Australian Security Magazine, June/July 2016 by MySecurity Marketplace

Print Post Approved PP100003227

THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au June/July 2016

FEATURE SPECIAL SECURITY IN SINGAPORE

Now is the time for multi-modal biometrics

Cloud Infrastructure & Security

Crime: Examining the mob mentality

Strategic Pillars of Change: Australia’s Cyber Security Strategy

Help from above: UAVs preventing shark attacks

The greatest threat to your business

Big data = Big business = Big risk

PLUS

$8.95 INC. GST

TechTime, Quick Q&A, Cyber Security and much more...

CYBer SecurITY

Do we have IT right?

18-20 October

The Four Points Hotel - Darling Harbour National Conference 2016

From the War Room to the Board Room, HuntsmanÂŽ Defence Grade Cyber Security Platform delivers: Advanced Threat Detection and Incident Response Continuous Compliance Serious Cyber Security ROI

Proven in the most secure and sensitive environments within the intelligence, defence and criminal justice networks across the 5 Eyes community.

LEARN MORE TODAY 1300 135 897 huntsmansecurity.com

Contents Editor's Desk 3 Industry Insights

Quick Q @ A Jason Gotch - Managing Principal, Dynamiq NSW

International Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai

Iraq and Syria in 2016: More players more problems: Part 1

Rebalancing with India

Cyber Security Now is the Time for multi-modal biometrics

Examining the mob mentality

Help from above: UAVs preventing shark attacks

HUNTSMAN: Building a security intelligence centre

Digital Identity

How cloud infrastructure is making enterprise more secure

Strategic pillars of change: Analysis of the cyber security strategy

The greatest threat to your business today

MARKETING AND ADVERTISING T | +61 8 6361 1786

Guarding the new users

promoteme@australiansecuritymagazine.com.au

Security in Singapore

SMART facilities Management Solutions

FORTINET FEATURE

TechTime - the latest news and products

Art Director Stefan Babij Correspondents Sarosh Bana Adeline Teoh Tony Campbell

SUBSCRIPTIONS

T | +61 8 6361 1786 subscriptions@mysecurity.com.au

Copyright ÂŠ 2015 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E | info@mysecurity.com.au E: editor@australiansecuritymagazine.com.au All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.

Page 8 - Iraq and Syria: More players, more problems - Part 1

Singapore Feature

Page 16- Examining the mob mentality

OUR NETWORK Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.

Page 26 - Strategic pillars of change.

CONNECT WITH US www.facebook.com/apsmagazine www.twitter.com/apsmagazine www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about

Correspondents* & Contributors

www.youtube.com/user/MySecurityAustralia

Page 36 - Security in Singapore www.asiapacificsecuritymagazine.com

www.drasticnews.com

John Lord

John Kendall

James Valentine

Brian Henke

Adeline Teoh*

Tony Campbell*

Sarosh Bana*

Tim Mayne*

www.chiefit.me

www.youtube.com/user/ MySecurityAustralia

4 | Australian Security Magazine

www.cctvbuyersguide.com

David Stafford

Editor's Desk

“It’s interesting that these themes of crime and political corruption are always relevant” - Martin Scorsese

he last day of May was an interesting Tuesday. The month closed with a series of reports that in many ways was reflective of each other and representative of a global, ‘digital’ problem, one which is far from being solved. In the U.S., the chair of the Securities and Exchange Commission (SEC) said “cyber security is the biggest risk facing the financial system”. This statement was reported as ‘one of the frankest assessments yet of the threat to Wall Street from digital attacks.’ Banks around the world had been rattled again, this time by a $81 million cyber theft at the Bangladesh central bank, funnelled through SWIFT, a member-owned industry cooperative that handles a majority of cross-border payment instructions between banks. The SEC found major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced (Reuters). In Malaysia, the Immigration DirectorGeneral reported 15 immigration department officers had been sacked and another 14 suspended after an investigation found staff had colluded with criminal syndicates to manipulate the passport system that tracks entry and exit to the country. The subterfuge was centred at Kuala Lumpur International Airport (KLIA) and had begun in 2010. In excess of 20 other department staffers have faced administrative action or were under observation, 63 have been transferred, and criminal charges may be forthcoming. The syndicates hacked or breached the system with the help of the involved immigration officers. As mainstream media took interest and sought out links to Flight MH370, I gave commentary on ABC’s Radio National and Channel 24 Live News. This breach is unlikely to have put legitimate travellers at risk but certainly was a

‘holy grail’ for a crime syndicate involved in illicit trades, such as human trafficking. Then, as if to underline what I considered to have most motivated the KLIA passport system breach, details were revealed from a Global Slavery Index that determined more than 45 million men, women and children globally are trapped in modern slavery, far more than previously thought, with two-thirds in the Asia-Pacific. The slavery research report, by the Walk Free Foundation, an initiative set up by West Australian philanthropist Andrew Forrest in 2012, compiled information from 167 countries with 42,000 interviews in 53 languages to determine the prevalence of slavery and government responses. The report suggests that there were 28 percent more slaves than estimated two years ago. India had the highest number of people trapped in slavery at 18.35 million, while North Korea had the highest incidence and the weakest government response. And as the technology race continues, throughout April and May we partnered with a range of important and enlightening industry events, including three in Singapore. As the basis of our special feature report on Singapore, we provide event briefings and industry insights gained from the SMART Facilities Management Conference, Fortinet’s Fast & Secure Conference and NetEvents Press & Analyst APAC Summit 2016. Kicking off with a keynote by Dr. Christian Busch, Associate Director, Innovation and CoCreation Lab, London School of Economics, the APAC NetEvents Press & Analyst Summit provided a great deal of insight into the global and regional connectivity and business model innovation occurring in a rapidly changing world. Dr Christian Busch highlighted that “we’re moving away more and more from only product

innovation or only technology innovation, to business model and systems innovation.” Australia’s Prime Minister Turnbull has predicted that by 2030 the digital business economy of the Asia Pacific region could be worth as much as $625 billion, or 12% of the region’s total GDP. Australia and Singapore will need to remain central to the digital economy for the region and the two countries in particular, have developed a ten year plan to enhance strategic, trade, economic, defence and people to people links, and deepen bilateral relations for a Closer Economic Relationship. The plan is to accelerate collaboration in innovation, science, research and technology and we examine the opportunities for collaboration and recognition of the security profession as part of these developments. In this issue we also continue to cover all aspects of human and technology security, including international and regional security trends with articles on Syria and India. We get some insight into the phenomenon of Mob Violence and have full coverage of cyber security, including a special report on Australia’s Cyber Security Strategy. And on that note, as always, we provide some thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.

Yours sincerely, Chris Cubbage CPP, RSecP, GAICD Executive Editor

Australian Security Magazine | 5

....with Jason Gotch

Managing Principal, Dynamiq NSW. Dynamiq’s NSW Managing Principal, Jason Gotch has a knack for networking that has seen him build a popular profile within the industry over the past 27 years. Jason has gained his experience having worked across various industry sectors throughout Australia. His current passion revolves around Organisational Resilience, the “not so new“, emerging field that combines the many protective disciplines of security, crisis, emergency and continuity management with a robust and strategic approach to organisational culture. How did you get into the security industry? The slow way! I started in guarding, event and crowd control way back in 1989, from there I worked my way up through the ranks so to speak. Since 2003 I have been involved in more senior roles working across Australia in various sectors. Whilst working at the Perth Arena, I was introduced to the concept of organisational resilience by renowned practitioner David Parsons and immediately felt that it was an area that both interested me and would grow substantially. Since then, I have worked in several resilience roles and currently contribute to the industry through working groups, networks and government committees. How did your current position come about? Whilst working at Westfield in a Risk and Security role, I engaged Dynamiq to assist with critical incident and emergency management training. This gave me an opportunity to work closely with the directors and several consultants, many of whom I knew already, so when the opportunity came to join the firm, it was an easy choice! My role works across the various divisions of the company with a particular focus on the NSW sector, working with clients on individual disciplines and resilience methodology to meet their specific organisation’s needs. What do you like about your job? Everything! Honestly, it’s a great position, with a very open playbook that allows me to build on the company’s business resilience proposition and service offering. We have a fantastic technology product in EMQ Net that has been a leader in the market since 2002, it is a very robust product with a proven track record and is currently utilised by many national and international companies. Depth of service and personnel ensures that a high

6 | Australian Security Magazine

standard of delivery, matches Dynamiq’s overall profile. What are the biggest challenges facing the industry? I think that there are a couple, from a pure security point of view. As “resilience thinking” gains further momentum, security management is going to be increasingly seen as part of a bigger picture. Whilst I think this integrated approach will be of benefit, it may be detrimental if security is not given a high enough priority within the overall framework. I’m increasingly seeing and hearing that budgets are being cut on physical security in favour of cyber security/resilience. Given the current threat environment around terrorism, it is important for organisations to take an evenhanded approach to all preventative security measures, and not just those that are the most newsworthy! What are the biggest changes you’ve seen? Really there have been so many. Who would have thought twenty years ago that the Internet would be so dominating in our lives? The threat, both real and perceived, in terms of cyber security is enormous. Whilst the challenge is significant, this new emerging industry has opened up career paths for an assortment of highly trained, educated and informed practitioners. Whilst working at Foxtel, I worked closely with the IT/Cyber team and was constantly amazed and surprised at how

resourceful and effective they were. Individuals in this field shouldn’t be stereotyped; In fact, I consider them to be at the cutting edge in terms of security thinking with a wide and encompassing view of the industry. Where do you see the industry heading? For me I think that the era of standalone security management departments is nearing an end. Resilience methodology calls for an integrated, anti-silo approach that embodies efficiency and productivity. I personally see security (physical and cyber), as one of the essential pillars of any resilience programme, with practitioners from this background equally at home in the fields of crisis, emergency or continuity management. The key attributes of situational awareness and critical thinking can be developed and perfected within the security environment, giving those that commit to a long-term career very real world skills. If resilience does end up as the umbrella of sorts, I think that security professionals will be well placed to play an important part in this new and emerging industry. What do you do when you’re not working? You know, I get asked this a lot and to be honest I’m not great at switching off ! Although I am trying, thanks to my wife and a couple of small dogs, I’m starting to realise that resilience need not be a full time job, at least not at home anyway!

Regional

Recognising excellence in the Australian security industry

he 21st annual Australian Security Industry Awards

America. Once a core number of national OSPA programmes are

for Excellence and 2nd annual Outstanding Security

established it is World Excellence Awards intention to enter OSPA

Performance Awards provide a platform for exceptional

winners into a worldwide OSPA.

security companies and individuals to be recognised. Organised by the Australian Security Industry Association

In all countries the aim is to encourage security associations to come together to celebrate excellence and the outstanding

Limited (ASIAL) and World Excellence Awards, the event is

performers in their country. In Australia this is no different, with the

designed to be both independent and inclusive, providing an

following industry partners supporting the event.

opportunity for outstanding performers, whether buyers or suppliers, to be recognised and their successes to be celebrated.

Awards Ceremony and Dinner

Over the course of two decades the Australian Security Industry Awards for Excellence has provided recognition for

The awards will be presented at The Westin, in Sydney’s iconic

hundreds of Australian security companies and individuals. The

Martin Place, from 7pm on Thursday 20th October 2016. Media

event also provides a chance to showcase the outstanding pool of

personality James O’Loghlin will emcee the event. You may

professionals working within the security industry.

recognise James O’Loghlin from Good News Week, Rove Live,

For a second successive year, ASIAL will host its awards in collaboration with the Outstanding Security Performance Awards

Sunrise, Lateline, The Evening Show and more than 300 episodes of The New Investors.

which form part of a global initiative with events in Germany, Norway, Poland, Romania, United Kingdom and United States of

For further information on the event visit www.asial.com.au

Australian Security Industry Awards

Call for Nominations RECOGNISING EXCELLENCE

Awards Ceremony & Dinner:

20 October 2016 The Westin, Sydney

Australian Security Magazine | 7

International

Iraq and Syria in 2016: More players, more problems Contributed by Insightful Futures security analysts. Insightful Futures is a Perthbased futures and foresight consultancy dealing with global, strategic matters that affect governments, citizens and big business. Regional and international self-interests only make the matter worse

By Brian Henke

ver the last five years, the world has been drawn into one of the most disturbing and brutal international conflicts. We’ve witnessed Western reporters being beheaded on YouTube, entire cities overthrown by rampaging militants, lone wolf attacks erupting in every corner of the globe, all the while coupled with a sophisticated online propaganda machine radicalising and recruiting people of all ages and all backgrounds. In the first of a two part series of analysis, this report will help explain how Iraq and Syria got into this mess; analysing the regional and international players and the role and influence they have played in shaping the conflicts. It will also speculate what role these local, regional and international players will have on Iraq and Syria over the next twelve months. Regional trends: Turkey backflips, Israel constrains, Lebanon fragments and Iran escalates One of the most glaring changes over the past five years is Turkey’s escalating role in the conflicts – and it doesn’t look like backtracking. Despite its nuanced approach over the last five years, Turkey is now likely to become increasingly involved in the conflicts in Syria and Iraq. But Ankara’s focus will not be on countering Daesh. Instead, Turkey is likely to prioritise its focus on containing Kurdish ambitions – both domestic and over the border – as well as countering Russian support for Syrian President

8 | Australian Security Magazine

Bashar al Asad. Ankara will support opposition elements to achieve these aims, including turning a blind eye to the movements of foreign fighters across its border with Syria. This policy will directly challenge Iranian and Russian objectives in Syria, increasing political tensions without escalating into direct state-on-state conflict. Ankara’s position in Iraq will be a little more complicated. Turkey will seek to contain Daesh and protect the local Turkmen population, but will not want to embolden the Kurdish population on its doorstep – even though some Kurds are actually helping to counter Daesh’s movements in Iraq. Similarly, Ankara will not want to commit to a large military force in Iraq that provokes Daesh enough to retaliate inside Turkey. Either way, Turkey will almost certainly continue to conduct strikes against Kurdish targets along its southern border – despite the risk of these actions increasing domestic terrorist attacks. With a conservative government determined to respond forcibly against domestic foes – Ankara will see sinister real or perceived Kurdish plots behind every attack against Turkey’s national interests. In short, Turkey’s military involvement in the conflicts is only getting started. Meanwhile, Turkey’s neighbour, Israel, will undoubtedly be dragged into the conflicts when Tel Aviv recognises its national security is being threatened. Since 2013, Israel has demonstrated its willingness to conduct cross-border military operations into Syria when it perceives a ‘red-line’ is about to crossed – we’ve already seen Israeli strikes on suspected weapons deliveries in Syria on at least eight occasions. Israel is likely to label their expected cross-border airstrikes as defensive, claiming them necessary action against

International

the perceived strategic threat from Syria. Indeed, with Israel’s growing concerns over President Obama’s commitment to the region, as well as the West cosying up with Iran, Israel probably believes it will have to dig in and take more unilateral action to secure its interests. Nevertheless, Tel Aviv will not seek to drastically escalate tensions on either side of the borders with Syria or Lebanon that leads to all-out war. It is neither in Israel’s nor Hizballah’s interests to increase tensions that instigate further conflict in the region. Lebanon’s military involvement in both conflicts will be dominated by the Shi’a militia Lebanese Hizballah. In Syria, Hizballah will undertake an important military role in supplementing the Syrian Arab Army –gaining significant battlefield experience for its fighters. However, this involvement will come at considerable cost; Hizballah has already lost more than one third of its fighting forces in Syria. Throughout 2016, Hizballah is likely to remain a sizeable presence in Syria, focused along Syria’s western provinces, also maintaining a small advisory and coordination presence in Iraq. This involvement will increase sectarian tensions across the region and threaten to draw in Israel and foreign Sunni fighters, further destabilising the region. The biggest regional influence on the whole situation will undoubtedly be from Iran. Iran is already spending approximately $6 billion a year supporting Asad’s government. This endowment will have long term implications; economically beholding Syria to Iran while entrenching Iranian long-term influence over Syria’s civil society and economy. Over the next twelve months, Iran will focus its attention on Syria and the survival of the Asad regime. Iranian backed Shi’a militias, including volunteers from as far afield as Pakistan and Afghanistan, will bear most of the brunt. But as more funerals are held in Iran, Iranian decisionmaking is likely to change. Indeed, the Syrian conflict has already resulted in more Islamic Revolutionary Guard Corps (IRGC) deaths than any other conflict, aside from the eightyear Iran-Iraq war. Iran’s support for Shi’a militias in Iraq and Syria will also undermine its own long-term regional objectives. Iran’s intervention is increasing the sectarian polarisation across the Middle East and, paradoxically, is increasing the threat to Iran by swelling Daesh’s ranks to combat the Shi’a ‘heretics’. Worse still, Iran’s involvement will only prolong the bloody conflict and encourage further involvement and condemnation from regional Sunni states such as Saudi Arabia and Turkey. So it is a difficult and violent neighbourhood, with no signs of genuine respite. But to make matters worse, it is likely this violence will be exacerbated by the increasing involvement of players from outside the region – as examined below. International trends: Russia’s misguided revivalism vs. uncertain US foreign policy For Russia, Syria provides an important chess piece for President Putin’s broader geopolitical ambitions. In 2016, Russia will seek to preserve the ‘status quo’ in Syria; keeping the Asad regime in power and preserving the Syrian state, as these two avenues remain Russia’s best options

for continued influence. Russia will also seek stability along Syria’s coastal strip, where Russia’s only naval depot outside its borders is based, to provide Russia strategic penetration in the region. Tactically, preserving the status quo means prioritising efforts against those enemy forces which pose the greatest threat to the Asad regime. Unfortunately for the West, this means Russia will prioritise airstrikes and military support against Westernbacked rebel forces and not focus on Syria’s central and eastern provinces of Syria, which is where Daesh controls large swathes of territory. Cognisant of its experience in Afghanistan and the quagmire the US experienced in Iraq, Russia is unlikely to deploy large numbers of ground forces into Syria in order to prop up the Asad regime. To Russia, President Asad is not worth the risk of Russian bloodshed. Rather, Russia will probably maintain a moderate air campaign, providing intelligence and surveillance and close air support to Syrian or Iranian and Lebanese-backed forces on the ground. In contrast to Russian efforts, the US will seek to minimise its involvement in the two conflicts. This will result in an ambiguous US foreign policy; remaining committed enough in the region over the short term to provide basic security and attempt to contain the threat, while continuing the broader disengagement from the region over the longer-term. Ironically however, this oft-contradictory foreign policy is in their national interest. By limiting US involvement in the Middle East, states and non-state actors such as Iran, Russia and Lebanese Hizballah – who have much more to lose than the US – will commit more forces and subsequently suffer greater losses in attempt to secure their own national interests. After all, Daesh does not pose an existential threat to the US, or more broadly to the West. As such, the US commitment in Iraq and Syria in 2016 is likely to remain targeted but limited. Washington will continue to push for a diplomatic solution to the situation in Syria which involves key regional stakeholders – despite how optimistic this appears. Although the US would still prefer President Asad to eventually stand down, Washington will probably be comfortable in delaying calls for Asad’s removal until a political settlement can be reached. The security risk from a collapse in central government – the expansion of Daesh and Islamic extremism – is a far worse alternative. Similarly, while Washington will remain concerned over Iran’s expanding influence across Iraq and Syria, Washington will probably focus on the progress being made under the Iran nuclear deal in the hope that Iran’s re-engagement with the West will achieve far better prospects for regional and international peace. For Washington, it’s better to keep your eyes on the (bigger) prize. So the regional and international involvement in the conflicts only seems to be delaying the conflict at best, or escalating it at worst. Part two of this series will explore what this all means for the future of Iraq and Syria – and the threat it poses to Australia.

‘Iran is already spending approximately $6 billion a year supporting Asad’s government. This endowment will have long term implications; economically beholding Syria to Iran while entrenching Iranian long-term influence over Syria’s civil society and economy.’

Australian Security Magazine | 9

International

Rebalancing with India

T By Sarosh Bana ASM correspondent

10 | Australian Security Magazine

he return of Asia-Pacific to the centre of world affairs is the great power shift of the 21st century. And there is little doubt that this century will be shaped by events transpiring in this vital region. This economically integrated region is traversed by half the world’s maritime trade worth $5 trillion a year, and spans some of the busiest international sea lines and nine of the 10 largest ports. Its 4.2 billion inhabitants speak over 3,000 different languages and constitute 61 per cent of the global population. The Asia-Pacific also holds dense fishing grounds and potentially enormous oil and natural gas reserves, though at present it is a net importer of fossil fuels. America has been a Pacific power for more than two centuries, ever since the Corps of Discovery sailed down the Columbia River to the Pacific Northwest region of North America in 1805. Today, the United States Pacific Command (USPACOM) area of responsibility (AOR) covers more of the globe than any of the other five geographic combatant commands of the U.S. With allies and partners, the Command stands “committed to enhancing stability in the Asia-Pacific region by promoting security cooperation, encouraging peaceful development, responding to contingencies, deterring aggression, and, when necessary, fighting to win”.

Under a 2011 agreement between the U.S. and its key Asia-Pacific partner, Australia, the Pentagon is establishing a six-month rotational presence of an air-ground task force of 2,500 Marines to Darwin. The Marines will conduct bilateral training exercises with the Australian Defence Force. They will also deploy to partner countries for multilateral security cooperation activities to demonstrate U.S. commitment to its allies in the region and help improve their ability to respond to disasters and other crises in the region. The U.S. Navy will also forward deploy four Littoral Combat Ships in Singapore’s Changi Naval Base by 2018. An agreement finalised by U.S. Defence Secretary Ashton Carter with the Philippines on his recent visit there will allow Washington to build facilities at five Filipino military bases. The two countries have been strategic partners since World War II and the Philippines hosted major American military bases at Subic Bay and Clark Air Base. But yielding to national sentiment, Manila had ousted the U.S. forces from its territory in 1991. The five bases will resurrect American presence across the island nation. The U.S. is seeing threats emerging in the Asia-Pacific from the rise of new powers, specifically the increasingly restive and assertive China and North Korea, which, in the larger context, is signalling a shift in the balance of power

International

in the region. While Pyongyang has backed its tirades with provocative nuclear tests and missile launches, Beijing’s energy-hungry export-driven economy that is heavily reliant on raw material and fuel imports seeks to buttress its suzerainty over the regional Sea Lines of Communication (SLOC) that are critical to the survival of the entire AsiaPacific community. China’s claims of sovereignty over almost the entire South China and East China seas have sparked disputes with its neighbours such as Japan, the Philippines, Vietnam, Taiwan, Malaysia and Brunei. The bone of contention has been the various island enclaves, not of much value in themselves, but the hold on which would offer continental shelves and Exclusive Economic Zones (EEZ) that extend 200 nautical miles from the low-water shoreline. China is also pursuing an island chain strategy by building artificial islets through dredging sand in the South China Sea and developing them into a network of marine citadels fortified with missile batteries, deep-water jetties, airstrips and radar stations. Beijing has also stationed anti-ship cruise missiles on Woody Island in the disputed Paracel Island Chain. The U.S., which estimates China to have reclaimed 3,000 acres of land since the beginning of 2014, was also concerned by the recent landing of a Chinese military aircraft on Chinese-made Fiery Cross Reef, in the Spratly Island Chain. Beijing explained it as an airlift of three severely ill civilian construction workers, but the Pentagon wondered why a civilian aircraft could not have been used instead. China’s belligerence is also pushing the threatened poorer economies towards an arms race they can ill afford. With the region having become a cauldron of trepidation, the littoral states are hiking their defence expenditure at the cost of more pressing social exigencies. The Philippines’ defence budget is $3.8 billion, while its external debt is $77.7 billion. It is largely to its seaborne trade that China owes its spectacular economic transformation, where the 61 per cent of its population living in extreme poverty in 1990 shrank to only four per cent by 2015. To ensure safe passage to its maritime trade and expand its commercial footprint, China has been extending its blue-water presence through the establishment of a major surface fleet and nuclear-submarine base on the Hainan Island in the South China Sea and the deployment of precision cruise and advanced ballistic missiles that can target all current U.S. bases and naval forces in the region. Beijing is also keen on furthering its interests in the Indian Ocean Region (IOR) under the framework of its Maritime Silk Route (MSR) that entails the development of a string of ports, essentially encircling India, such as Kyaukphyu in Myanmar, Hambantota and Colombo in Sri Lanka, and Gwadar in Pakistan, apart from a military logistics base in Djibouti to apparently service its warships engaged in counter-piracy operations near the Gulf of Aden. Though the U.S. has sought to be neutral, it is conscious of the need for freedom of navigation for all countries. It hence finds it imperative to raise its already formidable profile in the Asia-Pacific. Its numerous military bases in the region include 17 in Japan and 12 in South Korea, while it also has a presence in Australia, Thailand, the Philippines, Guam and Singapore, and on the British-controlled Indian Ocean island of Diego Garcia.

Washington’s policy of the strategic “pivot” or “rebalance” to Asia enunciates the relocation of 60 per cent of the U.S.’s naval assets – up from 50 per cent today – to the region by 2020. China views this policy as one aimed at containing its legitimately expanding economy and military, as also at bolstering American presence in this region of the future. It also views the plan as a U.S. attempt to curb Chinese influence across the region and to embolden countries to brazen out Beijing on the maritime disputes. The U.S.’s military relocation in the Philippines will, to a degree, balance the tilt in power in the region. China interprets these developments as an American intent to “militarise” the South China Sea, a term the U.S. has previously used to denounce Chinese advances in the region. Beijing insists that any disputes in this maritime domain should be resolved by countries in the littoral and not by outside powers. It is not unlikely that the U.S. may open or expand bases in the three island territories of Saipan, Tinian and Rota in the U.S. Commonwealth of the Northern Mariana Islands in the western Pacific that lie beyond the Chinese intermediate-range ballistic missile (IRBM) reach of 3,000 to 5,500 km. It is, however, the U.S.’s strategic partnership with India that Washington is keen on leveraging in an effort to enlist this growing Asian economic, military and geo-political power in balancing the rise of China in the larger IndoPacific vista. The first American President to have visited India twice during his tenure, Barack Obama has committed to forge deeper cooperation with India that he calls a 21st century centre of influence. He believes that with India assuming its rightful place in the world, the two countries have a historic opportunity to make their relationship “a defining partnership of the century ahead”. Narendra Modi too is scheduled to visit the U.S. sometime in June, for the fourth time in two years, not having gone so many times as the Indian Prime Minister to any other country. In his meeting with Carter in New Delhi during the latter’s India visit en route to the Philippines, Modi reaffirmed the strategic significance of India-U.S. defence ties and also set priorities to further implement the Joint Strategic Vision for the Asia-Pacific and Indian Ocean Regions. The ‘vision’ reflects the growing strategic convergence between the U.S. ‘rebalance’ and India’s ‘Look East-Act East’ policy, which seeks to intensify New Delhi’s role in an Asia that is at the epicenter of the historic transformation of the world today. China resented the inclusion of the Japan Maritime Self-Defence Forces ( JMSDF) in the Indian Navy’s Malabar Exercise with the U.S. naval forces conducted in the Bay of Bengal last October. Beijing was also affronted by the first ever trilateral dialogue hosted last June by India with Japan and Australia to discuss maritime security and freedom of navigation. The U.S. desires joining this group, with USPACOM Commander, Admiral Harry B. Harris, stating during his India visit in March that Washington’s addition into this dialogue would underscore the unity of the four countries, or “quad” as he termed them, behind the international rules-based order that has kept the peace and which was essential to all. India’s vast coastline of 7,615 km abuts onto the Arabian

Australian Security Magazine | 11

International

“The satellite will monitor the progress of the China-Pakistan Economic Corridor (CPEC) that Beijing is investing $46 billion in and which will link western China to the Pakistani port city of Gwadar to provide China direct access to the Arabian Sea.” Sea, Bay of Bengal and the Indian Ocean, and one of its island enclaves, Andaman & Nicobar, is closer to Myanmar and Thailand than to the Indian mainland. With 66 per cent of global oil, 50 per cent of global container traffic and 33 per cent of global cargo trade passing through the IOR, which stretches from the Persian Gulf to the west to the Malacca Straits in the east, the India Navy is tasked with securing the sea lines for global maritime movement. India finds a dire need to keep pace with developments in its littoral, with the steady build-up in undersea combat capabilities by Pakistan to its west and by China to its east and south, both neighbours with which it has been at war in the past. With one of the largest fleets of attack submarines comprising four ballistic missile submarines (SSBNs), six nuclear-powered attack submarines (SSNs) and 53 dieselelectric submarines (SSKs), Beijing is close to deploying a powerful sea-based nuclear deterrent through long-range nuclear-armed submarines. Five Type 094 Jin Class SSBNs may eventually be built, each armed with 12 JL-2 missiles that can deliver one-tonne nuclear warheads at a range of 4,320 nautical miles (8,000 km). In an unprecedented move last year that alarmed India and other countries in the region, China sent one of its new Type 093 Shang class fast attack nuclear submarine on a threemonth mission across the Indian Ocean. Beijing’s claim that the deployment was in aid of anti-piracy operations off the coast of Somalia was contested by New Delhi, which argued that no country uses nuclear submarines to combat pirates. It was, however, a choreographed presence by China to validate its interests in the IOR through which it declares that it transports $1.5 trillion worth of goods, including petroleum. The Indian Ocean accounts for half the world’s container traffic and 70 percent of its petroleum shipments, a recent US Naval War College-sponsored study noting that it had replaced the North Atlantic as the central artery of world commerce. Indian Defence Minister Manohar Parrikar was taken aback enough to have taken two days to respond to Admiral Harris who, during his recent India visit, renewed a proposal made in 2006 for “an informal strategic coalition made up of the navies of Japan, Australia, India and the U.S.”, termed the “quad”. The initiative, broached by the four powers in 2006, had been shelved in face of Chinese protests. Without consulting the Indian side, Harris chose to revive it on grounds that strategic circumstances had changed. Parrikar discounted suggestions for joint patrolling of the Indian and

12 | Australian Security Magazine

Pacific Oceans by the four navies, clarifying India’s hesitation in becoming a “frontline state” in any strategy to isolate and confront China. New Delhi’s stance is compelled by realism as it is circumspect about China’s vaulting ambitions, as also about the crosshairs of conflicting interests in this region of immense geostrategic import. It does not desire to be seen as too partisan and it certainly does not desire the situation to precipitate into war. It besides faces another dimension of threat from China’s recent deal with Pakistan that will assist Islamabad in developing a Remote Sensing Satellite for launch by June 2018. The satellite will monitor the progress of the China-Pakistan Economic Corridor (CPEC) that Beijing is investing $46 billion in and which will link western China to the Pakistani port city of Gwadar to provide China direct access to the Arabian Sea. It will besides help Pakistan strengthen its border security and surveillance. India has objected to the corridor’s passing through neighbouring Pakistan-occupied Kashmir ever since the project was kicked off by Chinese President Xi Jinping during his visit to Islamabad last year. Despite all its manoeuvrings, China too at times portrays a more accommodative stance towards India. Last July, the Chinese Foreign Ministry announced Beijing’s desire for maritime cooperation and dialogue with India and other South Asian countries to allay their concerns over increased Chinese naval activity in the Indian Ocean, including docking of its submarines in different ports in the region. It expressed Chinese willingness to contribute constructively to peace and stability in the IOR. This writer has previously noted that while the AsiaPacific was earlier driven by commercial interests, the widening unrest in the sea lanes that are the lifeline of this region may eventually compel the validity of a military front on the lines of the North Atlantic Treaty Organisation (NATO). Much in the manner in which China’s growing might is being perceived today, the 28-member grouping had been founded in 1949 in response to the threat posed by the Soviet Union, with its prioritised purpose having been to deter Soviet expansionism. NATO had codified cooperation in military preparedness among the allied signatories by stipulating that “an armed attack against one or more of them… shall be considered an attack against them all”. Though Asia-Pacific countries are keen on safeguarding their territorial interests, they are at the same time anxious not to let the regional conflicts flare into Asia’s next war. However, to lay the foundations of overall peace and stability in the Asia-Pacific, a NATO-like security structure would need to be inclusive, having China within its ambit. A NATO-like platform may not evolve soon, but appears inevitable in light of the rising volatility in the region. The similarities between now and at the time of NATO’s creation cannot be lost. Notwithstanding the fact that the U.S. and China have very high stakes in their relationship – their twoway trade alone touched $598 billion in 2015 - unlike the state of Cold War that had riven Washington and Moscow between the end of World War II and the dissolution of the USSR in 1991. But there is worth in considering that the Pacific is big enough for all of us.

LEADING INDEPENDENT SECURITY CONSULTANTS www.amlechouse.com Amlec House Pty Ltd Independent Security, Risk and Investigation Management Consultants

Security Design, Reviews & Auditing Services Studies, Investigations & Reviews Background & Criminal History Checks Due Diligence Services Specialist Technical Services Security & Risk Awareness Workshops Cyber Security, Online Safety & OSINT Workshops

NEW WEBSITEED! LAU.amNleCchHouse.com www

Frontline

Now is the time for multi-modal biometrics at border security checkpoints

B By John Kendall Border Security Program Director, Unisys

14 | Australian Security Magazine

order security today is facing a perfect storm of challenges that requires every tool available to manage it. John Kendall, Border Security Program Director, Unisys, explores why the time for multi-modal biometrics, including face, fingerprint and iris recognition technology, has arrived. Many border security agencies have clung to outdated technologies and inaccurate assumptions when it comes to leveraging biometrics. For many, the reluctance to modernise technology at the border relates to flat budgets. For others, time simply doesn’t allow them to screen travellers effectively. Globally however, border security agencies can no longer afford to stand still in time. The sheer volume of travellers crossing borders means advanced technology must play a role in effective border security. In 2015, a record 1.2 billion people travelled overseas – up four per cent. In addition, the war in Syria has sparked the largest human migration seen since the end of World War II . This, coupled with fear caused by the recent Paris and Brussels attacks has created a dire need to efficiently and accurately monitor who enters, and leaves, each country. Multimodal biometrics are the future and border security agencies must be ready to adopt them.

Biometrics can help New ePassports include facial biometric data on the chip, so biometrics can automatically detect stolen or forged passports by authenticating the traveller against the rightful holder of the travel document. Border agencies can also use biometrics to check the traveller against a watch list of known “most wanted” persons to identify individuals of interest when entering or leaving the country. Automated clearance eGates are also capable of performing these checks quickly and accurately. Border security solutions employing biometric technology are used in many countries today including the US, UK and Australia. But these biometric solutions display little differences from those deployed 15 years ago and continue to exhibit the same shortcomings. In particular, most of the current biometric solutions are unable to detect individuals travelling under multiple identities and travel documents. This is a vulnerability that can be exploited by terrorists and other criminals to avoid detection when travelling internationally. If an individual is able to obtain a new passport (perhaps from a different country) under a new “clean” identity, then

Frontline

the chances of getting stopped by border security officers is very small.

"As a result, fingerprint biometrics is

Achieving accuracy and speed

far more accurate than facial matching.

The types of biometrics captured at most border crossings isn’t well suited for near-real time searching against very large databases (e.g., biometric records of all travellers who previously entered or exited the country). The International Civil Aviation Organization (ICAO) Document 9303 defines international standards for machine readable travel documents, like ePassports. The standard provides for the storage of three different types of biometrics on the chip – face, fingerprint and iris. Facial biometrics are mandatory, but fingerprint and iris modalities are optional. Facial biometrics work very well for performing a oneto-one verification of the traveller to the facial image stored on the chip as it is quick and accurate. However, they are not as well suited for performing one-to-many searches against a large database of biometric records because of the large number of false matches and false non-matches. For example, if a traveller’s face is compared against the faces of 100 million previous travellers, the facial matching system is likely to return a long list of possible matches against records with similar faces. A border agent then needs to manually review the possible matches to eliminate all the false matches. This is not a problem if you have lots of time, but when facing a queue of tired and frustrated travellers, time cannot be wasted. Because of the relatively low accuracy of facial biometrics, a number of countries have elected to collect and match fingerprints at the border crossing. Fingerprint image analysis detects far more feature points (or minutiae) in a single fingerprint than facial biometrics detects in a face. Fingerprint biometric matching also performs a far more mathematically complex comparison of those feature points (e.g., location, ridge direction, and distance to neighbouring feature points). As a result, fingerprint biometrics is far more accurate than facial matching. In fact, it is possible to perform one-to-many searches against a large database of fingerprint biometric records with very few false matches and false non-matches.

In fact, it is possible to perform one-to-

Real time matching essential In a border crossing situation, the biometric matching needs to be completed in, at most, a couple of seconds, or near-real time. Since fingerprint matching is computationally intensive, near-real time, large-scale fingerprint matching requires significant processing resources - which can be very expensive. So fingerprints work well for one-to-one authentication and one-to-few watch list checks, but fingerprint biometrics are too costly to perform near-real time searches against massive databases (such as the biometric records of all previous travellers). Without that capability, a known suspect travelling under a new identity and travel document can slip through the border undetected.

many searches against a large database of fingerprint biometric records with very few false matches and false nonmatches. " Iris – best of both worlds Iris biometrics offers the advantage of very fast and efficient matching with accuracy similar to that of fingerprints. As a result, it is possible and cost effective to perform near-real time iris biometric matching against very large iris databases. So how might iris biometrics be used in the border security environment? When a traveller enters or exits the country, the border agency captures an image of the iris. This is a simple process that takes a high resolution picture of the eye from up to two meters away – much like taking a photo of the face. Once the iris image is captured, the unique patterns of the iris can be quantified and searched against the entire database of previous travellers to determine whether or not that iris has been seen previously. Iris biometrics represents the best defence against individuals who attempt to enter a country using multiple identities and will go a long way towards tightening border security without delaying the border clearance process. Iris biometrics is not as well known or understood by the public as facial or fingerprint biometrics, but it is used for border clearance in the UAE and is the favoured modality for large-scale civil applications – like national identity. For example, iris is the primary biometric used for the 110 million person Mexico National ID as well as the one billion-person India National ID. Bottom Line Most border agencies try to weather the perfect storm of border security challenges using traditional biometric technologies that only address part of the security risk. With heightened security threats and a growing volume of travellers to process, there is a pressing need to expand border crossing solutions to leverage the power and cost efficiency of iris biometrics. Face and fingerprint biometrics still have a place, with many existing face and fingerprint biometric watch lists, but the time for multimodal biometrics (using face, fingerprint and iris) has arrived.

Australian Security Magazine | 15

Frontline

Examining the mob mentality

T By Tim Mayne ASM Correspondent

16 | Australian Security Magazine

wo mob-related incidents made headlines in Perth, Western Australia in the last couple of months. The first saw a group of 20 people attack a city convenience store, where a mob mentality ensued. Numerous other people decided to join the fray causing a young shop attendant to suffer injuries after being beaten by some of the mob and have his store robbed and trashed. The second incident came weeks later as a group of teens threw rocks at buses near Cockburn causing $10,000 damage. But these aren’t isolated incidents and like many others they involved large numbers of young people. Australia was shaken by the racially-motivated mob attacks in they Sydney suburb of Cronulla in late 2005 which saw large numbers of youths from Anglo-Celtic and Lebanese origin clash on a number of occasions. More than 5000 individuals gathered at North Cronulla Beach where mob violence ensued. The end result saw 26 people injured, a total of 16 arrests and 42 charges being laid including assaulting police officers, affray, malicious damage, resisting arrest, offensive behaviour and other charges. In 2011 England was rocked by riots which lasted nearly a week, resulting in five deaths, arson, looting, assaults and other offences. Similarly in Cologne, the German nation was shaken after New Years Eve celebrations turned ugly when more than 1000 men were accused of assaulting 90 women, including accusations of sexual and physical assault and robbery. Police forces around the world have warned the public that the penalties for such behaviour can attract several charges resulting in potential jail terms. So what drives a group of

people to risk everything to become involved in mob violence? According to Professor Rob White from the School of Sociology at the University of Tasmania group violence is defined as “swarming” and falls into several categories. The categories include Raves, Flash Mobs, Youth Gangs, Riots, Mobs and Gatecrashes and all of those events can be organised or spontaneous. “What seems to characterise most of these group formations is the availability of ‘smart mob’ technologies that allow grouping and regrouping to occur, and the ability to gather quickly at a meeting place,” Professor White says. “The presence of large numbers of people in one place - the formation of crowds - can also shape group behaviour depending upon the purpose of the crowd formation. “In some crowd situations, mob-like behaviour may emerge as being in a crowd seems to offer the opportunity to ‘lose one’s mind’, and thereby to lose the normal social controls that guide decent human interaction. “The so called mob mentality describes the situation in which the crowd dictates general behaviour over and beyond the individual. “Describing different types of group formation still does not address the question of why and how group violence occurs? “For this, sustained theoretical interrogation of crowds as a general social phenomenon is needed, along with specialist study of particular crowd formations, such as football hooligans,” he says. Rob White says what is of more immediate interest here, and drawing upon Australian examples and experiences, are

Frontline

the rituals and dynamics of violence. “Rituals mean several different things,” Professor White says. “In their examination of the Bathurst bike races riots, author C Cunneen et al. (1989) speak about the traditions of police baiting, particularly among working class men. “The specific instances of police baiting can take ritualistic forms, and may be seen as part of a local culture that is transferred over the generations. “By recognising the historical relationship between the police and particular communities (including and especially Indigenous communities), better insight can be gained into why certain situations can quickly transform into violent confrontations. “As Cunneen et al. (1989) also point out however, there is a dynamic between baiting and control - that is, how police respond to the baiting also shapes the dynamics of the situation.” According to WA Police, although incidents such as the ones mentioned above often involve numerous people, figures only state what the offence is i.e. Robbery, Assault etc as there is no real charge of starting a riot, apart from the charge of starting an affray for individuals - which was included in the list of 42 charges laid against individuals after the Cronulla riots. “None of the records Police have specify whether the incident involved more than one person,” a spokeswoman for WA Police said. “In relation to penalties, once again having a lot of people involved does not alter the penalty. It all depends on the actual offence under the Criminal Code. “We do not know what makes people commit offences in a group. “Anecdotally it could be people under the influence of alcohol or drugs. “Police do not tolerate anti-social behaviour and alcoholfuelled violence, irrespective of whether it is one person or a group of people. “Resources can be deployed to any area where the need arises be it for a party or large numbers of the public in the city at various events like New Year’s Eve”, the WA Police spokeswoman said. According to an Australian Institute of Criminology report, Australians aged between 15 and 19 years of age were the most violent people in the country, involved in a disturbing number of bashings, robberies, attacks both sexual and physical as well as abductions and other crimes. The report entitled: Australian Crime: Facts and Figures Report said that during 2011 people in that age group were responsible for 886 crimes per 100,000 people, compared to a crime rate of 85 offences per 100,000 people in the age group ranging from 55 to 59 years of age. Many in the community are quick to blame easy access to alcohol, while others blamed violent video games and movies as well as changing family structures and dynamics. Some even called for the Federal Government to throw money at the problem in order to lower youth crimes rates, but is the solution that simple? According to Professor Rob White from the University of Tasmania, there are a number of factors to take into account when looking at violent crime trends, particularly

when looking at crimes involving gangs or groups of people. “Understanding the contours of group violence is essential to responding adequately to its different manifestations. In specific circumstances, it may be necessary to institute coercive measures to deal with groups or situations that have got out of hand. In the United States, for example, specific city sites or hot spots and specific youth group formations i.e. identifiable gangs have been targeted for saturation and high visibility street policing. “Aggressive street policing and zero tolerance approaches have been criticised, however, for unduly restricting the rights of young people.” “The problem in the past has also been linked to racist assessments of who gets targeted for intervention, for creating resentment among young people toward authority figures, and for sending the wrong message about how best to resolve social conflicts.” “The response to the Cronulla riots in Sydney in the holiday period 2005-06 - which saw the use of police road blocks across major arteries, the passage of legislation that greatly extended police powers, the deployment of huge numbers of police in the southern beaches area, and an emphasis on a paramilitary style of intervention - provides an example of highly interventionist coercive policing.” “It is difficult to empirically assess whether the length of time and massive police mobilisation was the most cost-effective response in this instance. Generally speaking however, there can be no doubt that tactical use of force is a necessity if specific conditions warrant.” “In other situations, while the instinctive response may be to use coercion, the considered response may in fact be to adopt a more passive approach. Police responses to gatecrashers, for instance, may warrant diverse intervention methods.” “If it is realised that gatecrashers are intentionally trying to get police to a party, and to engage them in pitched battles on the street, then police need to change their normal tactics. “They have to step outside what could become ritualised combat (similar to what occurred at the Bathurst bike races), to diminish the attractions of the engagement by the gatecrasher protagonists. Basically, by backing off, the police can ensure that this type of violence will not occur,” Professor White said. Today many police forces around the country and the globe are adopting a more community-based policing approach. This includes local police regularly visiting schools, holding open days inviting people to meet their local police force and greater involvement in what have been identified as troublesome areas, including but not limited to lower socioeconomic areas. As society changes with the evolution of smart technologies, enabling people to have greater access to information, it is logical that policing models need to move with the times. “Strategic placement of the local police booze bus in adjoining areas, monitoring of the internet to ascertain who is talking about a particular venue and what will go on there and assessment and dispersal of movement routes in relation to a party can also constitute low level measures which contribute to safety and well being,” Professor White says.

The report entitled:

Australian Crime: Facts and Figures Report said that during 2011 people in that age group were responsible for 886 crimes per 100,000 people, compared to a crime rate of 85 offences per 100,000 people in the age group ranging from 55 to 59 years of age.

Australian Security Magazine | 17

Frontline

HELP FROM ABOVE When drones became the unsung hero in the aftermath of Hurricane Katrina,

Australia’s most prominent lifesaving advocate realised UAVs could be the key to preventing shark attacks and coastal drownings in treacherous waters.

A By Adeline Teoh ASM correspondent

ustralia has surfer Mick Fanning to thank for an enhanced shark handling reputation. In July 2015, when Fanning encountered a shark during competition in South Africa, he punched it until he could escape on a jet ski. The surfer had the benefit of the competition’s support crew to thank for the swift rescue but other Australians aren’t so lucky. As a large island with a long shoreline, Australia has hundreds of remote, unsupervised beaches where encounters with sharks and potential drownings may occur. Records for 2015 show 33 encounters between humans and sharks: in 25 cases the human sustained an injury, and two of those were fatalities. Shark attacks are headline news and heightened public awareness led to political support for a new kind of technology: the Little Ripper, an ocean-faring patrol and rescue drone, part of the NSW Government’s $16 shark strategy. The man behind this technology is Kevin Weldon AM, who is relatively unknown in the technology industry but much better known as Australia’s most prominent lifesaving advocate. A life saving lives Weldon’s life, in a nutshell, has been spent in some form or another saving lives. Aged 15 he joined Queensland’s Pacific

18 | Australian Security Magazine

Surf Club as a surf lifesaving cadet, working his way through the ranks to eventually become president. In 1971, convinced of the value of lifesaving training and advocacy, he founded World Life Saving, a volunteer-led organisation, which later merged with its French counterpart, the Fédération Internationale de Sauvetage Aquatique, to become the International Life Saving Federation. Weldon became ILSF’s inaugural president. Despite spending a lot of his time in and around Australian beaches, Weldon didn’t conceive of Little Ripper during a surfing session or a few rounds with a shark but in the aftermath of Hurricane Katrina more than a decade ago. Following the hurricane, New Orleans flooded and many people were trapped in their homes, forced to wait for help. Some managed to climb onto roofs to signal for helicopters, while others could not. The US Army used two unmanned aerial vehicles (UAVs), more commonly known as drones, to manoeuvre through the flooded streets to find those others who required help. “There were basically mini helicopters manned by the army, coming from the skunk works of Defense,” Weldon explains. “They were able to go up and down flooded streets and find people not on the roof, the people the helicopters missed. They saved 5,000 lives.”

Frontline

Having seen what UAVs could do in a search and rescue situation, Weldon realised he could use the technology to support Australian lifesaving. “As the founder of two worldwide water safety organisations, I thought ‘this is the future’,” he says. Water safety Forget the shark attack headlines for a minute and consider that almost 300 people a year drown in Australian waters, far more than those who encounter sharks. Weldon believes Little Ripper, the drone technology he has developed with senior director Noel Purcell, can provide much needed support to prevent both shark attacks and many of these drownings. Little Ripper drones can patrol isolated beaches and provide rescue help in difficult terrain, such as around cliffs and headlands. Two pilots—one to drive, the other to analyse what the Little Ripper sees—can fly the FADEC (full authority digital electronics control) aircraft from a laptop at a command post. “Little Rippers can patrol all these isolated areas on a regular basis. They can be remotely manned in emergency services trailers and we can go to remote areas quickly and launch them,” Weldon explains. The two-metre long drone, which has a wingspan of 2.5 metres and a flight time of 2.5 hours, has a loudspeaker that can warn swimmers and surfers beyond earshot of beachbound lifesavers of dangerous conditions, whether a shark or a rip. It also carries a nine-kilogram rescue package comprising a flotation device, GPS unit, Shark Shield repellent and other technology to assist subsequent rescue efforts, giving precious minutes to those in trouble while helping to locate the swimmers or surfers for human rescuers. Purcell is currently in discussions with Intel to include its TCAS (traffic collision avoidance system) and ADS-B (automatic dependent surveillance broadcast) technology, which will help pilots track and control the fleet. Other tech, including its electric battery-powered motor, sensors and video capture, already comes standard.

Little Ripper will come into its own when it can monitor currently unpatrolled areas. Now it is only a matter of speeding up the deployment process—”we’ve got it down to 14 minutes but we’ll get there faster”—and training more pilots for the 40 Little Rippers to be launched in the coming year. Next time the headlines scream about shark attacks or you hear of swimmers caught in a big rip, think instead of the Little Ripper and how technology is helping humans survive the forces of nature.

Westpac Little Ripper 3 a

Eyes above water There are currently 16 Little Rippers in operation under the wings of 16 existing Westpac Rescue Helicopter Services that patrol beaches in New South Wales. This, as well as in-water sonar to track shark movements and an accompanying app showing the predators in real-time form part of the NSW Government’s shark strategy. The sonar provides underwater data, while the helicopters take a wide aerial view and the drones provide ‘eyes on the surface’. Weldon says the tests are going well. Recently the test crew placed a mannequin in the sea at an undisclosed location for Little Ripper to rescue. “The mannequin looked like a person floating and the Little Ripper had to find it. It was planted secretly and the Little Ripper found it and also found a shark not too far from it. The shark took a bit of interest in the mannequin and then swam away,” Weldon recounts. The team is now working with the Civil Aviation Safety Authority to do out of line-of-sight testing, “so we can fly them out of sight and remotely,” says Weldon, who believes

NSW Premier Mike Baird, Westpac CEO Brian Hartzer, Westpac Little Ripper Founder Kevin Weldon and President of SLS NSW Tony Haven

Tony Haven President of SLS NSW, Brian Hartzer Westpac CEO, Premier Mike Baird and Kevin Weldon Little Ripper Founder

Australian Security Magazine | 19

Cyber Security

Building a security intelligence centre The Threat

Cybercrime is a highly profitable and low risk business, which is why it’s costing the global economy more than $400 billion every year. Threats are continually evolving and scaling, making them harder and harder to detect and eradicate. The average time from infection to detection has been reported as being as high as 206 days, with a further 69 days being taken to eradicate the infection. So, what’s going wrong; why can’t the security industry combat this ever changing threat? A new buzz-term has emerged over recent months – security intelligence – coming with promises of quicker detection times and faster resolution times, at last putting our security teams on the front foot. Let’s look at whether the promise of security intelligence is simply marketing hype or is there really a progressive paradigm shift happening in the security operations centres that finally sees our analysts getting ahead of the hackers.

The Challenge

For the past two decades, our beleaguered security analysts have been fighting what can only be described as a losing battle. Every day, billions upon billions of events flood from corporate servers, workstations, network devices and applications into our security operations centres’ systems. Every single event could be the trigger our analysts need to detect an attack and start the incident response process. However, correlating attack patterns and indicators of compromise (IOCs) from this kind of data deluge is an impossible task, and it’s often the more subtle, slow-burning attacks that go unnoticed. Huntsman’s product development team has directly observed this issue within our customers’ security operations centres, seeing how even the best trained and most astute security analysts are getting burned out as they hunt for the proverbial IOC needle in the haystack of security events. Even the best, most experienced security teams can’t do everything they need to do to stay ahead of today’s ever-changing threat environment, which is why our customers have asked for help.

Automatic Threat Verification

Careful analysis of our customers’ security operations

20 | Australian Security Magazine

centres has shown that the biggest challenge modern security teams have is finding the time to do the truly valuable work they should be doing, such as hunting for cyber threats. The problem is that most investigations turn out to be nothing more than false alarms, triggered by misconfigured network devices, badly designed applications and miscommunicated system changes that create incidents, and can add up to weeks or even months of wasted effort every single year. Forrester’s recent call to action suggests that the answer is in automation. “Businesses can no longer rely on passive, manual procedures to defend against attacks.” However, the challenge remains as to how we automate the detection of real attacks while filtering out events that relate to false positives, all the time guarding against anything that might be vital to our defence (false negatives). The answer comes in our ability to operate across the security value chain ensuring analytical completeness across the entire ‘kill chain’. The latest version of Huntsman Analyst Portal® solves this problem using a variety of proven technologies, such as machine learning and predictive analytics to automate the process of incident triage and investigation, which in turn enable

Cyber Security

To learn move about Advanced Treat Verification, click here

threat verification and resolution in seconds. Our technology automatically assesses the likelihood of a threat being real by cross-correlating it with corroborating evidence from other intelligence sources for highly accurate decision making. This eliminates the large volume of false positives security analysts have to deal with, freeing them up to investigate real attacks and carry out other proactive security functions. Huntsman Analyst PortalÂŽ aggregates threat information from a variety of sources, such as endpoint security suites, application firewalls, malware sandboxing systems and network infrastructure devices to automatically provide analysts with a summary report of all relevant information so they can immediately start investigating an incident. This means that triage is significantly faster and more accurate, resulting in 90% less time being wasted.

Security Intelligence Centres

Security operations centre managers are now rewriting their standard operating procedures to make use of the extra time analysts have available. This allows them to focus on progressive, proactive threat identification (hunting) and security testing (vulnerability analysis and penetration testing). This focus on building a more defensible enterprise invariably yields better, longer-term reductions in security risk for the business and recasts the services the operations centre provides up the value chain. No longer are they providing security operations, instead they are now providing a proactive, futureproofing of the businessâ&#x20AC;&#x2122; defences akin to the work that national security agencies provide for governments around the world. With the help of Huntsman Analyst PortalÂŽ, security teams can now start looking to a brighter future where security operations centres evolve into security intelligence centres and we finally have the upper hand against the bad guys.

Australian Security Magazine | 21

Cyber Security

Digital Identity How the DTO will improve access to online government services for millions of Australians

T By By John Lord Managing Director, GBG

he Australian Digital Transformation Office (DTO) has recently published a Request for Information to understand the capabilities of local and international businesses to assist them in the design and implementation of a digital identity assurance (IDA) solution. Now is certainly the right time for the DTO to address this, as similar programs have been deployed abroad – especially recently in the UK with the ground-breaking GOV.UK Verify program. As the Australian Government looks to grow and improve online services, and as the cyber fraud landscape evolves, it is vital that the DTO addresses the digital identity verification challenge. The challenge consists of successfully verifying millions of genuine Australian citizens and residents’ identities whilst rejecting fraudsters and keeping the identification process quick and easy for the user The number of online government services is growing, and Australians increasingly expect that these services should be easy to access. In a world where consumers are familiar with everyday online banking and streamlined e-retail experiences, establishing a trusted government digital identification process that is easy, quick and secure for the user has never been more important. What’s the DTO’s plan? Rachel Dixon, Head of Identity for the DTO, recently explained that managing ‘digital identities’ means the ability for the government to trust that citizens who are logging in online or via their mobile to online government services are who they say they are. Additionally, citizens have to trust that

22 | Australian Security Magazine

the Government will deal with them in a fair and secure way. It is to provide some way for citizens to assert their existence online and with some degree of trust in both directions. The DTO is currently in the early stages of the discovery process, and is evaluating the pros and cons of several identification models. It is in the works of building an ‘Alpha product’ to verify the identity of citizens to a level that is sufficient for them to access government services. The project also involves developing a Trusted Digital Identity Framework (TDIF). The DTO will be working with both public and private sector stakeholders to develop a broader framework for trusted digital identities, better enabling them and other agencies and governments to work together. The challenges The ultimate objective for the Australian Government is to encourage citizens to manage more federal – and potentially state – related requests and processes online, to increase efficiencies and reduce costs. This is likely to have a win-win impact for both the Government and citizens, but to achieve this goal, the DTO should address two important issues: 1) Build trust in a climate of increased cyber threats Cyberattacks and data leaks are spreading in Australia, as described by many recent studies including the ACSC’s last Cyber Threat Report. As we are using multiple devices to log on to our favourite websites and apps, the potential for breaches of valuable information has widened. The growing

Cyber Security

‘The DTO is currently in the early stages of the discovery process, and is evaluating the pros and cons of several identification models. It is in the works of building an ‘Alpha product’ to verify the identity of citizens to a level that is sufficient for them to access government services.’ number of financial transactions we conduct online also incentivises hackers to try and gain access to our personal data. For citizens to use online services, you need to ensure that those services are trusted. This means guaranteeing security won’t be breached, and that your users’ personal data will be safe. As soon as sensitive data or money is involved, an extra layer of security is needed, and an extra layer of trust needs to be built. This is where using trusted third party digital identity providers can be highly valuable, meaning there is no central Government-owned database containing all its citizens’ information. If the DTO wants to provide a trusted identification process, they need to partner with the right organisations. Security can be ensured through an identity assurance solution that can verify an individual is who they say they are by referencing on demand multiple datasets from a number of accredited sources. In the UK, the GOV.UK Verify program has benefited from a competitive model, drawing from private sector knowledge and expertise in order to drive innovation in the development and provision of the service. 2) Make the identification process quick and simple, through a single best-in-class platform The Australian Government already offers a wide range of online platforms, each of which enable citizens to access specific services: MyGov, Medicare, and the Tax Office. This is a great first step. But if the Australian Government wants to encourage citizens to process more of their requests online, they need to make it easier for them, and follow a model that enables citizens to login once to a platform that redirects them to all online services whether it is related to tax issues, requests to their local councils, or managing their Medicare profile. The DTO is currently studying the relevance of a federal model. The decision they will make will impact how they need to think about their digital identity approach. Having one common platform with a choice of trusted third party identification providers would give citizens a choice in who verifies them. For now, the DTO needs to evaluate the impact of moving the three above services into one.

Taking the right approach, using the right technology You can find many identification solutions on the market today, from Single-Sign-On (SSO) to manual verification of official identification papers such as Passports or Drivers’ Licences. Each of these solutions has pros and cons, and can be proved efficient in specific contexts, but none of them are highly secure. In order to offer a trusted identification assurance service to Australian citizens, the Government needs to partner with organisations able to swiftly and reliably verify individuals, and provide them unique login credentials that guarantees they are who they say they are without having to go through the identification process again and again. The Government also needs partners able to quickly detect if an identity has been previously compromised, to prevent any loss for both parties – the Government and the citizen. This is a highly complex process. Certified IDA providers use multiple verification techniques that need a high level of expertise. For example, this can include triangulating sources of identity data and verifying somebody is who they say they are through a multitude of checks, including address and financial history, personal knowledge, and document validation. Two-factor verification is an element of this – in other words being asked for something you know as well as proving something you own. For example, you know your username and password, but you need to own a mobile phone to which a security code is sent. Biometrics: the new IDA technology…or is it? When I talk to public and private organisations looking to strengthen their digital identification processes, I often come across decision-makers considering biometric technologies. Many organisations providing online services are indeed looking into biometrics as a possible alternative solution to the conventional ‘password login’ for authentication. Biometric technology undoubtedly has an important role to play in improving service delivery and user experience, with the dual benefit of removing friction for the user and helping to reduce fraud. However is it a technology that the Government should be looking into? Yes, but when it comes to biometric verification – which can include fingerprints, voice and facial recognition – the present consumer technologies available at scale on the market are not robust enough to stand alone and ensure the level of online security vital to verifying identity in the modern age. It must be combined with other proven verification techniques to be truly successful. Regardless of the technology mix that comprises the new digital identification model, this is certainly an exciting opportunity for the DTO to transform how Australian citizens experience online government services.

Australian Security Magazine | 23

Cyber Security

How cloud infrastructure is making enterprise IT more secure

W By James Valentine Chief Technology Officer, Fronde

24 | Australian Security Magazine

hile organisations have long been aware of cloud’s ability to reduce costs and increase agility, industry commentators have debated whether cloud is secure enough to hold sensitive or private information. The key issues in the debate have been: whether cloud services are more easily compromised than on-premise infrastructure; and where the data is stored for legal purposes, also known as data sovereignty. As the debate has continued, cloud technology has leapt forward, particularly in terms of security. Unfortunately, this has coincided with a number of high-profile security breaches; notably the iCloud hack in 2014 that resulted in the release of private images of celebrities. Ironically, most security breaches affect on-premise databases as opposed to cloud-based services. Yet, because moving information and workloads to the cloud means it physically leaves the organisation’s premises, many fear that makes it inherently less secure. In fact, the cloud can offer even better security than on-

premise systems, depending on the cloud provider’s security approach. While many believe it is more difficult to secure information in the cloud, the opposite is true for a number of reasons. First, technology security products such as threat or intrusion detection, firewalls, and antivirus work just as well in the cloud as they do on-premise. Second, the potential for disgruntled or malevolent employees to damage the organisation is reduced. This is because they cannot gain physical access to the data in the same way they could if it was stored on-site. Third, and perhaps most importantly, cloud providers are well aware of the misconceptions around security and take active steps to alleviate concerns. Their data centres are usually independently-audited and they must comply with strict regulations. A significant security breach could spell a cloud provider’s demise, as their entire reputation relies on providing a secure service. This is a powerful incentive for providers to harden their security postures. Individuals have entrusted personal information to cloud-

Cyber Security

Often, organisations with on-premise infrastructure experience regular breaches. They just don’t know about it until well after the event has occurred, or sometimes not at all. Stealth attacks are successful because organisations simply don’t have the resources to devote to security. based apps for years. Organisations such as Facebook, Gmail, Dropbox, and Skype all contain sensitive personal details that present an attractive target for cyber criminals. Yet people continue to use these services because they’re convenient and relatively powerful. They offer much greater functionality and storage capabilities than a standalone device, such as a smartphone, could provide. As individuals, we readily acknowledge that Google and their counterparts are much better at protecting our data than we are. Similarly, organisations should entrust enterprise applications and services to cloud providers. Shifting as much of the company infrastructure as possible to the cloud lets internal IT teams focus on innovation and development, two areas that are sorely needed in an age of intense competition and limited resources. In most instances, cloud providers can and do invest far more in security measures than individual organisations do. They can afford to employ specialist security professionals and devote significant resources to security because that is their core business. Their security budget is therefore far larger than an organisation whose business is manufacturing or professional services, for example. Often, organisations with on-premise infrastructure experience regular breaches. They just don’t know about it until well after the event has occurred, or sometimes not at all. Stealth attacks are successful because organisations simply don’t have the resources to devote to security. They walk a fine line between having a strong security posture and still letting employees do their work without impediment. By contrast, cloud providers such as Google, Salesforce. com and NetSuite, for example, devote massive resources to security around the clock. This not only makes their services more secure than an on-premise solution, it also lets their customers concentrate on their core business rather than on battling cyber threats. It’s true that some cloud services providers are more attractive targets to hackers than the individual companies that may use their cloud infrastructure. However, this unwanted attention is usually met with a security profile designed to stand up to such threats. This sort of security posture is out of reach for most individual companies. Another potential concern some organisations have when it comes to cloud infrastructure is the question of data sovereignty. This relates to where the cloud-based data resides, and whether it is held in a data centre located in a region considered safe for the organisation’s purposes. Some types of data are required to stay within the same national borders as the company that owns them, for example, financial institutions’ data. This was a concern for Australian organisations in the past, but legislation is much

clearer than it previously was as to the particular data that is affected by sovereignty. The vast majority of organisational data is not affected by these data residency concerns. In the rare case where there is a data residency issue a number of large cloud service providers, like Amazon Web Services, offer local data centres. Given the growing capabilities of cloud platforms, and the benefits it can deliver in today’s competitive and fastpaced business landscape, companies are likely to face more risk by not moving to the cloud. Without the cost efficiencies and agility offered by cloud services, they may find it difficult to keep up with competitors. Cloud also makes it easier for organisations to budget effectively, moving much of what was previously capital expenditure into operating expenditure. Cloud providers help organisations keep pace with fast-changing licensing and distribution models, complexities of multi-element contracts, and stringent standards compliance. And, importantly, cloud providers can provide more comprehensive overarching security provisions than most individual organisations. These benefits, combined, make cloud the ideal choice for businesses looking to get ahead of their competitors.

Australian Security Magazine | 25

Cyber Security

Strategic pillars of change:

Analysis of the cyber security strategy

O By Tony Campbell Chief IT correspondent

26 | Australian Security Magazine

n the 21st April, the Federal Government’s longawaited Cyber Security Strategy was launched from Sydney’s Australian Technology Park. Needless to say, the InfoSec community has been hungry for change for some time and the anticipation in the room was palpable. Nevertheless, Prime Minister Turnbull didn’t disappoint. The new strategy does, on the surface of it, seems to deliver on all the strategic pillars of change needed to provide the economic stimulus we need for innovation and development of our national cyber capability. Turnbull pledged $230mn over the next four four years, to be spent on five key themes of action. This may well seem like a trivial investment, given the billion-dollar price tags associated with security investment elsewhere, however, it’s a start and should at least start to help develop the three-way government, industry and citizen step-change we need to succeed. The cash will be allocated to 33 separate initiatives that will instill the five top-level narratives into governments, enterprises, SMBs and our personal lives. One of the most important and possibly overlooked outcomes that I think will really help make this strategy a reality is the creation of two new roles within government. This

was a pleasant surprise, showing us all the strategic importance of cyber security with the Prime Minister and is testament to his understanding of the problem space; he’s actually serious. The government needs dedicated leadership and advocacy in cyber security, so the first of the new appointees, taking on the role of Special Advisor on Cyber Security to the Prime Minister, was handed to Children’s E-Safety Commissioner Alastair MacGibbon. This is great news for the community since Alistair is well respected and a true advocate on the cyber security’s importance to our everyday lives. The second role will be appointed over the next few months by Foreign Minister, Julie Bishop, as Cyber Ambassador to champion a “secure, open and free Internet,” here in Australia, representing our cyber security interests overseas. A National Cyber Partnership “We will also sponsor research to better understand the costs of malicious cyber activity to the Australian economy” The first of the five themes of action is called the National Cyber Partnership. This involves national business leaders, security researchers and government getting together every

Cyber Security

Prime Minister Turnbull launches Australia’s Cyber Security Strategy

“Governments, businesses and the research community will co-design national voluntary cyber security guidelines to promote good practice that all organisations can use.” year to work with the Prime Minister on implementation of the strategy and to help drive its implementation across all of Australia’s states and territories. One of the outcomes of the initial setup of the National Cyber Partnership is to streamline security governance in Commonwealth Government agencies and ensure everyone knows who is responsible and what they are responsible for. The disjointed and overly complicated delegation of authority in the Protective Security Policy Framework (PSPF) will hopefully be replaced by something less onerous and eminently more usable, especially for the smaller agencies where it’s not appropriate to have a massively hierarchical and overly distributed set of functions. Turnbull also committed funding to relocate the Australian Cyber Security Centre (ACSC) from its current location in Canberra’s Ben Chifley Building another, as yet unannounced facility to make it more accessible to industry. This is smart as it aligns with what’s already been demonstrated as effective elsewhere, such as in the UK, where the government invested in their new National Cyber Security Centre (https://www.cesg.gov.uk/ news/NCSC) to be located in London rather than in the inaccessible headquarters of GCHQ in Cheltenham. The costs of malicious cyber activity will also be monitored and reported through this partnership, passing the

information onto business leaders and state governments so that decision makers can understand the extent of the threat and invest in appropriate countermeasures to protect their information. Strong Cyber Defences “Governments, businesses and the research community will co-design national voluntary cyber security guidelines to promote good practice that all organisations can use.” The sharing of threat intelligence and information related to new and emerging attacks was at the heart of this strategic initiative. The Prime Minister specifically referred to CERT Australia’s role being enhanced in the fight against cybercrime, promising new capacity to help them do a better job of interfacing with the business community of Australia. He also said they will improve the capabilities of the Australian Signals Directorate to detect security vulnerabilities, aligning these changes with the wider Defence initiatives outlines in the recently published Defence White Paper. The government has said that it will increase the number of specialist cyber security roles on its own payroll who undertake threat detection and awareness, technical analysis, and forensic assessments of cybercrime in both the Australian Crime Commission and the Australian Federal Police. Based on some of the work previously undertaken by ASD (such as the Top 4 and Top 35 mitigation strategies), this strategic theme will ensure that these guidelines will become more accessible and within the reach and budgets of SMBs and citizens. Guidelines for undertaking voluntary health checks will also be generated, somewhat aligned with some of the themes the UK government introduced through the Cyber Essentials (https://www.cyberstreetwise.com/ cyberessentials/) scheme.

Australian Security Magazine | 27

Cyber Security

Global Responsibility and Influence “Australia will work with its international partners to champion an open, free and secure Internet.” This was very much a running theme throughout the Prime Ministers speech, continually reinforcing Australia’s ambitions on the global stage as an influencer, innovator and economic force to be reckoned with. This is where the role of the Cyber Ambassador comes in, working under the guidance of the Minister of Foreign Affairs, where we’ll finally have a voice in the discussions of international law, intelligence, cyber warfare and the issues related to cross-jurisdictional policing that are plaguing law-enforcement agencies all over the world today. Growth and Innovation “Australia will position itself as a location for cyber security innovation” The Prime Minister predicted that by 2030 the digital business economy of the Asia Pacific region could be worth as much as $625 billion, or 12% of the region’s total GDP. That’s a big number, however, the fact that annual global cybercrime is predicted to be topping $2.1 trillion dollars by 2019 means the threat of cyber-attack is the single biggest threat to our economic growth over the next few decades. The Cyber Security Strategy sets out a roadmap for research and development in cyber-related technologies and risk mitigations that will lead to more jobs for the Australian market, while improving our cyber resilience in the process. The mechanism for achieving this is a Cyber Security Growth Centre, aligned with the National Innovation and Science Agenda (http://www.innovation.gov.au/ page/agenda). This requires the creation of a national network of research and innovation hubs to be located in each of Australia’s capital cities that will work with startups, businesses, governments and the local research and education community. The Cyber Security Growth Centre will coordinate this network both here in Australia and also act as the conduit to overseas organisations performing a similar role. This is amazing news for the business and start-up community since this will provide a potential route to new markets that would otherwise have been difficult to tap into. Mr. Turnbull also pledged funding to boost the capacity of Data61 (CSIRO’s digital research department) to really drive this innovation agenda. This is great news for the economy, which will start to pay off in two to four years if similar initiatives overseas are used as a benchmark, such as Innovate UK (https://www.gov.uk/government/organisations/ innovate-uk). A Cyber Smart Nation “The Government will also further improve national cyber security awareness and work to ensure all Australians understand the risks and benefits of the Internet and how to protect themselves online.” This is a drum that I have been personally beating for the last four years, so it’s fantastic (and somewhat of a watershed moment) when the Prime Minister acknowledges the global

28 | Australian Security Magazine

skills shortage and what it means to the rest of his Cyber Security Strategy. Without our addressing the imminent skills shortage in Australia, the strategy will be simply impossible to deliver on. Back in 2015 (ISC)2 issued their bi-annual Frost and Sullivan Global Information Security Workforce report, suggesting that the scale of the global problem was close to 1.5 million skilled and experienced cyber security professionals would be needed to be brought into the industry, in addition to those they already expect to hire. In the UK, they acknowledged that they generally have a retiring workforce and with fewer and fewer people coming into security, the threat is real and truly imminent. Turnbull said that the government will tackle this here in Australia by working at all levels of education and training, with the private sector, with universities, and with TAFE colleges to ensure we can channel new blood into the industry. The government will also co-design a model that establishes academic centres of cyber security excellence in universities to ensure graduates leave their time at college with relevant, practical and usable skills when they emerge into industry. Centres of excellence will also establish strong links with the Cyber Security Growth Centre to ensure innovations and ideas percolate through the Australian-wide network of national innovation centres. The Government acknowledged that filling the cyber security pipeline with new blood will not be an easy task, which is why they will work closely with industry, schools and colleges to demonstrate to school children that this is a valid and exciting career path, one that they can prepare for with relevant subjects even from a secondary education level. The final piece of the strategic puzzle is related to citizen security and heralds a truly new level of cyber security awareness training for Australia: one that will target every single citizen.

Cyber Security

What’s Next? To ensure we all help Australia achieve InfoSec greatness over the next decade, each and every one of us needs to be living and breathing the strategy every day. Some of the initiatives are certainly long term plays, such as the innovation strategy driven through the Cyber Security Growth Centre and its national counterparts, however, some of them can start right away. We can all start by trying to address the skills gap. We can be promoting cyber security hygiene (good passwords, patching systems, patching applications, not clicking on dodgy links, etc.) and evangelising the value of properly implemented security awareness programmes – security awareness is not just about a one-off training course (although that is one component part that works well at its heart), instead its measure of success is in cultural change. Training can also extend outside of the workforce and cross into training employees’ families and even their friends on good cyber security practices. I’d urge every one of us in the professional security community to become a mentor. Help someone who wants to make the career switch into security but doesn’t know where to start. Work with your HR department and hiring managers to help them define what job roles you really need in your business and what the skills and competencies map to those job roles. Adopt a skills framework, such as Skills for the Information Age (http://www.sfia-online.org/en), since this is the one that the Australian Computer Society (ACS) uses for its MySFIA skills manager. This allows everyone to work to the same underpinning definitions of skills and competency levels. Just imagine the value of being independently recognised by ACS or the Australian Information Security Association (AISA) as a practitioner-level Information Security Manager or a Lead Security Architect, where it actually means something to the community, industry and government, and remuneration discussions and hiring decisions are so much fairer. Longer Term

can’t be all about industry or all about universities: this is too big a problem for any one of these groups to tackle alone. I’m hopeful that having Alastair MacGibbon in charge of the cyber security operations of our nation will see him asking for adequate funding to make the vision a reality. Conclusion Turnbull announced 100 new specialist cyber security jobs across his defence and intelligence agencies. He’s also announced an increase in the capacity of CERT Australia to work closer with Australian businesses, along with an increase in the capacity of the Australian Federal Police and the Australian Crime Commission to tackle cybercrime. He’s pledged to improve ASD’s capability in detecting vulnerabilities and admitted for the first time that ASD has an offensive capability (not that we didn’t already know that), one that will be managed through a framework of stringent legal oversight both at home and internationally. However, these new roles, along with the relocation of the ACSC and the commissioning of threat intelligence sharing centres and the Cyber Security Growth Centre, won’t come cheap. I’m surprised at the incredibly low budget and $230mn over the next four years won’t last long. I am hoping that the lessons learned from the UK, where the government just pledged another £1.9bn ($3.8bn AUD) to the National Cyber Security Centre will show that underinvesting in this national security measure simply won’t get the job done. For the cost of a quarter of an aircraft carrier, we could do so much more (about $1.5bn). All in all, things are changing for the better across our InfoSec landscape. There certainly hasn’t been a more exciting time to be part of this industry and the new strategy is cause for genuine excitement, not only amongst us InfoSec geeks, but for the whole nation. The government sees Australia as a true international player on the ecommerce and innovation stage, but to recognize that the only way to achieve this goal is to improve our information security capabilities should be applauded. Not the real work begins.

The Prime Minister discussed some of the cyber-attacks we’ve seen here in Australia over the past year, such as the website attacks on David Jones and Kmart that left thousands of customers exposed to ID theft and online fraud. Turnbull specifically applauded Kmart’s response to the attack, given their rapid disclosure and reporting of the incident to the Privacy Commissioner. We all need to get smarter at handling incidents and admitting when we have been breached. We need to ensure we do the right thing, not the easy thing, especially where someone else’s data is in question. The Prime Minister also commented on the alleged attack on the Bureau of Meteorology, acknowledging it was indeed a real event and one that has been mirrored across other government departments. By acknowledging this, he’s showing that the government is playing by the rules they are setting, which in itself is a big step forward. The tangible investment that’s been pledged, $230 million over four years, is not enough, that’s obvious, but industry needs to step up and take some accountability for investment too. It can’t all come from government; in the same way it

Australian Security Magazine | 29

Cyber Security

The greatest threat to your business today Contributed by F5 Networks

or as long as digital technology has existed, there have been people who sought to exploit it for criminal gains. What once started as opportunistic email scams has evolved into highly complex, targeted operations that generate billions of illicit dollars every year. The result is a sharp rise in threats such as cyber-espionage, crimeware, web fraud, DOS attacks, and POS intrusions that threaten to destabilise organisations across APAC and beyond. Today, almost two-thirds (60%) of attackers compromise systems in just seconds or minutes, with banks, commerce portals and payment services being key targets. This is the greatest threat to your business today. The new norm There are few other industries that have been transformed by digital technology as much as finance. Digital banking consumers numbered 670 million in Asia in 2014, and that is expected to rise to 1.7 billion by 2020. Growth of internet and mobile channels for a range of banking services now averages 35% a year, while traditional bricks-and-mortar

30 | Australian Security Magazine

usage is falling at a rate of 27% across Asia. Adoption rates for mobile ranking are highest in markets like India and China, reaching 60-70% in some cases, far exceeding more developed nations like the UK and US . In short, Asian consumers are wholeheartedly embracing the digitisation of finance. But while this meteoric growth has ushered in a new era of convenience, it has also presented fraudsters with a multichannel digital playground in which to operate. “Here’s the digital paradox: organisations today are able to cover more ground, more quickly, than ever before – thanks to new digital connections, tools and platforms which can connect them in real time with customers, suppliers and partners. Yet at the same time cybercrime has become a powerful countervailing force that’s limiting that potential.” – PWC, Global Economic Crime Survey 2016 A third of organisations are now affected by cybercrime each year, and a similar number think they’ll be affected in the next two years. The range of digitised financial instruments has created a multitude of new touchpoints for criminals to access potential targets. From online banking to

Cyber Security

The majority (84%) of financial firms now rank cyber threats as one of their top business risks . 61% of CEOs are increasingly concerned about the impact of these threats on their business , any yet less than half (37%) of organisations have a cyber incident response plan in place while 32% of organisations are affected by cybercrime. point-of-sales transactions, as our lives have become more interlinked so the threats to our security have increased. According to a recent poll by The Asian Banker, the top three challenges in fighting cyber fraud today are: 1. Protection of multiple and increasing banking channels. 2. Rapid evolution of malware specifically designed to target financial institutions and their clients that are increasingly hard to detect and remove. 3. Lack of willingness from management to actively invest in cyber security measures without being driven by regulations or having suffered major losses from cyber intrusions. The majority (84%) of financial firms now rank cyber threats as one of their top business risks. 61% of CEOs are increasingly concerned about the impact of these threats on their business, any yet less than half (37%) of organisations have a cyber incident response plan in place while 32% of organisations are affected by cybercrime. And the bad news is that threats are becoming increasingly sophisticated. More than one billion personal records were illegally accessed in 2014, including health, financial, email and home address data, an increase of 54% on the previous year. 5 Most Common Threats •

•

Crimeware/Malware – Opportunistic, dynamic, sophisticated. Malware, including phishing, is a favoured tool of criminals around the world to gain access to confidential systems and information. In 2014 alone, 27 million users were targeted by 22.9 million attacks using financial malware. The recently discovered Tinbapore trojan is currently putting millions of dollars at risk across APAC. Web application attacks – Using stolen credentials and personal information, these attacks target the vulnerabilities in web applications, particularly across banks and ecommerce sites. Customers are usually redirected to false sites where their details – and eventually money – are stolen. Last year, experts found some 360 million stolen credentials for sale online . Point of sale (POS) attacks – As chip and pin have had much success in reducing card fraud, attackers have now turned their attention to the servers running POS applications. Using sophisticated algorithms, powerful botnets, and even brute force, payment data is harvested from unsuspecting organisations and turned into currency. Insider compromise – A symptom of our evermore connected world, insider threats are becoming

•

increasingly common as criminals target employees and partners (knowingly or unknowingly). Some estimates attribute more than half (58%) of all security incidents to organisational insiders. Denial of service (DDoS) attacks – Criminals are increasingly favouring this technique, which utilises huge networks of computers to overwhelm websites and force business to grind to a halt. These attacks are becoming ever more common, increasing by 149% in Q4 2015 alone.

Tinbapore Malware First detected in real time by F5 in November 2015, Tinbapore is a sophisticated evolution of the Tinba malware which is now act ively targeting banks and other financial institutions in APAC, with Singapore accounting for 30% of attacks alone. Delivered via junk email, the malware is noteworthy for its use of sophisticated algorithms which allow it to come back to life even after a command and control server is taken down. It’s harder to repair a reputation Four decades ago, some 95% of a corporation’s value was derived from tangible assets such as products, buildings and people. Today, an estimated three-quarters of an organisation’s value is intangible. In short, our newly digitised world has made a brand’s reputation and name its most valuable asset. While the financial and organisational impacts from cybercrimes are enormously damaging, the reputational risks can impact consumer and investor confidence. In some cases, a brand may never recover. Careful planning and prompt action for when, not if, your organisation is threatened can make the difference between retaining customers or losing everything. Always on, always ready While we are living in a heightened climate of fear currently, it isn’t all bad news. Consumer education about the need to safeguard personal data online is improving. Meanwhile, organisations are increasingly recognising the need for cyber security strategies that directly address the risks posed to their business. After all, prevention is infinitely preferable to cure. PWC estimates that almost half of businesses now conduct regular threat assessments, while a similar number have active monitoring or analysis of security intelligence. An impressive 58%, or almost two-thirds, have an overall information security strategy. Banks, commerce portals and payment services need a strategy that offers real-time identification, deep analysis, and across-the-board protection.

Australian Security Magazine | 31

Cyber Security

Guarding the net-users

Mumbai is India’s first city to have a dedicated cyber crime police station.

T By Sarosh Bana ASM correspondent

32 | Australian Security Magazine

he widening usage of social media, online financial transactions and applications, internet correspondence and e-governance is increasingly falling prey to website hacking, software piracy, impersonation, identity theft, online and credit card fraud, cyber stalking and cyber pornography. Seized of this relatively new genre of crime, the Department of Police in the financial capital of India has established a police station that has been specially equipped with state-of-the-art equipment and devices to aid in the handling of cases on offences committed in cyberspace. This coastal metropolis of 24 million is not exactly crimeridden for a city its size, but it does have a vibrant underworld that perpetrates the gamut of criminal activities. Mumbai has besides been scarred by two of the most violent and first of their kind terror attacks in present times, the 13 serial bomb explosions on 12 March 1993 in different parts of the city that killed 257 and injured 1,400, and the 12 coordinated shooting and bombing attacks by 10 terrorists lasting four days in November 2008 that took a toll of 174 and wounded

a further 293, both attacks conducted by Islamic extremists. “Online crimes are on the surge with organised cyber criminals devising numerous ways to dupe victims,” notes Commissioner of Police, Datta Padsalgikar. “It is thus vital that we have dedicated personnel to deal with the menace.” The Mumbai police are taking steps by way of precautionary instructions posted on their website as well as through public interaction to make internet users aware about safety measures they should keep in mind and how dearly any ignorance, oversight or mistake can cost them. Padsalgikar says his police force is also partnering with all stakeholders, including educational institutions and industry bodies, in bringing awareness to larger audiences. Such threats will expand exponentially as connectivity increases and services converge on mobile-ready devices and connections. India is the world’s fastest growing smartphone market and a global mobile data traffic forecast by Californiabased networking solutions giant Cisco Systems, Inc. projects the number of smartphones in the country to increase from 140 million to 651 million by 2019 and of tablets, from 2.03

Cyber Security

“Overall, there will be 895.6 million mobile users by 2019, up from 590.3 million in 2014, while globally, the report forecasts their numbers to grow from 4.3 billion to 5.2 billion in that period” million to 18.7 million. Overall, there will be 895.6 million mobile users by 2019, up from 590.3 million in 2014, while globally, the report forecasts their numbers to grow from 4.3 billion to 5.2 billion in that period. Law enforcement across the country is being preened for the vastly ambitious ‘Digital India’ programme envisaged by the government. Whether it is interfacing with citizens, businesses or within the government, the fundamental principle is to ensure that all government services and information are available anywhere, anytime, and on any device that is easy-to-use, seamless, highly-available and secured. The government is mindful of the fact that digitally enabled economies grow faster than the others, a case in point being China. ‘Digital India’ aims at restructuring several existing schemes to bring in a transformative impact by leveraging proven technologies like Cloud, Machine-toMachine (M2M), Analytics, Mobile (web-based interface), Social and Security. The Mumbai police’s cyber crime station at the suburban locality of Bandra-Kurla Complex (BKC) was preceded by a Cyber Crime Investigation Cell that was set up at its headquarters in the downtown area. Inaugurated in 2000, this cell deals with offences related to the computer, computer network, computer resource, computer systems, computer devices and the Internet. Training is also imparted to the law enforcers through a two-year course in cyber crime investigations, cyber forensics and cyber laws. Currently, cyber cases are registered at police stations, but investigation is carried out by the cyber cell and cyber crime police station. Additional Commissioner of Police (Crime) for Mumbai, K.M.M. Prasanna, says there are plans to set up three more cyber cells in the city and these will report to him, or whoever succeeds him, and the Joint Commissioner of Police (Crime), who is a rank senior. One of these cells will also assist the Economic Offences Wing (EOW) of the Mumbai Crime Branch. Their design and creation will be on the lines of the central Computer Emergency Response Team (CERT), which has expert groups that handle computer security incidents. Apart from training, requisite infrastructure is also being created to keep the Mumbai police a step ahead of the cyber criminals. Towards this, a state-of-the-art Information Technology (IT) centre is being set up above the cyber police station at BKC. With conviction deemed as important as detection, a special court has been set up for expeditious trial of these cases and for better conviction rates. The Mumbai police will be working closely with public prosecutors and magistrates in this regard. There are handicaps, however, in the form of a manpower

crunch in the sole cyber cell at BKC and for the single courtroom at the Esplanade Court. The cell has not secured a single conviction in any of the 23 cases that have been disposed of. An additional 126 cases are pending trial. While the proposed cyber cells require to be staffed by 286 officers and men, the single cyber cell in existence at present has but 37 police constables and 16 officers. With leaves, sick leaves and holidays, the manpower gets further narrowed down to about three police inspectors (PIs) and 13 assistant PIs (APIs) and police sub-inspectors (PSIs) in the cell. As only a PI is empowered to deal with these cases, the three PIs are handling about 122 cases each, which is hampering the quality of probe. Also, while cyber offence cases can be registered at all the 93 police stations in the city, the complainants are guided to approach the cyber cell at BKC. Cyber security expert Vijay Mukhi remarks that cyber crime is a global issue and needs to be addressed through a global approach as no city can resolve it in isolation. “One’s bank account can be wiped out by a cyber criminal operating from the next lane or from a country halfway across the earth,” he mentions. He is, however, heartened by the fact that law enforcers are increasingly working together and sharing information. Banks too are coming together to share intelligence on information such as active fraud threats. He deems it essential for a global alliance of efforts to close the gaps that cyber criminals use to advantage. Mukhi is President of the Foundation of Information Security and

Australian Security Magazine | 33

Cyber Security

Technology (FIST), which aims at finding solutions to security-related problems and updating the diverse sections of society on cyber crime and cyber safety. At a past RSA conference in Singapore where he estimated 14 people falling victim to cyber crime per second, James Pang, assistant director at the INTERPOL Digital Crime Centre (IDCC), pointed out that law enforcers yet have no unified perspective on cyber crime. “Investigations are often hampered due to slowness of mutual legal assistance (MLA) and by the time MLA is processed, the electronic evidence may no longer be available if it is not preserved,” he explained. “Some countries do not even have cyber crime laws for empowering their law enforcement agencies to launch investigations, not to mention prosecuting the criminals.” INTERPOL now focuses more on the intersection of crime and technology in an increasingly inter-connected world and has, in consultation with its member countries, framed a model for international law enforcement cooperation on digital security. The Mumbai police have had developed a browser-based Crime Criminal Information System (CCIS) software for recording and assessing cognisable cyber crimes to assist investigation. “Daily, weekly, monthly, quarterly and other reports are being sent online and in the next phase, we plan to introduce the facility of collecting and analysing fingerprints online,” mentions Prasanna. The police department has also set up its own Virtual Private Network where all police stations and senior officials from the rank of Assistant Commissioner to Commissioner are connected with the remote database and application server.

34 | Australian Security Magazine

The police are seeking certain amendments in the Information Technology Act of 2000, which they feel will help them combat cyber crime more effectively. For instance, they want section 78 – that restricts investigation only to officers of the rank of PI and above – to include also those at the PSI level. “We have very few PI-rank officers, and most of them are old and hence not computer-savvy,” notes Prasanna. “Our PSIs are recently recruited and young, and hence can be more easily trained to handle cyber crimes.” The police also want a replacement for section 66-A that came to be evoked by them so ruthlessly that the country’s highest court last year declared it draconian and unconstitutional and struck it down. The section provided for imprisonment upto three years and fine for anyone convicted of sending offensive messages by means of a computer resource or a communication device, ‘offensive’ implying “menacing character” or “for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will”. The apex court intervened when it ascertained gross misuse of the proviso by the police who arrested people simply for posting critical comments on social and political issues and political leaders on social networking sites. The government now seeks to introduce new guidelines for enforcing this act, though cyber law experts believe that tweaking the guidelines will retain the draconian nature of the law. Prasanna also indicates that the IT Act does not cover online radicalisation and this aspect needs to be included. The Mumbai police are also urging the government to include Internet etiquette in school curricula for fourth standard and above.

Cyber Security

The Road ahead : How to survive as a new Cyber Security Manager

By David Stafford Information Security Manager, Kinetic IT.

Cyber security breaches are once again hitting the headlines, with dire warnings of hacking on the rise; cybercrime, cyberwarfare, malware, ransomware and nation states all trying to access your information. Your company’s directors meet for their regular strategy meeting, where the CIO takes an action to hire an Information Security Manager to deal with all this complicated security stuff. Given your interest in this area, your manager suggests you have a crack at it. You accept! You are now your organisation’s Information Security Manager. Now what? No surprise, I took the role! I love nothing better than this kind of career challenge. I have no regrets, having loved every single minute of it, however, looking back, I had no idea of the challenges that lay ahead. This article has been put together to help anyone looking to take the plunge as I have, with the list below of tips that will assist you to be better prepared than I was.

10 Tips on how to be more prepared for a cyber security breach Tip 1 Get a mentor and work hard! Harder than you ever have before! Find someone with a solid information security knowledge that can assist with the fundamentals of information security and information assurance. I’d recommend looking here as a start www.aisa.org.au.

Tip 2 Take notes; lots of notes. In every meeting I attend, I come across acronyms, frameworks and standards I’ve not heard of. I discreetly write every one of them down and look them up afterwards.

Tip 3 Take some training. I’m not taking about university courses or technical study, you need to get some solid information security management training, ideally from an expert. There are a myriad courses out there on this topic, CISMP and CISM are ones that come to mind as a start (see Tip 2).

Tip 4 With everything you do, think of the tenants of Information Security – Confidentiality, Integrity and Availability (CIA). How does, what is being talked about, the current incident, vulnerability, threat, Pilot, project, etc., affect CIA.

Tip 5 Policy, Procedures and Work instructions. These are referenced in a particular order. Policy says what, a procedure supports policy and explains how and the Work Instruction supports the procedure and details exactly how for every applicable team.

Tip 6 Patching, quickly understand each teams patching schedules, reporting and current compliance and ask to see them. Verizon’s 2015 Data Breach Investigations Report states “We found that 99.9% of the exploited vulnerabilities had been compromised more than a year after the associated CVE was published”

Tip 7 Understand your incident response plan/process and ask to see it. Breaches are inevitable. Schedule an incident drill to establish your baseline and work from there.

Tip 8 Tailor your communications to the leadership group accordingly. Remove appliance names and technologies and break it down into simple to digest language that tells the audience how their organisation is impacted.

Tip 9 Talk about facts and only facts. Remove any opinion and remember that you can only talk about what you know of. Yes the organisation may currently have a vulnerability being exploited however if you have nothing to back that up, it is only a possibility.

Tip 10 Remember Risk Management sits at the heart of every decision. Risk is your friend, so don’t be scared of it. It allows you to communicate in a manner with which people will understand how they are impacted, empowering them to take appropriate action. About the Author David Stafford-Gaffney is an information risk and security professional with over two decades in the ICT sector in roles ranging from hands on technical, to operational management and business development. He has established two businesses from scratch and his strong business acumen enables him to understand acutely the need to align security with business requirements. He is passionate about leadership, Information Security and assurance and improving the industry as a whole. He currently works as an Information Security Manager for Kinetic IT.

Australian Security Magazine | 35

Singapore Feature

Security in Singapore Security forms a key element of Australia’s partnership with Singapore and the private security sector should take advantage

By Chris Cubbage Executive Editor

aving had three back-to-back visits to Singapore in May, it was an opportune time to implicate myself further into this active city, with a proud people and with clear, long term prospects for continued city development and of most interest, a fast growing digital business economy. With dark clouds on the global economic horizon, if any country is set to lead the way through an approaching economic storm, it is Singapore. We have been wise to tie alongside this country’s anchor. On 29 June 2015, Australia and Singapore signed a Joint Declaration on the Comprehensive Strategic Partnership (CSP), a ten year plan to enhance strategic, trade, economic, defence and people to people links, and deepen bilateral relations for a Closer Economic Relationship (CER). The two countries announced in May they want to accelerate collaboration in innovation, science, research and technology. Regional security, defence and cyber-security are key aspects of the CER and there is naturally also an opportunity for Australia’s private security sector to sign-up and partner with Singapore’s security sector. This special report provides insight into how this may occur and why. Introduction to a global landscape The health and well-being of the global economy has direct and indirect context implications on the related security risk and threat environment. To help set the global landscape and business environment, we refer to the most recent PIMCO Secular Outlook 2016 titled ‘The Global Outlook: Stable but not Secure’.

36 | Australian Security Magazine

The PIMCO report provided a consensus that “the post-crisis global economy is just fast enough to avoid stall speed, but there is no evident or prospective source of productivity or organic demand that would support a baseline for more robust expansion. The baseline scenario is that a version of the status quo will evolve gradually” ... however, it was acknowledged “there is a material risk globally that the unconventional monetary policies in place today will be insufficient to maintain global growth, close output gaps and bring inflation to target. Furthermore, compared with the pre-crises experience, with trend growth slow and with debt levels high, there is no obvious ‘spare tyres’ available globally, if and when monetary policy exhaustion threatens global stability. In other words, the global economy finds itself today in a state of disequilibrium that has remained stable thus far only…” ( June 2016). Alongside this report, the OECD’s latest Global Economic Outlook concluded “slower productivity growth and rising inequality pose further challenges. Comprehensive policy action is urgently needed to ensure that we get off this disappointing growth path and propel our economies to levels that will safeguard living standards for all,” said OECD Secretary-General Mr Angel Gurría. Singapore is Shining Despite global downturn, Singapore has cleverly manoeuvred itself to be an important international finance and commerce hub and ranked by the World Economic Forum as the most technology-ready country in the world. A most recent example is KuangChi Science’s announcement to locate its

Singapore Feature

headquarters in Singapore. KuangChi Science was founded in 2010 by five distinguished Chinese scientists and provides a series of disruption space services and is working towards building a global disruptive space technology alliance. In addition, KuangChi Science announced a smart city objective, the Future City Strategy. Dr. Zhang Yangyang, Co-CEO of KuangChi Science, “Singapore provides an ideal innovation base and by creating an innovation headquarters in Singapore, KuangChi Science plans to further collaborate with Singaporean companies and institutes for research and development.” The strategy has been influenced by Singapore’s ‘Smart Nation’ initiative, which was launched in 2014 to make living better for all through tech-enabled solutions, harnessing ICT, communications networks, and big data. Information and communications technology allows local governments to interact directly with the community and the city infrastructure to monitor what is happening in the city and how it is evolving, and to ultimately create a better quality of life for citizens. KuangChi Science has been making investments in security, data transfer, and wireless coverage technology to help make cities smarter and better, effectively optimizing key services to improve city living around the world. HyalRoute has been one of the company’s key investments to support this goal. HyalRoute, now a part of Kuang-Chi GCI’s portfolio of technology innovation companies, is one of the most advanced network infrastructure developers and transnational telecommunication operators in the Asian-Pacific market. The company is engineering and implementing an international fiber-optic network spanning more than 1 million kilometres in length and linking 50 countries. Kuang-Chi GCI launched an international innovation fund based in Israel to invest in companies worldwide. The newly established fund had an initial investment of $50 million, which is planned to grow to $300 million over the next three years. Signing onto Singapore’s Security To facilitate the CER, Singapore will provide dedicated funding of S$25 million over five years. Australia will provide matching funding from a variety of government and nongovernment sources. Australia will also locate one of its five “landing pads” for market-ready start-ups in Singapore. This will assist start-ups to “think global” by linking them into entrepreneur and capital networks and industry value chains, accelerating their business development and growth. A pilot 1.5 Track Dialogue will bring together Government officials and academia in Australia in late 2016 to discuss regional security issues. The two countries will work together on defence science and technology, in areas including combat systems command, control, communications, intelligence integration and cognitive/ human systems integration. In the shadow of China’s militarisation of the South China Sea, these major areas of cooperation and collaboration demonstrate the extent of a fast expanding strategic defence partnership. For civil security, a Memorandum of Understanding has been signed to improve operational collaboration and

‘Kuang-Chi GCI launched an international innovation fund based in Israel to invest in companies worldwide. The newly established fund had an initial investment of $50 million, which is planned to grow to $300 million over the next three years.’ information exchange, share best practices and strengthen law enforcement cooperation in deterring, preventing and disrupting transnational drug crime. Alongside the defence and public security sectore, there is naturally a strong security profession in Singapore with the Singapore Security Alliance (SSA), an Alliance amongst the different security industry associations and organisations in the country. Much like the initiative in Australia with the Australiasian Council of Security Professionals (ACSP), the SSA includes the Asian Professional Security Association Singapore Chapter (APSA), ASIS International Singapore (ASIS), International Society of Crime Prevention Practitioners, Singapore (ISCPP), Security Systems Association of Singapore (SSAS) and Conference & Exhibition Management Services Pte Ltd (CEMS), organiser of the largest security exhibition in Singapore – Safety & Security Asia (SSA) series. The principle of the Alliance is to bring together different industry authorities under a uniform community to help address security issues in Singapore. For infosec professionals, the Association of Information Security Professionals (AISP) is registered with association to the Singapore Computer Society (SCS) and Infocomm Development Authority of Singapore (iDA). ASIS International Singapore Chapter has over 200 members and the Chapter actively promotes the certification of security professionals through the Certified Protection Professional (CPP) and Physical Security Professional (PSP) programmes. (Reference: http://dfat.gov.au/geo/singapore/Documents/ australia-singapore-csp-fact-sheet.pdf ) There is a great opportunity for Australian and Singapore security and technology professionals to better collaborate and partner. As Australia’s state based legislation models continue to be sought after for reform and seek out a national model, Singapore provides an ideal partner to work with in particular to work on solving the cyber security skills shortage and upskilling the existing physical security profession. Singapore’s Economic Development Board has been nurturing key industries that are driving Singapore’s economy and will take it into the future with attractive employment prospects. One these industries includes computer security and development of professionals in the information and communications technology sector. The future of the Australia and Singapore partnership is clear and mapped out. However, it will remain on the professional security sector to collaborate and partner to take advantage of this relationship and the opportunities it provides. It could be as simple as memorandums of understanding between our primary associations but could go as far as mutual recognition of agent and consultant licenses, certifications, training and qualifications.

Australian Security Magazine | 37

Singapore Feature

SMART Facilities Management Solutions expo and conference 2016 The field of facilities management is rapidly evolving & Asia is driving the evolution

he SMART Facilities Management Solutions Expo and Conference 2016 addresses a fast growing demand for facilities management (FM) services across Asia. The three-day trade show featured 40 exhibitors from around the world, including Australia, Hong Kong, India, Indonesia, Japan, Malaysia, Netherlands, Singapore, United Kingdom and the United States. With the advent of new technologies and smart building solutions such as IoT the complexity of the field has grown at the same time as an integrated environment. Industry leaders gathered at the conference to share ideas, best practices, and exchange expert knowledge on areas covering sustainability, manpower, smart energy and asset management, as well as the management of social, leisure, productivity and security management of facilities, to some 160 delegates. Ms. Fong Siew Han, Director of Infineon Technologies Asia Pacific, said: “The Facilities Management Conference was a wonderful platform for both practitioners and researchers from the industry and academia to meet and share the latest developments on FM for the built environment sector in Asia. Key themes carried discussions on ‘Innovative

38 | Australian Security Magazine

Energy Management’, as well as Workplace Safety & Health for Facility Managers; Advancing Responsible Business Practices in Land Construction; Real Estate Use and Investment; Using IoT to Generate Real Building Savings; A Look at Sustainable Energy in South East Asia; and Energy Management: Smart Data Centres and Green Energy. A key highlight of this conference was a regional focus group Session on ‘Challenges & Opportunities for Facilities Management’ with a dedicated collaboration between Bangkok’s Chulalongkorn University, the National University of Singapore, and Universiti of Teknologi Malaysia, the session connected relevant decision makers and the academia with a view towards future development. Professor Abdul Hakim bin Mohamed, Chairman of the regional focus group session and Dean of Geoinformation and Real Estate, Universiti Teknologi Malaysia, said: “The formation of the ASEAN Economic Community (AEC) is a game-changer for the FM sector. Collectively, the AEC is the seventh largest economy in the world and is the world’s third largest market base behind only China and India. The respective universities play a part in highlighting the vast opportunities

Singapore Feature

availed by the AEC that both academic institutions, organisations and industry professionals can tap into. The trade exhibition featured key profiles focusing on four main sectors: Mission Critical facilities; Leisure and Tourism facilities; Transport and Public facilities, as well as Building and Infrastructure facilities. In addition, the trade show further incorporated four key segments in Energy Management, Security Solutions and Air Conditioning & Mechanical Ventilation (ACMV) and Environmental Management, making it the most comprehensive and focused trade platform in redefining SMART facilities management. Emerging technologies included ensuring operational continuity, managing the complexity of buildings, merging legacy buildings and systems with facilities expansions, energy management systems, maintaining aging infrastructure, improving reporting and compliance in an integrated facilities management environment, including an insight into Deloitte’s head office building in the Netherlands, named the ‘Edge’. For those with interests in Facility Management, the future of the profession looks challenging and broad. India represents a significant market, with the ASEAN region collectively expected to continue to modernise rapidly into the next decade. Travis Casuscelli, CEO of Vision Technology, based in Queensland, took advantage of our free entry to SMART Facilities Management Conference

The very theatrical Professor Sekhar Kondepudi, Associate Professor, Department of Buildings and Director of Smart Buildings, Smart Cities & IoT Lab at National University of Singapore

‘A key highlight of this conference was a regional focus group Session on ‘Challenges & Opportunities for Facilities Management’ with a dedicated collaboration between Bangkok’s Chulalongkorn University, the National University of Singapore, and Universiti of Teknologi Malaysia, the session connected relevant decision makers and the academia with a view towards future development.’

Australian Security Magazine | 39

Introducing the Security Fabric The connected world has gone through more transformation in the past two years than it has over the past two decades. Organisations now allow their workforce to bring their own devices into the work environment, posing myriad security risks as they do. Companies are also investing in connecting never-before connected products to the Internet of Things, such as fridges, ovens, cars and smart toys, each of which brings a new set of risks to the business and consumer. Each of these new devices adds to the attack surface since they invariably have not been designed with security in mind and testing is forgone for expediency to market. Security companies, such as Fortinet, have needed to catch up fast to keep up with the threat evolution, which is why Fortinet’s Security Fabric has come about. The Security Fabric integrates technologies for the endpoint, access layer, network, applications, data centre, application content and cloud into a unified security solution that is orchestrated through a single management interface. This allows their technology to rapidly assimilate threat information, using standards such as STIX and TAXII into actionable intelligence that security analysts can use to address these threats. At the heart of Fortinet’s success, they have evolved their technology to ensure that visibility is critical to operational success – this is often cited in the opsec domain as situational awareness. Nevertheless, very few organisations gain this insight into what’s going on in their enterprise, hence leaving them unable to counter an attack in any meaningful timeframe. Some studies have suggested that intrusions go undetected for as long as 200 days before security teams start to work on eradicating them, and when it only takes a few seconds to rip off an entire customer database, time is of the essence. FortiGuard’s threat research lab communicates directly with Fortinet’s Security Fabric, providing: • The Threat Intelligence Exchange: Sourced from the Cyber Threat Alliance, where leading security vendors have come together to share threat intelligence, Fortinet provides a rich and comprehensive threat intelligence feed to their customers.

40 | Australian Security Magazine

•

Fortinet threat researchers: Fortinet’s team of security researchers provides deep investigations into emerging threats and vulnerabilities in order to provide organisations with thorough and actionable security intelligence. Live feeds from Fortinet solutions: Fortinet also has millions of devices installed in client environments around the world that detect and pinpoint threats and malware in order to provide real-time threat information.

Fortinet’s advanced sandboxing technology allows their customers to test any suspicious code or URLs that come into their environment using a separate, secure environment to make sure the simulation is complete while still keeping customer safe. FortiSandbox provides a combination of detection, automated mitigation, actionable intelligence and ease of deployment that can help prevent even the most insidious of targeted attacks, operating as a key component of their Advanced Threat Protection framework.

Editor’s interview with Derek Manky, Fortinet’s Global Security Strategist, based in Vancouver. (Editor) How long have you been in this role? Derek: I started with Fortinet in 2004, initially working as a threat researcher in security strategy, so my team and I bridged the gap between the research we were doing and industry partnerships. I have been doing that for the last five years. Tell me about your teams and what they do. Derek: We have teams all over the world, from Paris to Malaysia and right across to Sunnyville, California. Our primary research and development centre is located in Vancouver and we also have a team based in Singapore, covering the whole of APAC. Hackers know about our technologies and are always trying to get around the sandbox, so any new product that comes out on the market is immediately under attack. Nevertheless, we have an advantage, since Fortinet’s products and security engines have all been built from scratch, and whilst we acknowledge that we are never going to build something that is completely bulletproof, if there is something that gets through the cracks we can identify it quickly through our invasion techniques. Our researchers sit right beside our developers, so that they can issue a technology fix, usually in the form of an engine update, that is pushed out to our 250,000 customers, as soon as it’s ready.

We use automated systems: for each antivirus team or IPS team and we have operational teams that do intelligence definitions and updates, as well as machine updates. We also have a Q & A team making sure we detect everything we should be detecting. Our research team focuses on threats, while our technology development team build honeypots, for example, looking for zero day threats. In our SOCs we have around 200 people globally, that includes researchers and operational analysts. That doesn’t sound like a lot of people. Derek: For a SOC, it is a lot of people. Our employees are not like those in your typical SOC. These are pure Fortiguard experts, reverse engineers, people who are living, eating, and breathing hexadecimal code and looking at attack patterns. What kind of scenarios do you think should concern Governments? What types of attacks are you predicting and on what scale? Derek: Public infrastructure, for sure will be a target for attacks, as well as anything from the oil, gas and energy sectors. Healthcare is also a major target, where attackers target medical records. However, IOT devices and other connected or embedded devices are of grave concern. We have two scenarios: the doomsday scenario, were there is a premeditated attack, such as the example we saw in South Korea, where the destructive power of the DarkSeoul malware wiped hard drives from back-end connected systems. We might also see a targeted attack scenario play out because of political movements, but also, as I said, typical attacks happen in two stages: they start wide, like a fishing net, just tinkering and playing, seeing what they can find; but once they discover a high-value target, such as a government domain or an IP address associated with a government server, they go after it with targeted, crafted attacks. Are you seeing threat groups putting all this together? ISIS springs to mind, but are there others? Derek: Yes, absolutely. We actually do a lot of research on the Darknet where we see a lot of communication. Are you seeing trends in the chatter? Derek: Yes, this is ongoing. A lot of the communications are encrypted, which causes problems. Encryption is only as good as the

Gardens by the Bay, Singapore tool it supports: it can be used for good or evil, which I call mal-cryption, so even a lot of encrypted services, like telegram, as well as chat protocols, can be used to hide communications for the purposes of cyber terrorism, warfare or crime. I don’t believe the answer is to go after just one technology, it’s almost a game of ‘whack-a-mole’ as you take something offline, they are going to develop other methods of communication. I heard that ISIS is handing out, “How to” guides on how to avoid surveillance. Do you pick things like this up from WhatsApp, for example? Derek: Again, there is no silver bullet. If you infect the client, you are still getting a raw deal. It’s like PCI compliance and transaction payment processors. PCI compliance goes as far as you putting the credit card in. It does its processing transaction, encrypts it and you are compliant. However, and we have done a lot of research into this, where point-of-sale malware is stealing credit card data in memory before it’s encrypted, it’s always going to be an effective attack. Have you seen much in the way of connecting CCTV devices from public networks back into government systems?

serial cables. Now we are using protocols of convenience and are modifying everything to run over IP networks.

speak it, analyse it, and put it into action, so there’s a lot more that has to be done to make it actionable.

So, do you brief your clients about imminent threats?

Oasis are helping set a lot of these standards. Where did they come from?

Derek: Yes. I am dealing a lot with CIO and CSO executives, as well as doing a lot of keynote talks in the industry to develop this kind of engagement. It’s all about how to get the message across about security threats and what they can mean to businesses.

Derek: Oasis have been around for a while; they just took over a bunch of projects from the DHS.

If systems were built as secure by design, then we shouldn’t have to worry about regulations later on. What do you think? Derek: There is an interesting concept within the threat intelligence community of a middle ground, between the traditional SIM and multisoftware solutions being introduced that are basically middleware CTI platforms. These are using protocols such as STIX and TAXII and can consume threat intelligence feeds and churn through them and pass back to the SIM, doing the heavy lifting for people that don’t have API development experience.

So, who is doing that and is it part of the Cyber Security Alliance? Derek: We are trying to focus on specific campaigns working with multiple vendors in the Cyber Security Alliance. That is how we are getting the security vendors to team up. So considering security by design, are we still not getting it right? Derek: Definitely not, no. Thanks Derek. Derek: You’re welcome.

Can you tell me more about STIX and TAXII? Derek: That is a trend we are seeing. Everything that was traditionally air-gapped is now becoming connected. If you look at critical infrastructure and SCADA systems back in the day, everything was hardwired through

Derek: STIX and TAXII are the data structures used for defining threat intelligence, where STIX is the language and TAXII is the transport. Once you get the language, you have to be able to

Australian Security Magazine | 41

Fortinet Gala Dinner, S.E.A Aquarium, Sentosa Island, Singapore

Editor’s Interview with Darren Turnbull and Jon McGettigan from Fortinet (Editor ) G’day, Darren and Jon and thanks for speaking with us today at the Fast & Security Conference in Singapore. Can you give our readers a quick overview of Fortinet’s latest news in Australia and New Zealand? Jon McGettigan: We’ve had strong success across this market in New Zealand, mainly through managed services providers, especially in education and government sectors. We’ve focused mainly on managed services, a large proportion of our revenue, especially in New Zealand, comes from these kinds of customers, so we wanted to replicate that more mature approach to the market to drive success in Australia. Our first goal was to hire an additional 80 or so people, raising the headcount from 24 to around 100 people across all aspects of the business. Obviously, Fortinet’s market share is relatively low in Australia compared to the rest of the world, so our goal was also to grow our revenue and extend coverage and support. Just looking at the local market, you guys are up against the likes of Cisco and Checkpoint. Darren: Depending on which analyst you believe; we are in roughly 6th place.

42 | Australian Security Magazine

That’s not where Fortinet would normally be. Elsewhere you are in the top four, so how does that stack up? Jon: In New Zealand we are number 1. In Malaysia we are also number 1. In fact, in a variety of markets all around the world we are the number 1 security provider, especially across European nations. The position in the local market is simply due to market maturity. When you have a change of tactics and a different approach to the market, the shift doesn’t occur in the first year, but comes in time. Last year we grew by 30%, which was a good result. In Q1 of this year we grew by 54%, which we attribute to our creating a team that actively services the local market. We now expect that growth trajectory to hold steady going forward. In which part of the market do you see the most traction? Darren: For us, it was in the enterprise sector. We weren’t that strong in enterprise previously, here or in other regions. However, we don’t only look at one market – we are strongly targeting a variety of markets, such as retail, as well as the enterprise and government markets. What has hampered Fortinet’s success in the Australian market?

Jon McGettigan: The problem was that the team hadn’t grown large enough, quickly enough. The team simply hadn’t put forward the business case as to why investment in this market was needed. Why do we need to grow? This meant that they didn’t have the coverage we now have: not enough engineers, sales people or researchers to support growth. The reality is that Fortinet was being savvy enough to see the opportunity and understand it was the correct move for the region. Through our organically grown team, we are now starting to see signs of success in this growth. Can we expect the launch of an Australian academy? Jon McGettigan :Absolutely. I found out about the academy just after the press release. I was in South Australia at the time, working with one of our partners, consulting with the South Australian government, trying to generate growth in the job market. They have a massive unemployment issue in SA, especially in manufacturing, at the moment. There are three universities in Australia that are interested in how this academy model can be rolled out. In the U.S. they are used to this kind of approach, so it’s a model that has proven successful. With the launch of the Australian Government’s Cyber Security Strategy,

Cyber Security this could tie in nicely with the idea of the academy.

Do you have any major partners in Australia that are offering APT services?

Jon : There is real potential here and we’ve been considering this for a few years. There is a shortage of skilled cyber security professionals everywhere, but in particular in New Zealand and Australia. That is why the managed services industry has an opportunity to do something about this issue.

Jon : This is an area in which we are starting to see some growth. So we will have our first one deployed in New Zealand in about a week.

Are you seeing any different cyber-attack trends in Australia? Jon: No. Australia is certainly experiencing a lot of attacks, like the US, especially in the healthcare industry. If you’ve been following the news in Victoria, concerning the issues they had in Victoria Health, you’ll see just how bad this problem is. We are working closely with Victorian healthcare departments on sandboxing projects and I think in general, Australia is a target, so we really need to protect our assets. Tell me more about the sandbox. Darren: The sandbox needs to know who its customers are by registering them. Customers can send malicious content into Fortiguard and get an accurate in-depth signature that can be propagated across our global customer’s installation base. It really depends on whether it’s a targeted piece of malware or whether it just happens to be the first time we’ve seen it. Extracting bad content from networks is what the Fortiweb appliance can do, but putting that intelligence to work is all about finding out something that is malicious: I’ve found a bad thing, so what am I going to do with it? We can transition from detection to a formulated signature in just two minutes, already in your network, defending your devices. Fortinet believes that reducing that window to as short a time as possible is key. Darren, digging into the technical side of malware analysis, are all your clients creating one localised signature per malware? How does it feed back to the threat matrix? Darren: It depends on how you configure things. What can happen is that you get a piece of malicious content locally and it is validated against the core database and we already know about it. If we don’t know about it, it can generate another signature, as a simple hash that gets pushed out to all the devices and registered on the sandbox. This means all devices have the same level of protection.

Who is that with? Jon: We can’t really disclose that. However, I can tell you that we are seeing significant interest in it. Darren: Many companies struggle to justify buying a sandbox solution themselves, so we can offer this from the cloud. This is built in our own private cloud and customers would receive the service through an MSP, offering another revenue stream for that channel. The maturity of Australian MSPs is at least 18 months behind New Zealand, with some regions in Queensland being as much as two years. It’s not about securing the service; it’s more about providing security-as-a-service. This is where they start to make a lot of money and drive significant margin, along with offerings that are sticky with their customers. I suppose it comes back to working with organisations such as AusCERT. Can you give our readers your perspective on that for Australia and New Zealand? Jon: In the past, Darren’s team has had quite a lot of involvement with Derek Manky, Fortinet’s Global Security Strategist. Darren: We find that everyone wants to share the threat intelligence but they don’t actually know what that means. We are working closely with NATO to provide threat intelligence to the 28 NATO countries, looking at what is happening in those regions. We don’t actually know what NATO is doing with that information and we probably wouldn’t want to know. The real challenge for us is finding a way to make the sharing of threat intelligence a symmetrical relationship: I tell you something, you tell me something. This can be a difficult balance to achieve, as there are certain agencies that will not be divulging their information in this way, so the relationship is not so symmetrical. Is that part of the Cyber Security Alliance? Darren: Yes. There is a barrier to entry, though. You want to know about new threats that haven’t been seen anywhere else. This is one of our feeds into the main Fortiguard knowledge store. From there, we determine how best to

use it. However, that is our “big data” problem. We take the information and crunch it into our Fortiguard services and bundle it up to push out as actual threat intelligence into the products in the market. While we get some information from agencies that is of questionable quality, we don’t take it at face value. Instead, we look at the IP addresses and ask, are these malicious? Why are they malicious? Have we seen this before? Then we can take action. There is always a validation process. Is that coming from the member community and would you validate it together or individually? Darren: Absolutely, it would be both. As part of the validation process, we need to create protection, understanding that our engine works differently to other vendors’. Is that process working well? Darren: Yes. While there is a general desire to be the first to market, which is what you might expect, in terms of sharing threat intelligence, this is working very well. Better than I expected it to be, to be honest. There is a realisation that this is a serious subject. We get 300,000 samples a day. There is a huge amount. What about zero day threats? Darren: We do our own research and have a dedicated team who focus on zero day threats. They are ring-fenced for doing just that. To date, they have identified around 300 zero day threats, some of which we talk about and some is just part of the research we do. You’ll see some of that published on our blogs, for example. We have a strict policy that we won’t disclose a zero day vulnerability unless the vendor has been informed and a patch has been released. What trends are you seeing in ransomware? Darren: Ransomware is a massive problem at the moment. In APAC, it’s grown by almost 500%. It’s all about getting money, right? What has helped is having a currency that cannot be traced – i.e. bitcoin – as you can now get the money without being caught at the bank. This has allowed this new capability to be created, which people exploit – there are a lot of very smart people in the world. Thanks for your time guys, much appreciated.

Australian Security Magazine | 43

Available online!

10110

55003/

Y’S NTR

AND

ENT

RNM

OVE

DIN

LEA

ATE

POR

ZIN

AGA

URIT

SEC

ed PP2

Approv

See our website for details ma

lian

sec

urity

Safe

.a www

Post

alia

nsec

uritym

agaz

r er fo fronti tion New lobalisa the g rrorism of te $8.95

INC.

GST

ine.

com

.au

arch

Feb/M

2016

r Cybe y rit secu sea at

Time Tech

: ature ial fe RUM spec NELS FO

nal natio ar, in Inter ASIS nual Sem, USA An aheim An

State ACA th tics IS , Per e tac kingference c n defe ce hac Con f o Ring to redu

ustr

ss sine g bu -high Takin rity sky u sec

Citie

55003/

d PP2

Approve

RNM

OVE

DIN

LEA

N COU

.au

ov 20

10110

s utive ch E u AZIN exec MAG ITY Why to be m CUR d E SE e e n hier ORAT ORP C c ND mu NT A THE

Oct/N

rity in Secu ment, rn Gove anberra C

of cult The ware the a

’S TRY

ne.c

URE

FEAT RISIS t LS C men SKIL le an e hum ation e h T form in in ction prote

THE

gazi

S P UP w.a WRA ww al ENT ation e, L EV N IA A C AIS nferenc e SPE Co ourn Melb ra ust

R CO

Post

Time Tech

n satio III icali Rad s – Part ria y s S e Prodc over d anlysis Cloupara g Teht ehackin e n ris inter on the

1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE

erl Cyb

lys HAN CanHaNOLOGY C TEC

Get each print issue per year for only $88.00

e chTim er-Te 2016 l Cyb ictions d Time Tech curity Pre Se

$8.95

INC.

GST

SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, (1 year). ☐

AUSTRALIA

88.00

(inc GST)

1 YEAR

☐

INTERNATIONAL

158.00

(inc GST)

1 YEAR

Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag)

No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.

Go to

www.australiansecuritymagazine.com.au/subscribe and fill in our subscription form online. Dont miss an issue! Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)

44 | Australian Security Magazine

PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155

FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059

Email subscriptions@mysecurity.com.au

GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056

Within TechTime you will find the very latest information, news and products from a wide variety of security industries, ranging from cameras, computers, software and hardware.

AirCheckâ&#x201E;˘ G2 Wireless Tester

To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au

Latest News and Products Australian Security Magazine | 45

Cyber TechTime - latest news and products

Symantec announces encryption everywhere Symantec Corp has announced the availability of Encryption Everywhere, a website security package available through web hosting providers. Encryption Everywhere lets web hosting providers integrate encryption into every website from the moment it is created. With the new web security service, hosting providers can offer a variety of flexible options, including basic website encryption included as part of any hosted service, and a number of premium security packages with increasingly stronger levels of website validation, protection, and trust seals. Encryption Everywhere was developed to support Symantec’s goal to secure 100% of legitimate websites by 2018. “There are almost a billion websites today, yet only about 3% of those sites are encrypted, which means cybercriminals have been able to make a good living off of the web’s lack of security,” said Roxane Divol, senior vice president and general manager, Website Security, Symantec. “Symantec is about to change the game for cybersecurity with Encryption Everywhere. It’s time to secure every legitimate website and win back security on the internet for every business and consumer. That’s why Symantec is making it easy to secure any website from the very moment it is registered or renewed, starting with free, basic encryption all the way through to complete website security solutions.”

According to the Norton Cybersecurity Insights Report, two-thirds of Australian consumers (66%) believe they’re more likely to have their credit card details stolen online rather than from their wallet while shopping and nearly half (47%) of global respondents reported they have been a victim of a cyberattack. Symantec’s Internet Security Threat Report also cited 78% of websites have vulnerabilities, and over one million web attacks were blocked daily in 2015, up 117% from 2014. In addition, Google and other browsers have announced they will push unencrypted websites down in search ranking results. Websites that want to remain viable will need to at least use basic encryption by 2018. Encryption Everywhere encrypts 100% of customer data shared on a business’s website, giving businesses of any size precious brand trust and providing consumers with the confidence that the information they share is protected and will reach the intended recipient. “Many people believe that keeping to well-known, legitimate websites will keep them safe from online crime. This is not true,” said Nick Savvides, Manager, Cyber Security Strategy, Asia Pacific and Japan, Symantec. “Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because businesses are failing to adequately secure their websites.”

Encryption Everywhere makes it easy to secure any website from the time it’s registered or renewed. Many web hosting providers will integrate basic encryption with every website. For more customised options, the user can simply click on the preferred Symantec security products offered by their web hosting provider. Web hosting providers can now offer a complete security solution to their customers from one of the most trusted and recognised brands in cybersecurity. Encryption Everywhere is the first security solution that gives web hosting providers an upsell opportunity to bring in new revenue streams without incurring a burden to their infrastructure, sales processes or administration teams. About Symantec Symantec Corporation is the global leader in cybersecurity. Operating one of the world’s largest cyber intelligence networks, the company sees more threats, and protects more customers from the next generation of attacks. Symantec helps companies, governments and individuals secure their most important data wherever it lives.

PwC Crime Survey – Australia’s a number one target - Comments from Brisbane-based IT expert Computer One PwC has released its Global Economic Crime Survey for 2016. And the situation for Australia is pretty alarming as our country has been identified as a ‘top hotspot for cybercrime’. According to the survey, more than one in 10 Australian organisations report losses of more than $1 million each in the last two years. To make things even worse, the report says that only 42% of Australian organisations have a fully operational incident response plan, and

cybersecurity audits to both Australian and multinational companies, and has become an expert at providing organisations with proactive security solutions and strategies. And this is the message he would like to share with Australian organisations worried about cybercrime: “There are at least 15 major channels for data to leak out of your organisation. If you don’t have a plan to mitigate risk in every one of

the difference between a GP and a surgeon.” “Cryptolocker showed us that every company can be a victim of cybercrime, no matter how mundane the industry. It doesn’t matter whether or not the hacker thinks your data is important – if YOU think it’s important then you are a good target.” “Only by being proactive about protecting their assets does an organisation have a chance to avoid being the victim of a major breach.”

only 40% organisations think that their first responders are fully trained. James Walker, Founder and Managing Director of Brisbane-based IT outsourcing company, has been working in the IT industry for more than 20 years and have never seen cybercrime being so organised and powerful. As part of its operations, Computer One provides

them then you are simply passing time until you lose your intellectual property.” “Security is now a sub-set of IT Management that requires a specialist approach. The tools require specialist training. For example, the hackers’ methods need to be studied in detail and there’s more at stake than ‘business as usual’ processes. In a way, it’s like

“Your brand can be valued as the sum total of all the profit you will make in the foreseeable future simply, because of the trust that is placed in your products or services. Imagine the impact of a breach of that trust on your brand – that’s how much it is worth to have your data protected.”

46 | Australian Security Magazine

Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Cyber TechTime - latest news and products

Norton Survey reveals Australians overlook security risks on mobile apps for IoT devices Norton by Symantec has released survey findings from more than 5,000 consumers from Australia, the USA, UK, Canada and Japan about consumer fears associated with the changing ‘connected world’ and the proliferation of the Internet of Things (IoT). The survey reveals adoption of the use of mobile apps to control connected devices is highest in Australia, with almost two-thirds (63 percent) of the Australian respondents using at least one mobile app to manage their finances or control connected devices such as home entertainment systems, fitness trackers, baby monitors, cars, home entry systems, light switches and smart home appliances. Despite the high adoption, many Australians overlook the endless array of security weaknesses that may be present in managing IoT devices from mobile apps. For example, more than one in four Australians (28 percent) say they would feel secure using a home entry app that allows them to open the door remotely for friends and family, while they are away from their home. In addition, two-thirds of Australians (66 percent) do not have security software on their smartphones and almost a third (33 percent) choose not to have a password or pin on these devices [1]. While more than half of respondents globally (56 percent; 61 percent in Australia) say the prospect of their financial and banking information stored on their phone being hacked is upsetting, for nearly 10 percent of smartphone users around the world (seven percent in Australia), say there is not a single thing a hacker could take from their phone that would upset them. This includes text and voice messages, pictures and videos, mobile app-controlled home security cameras and appliances. “There is a general lack of security awareness amongst consumers when it comes to managing IoT devices from mobile apps. Getting hacked is not something consumers worry about with the devices they use to monitor their children, lock their front doors or manage their entertainment systems,” said Mark Gorrie, Director, Pacific region, Norton by Symantec. “Most of the research into attacks on IoT devices has focused on attacking the device directly, but there is another way these devices are at risk: many IoT devices are controlled by mobile apps and by not protecting these apps, Australians are leaving the door wide open for hackers.”

Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

In 2015, Norton by Symantec scanned approximately 11 million Android apps in its database. Of these apps, 3.3 million were identified as malicious and a further 3 million apps had potential privacy or intrusive behaviours. These apps can send sensitive information from your phone, including account and device details, browser history, location and call logs from the device without encryption. The intrusive behaviours include adding browser favourites, putting up big banner ads, or changing desktop images or ringtones. “The solution is not to panic, nor is it to stop using these devices. Mobile apps and IoT devices aren’t going away but there are some simple, best practices Australians can adopt to keep their IoT devices and mobile apps secure,” added Gorrie. Protecting Mobile Devices Use a reputable mobile security app. Norton Mobile Security pre-scans apps and identifies potential vulnerabilities before downloading Android apps. You should know what you’re downloading before it is on your device.

Download apps from official app stores. Third-party app stores may not put apps through the same rigour as official app stores such as the Google Play Store or Apple’s App Store. Be mindful of app settings. Beware of apps that ask you to disable settings that protect you from installing unsecure apps. This makes your device more vulnerable and opens you to attacks. Protecting IoT Devices Keep the device current. Make sure you install the latest updates on your device, whether automatically or when sent from the manufacturer. Protect the device. Set strong and unique passwords on these devices. Use a combination of at least eight letters, numbers and symbols. Secure communications between the device and network. Protect the communication shared between your device and network by using encrypted communication on your home Wi-Fi (like WPA2) to connect the device. Better yet, use a hard-coded network connection, such as a LAN connection. If you have a feature on your device you don’t use, turn it off.

Australian Security Magazine | 47

Cyber TechTime - latest news and products

CrimTrac selects NEC to provide national facial recognition and fingerprint matching capability NEC Australia has been selected by Federal Government agency CrimTrac to deliver a national capability for multi-modal biometric identification. CrimTrac, the national information-sharing service for Australia’s police, law enforcement and the Department of Immigration and Border Protection, has awarded NEC Australia the contract to deliver Biometric Identification Services (BIS) in 2017, and ongoing management and support services for 5 years following. The BIS project will deliver a national solution for facial recognition, transforming Australian law enforcement and national border security agency capabilities in fighting crime and protecting the Australian community. Specifically, NEC’s facial recognition technology will assist policing for the purposes of identification, linking and solving crimes, and rapid identification using mobile capture devices, and will further enhance national border security. Facial recognition offers a number of advantages over other biometric modes, such as identification at a distance using recorded video footage and images, as well as real-time identification capabilities. CrimTrac has selected a proven platform that leverages NEC’s global expertise in

48 | Australian Security Magazine

designing and deploying multi-modal biometrics in law enforcement and border security. NEC’s fingerprint and facial recognition technologies are used by more than 1000 customers in over 40 countries worldwide, including the Northern Territory Police. NEC has ranked first for accuracy and speed in three consecutive facial recognition annual benchmark tests conducted by the U.S. National Institute of Standards and Technology (NIST). “NEC Australia was able to offer CrimTrac a proven solution through our global partnership with the NEC Biometrics Centre of Excellence in Sacramento, California. Our proven solution is based on a state-of-the-art multi-modal biometrics platform that NEC developed for the US market,” said NEC Australia Sales Director Chris Korte. The platform will replace CrimTrac’s National Automated Fingerprint Identification System (NAFIS), and make better use of already captured biometric data, such as existing police databases containing up to 12 million facial images and 6.7 million print sets. NEC Australia’s implementation of BIS will also enhance CrimTrac’s traditional biometric modes for identification including fingerprint, palm print and foot print data. The BIS project

will lay the foundation for CrimTrac to integrate additional biometric modes in future. NEC Australia’s BIS project with CrimTrac is an important milestone in NEC’s global mission to orchestrate a brighter world by collaborating with partners to create a sustainable earth, safer cities and public services, efficient critical infrastructure, and a prosperous, equal, and active society. About NEC Australia NEC Australia is a leading technology company, delivering a complete portfolio of ICT solutions and services to large enterprise, small business and government organisations. We deliver innovative solutions to help customers gain greater business value from their technology investments. NEC Australia specialises in information and communications technology solutions and services in multi-vendor environments. Solutions and services include: IT applications and solutions development, unified communications, complex communications solutions, network solutions, display solutions, biometrics, research and development services, systems integration and professional, technical and managed services. For more information, visit NEC Australia at au.nec.com

Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Cyber TechTime - latest news and products

Double-Barrel Ransomware and DDos Attack in-one KnowBe4 has issued an alert on a malicious new trend in ransomware. Instead of “just” encrypting data files on a workstation (plus any network drive it can find) and locking the machine, a new variant of the Cerber ransomware is now adding a DDoS bot that can quietly blast spoofed network traffic at various IPs. This is the first time DDoS malware has been bundled within a ransomware infection. It means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim. Two attacks for the price of one (and two ways cybercriminals can make money off victims). KnowBe4’s CEO Stu Sjouwerman noted, “Adding DDoS capabilities to ransomware is one of those “evil genius” ideas. Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. It looks like this is the first case where a cybermafia has bundled ransomware with a DDoS bot, but you can expect it to become a fast-growing trend.” Discovered by Invincea, who said in a website post: “The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive.” The attackers use Visual Basic to launch a file-less attack, and most antivirus and “nextgen” antivirus vendors are completely blind to file-less attack methods. Consequently, they are unable to see this until it has been dropped on the disk. At that point scanners can find it, and many do, but often that’s too late. Sjouwerman advised, “The sample Invincea analyzed is being detected by 37 out of the 57 antivirus engines on VirusTotal, but the next sample will be invisible for a few days so do not count on your endpoint anti-malware layer 100%, as that will provide a false sense of security. The attachment relies on social engineering the employee to activate the Macro feature in Office, which then executes a malicious VBScript that downloads and runs the malware.” The ransomware is executed first, which encrypts the user’s data and then blocks their access to the computer by locking the screen. After this sequence, a second binary called 3311.tmp is launched into execution and starts sending a large amount of network traffic out of the infected computer.

Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Many people get infected with ransomware but some are able to restore from backup. By adding a DDoS bot to the ransomware payload, these cybercriminals create a twofor-one and can squeeze network traffic out of non-paying victims and use it as another criminal revenue stream. KnowBe4 offers up eight ways to address it, in addition to weapons-grade backup: 1) From here on out with any ransomware infection, wipe the machine and re-image from bare metal. 2) If you have no Secure Email Gateway (SEG), get one that does URL filtering and make sure it’s tuned correctly. 3) Make sure your endpoints are patched religiously, OS and 3rd Party Apps. 4) Make sure your endpoints and webgateway have next-gen, frequently updated (a few hours or shorter) security layers. 5) Identify users that handle sensitive information and enforce some form of higher-trust authentication (like 2FA). 6) Review your internal security Policies and Procedures, specifically related to financial transactions to prevent CEO Fraud. 7) Check your firewall configuration and make sure no criminal network traffic is allowed out. 8) Deploy new-school security awareness training, which includes social engineering via multiple channels, not just email. Since

phishing has risen to become the #1 malware infection vector, and attacks are getting through company filters too often, getting users effective security awareness training which includes frequent simulated phishing attacks is a must. For more information visit: www.knowbe4.com About KnowBe4 KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, KnowBe4 was created by two of the best known names in cybersecurity, Kevin Mitnick (the World’s Most Famous Hacker), and Inc. 500 alum serial security entrepreneur Stu Sjouwerman, to help organizations manage the problem of social engineering tactics through new school security awareness training. The company maintains a top spot in the Cybersecurity 500, the definitive list of the world’s hottest and most innovative companies in cybersecurity. More than 4,000 organizations use KnowBe4’s platform to keep employees on their toes with security top of mind. KnowBe4 is used across all industries, including highly regulated fields such as finance, healthcare, energy, government and insurance.

Australian Security Magazine | 49

TechTime - latest news and products

NETSCOUT introduces AirCheck G2, the industryfirst, handheld, wireless, network tester solution NETSCOUT SYSTEMS has launched the next generation of the AirCheck Handheld Wireless Tester. This industry-leading tool is available through NETSCOUT’s recently launched CONNECT360 global channel partner program, and includes important new enhancements, such as troubleshooting and diagnosing WiFi networks built using the increasingly adopted 802.11ac standard, access point backhaul testing, and free access to the Link-Live Cloud dashboard for more effective results management. “NETSCOUT is very excited to be releasing the AirCheck G2, which arms technicians with easy-to-understand insights to 802.11ac wireless networks that help reduce costly escalations,” stated Michael Szabados, chief operating officer for NETSCOUT. “The AirCheck G2 sports a sleek new look designed with the same quality engineering our customers and the marketplace have come to trust. NETSCOUT is a firm believer that wireless network edge technologies, such as 802.11ac, will play a pivotal role in the evolution of the Internet of Things (IoT) and other industries that require ubiquitous reach and mobility. NETSCOUT’s value proposition has been anchored around helping customers gain the real-time operational intelligence and insight necessary to ensure a high-quality end-user experience, and this new tool embodies this focus by providing front-line technicians with the capability to effectively troubleshoot issues that can impact WiFi network performance.” The NETSCOUT AirCheck G2 wireless tester is a powerful tool designed to enable front-line IT to quickly and easily identify issues responsible for spotty connections, dead zones, and slow speeds, as well as locating rogue access points and unauthorised devices. This functionality is ideal to support installation and troubleshooting of IoT wireless edge infrastructure for applications, such as the testing of the wireless infrastructure that supports patient monitoring for healthcare, industrial IoT, personalised and immersive experiences for retail, smart buildings and smart homes. This easy-to-use handheld tester provides technicians with a broader range of detailed insights into the wireless network than is currently available using freeware applications or other commercially available software packages. The AirCheck G2 comes with free access to a Link-Live Cloud Service, a centralised management, collaboration and

50 | Australian Security Magazine

archival workspace for network connectivity test results. Link-Live provides greater job visibility, project control and fleet management for larger distributed environments and also works with the LinkSprinter™ and LinkRunner™ AT. New AirCheck G2 enhancements include: • 802.11ac 3×3 radio to support nextgeneration wireless initiatives • Link-Live integration for collaboration, reporting and results management • 5” touchscreen display for improved easeof-use • Ethernet tests for AP backhaul verification “NETSCOUT has clearly hit a home-run with the AirCheck G2. Not only is it a perfect replacement for the venerable generation one AirCheck, it comes packed with features that will make it the triage tool of choice for WiFi professionals everywhere. In addition to the 802.11ac and touch screen functionality, NETSCOUT raised the bar by integrating wired testing directly into the unit – a must have for not only RF Designers but Access Point installers,” explained Sam Clements, mobility practice manager at Presidio, a leading US-based IT solutions provider offering consulting, professional services, and cloud and managed services. “Couple the new features with Cloud integration and it’s the perfect tool for a distributed nationwide team, or a tactical one-on-one engagement. The ‘at a touch’ insight that the AirCheck G2 brings to our team throughout all cycles of lifecycle management makes it an invaluable asset to all levels of WiFi admins, engineers, and designers.” “The 802.11ac standard is fast becoming the industry preference with adoption rates in 2015 reaching 54.5% of dependent access point unit shipments and 71.3% of dependent access point revenues,” said Nolan Greene, research analyst, Network Infrastructure at IDC. “As enterprise mobility becomes ubiquitous and IoT applications move into the mainstream, there

will be increased demand on enterprise WLANs. The NETSCOUT AirCheck G2 Handheld Wireless Tester’s strong, industry-leading capabilities around the 802.11ac standard will be absolutely critical in supporting nextgeneration wireless initiatives.” About NETSCOUT SYSTEMS, INC. NETSCOUT SYSTEMS, INC. is a market leader in real-time service assurance and cybersecurity solutions for today’s most demanding service provider, enterprise and government networks. NETSCOUT’s Adaptive Service Intelligence (ASI) technology continuously monitors the service delivery environment to identify performance issues and provides insight into network-based security threats, helping teams to quickly resolve issues that can cause business disruptions or impact user experience. NETSCOUT delivers unmatched service visibility and protects the digital infrastructure that supports our connected world. To learn more, visit www.netscout.com.

AirCheck™ G2 Wireless Tester

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

Seagate unveils Its stylish consumer product portfolio In Australia Seagate Technology has unveiled its stylish new consumer product portfolio for the Australian market, including LaCie Chromé, LaCie Porsche Design Desktop and Mobile Drives, Seagate Backup Plus Ultra Slim, and Seagate Innov8. From LaCie, Seagate’s premium brand, comes the LaCie Chromé desktop storage, designed in collaboration with acclaimed industrial designer Neil Poulton, which brings uncommon sophistication to a workspace. Also shown today is the next generation of LaCie Porsche Design Drives, which are the latest drives from the collaboration with Porsche Design Group since 2003. LaCie® Porsche Design Drive LaCie Chromé is a homage to a 1935 bronze statue from Constantin Brâncuși, one of the most influential sculptors of the 20th century. Forged from solid chromed zinc, the stand securely docks the drive with powerful neodymium magnets and detaches for easy transport. The drive is housed in an aluminum enclosure which was hand assembled and then chromed to a mirror polish. The LaCie Porsche Design Mobile and Desktop Drives feature all-aluminum scratchresistant enclosures too, making the products lightweight yet sturdy. All the drives feature rounded corners, high-polish beveled edges and a sandblast finish, showcasing the distinctly Porsche Design modern and elegant style.

Technology together with USB 3.1. Designed in partnership with Huge-Design, Seagate Innov8 was a recipient of this year’s Red Dot design award. Innov8’s premium, well-balanced aluminum enclosure and design means users can horizontally or vertically place it on the desktop as they prefer. Seagate® Innov8™ Seagate Backup Plus Ultra Slim builds on the award-winning Backup Plus Slim drive and is the world’s thinnest 2TB mobile hard drive. At just 9.6mm, the Backup Plus Ultra Slim employs Seagate’s latest 2.5-inch HDD technology, making it more than 50 percent thinner than other 2TB drives on the market. The drive with a stunning new design is available in golden or platinum metal finish to complement the looks of stylish computers, tablets and phones. Seagate Innov8 and Seagate Backup Plus Ultra Slim include Seagate Dashboard software, which offers users either one-click on-demand or customisable, scheduled backups for their devices at their convenience. Both drives also come with 200GB of free Microsoft OneDrive® cloud storage for two years and Lyve® software compatibility, so users can back up, access and share their favorite files from any device or location.

LaCie® Chromé Both the LaCie Chromé and LaCie Porsche Design Drives feature the new USB-C connectivity, making the drives incredibly easy to connect, since both ends of the cable are identical and the connector is reversible. The LaCie Chromé, complete with the USB 3.1 Gen 2 technology and a pair of 500 GB M.2 SATA SSDs in RAID 0, is the fastest USB storage solution on the market. The LaCie Porsche Design Desktop Drive also harnesses the power of USB 3.1, enabling it to charge a compatible laptop’s battery when the drive’s power supply is connected to the wall outlet, such as the Apple® MacBook. Seagate Innov8 is the world’s first USBpowered desktop hard drive. The 8TB drive does not need to be plugged into a power outlet thanks to its innovative Ignition Boost™

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

Australian Security Magazine | 51

CLIENT VIEWING Workstations/ Network Switches/ Service and Support

IP Video STORAGE solutions

THE DAWN OF A NEW ERA FOR SMALL PROJECTS

The Aurora Series are built to fill a void in the small project market: economically-driven, enterprise-class storage systems. They bring features never before seen in budget projects such as redundant power, multiple RAID sets, and server-grade CPU’s with 10000 PassMark ®ratings. High-end features, while maintaining the price points required for the small project market. The Aurora systems alter the landscape on video recorders - in price and performance. For more info visit bcdvideo.com or email peaceofmind@bcdvideo.com

SCALABLE SOLUTIONS Solutions that fit every need, from small retail to airports and casinos

Global

Over 17,000 deployments worldwide partnered with global on-site support.

Guaranteed Calculations Follow our journey around the globe

BCDVideo’s calculations are guaranteed, so you never have to worry about project accuracy.