Print Post Approved PP255003/10110
THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au June/July 2015
Outstanding Security Performance awards, the OSPAs
Torrentlocker malware reported to the Australian cybercrime online reporting network
From Infosec to intelligence-based cybersecurity
UAVs civil market future expectations
The modern ‘Sherlock Holmes’ of the cyber world…in Silicon Valley
The stratum of work in the security industry
INSIGHTS AND OBSTACLES
PLUS
$8.95 INC. GST
TechTime l Cyber-TechTime Movers & Shakers l Quick Q&A and much more...
National Policing Summit Policy, Leadership, Reform 4 – 5 August 2015 | Rendezvous Grand Hotel, Melbourne
HEAR HOW TO IMPROVE THE NATION’S LAW ENFORCEMENT AT AUSTRALIA’S PREMIER POLICING SUMMIT. Join Australia’s biggest policy discussion on the latest policy and legislation that governs our law enforcement. With one of the highest-level speaker faculties across the nation, you’ll have the chance to hear from international keynote speakers from Salt Lake City and the London Metropolitan Police to gain a deeper insight into how best Australia can support officers on the front line, while also improving operations for a more efficient police force. PRESENTATIONS FROM:
KEY TOPICS INCLUDE: – The principle forces driving change in the policing landscape – Outsourcing, civilianisation and contestability of traditional policing roles – Federal expectations of Law Enforcement Agencies – Evaluating the need for a commissioned white paper for policing – An aging population & workforce and their impact on police
Chief Chris Burbank, Chief of Police, Salt Lake City Police Department
Deputy Commissioner Craig Mackey QPM, London Metropolitan Police
Karen Jones, Chief Executive: Public Affairs, New Zealand Police
Commissioner Ian Stewart APM, Queensland Police Service
Commissioner Karl O’Callaghan APM, Western Australia Police
Incoming Commissioner Grant Stevens APM, South Australia Police
Deputy Commissioner Leanne Close APM, Operations Executive, Australian Federal Police
Deputy Commissioner Catherine Burn APM, Specialist Operations, New South Wales Police
Deputy Commissioner Scott Tilyard, Tasmania Police
– The move to the professionalization of Australia’s Police – Women in police leadership: innovations, challenges and successes – Women only police stations: models & implementation issues – Building a culture of equality, diversity & opportunity in the force – The main challenges for Australia’s law enforcement system WHO SHOULD ATTEND: – Senior police officers and command staff – International police & law enforcement organisations – Crime and justice commissions – Law enforcement management – National security and intelligence agencies – Customs and border protection agencies – Diplomats and federal government officials – Correctional services – Public safety organisations – Crisis response and humanitarian organisations – Policy makers
EXHIBITOR:
– Researchers – Consultants – Academics
www.informa.com.au/policing2015
ENDORSERS:
27th
ConferenCe
Security riSk management getting it right ! 31 August – 2 September 2015 National Convention Centre Canberra www.ag.gov.au/sig register now at
www.ag.gov.au/sig For qUeries ContaCt
SIG@conlog.com.au aBn 92 661 124 436
the sig 2015 Conference program will: • consider the evolution of security risk management in recent years; and • focus on case studies, best practice and current and emerging issues that impact on getting security risk management right. speakers include: • Senator the Hon George Brandis QC, attorney-general • Duncan Lewis AO DSC CSC, australian security intelligence organisation • The Hon Theresa M Grafenstine, inspector general U.s. House of representatives & isaCa international Vice President • Dr Ron Ross, Fellow at the national institute of standards and technology, U.s.a.
Contents Editor's Desk 3 Quick Q @ A Dr Malcolm Shore - Technical Director Australia BAE Systems Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Marketing Manager Kathrine Pecotich
Quick Q @ A Derek Manky - #AusCERT 2015 ‘Smarten Up’ Conference
6
Movers & Shakers
10
ACORN - The Australian cybercrime online reporting network
11
Cyber Security From infosec to intelligence based cyber security
12
Enterprise Security in Asia 2015
15
Women in Security The modern ‘Sherlock Holmes’ of the cyber world - Prima Virani
Art Director Stefan Babij
4
18
Frontline
Correspondents Kema (Johnson) Rajandran
MARKETING AND ADVERTISING Kathrine Pecotich T | +61 8 6361 1786 promoteme@australiansecuritymagazine.com.au SUBSCRIPTIONS
T | +61 8 6361 1786 subscriptions@mysecurity.com.au
Copyright © 2015 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E | info@mysecurity.com.au E: editor@australiansecuritymagazine.com.au
UAV’s civil market actual situation and future expectations
20
Crisis and emergencies - Plan for effective responses
22
Stratum of work in the security industry
24
Page 22 - Crisis and emergencies
Counter Terrorism Feature Islamic State’s future pacing techniques
26
Radicalisation process - A cultural and religious insight
28
Obstacles for winning the war on terror
32
International An Inch towards miles
34
The OSPA’s are coming to Australia
36
TechTime - the latest news and products
39
Cyber TechTime
46
Editor’s standout cyber report
48
All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.
Page 26 - Islamic State future pacing techniques
OUR NETWORK Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews,
Page 32 - Obstacles for winning the
events and other topical discussions.
war on terror
CONNECT WITH US www.facebook.com/apsmagazine www.twitter.com/apsmagazine
Correspondents* & Contributors
www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about www.youtube.com/user/MySecurityAustralia
www.asiapacificsecuritymagazine.com
www.drasticnews.com
|
Mikko Hietanen
Shaheli Das
Codee Ludbey
Prince Lazar
Edwin Seo
Dr Malcolm Shore
Alvaro Escarpenter
Dr Robyn Torok
Anooshe Aisha Mushtaq
Professor Martin Gill
Dr Keith Suter
Kema (Johnson) Rajandran*
www.chiefit.me
|
www.youtube.com/user/ MySecurityAustralia
2 | Australian Security Magazine
www.cctvbuyersguide.com
Editor's Desk
“The crowning fortune of a man is to be born to some pursuit which finds him employment and happiness, whether it be to make baskets, or broadswords, or canals, or statues, or songs.” -Ralph Waldo Emerson, circa 1836
T
he June/July 2015 issue of the Australian Security Magazine happens to coincide with marking my fifth year as a security industry publisher, tenth year as an independent security consultant and twenty fifth year since starting my vocational security career as a recruit with the WA Police. Since the 1990s and increasingly so to the present, there are hundreds of thousands of court judgments, reforms and new regulations, which have interpreted the range of criminal behavior and company officer duties, often more stringently, placing more onerous and exacting legal responsibilities on us all. During the same period and to a similar degree, security issues, ranging from terrorism, organised crime, electronic crime and economic crime has continued to grow to become globally significant and key national security issues. Despite a lack in any sophisticated political reform, in the same corresponding time frame has seen the sophistication and global nature of technologies emerge. Along with the technology advancements, the data capture and analysis capabilities should be remembered in how it dwarfs that of the type writer and pager being used at the start of my career in 1990. The first Windows computers were not widely introduced until 1991/2 and were hardly being used for homicide investigations until 1997. Consider then the inhibitive cross-agency information sharing that was battled in the early 2000s when targeting national organised crime. In the last decade alone the explosion of social media has grown the awareness needs and capabilities, and in the last five years the advent of the smart phone has again taken the game to a whole new level. Hardly grasped by government bureaucrats, despite the
warnings repeatedly made over many years. But law enforcement is catching up...but likewise will inevitably, always be behind. Having spent twenty five years amassing experience and expertise, in what we call the ‘modern world’, it is apparent that the learning journey and security game doesn’t stop. Nor is it meant too. The security function will constantly deal with an inherent human behavior intent on trying to defeat itself. To the extent of war... and cyber war. Spare a thought for today’s new security industry entrant, police recruit or soldier and what is destined to confront them over their careers during the next quarter century. Contrast the simplicity of the opening quote, the leaps forward in my short 25 years from the 3-copy carbon paper and type-writers in 1990 to today, with the advert of drones, robotics and mega processing capabilities. In another 25 year’s time, just how much further would we have likely to have gone and how will the security function have changed? As BAE Systems Technical Director, Dr Malcolm Shore highlights with his article, “Gone are the days when IT could be protected by implementing a standard set of security controls... the complexity of national information networks is increasing faster than our ability to understand them and, on an internet that was never designed to be secure, to defend against them.” To highlight this issue further, we welcome an article on ‘TorrentLocker Malware’ reported to the Australian Cybercrime Online Reporting Network (ACORN), a national online system that allows the public to easily report instances of cybercrime. TorrentLocker infects Windows users by gaining access through phishing emails that
encourage users to open a document sent from a ‘reputable’ organisation, such as government and high-profile private sector agencies. Once the document is opened, malware is installed onto the user’s computer and its files encrypted. We also commence a number of new multipart series, with Anooshe Mushtaq exploring the experiences of Muslim migrants and with a perspective on the religious and cultural drivers of Muslim radicalisation in Australia. Anooshe identifies key Islamic teachings used by extremists to target recruits. We have Dr. Robyn Torok researching how Neuro Linguistic Programming marketing style strategies are being used by ISIS to both recruit foreign fighters as well as promote domestic terrorism. And Dr. Keith Suter proposes the three obstacles to winning the “war on terror”; (i) recognising that we are in a “long war” and that quick fixes will not work (ii) seeing terrorism as a “black swan” event and (iii) the role of the media in “providing oxygen to terrorists”. And on that note, as always, we provide some thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.
Yours sincerely, Chris Cubbage CPP, RSecP, GAICD Executive Editor
Australian Security Magazine | 3
....with Dr Malcolm Shore
Technical Director, Australia, BAE Systems Applied Intelligence As Technical Director, Australia, BAE Systems Applied Intelligence, since October 2014, Dr Malcolm Shore’s career spans 30 years and with previous notable roles as Director Infosec, GCSB; Head of Security, Telecom NZ; and Principal Security Officer, NBN Co. How did you get into the security industry? I started with a request from a major accounting firm to do a technical audit of a banking system, and implement a DES encryption system – way back in 1983! How did your current position come about? I had completed a three year tour as a CSO in the telecommunications industry, and moved to the Technical Director role to take BAE Systems Applied Intelligence to the next stage of developing its technical offerings, with a strong research driven component. This leverages both the technical and academic components of my background and allowed me to contribute more directly to ensuring the cyber safety and cyber security of Australia. What are some of the challenges you think the industry is faced with? As it always has, technology moves faster than the associated thinking around risk and security, presenting Boards and executive teams with unprecedented opportunities for technological growth. One of the key challenges for the security industry is to maintain the confidence of business leaders whilst also protecting their interests. This is particularly the case with cloud and mobile technologies. Another key challenge is ensuring we have a workforce, properly structured and with the capacity and capabilities, to meet the needs of business. Where do you see the industry heading? There’s a mindset shift away from information security, as we knew it, to cyber security, and expanding from business into society as a whole with the emergence of the internet of things and autonomous technologies. We are likely to see the traditional risk and control approaches to security increasingly commoditised, and much more focus being put into understanding the motivations of our adversaries, the technical means they use to attack us, and the ways we can detect and eradicate their attacks. We’ll see a greater recognition that information is the focus of cyber security, and supporting more sophisticated data security
4 | Australian Security Magazine
mechanisms will be a key direction for vendors. We’ll still see security advisors and auditors, but we’ll see more focus on big data security analytics, technical inspection, and technical testing. We’ll see demands for more resilient technology and security will be a significant part of that design. What do you do when you’re not working? Running, reading, and teaching cyber security. When I get a chance, spending time on the orchard tending my trees. Spending time with family, and playing in a brass band with my daughter is a key delight!
Agency Contribution
TorrentLocker malware reported to the Australian Cybercrime Online Reporting Network
R
ansomware—a specific type of malware which locks a person’s computer until a ransom is paid—is not a new phenomenon. Rather, it is a modern day form of extortion. Ransomware cemented itself as a particularly malicious form of cybercrime in 2013, with the emergence of CryptoLocker, before starting to grow internationally. In a study conducted by the security software company McAfee in June 2013, in the period between 1 January and 31 March 2013 there were more than double the number of ransomware cases compared to the same period in 2012. This result is not surprising given the large sums of money cybercriminals amassed through the CryptoLocker cybercrime campaign. It has been reported that those behind CryptoLocker managed to procure an estimated US$3 million before it was taken down by the US Department of Justice in 2014. While this was a significant event highlighting the fight against cybercrime, the threat had evolved and a new variant of ransonware —TorrentLocker (also known as Win32 or FileCoder.DI)—had already become available. TorrentLocker uses sophisticated social engineering which baits people through seemingly legitimate emails relating to traffic infringement notices. According to the Australian Crime Commission, Australian’s have been the focus of the TorrentLocker campaign, which has now spread globally. The Australian Cybercrime Online Reporting Network (ACORN)—a national online system that allows the public to easily report instances of cybercrime—has received 41 reports relating to traffic infringement notice emails since November 2014. This figure likely represents only a fraction of the total number of incidents as cybercrimes are commonly under reported by victims. Just like CryptoLocker, TorrentLocker infects Windows users by gaining access through phishing emails that encourage users to open a document sent from a ‘reputable’ organisation, such as government high-profile private sector agencies. Once the document is opened, malware is installed onto the user’s computer and its files encrypted. Often referred to as a ‘shakedown operation’ once
infected with the malware, the offenders demand a ransom payment to remove the restrictions by unlocking the encrypted files. The ransom payment is often upwards of $1,500 in Bitcoin and increases if the deadline is not met. Unique to TorrentLocker is its ability to disguise itself as CryptoLocker—it looks like CryptoLocker, claims to be CryptoLocker, works like CryptoLocker, but is not CryptoLocker. Analysis of this new breed of malware shows that it is vastly different at the code level and can’t simply be branded CryptoLocker 2.0. It is thought that by claiming to be CrytoLocker, TorrentLocker is riding on its predecessor’s coat tails, benefiting from its reputation and scare mongering people into paying the ransom. Since mid-2014, the criminal syndicate responsible for the TorrentLocker ransomware has been actively targeting Australians with phishing emails purporting to originate from Australia Post, Energy Australia, the Australian Taxation Office and Telstra. By late 2014 over 9,000 users were estimated to be infected by TorrentLocker in Australia alone. By working with partner agencies such as SCAMwatch and the AttorneyGeneral’s Department, the ACORN and the Australian Crime Commission (ACC) cybercrime intelligence collection has established that this email campaign has recently expanded to target the New South Wales Government. While the majority of email recipients reside in New South Wales, there have been multiple cases involving victims from other states and territories. For most, the giveaway that this is a malicious campaign is the use of the unusual email addresses used to distribute the infringement notice, such as nsw-gov.net and nsw-gov.com. Cybercriminals are able to narrow their victimisation to location via the victim’s email address, either by determining the top level domain used or the ISPto which it is referring. Additional analysis of ACORN data also suggests that this criminal syndicatehas effected a significantly higher proportion of vulnerable Australian victims in the over 50 year’s age group. Encouragingly, of the 41 reports to the ACORN, 59 per cent were lodged by people who
successfully detected the malicious nature of the email thus avoiding being infected by the software. These people reported being alerted to the software by anti-spam and virus detection software and the use of a suspicious/unusual email address to distribute the infringement notice. This not only demonstrates the value and effectiveness of cyber security software, but also the importance of being educated on how to avoid cybercrime. Importantly, there are some key actions that can be taken to avoid falling for these malicious campaigns. Aside from the already mentioned investment in antivirus software; it is recommended that files be backed up to a system that is not continuously connected to your computer via a network sharing device or a USB. Users should also be cautious when receiving unsolicited emails, and should not open attachments from suspicious email accounts. If you are one of the unlucky individuals who have been infected by ransomware such as TorrentLocker, all is not lost. There are steps you can take to minimise the damage and prevent it encrypting future files. Firstly, buy either a large USB or external hard drive and copy your encrypted files. While this won’t immediately lead to your files being recovered, it does give you the possibility of them being recovered at a later date without paying a ransom. Secondly, as ransomware is directed at Windows, delete it off your computer and either reinstall it or another operating system. This will remove the malware from your PC and allow you to keep operating without future files being encrypted. And finally, although it is tempting, don’t pay the ransom. Payment propagates this type of activity, leading to more victims and greater financial losses. Instead, you are encouraged to report this type of activity, or indeed, all forms of cybercrime to the ACORN at www.acorn.gov.au. Not only is the ACORN already leading to active criminal investigations, it is being used by the ACC to develop the national cybercrime threat picture for other government and law enforcement agencies. This picture helps enhance our nation’s responses to this activity in the future. This is the only way we can make a more cyber secure Australia.
Quick Q&A
....with
Derek Manky
#AusCERT 2015 ‘Smarten Up’ Conference
As the premier IT security event showed yet again, in its 14th year, the AusCERT 2015 ‘Smarten Up’ Conference on the Gold Coast is critically important in bringing industry experts together to share and collaborate within the ever threatened cyber domain. Fortinet’s Derek Manky discussed the threat of things to come, and how next generation threat intelligence solutions have a significant role. “As the cyber universe expands with time, new threats are always lurking on the outskirts that present significant danger. Over 25 billion devices are expected to roam cyberspace by the year 2020, while bandwidth and traffic flow will burst.” Manky is recognised as a leader in the industry and designed a zero-day vulnerability disclosure framework, which has been reliably used for years to fix security issues before criminals discover and attack them. The Internal Network Firewall, combined with Fortinet’s Advanced Threat Protection framework, protects every device - local or remote, stationary or mobile - up to and including the datacentre. This multi-layered security approach is critical for identifying and thwarting highly-sophisticated attacks that find ways to circumvent perimeter defences. Derek, like many professionals in his field, has the ultimate goal to make a positive impact towards the global war on cyber crime. His is involved with several threat response and intelligence initiatives, including FIRST (first.org) and is on the board of the Cyber Threat Alliance (CTA) where he works to shape the future of actionable threat intelligence. Derek also co-hosts ‘Security Threat Landscape’ with Network World, a monthly video program dedicated to cyber security. Derek’s day job for Fortinet is to formulate security strategy based on more than a decade of advanced threat research and he has termed today’s cyber environment to be like that of a ‘Perfect Storm’. EDITOR: The ‘Internet of Threats’ is an interesting take on the Internet of Things - with over 25 billion devices expected to be internet connected by 2020, is five years enough time to close the vulnerability gap between today’s best secure systems and the remaining insecure systems. Otherwise are we not creating a ‘Threat of Things’? “Referring to this as a ‘perfect storm’, moving to billions of connected devices is a problem with the creation of that many attack targets. The second problem is that the targets are easy targets, actually like ‘shooting fish in a barrel’. We’ve worked with Microsoft and others to
6 | Australian Security Magazine
work on the security of hard drives, NAS devices, IP Security Cameras, routers and found that there are no or few product security teams in place and these devices create a lot of low hanging fruit to access networks. The third problem is that the attack life cycle is expanding and there remains instructions on how to compromise known vulnerabilities. At Fortinet there are some 18,000 vulnerabilities that we protect against. With the amount of vendors making IoT devices, we expect this number to double in the next two years. We’re still finding zero day vulnerabilities in major vendor products coming out even with resources applied to security considerations. The number one cause is the web interface, SQL injection and cross scripting. Is it solvable? Nothing is 100 per cent, but two things from the vendor standpoint; as we’re creating an agnostic network with intrusion protection systems we still need to research and finding the vulnerabilities first. The second aspect is we’re seeing legislation, like that in California for credit cards being breached, where they are putting the liability on to the retailer, or when now the point of compromise is likely to be, in order to influence appropriate security practices.” EDITOR: As the cost of computing falls to coincide with the increase in processing power and storage available, is this creating
the environment and need for ‘next gen’ threat intelligence? “Right now we monitor about 55 million end points, we’re seeing over 400,000 attacks a minute and this is predominantly PC based attacks. This is malicious activity and we monitor a lot more beyond that. Implementing threat intelligence and algorithms will see a fall in cost but equals more devices – processors, memory and internet connection – attacks with DDOS, malicious code, lost data - that is directly going to translate into a lot more devices that could be used as an attack vector and so requires a lot more information to process. At AusCERT we delivered a workshop to Queensland police and showed them how they can collaborate with the private security to get evidence and build criminal cases against the range of attackers – a lot of police efforts are moving towards the disruption model - taking ‘them’ out and stopping them from being disruptive - because as cyber gangs, like those in Russia, Australian police can’t just go and arrest them. But the message is being received by attackers and they’ve started writing malware to avoid Law Enforcement Agency (LEA) detection and code that is over writing evidence and destroying data.” EDITOR:...and so the ‘perfect storm’ continues...
BAE SystemsFocus Applied Intelligence Feature Technology - CCTV
Why digital security must become a boardroom issue Mikko Hietanen, Board Director, BAE Systems Applied Intelligence gives his views on how to get buy in from the company board on cyber security investment, from his perspective on the board of one of the world’s largest defence and cyber intelligence companies Digital attacks can threaten an organisation’s global reputation and at its very worst, its ability to operate, making online security a key business governance issue. Business leaders who relegate security to the IT department risk significant business damage: the results of a successful attack can include financial loss, loss of Intellectual Property (IP), Privacy Act noncompliance and sabotage. Company Boards need to recognise that a cyber attack will happen at some stage and that cyber security is a matter for the entire business. The organisation’s IT department alone is unlikely to effectively protect every digital asset of the company without executive support. A 2014 World Economic Forum and McKinsey report said cyber resilience can only be achieved with “active engagement from the senior leaders of private and public institutions.” BAE Systems Applied Intelligence Board Director Mikko Hietanen said: “Cyber attacks are operational business risks, not just IT risks. Most boards are not made up of security experts, so it is crucial for IT and senior executives to frame the problem in terms of those business risks.” For effective governance and accountability, businesses should implement processes to identify attacks early and then respond to these in a structured and repeatable manner, with a clear delineation of responsibility. “Unfortunately, traditional methods of cyber security, centred on trying to block a known threat from entering the IT estate, don’t always work; companies are finding their networks and assets just aren’t protected sufficiently, and becoming frustrated with the issues that slip past their traditional defences,” Mr Hietanen said. “Investing in cyber security is ramping up
globally, but traditionally it has been somewhat of an afterthought for boards. “Take M&A for example; if your company is thinking of acquiring another company, cyber security capability might not have traditionally been part of the due diligence process. Boards are now learning that it needs to be part of the acquisition strategy, because if a company’s IP and data have been compromised, there isn’t much value in acquiring it, is there? “Cyber criminality used to focus mostly on the financial sector, but has widened significantly in the past few years. “Boards that have never had to focus on cyber security are now finding themselves in sticky situations. Any company that has large swathes of data and personal information is a target. And companies with significant IP to protect, and who have managed to find efficiencies their competitors haven’t, are open to industrial espionage. “It’s important to widen the focus to unknown threats, new threats, and on understanding unusual behavioural patterns identified in data, otherwise known as threat intelligence. Threat intelligence gives us rich information on new malware, previously unknown perpetrators, trends that are emerging and more. This can fuel our analytics and provide a better understanding of the threat environment. “Not only companies, but also Governments, are increasingly realising that they need advanced threat detection capabilities. At the heart of these is solid and comprehensive threat intelligence. BAE Systems Applied Intelligence is a significant contributor to both the UK and US Governments, and works with a number of agencies and departments here in Australia. “Because a company’s security is only as strong as its culture, it is up to the executive leadership to set the standards and expectations that will help the entire workforce maintain strong security measures. To do this, companies must allocate the right resources, which can only happen when the board fully supports the need for an effective security posture. Creating a strong business case for security relies on measuring and articulating the potential
return on investment (ROI) appropriately. “Having a solid business case, and explaining ROI in terms of business impact is necessary to achieve buy-in for critical security investments. It creates a bridge between the business and technical teams, giving them a common language and understanding. “Once this happens and the business risks of inadequate cyber security are made clear, companies are more likely to successfully implement effective, appropriate and scalable security measures. “This is becoming a boardroom topic, and boards are looking at cyber in a much more strategic way. “The benefits of doing so are far-reaching, extending beyond simple operational continuity to protecting the company from financial losses, litigation, fines and more,” he said. About the Author Mikko Hietanen is on the board of BAE Systems Applied Intelligence, part of BAE Systems; a global defence, aerospace and security company. He is visiting Australia meeting with key clients and businesses and sharing his global expertise on combating cyber security and financial crime. BAE Systems Applied Intelligence delivers solutions which help our clients to protect and enhance their critical assets in the connected world. Leading enterprises and government departments use our solutions to protect and enhance their physical infrastructure, nations and people, mission-critical systems, valuable intellectual property, corporate information, reputation and customer relationships, and competitive advantage and financial success.
PROTECT AGAINST ONLINE QUOTE MANIPULATION How can Insurers address attempted fraud and dishonest manipulation at point of quote, while minimising friction for genuine customers?
Engage with
For more information visit www.baesystems.com/ai
8 | Australian Security Magazine
www.baesystems.com/ai
BAE Systems Applied Technology Intelligence FocusFeature - CCTV
Why intelligence-led penetration testing needs to be the proactive defence in every business As the cyber threat landscape evolves, so too does the need for more robust defences, as well as realistic, or ‘real-life’ testing of those defences. The increasing speed and variety of digital threats and defence mechanisms has led to the rise of threat intelligence as a specialism within the security field. In turn this has ushered in a new model for testing enterprise networks: intelligence-led penetration testing. Dr Malcolm Shore, Technical Director Australia, BAE Systems Applied Intelligence, said, “Intelligence-led penetration testing delivers information that companies can use to provide meaningful insight into how vulnerable the organisation’s network is to cyber attack, as well as the likely consequences of a successful attack. As a result, this type of testing can help business leaders make the right decisions to create a proactive defence.” “Intelligence-led penetration testing specifically mimics existing, up-to-the-minute threats, so it gives businesses a clearer picture of their risks, strengths and weaknesses. These tests involve replicating the work of sophisticated cyber criminals that threat intelligence has identified as presenting a significant risk,” Dr Shore said. “In the cyber age, security testing should be based upon rich contextualised threat intelligence, which informs and guides how the testing should be conducted, what attack methods should be simulated and where testers should focus their resources. “This method of testing provides a more structured and effective approach for companies to mitigate their cyber risk and understand the real effectiveness of the key technical security controls they have in place. “Our company in the UK recently became the first company in the world to secure Bank of England approval to deliver both threat
intelligence and penetration testing services to the UK financial services sector under the CBEST scheme. “In an environment where the amount of information being stored and processed has exploded, big data is the norm, and companies are interconnected, there are more hiding places and vulnerabilities than ever before. Keeping track of and protecting against all the relevant threats is a massive undertaking that is only going to get more complex. Businesses must evolve to an intelligence-led security programme or risk being unprepared for the next wave of cyber crime,” Dr Shore said.
Public Wi-Fi networks a threat to your businesses’ data Recent announcements around free and open public Wi-Fi being rolled out in towns and cities across Australia is great news for consumers, but may expose businesses and their employees to data breaches if companies don’t protect against it, says Rajiv Shah, General Manager, Australia for BAE Systems Applied Intelligence. As it becomes more common for employees to BYOD (Bring Your Own Device) and for businesses to allow employees to use their own devices to connect to corporate networks, associated security risks to the enterprise are also increasing. Organisations that fail to protect themselves against these risks and secure their information may be putting company data into the hands of cyber criminals. Dr Rajiv Shah, said: “When users access unencrypted networks, attackers can easily hijack the session and not only gather all sorts of sensitive information, including passwords, but also potentially inject malicious code to compromise the device.” “This makes everything on the device vulnerable – including any corporate data. If an employee then connects a compromised device to the corporate network this can be a backdoor route to let a determined criminal mount an even wider-ranging attack,” Dr Shah said. BAE Systems Applied Intelligence suggests
WHITE PAPER - THE DATA LAKE - READY TO TAKE THE PLUNGE? We live in a time of uncertainty for the traditional Enterprise Data Warehouse (EDW).
www.baesystems.com/ai
three steps for businesses to protect their corporate networks: 1) Implement and enforce a strong security policy. Organisations should conduct a prioritised assessment of the risk that any mobile device, whether company owned or BYOD represents and develop a clear policy explaining how employees should use devices and setting out the security measures to protect information. Properly thought-through security will provide benefits to employees without unnecessarily impacting on the use of their personal devices. 2) Educate employees. Businesses must educate employees about the risks of using their own devices and prioritising convenience over security. An obvious step would be education about the risks of using open, unencrypted Wi-Fi connections. This is one part of getting employees to care about security and understanding that they have an important role to play in keeping the organisation’s cyber security risk to a minimum. 3) Implement appropriate security controls. Traditional mobile device management solutions will go some way to protecting companies, but there is much more that businesses can do. Businesses should install a multi-layered security model that includes device configuration and management, appropriate secure connection methods, on-network content filtering solutions, and ongoing monitoring of corporate networks. For example, an appropriately encrypted VPN service could be used on untrusted networks. This can be combined with a global, cloudbased security solution that can scan the content and source the destination address by using specialised detection methods which block security threats and unacceptable content. “Companies need to consider appropriate security measures to protect against cyber criminals accessing their information and networks through activities staff may think are seemingly harmless,” Dr Shah said.
WHITE PAPER - 5 STEPS TO IMPROVED OPERATIONAL SECURITY In the modern world, for many of us working to tackle cyber crime, the goal of building effective operational security is not only to be able to identify, investigate and re-mediate cyber attacks and crimes conducted in cyber space which impact on the real world, but to prevent such attacks from occurring in the first place.
Australian Security Magazine | 9
Palo Alto Networks appoints Sean Duca as Vice President & Regional Chief Security Officer for Asia Pacific Duca, who is based in Sydney, Australia, will be responsible for the development of threat intelligence security best practices and thought leadership for Palo Alto Networks in the region. This includes strengthening security initiatives and maintaining good channels of communications and support for Palo Alto Networks’ customers across Asia Pacific. Sean also will be a key addition to the Palo Alto Networks Threat Intelligence team, Unit 42, actively contributing to an APAC perspective on the latest findings of cyber threats. With more than 17 years of experience in the IT security space, Duca is widely recognised as a thought leader in the technology industry. He has provided expert guidance and advice to the Australian government around online safety issues, and on cybersecurity matters to the public and private sector within Asia Pacific. Prior to joining Palo Alto Networks, Duca spent 15 years with Intel Security, most recently as the company’s Chief Technology Officer for Asia Pacific. In this role he was responsible for improving and driving the company’s solution strategy and technology vision and steered the development of Intel Security’s reference architectures in close collaboration with customers and partners across the region. Prior to this, Duca held managerial roles at the company with a focus on technology management and sales engineering. Before Intel Security, he was involved in software development, technical support and consulting services for a range of Internet security solutions.
FireEye Sets Sights on Extending Regional Channel Ecosystem FireEye, Inc. announced two industry veterans have joined the company to help extend its channel programs in the Asia Pacific region. Sean Kopelke joins as Director of Global Alliances for Asia Pacific Japan. Kopelke is responsible for strengthening FireEye’s strategic partnerships across the region to expand FireEye’s reach in the marketplace. Sean has first-hand experience and deep knowledge of the Asia Pacific and Japan markets and has worked in both Asia and Australia. Prior to joining FireEye, Sean was Senior Director of Symantec’s Technical Sales Organisation in Australia and New Zealand. Lani Edwards joins as Head of Channels, Australia and New Zealand. Edwards is responsible for leading FireEye’s channel strategy and managing its network of distributors and value-add resellers. Edwards brings more than 15 years of channel experience across vendor, distributor and reseller organisations spanning countries throughout Europe and Asia. Most recently, Edwards was Head of Channels for Juniper Networks Australia New Zealand. “Today most organisations in the region aren’t prepared to defend themselves against advanced cyber attacks. Globally, we find that 96 per cent of organisations are breached and 27 per cent of those involve advanced malware. The Asia Pacific region is not immune, in fact, its regional tensions and economic dynamism fuel cyber attacks,” said Scott McCrady, Vice President for Global Solution Providers and Asia Pacific and Japan Channels at FireEye. “To expand our reach and help even more organisations defend themselves, we are fostering a strong industry ecosystem across the region. Sean and Lani are valuable assets in this effort.”
Blue Coat positioned by Gartner in “Leaders” quadrant of the magic quadrant for secure web gateways Blue Coat positioned by Gartner as a leader for the eighth year in a row for its technology for advanced threat defense solution Blue Coat Systems, Inc., a market leader in BlueCoat- Logoenterprise security, today announced it has been positioned in the “Leaders” Quadrant of the Magic Quadrant for Secure Web Gateways (SWG), 20151 by research and advisory firm Gartner, Inc. For the eighth consecutive year, Gartner has recognised Blue Coat as a leader in the Secure Web Gateway category. Gartner evaluated vendors on their ability to execute and completeness of vision of their products in the SWG market. Blue Coat has, once again, been recognised for its market leadership in both vision and execution. Blue Coat’s Secure Web Gateway is the foundation of an architecture for best-in-class security, providing real-time intelligence and policy-driven security capabilities. Broad and flexible deployment options give customers the ability to consistently apply security policy and techniques for users worldwide. The integration of Blue Coat’s on-premise technologies with its cloud infrastructure provides customers the flexibility to leverage their security technology investments and apply them consistently while preserving user experience and reducing cost.execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.
If you have an entry for Movers & Shakers please email details and photo to editor@australiansecuritymagazinecom.au
10 | Australian Security Magazine
YEARS OF CONNECTING THE SECURITY INDUSTRY
MELBOURNE CONVENTION & EXHIBITION CENTRE 15-17 JULY 2015 REGISTER FREE NOW SECURITYEXPO.COM.AU
Join us once again in Melbourne for this year’s 30th anniversary edition of the Security Exhibition & Conference. Australasia’s premier security event brings the industry together from 15-17 July 2015 with new and exciting attractions to celebrate the ever evolving world of security.
PROMO CODE: ASM LEAD INDUSTRY PARTNER
PRINCIPAL EXHIBITION SPONSOR
ORGANISED BY
Australian Security Magazine | 11
Cyber Security
From Infosec to intelligence based cybersecurity Gone are the days when IT could be protected by implementing a standard set of security controls.
T By Dr Malcolm Shore BAE Systems Technical Director
12 | Australian Security Magazine
he complexity of national information networks is increasing faster than our ability to understand them and, on an internet that was never designed to be secure, to defend against them. It is sobering to realise that the most prevalent standard for security controls, ISO 27002: Code of Practice for Information Security Controls, has its roots in the UK Department of Trade and Industry’s PD0003 document, developed in the early 1990s – 25 years ago and prior to the internet as we know it. This became the British Standard BS7799, then International Standard 17799, and in 2005 was renumbered to the 27000 series, with a new version being released in 2013. A key reason for the longevity of these controls has been their adoption by the audit community as the basis for auditing the security aspects of IT General Controls used to ensure protection of financial systems. However, information security is not cyber security, and new frameworks are needed to address the unique characteristics and environments which make up cyberspace. The US National Institute of Standards and Technology in 2014 issued a framework for ensuring the cybersecurity of the critical infrastructure which provides an updated list of security categories and maps them to a range of controls from information security standards, including ISO 27000. One of the key controls in the cybersecurity framework which has no ISO equivalent is ID.RA-3: Threats, both internal and
external, are identified and documented. This is a key control for understanding security risk. With cyberspace increasingly looking like a battlefield, knowing who is attacking you, what their motives are, and how they execute their attacks is a key part of cyber situational awareness and an important input to designing an effective security regime. Sun Tzu said if you do not know your enemies but do know yourself, you will win one battle and lose one, if you do not know your enemies nor yourself, you will be imperiled in every single battle. Ideas in the kinetic world don’t always translate into the cyber world, but the value for an organisation in knowing its own disposition and the threats which it faces is significant. As the threats in cyberspace have grown, cyber threat intelligence has emerged as a key cybersecurity service, not only for government and critical infrastructure, but for all organisations operating in cyberspace. The value of cyber threat intelligence lies in its ability to change an organisation’s posture from being reactive, responding to attacks when it’s breached, to being proactive, where cybersecurity defenses are tuned to expect and deflect attacks. Cyber threat intelligence comes in two forms: operational and strategic.
Cyber Security
The prevalence of polymorphic malware makes it difficult for operational threat intelligence to keep up with tomorrow’s malware. Strategic threat intelligence, on the other hand, will often be relevant for the life of the adversary or malware family. 1.
2.
Operational intelligence comes in the form of data which can be used to configure cyber-defense equipment such as intrusion detection devices to look for specific patterns or types of behavior which are characteristic of a threat. These are known as indicators of compromise. The effective use of automated operational threat intelligence feeds can also deliver timely response to rapidly evolving threats, substantially reducing the window of opportunity within which an attacker can exploit a known vulnerability. Blacklists (lists of compromised IP addresses) are also a popular form of operational threat intelligence. Strategic cyber threat intelligence is defined, according to Gartner, as ‘Evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard’. However it may be defined, strategic threat intelligence translates to knowing your enemies.
The prevalence of polymorphic malware makes it difficult for operational threat intelligence to keep up with tomorrow’s malware. Strategic threat intelligence, on the other hand, will often be relevant for the life of the adversary or malware family. For example, the Snake Campaign report issued by BAE Systems in 2014 noted that despite the McAfee ShadyRAT report being published in 2011, there had been no change to the characteristics of attacks from the group. The Snake Campaign report provides detailed threat intelligence on the malware known as Agent.BTZ and the group behind it. This malware was first discovered in 2008, with samples showing that the authors had variants known as snake, urobouros, snark, and sengoku. Recent malware samples have been found to be much more advanced variants of Agent.BTZ, though still sharing many similarities with the original. Despite spanning many years and numerous updates, the malware retains key characteristics such as the files and devices created when it executes, the way it cloaks itself, and the manner in which it injects into new processes. Similarly, the command and control infrastructure upon which the malware operates and the time-of-day at which variants have been compiled remain constant. This knowledge allows the security analyst to derive methods to detect the malware either as it arrives or when it attempts to execute. While developing operational threat intelligence can be done by analysis of the malware, developing strategic threat intelligence requires not only malware analysis but also many sources of human and technically sourced intelligence from open and darknet sources, as well as a team of analysts who can interpret and fuse the information into intelligence. This intelligence then needs to be supported with actionable advice
which is accurate and timely, and tailored to the specific intelligence requirements of the consuming organisation. Organisations can start to understand their adversaries by mapping the adversaries’ past activities and capabilities, historical and current affiliations, their readiness and objectives, and future ambitions. This allows informed priorities to be set for cyber defense investments, and by being able to attribute attacks to threat actors enables better response in the event of an incident. Honeypots and sinkholes are two key technologies which are deployed by researchers to attract attacks and redirect malware traffic. These provide a rich source of input into threat analysis. There are many open source feeds for operational threat intelligence, and many companies release malware and threat actor analyses. However, open source strategic threat intelligence often lags behind paid services, and real time displays, while visually appealing, provide little actionable threat intelligence. Cyber attacks are rarely carried out without clear motivation and rarely occur as a single action, so one of the key goals of threat intelligence is to anticipate them. The use of social media feeds to predict traditional activism and cybercrime has been successful, with Nathan Kallus from the Massachusetts Institute of Technology successfully demonstrating his model for predicting national-level unrest based on Twitter feeds. Another obvious source of predictive cyber threat information is monitoring of malware spread; the use of BlackPOS was seen many months in advance of its first sighting in the United States and the subsequent attack on Target’s POS system. The importance of threat intelligence is not lost on the United States Government. In February 2015, President Obama tasked the Director of National Intelligence to establish the Cyber Threat Intelligence Integration Centre as a national intelligence centre focused on “connecting the dots” regarding malicious foreign cyber threats, and providing all-source analysis of threats for US policymakers. Here in Australia, the establishment of the Australian Cybersecurity Centre will enable more effective threat intelligence integration by having government cybersecurity agencies and key critical infrastructure organisations co-located. Threat intelligence is an emerging discipline both for service providers and for consumers. In a survey carried out by the Ponemon Institute, released in March 2015, 80% of companies in the survey that had suffered a material breach said threat intelligence would have helped prevent or minimise the consequences of the attack. To successfully defend against contemporary attacks requires a focus on new areas of cybersecurity, including importantly, threat intelligence. Information security remains important, but in the age of cyberspace on its own is not enough.
Australian Security Magazine | 13
ENTERPRISE AGILITY OBTAIN COLLECTIVE INTELLIGENCE AT THE FSI LEADERS SUMMIT
JOIN US IN SYDNEY How is your organisation adapting to digital; what is your mobile strategy? The FSI Leaders Summit will influence discussion around enterprise agility in today’s constantly evolving workplace within the financial sector. The Summit is invitation only and intended for Australia’s most senior Financial
leaders including CIOs, CTOs,
Heads of Technology, SVPs and many more to gather for a strategic two day event in order to exchange knowledge and interact as one over a range of important issues facing the industry.
SEPTEMBER 16 - 17, ANZ STADIUM, SYDNEY WWW.FSILEADERS.COM
FURTHER SUMMIT TOPICS INCLUDE
CYBER SECURITY
DIGITAL
MOBILITY
BIG DATA
ANALYTICS
For more information contact Tyron McGurgan e. tyron@mediacorpinternational.com.au
14 | Australian Security Magazine
STORGAE
www.mediacorpinternational.com.au p. 02 8188 8508
PAYMENTS
Cyber Security
Enterprise Security in Asia 2015: The ugly, the bad, and the good By Edwin Seo
T
he enterprise love affair with technology is showing no signs of dissipating. From bring-your-owndevices to the ever-present tipping point of the Internet of Things, the business world has bounced back from the financial crisis and is aggressively pursuing advanced enterprise architecture. A large proportion (65%) of businesses are now using cloud technology of some sort. In fact, so ubiquitous is cloud now that the debate has evolved from public vs private to customised cloud solutions on a per case basis. The democratisation of cloud across the enterprise has heralded in a new era of consumer interaction with businesses, one that is defined by the sheer scale of information that organisations now hold about their customers, their purchases, and each other. How big is this “big data”? There are now more than 2 trillion objects stored in Amazon S3, which equates to five objects for every star in our known galaxy. That is a phenomenal amount of information, and a figure that is only being augmented by the evolution of apps. The shift in consumer expectations around apps has caused a dissolution of the traditional enterprise infrastructure perimeter. Increased mobility and investment means applications are migrating to the cloud, which is in turn heralding a brave new world of connectivity, interaction, data and analytics.
The Ugly Business success has always been a breeding ground for criminal activity, and today’s hyper connected, cloud-based society is the perfect environment for nefarious activity to evolve and thrive. The ugly truth is that as fast as enterprises are investing in their network infrastructures, cyber criminals are finding new and innovative ways to attack, breach and steal. The wealth of information stored on corporate servers, whether locally or in the cloud, have made them a lucrative target for anyone wishing to access valuable data. From customer credit card numbers to employee details to proprietary business information, data is power. The very distributed and disparate nature of today’s widespread cloud computing solutions makes it increasingly difficult for enterprises to maintain rigorous oversight of their information. CIOs who previously oversaw a closed, local infrastructure are now dealing with corporate information stored over countless devices, 3rd parties and jurisdictions. The result is a bonanza of opportunity for cybercriminals. In 2014 alone, 42.8 million security incidents were detected by businesses, up 48% from 2013. This equates to some 117,339 incidents a day, or almost 5,000 every hour. Last year the Hong Kong Productivity Council announced a 52% surge in cybersecurity incidents, and identified over 8,300 “invisible bot machines” in Hong Kong in the fourth quarter of 2013.
Australian Security Magazine | 15
Cyber Security
‘Hong Kong Productivity Council announced a 52% surge in cybersecurity incidents, and identified over 8,300 “invisible bot machines” in Hong Kong in the fourth quarter of 2013.’ There’s also the noticeable rise in more sophisticated schemes such as ransomware, particularly the increasingly abundant crypto ransomware. Usually deployed through phishing emails, the malware encrypts user files and demands payment (usually via Bitcoin) in return for the decryption key to recover the data. The Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) has seen a spike in such incidents in recent months, and is now alerted to at least five incidents a month, although the true figure is thought to be much higher. The motives behind this swell in cybercrime isn’t always for financial gain either. While the Sony Pictures and JP Morgan breaches grabbed headlines last year for the leaking of vast amounts of personal data, Asia has recently found itself the target of political activism. Occupy Central in Hong Kong caused hacker groups, the media and governmental organisations to trade digital blows while DDoS attacks rose to their highest level in years during the Popvote. The Bad Cybercrime is estimated to cost the global economy US$455bn. Criminals are evolving faster than many enterprise risk strategies. The bad news is that DDOS attacks are getting larger in scale and audacity across APAC, targeting ever larger amounts of data and not differentiating between SMEs and global multinationals. Businesses today are playing a cat-and-mouse game with criminals, one the criminals are becoming increasingly sophisticated at winning. The largest cyberattacks in history were DDoS attacks on independent media sites in Hong Kong during the Occupy Central referendum votes in June 2014, which peaked at 500 Gbps. In fact, increasingly powerful botnet attacks have helped drive the scale of DDOS attacks up 115% since 2011. And, criminals aren’t just getting more sophisticated, they are getting hungry too. More than 1 billion data records breaches were recorded worldwide from just 1,500 attacks in 2014. There is a real sense that the “wild west” days of the early internet have come full circle, and the enterprise is now in a position where it has rushed to adopt cloud technology without fully planning their security and risk strategy. The problem is that the margin for error in the cutthroat corporate world is thinning all the time, and one mistake can mean the difference between leading the market and fading from it completely. As long as there is valuable data stored in cloud-based platforms, there is a risk that it will be targeted by cybercriminals.
16 | Australian Security Magazine
The Good The World Economic Forum predicted in January 2014 that delays in adopting cybersecurity capabilities could result in a loss of $3 trillion in economic value by 2020 globally. Attacks will increase in sophistication and breaches will grow more severe and more devastating. The good news is that effective solutions do exist. F5’s new Silverline service is built to ensure organisations across APAC remain safe from DDoS attacks and business continues as usual. It employs a network of scrubbing centres around the world to ensure that attacks are mitigated and data integrity is maintained through a unique, powerful hybrid architecture. Enterprises also benefit from F5’s Security Operations Center facility which houses a team of highly specialised security researchers and analysts to provide up-to-date global intelligence. When coupled with the new Silverline Web Application Firewall offering, business can now safely and securely manage a full portfolio of on-premises, cloud, and hybrid security services. About the author Based in Singapore, Edwin is the Regional Security Architect for Asia Pacific and Japan in F5 Networks, where he engages, evangelizes and architects F5 security solutions for key customers. Edwin has more than 15 years of experience in Service Provider and Enterprise networking, infrastructure and security. He has in-depth technical knowledge and experience in DDoS attacks and mitigation strategies, deep packet inspection and data networking. Edwin holds an Engineering degree from the National University of Singapore, as well as various industry certifications from Cisco and Oracle.
Australian CIO SUMMIT
3 – 5 August 2015, RACV Royal Pines Gold Coast, Queensland, Australia The Australian CIO Summit is the premium forum bringing elite buyers and sellers together. As an invitation-only event taking place behind closed doors, the summit offers enterprise and government chief information officers and IT solution providers and consultants an intimate environment for a focused discussion of key new drivers for IT innovation.
DISTINGUISHED SPEAKERS INCLUDE Michael Rosemann, Head of the IS School, QUT Jason Millett, Interim CIO, Westpac New Zealand Grantly Mailes, Chairman, VICTAC Samir Mahir, CIO, Tennis Australia Leigh Berrell, CIO & GM of Business Technology Services, Yarra Valley Water
FOR MORE INFORMATION, PLEASE CONTACT: summits-apac@marcusevans.com
If you could only attend one professional event a year as a CIO, this should be it. GM Retail IT, Energy Australia
Australian Security Magazine | 17
Women in Security
The modern ‘Sherlock Holmes’ of the cyber world…in Silicon Valley
I By Kema (Johnson) Rajandran Correspondent
18 | Australian Security Magazine
t’s no secret that information is power and it’s this notion that has sustained the initial interest in cyber forensics for young Security Engineer, Prima Virani. With an interest in information security and forensics from an early age, Ms Virani was drawn to the cyber security domain, much like Sherlock Holmes to a difficult case. Originally from India, she left her parents and moved to Perth to chase her dreams and complete a Bachelor of Science in Information Technology. For those who aren’t too tech focussed, the world of cyber forensics may not seem so self-explanatory. Virani explains that after a crime occurs, a computer or network forensics analyst would be responsible for gathering evidence from a suspect’s workstation or mobile device of the network their workstation was on – in simple terms, playing Sherlock Holmes but on a computer or a network. While she says it’s an ever-changing field with big challenges, it’s exactly these facets that make her love her work. Virani has worked in a couple of different roles, including Information Security Coordinator at INPEX before country hopping again, this time to the USA. “My role at INPEX entailed a variety of infrastructure security-related tasks such as daily monitoring and analysis of security logs, reviewing infrastructure changes from security point of view, vulnerability management, building and deploying firewall clusters etc,” she explains. “In the short career of mine, so far the biggest highlight
has been to be able to crack through the job-market in the USA and land my job at Pandora Media Inc just a couple of months ago.” While only being in the USA since April, Virani says the opportunities are better, especially in the Silicon Valley, San Francisco Bay Area, where she’s based with Pandora. “There is so much innovation and so many emerging companies right now. I hear that the area is going through another tech-boom at the moment and this one being much better and much more stable than the one in the early 2000s.” A hard-working, intelligent individual, Virani never stops learning but doesn’t forget the help of others in her achievements so far. “My supervisor at INPEX, Eric Appelboom, I reported to him directly for the last couple of years. I have learnt 75 – 80 per cent of what I know today in my job from him – mostly technical things and a lot of non-technical things like organisational, and political as well.” “My only previous role to INPEX was in Incident Management support at a University and the experience gained from my degree. It definitely helped to know the basics well but I have learnt the most on the job.” Cyber forensics has become a popular topic in security and aside from the knowledge of IT technology, Virani says it is important to be adaptable and learn things quickly, particularly as it is becoming one of the fastest growing and in-demand areas of security.
Women in Security
“I think of the biggest benefits of social media is that the youth are a lot more aware not to generalize and stereotype racially which in turn eliminates a lot of hatred against certain communities and races, which means there will be a lot less people left out or sidelined.” “The word ‘hacker’ only started becoming popular about 4-5 years before I completed high school. Statistics dictate that identity theft is on the rise. It’s been steadily increasing for the last 4 years now. With the amount of information about people out there on the internet, it’s easier now than ever to steal someone’s identity.” “It’s very hard being specific about laws regarding IT since it moves so fast, I think we have enough laws to cover most of the basics.” “If we did have binding international laws, it would more likely mean that a few countries would benefit out of it and the rest would fall victim to it.” “I believe in the larger scheme of things, the internet is the last place right now that should become just another politically controlled environment.” With the rise, popularity and dependence society has on social media today, some would say that it’s made it easier for law to be broken, identities stolen and terror to spread however Virani says its affecting us in great ways. “I think of the biggest benefits of social media is that the youth are a lot more aware not to generalize and stereotype racially which in turn eliminates a lot of hatred against certain communities and races, which means there will be a lot less people left out or sidelined.” “With the availability of so much information out there it’s increasingly harder for the political leaders to misguide people about what they’re doing and the impacts of it. Collectively it’s definitely helping stop feed the beast of terror and hatred in the long run.” With the support of her parents, Virani is striving ahead ready to take any opportunities as they arise and says she hasn’t yet experienced any difficulty or roadblocks due to her gender. “Technically no, but culturally sometimes it seems like it is harder, however I don’t think I have enough experience yet. If you ask me in five years time, I would have an answer.” A statement which could be down to the fact she is early in her career or it could be a sign of changing times – a fast growing area that could just as quickly be leaving behind the stereotype that it’s a male dominated field. Let’s hope in five years time, Virani’s answer remains the same but progressed; that technical skills are more important and valued than ones gender and that it no longer “seems” hard to be a woman in the field.
Prima Virani - Security Engineer.
Australian Security Magazine | 19
Frontline
UAVs civil market actual situation and future expectations by Alvaro Escarpenter
20 | Australian Security Magazine
U
AVs are not something new as some people think, in fact they have existed for many years, having their first appearance even before the World War I. However, even when technological advances were helping to their development, their growth remained slow and mainly in the military industry. Then with the development of GPS in the 90’s and the amazing reduction in terms of cost and size suffered in the electronic world, their range and precision improved and the term “UAV” became popular for these aircraft. Now, after many years of development mainly in the military sector, the global UAV industry is going through a challenging period, a turning point where the continuous research efforts are going to be key for the growth of this increasing sector, which is expected not just to provide a tool for improvement in current fields, but also it is expected to create whole new industries. This radical change in the last few years has come thanks to different factors which all combined have boosted the “drone’s revolution”. The three that definitively have impacted its growth the most are: research, technological advance and legislation. Research has probably been the first step on the process that is still on its early stage. It has permitted the industry
to go and try new applications for different fields by taking advantage of the facilities that UAVs provide. The analyses of needs and weaknesses of several industries have created the necessity to come up with new ideas for the improvement of different tasks, leading to an innovative technology where integration and versatility are its main strengths. Once researchers have implemented UAVs for different applications and the results were favorable, the revolution started. Agriculture and farming are taking the lead on the implementation of UAVs as well as public security, making them the current promising markets in the commercial industry. Nevertheless, the process continues and once it reaches a more mature stage, the applications for these aircraft are going to even surpass our expectations. On the other hand, there is also technological advance. Drones by themselves are a revolutionary technology that is just starting to enter into new markets. This development has been possible thanks to not only current technological tools, but also it has facilitated the invention of new ones to improve what it has been done until now. This means that research goes hand in hand with technology, the development of the first one helps to improve the development of the second one and vice versa; opening space for the future apparition of new applications that right now we can’t
Frontline
even imagine. For instance, remember how mobile phones were 10 years ago and how are they now? Now, they cover applications that we couldn’t ever imagined before, reaching a point where they went from simply making calls to becoming an important and essential tool for our daily life. What does it mean? We are leaving the boom of drones; we are experiencing the first steps of the applications of a technology that has been developed for many years. From the materials and the electronics to the payloads; technology has grew considerably making UAVs a versatile tool that is starting to take off in the commercial market. Finally, we have legislation, which its recent release in different countries meant a big step for the industry. In this sense, United States has always been known for leading innovation in new technologies, but this time, at least in regulatory terms, Europe has taking the lead by boosting wider approvals for commercial purposes. Nowadays there are around 3000 qualified operators in Europe, 2000 of those in Germany and France which are the most advanced countries in terms of UAVs. Following the data from the French CAA, 100% of the systems are less than 25Kg and the majority (90%) is used for media applications while the rest is used for industrial applications. In general terms, the previous trend can be explained due to current legislation which in countries such as Spain or United States permits operations for unmanned vehicles weighing less than 25kg and operating in visual line of sight. Above that weight, operations are prohibited or the requirements are much more exigent, thus making it more expensive. But, why visual line of sight operations? The required continual line-of-sight visibility on the operations comes due to the need to ensure airspace safety and lower the risk in general.
Below 400 feet
No aerial traffic
Unpopulated Areas
No risks on ground
Lower risk in case of fail
Light UAVs
This is limiting the applications that can be exploited in the commercial industry by not allowing them to reach their potential. However, we still have a long way to go and as the industry continues to develop and been tested, regulatory terms are going to become more permissive. This happens because even though some people think that legislation is the first step to support the development of new products and technologies; actually it is not how the process usually works, it is the other way around. First new businesses’ models appear, then they enable the product development, thus legislation becomes necessary. In fact, if there are no valid businesses’ models, there is no reason to rule a market that doesn´t exists yet. Think in the following examples: Cars were created and people just drove them until the use was so extended that some kind of regulation, insurances and quality or safety standards were necessary. Also, we all now use Internet, but the world was not ready for it when it first started. Only when all the faces of
‘Spain or United States permits operations for unmanned vehicles weighing less than 25kg and operating in visual line of sight’ Internet were seen was when legislation became necessary. In conclusion, actual laws are temporary and will expand and concrete following the market needs. When the applications demonstrate the economic feasibility, it will be necessary to establish the appropriate rules for the development of safe and healthy businesses.
What to expect for the future? United States has shown the most important growth during the last few years. However, we are starting to see an expansion of the market that is reaching emerging countries such as Europe leaded by France and Germany, the Middle East with Israel as pioneers in tactical UAV efforts and sales for armed forces and Asia Pacific. If the tendency continues, US will probably remain the country with most market share, but the rest are expected to show a much more considerable growth in the upcoming years. Additionally, the added value chain of the drones market will provide opportunities in two different fields: Aerospace Segment, with operating services companies, platforms development, systems or subsystems development. On the other hand the ITC segment will experience huge expansion with opportunities such as apps development, imaging processing or services companies. New platforms with higher autonomy, range, payload or capacity will enable new applications, better and more accurate control algorithms and navigation systems will increase safety, while reducing pilot’s workload. At the same time, new sensors or images processing technology software opens new opportunities for end customers that will search for those solutions easy to use and really marking the difference, for example aerial mapping software applications are already in used. Then both sides will tend to boost each other, pushing also the rule makers for the establishment of a more permissive environment where the growth is permitted and the drones in all their different configurations, sizes and types are a tool of daily use. UAVs are starting to revolutionize the way we have been doing some works. Even though applications are still in process of development, drones are here to stay, and for the next years what we are going to see is nothing but expansion. About the Author Alvaro Escarpenter, Aerospace engineer, COO and Co-founder of Alpha Unmanned Systems a Spanish company dedicated to design, develop and produce high performance small unmanned aerial vehicles. edia and Extremism.
Australian Security Magazine | 21
Frontline
Crisis and emergencies:
Plan & planning for effective responses
A By Prince Lazar
22 | Australian Security Magazine
plan is like a parked car; planning is taking that car on a trip. Planning is measuring your activities/ motion against the baseline of the strategies, assumptions and projections you made in your plan. So how does a static, written plan work when a business is always in motion? It works when you turn your plan into planning. Plans are good, but only work when they are exercised before the crisis happens. Because disaster can strike anywhere, anytime, the ability to respond is essential for effective emergency response. And with the acute phase of disaster response—when most lives can be saved; most Organisations have realised that they must carefully plan an emergency response strategy, to protect their people and operations. In fact companies, without such a plan or planning, are actually risking their business and reputation. Preparing Organisation and communities in advance how best to respond to adversity on their own when it occurs is also crucial; creating a response capability that is both immediate and helps build self-reliance. Using an Emergency Management System model: ER (Emergency response) is RESPONSE or the initial reaction to an event or incident which is crucial and sets the tone for subsequent actions whereas, BC (Business Continuity) is RECOVERY for the business / community to get back on its feet, and then there’s of course the LONG TERM RESTORATION which is about rebuilding and return to a new environment (unless it is decided not to abandon everything and “close shop” which, of course, may be an option). This illustrates the fundamental difference between emergency response (ER) planning and business continuity (BC) planning. Training exercises should push the limits of the strategies adopted to see if they adequately address the situation presented.
Sometimes you have to exercise on the fly which becomes education and value to the Organisation ultimately getting embedded as a Culture. Of course Value comes from planning and practicing. Planning helps identify the resources required and ensure they’re in place - people, facilities, technology, infrastructures, suppliers’ capabilities, etc. Most occasions Responders lack the resources and sometimes the ability to do their jobs/ response demands. Being the response stage, it needs to be understood that it doesn’t even include recovery and restorations which is more vital in the whole plan. It is evident and understood that Traditional static plans aren’t able to address complex, dynamic problems adequately. Normal planning is inadequate to address the complex and radically altered environment produced by a catastrophe. This leads to a clear indicator that there is a need to focus on building the capacity of teams to engage in a more emergent process whereby, innovative solutions more relevant and suiting to the crisis due to its complexity are implemented and tested. It needs to be assessed how rigid the program and the plans are? Static plans are written like Recipes, with sort of instructions as what to do when, and are meant to be followed to the letter. Dynamic plans are written like tactical plans like in Team game-books for Football, Cricket, Hockey etc. with options and guidelines of what to do when, and an understanding that it might not go as planned but at least everyone on the team has a plan as well as expectation of what everyone will do. The players need to take the education and training that they have and will have in the future and then practice the plan again and again. They need the planning and education of working together as a team. This will be invaluable when the crisis comes and action has to be taken. If you keep exercising against different scenarios you
Frontline
inculcate a flexibility of response that will serve you well when the scenario is nothing like you expected and the plan doesn’t work when the real situation strikes. You need knowledgeable people who can action plan and execute on the fly, adjusting to the unique circumstances but based on a solid understanding of the business and the capabilities they’ve built. Divergent thinking is necessary in order to be successfully addressing the response and recovery from any kind of disaster. One of the classic examples of Responses gone wrong during a Crisis was the Hurricane Katrina - the largest natural disaster in the United States that affected 92,000 square miles of the city and claimed 1,800 people’s lives. It is pertinent to note that Hurricane Katrina occurred four years after the attacks of 9/11, three years after the subsequent creation of the Department of Homeland Security (DHS), and one year after the DHS had created a National Response Plan. But despite the heightened attention to homeland security in US, the response to Katrina was a failure. The poor response arose from a failure to manage a number of risk factors. The risks of a major hurricane striking New Orleans had been long considered, and there was enough warning of the threat of Katrina that declarations of emergency were made days in advance of landfall. But responders failed to convert this information into a level of preparation appropriate with the scope of the impending disaster. Katrina evolved into a series of connected crises, with two basic causes. The primary cause was the hurricane itself, but no less important was the collapse of man-made levees meant to protect a city built below sea-level. These factors unleashed a series of cascading problems that characterises Katrina as an example of a new type of complex crisis. We cannot and should not use anything even closely resembling normal when faced with a complex, radically altered environment caused by a catastrophe. This kind of event calls for extraordinary measures. We cannot wait around to see what we might have to face and eventually have to do. We have to visualise and plan for extraordinary actions that we “normally” would not be doing. What we are doing now may be still not adequate for the current situation given the fast changing world scenarios and threat perception. Naturally this calls for thinking outside the box in normal situations and even more so in catastrophic circumstances. As an Organisation, there is a need to encourage employees to think out of the box. If the employees have suggestions or ideas that might help business or to remedy situations, those ideas should be encouraged to come immediately to the management and then this innovative thinking/effort should be rewarded to breed more such efforts, thereby creating a Culture. It should be understood that part of that mentality is that the employer or company has encouraged that environment which communicates to their people – Worker A that they “don’t pay them to think, but to do what they are told.” Too many people have just come to accept that and do nothing else and NOT to think for them or “out of the box”. This concept requires a paradigm change from the employers’ perspective to manage and action Responses effectively to meet organisational objectives finally. Worker B for the most part describes you & I and further does not need to be often prompted. In most cases, it should be noted that Worker
B is a free thinker that can and does work without much supervision and gets the job done.
‘In a crisis,
Response as a Function
effective decisions
It leads us to think that Responses over the years have become more of a function of training, drilling and exercising to move the plan from the document into the team’s performance and culture. It’s also a function of moving a program from ‘reactive’ to ‘proactive’ or to be ‘pre-emptive’ and building a value or culture of ‘learning’ organisation from a ‘doing’ organisation. For an effective Response, you need both types of responders – DOERS and THINKERS. So it gets clear that we don’t try to train ‘worker soldiers’ to be ‘thinker leaders’ if that’s not their strength.
and actions
When it comes to Responses, there are four critical functions as listed below: • Leadership - provide effective and efficient leadership and coordination of the response. • Information - coordinate the collection, analysis and dissemination/communication of essential information on needs, response, gaps and performance. • Technical expertise - provide technical assistance appropriate to the Response required to meet the Organisational objectives. • Core services - ensure the support elements/ units logistics, office establishment, surge and human resource, procurement and supply management, administration, finances are in sync with the Responses.
has occurred,
Crisis Response & Communication Research has shown that successful Crisis management results primarily from the activities of effective emergency response. In particular, there can be management problems with respect to the communication process, the exercise of authority, and the development of co-ordination. Going by the Crisis response of Hurricane Katrina, a key failing of the DHS leadership during the catastrophe was an inability to understand Katrina as an incident of national significance on par with 9/11. Instead, they responded as if it was a routine natural disaster until it was too late. In a crisis, effective decisions and actions must precede communication. The reality is that once the instant of crisis has occurred, the response and process of recovery has begun. The operational response goal is to put the focus truly on the first 1-3 hours of a crisis to assure that tone, tempo, scope, and intent are established powerfully and constructively. Emergency communication response priorities must address appropriate operational action and match the expectations of all potential audiences who could be affected or afflicted by the actions or by the crisis situation. Emergencies require nearly simultaneous communication activity in all priority response areas or functions. Effective execution is a primary concern precisely because time is limited. The more promptly actions are taken in response, the more quickly recovery can occur and production of victims can cease.
must precede communication. The reality is that once the instant of crisis
the response and process of recovery has begun.’
Frontline
The stratum of work in the security industry : Perceptions of the application of security in the corporate organisation Corporate security is continuing through a period of growing pains, with corporate executives and security managers often failing to agree on the value of the function. This disparity must be addressed, not through overselling threats and fear-mongering, but through addressing fundamental concerns of organisational structure and responsibility. By Codee Ludbey
24 | Australian Security Magazine
S
ecurity as a corporate practice area is in a state of trying to find its place in the eyes of practitioners, managers and corporate executives world-wide. The practitioners consider that security should sit at the apex of an organisation, providing advice in strategic decision making, and ensuring resilience and business continuity in the face of disaster. The executive team, in many cases, claim that security is simply a lower management function that is entirely reactive, affects the bottom line, and cannot contribute to the strategic goals of the organisation. Such disparity in perception is causing numerous problems throughout the security industry, including poor communication at the executive level, poor understanding of the threat environment, and in many cases, reduced efficacy of security policy and protection measures. This fundamental disagreement is the
main driver of many issues, and causes uncertainty in the industry and the corporate structures that support it. This is especially true when it comes to determining where the security function should sit within the broader organisation. It is apparent that some of the most successful security managers and their teams are structurally located near the top of their respective organisations, operating at an executive level, and championing the security cause in support of strategic corporate objectives. There is a tendency to forget however, that many security functions are effective at much lower management levels, removed from the executive level by many layers in comparison. Is this discrepancy due to the environment that the organisation operates within? Or is it a reflection of the organisational structure and its ambiguous understanding of the security function?
Frontline
Figure 1: The Stratum of Work
Clarity of such concerns can be drawn from the stratum of work. This concept examines the inherent nature of any role, in any discipline within an organisation, and places them on a scale to measure their seniority and position in relation to other roles. For example, the Chief Executive Officer would be at the top of the stratum of work, and a front line sales clerk would be perhaps, at the bottom. The stratum of work should theoretically align with the hierarchy of an organisation, with the most complex and difficult roles at the top of an organisation, and the less complicated, routine roles towards the bottom. In many disciplines, this stratum of work is clearly defined. For example, many could guess the stratum of work inherent in medical organisations, law firms, and engineering companies. However when it comes to security there is often a lack of consensus in the hierarchy of roles. Such discrepancy becomes apparent when considering career progression within the corporate security sector. Graduates are often faced with no defined career pathways, and this is a symptom of a much larger problem. The Stratum of work The stratum of work was articulated by Elliot Jaques, who argued that work can be measured through examination of its complexity in terms of variability in the environment, and the time an individual has discretion in decision making for the role. He posits that the longer an individual has discretion, the more complex the role is, and thus the higher it will sit on the work stratum. Jaques identified seven levels of work, and explains that organisations will operate at different levels along this stratum. According to Jaques, individuals can be placed along this stratum of work through examination of their role and the type of work being conducted. Essentially, the higher levels of work require a more developed ability to perceive, understand, and cope with rising complexity in the business environment. Henry Mintzberg, an influential management theorist, suggests that one of the core differentiators between the lower and higher strata within an organisation is simply the ambiguity and uncertainty faced in solving business problems. Jaques voiced that the true measurement of a role within this stratum of work can only be achieved through discussion with the individual’s manager. It is the manager who tasks the subordinate with work, and who determines when that work is due. Workers who are tasked with a project to be completed within three months, but take six to complete it are not operating at a higher stratum than the worker who completes the task on time. The onus is on the manager to
understand the capabilities of their subordinates, and assign tasks accordingly. This highlights an important issue in the debate surrounding security and its place within an organisation: the practitioners arguing for an elevated position within the organisation may not be the best informed to consider this issue within the context of the entire organisation. The disparity in corporate and practitioner perceptions align with Jaques’ explanations. Both parties have different outlooks on the organisation, and each differing priorities. The security manager may be pushing for a vital change in protective measures across the entire organisation, while their superior is juggling resources for said changes in relation to six other projects, all of equal importance. The push for security to sit within the executive team is important for long term security decision making, however before lobbying for this access, consider your team’s current location on the stratum of work in relation to similar functions. Changing Perceptions and Identifying the Stratum of Work in Security The nature of security is to identify, mitigate, and engage with risk. Some would argue that security management engages with more uncertainty, complexity, and ambiguity than any other management discipline in fulfilment of this role. Security managers must constantly monitor the external environment for changes in threat, and ensure countermeasures are adapting and evolving to suit. Jaques has suggested that the level of complexity in a role is inherently related to its place on the stratum of work. It can be argued then, that security management and its extensive engagement with risk and uncertainty places it in an important position within an organisation. Henri Fayol, a fundamental authority in management theory, suggested exactly this in his earliest work dating back to 1917. He suggested that corporate security should be considered a fundamental business function, vital to the fulfilment of organisational objectives. Unfortunately, without further investigation into the stratum of work within the security discipline, it is hard to say definitively what differentiates the high level manager in one organisation to the equally effective low level manager in another. It could be that both are operating at the same level of complexity, but executive perceptions of the security function have placed them at different organisational levels. It could also be that the organisations are operating at different levels within the hierarchy outlined by Jaques. Research is currently being conducted to explore this issue, and the outcomes should provide the starting point for security practitioners to finally argue their importance in relation to other business functions, in language that corporate management can truly understand. About the Author Codee Ludbey is currently studying at Edith Cowan University in fulfilment of a Bachelor of Science (Security) Honours. He is currently conducting research into the stratum of work in the security industry. If you wish to take part in this research please follow the link: http://bit.ly/1LDIdVv
Australian Security Magazine | 25
Counter-terrorism Feature National
of s n e d i a m g e n h i l T l “ a c e r a a e r s i o f d a p u par e m n ” sig n o o i s t , a e r e m p o m o d r y t r a m
Islamic State’s future pacing techniques: Recruiting Australian’s to acts of terrorism on home-soil. 26 | Australian Security Magazine
Counter-terrorism Feature
T by Robyn Torok Security Research Institute, Edith Cowan University, Perth, Australia
his two part article will focus on strategies used by Islamic State to recruit individuals on social media. This part (Part 1) will focus on marketing strategies used while Part 2 will focus on how to reduce the risk of these strategies being successful. Islamic State has attracted global media attention, not only for the depravity of its actions; but more significantly, for its success in attracting recruits and foreign fighters, in particular from the West. Islamic State’s ability to attract foreign fighters is the result of a carefully devised marketing strategy that is also seeking to spread global fear by encouraging domestic acts of terrorism. Although these strategies are the same, this article will focus on the risk that these strategies pose in terms of domestic terrorism. Essentially, evidence suggests that while the risk of recruitment to join Islamic State is much more likely, the possibility of recruitment for a domestic act of terrorism cannot be ignored. My research on social media has indicated the use of Neuro Linguistic Programming (NLP) strategies. NLP strategies seek to embed change in an individual. While they are certainly not ‘brainwashing tools’ they are used for persuasion and marketing or any purpose that seeks to affect a change in an individual. NLP strategies, as the name suggests, uses a combination of sensory and language connections. A number of these NLP strategies are used by Islamic State. These will be outlined in general terms first before being specifically applied to Islamic State. The first is called “Future Pacing,” which is a tool used in marketing to create a belief in the customer that they have already accepted the product. Language such as “When you use this product..” and “imagine the time you will have saved…” is used and connected to sensory images. A second NLP strategy is called “Anchoring” which is designed at creating links or “associations” between language and senses as well as feelings. Thirdly, “Association” and “Dissociation” which although are separate strategies, are used together to break connections from present belief states and create new and powerful connections toward new belief states. The final important point with NLP strategies is that they do not work in isolation but rather work synergistically together to create change. Having outlined briefly what these techniques are, it is time to focus on the more important aspect of how they are applied and used by Islamic State. The most dangerous aspect of Future Pacing using by Islamic State is the focus on the final product of martyrdom even from early stages of on-line interactions. Statements such as “how precious is the blood of the martyr…” are introduced early and often as are other statements associated with martyrdom. Anchoring is used as a strategy to create associations. Following on with the martyr focus, a martyr’s death and a martyr’s blood is associated strongly with a sense of significance which is what a lot of young and disaffected individuals are searching for. Not only are associations created in relation to martyrdom but attempts are made to engage all the senses using heroic imagery, special chants of victory, smell of the blood of martyrs and so on.
“ ...research on social media has indicated the use of Neuro Linguistic Programming (NLP) strategies. NLP strategies seek to embed change in an individual. “ Association and Dissociation are utilised together to effect a change in belief system. Association is designed to draw recruits into a new state where they associate or connect strongly with the beliefs and narratives of Islamic State, especially jihad and martyrdom as well as foundational narratives of grievances against Islam. Even Australian government policies in trying to prevent foreign fighters are reconstructed and presented as an attack on Islam. Using a multi-sensory approach as discussed for anchoring, the aim is to create a strong emotional connection to the ideology of Islamic State. Its YouTube videos which are linked to social media - Facebook and Twitter, have been constructed to include these multiple sensory dimensions that target the emotions. Association with the radical beliefs of Islamic State is only half of the equation. There also needs to be a “dissociation” or disconnect with the West. Recruits are encouraged to move away from the temporary and empty values promoted by the West and embrace an eternal significance. Death especially is an important focus of dissociation whereby a death in the West is promoted as ordinary and insignificant as opposed to the heroism and significance of a martyr’s death. As previously stated, these two techniques work together to create movement away and a disconnect from one belief system and a move toward or connection with the new belief system. The Sydney siege demonstrated the on-line reach of Islamic State and what is especially concerning is that this event has been praised in Islamic State’s English magazine “Dabiq.” More than this, there were also calls for others to copy or perform similar acts of domestic terrorism particularly on an individual level using ‘lone-wolf ’ style attacks. Fortunately, a number of domestic terror plots have been stopped through Australia’s extensive security investment on preventing terrorism. However, Islamic State are continuing to use these sophisticated marketing techniques not only to lure foreign fighters but also to extend its sphere of influence through the promotion of domestic acts of terrorism which aim to reflect a global reach. In conclusion, while such NLP marketing strategies are not always successful, in the case of Islamic State even a small percentage of success represents a significant threat especially if directed towards acts of domestic terrorism. Understanding strategies used is only the first part in responding to this threat. The second part of this article will focus on what can be done to reduce the effectiveness as well as the risk posed by these strategies to a terrorist attack within Australia.
Australian Security Magazine | 27
Counter-terrorism Feature
Radicalisation Process : A cultural and religious insight By Anooshe Aisha Mushtaq
U
sing her own experience as a case study, in a three part series, Anooshe Mushtaq explores the experiences of Muslim migrants and offers a perspective on the religious and cultural drivers of Muslim radicalisation in Australia. Anooshe identifies key Islamic teachings used by extremists to target recruits and argues that cultural patterns of behavior in the migrant community make some Muslim migrants more susceptible to these radicalisation messages. She observes the shortcomings of the recently adopted measures to combat radicalisation and why they are less effective than expected due to policy makers’ inadequate understanding of the interplay of religion and culture in Muslim communities. In conclusion, Anooshe argues that policies to combat radicalisation must be designed to address both its religious and cultural drivers best achieved by involving trusted members of the Muslim community in policy design and implementation. A Cultural and Religious Insight In order to gain an in-depth perspective of the views and lifestyles of people from various parts of the world I have interviewed people from the Middle East, the sub-continent and the west. In doing so, not only did I learn a lot about their way of life and their respective beliefs but also underwent a transformation myself. My previously myopic views of the cultural differences widened to understand the reasons behind why the Muslim migrant community thought the way they did. I am not a traditional migrant Pakistani Muslim and have integrated well with Australian mainstream culture ever since I arrived here 30 years ago. However, prior to this research my views were limited mainly based on the views
28 | Australian Security Magazine
of my community about the western culture. The extensive research I conducted on the topic of “Social Media and Extremism” expanded my knowledge beyond the Muslim migrant community’s views of the west and the issues in the Middle East. In this paper I will explain elements of Muslim culture that are integrated with some misinterpreted views of the Muslim religion. I aim to demonstrate how culture and religion are deeply intertwined in the sub-continent and in the Middle East and how, without understanding this, our efforts to combat radicalisation in Australia may not be successful. I am sharing my story as a Muslim female who was born in an Islamic country and lived most of her life in Australia. I have experienced both sides of the world. While eastern culture and Islam are embedded in me, I have equally embraced the western culture. While I was growing up in Pakistan, I experienced a cocktail of culture and religion that often created confusion not just for me but also amongst the people who are born and raised in Pakistan. My view is that this confusion is deliberate and often wielded as a means to control the masses in Muslim society. These mechanisms of control flow from the heads of religion, the Imams, to the people and are constantly leveraged by parents to scare the children into obedience and compliance. When these people migrate to Australia some of them use the same controls to shield themselves, their children and wider families from integrating into the mainstream Australian culture, because it deviates vastly from the Muslim cultural values. Therefore, some people in the migrant Muslim community become prisoners in their own homes and create a new ecosystem for the sake of cultural and religious preservation. I was brought up in a culture that was “black and white” (all or nothing). My mum wanted us to be very successful in
Counter-terrorism Feature
our careers and her idea of success was for us to become what the society perceived as respectable professions, i-e., doctor, lawyer or an engineer. Anything less than these professions was shameful and unacceptable. My mum always used to say that if I didn’t study hard and become a doctor, my only other option was to become a prostitute. I know these are harsh words but these are the kinds of extremes that I became quite accustomed to as I was growing up. Basically my mum was trying to give me no option at all when she said those words. She wanted to ensure I was respected by the society in my choice of career. I could never understand how that worked but I accepted it. From my experience most of the people form the subcontinent think the same way. The pressure does not come from the parents but parents are pressured by the expectations of the relatives and family friends. Parents encourage compliance by their own children by drawing comparisons to other smarter and more successful children who are doing well at school or have gained entrance into prestigious degrees at university. There is a lot of pressure on the children to do well at school and make their parents proud. Respect Your Elders and Don’t Talk Back We were brought up not to question our elders, who were our betters. Here is an example of how the respect of elders plays an important role in the life of a Pakistani Muslim. Here is a picture of a pen. I am sure everyone can see that the colour of this pen is red.
However, the Imam, the parents and the teachers hold the ultimate respect in my culture and if they say the color of this pen is blue then it is blue even though the children can see it is red (no arguments). I could not ask questions or argue with my parents or the elders because that would disappoint my parents and authority figures which would bring shame to my family. I will also add that parents and children do not have an open relationship therefore, children don’t often share their experiences or feeling with parents. There is no open discussion about ideas that are considered taboo such as sex, drugs, homosexuality or having a boyfriend or a girlfriend out of respect for the elders. Pakistan is an Islamic country by law, and therefore Islam is a prominent part of the mainstream culture. In Pakistan, respect for your elders is sacred. If I were in Pakistan, I probably wouldn’t be able to freely talk about certain topics in a very conservative society. It’s a tradition in Pakistan that the kids from the age of 5 start reading the Quran in Arabic without even understanding the language because there is more reward for doing so in the afterlife. This is the general consensus in Pakistan and people pride themselves on how quickly they can read the Quran in a foreign language. The issue I found with this practice was that I never understood what I was reading. If I never understood it, I could not question it. I had to rely on the interpretations of the Imams and elders in order to understand the teachings of the Quran. When I found out what the teachings were, I was not allowed to question them because there were
gruesome punishments in the afterlife for doing so. The cultural norm of not questioning those in authority allowed those with religious authority to tightly control people’s deep understanding of religion and subsequently their behaviours. The truth is that Quran does not dictate you read it without gaining a strong understanding of what it is meant to say. The practice of reading without understanding is a triumph of tradition over religion. The point to note is that when an Imam/Mufti or a person with authority issues a fatwa (the term for the legal opinion or learned interpretation) you have to follow it whether it’s right or wrong. I will discuss why that has an adverse impact on the Muslims. My Story I was born and brought up in a Muslim Pakistani family. My father was a Wing Commander in Pakistan Air Force. In Pakistan the culture of the armed forces differs from the civilian life since it’s has a more progressive and open minded culture. Even though the religion is a part of our lives it does not define us to the same extent as it does the civilians. As an air force officer, life in Pakistan was very comfortable for my father and our family. My father’s brother who has been living in Australia as a Doctor asked him to migrate to Australia to provide a better future for his wife and three daughters. We migrated to Australia in 1985. There was a big cultural/lifestyle change for my family. From going to co-ed schools we were asked to go to a girl’s school. From being able to go out and meet friends regularly in Pakistan, we were not allowed out much in Australia. It was also not always easy to convince my parents to let us attend any school functions such as the school dance where boys were invited to join us. The most influential person in controlling this was not our parents but my uncle who sponsored us to Australia. My uncle also told my parents that the girls should avoid friendships with “caucasian Australians and non-Muslims” as they are corrupt and follow un-Islamic way of life (boyfriends, drinking etc.). My uncle’s circle of friends included 2nd or 3rd generation of Pakistani families who had moved to Australia from villages or small towns of Pakistan. Most of his friends were very conservative and religious. There was a change and adjustment period required to assimilate into the new surroundings. Most immigrants leave an entire ecosystem behind that they spent most of their lives building. The elation of starting a new life is often underpinned by a cultural shock leading to feelings of alienation and confusion. There are feelings of loss of a world I knew but is no longer accessible. This was our situation too. Therefore, I felt suffocated as my freedom was lost and most of the Pakistanis here in Australia did not share the same views as our friends from Pakistan Air Force. We had little choice but to mingle and socialise with the Pakistani community here in Australia. Few years later, I got to know a Pakistani family whose son became a good friend of mine. He was very religious and invited me to join him on a Muslim Youth Camp. I was keen to attend the camp as I thought I could get to know him better
“My uncle also told my parents that the girls should avoid friendships with “caucasian Australians and non-Muslims” as they are corrupt and follow unIslamic way of life (boyfriends, drinking etc.)”
Australian Security Magazine | 29
Counter-terrorism Feature
‘All the females in the camp were asked to wear a Hijab (a veil that covers the head and chest) and were told to convince our mothers and sisters to do so as well. The boys were told to go and spread the word of Islam “Tablīgh” (conveying the message of Islam).’ there and my parents would have little resistance in letting me go there since I was going to learn more about religion. Muslim Youth Camp The Muslim Youth Camp invited children and people ranging from 16 to 25 years old from all over Australia. Most of the youth knew how to read the Quran and were well versed with the basic teachings of Islam. However they were not from extreme religious backgrounds. There were a few Imams managing the camp and few senior Islamic teachers from Lakemba and Melbourne mosques. The focus of the camp was to re-enforce our faith in Islam and teach us how to be better Muslims. We prayed 5 times a day and engaged in discussions around “Muslim Ummah” (Arabic word meaning nation or community). The strong message at the camp was that we represented Islam, we are the “chosen ones” and that Allah wanted us to be his “Ambassadors”. Therefore, our duty was to change the “corrupt society” by spreading the name of Allah. We were told that our jihad started first with us by living a pure life and then persuading our families and friends to follow the path that Allah chose for us. “Jihad” (Arabic: it means struggle) All the females in the camp were asked to wear a Hijab (a veil that covers the head and chest) and were told to convince our mothers and sisters to do so as well. The boys were told to go and spread the word of Islam “Tablīgh” (conveying the message of Islam). When I returned, I started going to the Lakemba Mosque because they held Islamic group sessions to discuss religion and various issues with the mainstream Australian culture. I felt that the messages were driving us towards “extreme Islam”. For example, I was told that our parents should sell the house if the toilets were facing Kaaba (Muslim shrine in Mecca) and that our mothers and sisters should start wearing the hijab and every second of our life should be devoted to spreading the word of Islam. The teachers and Imam at the Lakemba Mosque gave us the feeling of authority and importance calling us the Ambassadors of Allah. At times I felt more empowered and welcomed at the Mosque than in my own home. As a result I started to engage in discussions about Islam and what it asked of its followers with my parents and my friends. I perceived Australian culture and the lifestyle of non-Muslims as sinful from which I needed to protect myself and my family. False Sense of Empowerment Through Religion Living in Australia in the early years, I noticed that some
30 | Australian Security Magazine
parents prohibited their children from going out with their friends who were non-Muslim and the children were confined to the homes and only allowed to go out when accompanied by their parents. Some migrant parents feared losing their identity and culture if their children were to assimilate in the Australian way of life. Also since the parent/ child relationship is not an open one the “The Youth Camp”, Social Media” or other “Muslim Groups” was an outlet where the youth were given importance and suddenly they felt empowered. Similar Muslim Youth Camps still run today. Since the 1990 there are a number of growing Muslim Youth Camps which have emerged in Australia. I would like to point out that different camps and Muslim groups provide alternative messages. Not that I have attended any of the recent camps, but the messages on their web sites show that some camps are positive embracing religion in the context of a broader Australian society and it’s good for the youth to attend as they get to meet others with the same background. However, the issue is that groups and camps promote isolating messages emphasising differences between the participants and those who follow the western ways raising a level of disdain and hatred towards other religions and the western world. These messages also generate conflicts in schools and outside school towards “non-Muslims”. The Government should carefully monitor the organisations promoting Muslim youth camps to ensure the messages they promote are positive. The Clear Difference Between The West and East Cultural identity is of great value in the Middle East and countries like Pakistan, Afghanistan, and Iran etc. Arabs and Muslims have been deeply concerned about maintaining their religious and cultural identity and independence. Muslims have always been proud and sensitive about their religion because Islam is not only a faith but also a law, “Sharia Law”. It regulates all aspects of their lives, including economy, marriage and divorce, and matters of state. Islam is the way of life. Muslim migrants experience a culture shock when they arrive in Australia, seeing western culture as corrupt, threatening their cultural heritage and religious values. This is why when the Muslims migrate to the west they become more conservative in their thinking compared to their lifestyle and behavior in their homeland. Western culture, on the other hand promotes freedom of expression, open relationship with parents, allows people to make their own choices and question what they don’t understand, all of which are a polar opposites of the cocktail of religion and culture that is practiced by the Muslim migrants. About the Author Anooshe is a first generation Australian of Pakistani origin. She spent her early years in Pakistan and several years in Libya on posting with her family. Since her arrival in Sydney in 1985 Anooshe has experienced first-hand the changing cultural landscape of Australia.
National
Video: See Siveillance Vantage in action
www.siemens.com.au/bt-security
Siveillance™ Vantage secures your critical infrastructure Siveillance™ Vantage is a command and control workflow engine, specifically designed to support security management for critical infrastructure. Using innovative software, Siveillance Vantage not only ties together all the sub-systems currently used to protect and manage your site, but it also allows you to customise and integrate security policies and procedures using workflows and automated actions.
Siveillance Vantage offers the desired level of security and provides peace of mind at any time for: § § § § §
Airports and ports Correctional facilities Government assets Campuses Energy infrastructure assets
For more information, contact us on 13 72 22 or visit our website www.siemens.com.au/bt-security
www.siemens.com.au
Counter-terrorism Feature
Obstacles for winning the war on terror: and some recommendations for action. By Dr. Keith Suter
T
his part one of a two-part article series is based on a presentation to the 2015 ASIS NSW Conference. This two-part series will examine three obstacles to winning the “war on terror” and it will finish with some ideas on how to build up national resilience. The three obstacles are: (i) recognizing that we are in a “long war” and that quick fixes will not work (ii) seeing terrorism as a “black swan” event (iii) (dealt with in the next article) is the role of the media in “providing oxygen to terrorists”. The “Long War” We are engaged in a “long war”. The phrase comes from RAND, a US think tank in Santa Monica which has done a lot of research for the US military since World War II: Christopher Pernin and others Unfolding the Future of the Long War: Motivations, Prospects and Implications for the US Army. This 2008 report was designed to help the US Army to think about its new challenges. The “long war” is seen by some as an epic struggle against enemies who want to create a united Islamic world to replace Western dominance. The expression is a good one because it warns that the current struggle will last for a long time. It also fits in with my research into the nature of “postmodern” conflict which is now often open-ended, with no clear “victory” points (unlike the two world wars), and where there is no clear enemy whose leadership can be terminated at the end of a conflict (bin Laden is dead but the struggles continue). There is also the problem of determining how will we know when we have won? This is the problem for anyone declaring “victory”. President Bush learned about this to his cost in 2003
32 | Australian Security Magazine
in declaring “mission accomplished” for the US-led invasion of Iraq; his statement was merely the conclusion of one set of military operations and the opening of the next stage. Meanwhile, the US as the leader in the war on terror is having its own leadership undermined on three fronts: it is challenged economically (not least by China), its military strength has been shown to be vulnerable in Iraq and Afghanistan, and it is no longer the undisputed leader in international politics. In short, the optimism of President Bush senior in the immediate 1991 post-Cold War world has now disappeared. This is now the “Islamicist Era”. The religious dimension needs to be taken seriously. The West is vulnerable because it is comfortable, complacent and secular: it has difficulty in understanding the motivations of people willing to die for their faith. The European era of religious wars theoretically finished in Europe in 1648 with the Westphalian treaty and the breakup of the Holy Roman Empire. The challenge for some Muslims is to how reconcile their faith with the modern era (for example the status of women and the importance of all adults having a say in how a society is governed). Most Muslims living in Western societies have been able to reconcile their faith with the modern era. Judging by Christian activities in Europe over the centuries, this could take a while for some Muslims. Meanwhile (as in Europe, such as England’s Henry VIII) people will find ways of using “religion” for their own political purposes. In short, knowledge of history is useful when trying to understand the war in terror. Finally, leaving religion aside, there is also the problem of rapid technological change. Information technology is creating a different economy, where there will be winners and losers.
Counter-terrorism Feature
‘One of the world’s largest taxi companies has no taxis (Uber) and one of the world’s largest hotel chains owns no hotels (Airbnb). New jobs are being opened up but many others are being closed down (such as in newspapers).’ One of the world’s largest taxi companies has no taxis (Uber) and one of the world’s largest hotel chains owns no hotels (Airbnb). New jobs are being opened up but many others are being closed down (such as in newspapers). Google is working on driverless-cars with the expectation (given that 1.2 million people die on the world’s roads each year) that no human will be trusted to drive a car by 2030. It will be safer to go via a Google-owned vehicle which a person will rent for the journey (the car will then drive itself off to the next client). There will be no need for private ownership of cars, no showrooms etc. Meanwhile, “consumers” are becoming “pro-sumers”: they produce, consume and share their own goods. They publish their own information (on the Internet); make their own videos (You Tube); and will have solar-power on their buildings to make their own energy. But how will people be employed in this new era? A computer will be cheaper than a worker on a production line: it will not go on strike, will not get sick, and will not have personality disputes. But it will not consume many goods and services either. How will we get money to circulate in the future? We know from history that economic change usually brings violent upheavals, such as the Luddites in England’s 18th Industrial Revolution. It is notable that some of the Arab world’s current “Arab Spring” turmoil has an economic basis (such as poverty and unemployment). Religion may be a rallying point but economics also has a role to play. The bottom line is that to understand the war on terror we need to dig deeper than just a few sound bites and glib expressions from politicians. There are deeper forces at work. These will take time for politicians to address but politicians prefer short-term responses rather than dealing with the deeper issues. Terrorist Acts as “Black Swan” Events A “black swan” event is a low risk/ high impact event. The phase was coined in 2007 by an American financier Nassim Nicholas Taleb: Black Swan: The Impact of the Highly Improbable. He was describing the 1987 financial crisis through he had lived and was on the eve of the 2008 global financial crisis. Suddenly the book became a best seller. Taleb was writing for a financial audience but his warning applies to terrorism. First, there is the disproportionate effect of a low-risk/ high impact event (such as the “9/11” attack on the US in 2001 and the December 2014 attack on Sydney’s Lindt Cafe). Second people are blinded by their own worldviews to the emerging crisis and so don’t “see” it coming. A good example is that President Bush ignored the warnings about bin Laden’s aggression towards the US, and the US official
who tried to warn the president - John O’Neill – resigned in disgust and went to work in the World Trade Centre, where he was last seen alive on 9/11. Third, the risk of the event cannot be “calculated” because of its rarity. Taleb warns about the “triplet of opacity”: the three ways in which we overlook or ignore warnings. First, there is a natural tendency to over-simplify current events (and so back to my concern with “quick fixes”). Second there is a tendency to distort historical developments or even to pay no attention to history at all. An example here comes from the tribulations of the UK’s Rear Admiral Chris Parry (then in Ministry of Defence’s Development, Concepts and Doctrine Centre) who produced a report on the possible challenges facing British forces in 2035; the media heaped much scorn on what I thought was a sensible report. The media were unwilling to think about the unthinkable. They were only focussed on short-term issues. Finally, there is a tendency to exaggerate the ability to interpret data. We may find out a lot more about events but do we really “know” more about them? Here are some glaring errors: the failure to predict the 1979 Iranian Revolution, the 1979 Soviet invasion of Afghanistan, the 1982 Falklands War, the 1989 end of Soviet control over eastern Europe, and the 2010 “Arab Spring”. To conclude, Taleb’s warnings to his financial colleagues also apply to us. First, terrorists exploit the military’s tendency to be prepared to fight the last war. The next big raid may not come via airports/ airlines but via cyber attacks on critical infrastructure (terrorists would have seen how the mysterious Stuxnet infected virus infected Iranian nuclear research facilities). New Yorkers could survive the 9/11 attack; they may have more problems with a disruption to the tunnels bringing fresh water into the city. Or terrorists could crash the stock market. “Black Swan” events challenge the technological optimists who place great faith in modern technology (such as the “Revolution in Military Affairs” disciples who failed to win in Iraq and Afghanistan). History warns us that the human element is always important. Finally, terrorist attacks create a sense of insecurity in a modern developed society which is aiming to be “risk-free” (such as the extensive work health and safety precautions, limitations on child playground activities, and activist tort lawyers). The terrorist may still get through, hence the need for resilience, which will be examined in the next article. About the Author Dr Keith Suter is the Managing Director of the Global Directions think tank. His first PhD was in the international law of guerrilla warfare. He is broadcaster and management consultant.
Australian Security Magazine | 33
International
INCH TOWARDS MILES Indian Prime Minister Narendra Modi’s visit to Beijing is symbolic of the dawn of the Asian Century
W
ith the shift of power from Euro-America to the Asia-Pacific in the twenty-first century, modifications in the power structure of Asia have a clear bearing on the international arena. At the core of this evolving balance of power lie its pivotal constituents, India and China, whose transforming relationship has caught the attention of observers across the world. The synergy of these two ambitious Asian giants, which is often characterised by the aspect of trust deficit and conspicuous ambivalence, has of late undergone a paradigm shift from one of uneasy co-existence to that of peaceful co-existence. The credibility of this new found bonhomie may be attributed to the newly appointed leadership on both sides of the border. Quite clearly Prime Minister (PM) Narendra Modi’s maiden visit to China has been founded on the principle of ‘INCH (India and China) towards MILES (Millennium of Exceptional Synergy)’ whereby he has tried to incorporate coherence and rationality in the bilateral relationship. As Former Foreign Secretary of India Ms. Nirupama Rao had aptly commented, it is rather difficult to imagine the two nations which had presented the concept of Panchsheel to the world, living in mutual exclusion. In view of this vision, the leadership of both the countries have sought to bring about a comprehensive interplay of geo-political and strategic interests to theirmutual benefit.
34 | Australian Security Magazine
The Tour Shri Narendra Modi’s three day tour (May 14-16) to Beijing is symbolic of the dawn of the Asian century whereby the two Asian tigers seek to prioritise development and growth through engagement instead of isolation. However amidst this “win-win” situation some sticking issues remain unresolved. The border skirmishes, the case of trade deficit and the lack of deep understanding amongst the local populace about each other’s culture and identity are the case in point. Since commercial diplomacy has been the driving force behind the foreign policy agenda of both nations, therefore trade has been the centrepiece of this visit. In view of India’s legitimate concern about their unequal trade relationship whereby the Chinese economy is thriving at the cost of the Indian economy facing a trade deficit worth $38billion- as many as 24 agreements worth $10 billion have been concluded. These agreements include an action plan between the national railway administration of India and China; cooperation in the field of vocational education, mining and space; Memorandum of Understanding on educational exchange , earthquake science, ocean science and establishment of India-China think tanks and centre for Gandhian studies, among other things. Further, as part of enhancing soft power strategy, both nations have agreed to establish two cultural parks in Bengaluru and Beijing
International
respectively. With respect to his bid to promote India’s tourism industry and consequently woo Chinese travellers into the region Mr. Modi unveiled the e-visa facility to Chinese tourists. He also tried to persuade Top Chinese CEO’s in Shanghai to invest in India through the Make in India project. Mr Modi has also held substantial talks to win the Chinese support to back India’s candidature into the reformed UNSC and the Nuclear Suppliers Group. Constructive talks to this end would in due course of time, alter the shared neighbourhood from being a zone of security dilemma into one of shared interests. Relevance Inspite of PM Modi’s visit being deemed as a “milestone” in the bilateral relationship, a host of factors continue to remain unresolved. Foremost being the border issue. Although a peaceful border would act to the advantage of both countries and the rhetoric of seeking “peace and tranquillity” on the border dispute through special representative talks is ritually re-iterated, yet substantial progress to this end has not been made. The contradiction in “meeting words with deeds” is visible in China’s state owned television, CCTV’s controversial broadcasting of an Indian map without the inclusion of the territories of Arunachal Pradesh and Jammu and Kashmir, during Mr. Modi’s visit to Xian. Such an act, clearly indicates China’s assertive stand on its territorial integrity over the disputed territories. Adherence to measures like the establishment of a military hotline or annual visits between their armed forces, as has been agreed during this visit, lie far from the actual resolution of dispute. Further no substantial deliberation has been reached upon India’s concern over China’s strategic tactic of steering an economic corridor through Pakistan Occupied Kashmir (PoK) and on the question of issuing stapled visas to the people of Arunachal Pradesh. However, the unresolved dialogues on matters of key security concerns to India does not entail its feeble strategic position to that of China. Rather it must be re-iterated that in view of its long term perspective, the present moment necessitates China to maintain cordial ties with India. The usage of the “Hometown Diplomacy” at the first leg of PM Modi’s visit to China- a departure from the Chinese protocol- is a case in point. Considering IMF’s statistics that by 2016 India would surpass China in becoming the fastest growing economyIndia appears to be an attractive destination for China. Further with reference to Asia’s present geo-politics, where China’s ally, Pakistan is consumed by its domestic instability, India appears to be the only viable strategic alternative in the region. Apart from a stable political system, India’s growing bonhomie with Russia and the USA, is in a way failing China’s containment strategy. Even on socio-economic terms, India seems to be levelling out China. It’s One Child Policy has in a way back-fired and has left it with an increasing aging population and a steady decline in the number of women of child bearing age. Further, a study by the Rand cooperation suggests that the average growth rates
‘Chinese economy is thriving at the cost of the Indian economy facing a trade deficit worth $38billion- as many as 24 agreements worth $10 billion have been concluded.’ of India and China by 2020-35 would be 5.6% and 5.7% respectively. When viewed from this geo-political prism, China’s priority to maintain a relation of goodwill with India and consequently the importance that it ascribes to PM Modi’s visit can be better identified. Thus from ‘pro-active diplomacy’ to ‘selfie-diplomacy’ the much speculated maiden visit of Prime Minister Modi has brought with it a host political and economic opportunities for both countries. It is now time to put the promises into action in order to reshape the geo-politics of the region and thereby reconfigure the power structure of the Asia-Pacific. About the Author Shaheli Das graduated from Lady Sri Ram College, New Delhi and is presently working as Research Associate at Centre for Air Power Studies. She holds a M.Phil in East Asian Studies (Specialization China), University of Delhi.
Australian Security Magazine | 35
International
The
OSPAs
Australia are coming to
Y By Professor Martin Gill
36 | Australian Security Magazine
ou have heard about the Grammy (for the music industry), the Emmy (for the television industry), the Pulitzer (for journalism and writers) now standby for what will be the equivalent in the security world, the Outstanding Security Performance Awards, the OSPAs (au. theospas.com). The OSPAs are set to transform what is meant by success in the security sector by providing a worldwide scheme for the recognition of outstanding performance in the field. All over the world countries are initiating OSPAs schemes, and the expectation is that once a core number of national OSPAs schemes are established the winners for the awards for each category will be entered for a worldwide OSPA. The process is already underway, Norway award in September, Australia in October, and Germany in November and more countries will be announced soon. Australia is at the forefront of this initiative. We are delighted to have the support of ASIAL, ASIS Australia and the Security Professionals Registry, and we hope to welcome other associations who want to become supporters and part of this exciting international scheme. Indeed, we are seeking the involvement of the whole security sector. The OSPAs concept is that in each country all parts of the security sector come together, for one evening and one event, to celebrate its hard
work and success. We would like to encourage all security associations and security groups and all of you to support the OSPAs by letting people know about the scheme and encouraging the best companies and individuals to enter. The awards themselves are completely independent of any association or group. Indeed, the guiding principles of the OSPAs are that they are independent, credible, respectable and transparent. Development In 2014, Perpetuity Research published a study into the key factors that contribute and characterise outstanding performance amongst both security suppliers and corporate security departments (available from the OSPAs website). The research showed that awards schemes that were credible were highly valued; that security lacked ways of highlighting success; and that security needed to showcase success as it underplayed its significance and contribution. The OSPAs scheme is firmly based on the research findings, and in addition, incorporates best practice from awards schemes around the world to ensure that they provide an outstanding and sustainable model for recognising excellence in the industry.
International
So what are the key features? • • •
• •
•
The OSPAs are the security world’s first global system for recognising outstanding performance. The OSPAs are independent, credible, respectable and transparent. The awards aim to drive outstanding performance in the security sector and recognise individuals and organisations when this is achieved. Categories and criteria are based on extensive research into security excellence, including a global survey Research into other varied awards schemes helped develop the OSPAs to ensure that best practices are followed The OSPAs not only bring together security personnel and associations in a single country, it will also, in due course, provide a focal point for the security sector worldwide. Australia is at the forefront of this.
Entering
in Australia the OSPAs will be offered at the same time as ASIAL offers its own awards albeit that the process of assessing entries is different and of course those entering the OSPAs win an OSPA (a specially designed trophy) which will be compatible with international winners of the same category. The OSPAs The OSPAs have been developed through extensive research, they provide a way for the security sector – in different countries - to recognise excellence using standardised compatible criteria. So if you know good security performers who deserve recognition, why not encourage them to enter in this inaugural year? The OSPAs will become the benchmark of excellence, so why not be the first winner? For more information visit the website (au.theospas.com) or call email Jo Ramm; j.ramm@theospas.com
In this fist year the OSPAs there are 9 categories open to enter in Australia. They are: • • • • • • • • •
Outstanding In-House Security Team Outstanding In-House Security Manager Outstanding Guarding Company Outstanding Security Consultant Outstanding Customer Service Initiative Outstanding Security Training Initiative Outstanding Security Installer Outstanding Security Partnership Outstanding Investigator
Who is permitted to enter? Anyone working in the security world can enter, you don’t need to be a member of any association or group – indeed as noted the OSPAs are independent of all associations and groups. So how do you enter? The entry form for the 2015 Australian OSPAs is being administered by ASIAL who are working in partnership with the OSPAs. You enter the awards via the website. The process is not onerous, in fact it is quite simple and straightforward to enter. You will be required to answer two questions for each nomination (each with a word limit of 500, so no big essays to write and indeed part of the exercise is to concisely present your case for outstanding performance. On the website guidance as to what evidence the judges will be looking for is given. In addition, a $50 administration fee is required for the nomination. How is the event organised? In most countries (those already announced and those soon to be announced) a leading association takes responsibility for organising the event. That is NSR in Norway, aswbundesverband in Germany and ASIAL in Australia. Indeed,
Australian Security Magazine | 37
Available online! See our website for details
1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE
6 print issues per year for only $88.00 SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, 6 issues (1 year). ☐
AUSTRALIA
A$
88.00
(inc GST)
1 YEAR
☐
INTERNATIONAL
A$
158.00
(inc GST)
1 YEAR
Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag), 6 issues (1 year).
No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.
Go to
www.australiansecuritymagazine.com.au/subscribe and fill in our subscription form online. Dont miss an issue! Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)
38 | Australian Security Magazine
PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155
FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059
Email subscriptions@mysecurity.com.au
GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056
Within TechTime you will find the very latest information, news and products from a wide variety of security industries, ranging from cameras, computers, software and hardware.
The IronKey H350
AXIS Q6000-E Network Camera
To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au
Latest News and Products Australian Security Magazine | 39
TechTime - latest news and products
Canon Announces 9 new network cameras Canon Australia and Canon New Zealand have announced nine new VB-R and VB-M series network cameras: three pan-tilt-zoom (PTZ) models—Canon’s first network cameras capable of panning 360 degrees—as well as two full body models and four fixed-dome models. The PTZ dome-type models comprise the VB-R11VE and VB-R10VE,1 which feature all-weather designs making them ideal for outdoor use, and the indoor-model VB-R11. The two full body cameras, the VB-M741LE and VB-M740E,2 also include another first for Canon as the former is the Company’s first network camera to incorporate an infrared illumination system, enabling video surveillance even in complete darkness, leveraging on Canon’s 75+ year expertise in camera and lens design. The four fixed-dome network cameras include the outdoor-use VB-M641VE and VB-M640VE,3 and the indoor-use VBM641V and VB-M640V.3 Canon’s new lineup of outdoor-use network cameras, including the high-performance VB-R11VE, VB-R10VE and VB-M741LE, which are capable of withstanding harsh temperatures and severe weather conditions, join the Company’s indoor model lineup, enabling surveillance in a wide range of usage environments. VB-R11VE, VB-R10VE, VB-R11 The new Canon VB-R11VE, VB-R10VE and VB-R11 PTZ cameras are capable of panning 360 degrees, allowing users to efficiently monitor a wide area using a single network camera. In addition, the new devices can rotate at very high-speeds , enabling users to quickly view a desired area, such as in the event of an emergency. The VB-R11VE and VB-R10VE are capable of withstanding not only severe temperatures down to minus 50 degrees Celsius and up to 55 degrees Celsius, but also harsh weather conditions, making possible surveillance in a wide range of environments, including near rivers and ports. The two outdoor models also achieve IK10 classification,4 a level of external shock protection capable of enduring the impact of a 5kg object dropped from a distance of 40 cm. In addition, with a Protection Rating of IP66,5 the devices protect against dust, water contact and powerful water jets from any angle. Realising best-in-class low-light performance,6 the VB-R11VE, VB-R10VE and VB-R11 each incorporate a high-sensitivity 1.3-megapixel CMOS sensor and other features that facilitate a minimum subject illumination
40 | Australian Security Magazine
VB-M741LE
for colour video of 0.03 lux, and for black and white video in Nightmode of 0.002 lux. Furthermore, the three new network cameras feature a Canon glass 30x opticalzoom lens that, when combined with a 20x usable digital zoom function, makes possible a maximum600x magnification, enabling users to capture clear video of distant subjects even in low-light settings. In addition to its high 30x optical magnification, the lens achieves a horizontal angle of view of 58.4 degrees. Furthermore, a Hi-UD (Hi Index Ultra Low Dispersion) lens element and the optimal positioning of aspherical lens elements effectively corrects for chromatic aberrations and spherical distortions to ensure high-quality imaging performance – the best the market has seen to date. Contributing to improved surveillance efficiency, the VB-R11VE, VB-R10VE and VBR11 feature a range of Intelligent Functions: Moving Object Detection, Removed Object Detection, Abandoned Object Detection, Camera Tampering Detection, Passing Detection, Auto-Tracking and Intruder Detection. Additionally, the VB-R11VE and VB-R11 include Volume Detection and new ScreamDetection for a total of nine Intelligent Functions—the highest in their class.6 VB-M741LE, VB-M740E The new Canon VB-M741LE full body network cameras, which supports both indoor and
outdoorapplications, are Canon’s first network camera to employ an advanced infrared illumination system,enabling the surveillance of objects at a distance of up to 30 meters even in completely dark locations, such as the inside of a warehouse. Both the VB-M741LE and the VB-M740E realise best-in-classlowlight performance6 thanks to such features as a high-sensitivity 1.3-megapixel Canon made CMOS sensor and bright f/1.2 Canon lens (at the wide-angle end). In addition to achieving aminimum subject illumination for colour video of 0.02 lux, the duo are capable of capturing black andwhite video in Night mode at a minimum subject illumination of 0.001 lux, a level roughly equivalent to a moonless night sky, enabling surveillance in low-light environments even without making use of its infrared illumination function. Supporting video capture even in harsh weather conditions, the VB-M741LE can be used in environments as cold as minus 50 degrees Celsius and as hot as 55 degrees Celsius, while the VB-M740E can be used in temperatures down to minus 10 degrees Celsius and up to 55 degrees Celsius. Both new devices feature dust-proof, water-proof body designs that realize an Ingress Protection Rating of IP66. The VB-M741LE and VB-M740E each employ a wide-angle lens that offers a horizontal angle of view of 113.4 degrees, enabling monitoring across a large viewing area. Furthermore, the two network cameras
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
feature a range of Intelligent Functions at the edge: Moving Object Detection, Removed Object Detection, Abandoned Object Detection, Camera Tampering Detection, Passing Detection and Intruder Detection. Additionally, the VB-M741LE includes Volume Detection and Scream Detection functions.
most
VB-M641VE, VB-M640VE, VB-M641V, VBM640V Supporting use in outdoor settings, the Canon VB-M641VE and VB-M640VE fixed-dome network cameras feature superior weatherproof designs capable of enduring harsh weather conditions. The two models also enable surveillance in temperatures as low as minus 40 degrees Celsius7 and as high as 55 degrees Celsius. In addition to realizing IK10 classification for impact resistance, the duo feature a dust-proof, water-proof body design that achieves an Protection Rating of IP66. The new VB-M641VE, VB-M640VE, VBM641V and VB-M640V all employ a wide-angle lens that not only offers a horizontal angle of view of 111.5 degrees, enabling monitoring across a large viewing area, but also features 2.4x optical zoom that, when combined with a 4x digital zoom makes possible an expanded
VB-M641VE
magnification of up to approximately 10x. All models feature components that have been designed specifically for each model resulting in stunning performance in even the
toughest of conditions. These new cameras are additional models to the existing Canon network camera range – www.canon.com.au/networkcameras
Interflex Integrates with TBS Interflex, part of Allegion, a leading provider in complete solutions for workforce management, time accounting and access control security solutions integrates with TBS. Based on Microsoft technologies Interflex’s powerful IF-6040 software meets the most demanding requirements of access control and time & attendance. TBS on the other hand is a biometric manufacturer and solution provider with a complete high-end portfolio of biometric hard- and software. Interflex had the need to extend their biometric offerings. Weighing up the pros and cons of make or buy they decided to partner with TBS, a biometrics specialist at the forefront of biometric developments. Instead of investing resources in a fast moving specialized technology, Interflex preferred to concentrate on their core know-how. With Swiss biometrics manufacturer TBS they found a one-stop shop for their biometric needs. For the integration, a unique approach was chosen. Instead of doing it the traditional way by integrating single devices, TBS was integrated as a biometric sub-system. The main
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
data exchange (user data as well as attendance events) is done on a system level via web services. By integrating a system rather than devices Interflex benefitted immediately from a complete biometric infrastructure and a broad variety of biometric hardware and applications, all operated by the TBS biometric-subsystem. This resulted in a truly equal partnership with each partner dealing with his own core knowhow and combining it seamlessly for additional customer value. End-customers perceive it as one solution. From enrollment up to reporting everything becomes part of Interflex IF6040 management software. For both partners the combination opend up new market opportunities which resulted in installations for Audi, BMW, Pictet Private Bank, Sparkasse Munich and Saudi Ground Services among others. Switzerland is famous for its unmatched stability and security making it a paragon worldwide. It is TBS’ mission to bring Swiss security standards to the world. TBS offers biometric devices made in Switzerland and complete solutions for a large variety of
biometric applications in access control and time & attendance. TBS 3D-Touchless finger scanning technology is worldwide unique. The three-dimensional and contact-free sensor technology captures the highest possible quantity of fingerprint details, guaranteeing significantly higher security than any other biometric system. Contact-free solutions qualify in particular for higher risk, large user groups or hygienically sensitive applications. Touchless Biometric Systems has built a strong presence and reference base worldwide.
Australian Security Magazine | 41
TechTime - latest news and products
Here We Go Again: Yet Another Drone Intrusion at the White House Another drone was discovered flying in restricted air space around the White House recently. The Secret Service found the pilot simply because they happened to see him. In other words, there is no indication that the Secret Service would have found the pilot if he had not been in plain view. This person didn’t have bad intentions, but one day someone will. A little drone-detection education is in order: Audio Detection Audio detection does NOT work in urban environments—period. Most microphones only listen well at 25 to 50 feet so, because of the ambient noise in the area, any audio detection method would be rendered useless at 1600 Pennsylvania Avenue. It is also too simple for an operator to change the sound signature of a drone by buying different propellers or making other modifications. It doesn’t take much to defeat the many weaknesses of audio detection. Video Detection Video detection is a useful tool, but with some limitations. Cameras can see out to about 350 feet but have a very difficult time distinguishing birds from drones. Basically, anything flying in the air is a “drone” as far as a camera is concerned. Even by utilising computer algorithms that look at flight patterns, the prevailing thought is that a bird will fly a more random pattern than a drone would. Unfortunately, as we have discovered, this notion fails in a place where birds glide. An excellent example of this is seagulls. They will ride wind currents and stay at a steady level, and this fools video systems. Thermal Detection Thermal detection has an effective range of about 350 feet for recreational drones. Much like audio detection, thermal detection would have had little success detecting the two drone incidents at the White House because the intruding drones, like most recreational drones, don’t produce a lot of heat. They are mostly plastic with electric motors. Thermal detection would pick up a bird more readily than it would pick up a drone in most cases. However, thermal detection would have been perfect for spotting the human-flown gyrocopter that crash landed on the White House lawn recently. That vehicle was gaspowered and produced plenty of heat relative to the environment, so thermal detection could
42 | Australian Security Magazine
detect those vehicles that would typically need gas-powered engines to carry larger payloads. White House Set Up (2)Radar Detection Radar is the traditional mechanism for detecting flying vehicles. We know that radar is already deployed at the White House but it did not detect either drone. Much like thermal, radar has a hard time picking up these small, plastic, electric-powered drones because that is not what they were created to do. Radar used to detect traditional aircraft can be modified to detect small drones but it will also detect birds and if a drone alert was issued every time a bird flew too close to the White House, security personnel would turn off the cameras before the day was out. Radio Frequency (RF) Detection The most effective way to detect drones is with radio frequency (RF) methodology, and Drone Detector is the only system utilising that technology. It has a long range, about 1400 feet, and is difficult to circumvent. Only a truly skilled person could create a drone that would get past radio frequency detection. Certainly the two drones that invaded the White House, a DJI Phantom and a Parrot BeBop, would have been instantly caught by Drone Labs’ system. Unlike other methods, RF detection can do more than just identify that a drone is nearby. Within this vector we can glean the following:
• • • •
GPS coordinates of the drone Altitude of the drone GPS coordinates of the pilot Unique identifier of the drone
We can gather enough additional data to not only find the drone but to find its operator, and with the unique identifier we can definitively prove that a particular incursion was done using a specific drone. In other words, we can provide enough evidence for criminal prosecution. Layers of Protection Because we use several layers of detection (audio, RF, and soon thermal and radar) instead of relying on a single technique, we can allow for known and unknown drone types. Our plan is simple, quickly identify known drone types and raise an alarm or examine the data for unknown drone types to determine if it is actually a drone or something else. Attached is a visual representation of how we could provide minimal protection for the White House if and when the Secret Service asks…. What Now? All this discussion is wasted if action isn’t taken. As noted earlier, Drone Labs has called the Secret Service several times to offer our help pro bono, and have heard nothing in response, which seems strange because it’s quite obvious that they have no solution.
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
The First USB 3.0 Hard Drive to Receive FIPS 1402 Level 3 Certification Imation Corp. (NYSE:IMN), a global data storage and information security company, today announced the new IronKey H350 USB 3.0 hard drive. The IronKey H350 is the only USB 3.0 hard drive to achieve FIPS 140-2 Level 3 validation (certification #2359) to meet the most stringent 256-bit encryption requirements mandated for government agencies, defence contractors, and healthcare and financial-services enterprises. With this high-security, high-performance USB hard drive, government agencies and enterprises can have the assurance that the entire drive – not just its encryption components – is compliant with this standard, keeping it safe from targeted attacks such as BadUSB and Equation Group. The H350 comes in two versions – Basic and Enterprise – offering organisations and agencies a choice for their mobile security needs. The IronKey Basic H350 is encased in a tamperresistant, high-strength aluminum enclosure and features AES-XTS 256-bit hardware encryption, USB 3.0 performance and a Section 508-compliant control panel localised for eight languages. The IronKey Enterprise H350 includes all the same features plus an on-premises or cloud-based management console that lets IT customise security policies and deploy and manage protected portable devices across the enterprise. The management system can remotely wipe or destroy a lost or stolen device and also provides the only secure password reset mechanism that allows users to recover data without erasing the contents on the drive or using a backdoor to reset the password. In addition, the IronKey H350 backs up the brand’s reputation for ruggedness and dependability with a five-year warranty. “With the BadUSB attack, the spotlight is on USB-related threats,” said Ken Jones, IronKey vice president of engineering and product management. “These recent attacks highlight the importance of allowing only secure devices to access company networks and data. All IronKey products, including the H350 hard drives, feature firmware signing that makes them immune to these new types of threats, so enterprises and agencies can reliably protect sensitive data.” IronKey Basic and Enterprise H350 Technical Advantages: • • •
FIPS 140-2 Level 3 full-device certification for compliance with regulatory requirements NIST approved XTS-AES 256-bit encryption Data partition that can be formatted with
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
• • •
FAT32 <FAT32 supports cross platform usage (Windows, Mac, Linux) NTFS is Windows only but supports large individual files greater than 4GB Fast transfer of large files to local secure storage. Use cases include: Moving large data sets such as medical images, research information and video between offices/homes
– Fast, secure local backup of computer systems – Video streaming for training or mission information, so sensitive information never resides on the displaying computer •
• • • •
Enterprise management on premises or in the cloud with the IronKey Enterprise Management Server or Service. Monitor when and where device is unlocked Securely recover password if user forgets it Remotely wipe or destroy device if it is lost or stolen Device is disabled until end user activates it through the management system
•
Support for eight languages, including English, Traditional Chinese, Simplified Chinese, French, German, Japanese, Korean, and Spanish
Availability and Pricing: Australia Pricing for the IronKey H350 500GB version is $411 excluding GST. Pricing for the IronKey H350 USB 1TB version is $482 excluding GST New Zealand Pricing for the IronKey H350 500GB version is $499 excluding GST. Pricing for the IronKey H350 USB 1TB version is $599 excluding GST IronKey H350 hard drives are immediately available from authorised channel partners.
Australian Security Magazine | 43
Cyber TechTime - latest news and products
Kaspersky Lab secures department of the Prime Minister & Cabinet Kaspersky Lab has announced it is delivering its security offerings to thekaspersky_registered_ partner.png Department of the Prime Minister & Cabinet across Australia. Kaspersky Lab says the announcement reflects the strong confidence placed in its security solutions, products, and services by a broad cross section of the Australian market. “Kaspersky Lab is proud to be protecting the Department of the Prime Minister & Cabinet, including its almost 2,500 employees across Australia,” Kaspersky Lab’s Australia & NZ managing director, Andrew Mamonitis, said. “It is testament to the strong confidence key players on a national level have in our robust
portfolio of security offerings.” Since opening its offices in Australia 6 years ago, Kaspersky Lab has been directly engaging with the local information security and business communities across Australia. Kaspersky Lab’s Chairman and CEO, Eugene Kaspersky, was in Australia earlier this month for the AusCERT information security conference, as well as for industry and business events across the country. Kaspersky Lab’s Australia strategy has been geared towards a collaboration with government agencies and delivering to Australia its global cyberthreat intelligence services, including the provision of policy and technological proposals
to deal with the cyberthreats to Australia. “We are and remain at the forefront of the IT security space. Our extensive role in working with international agencies both globally and across our region means we are able to effectively respond to the impact of the global cybersecurity landscape on Australia,” Mamonitis added. Kaspersky Lab’s local strategy culminated in the latest announcement of securing the Department of the Prime Minister & Cabinet across Australia.
Gartner says worldwide security software market grew 5.3 percent in 2014 Worldwide security software revenue totaled US$21.4 billion in 2014, a 5.3 percent increase from 2013 revenue of $20.3 billion, according to Gartner, Inc. Low growth in endpoint protection platforms and a decline in consumer security software — markets that together account for 39 percent of the market — offset the strong performance of high-growth areas, such as security information and event management (SIEM), secure Web gateway (SWG), identity governance and administration (IGA) and enterprise content-aware data loss prevention (DLP). “Overall market growth was up slightly in 2014 to 5.3 percent from 4.9 percent in 2013,” said Sid Deshpande, principal research analyst at Gartner. “Even though the SWG segment experienced single-digit growth in 2014, cloud-based and hybrid SWG deployments are becoming increasingly popular. As organisations’ corporate data traffic becomes more exposed to the Internet and moves out of the control of traditional network security boundaries, SWG technologies continue to be an important piece of the overall security technology strategy of most enterprises.” Symantec was once again the largest security software vendor by revenue, although the company suffered its second consecutive year of revenue decline, down 1.3 percent to US$3.7 billion (see Table 1). A 6.2 percent decrease in the consumer security software segment (which forms 53 percent of Symantec’s security software revenue) was the primary
44 | Australian Security Magazine
cause of the decline in overall revenue growth. Security software revenue for secondplaced Intel (McAfee) grew 4.6 percent in 2014 to reach US$1.8 billion. Revenue declines in two of its major markets (consumer security software and endpoint protection platforms), which form 75 percent of its security software revenue, balanced the healthy performance in other segments. At third, IBM’s security software revenue grew 17 percent in 2014 to reach US$1.5 billion. Its SIEM software products grew 21 percent, driven by strong adoption of this category of products by enterprises and managed security service providers (MSSPs) alike. Table 1. Top Security Software Vendors, Worldwide, 2013-2014 (Millions of US Dollars)
Company
2014 Revenue
2014 MarketShare (%)
Symantec
3,690
17.2
3,738
-1.3
Intel
1,825
8.5
1,745
4.6
IBM
1,486
6.9
1,270
17.0
Trend Micro
1,052
4.9
1,110
-5.2
EMC
798.0
3.7
760
5.0
Others
12,571
58.8
12,995
-3.2
Total
21,422
100.0
20,348
5.3
2013 Revenue
2013-2014 Growth (%)
The DLP market grew 15.8 percent year over year, similar to previous-year growth numbers, to reach US$643 million in revenue in 2014, primarily due to a decent showing from Symantec in this segment, which accounts for nearly half of the total market. The stable performance of the other top vendors in this
segment also contributed to its healthy growth. However, Gartner believes that 2014 is the last year that the market will exhibit such solid double-digit growth in its current form, given the rise of channel DLP (C-DLP) and “DLP lite” solutions, said Ruggero Contu, research director at Gartner. “Most established vendors in this space are transforming the way they deliver comprehensive DLP capabilities, and this transition period will likely impact growth in coming years,” Mr Ruggero said. The SIEM market grew 11 percent in 2014 to reach US$1.6 billion in revenue. The strong focus on threat detection and response from security buyers contributed to the strong showing of this market segment. In addition to the enterprise focus on buying on-premises SIEM technology, providers of managed security services emerged as a strong “sell to” market for SIEM providers. First-time adopters of SIEM, particularly from emerging markets, also were strong drivers of growth. Additional details on the security market will be discussed at the Gartner Security & Risk Management Summits taking place August 24-25 in Sydney, Australia. Information from the Gartner Security & Risk Management Summits 2015 will be shared on Twitter at http://twitter. com/Gartner_inc using #GartnerSEC
Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Cyber TechTime - latest news and products
Check Point delivers SCADA security solutions to protect industrial control systems Check Point Software Technologies has announced the extension of its comprehensive Industrial Control Systems (ICS) security solution with the introduction of a new 1200R security gateway appliance, enhancements to granular visibility and control of SCADA networks, and SCADA aware threat detection and prevention. Today’s modern conveniences such as electricity, transportation and water systems are powered by ICS. An attack on these assets, systems and networks, whether physical or virtual, has the potential to shut down an entire region or country’s power grid and disrupt critical systems and production lines. “Continuous cybersecurity breaches against critical infrastructure industries will result in environmental events exceeding US $10 billion, catastrophic loss of life and new regulation, globally, by 2019,” states Gartner. In 2014, ICS-CERT responded to 245 reported incidents against industrial control systems in industries like manufacturing, energy, water and transportation. More than half of these incidents involved Advanced Persistent Threats (APTs) or sophisticated actors Industrial control systems are typically under protected and highly vulnerable to breaches. These systems are compromised by aging and older software and Operating Systems (OS) that are typically not updated or patched frequently. When they are updated, fixing patches of ICS systems creates a long window of exposure, sometimes years, leaving these systems open to attacks.
“ICS protection is not to be taken lightly. Once cybercriminals gain access to a control system, damage is inevitable. The result of an ICS breach will be devastating – and it’s not a question of ‘if it happens,’ but ‘when it happens,’ which is why Check Point is dedicated to proactively protecting ICS to prevent such catastrophic events,” said Dorit Dor, vice president of products at Check Point Software Technologies. “The 1200R appliance is a new security gateway optimized for deployment in the harshest of industrial environments and remote locations to support ICS/SCADA and deliver what we see as unmatched security to a nation’s most precious assets.” The Check Point 1200R is a new, purposebuilt, ruggedised security gateway appliance for harsh environments and remote deployments like those found on plant floors, at remote electrical substations and at power generation facilities. The 1200R complements Check Point’s existing lineup of security gateway appliances that deliver full visibility and granular control of SCADA traffic to prevent network, devices and logical process attacks. With over 500 SCADA commands and parameters within the Check Point Firewall and Application Control Software Blades , and over 200 SCADA-specific IPS signatures, Check Point offers the most extensive SCADA security support. Specialised threat reports in Check Point Next Generation SmartEvent provide full reports on SCADA traffic to grant quick and detailed forensics for incident investigations. This overall security solution also has regulation
compliance monitoring with the Check Point Compliance Blade. Check Point also provides a full IT-OT security blueprint to protect the corporate perimeter, the bridge between IT-OT, the operator workstations, and the SCADA devices and traffic to deliver the best security for ICS. Key Features of the Check Point 1200R Appliance include: Fully-featured Check Point security gateway with 6x1GbE ports and firewall throughput of 2Gbps Industry’s most extensive support of ICS/ SCADA-specific protocols including Modbus, MMS, DNP3, IEC 60870-5-104, IEC 61850, ICCP, OPC, BACnet, Profinet, , Siemens Step7 and many others Compact form factor, fan-less, and no moving parts design exceeds standards, with an extreme operational temperature range from -40°C to 75°C Compliant to the most rigid regulations: IEC 61850-3, IEEE 1613 and IEC 60068-2 Availability Check Point 1200R Appliance is available immediately from their worldwide partners
www.drasticnews.com Like us on facebook! www.facebook.com/drasticnews
Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Australian Security Magazine | 45
Cyber TechTime - latest news and products
(ISC)2 and Australian Centre for Cyber Security strategic alliance to strengthen capacity building in Australia and Asia-Pacific region The Australian Centre for Cyber Security (ACCS) at UNSW Canberra and (ISC)²®, the global not-for-profit membership body of certified information and software security professionals with nearly 110,000 members worldwide, today announced an agreement to forge a strategic alliance focusing on capacity building in Australia and throughout the Asia-Pacific region. Through the agreement, (ISC)² will provide UNSW students and professionals in Canberra with educational courseware to help them gain the knowledge, skills and industry certifications needed to enter the cybersecurity workforce. UNSW Canberra will provide subject matter experts to assist with the delivery of (ISC)² training courses throughout the region. The (ISC)² Certified Information Systems Security Professional (CISSP®), Certified Cyber Forensics Professional (CCFP®) and Certified Secure Software Lifecycle Professional (CSSLP®) CBK®, a compendium
of information and software security topics, will be incorporated into the existing cybersecurity program curriculum of UNSW Canberra. Official (ISC)² certification training courses will now be offered there as well. ACCS will provide technical advice to (ISC)² on further expanding cybersecurity education and thought leadership throughout Asia-Pacific. “As global leaders in delivering information security education, ACCS at UNSW Canberra and (ISC)² are ideally positioned for this type of alliance,” said Prof. Jill Slay AM, director of ACCS at UNSW Canberra. “We believe that with this strategic alliance, we will together build a cohort of cybersecurity workers to serve as thought leaders in legal, policy and technical domains.” UNSW Canberra is a campus of UNSW Australia, a leading global university (in the top 50 of 2015 QS rankings), that has provided high-quality undergraduate education to the
Australian Defence Force at Australian Defence Force Academy (ADFA) and postgraduate education to the broader community for half a century. ACCS is an interdisciplinary cybersecurity research and teaching center at UNSW Canberra, which builds on the close relationship with stakeholders in Australia and internationally – industry, government, legislators, civil society and professional bodies. “We are honored to enter into this strategic alliance with UNSW, a premier education institute for the military and tertiary students with a notable, cross-disciplinary approach to cybersecurity research,” said Clayton Jones, managing director, Asia-Pacific, (ISC)². “Building a global workforce requires a strategic, collaborative approach to education. By teaming up with UNSW Canberra, (ISC)² will be in a stronger position to educate information security professionals in Australia and ultimately, throughout Asia-Pacific.”
Bosch invests in the workplace of the future Bosch’s “Next-Generation Workplace” project marks the next milestone on the road to becoming a globally connected, agile company. This project will equip the technology and service provider’s 240,000 office workplaces worldwide with the latest office applications. The aim is to bolster the agility of how associates work by introducing a standard suite of user-friendly office and communications software. Incorporating the way associates use social media in their personal lives, the project introduces new communications tools such as video telephony and online chat. Associates will be able to access these tools using various devices such as notebooks or smartphones in the future – whether they are in the office, traveling, or working from home. By the end of 2015, the new office software will have been rolled out at 100,000 workplaces. “We are optimizing working conditions for our associates by giving them a state-of-the-art IT environment to operate in. IT infrastructure is a major factor in the company’s agility,” says Dr. Stefan Asenkerschbaumer, deputy chairman of the Bosch board of management, who has responsibility for information systems. “Mobile computer workplaces with high levels of user-friendliness strengthen
46 | Australian Security Magazine
flexible, efficient collaboration and increase our competitiveness.” In total, the company is investing some 800 million euros in this initiative over the next few years. Office software reflects associates’ requirements According to Asenkerschbaumer, the success of the “Next-Generation Workplace” project depends on widespread acceptance of the new IT solutions and additional communications options. That is why Bosch involved its associates at a very early stage in the project, in order to find out what they wanted, needed, and expected their computer workplace to offer in the future. “I’m used to chatting electronically with friends and family and using various social media channels to communicate in my private life. Now when I’m collaborating with colleagues, communication is just as intuitive. That makes me more productive – and my work more fun,” says Ee Von Lim, an account manager for Bosch in Singapore. She has been taking part in a “Next-Generation Workplace” pilot project for the past several weeks. Standard, easy-to-use graphical interface “Our associates have to be able to work
together easily from any of our locations worldwide – both in and out of the office,” says Dr. Elmar Pritsch, the head of IT at Bosch. “That’s why we’re using a seamlessly integrated environment for our office software.” In the future, associates will be able to use a single program on their notebooks or smartphones for phone calls, video conferences, and online chat. It will also take them just a few mouse clicks to create and manage documents and work on them collectively. In combination with its existing Bosch Connect social business platform, the company is expecting to further reduce the volume of e-mails and make it even easier for associates to communicate. The new software package includes not just Microsoft’s Office 2013 suite but also the SharePoint platform for collaboration on documents, the Skype for Business communications program, and the OneNote digital note-taking application. This program turns the computer into a kind of note pad, making it easy to create and manage notes, drawings, screen clippings, and audio. The “Next-Generation Workplace” is a long-term project for Bosch that aims to make efficient mobile working even easier for associates in the future.
Information presented in Cyber TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
26 - 28 April 2016 | Sands Convention and Exhibition Centre, Singapore
AUSTRALIA AND NZ PAVILION
LIMITED SPACE AVAILABLE Back in its third year, SMART Facilities Management Solutions is the region’s most comprehensive trade event servicing the facilities management industry. SMART FMSE 2016 provides an arena for suppliers, end users and professionals to network, exchange knowledge, share best practices and stay updated on the latest industry needs for future readiness, advice
PREMIUM EXHIBITION SPACES AVAILABLE! My Security Media in partnership with the SMART Facilities Management Expo are pleased to offer you prime exhibition space at next year’s event. This dedicated pavilion space is specifically for Australian and New Zealand companies. If you wish to participate and exhibit at a prominent international security event – this is your opportunity. The space is available as a whole (120m²) or as 10 pavilion booths (12m² each) – whatever you require. As an exhibitor you will obtain more than just visibility during the Expo: • Increased brand awareness and recall • The opportunity to leverage pre and post event media coverage with My Security Media • Be part of the print and online campaigns in our Magazines and Trade publications • Be part of our public relations campaigns through press conference – gain press covered through our strong relations with local and regional media
on all aspects of the aftercare and maintenance of facilities, and background in design and construction for better integration.
Please call or email us to book your space at this exclusive event: 08 6361 1786
promoteme@australiansecuritymagazine.com.au
T
his Trend Micro research paper reveals the operations behind Predator Pain and Limitless keyloggers, both of which are easily obtainable from underground forums. These remote access tools (RATs) possess similar functions: standard keylogging behaviors with several data-exfiltration methods. Researchers studied these keyloggers for only a few months, but have found a number of noteworthy features. General attack scenario
Predator Pain and Limitless Bakuei Matsukawa David Sancho Lord Alfred Remorin Robert McArdle Ryan Flores Forward-Looking Threat Research Team www.trendmicro.com
The common attack scenarios by cybercriminals using these toolkits involve sending out businessthemed messages to publicly listed email addresses. The emails contain a keylogger that sends information back to the cybercriminal via email, FTP, or Web panel (PHP): system information, keystrokes, browser-cached account credentials, and screenshots. About the keyloggers Predator Pain and Limitless have the capability to steal a lot of information and exfiltrate them back to the cybercriminals. These are off-the-shelf tools and are easily obtainable for US$40 or less in underground forums orwebsites run by their creators. Predator Pain has been around since 2008 and is regularly updated. Its notable features include retrieving affected users’ last Minecraft log-in file and stealing Bitcoin wallets. Limitless samples are continuously being used for data exfiltration. Based on research and investigation, the Predator Pain and Limitless operators mostly target corporate users in specific regions, usually spreading the malware through spam campaigns. Attack Goals Investigations on several Predator Pain and Limitless attacks were conducted to find out how the keyloggers were used and what the operators’ end goal is. Findings revealed that most but not all of the operators were involved in utilising the following: The 419 or Nigerian scams through easy-todeploy, high-volume attacks Scammed corporate emails that convince recipients to deposit payment to specially crafted accounts Conclusion The attack targets were not ordinary home users nor employees of Fortune 500 companies or government institutions. The cybercriminals
48 | Australian Security Magazine
instead went after SMBs (small and mediumsized businesses), which led researchers to realise how vulnerable they are to the threats featured in this paper. SMBs may not be involved in multi million dollar deals but they do conduct transactions worth tens to hundreds of thousands of dollars. Even worse, their employees may not even be aware of general IT security best practices. And based on this paper’s findings, they are indeed attractive and vulnerable targets. For a more detailed and in-depth analyses of toolkits, read the full research paper “Predator Pain and Limitless: When Cybercrime Turns into Cyberspying.”
Have you recently published a security related book? Or have you just read a new, great security book? Please email us at editor@australiansecuritymagazine.com.au
w
w
w
.
c
h
i
e
f
I
T
.
m
e
CIOs, IT Leaders and decision makers • Big data • Communications • Cloud computing • Technology systems • Interviews with industry thought leaders plus much more.
PROTECTING BUSINESS AND GOVERNMENT WORLDWIDE. • • • • •
Cyber Security Solutions Advanced Threat Intelligence and Investigation Sophisticated Cyber Analytics Managed Security Services Cyber Security Consulting Services
For more information, contact us at learn@baesystems.com
baesystems.com/ai twitter.com/baesystems_ai linkedin.com/company/baesystemsai