Print Post Approved PP255003/10110
THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au Apr/May 2015
Securing Mumbai: Tackling terror from the seas
Introducing the Australian CyberCrime Online Reporting Network (ACORN)
Water Security in an Urbanising Pakistan
Talking trauma: post-traumatic rehabilitation
Op Rahat surmounts risks to bring them home Stemming the tide of radicalisation AISA: Mandatory Breach Disclosure
SMARTER SURVEILLANCE $8.95 INC. GST
PLUS
TechTime l Cyber-TechTime Movers & Shakers l Quick Q&A and much more...
e g n a R d n o Intr Cano ng i c u
360-degree Revolving
EW N he
T
Auto Tracking
Scream Detection
All Weather Model
Preset Tours
30 X Optical, High Speed 360° with built-in Auto Tracking
CAPTURE EVERYTHING IN THE HIGHEST QUALITY With a 75 year history of manufacturing state-of-the-art camera and lenses, our new range of Network Cameras set the benchmark in image quality, colour accuracy and low light performance. Select models have super-fast, accurate 360° rotation with auto tracking; impressive WDR performance; models with IR illumination systems that allow you to see long distances even in complete darkness and fixed cameras with intuitive remote PTRZ-F functionality.
Infrared Illumination
Auto Day/Night
Area Zoom
Intelligent Function
Intrusion detection
See in the dark up to 30 metres with an advanced dual beam Infrared (IR) illumination system
PTZ
• • •
VB-R11VE (Outdoor, 360°) VB-R10VE (Outdoor, 360°) VB-R11 (Indoor, 360°)
Dome
• • • •
VB-M641VE (Outdoor Fixed Dome) VB-M640VE (Outdoor Fixed Dome) VB-M641V (Indoor Fixed Dome) VB-M640V (Indoor Fixed Dome)
Full Body
• •
VB-M741LE (Outdoor w IR) VB-M740E (Outdoor w IR)
All above models have remote PTRZ-F. Disclaimer: Features vary between models. Please review model specification before purchasing. New camera models available for sale between May and July 2015.
Available from:
View the complete 25 model range at canon.com.au/networkcameras call 13 13 83 or email specialised.imaging@canon.com.au
Contents Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Marketing Manager Kathrine Pecotich Art Director Stefan Babij Correspondents Sarosh Bana Kema Rajandran Adeline Teoh
MARKETING AND ADVERTISING Kathrine Pecotich T | +61 8 6361 1786 promoteme@australiansecuritymagazine.com.au SUBSCRIPTIONS
Editor's Desk 3 Quick Q @ A Tony Haddad - Nuclear Security Advisor 4 Movers & Shakers 6 ACORN - The Australian cybercrime online reporting network 7 International Securing Mumbai - Tackling terror from the seas 8 Op Rahat surmounts risks to bring them home 10 Water security in an urbanising Pakistan 12 National Stemming the tide of radicalisation 14 Talking Trauma 20 Towards security professionalisation 22 Page 8 - Securing Mumbai Technology Smarter surveillance 24 Cyber Security Know your enemy but know yourself too 26 Politics of Protection 28 AISA - Mandatory breach disclosure 30 Data centres - A weak link in counter terrorism 31 Women in Security 34 Thinking before we click - Karen Stones 34 TechTime - the latest news and products 37 Cyber TechTime 42 Book Shelf - Draft WA CCTV Strategy 44
T | +61 8 6361 1786
Page 20 - Talking Trauma
subscriptions@mysecurity.com.au
Copyright Š 2014 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E | info@mysecurity.com.au E: editor@australiansecuritymagazine.com.au All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.
OUR NETWORK Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews,
events and other topical discussions.
Correspondents Page 24 -Smarter Surveillance
CONNECT WITH US www.facebook.com/apsmagazine www.twitter.com/apsmagazine www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about
Print Post Approved PP255003/10110
THE REGIONS LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | WWW.ASIAPACIFICSECURITYMAGAZINE.COM MAR/APR 2015
Sarosh Bana
Kema Rajandran
Adeline Teoh
Contributors
www.youtube.com/user/MySecurityAustralia
Terror Alert Levels Rising: A heightened state
Heritage for Sale: Return of priceless antiquities to India
Terrorism in China
www.asiapacificsecuritymagazine.com
Threat Management: A focus on the threat actor
Advanced Cyber Attacks Understanding privileged account breaches
Pseudo Science: Fraudulent security equipment
PLUS $8.95 INC. GST
SinĂŠad Lehane
Anooshe Mushtaq Angela Toh
TechTime | Movers & Shakers | Quick Q & A and much more!...
Read APSM E-Magazines online! www.asiapacificsecuritymagazine.com/e-mag
www.drasticnews.com
|
www.chiefit.me
|
www.youtube.com/user/ MySecurityAustralia
2 | Australian Security Magazine
www.cctvbuyersguide.com
Stuart Clarke
And Kevin Wine Michael Coole Dr. David Brooks
Editor's Desk “For a long time many believed that there would be an automatic adjustment and counted on a rapid increase in the wages of the emerging nations, on our advances in technology and the costs of transport preventing disruption. But this reassuring analysis is out of date.” - Laurent Fabius
A
nyone with an avid interest in global, national, as well as human security trends, even generally, will appreciate these trends have an interdependence and there is often few degrees of separation between the relationships. To make the point, on the approach to the Centenary commemoration of ANZAC Day, teenagers as young as 14 were arrested in Melbourne and the UK over an alleged terror plot. Their behaviour is alleged to be directly influenced by the events in the Middle East. In the same way, are the attacks by Boko Haram, Al Shabaab and Da’esh. It is prudent for security professionals, therefore, to remain aware of the ‘domino’ faultline conflicts in the Middle East and North Africa, along with the cultural clashes that can trend in a multi-cultural and online Australia. Though the clouded contrast of reality and perception becomes increasingly clear when the details are sought out, the term ‘crisis’ is used more by ‘politicians’ than anyone else and remains the catalyst word for generating ‘action’ or indeed, worse still, ‘inaction’. In April 2015, the Australian Prime Minister ‘launched’ a ‘taskforce’ to develop a ‘report’ into the ‘Ice Epidemic’ which has, it would be apparent to some, suddenly and unexpectedly reached ‘crisis’ levels in regional and city communities across the country. I have to agree with Fiona Patten, MLC Member for Northern Metropolitan who said in response “The Prime Minister is simply churning out the same tired old strategy to battle the socalled ‘ice epidemic’. Whilst I applaud any effort to reduce harmful drug use, what we need is drug law reform and to be looking at the root causes of the issue, not spouting military style rhetoric and appointing an ‘ice cop’. We need reform – not enforcement,” concluded Ms Patten. Almost one in ten Australians have tried methamphetamine and around half a million Australian adults are current users of the drug. ‘Ice’ causes users to suffer from psychotic episodes and become violent and unpredictable. April 2015 also saw the release of a report on mental health reform, commissioned by the Federal Government and recommended redirecting more than $1 billion in funding from acute hospital care to community-based mental
health services. The Federal Health Minister rejected this proposal. The report found “major deficiencies in the response [received] by many of those seeking help for suicidal thinking, attempts or bereavement” and urged a “radical rethink of responses” to mentally ill people seeking help. The commission found that there was substantial funding within the mental health system but that it was not distributed efficiently, effectively or fairly and it recommended redirecting money from hospital to community based care from 2017. There are about six suicides in Australia each day, or just over 2,400 deaths per year. Anecdotally, suicide rates would be a reasonable indicator of the level of mental health issues across the community. Mental health issues include those who suffer from psychotic episodes and some behaviour can be violent and unpredictable. As recently demonstrated by the co-pilot responsible for Germanwings Flight 9525 which crashed in the French Alps. Co-pilot Andreas Lubitz hid an illness from his employers, say German prosecutors, who is accused of deliberately killing 148 people in a suicide mission. April 2015 also hosted discussion around the ‘pretty dull’ Federal Budget 2015/2016. For our business community and the nation’s employers, the call for urgent reform has been led by Kate Carnell AO, Chair of the Australian Chamber of Commerce and Industry. A Joint Statement From Business Leaders On Boosting Australia’s Competitiveness projected government spending will surge to 31 per cent of GDP by 2055 and our net debt will swell to $2.6 trillion must be a major wake-up call to today’s generation of political leaders and the entire community. Coinciding to this warning, the world’s top finance leaders have warned that currency volatility, low inflation and high debt levels threaten to undermine an already uneven global economic recovery. The International Monetary Fund warning is an implicit acknowledgment of the failure across the globe to enact longer-lasting structural overhauls to major economies after years of relying on short-term spending and other temporary stimulus programs. Without intending to be overly pessimistic, there is complex and overlapping issues from international, regional, national and community trends, like illicit drugs in our communities and
the links to transnational organised crime, or the influence of the Islamic State on misaligned youth and causing them, allegedly, to plot to target Australia’s commemoration of our brave war dead, or the global economic storms causing local business disruptions and short-term rises in unemployment and debt stress. Even Australia’s Federation is being threatened by GST disputes between the States. The security risk environment, coupled with unpredictable government, challenging business environment and imbedded social challenges being left untreated, such as mental illness and drug abuse, is clearly developing as a challenge that will require a holistic approach and which in some measure, with some of the threats, such as terrorism, is already tinkering between high and imminent. Once again, we are in a period of needing to be prepared for the worst, even if it is approaching gradually. But are we? In this issue of the Australian Security Magazine we examine some of the longer term regional issues emerging, such as the water crisis in Pakistan, a nuclear power, and the protection of Mumbai from future, water borne, terror attacks. We also introduce Anooshe Mushtaq with her article on ‘Stemming the Tide of Radicalisation’ and articles on trauma, security professionalism and Data Centre blast protection. Our cyber security features include mandatory breach disclosures and we introduce the ACORN (Australian Cybercrime Online Reporting Network), accompanied by our Women in Security feature on Karen Stones, the AISA Information Security Professional of the Year. As always, we provide some thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.
Yours sincerely, Chris Cubbage CPP, RSecP, GAICD Executive Editor
Australian Security Magazine | 3
....with Tony Haddad Nuclear Security Advisor Nuclear Security is regulated by the International Atomic Energy Agency (IAEA), which is the United Nations Nuclear Watchdog. It is not a common skill set in Australia; it is highly specialised and this is due to our small nuclear footprint. In 2014, Australia was ranked the global leader in Nuclear Security and Tony Haddad is proud to have played a role in contributing to that. Tony has since departed Australia and is now based in Abu Dhabi, UAE to assist in developing a Nuclear Security posture. With over 20 years’ experience, including as a former Agency Security Advisor and senior roles in consulting, government and the private sector, Tony’s expanding expertise is a story worth following. How did you get into the security Industry? While I was studying for a Diploma in Hotel Management, I took a weekend course in security and was working doors to pay my way while studying. I was door knocking five star hotels for a job after I had graduated; I couldn’t find any roles that weren’t kitchen or cleaning related and the last hotel that visited was the Hotel Intercontinental Sydney. I was told that the only role available was a security officer position, desperate to work in a hotel to get a foot in the door; I pleaded my case and explained how I had my security licence and that my studies would add value to the role of security officer. I ended up completing an application form and started a few days later. How did your current position come about? I was a self-employed PSPF (Protective Security Policy Framework) and SCEC (Security Construction and Equipment Committee) Security Zone Consultant providing consulting services to a number of Government agencies; ANSTO (Australian Nuclear Science and Technology Organisation) was one of my clients. The role of Manager, Security and Operations / Agency Security Adviser became available with ANSTO, and I liked the people and the operating environment, so, I submitted. Having gone through the recruitment process I was fortunate enough to have been offered the role. What are some of the challenges you think the Nuclear Security domain is faced with?
4 | Australian Security Magazine
Information management is a key obstacle, not only in a Nuclear Security context, but applicable to business in general. The information may be intellectual property, classified national security information or personal files, but the imperative is to ensure that the storage, access to and availability of information, systems and assets are considered. Whether a security professional relies on consequence matrices or business impact levels, the protection must be commensurate with the residual risk and appetite of the risk owner. Where do you see the industry heading? That’s a difficult one to answer, although as we are becoming more and more focused on risk management, I would say the role of security professionals may see itself transitioning slightly into the enterprise risk and resilience sphere; as security is a control tool to address the realisation of risk.
Australia has maintained its top ranking following reductions in its quantities of highly enriched uranium and ratification of the International Convention for the Suppression of Acts of Nuclear Terrorism. The ranking complements the findings of an International Atomic Energy Agency Physical Protection Advisory Service mission in November 2013 which concluded that nuclear security within Australia has long been of a high standard and has been significantly enhanced in recent years. Minister for Foreign Affairs Julie Bishop, 10 January 2014.
What do you do when you’re not working? I am a family man, I love spending time with my wife and three sons.
Gavin Struthers named President for Intel Security Asia Pacific
AFP Assistant Commissioner appointment to INTERPOL AFP Assistant Commissioner Tim Morris has been selected as the new Executive Director for Police Services, based in Lyon, France. The INTERPOL Secretary General Jürgen Stock officially announced Mr Morris’ appointment this week. Mr Morris will be reporting directly to the Secretary General, responsible for coordinating and supervising the operations of INTERPOL’s four key Directorates. AFP Commissioner Andrew Colvin congratulated Mr Morris on his appointment. “This appointment is a reflection of the high-standing of Mr Morris and the AFP in the international law enforcement community,” Commissioner Colvin said. “Mr Morris has had a distinguished career within the AFP and has made significant contributions to law enforcement on a domestic and international scale,” Commissioner Colvin said. “During the selection process he had strong support from the Australian Government who endorsed his application.” Mr Morris joined the AFP in 1986 and has been a member of the AFP executive since 1997. He has experience in commanding the AFP’s Counter Terrorism, Intelligence Functions and was previously Head of INTERPOL National Bureau Canberra. Mr Morris is currently the National Manager of High Tech Crime Operations overseeing cybercrime, online child protection and crime prevention strategies. The position is for a period of five years, with Mr Morris expected to take up the role in the second quarter of this year.
6 | Australian Security Magazine
Intel Security has announced the appointment of Gavin Struthers as President, Asia Pacific for Intel Security, replacing Andrew Littleproud. Formerly Senior Vice President of Worldwide Channel Operations, Intel Security, Struthers will now be responsible for business operation across Asia, India, Australia and New Zealand. No stranger to Intel Security or the APAC region, Gavin has worked with McAfee, now part of Intel Security for over 12 years across several roles including the global channels role, Vice President of Channels, Alliances and Specialist Sales (APAC), Regional Director (ANZ) and Enterprise Sales Director for ANZ. During his tenure, Struthers was instrumental in re-invigorating the Intel Security channel business including a resurgence in the commercial segment via a significant contribution from the partner community. During his tenure, Intel Security’s top partners enjoyed over 20% growth globally, while new business growth through partners soared to over 150% with the deal registration program. Struthers comments, “I am thrilled to be returning to the APAC region where I have had significant experience. The region is rife with opportunity. Intel Security is well positioned to be the enterprise security company that helps customers implement an integrated architecture and offers end-to-end solutions to businesses and consumers. My goal is to help Intel Security become our customer’s #1 security partner.”
FireEye Appoints Eric Hoh to Lead Asia Pacific Japan Business FireEye, the leader at stopping today’s advanced cyber attacks, has announced Eric Hoh has been appointed President of Asia Pacific Japan. In his new role, Mr. Hoh oversees FireEye’s business operations and sales across the Asia Pacific region. He is based at the company’s regional headquarters in Singapore and the first to hold the role. Mr. Hoh brings 20 years of technology industry experience to FireEye. He most recently led Symantec’s regional sales in Asia South and Korea. Prior to Symantec, he held sales leadership roles with Veritas Software and Seagate Software. “Asia Pacific organisations are more likely to be attacked than their counterparts around the world because of regional political tensions, growing economic influence and industries like manufacturing and high-tech all attract the attention of advanced threat groups.
FireEye is expanding rapidly in the region and Eric’s experience, passion for security and deep knowledge of these diverse markets make him an ideal leader to grow our Asia Pacific team,” said Dave DeWalt, FireEye Chairman of the Board and CEO. “Whether organisations are in Sydney, Bangkok or Tokyo, they are facing a new onslaught of sophisticated cyber attacks that easily bypass traditional security solutions and put their most valuable intellectual property at risk. FireEye is bringing together the right mix of technology, intelligence and expertise to deliver a cyber defence strategy that organisations in this region can deploy to stay secure in the face of the most advanced attacks,” added Mr. Hoh. With the Asia Pacific region’s dynamic geopolitics and rapid economic growth, statesponsored threat groups routinely target and breach organisations within every country in the region. These groups steal proprietary information to gain advantage in commerce and national security. From July to December 2014, a recent report from FireEye found 37 percent of organisations surveyed in the region had been breached by Advanced Persistent Threat groups. In the mostly highly targeted countries such as Korea, Hong Kong and Taiwan, their breach rates all exceeded 50 percent, significantly higher than the global average of 27 percent. Since it began Asia Pacific operations in Australia in 2010, FireEye has grown its regional presence from a single employee to over 350 employees including a Research & Development Centre in Bangalore and a joint Singtel-FireEye Advanced Security Operations Centre in Singapore, which opened in February 2015. About FireEye, Inc. FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as nextgeneration firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500. If you have an entry for Movers & Shakers please email details and photo to editor@australiansecuritymagazinecom.au
Agency Introduction
Introducing the Australian Cybercrime Online Reporting Network (The ACORN)
T
he end of November 2014 was an important time in the cyber security space in Australia. The Minister for Justice Michael Keenan launched the Australian Cybercrime Online Reporting Network (the ACORN), a reporting system for individuals and small businesses; the Prime Minister announced the opening of the Australian Cyber Security Centre, an important resource for government agencies and medium to large businesses; and the Department of the Prime Minister and Cabinet began a cyber security review process, the first since 2008. These three major initiatives are all significant steps in our fight against cybercrime. However, what cannot be denied is the fact that one of the most important weapons we have to combat cybercrime is a cyber-literate public. Australians and Australian businesses need to understand how to stay safe online, how to engage in the digital economy and how to report an incident when it occurs. In its first four months, the ACORN has already gone a long way to helping achieve these goals. With over 13,000 reports received, the police agencies and government organisations are starting to build the much needed picture of the types of cybercrime affecting Australians and Australian businesses. But this is only the start. The major challenge we all face in the cybercrime space is its ever evolving nature. As a government and as individuals, we are in a constant battle with cybercriminals. Where we are trying to prevent and defend, cybercriminals are coming up with new ways to get around the systems. An unfortunately, it doesn’t require sophisticated skill – the availability of cybercrime toolkits has
lowered the entry bar for new players. There is a flourishing underworld economy in online black markets, offering anyone the opportunity to commit cybercrimes. As a result, cybercrime poses significant challenges for law enforcement. The nature of the internet – relative anonymity, its global nature, the speed and volume of transactions – challenges traditional law enforcement. That is why a paradigm shift is needed in the way we deal with cybercrime. The borderless nature of cybercrime means that no jurisdiction can effectively tackle it in isolation – it requires a coordinated national approach. The ACORN provides a framework for government and law enforcement agencies to have greater cooperation with each other in the investigation of cybercrime. It extends the scope of existing jurisdictional capabilities. Although the ACORN is proving to be a successful tool in helping law enforcement agencies overcome these challenges, we won’t be successful in our fight against cybercrime if we don’t develop a better understanding of the problem. And that extends beyond governmentwe also need the public to shift their thinking about what cybercrime actually is and how cybercriminals work. It is with this in mind that the ACORN will present a piece addressing the emerging ransomware cases affecting Australians in the next edition of the Australian Security Magazine. With the lucrative syndicate behind CryptoLocker being shut down by the US Department of Justice in 2013, ransomware is evolving and Australians are being targeted.
Australian Security Magazine | 7
International
Securing Mumbai: Tackling terror from the seas When the 10 seaborne-terrorists from Pakistan sailed across the Arabian Sea from Karachi to Mumbai on their blood-thirsty mission in November 2008, it was all too literally, smooth sailing.
T
By Sarosh Bana APSM Correspondent, Mumbai
8 | Australian Security Magazine
he fishing craft arrived and mingled easily with the swarm of trawlers off the fishermen’s colony in downtown Mumbai. Neighbours on the Indian subcontinent, these Pakistanis raised no suspicion on their arrival on Indian shores. Over the next 59 hours, these well-trained and heavilyarmed predators besieged this metropolis of 22 million, slaying 166 innocent men, women and children in cold blood and wounding 293 others. They targeted diners at the Leopold restaurant, passengers at the CST railway terminus, patients and nursing staff at the Cama & Allbless Hospital, guests at the five star Taj and Oberoi hotels, and the rabbi and his wife at the Jewish cultural and religious centre of Chabad House. This terror onslaught transformed the way people now live in Mumbai. It was of similar magnitude and as much a game-changer as the airplane attacks against the United States on ‘9/11’ (11 September 2001) and came to be called ‘26/11’ (26 November 2008). As these marauders had caused maximum mayhem in the two sea-facing luxury hotels, most local high-end hotels are now barricaded, with parking restricted and visitor entry under scrutiny. While earlier, citizens could saunter into public or private buildings on their errands, they are now routinely frisked, need to pass through metal detectors and are monitored by closed circuit television cameras (CCTVs) that now bristle all across the city. Some government
establishments look fortified, with electronic surveillance at all places, armed sentries behind sandbags, guard dogs on patrol, barbed wire fencing along peripheral walls, cordoned off footpaths forcing pedestrians onto the roads, and permanently positioned police vans and pickets. Indeed, if the city police now fail to make headway in any criminal case, they are inclined to blame it on the absence of CCTV at the scene of the crime – even if it is in a home - or unclear footage from those that are installed. Criminals too have changed their tactics as a result. Before going for their victims, they go for the CCTV, or disguise themselves to avoid getting traced. The city authorities have now signed a deal worth A$195 million with Indian firm Larsen & Turbo for installing 6,000 CCTV covering the entire city. In a concerted multi-agency effort to secure Mumbai’s coastline – the metropolis is surrounded by the sea in the west, south and east – and to avert any recurrence of a terrorist attack from the seas, the Central and the Maharashtra state governments have taken several measures to strengthen coastal and maritime security. They say that due to these coordinated efforts, all measures are now in place and overall maritime security is much stronger than before. The Indian Navy has been the lead agency in this task and is assisted by the Indian Coast Guard, Marine Police and other Central and state agencies. At the apex level, the National Committee for Strengthening Maritime and Coastal Security (NCSMCS), headed by the Union Cabinet
International
Secretary, coordinates all matters related to Maritime and Coastal Security. The Navy has fully operationalised Joint Operations Centres ( JOCs) that are command and control hubs for coastal security not only in Mumbai, but also at Kochi to the south, Visakhapatnam on the east coast, and at Port Blair in the Andaman and Nicobar archipelago in the Bay of Bengal. These JOCs are manned 24×7 jointly by the Navy, Coast Guard and Marine Police that have also sharply increased coastal patrolling over the last few years. At any given time, the entire west coast of India is under continuous surveillance by ships and aircraft of the Navy and Coast Guard. Inter-agency coordination among 15 national and state agencies has improved through exercises conducted regularly by the Navy in all the coastal states. Nationwide, over 100 such exercises have been conducted since 2008 and they have also helped test the defences of India’s offshore oil and gas production areas. In May 2013, the Navy received the first of the eight Boeing P-8I Neptune long-range anti ship and submarine warfare, intelligence, surveillance and reconnaissance aircraft in a US$2.1 billion deal. The P-8Is are being outfitted with the Data Link II internet-based digital transmission system developed by the state-owned Bharat Electronics Limited (BEL). This Indian-made technology will enable exchange of tactical data and messages between aircraft, ships and shore installations. This will accord a vital impetus to the Command, Control, Communications, Computers and Intelligence (C4I) systems that are evolving as credible force multipliers. C4I systems, either by themselves or built into platforms, form a powerful augmented capability to be used by the commander to conduct operations by helping integrate the chain of command and control, information management, data fusion and dissemination. To strengthen its ability to patrol 2.5 million sq km (965,255 square miles) of its marine jurisdiction, Australia too placed an order worth A$4 billion last year for eight P-8A Poseidon, of which the P-8I is a variant and which Boeing is developing for the U.S. Navy. The P-8As can also conduct search and rescue, anti-submarine and maritime strike missions using torpedoes and Harpoon missiles. The first of them will be delivered to the Royal Australian Air Force in 2017, with all eight to be fully operational by 2021, with Canberra having an option for a further four aircraft. Intelligence inputs helped India’s integrated command detect and intercept an intruding unlit Pakistani fishing boat in the Arabian Sea off the Porbandar coast on the night of 31 December 2014. A Coast Guard Dornier surveillance aircraft undertook sea-air coordinated search and located the suspect vessel that had sailed from Keti Bunder near Karachi. Thereafter, a Coast Guard ship on patrol in the area was diverted and intercepted the craft. The vessel was laden with explosives, because when challenged by the Coast Guard, it tried to flee from the Indian side of the maritime boundary, but with the Coast Guard ship in pursuit, its four crew members set their boat on fire, resulting in loud explosions that ultimately sank it. Technical measures too have been implemented for coastal surveillance, by way of a chain of 74 Automatic Identification System (AIS) receivers for seamless cover
To strengthen its ability to patrol 2.5 million sq km (965,255 square miles) of its marine jurisdiction, Australia too placed an order worth A$4 billion last year for eight P-8A Poseidon, of which the P-8I is a variant and which Boeing is developing for the U.S. Navy. along the entire 7,517-km long coastline of India. This is complemented by a series of 46 overlapping radars in the coastal areas of the Indian mainland and island enclaves. A second phase of coastal radars is being installed to plug the small gaps in some places. To enhance Maritime Domain Awareness, Defence minister Manohar Parrikar recently inaugurated the National Command Control Communication and Intelligence Network (NC3I). This over-arching coastal security network collates data on all ships, trawlers and other vessels operating near the coast, from multiple technical sources like the AIS and radar chains. These inputs are fused and analysed at the Information Management and Analysis Centre (IMAC) at Gurgaon, near Delhi, which disseminates this compiled Common Operating Picture for Coastal Security to all 51 nodes of the Navy and Coast Guard spread across the coast of India. This Nodal Hub for coastal security, conceptualised by the Indian Navy, is a major step in establishing a coastal security shield. Fishermen have also been issued ID cards by a centralised database, and over 200,000 fishing vessels have been registered and equipped with GPSes (Global Positioning Systems) and RFID (Radio Frequency Identification) tags for tracking them. India’s widespread fishing communities are adept mariners and their cooperation has now become indispensable to Indian maritime security. They have been marshalled as the ‘eyes and ears’ of the coastal security architecture through awareness campaigns by the Navy and Coast Guard. In the Mumbai-headquartered Western Naval Command (WNC) itself, 70 such campaigns have been conducted in 2014 alone. The Navy and Coast Guard are providing periodic professional training to Marine Police in all coastal states. Over 250 police personnel have been trained at the WNC in 2014. Marine Police training institutes are now being set up in Gujarat on the west coast and Tamil Nadu on the east. The indigenous dedicated naval communication satellite, Rukmani or GSAT 7, has facilitated the Navy in achieving complete digitisation of communications for enhanced maritime domain awareness. Since its launch in August 2013, Rukmani has been pivotal in ensuring seamless connectivity between the triad of surface, sub-surface and air platforms of the Navy. Keeping in mind the challenges ahead, a new appointment has been created in the naval headquarters from June 1. Rear Admiral Kishan Pandey has been appointed as first ever assistant chief of naval staff exclusively to handle communications space and network centric operations.
Australian Security Magazine | 9
International
Op Rahat surmounts risks to bring them home As a humanitarian catastrophe looms in war-torn Yemen - one of the poorest, driest and least developed countries in the world - India took the lead in staging a massive rescue effort to evacuate not only the Indians stranded there, but other nationalities as well.
T By Sarosh Bana APSM Correspondent, Mumbai
10 | Australian Security Magazine
he politically, diplomatically and militarily coordinated rescue mission, which was initiated on 31 March-1 April, ended on 10 April, with all 4,640 Indians, a vast majority of them nurses, and additionally 960 nationals from 41 other countries, having been transported safely back home. On 6 April alone, India rescued more than 1,000 people by plane and ship, the country having been appealed to by 26 nations - including the United States, Germany, France, Sweden, Sri Lanka, Nepal, Bangladesh and Turkey - to help get their citizens out of the conflict zone. On 25 March, seized of the growing instability in Yemen, the Indian government issued an advisory to all Indian nationals there to leave immediately, given the “fragile” security situation in that country. Indian Prime Minister Narendra Modi spoke to Saudi King Salman bin Abdul Aziz al-Saud and Indian authorities negotiated extensively with their Saudi counterparts to secure safe access and safe passage for Indian ships and aircraft for the evacuation operations, codenamed Op Rahat (Hindi for ‘relief ’). With access to airports within Yemen fraught with risk, sealift was considered the safest option. The Indian Navy’s offshore patrol vessel (OPV), INS Sumitra, which was on anti-piracy patrol in the Gulf of Aden, was pressed into action for the operation and entered Aden Port on the east
coast of Yemen on the night of 31 March and 1 April 2015. On the first day, the ship rescued 349 persons from the port that was under heavy fighting. The Indian Navy also dispatched INS Mumbai, a Delhiclass guided missile destroyer, and INS Tarkash, a Talwarclass frigate, on the night of 30 March from Mumbai, the frigate escorting two passenger ships, MV Kavaratti and MV Coral, released from Kochi by the state-owned Shipping Corporation of India (SCI) to participate in the rescue mission. The Gulf of Aden comes under the operational area of the Mumbai-headquartered Western Naval Command of the Indian Navy and a high level of coordination between the Navy and various government agencies was achieved to pursue this rescue and evacuate effort. While India’s Civil Aviation ministry diverted two Air-India planes for the air evacuation, the Indian Air Force (IAF) deployed two of its Boeing C-17 Globemaster III to transfer the evacuees from the tiny Red Sea state of Djibouti to Indian shores. As the evacuees boarded the Indian ships, the vessels’ Medical Officers attended to those in need of medical care, with special care provided to pregnant women and the elderly. Considering that these individuals and families had undergone agony, faced threat to their lives and were ousted from their homes, leaving all their belongings behind, the
International
Navy had instructed its personnel to ensure total comfort for the evacuees during their passage. Consequently, living quarters of the crew were cleared to accommodate women, children, and the elderly. To ensure evacuation of maximum numbers, male evacuees were accommodated on upper decks under the cover of shamianas. The ships also arranged for hot meals for all evacuees. Each of the galleys, or kitchens, is designed to cater to only 100 persons (the average strength of the crew), but the Navy had two to three cooks of the ship working night and day to provide three times the usual meals, using the ships’ own rations. Once back home, the entry documents of the returnees were processed promptly. The Indian Railways too rose to the occasion. Under instructions of Railway minister Suresh Prabhu, arrangements were made for temporary stay and also meals for those opting for rail travel to their respective destinations from Mumbai, and the tickets for their travels too were provided free. There was one tragedy that too was tackled. Manjit Singh, an Indian national who was working on a foreign merchant vessel, Gulf Dove, had been grievously injured in a bomb blast in Aden and succumbed to his injuries in a hospital there. His body was carried by INS Tarkash to Djibouti, from where his remains, along with 450 people evacuated from the port city, were flown back India. BOX on Yemen and the conflict Half the population of 25 million of dirt poor Yemen lives below the poverty line and 40 per cent are malnourished. Its city of Sana’a may well become the first world capital to run out of water, largely on account of a burgeoning population and environmental mismanagement. Curiously, Yemen’s dryness is also compounded by the national addiction to qat, or khat, a narcotic flowering plant native to the Horn of Africa and the Arabian peninsula that is immensely waterintensive to cultivate. This arid country on the southwestern tip of the Arabian peninsula was among those Arab countries wracked by rebellion sparked off in the wake of the Arab Spring that emerged on 18 December 2010 with the revolution in Tunisia. A small oil producer, with production from its careworn oil industry plummeting from 130 million barrels in 2006 to 54 million barrels in 2013, Yemen has a geo-strategic significance, abutting as it does the Bab al-Mandab strait, a waterway linking Red Sea with the Gulf of Aden through which much of the world’s oil shipments pass. In 2011, the Shiite Houthi rebels, who follow the Shia Islam sect of Zaidism, joined revolts to topple Ali Abdullah Saleh, himself a Zaidi who had been president of Yemen since 1990. Saleh, who was previously president also of North Yemen from 1978 until unification with South Yemen in 1990, battled the Houthis while president, but allied with them against his successor, Abed Rabbo Mansour Hadi, in a comeback bid. The Houthis struggled to oust Hadi as they were opposed to his 2014 plans for Yemen to be federated into six regions. Last September, Houthi forces seized the Yemeni capital of Sana’a in the north of the country, forcing Hadi to abdicate and flee to his hometown of Aden to the south. As the Houthis
A frightened child taken to safety
Indians evacuated from Yemen boarding a C-17 Globemaster-III of the Indian Air Force at Djibouti before taking off to Mumbai.
advanced, Hadi fled from there too and took to the sea by boat. He is now believed to be in hiding in Saudi Arabia. On 26 March, Saudi Arabia began air strikes in alliance with other Sunni Gulf countries against the Houthi forces. The rebels are reportedly patronised by Shiite Iran, though both parties deny all ties. Tehran has nevertheless condemned the allied air campaign as a “crime” and appealed for peace talks. The Saudi-led coalition has imposed an air and sea blockade on Yemen and is targeting the rebels with the aim of reinstalling Hadi as President.
Australian Security Magazine | 11
International
Water security in an urbanising Pakistan
By Sinéad Lehane Research Manager, Global Food and Water Crises Research Programme, Future Directions International
T
he availability of fresh, potable water has emerged as a key security challenge in Pakistan. Less than 1,000 cubic metres of fresh water is now available for every person annually. While a great deal of focus has been on Pakistan’s interstate water challenges, particularly with India, internal water management issues present a far greater threat to national security and political and social stability. Water Management in Pakistan Pakistan is an arid to semi-arid country that does not have enough water to meet current or future demand. Inconsistent rainfall patterns have led to a dependence on the Indus River and subterranean aquifers. As a consequence, the river is now grossly over-allocated and a series of canals and diversions to service the agricultural sector has left the river basin vulnerable to low flows and drought further downstream. Groundwater depletion and reduced flows in the river both present significant threats to Pakistan’s water security. Climate change will exacerbate that insecurity. Increased variability in climate is predicted to intensify monsoonal rains and a rising incidence of flooding and drought is expected as a result. Glacial melt in the Himalayas will also have a significant impact on river flows in the Indus River Basin, causing flash flooding and a long-term reduction in water availability. Adapting to these changes and mitigating the impacts of climate change, particularly in agricultural regions,
12 | Australian Security Magazine
will be critical to securing long-term food and water security. Limited storage capacity creates further vulnerability; particularly as climate variability increases and water availability fluctuates from season to season. The Asian Development Bank estimates that Pakistan’s water storage capacity is no more than a 30-day supply. This is significantly less than the recommended supply of 1,000 days. Addressing storage capacity limitations should be prioritised to ensure a stable supply of water year round, particularly as rainfall becomes more sporadic and snowmelt reduces. Perhaps the greatest threat to Pakistan’s water security is failed governance. Volatile domestic politics, embedded in systemic corruption, has created an environment ripe for the mismanagement of the country’s natural resources. Already dealing with an energy crisis, Pakistan must now address a growing scarcity of water within a system that is not conducive to implementing public policy or transparent management systems. In Karachi, attempts to discipline those who illegally siphon water from the central water system will likely prove futile while systems of governance remain unchanged. Companies and bulk consumers often bribe local authorities for permission to connect to the supply line, making it difficult to both prevent the connections and identify those who should be held to account. The illegal water trade in urban areas is driven by a shortage of water for all consumers. Industries are unable to
International
‘Water availability is one of the key constraints to agricultural production. Approximately 80 per cent of Pakistan’s cultivated land is irrigated, according to a report by the United States Institute of Peace (USIP). Water wastage in the industry is rife. Water loss through damaged and leaking canal systems requires urgent attention and the upgrading of irrigation practices to increase water-use efficiency should be prioritised.’ access the water they need to operate, while many domestic consumers are serviced by water trucks that may only deliver once or twice a week. The need for more water has led to a booming illegal water trade that both undermines and capitalises on dysfunctional public water systems. Ageing and unmaintained infrastructure is contributing to a considerable loss of water in cities. Public utilities do not have the capital to maintain or extend these systems to cater to growing demand. Consumers, meanwhile, are forced to pay exorbitant prices to access clean water. This is a significant missed opportunity for Pakistan. The illegal siphoning of and trade in water has created a system of water economics which, if controlled by official utilities, could both manage water demand and provide the capital required to service and maintain infrastructure.
these slums lack basic potable water access and sewerage facilities. These communities are often dependent on private water vendors who charge exorbitant amounts for clean water. Polluted ground and surface water leave residents with little choice but to pay the high cost for clean water or risk disease from unimproved water sources. Waterborne infections account for 70 per cent of all common diseases contracted by Pakistanis. Ill-health related to waterborne diseases has a direct impact upon Pakistan’s labour force and, therefore, its economic potential. Poverty, overpopulation, severe water shortages, a lack of access to basic amenities, growing pollution and an increasingly youthful population with limited work opportunities, is a future that Pakistan will have to face if urgent action is not taken to address these challenges.
Population, Poverty and Urban Growth
Urbanisation, Agriculture and Water Security
Incidences of protests, inter-community conflict and social unrest linked to water scarcity are increasing across Pakistan. As noted above, the acute water scarcity in Karachi is creating tension within the community and has led to a booming illegal water trade. The city has experienced a population growth rate of 80 per cent between 2000 and 2010, according to The Wilson Centre, and must now manage a population exceeding 22 million people. The city faces a water shortage of almost 1.9 gigalitres per day, while more than one-third of the city’s water is lost through poor infrastructure and water theft. Pakistan’s urban population is predicted to grow at approximately three per cent per annum, rising to over half the country’s population by 2025. This growth will bring with it a number of challenges for which Pakistan, under a business-as-usual scenario, will not be prepared. Basic services and systems are already grossly underdeveloped in the major cities and urban growth will exacerbate those shortfalls. WaterAid estimates that more than 15.3 million people currently do not have access to safe water and that over 93 million people, more than half of Pakistan’s population, lack access to adequate sanitation. The trend of horizontal expansion places further pressure on provincial governments to ensure that service provisions are adequate for these populations. As one government report describes, Pakistan accommodates 6,000 people in one square kilometre of urban space. Dubai, in comparison, has vertically expanded and accommodates 200,000 people in the same area. The growth of “katchi abadis” (slums) in Pakistan’s cities increases the water insecurity of their inhabitants. Many of
Ninety-five per cent of Pakistan’s available water is allocated to rural areas for agriculture. The sector contributes approximately 24 per cent to the country’s GDP and close to fifty per cent of the population is dependent on agriculture for their livelihoods. Agriculture and rural populations are linked to the country’s water security and urbanising cities in two ways. Rising water scarcity is, in part, responsible for the current rural-urban migration trend. Rapid surface and groundwater loss, increased water pollution and an increasingly variable climate are pushing rural populations to migrate to urban areas in search of work and greater opportunities. Growing urbanisation, conversely, is reducing the rural workforce and, in the long term, potentially reducing the country’s agricultural productivity. According to a report from the IUCN and Government of Pakistan, 70 per cent of the country’s foreign exchange is earned through agriculture. Pakistan must manage the growth in its urban centres while addressing ongoing food security challenges with a reduced rural workforce. Failure to do so will lead to significant economic losses and a rise in the number of food-insecure people – all in a country already troubled by high levels of malnutrition and food insecurity. Water availability is one of the key constraints to agricultural production. Approximately 80 per cent of Pakistan’s cultivated land is irrigated, according to a report by the United States Institute of Peace (USIP). Water wastage in the industry is rife. Water loss through damaged and leaking canal systems requires urgent attention and
Australian Security Magazine | 13
International
the upgrading of irrigation practices to increase water-use efficiency should be prioritised. Water and Traditional Security – An Intrinsic Link The link between water availability and political and social tension in Pakistan will grow within the current political environment. In Pakistan’s cities, where provincial governments will struggle to manage the growing urban sprawl, increasingly young, unemployed and impoverished populations create an ideal demographic for disaffected groups to expand their influence. The USIP also noted that militant groups are increasingly engaged in relief and recovery operations. Gaining approval and support from local communities through humanitarian relief and aid is an effective method of recruitment and the localisation of support for militant activities. As Sadia Malik also discusses in Economic and Political Weekly, many of the vulnerabilities associated with human security, including a lack of access to clean drinking water and sanitation, create an absence of social security that is conducive to the radicalisation of poorly educated and unemployed Pakistani youth. Looking Forward: Pakistan’s Water Security Outlook to 2025 By 2050, Pakistan will be the sixth-most populous country in the world and that population will be overwhelmingly urban if current trends continue. The Wilson Centre estimates that the availability of water per person will have decreased by 60 per cent during this period. Pakistan’s greatest challenge in addressing its water insecurity is governance. Physical scarcity, while a threat, can be better managed if the required governance structures are in place. Improving those structures and addressing water scarcity will also support greater domestic stability and security. The following opportunities and actions to improve water security in Pakistan have been identified: • Address storage capacity limitations to ensure a stable supply of water year round, particularly as rainfall becomes more sporadic and snowmelt reduces. This will also reduce the impact of flooding. • Reduce water wastage through the adoption and upgrade of technologies and the promotion of conservation practices. Water metering and usage charges will support this. • Review the economic value of water – the price of water should create efficiency in water usage and stimulate capital for infrastructure and services upgrades. Water should be billed by usage, rather than through a flat fee, and water metering introduced. Linked to this is the need to tackle the illegal siphoning and trade of water. • Expand and invest in the treatment of wastewater. The capacity of wastewater treatment must be increased by building more plants and better sewerage infrastructure. Greater regulation of industrial waste and making waste treatment mandatory instead of voluntary will meet part of this requirement. Improving sanitation and, thus, reducing the risk of ill health associated with poor
14 | Australian Security Magazine
•
•
sanitation and hygiene requires the development of wastewater and sewerage treatment infrastructure. Urban development should be modelled for vertical expansion. The construction of suitable high-rise districts to slow horizontal growth and replace urban sprawl can improve the ability of growing populations to access basic amenities and services. Increase water use efficiency in agriculture. Water wastage in the industry is rife and the loss of water through damaged and seeping canal systems requires urgent attention. The upgrading and up-skilling of irrigation practices to increase water-use efficiency should also be prioritised.
Predicted population growth and urbanisation trends will exacerbate insecurity in Pakistan if the status quo is maintained. Addressing the country’s water challenges will require inter-sectoral co-operation and the adoption of flexible, location-specific management plans linked to the integrated management of the Indus River Basin. A one-sizefits-all approach will not lead to success. Systemic corruption and the absence of good governance structures will remain Pakistan’s greatest barriers to development. It is imperative that these challenges are given the highest national priority and accorded the support required from the international community. Long-term national and regional stability depends on Pakistan’s ability to mitigate a water crisis and provide for its booming urban population. About the Author Sinéad Lehane is research manager for Future Directions International’s Global Food and Water Crises Research programme. Her current research projects include Australia’s food system and water security in the Tibetan Plateau region. More broadly, she is responsible for research and strategic analysis of food and water security in the Indian Ocean region.
Cyber Security
Drones Robotics Automation Security Technology Information Communications
www.drasticnews.com Like us on facebook! www.facebook.com/drasticnews Australian Security Magazine | 15
National
Stemming the tide of radicalisation
There is a gap in the Government’s approach to combatting radicalisation. In an effort to stem the tide of radicalisation, tens of millions of dollars are being spent; seemingly with little affect. In this feature, Anooshe Mushtaq explores the experiences of young Muslims who are on the frontline of this battle and tries to identify the missing ingredient. by Anooshe Mushtaq
16 | Australian Security Magazine
M
igrating to another country is full of challenges, no matter how similar the cultures of the countries may be. There is a change and adjustment period required to assimilate into the new surroundings. Most immigrants leave an entire ecosystem behind that they spent most of their lives building. The elation of starting a new life is often underpinned by a cultural shock leading to feelings of alienation and confusion. There are feelings of loss of a world migrants knew but is no longer accessible. My family’s migration from Pakistan to Australia, when I was a young teenager in 1985, was rife with challenges as well. While I was fortunate enough to have parents who encouraged me to get an education and adapt to this new world, this was not the case for many people I associated with in the Australian Muslim community. Some people in the migrant Pakistani community had become prisoners in their own homes and created a new ecosystem for the sake of cultural and religious preservation. After 30 years in Australia, the turbulent years of settling, understanding and accepting the Australian way of life are a distant memory for me. Australia is home, it is my way of
“Some people in the migrant Pakistani community had become prisoners in their own homes and created a new ecosystem for the sake of cultural and religious preservation.” life and this is where I belong. This is a life starkly different to the one that I was groomed for in my early years. Life in Pakistan was about conformity. We were raised to believe that our actions were directly linked to rewards and punishment in the afterlife. We were told not to question the dictums of religion or anyone who was an authority on religion. Respect for elders and teachers formed the basis of our upbringing and acceptance and admiration of the community was a part of our core beliefs.
National
My parents, although religious, were not conservative compared to a vast majority of the people we associated. They raised my two sisters and me to be independent and educated. I guess it had something to do with the fact that my father was in the Pakistan Air Force and life in the armed forces is generally more progressive as opposed to civilian life. Nonetheless, I grew up knowing that social and religious acceptance needed to shape my thoughts and actions. Deviation from cultural norms was unacceptable to my parents and the wider community and I was left in no doubt that my indiscretions were linked to punishment in the afterlife. We were raised to believe that this world is only temporary, existing merely to test our faith. Everything we did in this world was an investment in the afterlife and the rewards it held for us. An example of this focus on the afterlife is seen in the teaching of the Quran to young children. From a young age I learnt to read the Quran in Arabic because we earned more reward in the afterlife by reading the Quran in its original language. This is the general consensus in Pakistan and people pride themselves on how quickly they can read the Quran in a foreign language. The issue I found with this practice was that I never understood what I was reading. If I never understood it, I could not question it. I had to rely on the interpretations of the Imams and elders in order to understand the teachings of the Quran. When I found out what the teachings were, I was not allowed to question them because there were gruesome punishments in the afterlife for doing so. The cultural norm of not questioning those in authority allowed those with religious authority to tightly control people’s deep understanding of religion and subsequently their behaviours. The truth is that Quran does not dictate you read it without gaining a strong understanding of what it is meant to say. The practice of reading without understanding is a triumph of tradition over religion. Growing up in Pakistan, I came to realize at an early age that the relationship between my parents and I was not one based on freedom of speech. This is the norm in Pakistan, and I would go as far as to say, the greater Muslim world. Children may have opinions only as long as they are prepared to have them overridden by the elders. If your parents or the Imam say that milk is black, you just have to accept it. Children and parents discuss certain issues relating to education, religion and general topics, but when it comes to sensitive issues like relationships, dating, pregnancy, homosexuality and sex, these are a taboo and not open for discussion without vilification from the parents. This is something I will refer to later on as a contributor to radicalisation process. I am not an expert in terrorism, radicalisation or psychology but I have seen and experienced firsthand the metamorphosis of thought processes in the Muslim migrant community. I noticed that some parents prohibited their children from going out with their friends who were nonMuslim and the children were confined to the homes and only allowed to go out when accompanied by their parents. Some migrant parents feared losing their identity and culture if their children were to assimilate in the Australian way of life. As a result, some children start living a double life; a traditional one in the house and one aligned to western
“When I found out what the teachings were, I was not allowed to question them because there were gruesome punishments in the afterlife for doing so.” culture outside - both polar opposites. Isolation tends to put pressure on children who feel torn between the society they now live in and the demands of their cultural background. The pressure on children is increased by the common practice of parents comparing their own children to others and trying to motivate their own children to do better so they can be like the ‘others’. This is very common in our culture. You might liken this to the infamous “Tiger Mum” phenomenon. During the early years of growing up in Australia the high expectations of doing well in school, while conforming to religion and avoiding socialising with the non-Muslims resulted in some children, including me, feeling isolated. These kids would spend a lot of time in their rooms where they could have some alone time or invite friends over and spend time in the safety of their own homes. If we compare that to recent times, the availability of social media on tap has made it easy for children to access all kinds of messages at any time, especially when they are locked up in their rooms in isolation and with little guidance. The confused messages that these children receive in their everyday lives (the cocktail of culture and religion) and the fear of approaching their parents to question these messages can push children deeper into the world of social media with little supervision. I believe that this is one of the main reasons why international militants use social media to spread their message to the target audience – the young and impressionable youth who are isolated and want to prove they have done something to achieve reward in the afterlife. Since this world is a temporary place according to what they are taught, and they need to earn an eternity of happiness in the afterlife, they feel that joining the cause of militants is the best way to earn that eternity of happiness. Digging Deeper: Just because Australia is geographically removed from the rest of the world is no reason for complacency when it comes to permeation of messages being spread by international militant groups. Social media and technology has blurred geographical boundaries with a global reach in real time. The key messages of Islam that resonate with the Muslim youth are repositioned and disseminated in such a way that some youth feel it is their duty to oblige. Their limited understanding of the real teachings of Quran means they listen to those who are seemingly authorities in Islam, and as I mentioned earlier, they don’t question it. Kalima Tayyab, which forms the basis of Islam and the ultimate declaration of faith, is used by the militants as their logo, for example Islamic State use Kalima Tayyab on
Australian Security Magazine | 17
National
“The issue is complicated by the strained relationship between the Muslim community, the Government and the media. Many in the community feel under siege. There is a strong feeling in the community that the media targets Muslims and encourages their vilification.” their flag. This creates an immediate visual connection to Islam and its fundamental values which we were brought up with. This is a strategic way to eliminate prejudicial barriers of the target audience against these groups. It makes the promulgation of messages easier. Youth that are trying to live a regular life but are fueled by the negative messages in the media against Islam and want to prove something and fight this increasing prejudice against the Muslims. Joining these militant groups has several benefits in their view. Firstly, they are told they will earn Jannah (Islamic concept for Heaven) and all the rewards that are offered in the afterlife; secondly, they are keen to prove to the wider community that they have done something that ‘others’ were not capable of; thirdly, they are made to feel like they are the ambassadors of Allah (God) and given more importance and recognition than they received at home. Conclusion There is a gap in the Government’s approach to combatting radicalisation. In an effort to stem the tide of radicalisation, tens of millions of dollars are being spent, seemingly with little effect. The drivers of radicalisation are complex and multifaceted, influenced not only by religion but by culture and tradition. Addressing the issue of radicalisation requires us to better understand its real drivers. The drivers are laced with religious and cultural nuance that is simply not understood by experts from outside the community. Community members who understand these nuances must be involved in designing and implementing interventions if we wish them to succeed. The issue is complicated by the strained relationship between the Muslim community, the Government and the media. Many in the community feel under siege. There is a strong feeling in the community that the media targets Muslims and encourages their vilification. We must overcome this mistrust if we are to work together to combat radicalisation. Without greater cultural insight and rebuilt trust, efforts to combat radicalisation will be met with cynicism and ultimately, they will fail. About the author Anooshe is a first generation Australian of Pakistani origin. She spent her early years in Pakistan and several years in Libya on posting with her family. Since her arrival in Sydney in 1985 Anooshe has experienced first-hand the changing cultural landscape of Australia. She recently presented at the Australian Security Research Centre’s forum on Social Media and Extremism.
18 | Australian Security Magazine
Frontline
Security professionals are no strangers to trauma, but until recently there has been little progress in the field of post-traumatic rehabilitation. Could talking present a breakthrough?
D By Adeline Teoh Correspondent
20 | Australian Security Magazine
epictions of post-traumatic stress disorder (PTSD) often centre on the deterioration of veterans in the aftermath of war. Films such as The Deer Hunter and Born on the Fourth of July, the latter based on the autobiography of Ron Kovic, follow returned soldiers as they try to reintegrate into society—with mixed results. Even superheroes are not immune. Batman’s predilection for dressing in a bat suit as a crime-fighting vigilante is portrayed as his coping mechanism after witnessing the murder of his parents when he was a child. In Iron Man 3, the battleworn Tony Stark deals with two villainous forces: an evil scientist and the PTSD he acquired after helping to save the world in The Avengers, symptoms of which include insomnia, panic attacks and identity loss. You don’t have to be a war veteran or a superhero to experience PTSD, however. Anyone who experiences or witnesses a trauma-inducing incident—from being caned as a child to being in, or seeing, a car crash—is susceptible. Due to the nature of their work, security professionals, alongside emergency services personnel, are more likely to witness such incidents whether they are physically present as a guard or behind a camera in surveillance. Because the risk of exposure to traumatic experiences in these roles is necessarily high, or even unavoidable, circumvention is not a solution. Unfortunately the treatment
program for PTSD patients has, until recently, largely been about diagnosis and providing a medical response. Today, the focus is shifting to building resilience in personnel and developing post-traumatic growth. Peer support For BeTr Foundation director Dr John Durkin, a firefighter turned psychologist, the biggest issue is the divide between the top-down approach of medical professionals and the positive effects of bottom-up peer support. Durkin decided to study psychology after the death of three colleagues—one a suicide attributed to survivor guilt following an earlier death—and his own experience being injured in the line of duty and the subsequent unsuccessful rehabilitation. “None of the psychologists I saw made me feel better. I realised it was the guys in the job that actually made me feel better, at least in part because they could tolerate the stories I was telling,” he explains. “I took a psychology degree convinced I could teach the bottom-up people what the topdown people know so there was a better chance of seeing a whole human being in the uniform.” The concept of ‘being understood’ is a key one for Durkin. He recounts one visit to a psychologist, which changed the way he engaged with her. “I hadn’t even gotten
Frontline
to the incident yet and she was sitting in an armchair and I saw her knuckles getting whiter as she gripped the end of the arms. I realised, ‘if I say it, this could really hurt someone’. The rescuer goes into rescue mode and saves someone from distress—I hold back.” By contrast, colleagues don’t flinch and “will probably come up with something worse,” he says. “So now I have the value of the peer who knows what it’s like at the sharp end, not the top-down academic who thinks that they’re looking for a formula that has to be fulfilled and who’d get upset on the way to doing it.” Peer support also has no time limits, he adds. While a psychologist will stop the clock at an hour, talking to peers allows someone to get to the heart of the issue in their own time. “You might be on the verge of saying what has to be said, or worse still you say it and there’s no time to put the thing back, and you end up driving home because it’s somebody else’s turn. The idea is to produce a peer support system so that within the organisation you have permission to spend as long as you wish.” Growth not management Durkin studied psychology and also trained in Traumatic Incident Reduction (TIR), a process he says could turn the medical model on its head. “If you take the medical model, where a decision can be made by an expert about whether you function or whether you don’t, you can lead yourself to the logical diagnosis of PTSD,” he says. A process that aims for post-traumatic growth is different because it’s about taking it as it comes and using traumatic experiences to progress. “It fits far better with humanistic psychology than the medical model. The hallmark of post-traumatic growth is a sense of a stronger self, of having survived something you wouldn’t have known you could have survived if you hadn’t found yourself in the situation that created the problem.” TIR examines and questions the ‘script’, which Durkin says everyone develops soon after a traumatic incident. There’s a script for employers and lawyers and a script for family and friends. “It keeps getting retold and it doesn’t burrow down, it’s only an account that will do for now,” he notes. “What traumatic incident reduction does is confront. We talk about a ‘facilitator’ and ‘viewer’—we don’t have an ‘expert’ and a ‘patient’. Our relationship is a lot more equal. What we do is identify what the viewer’s interest is.” Very simply, the TIR facilitator asks the viewer to “go to the start of the incident, go through slowly to the end, tell me what happened” as many times as it takes for the viewer to feel they’ve dealt with the issue. Facilitators are trained not to give any emotional reaction beyond conveying interest, and they do not judge or offer advice. It’s like watching a movie for the fourth or fifth time, Durkin says. “Different characters and different stories emerge that don’t resemble the script we start off with.” As a result, “spontaneously, the viewer can come up with their own conclusions about what the truth of the matter is,” he says. “It allows us to learn more and more from increasingly difficult material but actually get through it a bite at a time.” Sometimes the issue is not what others see as the inciting incident but perhaps an earlier experience, even
‘Peer support also has no time limits, he adds. While a psychologist will stop the clock at an hour, talking to peers allows someone to get to the heart of the issue in their own time.’ stretching back to childhood. The best candidates for TIR facilitators are people that viewers will see as peers or equals who offer no judgement, no advice and no interpretation—in other words, not clinical psychologists. To be certified, facilitators must undergo TIR sessions as viewers to clear potential triggers. “Anyone who is willing to confront their own history can do it,” says Durkin. The other thing is to expect outrageous and sometimes incredible accounts. “Just let people go with their own material, making no assessment whether it could be true or not. They will do the viewing and they will do it to their own conclusion. They might conclude ‘that can’t possibly have happened’ and they’re happy, or ‘I reckon it did’.” Does it work? Durkin believes it is one of the few techniques that actually promotes post-traumatic growth instead of keeping PTSD patients in a holding pattern. He refers to one former PTSD patient, Andy Pike, a military reservist and former firefighter, who undertook TIR and not only signed up to be deployed to Afghanistan last year but has since trained as a TIR facilitator. Treating PTSD is one area where being ‘all talk’ could be a good thing. Interested in accessing TIR or becoming a facilitator? See the Traumatic Incident Reduction Association website at tir.org
Australian Security Magazine | 21
National
Towards security professionalisation: The cultural journey to employ and develop future security professionals Therefore, corporate and private security groups must embrace the notion of the journeyman.
By Michael Coole & Dr. David Brooks, Edith Cowan University
22 | Australian Security Magazine
T
he security industry and its associated bodies believe they are moving towards professionalisation; however, one sign of a true profession is the employment and development of graduates. Unlike established professions, the security industry lacks such graduate employment and this situation has to change. The time organisations can just rely on employing ex-police or defence persons without higher education credentials may be coming to an end as a higher professionalisation is required within the security domain. Today’s modern society relies on professionals to solve complex problems. Such professionals commenced their careers as university graduates. University education imparts a foundational, abstract body of knowledge that is contextualised and further developed into professional competence and ultimately, refined over time into expertise within the work place. In many of the traditional professions such as medicine or engineering this occurs through formalised graduate programs. Graduate programs seek to provide mentoring so that those entering the workforce from universities are taught the art of transferring theory into practice. That is,
they undertake their professional apprenticeships. For these more traditional professions graduate programs are a cultural norm, as it is well recognised that graduates need professional development prior to achieving the status of competent professional. However, for the security domain graduate programs are not the norm; rather, the exception. Nevertheless, the notion of graduate programs within the security domain is not a completely alien proposition. For many years, large engineering consultancies have employed graduates from various security programs. Such organisations put graduates through a developmental program tailored to the context of their areas of focus and method of business. Graduate programs are also found in government organisations, which recruit graduates from a diverse range of university programs including security studies. In the intelligence domain the graduate developmental process has been referred to as the journeyman, the term used to articulate the formalised process used to take a graduate from university and develop them into a competent professional. This journey embodies a systemised process with clear time frames along with formalised criteria established to
National
move graduates along their professional path, initiating junior professionals. Consequently, outside of these sectors there are very few opportunities for graduate employment and further development in the security profession. That is, the graduate process is not the cultural norm for many organisations and in particular, its security group. For many in the security domain, the competitive aspects means that employers prefer experienced personnel rather than developing graduates for junior management roles. However, graduates offer unique skills that over the medium period will enhance the outcomes of the organisation often well beyond that of persons without such an education. Consequently, for organisations in the corporate security, loss prevention and risk management occupational streams there are many benefits in hiring graduates. Graduates learn core underpinning domain knowledge at university that is braced by broader academic attributes such as critical thinking and research, with analysis and problem solving skills. They also leave university with the latest researchinformed knowledge, and they are often innovative and motivated to achieve excellent results. This is a person who holds an abstract body of knowledge that can be tailored to solve professional problems in innovative ways. If the notion of the security professional is to be formally acknowledged and well-recognised by other professionals, then the security profession must establish a culture of
“If the notion of the security professional is to be formally acknowledged and well-recognised by other professionals, then the security profession must establish a culture of graduate employment and development. � graduate employment and development. Therefore, corporate and private security groups must embrace the notion of the journeyman. Culturally within the security domain there has to be the formal recognition of graduates and the requirement to offer programs for their development if the industry is to professionalize. The security discipline is professionalising, but its journey remains long and with many perplexing issues to be addressed. One of these issues is the entry of graduates into the security workforce. Until senior managers within the security domain recognise the value of graduates and actively put in place programs for their recruitment and development, security at the senior end of the operational stratum will not be accepted as a true profession in the group phenomenon. Only once this occurs, as a cultural norm, will another barrier to security professionalisation be overcome.
Australian Security Magazine | 23
Technology
Smarter Surveillance: Managing risk with business intelligence The need for organizations to gather business intelligence has changed the face of risk management for many businesses and continues to be a growing trend. Some companies in the Asia Pacific region, however, are utilizing both physical data and IT data to enhance risk management options and gather a complete view of any given situation. By By Kevin Wine Vice President of Marketing, Verint Video and Situation Intelligence Solutions
B
usiness intelligence, by definition, is an umbrella term that refers to a variety of software applications used to analyze an organization’s raw data. Often referred to as BI, it is a discipline made up of several related activities, including data mining, online analytical processing, querying and reporting. In the risk management world, BI hinges on gathering information about a given incident, using sources such as video surveillance, transactional information, timestamped information and much more to build a complete picture of a specific incident.
data sets,” he said. “Using a variety of approaches, software platforms look for other known events that are happening at the same time to track in parallel or related systems in the same context or through various forms of analytics – patterns happening in video, behaviors that are happening, and speech patterns to identify specific words,” Wine said. Using all of this information together, businesses can work toward mitigating risk.
Unstructured Data and Learning
One way that businesses can leverage the use of multiple sources of business intelligence to address risk management is through the use of situation management or security management software. These comprehensive platforms use data gathered from multiple systems to help streamline operations and enhance safety. Operators can view several points of interest on one interface and identify incidents before they impact business operation. New levels of situational awareness are realized by combining multiple data sources including maps, security sensors, traffic reports, intelligence alerts, emergency communications among others. This unified view helps filter false alarms and automatically identify incidents, such as a security breach, false claims of injury, and security or safety risks. For example, financial institutions can use these advanced platforms to detect fraudulent activity at an ATM by pulling
Throughout the world, retail business, critical infrastructure, educational institutions, hospitals and many other organizations already gather video data to secure valuable assets, ensure the safety of customers and protect high-level technology. Much of the data being collected, however, can be interpreted in a different way. “What we try to provide is actionable intelligence,” said Kevin Wine, Vice President of Marketing, Verint® Video and Situation Intelligence Solutions™. Verint’s Situation Management Center™ gathers data from areas that are a little bit unstructured in content – that is, video surveillance, audio recordings from customer service call centers or 911 recordings. “When we look at business intelligence broadly, we look for ways to add structure to these non-structured
24 | Australian Security Magazine
Situation Management and Incident Reporting
Technology
from various sources — video surveillance for license plate detection or facial recognition, time stamps on the ATM receipts or video, and proof of activity from a teller or witness to the activity. Using all of these sources, a bank can pinpoint specific details of an incident to provide adequate information to authorities. Not only do situation management platforms allow multiple information channels to be used and assessed for risk management purposes, these solutions help users institute standard operating procedures when an incident occurs. In many countries, campuses that receive federal financial aid programs are required to adhere to specific regulations and provide an annual security report, crime log, issue timely warnings and provide crime statistics for campus incidents. To adhere to this rule, campuses must gather information about incidents as they occur and do so by establishing standard procedures for handling incidents. “When we look at the challenges of trying to collect information about what has happened, standardizing responses to calls coming in to a public safety office is paramount,” Wine said. “Situation management software platforms provide that standardization – whoever is taking the call has a structured format at their fingertips to address the incident and they know exactly what is expected of them. Operators are prompted to ask anything they need to ask, certain entities can be made aware and dispatched to investigate and if it’s related to a data breach, the IT department can begin an immediate investigation into the incident.” Gathering Retail Intelligence Another trend in business intelligence is the use of IT and physical data in the retail sector, not only to help mitigate risk but to guide best practices for retail sales. “In retail, the typical use of video surveillance is for loss prevention,” Wine said. “It’s grown to a point now where we’re not only providing information management for security loss prevention, but our peers in marketing and merchandising are using video data in the positioning of products on the retail floor, and analyzing the success and failure of certain retail campaigns.” Retail entities are using the information gathered to analyze traffic patterns in a store — answering questions such as how many people pass by a specific product display per hour, where people walk, what they stop to look at and where they spend their time. This data can be used to optimize display placement and measure the effectiveness of marketing campaigns. “The retail sector is always looking for ways to optimize revenue streams,” Wine said. Take, for example, a busy grocery store. Seeing long lines at the checkout counters may deter customers from spending time in the store perusing aisles, causing the store to lose revenue. Using business intelligence, stores can now count the number of customers in the store and anticipate the time it will take these customers to choose their items and head toward the checkout counter. Using this information, stores can make sure their checkout counters are adequately staffed to mitigate any lost revenue as a result of customers leaving.
“It’s grown to a point now where we’re not only providing information management for security loss prevention, but our peers in marketing and merchandising are using video data in the positioning of products on the retail floor, and analyzing the success and failure of certain retail campaigns.” “These stores may start their day with only one or two people manning the check out, but store managers can anticipate how many more cashiers they will need by the end of the day based on this business intelligence gathered over time,” Wine said. “It comes down to forward thinking and assessing how these retailers can reuse an investment they’ve already made — video surveillance — and apply it to maximize business opportunity.” An ‘Intelligence’ Strategy Strategic business intelligence gathering also can be provided through the use of global positioning systems (GPS), providing a location-based approach for security outside of the boundaries that are typically covered. “Being able to connect a known location with additional information about what is happening at that time has become a prevalent tool with security and for use in wider business implications,” Wine said. This brand of business intelligence allows companies to track the movement of employees or assets that may need to move to another location — that is, vehicles or valuable equipment. Sending this information back in regards to the security of the assets, in the event of an incident in a specific area, security or patrol officers within range of the incident can be dispatched using the data gathered through GPS and other avenues for information gathering. “Coupling GPS and mobile capabilities in the event of an emergency when you’re trying to protect people and assets gives a business additional value out of the information being gathered,” Wine said. Future of Business Intelligence in Risk Management Businesses are constantly finding new ways to use this information to better serve their customers, shareholders and vertical markets. Using business intelligence to assess risk management is taking hold as more and more companies adopt a wider view of situation management — utilizing data from both IT and physical sources to build a clear picture of how to better protect their staff, customers and assets. This growing trend will continue to find ways to better use existing infrastructure to serve the goals of companies, whether related to security, retail and business strategy, or public safety concerns.
Australian Security Magazine | 25
Cyber Security
Know your enemy, but know yourself too You can’t protect your company’s data if you don’t know where it is
I By Stuart Clarke Director of Cybersecurity & Investigation, Nuix
nformation security experts and practitioners are united in the belief that we cannot prevent data breaches by building bigger walls around our networks. As Gartner’s bluntly titled report, Malware Is Already Inside Your Organization; Deal With It argues “organisations must assume they are compromised, and, therefore, invest in detective capabilities that provide continuous monitoring for patterns and behaviours indicative of malicious intent.” In a recent survey of corporate information security practitioners, published by Nuix and conducted by Ari Kaplan Advisors, a senior security official said, “That paradigm of relying solely on the perimeter is long gone; it is part of a security architecture, but it doesn’t even begin to be a dependable approach to security.” Another explained that “[Data breach] prevention is an unobtainable goal in the current environment so our focus is a very fast pathway to remediation because we know we cannot eliminate all compromises.” Look inwards for greater insight So, if the current approach to data protection isn’t working, what is the answer? Perhaps the answer lies in looking inwards at information management practices and policies as much as you focus on external threats. Organisations must tackle data security on all fronts. On one level, this is a vastly complex undertaking that requires cross-border law enforcement and governmental collaboration and the development of more robust international standards. From a corporate perspective, it involves using better technology and more advanced security but also continuously advancing information security—not just ticking a box once you have implemented a perimeter defence system. In this new paradigm, the main priority of information security is reducing the delay between when breaches occur
26 | Australian Security Magazine
and when you detect and deal with them. This requires rapid, thorough and effective post-breach investigation and remediation. Fast detection and remediation of breaches In any breach situation the clock is ticking; data has gone missing; costs are building up and there is an increasing risk that someone else could exploit the same vulnerability. There is also the risk the attacker could introduce backdoors into your network, expand the compromise and cover their tracks. Take the Home Depot breach in the US last year. Analysts believe the breach was exploited over a five-month period, during which over 50 million customers’ payment cards where affected. Following a wake of fraudulent transactions on customer cards a result, some customers have filed class-action lawsuits against the home improvement retailer, one to the tune of US$500 million. US retailer Target recently settled a class action suit brought by its customers after a data breach for a relatively modest $10 million. Closer to home, the daily deals website Catch of the Day took until July 2014 to disclose to the public that it had been the victim of a data breach in 2011. The company reasoned that it “informed police, banks and credit card companies” at the time and that it was only disclosing the breach to its customers three years later because advances in technology meant hashed customer passwords could now be compromised. A more cynical interpretation is that the website did not discover the breach until much later, which could explain why the Australian Federal Police had no record of receiving a complaint from Catch of the Day in 2011. Where is your data? One reason organisations take so long to detect and remediate breaches is that they are unsure where their high-risk data resides. After a breach, there is no way of knowing which
Cyber Security
systems the data was stolen from, so they must examine all of their data stores. This takes a long time. An alternative approach is to gather data from a random sample of devices, but that risks missing the compromised systems. To make it even harder, typically 80% of an organisation’s data is unstructured, human-generated information, including email and the contents of file shares. It often lives in proprietary formats such as email databases and archives that are difficult to search and understand. Knowing this, information security specialists must become ‘good shepherds’ of their data to reduce the costs and extent of cybersecurity breaches. Data shepherds know where their flock are, separate them into different paddocks, make sure the fences are sound, and regularly check on the health of their sheep. This has many benefits. Even if a wolf manages to get into one of the fields, most of the flock will be safe. And the shepherd will instantly know the scale of the incident. The good shepherd methodology also helps organisations comply with regulations around data retention, privacy, freedom of information and information security. Here are the four most important steps in becoming an information good shepherd:
1) Delete low-value data Organisations store large volumes of electronic data that has no business value because it’s duplicated, trivial, no longer used or past its retention period. It may contain unknown business risks or confidential information. While most organisations have strict compliance rules around how long they must retain data, once the retention period is over, the risks and costs of keeping that data greatly outweigh any residual value. Deleting this low-value data, according to predefined and legally sanctioned rules, reduces risks and also minimises the volume of data that could be compromised. This, in turn, reduces the scope of a post-breach investigation.
2) Fence in valuable data
‘An alternative approach is to gather data from a random sample of devices, but that risks missing the compromised systems. To make it even harder, typically 80% of an organisation’s data is unstructured, human-generated information, including email and the contents of file shares.’ 4) Maintain appropriate access controls Organisations should apply policies to restrict access to important data only to staff members who need it to do their jobs. It is also essential to regularly audit access controls on important systems as staff members come and go and their information access needs change with their job roles. Regular sweeps of employees’ security profiles help ensure the policy theory matches reality. Everyone can be a good shepherd While people can be a big part of the problem, it’s important to remember they also play a large part in the solution. Businesses should train their staff to become good shepherds. The buck doesn’t stop with information security experts; everyone must be part of the strategy. Employees should be educated on the importance of following security processes and storing documents correctly – with the motivation that when they do these things the right way, it can make their jobs a lot easier. These four steps have a huge effect on how quickly and effectively organisations can respond to data breaches – internal or external, deliberate or accidental – which in turn has a big impact on how much they cost. It also gives organisations a clearer understanding of what data is worth so they can concentrate on protecting high-value data and more easily calculate the return on their security investments.
Records managers and end users alike struggle to find the time to file important documents correctly. As a result, many organisations have intellectual property and company records stored inappropriately in file shares or email attachments. Information governance technology can locate these records ‘in the wild’ and move them to controlled repositories with appropriate security, access controls and retention rules. This makes it much harder for anyone to gain unauthorised access. It has the added benefit of making them easier to find and gain use or value from.
3) Enforce data security Personal, financial and health details of employees and customers must be kept in the strictest confidence. But even when organisations set up controlled repositories for this information, it regularly escapes, whether through poor policies or employees not following the rules. By conducting regular sweeps of email, file shares and other unprotected systems, organisations can quickly locate and remediate unprotected private data. They can then ensure they protect this high-risk data with appropriate encryption and access controls.
Australian Security Magazine | 27
Cyber Security
The politics of protection and privacy
The privacy versus security debate is not just about rights and metadata retention laws but how safe that information really is.
I By Adeline Teoh Correspondent
28 | Australian Security Magazine
t was 33 minutes of news comedy that put government surveillance back on the agenda. In early April, US television channel HBO screened an episode of Last Week Tonight focusing on the upcoming renewal of Section 215 of the Patriot Act, which allows the US National Security Agency (NSA) to retain metadata of its citizens’ correspondence. After establishing—through a painful vox pop—that the general public has only a slippery grasp of the issue, host John Oliver flew to Russia to interview former NSA contractor-turned-leaker Edward Snowden on what the NSA’s powers really are. Tellingly, Oliver chose to frame the issue in terms of whether the government could access private photographs. He told Snowden: “This is the most visible line in the sand for people: Can they see my dick?” The issue is no laughing matter for Australians. On 19 March 2015, parliament passed the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015, which, among other things, requires telcos and internet service providers to retain metadata for two years. Apart from the economic arguments against this scheme—telcos would need to increase their storage capacity as well as secure this data for four times longer than existing requirements—there are questions about its effectiveness. According to a study conducted by German parliament, data retention in Germany led to a negligible increase of 0.006% to the crime clearance rate. Germany not only concluded this was a financial burden considering the poor return on crime reduction, its Constitutional Court described metadata retention as a serious restriction of the right to
privacy and advocated a retention period of six months as proportionate to security. For most Australians, the attitude of ‘if I’m not doing anything wrong then why should I worry?’ is pervasive, but even if they let the government have their metadata and happily give away more data in the general Internet of Things through social media, app usage and other connections, what they often forget is how flimsy the security of that data is. Once telcos start collecting and retaining this data it becomes a target for hackers. The ultimate question is whether you think your telco can defend itself against the hacker threat. Before you answer that, consider this: earlier this year, Telstra, Australia’s biggest telco, came under fire for breach of privacy laws when it accidentally leaked the personal information of almost 16,000 customers. Full names, addresses and phone numbers were accessible via a Google search between June 2012 and May 2013. How safe is your data? Lags in the law Privacy Professor Rebecca Herold says it’s an issue she’s been working through for several years and it’s not just about hackers or government surveillance. In the medical device sector, for example, privacy and security can often be the same thing and relate to appropriate access control. “You need security controls to protect against mistakes. If somebody makes a change to a device that they shouldn’t have, a good security control will stop that change from occurring,” she explains. “If you have bad security on a device
Cyber Security
that controls your body, then if somebody gets into that device and changes by a decimal the amount of insulin being pumped or changes how often the heart should beat, you could actually kill someone.” The problem is many manufacturers do not consider privacy and security in the scope of their product, she says. “I’m seeing so many organisations creating devices, collecting all this data, and they aren’t thinking about how it has a privacy impact. They’re like, ‘well, we’ve addressed all the laws, so there are no privacy issues to address here.’ That’s something I’m trying to get them to understand: the laws lack the actual privacy risk.” One issue centres on whether the information collected is appropriate. “With privacy, everything depends on context,” says Herold. “You might not have a privacy issue with a doctor collecting data because the doctor’s giving you care, but you didn’t give the doctor that data so he could go off and sell it to marketers. In that context, it’s not appropriate.” Data and research and development often appear to conflict in this area. A common argument, Herold recounts, is that data restrictions limit innovation. “I hear ‘if we can’t have this data, you’re never going to find a cure for this disease’ and I think it’s a copout. There are ways you can use that data if you set parameters around how the data is used, how it’s shared. That’s the thing that’s missing. They always say ‘just give us the data because we want to use it to better the world’. I’m all for that, but let’s make accountability a part of what happens.” The problem with the Internet of Things is individuals often don’t realise that a lot of data collected today for one reason can be easily repurposed for another with no requirement to disclose this change of use. This is one thing Herold is trying to change. She urges organisations to consider this line in addition to current legislation when developing privacy policies. “When you’re the one collecting the information, you need something in your brain that tells you, ‘this doesn’t feel right’ when you’ve told individuals that you’re collecting information and using it for one thing and now you’re using it for something else.” Finding the line Much has been made of ‘the creepy line’, which is where most people draw a boundary between what is appropriate use of data and what is not appropriate. The creepy line varies for different people, which is part of why it’s hard to define. The other aspect is that it moves as people get used to incremental encroachments on privacy, for example an activity tracker like Fitbit linking to social media, prompting such permission requests as: ‘Facebook would like to access your heart rate: Cancel/OK’—it’s as much the creeping line as the creepy line. Oliver was clever to frame the NSA issue in terms of whether the agency could see ‘dick pics’, because it was a clear way to indicate to the general public how intimate the surveillance could actually become, even if the data did not actually comprise private photographs. Herold explains the line slightly differently but no less effectively. “The analogy that helps business leaders understand things is: ‘What if your child was using this service and you knew that your child was having all this information about them collected and used?’”
The problem with the Internet of Things is individuals often don’t realise that a lot of data collected today for one reason can be easily repurposed for another with no requirement to disclose this change of use. Unfortunately there is no definitive way to draw the line except through legislation and politics, in addition to public ignorance, can muddy the issue. In the meantime, the only thing security professionals can do is ensure the protection of the information collected and hope it is enough to defend against ill use.
Rebecca Herold - Privacy Professor
What is metadata? Metadata is what describes other pieces of data. It is the details about correspondence but not the content. If you made a phone call, for example, the metadata would include the number you called, the number you called from, where you and the person you called were at the time of the call, and the length of the call but not the actual conversation you had. The Attorney-General’s department states: Metadata is used in almost every serious criminal or national security investigation, including murder, counter-terrorism, counter-espionage, sexual assault and kidnapping cases. Agencies use metadata to help: •
• •
•
quickly rule innocent people out from suspicion and further investigation, for example by showing they had not been in contact with other suspects identify suspects and networks of criminal associates support applications to use more complex and intrusive tools, such as a warrant to intercept the content of communications provide evidence in prosecutions.
Australian Security Magazine | 29
National
www.aisa.org.au
Mandatory Breach Disclosure Part 1 : The case for mandatory breach disclosure
T
he case for mandatory breach disclosure is building with an increasing number of large, high profile breaches, particularly in the US where 2014 saw Target USA, JP Morgan Chase, eBay, Home Depot and Sony Pictures as the most prominent examples. The proposed US Personal Data Notification and Protection Act, among other developments, has seen the drums beating louder for a Federal mandatory breach disclosure law in the US, unifying and simplifying the multitude of state based laws. In Australia, the mandatory breach disclosure bill is being debated in the Senate and the Office of the Australian Information Commissioner Timothy Pilgrim has been one of its key proponents particularly given the now expected adoption of the mandatory data retention scheme for telecommunications companies. Just last month the Joint Parliamentary Committee on Intelligence & Security ( JPCIS) had recommended a mandatory breach disclosure law be adopted before the end of the year - 2015. So will a mandatory breach disclosure law be effective in both protecting consumer data and encouraging organisations to reduce the risk of a data breach? Let’s look at the key issues for mandatory breach disclosure; • Say you are a user who has entrusted your data to a third party, be it insurance, financial services, marketing organisation etc. Would you want to know if your information was compromised? Most users would answer in the affirmative. At least then you could take some steps to mitigate your exposure. Not only cancelling credit cards but increasing wariness in terms of phishing campaigns or hiring a 3rd party organisation to monitor your credit rating etc. • Mandatory breach disclosure laws in the European Union have improved security awareness in the EU (ENISA study - http://www.enisa.europa.eu/act/it/eid) • Media coverage of compromises have led organisations to a more mature approach to cybersecurity. The two most often raised benefits are organisations adopting security best practices and being pressured by both the public and regulatory bodies to appropriately fund and staff their
30 | Australian Security Magazine
•
•
security programs. Security awareness of the general public is also heightened which helps frame the risk in a broader context. Organisations who have been entrusted with user or third party data including personal identifiable information and credit card data take cybersecurity more seriously when they are legally compelled to disclosure breaches. It’s not ideal but regulation and compliance drives security spend in most organisations. While we’d like to think that organisations would fund and staff their security programs as best practice, the financial ramifications of fines or brand damage is a more compelling case for senior executives and the board of directors in corporations. Senior executives and Board Directors are more engaged in cybersecurity when there are risks of fines or brand damage/loss of reputation. In 2014 Lani Refiti and Dr Sally Ernst conducted research involving over one hundred board directors that was presented to the 2014 AISA National Conference. One key theme was board directors often felt cybersecurity was a technology issue best handled by their CIO’s. When mandatory breach disclosure was raised in the interviews conducted, there was a feeling that cybersecurity would become more strategic and something they would need to engage more closely. Cybersecurity would move from a technology to a business issue.
If we look at global trends in cybersecurity regulation, mandatory breach disclosure is a logical step and brings Australia into line with most comparable countries. While a complex construct to turn into regulation, we as a security industry should not be reluctant to support and encourage the public discourse. There is a healthy tension in the exchange of ideas and differences of opinions across industry and the broader public. The debate around the effectiveness of mandatory breach disclosure should be encouraged because through the exploration of the differing opinions we will see improved outcomes.
Cyber Security
Data Centres : A weak link in counter terrorism? by Andgela Toh
M
any organisations have taken constructive action against terrorist attacks, through security screening, surveillance analytics, target hardening for buildings, and a host of other measures. However, a weak link remains among many. Data centres. For government and private organisations, data centres are absolutely mission critical. The facility comprises mainframes, application systems, communication networks and data archiving systems. Data centres vary from Tier 1 - occupying one room with only a few servers, to enterpriselevel, Tier 4 - mission-critical facilities taking up entire buildings with thousands of servers. Utmost Mission Criticality - Is there a blind side? Data centre uptime availability may need to be as high as 99.995% of the time. This translates to a miniscule 26.28 minutes per year of down time! Such facilities have multiple fault tolerant redundancies as backups for continued operations. Yet, a single bomb blast could render all these redundancies irrelevant! If there is no blast protection. An entire system can come become inoperable when a critical hardware or software component is damaged or malfunctions. Even built-in redundancies to overcome sources of failure should have blast mitigation measures. A
datacentre without blast protection may experience multiple points of failure, through power, Heating Ventilation and Air Con (HVAC), connectivity, hardware or software malfunction or failure. Aggravated Down Time Down time for blast impacted data centres can range from 2 to 6 months, depending on what gets hit. Disruptions to data centres can lead to loss of confidence in a government or financial institutions. Or worse, a loss of customers owing to lack of system availability; denied access to online services, withdrawals or transactions; and huge legal suits from institutional clients. When the psychological trauma of a terrorist strike combines with denial of access to customer facilities, the chaos and panic is hard to envisage! Business or institutional costs can become astronomical. Proactive Risk Management When designing or planning a mission critical facility, every potential threat must be identified with solutions and costs evaluated. Get a vendor who is able to do value engineering,
Australian Security Magazine | 31
Cyber Security
‘The proprietary patented Enerzorb EAM (EnergyAbsorbing Mullion system) protects against blasts up to 400 psi-ms. The highest possible rating with existing technology for windows.’
to help manage costs without compromising performance. Retrofitting after the building is done will cost considerably more. Huge glass facades which adorn many beautiful, contemporary buildings, expose internal rooms to various degrees of blast risks. If data centres are behind the glass, the glass needs to be protected. Data centres need to do Blast Effects Analysis to determine their risk levels and put in place mitigation measures like blast doors, reinforced concrete walls, and blast windows as needed. Recovery of lost critical data creates downtime and expensive customer and staff disruptions. Facility managers and security experts should work with architects to determine location of doors or windows to reduce exposure. Blast doors are needed especially when mail rooms are located next to data centres. So what can data centres do? Given the innumerate tasks and urgent schedules of data centres, it would be easier to work with a blast mitigation expert with chain wide expertise in blast simulation, blast testing, fabrication and installation. Such vendors provide seamless design, execution and on-site problem solving which determine robustness of installations, and actual performance in a blast. ENERZORB blast mitigation specialist answers this need. ENERZORB Risk Solutions ENERZORB, a patented, blast mitigation system supports datacentres with expert, discerning advice to manage various risk levels faced. Peace of mind comes with their regional track record covering financial institutions, MNC regional HQs, government buildings, and key infrastructure. ENERZORB supports data centres and building owners with: - Blast Effects Analysis - Avoidance of Progressive Collapse - Reduction of flying debris - Siting of critical zones to beat blasts - Innovative solutions to blast mitigate retrofit buildings, to avoid expensive structural work - Value engineering for optimum solution which empower budgets and design - Blast mitigation of doors, concrete walls and windows Patented Dynamic Energy Absorption Mullion (EAM) System The proprietary patented Enerzorb EAM (EnergyAbsorbing Mullion system) protects against blasts up to 400 psi-ms. The highest possible rating with existing technology for windows. It employs a dynamic blast mitigation system to absorb, diffuse and transfer blast energy away from the impact area. The film treated glass and sealant-filled space between laminated glass panels prevents debris and injuries. “Rated top three in the world, our energy absorption system greatly reduces blast pressure which can prevent servers from being sucked out of the room during negative pressure phase of a blast. Our proven R&D backed solutions are “live” blast tested with top ratings from GSA, ISO and ASTM tests in the US.” said Angela Toh, CEO of AJA Enterprises, owner of the ENERZORB trade mark. Enerzorb extends the performance bracket for new
32 | Australian Security Magazine
builds. EAM systems enable blast mitigation for entire curtain walls and facades (beyond heights of 5 metres). Able to protect large glass panels (eg. exceeding 5 metres x 2.4 metres in a single pane). Blast Doors take the Hit for your Servers ENERZORB design and engineering deliver lighter doors with heavy weight performance. It uses dynamic elasticplastic designs and materials, to absorb and transfer impact to reinforced door, frames and anchors. Controlled deformation of the door enables it to continue functioning after a blast. ENERZORB doors safely shield people, while the system works to prevent dangerous door rebound during a blast. “The doors remain operable, allowing for safe escape of occupants or re-entry for Disaster Recovery operations. Hence, saving precious time to achieve Business Recovery Time Objectives, and rapid resumption of operations. In addition, the blast doors can be double-sealed against smoke and water to cover multiple risks for additional protection of people and equipment,“ said Angela Toh. About the author Ms Angela Toh, a biochemist by training, established AJA Enterprises after an outstanding career with global brand names. Her specialty lies in blast mitigation of curtain wall, windows and doors, facade, extrusion and glazing. She pioneered the blast mitigation market in Singapore and Asia in the early post 9-11 years. Developing her own blast mitigation systems, after a 10 country solution search, and in consultation with US experts. Educating potential clients about blast mitigation, she customised solutions to optimise customer spend. Angela clinched projects in the region shortly after completing government and private sector jobs in Singapore. Her passion in R&D and product innovation led to the development of Asia’s first energy absorption system, ENERZORBTM. This patented system ranks top 3 in the world for blast protection performance (in conformance with GSA-TS01-2003 tests).
www.cctvbuyersguide.com
National
For all the latest in CCTV products and news. www.cctvbuyersguide.com
Women in Security
Thinking before we click: the unseen face of online security
W By Kema Rajandran Correspondent
34 | Australian Security Magazine
hen Karen Stones left school at the young age of fifteen, she never imagined she would be receiving the award for Information Security Professional of the Year from the Australian Information Security Association (AISA). Last October, Ms Stones became the first female AISA member to win the award. Voted by her peers, the award reflects Ms Stones’ significant contributions, achievements and initiatives to the security sector. “I was very surprised [to win] to be honest, especially given the quality of all the nominees. However I do feel honoured to be considered worthy of the award and particularly in light of the actual fact that I’m a strong advocate of workplace diversity, including gender equality,” she said. Upon completing her GCSE’s in the United Kingdom, Ms Stones left school without advanced qualifications for economic reasons; the appeal of working in a bank was originally for the benefit of job security for her. “I started life as a teller in a mutual society in the UK and progressed from there. Once I became involved in information security there were significant opportunities to progress within the banking area – the work being diverse and a constant challenge.” Tasked with managing a talented high performance team at Bankwest in her most recent role, her team supported the delivery of security in all business change, including projects of all sizes.
Ms Stones was responsible for managing a large portfolio of up to 70 concurrent projects at Bankwest and then went on secondment to Commonwealth Bank with a mandate to review, revise and implement the Group information security policies and framework. With a stellar 27-year career and still going strong, Ms Stones is as passionate about Information Security as she was from those early days. “Information security is a passion for me. When I first started out in my career in banking, a large proportion of my role was investigating staff fraud.” “I played a huge role in reporting on, and disciplining many of my colleagues until one day I realised that there was actually more I could do to help my colleagues do the right thing through policy and compliance and basic security awareness.” It was undergoing research at this stage in her life about information security - combined with a great manager that lead Ms Stones into her self-confessed addiction for information security. “I like that information security is a subject that effects everyone, of all ages, and that every change, advancement or initiative has to consider information security implications.” Effect everyone it certainly does, with our reliance on technology growing exponentially as companies find ways to be more efficient, respond quicker, work harder and save costs by moving more services online. But with the rise of technology comes a lack of face-
Women in Security
to-face communication leaving many open to cyber security issues such as identity fraud or bullying. As a mother and step-mother to five children, Ms Stones says we need improvements to cyber security. “The reliance on social media and its implications on our privacy is a topic that is close to me and I regularly present on this.” “Speaking as a parent, I regularly talk with other parents and schools about why this is the case, and I believe it’s because of the 24/7 nature of the internet.”
“All children want is to belong in some way and the different social media sites provides a perfect outlet for this, unfortunately it’s not always a positive experience. Coupled with the fact that we no longer equip our children and young adults with resiliency tools, we, I think, have a bullying epidemic on our hands.” Ms Stones thinks terrorism is a fact of life and it’s unlikely to change. “Unfortunately, when hysteria is brought into play, there are no hard rules around what the reaction might be.” “Social media provides a platform for societal ‘sheep’ to huddle together knowing that life will never be the same, that normal activities, must be cut short or ceased.” Ms Stones says that it’s in this way that social media is spreading messages far better than any one terrorist can. “I think there is a level of activity and media hype around terrorism that I find distasteful at best and at worst damaging to international relations.” With that said, perhaps there is a need for binding international laws that govern how countries behave online. “No. Independence in thought is what makes up our world and I don’t believe that what works for one country would necessarily work for all. Of course there always some exceptions.”
“The reliance on social media and its implications on our privacy is a topic that is close to me and I regularly present on this.”
Australian Security Magazine | 35
Available online! See our website for details
1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE
6 print issues per year for only $88.00 SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, 6 issues (1 year). ☐
AUSTRALIA
A$
88.00
(inc GST)
1 YEAR
☐
INTERNATIONAL
A$
158.00
(inc GST)
1 YEAR
Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag), 6 issues (1 year).
No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.
Go to
www.australiansecuritymagazine.com.au/subscribe and fill in our subscription form online. Dont miss an issue! Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)
36 | Australian Security Magazine
PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155
FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059
Email subscriptions@mysecurity.com.au
GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056
Within TechTime you will find the very latest information, news and products from a wide variety of security industries, ranging from cameras, computers, software and hardware.
SONY’s New SNC-VM772R camera AXIS Q6000-E Network Camera
To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au
Latest News and Products Australian Security Magazine | 37
TechTime - latest news and products
Panasonic launches Ultra HD 360° network security cameras Panasonic Australia has launched two new intelligent surveillance cameras featuring 9-megapixel resolution, a 360° field of view, and ultra-high 4K resolution. Aimed at applications such as banking, retail, and logistics, the cameras serve both marketing and security purposes, through heat mapping and people counting. Inbuilt analytics tools allow the user to identify where people move and stay within an area, which in a retail context for instance, can help measure the effectiveness of sales promotions, while data privacy is protected through motion scrambling. The WV-SFV481 weather-resistant camera and the WV-SFN480 indoor camera deliver very detailed 9-megapixel images. The highresolution 4K engine, ½-inch high sensitivity image sensor and large diameter lens provide clarity from the centre to the rim of the image. Real-time image de-warping is performed in camera, with display formats including fisheye view, single and double panoramic view, and single and quad de-warped views. Adrian Aliberti, Product Marketing Manager, Security, Panasonic Australia, said: “These cameras offer organisations excellent performance and value. They are designed for very clear imaging, with the wide 360-degree view meaning businesses don’t need to install as many cameras to cover an area.” “The business intelligence features are built in, so the cameras can track people flow, identify hot spots and bottlenecks, and then provide data to allow the organisation to improve areas such as in-store marketing, and
store layout.” The day/night cameras feature sharp and natural colour reproduction with strong low light performance – the ½-inch sensor operates down to 0.05lx in black and white mode enabling real day/night switching – providing an ideal 24/7 surveillance solution. The WV-SFV481 is weather and vandalresistant, with IP66 and IK10 ratings, making it suitable for both indoor and outdoor use. Both cameras are ideal for surveillance applications that require wide area coverage such as
shopping malls, retail stores, airports, railway stations, parking areas, factories, warehouses and offices. Customers can visit http://security. panasonic.com for more information. The cameras are available now from authorised Panasonic distributors Pacific Communications www.pacom.com.au, DAS www.das.com.au, Lan 1 (www.lan1.com.au) and OPS Systems www.opsystems.com.au
New rugged, industrial-grade devices to connect and secure critical infrastructure Fortinet LogoFortinet, a global leader in highperformance network security – is continuing to blaze new trails in critical infrastructure markets with new “Rugged” products –networking, security and wireless devices purpose-built to meet the demanding standards of public utilities, oil and gas, mining, manufacturing and the transportation industries that operate in harsh physical environments. The release of the FortiGate Rugged 60D and FortiAP 222C, marks another important step in the company’s already strong and
38 | Australian Security Magazine
growing critical infrastructure presence, which has expanded to include securing seven of the top 10 global petroleum refiners and six of the top 10 global utilities. The Critical Infrastructure Challenge Critical infrastructure and other businesses that rely on industrial control systems face unique and growing security issues. Threats have evolved into highly sophisticated and targeted assaults leveraging multiple attack vectors to penetrate networks and steal
valuable information. These include disruption of critical services, environmental damage and prospective widespread harm. In addition, distributed critical infrastructure is often located in places that are physically inaccessible, lack connectivity, subject to intemperate climate or otherwise constrained by limited space. As a result, traditional security solutions intended for indoor environments are often ill-equipped to operate under duress or in harsh conditions. And finally critical infrastructure, which leverages Operational Technology
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
applications, hardware and networks, relies on different communication protocols, older operating systems and more industry-specific applications than Information Technology systems. All of these factors — sophisticated threats, harsh conditions and proprietary systems — make it more difficult to increase security for industrial control systems. “Vital systems such as utilities and manufacturing face harsh conditions and a proliferation of new attacks that pose numerous threats to public well-being and safety,” said John Maddison, vice president of marketing products for Fortinet. “Addressing these unique problems, Fortinet’s new Rugged products enable customers to reduce the risk of catastrophic security incidents to critical infrastructure that could put public health and safety in jeopardy.” “Remote locations can be the most vulnerable points of entry for a cyber-attack”, says Gary Gardiner, A/NZ Director of Engineering for Fortinet.
“The time lost in reaching remote locations in a country like Australia or New Zealand represents critical downtime for business. With purpose-built devices in place to protect from extreme conditions, enterprises get valuable protection from targeted assaults. The Rugged Advantage Fortinet’s rugged and outdoor products are industrially-hardened appliances that deliver enterprise-class connectivity and security for critical control systems facing malicious attacks, as well as extreme weather and other demanding physical environments. Dedicated security appliances, expert security intelligence powered by FortiGuard Labs with an emphasis on ICS threats and systems plus consolidated wired and wireless networking, combine to meet both the most demanding security requirements and environmental conditions for customers.
Features include: Industrial control-specific capabilities, such as application awareness and protocol support, in form factors designed in accordance with international substation automation standards, IEC 61850-3 and IEEE 1613, and fan-less, cable-less design. Integrating switching and wireless access that delivers connectivity as well as security for automated systems anywhere in the world Strong remote configuration and management, as well as central monitoring and reporting to ensure high availability and demonstrated compliance capabilities. Availability: The FortiGate Rugged 60D and FortiAP 222C are currently available.
Gallagher introduces new technology to the security market The latest product developments from leading security technology manufacturer, Gallagher, have been released to the global market allowing businesses of all sizes to go mobile, simplify start up security systems, and manage alarms right at the door Amongst the releases is Command Centre v7.30 — the next generation of Gallagher’s globally recognized central management platform which introduces their new mobile application. Also released is the Controller 6000 Starter Kits, and new functionality for Gallagher’s award winning T20 Card + PIN Terminal which now provides comprehensive alarm functionality. As technology experts in integrated access control, perimeter security and business management, Gallagher continues to demonstrate their strength and investment in research, innovation, and design, with this latest product range. “The world is going mobile, and so are we. There are also smaller businesses out there that require a more robust and reliable security system; so we’re making our platform more flexible and affordable to them”, says Sir William Gallagher, CEO. “Through strong relationships with valued partners and customers, we know we are releasing security technology that meets the needs of the industry.”
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Further details about the latest products include Command Centre v7.30 introducing a mobile client that significantly extends visibility and control of access and perimeter alarms. Using an Apple iPhone running iOS8, users can monitor and acknowledge alarms; and check and override door and zone status remotely. Command Centre v7.30 also introduces enhanced graphical reporting to help users create meaningful data and easily identify security and business trends. Controller 6000 Starter Kits enable a faster and more cost effective way to get a small site up and running with integrated access and alarms management. The award winning and durable T20 Card + PIN Terminal extends operator control right to the door. The T20 simplifies safety for operators by enabling visual access to multiple alarms zones and states via a detailed mimic panel. It also allows easy alarm management with IT grade encryption levels for a single zone, multiple areas, or total site control.
Australian Security Magazine | 39
TechTime - latest news and products
Sony’s 4K security camera has 1.0 type Exmor RT CMOS sensor for advanced imaging capabilities Sony is adding 4K imaging to its line of security technologies, with the new SNCVM772R camera. The new model combines the enhanced resolution of 4K with low-light sensitivity leveraging 1.0 type back illuminated Exmor R CMOS image sensor, bandwidth optimisation features, and intelligent scene capture capability to adopt the best picture quality, ideal for city surveillance, transportation, railway, traffic monitoring and airport surveillance applications. 4K technology gives security users the ability to capture content at four times the resolution of Full HD (1080p). With the exceptional detail provided by 4K technology, security professionals can expand their wide area surveillance and still capture, magnify and examine the smallest parts of a scene like a face or a car license plate number – all with a single camera. The SNC-VM772R camera combines these benefits with enhanced visibility, reduced total system costs and flexible and easy installation. “4K is the new video security standard, but 4K imaging means more than just increased resolution,” said Mr. Riki Nishimura, General Manager of Visual Security Solutions Division, Professional Solutions Company (PSAP) at Sony Electronics Asia Pacific. “4K holds the potential to expand the applications of security cameras and transform security and surveillance. The increased resolution covers a larger area to improve situational awareness and ensure nothing is missed, and these benefits help security professionals reduce installation and operating costs as fewer cameras are needed for specific areas.” The introduction of the SNC-VM772R to the security industry extends Sony’s 4K leadership in the broadcast and production industries, where Sony’s 4K cameras are shooting blockbuster movies, popular television shows and major sporting events. Sony’s 4K digital cinema projectors are in movie theatres worldwide and Sony’s 4K TVs bring content to consumers. Sony has developed several unique technologies to overcome the challenges of 4K cameras in the market: improving visibility and light sensitivity while reducing the amount of bandwidth needed to handle large 4K files. Low-light Sensitivity Higher-resolution imaging has traditionally come at the expense of low-light sensitivity. The new SNC-VM772R uses a 1.0 type 20MP Exmor R
40 | Australian Security Magazine
SONY’s New SNC-VM772R camera
sensor and is capable of 0.1 lx sensitivity for clear image capture in light and dark conditions. A back-lit structure doubles the camera’s light sensitivity and a built-in infrared (IR) light source which enhances low-light use and night-time shooting, with visibility at longer distances. In wide area coverage, various lighting conditions exist during the day and night. The SNCVM772R also has 90dB wide dynamic range and 30fps to deliver clear, sharp images for better visibility and recognition. Finally, a 2.9-times motorised zoom lens is matched to the image sensor to maximise video resolution. The lens features optical image stabilisation and helps capture images with low distortion. Flexible Settings and Optimised Streaming The new camera uses Sony’s unique bandwidth optimisation technologies so users can customise streaming settings and the camera’s operation. An Intelligent Coding feature reduces storage and bandwidth consumption by adopting different compression depending on the area of interest. Intelligent Cropping and Multi-Tracking show an overview of an area and allows for “region of interest” selection up to a maximum of four areas at a time, so users can select only the portion of an image they want to see in 4K resolution, while also streaming a scaled full HD image. This results in 50 percent less bandwidth consumption by reducing the amount of video transmitted in 4K resolution, and makes wide area monitoring more effective and targeted.
Intelligent Cropping has two patterns for selecting the size and number of areas, and also employs two modes: Static, to view multiple fixed areas in one scene; and Dynamic, to detect moving objects. Evidence Shot lets users see critical moments in the camera’s highest resolution of 20MP in still shot mode, which is 2.4 times more pixel resolution of 4K. Alarms can be sent with Video Motion Detection for specified scenes. Wide Selections for Setting Best Images The Intelligent Scene Capture function automatically adjusts and adapts picture quality (brightness and colour) depending on time, weather and lighting conditions. The SNC-VM772R camera also allows users to customise picture parameter presets for the best settings between day/night and multiple picture configurations can be saved and switched either manually (using the Picture Profile mode) or according to schedule (Picture Profile Scheduler). The new SNC-VM772R is planned to be available in Asia Pacific in the third quarter of 2015. It will be supported by major VMS providers, including AxxonSoft, Exacq Technologies, Genetec Inc., Genius Vision Digital Inc., Lenel Systems International, Inc., Milestone Systems, NICE Systems, NUUO Inc., On-Net Surveillance Systems, Inc., SeeTec AG and Verint Systems Inc. For more information, please visit http://pro.sony-asia.com/pro/lang/en/hk/ products/video-security-4k.
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
FLIR launch new Scout II Thermal Cameras in Australia Released at the recent SHOT Show, held in Las Vegas, FLIR SCOUT II Hand held Monoculars are now available in Australia. FLIR’s Australian Distributor, Night Vision Australia Pty Ltd (based in Sydneys’ CBD), carry a wide range of FLIR products as well as premium Night Vision equipment Night Vision Australia General Manager, John Overs, outlined the upgraded features of both SCOUT II units. Mr. Overs stated the primary feature change was that both units now offer a comprehensive 640x480px LCD Display Screen as a standard feature whilst the Scout II 320 has a video out capability, as well as an increased microbolometer resolution of 336x256px.
Shred your documents safely with West Shred provide you a certificate of destruction for your records. Once we have serviced our clientele our shredded materiel is then unloaded and recycled to create a better environment. Act Now! Tel: 1300 787 432 Email: info@perthshredding.com.au Web: http://www.perthshredding.com.au
West Shred, a locally owned and operated company, offers a totally secure mobile on-site shredding service to companies in Western Australia. All over the world mobile on-site shredding has grown quickly and continues to expand rapidly. Why? Because it dramatically improves information security and is the most secure, efficient, cost effective and worry free method of secure document destruction available. Mobile onsite shredding is like all the best ideas – very simple and very secure. Using
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
purpose built mobile shredding trucks we come to your premises, then we shred your confidential, sensitive and private documents onsite in front of your eyes. The shredded material is then stored onboard the truck and taken away for recycling, no mess no fuss. You can be absolutely sure your confidential, sensitive and private documents are destroyed because you see it happen. You no longer rely on the promise that your documents will be shredded at another place, at a later time, with us you see it happen then and there. We then
Cyber TechTime - latest news and products
Akamai Cloud Security Intelligence provides foundation for new advanced, data-driven cloud security services Recognising the crucial role data analytics play in more effectively fighting cloud security threats, Akamai Technologies, Inc, the global leader in content delivery network (CDN) services, has unveiled the foundation underpinning its award-winning Cloud Security Solutions. Known as Akamai Cloud Security Intelligence, a data processing engine within the Akamai Intelligent Platform, the engine is used to continuously analyse more than two Petabytes of data related to web security threats. Akamai uses the resulting intelligence
to not only continuously update and improve the Kona Site Defender application security rule set, but also provides the framework around innovative offerings. “Companies around the world have come to rely on Akamai’s Cloud Security Solutions to keep their web sites and applications not only up and running, but also highly performant, in the face of attack,” explained John Summers, vice president, Cloud Security, Akamai. “The Akamai Cloud Security Intelligence data analysis engine provides a solid foundation from which we’re able to make our existing Akamai
Cloud Security Solutions even smarter and provide a framework upon which new cloud security solutions can be built. The ultimate goal is to continue delivering technology designed to keep our customers’ online businesses protected in the face of an ever changing threat landscape.”
FireEye reveals details of decade-long cyber espionage campaign FireEye, Inc, the leader in stopping today’s advanced cyber-attacks, has released the new Intelligence Report “APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation.” The report provides intelligence on the operations of APT 30, an advanced persistent threat (APT) group most likely sponsored by the Chinese government. Conducting cyber espionage since at least 2005, APT 30 is one of the longest operating APT groups that FireEye tracks. The group
has maintained largely consistent targeting in Southeast Asia and India, including targets in Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines and Indonesia, among other countries. Analysis conducted on APT 30’s malware reveals a methodical approach to software development similar to that of established technology businesses – an approach that aligns closely to the various diplomatic, political, media and private-sector environments they
intended to breach. Their targets possess information that most likely serves the Chinese government’s needs for intelligence about key Southeast Asian regional political, economic, and military issues, disputed territories, and discussions related to the legitimacy of the Chinese Communist Party.
Is our data ready for the wearable health revolution? Wearables can arm us with powerful data that can help us improve our health and lifestyle but are we ready to share our sensitive medical data with the world? This week MEF issued a report on the use of wearable devices in the health sector, both relating to personal consumption and also when recommended or used by health professionals. According to the report, “the global health and
fitness app market is currently worth $4 billion, and is predicted to be worth $26 billion by 2017”. This means that we’re going to hear a lot more about health wearables in the future. If commercial companies are to hold data that we really only expect medical companies to hold then maybe the regulations should apply to them as well. While it may be boring, I would recommend
reading the privacy policy and terms of use of anything collecting what is very personal and sensitive data and making a choice on whether you want to share this data.
CyberArk Security Brief: Securing Third-Party Remote Access, a Weak Link in Enterprise IT CyberArk, the company that protects organisations from cyber attacks that have made their way inside the network perimeter, has released a new security brief to protect organisations against cyber attacks through third-party remote access points. “It’s no secret that attackers target the weakest links in IT security, which are often found in accounts provisioned to third-parties for network access,” said John Worrall, Chief Marketing Officer, CyberArk. “Often, these smaller third-party organisations have less sophisticated security policies and controls than the target companies, providing an open
42 | Australian Security Magazine
backdoor for attackers” The CyberArk security brief provides organisations with guidance on how to address remote vendor access as a privileged access point that requires tight security controls. Topics covered include: approaches for managing and securing third-party credentials, how to isolate and monitor external sessions, and the importance of threat detection capabilities in security solutions for third-party access.
Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Cyber TechTime - latest news and products
New Microsoft-commissioned study highlights increasing cyber crime threats to Governments and current blindspots While governments are increasingly spending more IT resources and budgets on cyber security, there are still blindspots and weak links in their IT management, usage and policies, which makes them vulnerable to cyberattacks, according to an independent study released by research consultancy firm TRPC, titled “Public Data At Risk: Cyber Threats to the Networked Government”. The study reflects that while governments
across Asia-Pacific are strategically looking at adopting IT solutions to streamline and enhance the efficiency of their work, management of data and delivery of public services, a networked environment is being actively targeted by cyber threats affecting safety and security of government data, national security, critical infrastructure, as well as international diplomacy. Many security loopholes can be addressed by ensuring that best practices guidelines are
enforced for the purchase, maintenance, and upgrading of IT infrastructure and services, according to the white paper. This includes following a cyber security roadmap to identify which risk areas require attention and more resources.
WatchGuard Technologies Outlines Seven Steps for IT Pros to Win the Network Security Budgets They Need – Before There’s a Breach There’s a running joke in IT about the secret to getting the network security budgets they need: wait for a breach. Naturally, that’s the most costly way for companies to address network
protecting networks properly in the first place. “Hackers know companies are vulnerable because they struggle with the perceived cost and complexity of properly securing their
walk through the process of evaluating their security stance, putting these risks into business impact terms, and guiding them on how to successfully get buyoff from executives
security, because it’s too late. According to Pricewaterhouse Coopers, 48 million cyber security incidents were reported in 2014, the worst costing more than a billion dollars in losses – far more than the cost of
networks,” said Richard Barber, chief financial officer at WatchGuard. “Companies can no longer afford to wait for a breach to ensure their networks are prepared to face today’s cyber criminals. Our new guide helps organizations
or business unit heads.”
New RSA Breach Readiness Survey Finds Majority Not Prepared RSA, The Security Division of EMC, has released the results of a new global breach readiness survey that covered thirty countries and compared those global results with a survey of the Security for Business Innovation Council (SBIC), a group of top security leaders from the Global 1000. Using the SBIC as a benchmark, the results suggest that the majority of organisations are not following incident response best practices and are not well prepared to face the challenges of today’s advanced cyber threats. The survey
report provides quantitative insights into real-world security practices and highlights gaps in technology and procedure as well as prescriptive advice from the SBIC for how to best close those gaps. Ben Doyle, Chief Information Security Officer, Thales Australia and New Zealand said “People and process are more critical than the technology as it pertains to incident response. First, a security operations team must have clearly defined roles and responsibilities to avoid confusion at the crucial hour. But it is just
as important to have visibility and consistent workflows during any major security crisis to assure accountability and consistency and help organisations improve response procedures over time.”
CipherCloud’s New Global Cloud Data Security Report Highlights How Companies are Securing Their Data in the Cloud As companies accelerate their adoption of the cloud, the cloud data footprint is expected to grow to 6.5 zettabytes by 2018. This rapid migration of data into the cloud creates the need for insight into both cloud adoption trends and cloud data security issues. As a companion to the “Cloud Adoption & Risk Report in North America & Europe” report, CipherCloud, a leader in cloud security, today unveils the inaugural edition of its “Global Cloud
Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Data Security Report,” the industry’s first global study on cloud data protection challenges and strategies in the enterprise Security needs included a combination of technology, legal, financial and political factors at play. In Q1 2015, 64 percent of organisations identify audit/compliance/privacy as a top challenge, 32 percent name unprotected data in the cloud as a primary concern, 2 percent cited malware protection for documents and 2
percent cited lack of enough secure cloud file sharing solutions.
Australian Security Magazine | 43
By Chris Cubbage, Executive Editor
DRAFT FOR PUBLIC COMMENT
WESTERN AUSTRALIAN STATE CCTV STRATEGY
Draft WA State CCTV Strategy – For Public Comment Closes 26 June 2015 www.police.wa.gov.au
The draft WA State CCTV Strategy was released in late March 2015 by Liza Harvey MLA, WA Minister for Police; Road Safety; Training and Workforce Development; Women’s Interests. The Strategy declares it “provides a clear vision and framework for how CCTV can best be used to enhance the safety and security of the Western Australian community now, while positioning the State for future technological advances.” The draft State CCTV Strategy aims to do the following: 1. Support various avenues for community participation; 2. Provide the community with a ‘one stop shop for all things CCTV’ to obtain guidance; 3. Clear guidelines for voluntary participation in the Strategy will be developed; and 4. Improved community awareness. The draft CCTV Strategy attempts to articulate a framework which facilitates data sharing between a CCTV owner, who has agreed to share their data, with a third party. When a CCTV owner shares their data through the State CCTV Strategy, they become known as a ‘donor’. Anyone who receives data from a donor through the State CCTV Strategy is known as a ‘client’. There are four key elements to the Strategy: 1. The State CCTV Register (currently called Blue Iris) will be refreshed. 2. A set of criteria and supporting documents will be published. 3. Of the CCTV owners who register their infrastructure, it is expected that a small subset will have a large number of cameras covering public spaces. 4. Owners of traditional CCTV infrastructure - everyone with a smart phone or tablet now possesses a ‘CCTV camera’. As part of the Strategy, a Mobile Video Sharing solution will be tested.
•
•
•
44 | Australian Security Magazine
The foreseen benefits include: Having access to a greater number of CCTV resources is expected to enhance the situational awareness of agencies, improve their ability to allocate resources across multiple incidents, monitor crime hotspots and gather evidence for legal purposes; Having CCTV cameras in public areas can act as a deterrent to potential offenders and gives community member’s confidence when going about their daily business; There is currently a multitude of systems, a lack of technology expertise to operate discrete systems to retrieve footage as well
•
as a lack of consistency in how CCTV owners are approached to provide footage for investigative purposes; and A range of documents and criteria will be published to support the State CCTV Strategy for current and potential CCTV owners.
The WA Police have been establishing the foundations for enhancing their CCTV access and use capabilities for some years, in particular since CHOGM 2011. The draft strategy appears to be the only ‘foundation’ laid in the 2014/15 period, at a cost understood to be in excess of $200,000. The draft CCTV Strategy is effectively a ‘position statement’ so very little new information, just re-affirms the commitment to building CCTV networks and providing maximum access and video sharing with police and other agencies. A Mobile Video Sharing Solution will be tested but no further insight is offered. The strategy omits funding projections and there are no budget commitments. Funding pools will be applied but are not quantified and are restricted to local government only. The strategy makes opening claims like “will align with existing WA crime deterrent strategies such as the Goodbye Graffiti initiative and the Designing Out Crime Planning Guidelines”, but makes no further mention of these within the document and no explanation on how the strategies will be aligned. Indeed, the Designing Our Crime Planning Guidelines are approaching 10 years old and the only mention of CCTV is in the Glossary. There is a distinct lack of wider legislative consideration and without any discussion on addressing all the legal issues coherently – indeed nor how legislative changes will be managed prior to the ‘horizon’ of 2016/2017. There is no mention of the State Retention Act amongst the immediate legislative impacts. In terms of recent Privacy Act amendments and new Federal Data Retention laws, how will the strategy be impacted and is ‘meta-data’ from IP video and CCTV networks relevant as part of data retention needs? These are key issues that still need to be considered or discussed. The draft CCTV Strategy is available on the WA Police website at www.police.wa.gov.au and public comment closes 26 June 2015.
Have you recently published a security related book? Or have you just read a new, great security book? Please email us at editor@australiansecuritymagazine.com.au
w
w
w
.
c
h
i
e
f
I
T
.
m
e
CIOs, IT Leaders and decision makers • Big data • Communications • Cloud computing • Technology systems • Interviews with industry thought leaders plus much more.
PROTECTING BUSINESS AND GOVERNMENT WORLDWIDE. • • • • •
Cyber Security Solutions Advanced Threat Intelligence and Investigation Sophisticated Cyber Analytics Managed Security Services Cyber Security Consulting Services
For more information, contact us at learn@baesystems.com
baesystems.com/ai twitter.com/baesystems_ai linkedin.com/company/baesystemsai