Print Post Approved PP255003/10110
THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au Apr/May 2014
The importance of critical infrastructure protection
WA Senate recount investigation – a breach of security in itself?
What you need to know in an ACTIVE SHOOTER situation
The battle for hearts and minds: Syrian jihad recruitment
Mobile Phone Forensics, Encryption, Cryptography, Firewalls, Passwords, and more! Cyber Security Special starting on page 33 $8.95 INC. GST
PLUS
TechTime - the latest in news and products
*VBH41 PTZ camera available in beige or black
• • • •
VB-M Series
VB-H Series
VB-S Series
HD Range
Full HD Range
Compact Full HD Range
VBM40 – PTZ w/ 20 X optical zoom VBM600VE – IP66 fixed dome w/ optical PTZ-R during setup VBM600D – Fixed dome w/ optical PTZ-R during setup VBM700F – Wide angle full body w/ optical zoom during setup
• • • •
VBH41 – PTZ w/ 20 X optical zoom VBH610VE – IP66 fixed dome w/ optical PTZ-R during setup VBH610D – Fixed dome w/ optical PTZ-R during setup VBH710F – Wide angle full body w/ optical zoom during setup
• • • •
VBS30D – Compact PTZ w/ 3.5 x optical zoom VBS31D – Compact PT dome VBS800D – Compact fixed dome VBS900F – Compact Full body
BECAUSE CLARITY MATTERS
The World’s smallest FULL HD PTZ (VB-S30D) & PT (VB-S31D) cameras. 1
CAPTURE EVERYTHING IN THE HIGHEST OF QUALITY Learning and listening to end users and integrators on what they want from an IP camera drives Canon’s innovation – And with over 75 years of imaging excellence our range encompass all of our expertise & knowledge in camera and lens design. When Clarity matters, choose the premium quality range you can rely on. 1
As at 1 March 2014
For more information visit canon.com.au/networkcameras call 1800 021 167 or email specialised.imaging@canon.com.au
Contents
Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Senior Editor Loreta Cilfone Marketing Manager Kathrine Pecotich Art Director Stefan Babij Correspondents Sarosh Bana Adeline Teoh
MARKETING AND ADVERTISING Kathrine Pecotich T | +61 8 6361 1786 promoteme@australiansecuritymagazine.com.au SUBSCRIPTIONS
T | +61 8 6465 4732 subscriptions@mysecurity.com.au Copyright © 2014 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E | info@mysecurity.com.au E: editor@australiansecuritymagazine.com.au All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.
CONNECT WITH US
Editor's Desk 3 Quick Q & A with Konrad Buczynsi 4 Movers & Shakers 6 Feature Article Syrian recruitment: The battle for hearts and minds 8 National WA Senate recount investigation – a breach of security in itself? 12 The importance of Critical Infrastructure Protection 14 Breaking into BIM: Virtual red-teaming 16 International Towards an Asia Pacific alliance 18 India’s gory wildlife trade 21 Women in Security Out of the box 24 Frontline Dealing with an active shooter situation 26 Unmanned vehicles: Enhancing security, rescue and natural disaster management capability 30 Cyber Security The implications for cyber security in a post-Snowden world 33 Fighting fire with firewalls 34 Why we need to say goodbye to passwords and PINs 36 An introduction to block cipher cryptanalysis 38 Victim in the dark 40 Encrypting for cloud security and compliance 42 Rethinking firewalls for webs applications 43 Mobile phone evidence gathering: Sometimes the BEST form of evidence! 44 TechTime - the latest news and products 47 Up close 56
Page 8 - Syrian recruitment
Page 18 - Towards an Asia Pacific alliance
Correspondents
Sarosh Bana
Page 26 - Dealing with an active shooter situation
Adeline Teoh
Contributors
www.facebook.com/apsmagazine www.twitter.com/apsmagazine www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about www.youtube.com/user/MySecurityAustralia
John Cunningham
Konrad Buczynski
Milica Djekic
Ammar Hindi
Linda Hui
Frazer Holmes
Paul Johnstone
Paige Leidig
Dr Pascual Marques
Stuart Porter
Phill Russo
Michael Steinmann
www.asiapacificsecuritymagazine.com
www.drasticnews.com
|
www.cctvbuyersguide.com
|
www.youtube.com/user/ MySecurityAustralia
www.chiefit.me
Dr Robyn Torok 2 | Australian Security Magazine
Editor's Desk “Decay Theory: (psychology) a model of forgetting which assumes that memories fade and will gradually be lost if they are not occasionally refreshed.” - McGraw-Hill Science & Technology Dictionary
S
ecurity works when nothing happens. Or is it, if nothing happens security works? The spotlight is shone most commonly on security only after an event – and then it is likely to be seen as the cause and the solution. Much like safety, security must be near fully functional for best prevention and affect – any lapse will raise the risk and may allow a trigger event to form. Known as ‘Security Decay Theory’, security lapses over time due to complacency, only to decay to the level of triggering another event. Security is then reviewed, tightened and left to decay again, over time until the next event. And so it continues. In the 13th year since 9/11, the circumstances of Malaysian Airlines flight MH370 have been a phenomenal event to watch unfold – and as captivating in the unknown and yet to be reported events as 9/11 was in the first days and weeks. Our condolences to the families involved and they are at the forgotten core of this incident. Unlike to many of us watching the news, this event is real in emotion only to them and those directly involved. Once a catastrophic mechanical failure was ruled out, the first days naturally involved a spotlight on aviation security and the risk of hi-jacking – expect changes in passport security? Maybe. As the search continued into the first and second weeks, it also allowed extra discussions on global surveillance capabilities, international cooperation of military assets and search and rescue practices in extreme environments. The tragedy will continue to be subject to extraordinary in-depth review and learning. We hope to assist in that journey and your opinions and contributions are welcome. At the time of writing, the search and rescue is hopeful of a recovery 2,400km south west of Perth. More decay? We take a slightly different look at the Australian Electoral Commission’s (AEC) loss of 1,370 Senate votes in WA and the subsequent inquiry by the renowned, former Australian Federal Police Commissioner, Mick Keelty AO APM. With reference to the security decay theory above, one would have thought a reasonable security risk assessment would have been conducted by the AEC prior to the election – much like a safety assessment would be conducted prior to a builder commencing construction. Did they have a security advisor? During a recent
parliamentary hearing, chair of the parliamentary committee overseeing electoral matters, Victorian Liberal MP, Tony Smith, asked whether the 2013 election was the biggest disaster in the AEC’s history – to which Acting Head of the AEC, Tom Rogers, said; “You asked me at the start whether I thought it was the most catastrophic issue that we have dealt with, and indeed it is.” So why then, had the AEC not foreseen a reasonably foreseeable event and why was a security assessment not conducted? Part of the problem, I would argue, is because the security profession is not shouting loudly enough about how important security risk management has become in the modern world. The loss of 1,370 votes has resulted in a AU$13M– $20M loss from new election costs – let alone the reputation of our most fundamental democratic process! Does that highlight it enough? It is appropriate for the AEC Commissioner and WA State Manager to have resigned. Despite Prime Minister, Tony Abbott, telling businesses to rely less on Government – the security sector continues to need better regulation – and it is the Australian State Governments responsible for regulating the industry. In my view, it remains the Government’s framework that is directly responsible for restraining improvements in security awareness, training, standards and regulation. Opinions are welcome and we will take the opportunity to report on the Federal Government’s May budget, in comparison to 2013 election policies that would benefit the security industry. More importantly, in this issue, we feature a significant article by Dr Robyn Torok, concerning the ‘battle for hearts and minds’ in Syria. As the war continues into its fourth year, both sides need to sustain the battlefield with fighters. The conflict has evolved its use of propaganda and recruitment methods and Australia has already seen a number of nationals killed in action, including an Australian soldier. Dr Torok explains how Australians are being recruited in the first instance. This is the first of a two part article which is a troubling, but necessary read. In support of Dr Torok, we have other highly informative articles on regional affairs in the Asia Pacific and national critical infrastructure, through to frontline issues of active shooter situations, unmanned vehicles, India’s wildlife smuggling
trade, conducting vulnerability assessments and a special cyber security series with an insight into firewalls, passwords, mobile forensics, cryptography and encryption. Enjoy!!! Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.
Yours sincerely, Chris Cubbage
CPP, RSecP, GAICD
Executive Editor
OUR NETWORK Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.
Read Asia Pacific Security Magazine online! www.asiapacificsecuritymagazine.com/e-mag/
Australian Security Magazine | 3
....with Konrad Buczynski
Director, Agilient; and Committee Chair for the Australasian Council of Security Professionals
Konrad Buczynski started his career as an Australian Army Officer, security consultant, then Chief Security Officer and Crisis/BCM Program Manager at Thales Australia-New Zealand. Fifteen years later he is now Director of a specialist security, risk and resilience consultancy firm. How did you get into the security industry? Following a military career I was invited to assist in risk and crisis management planning for a major Australian financial institution. After a number of years on similar assignments I became what might be described as part the post-Sept 11 security profession. How did your current position come about? My business partner and I saw neat synergies between what we had been involved in over many years and what we thought would be of benefit to industry stakeholders. In a bid to take on some of the existing name brands, we combined resources and have subsequently enjoyed excellent success and are constantly evolving design of our portfolio of offerings. Agilient is a specialist security, risk and resilience consultancy firm delivering expert ‘endto-end’ security solutions to Government and the private sector. We recognise the ineffectiveness of multiple security suppliers often working in isolation for organisations, and position ourselves to best coordinate delivery of wholeof-organisation needs, or at least in coordination with those imperatives. What are some of the challenges you think the industry is faced with? Achieving an effective degree of industry unification for its advancement; this requires a pragmatic approach given the breadth of skillsets in the broader industry. The ACSP is doing an excellent job, but it requires the involvement and support of a broad base of security practitioners to be a truly effective voice ‘for’ the profession – registration is an ideal way to do this and will yield a range of benefits. Responsiveness to a constantly shifting security threat environment, which can routinely be unique to an organisation. This infers ongoing liaison and engagement with law enforcement, advisors, internal stakeholders and other relevant parties. Making the case to stakeholders well enough
4 | Australian Security Magazine
to overcome a singular focus on compliance in the procurement of security solutions, where it exists. Where do you see the industry heading? It’s an interesting question to answer because the ‘industry’ is represented by an extensive and composite grouping of professionals, some going in very specific, and often unique directions. That’s what makes it a challenge to look to compartmentalise the industry as a whole. This is a great thing though, diversity equates to sustainability and new techniques, methods and opportunities for collaboration. At the practitioner level, cyber/IT security will of course remain an increasingly critical function and skill gaps will likely continue, making it a solid occupation for those looking towards a sustainable career. There are a range of other security sub-disciplines that will also continue to thrive, such as National security functions and those linked to critical infrastructure protection. At the more strategic level, I believe that convergence and integration in security planning and implementation will continue to generate
better outcomes for organisations, and will deliver improved alignment between strategy and management. In a number of organisations it is not uncommon to see IT, as just one example, and ‘corporate security’, operate with sub-optimal coordination. HR, Procurement, Facility Management, IT, Operations and other functions all have important roles to play and coordination at the strategic level is key to successful integration and performance. This can often be hampered by procurement processes that are tolerant of multiple, single-use channels to vendor engagement. From an industry organisation perspective, I see the influence of foreign organisations waning in favour of local associations, councils and memberships, as a reflection of local support and recognition that Australia/Australasia leads in many respects. What do you do when you’re not working? I play golf, enjoy our world class beaches and in recent years have been somewhat of a perpetual renovator.
2014 SafeCity Conference Ipswich Queensland
10-13 June 2014 IpswIch cIvIc centre IpswIch
Queensland
australIa
Safer Communities In FoCuS Key Benefits of Attending • Expert Speakers who have utilised CCTV in National & International cases • Discover which technologies are available to use for your system • Tour current systems for local government and defence services • Work as a national team in preventing crime • Learn the governance behind CCTV • Develop strategies for enhancing community safety
HeAr from expert speAKers • Mayor Paul Pisasale – City of Ipswich • Craig Hanley – proactive and reactive CCTV monitoring • Peter Gomez (FBI) – legal attaché during the Boston Bombing investigation • Vlado Damjanovski – internationally renowned CCTV expert • Professor Brian Lovell – cutting-edge image analysis and facial recognition systems • Dr Subhash Challah – licence plate recognition and video analytics • Professor James Byrne – criminology and criminal justice • Deputy Commissioner Brett Pointing (Qld Police) – CCTV implementation and community partnerships • Acting Detective Inspector Tom Armitt – lead investigator in the murder of Eunji Ban (QLD) • Senior Sergeant Ron Iddles – lead investigator in the murder of Jill Meagher (VIC)
www.safecityconference.com.au
eArly Bird registrAtion ends 30 April 2014 To view full conference program and to register, visit www.safecityconference.com.au
Owen J Monaghan
Jeffrey Sit Honeywell has announced that Jeffrey Sit has been appointed as Vice President and General Manager of Honeywell Security Asia Pacific, reporting directly to Ron Rothman, president of Honeywell Security Group. In his role, Jeffrey Sit will lead Honeywell Security Asia Pacific as it continues to serve the region’s vibrant, high-growth economies. His appointment emphasises the consistency of Honeywell Security Group’s strategy in Asia Pacific to further innovate and create increased value for customers. Sit replaces Mabel Ng who was recently named Vice President and General Manager for Asia Pacific for the company’s Environmental and Combustion Controls business unit. “Jeffrey is already well known in Honeywell Security Asia Pacific from his current role as General Manager of East Asia and South China,” says Ron Rothman. “Jeffrey brings a wealth of experience to his new role with 20 years of industry experience and his strong focus on customers will ensure that Honeywell continues as their partner of choice.”
Bob McGowan URS has appointed Bob McGowan as Managing Director, Australia. In this position, McGowan is responsible for leading URS’s engineering, environmental and construction management services across all business sectors, including mining, oil and gas, water/wastewater, transportation, Government, and power. McGowan previously served as URS’s Regional Manager, Queensland, for the past 16 years where he developed and led the growth of the environmental and engineering business across various markets including mining, roads, rail, oil and gas, and water infrastructure. He has proven exemplary leadership and management performance throughout his 25 year career with URS. He also has a strong focus on health and safety, and has recently been appointed to the Safety Leadership Group for the Coal Seam Gas/ LNG industry in Queensland.
6 | Australian Security Magazine
Owen J Monaghan, CPP, has been appointed president of the ASIS International Professional Certification Board (PCB) for 2014. The PCB manages the ASIS certification programs by overseeing the standards, quality assurance, and examinations for the three ASIS board certifications: Certified Protection Professional (CPP), Professional Certified Investigator (PCI), and Physical Security Professional (PSP). The first active-duty law officer to hold this position, Monaghan is Assistant Chief, New York City Police Department (NYPD), currently assigned as the Commanding Officer of Patrol Borough Brooklyn South, the largest borough command in the NYPD. “The private sector is working more closely with law enforcement to manage today’s threats and it is important that we share a common ground of knowledge,” says Monaghan. “I strongly encourage active-duty officers to become board certified to enhance their credibility with their private sector counterparts.”
Regional Sales Manager based in Raytec’s UK Headquarters, Amy has spearheaded the growth of Raytec LED lighting in the security market for the Asia/Pacific region during the past five years, leading a vast number of high security, industrial and critical infrastructure projects. Quinn says, “Raytec are committed to providing our customers in Australia and New Zealand with the highest levels of support from lighting design to post-sales support, and our new sales office allows us to do this at a local level. There is a huge demand for Raytec products from this region, not only for CCTV and security but also for several vertical markets such as hazardous area lighting. My intention is to help Raytec partners fully service those opportunities.”
Chris Gibbs Emulex Corporation has announced 25 year industry veteran, Chris Gibbs, as its Vice President of Sales for Asia Pacific and Japan for the Endace division of Emulex. In this role, Gibbs will expand the Endace Network Visibility Products’ (NVP) field team and develop partner relationships for the Company’s network visibility products and services in the rapidly growing Asia Pacific region. Gibbs brings 25 years of IT sales and sales management experience in the region to Emulex. Most recently, Gibbs served as the Vice President of Global Accounts for Global Communications Service Providers (CSPs) in Asia Pacific and Japan at CA Technologies. Prior to that, Gibbs was the CEO of Torokina Networks. Throughout his career, Gibbs has worked for leading technology companies, including Concord Communications, IBM, Rational Software and Telstra. Gibbs comments, “I am thrilled to join such a highly skilled team and I look forward to growing our presence across Asia Pacific and Japan. I am confident that the Asia Pacific region will be one of our fastest growing geographies and will represent a sizeable part of our NVP portfolio in the very near future.”
Amy Quinn Raytec is pleased to announce they have opened a new sales office in Melbourne, Australia, following a year of significant growth and success in the region. The new office is dedicated to serving Raytec customers in Australia and New Zealand and is headed up by Amy Quinn, Raytec Business Development Manager ANZ. Previously a
Matthew Cawthorne Pilgrims Group continues its targeted global growth with the appointment of Matthew Cawthorne as Country Director, Iraq. With a background of 24 years as an officer in the UK’s Royal Marines and a further five years serving a reconstruction agency and corporate clients in Iraq, Cawthorne will have responsibility for Pilgrims policy and strategy in that country, including all aspects of existing contracts and the development of new business. “My aim is to build on Pilgrims marketleading technical excellence to grow the company’s business in Iraq,” says Cawthorne. “With an estimated $1tn of infrastructure investment in the country over the coming years, we aim to provide security services for companies participating in Iraq’s resurgence as a significant regional player. I will focus on building cost effective service delivery for current and new clients, drawing on our substantial Iraq-wide network of friends and trusted contacts.”
If you have an entry for Movers & Shakers please email details and photo to editor@australiansecuritymagazine.com.au
w
w
w
.
c
h
i
e
f
I
T
.
m
e
CIOs, IT Leaders and decision makers • Big data • Communications • Cloud computing • Technology systems • Interviews with industry thought leaders plus much more.
Feature InArticle
Syrian recruitment: The battle for hearts and minds The battle for hearts and minds is a very important battle, because we are not only fighting in the battlefield, we are also fighting in the realm of ideas. - Anwar al-alwaki The internal conflict in Syria has continued to draw world-wide media attention as well as international criticism, especially for the resulting humanitarian crisis. Compounding the crisis is the complex political and religious landscape of the rebel movement that composes more than 1,000 groups. These groups have a variety of ideological views, as well as differing perspectives on the future of Syria. Such differences have caused conflict between rebel groups. By Dr Robyn Torok
8 | Australian Security Magazine
T
he legacy of Anwar al-Awlaki continues to exert strong influence in jihad circles, particularly the importance of the internet as a tool for fighting in the realm of ideas which al-Awlaki regarded as just as important as the physical battlefield. In fact, it is widely stated that half of jihad is to occur in the media. This article focuses on the key ideas found to be circulating on social media platforms in relation to encouraging Westerners, including Australians, to participate in the Syrian conflict. It is also important to note that it is the jihadi terrorist groups such as al-Nusra and ISIS, that are key propagators and beneficiaries of these ideas in terms of gaining foreign fighters.
Propaganda of the Syrian resistance forms an important foundation for the way jihadists attempt to battle for hearts and minds in relation to recruiting. Nevertheless, systems of ideas needed to motivate people for action, especially in terms of risking their own life in a foreign country need to be much more extensive and impacting. People need to be fully encased in a system of ideas that are continually reinforced from multiple sources and elements toward not only fighting in jihad, but being a martyr. Foundational propaganda used by resistance groups focuses on the atrocities committed against the Syrian people coupled with the perceived inaction of both Middle
Feature Article
Eastern and Western Governments. Firsthand experience with such atrocities is sufficient motivation for much of the local Syrian resistance and forms an important starting point for recruiting foreign fighters. However, Westerners – Australians, are taken through a journey of ideas and concepts aimed at engendering their commitment to not only a focus on fighting, but more importantly, martyrdom and seeking the highest places (Al-firdaus Al-ala ) in Jannah (Paradise). Targeting the Western Muslim identity Sharp distinctions are made between the Muslim lifestyle in which jihad is central and the decadent Western lifestyle in which a person’s very Muslim identity is challenged. Outlining the duties and obligations of a ‘true believer’ was a critical aspect in reaching out to Western Muslims. In fact, Western Muslims are encouraged to return from their state of ‘jahl’ (ignorance). Failure to do so is threated with poverty, displeasing Allah and even hellfire. As Abu Bakr stated; “If people do not practice jihad, Allah will inflict them with poverty.” Further, to not practice jihad is to be in danger of hellfire itself. Recruits are also instructed that he Mujahideen and the Qaideen (those sitting at home) are not equal in the eyes of Allah, and that no action is equivalent to that of jihad in the path of Allah. A direct call goes out to the recruits: ‘My dear brothers in Islam, the fields of jihad are in need of you, and the military training camps are searching for you, so where are you when it comes to aiding the weak and oppressed one’s in the world? Redeem yourself from this ignorance that enslaves you and return to ‘true Islam’.’ Ignorance that recruits are needed redemption from include sitting at home and not engaging in jihad and following ‘true Islam’, being critical of the mujahideen and not supporting them. Also, the ideals of the family unit are challenged, ie, that people who allow their children to watch Dora the Explorer, Sesame Street, and Sponge Bob Sqaure Pants are allowing their children to become homosexuals, lesbians and drug dealers later in life. Instead, children should be trained with guns and in the path of jihad. Recruits are told to come out of their ignorance and: ‘let your houses be places for lions not chicken farms in which your sons will be fed then slaughtered by tyrants, like sheep. Instil in the hearts of your sons/children the love for jihad and the love of battlefields. Share the problems of Muslim Ummah. Live one day a week as refugees and how the Mujahideen live. They live on dry bread and tea.’ Sheikh Abdullah Azzam It is further made vitally clear to Westerners, that the only way to redeem yourself from a state of ‘jahl’ (ignorance) is to action oneself in jihad; even better, to be a martyr in the cause of Allah. Redemption from ignorance involves no longer living for self but living for Allah through the path of jihad. Essentially, it means turning from your past and following ‘true Islam’ and becoming a martyr. Redemption from Allah is instructed to be in the act of martyrdom itself not just fighting in jihad, although recruitment to jihad is the first stage of that redemption process. ‘The path of jihad and
‘My dear brothers in Islam, the fields of Jihad are in need of you, and the military training camps are searching for you, so where are you when it comes to aiding the weak and oppressed one’s in the world? Redeem yourself from this ignorance that enslaves you and return to ‘true Islam’.’ martyrdom is the best and fastest way to change and make up for what you did in the past and please Allah and win back his favour’. Jihadi scholars such as Abdullah Azzam are quoted, especially regarding the defence of Muslim lands as the first obligation of Muslims after Iman (belief/faith in Allah). Essentially, Western Muslims are encouraged to reorient their journey to make jihad central. This migration (Hijra) to jihad is viewed as both a journey and as evidence of ‘true belief ’. Furthermore, the mujahideen who participate in jihad are presented as much more favoured in the eyes of Allah than those who don’t participate. More than this, jihad is presented as a path not only to success but also to enter paradise. Centrality of martyrdom Jihad may be a journey, but martyrdom is the destination – the ultimate goal of a mujahideen. Those travelling to Syria are not only told to be prepared for martyrdom but to actively seek it. Having a love for martyrdom is an essential part of the preparation. Narratives of past martyrs are continually circulated and brought to the fore as these individuals are elevated in the same way that Australians respect those who have given their lives in service for our country. Not only are the martyrs themselves elevated but their words are given a special authority and quoted as almost a sacred form of text. These ‘shahada’ (martyrs) are the role models for those joining the conflict or as it is put ‘the caravan of martyr’. Martyrs are offered a list of rewards, some of which are well known such as the 72 virgins. However, there are also other important rewards promised such as redemption and forgiveness. This ties in with the redemption from ‘jahl’ (ignorance) when one follows the path of jihad in the cause of Allah. Martyrdom also promises freedom from the agony of death and this is supported by widespread narratives and photographs of martyrs who die with a smile on their face. Additionally, jihad promises redemption for family members. Some jihad texts promote a substitution system where for each unbeliever that one kills, they gain one redemption promoting mass casualty operations. Creating a system of ideas with enough influence to encourage a person to seek martyrdom involves not only presenting a list of rewards but more importantly, powerful imagery. Two powerful images are presented in relation to martyrdom and were common on social media pages relating to Syria. First is the concept of being ‘in the heart of green birds’. This image captures the soul of the martyr being free and flying in the heart of a green bird in paradise. Western
Australian Security Magazine | 9
Feature Article
“There is no other technique or means which strikes as much terror (like 9/11) into their hearts and which shatters their spirit as much as martyrdom operations. And because of these operations, the disbelievers cowardly refrain from mixing with the population.” recruits are targeted by comparing this concept to that of superman. Recruiters aim to capture the childhood dreams of being free to fly like superman as the experience of a martyr being in the heart of a green bird. The second form of imagery is ‘in the shadow of swords’ which captures the pathway or gateway into the afterlife. Simply put, this concept presents the fact that the gates of heaven are opened during battle so that when a Muslim in engaged in jihad the gates of heaven are open and ready to receive the martyr. Together, these ideas present a martyr having a ‘beautiful death’ followed by a ‘beautiful paradise’. These two images are reinforced by the concept of Alfirdaus Al-ala (the highest place in paradise) where martyrs are given the best mansions, take the highest places – given that they are in the heart of green birds, and are the most favoured of Allah. Social media evidence suggests that these discourses are well presented in relation to the Syrian conflict and are targeted toward the Australian audience. Of concern is the coherence and detail of these ideas that are aimed at fully encapsulating those online in a battle for hearts and minds. Evidence also suggests that those going to Syria are not only going with this jihad mindset but also a martyrdom mindset. One online text aimed at Westerners, more so, Australians encouraging them to commit acts of terror in their own countries ends with a powerful quote: ‘Kuffur [unbeliever], wait for the lone lion’ (the formal black suit jihad), a reference to the damage that can be done by one individual which is especially concerning in an age of lone wolf terrorism. More importantly, it is made very clear that the attack on home soil from ‘the formal black suit jihad’ should come by a jihadi who has won the trust of the kuffur. The attack should not only come from one that is ‘trusted’, but the ‘trusted’ one (jihadi) should also fit into the work place or social scene just like any Australian and be completely undetected and off the radar of surveillance. The jihadi is instructed that nothing drives more fear into the West than an operation of martyrdom on their own soil. As Sheikh Yusuf ibn Salih-Al-Uyayira said; “There is no other technique or means which strikes as much terror (like 9/11) into their hearts and which shatters their spirit as much as martyrdom operations. And because of these operations, the disbelievers cowardly refrain from mixing with the population. And whoever penetrates into the enemy
for the sake of Allah and to gain his pleasure, he is a shaheed (martyr) who has entered the highest of paradise.” Part 2 will feature in our next issue Jun/Jul 2014. It will include the risk that fighters pose upon their return to Australia, the types of martyrs as well as ‘the formal black suit jihad’ including proposed targets and training for lone wolf operations. About the Author Dr Robyn Torok is undertaking a second PhD in Security Science at Edith Cowan University in Western Australia. Torok’s research focuses on the role of the internet (social media) in recruitment of terrorists to jihad, in particular, to martyrdom operations. Torok specialises in home-grown terrorism and the threat lone-wolf terrorism poses to Western nations, including Australia’s, and how this threat will impact the country’s national security. Torok’s research is leading the way to enable better understanding of how the internet is used to influence, steer, guide and change a person from moderate views of Islam to more extreme views leading to terrorist recruitment.
The attack should not only come from one that is ‘trusted’, but the ‘trusted’ one (jihadi) should also fit into the work place or social scene just like any Australian and be completely undetected and off the radar of surveillance.
10 | Australian Security Magazine
www.cctvbuyersguide.com
For all the latest in CCTV products and news. www.cctvbuyersguide.com
National
WA Senate recount investigation
– a breach of security in itself? On April 5, 2014, Western Australians went back to the polls - thanks to the ‘lax’ and ‘complacent’ practices of the Australian Electoral Commission (AEC) at the September 2013 Federal Senate Election. The AEC Commissioner and WA State Manager both resigned. By Chris Cubbage Executive Editor
12 | Australian Security Magazine
I
n December 2013, former Australian Federal Police Commissioner, Mick Keelty AO APM, based in Canberra, investigated the loss of 1,370 Western Australian Senate votes. Mr Keelty criticised the Western Australian Electoral Commission’s ‘lax’ and ‘complacent’ practices. He found there was no apparent policy or process to cross check rubbish and recycling before disposal to ensure ballot papers were not accidentally thrown out. He also identified a ‘loose planning culture’ and a ‘complacent attitude toward ballot papers in the AEC’s WA operation’. He recommended specific Ballot Paper security provisions, monitoring by CCTV and intruder alarm systems. The Special Minister of State, Michael Ronaldson, said the Keelty report raised serious concerns about the current practices of the AEC, in relation to the security of ballot papers, logistics and training. Yet turning the investigation spotlight back on itself, the question becomes could Mr Keelty himself be in breach of the WA Security and Related Activities (Control) Act 1996 (the
Act)? Technically, should Mr Keelty have been a licensed security consultant to give this advice? And pursuant to the regulatory requirements of the Act, was Mr Keelty even appropriately qualified to conduct the inquiry in the first place? In Section 28 of the Security and Related Activities (Control) Act 1996 (the Act), an investigator is a person who for remuneration conducts investigations into the conduct of individuals or bodies corporate or the character of individuals. Section 30 of the Act, states a person must not act as an investigator except under the authority of an investigator’s licence, and subject to a $15,000 penalty. Section 13 of the Act states a security consultant is a person who carries out all, or any, for remuneration investigates or advises on matters relating to the watching, guarding or protection of property. Section 17 of the Act states, a person must not act as a security consultant except under the authority of a security consultant’s licence. A person must not carry out such
National
“What are the ramifications for the future of security services if legislation isn’t applicable or adhered to by Government but places restrictions on the private sector?” activities of a security consultant that a person holding a particular class of security consultant’s licence is authorised to carry out except under the authority of a security consultant’s licence of that class, and subject to a $15,000 penalty. On 5 November 2013, Mr Keelty was engaged by the AEC as an independent contractor, without entitlement to claim any employment entitlements and without the need to have any insurances, though private worker’s compensation and professional indemnity insurance was recommended by the AEC Commissioner. The AEC sought Mr Keelty to conduct an urgent examination into the circumstances that led to the exclusion of votes in the WA Senate recount. Yet, as of 5 November 2013, Mr Keelty was not a licensed investigator or a licensed security consultant in Western Australia. The intention here is not to discredit Mr Keelty’s investigation or security recommendations, but to highlight when regulatory compliance is overlooked and inadequate. For example, renewing a security agent, consultant and investigator licence will cost more than $2,000 in WA. Mr Keelty was engaged on terms in excess of this amount, per day. Yet, if an Investigator or Security Consultant is engaged by a private sector organisation, they would have been required to be licensed and to do so, would have presented the mandatory investigator and security qualifications required under the legislation – noting that former police qualifications are not recognised. Mr Keelty holds a Masters of Public Policy and Administration and a Graduate Certificate in Criminal Justice Education. The WA legislation is such that the security consultant must have a minimum qualification of a Certificate IV in Investigations and a Certificate IV of Security Risk Management. The prescribed qualification approach in place makes comparison of skills and experience impossible and unnecessarily complex. After raising concerns, the Western Australian Police Licensing Enforcement Division informed in writing that, ‘Mr Keelty has not breached the Security and Related Activities (Control) Act Legislation, as Mr Keelty did not act as an investigator as defined in Section 28 of the Security and Related Activities (Control) Act 1996’. WA Police further informed, ‘…the inquiry is to be made into the procedures relating to the handling of ballot papers and make recommendations to improve procedures…’ and that the ‘inquiry undertaken by Mr Keelty was limited to procedures... and not conduct’. Yet, Mr Keelty refers to his separate report concerning the ‘actions of individuals’ and is quoted by many media sources in reference to not ruling out the possibility of
corruption. It is apparent that he included ‘individual’s actions and conduct’ in his inquiry – thereby falling into the gambit of an investigation, as defined in the Act. Despite the requirements of the legislation, Section 5(2) of the Act exempts the need to be licensed while a person is performing official duties as a public officer of the Commonwealth or State Government. A public officer is defined as a person who is employed by the Crown or by a body that is an agent of the Crown. And in the shadow of findings from recent NSW Independent Commission Against Corruption (ICAC) hearings, a person providing consultancy services to Government agencies, in performing work for these agencies, is a public official for the purposes of the NSW Independent Commission Against Corruption Act 1988. Thereby, Mr Keelty was employed as a public officer and exempt from licence requirements. Indeed, it seems on that basis that any person engaged as an independent contractor by any Government agency is exempt to hold a licence under the Act. What should be asked is, “What are the ramifications for the future of security services if legislation isn’t applicable or adhered to by Government but places restrictions on the private sector?” Does it demonstrate that legislation controlling the security profession is unnecessary, in particular when Government is able to parachute advisors in at will, but the private sector is limited to advisors in their own State? In contrast to the physical security and inquiry profession, the Information Technology Security Professionals continue to be self regulated. It remains time for security professionals, of both physical and cyber domains, to be extracted from the limitations of the state licensing provisions. This then allows the police enforcement divisions to focus on monitoring and controlling the frontline officer, installer and crowd control elements of the industry. The engagement of Mr Keelty for this investigation and security review, albeit exempt from licensing requirements under Section 5(2) of the Act, provides another example why national reform is needed of security and inquiry legislation and controls. Australia’s leading security industry and professional bodies all support reform and mutual recognition of the security services sector across the States and Territories – maybe the AEC debacle, set to cost the public purse an additional $13 million, will highlight again why it is in Australia’s national interests to start paying the sector the attention it deserves.
Australian Security Magazine | 13
National
The importance of Critical Infrastructure Protection The term Critical Infrastructure Protection (CIP) relates to the systematic and pragmatic approach to the protection of assets, supply chains and networks whose unavailability would have a significant detrimental impact on the security of Australia or the social and economic wellbeing of its people. By Frazer Holmes
C
IP examines threats and possible attacks against the critical assets of a country. It takes an umbrella approach to look at what measures are taken, what measures are effective, and what possible counter attacks can be used in the successful deployment of protecting critical assets. There is national, Territory and State based guidelines and frameworks for the protection of Critical Infrastructure (CI) geared to provide a framework for a national and consistent approach for the protection of CI assets. Although they primarily are designed to focus on the protection from terrorism, the guidelines recognise that treatment for CI assets will depend on the individual assessment and criticality of the asset, the security posture and profile for the asset or relevant sector. Of which terrorism is but one of many threats from which CI needs to be protected from. As such, the responsibility for the continuity of CI is shared by all Governments and by owners and operators alike. Further to this, the Australian Government has developed the Trusted Information Sharing Network (TISN) for critical infrastructure resilience. This provides an environment where owners, operators and Government can work together to share information on security related issues affecting CI assets and the continuity of operations associated with all threats. This strategy has a strong focus on developing partnerships, and illustrates the commitment of the Australian Government to working with owners and operators and State and Territory Governments to achieve complementary and mutually beneficial outcomes. Why protect Critical Infrastructure? What is being protected is not always the infrastructure itself but the services it provides. Therefore CIP involves a range of strategies with the objective of protecting not only the
14 | Australian Security Magazine
physical ‘infrastructure’, but all assets that are deemed ‘critical’ in the sense that we could not do without them. Or at the very least, the disruption to their services would make life difficult, or affect our national security. A number of these strategies include protective security, crime prevention, business continuity and risk management, and emergency management. An asset could be deemed critical when the services it provides are vital to a State or the nation as a whole. The list of infrastructures and services that may be considered critical includes transportation, defence, industrial, telecommunications, banking and finance, agriculture, food, water, power, public health, Government services and emergency services. Understanding where the real threat lies An understanding where the major threats will come from is imperative when determining what needs to be protected and why. Some may argue that attacks on CI may appear to tie more closely with terrorism and war than with any other area. While events such as the 9/11 attacks on the World Trade Centre and the Pentagon, and the attacks on the London Underground Railway system in the UK, all targeted aspects of what we term CI. However, it may be questioned that we are overplaying terrorism (perhaps out of hype or fear) and underplaying the danger of Mother Nature? Both of these areas call out for a CIP response. The question is which areas should we devote more time, effort and finance towards, man made threats such as terrorism, civil war, issue motivated groups and so forth, or natural threats such as earthquake, flooding, fires, cyclone, drought etc? The answer may not be as simple as one may assume, however, one thing is certain and that is all such incidents must be considered in order to provide a holistic and coordinated approach to CIP.
National
Emergency Management and Response The importance of CIP transcends the traditional safety and security regimes, and therefore a shift in the traditional mindset to incorporate a balanced and coordinated approach to not only focus on the protection of the assets themselves, but how can we manage, respond to and recover from such incidents is needed. These actions and tasks refer to deliberate activities that are undertaken in advance of an incident to develop operational capabilities to facilitate an effective response. Large scale CI threats will take their lead from the global context, however, it behoves us to do our bit and minimise the effect by being prepared as much as possible. As a result, business continuity of critical infrastructure looks at not only how we deal with incidents, but also the effect any disruption or loss may have. BC provides identification and consensus on criticality of the asset and supply chains as a whole rather than focusing on just how we deal with the incident in isolation. Challenges There are many challenges associated with the protection of CI assets and can often include limited security awareness, lack of acceptance or understanding of security requirements. Or even where a person’s perspective may mistakenly adopt the line that security is not required at all. Within Australia,
more than 90 percent of CI is owned privately, which is certainly a challenge when determining who will protect, pay and respond to incidents around CI. Summary Enhancing capability for prevention, recovery and response relating to incidents against CI is not an easy task. Apathy against CIP will need to change, as advances in technology and changes to internal governance requirements highlight that a dynamic approach is required. These factors only increase the argument that a coordinated approach, such as TISN, is imperative to have, if and when an incident occurs. So that owners, operators and Australia as a nation can prepare, prevent, respond and recover quickly and with as little impact or exposure as possible. About the Author Frazer Holmes is a leading SCEC Endorsed Security Consultant (Attorney General’s Department) and member of the International CPTED Association (ICA) and Risk Management Institute of Australasia (RMIA). Holmes has recently joined the team at Amlec House Security Consultants and can be contacted at: frazer.holmes@amlechouse.com
Business Continuity The Queensland Government has defined Business Continuity as the process of ‘developing a practical plan for how your business can prepare for and continue to operate after an incident or crisis. A Business Continuity plan will help you to identify and prevent risks where possible, prepare for risks that you can’t control and respond and recover if a risk occurs’. In the context of Critical Infrastructure, Business Continuity looks at how we deal with attacks on critical infrastructure as and when they occur. How well does the nation, an owner or operator ‘bounce back’ from adversity? Business Continuity and the resilience of our various critical assets needs leadership and hierarchy in order to quickly, fairly, justly and effectively re-establish control and order.
Security on the move
SRI SecuRIty congReSS, 1-3 DecembeR 2014 Over three days ECU’s SRI Security Congress will bring together all areas of security professions and disciplines as part of a holistic engagement with the wider security community. Scholars of the following disciplines are encouraged to participate: strategic studies, public affairs, communication studies, international politics, criminology, business and management, information and computer science, political science, social science, psychology and cognitive science, and security studies. All submissions will be subject to a double blind peer review process and best papers will be considered for publication in selected journals. The 2014 SRI Security Congress will host 5 security based conferences over 3 days 15th Australian Information Warfare Conference 12th Australian Digital Forensics Conference
12th Australian Information Security Management Conference 7th Australian Security and Intelligence Conference 3rd Australian eHealth Informatics and Security Conference
Venue
Contact details
Key dates
Edith Cowan University 270 Joondalup Drive, Joondalup WA 6000 Tel: +61 8 6304 5176
Congress Coordinator – Emma Burke Tel: +61 8 6304 5176 E: sri@ecu.edu.au W: http://conferences.secau.org/venue.php
Paper Submission Deadline – 30 June 2014 Acceptance Notification – 15 August 2014 Camera Ready Papers – 10 October 2014 Early Bird Registration – 2 November 2014
TEACHING QUALITY ★★★★★ ★★★★★ TEACHING TEACHING QUALITY QUALITY Tel: 134 ECU (134Tel: Tel: 328) 134 134 ECU ECU★★★★★ (134 (134 328) 328) ★★★★★ GRADUATE SATISFACTION ★★★★★ ★★★★★ GRADUATE GRADUATE SATISFACTION SATISFACTION E: futurestudy@ecu.edu.au E: E: futurestudy@ecu.edu.au futurestudy@ecu.edu.au the Good universities Guide the the Good 2014 Good universities universities Guide Guide 2014 2014
reachyourpotential.com.au reachyourpotential.com.au 303LOWE ECU10745 A CRICOS IPC 00279B
ECUSRI Edith Cowan University Security Research Institute
National
Breaking into BIM: Virtual red-teaming
A vulnerability assessment can be a costly and complex task to undertake. This cost can force stakeholders to limit the amount of security analysis they perform on a facility, often leaving the task until late in the construction phase for facilities where security isn’t considered vital. Late consideration can lead to costly re-design and retro fitting of security measures. By Stuart Porter
16 | Australian Security Magazine
O
ur research aims to make vulnerability assessment more accessible and able to be applied from the early stages of facility design. To achieve this we looked at incorporating Building Information Models (BIMs) into security simulation software. BIMs are similar to traditional 3D CAD in that they allow for the 3D visual design and representation of a facility, with the abstraction of various plan views possible for construction purposes. The main advantage over CAD is that a BIM treats the objects within it as entities, linking them to a database back end. This allows a BIM to store related information on an object such as supplier, tolerance and maintenance documentation. It also makes a BIM more intelligent, allowing it to be used for automated conflict detection and cost estimation. These benefits can result in large savings over the lifecycle of a facility and is helping to drive its increasing uptake within the architecture, engineering and construction industries. By leveraging BIM we can make a more compelling system, one that can be easily integrated as a value add to any facility already using BIM. We see this as allowing our
system to complement any existing security assessment and potentially train designers to avoid security flaws. Towards this end we have built a proof of concept system that performs automated vulnerability assessment against provided BIM models. Our system begins by converting the BIM into an edge and node graph representation. The graph representation allows us to use known computing methods for quickly searching the facility for analysis, such as the well-known ‘Dijkstra’ shortest path algorithm. To convert the BIM into the graph abstraction, we map areas such as rooms to nodes and possible paths such as doorways between areas to the edges. An area will typically be a room but may also be outdoor areas that are protected by a sensor or encapsulated by a fence. For the edges we try to capture any possible path between the areas, such as doorways, windows and walls. A basic example can be seen in figure 1. As we create the graph, we also populate it with information from the BIM. Nodes are assigned information on the areas they relate to and their location. Edges are assigned information on the materials used to construct them
National
Figure 1: A simple facility on the left and its graph abstraction on the right
so that we can later determine the cost for an attacker to breach them. Once the graph has been completed we can perform analysis against it. To do this the system is provided a list of tools to simulate attacking the facility with. To maximise versatility, the tools and materials used in the simulation are read in from an XML file allowing for users to update and expand the available options. The system will perform an exhaustive analysis of the facility with the tools provided. To do this it will run a security simulation against the facility with all possible permutations of the tools. So if the system is given rock, hammer and axe, it will end up running nine permutations including: • Rock; • Rock and Hammer; • Rock, Hammer and Axe; • Rock and Axe; • Etc. On each security simulation run, it will compare the available tools against the materials assigned to each edge. It will search the materials to find what attacks are possible with the available tools and assign the one with the lowest cost. Once all edges have had an appropriate cost assigned, it will begin a shortest path search. Starting with a special ‘outer’ node with a cost of zero, the system will examine each connected node to determine which edge linking it to the starting node has the lowest cost. It will then assign the node a cost of the cheapest edge plus the cost of its preceding node, the ‘outer’ node in this case. It will then examine each node and determine if the cost to reach it through one of its neighbouring nodes via the edge is less than its current cost, if so it will assign this as the new cost. The simulation proceeds until no nodes require further updating. Once all nodes have had their cheapest path calculated, we are able to analyse the overall graph and provide feedback on how cheaply each node can be accessed and how. The system will then perform the security simulation and gather its data for analysis and so on until all permutations have been performed. Using the compiled data, our system provides feedback on which nodes are most likely to be breached and statistical analysis on the cost associated with each node and tool. Using this feedback, the designer can consider hardening their facility against particular attacks or particular nodes that represent weak spots. Currently, this information is
provided as a lengthy text report that can be somewhat tricky to interpret but we plan in the future to use other more visual and interactive feedback options to improve usability. Along with the above static analysis, we have also explored dynamic analysis by way of intelligent agents. Using a Multi-Agent System (MAS) we are able to perform virtual red teaming, where one set of agents act as the aggressors or red team and another set act as the defensive blue team. This takes place across multiple iterations with the potential to help find best-case cost to benefit hardening solutions. The MAS begins its analysis by having the red team perform an attack with a given set of tools. Once the red team has completed an attack on the facility model, it provides a report to the blue team on how it entered the facility. The blue team then performs a round of hardening by examining the method of entry used and ‘upgrading’ the materials on the edges that allowed ingress. After the hardening is performed, the blue team indicates that the red team should try again and the system repeats, iterating in this fashion until a finish criterion is met. At present, the upgrading is a fairly simple system where a material is replaced with a stronger material without regard for practicality, so you can end up with the glass from a window being replaced by brick because it is stronger. While rudimentary this system does show the potential of virtual red teaming and could be improved to take into account limiting factors such as material properties and even costs. The potential for the static and dynamic aspects of our system to assist designers and security practitioners seems clear. By leveraging BIM we can allow users to perform analysis from an early stage and better incorporate changes into their design to meet their desired security threshold cheaply. The ability to perform a thorough analysis in a short period of time can also benefit more experienced security practitioners by supporting their own analysis efforts. About the Author Stuart Porter is a post-graduate student at Curtin University in Western Australia. His research interests include Simulation, Physical Security and Building Information Models.
Australian Security Magazine | 17
International
Towards an Asia Pacific alliance China’s proclamation of an air defence zone over island territory in the East China Sea is claimed by both Beijing and Tokyo as stoking military tensions across the region.
By Sarosh Bana Correspondent
18 | Australian Security Magazine
The two largest economies in Asia continue to spar over disputed island territory, raising prospects of a maritime clash. US Vice President, Joe Biden, hastened to Japan that Washington shared its concerns over China’s recent moves. He also called on Chinese President, Xi Jinping, in Beijing to reaffirm China’s posture as a state policy based on national interest. Washington is deploying six Boeing P-8A Poseidon aircraft in Japan, guided by a bilateral Treaty of Mutual Cooperation and Security of 1960 that pledges, “The Parties will consult together from time to time .., whenever the security of Japan or international peace and security in the Far East is threatened.” Described as the most advanced longrange anti-submarine and anti-surface warfare, intelligence, surveillance and reconnaissance aircraft in the world, two of the P-8As have already arrived. Beijing’s claims of sovereignty over almost the entire
South China and East China seas have sparked disputes with its neighbours, Vietnam, Taiwan, Malaysia, Brunei and the Philippines. The contention has been the various island enclaves, not of much value in themselves, but the possession of which would provide continental shelves and Exclusive Economic Zones (EEZ) that extend 200 nautical miles from the low-water shoreline. China and Japan have contesting claims over the uninhabited islands, called Diaoyu by the former and Senkaku by the latter. The two neighbours have been engaged in a prolonged territorial wrangle over this group of islets, as potentially vast gas and oil fields have been estimated off its shores. Both countries have hitherto strived to keep the dispute from spiralling, mindful of their entrenched commercial ties that have resulted in two-way trade reaching a record $345 billion last year, China being the biggest trading partner of Japan.
International
Obama’s policy of ‘rebalance’ to the Asia-Pacific entails the relocation of 60 percent of the US’s naval assets – up from 50 percent today – to the region by 2020. The on-going disengagement of American troops in Afghanistan and Iraq had raised speculation that the Pentagon might also diminish its role across Asia. Apart from the Senkaku/Diaoyu dispute, China’s other competing claims in the region involve those with Vietnam, the Philippines, Malaysia, Taiwan and Brunei which each claim parts of the Paracel and Spratly island chains, and with the Philippines over the Scarborough/Panatag Shoal in the Philippine Sea that abuts onto the South China Sea. Coincidentally or not, China’s maritime disputes with its neighbours in the littoral have been gaining global attention ever since U President Barack Obama’s announcement last January of his country’s ‘pivot’ strategy in the Asia-Pacific. Previous moves by Beijing to send patrol ships to Senkaku/ Diaoyu had provoked anti-Japan street protests across China, and led Japanese companies there to halt operations as a precaution and many Japanese expatriates to return home. Chinese Defence Minister, General Liang Guanglie, had also warned that Beijing reserved the right to take further action. Apart from these maritime stand-offs, Beijing has for long been waging a border feud with India, Asia’s third largest economy after China and Japan. People’s Liberation Army soldiers frequently intrude deep into Indian territory across the 3,488-km border the two countries share, with recent skirmishes involving the setting up of camps, unfurling of banners warning ‘Indians’ to stay away, and the vandalisation of Indian border monitoring systems. China had gone to war with India in 1962 in which it occupied 37,244 sq km of the Aksai Chin plateau adjoining the north Indian state of Jammu and Kashmir. It also claims the 83,743 sq km State of Arunachal Pradesh in north-east India as part of South Tibet that it controls in the eastern sector of the Himalayas. Beijing has long been affronted by India’s support to the Dalai Lama and New Delhi’s grant of refuge in India to the Tibetan spiritual leader and his compatriots in exile since 1959. But though the two Asian giants signed agreements in 1993 and 1996 to respect the Line of Actual Control and inked another pact on border sanctity during Indian Prime Minister, Dr Manmohan Singh’s, visit to China in October, Beijing took umbrage at Indian President Pranab Mukherjee’s tour of Arunachal Pradesh just a week ago. China’s official news agency, Xinhua, quoted foreign ministry spokesman Qin Gang as saying, “We hope that India will proceed along with China, protecting our broad relationship, and will not take any measures that could complicate the problem, and together we can protect peace and security in the border regions.” Such ominous developments have been posing a threat to this fastest growing economic region in the world and its vital waterways, confounding diplomatic efforts, rousing hostilities and heralding a geopolitical power struggle between the world’s two leading economies of the US and China.
US Military Pivot to the Asia Pacific The return of Asia-Pacific to the centre of world affairs is the great power shift of the 21st century. This economically integrated region is traversed by half the world’s commercial shipping worth $5 trillion of trade a year. More than 4.2 billion people live there, constituting 61 percent of the world’s population. And apart from straddling vital supply chains, this part of the world holds dense fishing grounds and potentially enormous oil and natural gas reserves, though at present it is a net importer of fossil fuels. China surpassed the US in September 2013, as the world’s biggest net oil importer and its energy-hungry export-driven economy that is heavily dependent on raw material is keen on buttressing its suzerainty over the regional Sea Lines of Communication (SLOC) that are critical to the survival of the entire Asia-Pacific community. Apart from investing in port construction in Pakistan, Sri Lanka and Myanmar, Beijing has been extending its military reach in the Asia-Pacific through the establishment of a major surface fleet and nuclear-submarine base on the Hainan Island in the South China Sea and the development of advanced and anti-ship ballistic missiles that can target US naval forces in the region. Though the US has stressed its desire to be neutral, it is conscious of China’s military build-up as also the need for freedom of navigation for all countries. It hence finds it imperative to raise its already formidable profile in the AsiaPacific. Its numerous military bases in the region include 17 in Japan and 12 in South Korea, while it also has a presence in Australia, Thailand, the Philippines, Guam and Singapore. Obama’s policy of ‘rebalance’ to the Asia-Pacific entails the relocation of 60 percent of the US’s naval assets – up from 50 percent today – to the region by 2020. The on-going disengagement of American troops in Afghanistan and Iraq had raised speculation that the Pentagon might also diminish its role across Asia. But in his policy enunciation, Obama had affirmed; “As we end today’s wars, I have directed my national security team to make our presence and missions in the AsiaPacific a top priority; as a result, reductions in US defence spending will not - I repeat, will not - come at the expense of the Asia-Pacific.” His country’s move to downsize its defence budget by $487 billion over the next ten years will hence not come at the expense of ‘this critical region’. According to the Pentagon, the drawdown in Afghanistan will release naval surface combatants, as well as naval intelligence, surveillance, and reconnaissance, and processing, exploitation, and dissemination capabilities, as also more Army and Marine Corps. EP-3 signals reconnaissance aircraft have already moved from CENTCOM (Central
Australian Security Magazine | 19
International
Command) to PACOM (Pacific Command). There will be a net increase of one aircraft carrier, seven destroyers, ten Littoral Combat Ships and two submarines in the Pacific in the coming years. America’s military outpost of Guam, the island due south of Japan, is being readied as a strategic hub for the Western Pacific and Marines are being forward-stationed there. A full US Marine task force will also be established by 2016 in Australia, a key Asia-Pacific partner of the US. The US Air Force will shift unmanned and manned reconnaissance aircraft from Afghanistan to the Asia-Pacific, apart from space, cyber and bomber forces. The question remains whether this ‘rebalance’ is aimed towards containing China’s growing economic and military might, or at bolstering American presence in a region of the future. Beijing views Washington’s proposal as an attempt to curb Chinese influence across the region and to embolden countries to brazen out Beijing on the maritime disputes. Is it time for the South-East Asia Treaty Organisation to return? Despite country specific conflicts, the Asia-Pacific region has enjoyed general stability for almost 70 years since World War II. Such stability has led to the convergence of economic and commercial interests in the region. These have driven the creation of such regional groupings like the ten-member Association of South East Asian Nations (ASEAN), founded in 1967, and the 21-member Asia-Pacific Economic Cooperation (APEC) forum, formed in 1989. APEC is undoubtedly the premier forum for American economic engagement with the Asia-Pacific. The Association’s member economies range from the US, Russia, China and Canada to Australia, Japan, Chile and Peru and comprise a market of 2.7 billion consumers that accounts for 44 percent of world trade and 56 percent of global economic output. Six of the US’s ten largest trading partners are in APEC, namely, Canada, China, Japan, Korea, Mexico and Hong Kong. APEC economies purchased $895 billion, or 60 percent, worth of last year’s US merchandise exports. While the Asia-Pacific has been driven by commercial interests, this widening unrest in the sea lanes that are the lifeline of this region is compelling the validity of a military front on the lines of the North Atlantic Treaty Organisation (NATO). Much in the manner in which China’s growing might is being perceived today, the 28-member grouping had been founded in 1949 in response to the threat posed by the then Soviet Union, with its prioritised purpose having been to deter Soviet expansionism. To lay the foundations of overall peace and stability in the Asia-Pacific, a NATO-like security structure would need to be inclusive, having China within its ambit. Though NATO had been engendered by the determination that only a truly transAtlantic security agreement could deter Soviet aggression, an Asia-Pacific defence platform could draw from the Treaty’s element of cooperation in military preparedness among the allied signatories. NATO had codified their interests by stipulating that ‘an armed attack against one or more of them… shall be considered an attack against them all’. It also empowered any of the allies under attack to take ‘such action
20 | Australian Security Magazine
as it deems necessary, including the use of armed force’. The US’s concerted force multiplication in the region betrays an intent to forge some sort of a military front like NATO. A pointer to such an apparatus had been justretired US Deputy Defence Secretary Ashton Carter’s earlier statement; “There is no multilateral organisation like NATO in the region. And in the absence of an overarching security structure, the US military presence has played a pivotal role over those last past 60 years, providing nations with the space and the security necessary to make their own principled choices.” Any such development may not happen soon, but it appears inevitable in light of the rising volatility in the region. A rudiment of a NATO-like platform, called South-East Asia Treaty Organisation, or SEATO, had been set up in 1954. It was, however, more a political, rather than a military, front against the spread of communism. And apart from the Philippines and Thailand, there was little South-East Asian about the rest of its membership that comprised the US, France, Great Britain, New Zealand, Australia and Pakistan. SEATO had no military functions and ultimately pledged to strengthen the living standards in South-East Asia, sponsoring meetings and exhibitions on culture, religion and history, before members gradually withdrew and it was formally disbanded in 1977. The similarities between now and at the time of NATO’s creation cannot be lost. True, the US and China have very high stakes in their relationship, unlike the state of Cold War that had driven Washington and Moscow between the end of World War II and the dissolution of the Soviet Union in 1991. US goods and services trade with China between January and October 2013, totalled $458.5 billion (the US recording a trade deficit of $267 billion). China is also the largest foreign holder of US debt, owning over $1.2 trillion in bills, notes and bonds, according to the US Treasury. The Alliance for American Manufacturing besides indicates that the growing US trade deficit with China has cost more than 2.7 million American jobs between 2001, when China entered the World Trade Organisation (WTO), and 2011. It was the US that had stewarded the coalescence of NATO. Indeed, the Organisation’s consolidated command structure, initially based in France and christened SHAPE - Supreme Headquarters Allied Powers Europe – was first headed by US General Dwight D Eisenhower, with his appointment as the first Supreme Allied Commander Europe, or SACEUR. The Asia-Pacific front’s creation may possibly be spearheaded by Japan, the US or even China. As more countries chase the world’s rapidly depleting resources, territorial disputes will become increasingly inevitable. Though India is not a member of either of the two key trade forums in the region – APEC and ASEAN – Washington is keen on having this Asian giant on board owing to its expansive demographic, economic and political profile in the region. With a lot riding on its economic and security relations with both Washington and Beijing, New Delhi is averse to being partisan in the developments in the region. Many other Asian Governments would be similarly disinclined, but geopolitical compulsions can push countries into decisions they are not comfortable with.
International
India’s gory wildlife trade The greatness of a nation and its moral progress can be judged by the way its animals are treated - Mahatma Gandhi India is at war with its wildlife. Widespread poaching and relentless inroads by settlements, industry and farms are decimating wild animals and their habitats at an alarming pace.
W By Sarosh Bana Correspondent
hile it was previously believed that habitat loss posed the biggest threat to animals in the country, it has now been established that the grave danger is from the illegal trade in the remains of these creatures. Entrenched poaching syndicates are making survival a grim struggle for the richly diversified wildlife in the homeland of Mahatma Gandhi, the apostle of peace who gave the world the doctrine of ahimsa, or non-violence. No less an institution than the Supreme Court, the country’s highest court, has observed that many animals are being driven to the brink of extinction by ruthless sophisticated operators, some of whom have top level patronage. At the same time, however, the State High Court of Madhya Pradesh dismissed a plea by a non-Government organisation (NGO) called Prayatna, seeking an inquiry by the Central Bureau of Investigation (CBI) into the disappearance of all 20 tigers in central India’s Panna Tiger Reserve. Though 19 of the 20 tigers were reportedly slain by poachers, a division bench of the court dismissed the plaint, saying, “The CBI has many better things to do.” Apart from Africa, India is a major hub of clandestine wildlife trade that has been estimated by Interpol at upwards of US$20 billion globally each year. This savagery prevails for a flourishing demand world-wide for animal products, the US
being the biggest market. The problem is serious enough for world leaders from more than 40 nations to have participated in the ‘Illegal Wildlife Trade Conference’ held in London, February 2014, where they collectively pledged to take key actions to stamp out this menace. The conference resulted in ‘The London Declaration’ that contains commitments for practical steps to end this illegal trade, which apart from threatening the survival of entire species, also undermines economic opportunity in developing countries. It prescribes actions that will help eradicate the demand for wildlife products, strengthen law enforcement, and support the development of sustainable livelihoods for communities affected by wildlife crime. Endowed as it is with great biological diversity in its forests, grasslands, deserts, mountains, including the Himalayas, wetlands and marine areas, India harbours as many as 350 (or 7.6 percent) of the world’s 4,629 known mammalian species, 1,224 (or 12.6 percent) of the world’s 9,702 avian species, 408 (or 6.2 percent) of the 6,550 known reptilian species, 197 (or 4.4 percent) of the world’s 4,522 species of amphibians, and 2,546 (or 11.7 percent) of the 21,760 species of fish. The global trade in animal parts holds out enormous
Australian Security Magazine | 21
International
...the tiger, and the national bird, the peacock, too are under siege. Illicit wildlife trade deals most commonly in tiger and leopard parts and skins, elephant tusks, rhino horn, snakeskin, deer antlers, turtle shells, musk pods, bear bile, mongoose hair, and also live birds such as waterbirds, migratory birds, parakeets, mynas and munias, exotic pets and marine species like seahorses, shells and coral. lucre, being next only to drug-running and arms trafficking in its intensity and profitability. It flourishes in the face of national and international laws that prohibit it. Article 48A of India’s Constitution requires the State to protect and improve the environment and safeguard forests and wildlife. Article 51A (g) obliges every citizen to protect and improve the natural environment, including wildlife. Enacted for this constitutional purpose was the Wildlife (Protection) Act of 1972, its Chapters V and V-A prohibiting ‘trade or commerce of wild animals, animal articles or trophies’. Chapter VI makes violation of the provisions of the Act a criminal offence. The country is a signatory to both the UN Convention on International Trade in Endangered Species (CITES) and the UN Convention against Transnational Organised Crime (CTOC). Nothing is sacred The national Indian animal, the tiger, and the national bird, the peacock, too are under siege. Illicit wildlife trade deals most commonly in tiger and leopard parts and skins, elephant tusks, rhino horn, snakeskin, deer antlers, turtle shells, musk pods, bear bile, mongoose hair, and also live birds such as waterbirds, migratory birds, parakeets, mynas and munias, exotic pets and marine species like seahorses, shells and coral. Those that are not traded are eaten; the wide spectrum of birdlife and even jackals, mongoose, porcupine, monitor lizard, antelope and deer are prized for their flesh both by the forestdwelling communities and those with a taste for the exotic. The vigorous wildlife trafficking in India is more for meeting the demand from outside the country, there being relatively little domestic demand for wildlife products. There is a booming cross-border trade as China has always been a huge consumer of wildlife produce. Traditional Chinese medicine is based largely on natural flora and fauna in their various forms. Consumption in that country is also driven by the age-old belief in the aphrodisiacal powers of various animal products, such as tiger penises and rhino horns. Poachers will find support from politicians, conniving forest guards and officials, and local villagers and tribals, who are often good trackers and trappers. A weak criminal case against two villagers accused of killing two 17-month-old tiger cubs led to their acquittal. This was because the forest authorities ‘failed’ to file a charge sheet against the culprits
22 | Australian Security Magazine
within the mandatory 60 days. The duo had poisoned the cubs on the outskirts of the Ranthambhore Tiger Reserve in the desert State of Rajasthan after they had killed their goats. Though killing a tiger is a non-bailable offence, bail may be granted if the charge sheet is not filed within the stipulated time - an easy out. There had been more than 40,000 tigers in India a little over a century ago. Widespread hunting by the erstwhile maharajas and the British colonialists exterminated many of them by the time of Independence in 1947. The first ever all India tiger census conducted in 1972 revealed the survival of only 1,827. Alarmed by the dwindling numbers, the country launched ‘Project Tiger’ in 1973-74 in a concerted effort to salvage the situation. Aimed at conserving tigers in specially constituted reserves, the scheme has seen the establishment of 39 Project Tiger reserves covering a combined area of 32,137 sq km. The effort did help increase the tiger population to around 3,500 in the ‘90s. Subsequent censuses, however, reflected the grim incidence of unbridled poaching and habitat destruction that has once again shrunk the number to 1,706. Of the 447 tigers estimated to have died between 1999 and March 2011, 197 fell to poachers. In a major rebuke to Project Tiger, the two tiger reserves of Sariska, in Rajasthan, and Panna, in Madhya Pradesh, saw their last tigers being wiped out in 2005 and 2008 respectively. At the other end of the spectrum, even the butterfly is not spared. These exquisite insects are laminated onto lampshades even as they are alive, which are then sold clandestinely as home decorations. Cruelty and brutality are part of the work profile of those whose livelihood is from the blood of animals. Undercover agents have witnessed that after snaring many of the animals in traps that can maim and cripple, these culprits often begin to cut the skin and fur while the creatures are still alive and struggling desperately. They stomp on the necks and heads of animals who struggle too hard to allow a clean cut. The bloodied bodies are thrown onto a pile and some are still alive, breathing in ragged gasps and blinking slowly. Hearts of some animals are still beating five to ten minutes after they are skinned. With poaching and trading transcending borders, not all poachers in India are Indians. Many a wildlife trafficking syndicate draws culprits from neighbouring countries like Nepal, Tibet and Bhutan, while Czech poachers too have been arrested. Armed rebel militias both in India and abroad are being increasingly drawn to this trade. The internet facilitates cross-border wildlife trade, with deals struck and orders placed on the web, often in code, and online payments made ostensibly for other products. These criminal rings are well connected, politically powerful and have the financial clout to pull off their trade without being caught. They have the means to cultivate persons in the right places, forge documentation and evade the law as they butcher myriad species to the brink of extinction. Indian poachers are frequently forest-dwelling tribals whose familiarity with their surroundings is exploited by the higher operatives. The Pardhi tribe was officially declared the ‘number one threat’ to wildlife after some of them poached eight lions in the Gir forests of the State of Gujarat in 2007.
International
A little more than 400 Asiatic lions inhabit this 1,412 sq km reserve, which is their only natural habitat. Numerous wildlife offences are registered against Pardhis, who, being traditional hunters, are considered the most skilled of all poachers. Hundreds of tiger deaths have been attributed to these tribesmen over the years and they are active across the country. They poach cruelly. Once they had set four steel-traps in Gir in the afternoon and by evening they had poached three lions. The Pardhis, who have sub-tribes like Bawadiya, Mogia, Chidimar and Bahelia, had been branded a ‘criminal tribe’ in 1871 by the British colonialists for their hunting and poaching activities, but denotified as ‘criminal’ and named a nomadic tribe in 1952. Tribal poachers like the Pardhis are the first link in a wider criminal set-up. They meet the orders placed by a trader from the city who then arranges for the items to be smuggled across the border to his counterpart in another country, and so on ‘til it reaches the end consumer. It is impossible for such a network to sustain itself without vast profits and intelligence management. India’s deadliest poacher doubtlessly has been Sansar Chand, who incidentally is not a Pardhi. The 56-year old felon became involved with wildlife crime in 1974 when, as a 16-year old, he was arrested for possessing 680 skins, including those of tigers and leopards. He and his partners in crime, many of them family members, have as many as 57
cases filed against them, but shoddy investigations, apathy of, or collusion by, officials, and weak laws, have helped him get acquitted in ten cases and often prematurely freed after conviction on technicalities. During the years, Sansar Chand has established a smuggling network that can supply any wildlife product that is sought for. He is estimated to have been responsible for the deaths of more than 250 tigers, 2,000 leopards, 5,000 otters, 20,000 wild cats, and 20,000 wild foxes, apart from the critically endangered snow leopards and clouded leopards. He himself says they are ‘uncountable’ and betrays no remorse, having amassed enormous wealth and properties through his bloodletting. He has vowed to hunt India’s endangered wildlife to extinction in order to subsequently gain a windfall from the inventories and caches of pelts and animal parts he has built up. In India, like in many other countries, the problem is not of laws, but that these may be poorly communicated and just as poorly enforced. Often, efforts to counter wildlife trade are undermined by lack of political will and governance failures. Wildlife trafficking, deforestation, and loss of habitat are no longer localised problems, but global ones. Information is the key to developing an understanding and, with it, the resolve, to counter them. Ultimately, it is demand that sustains this massacre and such demand arises from a lack of understanding of, and sensitivity to, this massacre.
He is estimated to have been responsible for the deaths of more than 250 tigers, 2,000 leopards, 5,000 otters, 20,000 wild cats, and 20,000 wild foxes, apart from the critically endangered snow leopards and clouded leopards.
Australian Security Magazine | 23
Women in Security
Out of the box From shop floor to drive-through liquor stores, Bluann Williams has seen retail from almost every angle. Find out why after more than two decades in security she’s found her match in the pharmaceuticals industry.
D By Adeline Teoh Correspondent
24 | Australian Security Magazine
rugs and money. Each on their own are already targets for theft, but put them together and you have an exponentially higher profile target. With such a large threat, you’d be forgiven for thinking South Australian retail chain National Pharmacies, which operates in South Australia, Victoria and New South Wales, has a platoon to defend it. But when you meet the team, you’ll meet National Security and Loss Prevention Manager, Bluann Williams, and that’ll be the end of introductions: Williams is the team. Williams understandably has a large part to play in the wellbeing of the business. In addition to physical security – locks, keys, codes and CCTV – she is also responsible for loss prevention, training, profit protection, compliance and governance. And let’s not forget she’s on-call 24/7 for emergency incidents, which can range from a late night break-and-enter to a customer taking the wrong medication. You could say she has been in training for this for some time. Starting in retail as a checkout operator, Williams rose to store manager and soon discovered an interest in preventing retail theft. “I found a world of theft and security and prevention and ended up in supermarket retail doing investigations,” she recalls. “When the supermarket branched
out and became a group I started doing department stores.” Despite achieving a Diploma of Risk Management and undertaking numerous other forms of training in investigative services, security operations, training, governance and even accounting, Williams says it was her on-the-job experiences that taught her the most. After department stores she worked in the fuel business, and took other opportunities like liquor drive-throughs. “I pretty much wanted to get experience from every possible angle I could, so supermarkets, department stores, fuel, hotels and pharmaceuticals – which I haven’t left because it has been the most challenging.” Hooked on pharmaceuticals After six years in pharmaceutical retail, Williams has seen a lot, including some well thought out thefts. “There was a group that came in and caused a disturbance within a store in order to take the emphasis off what they were doing. They were setting up stock to come back at a later time [to steal]. The continuation of evidence there was so hard to prove because it was two different days with two different people,” Williams recounts.
Women in Security
But sometimes, she says, it’s the simplest acts that are the most surprising. “You do not expect a customer to walk in, take a handful of stuff and walk out. The simple ones are the biggest challenge.” Despite this, she knows she’ll never see it all. “When I came on board there were processes in place but security is ever evolving and the risks are always changing. Sometimes you just become a target for organised retail crime and suddenly nothing you have in place is effective enough. Just when you think nothing can go wrong, something happens and you need to think outside the box again.” It’s this evolving landscape that keeps her in the security industry, she admits. “No two days are the same. No matter how well you plan your time or how organised you think you are, you can bet something will happen and it will all change. You’re always on your toes and that’s what’s great and challenging about the industry. If you’re bored and you’re experiencing the same problems again and again it means you didn’t fix it the first time.” The side effect of this is that there’s never a sense of closure, never a 100 percent success rate. “You can reduce it, you can change it, but you’ll never stop it,” Williams states. “That can be frustrating, especially when you have a particular offender. They go to the courts, they come out and within an hour of leaving jail they’re offending again. And it drives me bananas.” She’s adamant that society is not hard enough on theft, the missing step being treatment of the cause rather than the symptom. “Offenders are continually offending. We need to get back to the original cause, whether it’s a drug habit or mental illness. They need help, they need an extra step and we just don’t provide that.” Treating risk Because she’s a one-woman team, Williams uses training to help her do her job. A big part of loss prevention is just good old-fashioned customer service, she says. “We don’t like to have our employees do anything in relation to apprehending shoplifters or anything like that, it’s all based around providing exceptional customer service. When you have interaction with people it fixes everything else.” She uses the retailers as her eyes and ears. When there’s an incident, she needs to know as many details as they can summon. “A lot of my role is explaining to the stores what we need them to tell me. I can only work on the information I’m given so once I’m given that information I then risk-analyse it,” she says. Retail presents an interesting environment for risk management. Making things convenient for customers exposes stock to potential thieves, but Williams is wary of being overprotective. “There’s no point locking everything up in cupboards. Although that’s going to stop it from being stolen, a lot of the time if they want it badly enough they’ll break in after hours and cause damage, which is probably more than the product is worth. You need to figure out whether you are willing to accept that as a loss to the business rather than implement something that’s going to cost more than the risk itself. “It’s that tightrope of what you are willing to lose in respect
“Sometimes you hear something and think ‘I don’t know how that could be related to me’ and then because it’s in the front of your mind you notice things,” she says of using techniques in other industries to help her in retail. to what it will cost you. We have budgets in relation to theft and we just have to make sure we sit within those budgets.” Collective intelligence While Williams doesn’t have security colleagues in her department at National Pharmacies, she does share knowledge and war stories with other retailers who meet with a police intelligence group once a month. “Because of the rules of privacy we have to be careful of what we say and how we say it and what we identify, but in general it’s a good monthly meeting on ‘we’re getting hit this way, how are you guys going?’” she explains. “That is a really important thing I do being a one-person department. It gives me an idea of how to move forward.” She also notes that because the security sector in South Australia is small, everyone tends to know everyone else and there’s a lot of networking across the industry. The effect of this is a broad understanding of different issues, some of which are unexpectedly helpful. “Sometimes you hear something and think ‘I don’t know how that could be related to me’ and then because it’s in the front of your mind you notice things,” she says of using techniques in other industries to help her in retail. Being human In addition to looking at retail with her security eye, Williams says she’s also partial to recreational shopping, though spends just as much time examining the behaviour of other shoppers as she does examining products. “A lot of the time I get distracted seeing what customers are doing instead of actually shopping. I am a people-watcher.” The behaviour piece has become something of a hobby, she admits. “I look at Big Brother – a show everyone loves or hates – completely differently to everyone else. I watch the behaviour when they’re faced with a situation rather than listening to them sitting there chatting.” Other hobbies include reading and cooking, with travel wistfully included on the list. “I love to travel but I don’t get that much of an opportunity because I need to be available 24/7 at the moment. It’s really just staying at home and waiting for that phone to ring.” If it sounds like work takes up too much of Williams’ life, don’t be fooled. Her advice to anyone starting out in the industry is to remember that it’s not all about living to work. “I’ve been doing this for 20 plus years now only because I’m passionate about retail theft and the billions of dollars we lose every year globally, but you can’t solve everyone’s problems overnight. Sometimes you need to sleep. Find the happy medium, have a life.”
Australian Security Magazine | 25
Frontline
Dealing with an active shooter situation Columbine, Port Arthur and Mumbai are three places that conjure horrific scenes of people screaming and running for their lives. But these tragic examples of a rogue active shooter opening fire on innocent victims are just three of many. Add to the list Colorado, Sandy Hook, Virginia Tech, Fort Hood, Beslan, Finland, Norway, Nairobi, and Washington. By Paul Johnstone
26 | Australian Security Magazine
I
n a report released by the Advanced Law Enforcement Rapid Response Training (ALERRT) Centre at the Texas State University, five massacre-style shootings occurred per year in the United States between 2000 and 2008. Alarmingly, that number more than tripled to 16 per year between 2009 and 2012. Active shooter situations are predicted to continue to rise creating a huge threat to police and communities. Research shows 40 percent of active shooter attacks are most likely to take place at businesses, 29 percent at schools, 19 percent outdoors, and 12 percent in other places. Active shooters usually use firearms or sub machine guns, often don’t discriminate against their victims, and are extremely unpredictable. For example; Saturday afternoon, 17 August 1991, Wade Frankum walked into a shopping plaza in the Sydney suburb of Strathfield. He sat down at a café, placing
the bag he was carrying next to him. He drank several cups of coffee. Behind him sat two teenage girls. Frankum looked like an average guy. No one could have guessed that concealed in Frankum’s bag was a large hunting knife and Chinese made SKS semi-automatic rifle. At approximately 3.30 pm, and without provocation, Frankum withdrew the large hunting knife, stood up, spun around and repeatedly stabbed one of the two teenage girls sitting behind him. Snatching the SKS semi-automatic weapon, he then opened fire on innocent café patrons. In less than ten minutes, seven people were shot dead and a further six wounded. The nightmare ended just as police arrived. Frankum turned the gun on himself and fired. None of the victims were personally known to Frankum. Scotland, 13 March 1996, Thomas Hamilton walked into a primary school gymnasium in Dunblane. He shot dead 16
Frontline
innocent children and their teacher before killing himself. Tasmania, Australia, 28 April 1996. Martin Bryant entered the popular tourist destination of Port Arthur and opened fire. He massacred 35 people and wounded a further 23 without any apparent provocation or warning. According to the United States Department of Homeland Security, an ‘active shooter’ is an individual actively engaged in killing or attempting to kill people in a confined and other populated area. The Australian-New Zealand Counter-Terrorism Committee describes an ‘active shooter’ as a person armed with a firearm(s) who is actively engaged in killing or attempting to cause serious harm to multiple people in a populated location. Statistically, 94 percent of active shooters are male. They act alone and often have no prior criminal record. They rarely confide in anyone and their cache of weapons is usually compiled legally. Take the case of Major Nidal Hasan, a United States Army Psychiatrist. In 2009, he entered Fort Hood in Texas, opened fire and fatally shot 13 fellow soldiers and civilians. A further 32 people were wounded including an unborn baby. Similarly in Australia, 8 December 1987, Frank Vitkovic walked onto the Melbourne University campus with a sawedoff M1 Carbine machine gun. His intent was to kill a former school friend. Discovering his former friend was not on campus that day, Vitkovic proceeded to the 5th floor. Arriving at the Telecom Employees Credit Co-Operative reception, Vitkovic asked for another former friend to be called to the front counter. Vitkovic withdrew the sawed-off M1 Carbine from his bag, opened fire and shot dead a young female office worker. He then proceeded to the 12th floor where he randomly opened fire before running down to the 11th floor where he indiscriminately shot victims at point blank range. In a desperate bid to bring Vitkovic’s killing spree to an end, three wounded office workers wrestled Vitkovic. After an intense, but brief struggle, they prized Vitkovic’s weapon off him. The terrifying experience ended at 4.27pm when Vitkovic attempted to escape through an open window and fell to his death. At 4.30pm the Victorian Police Special Operations Group (SOG) commenced their search of the building. Half an hour later, at 5pm, police gave the all clear and ambulance officers were permitted to enter the building to attend to the wounded. Research shows active shooter situations only last 10 to 15 minutes. And in most cases, they’re over before law enforcement arrives. Yet, within those frenzied few minutes, an active shooter will continue to kill until he runs out of ammunition, victims, is stopped, or takes his own life. Active shooters are fully committed to their ‘cause’. In their minds a ‘top kill score’ proves their dedication. Three step defence In most cases there is no pattern to victim selection in a shooter scenario, nor is it obvious whether the shooter is motivated by anger, revenge, skewed ideology, or mental illness. July 2012, James Holmes entered a crowded movie theatre in Aurora, Colorado at midnight. Like many of the patrons, he was dressed as one of the characters from the Batman movie, The Dark Knight Rises. Without warning, Holmes threw two
gas canisters into the crowd and started shooting. Surviving patrons reported they initially assumed the gas and gunshot sounds were all part of promotional stunt – until people started dropping dead. For those innocently caught up in an active shooter scenario, every second counts. Every action or reaction is a life or death decision. And unlike first aid, very few people are taught basic survival skills. In an active shooter situation, three basic steps should be followed. Step 1: Evacuate If there is an accessible escape path, attempt to evacuate the premises or area. What to do: • ensure the escape route doesn’t lead to a dead end, locked door, or leave you trapped somewhere the shooter may venture; • evacuate regardless of whether others agree to follow; • leave belongings behind; • where possible, help others to escape, but do not attempt to move the wounded; • warn others not to enter the shooter zone; • call 000 (Australia) or 911 (USA) only when it is safe. Once you’ve evacuated safety, provide the following information to police or emergency operators: • location of the active shooter; • number of shooters, if more than one; • physical description of the shooter(s); • number and type of weapons held by the shooter(s) (eg, pistol, shotgun, rifle); • the number of potential victims at the location. When the police arrive: • remain calm; • obey their instructions (their first job is to classify all as victim or threat); • put down any items in your hands (eg, bags, jackets); • immediately raise your hands and spread fingers; • keep your hands visible at all times; • avoid making quick movements toward officers; • avoid pointing, screaming or yelling; • do not stop to ask officers for help or directions when evacuating, just proceed in the direction from which officers are entering the premises. Step 2: Hide out If a safe evacuation is not possible, find a place to hide. Choose somewhere that: • remains out of the active shooter’s line of sight; • does not trap you or restrict your options for relocating to another position of safety; • provides cover, not just concealment, if shots are fired in your direction. The difference between cover and concealment is widely misunderstood thanks to action movies. Cover will protect from gunfire. Concealment merely hides you from the shooter’s view. In movies, action heroes are seen to take cover behind soft couches and thin table tops. ‘Miraculously’ these items provide protection from high calibre weapons. In reality, you
Australian Security Magazine | 27
Frontline
‘Playing dead’ works best in the movies. In real life, once you ‘play dead’ your options for escape are severely restricted. You’re reliant on the shooter not noticing any signs of life. Even then, there is no guarantee you won’t be shot. might as well hide behind a sheet of cardboard. The best ‘lifesaving’ cover is solid objects like brick walls, large trees, and parked vehicles. It is also very important to ensure the active shooter can’t enter your hiding place. Where possible: • lock or blockade the door using heavy items/furniture; • silence mobile phones (even the vibrate function may give you away); • remain quiet; • move away from windows; • cover windows if safe to do so.
Tactical response today
During the 2008 Mumbai terrorist attacks in India, a waiter at the Taj Mahal Palace heard explosions and shouting. Instinctively, he locked the doors, turned out the lights, and told the 60 plus patrons to keep very still and quiet. Minutes later, an armed terrorist peered into the darkened restaurant from the brightly lit courtyard. Detecting no movement and hearing no sound, the terrorist moved on before his eyes had time to fully adjust to the darkened room.
Police arrive on an active shooter scene with one objective – to stop the shooter as soon as possible. For that reason alone, follow their instructions immediately – especially if you launched a counter attack. In that moment in time, you may be the one holding a weapon. If so, drop the weapon immediately and place your hands clear of your body. Police officers: • will always proceed directly to the area in which the last shots were heard; • may be armed with rifles, shotguns, handguns and ballistic shields; • may arrive in teams of two or various numbers; • may wear regular patrol uniforms or external bulletproof vests, Kevlar helmets or other tactical equipment; • may use OC spray or tear gas to control the situation; • may shout commands; • may push individuals to the ground for their own safety or until individuals have been identified.
Is playing dead an option?
Tactical response history
‘Playing dead’ works best in the movies. In real life, once you ‘play dead’ your options for escape are severely restricted. You’re reliant on the shooter not noticing any signs of life. Even then, there is no guarantee you won’t be shot. In July 2011, Norwegian born Anders Behring Breivik went on a shooting rampage. He shot 77 victims as they were standing, cowering or running away. But he also shot indiscriminately at bodies lying on the ground. In real life, playing dead is not easy – especially if the body’s fear responses have kicked in. Breathing becomes rapid and uncontrollable making it almost impossible to keep the chest from noticeably rising and falling. At the same time, adrenalin courses through the blood stream producing heat. In cold or wet conditions, extra body heat can cause steam to rise or escape out of the mouth or nose. Either way, it’s a ‘dead’ give-away the person is still alive.
April 20, 1999, Columbine High School students, Eric Harris, 18 and Dylan Klebold, 17, systematically killed 12 classmates and a school teacher before wounding another 21 people. The teenage shooters took less than 16 minutes to kill and wound their victims. Yet the responding police took more than three hours to find the teen shooters. The SWAT team was also criticised for being too methodical and slow. Up until Columbine, police departments throughout the world trained their officers to contain the shooting scene and wait for tactical units to arrive. But Columbine marked the need for change. Yet change didn’t come until after the December 2012 Sandy Hook Elementary School massacre in Newtown, United States. The Federal Bureau of Investigation (FBI) formed a team to study active shootings. The study resulted in a training program developed at Texas State University being adopted world-wide. Now first responders isolate, distract and stop active shooters as fast as possible. But it’s not just law enforcement agencies that need training. Just like a fire drill, individuals, employees, employers and organisations need to put an active shooter plan in place.
Step 3: Take action Take action by disrupting, and or incapacitating, the active shooter only when your life is in real and imminent danger. As a last resort: • act furiously and aggressively towards the shooter; • throw items and utilise improvised weapons; • scream at the shooter whilst attacking (this can act to distract while fuelling your own determination and confidence under stress); • commit to your actions and do not stop until the threat is
28 | Australian Security Magazine
over (or you can escape safely); • act to preserve your own life at all times. Arguably, launching a counter attack is very dangerous. Yet, it is no more dangerous than doing nothing. A moving target is much harder to hit than a stationary one. A counter attack from victims is the very last thing a shooter will be expecting. The element of surprise may just create an opportunity to escape, or delay further killings until the police arrive. But there are no guarantees. Victim or perpetrator, one or both may end up severely injured or dead.
Active shooter drill No one knows when or where the next active shooter incident will occur. All that is known is that active shooter incidences
Frontline
are on the rise. Along with fire evacuation plans individuals, employers and organisations should consider an active shooter drill. This would include: • ensuring the facility has at least two evacuation routes; • posting evacuation maps in high visibility areas throughout the facility; • including local police and emergency first responders during emergency training exercises; • encouraging police and emergency first responders, tactical teams, K-9 dog teams, and police and military bomb squads to train for an active shooter scenario at your location. While the safety tips and guidelines in this article are not all inclusive, there are a number of excellent active shooter training programs available. Within Australia, for example, Defensive Measures International and the Australian Institute of Defense, Science and Technology have combined to offer a theory and practical based training program. The course includes training participants to prepare and respond to violent confrontations involving active shooter scenarios. Active shooter attacks in Australia remain a real and persistent threat. Yet, with prior planning, training and an understanding that no one is immune from this potential threat, individuals, employees, employers, organisations and law enforcement agencies can help prevent unnecessary wounding and deaths.
When it comes to active shooter events, it is impossible to predict who, what, when, how and why. Yet, everyone can contribute to keeping their community safe by having an active shooter plan in place. About the Author Paul Johnstone is a former Federal Agent with the Australian Federal Police and a former Soldier with the Australian Army. Johnstone has performed a number of specialist protective security intelligence and counter-terrorism roles during his combined 25 years of service and is a Government accredited Instructor in a number of specialist fields. Johnstone has been formally recognised by the Governments of the United Kingdom, Bosnia and Herzegovina for outstanding police investigations pertaining to complex fraud and war crimes and he has lectured and trained law enforcement, security and military personnel throughout Australia, Peoples Republic of China, Afghanistan and the Pacific Rim. Johnstone is the founder and principal director of Defensive Measures International which is a consultancy firm offering specialist services throughout Australia, Peoples Republic of China, India and the Asia Pacific region. Johnstone is also the Training Manager for the Queensland TAFE Security, Investigations and Law Enforcement Training Centre in Brisbane.
Training for a better future in...
Security at Brisbane Security Training Centre
Our highly respected industry specialists provide Security Operations training and advice to leading security businesses around the state. Let us help you secure the skills you need to become an effective security operator. Call Wide Bay Institute of TAFE’s Brisbane Security Training Centre on 3806 9633 for further information.
1300 656 188
www.widebay.tafe.qld.gov.au 40 - 44 Johnson Road, Browns Plains, Queensland 4118
• • • •
Defensive Tactics Edged Weapons Introduction to Terrorism Private Investigator - Certificate III in Investigative Services (CPP30607) • Certificate IV in Security and Risk Management (CPP40707) • RPL available
Frontline
Unmanned vehicles:
Enhancing security, rescue and natural disaster management capability Last issue we brought you Part I which reviewed the current capability of robotic UGVs. Here follows Part II commencing at looking at the integration of UMVs into current manned maritime security and surveillance operations. By John Cunningham and Dr Pascual Marques
30 | Australian Security Magazine
N
ikola Tesla (1856-1943), inventor of the world’s first practical remote-controlled unmanned vessel, was granted a US patent in 1898 for a ‘Method of and Apparatus for Controlling Mechanism of Moving Vessels or Vehicles’. Tesla first demonstrated this rudimentary unmanned ship at an electrical industry trade show at Madison Square Garden in New York, using a large tank of water and radio for command and control. Nikola Tesla’s 19th century vision is therefore considered the precursor of the 21st century unmanned maritime systems technology. Nonetheless, UMVs remains an emerging technology that faces numerous challenges that must be overcome for such vehicles to become commonplace in commercial and military applications; a particular challenge is the integration of UMVs into manned maritime security and surveillance operations. UMV technology includes surface vessels, underwater submersibles and hybrid systems. These vehicles incorporate fully integrated sensors and payloads required to accomplish different missions. Contrary to the steady development of unmanned aircraft, UMV technology has had a slower progress. However, during the next decade, a significant increase in the application of UMVs is anticipated, where such vehicles will provide enhanced capabilities for commercial and governmental maritime operations. Commercial applications provide services offered by contractors as part of business operations. In contrast, governmental applications are aimed to preserve public safety and security, provide response to different emergencies, and address issues of public and scientific interest. These remotelyoperated vessels and submersibles are particularly desirable for hostile maritime environments that may include high threat regions or areas contaminated by nuclear, biological or chemical agents; in which deploying a crewed vessel is ill-advised. A key challenge for the global introduction of unmanned maritime technology is to coordinate efforts so that maritime operations integrate seamlessly into
current manned maritime procedures and the operations are safe. An important aspect for successful mannedunmanned cooperation is the integration of UMVs into the global maritime communication environment so that the autonomous vehicles use the same communication equipment as manned vessels. Safe operation and traffic control of UMVs requires highly reliable radio communications between the unmanned vessel and the maritime control station, as well as satisfactory sense and avoid capability. The world’s military UMV market is evolving rapidly under the combined impact of changing maritime threats and significant technological advances. Specifically, current research and development (R&D) efforts aim to enhance capabilities in mine counter-measures, anti-submarine warfare, port and harbour security, counter-terrorism, and counter-piracy. The military, in particular, has special interest in the following R&D areas; harbour protection systems, systems integration, regulations for unmanned maritime vessels, modular lightweight minesweeping, and detection and management of buried and drifting mines. Commercial UMVs also offer valuable support in humanitarian applications. Submergible vehicles can review port damage and help identify problems with movement of surface vessels used for transportation of vital equipment, food and medical supplies in areas affected by natural disasters. UAV capability for security and natural disaster management UAV technology provides unparalleled support in diverse public missions such as border surveillance and security, wildlife surveys, military training, weather monitoring, communications relay, law enforcement, environmental monitoring, agriculture aerial mapping and other. The main UAV applications are defence related, in particular Intelligence, Surveillance and Reconnaissance (ISR) patrols.
Frontline
UAVs are also used for Chemical, Biological, Radiological and Nuclear (CBRN) detection, or simply those tasks considered too dangerous or politically challenging for manned aircraft to undertake. UAVs are better suited than manned aircraft for ‘dull, dirty, dangerous’. UAS are preferred over manned aircraft because of the lesser risk of losing human lives and the greater confidence in mission success. In fact, unmanned vehicles have better sustained alertness over humans during dull operations. Typically, ‘dull’ operations require more than 30 or 40 hours of continuous surveillance. Such tasks can be automated, often only requiring human oversight rather than direct and continuous control. Unmanned aircraft are also the ideal choice for operations in ‘dirty’ environments that are hostile to a manned aircraft and its crew; for example, flight into nuclear clouds after bomb detonation. Small unmanned aircraft are used by fire brigades for reconnoitering fires in inaccessible locations or where smoke and flame makes human presence hazardous. ‘Dangerous’ operations typically involve reconnaissance over enemy territory that can result in loss of human lives, thus UAS are preferred. Unmanned aircraft can conveniently replace different dangerous ground tasks, such as convoying of tactical supplies and sweeping for improvised explosive devices. There are high expectations for the growth of the civil and commercial UAV market. Emerging civil applications of UAVs are inspection of terrain and buildings, coast guards duties, border patrols, rescue operations, police work, fisheries protection, pipeline survey, disaster and crisis management, search and rescue, environmental monitoring, and forest fire fighting. Characterised by comparatively silent flight and small dimensions, UAVs cause less disturbance of the scene being surveyed. The unmanned platform usually provides a big picture of the scene instead of visual limited recording from ground level. Commercial UAVs are designed to perform missions at a lower cost and ecological impact than a manned aircraft equivalent. Thus, the desire for endurance in many UAVs demands high aerodynamic and fuel efficiency. Multi-mission diverse-payload vehicle An example of a multi-mission UAV recently introduced into the commercial market is the MA THOR by Marques Aviation. The MA THOR is a high-wing twin-boom inverted-v-tail unmanned aircraft. It is a versatile vehicle used in missions as diverse as remote sensing and mapping, land and maritime border patrol, sea and land search and rescue, long endurance military reconnaissance, surveillance of oil and gas installations, inspection of natural disasters, ecological work, and fire fighting. The vehicle uses a modular fuselage configuration to accommodate a diversity of payloads for different missions; electro optical and infrared cameras, gyro stabilised daylight and low light cameras, laser designator, range finder, miniature aperture radar, radar altimeter, automatic video tracker, nuclear biochemical sensors, meteorological appliances, laser detector tracker pod, and ejectable items such as chaff, leaflets and flares. Additional payloads can be installed in the UAV including mine detection equipment, electronic warfare
systems, SIGINT, and scientific sensors. Larger, more sophisticated payloads can also be carried aboard for day and night, maritime surveillance and search and rescue operations like the FLIR systems, UK Mountain, coastal and firefighting operations often present adverse meteorological conditions and strong winds. However, enhanced aerodynamics and flight stability principles in the MA THOR allow the UAV to complete its assigned surveillance tasks in demanding flight conditions. Homeland security Unmanned observation systems fulfill civilian tasks related to homeland security such as border protection and control, monitoring the coastline, and providing security for large public events. At present, the US Customs and Border Protection (CBP) agency employs six Predator UAS in support of border operations on the southwestern and northern borders of the US. In Europe, the Swiss company RUAG has used a ranger reconnaissance UAV since 2006, to monitor the Swiss border. Border protection involves monitoring a very large area during an extended period of time. For this reason, medium-altitude long-endurance (MALE) UAVs are the most suitable systems as they can remain airborne and operate ten times longer than a manned helicopter. It has been estimated that a single MALE UAV is capable of carrying out long endurance monitoring mission, which would otherwise require ten helicopter missions. The European agency Frontex is responsible for fostering cooperation between EU member states in border security. Frontex recognises the need to relentlessly monitor the southern border of the Schengen area along the northern coasts of the Mediterranean. This is necessary given the unpredictable political climate in North Africa. Recently, United Kingdom police authorities have introduced small and medium-size UAVs in their operations. These unmanned systems replace expensive helicopters, and provide reconnaissance and enhance security at large events, such as the sporting events during the 2012 Olympics. Natural disaster management Natural disasters encompass forest fires, floods, earthquakes and violent storms in which UAVs can help monitor and analyse the situation. UAVs support search and rescue operations when looking for survivors of shipwrecks, aircraft crashes or victims buried in alpine avalanches. Thermal cameras make continued search and rescue activity possible at any time of day or night in snow avalanches. ABC accidents and oil spills are other types of disasters in which unmanned systems are preferable. The UAS Ikhana was used in 2007, for reconnaissance during the large forest fires in California. In forest fire operations, characterised by conditions of poor visibility due to the smoke, the thermal imaging sensors aboard the UAV communicate the exact coordinates of the flames to fire-fighting aircraft to more accurately release fire retardant. In such disastrous events, UAVs have capability to obtain
Australian Security Magazine | 31
Frontline
The unmanned aircraft overflew the damaged areas relentlessly for 14 hours to monitor the situation. Highresolution images transmitted by the Global Hawk made it possible to locate usable takeoff and landing areas of helicopters and relief aircraft.
32 | Australian Security Magazine
images at a higher resolution than those of satellites and therefore, relay useful information for the firefighters in real time. However, the greatest advantages of UAS for support in forest fire operations are their high endurance and the minimal risk to pilots. After the Indian Ocean Tsunami of 2004, the Heron MALE-UAS assisted in locating victims buried in rubble. In 2008, the West Midlands Fire Service (WMFS) in the UK employed the Incident Support Imaging System (ISiS) to observe a fire at a university. The ISiS, which uses a German md4-200 UAV, provided the firefighters with thermal imagery of the development of the fire on the roof of the building, thus minimising the risk to the firefighters. High endurance is also an important asset during flooding events. UAS can continuously gather information about the evolution of the flooding as it evolves, during the day and at night. Flyover inspections of dikes can be conducted at regular intervals and critical points. The ability to quickly provide information about the scene is essential in catastrophe management, so that the population can be warned early and evacuated. Following the devastating earthquake in Haiti in 2010, a Global Hawk was assigned its first disaster relief missions in the Caribbean. The unmanned aircraft overflew the damaged areas relentlessly for 14 hours to monitor the situation. High-resolution images transmitted by the Global Hawk made it possible to locate usable takeoff and landing areas of helicopters and relief aircraft. The Fukushima Daiichi nuclear power plant suffered substantial damage following the earthquake and tsunami in Japan in 2011. A high-altitude long-endurance (HALE) UAV glided over the power plant to take pictures of the building using high-resolution infrared sensors. The HALE vehicle showed disaster response teams that overheating was occurring inside the nuclear station. Later the vertical-takeoff-andlanding (VTOL) UAV RQ-16 T-Hawk was deployed at the reactor site to relay real-time images of the damaged facility. During search and rescue missions in maritime accidents on the open ocean, medium and high-altitude UAVs with high endurance and capability to monitor large areas are decisive. Therefore, UAS represent an important support tool for natural disaster management due to their instant availability, autonomy and endurance. In summary, ARGUS Robotics (USA) addresses the ever-increasing need to improve security methods that prevent IEDs, car bombs, and nuclear/biological/chemical devices being used against military personnel and civilian targets. The highly-adaptable multi-mission UGVs designed by ARGUS Robotics support a wide range of uses such as generator power, lights, security sensors, camera systems, and debris removal during severe natural disasters such as earthquakes, hurricanes, and tsunamis. The fully robotic ARGUS UGVs also assist humanitarian demining work. A dual set of controls, manual and robotic, provides support for wounded soldiers, whereby amputee soldiers can control the vehicle’s function from their wheelchair. Contrary to the steady development of unmanned aircraft, UMS technology has experienced a slower progress. However, a significant increase in the application of
UMSs is anticipated during the next decade. These surface and submersible maritime vehicles provide enhanced capabilities for commercial and governmental maritime operations. Governmental applications aim to preserve public safety and security, and provide response to different emergencies. Remotely-operated vessels are particularly desirable for hostile maritime environments, or areas contaminated by nuclear, biological or chemical agents; in which deploying a crewed vessel is ill-advised. A key challenge for the global introduction of unmanned maritime technology is the integration of UMSs into current manned maritime procedures so that the operations are safe. UAVs also give support in a large variety of Government and civilian missions, such as border surveillance and security, weather monitoring, communications relay, law enforcement, environmental monitoring, aerial mapping, firefighting, and others. UAVs have typically been assigned the ‘dull, dirty, dangerous’ missions in order to minimise human exposure to hazards. An example of a multi-mission UAV recently introduced into the commercial market is the MA THOR by Marques Aviation. About the Authors John Cunningham is the Owner and Founder of Area Reconnaissance Ground and Urban Support Robotics (ARGUS), USA. John received his BS degree from West Virginia University in Mining Engineering and MS Degree from Marshall University in Technology Management-Manufacturing. For 24 years John oversaw design and manufacturing of thousands of wheeled and tracked commercial construction vehicles for domestic and international markets. The US Department of Defense approached John requesting commercial vehicles to be made in both manual and robotic functions for anti-IED efforts. Such vehicles were quickly made and exceeded all key point parameters. From this request a series of vehicles have been designed on a common platform to meet a wide range of security and humanitarian needs around the world. Dr Pascual Marqués is the Owner and Executive Director at Marques Aviation Ltd (UK) and the International Director (United Kingdom) of Unmanned Vehicle University. Dr Marqués is an expert in Aerodynamics and Flight Stability. At Marques Aviation Ltd he oversees the design and manufacture of novel fixed-wing and rotor unmanned aircraft developed by the company. Dr Marqués acts as the Chair for the World Congress on Unmanned Systems Engineering (WCUSEng) and the International Aerospace Engineering Conference (IAEC). He is also the Editor-inChief of the International Journal of Unmanned Systems Engineering (IJUSEng). Dr Marqués regularly lectures in Aerodynamics and Numerical Analysis at Unmanned Vehicle University where he is a member of Faculty.
Cyber Security
The implications for cyber security in a post-Snowden world Lindsay Banffy, Social Media and Communications Officer for CeBIT Australia, talks with Alastair MacGibbon, Director for the Centre for Internet Safety at the University of Canberra. By Lindsay Banffy
Alastair MacGibbon, Director for the Centre for Internet Safety at the University of Canberra
I
s there a silver lining to whistleblower Edward Snowden’s revelations about the wayward intelligence gathering and surveillance of the United States National Security Agency (NSA) post 9/11? Snowden has been publically criticised for stealing more than 1.5 million classified documents, detailing the US Government’s program ‘PRISM’ which allows access to user data on Google, Facebook, Apple and company servers. The move has also been described by The Pentagon Papers as ‘the most significant leak in US history’. But Alastair MacGibbon, Director for the Centre for Internet Safety at the University of Canberra, says some good can come of all this. “Snowdon is a gift for improving security for us all.” MacGibbon argues that from a ‘pro-Government, security and intelligence’ perspective the disclosures have prompted a necessary debate about national security, surveillance and the privacy of individuals. It’s no secret that Governments have been gathering intelligence on one another for years, but MacGibbon believes Snowden’s revelations forces us to look at the link between legitimate law enforcement, a corporation’s access to information and new ways to protect citizen’s rights to privacy. A debate he says Australians haven’t been able to have since September 11 (2001) which will benefit us all. Most importantly, in the face of damaging loss of sales, US software and hardware manufacturers have reacted quickly to implications they – wittingly and unwittingly – allowed the NSA to gain access to sensitive electronic personal information.They have lobbied the US Government to examine their intelligence gathering (a healthy debate for robust democracies to have), but in addition have unilaterally announced significant upgrades in the security of their own
business practices to make it harder for the US Government, indeed any Government, to gain access to information on their networks. They have spoken openly about improving encryption levels on data flowing between their datacentres, and of data at rest. They have commenced large scale code reviews, searching for vulnerabilities, they have offered to work with other Governments to help strengthen their overall cyber security. MacGibbon says these efforts will improve the privacy of all Internet users, not just against wholesale eavesdropping by Governments, but also exploitation by cyber criminals. Important too, as part of this post-Snowden world, is for discussion to focus on when Governments do legitimately gain access to information, like for crime fighting purposes. MacGibbons explains, “If you create a legitimate front door for Government agencies to gain access to data they need, they’ll use it, but if we fail to provide a front door then they’ll find a back door. What Snowden brought to the table acts as a jumpstart for a lot of these discussions at a societal level.” MacGibbons further says he’d like to see a discussion about data sovereignty where nations agree to respect certain classes of data as they move globally, like a law of the sea in cyber space. It may seem fanciful now, but so too may have such conventions when piracy was at its peak and international trade was less regulated. Alastair MacGibbon will be a keynote speaker at CeBIT Australia 2014’s Cyber Security Conference and Workshop, 5-7 May 2014, at Sydney Olympic Park. For more information and to reserve your tickets for Australia’s largest business technology event visit: http://www.cebit.com.au/
Australian Security Magazine | 33
Cyber Security
Fighting fire with firewalls Designed to fight today’s cyber attacks and defend against the threats of tomorrow, next generation firewalls promise to evolve with the threats while providing users with the functionality they need to get on with their work. But are they all they’re cracked up to be?
I By Adeline Teoh Correspondent
n the beginning, computer firewalls were designed to mimic their physical counterparts. If there was a fire in a building, a firewall would help contain the blaze; if there were a cyber attack, a computer firewall would quarantine the attack while the software sorted it out. Enter the pyromaniac. If someone with ill intent decided to burn down your building, they wouldn’t just start a spot fire in a bin. By using fuel so the blaze spreads to every part of the office – and quickly – the attacker would render the firewalls close to useless. Cyber attackers are like the pyromaniacs of the tech world. The problem is, while it’s easy to justify apprehending someone when they’re carrying a box of matches and a jerry can of petrol onto the premises, it’s much more difficult to figure out if a seemingly benign stranger – perhaps an attacker disguised as an acquaintance or business associate – is plotting an attack. Cyber attackers are a lot wilier these days and the attacks are no longer scattergun. Attackers target organisations and you won’t know who started the blaze or when someone started secreting fuel into the building, until the forensic investigation after the damage has already been done. What do you do? Do you turn away all non-employees from the business, even if they might be legitimate customers? Or do you install a better surveillance system to detect possible threats? If this all sounds a little bleak, spare a thought for the people who develop the software to protect you from these threats. Faced with the task of defending against a faceless enemy, one that is both plural and shapeshifting in nature, you’d forgive them for putting it all in the too-hard basket. Instead, they’ve created a firewall that’s more like a membrane than a wall, and has all the characteristics of a body learning to fight different diseases. What is a next generation firewall? A next generation firewall (NGFW) is a technical term that covers any application firewall that can perform deep
34 | Australian Security Magazine
inspection of traffic and has the ability to contextualise data. What this means in real-world terms is that it can identify not only what website you’re going to, but also what you’re doing there, the applications you’re using, and what information you may be sending or receiving. Old firewalls aren’t like that, explains Linda Hui, Hong Kong and Taiwan Managing Director of F5 Networks, a multinational traffic management software company. “Traditionally, firewalls just see packets and open the wall for them to go through, but they don’t have a deep inspection of a lot of applications. Next generation firewalls are application orientated and application aware. They don’t just know the traffic is web traffic but they understand https, encrypted web traffic, and go one step further in understanding the web applications associated with this traffic.” The rise in cloud computing, particularly software as a service, has triggered a change in the kind of firewall needed to safeguard a business. The problem with using old firewalls in today’s business world is that they’re too easily circumvented, as much by employees who seek convenience as cyber criminals. “A firewall became a Swiss cheese device. Everything was completely open and the solution was to close it. But the majority of the traffic goes through email or is web based and you can’t close that,” says Sean Duca, Chief Technology Officer at McAfee Asia-Pacific. “We need to control what people are doing when they connect. You can block what you think is bad and have a policy on what is acceptable use for the organisation and people will try to find a way around it, but at least you have the ability to see what’s happening.” Late in 2013, McAfee sponsored research on the behaviour of employees in relation to security policies and found that more than 80 percent of employees surveyed used nonapproved software as a service (SaaS) applications. Microsoft Office365 was the most popular, alongside social networking platforms LinkedIn and Facebook.
Cyber Security
The outsiders Nir Zuk is the Chief Technology Officer and Founder of Palo Alto Networks. Zuk says enterprises and their employees are now using networks and the web differently to how they used to when traditional firewalls were developed. “[Without a NGFW] if the business wants to use web applications, the most common thing is to say ‘no, you can’t use it because we cannot secure it’. The other option is to stick your head in the ground and check the emails but ignore the web applications,” he says. “All these applications carry the same risks that email carries and they can be dangerous. Block the things that you don’t need but for those things you do want to use, enable them. If the user is on Office365, only allow specific users or only allow them to share specific file types. This is what we mean by safe application enablement.” The reason firewalls need this ability to contextualise data is the changing nature of the attacks. Once upon a time, attacks were widespread and the goal of the attacker was to infiltrate and exploit as many devices as possible, as quickly as possible. Today, attacks are more like snipers than scatterguns. “They’re spending a lot of money on researching vulnerabilities so all the tools that we developed over the years that assumed attacks would be widespread just don’t work anymore,” says Zuk. Advanced persistent threats involve user baiting and social engineering techniques to persuade an employee to establish a link with the bad guys. It won’t be a blatant executable file, it may be something as innocuous as a document or PDF with malware embedded in it. Although the attacker can then establish a link pretty quickly – Zuk says ten seconds after you inadvertently launch the malware – the real value for the bad guys is being able to do things to your data over a long period. In some cases, organisations don’t even know they’ve leaked data long after the fact. The possibilities are frightening. Zuk comments that attackers can explore your data, change your data, erase your data, lock your data – they can do whatever they want. The stealing of the data can take months, that’s why they’re called advanced persistent threats. Keeping it in “There are two layers of a next generation firewall, safeguarding traffic from the outside coming in and from people working in the corporate environment sending traffic out. The second case is usually why people want next generation firewalls,” Hui maintains. It stands to reason that this is the clincher. Even if an organisation could stop all attacks from entering the network, data could still escape by accidental or deliberate means from the inside out. And it also means that even if an attacker is successful at establishing a link with your system, being able to see what data is on the move is helpful to minimise the damage. For as long as the world-wide-web has been a part of business, employees have been finding ways around firewalls for perfectly legitimate work reasons. Back in the day it used to be employees emailing work to their Hotmail address so
they could finish it at home. Now, web applications make it even easier for people to connect to the network from anywhere – the aim of telecommuting and mobility functions – with the dark side being that it makes organisations more vulnerable to attacks and data leaks. Duca gives the example of using a cloud storage services like Dropbox. Many employees simply seek easy-to-use cloud storage, even though it may contravene some security policies about letting data leave the organisation. “If you don’t have a next generation firewall solution that understands the applications being used, you’re never going to see what that user’s really doing. You’ll see them connect to Dropbox.com but that’s it,” he says. “A next generation firewall will provide some content information as to what’s going through so you get extra visibility. From there you can provide the balancing act between what the user wants and what the business needs.” It can also help control employee behaviour. Many businesses now recognise the value of social media, but there are often some downsides. An organisation might, for example, let its employees visit Facebook, says Duca. “But I don’t want people to use Facebook Chat or the games, so having application granularity means I can let people go to Facebook but have control over what they do.”
About 15 percent of surveyed users experienced a liability, access, or security event while using software as a service. — The Hidden Truth Behind Shadow IT conducted by Stratecast and Frost & Sullivan for McAfee (November 2013)
The next generation question The main advantage of an NGFW is its adaptability. If you had to add a layer or a device to meet every new threat, you’d never get any business done. Zuk says Palo Alto Networks detects around 30,000 new pieces of malware every week through a technique called sandboxing, where developers allow a computer or network in a controlled environment to get infected in order to examine the threat. It’s a bit like medical researchers examining a disease in a laboratory. The disease analogy is an apt one. A traditional firewall works just like protective clothing; essential to prevent you from getting infected but if you wear too many layers it will stifle your work. “You don’t want three to four layers of firewalls, it will delay the speed of loading,” says Hui. An NGFW is like inoculation; it teaches the system to recognise threats and gives it a template on how to treat them. And just like a body fighting a disease, an NGFW will adapt and learn. But upgrading from a traditional to next generation firewall is not as simple as defining this advantage. Vendors still need to deal with an organisation’s old policies, which is a political issue rather than a technical one, says Hui. “People have their own standards and it’s difficult to accept another vendor, especially in the finance industry.” According to Hui, the NGFW market only comprises a single digit market share of all firewall products, which means organisations have a long way to go if they want the protection and performance of the next generation. Duca says part of the issue is quantifying the return on investment of an NGFW, particularly as the threats evolve. “Cyber criminals have all the time in the world to poke and prod and we have to spin all the plates at the same time and work within company budgets. There are a lot of basic features to meet today’s threats, but it’s also good to think about how we protect them from the threats of tomorrow.”
Linda Hui, Hong Kong and Taiwan Managing Director of F5 Networks
Sean Duca, Chief Technology Officer at McAfee Asia-Pacific
Nir Zuk, Chief Technology Officer and Founder of Palo Alto Networks
Australian Security Magazine | 35
Cyber Security
Why we need to say goodbye to passwords and PINS Passwords and PINs are now more vulnerable than ever. Proving this point has been a number of high profile security breaches including Twitter, LinkedIn and most notably Adobe; where 150 million passwords and user details were compromised . By Michael Steinmann
W
hile these breaches highlight the vulnerability of the traditional password and PIN, they also show that knowledge based authentication is becoming antiquated in today’s world of connected smart devices and even smarter hackers. On the other hand, voice biometric solutions have consistently reduced exposure to fraud and have been hailed as the future of the password. To further enforce this point, the following outlines how voice biometric solutions eliminate several security weaknesses associated with PINs and passwords, while demonstrating how voice biometric solutions can mitigate such threats.
The ways PINs and passwords are compromised Brute force attack The four digit PIN is one of the weakest security credentials, due to the ease in which a malicious user can compromise a system without the need to possess any technical knowledge, or any knowledge of the legitimate account holder. The vulnerabilities of PINs were revealed by a 2012 DataGenetics study which showed that 10.7 percent of four digit PINs are ‘1234’. This means a fraudster would only need to conduct an average of ten attempts to compromise an account. Additionally, as revealed by the Adobe breach, passwords don’t perform much better, with the top five user passwords including ‘123456’ or ‘password’ . Although organisations can block the most commonly used PINs and passwords, the DataGenetics study also revealed that beyond sequential numbers and repeating numbers, people tend to select PINs where the numbers form patterns on keyboard, or where the number represents a date that is significant to the caller. This PIN selection
36 | Australian Security Magazine
behaviour by legitimate account holders render brute force attacks quite effective. Compromising the database A PIN or password, like any other knowledge factor used for authentication, is stored in a database. If the database is compromised, a malicious user has unlimited access to accounts. Although properly designed systems have numerous security measures in place, there are many documented cases of breaches occurring. Some cases involve hackers finding ways to bypass the security measures. Other cases involve employee error, for example, an erroneous transfer of PIN credentials through email. No matter how the PINs or passwords are compromised, once in the hands of a malicious individual, the potential for large scale financial losses are enormous. Phishing Phishing is an ever-increasing technique that malicious individuals undertake to compromise credentials, such as PINs and passwords via email and social media. Industry statistics indicates that a mass phishing attack yields a five percent data collection success rate, meaning that if 100 emails are sent to collect PINs, a hacker will on average collect five valid PINs. However, if the malicious individual conducts a spear-phishing attack, the success rate can reach 19 percent. As such, phishing attacks are one of the preferred choices by malicious individuals to compromise systems that are protected by PINs and passwords. Internet search Call centres typically use a series of knowledge questions to verify a caller’s identity. If the caller answers the questions correctly, the agent considers the caller’s identity validated and any transactions can then take place. However, many
Cyber Security
of the answers to the security questions asked by call centre agents can be easily found on the internet. A moderately sophisticated hacker can find the answers to the majority of security questions by accessing social media sites such as Facebook and LinkedIn. Collecting this basic information about an individual online makes the task of guessing answers to security questions easy, as was shown by a study at Carnegie Mellon University in 2009. It demonstrated that typically used security questions are vulnerable, in some cases they can be guessed with 48 percent accuracy. Social engineering This is specific to call centres where customer service agents are instructed to minimise average hold time (AHT) and deliver a positive customer experience to callers. Fraud prevention for most agents is not their number one priority, creating opportunities for fraudsters to compromise an account. According to a study conducted by Global Reviews in 2011, about 67 percent of social engineering attempts at Australian bank call centres were successful. However, organisations that have required agents to comply with stringent security procedures have seen disastrous impacts on customer care. In fact, one financial institution reported that more than 20 percent of legitimate callers were unable to receive service. As such, organisations tend to minimise inconvenience to the caller by reducing security processes. However, this creates an important security vulnerability that fraudsters leverage at an ever increasing frequency.
Why voice biometrics is the future of security. A compromised voiceprint is unusable for account access A voiceprint is a hashed string of numbers and characters that represent how a specific individual’s voice rates on the myriad of characteristics being measured. As such, a compromised voiceprint has no value to a hacker. It cannot be used to authenticate to a system. Neither can it be used to reverse engineer someone’s voice. This inherent characteristic of voice biometrics provides a fundamental security benefit over any knowledge based authentication method. Voice biometrics is not vulnerable to such a large scale attack. This limits fraudsters to attempting to compromise individual accounts. This security benefit of voice biometrics dramatically reduces the fraud risk that an organisation faces. Proactive detection of known fraudsters Each time a fraudster speaks within an IVR or to a call centre agent, the fraudster leaves his/her voiceprint in the same way that our fingers leave fingerprints when we touch an object. This enables an organisation to create and store voiceprints of known fraudsters. Each call that reaches the IVR or call centre can be proactively verified against this fraudster database. When fraudsters are identified, they can then be denied access to prevent fraud from occurring. However, even in cases where fraudsters are successful, the voiceprint left at the crime scene can be used to identify and prosecute the criminal. This serves as a powerful deterrent to fraudsters, and leads to displacing fraudster activity to
organisations that have less effective security measures such as PINs and agent handled security questions. A voice is unique to the individual A person’s voice is unique, much like a person’s fingerprint, iris or face. There are more than 100 voice characteristics that can be measured to determine who you are, based on your voice. To identify a person using voice biometrics, a person’s voice needs to be captured. This makes voice biometrics fundamentally different from knowledge based credentials, such as PINs and security questions. Someone cannot guess your voice, whereas someone can guess your PIN or answers to security questions. For the most part, a person’s voice is not readily available on the internet, unlike the answers to security questions such as a person’s mother’s maiden name. Although a recording of someone’s voice can be captured by a malicious user, the voice is inherently static. Voice biometric systems can be dynamic, meaning they can be used to assess a person’s identity during live conversations or by asking a caller to speak a random phrase. And security is only the beginning Enhanced security is not the only benefit of voice biometrics – it also improves customer service. With voice biometrics, customers no longer need to answer intrusive security questions or remember passwords in order to verify their identity. Additionally, with the ability to easily and efficiently verify a customer, businesses can create personalised experiences through the call centre, mobile apps and even the customer’s own personal devices. The possibilities for organisations are enormous, especially considering the ease of which voice biometrics can be deployed. Think about it, we all carry the one necessary device required to implement voice biometrics – our mobile phone. Voice biometrics is innovating customer service and with it, businesses will be able to create safe and secure experiences that improve customer satisfaction. And with the reign of the password and knowledge-based authentication slowly coming to an end, voice biometrics now offers an effective alternative built for the new era of connected devices. About the Author Michael Steinmann has been Director, Regional Technology at Nuance Communications since 2007. His focus is on assisting the region’s largest and most strategic customers achieve a detailed understanding of the Nuance portfolio of technologies and how these technologies integrate and can be utilised within their own business environments. Prior to joining Nuance, Michael worked at Telstra for five years, his last role being General Manager of the Call Centre technologies engineering group. There, he successfully managed the introduction of multiple internal and external call centre projects that included technologies such as CTI, IVR, CRM and VoIP. Prior to his work at Telstra, Michael held senior technology positions worldwide at Genesys, Informix, Ingres, Sun and, most notably, at AT&T where he was instrumental in helping build and deploy the world’s largest data warehouse.
Australian Security Magazine | 37
Cyber Security
An introduction to block cipher cryptanalysis Block cipher assures confidentiality by encrypting confidential messages into unintelligible form. During the design of a block cipher, its security against cryptanalysis must be taken into consideration. The past shows that a cipher designed without taking this into account, will often lead to flaws and attacks by others. Although block cipher cryptanalysis is a fast changing area, the problem is there are no standard texts on block cipher cryptanalysis. By Milica Djekic
38 | Australian Security Magazine
I
t is generally assumed that the era of modern cryptology started in 1949, when Claude Shannon transformed cryptography from an art to a science. That year Shannon published a paper titled ‘Communication theory of secrecy systems’. As cryptology progressed and continued with its development, most of the major innovations in the field, date from the past 30 years. This productive period was initiated by two important developments introduced by Diffie and Hellman. They proposed ways to insure the privacy of data sent over an insecure channel, without the need for a separate secure channel to exchange secret keys. The other development had a more immediate impact on the industry. Realising that the increasing use of electronic data would entail security risks, the US National Bureau of Standards (NBS), decided in 1973, to run an open call
for encryption primitives. Shortly after that, a block cipher LUCIFER designed by IBM in 1971, appeared. After a year of collaboration between IBM and the NSA, LUCIFER was turned into the Data Encryption Standard (DES). Despite the criticisms, the standard would soon be widely used, both in governmental and private sectors. As the number of applications using this algorithm increased, the search for weaknesses by cryptographers could not stop. Still, exhaustive key search recognised as a serious threat from the start remains the most efficient attack. Symmetric versus asymmetric encryption Before the 1970s, it was intuitively assumed that the encryption function had to be secret. First of all, if the
Cyber Security
adversary was given, it would suffice to reverse this transformation for recovering. Later, Diffie and Hellman realised that the secrecy of the encryption function was not necessary. This indicates that one could construct so-called trapdoor one-way functions. These functions can be easily evaluated. They cannot be efficiently inverted, unless some extra information is provided. Examples of trapdoor one-way functions allowed the development of practical public key encryption algorithms. The public key cryptography has a huge advantage. For instance, a receiver does not need to exchange any secret information with a sender before it can start encrypting. On the other hand, schemes which are based on the secrecy of their encryption function play a vital role in practical applications. The reason is that implementations of secret key or symmetric encryption algorithms are orders of magnitude. In principle, this is more efficient than their public key or asymmetric counterparts. Stream ciphers and block ciphers As it is known, symmetric encryption algorithms are traditionally divided into two categories; stream ciphers and block ciphers. In general, a block cipher divides the plaintext into separate blocks of fixed size and encrypts each of them independently using the same key-dependent transformation. On the other hand, a stream cipher takes as input a continuous stream of plaintext and encrypts it according to an internal state which evolves during the process. These definitions draw a clear theoretical distinction between stream ciphers and block ciphers. However, the situation is a bit more different in practice. In case of a block cipher, the output of the key-dependent transformation for a certain plaintext block is typically kept in memory and used as a parameter when encrypting the next block. This approach is commonly called block encryption. But, strictly speaking, it is a stream cipher. Basically, such constructions differ seriously from conventional stream ciphers. Moreover, the secret key of a stream cipher is typically used to initialise the internal state. Surprisingly, the two branches in symmetric cryptology have evolved in rather different circumstances. Block ciphers owe much of their popularity to a few successful designs such as DES and AES. These algorithms are standardised, freely available, and can be used in many different applications. On contrary, the most used stream ciphers are proprietary designs such as RC4 and A5/1. The majority of these algorithms were kept secret until they eventually leaked out. This explains why stream ciphers receive less attention from the scientific community than block ciphers. Block cipher cryptanalysis At the beginning, a cryptanalysis is the branch in cryptology which studies how cryptographic algorithms can be broken. This is an essential stage in the development of secure algorithms. In order to design a strong cipher, the cryptographer has to understand where the potential weaknesses are. For that reason, we provide a brief review of typical attack scenarios.
Attack scenarios In the case of block ciphers, the aim of the adversary is recovering unknown parts of the plaintext or recovering entire secret key. Attack scenarios can be distinguished depending on what information attacker can obtain, and to what extent it can interfere in the communication between sender and receiver. 1) Ciphertext-Only Attack: This type of attack only assumes that the adversary is capable of capturing encrypted blocks. In such a case, block ciphers succumbing to cipher-text-only attacks are considered to be very weak. 2) Known-Plaintext Attack: A known-plaintext attack requires attacker having access to the plaintext corresponding to the captured ciphertext blocks. A good example of this scenario is an online payment on the Internet. 3) Chosen-Plaintext Attack: Some attacks only succeed when the plaintexts have a specific form. In order to accomplish such attacks, adversary must find a way to influence the encrypted plaintexts. A practical example is a secure connection between a sender and its mail server. 4) Chosen-Ciphertext Attack: This attack requires the attacker to have control over the ciphertexts sent to receiver and to be capable of monitoring how they are decrypted. Such attacks will not work if the receiver has a means to check the integrity of the ciphertexts. 5) Adaptively Chosen-Plaintext/Ciphertext Attack: In order to organise one of the attacks mentioned above, an attacker will typically need to obtain the encryptions or decryptions of a whole series of chosen blocks. When the selection of a given block depends on the results obtained from previous blocks, the attack is called adaptive. In essence, we believe a good understanding of modern attack scenarios is crucial for getting basic directions in block cipher cryptanalysis. Conclusion During the last two decades, the field of block cipher cryptanalysis has experienced many exciting developments and changes. Some of them have been discussed in this article, but a lot of them have not. However, the selection of techniques described here should provide you with a good sense of the general approaches used in today’s block cipher cryptanalysis. About the Author Milica Djekic is an Online Marketing Coordinator at Dejan SEO, currently based in Novi Sad, Serbia. Djekic has a Master of Science degree in Control Engineering from Faculty of Mechanical Engineering, University of Belgrade, Serbia (2006). Djekic’s fields of interests are control systems, wireless technologies, cyber security, cryptography, speed enforcement systems, etc. In her spare time, Djekic enjoys reading, researching and writing.
Australian Security Magazine | 39
Cyber Security
Victim in the dark Much ink has been expended on the topic of cyber security and how best to prevent attackers from intruding an organisation’s network. The recent Cisco Annual Security Threat Report 2014, revealed, however, that 100 percent of corporate networks studied showed signs of malicious traffic connecting to the outside world. By Ammar Hindi
40 | Australian Security Magazine
T
hat one cold, hard statistic reveals what we have all known in security for sometime – the reality has changed and it is no longer a question of if you get compromised, but when and for how long. Asia Pacific is now at the centre of the war against cyber security, with recent reports indicating a growing percentage of attacks originating from the region and gradually penetrating the global markets. With the burgeoning presence of global financial markets here, as well as the dramatic increase in mobile penetration rates, there is certainly much at stake. The even colder reality for today’s Chief Security Officer (CSO) is the possibility that their network has already been compromised, and that cyber attackers are well entrenched and well hidden. Today’s cyber criminals are professionals and well resourced. They do not discriminate and will use every weapon at their disposal to accomplish their mission. Unlike the script kiddies of before, or activists from today, they are discreet. They will invest time and energy in finding a crack in the defence system and from that beachhead, spread out surreptitiously across the corporate network. The problem for the CSO today is that everything is connected. Mobile devices, software as a service, virtualisation and cloud computing are necessities as organisations look to ways to enhance productivity, save costs and speed
deployment. While the adoption of new IT solutions in these areas represents a major business opportunity and can drive innovation and growth, they are also introducing new threats and challenges for organisations. Hence, cyber criminals are presented with the option of intruding a network through an employee’s personal iPad, or the SCADA control system, or even a third party supplier’s network. The trouble is that most security tools deployed today, do not provide adequate visibility to factor in dynamic network topology, behaviour and traffic, into security policy definition and enforcement decisions. Furthermore, while firewalls and Antivirus software are essential to stop the broad-based attacks, these tools are not sufficient to eradicate the attack. Consequently the advanced malware and threats most businesses face will find a way through the network. More than protecting the boundaries of the network, the CSO needs to have the ability to continually monitor the organisation’s network and spot abnormal activities, applications or software operating in an unexpected fashion. Only by addressing the complete attack continuum – before, during and after, will the CSO have the chance to spot and deal with vulnerabilities or attacks before too much damage is done. One striking inference from many of the recent high profile attacks on some of the world’s biggest businesses is
Cyber Security
The 2013 Verizon Data Breach Investigations Report, highlighted that 66 percent of organisations failed to identify breaches for months or years after the initial compromise. Clearly, cyber criminals are in it for the long-haul. the length of these attacks and how much data has been lost in the process. Stealing millions of identities takes time and indicates that the security teams in those businesses were probably unable to spot the data being extracted from their networks and shut it down before its ramifications were felt upon the business and its reputation. The 2013 Verizon Data Breach Investigations Report, highlighted that 66 percent of organisations failed to identify breaches for months or years after the initial compromise. Clearly, cyber criminals are in it for the long-haul. However, if the Cisco report is indeed right and every business has been compromised in some way, there is evidently a need for security professionals to alter their mindsets. Security and networks need to be monitored on the assumption that the bad guys will get in – or better yet, based on the notion that they have already penetrated the network. But all is not lost. Outlined below, are five tips to help businesses be better prepared for cyber attacks: 1. Adopt a threat-centric approach to security: Attackers don’t discriminate and will take advantage of any gap in protection to reach their end goal. Rather than relying on disparate ‘silver bullet’ technologies that don’t – and can’t – work together, businesses need solutions that address the extended network. This means protecting endpoints, mobile and virtual environments and sharing intelligence in a continuous fashion that spans the full attack continuum – before, during and after an attack. Look for technologies that go beyond point-in-time detection and blocking to include a continuous capability, always watching and never forgetting, so you can mitigate damage once an attacker gets in. 2. Automate security as much as possible: Manual processes are inadequate to defend against relentless attacks that often employ automated techniques to accelerate and broaden attacks. Businesses need to reduce labour-intensive tasks and streamline security processes. Tools that can intelligently identify and automatically alert only on relevant security events can save security teams hours investigating events that aren’t real threats. In addition, being able to automatically enforce and tune security policies and rules to keep pace with the changing threat landscape and evolving IT environment, minimises risk of exposure to the latest threats and vulnerabilities. 3. Leverage retrospective security: Modern threats are able to disguise themselves as safe, pass through defenses unnoticed, remain undetected and later exhibit malicious behaviour. Look for technologies that address this scenario by continuously monitoring files originally deemed ‘safe’ or ‘unknown’ and enabling you to apply
retrospective security – the ability to quickly identify, scope, track, investigate and remediate if these files are later determined to be malicious. 4. Hone your incident response processes: Security events happen and many organisations don’t have an incident response plan in place. Every organisation should have a designated Incident Response team that is trained to communicate and respond to security events. The team needs to be backed by documented processes and policies. For example, an InfoSec Policy must be put in place to ensure you’re protecting the right data. An Incident Response Runbook with clear step-by-step instructions for the team to follow in the event of an attack, including incident notification and a collaboration call tree, leads to better, swifter and more accurate containment and remediation. Finally, systematic program reviews on a quarterly basis can ensure that your policies, configurations and rules performance are protecting your organisation as needed. 5. Educate users and IT security staff on the latest threats: Educating users so they are wise to these techniques and putting policies in place to restrict user behaviour can go a long way towards preventing these malicious attacks that often rely on relatively simple methods. Organisations must also be committed to keeping their staff highly trained on the current threat landscape. Ongoing professional development with a specific focus on being able to identify an incident, know how to classify it and how to contain and eliminate it will help keep security teams apprised of the latest techniques used by attackers to disguise threats, exfiltrate data and establish beachheads for future attacks. The security ‘game’ has changed, and if organisations do not recognise that change, and implement the proper precautions well before they are ever attacked, they risk seeing their name highlighted in the press – for all the wrong reasons. About the Author Ammar Hindi is Managing Director of Asia Pacific operations for Sourcefire, now a part of Cisco. In this position he is responsible for corporate operations across the region including sales, business development and strategic marketing activities. Hindi joined the company in June 2009, bringing nearly 20 years of experience in sales and management positions launching Asia Pacific business initiatives.
Australian Security Magazine | 41
Cyber Security
Encrypting for cloud security and compliance As a vast majority of organisations move data to the cloud, the question becomes how to protect that data in the Cloud. There’s been no shortage of high profile security breaches on the global stage. By Paige Leidig
I
n December 2013, a high profile store found itself in full damage control mode after the theft of 90 million customer credit card details. And the recent trend in Australia reveals that at least one data breach is reported each week. If an enterprise needed any encouragement to beef up its cloud security strategy, surely the time is now. The costs of data breaches can be staggering in both financial and brand terms. One bad breach can stain a company’s reputation for years, and Australian Privacy Commissioner, Timothy Pilgrim, has made it clear that he intends to send a message to companies who don’t take adequate precautions. Added to this is compliance with privacy legislation, and the new laws that came to effect on March 12 2014, (Privacy Amendment Act 2012). There are two key privacy principles within the Act which are particularly relevant for organisations with data in the cloud. Both focus on the necessity of taking protective measures. Principle 8 relates to the cross-border disclosure of information and is an ongoing concern for Australian organisations, particularly troubling when the sovereignty of their data in the public cloud may be unknown. The principle defines the cloud customer as liable for the security and privacy of the data, regardless of whether the provider adheres to Australian privacy laws. Essentially, the breach mitigation and punitive burdens fall on the shoulders of the cloud customer. Principle 11 on the security of personal information, relates to not just what is stored in a cloud but what could be matched with that data to identify an individual. Companies need to take caution in considering how to protect data that would otherwise be anonymous information through a process of de-identification, also achievable through encryption. When it comes to both data protection and regulatory compliance, encryption is a powerful tool – having the right tool, however, won’t solve anything if not used correctly. How to encrypt Encryption comes in different strengths and flavours, and choosing the appropriate kind for different data requirements is vital to a successful cloud information protection strategy. For example, due to their higher level of sensitivity, customers’ credit card numbers require a higher strength of encryption, than say, customer postcodes. Organisations should identify
42 | Australian Security Magazine
the confidential data, typically 5-15 percent of all a company’s information, and apply encryption to protect that data. Cloud information protection platforms provide a granular level of control enabling administrators to choose exactly what data to protect and how. This ensures the data is both functional and encrypted as strongly as possible. Organisations also need to understand the importance of retaining the encryption keys. Outside access to encryption keys dilutes the enterprise’s control, which adds a needlessly extra path for hackers and information requests. These risks will put the organisation afoul of privacy regulations. By keeping exclusive control of the encryption keys, even if data was leaked or stolen, it would remain illegible to anyone outside the organisation. Additionally, even if a third party was compelled to hand over the encrypted data to a Government agency, neither party could decrypt it without the enterprise’s knowledge and participation. Encryption prevents unauthorised parties from reading or using it, but if applied incorrectly, it can break cloud applications, rendering them useless to employees. Using strong encryption that preserves search, sort and other application functions combines data protection with usability. 2014 may indeed be the year of encryption. Major cloud providers have been ramping up their own encryption strategies, but they aren’t the only ones who should. The advent of the Australian Privacy Principles is a timely reminder that any organisation handling sensitive data, needs to be implementing a security strategy that will see both their data and that of their customers protected in the cloud. About the Author Paige Leidig has 20 years of experience in technology, marketing, and selling enterprise application solutions and managing trusted customer relationships. Leidig was previously in the Office of the CEO at SAP, where he was responsible for leading and coordinating SAP’s acquisition and integration activities on a global basis. He has managed a number of marketing initiatives at SAP, including responsibility for all go-to-market activities for SAP’s Cloud applications portfolio. Preceding his SAP career, Paige held senior management positions with Ariba, Elance, and E*Trade. He is currently Chief Marketing Officer and Senior Vice President at CipherCloud.
Cyber Security
Rethinking firewalls for Web applications The days when walling your IT infrastructure within rings of firewalls are now long gone. It is a simple fact, that traditional firewalls that stopped intruders and malware in its tracks outside the organisation’s perimeter aren’t cutting it. The reason: Web applications. By Linda Hui
I
t is easy to understand why Web applications are popular. Taking advantage of ubiquitous browsers, they can extend corporate functionality beyond the office. Armed with Web applications, employees can conduct mission-critical transactions quickly, anywhere. Add overhead cost reduction and enhanced user experience, and you can see why Web applications are becoming a feature in every type of organisation. The problem is that most traditional firewalls were built before the rise of Web applications. They assume that your applications sit behind physical corporate walls and are only accessed by authorised personnel – not on the laptops and mobiles of employees on the move. To ensure smooth operations, most firewalls are often riddled with tunnels to allow Web application traffic through. This, as one can imagine, opens up gaping holes at the application layer that many now exploit at your organisation’s expense. At the same time, cyber criminals have evolved. Forget the old notion of an attention-seeking kid sitting behind a computer. Today’s cyber criminals are politically, socially and economically motivated, and often work in groups. This has led to the rise of complex attacks. Many, such as multi-layer distributed denial-of-service (DDoS) /application layer attacks and SQL injection vulnerabilities, zero in on the lack of Web application security. The issue with traditional firewalls is that they do not differentiate genuine traffic from your users and bot traffic from cyber criminals. In the interim, DDoS mitigation providers have utilised browser fingerprinting techniques, like cookie tests and JavaScript tests, to verify if requests are coming from real browsers. However, most recently, it has become apparent that cyber criminals have launched DDoS attacks from hidden, but real browser instances running on infected computers. This type of complex cyber attack is incredibly hard to detect. In fact, DDoS attacks are on the increase despite rising awareness and security measures. In the past year, the number of such attacks targeting vulnerable spots in Web applications has risen and attackers are using increasingly complicated methods to bypass defenses. Meanwhile, 75 percent of CISOs are aware external attacks had increased and 70 percent of CISOs noticed that Web applications represent an area of risk higher than the network infrastructure. Regulators and users are also adding pressure to organisations to deal with Web application insecurity. As netizens and Governments increase their calls for better data
and privacy, organisations are hard-pressed to secure their Web applications and abide by stricter data security and privacy regulations. The answer lies with Web Application Firewall (WAF) solutions, which often sit in front of Web applications. Essentially, these interrogate the behaviour and logic of what is requested and returned. By doing this, they can protect against Web applications threats like SQL injection, crosssite scripting, session hijacking, parameter or URL tampering and buffer overflows. In addition, they can also offer proactive defense against unknown attacks by keeping an eye on unusual patterns in the traffic that the Web application receives. According to Frost & Sullivan, there are generally three types of WAFs: Standalone WAF appliances, integrated WAF on an Application Delivery Controller (ADC) and software WAF solutions. Currently, standalone appliances remain the preferred form factor in the Asia Pacific region, accounting for 77.7 percent of the market. However, the research firm noted that this may change in the future as the cost-effective and easy-to-use integrated WAF solutions have been gaining in popularity, especially with service providers and SMBs. So is it the right time to jump onto the WAF bandwagon? When it comes to IT security the answer is always the same; now is better than ever. Lack of a WAF exposes your Web applications and your entire IT infrastructure to attacks that may be difficult to recover from. After all, it only takes a single intrusion to tarnish your hardearned reputation and put your business on shaky grounds. About the Author Linda Hui is Managing Director at F5 Networks in Hong Kong and Taiwan, based in Hong Kong. With more than 17 years of experience in the information and telecommunication industry, Hui is responsible for overseeing and steering the company’s growth in Hong Kong and Taiwan. Prior to joining F5, she promoted and grew Andersen Consulting’s Risk Consulting Practice, particularly in the technology risk and financial risk area. During her time with Anderson Consulting, she successfully bought in clients and increased the market awareness of the service offerings. Hui holds a Bachelor Degree in Computer and Management Science from the University of Warwick and Master Degree in Business Administration from the University of Nottingham.
Australian Security Magazine | 43
Cyber Security
Mobile phone evidence gathering: Sometimes the BEST form of evidence!
The mobile phone is today more than just a communication vessel. We all know of its extended functionality to include emails, camera, internet access and so on. But have you ever thought about the role of a mobile phone as evidence in a crime? Prevalent in today’s evolving world, there are investigators specialising in mobile phone forensics. By Phill Russo
44 | Australian Security Magazine
Y
ou have no doubt seen one of those TV shows with a geeky looking girl in piggy tails, wearing glasses and a white lab coat solving crimes almost instantly, tracing mobile phone information and extracting data that provides that missing crucial piece of evidence which completes the investigation jigsaw. I can tell you this only happens on TV. I am a real life computer and mobile phone Forensic Investigator and sadly, I don’t pass off as half as good looking as the characters portrayed in such shows. I do, however, complete forensic analysis on electronic data extracted from computers, mobile phones, iPads and even GPS devices, to assist lawyers from around the world to present evidence in support of their court cases. This evidence may be crucially used in every court setting you can think of including criminal, corporate, family, marital, patent and even Government regulatory court proceedings. With the world-wide uptake of mobile phones, this communication vessel is increasingly proving to be the best
form of evidence providing that smoking gun in many cases. As well as being a portable devise, mobile phones are easy to purchase and have all the functionality of a computer at a fraction of the price. Functions including camera, email, instant chat, calendar and internet access are considered standard features on many Smartphone devices; and of course, you can use it as a phone too. Whether used as a personal device or for business, mobile phones are a tool for which communication is entrusted world-wide. Statistics on the usage of mobile phones have figures almost reconciling to the ratio of one phone for every living human being on the planet. Social media’s popularity and success would today, largely be attributed to its seamlessly integration with mobile phones. It appears that many users would almost consider the mobile phone as an extension of their being. Users seem to involve their phone in many of their social activities such as writing thoughts on Twitter, posting pictures of dinner on Instagram, or simply posting ‘selfies’ on Facebook. All great fun, however,
Cyber Security
“Flash memory has a limited life usage, meaning every time you write and delete information to the memory module, the less time that memory section has to live.” for myself as a Forensic Investigator, a mobile phone is a pure gold treasure chest of evidentiary value. You often hear on the news that police have seized mobile phone video or photographic evidence in crimes such as assault, drug dealing or even murder. The photographs are only the tip of the evidentiary iceberg. I have investigated instances where mobile phone evidence has been instrumental within marital and family law matters and intellectual property theft and business espionage in corporate matters. Such things as mobile phone tower reconciliation can plot maps of mobile phone connection and usage, and may prove useful to confirm or discredit alibis in court room testimonies. Often, deleted information contains some of the most valuable evidence. Just like a computer’s deleted data may still be recoverable including SMS messages, emails, photographs etc, so too can phone backups and syncs may also prove to be of evidentiary importance. These may be preserved locally on a computer or on an iCloud server, and this may have been an automated process that a person may have forgotten about. I have had a number of incidences where a person has been served with a court order to present a mobile phone for forensic analysis. When the phone has been analysed, it is evident the phone has been reset to a default setting, as an attempt to wipe any user data. Immaterial if data is recoverable or not, if it is proven that the phone was reset after the execution of that court order, then the offender may face contempt of court charges with fines in the thousands of dollars, and 12 months imprisonment or possibly more in some jurisdictions. One of the main factors for successful data recovery, is the ability to create forensically sound physical images from the phones. Due to phone encryption and password protected access or pin protection, sometimes this simply may not be possible. Furthermore, depending on the specialist tools and investigator’s experience, this may or may not, be viable. The forensic interaction and acquisition process requires specialist equipment such as the phone forensic kit – the Cellebrite UFED. This is a specialist piece of forensic hardware and software developed in Israel and regarded as one of the world’s best devices for mobile forensic analysis. Similarly, the operator of the device should be a certified operator. Recently in some Australian courts, some investigators have had their evidence challenged as they have had no formal training, nor hold certification for mobile forensic analysis. In some instances, the phone’s design will prevent data recovery. Mobile phone data resides on what we refer to as
flash memory, consisting of NAND and NOR flash memory. Flash memory has a limited life usage, meaning every time you write and delete information to the memory module, the less time that memory section has to live. Due to the way the flash memory is used, if one section known as a ‘block’ of data, becomes unusable, then the whole device will fail. A process known as ‘wear-leveling’ and ‘garbage collection’ maintains this failure to give the maximum life from the flash memory module as possible. This process can cause effects that either provide or limit access to artifacts and cause a constant state of change proving court room validation difficult to explain to the uncertified. Furthermore, some phones’ security features may hinder data recovery. For instance, some versions of the Apple iPhone, when coupled together with some versions of iOS, will prevent a physical forensic extraction and deleted artifacts may not be recoverable. Until such time as one of the major forensic vendors develops a solution, then data recovery is not possible and the loss of substantial evidence artifacts will fall to this failing. So all in all, it’s not as easy as it’s made out to be on TV but mobile phones are a definite source of evidence and one that could provide valuable input to any investigation. About the Author Phill Russo is a world renown computer and mobile phone forensic expert, and is CEO of CIA Solutions in Perth, Western Australia. Russo also instructs in his specialty field to police, military, members of FBI, Australian Federal Police, Scotland Yard, Hong Kong Police, Nedbank, Westpac, Bankwest, KPMG, Deloitte, Boeing and other world class firms.
Australian Security Magazine | 45
Frontline Available online! See our website for details
1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE
6 print issues per year for only $88.00 SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, 6 issues (1 year). ☐ ☐
AUSTRALIA INTERNATIONAL
A$ A$
88.00
(inc GST)
1 YEAR
158.00
(inc GST)
1 YEAR
Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag), 6 issues (1 year).
No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.
MY DETAILS
PAYMENT
Salutation: __________First Name: __________________________________________
Please find enclosed my cheque/postal order (made payable to MySecurity Media )
Surname:______________________________________________________________
for $ __________________ or debit my:
Job Title: ______________________________________________________________ Company: _____________________________________________________________ Postal Address:__________________________________________________________ Suburb: _____________________State: _________ Postcode: ____________________ Country: ______________________________________________________________ Email: ________________________________________________________________
46 | Australian Security Magazine
Card Holders Name: __________________________________________ Signature: _________________________________________________
Interested in our e-news service? Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)
Expiry Date:________________ Todays Date: ______________________
PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155
FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059
Email subscriptions@mysecurity.com.au
GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056
To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au
The new Canon XEED WUX400ST Projector. See page 53
Latest News and Products
TechTime - latest news and products
WD® Debuts Surveillance-Class Hard Drive Line WD®, a Western Digital company and storage industry leader, has announced the availability of WD Purple™, a purpose-built line of 3.5inch, high-capacity hard drives for surveillance applications. Designed specifically for video surveillance units, WD Purple hard drives excel in new and existing home and small business security environments with up to eight hard drives and up to 32 high-definition (HD) video cameras. Shipping today, WD Purple hard drives are available in capacities from 1 TB up to 4 TB. “By expanding our ‘Power of Choice’ product portfolio with WD Purple, we make it simple for our VARs, integrators and consumers to select the right drive engineered for their application and validated with our industry leading surveillance partners,” says Matt Rutledge, Senior Vice President and General Manager of WD’s Storage Technology Group. “WD optimised the WD Purple line of hard drives for surveillance applications to improve high-definition video playback, and operate in 24x7 workloads of surveillance environments.” “Different from ordinary desktop hard drives designed for eight hours of daily operation, WD Purple drives have the built-in reliability to operate in Hikvision home and small business system installations so critical video footage is available when it is needed most,” says Ying Yang, Director of Testing, Hikvision. “An additional benefit of WD Purple drives is they support up to eight drives and 32 HD cameras so there is the flexibility to expand for future system coverage.” “The biggest trend impacting the video surveillance market in recent years has been the transition from analog cameras to network cameras,” says Jon Cropley, Principal Analyst for Video Surveillance at IHS Technology. “With enhanced resolution, wide dynamic range and day/night functionality in cameras increasing, demand for storage solutions capable of accommodating large volumes of video will also increase.” Optimised to withstand the demands of always-on digital PVR, DVR and NVR recording environments, WD Purple hard drives offer low power consumption and many advanced performance features typically reserved for enterprise-level storage.
•
helps to reduce video footage loss with a proprietary cache policy management technology to help improve data flow and playback. WD Purple includes exclusive firmware upgrades that protect against video pixilation and interruptions within a surveillance system Advanced Format Technology™ (AFT) – the more efficient media format that enables increased areal densities, adopted by WD and other drive manufacturers to continue growing hard drive capacities.
Engineered for compatibility Built for easy integration into new or existing video surveillance systems, WD Purple hard
drives are designed and tested to surveillanceclass standards and are compatible with industry-leading chassis and chip-sets. Without a current industry standard, WD worked closely with surveillance partners to develop a proprietary benchmark to define and demonstrate performance in surveillance systems. Tests of WD Purple hard drives indicate superior performance to competitive surveillance-class brands of storage, especially as cameras, channel count and workloads increase. A special Compatibility Selector is available to assist customers with surveillance drive selection at: http://www.wd.com/en/ products/products.aspx?id=1210
Features WD Purple hard drives are equipped with an array of exclusive WD technologies, including: • AllFrame™ – when combined with ATA streaming support, AllFrame™ technology
48 | Australian Security Magazine
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Your security, our storage. The power of choice. Marc Cisneros Protector, Advocate, Guardian. 362,512 hours recorded, 15,643 cameras strong, 7,453 sequences stored, 2,423 businesses secured, 1,512 clients protected, 1 surveillance solution.
WD Purple™
Surveillance Storage See more of Marc’s solutions at:
wd.com/choice
Western Digital, WD and the WD logo are registered trademarks of Western Digital Technologies, Inc. in the U.S. and other countries; absolutely, WD Blue, WD Green, WD Black, WD Red and WD Purple are trademarks of Western Digital Technologies, Inc. in the U.S. and other countries. Other marks may be mentioned herein that belong to other companies. Product specifications subject to change without notice. © 2014 Western Digital Technologies, Inc. All rights reserved. 2178-800046-A00 Feb 2014
TechTime - latest news and products
Handheld launches the all-new NAUTIZ X4 rugged computer for the mobile worker Handheld Group, a leading manufacturer of rugged mobile computers and Smartphones, has announced the launch of its brand-new Nautiz X4 rugged handheld. The Nautiz X4 is a multipurpose compact handheld computer built for the mobile worker. It enables efficient and reliable data collection in the toughest environments. The Nautiz X4 is a compact and lightweight rugged handheld computer that is optimised for efficient field data collection. It has been designed and developed specifically for mobile workers in tough environments in industries such as warehousing, logistics, transportation, utility, field service, security and public safety. Measuring only 156 x 74 x 25.5 millimeters (6.1 x 2.9 x 1.0 inches) and weighing a mere
has an integrated u-blox GPS receiver that provides professional-grade navigation functionality. This handheld also offers multiple connectivity options, such as high-powered 3G and excellent Wi-Fi capability. It has a high-speed
1 GHz processor, 512 MB of RAM and 1 GB of flash memory, and it runs Windows Embedded Handheld 6.5, the operating system of choice for professional users in the targeted industries, which includes Microsoft Office Mobile.
330 grams (11.6 ounces), the Nautiz X4 is a true ergonomic work tool and one of the thinnest and lightest handheld computers in the ruggeddevice sector. It features a high-brightness, sunlight-readable resistive touchscreen for reliable computing in challenging worksite environments, and comes complete with either a high-performance 1D laser scanner or a 2D imager for super-fast and accurate scanning and barcoding tasks. The device also features a 5MP camera with auto focus and LED Flash. The Nautiz X4 has an IP65 Ingress Protection rating, which means that it is impervious to dust and highly resistant to water – the unit can be used in dusty work environments as well as in heavy rain, and can be rinsed off if dirty. It also meets stringent MILSTD-810G military test standards for overall durability and resistance to humidity, shock, vibration, drops, salt and extreme temperatures. “Mobile data collection is performed in warehouses as well as outdoors, in all kinds of weather and for long work hours. It may be cold and it may rain or snow. So the field worker needs a computing tool that can not only handle adverse weather conditions, but is also ergonomic and user-friendly,” says Jerker Hellström, CEO of Handheld Group. “For this, we are proud to introduce the Nautiz X4, a new rugged handheld computer that merges ultimate mobility with true field functionality in a handy package and at a very attractive price. We are confident that the Nautiz X4 will be the obvious choice for mobile workers in a wide range of industries.” The Nautiz X4 rugged handheld computer
50 | Australian Security Magazine
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
QCamPro - remote video security in your hands Many have grappled with the concept of remotely monitoring video cameras or being alerted when activity is first detected on a protected site. We all long for a virtual staff member or security officer to notify if there’s a problem or site changes like temperature, power or air quality. In 2013, John Convill, founder of QCamPro, launched his Video Camera iApp to the marine sector in Florida at the Fort Lauderdale Boat Show. Convill has returned to Australia from the Miami International Boat Show held in February 2014, where he was in contact with top integration partners such as AXIS, Mobotix and FLIR. Showing how fast the take-up rate can be, the QCamPro is now spanning across the globe in 64 different countries with 30 companies ‘branding’ the app as their own.
How it works It works very much like an alarm system, except you receive a visual ‘push’ notification direct to your IOS device allowing the user live video and two-way voice communication with speaker equipped cameras when an event occurs.* Point of difference The majority of camera/surveillance systems have their own app that allows you to have a look whenever it suits you. QCamPro also allows you to use this, but the key feature is it ‘notifies you’ when an event occurs.
different cameras to be set up in different camera layouts across multiple sites. With the recent success of the Miami International Boat Show, QCamPro has appointed a Business Development Manager in Florida as well as in the UK and Europe. This success has also seen an increase in the number of security providers getting on board and branding their own QCamPro. As it value adds to their current range of services, it is a win win situation. *Android App available but without event notification
Multi-view function Rather than have multiple apps for multiple sites, QcamPro has a multi-view option allowing
QCamPro Smartphone App
The majority of camera/surveillance systems have their own app that allows you to have a look whenever it suits you. QCamPro also allows you to use this, but the key feature is it ‘notifies you’ when an event occurs. QCam Professional is a remote monitoring application for control of IP Video Cameras. The Latest Remote Technology – at YOUR fingertips.
Email us today, install the APP and gain greater control of your monitoring systems
admin@qcampro.com.au | support@qcampro.com.au
www.qcampro.com.au
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
PUSH
ATION
NOTIFIC
TechTime - latest news and products
The world’s smallest FULL HD PTZ camera Canon’s knowledge in lens design and expertise in miniaturisation of advanced technologies has led to the creation of its new FULL HD compact network camera range. Featuring some of the smallest cameras ever to hit the market, the VB-S30D is the world’s smallest1 full high definition PTZ camera with 3.5 X optical Canon zoom lens and H.264 multi-streaming. This compact model, which fits in the palm of your hand, sits alongside three other models in the range including the VB-S31D, VB-S800D and VB-S900F. Despite their ultra-compact size, these cameras boast ease of use and installation; high quality image capture as well as best in-class low light capabilities2 among other enhanced features. “Apart from providing wide angle recording and superior quality image capture and colour accuracy in various settings, we understand the need for making network cameras smaller to help them blend in with various environments,” says Ben Crosariol, Product and New Business Development Manager for Canon Specialised Imaging, Canon Australia. “With their ultracompact size, the range has been designed for retail, office and warehouse style environments, to aid in managing security and providing operations surveillance.” Ease of use and ability to blend seamlessly into environment With a diameter of approximately 120mm and height of approximately 54mm, the domeshaped VB-S30D is the world’s smallest FULL HD PTZ surveillance camera, and in addition to the environments already listed is also ideal for streaming live video from education facilities or company meetings for live streaming on organisations’ websites to help reach a larger audience. Similarly, both VB-S31D and VB-S800D are mini dome network cameras, sharing the same dimensions as VB-S30D. The VB-S31D, however, is a powered pan tilt camera with 4 X digital zoom while the VB-S800D is a fixed camera. Both cameras enable monitoring across a large viewing area with wide 95 degree horizontal angle of view. The VB-S900F, on the other hand, takes the form of a compact full body camera which facilitates wide-area monitoring with 96 degree angle of view. Additionally, it is equipped with a Digital PTZ feature which allows users to crop and display part of a camera image in the image display area.
52 | Australian Security Magazine
High quality image capture and efficient video recording Equipped with powerful DIGIC DV III image and DIGIC NET II network processors used in Canon’s high-end cinema cameras, all four new network cameras are able to capture exceptionally high quality images, with vivid, accurate colours and reduced image noise. All four network cameras also offer the highest number of built-in intelligent functions3 in their class, which include Moving Object detection, Abandoned Object detection, Removed Object detection, Camera Tampering detection, Passing detection and Volume detection.
Strong in low light environments The VB-S30D is the ideal choice for night and low-light setting surveillance due to its exceptional ability to capture low-noise colour video with little more than the illumination provided by a candle’s flame. It is able to achieve minimum subject illumination4 of 0.95 lux for colour video, and 0.5 lux for black and white video in night mode. Enhanced with Auto Smart Shade Control, a new feature which can automatically change due to varying lighting conditions, the new network cameras will analyse the brightness of the scene and automatically select the optimal exposure and darkness compensation level to ensure that subjects remain sharp and clearly visible even in backlit conditions or dark settings. The new network cameras VB-S30D, VBS31D, VB-S800D and VB-S900F are available now at authorised Canon distributors. Contact specialised.imaging@canon.com.au for further information. Based on Canon Inc research of FULL HD Cameras with optical PTZ, as of 1st of March, 2014. 2 Among Full HD compact network cameras. As of 1st of March 2014, based on a Canon survey. 3 Detection accuracy may differ depending on usage environment. 4 Minimum subject illumination ratings based on f/1.4, shutter speed 1/30 sec, Smart Shade Control off. 1
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
New XEED projectors from Canon ideal for state-of-the-art security control rooms Canon introduces a new projector category that combines the exceptional picture quality of larger installation projectors with the plugand-play convenience of portable models. Designed for short-throw use, the new Canon XEED WUX400ST and XEED WX450ST Compact Installation LCOS (Liquid Crystal on Silicon) Projectors are equipped with an advanced Genuine Canon lens with generous horizontal and vertical lens-shift adjustability for distortion-free image quality in environments where the projector must be located close to the display surface. “Canon’s new compact range incorporates Canon’s proprietary AISYS optical system, which maximises the performance of LCOS panels, giving users brighter and more vibrant images,” says Ben Crosariol, Product and New Business Development Manager for Canon Specialised Imaging, Canon Australia. “This new projector category offers new levels of quality, colour accuracy and clarity for classrooms, boardrooms, conference rooms and other tight spaces.” Security control rooms In addition to the types of locations listed above, the new range is now being sort-after for state-of-the-art security control rooms, where they allow for a solution to be installed capable of a very large display, fast moving video and intricate detail. Featuring next generation LCOS display panels, users will be able to view in high resolution with crisp contrast, high brightness and accurate representation of day light and low light security camera footage. The XEED WUX400ST delivers WUXGA (1920 x1200) resolution with 4000 lumens of brightness while the XEED WX450ST provides WXGA+ (1440 x 900) resolution with 4500 lumens.
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Installation flexibility Approximately 25 percent smaller than their predecessors, the XEED WUX400ST and XEED WX450ST projectors are ideal for short-throw environments with the capability to project a class leading 100” image at a mere 1.2 meters and 1.23 meters respectively. Both come with a built-in 1.35x distortion-free zoom lens, a 0 to 75 percent vertical and ± 10 percent horizontal lens-shift adjustment feature. Imaging versatility Although integrating many unique features, the new Canon XEED WX450ST and XEED WUX400ST Compact Installation LCOS Projectors are simple to operate and provide quick set-up features. An innovative four-point keystone-adjustment function enables users to adjust each corner of the image independently while also keeping focus consistent, and to achieve true diagonal projection as well as moiré reduction. These features allow them to be installed even in the most unique environments and challenging angles. An easy-to-use, built-in edge-blending
function with precision luminance ramp adjustment and pixel-overlap control, enables the new XEED Projectors to be used in multiprojector configurations for the display of large, seamless images with precisely matched edges. With these intuitive stacking options incorporated in each model, an affordable 4K display solution is now in easy reach for more of the market. Advanced management and connectivity The XEED WX450ST and XEED WUX400ST have built-in Crestron RoomView™-compatibility allowing for a host of connectivity options. Key networking features include a contentstreaming capability, which allows one or more PCs to connect to a projector over a standard LAN to share content. This Network Multi Projection system has the ability to display content from four different PCs on a single screen. Content can be streamed from any point with a network connection to a projector, either within a room or in multiple locations, simplifying installation. A special Picture-by-Picture Processor also allows for the simultaneous use of HDMI and DVI in split-screen mode. Other models in this new compact installation range include the standard throw WUXGA XEED WUX450 (1920 x1200 resolution) with 4500 Lumens, $5299RRP and the WXGA+ XEED WX520 (1440x900 resolution) with 5200 Lumens, $4999RRP, which are available now. The Short Throw XEED WUX400ST, $6499RRP and XEED WX450ST, $6199RRP models will be available from May 2014, at authorised Canon dealers. Contact specialised.imaging@canon. com.au for more information.
Australian Security Magazine | 53
TechTime - latest news and products
Arbor Networks introduces new threat protection solution Arbour Networks Inc, a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, has introduced Pravail Security Analytics for advanced threat detection, incident response and security forensics. The technology delivering this solution was developed by Packetloop, a Sydney, Australiabased innovator in the field of Big Data Security Analytics that was acquired by Arbor in September 2013. “Arbor is able to offer enterprise security teams the richest set of data regarding the activities happening on their network. Pravail Security Analytics is a powerful solution that will allow our customers to see attacks on their global networks faster and in more detail than seen before. We’re focused on bringing meaningful context to massive amounts of data so that security teams can focus on the critical few, react faster and identify the threats lurking within their network environment before they impact the business,” says Arbor Networks President, Matthew Moynahan. Global attack intelligence for local protection The attack intelligence that keeps Pravail Security Analytics at the cutting edge of network security comes from Arbor’s ATLAS® Active Threat Level Analysis System. ATLAS is a collaboration with nearly 300 service providers who share anonymous data with Arbor, up to 70TB/sec of global Internet traffic. This collective view delivers globally scoped insight into the attack landscape. This data set is analysed by Arbor’s security research team who then develops detection methodologies; and creates fingerprints that identify threats and malicious activity occurring within the enterprise. Reveal attacks hidden within your global network Today’s breed of attacker is not looking to be a short-term and visible nuisance. They use stealthy and sophisticated methods to penetrate an organisation’s perimeter and the indicators of compromise are often impossible to identify before it’s too late. In order to really understand subtle, advanced targeted attacks, enterprises need a complete record of all network traffic. By analysing data very quickly, Pravail Security Analytics can be used for real-time attack
54 | Australian Security Magazine
response decisions, and by storing the data for future reviews, it can be looped to identify previously undetected attacks using the latest threat intelligence.
•
Rapid deployment, on-premise or in the cloud
•
Pravail Security Analytics uses big data technologies that lower the barrier to entry for organisations looking to deploy and operate world-class security analytics. An organisation can securely upload packet captures to Pravail Security Analytics in the Cloud and be analysing their data within minutes of a threat being identified. For organisations that cannot upload their packet captures for compliance or regulatory reasons, Pravail Security Analytics can also be deployed as an on-premise solution using distributed Collector appliances. The Collector appliances can be used to scale out storage or processing capabilities for high speed capture points, or for deployment into multiple locations to provide distributed coverage. Most importantly, the Collector appliances operate in real-time, streaming the security analytics data to the Controller for analysis with virtually no delay. This means security analysts can track attacks live, as they happen, or perform post hoc analysis with stored and uploaded packet captures.
On-Premise Collector to Cloud Controller a collector is deployed on your network and processes real-time network streams. The results are encrypted and streamed to the cloud where they are analysed On-Premise Collector to On-Premise Controller - in this model nothing leaves your network. Data is collected and processed within your network and streamed to a Controller within your network.
The technology in the Collectors can scale to meet network speeds, length of packet capture retention (for looping) and real-time processing speed. This means that full realtime functionality of Pravail Security Analytics is available for network speeds in excess of 10Gbps. Big Data Security Analytics on a grand scale. Collectors are available in multiple physical appliance form factors as well as Virtual Machines. Controllers can also be scaled but aren’t as heavily utilised as Collectors. They store all the metadata and make it available for analysis and can scale to support decades of processed data. At this time Controllers are only available in a physical appliance or of course by leveraging the cloud platform. General availability of the Pravail Security Analytics on-premise Collector solution is planned for April 30, 2014.
By using Controllers and Collectors, Pravail Security Analytics can support three flexible deployment architectures: • Pravail Security Analytics Cloud - where the Controller is the Pravail Security Analytics cloud platform. Data is uploaded in the form of packet captures and processed in the cloud
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
Simoco Xd deployed for airline services organisation Simoco Group has announced the deployment of its complete Digital Mobile Radio (DMR) solution to an airline services organisation in Australia. Simoco has supplied a Simoco Xd Tier II system to Alpha Flight Services, a catering company which operates at Perth Airport – one of the busiest international transport hubs which sees more than 13.6 million passengers per year. To meet the airport’s exponential growth, in both commercial and corporate flights, Alpha Flight Services needed to address and improve its operational communications, ensuring that catering staff and catering van drivers could communicate seamlessly on a dedicated reliable network at all times. Simoco approached Alpha Flight Services to develop a complete end-to-end DMR network solution, which included DMR portables that operated on Simoco’s industry leading DMR infrastructure. “Working with Simoco was an easy decision for us to make,” says Daniel Morgan, Operation
LEADING INDEPENDENT SECURITY CONSULTANTS
Manager at Alpha Flight Services. “After the site inspection and testing, which was carried out by Simoco technicians, it became clear how a Simoco Xd system could enhance our operations at the airport. The clear audio and assured coverage gives us the confidence that our drivers and personnel can stay in constant communication and respond quickly to issues in the busy communications critical environment. Additionally, Simoco Xd is software upgradable to Tier III, so it also gives us the flexibility to grow as our requirements change into the future.” “This latest move addresses Alpha’s need for a critical communications solution in a fast paced environment,” says Ian Carr, CEO at Simoco Group. Previously the company used mobile phones, which can be unreliable, costly and fail to offer seamless, all informed push-totalk communications to ensure worker safety. Simoco Xd therefore provides the ideal solution for increasing the safety, efficiency and reliability of Alpha’s personal network.”
For more information about the Simoco Xd range to support both Tier II and III, visit http://simocogroup.com/products-andtechnologies/digital-mobile-radio-dmr
Secure Key ManageMent Getting a key is as easy as 1 2 3
www.amlechouse.com Amlec House Pty Ltd Independent Security, Risk and Investigation Management Consultants
Security Design, Reviews & Auditing Services Studies, Investigations & Reviews Background & Criminal History Checks Due Diligence Services Specialist Technical Services Security & Risk Awareness Workshops Cyber Security, Online Safety & OSINT Workshops
The BenefiTs are simple…
• •
Saves money – no lost keys
•
Organised layout – all keys are kept in one place
•
Ensures you always know who has which set of keys
•
Modular system gives total flexibility for expansion
Only authorized staff can access keys
The Keytracker system is the simplest and most cost effective key management system currently available. Ranging in size from single units, 5 capacity then in multiples of 5 up to a maximum of 300 keys, the Keytracker system is Ideal for Security Companies, Car & Motor Cycle Dealers, Police, Hospitals, Schools…or anywhere where lots of keys are handled by lots of staff where the chance of misplaced or lost keys is high.
1 Insert your personal colour coded access peg...
2
Twist to release the desired key...
3 Remove key!
Access peg cannot be removed until key is returned
For more information visit www.autotag.com.au or call us on 1800 814 716
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Health Check – ISC ²®’s Healthcare Security and Privacy Certification
E
xecutive Editor, Chris Cubbage, had the opportunity to speak with Hord Tipton, Executive Director of (ISC)²® (‘ISC-squared’) following the introduction of the Healthcare Security and Privacy Certification (HCISPP). Meeting the need for healthcare practitioners can be so wide and so varied that (ISC)²®, the world’s largest not-for-profit information security professional body, found that there were up to 40 different jobs that the sector advised that they wanted certification for. Since the launch in 2013, there have been 60 people who now hold the HCISPP certification. The HCISPP establishes a global standard of competency for Healthcare Information Security and Privacy Practitioners. “The HCISPP credential was developed based on direct feedback from our membership and industry luminaries from around the world working in healthcare. They have observed the evolving complexity of information risk management in the industry as online system migration and regulations increase,” says Hord Tipton, CISSP. “Over the past few years, the healthcare industry has undergone a major transformation to adjust its compliance management practices and data protection requirements – moving from highly paper-based processes to a digital and more connected working environment. (ISC)2® has introduced this new healthcare credential to help employers bring more qualified and skilled professionals into this industry who can help protect coveted vital records and personal data.” (ISC)²®, which also administrate the Certified Information Systems Security Professional (CISSP®), is the first foundational global standard for assessing both information security and privacy expertise within the healthcare industry. The credential, available world-wide since late 2013, is designed to provide healthcare employers and those in the industry with validation that a healthcare security and privacy practitioner has the core level of knowledge and expertise required by the industry to address specific security concerns. As with all its credentials, (ISC)²® conducted a job task analysis ( JTA) study to determine the scope and content of the HCISPP credential program. Subject matter experts from the (ISC)²® membership and other industry luminaires from organisations in Hong Kong, Europe, and the United States attended several exam development workshops and contributed to develop the Common Body of Knowledge (CBK®) that serves as the foundation for the credential. The HCISPP is a demonstration of knowledge by security and privacy practitioners regarding the proper controls to protect the privacy and security of sensitive patient health information 56 | Australian Security Magazine
as well as their commitment to the healthcare privacy profession. It is a foundational credential that reflects internationally accepted standards of practice for healthcare information security and privacy. For executives accountable for protecting sensitive healthcare data, HCISPP demonstrates a proactive commitment to ensuring an organisation is making the necessary human resources investment in information security. To attain the HCISPP, applicants must have a minimum two years of experience in one knowledge area of the credential that includes security, compliance and privacy. Legal experience may be substituted for compliance and information management experience may be substituted for privacy. One of the two years of experience must be in the healthcare industry. All candidates must be able to demonstrate competencies in each of the following six CBK domains in order to achieve HCISPP: • Healthcare Industry; • Regulatory Environment; • Privacy and Security in Healthcare; • Information Governance and Ris Management; • Information Risk Assessment; • Third Party Risk Management. Candidates may find more information about HCISPP, download the exam outline, and register for the exam at https://www.isc2.org/hcispp/ default.aspx About (ISC)²® (ISC)²® is the largest not-for-profit membership body of certified information and software security professionals world-wide, with more than 92,000 members in more than 135 countries. Globally recognised as the Gold Standard, (ISC)²® issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), the Certified Cyber Forensics Professional (CCFPSM), Certified Authorization Professional (CAP®), HealthCare Information Security and Privacy Practitioner (HCISPPSM), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)²®s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)²® also offers education programs and services based on its CBK®, a compendium of information and software security topics. More information is available at www.isc2.org
Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, Executive Director Mr Tipton has more than 30 years of business experience including Chief Information Officer for the US Department of the Interior for more than five years; Director for International Programs for the Minerals Management Service; Engineer for Union Carbide Nuclear Corporation for 13 years; and various other high-level positions. He has been a member of the Board of Directors since 2005 and of the (ISC)²® US Government Advisory Board since 2004.
le on c i t r See a anned Unm es on cl Vehi 30
Page
Drones Robotics Automation Security Technology Information Communications
www.drasticnews.com Like us on facebook! www.facebook.com/drasticnews
FOR SECURITY. FOR JOBS.
F-35 LIGHTNING II
FOR AUSTRALIA. Lockheed Martin’s F-35 Lightning II — the right security partner for Australia, its people, and its future. Providing thousands of high-technology jobs for Australia and billions of dollars in industry contracts over the next 30 years. SEE THE FUTURE IN ACTION AT: F35.COM/AUSTRALIA
AUSTRALIA
THE F-35 LIGHTNING II TEAM NORTHROP GRUMMAN BAE SYSTEMS PRATT & WHITNEY
LOCKHEED MARTIN