the crew or the passengers of a private ship or a private aircraft, and directed: b. on the high seas, against another ship or aircraft, or against persons or property on board such ship or aircraft; c. against a ship, aircraft, persons or property in a place outside the jurisdiction of any State; (United Nations, 2009, sec. 101) Such definition limits piracy to those actions carried out on the high seas. As strategy expert Peter Jennings points out if an attack on a vessel takes place in the territorial waters of a country, then it is a ‘crime at sea’ and not ‘piracy’. Such discrepancy means an appropriate, internationally accessible lexicon of language to facilitate collective reporting and responses is lacking. The miss-defined nature of piracy means that a dark figure exists in its official incident recordings of actions that at least in spirit are acts of piracy. For example, crime is committed in waters beyond UNCLOS defined boundaries of the high seas (Figure 2), yet the type of actions such as stealing and high jacking on vessels remain the actions of pirates in the organised criminal context.

International

Jurisdictions Law enforcement practitioners and some scholarly authors are of the view that the definitional gap created by the preclusion of territorial waters from the international legal framework embodying piracy, leaves the strategies to record and counter it flawed (Nyman, 2011, p. 863) and impeding prosecution (Chang, 2010, p. 273; Harrelson, 2010, p. 312). Consequently, it has become common practice to release pirate suspects to avoid jurisdictional issues and perceived complications of prosecution (Galletti, 2012, p. 155; Ploch, Blanchard, O’Rourke, & Mason, 2011, p. 22). Although sovereign states have a sanctioned universal jurisdiction under UNCLOS to repress, investigate and prosecute piracy events (United Nations, 2009, sec. 105), the number of recorded attacks remains incommensurate to recorded prosecutions by a factor of more than 50% (Petretto, 2008, p. 4). Legal, procedural and financial factors are likewise seen to contribute to a dark figure of international piracy including the lack of holistic inter-disciplinary cooperation between military, shipping companies, law enforcement and the public sector (Gottlieb, 2013, p. 320). Other contributory factors are the fear of reporting due to diminished confidence in compensation, consequent increased insurance premiums, damage to harbour and trade route reputation, disruption of shipping schedules and a lack of reporting by smaller craft to the IMB (Petretto, 2008, p. 4; Wu & Zou, 2010, p. 27). Drivers The drivers to piracy include those drivers to many other security risk concerns. For the Sub-Saharan African countries, drivers relate to “state fragility, economic deprivation, population and geographic opportunity” (Prins, 2014, p. 3). The link between weak and failing or failed states and piratical activity is strong and widely supported (Daxecker & Prins, 2012, p. 960; Oil Companies International Marine Forum, 2011; Whitman, 2013, p. 217), with proposals of long-term strategies to rebuild failed states in order to defeat this transnational threat (Zaluar & Zeckhauser, 2002, p. 26). Impacts More than theft and murder on the high seas, Stavridis and LeBron (2010) highlight the financial impact of piracy, claiming it to be a “systemic destabiliser of international norms of commerce, economics and trade” (p. 73). Amortising the cost of piracy led to estimate trade losses of around 24.5 billion dollars based on bilateral trade flow between European and Asian countries between 1999 and 2008, reflected in 11% reduction in trade for every 10 vessels hijacked by pirates (Bensassi & Martínez-Zarzoso, 2012, p. 869). Furthermore, it must be acknowledged that whilst a deficit of information prevents a comprehensive picture of the ‘human cost’ of piracy, there is also a profound impact on seafarers and their families associated with piracy events (Hurlburt & Seyle, 2013, p. 1).

Counter-Measures Rebuilding states as a countermeasure to piracy is a long term project. Other collective measures that have been effective include the international naval task force, where resolutions by the United Nations (UN) Security Council, including the U.S.-led Resolution 1851, authorising the use of military style force against pirates from member states in the Gulf of Aden, has been relatively successful in reducing incidences of ship takeover on the high seas (Alessi & Hanson, 2012, p. 4). Furthermore, pursuant to this resolution, formation of the Contact Group on Piracy off the Coast of Somalia (CGPCS) was established and tasked to address judicial issues, strengthen capability and awareness for shipping and assist with public information and financial flows (Bateman & Rajaratnam, 2012, p. 21). Consequently, these collective arrangements show that governments can work at a transnational level to successfully counter the piracy threat and that arguably, it is the international collective, which makes these strategies affordable and effective. Therefore, it is logical to consider expanding the definitional limitations of piracy to facilitate multinational or transnational reporting and responses against piracy to assist in eradicating this threat more broadly. Mitigations and Outcomes

Figure 1. International Maritime Bureau (IMB) Piracy & Armed Robbery Map, showing locations of piracy and armed robbery incidents reported to IMB Piracy Reporting Centre during 2016 (International Chamber of Commerce, 2016).

Figure 2. Baselines and Maritime Zones

Asia Pacific Security Magazine | 9

International

Contrastingly, these crimes are carried out near land bases and coastlines in small boats (Galletti, 2012, p. 56), and without broadening the definition of piracy to encompass actions undertaken within these exclusive, economic contiguous zones, they remain crimes at sea where internationally partnered support to counter this threat is implausible, and the ‘dark figure’ of piracy continues to rise. Figure 4. Number of recorded pirate attacks by year and region – Indonesia, Singapore and Malaysia (International Chamber of Commerce, 2016).

Figure 3. Number of recorded pirate attacks by year and region – Somalia and Gulf of Aden (International Chamber of Commerce, 2016).

Figure 4. Number of recorded pirate attacks by year and region – Indonesia, Singapore and Malaysia (International Chamber of Commerce, 2016).

Focussing upon the immense effort the shipping industry has undertaken to protect itself; highlights the creation of Best Management Practices (BMP) in 2011. This guideline for maritime crews provides for preparation and response against pirate attacks during transits through identified high-risk areas. The outlined strategies in the guidelines are argued to be contributing to a decline in piracy attacks on the high seas in the Indian Ocean and the restoration of former minimum distance shipping route patterns (Oil Companies International Marine Forum, 2011, p. 10). Such claims are substantiated by IMB statistics (see Fig 3), that depict a sharp declining trend from 2012 in piracy attacks in the region of Somalia and the Gulf of Aden. Opposing trend In contrast to the success of Somalia and the Gulf of Aden strategies is the Strait of Malacca, connecting the Pacific and Indian Oceans in S.E. Asia. Half the world’s oil and trading goods are said to pass through Straight. It is here a steady rise in pirate attacks from 2009 (see Fig 4), has led Winn (2015, p. 1) to claim it the most preyed-upon waters on the planet.

10 | Asia Pacific Security Magazine

Furthermore, the recent posturing of China as a global power and influence in the South China Sea, and subsequent disputes from overlapping claims of sovereignty (Mearsheimer, 2010, p. 381), have highlighted the complex and arguably obsolete nature of former customary laws regarding maritime delimitation (Mirasola 2016, p. 29). Central to the development of new legal principles such as treaty law and case precedent, are international bodies such as UNCLOS and the International Court of Justice (ICJ) (Davis, 2015, p. 120), yet in an environment of obstruction and disunity, this needed international collaboration remains unlikely. All the while, a dark figure in maritime piracy incident recording will continue to conceal the magnitude of the problem and in turn, the potential interventions needed to engage it effectively.

Don’t miss Closing Keynote Speaker Sir Bob Geldof! Musician, Businessman, Activist Cyber Security

Connect with the best minds in information security. Join infosec professionals and industry leaders at RSA Conference 2016 Asia Pacific & Japan. Over the course of three days, you’ll gain the latest knowledge, see the most advanced products and interact with some of the smartest cybersecurity professionals. What will you experience at RSA Conference 2016 Asia Pacific & Japan? • • • • •

Demo solutions from over 100 exhibitors Listen to inspiring keynotes from Sir Bob Geldof, Amit Yoran, Matthew Alderman and others Attend over 50 engaging sessions across five tracks Take part in full-day, hands-on tutorials led by the SANS Institute Choose from two half-day Wednesday Summits that focus on eCommerce issues in the Asia-Pacific region • Experience a cyber-wargame exercise in the Learning Lab

Register for RSA Conference 2016 Asia-Pacific & Japan before 18 July and save $100 off a Full Conference www.rsaconference.com

Supported by:

Managed by:

Held in:

Cyber Security International

Professionals on borders By Adeline Teoh ASM Correspondent

12 | Asia Pacific Security Magazine

ver 31 May and 1 June 2016 the Melbourne Convention Centre played host to the CIVSEC2016 Strategic Summit, which focused on the topic ‘Protecting Our Communities Against Threat—Safety, Security and Sovereignty in the 21st Century’. The summit was free, with presenters and delegates from wide-ranging civil security, safety and emergency services roles in government and industry. It also accommodated several specialist streams, from cybersecurity to aviation security, and featured an exhibition hall showcasing the latest tools, technology and education. While sovereignty and border protection created the framework for the two days, presenters offered a wide range of insights and interpretations on the theme. Panellists ranged from academics to police officers, government officials to documentary-makers, and experts came from all corners, including Islamic Studies, criminology and biosecurity. CIVSEC2016 kicked off with a large summit presentation and discussion that wove history and culture lessons with politics, technology and reviews of Australia’s tactical response programs. The most pressing issue, judging by the audience questions, was on how to prevent expatriation of Australians to terrorist organisations abroad and, if they were not killed or changed while away, how to assist their reintegration here. With an ideology so clear and compelling, Islamic extremists often have the upper hand in recruiting impressionable would-be warriors. Many of these people are young outsiders, underserved by society. Surprisingly few are new arrivals to Australia; most are first or second generation migrants with strong connections to their parents’ or grandparents’ home country. While there are security programs in place to prevent terrorist activity in Australia, it is difficult to tackle the ideology, the experts conceded.

Several panellists put forward the need to create a strong counternarrative to dissuade potential fighters from joining terrorist causes but current programs are still in their early days, thus no results are available yet. Beyond borders The summit incorporated Border 21, an international conference on ‘The First and Last Line of Defence: Border Security Challenges in the Evolving World’ segmented into five themes: Border Security in the Age of Global Transformation, Protecting and Defending National Borders, Border Security Challenges for Australia and Beyond, Border Security Challenges in the Maritime Domain, and The Threat Spectrum. Several speakers unwittingly riffed on an interesting subtheme that focused less on what to do about new arrivals, whether migrants or asylum seekers, and more on the causes of movement across borders. This ranged from advances in technology rendering some forms of employment obsolete— therefore creating economic pressure to relocate—to war, climate change and food and water shortages. Many presenters ended with hopeful visions of the future for border security. New technology and improving crossborder collaboration were the two areas that held the most promise for the security experts, and both these could be applied to different problems, whether to prevent international crime or support better migration practices. Collaboration is the starting point for many solutions, which is why events like CIVSEC2016 are an important way to bring people with the same goal together so they may meet and discuss the issues of the day, and together prepare themselves for the issues of tomorrow.

Singapore Cyber Security Feature

CIOs, IT Leaders and decision makers • Big data • Communications • Cloud computing • Technology systems • Interviews with industry thought leaders plus much more.

Asia Pacific Security Magazine | 13

Frontline

Now is the time for multi-modal biometrics at border security checkpoints

B By John Kendall Border Security Program Director, Unisys

14 | Asia Pacific Security Magazine

order security today is facing a perfect storm of challenges that requires every tool available to manage it. John Kendall, Border Security Program Director, Unisys, explores why the time for multi-modal biometrics, including face, fingerprint and iris recognition technology, has arrived. Many border security agencies have clung to outdated technologies and inaccurate assumptions when it comes to leveraging biometrics. For many, the reluctance to modernise technology at the border relates to flat budgets. For others, time simply doesn’t allow them to screen travellers effectively. Globally however, border security agencies can no longer afford to stand still in time. The sheer volume of travellers crossing borders means advanced technology must play a role in effective border security. In 2015, a record 1.2 billion people travelled overseas – up four per cent. In addition, the war in Syria has sparked the largest human migration seen since the end of World War II . This, coupled with fear caused by the recent Paris and Brussels attacks has created a dire need to efficiently and accurately monitor who enters, and leaves, each country. Multimodal biometrics are the future and border security agencies must be ready to adopt them.

Biometrics can help New ePassports include facial biometric data on the chip, so biometrics can automatically detect stolen or forged passports by authenticating the traveller against the rightful holder of the travel document. Border agencies can also use biometrics to check the traveller against a watch list of known “most wanted” persons to identify individuals of interest when entering or leaving the country. Automated clearance eGates are also capable of performing these checks quickly and accurately. Border security solutions employing biometric technology are used in many countries today including the US, UK and Australia. But these biometric solutions display little differences from those deployed 15 years ago and continue to exhibit the same shortcomings. In particular, most of the current biometric solutions are unable to detect individuals travelling under multiple identities and travel documents. This is a vulnerability that can be exploited by terrorists and other criminals to avoid detection when travelling internationally. If an individual is able to obtain a new passport (perhaps from a different country) under a new “clean” identity, then

Frontline

the chances of getting stopped by border security officers is very small.

"As a result, fingerprint biometrics is

Achieving accuracy and speed

far more accurate than facial matching.

The types of biometrics captured at most border crossings isn’t well suited for near-real time searching against very large databases (e.g., biometric records of all travellers who previously entered or exited the country). The International Civil Aviation Organization (ICAO) Document 9303 defines international standards for machine readable travel documents, like ePassports. The standard provides for the storage of three different types of biometrics on the chip – face, fingerprint and iris. Facial biometrics are mandatory, but fingerprint and iris modalities are optional. Facial biometrics work very well for performing a oneto-one verification of the traveller to the facial image stored on the chip as it is quick and accurate. However, they are not as well suited for performing one-to-many searches against a large database of biometric records because of the large number of false matches and false non-matches. For example, if a traveller’s face is compared against the faces of 100 million previous travellers, the facial matching system is likely to return a long list of possible matches against records with similar faces. A border agent then needs to manually review the possible matches to eliminate all the false matches. This is not a problem if you have lots of time, but when facing a queue of tired and frustrated travellers, time cannot be wasted. Because of the relatively low accuracy of facial biometrics, a number of countries have elected to collect and match fingerprints at the border crossing. Fingerprint image analysis detects far more feature points (or minutiae) in a single fingerprint than facial biometrics detects in a face. Fingerprint biometric matching also performs a far more mathematically complex comparison of those feature points (e.g., location, ridge direction, and distance to neighbouring feature points). As a result, fingerprint biometrics is far more accurate than facial matching. In fact, it is possible to perform one-to-many searches against a large database of fingerprint biometric records with very few false matches and false non-matches.

In fact, it is possible to perform one-to-

Real time matching essential In a border crossing situation, the biometric matching needs to be completed in, at most, a couple of seconds, or near-real time. Since fingerprint matching is computationally intensive, near-real time, large-scale fingerprint matching requires significant processing resources - which can be very expensive. So fingerprints work well for one-to-one authentication and one-to-few watch list checks, but fingerprint biometrics are too costly to perform near-real time searches against massive databases (such as the biometric records of all previous travellers). Without that capability, a known suspect travelling under a new identity and travel document can slip through the border undetected.

many searches against a large database of fingerprint biometric records with very few false matches and false nonmatches. " Iris – best of both worlds Iris biometrics offers the advantage of very fast and efficient matching with accuracy similar to that of fingerprints. As a result, it is possible and cost effective to perform near-real time iris biometric matching against very large iris databases. So how might iris biometrics be used in the border security environment? When a traveller enters or exits the country, the border agency captures an image of the iris. This is a simple process that takes a high resolution picture of the eye from up to two meters away – much like taking a photo of the face. Once the iris image is captured, the unique patterns of the iris can be quantified and searched against the entire database of previous travellers to determine whether or not that iris has been seen previously. Iris biometrics represents the best defence against individuals who attempt to enter a country using multiple identities and will go a long way towards tightening border security without delaying the border clearance process. Iris biometrics is not as well known or understood by the public as facial or fingerprint biometrics, but it is used for border clearance in the UAE and is the favoured modality for large-scale civil applications – like national identity. For example, iris is the primary biometric used for the 110 million person Mexico National ID as well as the one billion-person India National ID. Bottom Line Most border agencies try to weather the perfect storm of border security challenges using traditional biometric technologies that only address part of the security risk. With heightened security threats and a growing volume of travellers to process, there is a pressing need to expand border crossing solutions to leverage the power and cost efficiency of iris biometrics. Face and fingerprint biometrics still have a place, with many existing face and fingerprint biometric watch lists, but the time for multimodal biometrics (using face, fingerprint and iris) has arrived.

Asia Pacific Security Magazine | 15

Frontline

Innovation drives hologram ID document protection

ncidences of fake driver’s licenses in the US and reports by China’s state run Xinhua news agency that 40% of items sold online in China are either counterfeit or of bad quality, reiterate that the battle to beat the criminals, particular those involved in ID counterfeiting, remains to be won. However, governments, security agencies and brand owners are fighting back with the latest in advanced hologram technology says Dr Mark Deakes, general secretary of the International Hologram Manufacturers Association (IHMA), who looks at the latest developments. Over the last 30 years, since they first appeared on UN passports, holograms have made rapid gains in ID anticounterfeiting, moving initially from an authentication device to the protection of personal bio data contained within the passport. This has been further underpinned by the EU which saw adoption in 2004 of its draft security standards for passports. This saw incorporation with EC Resolution No 2252/2004 for minimum standards, stipulating that ‘An optically variable (OVD) or equivalent device, which provides the same level of authentication and security as currently used in the uniform visa format, shall be used on the biographical data page and shall take the form of diffractive structures which vary from different angles incorporated into the hot-sealed or an equivalent laminate (as thin as possible) or applied as an OVD overlay, or stickers on a non-laminated paper inside page (as metallised or partially demetallised OVD with intaglio overprinting) or equivalent devices’. Another major driver for the inclusion of holographic technology on ID documents came when the ICAO (International Civil Aviation Organisation) specified in 2002

16 | Asia Pacific Security Magazine

that passports should feature optically variable devices like holograms to combat counterfeiters, particularly in the wake of 9/11. MRTD (Machine Readable Travel Documents) of ICAO Doc9303, Part 1 Passports, 6th Edition. This states that ‘When the biographical data page of a passport book is protected by a laminate or overlay, an optically variable feature (preferably based on diffractive structure) should be integrated into the page. Such a feature should not affect the legibility of the data…The inclusion of a diffractive optically variable feature is recommended to achieve an enhanced level of protection against reproduction’. Big business Identification documents are big business, worth hundreds of millions of dollars a year to designers, producers and suppliers of passports, driver’s licences and pass cards, and is driven by events such as 9/11, increased security in the wake of the threat of increased global terrorism, a more transient and migratory population and the need for better and more effective identity confirmation for all types of access or services. Today, holography remains a security feature of choice to secure the critical personal data in a passport (Keesing Reference Systems estimated back in 2012 that more than 55% of passports use an OVD [optically variable device] to protect data, and of this 67% were DOVIDS) or an ID card against interference, tampering, alteration, forgery or counterfeiting. The overall production of passports, which is currently estimated to be upwards of 300 million per year, may fluctuate, but undoubtedly continues to grow as populations

Frontline

increase, and more and more people travel abroad. This allied to the fact that all ICAO member countries must now issue MRPs with ICAO recommending the use of OVDs, all but guarantees a growing market for a security holography industry that has moved to meet the challenge thrown down by those with responsibility for producing and administering ID over the last 13 years with a range of high quality, stateof-the-art, benefits-led security products for all types of documents, which perform to high standards. The role of a hologram on a passport and other identity documents is principally to shield against the forgery of the photograph and personal data, otherwise known as the ‘variable information’. However, the ability of the hologram to provide effective protection lies in the continuous innovation, invention and evolution of holographic techniques. Both optical effects and material science techniques have created authentication devices that are easily recognised yet difficult to copy accurately. They can be safely integrated within the production process and stand up to the rigorous demands of being in use for a period of anything up to ten years. Of course virtually anything can be copied, and the holography industry continues to work hard to get the message across that even the most sophisticated holograms can be reproduced to some extent. The real issue is just how accurately can holograms be copied? The answer is that the intrinsic features of holograms mean that the techniques and visual effects make it difficult to copy 100% accurately a well-designed security hologram. This is where the real value of holograms designed for security applications should be appreciated. This has ensured their success – the document they protect may have been counterfeited but, whereas it can be relatively easy to simulate the effects of other overt features, a poorly copied hologram is more often than not the tell-tale sign that all is not what it appears. Authentication alongside the protection of personal data (name, date of birth and photo) must be guaranteed, whether that data is on a passport, driving licence, national ID card or any other ID item. Effectively, holograms serve not only as a deterrent and secure means of protection and authentication, but also as a warning that it might be counterfeit. Therefore, a hologram is not solely to prevent counterfeits but acts as an effective detection device, making it easier for the trained eye to distinguish the legitimate from the fake. Passport production and critically, personalisation, is exacting and has proved technically challenging for the holography industry. However, it is one that manufacturers are responding to, with recent developments including a whole new generation of personalised photopolymer holograms which match the bio data contained within the passport. Today, material science is playing as significant a part as optics in the development of holography. Indeed, a data page with a holographic thin film overlay is so tamper proof that the illicit trade in false passports has moved to attempting to match a person to the photograph rather than trying to alter the actual passport. Polycarbonate technologies are also taking a larger share of the passport and ID market and, here too, the holography industry has shown its capacity for innovation and technical competence through the creation of products that are so fully integrated into the data page or card structure that it cannot be delaminated.

Elsewhere, manufacturers continue to showcase innovation in passport and ID holograms. For example, Japanese printing company Dai Nippon Printing (DNP) has developed what it claims to be the world’s first Lippmann hologram transfer foils, positioning the range as the next generation OVDs offering substantial advantages over embossed OVDs when it comes to security and authentication. This latest move takes DNP’s advances in Lippmann hologram material to a new stage, with the developments necessary for the die-efficiency of the spot transfer foils. Up until now, photopolymer materials for passport and ID card applications have been subject to barriers preventing their use: inadequate heat resistance of the material, thickness of the photopolymer layer and transferability quality. However, DNP believes it has overcome these with a foil in thickness of 5–10 µm that can be applied through continuous lamination by card and personalisation machines, or die-cut with sharp edges, while retaining a good quality photographic image. This has been achieved through boosting the tensile strength of the material and improved photopolymers for greater brightness and heat resistance, creating a material able to withstand roll transfer temperatures up to 140°C and spot transfer temperatures of 150°C. Passport examples produced by DNP using its Secure Image® range reveal a multitude of integrated features including a full parallax 3D image as well as flipping images or the switch effect, contrasting colour elements, guilloche patterns with high brightness, microtext and covert laser readable image. This is part of a strategy to make Lippmann holograms highly secure and virtually impossible to be reproduced by any other means – a welcome development for document security applications. Exciting developments Holograms continue to play an important part in moving hitherto successful ID documents to the next stage of development as authorities and security agencies look to remain one step ahead of the fraudsters and criminal gangs. For instance, Interpol has now raised the bar even further with the introduction of its second generation passport as it seeks to take advantage of the most advanced features

Asia Pacific Security Magazine | 17

Frontline

every major bar and club operator has welcomed the new design. Any adult across the UK should be able to use these cards in bars, clubs and elsewhere without any difficulty. The new card is a fitting way to celebrate CitizenCard’s 15th Anniversary.” Hologram.Industries photopolymer volume hologram HoloID™ product and more recently, its high security laminate used on the Estonian Passport – commended previously in the Best Applied Security Project at the Excellence in Holography Awards - demonstrates the security of incorporating several advanced optically variable features including unique personalisation components in to the laminate to protect the passport data page. In this example the laminate incorporates an optically variable version of the passport number. Assured future

available. The new passport has been enhanced with Kurz’s KINEGRAM® security technology - an example of how the industry creates innovative anti-counterfeiting solutions based on established and successful products, in particular, there are ongoing developments to use the technology to link with and protect the RFID chips now used on passports to improve security levels. The KINEGRAM® is a product of OVD Kinegram AG, Switzerland, who is a member of the Kurz Group. New developments in holograms for ID cards, in particular for polycarbonate cards, are increasingly starting to feature. Dai Nippon Printing has developed its Lippmann holograms so they can be embedded as a secure patch within the body of the card, while Czech company Optaglio’s production investment in its patented OVMesh solution for polycarbonate sheets enables 100% of the card/passport surface to be available for bi-colour designs, while a surface relief DOVID with a mosaic structure enables the design to migrate into the polycarbonate to ensure that it can be removed without destruction of the card. It is also possible to combine OVMesh structures with OVImage solutions – creating a unique combination of microholograms (40 - 1.000 Microns), metallic micro particles with DOVID features and coding. Holography has also gained further traction as an integral part of the UK’s much vaunted Proof of Age Standards Scheme (PASS) following the launch of 18+ PASS card design that features on 18+ CitizenCards. The new design displays the PASS hologram together with the logos of the Association of Chief Police Officers, the Trading Standards Institute and the Security Industry Authority (SIA) that licenses bar and club door staff across the UK. Welcoming the new design, Andrew Chevis, CitizenCard’s Chief Executive, said: “The police and door staff are literally on the cards and

18 | Asia Pacific Security Magazine

It’s clear that holograms remain not only the single most used overt authentication device but, increasingly these days, multi-function devices that include covert features, codes and smartphone reading capabilities; reinforcing their role as an effective, eye-catching and value added security feature of choice for safeguarding the critical personal data in a passport or on an ID card against tampering, alteration, forgery or counterfeiting. The International Hologram Manufacturers Association (IHMA) is made up of almost 100 of the world’s leading hologram companies. IHMA members are the leading producers and converters of holograms for banknote security, anti-counterfeiting, brand protection, packaging, graphics and other commercial applications around the world. IHMA member companies actively cooperate to maintain the highest professional, security and quality standards. More at www.ihma.org

PRESENTING THE 14TH ANNUAL

National Security Summit

Policy, Surveillance, Interoperability

30 – 31 August 2016 | Vibe Hotel, Canberra PRESENTATIONS FROM: Chief (Ret’d) Mike Fisher, Former Chief of US Border Patrol, CEO, Scorpion Security Services LLC Colonel Tom Hanson, Assistant Chief of Staff, G-7, US Army Pacific Dr. Marc Siegel, Commissioner, Global Standards Initiative, ASIS International Lieutenant General Angus J Campbell, DSC, AM, Chief of the Australian Army Michael Pezzullo, Secretary, Department of Immigration and Border Protection Admiral (Ret’d) Chris Barrie AC, Former Chief of Defence Force, RAN, Adjunct Professor, Strategic and Defence Studies Centre, Australian National University Nicole Seils, Head of Government Relations, Lockheed Martin Australia & New Zealand Assistant Commissioner Wayne Buchhorn, Investigations Division, Australian Border Force Assistant Commissioner Neil Gaughan APM, National Manager Counter Terrorism, Australian Federal Police Jacinta Carroll, Head, Counter Terrorism Policy Centre, Australian Strategic Policy Institute Professor Peter Leahy AC, Director, National Security Institute, University of Canberra Dr John Moss, National Manager Intelligence, AUSTRAC Tony Antoniades, Head of Export Control and Security, BAE Systems Australia

LANYARD SPONSOR:

CONFERENCE SUPPORTER:

Todd Smithson, Chief Security Officer & Technology Control Manager, Thales Australia

www.informa.com.au/nationalsecurity

MEDIA PARTNER:

Frontline

SITREP – The kidnap prevention mindset

he recent increase in kidnappings of foreigners working in unstable environments suggests that a paradigm shift may be required for how companies, media organisations and the humanitarian sector operates. One that requires an unconventional, adaptable mindset. This begins with an appreciation of the context of the local and regional human terrain an understanding how to defeat the kidnapper’s attack cycle and imagining the least expected. Organisations have a duty of care to ensure fresh approaches are adopted to reduce the risk of staff falling victim to what has become a tactic of asymmetric warfare by Salafi-Jihadi terrorist organisations and a lucrative industry for kidnapping gangs in other parts of the world. Here are a few key factors to consider: 1. Time spent in-country does not insulate staff from the threats posed by kidnapping and terrorist groups. 2. Kidnappings are rarely the result of being in the ‘wrong place at the wrong time.’ 3. Most kidnappings occur on the road and the majority of those occur when the victim is returning or travelling along the same route at the same time. 4. Armed security escorts can make you more vulnerable to attack and reduce your situational awareness. 5. Your social media profile is often used to track your movements and collect information to plan an attack. The local and regional context is also important. It may be that a misunderstanding or a change in the socio-economic

20 | Asia Pacific Security Magazine

drivers outside the organisation’s gate has shifted. A challenge for many organisations is that they tend to put security in the same basket as environment, health and safety when perhaps it is better integrated with community engagement. This was a key lesson from investigation into the In Amenas Attack in Alegeria that occurred in January 2013. This approach could shape the development a community web of protection, acting as an early warning mechanism for developing threats. The community might not know exactly what is going to happen, but they have picked up signals that something is planned. It is about reciprocal trust. The Attack Cycle The attack cycle is the process kidnappers go through to identify a target, collect information (where you live, routes and time of day you travel, choke-points etc) and execute the kidnapping and escape. It also includes the exploitation phase. That is, where the kidnappers make ransom demands or parade the victim in front of Youtube to threaten Governments, if the kidnapping is politically or ideologically motivated. If you understand how kidnappers plan their attack you can employ strategies and tactics to defeat them, and maintain control of your operating environment. Lessons Learned Research conducted by Frontier Assessments into kidnappings since 2003 indicate that generally the victims:

Frontline

1. believed their missionary status would protect them (often humanitarian workers) 2. felt their experience in other countries was a template for new locations 3. assumed because they survived going down that road last week, this week will be fine 4. ignored or failed to recognise subtle changes in their operating environment 5. dismissed simple preparation of equipment or themselves 6. Fell in love with their plan; & importantly 7. Failed to take action There is often an over-reliance on local police to provide armed-escorts which can act as a high-profile indicator to kidnappers who are often better equipped. Lacking Imagination Many organisations have also been found to lack imagination that results in an inability to consider the least expected. The terrorists who attacked In Amenas easily got inside the OODA Loop of the BP and Statoil security arrangements; destroying all previously held assumptions and frameworks they had established to protect staff and assets. The Statoil report highlights a lack of imagination by senior management from designing and planning for potential security threats of this nature. Insurgents, well-armed non-state actors and gangs operate as a loose command and control network with an implicit understanding between nodes and indiscriminate rules-of-engagement, compared to most Western corporates. They are conditioned to operating on-the-run and being resourceful with deep family and community networks. This leads to creative strategies of attack that are not going to be obvious to organisations with a conventional, linear way of thinking. Tactics and Techniques of Kidnapping Predominantly, the following can be applied to most kidnappings in unstable project environments: •

Establishing unofficial check-points on side-roads or where the previous contacts on the check-point have been killed or firmly told to move on. • Often local staff or police are involved (this may not be deliberate but if the family of a local staff member is threatened they may feel they have no choice). • An established clandestine network to identify local staff who can be exploited. • Spotters at key border crossings, choke-points and main entrances who collect intelligence to determine when and where expats are working, their movements and begin tracking their habits of life. • Conduct extensive research into expats social media profile (incl. your family members). This is by no means an exhaustive list as adaptive KNR gangs and criminals may be developing new approaches in different areas all the time.

The Adaptable Kidnap Prevention Mindset Adopting a kidnap Prevention Mindset could involve: Mindset • Security is a state of mind • Run scenarios • Prepare, Prepare, Prepare • Imagine what is least expected • Disorientate, Disrupt and Confuse the kidnappers by constantly altering your profile • Trust your instincts • Build allies Adaptable • Have a plan but never fall in love with your plan • Destroy to create (challenge old approaches) • Analyze and Synthesize observed information • Keep your objective in mind while adapting your plan to circumstances Simple • It is the simple things that will save you or kill you • Simple is not stupid • Comes back to preparation • Avoid and change-up the habits of life • Subtle changes in your environment are big clues • Stop telling the world your every move on social media Action • If you have the right mindset, understand your opponents are prepared to be adaptable, keep things simple then you will be in a better position to take right course of action. • BUT you must ACT. • YET – the ACT does not need to be overt...it could be the decision to stay where you are…it could be doing something simple Disclaimer This assessment has been prepared by Frontier Assessments Pty Ltd ABN 13 132 945 129 based upon publicly available information, primary source observations and discussions with a range of informed stakeholders. The assessment does not purport to contain all possible information from absolutely all available sources. The recipient accepts that the accuracy and completeness may be affected by circumstances, events and timeliness that may or may not influence the information contained in the assessment. For more information visit www.frontierassessments.com.au

Asia Pacific Security Magazine | 21

Australian Security Industry Awards

Cyber Security

Call for Nominations

2016 RECOGNISING EXCELLENCE

Industry Partners:

Awards Ceremony & Dinner:

20 October 2016 The Westin, Sydney

Organised by:

Nominate now:

www.asial.com.au

Media Partners:

the peak body for security professionals. 22 | Asia Pacific Security Magazine

Cyber Security

REGISTRATION NOW OPEN SOURCE

LEARN

NETWORK

1000â&#x20AC;&#x2122;s OF PRODUCTS & SOLUTIONS

THE LATEST TRENDS & TECHNIQUES

WITH YOUR INDUSTRY PEERS

PRINCIPAL EXHIBITION SPONSOR

LEAD INDUSTRY PARTNER

ORGANISED BY

LIMITED EARLY BIRD PASSES AVAILABLE FOR THE ASIAL SECURITY CONFERENCE

Cyber Security

Prevention is still better than cure By Greg Singh Lead Technical Engineer for APAC region

24 | Asia Pacific Security Magazine

here is still a defeatist attitude resonating through the industry when it comes to security however Greg Singh, Lead Technical Engineer for APAC region, Cylance argues that security tools should put the focus back on Prevention, rather than Response. After all, isn’t that what the customer expects? Dr Jackie Craig, Chief of Cyber and Electronic Warfare at the Australian Department of Defence, spoke at the recent Australian Cyber Security Centre (ACSC) conference in Canberra. Classifying cyber security as a science, Dr Craig went on to say “If we had a big science approach to cyber security we could ... begin to educate people more deeply about the types of risks that they’re taking if they don’t have proper virus checkers.” It all sounded so promising until she mentioned virus checkers. We were hoping that the speakers from the FBI’s Cyber division might come up with something more radical when they said: “Threat intelligence is a big buzzword now, but I think there’s a difference between tactical threat intelligence, the right indicators, and then really strategic [intelligence]”. The point being made that “all the best tools” are still no match for good old human intelligence. I might have agreed to some extent, were it not for the fact that the example given of “all the best tools” was IDS (intrusion detection systems). That, for me, summed up everything that is wrong with cyber-defence today: the emphasis on detection and response, instead of on prevention. Surely, when a company is forking out thousands for cyber security, they are assuming that they are paying to prevent cyber-attacks? And yet there was very little mention of prevention at this year’s ACSC conference.

For example we heard from Latha Maripuri, News Corp, the global information and publishing enterprise in charge of leading brands such as The Wall Street Journal whose presentation focussed on the attacker only, it was all about how to structure a security program to address modern day threats. So much for Big Science and Threat Intelligence – it sounded more like a reactive response to try and Protect Company Assets after the burglar has escaped! The fact that antivirus has failed is no secret. In May 2014, Symantec itself declared antivirus “dead”. Traditional signature-based AV simply cannot keep pace with hackers who can rejig their malware with a few cosmetic touches to make it unrecognisable. As a consequence, anti-virus industry giants have been desperately buying up new technologies to patch up their reputations. So what solutions are being proposed at the ACSC conference? The key words seemed to be “detect” and “respond”. In other words: having given up hope of being able to recognise malware in advance, the focus is now on detecting that something is suspicious and then using detonation or sandbox techniques to see how it behaves before letting it loose in the network. So a first line of defence is the traditional antivirus search for recognised malware signatures, then a virtual machine is started up with the target operating system (so typically a virtual PC) and the suspicious code is copied into that “sandbox” to see what it does given enough time (typically about 5 minutes). A report is prepared and the VM is shut down and cleaned up. So we should now know if the incoming code is dangerous. Sandboxing is a powerful way to detect malware, but

Cyber Security

the entire human genome with 99.9%

this. In 2003, a group of the world’s most dedicated scientists announced the completion of a 20-year project to map the entire human genome with 99.9% accuracy. Their work has led to many of the scientific breakthroughs we benefit from today. Effectively NGAV is unlocking the DNA of malware and applying artificial intelligence techniques, machine learning and algorithmic science to dissect the malware to almost a molecular level, before it is allowed to enter the network.

accuracy.

Government gets serious

In 2003, a group of the world’s most dedicated scientists announced the completion of a 20-year project to map

costly in terms of time and resources. How far do you go in virtualising the potential target? Should you not replicate the entire corporate network to test for a highly sophisticated attack? And five minutes is an eternity by today’s operating standards. What’s more, recent members of the Upatre malware tribe are using the Windows API GetTicketCount and will not activate unless the host has been running for more than 12 minutes. In other words, it recognises a sandbox VM and refuses to play in it. Artificial Intelligence is Golden The ACSC Conference was a disappointment, as no company seemed to offer a truly radical alternative to “detect and respond”. In the past, Antivirus has positioned itself as the solution but clearly this is not enough, what is needed is a Next Generation Anti-Virus that can identify specific attacks and speed the response to them once they are detected. For example instead of scanning vast databases of hashes, signatures and approved applications, CylancePROTECT makes real-time decisions by comparing against optimally trained statistical models that only need to be updated every few months. Looking for recognized malware signatures fails because cyber criminals simply alter the outer signatures – it is quick and cheap to simply recycle existing, proven malware by giving it a facelift. Instead NGAV recognition looks deep into the coding structure using sophisticated Big Data learning algorithms – and so a successful attacker would have to spend considerable time and money developing whole new coding structures – only to have the new attack promptly analyzed and registered in the NGAV system. This is not how cybercrime chooses to operate, because it relies on quick results with minimal investment before the authorities have a chance to catch up. But if the latest sandboxing solutions are already time and resource intensive, surely adding Big Data mining and artificial intelligence to the mix will bring the average corporate system grinding to a halt? Not so, because all of this heavy lifting takes place in the cloud, not in the client’s own system. The local software only has to analyze code in real time against a far smaller set of characteristics rather than an ever-expanding database of dubious signatures. The software for this approach occupies only 30 megabytes and typically uses less than 1% CPU making it practically invisible to the user, as well as being very easy to deploy and administer. Analogies should always be treated with caution, but try

The Australian Government’s recent announcement reconfirmed the level of commitment to cyber security. Instead of the old “keep it under the carpet” policy of not confirming inbound attacks and intrusions nor the measures used to mitigate or neutralise them, a new “the gloves are off ” approach has been announced by Prime Minister Malcolm Turnbull. At the launch of the government’s new $230 million Cyber Security Strategy in Sydney he publicly announced that “offensive capability” is now a real live option. There is a lot of good and timely material in the strategy as published, but there is still too much evidence of that detect and respond mind set – witness the report’s heading “Detect, Deter and Respond”. The first four essential mitigation strategies are strongly focused on responses to recognised dangers, while the discredited signature based anti-virus approach has actually been moved up from position 25 (in 2012) to position 22 in 2014 in “effectiveness ranking”. This was perhaps the best takeaway from the ACSC conference this year, but it fell short in one respect. Let’s make Prevention once more our top priority – because ultimately that is what the IT user really expects from the industry.

Asia Pacific Security Magazine | 25

Cyber Security

Locating a new weapon for Australia’s data detectives By Simon Hill Regional National Security Lead for Esri Australia and Esri South Asia

n an era of big data, where every officer and vehicle is a sensor, how do you make sure you integrate, analyse, and disseminate this information swiftly and efficiently? How do you transform your data into actionable intelligence that radically improves decision-making at all levels? Given everything law enforcement manages has a location, analysing from this geographic starting point provides a basis for anyone – crime analysts, investigators, commanders, and patrol officers – to visualise data in way that helps them identify, predict and ultimately reduce crime. Location-based analytics, also known as location intelligence, provides the platform for understanding the patterns, links and correlations of crimes, criminals and victims through the universal language of maps. Identifying crime hot spots Heat maps are produced by mapping crime over a period of time, using colour keys to highlight hot and cold spots. Viewing the information spatially in this way exposes underlying criminal movements and patterns in the data, particularly when it is analysed even further. For example, by setting date parameters, users can limit the heat map to a specific time period, type of stolen goods, or whether violence was used. They can then overlay further information, such as active warrants or prison releases, to identify suspects based on past criminal behaviour or location. Other layers provide insights into the dynamics of specific cities and suburbs, including events and locations that draw crime such as festivals, businesses and buildings. Ultimately law enforcers can focus their attention on specific areas to make sure police are present in the right place at right time. The result is more effective and efficient policing and higher

26 | Asia Pacific Security Magazine

levels of service via more efficient allocation of resources. When this capability is pushed out across a department or station beyond specialist analysts, every member of the force becomes empowered by location-based analytics. So officers can access current crime analysis and suspect information while in the field or during an investigation; while command staff can use location-based analytics to understand trends, make critical decisions when crime spikes, and collaborate with other law enforcement agencies to allocate resources. Transformation of a crime capital Once the second deadliest nation in western Europe, Scotland provides a compelling case study into how location-based analytics can aid in cutting crime rates dramatically. Not too long ago, Scots were remarkably three times more likely to be murdered than their English neighbours. Scotland was declared the most violent country in the developed world by the United Nations as more than 2,000 people were subject to an aggravated attack each week. In Glasgow, Scotland’s most violent city, the local Strathclyde Police set up a Violence Reduction Unit to address violent crime by using location intelligence to prioritise the strategic, focused use of resources. Part of the solution involved collecting data from external sources, such as hospitals, fire departments, schools and social services organisations. They mapped this with other data related to factors known to impact violent crime – including poverty, housing, unemployment and environment. Hidden trends and patterns in criminal behaviour in the city were revealed, enabling the unit to understand where crimes were happening and why. Armed with this powerfl insight, law enforcers could make predictions about where crimes were

Cyber Security

“VRU’s use of location-based analytics to both understand and predict crime led to a 39 percent fall in all crime – not merely violent crime – in the Glasgow city centre. Statistics from 2015 show homicide rates in Scotland are now at

Shootings

their lowest levels since records began in the 1970s.” likely to occur, so that they could discard their previous ‘needle in a haystack’ approach and better target resources to prevent them. For example, the team mapped knife-crime alongside ‘pathways’ to crime, using transport and vandalism data from bus companies to visualise previously unidentified links between the two. Consequently, the VRU was able to advise local police forces on where to establish the best locations and times for stop-and-search operations. VRU’s use of location-based analytics to both understand and predict crime led to a 39 percent fall in all crime – not merely violent crime – in the Glasgow city centre. Statistics from 2015 show homicide rates in Scotland are now at their lowest levels since records began in the 1970s. The Glasgow case study offers valuable lessons for Australia’s law enforcers on how location-based analytics can be used to develop crime-related forecasts and inform policy development.

Citizen Complaints Dashboard

Information collaboration and integration Given our often sparsely located police forces and stations, the collaborative capabilities of location-based analytics would allow you to integrate and share data effectively. This becomes even more apparent considering that keeping our communities safe requires partnerships between a range of agencies, not just state and federal police, but also intelligence agencies and defence forces. National security, for example, is a multi-department, multi-agency mission. Critical to this approach is an ‘allsource intelligence fusion’, where agencies use and contribute common data to each other. Benefits include greater economies of scale and increased efficiencies, and improved sharing of intelligence data. This leads to more efficient allocation of resources and ultimately reduced crime rates. Location-based analytics can effectively deliver this level of connectivity and sharing of static and dynamic data across agencies and organisations by bringing all this data into one common map-based picture.

Anti Robbery Detail Dashboard Dismantling silos Similarly, location-based analytics can successfully integrate internal information silos. With unprecedented amounts of data being collected internally, the ability to share and analyse this information has never been more crucial. The advent of body and dash cameras, and technologies such as digital number plate recognition, means every individual police officer is now a sensor, collecting and streaming immense amounts of data. The fact that much of this data is hived in silos without an easily accessible linking element only increases administrative burden and, more importantly, impacts analysts’ ability to produce real-time, valuable insights to be actioned. In short, information is prevented from getting to those who need it. This was a problem faced by Canada’s Vancouver Police Department (VPD), which struggled with having large amounts of mission-critical data stored in disparate, internal

Asia Pacific Security Magazine | 27

Cyber Security

management, analysis and project systems. Apart from the resultant widespread duplication of efforts and data redundancy, these silos also hindered police investigators. Critical elements of investigations were scattered over multiple jurisdictions and could not be easily shared. Often, by the time data was located and consolidated, it was out of date and no longer useful. VPD used location-based analytics to bring this data together and, via a user-friendly geo-dashboard, provided accessibility across the department. This provided crime analysts with instant access to offender information and datasets to identify suspects, predatory behaviour, resource inefficiencies and response times. This meant they were able to focus on conducting analysis at a much deeper level, instead of spending significant amounts of time completing nonanalytical tasks. The system was also relied on heavily to plan for the 2010 Vancouver Winter Olympics, where it was used to monitor street closures and deploy police, among other tasks. The good news for the region’s law enforcers is this innovative ‘smart policing’ approach to location analytics can ensure forces are agile, responsive and intelligence-led; and able to meet the demands of the 21st-century law enforcement environment effectively. To learn more about how location analytics solutions are being used by some of region’s – and the world’s – leading law enforcement agencies to solve and prevent crime, visit: www. esriaustralia.com.au/ law-enforcement.

28 | Asia Pacific Security Magazine

About the Author Simon Hill is the Regional Industry Lead for National Security, providing leadership and industry expertise to teams across Australia, Singapore, Malaysia, Indonesia, Brunei, Bangladesh and Timor-Leste.With almost 25 years’ experience working within the defence and public safety sectors, Simon is passionate about partnering with national security agencies to help them leverage the power of geography and spatial analytics to defend borders and increase security for their respective nations.

Cyber Security

Asia Pacific Security Magazine | 29

Frontline

Examining the mob mentality

T By Tim Mayne ASM Correspondent

30 | Asia Pacific Security Magazine

wo mob-related incidents made headlines in Perth, Western Australia in the last couple of months. The first saw a group of 20 people attack a city convenience store, where a mob mentality ensued. Numerous other people decided to join the fray causing a young shop attendant to suffer injuries after being beaten by some of the mob and have his store robbed and trashed. The second incident came weeks later as a group of teens threw rocks at buses near Cockburn causing $10,000 damage. But these aren’t isolated incidents and like many others they involved large numbers of young people. Australia was shaken by the racially-motivated mob attacks in they Sydney suburb of Cronulla in late 2005, which saw large numbers of youths from Anglo-Celtic and Lebanese origin clash on a number of occasions. More than 5000 individuals gathered at North Cronulla Beach where mob violence ensued. The end result saw 26 people injured, a total of 16 arrests and 42 charges being laid including assaulting police officers, affray, malicious damage, resisting arrest, offensive behaviour and other charges. In 2011 England was rocked by riots which lasted nearly a week, resulting in five deaths, arson, looting, assaults and other offences. Similarly in Cologne, the German nation was shaken after New Years Eve celebrations turned ugly when more than 1,000 men were accused of assaulting 90 women, including accusations of sexual and physical assault and robbery. Police forces around the world have warned the public that the penalties for such behaviour can attract several charges resulting in potential jail terms. So what drives a group of

people to risk everything to become involved in mob violence? According to Professor Rob White from the School of Sociology at the University of Tasmania group violence is defined as “swarming” and falls into several categories. The categories include Raves, Flash Mobs, Youth Gangs, Riots, Mobs and Gatecrashes and all of those events can be organised or spontaneous. “What seems to characterise most of these group formations is the availability of ‘smart mob’ technologies that allow grouping and regrouping to occur, and the ability to gather quickly at a meeting place,” Professor White says. “The presence of large numbers of people in one place - the formation of crowds - can also shape group behaviour depending upon the purpose of the crowd formation. “In some crowd situations, mob-like behaviour may emerge as being in a crowd seems to offer the opportunity to ‘lose one’s mind’, and thereby to lose the normal social controls that guide decent human interaction. “The so called mob mentality describes the situation in which the crowd dictates general behaviour over and beyond the individual. “Describing different types of group formation still does not address the question of why and how group violence occurs? “For this, sustained theoretical interrogation of crowds as a general social phenomenon is needed, along with specialist study of particular crowd formations, such as football hooligans,” he says. Rob White says what is of more immediate interest here, and drawing upon Australian examples and experiences, are

Frontline

the rituals and dynamics of violence. “Rituals mean several different things,” Professor White says. “In their examination of the Bathurst bike races riots, author C Cunneen et al. (1989) speak about the traditions of police baiting, particularly among working class men. “The specific instances of police baiting can take ritualistic forms, and may be seen as part of a local culture that is transferred over the generations. “By recognising the historical relationship between the police and particular communities (including and especially Indigenous communities), better insight can be gained into why certain situations can quickly transform into violent confrontations. “As Cunneen et al. (1989) also point out however, there is a dynamic between baiting and control - that is, how police respond to the baiting also shapes the dynamics of the situation.” According to WA Police, although incidents such as the ones mentioned above often involve numerous people, figures only state what the offence is i.e. Robbery, Assault etc as there is no real charge of starting a riot, apart from the charge of starting an affray for individuals - which was included in the list of 42 charges laid against individuals after the Cronulla riots. “None of the records Police have specify whether the incident involved more than one person,” a spokeswoman for WA Police said. “In relation to penalties, once again having a lot of people involved does not alter the penalty. It all depends on the actual offence under the Criminal Code. “We do not know what makes people commit offences in a group. “Anecdotally it could be people under the influence of alcohol or drugs. “Police do not tolerate anti-social behaviour and alcoholfuelled violence, irrespective of whether it is one person or a group of people. “Resources can be deployed to any area where the need arises be it for a party or large numbers of the public in the city at various events like New Year’s Eve”, the WA Police spokeswoman said. According to an Australian Institute of Criminology report, Australians aged between 15 and 19 years of age were the most violent people in the country, involved in a disturbing number of bashings, robberies, attacks both sexual and physical as well as abductions and other crimes. The report entitled: Australian Crime: Facts and Figures Report said that during 2011 people in that age group were responsible for 886 crimes per 100,000 people, compared to a crime rate of 85 offences per 100,000 people in the age group ranging from 55 to 59 years of age. Many in the community are quick to blame easy access to alcohol, while others blamed violent video games and movies as well as changing family structures and dynamics. Some even called for the Federal Government to throw money at the problem in order to lower youth crimes rates, but is the solution that simple? According to Professor Rob White from the University of Tasmania, there are a number of factors to take into account when looking at violent crime trends, particularly

when looking at crimes involving gangs or groups of people. “Understanding the contours of group violence is essential to responding adequately to its different manifestations. In specific circumstances, it may be necessary to institute coercive measures to deal with groups or situations that have got out of hand. In the United States, for example, specific city sites or hot spots and specific youth group formations i.e. identifiable gangs have been targeted for saturation and high visibility street policing. “Aggressive street policing and zero tolerance approaches have been criticised, however, for unduly restricting the rights of young people.” “The problem in the past has also been linked to racist assessments of who gets targeted for intervention, for creating resentment among young people toward authority figures, and for sending the wrong message about how best to resolve social conflicts.” “The response to the Cronulla riots in Sydney in the holiday period 2005-06 - which saw the use of police road blocks across major arteries, the passage of legislation that greatly extended police powers, the deployment of huge numbers of police in the southern beaches area, and an emphasis on a paramilitary style of intervention - provides an example of highly interventionist coercive policing.” “It is difficult to empirically assess whether the length of time and massive police mobilisation was the most cost-effective response in this instance. Generally speaking however, there can be no doubt that tactical use of force is a necessity if specific conditions warrant.” “In other situations, while the instinctive response may be to use coercion, the considered response may in fact be to adopt a more passive approach. Police responses to gatecrashers, for instance, may warrant diverse intervention methods.” “If it is realised that gatecrashers are intentionally trying to get police to a party, and to engage them in pitched battles on the street, then police need to change their normal tactics. “They have to step outside what could become ritualised combat (similar to what occurred at the Bathurst bike races), to diminish the attractions of the engagement by the gatecrasher protagonists. Basically, by backing off, the police can ensure that this type of violence will not occur,” Professor White said. Today many police forces around the country and the globe are adopting a more community-based policing approach. This includes local police regularly visiting schools, holding open days inviting people to meet their local police force and greater involvement in what have been identified as troublesome areas, including but not limited to lower socioeconomic areas. As society changes with the evolution of smart technologies, enabling people to have greater access to information, it is logical that policing models need to move with the times. “Strategic placement of the local police booze bus in adjoining areas, monitoring of the internet to ascertain who is talking about a particular venue and what will go on there and assessment and dispersal of movement routes in relation to a party can also constitute low level measures which contribute to safety and well being,” Professor White says.

The report entitled:

Australian Crime: Facts and Figures Report said that during 2011 people in that age group were responsible for 886 crimes per 100,000 people, compared to a crime rate of 85 offences per 100,000 people in the age group ranging from 55 to 59 years of age.

Asia Pacific Security Magazine | 31

Frontline

HELP FROM ABOVE When drones became the unsung hero in the aftermath of Hurricane Katrina,

Australia’s most prominent lifesaving advocate realised UAVs could be the key to preventing shark attacks and coastal drownings in treacherous waters.

A By Adeline Teoh ASM correspondent

ustralia has surfer Mick Fanning to thank for an enhanced shark handling reputation. In July 2015, when Fanning encountered a shark during competition in South Africa, he punched it until he could escape on a jet ski. The surfer had the benefit of the competition’s support crew to thank for the swift rescue but other Australians aren’t so lucky. As a large island with a long shoreline, Australia has hundreds of remote, unsupervised beaches where encounters with sharks and potential drownings may occur. Records for 2015 show 33 encounters between humans and sharks: in 25 cases the human sustained an injury, and two of those were fatalities. Shark attacks are headline news and heightened public awareness led to political support for a new kind of technology: the Little Ripper, an ocean-faring patrol and rescue drone, part of the NSW Government’s $16M shark strategy. The man behind this technology is Kevin Weldon AM, who is relatively unknown in the technology industry but much better known as Australia’s most prominent lifesaving advocate. A life saving lives Weldon’s life, in a nutshell, has been spent in some form or another saving lives. Aged 15 he joined Queensland’s Pacific

32 | Asia Pacific Security Magazine

Surf Club as a surf lifesaving cadet, working his way through the ranks to eventually become president. In 1971, convinced of the value of lifesaving training and advocacy, he founded World Life Saving, a volunteer-led organisation, which later merged with its French counterpart, the Fédération Internationale de Sauvetage Aquatique, to become the International Life Saving Federation. Weldon became ILSF’s inaugural president. Despite spending a lot of his time in and around Australian beaches, Weldon didn’t conceive of Little Ripper during a surfing session or a few rounds with a shark but in the aftermath of Hurricane Katrina more than a decade ago. Following the hurricane, New Orleans flooded and many people were trapped in their homes, forced to wait for help. Some managed to climb onto roofs to signal for helicopters, while others could not. The US Army used two unmanned aerial vehicles (UAVs), more commonly known as drones, to manoeuvre through the flooded streets to find those others who required help. “There were basically mini helicopters manned by the army, coming from the skunk works of Defense,” Weldon explains. “They were able to go up and down flooded streets and find people not on the roof, the people the helicopters missed. They saved 5,000 lives.”

Frontline

Having seen what UAVs could do in a search and rescue situation, Weldon realised he could use the technology to support Australian lifesaving. “As the founder of two worldwide water safety organisations, I thought ‘this is the future’,” he says. Water safety Forget the shark attack headlines for a minute and consider that almost 300 people a year drown in Australian waters, far more than those who encounter sharks. Weldon believes Little Ripper, the drone technology he has developed with senior director Noel Purcell, can provide much needed support to prevent both shark attacks and many of these drownings. Little Ripper drones can patrol isolated beaches and provide rescue help in difficult terrain, such as around cliffs and headlands. Two pilots—one to drive, the other to analyse what the Little Ripper sees—can fly the FADEC (full authority digital electronics control) aircraft from a laptop at a command post. “Little Rippers can patrol all these isolated areas on a regular basis. They can be remotely manned in emergency services trailers and we can go to remote areas quickly and launch them,” Weldon explains. The two-metre long drone, which has a wingspan of 2.5 metres and a flight time of 2.5 hours, has a loudspeaker that can warn swimmers and surfers beyond earshot of beachbound lifesavers of dangerous conditions, whether a shark or a rip. It also carries a nine-kilogram rescue package comprising a flotation device, GPS unit, Shark Shield repellent and other technology to assist subsequent rescue efforts, giving precious minutes to those in trouble while helping to locate the swimmers or surfers for human rescuers. Purcell is currently in discussions with Intel to include its TCAS (traffic collision avoidance system) and ADS-B (automatic dependent surveillance broadcast) technology, which will help pilots track and control the fleet. Other tech, including its electric battery-powered motor, sensors and video capture, already comes as standard.

Little Ripper will come into its own when it can monitor currently unpatrolled areas. Now it is only a matter of speeding up the deployment process— “we’ve got it down to 14 minutes but we’ll get there faster” —and training more pilots for the 40 Little Rippers to be launched in the coming year. Next time the headlines scream about shark attacks or you hear of swimmers caught in a big rip, think instead of the Little Ripper and how technology is helping humans survive the forces of nature.

Westpac Little Ripper 3 a

Eyes above water There are currently 16 Little Rippers in operation under the wings of 16 existing Westpac Rescue Helicopter Services that patrol beaches in New South Wales. This, as well as in-water sonar to track shark movements and an accompanying app showing the predators in real-time form part of the NSW Government’s shark strategy. The sonar provides underwater data, while the helicopters take a wide aerial view and the drones provide ‘eyes on the surface’. Weldon says the tests are going well. Recently the test crew placed a mannequin in the sea at an undisclosed location for Little Ripper to rescue. “The mannequin looked like a person floating and the Little Ripper had to find it. It was planted secretly and the Little Ripper found it and also found a shark not too far from it. The shark took a bit of interest in the mannequin and then swam away,” Weldon recounts. The team is now working with the Civil Aviation Safety Authority to do out of line-of-sight testing, “so we can fly them out of sight and remotely,” says Weldon, who believes

NSW Premier Mike Baird, Westpac CEO Brian Hartzer, Westpac Little Ripper Founder Kevin Weldon and President of SLS NSW Tony Haven

Tony Haven President of SLS NSW, Brian Hartzer Westpac CEO, Premier Mike Baird and Kevin Weldon Little Ripper Founder

Asia Pacific Security Magazine | 33

Cyber Security

Building a security intelligence centre The Threat

Cybercrime is a highly profitable and low risk business, which is why it’s costing the global economy more than $400 billion every year. Threats are continually evolving and scaling, making them harder and harder to detect and eradicate. The average time from infection to detection has been reported as being as high as 206 days, with a further 69 days being taken to eradicate the infection. So, what’s going wrong; why can’t the security industry combat this ever changing threat? A new buzz-term has emerged over recent months – security intelligence – coming with promises of quicker detection times and faster resolution times, at last putting our security teams on the front foot. Let’s look at whether the promise of security intelligence is simply marketing hype or is there really a progressive paradigm shift happening in the security operations centres that finally sees our analysts getting ahead of the hackers.

The Challenge

For the past two decades, our beleaguered security analysts have been fighting what can only be described as a losing battle. Every day, billions upon billions of events flood from corporate servers, workstations, network devices and applications into our security operations centres’ systems. Every single event could be the trigger our analysts need to detect an attack and start the incident response process. However, correlating attack patterns and indicators of compromise (IOCs) from this kind of data deluge is an impossible task, and it’s often the more subtle, slow-burning attacks that go unnoticed. Huntsman’s product development team has directly observed this issue within our customers’ security operations centres, seeing how even the best trained and most astute security analysts are getting burned out as they hunt for the proverbial IOC needle in the haystack of security events. Even the best, most experienced security teams can’t do everything they need to do to stay ahead of today’s ever-changing threat environment, which is why our customers have asked for help.

Automatic Threat Verification

Careful analysis of our customers’ security operations

34 | Asia Pacific Security Magazine

centres has shown that the biggest challenge modern security teams have is finding the time to do the truly valuable work they should be doing, such as hunting for cyber threats. The problem is that most investigations turn out to be nothing more than false alarms, triggered by misconfigured network devices, badly designed applications and miscommunicated system changes that create incidents, and can add up to weeks or even months of wasted effort every single year. Forrester’s recent call to action suggests that the answer is in automation. “Businesses can no longer rely on passive, manual procedures to defend against attacks.” However, the challenge remains as to how we automate the detection of real attacks while filtering out events that relate to false positives, all the time guarding against anything that might be vital to our defence (false negatives). The answer comes in our ability to operate across the security value chain ensuring analytical completeness across the entire ‘kill chain’. The latest version of Huntsman Analyst Portal® solves this problem using a variety of proven technologies, such as machine learning and predictive analytics to automate the process of incident triage and investigation, which in turn enable

Cyber Security

To learn move about Advanced Treat Verification, click here

threat verification and resolution in seconds. Our technology automatically assesses the likelihood of a threat being real by cross-correlating it with corroborating evidence from other intelligence sources for highly accurate decision making. This eliminates the large volume of false positives security analysts have to deal with, freeing them up to investigate real attacks and carry out other proactive security functions. Huntsman Analyst PortalÂŽ aggregates threat information from a variety of sources, such as endpoint security suites, application firewalls, malware sandboxing systems and network infrastructure devices to automatically provide analysts with a summary report of all relevant information so they can immediately start investigating an incident. This means that triage is significantly faster and more accurate, resulting in 90% less time being wasted.

Security Intelligence Centres

Security operations centre managers are now rewriting their standard operating procedures to make use of the extra time analysts have available. This allows them to focus on progressive, proactive threat identification (hunting) and security testing (vulnerability analysis and penetration testing). This focus on building a more defensible enterprise invariably yields better, longer-term reductions in security risk for the business and recasts the services the operations centre provides up the value chain. No longer are they providing security operations, instead they are now providing a proactive, futureproofing of the businessâ&#x20AC;&#x2122; defences akin to the work that national security agencies provide for governments around the world. With the help of Huntsman Analyst PortalÂŽ, security teams can now start looking to a brighter future where security operations centres evolve into security intelligence centres and we finally have the upper hand against the bad guys.

Asia Pacific Security Magazine | 35

Cyber Security

Digital Identity How the DTO will improve access to online government services for millions of Australians

T By By John Lord Managing Director, GBG

he Australian Digital Transformation Office (DTO) has recently published a Request for Information to understand the capabilities of local and international businesses to assist them in the design and implementation of a digital identity assurance (IDA) solution. Now is certainly the right time for the DTO to address this, as similar programs have been deployed abroad – especially recently in the UK with the ground-breaking GOV.UK Verify program. As the Australian Government looks to grow and improve online services, and as the cyber fraud landscape evolves, it is vital that the DTO addresses the digital identity verification challenge. The challenge consists of successfully verifying millions of genuine Australian citizens and residents’ identities whilst rejecting fraudsters and keeping the identification process quick and easy for the user The number of online government services is growing, and Australians increasingly expect that these services should be easy to access. In a world where consumers are familiar with everyday online banking and streamlined e-retail experiences, establishing a trusted government digital identification process that is easy, quick and secure for the user has never been more important. What’s the DTO’s plan? Rachel Dixon, Head of Identity for the DTO, recently explained that managing ‘digital identities’ means the ability for the government to trust that citizens who are logging in online or via their mobile to online government services are who they say they are. Additionally, citizens have to trust that

36 | Asia Pacific Security Magazine

the Government will deal with them in a fair and secure way. It is to provide some way for citizens to assert their existence online and with some degree of trust in both directions. The DTO is currently in the early stages of the discovery process, and is evaluating the pros and cons of several identification models. It is in the works of building an ‘Alpha product’ to verify the identity of citizens to a level that is sufficient for them to access government services. The project also involves developing a Trusted Digital Identity Framework (TDIF). The DTO will be working with both public and private sector stakeholders to develop a broader framework for trusted digital identities, better enabling them and other agencies and governments to work together. The challenges The ultimate objective for the Australian Government is to encourage citizens to manage more federal – and potentially state – related requests and processes online, to increase efficiencies and reduce costs. This is likely to have a win-win impact for both the Government and citizens, but to achieve this goal, the DTO should address two important issues: 1) Build trust in a climate of increased cyber threats Cyberattacks and data leaks are spreading in Australia, as described by many recent studies including the ACSC’s last Cyber Threat Report. As we are using multiple devices to log on to our favourite websites and apps, the potential for breaches of valuable information has widened. The growing

Cyber Security

‘The DTO is currently in the early stages of the discovery process, and is evaluating the pros and cons of several identification models. It is in the works of building an ‘Alpha product’ to verify the identity of citizens to a level that is sufficient for them to access government services.’ number of financial transactions we conduct online also incentivises hackers to try and gain access to our personal data. For citizens to use online services, you need to ensure that those services are trusted. This means guaranteeing security won’t be breached, and that your users’ personal data will be safe. As soon as sensitive data or money is involved, an extra layer of security is needed, and an extra layer of trust needs to be built. This is where using trusted third party digital identity providers can be highly valuable, meaning there is no central Government-owned database containing all its citizens’ information. If the DTO wants to provide a trusted identification process, they need to partner with the right organisations. Security can be ensured through an identity assurance solution that can verify an individual is who they say they are by referencing on demand multiple datasets from a number of accredited sources. In the UK, the GOV.UK Verify program has benefited from a competitive model, drawing from private sector knowledge and expertise in order to drive innovation in the development and provision of the service. 2) Make the identification process quick and simple, through a single best-in-class platform The Australian Government already offers a wide range of online platforms, each of which enable citizens to access specific services: MyGov, Medicare, and the Tax Office. This is a great first step. But if the Australian Government wants to encourage citizens to process more of their requests online, they need to make it easier for them, and follow a model that enables citizens to login once to a platform that redirects them to all online services whether it is related to tax issues, requests to their local councils, or managing their Medicare profile. The DTO is currently studying the relevance of a federal model. The decision they will make will impact how they need to think about their digital identity approach. Having one common platform with a choice of trusted third party identification providers would give citizens a choice in who verifies them. For now, the DTO needs to evaluate the impact of moving the three above services into one.

Taking the right approach, using the right technology You can find many identification solutions on the market today, from Single-Sign-On (SSO) to manual verification of official identification papers such as Passports or Drivers’ Licences. Each of these solutions has pros and cons, and can be proved efficient in specific contexts, but none of them are highly secure. In order to offer a trusted identification assurance service to Australian citizens, the Government needs to partner with organisations able to swiftly and reliably verify individuals, and provide them unique login credentials that guarantees they are who they say they are without having to go through the identification process again and again. The Government also needs partners able to quickly detect if an identity has been previously compromised, to prevent any loss for both parties – the Government and the citizen. This is a highly complex process. Certified IDA providers use multiple verification techniques that need a high level of expertise. For example, this can include triangulating sources of identity data and verifying somebody is who they say they are through a multitude of checks, including address and financial history, personal knowledge, and document validation. Two-factor verification is an element of this – in other words being asked for something you know as well as proving something you own. For example, you know your username and password, but you need to own a mobile phone to which a security code is sent. Biometrics: the new IDA technology…or is it? When I talk to public and private organisations looking to strengthen their digital identification processes, I often come across decision-makers considering biometric technologies. Many organisations providing online services are indeed looking into biometrics as a possible alternative solution to the conventional ‘password login’ for authentication. Biometric technology undoubtedly has an important role to play in improving service delivery and user experience, with the dual benefit of removing friction for the user and helping to reduce fraud. However is it a technology that the Government should be looking into? Yes, but when it comes to biometric verification – which can include fingerprints, voice and facial recognition – the present consumer technologies available at scale on the market are not robust enough to stand alone and ensure the level of online security vital to verifying identity in the modern age. It must be combined with other proven verification techniques to be truly successful. Regardless of the technology mix that comprises the new digital identification model, this is certainly an exciting opportunity for the DTO to transform how Australian citizens experience online government services.

Asia Pacific Security Magazine | 37

Cyber Security

How cloud infrastructure is making enterprise IT more secure

W By James Valentine Chief Technology Officer, Fronde

38 | Asia Pacific Security Magazine

hile organisations have long been aware of cloud’s ability to reduce costs and increase agility, industry commentators have debated whether cloud is secure enough to hold sensitive or private information. The key issues in the debate have been: whether cloud services are more easily compromised than on-premise infrastructure; and where the data is stored for legal purposes, also known as data sovereignty. As the debate has continued, cloud technology has leapt forward, particularly in terms of security. Unfortunately, this has coincided with a number of high-profile security breaches; notably the iCloud hack in 2014 that resulted in the release of private images of celebrities. Ironically, most security breaches affect on-premise databases as opposed to cloud-based services. Yet, because moving information and workloads to the cloud means it physically leaves the organisation’s premises, many fear that makes it inherently less secure. In fact, the cloud can offer even better security than on-

premise systems, depending on the cloud provider’s security approach. While many believe it is more difficult to secure information in the cloud, the opposite is true for a number of reasons. First, technology security products such as threat or intrusion detection, firewalls, and antivirus work just as well in the cloud as they do on-premise. Second, the potential for disgruntled or malevolent employees to damage the organisation is reduced. This is because they cannot gain physical access to the data in the same way they could if it was stored on-site. Third, and perhaps most importantly, cloud providers are well aware of the misconceptions around security and take active steps to alleviate concerns. Their data centres are usually independently-audited and they must comply with strict regulations. A significant security breach could spell a cloud provider’s demise, as their entire reputation relies on providing a secure service. This is a powerful incentive for providers to harden their security postures. Individuals have entrusted personal information to cloud-

Cyber Security

Often, organisations with on-premise infrastructure experience regular breaches. They just don’t know about it until well after the event has occurred, or sometimes not at all. Stealth attacks are successful because organisations simply don’t have the resources to devote to security. based apps for years. Organisations such as Facebook, Gmail, Dropbox, and Skype all contain sensitive personal details that present an attractive target for cyber criminals. Yet people continue to use these services because they’re convenient and relatively powerful. They offer much greater functionality and storage capabilities than a standalone device, such as a smartphone, could provide. As individuals, we readily acknowledge that Google and their counterparts are much better at protecting our data than we are. Similarly, organisations should entrust enterprise applications and services to cloud providers. Shifting as much of the company infrastructure as possible to the cloud lets internal IT teams focus on innovation and development, two areas that are sorely needed in an age of intense competition and limited resources. In most instances, cloud providers can and do invest far more in security measures than individual organisations do. They can afford to employ specialist security professionals and devote significant resources to security because that is their core business. Their security budget is therefore far larger than an organisation whose business is manufacturing or professional services, for example. Often, organisations with on-premise infrastructure experience regular breaches. They just don’t know about it until well after the event has occurred, or sometimes not at all. Stealth attacks are successful because organisations simply don’t have the resources to devote to security. They walk a fine line between having a strong security posture and still letting employees do their work without impediment. By contrast, cloud providers such as Google, Salesforce. com and NetSuite, for example, devote massive resources to security around the clock. This not only makes their services more secure than an on-premise solution, it also lets their customers concentrate on their core business rather than on battling cyber threats. It’s true that some cloud services providers are more attractive targets to hackers than the individual companies that may use their cloud infrastructure. However, this unwanted attention is usually met with a security profile designed to stand up to such threats. This sort of security posture is out of reach for most individual companies. Another potential concern some organisations have when it comes to cloud infrastructure is the question of data sovereignty. This relates to where the cloud-based data resides, and whether it is held in a data centre located in a region considered safe for the organisation’s purposes. Some types of data are required to stay within the same national borders as the company that owns them, for example, financial institutions’ data. This was a concern for Australian organisations in the past, but legislation is much

clearer than it previously was as to the particular data that is affected by sovereignty. The vast majority of organisational data is not affected by these data residency concerns. In the rare case where there is a data residency issue a number of large cloud service providers, like Amazon Web Services, offer local data centres. Given the growing capabilities of cloud platforms, and the benefits it can deliver in today’s competitive and fastpaced business landscape, companies are likely to face more risk by not moving to the cloud. Without the cost efficiencies and agility offered by cloud services, they may find it difficult to keep up with competitors. Cloud also makes it easier for organisations to budget effectively, moving much of what was previously capital expenditure into operating expenditure. Cloud providers help organisations keep pace with fast-changing licensing and distribution models, complexities of multi-element contracts, and stringent standards compliance. And, importantly, cloud providers can provide more comprehensive overarching security provisions than most individual organisations. These benefits, combined, make cloud the ideal choice for businesses looking to get ahead of their competitors.

Asia Pacific Security Magazine | 39

Cyber Security

The greatest threat to your business today Contributed by F5 Networks

or as long as digital technology has existed, there have been people who sought to exploit it for criminal gains. What once started as opportunistic email scams has evolved into highly complex, targeted operations that generate billions of illicit dollars every year. The result is a sharp rise in threats such as cyber-espionage, crimeware, web fraud, DOS attacks, and POS intrusions that threaten to destabilise organisations across APAC and beyond. Today, almost two-thirds (60%) of attackers compromise systems in just seconds or minutes, with banks, commerce portals and payment services being key targets. This is the greatest threat to your business today. The new norm There are few other industries that have been transformed by digital technology as much as finance. Digital banking consumers numbered 670 million in Asia in 2014, and that is expected to rise to 1.7 billion by 2020. Growth of internet and mobile channels for a range of banking services now averages 35% a year, while traditional bricks-and-mortar

40 | Asia Pacific Security Magazine

usage is falling at a rate of 27% across Asia. Adoption rates for mobile ranking are highest in markets like India and China, reaching 60-70% in some cases, far exceeding more developed nations like the UK and US . In short, Asian consumers are wholeheartedly embracing the digitisation of finance. But while this meteoric growth has ushered in a new era of convenience, it has also presented fraudsters with a multichannel digital playground in which to operate. “Here’s the digital paradox: organisations today are able to cover more ground, more quickly, than ever before – thanks to new digital connections, tools and platforms which can connect them in real time with customers, suppliers and partners. Yet at the same time cybercrime has become a powerful countervailing force that’s limiting that potential.” – PWC, Global Economic Crime Survey 2016 A third of organisations are now affected by cybercrime each year, and a similar number think they’ll be affected in the next two years. The range of digitised financial instruments has created a multitude of new touchpoints for criminals to access potential targets. From online banking to

Cyber Security

The majority (84%) of financial firms now rank cyber threats as one of their top business risks . 61% of CEOs are increasingly concerned about the impact of these threats on their business , any yet less than half (37%) of organisations have a cyber incident response plan in place while 32% of organisations are affected by cybercrime. point-of-sales transactions, as our lives have become more interlinked so the threats to our security have increased. According to a recent poll by The Asian Banker, the top three challenges in fighting cyber fraud today are: 1. Protection of multiple and increasing banking channels. 2. Rapid evolution of malware specifically designed to target financial institutions and their clients that are increasingly hard to detect and remove. 3. Lack of willingness from management to actively invest in cyber security measures without being driven by regulations or having suffered major losses from cyber intrusions. The majority (84%) of financial firms now rank cyber threats as one of their top business risks. 61% of CEOs are increasingly concerned about the impact of these threats on their business, any yet less than half (37%) of organisations have a cyber incident response plan in place while 32% of organisations are affected by cybercrime. And the bad news is that threats are becoming increasingly sophisticated. More than one billion personal records were illegally accessed in 2014, including health, financial, email and home address data, an increase of 54% on the previous year. 5 Most Common Threats •

•

Crimeware/Malware – Opportunistic, dynamic, sophisticated. Malware, including phishing, is a favoured tool of criminals around the world to gain access to confidential systems and information. In 2014 alone, 27 million users were targeted by 22.9 million attacks using financial malware. The recently discovered Tinbapore trojan is currently putting millions of dollars at risk across APAC. Web application attacks – Using stolen credentials and personal information, these attacks target the vulnerabilities in web applications, particularly across banks and ecommerce sites. Customers are usually redirected to false sites where their details – and eventually money – are stolen. Last year, experts found some 360 million stolen credentials for sale online . Point of sale (POS) attacks – As chip and pin have had much success in reducing card fraud, attackers have now turned their attention to the servers running POS applications. Using sophisticated algorithms, powerful botnets, and even brute force, payment data is harvested from unsuspecting organisations and turned into currency. Insider compromise – A symptom of our evermore connected world, insider threats are becoming

•

increasingly common as criminals target employees and partners (knowingly or unknowingly). Some estimates attribute more than half (58%) of all security incidents to organisational insiders. Denial of service (DDoS) attacks – Criminals are increasingly favouring this technique, which utilises huge networks of computers to overwhelm websites and force business to grind to a halt. These attacks are becoming ever more common, increasing by 149% in Q4 2015 alone.

Tinbapore Malware First detected in real time by F5 in November 2015, Tinbapore is a sophisticated evolution of the Tinba malware which is now act ively targeting banks and other financial institutions in APAC, with Singapore accounting for 30% of attacks alone. Delivered via junk email, the malware is noteworthy for its use of sophisticated algorithms which allow it to come back to life even after a command and control server is taken down. It’s harder to repair a reputation Four decades ago, some 95% of a corporation’s value was derived from tangible assets such as products, buildings and people. Today, an estimated three-quarters of an organisation’s value is intangible. In short, our newly digitised world has made a brand’s reputation and name its most valuable asset. While the financial and organisational impacts from cybercrimes are enormously damaging, the reputational risks can impact consumer and investor confidence. In some cases, a brand may never recover. Careful planning and prompt action for when, not if, your organisation is threatened can make the difference between retaining customers or losing everything. Always on, always ready While we are living in a heightened climate of fear currently, it isn’t all bad news. Consumer education about the need to safeguard personal data online is improving. Meanwhile, organisations are increasingly recognising the need for cyber security strategies that directly address the risks posed to their business. After all, prevention is infinitely preferable to cure. PWC estimates that almost half of businesses now conduct regular threat assessments, while a similar number have active monitoring or analysis of security intelligence. An impressive 58%, or almost two-thirds, have an overall information security strategy. Banks, commerce portals and payment services need a strategy that offers real-time identification, deep analysis, and across-the-board protection.

Asia Pacific Security Magazine | 41

Cyber Security

Protection from the core to the edge and beyond Today’s threats attack your network from all angles:

Nationwide Partner Network

•

DDoS (distributed denial of service) at the gateway

•

Ransomware sneaking through via your wi-fi access points

•

Viruses via social engineered email

•

Zero-day threats coming at you via BYOD (bring your own device) and IoT (internet of things) enabled devices.

It’s simply not possible to protect your data, applications, users and network with a heterogeneous security approach. Today’s fast moving threats require a single, unified, centrally-managed security fabric that ties everything together under a comprehensive secure access architecture. Welcome to the world of Fortinet.

Comprehensive Solution Set Fortinet’s solution portfolio, consisting of scalable and powerful next-generation firewalls, secure access points, analysis and management consoles, client-side security, advanced threat protection, automated realtime security updates round the clock and more, is built around the world’s only secure operating system, FortiOS 5.4. And powering all of these devices is the FortiASIC CP9 Content Processor which provides the largest number of connections per second in the industry and deep content inspection with low latency. With Fortinet, you get world-class security combined with lightning-like speeds.

Security doesn’t just happen. Fortinet’s nationwide network of fully-accredited and highly-experienced Partners are with you with at every step of your security quest. Starting with the complimentary CTAP (Cyber Threat Assessment Program), Partners can quickly audit your security profile and identify where any potential vulnerabilities might exist and recommend costeffective strategies to harden your defences. And once you have upgraded your security profile, Fortinet’s Security Subscription Service ensures that your defences are always up-to-date.

AT A GLANCE •

World-class security solution set & technology

•

Nationwide Partner sales and support

•

Real-time, automated 24x7 security updates

•

Regular enhancements, updates and innovation

•

Cost-effective, comprehensive and manageable

FORTINET AUSTRALIA Level 8, 2-10 Loftus Street Sydney NSW 2000 TEL 02 8007 600 anz_marketing@fortinet.com

www.fortinet.com

Continual Improvement The bad guys don’t sleep. And neither does Fortinet. Driven by the 200-plus staff at the global constellation of FortiGuard Labs, Fortinet is constantly upgrading, improving and enhancing. New products, which can be quickly integrated into your security landscape, are released almost every month. Fortinet is extending their intellectual property. Their recent acquisition of AccelOps in June will result in FortiSIEM which will in turn provide deeper transparency across the network. And their policy of soliciting thirdparty competitive evaluations means that Fortinet is confident that their products can stand up to the most stringent scrutiny.

Getting Started Fortinet’s Australian team and Partner network is ready, willing and able to help you secure your network. It all starts with a call. Our contact details are listed. Talk to us. It’s a call you have to make.

FORTINET SECURITY FABRIC PERVASIVE & ADAPTIVE SECURITY FROM IoT TO THE ENTERPRISE TO CLOUD NETWORKS

42 | Asia Pacific Security Magazine

Cyber Security

The Road ahead : How to survive as a new Cyber Security Manager

C By David Stafford-Gaffney Information Security Manager, Kinetic IT.

yber security breaches are once again hitting the headlines, with dire warnings of hacking on the rise; cybercrime, cyberwarfare, malware, ransomware and nation states all trying to access your information. Your company’s directors meet for their regular strategy meeting, where the CIO takes an action to hire an Information Security Manager to deal with all this complicated security stuff. Given your interest in this area, your manager suggests you have a crack at it. You accept! You are now your organisation’s Information Security Manager. Now what? No surprise, I took the role! I love nothing better than this kind of career challenge. I have no regrets, having loved every single minute of it, however, looking back, I had no idea of the challenges that lay ahead. This article has been put together to help anyone looking to take the plunge as I have, with the list below of tips that will assist you to be better prepared than I was.

10 Tips on how to be more prepared for a cyber security breach Tip 1 Get a mentor and work hard! Harder than you ever have before! Find someone with a solid information security knowledge that can assist with the fundamentals of information security and information assurance. I’d recommend looking here as a start www.aisa.org.au.

Tip 2 Take notes; lots of notes. In every meeting I attend, I come across acronyms, frameworks and standards I’ve not heard of. I discreetly write every one of them down and look them up afterwards.

Tip 3 Take some training. I’m not taking about university courses or technical study, you need to get some solid information security management training, ideally from an expert. There are a myriad courses out there on this topic, CISMP and CISM are ones that come to mind as a start (see Tip 2).

Tip 4 With everything you do, think of the tenants of Information Security – Confidentiality, Integrity and Availability (CIA). How does, what is being talked about, the current incident, vulnerability, threat, Pilot, project, etc., affect CIA.

Tip 5 Policy, Procedures and Work instructions. These are referenced in a particular order. Policy says what, a procedure supports policy and explains how and the Work Instruction supports the procedure and details exactly how for every applicable team.

Tip 6 Patching, quickly understand each teams patching schedules, reporting and current compliance and ask to see them. Verizon’s 2015 Data Breach Investigations Report states “We found that 99.9% of the exploited vulnerabilities had been compromised more than a year after the associated CVE was published”

Tip 7 Understand your incident response plan/process and ask to see it. Breaches are inevitable. Schedule an incident drill to establish your baseline and work from there.

Tip 8 Tailor your communications to the leadership group accordingly. Remove appliance names and technologies and break it down into simple to digest language that tells the audience how their organisation is impacted.

Tip 9 Talk about facts and only facts. Remove any opinion and remember that you can only talk about what you know of. Yes the organisation may currently have a vulnerability being exploited however if you have nothing to back that up, it is only a possibility.

Tip 10 Remember Risk Management sits at the heart of every decision. Risk is your friend, so don’t be scared of it. It allows you to communicate in a manner with which people will understand how they are impacted, empowering them to take appropriate action. About the Author David Stafford-Gaffney is an information risk and security professional with over two decades in the ICT sector in roles ranging from hands on technical, to operational management and business development. He has established two businesses from scratch and his strong business acumen enables him to understand acutely the need to align security with business requirements. He is passionate about leadership, Information Security and assurance and improving the industry as a whole. He currently works as an Information Security Manager for Kinetic IT.

Asia Pacific Security Magazine | 43

Singapore Feature

Security in Singapore Security forms a key element of Australia’s partnership with Singapore and the private security sector should take advantage

By Chris Cubbage Executive Editor

aving had three back-to-back visits to Singapore in May, it was an opportune time to implicate myself further into this active city, with a proud people and with clear, long term prospects for continued city development and of most interest, a fast growing digital business economy. With dark clouds on the global economic horizon, if any country is set to lead the way through an approaching economic storm, it is Singapore. We have been wise to tie alongside this country’s anchor. On 29 June 2015, Australia and Singapore signed a Joint Declaration on the Comprehensive Strategic Partnership (CSP), a ten year plan to enhance strategic, trade, economic, defence and people to people links, and deepen bilateral relations for a Closer Economic Relationship (CER). The two countries announced in May they want to accelerate collaboration in innovation, science, research and technology. Regional security, defence and cyber-security are key aspects of the CER and there is naturally also an opportunity for Australia’s private security sector to sign-up and partner with Singapore’s security sector. This special report provides insight into how this may occur and why. Introduction to a global landscape The health and well-being of the global economy has direct and indirect context implications on the related security risk and threat environment. To help set the global landscape and business environment, we refer to the most recent PIMCO Secular Outlook 2016 titled ‘The Global Outlook: Stable but not Secure’.

44 | Asia Pacific Security Magazine

The PIMCO report provided a consensus that “the post-crisis global economy is just fast enough to avoid stall speed, but there is no evident or prospective source of productivity or organic demand that would support a baseline for more robust expansion. The baseline scenario is that a version of the status quo will evolve gradually” ... however, it was acknowledged “there is a material risk globally that the unconventional monetary policies in place today will be insufficient to maintain global growth, close output gaps and bring inflation to target. Furthermore, compared with the pre-crises experience, with trend growth slow and with debt levels high, there is no obvious ‘spare tyres’ available globally, if and when monetary policy exhaustion threatens global stability. In other words, the global economy finds itself today in a state of disequilibrium that has remained stable thus far only…” ( June 2016). Alongside this report, the OECD’s latest Global Economic Outlook concluded “slower productivity growth and rising inequality pose further challenges. Comprehensive policy action is urgently needed to ensure that we get off this disappointing growth path and propel our economies to levels that will safeguard living standards for all,” said OECD Secretary-General Mr Angel Gurría. Singapore is Shining Despite global downturn, Singapore has cleverly manoeuvred itself to be an important international finance and commerce hub and ranked by the World Economic Forum as the most technology-ready country in the world. A most recent example is KuangChi Science’s announcement to locate its

Singapore Feature

headquarters in Singapore. KuangChi Science was founded in 2010 by five distinguished Chinese scientists and provides a series of disruption space services and is working towards building a global disruptive space technology alliance. In addition, KuangChi Science announced a smart city objective, the Future City Strategy. Dr. Zhang Yangyang, Co-CEO of KuangChi Science, “Singapore provides an ideal innovation base and by creating an innovation headquarters in Singapore, KuangChi Science plans to further collaborate with Singaporean companies and institutes for research and development.” The strategy has been influenced by Singapore’s ‘Smart Nation’ initiative, which was launched in 2014 to make living better for all through tech-enabled solutions, harnessing ICT, communications networks, and big data. Information and communications technology allows local governments to interact directly with the community and the city infrastructure to monitor what is happening in the city and how it is evolving, and to ultimately create a better quality of life for citizens. KuangChi Science has been making investments in security, data transfer, and wireless coverage technology to help make cities smarter and better, effectively optimizing key services to improve city living around the world. HyalRoute has been one of the company’s key investments to support this goal. HyalRoute, now a part of Kuang-Chi GCI’s portfolio of technology innovation companies, is one of the most advanced network infrastructure developers and transnational telecommunication operators in the Asian-Pacific market. The company is engineering and implementing an international fiber-optic network spanning more than 1 million kilometres in length and linking 50 countries. Kuang-Chi GCI launched an international innovation fund based in Israel to invest in companies worldwide. The newly established fund had an initial investment of $50 million, which is planned to grow to $300 million over the next three years. Signing onto Singapore’s Security To facilitate the CER, Singapore will provide dedicated funding of S$25 million over five years. Australia will provide matching funding from a variety of government and nongovernment sources. Australia will also locate one of its five “landing pads” for market-ready start-ups in Singapore. This will assist start-ups to “think global” by linking them into entrepreneur and capital networks and industry value chains, accelerating their business development and growth. A pilot 1.5 Track Dialogue will bring together Government officials and academia in Australia in late 2016 to discuss regional security issues. The two countries will work together on defence science and technology, in areas including combat systems command, control, communications, intelligence integration and cognitive/ human systems integration. In the shadow of China’s militarisation of the South China Sea, these major areas of cooperation and collaboration demonstrate the extent of a fast expanding strategic defence partnership. For civil security, a Memorandum of Understanding has been signed to improve operational collaboration and

‘Kuang-Chi GCI launched an international innovation fund based in Israel to invest in companies worldwide. The newly established fund had an initial investment of $50 million, which is planned to grow to $300 million over the next three years.’ information exchange, share best practices and strengthen law enforcement cooperation in deterring, preventing and disrupting transnational drug crime. Alongside the defence and public security sectore, there is naturally a strong security profession in Singapore with the Singapore Security Alliance (SSA), an Alliance amongst the different security industry associations and organisations in the country. Much like the initiative in Australia with the Australiasian Council of Security Professionals (ACSP), the SSA includes the Asian Professional Security Association Singapore Chapter (APSA), ASIS International Singapore (ASIS), International Society of Crime Prevention Practitioners, Singapore (ISCPP), Security Systems Association of Singapore (SSAS) and Conference & Exhibition Management Services Pte Ltd (CEMS), organiser of the largest security exhibition in Singapore – Safety & Security Asia (SSA) series. The principle of the Alliance is to bring together different industry authorities under a uniform community to help address security issues in Singapore. For infosec professionals, the Association of Information Security Professionals (AISP) is registered with association to the Singapore Computer Society (SCS) and Infocomm Development Authority of Singapore (iDA). ASIS International Singapore Chapter has over 200 members and the Chapter actively promotes the certification of security professionals through the Certified Protection Professional (CPP) and Physical Security Professional (PSP) programmes. (Reference: http://dfat.gov.au/geo/singapore/Documents/ australia-singapore-csp-fact-sheet.pdf ) There is a great opportunity for Australian and Singapore security and technology professionals to better collaborate and partner. As Australia’s state based legislation models continue to be sought after for reform and seek out a national model, Singapore provides an ideal partner to work with in particular to work on solving the cyber security skills shortage and upskilling the existing physical security profession. Singapore’s Economic Development Board has been nurturing key industries that are driving Singapore’s economy and will take it into the future with attractive employment prospects. One these industries includes computer security and development of professionals in the information and communications technology sector. The future of the Australia and Singapore partnership is clear and mapped out. However, it will rely on the professional security sector to collaborate and partner to take advantage of this relationship and the opportunities it provides. It could be as simple as memorandums of understanding between our primary associations but could go as far as mutual recognition of agent and consultant licenses, certifications, training and qualifications.

Asia Pacific Security Magazine | 45

Cyber Security Singapore Feature

Netevents APAC summit review Innovation in the Cloud - Enterprise is ready but is the Cloud ready for the Enterprise? By Chris Cubbage Executive Editor

46 | Asia Pacific Security Magazine

irst comes the purpose then comes the product…” explained Dr. Christian Busch, Associate Director, Innovation and Co-Creation Lab, London School of Economics, as he opened the APAC NetEvents Press & Analyst Summit with a keynote address on innovation. “If a company is able to provide a setting where they’re actually working on real challenges, real problems, real society problems, that’s actually where people will be most attracted to, particularly probably also in a poverty context or context where traditionally people wouldn’t have thought to build consumer or producer bases in.” For Anaplan’s Grant Halloran, an Australian now based in Silicon Valley, “It’s more about thinking from a customer perspective. So if you’re an IT leader today your customers are the business folks, running the company, right from the CEO through to the lines of business leaders. What are the services, from a technology perspective, that these folks need, to get their job done and to achieve the vision of the company over the long term? So that’s the starting point.” Despite the drive and purpose of innovation, Nikhil Batra, Telecom Research Manager for IDC, highlighted the Ashley Maddison breach as a notable case study of the risks involved. As a result of this breach a lot of company CEOs stepped down. There were class action law suits against the company, so much so they announced a reward for $500,000 dollars for somebody to share information on the hackers. But nothing came out of it. One interesting statistic that came out, is that one of the security companies that laid their hands on all of the data claimed to have broken down 11.2 million passwords within 10 days. And surprisingly enough that the most popular password was 123456, which 120,000 accounts had this password in the database. This should make

us think how secure is a service and how much should cloud providers emphasise and provide security to the enterprises? There was a time when the worst thing that could happen to us is a malicious code or a bug would result in a blue screen of death and we would just restart our PCs and get on with it. But now we are getting into an era of IoT and connected things, where things like the connected car is being hacked. A Jeep Cherokee was hacked in late 2015. What these cases demonstrate is that all of the connected things today that we have, be it a smart refrigerator or a smart edge-ware controller or an air conditioner controller, they’re not secure enough. We have had phishing incidents where the email has been coming from a smart refrigerator. Unless we apply ‘security by design’ then we will continue to create insecure systems, devices and connected things. EMPOWERING SMEs WITH CLOUD SERVICES The IT market is seeing the telecommunication carriers start to offer services and solutions and the model being preferred is open source, but that doesn’t mean generic. The reality is that if you’re an enterprise you are going to look to a partner to package up the open standards which makes it easier to deliver your service. Digital transformation to improve business processes through technology is not just for large enterprises and the real opportunity is in the ability to transform smaller enterprises (SMEs). Cloud is an opportunity but demands from vendors a new way to engage with SMEs. The contribution of smaller organisations to a global market is that they stand on their own in contributing to cloud service revenues. The problem is how to reach the smaller

Singapore Feature

In 2003, a group of the worldâ&#x20AC;&#x2122;s most dedicated scientists announced the completion of a 20-year project to map the entire human genome with 99.9% accuracy. organisations, as carriers realise they need to change how to do business. Be it agriculture to professional services to retail, SMEs are realising they are losing out because they are not working effectively with technology. SMEs represent well over 90 percent of all businesses in Asia. Across 14 countries they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which they are based. They also spend significantly as a group on ICT. While the vast majority of the ICT spend is on traditional communications services such as mobile voice, fixed-line and broadband, the growth is increasingly in cloud, virtualization, remote and applications services. According to analyst estimates, SMEs spent about $2 billion on cloud services in developed and emerging Asia Pacific in 2014, with the growth rate for cloud services for emerging Asia Pacific running at around 42%. But these statistics all appear to underrepresent and underplay both the opportunity and the impact of cloud computing services on the SME landscape across Asia. Reference: Asia Cloud Computing Association, SMEs in Asia Pacific: The Market for Cloud Computing 2015 Over time what we have seen is trust is increasingly challenged and there is no front runner in terms of SMEs trust of their technology service provider. Most small businesses in terms of cloud services are buying on a selfserve basis, but they need assistance. The other problem is the different type of demographics and a largely proportional lag by self-employed and micro businesses. It is even more difficult to reach out to micro businesses. MyRepublic, soon to be the four largest Telco in Singapore, with offices also in NZ, Australia, and Indonesia commissioned a study into what is it that SMEs are looking for from cloud providers and whatâ&#x20AC;&#x2122;s holding them back. The study found that despite initiatives, such as income tax off sets, many SMEs are too busy on a day to day basis to tap into the benefits. The richest and most supportive government in the world is in Singapore and there is funds being made available. There is $500M to offset the cloud adoption, with up to 80% of about 10,000 businesses having benefited, but there is over 200,000 SME companies. Educating SMEs not just about technology but also tapping into the potential grants the government can assist them with. IoT Stress Testing Components Software defined networking is rapidly evolving with edge analytics beginning to extract and optimise the data that is

sent back to the Data Centre for analysis. As an example, for a hotel chain, discovering the many edge points requires consideration to the need for each hotel branch optimisation, from the server and router to single appliances and the capability of collecting the data at each hotel branch. Hotels demand that they operate uninterrupted and with branch optimisation, they should have on premises computing capability and should not suffer any disruption. Transactions will continue regardless if there is a network outage. If there is an outage, the data will be transferred when reconnected. With IoT application metrics, the measures, transactions, analytics, data, and the customer can be set up with rules in different ways. Data will be of a transient nature and the infrastructure is application ready and easy for the customer to switch on or switch off services as required. We have standardised application lifecycle platforms onto the cloud and this can extend all the way to the hotel branch and the users within the hotel. When they login they see a catalogue based on the active directory and what apps, price and allows them to pick and choose apps seamlessly. These conveniences will overcome security inhibitors to cloud adoption. Latency and priority routes remain a big issue and service delivery is at the heart the challenge. Much like we can set aside road traffic for a medical emergency, and same thing is in IoT, so too do we need to have a special route available on the cyber roads and highways which are capable of stopping traffic if necessary. It should form part of the design in the interests of public safety and mission critical system integrity and reliability. With any public system there are those who will seek to compromise it. A case from Johannesburg involved thieves targeting over 400 traffic light sim cards, which had been installed as part of a networked traffic management system. The sim cards were then used to access online services at a cost of $1.2M. Despite with what has been observed and the increasing amount of investment in security, the confidence in CISOs is still relatively low. Many enterprises are still waiting to see if something will happen. The sad part in these cases of security breaches, it is often as a result of inadequate testing. The estimates of the losses is not known for some time and the loss is not immediately known. If there is a cyber-crime where passwords and accounts are stolen, they can be used by multiple groups, multiple purposes and the consequence of the loss can be long and complex. Enterprises need to take active steps to ensure security of their networks. Unless regulators step in to force enterprises to report breaches and the results then it will never be known. HOTTEST TRENDS FOR GLOBAL TELCOS Telcos (Telecommunication Carriers) have all been reporting increases in EBIT and there has been selective movement on specific virtual network functions (VNFs) with the return on investment questions still being asked. Telcos recognise that software defined networking and mission critical use cases are emerging. Enterprises also need to understand who is the cloud provider. Telcos were slow to emerge but now as the type of applications moving to the cloud are becomign more mission critical, and managing multiple cloud environments is

Asia Pacific Security Magazine | 47

Singapore Feature

Guest Speaker: Grant Halloran, Anaplan

required, then the network increasingly becomes important. Mobility has been taken for granted and there has recently been less focus on mobility with it being all but played out. The market is now preparing for 5G and Long Term Evolution (LTE) and the interest is back to B2B to drive revenues. LTE provides significantly increased peak data rates, with the potential for 100 Mbps downstream and 30 Mbps upstream, reduced latency, scalable bandwidth capacity, and backwards compatibility with existing GSM and UMTS technology. The next wave is 4.5 – and from 4G to 5G there will be more connection of everything. Few are talking about 4G standards needing to be ready but others are already talking about 5G. There is a lot of challenge and a lot of opportunity. The term telco may be extinct in 5 years as they may not own everything but they do conduct it. The very nature of the telco business is to connect people. Telcos will still need to innovate and discover what are the new business models and how telcos are going to be involved with what were previously long term capital investments to now needing to be nimble and agile. An example is how BT services the Williams Martini Racing Formula 1 team, by delivering new innovative business level services, on top of offering network services. In Asia Pacific, Colt services high frequency traders and has to deliver ultra low latency transactions and high performance networking capabilities. They use a licenced 100G network service in Japan is now offering terabyte services on the cloud provider side, with the cloud providers and OTTs driving other traffic for enterprises and customer mobile traffic. This follows a massive investment in physical resources and you don’t now need your own dark fibre to get gaming quality exchange. A common need for gaming and content servers is the need for ultra-low latency which needs high capacity networked services. Another driver has been in mining companies, which having lost $10B in market value has seen cost reductions being brought forward. The demand came to replace a third of their operation staff, and in

48 | Asia Pacific Security Magazine

the process mining companies have fast become technology companies. The same trends are being seen in other sectors, such as finance. Media and analysts were briefed across various vendors. Orange recently completed the acquisition of Lexsi through its Orange Business Services entity. Michel Van Den Berghe, CEO of Orange Cyberdefense said “Orange identified cybersecurity as one of its strategic priorities. With this acquisition, Lexsi, the Threat Intelligence Services1 company, bolsters our ability to detect, analyse and respond to the threat of cyber-attacks and positions us as a major player in this field in Europe.” Orange Cyber-defense supports more than 600 companies in France and abroad. Lexsi had more than 400 active customers and 170 experts, including the largest independent incident response team in Europe. Australian Security Magazine was further briefed on Cylance, Menlo, Dell, Ixia and Anaplan. Cylance has developed an innovative way of stopping malware before it ever executes, using a lightweight agent that predicts and prevents cyber threats using artificial intelligence and machine learning. About 3 million attributes of each file is analysed by special algorithms which are updated about twice a year. As Cylance expands beyond its initial Japanese and Australian engagement, the company has signed a further three new reseller partners in the Australian/New Zealand region. Menlo Security announced that the Menlo Security Isolation Platform (MSIP) has been selected by Fujitsu as a key component of its Global Managed Security Service. Fujitsu is combining Menlo Security’s technology with the Fujitsu Digital Business Platform MetaArc, offering gatewaytype solutions that can automatically eliminate the risk of malware infection. Ixia will integrate network visibility across private, public, and hybrid cloud environments by combining the Ixia’s virtual network taps, packet and application flow filtering, Netflow with advanced application identification and geographic location, SSL decryption, and industry leading deduplication capabilities, Ixia’s CloudLens platform provides service providers, cloud providers, and enterprises with unprecedented insight into network traffic in both physical and virtualised environments.

30 August â&#x20AC;&#x201C; 1 September 2016 Melbourne Park Function Centre | Australia Transforming the underlying systems and processes to enable the digital organisation

Delivering key industry and forward-thinking experts:

James Kavanagh Chief Technology Officer Microsoft Australia

Patrick Maes Chief Technology Officer and General Manager Strategy & Planning for Global Technology, Services and Operations ANZ

Emma Whitty Vice President, Information Systems Clough

Arno Brok Chief Executive Officer Australian Information Security Association

Ajay Kumar Dhir Group Chief Information Officer Adhunik Group of Industries

Katherine Squire General Manager, Application Development ASX

Alex Adams Group Head of Infrastructure & Operations, ANZ and Asia Pacific Jetstar

Andrew Clark Vice President Asia Pacific & Global Solution Architect Moven

Nicholas Tan Chief Infrastructure Architect News Corp Australia

Cameron Gough General Manager, Digital Delivery Centre Australia Post

Rainer Rhedey General Manager Information Technology Infrastructure, Operations and Enterprise FairFax Media

Rhys Evans Delivery Manager, NAB Labs National Australia Bank

Andrew Oldaker Chief Technology Officer Melbourne Health

David Carroll Chief Technology Officer City of Adelaide

Andre Bertrand Head of IT Risk and Security SEEK

Bernard Wansink Chief Information Officer Schiavello Group

Mike Brett, General Manager ICT Infrastructure, Department of Human Services Leesa Addison, Chief Information Officer, CPL â&#x20AC;&#x201C; Choice, Passion, Life Julian Dabbs, Chief Technology Officer, Guzman y Gomez Chris Gough, Director of Digital Innovation, Department of the Environment Hartley Olley, Head of Architecture, Governance and Infrastructure, AIA Australia Andrew Hatch, Dev Ops Manager, SEEK

Addressing the biggest challenges facing IT Infrastructure managers:

Delivering effective, enabling and future-proof infrastructure Facilitating high performance, efficiency and agility across the organisation while reducing costs Harnessing the cloud and cloud-based technologies to drive and accelerate innovation Transforming legacy systems to maximise outcomes and meet current and future demands from end-users Underpinning the organisation with secure infrastructure Achieving the ultimate and most cost-effective technology mix Supporting partners:

Catherine Buhler, General Manager, Security Operations, Telstra Helen Robson, Branch Head, Technology Infrastructure, Australian Bureau of Statistics Malcolm Shore, Director, AISA Cybersecurity Academy Rob Stocker, IT Infrastructure Lead, Newcrest Mining Luke Kendall, Technology Manager, CPA Australia

See inside for more...

PLUS! Full day in-depth learning sessions on Thursday 1 September 2016

In-depth Learning Session A Ensuring optimal security across IT infrastructure on premise, in the cloud and in containers In-depth Learning Session B Applying the neuroscience for innovative and effective leadership across IT infrastructure Early Bird Offer Register before 15 July and save up to $500! Register online at www.questevents.com.au or call +61(0)2 9977 0565 Media partners:

+61 (0) 2 9977 0565

+61 (0) 2 9977 0567

info@questevents.com.au

Organised by:

www.questevents.com.au

Singapore Feature

SMART Facilities Management Solutions expo and conference 2016 The field of facilities management is rapidly evolving & Asia is driving the evolution

By Chris Cubbage Executive Editor

50 | Asia Pacific Security Magazine

he SMART Facilities Management Solutions Expo and Conference 2016 addresses a fast growing demand for facilities management (FM) services across Asia. The three-day trade show featured 40 exhibitors from around the world, including Australia, Hong Kong, India, Indonesia, Japan, Malaysia, Netherlands, Singapore, United Kingdom and the United States. With the advent of new technologies and smart building solutions such as IoT the complexity of the field has grown at the same time as an integrated environment. Industry leaders gathered at the conference to share ideas, best practices, and exchange expert knowledge on areas covering sustainability, manpower, smart energy and asset management, as well as the management of social, leisure, productivity and security management of facilities, to some 160 delegates. Ms. Fong Siew Han, Director of Infineon Technologies Asia Pacific, said: “The Facilities Management Conference was a wonderful platform for both practitioners and researchers from the industry and academia to meet and share the latest developments on FM for the built environment sector in Asia. Key themes carried discussions on ‘Innovative

Energy Management’, as well as Workplace Safety & Health for Facility Managers; Advancing Responsible Business Practices in Land Construction; Real Estate Use and Investment; Using IoT to Generate Real Building Savings; A Look at Sustainable Energy in South East Asia; and Energy Management: Smart Data Centres and Green Energy. A key highlight of this conference was a regional focus group Session on ‘Challenges & Opportunities for Facilities Management’ with a dedicated collaboration between Bangkok’s Chulalongkorn University, the National University of Singapore, and Universiti of Teknologi Malaysia, the session connected relevant decision makers and the academia with a view towards future development. Professor Abdul Hakim bin Mohamed, Chairman of the regional focus group session and Dean of Geoinformation and Real Estate, Universiti Teknologi Malaysia, said: “The formation of the ASEAN Economic Community (AEC) is a game-changer for the FM sector. Collectively, the AEC is the seventh largest economy in the world and is the world’s third largest market base behind only China and India. The respective universities play a part in highlighting the vast opportunities

Singapore Feature

availed by the AEC that both academic institutions, organisations and industry professionals can tap into. The trade exhibition featured key profiles focusing on four main sectors: Mission Critical facilities; Leisure and Tourism facilities; Transport and Public facilities, as well as Building and Infrastructure facilities. In addition, the trade show further incorporated four key segments in Energy Management, Security Solutions and Air Conditioning & Mechanical Ventilation (ACMV) and Environmental Management, making it the most comprehensive and focused trade platform in redefining SMART facilities management. Emerging technologies included ensuring operational continuity, managing the complexity of buildings, merging legacy buildings and systems with facilities expansions, energy management systems, maintaining aging infrastructure, improving reporting and compliance in an integrated facilities management environment, including an insight into Deloitte’s head office building in the Netherlands, named the ‘Edge’. For those with interests in Facility Management, the future of the profession looks challenging and broad. India represents a significant market, with the ASEAN region collectively expected to continue to modernise rapidly into the next decade.

The very theatrical Professor Sekhar Kondepudi, Associate Professor, Department of Buildings and Director of Smart Buildings, Smart Cities & IoT Lab at National University of Singapore

Travis Casuscelli, CEO of Vision Technology, based in Queensland, took advantage of our free entry to SMART Facilities Management Conference

‘A key highlight of this conference was a

National University of Singapore, and

regional focus group Session on ‘Challenges

Universiti of Teknologi Malaysia, the session

& Opportunities for Facilities Management’

connected relevant decision makers and

with a dedicated collaboration between

the academia with a view towards future

Bangkok’s Chulalongkorn University, the

development.’

Asia Pacific Security Magazine | 51

Introducing the Security Fabric The connected world has gone through more transformation in the past two years than it has over the past two decades. Organisations now allow their workforce to bring their own devices into the work environment, posing myriad security risks as they do. Companies are also investing in connecting never-before connected products to the Internet of Things, such as fridges, ovens, cars and smart toys, each of which brings a new set of risks to the business and consumer. Each of these new devices adds to the attack surface since they invariably have not been designed with security in mind and testing is forgone for expediency to market. Security companies, such as Fortinet, have needed to catch up fast to keep up with the threat evolution, which is why Fortinet’s Security Fabric has come about. The Security Fabric integrates technologies for the endpoint, access layer, network, applications, data centre, application content and cloud into a unified security solution that is orchestrated through a single management interface. This allows their technology to rapidly assimilate threat information, using standards such as STIX and TAXII into actionable intelligence that security analysts can use to address these threats. At the heart of Fortinet’s success, they have evolved their technology to ensure that visibility is critical to operational success – this is often cited in the opsec domain as situational awareness. Nevertheless, very few organisations gain this insight into what’s going on in their enterprise, hence leaving them unable to counter an attack in any meaningful timeframe. Some studies have suggested that intrusions go undetected for as long as 200 days before security teams start to work on eradicating them, and when it only takes a few seconds to rip off an entire customer database, time is of the essence. FortiGuard’s threat research lab communicates directly with Fortinet’s Security Fabric, providing: • The Threat Intelligence Exchange: Sourced from the Cyber Threat Alliance, where leading security vendors have come together to share threat intelligence, Fortinet provides a rich and comprehensive threat intelligence feed to their customers.

52 | Asia Pacific Security Magazine

•

Fortinet threat researchers: Fortinet’s team of security researchers provides deep investigations into emerging threats and vulnerabilities in order to provide organisations with thorough and actionable security intelligence. Live feeds from Fortinet solutions: Fortinet also has millions of devices installed in client environments around the world that detect and pinpoint threats and malware in order to provide real-time threat information.

Fortinet’s advanced sandboxing technology allows their customers to test any suspicious code or URLs that come into their environment using a separate, secure environment to make sure the simulation is complete while still keeping customer safe. FortiSandbox provides a combination of detection, automated mitigation, actionable intelligence and ease of deployment that can help prevent even the most insidious of targeted attacks, operating as a key component of their Advanced Threat Protection framework.

Editor’s interview with Derek Manky, Fortinet’s Global Security Strategist, based in Vancouver. (Editor) How long have you been in this role? Derek: I started with Fortinet in 2004, initially working as a threat researcher in security strategy, so my team and I bridged the gap between the research we were doing and industry partnerships. I have been doing that for the last five years. Tell me about your teams and what they do. Derek: We have teams all over the world, from Paris to Malaysia and right across to Sunnyville, California. Our primary research and development centre is located in Vancouver and we also have a team based in Singapore, covering the whole of APAC. Hackers know about our technologies and are always trying to get around the sandbox, so any new product that comes out on the market is immediately under attack. Nevertheless, we have an advantage, since Fortinet’s products and security engines have all been built from scratch, and whilst we acknowledge that we are never going to build something that is completely bulletproof, if there is something that gets through the cracks we can identify it quickly through our invasion techniques. Our researchers sit right beside our developers, so that they can issue a technology fix, usually in the form of an engine update, that is pushed out to our 250,000 customers, as soon as it’s ready.

We use automated systems: for each antivirus team or IPS team and we have operational teams that do intelligence definitions and updates, as well as machine updates. We also have a Q & A team making sure we detect everything we should be detecting. Our research team focuses on threats, while our technology development team build honeypots, for example, looking for zero day threats. In our SOCs we have around 200 people globally, that includes researchers and operational analysts. That doesn’t sound like a lot of people. Derek: For a SOC, it is a lot of people. Our employees are not like those in your typical SOC. These are pure Fortiguard experts, reverse engineers, people who are living, eating, and breathing hexadecimal code and looking at attack patterns. What kind of scenarios do you think should concern Governments? What types of attacks are you predicting and on what scale? Derek: Public infrastructure, for sure will be a target for attacks, as well as anything from the oil, gas and energy sectors. Healthcare is also a major target, where attackers target medical records. However, IOT devices and other connected or embedded devices are of grave concern. We have two scenarios: the doomsday scenario, were there is a premeditated attack, such as the example we saw in South Korea, where the destructive power of the DarkSeoul malware wiped hard drives from back-end connected systems. We might also see a targeted attack scenario play out because of political movements, but also, as I said, typical attacks happen in two stages: they start wide, like a fishing net, just tinkering and playing, seeing what they can find; but once they discover a high-value target, such as a government domain or an IP address associated with a government server, they go after it with targeted, crafted attacks. Are you seeing threat groups putting all this together? ISIS springs to mind, but are there others? Derek: Yes, absolutely. We actually do a lot of research on the Darknet where we see a lot of communication. Are you seeing trends in the chatter? Derek: Yes, this is ongoing. A lot of the communications are encrypted, which causes problems. Encryption is only as good as the

Gardens by the Bay, Singapore tool it supports: it can be used for good or evil, which I call mal-cryption, so even a lot of encrypted services, like telegram, as well as chat protocols, can be used to hide communications for the purposes of cyber terrorism, warfare or crime. I don’t believe the answer is to go after just one technology, it’s almost a game of ‘whack-a-mole’ as you take something offline, they are going to develop other methods of communication. I heard that ISIS is handing out, “How to” guides on how to avoid surveillance. Do you pick things like this up from WhatsApp, for example? Derek: Again, there is no silver bullet. If you infect the client, you are still getting a raw deal. It’s like PCI compliance and transaction payment processors. PCI compliance goes as far as you putting the credit card in. It does its processing transaction, encrypts it and you are compliant. However, and we have done a lot of research into this, where point-of-sale malware is stealing credit card data in memory before it’s encrypted, it’s always going to be an effective attack. Have you seen much in the way of connecting CCTV devices from public networks back into government systems?

serial cables. Now we are using protocols of convenience and are modifying everything to run over IP networks.

speak it, analyse it, and put it into action, so there’s a lot more that has to be done to make it actionable.

So, do you brief your clients about imminent threats?

Oasis are helping set a lot of these standards. Where did they come from?

Derek: Yes. I am dealing a lot with CIO and CSO executives, as well as doing a lot of keynote talks in the industry to develop this kind of engagement. It’s all about how to get the message across about security threats and what they can mean to businesses.

Derek: Oasis have been around for a while; they just took over a bunch of projects from the DHS.

If systems were built as secure by design, then we shouldn’t have to worry about regulations later on. What do you think? Derek: There is an interesting concept within the threat intelligence community of a middle ground, between the traditional SIM and multisoftware solutions being introduced that are basically middleware CTI platforms. These are using protocols such as STIX and TAXII and can consume threat intelligence feeds and churn through them and pass back to the SIM, doing the heavy lifting for people that don’t have API development experience.

So, who is doing that and is it part of the Cyber Security Alliance? Derek: We are trying to focus on specific campaigns working with multiple vendors in the Cyber Security Alliance. That is how we are getting the security vendors to team up. So considering security by design, are we still not getting it right? Derek: Definitely not, no. Thanks Derek. Derek: You’re welcome.

Can you tell me more about STIX and TAXII? Derek: That is a trend we are seeing. Everything that was traditionally air-gapped is now becoming connected. If you look at critical infrastructure and SCADA systems back in the day, everything was hardwired through

Derek: STIX and TAXII are the data structures used for defining threat intelligence, where STIX is the language and TAXII is the transport. Once you get the language, you have to be able to

Asia Pacific Security Magazine | 53

Fortinet Gala Dinner, S.E.A Aquarium, Sentosa Island, Singapore

Editor’s Interview with Darren Turnbull and Jon McGettigan from Fortinet (Editor ) G’day, Darren and Jon and thanks for speaking with us today at the Fast & Security Conference in Singapore. Can you give our readers a quick overview of Fortinet’s latest news in Australia and New Zealand? Jon McGettigan: We’ve had strong success across this market in New Zealand, mainly through managed services providers, especially in education and government sectors. We’ve focused mainly on managed services, a large proportion of our revenue, especially in New Zealand, comes from these kinds of customers, so we wanted to replicate that more mature approach to the market to drive success in Australia. Our first goal was to hire an additional 80 or so people, raising the headcount from 24 to around 100 people across all aspects of the business. Obviously, Fortinet’s market share is relatively low in Australia compared to the rest of the world, so our goal was also to grow our revenue and extend coverage and support. Just looking at the local market, you guys are up against the likes of Cisco and Checkpoint. Darren: Depending on which analyst you believe; we are in roughly 6th place.

54 | Asia Pacific Security Magazine

That’s not where Fortinet would normally be. Elsewhere you are in the top four, so how does that stack up? Jon: In New Zealand we are number 1. In Malaysia we are also number 1. In fact, in a variety of markets all around the world we are the number 1 security provider, especially across European nations. The position in the local market is simply due to market maturity. When you have a change of tactics and a different approach to the market, the shift doesn’t occur in the first year, but comes in time. Last year we grew by 30%, which was a good result. In Q1 of this year we grew by 54%, which we attribute to our creating a team that actively services the local market. We now expect that growth trajectory to hold steady going forward. In which part of the market do you see the most traction? Darren: For us, it was in the enterprise sector. We weren’t that strong in enterprise previously, here or in other regions. However, we don’t only look at one market – we are strongly targeting a variety of markets, such as retail, as well as the enterprise and government markets. What has hampered Fortinet’s success in the Australian market?

Jon McGettigan: The problem was that the team hadn’t grown large enough, quickly enough. The team simply hadn’t put forward the business case as to why investment in this market was needed. Why do we need to grow? This meant that they didn’t have the coverage we now have: not enough engineers, sales people or researchers to support growth. The reality is that Fortinet was being savvy enough to see the opportunity and understand it was the correct move for the region. Through our organically grown team, we are now starting to see signs of success in this growth. Can we expect the launch of an Australian academy? Jon McGettigan :Absolutely. I found out about the academy just after the press release. I was in South Australia at the time, working with one of our partners, consulting with the South Australian government, trying to generate growth in the job market. They have a massive unemployment issue in SA, especially in manufacturing, at the moment. There are three universities in Australia that are interested in how this academy model can be rolled out. In the U.S. they are used to this kind of approach, so it’s a model that has proven successful. With the launch of the Australian Government’s Cyber Security Strategy,

Cyber Security this could tie in nicely with the idea of the academy.

Do you have any major partners in Australia that are offering APT services?

Jon : There is real potential here and we’ve been considering this for a few years. There is a shortage of skilled cyber security professionals everywhere, but in particular in New Zealand and Australia. That is why the managed services industry has an opportunity to do something about this issue.

Jon : This is an area in which we are starting to see some growth. So we will have our first one deployed in New Zealand in about a week.

Are you seeing any different cyber-attack trends in Australia? Jon: No. Australia is certainly experiencing a lot of attacks, like the US, especially in the healthcare industry. If you’ve been following the news in Victoria, concerning the issues they had in Victoria Health, you’ll see just how bad this problem is. We are working closely with Victorian healthcare departments on sandboxing projects and I think in general, Australia is a target, so we really need to protect our assets. Tell me more about the sandbox. Darren: The sandbox needs to know who its customers are by registering them. Customers can send malicious content into Fortiguard and get an accurate in-depth signature that can be propagated across our global customer’s installation base. It really depends on whether it’s a targeted piece of malware or whether it just happens to be the first time we’ve seen it. Extracting bad content from networks is what the Fortiweb appliance can do, but putting that intelligence to work is all about finding out something that is malicious: I’ve found a bad thing, so what am I going to do with it? We can transition from detection to a formulated signature in just two minutes, already in your network, defending your devices. Fortinet believes that reducing that window to as short a time as possible is key. Darren, digging into the technical side of malware analysis, are all your clients creating one localised signature per malware? How does it feed back to the threat matrix? Darren: It depends on how you configure things. What can happen is that you get a piece of malicious content locally and it is validated against the core database and we already know about it. If we don’t know about it, it can generate another signature, as a simple hash that gets pushed out to all the devices and registered on the sandbox. This means all devices have the same level of protection.

Who is that with? Jon: We can’t really disclose that. However, I can tell you that we are seeing significant interest in it. Darren: Many companies struggle to justify buying a sandbox solution themselves, so we can offer this from the cloud. This is built in our own private cloud and customers would receive the service through an MSP, offering another revenue stream for that channel. The maturity of Australian MSPs is at least 18 months behind New Zealand, with some regions in Queensland being as much as two years. It’s not about securing the service; it’s more about providing security-as-a-service. This is where they start to make a lot of money and drive significant margin, along with offerings that are sticky with their customers. I suppose it comes back to working with organisations such as AusCERT. Can you give our readers your perspective on that for Australia and New Zealand? Jon: In the past, Darren’s team has had quite a lot of involvement with Derek Manky, Fortinet’s Global Security Strategist. Darren: We find that everyone wants to share the threat intelligence but they don’t actually know what that means. We are working closely with NATO to provide threat intelligence to the 28 NATO countries, looking at what is happening in those regions. We don’t actually know what NATO is doing with that information and we probably wouldn’t want to know. The real challenge for us is finding a way to make the sharing of threat intelligence a symmetrical relationship: I tell you something, you tell me something. This can be a difficult balance to achieve, as there are certain agencies that will not be divulging their information in this way, so the relationship is not so symmetrical. Is that part of the Cyber Security Alliance? Darren: Yes. There is a barrier to entry, though. You want to know about new threats that haven’t been seen anywhere else. This is one of our feeds into the main Fortiguard knowledge store. From there, we determine how best to

use it. However, that is our “big data” problem. We take the information and crunch it into our Fortiguard services and bundle it up to push out as actual threat intelligence into the products in the market. While we get some information from agencies that is of questionable quality, we don’t take it at face value. Instead, we look at the IP addresses and ask, are these malicious? Why are they malicious? Have we seen this before? Then we can take action. There is always a validation process. Is that coming from the member community and would you validate it together or individually? Darren: Absolutely, it would be both. As part of the validation process, we need to create protection, understanding that our engine works differently to other vendors’. Is that process working well? Darren: Yes. While there is a general desire to be the first to market, which is what you might expect, in terms of sharing threat intelligence, this is working very well. Better than I expected it to be, to be honest. There is a realisation that this is a serious subject. We get 300,000 samples a day. There is a huge amount. What about zero day threats? Darren: We do our own research and have a dedicated team who focus on zero day threats. They are ring-fenced for doing just that. To date, they have identified around 300 zero day threats, some of which we talk about and some is just part of the research we do. You’ll see some of that published on our blogs, for example. We have a strict policy that we won’t disclose a zero day vulnerability unless the vendor has been informed and a patch has been released. What trends are you seeing in ransomware? Darren: Ransomware is a massive problem at the moment. In APAC, it’s grown by almost 500%. It’s all about getting money, right? What has helped is having a currency that cannot be traced – i.e. bitcoin – as you can now get the money without being caught at the bank. This has allowed this new capability to be created, which people exploit – there are a lot of very smart people in the world. Thanks for your time guys, much appreciated.

Asia Pacific Security Magazine | 55

Available online!

10110

55003/

Y’S NTR

AND

ENT

RNM

OVE

DIN

LEA

ATE

POR

ZIN

AGA

URIT

SEC

ed PP2

Approv

See our website for details ma

lian

sec

urity

Safe

.a www

Post

alia

nsec

uritym

agaz

r er fo fronti tion New lobalisa the g rrorism of te $8.95

INC.

GST

ine.

com

.au

arch

Feb/M

2016

r Cybe y rit secu sea at

Time Tech

: ature ial fe RUM spec NELS FO

nal natio ar, in Inter ASIS nual Sem, USA An aheim An

State ACA th tics IS , Per e tac kingference c n defe ce hac Con f o Ring to redu

ustr

ss sine g bu -high Takin rity sky u sec

Citie

55003/

d PP2

Approve

RNM

OVE

DIN

LEA

N COU

.au

ov 20

10110

s utive ch E u AZIN exec MAG ITY Why to be m CUR d E SE e e n hier ORAT ORP C c ND mu NT A THE

Oct/N

rity in Secu ment, rn Gove anberra C

of cult The ware the a

’S TRY

ne.c

URE

FEAT RISIS t LS C men SKIL le an e hum ation e h T form in in ction prote

THE

gazi

S P UP w.a WRA ww al ENT ation e, L EV N IA A C AIS nferenc e SPE Co ourn Melb ra ust

R CO

Post

Time Tech

n satio III icali Rad s – Part ria y s S e Prodc over d anlysis Cloupara g Teht ehackin e n ris inter on the

1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE

erl Cyb

lys HAN CanHaNOLOGY C TEC

Get each print issue per year for only $88.00

e chTim er-Te 2016 l Cyb ictions d Time Tech curity Pre Se

$8.95

INC.

GST

SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, (1 year). ☐

AUSTRALIA

88.00

(inc GST)

1 YEAR

☐

INTERNATIONAL

158.00

(inc GST)

1 YEAR

Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag)

No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.

Go to

www.australiansecuritymagazine.com.au/subscribe and fill in our subscription form online. Dont miss an issue! Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)

56 | Asia Pacific Security Magazine

PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155

FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059

Email subscriptions@mysecurity.com.au

GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056

Within TechTime you will find the very latest information, news and products from a wide variety of security industries, ranging from cameras, computers, software and hardware.

AirCheckâ&#x201E;˘ G2 Wireless Tester

To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au

Latest News and Products Asia Pacific Security Magazine | 57

Cyber TechTime - latest news and products

Symantec announces encryption everywhere Symantec Corp has announced the availability of Encryption Everywhere, a website security package available through web hosting providers. Encryption Everywhere lets web hosting providers integrate encryption into every website from the moment it is created. With the new web security service, hosting providers can offer a variety of flexible options, including basic website encryption included as part of any hosted service, and a number of premium security packages with increasingly stronger levels of website validation, protection, and trust seals. Encryption Everywhere was developed to support Symantec’s goal to secure 100% of legitimate websites by 2018. “There are almost a billion websites today, yet only about 3% of those sites are encrypted, which means cybercriminals have been able to make a good living off of the web’s lack of security,” said Roxane Divol, senior vice president and general manager, Website Security, Symantec. “Symantec is about to change the game for cybersecurity with Encryption Everywhere. It’s time to secure every legitimate website and win back security on the internet for every business and consumer. That’s why Symantec is making it easy to secure any website from the very moment it is registered or renewed, starting with free, basic encryption all the way through to complete website security solutions.”

According to the Norton Cybersecurity Insights Report, two-thirds of Australian consumers (66%) believe they’re more likely to have their credit card details stolen online rather than from their wallet while shopping and nearly half (47%) of global respondents reported they have been a victim of a cyberattack. Symantec’s Internet Security Threat Report also cited 78% of websites have vulnerabilities, and over one million web attacks were blocked daily in 2015, up 117% from 2014. In addition, Google and other browsers have announced they will push unencrypted websites down in search ranking results. Websites that want to remain viable will need to at least use basic encryption by 2018. Encryption Everywhere encrypts 100% of customer data shared on a business’s website, giving businesses of any size precious brand trust and providing consumers with the confidence that the information they share is protected and will reach the intended recipient. “Many people believe that keeping to well-known, legitimate websites will keep them safe from online crime. This is not true,” said Nick Savvides, Manager, Cyber Security Strategy, Asia Pacific and Japan, Symantec. “Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because businesses are failing to adequately secure their websites.”

Encryption Everywhere makes it easy to secure any website from the time it’s registered or renewed. Many web hosting providers will integrate basic encryption with every website. For more customised options, the user can simply click on the preferred Symantec security products offered by their web hosting provider. Web hosting providers can now offer a complete security solution to their customers from one of the most trusted and recognised brands in cybersecurity. Encryption Everywhere is the first security solution that gives web hosting providers an upsell opportunity to bring in new revenue streams without incurring a burden to their infrastructure, sales processes or administration teams. About Symantec Symantec Corporation is the global leader in cybersecurity. Operating one of the world’s largest cyber intelligence networks, the company sees more threats, and protects more customers from the next generation of attacks. Symantec helps companies, governments and individuals secure their most important data wherever it lives.

PwC Crime Survey – Australia’s a number one target - Comments from Brisbane-based IT expert Computer One PwC has released its Global Economic Crime Survey for 2016. And the situation for Australia is pretty alarming as our country has been identified as a ‘top hotspot for cybercrime’. According to the survey, more than one in 10 Australian organisations report losses of more than $1 million each in the last two years. To make things even worse, the report says that only 42% of Australian organisations have a fully operational incident response plan, and

cybersecurity audits to both Australian and multinational companies, and has become an expert at providing organisations with proactive security solutions and strategies. And this is the message he would like to share with Australian organisations worried about cybercrime: “There are at least 15 major channels for data to leak out of your organisation. If you don’t have a plan to mitigate risk in every one of

the difference between a GP and a surgeon.” “Cryptolocker showed us that every company can be a victim of cybercrime, no matter how mundane the industry. It doesn’t matter whether or not the hacker thinks your data is important – if YOU think it’s important then you are a good target.” “Only by being proactive about protecting their assets does an organisation have a chance to avoid being the victim of a major breach.”

only 40% organisations think that their first responders are fully trained. James Walker, Founder and Managing Director of Brisbane-based IT outsourcing company, has been working in the IT industry for more than 20 years and have never seen cybercrime being so organised and powerful. As part of its operations, Computer One provides

them then you are simply passing time until you lose your intellectual property.” “Security is now a sub-set of IT Management that requires a specialist approach. The tools require specialist training. For example, the hackers’ methods need to be studied in detail and there’s more at stake than ‘business as usual’ processes. In a way, it’s like

“Your brand can be valued as the sum total of all the profit you will make in the foreseeable future simply, because of the trust that is placed in your products or services. Imagine the impact of a breach of that trust on your brand – that’s how much it is worth to have your data protected.”

58 | Asia Pacific Security Magazine

Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Cyber TechTime - latest news and products

Norton Survey reveals Australians overlook security risks on mobile apps for IoT devices Norton by Symantec has released survey findings from more than 5,000 consumers from Australia, the USA, UK, Canada and Japan about consumer fears associated with the changing ‘connected world’ and the proliferation of the Internet of Things (IoT). The survey reveals adoption of the use of mobile apps to control connected devices is highest in Australia, with almost two-thirds (63 percent) of the Australian respondents using at least one mobile app to manage their finances or control connected devices such as home entertainment systems, fitness trackers, baby monitors, cars, home entry systems, light switches and smart home appliances. Despite the high adoption, many Australians overlook the endless array of security weaknesses that may be present in managing IoT devices from mobile apps. For example, more than one in four Australians (28 percent) say they would feel secure using a home entry app that allows them to open the door remotely for friends and family, while they are away from their home. In addition, two-thirds of Australians (66 percent) do not have security software on their smartphones and almost a third (33 percent) choose not to have a password or pin on these devices [1]. While more than half of respondents globally (56 percent; 61 percent in Australia) say the prospect of their financial and banking information stored on their phone being hacked is upsetting, for nearly 10 percent of smartphone users around the world (seven percent in Australia), say there is not a single thing a hacker could take from their phone that would upset them. This includes text and voice messages, pictures and videos, mobile app-controlled home security cameras and appliances. “There is a general lack of security awareness amongst consumers when it comes to managing IoT devices from mobile apps. Getting hacked is not something consumers worry about with the devices they use to monitor their children, lock their front doors or manage their entertainment systems,” said Mark Gorrie, Director, Pacific region, Norton by Symantec. “Most of the research into attacks on IoT devices has focused on attacking the device directly, but there is another way these devices are at risk: many IoT devices are controlled by mobile apps and by not protecting these apps, Australians are leaving the door wide open for hackers.”

Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

In 2015, Norton by Symantec scanned approximately 11 million Android apps in its database. Of these apps, 3.3 million were identified as malicious and a further 3 million apps had potential privacy or intrusive behaviours. These apps can send sensitive information from your phone, including account and device details, browser history, location and call logs from the device without encryption. The intrusive behaviours include adding browser favourites, putting up big banner ads, or changing desktop images or ringtones. “The solution is not to panic, nor is it to stop using these devices. Mobile apps and IoT devices aren’t going away but there are some simple, best practices Australians can adopt to keep their IoT devices and mobile apps secure,” added Gorrie. Protecting Mobile Devices Use a reputable mobile security app. Norton Mobile Security pre-scans apps and identifies potential vulnerabilities before downloading Android apps. You should know what you’re downloading before it is on your device.

Download apps from official app stores. Third-party app stores may not put apps through the same rigour as official app stores such as the Google Play Store or Apple’s App Store. Be mindful of app settings. Beware of apps that ask you to disable settings that protect you from installing unsecure apps. This makes your device more vulnerable and opens you to attacks. Protecting IoT Devices Keep the device current. Make sure you install the latest updates on your device, whether automatically or when sent from the manufacturer. Protect the device. Set strong and unique passwords on these devices. Use a combination of at least eight letters, numbers and symbols. Secure communications between the device and network. Protect the communication shared between your device and network by using encrypted communication on your home Wi-Fi (like WPA2) to connect the device. Better yet, use a hard-coded network connection, such as a LAN connection. If you have a feature on your device you don’t use, turn it off.

Asia Pacific Security Magazine | 59

Cyber TechTime - latest news and products

CrimTrac selects NEC to provide national facial recognition and fingerprint matching capability NEC Australia has been selected by Federal Government agency CrimTrac to deliver a national capability for multi-modal biometric identification. CrimTrac, the national information-sharing service for Australia’s police, law enforcement and the Department of Immigration and Border Protection, has awarded NEC Australia the contract to deliver Biometric Identification Services (BIS) in 2017, and ongoing management and support services for 5 years following. The BIS project will deliver a national solution for facial recognition, transforming Australian law enforcement and national border security agency capabilities in fighting crime and protecting the Australian community. Specifically, NEC’s facial recognition technology will assist policing for the purposes of identification, linking and solving crimes, and rapid identification using mobile capture devices, and will further enhance national border security. Facial recognition offers a number of advantages over other biometric modes, such as identification at a distance using recorded video footage and images, as well as real-time identification capabilities. CrimTrac has selected a proven platform that leverages NEC’s global expertise in

60 | Asia Pacific Security Magazine

designing and deploying multi-modal biometrics in law enforcement and border security. NEC’s fingerprint and facial recognition technologies are used by more than 1000 customers in over 40 countries worldwide, including the Northern Territory Police. NEC has ranked first for accuracy and speed in three consecutive facial recognition annual benchmark tests conducted by the U.S. National Institute of Standards and Technology (NIST). “NEC Australia was able to offer CrimTrac a proven solution through our global partnership with the NEC Biometrics Centre of Excellence in Sacramento, California. Our proven solution is based on a state-of-the-art multi-modal biometrics platform that NEC developed for the US market,” said NEC Australia Sales Director Chris Korte. The platform will replace CrimTrac’s National Automated Fingerprint Identification System (NAFIS), and make better use of already captured biometric data, such as existing police databases containing up to 12 million facial images and 6.7 million print sets. NEC Australia’s implementation of BIS will also enhance CrimTrac’s traditional biometric modes for identification including fingerprint, palm print and foot print data. The BIS project

will lay the foundation for CrimTrac to integrate additional biometric modes in future. NEC Australia’s BIS project with CrimTrac is an important milestone in NEC’s global mission to orchestrate a brighter world by collaborating with partners to create a sustainable earth, safer cities and public services, efficient critical infrastructure, and a prosperous, equal, and active society. About NEC Australia NEC Australia is a leading technology company, delivering a complete portfolio of ICT solutions and services to large enterprise, small business and government organisations. We deliver innovative solutions to help customers gain greater business value from their technology investments. NEC Australia specialises in information and communications technology solutions and services in multi-vendor environments. Solutions and services include: IT applications and solutions development, unified communications, complex communications solutions, network solutions, display solutions, biometrics, research and development services, systems integration and professional, technical and managed services. For more information, visit NEC Australia at au.nec.com

Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Cyber TechTime - latest news and products

Double-Barrel Ransomware and DDos Attack in-one KnowBe4 has issued an alert on a malicious new trend in ransomware. Instead of “just” encrypting data files on a workstation (plus any network drive it can find) and locking the machine, a new variant of the Cerber ransomware is now adding a DDoS bot that can quietly blast spoofed network traffic at various IPs. This is the first time DDoS malware has been bundled within a ransomware infection. It means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim. Two attacks for the price of one (and two ways cybercriminals can make money off victims). KnowBe4’s CEO Stu Sjouwerman noted, “Adding DDoS capabilities to ransomware is one of those “evil genius” ideas. Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. It looks like this is the first case where a cybermafia has bundled ransomware with a DDoS bot, but you can expect it to become a fast-growing trend.” Discovered by Invincea, who said in a website post: “The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive.” The attackers use Visual Basic to launch a file-less attack, and most antivirus and “nextgen” antivirus vendors are completely blind to file-less attack methods. Consequently, they are unable to see this until it has been dropped on the disk. At that point scanners can find it, and many do, but often that’s too late. Sjouwerman advised, “The sample Invincea analyzed is being detected by 37 out of the 57 antivirus engines on VirusTotal, but the next sample will be invisible for a few days so do not count on your endpoint anti-malware layer 100%, as that will provide a false sense of security. The attachment relies on social engineering the employee to activate the Macro feature in Office, which then executes a malicious VBScript that downloads and runs the malware.” The ransomware is executed first, which encrypts the user’s data and then blocks their access to the computer by locking the screen. After this sequence, a second binary called 3311.tmp is launched into execution and starts sending a large amount of network traffic out of the infected computer.

Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Many people get infected with ransomware but some are able to restore from backup. By adding a DDoS bot to the ransomware payload, these cybercriminals create a twofor-one and can squeeze network traffic out of non-paying victims and use it as another criminal revenue stream. KnowBe4 offers up eight ways to address it, in addition to weapons-grade backup: 1) From here on out with any ransomware infection, wipe the machine and re-image from bare metal. 2) If you have no Secure Email Gateway (SEG), get one that does URL filtering and make sure it’s tuned correctly. 3) Make sure your endpoints are patched religiously, OS and 3rd Party Apps. 4) Make sure your endpoints and webgateway have next-gen, frequently updated (a few hours or shorter) security layers. 5) Identify users that handle sensitive information and enforce some form of higher-trust authentication (like 2FA). 6) Review your internal security Policies and Procedures, specifically related to financial transactions to prevent CEO Fraud. 7) Check your firewall configuration and make sure no criminal network traffic is allowed out. 8) Deploy new-school security awareness training, which includes social engineering via multiple channels, not just email. Since

phishing has risen to become the #1 malware infection vector, and attacks are getting through company filters too often, getting users effective security awareness training which includes frequent simulated phishing attacks is a must. For more information visit: www.knowbe4.com About KnowBe4 KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, KnowBe4 was created by two of the best known names in cybersecurity, Kevin Mitnick (the World’s Most Famous Hacker), and Inc. 500 alum serial security entrepreneur Stu Sjouwerman, to help organizations manage the problem of social engineering tactics through new school security awareness training. The company maintains a top spot in the Cybersecurity 500, the definitive list of the world’s hottest and most innovative companies in cybersecurity. More than 4,000 organizations use KnowBe4’s platform to keep employees on their toes with security top of mind. KnowBe4 is used across all industries, including highly regulated fields such as finance, healthcare, energy, government and insurance.

Asia Pacific Security Magazine | 61

TechTime - latest news and products

NETSCOUT introduces AirCheck G2, the industryfirst, handheld, wireless, network tester solution NETSCOUT SYSTEMS has launched the next generation of the AirCheck Handheld Wireless Tester. This industry-leading tool is available through NETSCOUT’s recently launched CONNECT360 global channel partner program, and includes important new enhancements, such as troubleshooting and diagnosing WiFi networks built using the increasingly adopted 802.11ac standard, access point backhaul testing, and free access to the Link-Live Cloud dashboard for more effective results management. “NETSCOUT is very excited to be releasing the AirCheck G2, which arms technicians with easy-to-understand insights to 802.11ac wireless networks that help reduce costly escalations,” stated Michael Szabados, chief operating officer for NETSCOUT. “The AirCheck G2 sports a sleek new look designed with the same quality engineering our customers and the marketplace have come to trust. NETSCOUT is a firm believer that wireless network edge technologies, such as 802.11ac, will play a pivotal role in the evolution of the Internet of Things (IoT) and other industries that require ubiquitous reach and mobility. NETSCOUT’s value proposition has been anchored around helping customers gain the real-time operational intelligence and insight necessary to ensure a high-quality end-user experience, and this new tool embodies this focus by providing front-line technicians with the capability to effectively troubleshoot issues that can impact WiFi network performance.” The NETSCOUT AirCheck G2 wireless tester is a powerful tool designed to enable front-line IT to quickly and easily identify issues responsible for spotty connections, dead zones, and slow speeds, as well as locating rogue access points and unauthorised devices. This functionality is ideal to support installation and troubleshooting of IoT wireless edge infrastructure for applications, such as the testing of the wireless infrastructure that supports patient monitoring for healthcare, industrial IoT, personalised and immersive experiences for retail, smart buildings and smart homes. This easy-to-use handheld tester provides technicians with a broader range of detailed insights into the wireless network than is currently available using freeware applications or other commercially available software packages. The AirCheck G2 comes with free access to a Link-Live Cloud Service, a centralised management, collaboration and

62 | Asia Pacific Security Magazine

archival workspace for network connectivity test results. Link-Live provides greater job visibility, project control and fleet management for larger distributed environments and also works with the LinkSprinter™ and LinkRunner™ AT. New AirCheck G2 enhancements include: • 802.11ac 3×3 radio to support nextgeneration wireless initiatives • Link-Live integration for collaboration, reporting and results management • 5” touchscreen display for improved easeof-use • Ethernet tests for AP backhaul verification “NETSCOUT has clearly hit a home-run with the AirCheck G2. Not only is it a perfect replacement for the venerable generation one AirCheck, it comes packed with features that will make it the triage tool of choice for WiFi professionals everywhere. In addition to the 802.11ac and touch screen functionality, NETSCOUT raised the bar by integrating wired testing directly into the unit – a must have for not only RF Designers but Access Point installers,” explained Sam Clements, mobility practice manager at Presidio, a leading US-based IT solutions provider offering consulting, professional services, and cloud and managed services. “Couple the new features with Cloud integration and it’s the perfect tool for a distributed nationwide team, or a tactical one-on-one engagement. The ‘at a touch’ insight that the AirCheck G2 brings to our team throughout all cycles of lifecycle management makes it an invaluable asset to all levels of WiFi admins, engineers, and designers.” “The 802.11ac standard is fast becoming the industry preference with adoption rates in 2015 reaching 54.5% of dependent access point unit shipments and 71.3% of dependent access point revenues,” said Nolan Greene, research analyst, Network Infrastructure at IDC. “As enterprise mobility becomes ubiquitous and IoT applications move into the mainstream, there

will be increased demand on enterprise WLANs. The NETSCOUT AirCheck G2 Handheld Wireless Tester’s strong, industry-leading capabilities around the 802.11ac standard will be absolutely critical in supporting nextgeneration wireless initiatives.” About NETSCOUT SYSTEMS, INC. NETSCOUT SYSTEMS, INC. is a market leader in real-time service assurance and cybersecurity solutions for today’s most demanding service provider, enterprise and government networks. NETSCOUT’s Adaptive Service Intelligence (ASI) technology continuously monitors the service delivery environment to identify performance issues and provides insight into network-based security threats, helping teams to quickly resolve issues that can cause business disruptions or impact user experience. NETSCOUT delivers unmatched service visibility and protects the digital infrastructure that supports our connected world. To learn more, visit www.netscout.com.

AirCheck™ G2 Wireless Tester

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

Seagate unveils Its stylish consumer product portfolio In Australia Seagate Technology has unveiled its stylish new consumer product portfolio for the Australian market, including LaCie Chromé, LaCie Porsche Design Desktop and Mobile Drives, Seagate Backup Plus Ultra Slim, and Seagate Innov8. From LaCie, Seagate’s premium brand, comes the LaCie Chromé desktop storage, designed in collaboration with acclaimed industrial designer Neil Poulton, which brings uncommon sophistication to a workspace. Also shown today is the next generation of LaCie Porsche Design Drives, which are the latest drives from the collaboration with Porsche Design Group since 2003. LaCie® Porsche Design Drive LaCie Chromé is a homage to a 1935 bronze statue from Constantin Brâncuși, one of the most influential sculptors of the 20th century. Forged from solid chromed zinc, the stand securely docks the drive with powerful neodymium magnets and detaches for easy transport. The drive is housed in an aluminum enclosure which was hand assembled and then chromed to a mirror polish. The LaCie Porsche Design Mobile and Desktop Drives feature all-aluminum scratchresistant enclosures too, making the products lightweight yet sturdy. All the drives feature rounded corners, high-polish beveled edges and a sandblast finish, showcasing the distinctly Porsche Design modern and elegant style.

Technology together with USB 3.1. Designed in partnership with Huge-Design, Seagate Innov8 was a recipient of this year’s Red Dot design award. Innov8’s premium, well-balanced aluminum enclosure and design means users can horizontally or vertically place it on the desktop as they prefer. Seagate® Innov8™ Seagate Backup Plus Ultra Slim builds on the award-winning Backup Plus Slim drive and is the world’s thinnest 2TB mobile hard drive. At just 9.6mm, the Backup Plus Ultra Slim employs Seagate’s latest 2.5-inch HDD technology, making it more than 50 percent thinner than other 2TB drives on the market. The drive with a stunning new design is available in golden or platinum metal finish to complement the looks of stylish computers, tablets and phones. Seagate Innov8 and Seagate Backup Plus Ultra Slim include Seagate Dashboard software, which offers users either one-click on-demand or customisable, scheduled backups for their devices at their convenience. Both drives also come with 200GB of free Microsoft OneDrive® cloud storage for two years and Lyve® software compatibility, so users can back up, access and share their favorite files from any device or location.

LaCie® Chromé Both the LaCie Chromé and LaCie Porsche Design Drives feature the new USB-C connectivity, making the drives incredibly easy to connect, since both ends of the cable are identical and the connector is reversible. The LaCie Chromé, complete with the USB 3.1 Gen 2 technology and a pair of 500 GB M.2 SATA SSDs in RAID 0, is the fastest USB storage solution on the market. The LaCie Porsche Design Desktop Drive also harnesses the power of USB 3.1, enabling it to charge a compatible laptop’s battery when the drive’s power supply is connected to the wall outlet, such as the Apple® MacBook. Seagate Innov8 is the world’s first USBpowered desktop hard drive. The 8TB drive does not need to be plugged into a power outlet thanks to its innovative Ignition Boost™

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Asia Pacific Security Magazine | 63

CLIENT VIEWING Workstations/ Network Switches/ Service and Support

IP Video STORAGE solutions

THE DAWN OF A NEW ERA FOR SMALL PROJECTS

The Aurora Series are built to fill a void in the small project market: economically-driven, enterprise-class storage systems. They bring features never before seen in budget projects such as redundant power, multiple RAID sets, and server-grade CPU’s with 10000 PassMark ®ratings. High-end features, while maintaining the price points required for the small project market. The Aurora systems alter the landscape on video recorders - in price and performance. For more info visit bcdvideo.com or email peaceofmind@bcdvideo.com

SCALABLE SOLUTIONS Solutions that fit every need, from small retail to airports and casinos

Global

Over 17,000 deployments worldwide partnered with global on-site support.

Guaranteed Calculations Follow our journey around the globe

BCDVideo’s calculations are guaranteed, so you never have to worry about project accuracy.