THE REGION’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.asiapacificsecuritymagazine.com November 2013
Special features on CCTV and Cyber Security WHAT YOU NEED TO KNOW
Understanding space and security
Al-Qaida: Why it won’t go away
FEATURE INTERVIEW
Jeffrey Bleich Outgoing USA Ambassador to Australia
PLUS
TechTime Mini-Mag inside
YOU DON’T HAVE TO BE A GENIUS TO
SOLVE THE IP SECURITY PUZZLE Alloys have partnered with D-Link, giving you all the pieces to the IP Security puzzle to deliver end-to-end business solutions. Talk to Alloys today about Wireless Solutions, Switching, IP Surveillance, Network Storage and Security.
THE ALLOYS DIFFERENCE NETWORK DESIGN ASSOCIATE
BECOME A D-LINK NETWORK DESIGN ASSOCIATE TODAY FOR FREE! SAVE $100
CALL NOW FOR YOUR FREE ACCESS CODE
AND GET A FREE
MINI RUBIX CUBE KEY CHAIN
Exclusive high-margin IP Security range High stock levels across the range Market-leading Lifetime Warranties* VIP Partner Program with local pre-sales support and real rewards Tony Dobran Alloys IP Security Specialist
For more info, speak to Tony on 1300 368 348 or email tony@alloys.com.au Alloys reserve the right to change incorrect prices/specifications resulting from printing or typographical errors. *Selected D-Link products come with a Limited Lifetime Warranty. Refer to http://files.dlink.com.au/Warranty/LifeTimeWarranty.pdf for full terms and conditions. Melbourne Showroom 128-140 Wellington Street Collingwood VIC 3066
Sydney Showroom Talavera Business Centre Unit 5, No.1 Talavera Road North Ryde, NSW 2113
www.alloys.com.au 1300 368 348
Satisfaction.
The Yarra Honda four-story dealership in Melbourne, Australia focuses on customer service with help from Milestone XProtect® Enterprise. Staff use the video surveillance software to identify showroom customers who need help and receptionists monitor if employees are at their desks before transferring incoming calls. Proving again Milestone can solve problems that are more than security.
Milestone XProtect® is the world’s leading IP video surveillance management software and is reliable, future proof and easy to use. It supports the widest choice in cameras and seamlessly integrates with business and security solutions such as video analytics. Which means your possibilities are unlimited and you can keep your security options open. See our new products and the new ways to use XProtect at: www.milestonesys.com
Milestone Systems Australia Теl: +61 3 9016 7877
International
One lock, a world of possibilities SmartAir is an electronic Handle Set or Escutcheon, which provides a completely autonomous
single
door
access
control
and electronic master key system feature. SmartAir’s special design and technology offer
important
benefits
especially
in
comparison to mechanical key & cylinders or a wired online access control system. Utilising
Battery
technology,
operation
Smartair
and
provides
Wireless up
to
4
different solutions in one package, depending on
customer
requirements
and
budget.
Smartair also produce a range of products to suit specific applications including electronic Escutcheons,
Wall
Readers
and
Cabinet
Locks, all operating on either Mifare, iClass or NFC technology. Together
with
an
optional
Management
Software package, SmartAir provides a host of opportunities. Operating
Modes
include
Stand-Alone,
Offline, Update on Card and Wireless Online, each offering their own unique and specific set of features and benefits.
NSW Northmead: (02) 9890 5300 NSW Alexandria: (02) 9693 5144 VIC Mt Waverley: (03) 9558 8455
2 | Asia Pacific Security Magazine
VIC Tullamarine: (03) 9338 2427 QLD Kelvin Grove: (07) 3552 5966
Security Merchants Australia Pty Ltd, an ASSA ABLOY Group company
SA Marleston: (08) 8297 5555 WA Malaga: (08) 6462 8080
International
3rd Annual Personal Data Protection
Addressing the future perfect of data compliance 9th & 10th December 2013 The Royale Chulan Hotel Kuala Lumpur
0 01 0 0 01 101 010 101 1 010
101010101 0 10101010101 1 1 0 0 1 1 0 0 1 101 0 10101010101 0 01
For hundreds of generations, privacy has been recognised as a fundamental human right. Organisations create contents, products and services that are valuable to customers and business by compiling information and data all the time. Now with the implementation of the Personal Data Protection Act, it is increasingly important that they are aware of privacy requirements applicable to their customers’, employees’ and suppliers’ data. The challenge is even greater with the increased level of awareness amongst the data providers. 3rd Annual Personal Data Protection aims to the review the preparedness of the industry players in light of the impending enforcement of the PDP Act as well as getting ready for the challenges with the rise of data privacy awareness.
Your Expert Speakers Stephen K.M. Lau Immediate Past President Hong Kong Computer Society (Former Privacy Commissioner for Personal Data of Hong Kong)
John Pane Regional Lead Privacy Compliance & Data Protection - Asia Pacific Johnson & Johnson
Professor Dr. Ida Madieha Ahmad Ibrahim Kulliyyah of Laws International Islamic University Malaysia
Barry Ooi President The Marketing Research Society of Malaysia (MRSM)
Past Endorsers & Sponsors
Dr. Suresh Ramasamy Privacy Officer/Principal Strategist DiGi Telecommunications
Media Partner
For more details contact us at 03 - 2333 9350 Asia Pacific Security Magazine | 3
International
2-4 DECEMBER 2013 HARBOUR GRAND KOWLOON, HONG KONG 2 DECEMBER - MANAGEMENT TRACK 3-4 DECEMBER - THE TRAINING SERIES THE OFFICIAL LANGUAGE OF THE EVENT IS ENGLISH
7�� An�u�� HT��A
Asia Pacific
Training Conference THE HTCIA ASIA CHAPTER CONFERENCE The premier event for those in law enforcement and private industry who investigates in high technology crime. Re-connect with your colleagues, network with your peers, exchange best practices and preview technology and services from leading providers in the industry. One of the most profound conferences in the industry, this event offers a unique mix of pertinent content and opportunities for extensive networking amongst peers alike. You will learn from subject matter experts and business leaders from both public and private sectors, who have the information you need to do your job. Over 10 lab and lectures sessions per day will be offered to support you in all aspects of your job; not only the job you are doing today, but the new jobs you may be asked to do tomorrow. For any enquiries, please contact us at +852-3978-9900 or Eunice.mak@innoxcell.net
Computer Day 1 Sponsor
Tee-Shirt Sponsor
Exhibitors
Supporting Organizations
4 | Asia Pacific Security Magazine
Lucky Draw Sponsor
Show Bag Sponsor
Lanyard Sponsor
Gift Sponsor
International
Asia Pacific Security Magazine | 5
Editor's Desk
W
elcome to the Asia Pacific Security Magazine which is published alongside our new sister publication, Australian Security Magazine. Having explored the Asia Pacific during the past year, we return to re-focus on the Australian security industry, whilst maintaining a regional presence. There is a collective community interest in reforming the Australian security industry. There is also an urgency for reform to occur within the next term of Tony Abbott’s new Federal Government. The complaints briefly outlined herein, but detailed in a letter written to Federal and State Governments and which will be covered in greater detail in future issues, provide alleged Government facilitated breaches and common legislative issues which have been on the industry’s agenda for reform for a decade. The goal may now be to see the security industry benefit from the Coalition’s promoted 5 Pillar Economy and develop into an ‘advanced service industry’, with an initial focus on ‘reducing red tape and business costs’, caused by multi-jurisdictional, separate regulatory models. A situation that cannot continue unabated. Whilst Australian organised crime is recognised as a growing and significant national security risk, costed at $15 billion, an increase of $5 billion since 2008, the private security sector, worth collectively in 2011 at about $4.6 billion and employing 50,000 people, continues to be poorly regulated due to inaction or inability to draft appropriate and consistent State legislation. To highlight the issues, I’ve previously written of my exhaustive experience with NSW Police Security Licensing Enforcement Division and NSW Road and Maritime Services. Then my Queensland licence was under threat because of a mandatory requirement to travel to Queensland for fingerprinting, and with concern, there has been alleged breaches of the Security and Related Activities Act facilitated by the WA Public Transport Authority. In August 2013, the WA Public Transport Authority (PTA) announced the award to five companies for contracts installing CCTV and security systems subject to Transport
Systems and Infrastructure Tender. The WA Police Security Licensing Enforcement Division (SLED) has confirmed it is investigating breaches of the WA Security & Related Activities Act. From national issues to even more concerning international issues, as the Syrian conflict dominated headlines, alongside significant Egyptian, Lebanese and Iraqi events, it is worthwhile revisiting last year’s analysis provided by Lt Col (res) Dr Dany Shoham, published in our Asia Pacific Security Magazine (August 2012). Dr Shoham points out that Syria’s vast arsenal of operational-level chemical and biological weapons, based on lethal and incapacitating agents, is diverse by any standard. Syria also possesses many sophisticated launch platforms and dispersion equipment, including missiles, rockets, aircraft, artillery shells, cluster warheads, and unitary ammunition – most of which are of high quality. Syria has Scud missiles capable of carrying chemical warheads that can strike anywhere in Israel, even when launched from deep behind Syria’s front lines. This explains why warning lights first flashed in American intelligence agencies when they discovered last year that the Syrian army had removed an unspecified number of chemical weapons from their storage sites. The US was deeply concerned that the Assad regime might employ such weapons against its opponents if conventional weapons fail and Assad senses that the end is approaching; a last-ditch apocalyptic act of après moi le deluge. There has also been a precedent: Bashar Assad’s father, President Hafez Assad, ordered the massacre in 1982 of approximately 18,000 Sunnis in Hama with cyanide gas. In May 2012, Jordan and the US held a largescale, nearly month-long, military exercise with more than 12,000 special forces from the United States and other countries, including Arab states – focused on military preparedness for emergency situations involving chemical and biological weapons in Syria. A follow-up study found, however, that 75,000 troops would be needed to secure Syria’s chemical arsenal. Outright
bombarding of Syrian chemical or biological arms stockpiles could result in significant environmental pollution. Iranian leaders and commanders have also issued stark warnings to the United States and its allies, saying any military strike on Syria would have lead to a retaliatory attack on Israel fanned by ‘the flames of outrage.’ From these events in the Middle East and recent attacks in North Africa, we need to continue our understanding of our immediate region, the Asia Pacific. Whilst the South China Sea remains central to maritime trade routes, it holds massive oil and natural gas reserves. It is the site of territorial disputes between China and nations such as Taiwan, Vietnam, Malaysia and the Philippines. Add to this, Japan and China are involved in a separate dispute in the East China Sea and signs of increasingly more nationalistic political rhetoric by Japanese leaders. As the potential for significant military conflict continues to emerge, during September I toured US facilities of global security and aerospace company, Lockheed Martin, including those in the Space, Aerospace, Maritime and Cyber Security domains. I look forward to providing specific reports about these facility visits in subsequent issues. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage. Yours sincerely,
Chris Cubbage
CPP, RSecP, GAICD
Executive Editor
OUR NETWORK Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.
Acknowledgements Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Senior Editor Loreta Cilfone Art Director Stefan Babij Correspondents Sarosh Bana, Sergei DeSilva-Ranasinghe, Jaya Prakash, Kema Rajandran, Adeline Teoh Contributors Brett Biddington, Anthony Caputo, David Harding, Dr Carolyn Patteson Copyright © 2013 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T: +61 8 6465 4732 | E: info@mysecurity.com.au E: editor@asiapacificsecuritymagazine.com All material appearing in Asia Pacific Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances. 6 | Asia Pacific Security Magazine
Are you an IT service provider looking to reach the right decision maker? 0am 8:0
4 201 y uar s ebr F CTO 11 & IOs o C t t it Nex umm S s der a e L CIO
S LAS C ST FIR ers pli p u S IT nts lie c n st new tio a uni r To t t r s o ru Opp f f T o I d Mr. Lan
st uni t r ppo T O I TO Mr. & C s O CI to t i Nex rat t s fru of d Lan Sum s r de Lea O CI s ier l p Sup IT
Leaders Summi
IT Suppliers 11 F
This is the boarding pass for your journey to the decision making CIOs...
11 February 2014 Brisbane Convention Centre
www.cioleadersbrisbane.com Asia Pacific Security Magazine | 7
....with Raymond Andersson
Corporate Security Adviser North Australia/North Queensland, Department of Human Services
With a remarkable career spanning 30 years and holding extensive qualifications, Raymond Andersson fittingly holds the number one position on the Security Professionals Registry of Australasia, established by the Australasian Council of Security Professionals. How did you get into the security industry? In the mid 1980s, whilst serving in the ADF, I joined the internet revolution that provided me exposure to the international movement towards a professional security management model that caught my interest. I was providing protective security advice as part of my duties and saw a need in Australia for the industry to become a profession, through licensing, quality training, ongoing professional development and improved selection traits and behaviour standards for guards and managers. I continued this interest after discharge from the Army, working my way up in the industry, gaining experience in guarding, commercial security, industrial security, hospital security, retail security, security consultancy and high value diamond mining operations security. During this period I sought training and professional development opportunities wherever I could find them. How did your current position come about? After an absence of six years while working in Canberra, my family believed that it was time to return home to Darwin. The position that came available with the Department of Human Services in Darwin was most opportune. What are some of the challenges you think the industry is faced with? At the basic level, in Australia, licensing, training and individual selection standards remain fragmented and contribute to the difficulty of the security industry gaining the level of credibility it needs to have public and business confidence to move forward. This is an issue that needs to be addressed at COAG level to harmonise training and licensing along with establishing a robust system of QA to ensure training requirements are being met and those working in the industry meet and retain applicable standards of knowledge and behaviour standards. Another challenge for Australia is at the consultant level where individuals with limited
8 | Asia Pacific Security Magazine
experience in the field of security and minimal qualifications required for licensing, obtain state licenses, offering their services as security consultants to business in areas where they have little or no expertise, bringing discredit to the consultant profession. This is an area where input from the Australasian Council of Security Professionals, working with the states and territories may be beneficial. Where do you see the industry heading? Internationally, the industry is currently undergoing many changes as we adapt to the new threat environment created by cyber attacks and the ongoing terrorist threat. Industrial and national security espionage continues behind the scenes, with industries being targeted on a regular basis. Crime, both in Australia and internationally continues to grow, with organised crime continually working to disrupt our safety and security in an attempt to profit from their crimes. Media reporting and court
cases involving hospitality industry security staff continues to raise questions of appropriate training and the integrity of those who are employed in the industry. There is a real need for the industry to become professional in all it does. What do you do when you’re not working? I continue to focus on security and crime prevention in my own time, through active membership to a number of security and crime prevention organisations. In between this, I am researching my family history, to provide a record for future family generations to carry on the stories that are often lost to time. Lastly and probable most important, I am catching up on six years of being away, catching up on house maintenance and spending quality time with my wife.
Are you an IT service provider looking to reach the right decision maker? 0am 8:0
3 201 r mbe ove TOs N 4 & C s IO o C t t it Nex umm S ers ead L CIO
SS CLA T S FIR rs lie p p Su IT nts lie c t on new nis ati u r To t t or rus Opp f f T o I d Mr. Lan
t nis u t or Opp T I TO Mr. & C s IO o C t t ti Nex tra s u fr of d Lan um s S r e d Lea O I C rs lie p p Su IT
Leaders Summi
IT Suppliers 4 No
This is the boarding pass for your journey to the decision making CIOs...
19 February 2014 Sydney Harbour Marriot Hotel, Circular Quay
www.cioleaderssydney.com
Bruce Blythe Bruce Blythe, internationally acclaimed crisis management expert, is pleased to announce that he has acquired Supportive Solutions, Inc (SSI). This acquisition adds another important set of crisis response and senior management consultation services to his comprehensive ‘ready, respond, recover’ continuum of crisis management businesses. Blythe is Chairman of Crisis Management International (Atlanta), Crisis Care Network (Michigan) and Behavioural Medical Interventions (Minneapolis) – a network of companies providing end-to-end services ranging from crisis preparedness, crisis response, and accelerated return-to-work respectively. Founded in 2004, SSI has contributed important innovations in the comprehensive crisis response and crisis leadership arenas. SSI president and founder, Tonya Teal Slawinski, PhD, developed a revolutionary crisis response approach that has been widely adopted by corporate managers and employee assistance program providers across the United States. “We are excited about the addition of Supportive Solutions and Dr Slawinski to our team,” says Scott Alfieri, CEO over all four companies. “Our organisations share a history of high-quality crisis consultation and service delivery. SSI will expand our network of experienced crisis response specialists and broaden our ability to respond on-site and immediately to client requests over 1,000 times every month.” The combined talent of SSI with CMI, CCN and BMI will continue to span the one-stop ‘ready, respond, recover’ crisis management continuum by helping organisations prepare for and respond to crises, while providing comprehensive return-towork outcomes.
Brett McCall After 37 years as a family owned business, McCall Security has been acquired by another
10 | Asia Pacific Security Magazine
long-standing family security business – SNP Security. SNP Security is a large Sydney based security firm celebrating its 90th birthday this year. They have a significant national footprint in both the Protective Services (Manpower) and Electronic Security sectors, therefore with their additional scope and experience SNP can significantly enhance the service delivery experience already provided by McCall’s for almost four decades. After 23 great years in the cockpit of McCall Security, Brett McCall, will now be taking on a new role with the SNP management team to help build the business and ensure a seamless transition with McCall clients and staff.
Larry Berg Larry Berg has been appointed to the board of directors for Avigilon – a company specialising in high-definition (HD) and megapixel video surveillance solutions. In Berg’s most recent position as president and CEO of the Vancouver Airport Authority (VAA), he was instrumental in the redevelopment and expansion of the Vancouver International Airport (YVR) in Vancouver, Canada. The airport was named Best Airport in North America at the Skytrax World Airport Awards in April 2013. Prior to his position at the VAA, Berg was vice president of administration at Luscar Ltd, a major Canadian energy company. In the past, Berg served as chair on the Business Council of British Columbia, the Greater Vancouver Gateway Council and the Canadian Airports Council. He has held directorships on the boards of Seacliff Construction Company, Canada Line Rapid Transit Inc., and VGH-UBC Hospital Foundation. He is also past President of Airports Council International Asia-Pacific Region. Berg is currently on the board of the Vancouver Symphony Orchestra Society and a director of
Vantage Airports Group, a subsidiary of VAA which operates 12 airports within Canada and internationally. President and CEO of Avigilon, Alexander Fernandes, says, “Larry brings extensive experience in executive management positions, proven business leadership skills, and a unique understanding of the airport industry. We look forward to his contributions as we continue to grow our business.” Berg comments, “Avigilon is a remarkable technology company with a proven track record of success. I look forward to applying my experience and contributing to the company’s rapid growth.”
7th Annual Global Security Challenge 2013 Summit Since its conception in 2005, the Global Security Challenge Summit has been bringing together innovative startups and industry stakeholders for pitches, panels and networking. Held in the UK, in September, this year’s finalists presented innovative cyber security technologies, and travelled from around the world for the chance to be named this year’s winners. Australian Security Magazine Executive Editor, Chris Cubbage, was proud to be part of the online judging panel. In the pre-revenue category, British startups ExactTrak, SQR Systems and Abatis Ltd were joined by Canada’s WhiteNoise Laboratories and Sweden’s Kikusema. In the post-revenue category, American firms Neurologix Security and Cohesive FT were challenged by Australia’s Serval Project Inc, Israel’s CheckMarx, and Spanish firm Agnitio SL. Both morning and afternoon sessions featured lively panels and an engaged audience, exploring how to successfully partner, how to raise funds, how to avoid typical mistakes, and importantly, unmet cyber needs. Keynote Nick Coleman, IBM’s Global Head Cyber Security Intelligence, rounded the day off with his insights and experiences working in and with startups, Government and big industry. The winner in the pre-revenue category was British startup SQR Systems, who impressed the judges with its strong team and smart technology. Serval Project Inc received an honourable mention for its disruptive mesh network offering. In the post-revenue category, Cohesive FT was named winner. Judges particularly noted Cohesive FT’s clever market strategy and projections.
If you have an entry for Movers & Shakers please email details and photo to editor@asiapacificsecuritymagazine.com
Are you an IT service provider looking to reach the right decision maker?
Let us be your ladder to the Cloud. We have the solution‌
1-2 April 2014 The Ritz-Carlton, Hong Kong
www.ciopacificseries.com Asia Pacific Security Magazine | 11
BYTE into BIG DATA Summit
BIG DATA event has big officials’ support
B
E Summits is a leading business intelligence firm which specialises in hosting senior management forums and summits across the globe. After its successful event on Cloud computing, ‘The Global High on Cloud Summit’, BE Summits is ready with its next event ‘BYTE into BIG DATA Summit’, which is now officially supported by the Ministry of Communications and Information Technology, Government of India. It is taking place on 21 and 22 of November, 2013 in Mumbai, India. Some officials of the Ministry associated with BYTE into BIG DATA Summit are; Shri Rajiv Gauba, Honorable Addl. Secretary, e-Governance Group, Department of Electronics & IT, Govt. of IndiaSmt. Renu Budhiraja, Sr. Director & HOD SDC Division, Department of Information Technology, Govt. of India Smt. Uma Chauhan, Director SDC Division, Department of Information Technology, Govt. of India. The ministry officials will be discussing the advancement and development of technology in India. There will be discussions on the future road map of technology in India and the progress in it, and as BIG DATA is the most sought after technology in the market, it’s therefore relevant in the growth of technological advancement in the IT sector of India. This event will see some top-notch individuals who represent leading companies in India and will be speaking and sharing their expertise on the Big Data arena. To name a few; Lakshmi Narayan
12 | Asia Pacific Security Magazine
Rao (Lux Rao) Chief Technologist - Cloud, Big Data & Mobility - Technology Services, Hewlett Packard, Ahmed Aamer - Executive Director, SKY Computing, Vijay Sethi - Vice President & Chief Information Officer, Hero MotoCorp Ltd., N Jayantha Prabhu - Chief Technology Officer, Essar Group. Along with this elite list of individuals, the event has partnerships with some of the leading Big Data solution providers; SAP India: One of the top IT companies in India offering solutions across various industry verticals. Diyotta: Diyotta is leading the Big Data Integration movement by giving you the ability to readily integrate and
make available high value information across your internal and external data sources. Arista: Arista offers a broad portfolio of Gigabit Ethernet solutions including 1, 10 and 40 GbE switches that redefine network architectures, bring extensibility to networking and dramatically change the price/ performance of data center networks. This is a must attend event to gain knowledge in Big Data, data analysis, and management. For further information, contact Harsha Samtani, phone +91-80-4115 4921, email contactus@besummits.com or visit http://www. byteintobigdatasummit.com
Global Security Challenge
The Challenge of Cyber Security
D
igital technology has changed the world – for the good. It has enhanced our day-to-day living in our business and personal spheres in allowing us to do things never before imagined possible. In keeping up with digital technology though, we’ve also had to keep up with defending the unlawful attacks made to our devises. And thus was born the necessity of cyber security. The threat of cyber attacks is more prevalent today as hardware and software becomes cheaper and more accessible with cyber attacks rampant throughout business and personal usage alike. Consequently, the demand for cyber security is increasing significantly and remains high on the priority list for Governments world-wide. The 7th Annual Global Security Challenge Summit (GSC) was held in September this year in the UK, with its chosen subject as cyber security. The cyber security field is able to utilise technology to provide protection for our data and ourselves – detecting threats and processing intelligence to ensure our online and physical safety. It is for these reasons cyber security was chosen as the subject of this year’s GSC. About the Global Security Challenge The principle is simple; most innovation comes from start-ups and SMEs, but keeping tabs on emerging companies and their technologies can be very difficult for Government and industry, particularly as threats and solutions continue to diversify. The GSC addresses this by attracting and recognising innovative security start-ups and SMEs from around the world, bringing them together with academia, Government and industry. In a testament to the quality of companies that GSC attracts, and the opportunities it affords its winners and finalists have subsequently raised more than $120M since taking part. Challenge Requirements GSC 2013 aimed to discover the most promising young companies, university spin-offs and concept projects from around the world, capable of providing the next generation of cyber protection and leading the charge against some of the biggest threats of today and tomorrow. Areas of particular interest were:
Nithin Thomas of SQR Systems (left) receiving the award by judge Andrew Powell, UK MoD
Cyber intelligence, examples; • Automated technologies that can prevent or mitigate cyber-attacks or perform real-time malware analysis • Visual analysis environments dedicated to cyber intelligence (eg, situational awareness or network/attack visualisation) Access and identity management, examples; • Secure wireless payment systems • Cryptography and secure cloud computing • Biometric authentication The use of social media in disaster management, examples; • Crisis observation and relief prioritisation tools • Emergency broadcasting services • Creation and exchange of user-generated content and spontaneous, context-specific mobile applications GSC recognises that sometimes the best ideas lie in the places you would least expect to find them and that’s why exemplary, disruptive technologies in related fields were also considered. The Event GSC attracts a large number of submissions from around the world, which are first screened online by a panel of expert judges. Top entries are then invited to pitch at the global finals to an audience
of Government, industry and investors who come to preview the best emerging security innovations. Finalists each had six minutes to pitch their innovation as well as a private Q&A session with the final judging panel. The event included talks and panel discussions from prominent academics, Government officials and industry leaders from both sides of the Atlantic, discussing the latest trends and developments in the cyber field.
Q&A with Dr Nithin Thomas, CEO, SQR Systems: How did you get involved with the current technology you are doing? SQR Systems is a multi-award winning cyber security company that develops encryption technology for secure communication over low bandwidth networks. The company was founded in late 2010 to commercialise some technology I developed during my PhD at the University of Bristol, funded by the Engineering and Physical Sciences Research Council (EPSRC). I had been researching techniques to protect video data at a time when the term cyber security was not recognised and digital and online piracy was a major threat to the entertainment industry. The challenge was to protect the data in a way that does not interfere with the user experience while ensuring that illicit access was prevented from all parts of a fragmented ecosystem that included a variety of digital formats, devices and methods CONTINUED >>
14 | Asia Pacific Security Magazine
Asia Pacific Security Magazine | 15
of delivery. The networks used to deliver content were often the weak points that were abused to get hold of the content illegally. A means of protecting video data from the instant that it is created to shut out illicit access while ensuring the users got the best user experience for the content they pay for was needed. I developed a technology that allows video data to be adapted in encrypted form, which meant that the content owners could encrypt the data at the source and the content delivery system could adapt the data for each user without any access to the unencrypted data. By the time I finished my PhD, I realised that there was far greater value for this technology in the defence sector. I setup the company with Rockman Law, a long term friend from my University days, and went about addressing the issues with secure video streaming over unreliable networks used in defence and security operations. The use of public networks and commercial hardware has a lot of financial benefits in these sectors but the challenges in ensuring data security need to be overcome. These challenges are often very similar to those faced in the entertainment industry and the technology I developed for a completely different application suddenly became relevant here. By protecting the data from the instant it is created, we can remove many of the weaknesses in a communications system that are exploited by cybercriminals and malware. This new approach to security was picked up by the
UK Ministry of Defence and we developed the technology further with the Defence Science and Technology Labs in the UK. We are now seeing a lot of opportunities outside of defence, where protection of personal and corporate data is becoming more and more essential. How did you get involved in the Global Security Challenge? When the company first started, there were very few sources of funding as the global financial crisis had a major impact on startup and early stage funding in the UK. The Global Security Challenge was one of the very few funded competitions, made even more exciting by its focus on the industry we were building our company in. It is the only competition in the UK that is specifically targeting defence and security startups. Although I was not involved in the challenge then, I saw the calibre of judges and competitors and was pleased to hear that it was re-launching in 2013 and grabbed the opportunity to take part. How did you find the Challenge assisted you? The Challenge was a great platform to showcase our technology in front of a panel of industry experts and interact with some of the leading figures in the industry. Winning the Challenge has opened up several opportunities for us in the UK
Chris Purrington of CohesiveFT (left) receiving the award by judge and sponsor Nick Kingsbury, C5 Capital
16 | Asia Pacific Security Magazine
and overseas. Having competed with some truly innovative startups from the cyber security space, the Challenge has given us a lot of credibility and exposure to potential partners. What are the implications of winning the Challenge - what is next? Our work at SQR Systems has always been focussed on enabling trust over potentially untrusted networks. This is a powerful way of thinking about security because we concentrate on protecting the data instead of the systems that handle it. As the threats from cyber crime continue to grow and the risks to our data continue to increase, more innovative technologies are needed to address the problem. We aim to continue to develop our technology and continue to invest in new ideas to become a de facto standard for secure communications.
Q&A with CohesiveFT How did you get involved with the current technology you are doing? CohesiveFT enables enterprises to run business operations in the cloud. Its solutions help migrate, transform and extend both customer facing systems and internal operational platforms. CohesiveFT lets enterprises build on existing IT resources, save money on a single, upfront migration and focus on an application-centric view of integration, governance and security. Its solutions provide cloud infrastructure products and services allowing enterprises to safely migrate through a logical set of steps. CohesiveFT products allow enterprises to use existing resources, software components and operating systems to target public, private, and hybrid clouds. After decades in enterprise IT and financial services management, founders Patrick Kerpan, Craig Heimark, Dwight Koop, and Ryan Koop founded CohesiveFT started the company with venture backing and originally focused on providing virtual appliance solutions for the financial services industry. Soon after the company’s start, the global recession and the emergence of the public cloud helped re-shape CohesiveFT into a more broadly enterprisefocused company. The founders’ backgrounds in networking, enterprise IT, and financial services technology allowed them to watch the industry ‘grow into cloud’ from concept to reality. The first network virtualisation software product CohesiveFT created was originally called vCubev, thenVPN-Cubed and is now rebranded as VNS3. VNS3 was created as a solution to support the company’s image management product, Server3. VNS3 connected the
servers Server3 created, and joined them together as if they were one logical group of resources. VNS3 was based on OpenVPN, and allows users to connect multiple servers (both physical and virtual) located in various data centers and cloud providers into a single address space. Customers began using VNS3 to connect networks to the cloud for internal and partner solutions. VNS3 allows applications to run unmodified as if they were all running on hosts behind a single switch. It works even when hosts are behind very restrictive firewalls, so it was a perfect fit for industries with regulation and data security concerns. Since 2008, CohesiveFT has seen year over year, customer growth rate of about 18 percent. As the cloud infrastructure becomes more reasonably priced, more customers have sought out CoehsiveFT through cloud providers’ marketplaces and forums. VNS3 has helped users secure more than 60 million virtual device hours in public and private clouds. From a handful of users in 2008, VNS3 has more than 500 customers in 20 countries. How did you get involved in the Global Security Challenge? CohesiveFT CTO, Chris Swan, knew of
the competition from GSC founder Simon Schneider. Schneider and our PR firm, Groshelle Communications, suggested we apply and pitch at GSC considering our long history in the cloud computing industry. Swan pitched at this year’s Summit as part of a large lineup of innovative cyber security technologies from around the world. CohesiveFT was named the 2013 winner in the post-revenue category by the panel of judges.
judges for the Awards. Their insights were incredibly helpful. It is always great to get insights, thoughts and impressions from non stakeholders and non customers. What are the implications of winning the Challenge - what is next?
As more organisations consider and move to the cloud, customers will need an honest guide to cloud migration connectivity, and security. Customers will worry about vendor lock-in and existing resources, so enterprises How did you find the Challenge assisted you? will need advisors and solutions with an approach that focuses on their systems and applications. Presenting to a wide range of technical people Every recognition, especially from globally known helps the company hone the message. The publications such as Asia Pacific Security Magazine, different perspectives give us feedback from the adds to CohesiveFT’s industry credibility and reach. judges, panel and organisers. The Global Security In a market where many companies are simply adding Awards was a perfect opportunity for both ‘in the cloud’ or ‘cloud-enabled’ to their services and feedback and recognition. products, the Global Security Challenge is a mark of Swan had only seven minutes to convey the authenticity for CohsiveFT customers and partners company’s mission and focus, the market context, to instantly know that our customers’ successes are and what customers use VNS3 to accomplish. In genuine and meaningful. those seven minutes, Swan had to both tell the company’s story and connect with leaders in a variety of technological fields. After the pitch competition, the UK team also had the opportunity to meet with the panelists and
2013 SRI SecuRIty congReSS 2-4 December 2013
Over three days ECU’s SRI Security Congress will bring together all areas of security professions and disciplines as part of a holistic engagement for the wider security community. This congress will explore how to reduce the efficacy, persistence and abilities of advanced threats that jeopardise our critical systems stability. It will also examine methods, tools, techniques and frameworks in dealing with some of the serious problems that our increasingly interconnected, digitised systems are producing that threaten our economic and social well being. All submitted papers will undergo a double blind peer review process. The 2013 SRI Security Congress will host 6 security based conferences over 3 days 14th Australian Information Warfare 11th Australian Information Security Management 11th Australian Digital Forensics
6th Australian Security and Intelligence 4th Australian Counter Terrorism 2nd Australian eHealth Informatics and Security
Venue
Contact details
Key dates
Edith Cowan University 270 Joondalup Drive, Joondalup WA 6000 Tel: +61 8 6304 5176
Congress Coordinator - Emma Burke Tel: +61 8 6304 5176 E: sri@ecu.edu.au W: http://conferences.secau.org/venue.php
Paper Submission Deadline - 30 September 2013 Acceptance Notification - 28 October 2013 Camera Ready Papers - 11 November 2013 Early Bird registration - 11 November 2013
TEACHING QUALITY ★★★★★ ★★★★★ TEACHING TEACHING QUALITY QUALITY Tel: 134 ECU (134Tel: Tel: 328) 134 134 ECU ECU★★★★★ (134 (134 328) 328) ★★★★★ GRADUATE SATISFACTION ★★★★★ ★★★★★ GRADUATE GRADUATE SATISFACTION SATISFACTION E: futurestudy@ecu.edu.au E: E: futurestudy@ecu.edu.au futurestudy@ecu.edu.au the good universities guide the the good 2014 good universities universities guide guide 2014 2014
reachyourpotential.com.au reachyourpotential.com.au 303LOWE ECU10511 CRICOS IPC 00279B
ECUSRI Edith Cowan University Security Research Institute
NCT CBRNe Asia 2013
Building bridges Non-Conventional Threats in Asia and World-wide
C
ountries from Central Asia to the Pacific are increasingly threatened by CBRNe agents, WMD proliferation, natural disasters and terrorism. In the recent past, the Asian region has been the theatre of gradually escalating regional conflicts, catastrophic natural disasters and a source of pandemics; the bird flu pandemic recently killed dozens of people in East Asia, and the Fukushima Daiichi Nuclear Incident in 2011 proved that non-conventional threats are far from abstract challenges to our modern societies. NCT CBRNe Asia 2013 IB Consultancy is committed to supporting society in the prevention, preparation and response to non-conventional threats. After the inaugural NCT CBRNe Asia 2012 event in Bangkok, this year’s forum in Kuala Lumpur provided an outstanding platform for the exchange of first-hand information about fundamental CBRNe issues in the Southeast Asian region. Therefore, IB Consultancy assembled relevant decision makers, experts and first responders ranging from Turkey to Japan to discuss this enduring threat to international security, including high-ranking Malaysian
speakers such as the Honourable Dato’ Sri Dr. Hj. Ismail bin Hj. Ahmad, Secretary General at the Malaysian Ministry of Defence, who opened the conference with an impressive presentation on CBRN threats and response in Malaysia.
procedures, the attendees of the demonstration were able to witness firsthand first response strategies and approaches in Malaysia.
Live CBRNe Demonstration
After the intense experiences of the afternoon, everyone dressed up in the evening in order to attend the spectacular and sophisticated NCT CBRNe Awards Gala – the official ceremony of the NCT CBRNe Awards 2013, the new industry prizes rewarding excellence of CBRNe products, solutions and developments in the international CBRNe Community. Being presented by an international professional jury comprising CBRN experts and end-users, this year’s inaugural awards definitely rewarded excellency; the Reward Project won the Innovation Award for the most innovative research project and the US Second Line of Defense’s Megaports Initiative won the Capability Award 2013. The two most prestigious Awards were handed out to Bruker Daltonics’ RAID M-100 Detector, chosen through online voting and live by the Gala attendees for the Community Award 2013; and to DxTerity for their REDI-Dx biodosimetry product, which won the most esteemed Award, the NCT CBRNe Product Award 2013. With a clear end-user benefit, economic efficiency and an excellent match between requirements and the offered solution, DxTerity definitely convinced the jury.
An eventful live CBRNe demonstration at the Fire and Rescue Academy of Malaysia and the outstanding NCT CBRNe Awards Gala 2014 set the stage for the four-day event and deeply impressed the international delegates with a high-level of proficiency, entertainment and recognisable efforts to bring together experts from all around the world in order to establish an international CBRN community. The CBRNe live demonstration, led by Col Jamal bin Malik from the Royal Malaysian Armed Forces, simulated a peace keeping operation patrol, during which the usage of chemical weapons was reported. While first responders patrolled the suspected area, a series of roadside bombing took place. Immediately, the Malaysian CBRNe Responder Team, consisting of several small sub units, arrived and initiated the whole response, rescue and decontamination processes for personnel and locals. Watching the entire scenario just meters away from wads of smoke, rushing CBRN response vehicles and personnel carrying out decontamination
NCT CBRNe Awards Gala 2013
NCT CBRNe Asia 2013: The conference
The NCT CBNRe Gala 2013
18 | Asia Pacific Security Magazine
The following two-day conference included - inter alia - presentations from high-level ministers and generals from the Southeast Asian region on national CBRNe response capabilities and requirements, while promoting the need for international cooperation and capacity building in this field. Most notably was the presentation of Dr Aung Kyaw Myat, Deputy Minister of the Ministry of Science and Technology in Myanmar, a country that hardly has elaborated on its CBRNe capabilities before. Also other renowned experts such as Maj Gen JK Bansal, Union Minister of State in India, highlighted in a stirring manner the importance of events such as NCT CBRNe Asia to strengthen international exchange of information, best practices and approaches. Further speeches from Lt Gen Yugala from the Royal Thai Army’s Chemical Department, Laurent Olmedo from the French CEA, as well
as Prof Levent Kenar from the Turkish Gulhane Medical Military Academy and Brig Gen ChanSup Kim, Commander of the ROK CBRN School in South Korea, initiated highly interesting debates on the most important threats, challenges to R&D and response approaches in the field of CBRN. Together with the professional live demonstration and the prestigious NCT CBRNe Awards 2013, the conference achieved the goal of exchanging thoughts, experiences and solutions between the various stakeholders within the Asian and international CBRN community. NCT CBRNe Asia 2014 in South Korea Next years’ IB Consultancy flagship event, NCT CBRNe Asia 2014, will take place in October in Seoul, South Korea – a country that has CBRNe defence high on its political agenda. This will contribute to the significance of this series of NCT CBRNe Asia events, providing a bridge between Asia and the rest of the world. Check out www.ib-consultancy.com as well as www. cbrneportal.com for news and event updates. Live CBRNe Capability demonstration at the Fire and Rescue Academy of Malaysia, Kuala Kubu Bharu
Training for a better future in...
Security at Brisbane Security Training Centre
Our highly respected industry specialists provide Security Operations training and advice to leading security businesses around the state. Let us help you secure the skills you need to become an effective security operator. Call Wide Bay Institute of TAFE’s Brisbane Security Training Centre on 3806 9633 for further information.
1300 656 188
www.widebay.tafe.qld.gov.au 40 - 44 Johnson Road, Browns Plains, Queensland 4118
• • • •
Defensive Tactics Edged Weapons Introduction to Terrorism Private Investigator - Certificate III in Investigative Services (CPP30607) • Certificate IV in Security and Risk Management (CPP40707) • RPL available
Event a great success
T
he feedback from the nearly 200 participants from around the world who recently attended the Oil & Gas ICS Cyber Security Forum, which was held 7 to 10 October was extremely positive. In addition to the two-day Forum, several workshops on specific issues of concern were delivered and one of these workshops on ‘ICS Security’ was delivered by Dr Christopher Beggs of Security Infrastructure Solutions (SIS) who is based in Melbourne, Australia. The two-day Forum covered a number of different issues related to automation and control security and of particular interest was the panel session on ‘ICS/SCADA – In Depth Review’ led by Dr Eric Byres of Tofino Security. The discussion in this session covered a wide range of
20 | Asia Pacific Security Magazine
Oil & Gas ICS Cyber Security Forum
issues of concern given the fact that IT systems are designed with security in mind whereas IC systems are not. Several international speakers participated in the Forum including: Howard Schmidt, Former Cyber Security Advisor to President Obama; Ayman Al Issa, DOF Cyber Security Advisor, ADMA-OPCO; Jay Abdallah, CISSP Senior Network Security Consultant, Invensys; Greg Day, VP & Chief Technology Officer – EMEA, FireEye; Ibrahim Hamad, Corporate Information Security Officer, Dolphin Energy; Jamal AlBalushi, PCD IT Security Leader, PDO; Riemer Brouwer, Head of IT Security, ADCO; Justin Lowe, Energy Cyber Security Specialist, PA Consulting; Professor Paul Dorey, Director, CSO Confidential; and Paul Wright, Manager
– Professional Services and Investigation Team – MEIA, AccessData; All of whom made an invaluable contribution to crucial issues that are uppermost in the minds of the international oil and gas community when it comes to protecting their assets from cyber attack. Participants came from far and wide including the USA, Canada, Netherlands, Germany, Russia, France, Italy, UK, Spain, Japan and across the Middle East. Koichi Arimura from JPCERT/CC was not alone when commenting on the many benefits of attending the Forum. Plans are underway for the 3rd International Oil & Gas ICS Cyber Security Forum to be held in 2014.
7 TH ASIA-PACIFIC SECURITY FORUM & EXHIBITION MACAU, CHINA | 3–5 DECEMBER 2013
www.asisonline.org/macau
6 Reasons to Attend ASIS Asia-Pacific 2013! 1. Industry leaders from important companies and organisations will speak about the latest developments, trends and innovations in security. 2. Apply lessons learnt from other industries to your own sector. 3. Connect with high-level security professionals from all over the Asia-Pacific and beyond. 4. Get motivated by new ideas and information. 5. Form new partnerships and reconnect with familiar faces in the industry. 6. Get social and join discussions on Facebook, LinkedIn and Twitter FEES
Early Rate until 4 November 2013
Regular Rate after 4 November 2013
ASIS Member
USD 995
USD 1,150
Non Member
USD 1,295
USD 1,500
Group Rate (as from 5 delegates)
USD 875
USD 875
CONTACT US asiapacific@asisonline.org T.+32 2 645 2674 ENTRY TO THE EXHIBITION IS FREE OF CHARGE FOR PRE-REGISTERED VISITORS
KEYNOTE SPEAKER DR. TIM SUMMERS
Senior Consulting Fellow, Asia Programme Chatham House Hong Kong Speakers will include CHRIS CUBBAGE, CPP
Director & Principal Consultant, AmlecHouse Pty Australia City CCTV Surveillance Systems and the Prospects for Integrating Social Media Into CCTV Operations GEOFF BROWN
Asia Group Investigations Manager, Microsoft Thailand Investigating Workplace Violence in Asia LAWRENCE J. FUTA
Legal Attaché, Legal Liaison Office, US Consulate General Hong Kong Major Theft - A Gateway Crime With National and Economic Security Implications SCOTT MACMILLAN, CPP, PSP
Loss Prevention Superintendent, Phu Bia Mining Laos An Integrated Approach To Security DR. DENCIO SEVERO ACOP, CPP
Associate Director, Head of Security and Intelligence, Wyeth Nutrition Philippines Intelligence: The Neglected Better Half of Security
Asia Pacific Security Magazine | 21
Cover Story
Evolution of United States-Australia Relationship After more than a decade since the 9/11 terrorist attacks reinvigorated the United States-Australia alliance, both countries today maintain closer ties more than ever before. In one of his final interviews, outgoing US Ambassador to Australia, Jeffrey Bleich, spoke to Sergei DeSilva-Ranasinghe about the challenges in the relationship; developing economic and people-to-people relations; what the US Asia-Pacific rebalance means for Australia and the region; US policy to the Indian Ocean region; the importance of Western Australia and the future of bilateral ties.
I By
Serge DeSilva-Ranasinghe Correspondent
22 | Asia Pacific Security Magazine
would like to start by asking you about the present state of the bilateral relationship, particularly in relation to its challenges. It is widely understood that the US and Australia enjoy strong relations, but having said that, every relationship also has its difficulties. What would these be in relation to the US and Australia? Right now, Australia and the United States are in a very strong place. Both agree on challenges in the Asia-Pacific region. Although we may differ on some tactical issues, by and large, we share a common perspective on important world issues, so I don’t see too many challenges in the relationship. The biggest fear down the road is that we may take this relationship for granted and assume we will always work well together. Relationships between countries can change over time – bad relationships can improve dramatically, but great relationships can weaken if you don’t pay enough attention to them. After the global financial crisis and the Iraq war, which was unpopular in Australia and quite controversial in the United States as well, a generation here has became sceptical of US leadership in economic and security matters. One of our goals is to not only remind people of the successful aspects of our relationship in the past, but also to restore confidence and demonstrate a visionary and common approach on the issues that affect this region. The US economy is recovering, which is helpful. We have completed our mission in Iraq, created a timeline to exit Afghanistan,
and rebalanced and refocussed our global priorities. But I worry about the generation that needs to be reassured – so they can feel confident like their parents and their grandparents – that the US-Australia relationship is worth their personal investment. On the topic of challenges, does the depreciation in Australia’s defence spending and defence industry pose any particular long-term concern? The United States and Australia have been working closely for more than 70 years. So one year’s defence budget cannot be taken as a major change in long-term commitment. The percentage of GDP for the 2013 budget mainly reflects writing-off some under-spends in the past couple of years. But the long-term effect of the United States with its allies around the world is that there is greater burden to be shared. The US taxpayers and families can’t have their young men and women and tax dollars being spent disproportionately for the security of the world, so we’ve had to identify areas of vital and non-vital interest to the United States. We’ve also had to encourage our allies to assume greater responsibility for those non-vital interests and cooperate more in areas of similar and compatible interests. We are seeing some very positive developments in the defence sector in terms of Australian capability. Australia has significant facilities and a number of subcontractors working
2013
Biometrics Institute Technology Showcase Australia 26 November, Hotel Realm, Canberra
The independent Biometrics Institute proudly presents the TECHNOLOGY SHOWCASE AUSTRALIA on the 26th November 2013 followed by the Biometrics Institute’s End of Year Dinner at the Boat House by the Lake in Canberra. The one-day conference will present the latest developments in biometric technologies. It is a unique opportunity for the Biometrics Institute Vendor Members to showcase their products and services to a special forum made up of over 140 of our members, many of them government departments. Don’t miss out on this opportunity to gather with senior biometrics users and technologically driven supplier.
SPEAKERS INCLUDE: > Andrew Rice, Director, Biometrics Institute
> Alastair MacGibbon, Director, Centre for Internet Safety
> Unho Choi, Senior ICT Security Officer, UNHCR –
> Arron Baker, Chairman, Biometrics Institute
The UN Refugee Agency
> Stephen Mundell, Fraud Analyst, Enterprise Services,
Bank of New Zealand
> Robyn Miller, National Manager, Passenger Policy & Practice,
Australian Customs and Border Protection Service
> Andrew Sipos, Inspector, Fingerprint Operations Branch,
New South Wales Police Force
> Richard Kemp, Associate Professor, School of Psychology,
University of New South Wales
> Stephen Wilson, Managing Director, Lockstep Consulting
> David White, Postdoctoral Research Fellow,
> Kim Terrell, General Manager, Service Delivery Projects,
School of Psychology, University of New South Wales
Department of Human Services
> Michael Lynch, Director Passport Identity Section,
Australian Passport Office, Department of Foreign Affairs and Trade, and Chair, FaBCoE > David Chadwick, Director of Biometric Projects, Department of
> Andrew Solomon, Director of Privacy Law and Practice,
Office of the Australian Information Commissioner Sponsors include:
Immigration and Citizenship The Biometrics Institute’s annual End of Year Dinner takes place at the Boat House by the Lake following the conference at 6.30pm. Registration for this event includes pre-dinner drinks, 3 course meal and beverages. This event will prove to be a night of good food and conversation in a relaxed and casual atmosphere. Sponsorship is still available for this event. Please email Jamie at member@biometricsinstitute.org or call +61 2 9431 8688 for information on the remaining sponsorship packages, including the End of Year Dinner. REGISTRATION FEES IN AUSTRALIAN DOLLARS: Member
Non-Member
University Subscriber
University Non-Subscriber
Biometrics Institute Technology Showcase Australia 2013 26 November 2013
AU $340
AU $680
AU $220
AU $330
End of Year Dinner 6.30pm 26 November 2013
AU $150
AU $200
Includes 3 course dinner, canapés, drinks.
REGISTER NOW AT www.biometricsinstitute.org Not a member??? Be part of the Biometrics Institute’s expansive membership base and get free access to quarterly member meetings, discounts to our member driven conferences and exhibitions, access to online information and resources, e-newsletters, annual industry surveys and much more. See http://www.biometricsinstitute.org/pages/membership.html BIOMETRICS INSTITUTE INTENSIVE COURSE 19 - 22 November 2013 | Waldorf Restaurant & Conference Centre, Canberra, Australia Facilitated by Professor James L. Wayman, Leading International Biometrics Expert, Office of Graduate Studies and Research, San Jose State University, USA. This 4 day intensive course will give an overview of biometric identification technologies with specific emphasis on algorithmic approaches, performance analysis, and international applications, both successful and unsuccessful. Members who register for this 4 day course receive FREE entry into the Technology Showcase Australia.
International
Al-Qaida:
Why it won’t go away Since its inception, al-Qaida has proven to be a resilient and difficult to defeat organisation and ideology. Here David Harding reviews al-Qaida as a group, its focus and potential future. Harding shows that although al-Qaida has had numerous setbacks, it still retains its intended focus and direction. By David Harding
T
o determine the current status of al-Qaida, it is appropriate to first identify the five conceptual theatres of operations that al-Qaida is currently conducting operations in. The term conceptual is used, as al-Qaida is not only an organisation composed of fighters, but also a network of individuals, and an ideology. Al-Qaida’s five conceptual theatres of operations are composed of the core group of operatives; al Qaida’s affiliated group, allied groups, networks of individuals, and inspired individuals.
Al-Qaida central Al-Qaida central is based within the border region of Afghanistan and Pakistan. The group consists primarily of senior operatives providing a leadership and operational support to al-Qaida operations. This group is responsible for special tasks including tactical attacks, media representation, financial control, strategic direction and guidance to alQaida affiliates and allies. Since the death of Osama bin Laden, the role as Amir within this group has been moved to Ayman al Zawahiri.
Al-Qaida Affiliates Al-Qaida affiliates are those groups that carry the name al-Qaida. Examples are al-Qaida in Iraq (AQI), al-Qaida in Arabian Peninsula (AQAP), which is based Yemen, al-Qaida in the Islamic Maghreb (AQIM) based in Algeria, and al Shabaab which is based in Somalia. These groups have formal lines of communication and financial flow to and from alQaida central, which also has a level of authoritative control over these groups. The leaders of these groups have sworn allegiance to al Qaida leaders in Pakistan.
24 | Asia Pacific Security Magazine
Al-Qaida Allies Allies of al-Qaida are those terrorist or insurgent groups that share a similar ideology, but do not have an allegiance to Zawahiri or al-Qaida. In some cases where interests converge, such groups will share, and at times combine resources for operational needs. For example, in the attack on the US Embassy in Libya in September 2012, two allied groups the Muhammad Jamal network from Egypt and Ansar al Sharia from Libya assisted AQIM in the attack. In general these allied groups keep their area of operations within their country of origin, but are linked to al-Qaida through personal contacts between operatives and not necessarily through alQaida itself.
Al-Qaida Networks Al-Qaida has been able to enhance and diversify its operational portfolio by developing a network of core operatives within Western countries. These operatives utilise their own personal network of amateur Jihadists to assist with operational and tactical endeavours. Such groups include the 7 July 2005 London bombers, where Siddeque Khan was the trained operative who recruited other salafits, and Australian Jack Roche who was sent by al-Qaeda, through Jemaah Islamiah, to plan and prepare operations against the Israeli Embassy in Australia. In addition, and of growing concern to Western Governments in general, and Australia and some European countries in particular, is the growing number of individuals that travel from these countries to the present civil war in Syria. There have already been reported cases of these individuals returning to their home countries and commencing limited offensive operations against their
Asia Pacific Security Magazine | 25
International
s k l a t s y Traged y r g n u h the The horrendous food poisoning tragedy that took the lives of 23 school children in the northern Indian state of Bihar in July 2013, has brought the national ‘mid-day meal scheme’ under a cloud.
T By Sarosh Bana Correspondent
26 | Asia Pacific Security Magazine
he children, from some of the poorest homes in one of India’s most backward states, were among those in a one-room school in the village of Dharmasati Gandaman who fell violently ill as they lunched on a meal of rice and potato curry. They started vomiting and convulsing with stomach cramps and the poisoning effect was so severe and rapid that some of them died in the arms of their parents even as they were being carried to hospital. The lunch was part of India’s National Programme of Nutritional Support to Primary Education (NP-NSPE), the official name of the mid-day meal scheme. It is the world’s largest such programme that provides cooked meals to some 120 million children in more than 1.27 million schools across the country. This nation-wide effort was launched as a centrallysponsored (Federal) scheme in 1995 and since 2008, covers all children studying in Government, local body and Government-aided primary and upper primary schools and EGS/AIE (education guarantee scheme/alternate innovative education) centres, including madrassas, or Islamic schools. With food prices rising faster than workers’ wages, it was the free mid-day meals more than the education imparted that persuaded the poor to enroll their children in these
state-run schools. The scheme aims at enhancing enrollment, retention and attendance of children in schools and simultaneously improving their nutritional levels. The calorific value of the meals are revised from time to time, currently stipulated at a minimum 700 calories through the provision of 30 grams of pulses, 75 grams of vegetables and 150 grams of rice or wheat per child, per school day. Initial forensic investigation into the children’s deaths in the Bihar village near the district town of Chhapra revealed that the poisoning was caused by cooking oil that had been stored in a used pesticide container, the contaminant having been monocrotophos, an organophosphate insecticide that is acutely toxic and in effect a nerve poison. Monocrotophos is widely used and easily available in India, though the country had been urged in 2009 by the World Health Organisation (WHO) to consider its ban. It is already disallowed in countries like Australia, Cambodia, China, the European Union, Indonesia, Laos, the Philippines, Sri Lanka, Thailand, Vietnam and the United States. Besides, pesticide containers are often not discarded in India after use, but recycled and used for storing consumables. The outraged villagers went on a rampage and in protest, buried the dead children in pits they dug on the grounds
Asia Pacific Security Magazine | 27
National
A Government with borders The Coalition swept into power with a clear victory on 7 September 2013, pushing aside Prime Minister Kevin Rudd’s recent comeback and the hung Parliament he and his predecessor, Julia Gillard, had – sometimes uncertainly – steered for the past three years. Will the new Government provide better security for Australia?
28 | Asia Pacific Security Magazine
National
I By Adeline Teoh Correspondent
f you had listened to the election campaigning in soundbites you may well have believed that the polls hinged on one thing, ‘stop the boats’. Yet Operation Sovereign Borders, the Coalition’s star policy, experienced a disastrous debut with the second-time Liberal candidate for the western Sydney electorate of Greenway, Jaymes Diaz, unable to name the Coalition’s six-point plan in an interview with Channel Ten reporter, John Hill. The YouTube recording of the train wreck interview went viral and Diaz became very hard for the media to pin down for the rest of the election campaign. The Coalition did have a fully formed border protection policy, however, as well as a pledge to increase funding to the Department of Defence, which put them ahead of Labor in this regard. “Defence is just not a priority for Labor, they demonstrated this as they systemically cut $30 billion from the Defence budget since the 2009 White Paper, leaving us with a level of funding, as a percentage of GDP, not seen since 1938,” says Senator David Johnston, Minister for Defence. Its law enforcement policy has also pledged money for federal security initiatives including $100 million for Customs and $50 million for nation-wide CCTV systems, and a better working relationship with the State and Territory Governments that traditionally look after crime prevention and law enforcement. Attorney-General, George Brandis QC, has also promised a Coalition Government will bring balance and stability to the role after the chop and change of the last three years. Labor fielded three Attorneys-General – Robert McClelland, Nicola Roxon and Mark Dreyfus – since forming Government in 2010. “Having the same person with the same agenda in that job for a significant length of time would itself be a good thing,” Brandis says. If you’re wondering what’s in store for Australian security in the next three years, start with the foundation of the Coalition’s policies.
Launching Operation Sovereign Borders
The 100-day promise From the Coalition’s Operation Sovereign Borders policy: “In the first 100 days of a Coalition government, Operation Sovereign Borders will undertake key initiatives including: • • • •
Establishing the Operation Sovereign Borders HQ and creating the joint agency taskforce; Finalising and issuing protocols for Operation Relex II, to turn back boats where it is safe to do so; Increasing capacity at offshore processing centres; and Lease and deploy additional vessels to relieve patrol vessels of passenger transfers.
We will respond with the urgency that this national emergency requires.”
Border protection is a complex concept, particularly when it comes to the legality of seeking asylum. There’s no doubt that both major parties ran scare campaigns on the refugee issue, using suggestive language that conjured up the distasteful image of illegal immigration and queue-jumping in the minds of the general public. The fact is, seeking asylum is not illegal and arriving by boat is also not illegal, which is why the Coalition’s claim – ‘there is a national emergency on our borders’ – is best described as alarmist. Operation Sovereign Borders is the Coalition’s policy to establish a military-led response to combat people smuggling and to protect our borders. People-smuggling is illegal, and has rightly been put at the centre of the policy, though the trickle of boats carrying asylum seekers, most of whom turn out to be genuine refugees, has hardly been a pressing reason to call it a national emergency. Alarmist tone aside, one thing Operation Sovereign Borders does point out is that more than $10 billion ‘has been lost in border protection budget blowouts’ because more than 12 separate Government agencies are currently involved in
Asia Pacific Security Magazine | 29
National
Space and Security: Dependence and Vulnerability Have you ever thought about the function that satellites play in our day-to-day lives? While many people work through the day using devices constantly, much has evolved during the years enabling this to happen so easily.
By Brett Biddington AM
30 | Asia Pacific Security Magazine
O
pportunities to talk about Australia’s approach to outer space and the role that satellites play in our daily lives do not happen too often. As a nation we are largely oblivious to how our high technology infrastructure works. We simply accept that it does. For the most part, this is a perfectly reasonable position to adopt. Consumers simply want their devices to work, as advertised, cheaply and reliably. A proviso is that there is a sufficiently large number of skilled people who do understand how the system works, who can appreciate dependencies and associated vulnerabilities and who know what to do to mitigate the effects of failures, if and when, they occur. There are in the order of 1,000 operational satellites in orbit around Earth today. Most perform one of three functions – 1) communications 2) Earth observation (EO) and 3) position, navigation and timing (PNT). Data from these systems when fused, in a timely manner, with data from other sources provide planners and decision-makers with unparalleled insight into the domains for which they have responsibility. That said, satellites are not a panacea. They have limitations and, for EO satellites especially, one size does not fit all. Some are optimised to provide environmental data, others to report the locations of cooperative targets, such as commercial ships and aircraft. Others gather intelligence
about competitors or adversaries because they can look into their backyards with impunity. Unlike aircraft, which need clearance to overfly foreign territory, the laws of physics and orbital mechanics mean that satellites overfly any and all territories that are below them. In the 1980s, I was the Director of Policing and Security in the RAAF and later moved in Capability Development Division in Defence with broad responsibilities for command and control projects as well as those relating to intelligence, surveillance and reconnaissance (ISR). In these positions I worried about the protective security of air bases and I recall speaking about the need to link data from satellites to the noses of dogs. This suggestion raised eyebrows and seemed crazy in the 1990s but is now basically taken for granted. Phrases such as ‘situational awareness’ and ‘multisource data fusion’ are now common terms in the lexicon of all with protective security responsibilities. Fancy labels aside, people whose job it is to protect installations or the community more broadly now have access to information about static and dynamic features of their environment that was inconceivable even a decade ago. Much of this basic data comes from satellites. The US Global Positioning System (GPS) has become a critical element of global infrastructure that benefits
Organized By: National
BOOK BY THE 31st DECEMBER 2013 AND RECEIVE UP TO 20% OFF REGISTRATION FEE
Cyber Intelligence Asia 2014 11th - 14th March 2014, Singapore Esteemed Speaker Line-up: • Major General Bunjerd Tientongdee, Deputy Director of Defense Information and Space Technology Department (DIST), Ministry of Defence, Thailand • Yurie Ito, Chair, Asia-Pacific Computer Emergency Response Team (APCERT) • Phannarith Ou, Head, Cambodia Computer Emergency Response Team (CamCERT) Cambodia • Budi Rahardjo, President, Indonesia Computer Emergency Response Team (ID-CERT), Indonesia • Khamla Sounnalat, Deputy Head, Lao Computer Emergency Response Team (LaoCERT), Lao • Philip Victor, Director, Centre for Policy & International Cooperation, IMPACT • Inspector Allan Cabanlong, Chief, Web Services and Cyber Security Division, • Philippine National Police Force • Serupepeli Neiko, Section Head, Cybercrime Division, Fiji Police Force • Dr. Mingu Jumaan, Director, Sabah State Computer Services Department, Malaysia • Jack YS Lin, Senior Security Analyst, Japan Computer Emergency Response Team (JPCERT), Japan • Dr. Frank Law, President, High Technology Crime Investigation Association (HTCIA) • Ammar Jafri, President, Pakistan Information Security Association (PISA) • Andrey Komarov, Chief Technology Officer, CERT-GIB, Russian Law Enforcement Agency • Senior Representative, Ministry of Internal Affairs, Russia • Senior Representative, Infocomm Development Agency (IDA), Singapore • Kiran Karnad, Staff Engineer, MiMOS, Malaysia
Reasons to attend: Largest international gathering of cyber security experts in ASEAN Opportunity to network with the leading firms who provide defences to cyber attacks Analyse the latest cyber security challenges and issues in the region Discuss international cooperation to combat cyber-crime Network with the leading decision makers in the government's Determine the latest cyber-crimes taking place in ASEAN Gain a mix of policy, strategies and technical expertise in one place
Associated Workshops : Strategic Co-operation amongst CERT’s Led by: Asia-Pacific Computer Emergency Response Team (APCERT) OWASP Top 3 - Injection, Session Management and Cross Site Scripting: Hands-on with Kali Linux Led by: MiMOS Malaysia
For more information visit – www.intelligence-sec.com Book your place by: Web: www.intelligence-sec.com I Email: events@intelligence-sec.com I Tel: +44(0)1582 346706 Asia Pacific Security Magazine | 31
Special Feature - CCTV
Mesh Magic and Real World Wireless Video Wired or wireless? In today’s modern world filled with technology most would choose wireless, however, the key to optimum performance is in the architecture. By Anthony Caputo
T
hroughout my experience, deep in the trenches, and or as a digital video surveillance architect, even though I’m considered a wireless video subject matter expert, I’ve come to the conclusion that wired is always better than wireless and that my expertise comes from my willingness and perseverance to make those ‘trouble spots’ actually work. It’s not about setting up a wireless link, configuring the radios and recording the signal and bandwidth statistics. If the wireless link only needs 4Mbps for streaming video, and the radio bandwidth statistics register 11Mbps throughput, then you’re done, correct? This is where most integrators go wrong. If you’re using a 20Mhz channel OFDM, you should be getting maximum about 30Mbps MIMO, you’d get upwards of 70Mbps, so 11Mbps indicates that there’s something wrong, and if left unchecked, it will degrade over time, with weather, interference and selfinterference with additional installations. If you’re wondering where the ‘54Mbps’, ‘150Mbps’ and MIMO ‘300Mbps’ bandwidth numbers are, you’ll have to look at the product marketing materials, because this is about the real world. Wireless networked video provides another option for data transmission, but cannot replace the basic need for power. No power. No camera. Wireless is a substitute under the following conditions; 1) there is power at a desired location, but no cost-effective access to data 2) the distance from the camera to the closest data port exceeds the cabling requirements 3) there is a cluster of cameras that could benefit from wireless mesh networking redundancy.
32 | Asia Pacific Security Magazine
Wireless can work and work well, but unlike an insulated and protected copper wire, or fiber cable, wireless is RF technology that can be affected by outside influences such as interference from other radios, microwave ovens and even the weather. It’s important to keep in mind that digital technologies continuously encode and decode analog signals. If you’re using an analog camera, linked to a digital video encoder, that camera is sending an analog waveform through the coaxial cable to the digital video encoder. The encoder then encodes and sends the signal via an Ethernet cable (low voltage bursts) to the wireless radio, which then decodes it into another analog waveform that is shot out the antenna. Up until that point, you have a level of quality control, but once the digital signal is decoded and spit out the antenna as an analog waveform, all control is lost. In the vacuum of space, a microwave signal will go on forever, and although there are environmental and atmospheric factors that deteriorate, reflect and dwindle microwave waveforms, they do not stop at the outer circle in a conceptual design diagram. The only true element of control is architecturally. Architecting a wireless network infrastructure requires forward thinking beyond the point-to-point or point-to-multipoint links. There is limited bandwidth that is constantly changing in a fluid environment. Architecting for asynchronous applications fits better in that scenario, but synchronous security video, where every frame could be the crucial frame, it’s far more challenging. Design to control the signal, using directional antennas, not 360 degree Omni-directional antennas, which will pick up interference from everywhere, reducing power, bandwidth and performance. I once registered another radio using an overlapping frequency over two miles away, in the opposite
LEADING INDEPENDENT SECURITY CONSULTANTS
Security, Risk & Resilience Independent, Specialist, Professional
T | + 61 8 6162 9920 E | info@amlechouse.com W | www.amlechouse.com
PTY LTD
security & risk management specialists Asia Pacific Security Magazine | 33
Special Feature - CCTV
Today’s solutions, tomorrow’s surveillance Surveillance and CCTV products are no longer just an extended eye for security professionals. Instead, these increasingly sophisticated tools are becoming essential for 360-degree crime prevention and situation monitoring across a variety of industries.
I By Adeline Teoh Correspondent
34 | Australian Security Magazine
magine if you could predict future crimes and prevent them. This is the premise of TV show Person of Interest in which a genius billionaire builds a supercomputer that uses mass surveillance information for the purposes of preventing terrorist activity, which the Government buys. The machine, however, also starts to predict ‘ordinary’ crimes as well, the kind overlooked every day, and in response the genius assembles a team of vigilantes to prevent them. The current crop of CCTV products are not quite at crystal ball level, but the increasing sophistication of the technology, paired with the kind of intelligence security professionals have been seeking for years has turned a fictional drama series into a kind of, if not probable then at least plausible, reality. The upside of the current crop is that innovation appears to be more affordable than ever. In the next year you will notice a lot of technology developed for high level military and Government purposes coming into the commercial market at budget friendly prices. Not only is this process faster than previous public-to-private and specialistto-mainstream transitions, the efficiency gains from an operational perspective, which result in lower ongoing
costs and increased environmental benefits, makes change irresistible and inevitable.
State of surveillance The CCTV and video surveillance market will be worth US$23.5 billion by the close of 2014, according to the ‘Global CCTV Market Forecast to 2014’ report researched by RNCOS. While much of the increase between now and the end of next year will come from a switch from analogue to digital, and the burgeoning markets in Asia – particularly China and India – and the Middle East, a great deal will be fuelled by equipment that can aid analytics whether contained within the CCTV systems themselves or in peripheral products that have become mainstream – and valuable – enough to enhance a standard system. The use of CCTV has also expanded from a focus on security and safety to other purposes throughout industry, ranging from traffic flow to manufacturing. Companies like video surveillance and access control solutions technology company, Genetec, provide products and services to markets as diverse as transportation, education, retail, gaming and
Special Feature - CCTV
“...technology comes not from the CCTV system itself, but from complementary equipment that assists information gathering.”
Government. This has led to the evolution of the equipment from an ‘eye’ to a system that can gather other intelligence to aid analysis and monitoring. On the security front, this gives professionals the ability to analyse images and monitor unfolding situations with clearer detail and more supportive evidence, leading to fewer false alarms and better response times for incidents. The technology’s ability to provide more accurate information for incident diagnosis allows the system to be used for resource management as well as standard security operations. Melinda Halstead, spokesperson for FLIR Systems, says the brand’s thermal imaging systems provide simultaneous threat detection and assessment. Thermal security cameras make pictures from heat not light, so are perfect for total darkness and obscured visual fields such as in smoke, dust, fog and blinding sunlight. “Video is sent – even to mobile devices – for inspection to ascertain the need for further investigation. The crisp images allow for verification as to what has tripped the alarm, saving on unnecessary guard callouts,” she explains. “A turnkey system offers a unique combination of thermal security cameras, video analytics software and other intrusion
detection sensors for integrating and displaying feedback from all of a facility’s perimeter security sensors on one display.”
Complementary security In many cases, the technology comes not from the CCTV system itself, but from complementary equipment that assists information gathering. One such case is Raytec, a specialist lighting manufacturer, which supplies infrared and white-light LED lighting for CCTV systems and general illumination. Cat McElroy of Raytec says the company’s VARIO IP, the first network CCTV illuminator in the security industry, helps CCTV cameras capture better images. Operators can control the lighting in the same way they control the IP cameras, to ensure the system works together to give the best information to the user. “Users have full control over their lighting at all times to respond to live events or security risks in real time, deter crime, perfect CCTV image quality and alter settings in response to operational changes,” she says. Genetec provides CCTV enhancement for the security industry in a complementary fashion also. By allowing
Australian Security Magazine | 35
Special Feature - CCTV
“New security-oriented features allow customers to better mitigate risk and respond to changing security conditions in real-time. Operators can command a rapid response in the event of a threat, by instantly modifying system settings based on preset configurations.” security professionals to customise their system through its software, a unified security platform called Security Centre 5.2. Omnicast, the IP video management system can be used for intelligent monitoring. Genetec’s Jaime Li, says Omnicast enables users to set threat levels that will tell the system to instantly trigger a mode of operation to respond a change in security conditions. “New security-oriented features allow customers to better mitigate risk and respond to changing security conditions in real-time. Operators can command a rapid response in the event of a threat, by instantly modifying system settings based on preset configurations.” This may include stepping up privacy controls, where system administrators can restrict access to live and recorded cameras based on user security levels to prevent the viewing of sensitive data.
The price is right One result of the growing CCTV industry is increased competition and a reduction in price for sophisticated technology. This comes from a number of avenues such as increased efficiency during the production and operation of a product as well as advancements in technology bringing down the cost of innovation and increasing product availability. Li says Genetec aimed for greater operational efficiency ‘through product simplification and enhanced collaboration capabilities between security desk operators’ for its platform. The software’s automated features also enables flexibility and scalability without the need to add more personnel, because it allows current personnel to diagnose and focus on real security issues rather than false alarms. For FLIR Systems, the lower cost of innovation brings top technology into the budget range of non-traditional customers. “Advancements in thermal imaging systems and software, once solely for the domain of military and defence, are now seeing technological innovations in commercial security and surveillance,” says Halstead. Having a commercial market also allows suppliers to identify different benefits, she adds. “The security industry is faced with the challenges of finding ways to cut expenses, without jeopardising the integrity of a product or service; thermal imaging security technology arms it with the means to reduce costs related to power consumption, nuisance and false alarms and carbon pricing.” The environmental advantages are also evident in Raytec’s products, where performance is enhanced by sustainability initiatives. “All Raytec illuminators have a long life, a low
36 | Asia Pacific Security Magazine
power consumption and require zero maintenance, leading to huge energy and cost savings,” says McElroy. “Triggering lighting on detection of a subject also provides a more dynamic installation intended to deter crime.” The multifaceted use of CCTV systems and the new intelligence now available over physical surveillance has changed dramatically in the past few years and will continue to serve a market hungry for more than just a network of cameras. The cost and environmental benefits will continue to play a role in product selection as innovation pushes technology towards other sources of information gathering in security as well as employing a range of uses for CCTV across other industries. Watch this space.
Broadband becomes crime buffer When the US city of Cleveland, Ohio, installed a publicly funded broadband network, it wasn’t to download the latest episode of Game of Thrones but to increase protection of the city via a highspeed wireless video network. Home to more than half a million residents, and hub to twice that during the week, the city worked with the Department of Homeland Security and Motorola Solutions to develop a network that would guard against national security threats, help reduce crime, and enhance citizen safety. Cleveland used Motorola’s wireless mesh video surveillance network as part of a pilot program to monitor and protect the downtown area. The goal of the Cleveland Shared Security Surveillance (CS3) program is to provide team members with a shared security presence and enhanced awareness. The cameras can tilt, pan and zoom in on a particular area to follow the activities of an ongoing situation or help predict a dangerous situation. This was put to the test at the St Patrick’s Day Parade, one of the city’s most popular annual events. “To monitor activities and provide security for all those folks is very difficult, especially on foot,” says Mike McGrath, Cleveland’s Chief of Police. “The cameras allow officers to monitor activities in real time so they can quickly identify potential threats and respond faster and better.” With the cameras clearly visible, the system enables citizens and visitors to feel secure. They also form part of Cleveland’s Computer Aided Dispatch system to assist emergency services prior to arriving on the scene. “We want a dispatcher to be able to say, ‘those guys just ran to the west, one’s in blue, the other’s in red’,” explains Larry Jones II, CS3 project manager. The network began with nine cameras positioned around the public square area downtown, which has now expanded to other areas of the city, the port area, the west side market and the arena district, and the surrounding neighbourhoods. The benefit of having the infrastructure in place is that cameras owned by residents and businesses can join the network and act as a force multiplier. For more details on Motorola’s cities projects, see www.motorolasolutions.com/SaferCities
www.cctvbuyersguide.com
Frontline
For all the latest in CCTV products and news. www.cctvbuyersguide.com
Special Feature - Cyber Security
Cyber security – the facts The cyber threat is real and ever present – and every business is at risk. Australia’s security and intelligence agencies have stated publicly that we are experiencing increasingly sophisticated attacks on networks and systems in both Government and business. By
Dr Carolyn Patteson
38 | Asia Pacific Security Magazine
T
he cyber threat comes from a range of sources, including individuals, issue-motivated groups, organised criminal syndicates, and the intelligence services of some foreign governments. The motives for cyber incidents include corporate attack, illicit financial gain, political and protest issues, personal grievance (a disgruntled employee or customer), and issue motivated hactivists. A cyber attack can be very disruptive, having a huge financial impact on a business and also harming its professional reputation. As the national computer emergency response team, CERT Australia in the Australian AttorneyGeneral’s Department, is the single point of contact for cyber security issues affecting major Australian businesses. In 2012, there were close to 7,300 incidents reported to CERT Australia. By mid-August 2013, around 8,500 incidents had already been reported. Many of these are categorised as less severe, such as scans of firewalls or websites. However, at the higher end, there are both broadbased and targeted attacks. For example, there have been an increasing number of businesses under pressure from distributed denial-of-service (DDoS) attacks, where the instigator demands payment to stop the attack or ‘cease fire’. This method of extortion is not new – but it is becoming more frequent. This is due to the ease with which people can access attack tools and services from online criminal groups. It is also due to the growing reliance of companies on their customer facing web services, now an essential part of business. Another common method of attack is to target senior executives, often through their direct support staff. This generally involves a well-crafted email message – one that is topical without any tell-tale mistakes. It is the links and attached files in the emails that are the first point of entry into a target network. This is particularly effective in businesses where cyber vigilance is not part of the culture – and where busy executives and their assistants are barraged by a large number of emails every day. These businesses are targeted for their intellectual property or financial information. They may also be targeted as a way to compromise a third party, who has a trust relationship with
the business and is the ultimate target. By using this form of attack, the perpetrator leverages the relationship between businesses, as an email embedded with malware is less likely to be treated as suspicious from a trusted party.
Trends in cyber security One of the challenges that CERT Australia faces is gaining a better understanding of the impact of malicious online activity and how well businesses are placed to respond. While there are an increasing number of cyber crime and security incidents, the true extent of these threats is difficult to determine. To help understand what is happening on this front, the inaugural CERT Australia Cyber Crime and Security Survey was conducted in 2012. The survey report provides a picture of the cyber security measures businesses had in place, the recent cyber incidents they had experienced, and their reporting of them. The findings indicated a shift in cyber attacks away from being indiscriminate and random to more coordinated and targeted, often for financial gain. They also revealed the theft of mobile devices to be a major concern, with many organisations lacking security policies and plans for protecting these physical assets. As the cyber picture is constantly changing, CERT Australia is conducting annual national surveys to look for trends over time. The 2013 Cyber Crime and Security Survey has recently been conducted. It aims to build on the baseline findings from 2012, and seek a more comprehensive understanding of how cyber incidents are affecting the businesses that partner with CERT Australia. The findings from the 2013 survey will be released later in 2013. Importantly, they will provide a better picture and understanding of the impact of cyber incidents, which will assist CERT Australia in providing the best possible cyber security support and advice to Australian businesses.
Cyber security mitigations So what are the top cyber security mitigations? Firstly, businesses need to be prepared before an incident occurs. It is important for each business to know how its network
Available online! See our website for details
1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE
6 print issues per year for only $88.00 SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, 6 issues (1 year). ☐
AUSTRALIA
A$
88.00
(inc GST)
1 YEAR
☐
INTERNATIONAL
A$
158.00
(inc GST)
1 YEAR
Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag), 6 issues (1 year).
No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.
MY DETAILS
PAYMENT
Salutation: __________First Name: __________________________________________
Please find enclosed my cheque/postal order (made payable to MySecurity Media )
Surname:______________________________________________________________
for $ __________________ or debit my:
Job Title: ______________________________________________________________ Company: _____________________________________________________________ Postal Address:__________________________________________________________ Suburb: _____________________State: _________ Postcode: ____________________ Country: ______________________________________________________________ Email: ________________________________________________________________
Card Holders Name: __________________________________________ Signature: _________________________________________________
Interested in our e-news service? Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)
Expiry Date:________________ Todays Date: ______________________
PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155
FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059
Email subscriptions@mysecurity.com.au
GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056
Asia Pacific Security Magazine | 39
Special Feature - Cyber Security
Data lockdown key to cyber security How do you prevent data from falling into the wrong hands? With the advent of cloud services, bring-your-own devices and social media, organisations are finding that they need to defend a broad range of entry points.
W
By Adeline Teoh Correspondent
40 | Australian Security Magazine
hen Edward Snowden, formerly employed at the USA’s National Security Agency (NSA), decided to tell the world about how the Government was eavesdropping on its citizens and allies – as well as its enemies – it was surprising to few, but the news suddenly trained a very large spotlight onto cyber security measures. In addition to Snowden’s declaration and the activities of the NSA, recent events such as the highly publicised breach of the Reserve Bank of Australia and the Australian Taxation Office, plus the establishment of the new Federal Cyber Security Operations Centre, have also highlighted the importance of cyber security in Australia. Phil Vasic, Regional Director for Australia and New Zealand at cyber defence company FireEye, notes that the recent cyber attacks on leading Australian enterprises have highlighted the fact that distance can’t shield our digital assets from global threats. “As a prosperous, connected nation, we are a prime target and need to take serious action to bolster our defences,” he says. Although cyber security has been at the top of the agenda for some years now, it is only in recent times that the market has responded with products that evolve with the threats
and are tailored to the needs of a spectrum of users, from individuals to small businesses and right up to enterprise and Government level. Here’s an overview of the threat landscape and some of the methods used to counter attacks.
Up in the air Cloud computing services, long touted as the answer to storage and scalability issues, is not without its problems, says Melinda Marks of cloud security provider Qualys. “While cloud computing can deliver significant economic, business, and technical advantages including cost efficiency and rapid ability to scale, outsourced IT management, and flexibility, it comes with some security challenges.” Established organisations that have transitioned, or will transition, from onsite data storage to cloud services need to reassess the threat environment. “Adopting cloud services often requires that an organisation transfer responsibility for implementing security controls to the cloud service provider, while the organisation is still accountable for the security of their information,” says Marks. “Many organisations have strengthened their third party risk management programs
Special Feature - Cyber Security
in response to this challenge to ensure the organisation can effectively evaluate the risk using a specific cloud service provider for a specific IT function.” Unfortunately, cloud computing does not magically store your data in the sky, out of reach of attacks. Without adequate security, in fact, cloud storage may expose your data to more attacks because of increased accessibility. John Ellis, the enterprise security director for Asia-Pacific and Japan at cloud platform provider Akamai, asserts that the attack surface has increased dramatically because of the uptime of our data. “Cyber adversaries have a wealth of attack vectors to attempt to infiltrate an organisation. With the distributed, highly connected computing world we live in, we don’t ‘go online’, we are online 24/7, making it easier for cyber adversaries to advance their cause.” The uptake of cloud storage has shifted data from the control of the organisation to the provider, says Ellis, which is why it is imperative for users to focus on protecting the data, not forming useless borders around the corporate network. “Sensitive data is now stored, processed, and collected beyond the corporate firewall, resulting in the death of the security perimeter,” he says. “Organisations need to transition to away from a network-centric security model to a security model where controls are centred around the data, wherever it may live.”
Friendly fire In the old days it was pretty easy to detect where a cyber security breach occurred because the IT manager had visibility over the whole network. With the advent of bring-your-own devices (BYOD), in which staff connect not only their work device/s but also their personal smartphones, tablets and laptops to the system, it’s easy to see how cyber security issues in the modern office can escalate out of control. The problem with BYOD is the sheer number of entry points a cyber adversary now has the opportunity to attack, says Grenadine Lau, Business Development Manager for data security pioneer Imperva. “With the record number of devices being added to corporate networks, creating, sharing and consuming data, cyber security is now posing a challenge for organisations of all sizes. Additionally, automated cyber security attacks allow cyber criminals to easily scan the internet for vulnerable entry points into networks and launch devastating data attacks.” Vasic adds that smaller screens often deceive the user into thinking they are smaller targets. “A smartphone is the equivalent of carrying a laptop in your pocket, yet a much smaller percentage of executives and technicians identify smartphones as vulnerable entry points, when arguably they
In defence of e-commerce Schneider Versand is Europe’s largest specialist for promotional gifts and commercial products. Its website traffic increases at more than 1 million visitors a year, representing double-digit growth. In December 2011, Schneider Versand experienced a distributed denial-of-service (DDoS) attack where the website received thousands of HTTP queries, peaking at 500,000 requests per minute, which caused a massive traffic jam in front of the firewall. The firewall could no longer distinguish the attack traffic from legitimate customer requests. Countertactics such as a rewrite rule in Apache (reject requests and sit out) or the diversion of all traffic to the Amazon cloud only enabled short-term availability of the shop. The attack lasted for a week and forced Schneider to go offline for three days, compelling the company to look for a strategic security solution. The company chose to rely on a distributed infrastructure, selecting Akamai and its Kona Site Defender solution. Kona offers more than 100,000 distributed servers and features enterprise architecture that can ward off online attacks already at the point of entry by providing the necessary bandwidth and capacity to absorb requests and filter out malicious traffic before it hits the corporate data centre. are just as vulnerable or even more vulnerable than laptops.” Without a comprehensive security policy and corresponding settings, organisations leave gaps says Lau. “Software that has been deployed on an ad hoc basis without adequate security settings will continue to be cyber targets until security measures are put in place.” Cyber security also needs to evolve with the attacks, advises Vasic. “Sophisticated malware has eroded the effectiveness of traditional signature-based defences, leaving a hole in the network. Designed to use signatures to block known threats, traditional and next-generation firewalls, IPS [incident prevention systems], AV [access verification], and gateways are no match against zero-day and targeted APT [advanced persistent threat] attacks.” Vasic says, “Advanced cyber attacks necessitate a new model of security that can protect against unknown malware that is targeted and stealthy and delivered over multiple threat vectors.” As for why a number of organisations continue to ignore the need for a thorough security audit, analysis and plan, Lau believes many put it in the ‘too hard’ basket because the cost and complexity of providing data security is a significant resource drain. “Businesses deploy infrastructure security solutions – such as internal firewalls and anti-virus products – to achieve data protection, yet find these do not provide the necessary visibility and control over data usage needed for effective data security. As a result, enterprises often turn to manual processes based on native auditing tools for data protection. This approach proves to be expensive, unable to scale, and cannot deliver the separation of duties needed to satisfy auditors.” In the past, the solutions have always been centred on the organisation, not its data. Lau says this mindset needs to change. “For true data security that protects high-value
“Security controls must adapt to focus on securing the data, rather than just securing the perimeter. As a result, endpoint security has become a focus for many organisations, as well as a new focus on not just preventing security incidents, but rather improving the organisation’s ability to detect and respond to security incidents.”
Australian Security Magazine | 41
Special Feature - Cyber Security
“These new technologies increase the risk of inadvertent and or intentional disclosure of sensitive organisational information.” business data and addresses compliance requirements, enterprises need a layer of security positioned close to the data that can identify, prioritise and help mitigate risk.” Marks agrees and says, “Security controls must adapt to focus on securing the data, rather than just securing the perimeter. As a result, endpoint security has become a focus for many organisations, as well as a new focus on not just preventing security incidents, but rather improving the organisation’s ability to detect and respond to security incidents.”
Socially inept The benefits of social media have been widely touted as a good way to improve customer engagement, facilitate collaboration and improve networking. However, social platforms can come at a cost, warns Marks. “These new technologies increase the risk of inadvertent and or intentional disclosure of sensitive organisational information.” Andrew Mamonitis, Managing Director for Kaspersky Lab Australia & New Zealand, says, “The use of social media
has also exposed companies to new security gateways along with cloud services and BYOD. “Not only have these trends greatly increased business exposure to IT security threats, but they have also introduced new platforms on which company security policies now apply.” And it’s not just limited to its use through official channels. “This applies to both private use of social media by employees, as well as formal company use of social media and other social networking tools,” he says. In response, “many organisations have implemented enhanced security awareness training programs to ensure their employees understand how to properly use these technologies,” says Marks. This training covers the threats to the confidentiality that social media presents. All this serves to tell us that it’s a big, bad world out there and the only way to survive is to be prepared, comprehensive in that preparation, and ensure that the solution you select is agile enough to apply mitigation strategies as new threats emerge. Awareness is the first step.
Counting the costs Results from a recent survey conducted by B2B International and Kaspersky Lab found that staff-related security breaches occur most often in the Asia Pacific region. The ‘Global Corporate IT Security Risks: 2013’ survey found that the percentage of companies in the Asia Pacific region experiencing targeted cyber-attacks against employees stands at nearly double the global average. Moreover, 91 percent of the companies surveyed had had at least one external IT security incident and 85 percent reported internal incidents in the 12 months preceding the survey. A serious incident costs a large company an average of $649,000 and a small-to-medium business about $50,000.
42 | Australian Security Magazine
To have your company news or latest products featured in our TechTime section, please email info@mysecurity.com.au
Rackspace’s new 3D Cloudphone See page 53
Latest News and Products
TechTime - latest news and products
Swann releases new range of high definition security systems Do-it-yourself security monitoring company Swann has released a range of high definition security systems, known as Platinum-HD. The new systems are capable of allowing home and business owners to monitor their premises over the Internet via their smartphone or tablet in high definition video. The Swann Network Video Recording (NVR) systems are capable of full high definition video with real-time live viewing and video playback. Initially there will be two versions, one with four channels and four cameras and the other with eight channels and four cameras. Swann Vice President-Marketing, Jeremy Stewart, says that the new systems are the next generation of do-it-yourself video surveillance systems. “Where HD security systems in the past have required a trade-off between resolution and video frame rates, these new systems are unique in that they combine 1080p video resolution with real-time (25 frames per second) live viewing and video playback allowing endusers to see every detail, colour and activity,” he says. The systems include four of the latest NHD-820 surveillance cameras, each capable of producing 1080p HD video or, using security industry terminology, 1,000 TV lines (2.1 Megapixels) lines; image quality far in excess of typical security cameras. The cameras also have powerful night vision up to 35 metres and can be used indoors or outdoors. The new Swann Platinum-HD NVRs area is easy to set up because the cameras do not require a separate power connection, instead
they are powered via the network cable. The Platinum-HD also allows viewing of live or recorded video in high definition on HDTV, LCD and Plasma screens with an HDMI cable included in the pack. The user interface means that the user can monitor and record multiple cameras on a split screen, as well as select any camera for full screen real time viewing or playback of pre-recorded footage. With a 2TB hard drive, users have the ability to record approximately 45 days of continuous surveillance or even longer when using the motion detection settings. The system has easy to use menus allowing users to easily locate incident video and then transfer it to the network or a USB drive.
The free SwannView app offers convenient remote viewing on a mobile device. The set-up is simple with Swann’s customisable network configuration. Swann’s Platinum-HD Full High Definition Security Systems are available from Bunnings special orders, Dick Smith online, Harvey Norman and Masters. The 4 Channel 4 Camera versions (Swann code SWNVK-472004) have a recommended retail price of $1,499.99 and the 8 Channel 4 Camera version (SWNVK-872004) has an RRP of $1699.95. For more information on Swann visit www.swann.com
The peephole goes digital The peephole in a door is a very useful product that has been around for years and allows you to see who is at the door while remaining behind the security of a locked door. But is has now gone digital with a new version from home security experts Swann Security that activates a camera every time the doorbell is rung and gives you a clear high resolution colour image of who is at the door on a 7mm LCD screen. Not only that, it also records up to 100 colour images. The camera is able to operate day and night, is weather resistant and has a 60 degree viewing arc. It has a white gloss finish that will suit any home décor and the monitor supports up to a 2GB SD card for recording the images. All
44 | Asia Pacific Security Magazine
recorded images can be transferred to a PC via the USB cable supplied with the pack and which also serves as the battery recharging source. It is called the Swann DoorEye™ and it is an easy to install DIY product that is available
nationally for $119 from Dick Smith Electronics and Bunnings. For more information on Swann visit www.swann.com
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
FLIR and VideoIQ join forces for new site protection solution FLIR Systems is proud to announce the launch of the new Site Protection Solution, or SPS, that provides an extremely affordable video security solution for a wide range of applications. “Our new Site Protection Solution is a powerful combination of thermal cameras and intelligent, adaptive analytics from VideoIQ that provide reliable video security of perimeters and large open areas at any time of the day or night,” says Bill Klink, FLIR’s Vice President of Security and Surveillance. FLIR’s unique WDR thermal video provides reliable threat detection and visual alarm assessment even in the most challenging conditions. The SPS couples the high-contrast thermal video signal with VideoIQ’s intelligent, adaptive analytics. These include exclusive FLIR Mode algorithms specifically designed to work with the output of FLIR thermal cameras, virtually eliminating nuisance alarms in both perimeter security and wide-area coverage applications. “This powerful solution delivers intelligent prevention unlike any other combination of technologies on the market,” says Dr Mahesh Saptharishi, President and CTO for VideoIQ. With more than 50 lens and sensor resolution combinations to choose from, the SPS is sure to have just the right combination of coverage, range, and detail needed to create a reliable virtual perimeter at a surprisingly low cost. Perimeter protection solutions like fence
lines can be secured with SPS for as little as $5 per linear foot of coverage. Wide area coverage applications, like rooftops, car impound lots, and athletic fields can be secured for as little as $0.10 per square foot. All of this without the need to install the typical lighting infrastructure needed for visible cameras to work. For sites with a lighting infrastructure that is already in place, or that needs the added reactive or forensic information provided by visible cameras, many of FLIR’s all-weather, high-definition 2.1MP colour cameras can be included in the SPS as well. In addition to sending automated alarms
via email and mobile devices, VideoIQ’s Rialto IP and analog encoders also provide up to 500GB of on-board storage, for reliable, zerobandwidth recording. More information on FLIR’s exciting Site Protection Solution is available at flir.com/security
Bitdefender Mobile Security achieves perfect score in AV-TEST trials Bitdefender Mobile Security, the cutting-edge Android security app by the leading internet security provider, achieved perfect scores across the board for a second time straight in testing by independent security analysis firm AV-TEST. Bitdefender, the creator of innovative global antivirus solutions, scored 6 out of 6 in Protection, 6 out of 6 for Usability and AV-TEST
of zero false warnings, according to AV-TEST results. Testing also showed the app doesn’t impact battery life, does not slow the device during normal use and doesn’t generate excessive traffic. “Bitdefender is proving as reliable in the mobile arena as it is in its other endeavors,” comments AV-TEST CEO, Andreas Marx, noting Bitdefender’s top scores in testing on Windows
Only Kaspersky Mobile Security, which lost to Bitdefender’s perfect score in May/June testing, managed a tie in July tests. “Mobile security is becoming increasingly important with the proliferation of both mobile devices and the malware that targets them for data theft, SMS scams and other costly fraud,” adds Bitdefender Chief Security Strategist, Catalin Cosoi. “While the need for mobile
approval for extra security features such as antitheft and remote wipe in July/August testing, repeating its perfect performance of the May/ June trials. The elite Android security solution caught 100 percent of the malware samples thrown at it throughout the month of testing and gave
8 and Windows 7 this year. “A perfect score on protection, maximum ease of use and the array of other features is exactly what mobile security software creators aspire too. Bitdefender has achieved it.” The results for Bitdefender Mobile Security beat 28 of the 29 other companies tested.
security is relatively new, Bitdefender is not. The latest AV-TEST results prove that we can take a decade of experience and the industry-leading quality of our traditional software lines and translate that to the mobile arena.”
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Asia Pacific Security Magazine | 45
TechTime - latest news and products
UXC Connect secures contract to deliver to LNG project UXC Connect has secured a contract to provide a converged IP surveillance and security solution to a major liquid natural gas (LNG) project located in Western Australia. The initial contract worth $4.1 million, supports UXC Connect’s entry into the IP Video Surveillance Sector and the decision to grow its West Australian team considerably over the last 12 months, continuing its trend of growth and providing world class solutions to the mining, oil and gas industries. UXC Connect has begun the delivery and roll-out of the solution to the remote site which will house up to 4,300 construction workers. The solution consists of IP CCTV, Public Address & General Alarm and Access Control infrastructure being installed in external and internal areas throughout the campsite including cafeterias, laundries, communal areas and 14 other facilities. The fully architected solution will use industry leading technology to manage and improve the safety and security of the workers on the remote work site, with a view to protecting staff and property from unauthorised access and other OH&S issues. The solution will also enable greater emergency response and ensure that site managers will be able to identify historical events of interest and provide indisputable evidence of activities using Panasonic high-definition cameras and Geutebrück video management systems. UXC Connect has invested significantly in its IP Video Surveillance solution, developing strong alternatives to the current options in the resources market, particularly for enterprise organisations looking for a converged surveillance and security system, says Richard Ellison, Solution Manager, IP Video Surveillance. “UXC Connect is the first IT solutions provider in APAC to partner with world class technology vendors to bring a converged solution to market. UXC Connect’s offering exceeds many other IP Video surveillance offerings available, both in terms of the technology and support services.” “Our investment in the IP Video surveillance space, together with our extensive IT infrastructure skills, strong technical expertise, and a proven track record for delivering high-quality solutions for remote regional communities enabled us to create a truly robust and secure end-to-end solution that includes multiple delivery options,” Ellison outlines.
46 | Asia Pacific Security Magazine
According to Ian Poole, CEO of UXC Connect, the contract highlights the benefits of further investment in the West Australian office and the company’s ability to develop world class solutions for some of the most challenging environments. “UXC Connect is thrilled to secure this contract; it is further evidence of our successful go-to-market strategy where we continue to invest in the people and partnerships that enable us to create market leading solutions.” “The growth we have seen in Western Australia and particularly in the mining, oil and gas sector has meant that we have been able to invest extensively in our WA team. This has enabled UXC Connect to further diversify its offerings and build on the successes of our other specialised solutions such as Entertainment and Content, which has been deployed to over 12,000 accommodation village rooms throughout Australia,” says Poole.
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
Context presents dangerous side effects of new browser features At Black Hat 2013 in Las Vegas late July, Paul Stone, a senior consultant at Context Information Security presented details of new vulnerabilities and threats to security and privacy as a result of HTML 5 features in the latest generation of web browsers. His talk entitled, Pixel Perfect Timing Attacks with HTML 5, showed how cross-browser vulnerabilities in Chrome, Internet Explorer and Firefox can be used to access browsing histories and read data from websites after visitors have logged in. While traditional browser timing attacks involve cache or network timing, it is now possible to use a number of new techniques that perform timing attacks on graphics
operations involving CSS and SVG to extract sensitive data from your browser including your browsing history or text from other browser sessions. In effect, hackers can use timing information to read pixels from web pages, allowing them to tell which links have been visited and to read text from other websites. “While HTML 5 offers developers a range of new features such as improved animation and graphics support, some of these new capabilities have some unexpected side effects with privacy and security implications,” says Context’s Paul Stone. Context alerted browser vendors as soon as it discovered the vulnerabilities and they are
investigating ways in which the timing attacks can be prevented. “Users concerned about these vulnerabilities can mitigate the risks by regularly clearing their browsing history or using private browsing windows to separate their browsing sessions,” adds Stone. A detailed White Paper has also been published and is available online at http://contextis.co.uk/research/white-papers/ pixel-perfect-timing-attacks-html5/
New partnership to Propel ChargeIQ in to US In a push to capture a slice of the burgeoning world-wide electric vehicle charging infrastructure market, estimated to exceed $3.8 billion by 2020, the Australian producers of ChargeIQ electric vehicle charging solution have established a partnership with a leading Silicon Valley based technology supplier. ChargeIQ, a Smart Grid friendly electric vehicle charging solution proven to slash driver’s charging costs in half, has been developed over three years by Australian technology company DiUS Computing. ChargeIQ is set to make its debut in the North American market by the end of 2013, after DiUS established a partnership through its commercialisation subsidiary Percepscion with Global Network Resources, Inc – a leading Silicon Valley based technology supplier. The move establishes the beginnings of an international sales and distribution channel for ChargeIQ, as well as other products in Percepscion’s innovative Smart Energy portfolio. ChargeIQ is the world’s first Zigbee-certified Electric Vehicle charging solution with intelligent Smart Grid integration that allows electricity utilities to communicate directly with consumers to manage charging loads. ChargeIQ, which features a web interface and smartphone application, enables utilities and consumers to cooperate in real-time to shift electricity demand. A recent report produced for the Victorian Government by DiUS, in conjunction with United Energy and the University of Melbourne, found ChargeIQ was able to halve electricity charging costs for drivers. DiUS Computing co-director Clency Coutet, said the sales and distribution agreement with
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
Global Network Resources Inc recognised ChargeIQ’s appeal to the growing number of plug-in vehicle drivers globally. “In many parts of the US, a plug-in vehicle is now cheaper than its petrol counterpart. “ChargeIQ represents the next generation in electric vehicle charging. With ChargeIQ, drivers save charging costs, without effort or inconvenience. ChargeIQ makes electric cars smarter,” says Coutet. President and Founder of Global Network Resources, Kurt Miyatake, says ChargeIQ and Percepscion’s other Smart Energy products were exciting additions to the company’s portfolio. “We’re delighted to partner with DiUS in bringing ChargeIQ to North America. Electric cars are taking off in California and we see huge potential for this innovative product here and elsewhere around the world,” says Miyatake. The distribution deal is one of a number
of significant developments surrounding ChargeIQ in recent months. In May, ChargeIQ was named a semi-finalist in the prestigious Australian Cleantech Competition, which discovers and fosters Australia’s best clean technology companies and products. The winner will be announced on 2 October and goes on to represent Australia in the global competition. This followed ChargeIQ being recognised as one of Australia’s most innovative products for 2013 by Anthill magazine. For more information visit http://dius.com.au
Asia Pacific Security Magazine | 47
TechTime - latest news and products
Quantum Secure introduces enhancements for SAFE Software Suite Further simplifying and automating complex security operations, Quantum Secure announces enhancements to their SAFE Software Suite. A simpler, faster reporting engine provides security management with insights needed to make better business security decisions, while new out-of-the-box templates automate a wide range of security operations. “With each generation of technology, we bring greater simplicity to the user even as we add more capabilities to our software,” says Ajay Jain, President and CEO, Quantum Secure. “Our continuing objective is to increase the ease and convenience of maintaining the most secure possible facility.” The new, faster reporting engine for the SAFE Software Suite delivers insights by monitoring security activity, assessing risk, measuring customer satisfaction and tracking key security indicators. A wide array of ready-to-use security dashboards can be personalised to improve performance through key performance indicators (KPI) that track key metrics, assign goals, and compare benchmarks. To enable improved automated security operations, Quantum Secure has added a number of out-of-the-box templates for security operations including email templates, business rules and policies, badge templates and kiosk design templates.
Additional updates to the software include newly enhanced contractor and tenant management modules for their SAFE Software Suite. The SAFE 4.7 enhancements deliver greater flexibility to users, enabling employers to manage identities across multiple contracts with multiple individuals associated to each contract. Users can issue CIV credentials, which function like Government PIV credentials to further improve control and security. “This update improves security for
organisations with numerous tenants and their employees who need access to specific areas on the premises,” says Ajay Jain, President and CEO, Quantum Secure. “With SAFE, now identity management for commercial and business deployments can be implemented at a security level similar to what we offer for government applications.”
Quantum Secure mobile apps deliver With a unique approach to automating physical security operations focused on connecting security departments with their customers, Quantum Secure has launched its SAFE for Mobile Solutions. “The ability to control and manage operations from a mobile platform has become an essential security tool,” says Ajay Jain, President and CEO, Quantum Secure. “We have designed mobile apps with the goal of customer-centric security, to ensure simplicity, feedback and automation of physical security operations.” For security departments utilising SAFE for Mobile Solutions, customer feedback is a key component of every physical security request or transaction. Customer centric apps include new employee and contractor on-boarding, visitor registration, access changes and approvals or access audits, lost or stolen badge reporting,
48 | Asia Pacific Security Magazine
access requests and more. Apps specifically focused on the security department include functionality for visitor management, mobile badging, NDA signatures, alarm and identity metrics, search and verify personnel and more. Quantum Secure’s SAFE Software Suite provides policy-based on/off-boarding of identities and physical access levels across multiple security systems. All SAFE for Mobile apps leverage the reliable and secure SAFE policy engine to ensure continual process management and compliance for security personnel, and are delivered on iOS, Android, and Windows platforms.
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
OnSSI debuts video delivery and control solution OnSSI has launched innovative new high performance video delivery and control Web and Mobile clients that extend the look and feel of OnSSI’s award winning Ocularis desktop interface above and beyond the control room. The new Web and Mobile clients utilise OnSSI’s High Definition Interactive Streaming (HDIS) technology which delivers up to 16 HD video streams at full resolution and frame rate
over low bandwidth networks. The solution allows security personnel on-the-go to perform live monitoring or synchronized playback of multiple HD cameras from an iPad tablet, approved handheld device or standard web interface. “Today’s security operations continue to move beyond the control room. Our new Web and Mobile clients support this trend with powerful functionality and cost efficiencies,” says Ken LaMarca, Vice President, OnSSI. “It is an intelligent security and communications solution that provides mobility without compromise for the most demanding applications and users.” Additional features of the Ocularis Web and Mobile clients include; the ability to toggle between single and multi-camera views; on the fly creation
and configuration of custom camera group views; continuous forward, backward and frame-by-frame playback of single or multiple cameras; access to recorded video using date/ time selector or Timeline feature; and support for any combination of cameras including those with different compressions and resolutions in the same view. The HD video capture, transmission and control capabilities enabled with OnSSI’s Web and Mobile clients provide law enforcement and security management professionals with an invaluable tool for situation assessment and real time mobile management. The ability to deploy bi-directional real-time HD video and audio in the field gives first responders and dispatchers a whole new perspective on emergency response services. This insures appropriate levels of response, reduced operating expenses without compromising public safety and ultimately helping to save lives.
Altronix introduces innovative transmission and PoE solutions Altronix has introduced several innovative products that deliver more than just power. The new eBridge™4SK kit which allows fourIP devices to replace a single analog camera over legacy coax cabling, and the new NetWay™4ESK kit that transmits IP data and delivers PoE+ for up to four IP devices over a single CAT5/6 cable. These new additions from Altronix provide greater value and flexibility when upgrading security, access and surveillance systems. “Our ongoing objective is to develop new and better ways to improve system performance,” says Alan Forman, President, Altronix. “Our new eBridge™4SK Ethernet over coax and NetWay4ESK IP data and PoE transmission solutions deliver more value, enhanced network communications and greater flexibility.” The new eBridge4SK kit allows you to replace a single analog camera over legacy coax with up to four IP devices. This kit consists of the eBridge4SPT transceiver with an integral
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
four port managed PoE+ switch that transmits IP data to the head-end, and an eBridge1SPR receiver that passes system power up the coax over 1500 feet (5X maximum Ethernet distance) without the need for repeaters. The new NetWay4ESK kit transmits IP data and delivers power for up to four PoE+ cameras/devices over a single CAT5/6 cable. NetWay4ESK consists of a four-port managed NetWay4ES PoE+ switch and a NetWay1E midspan injector. This kit provides an extremely
cost-efficient means of maximising IP infrastructure while reducing overall equipment and labour costs. Both kits are UL listed in the USA and Canada, and CE and C-Tick approved. All Altronix products are made in the USA and feature a lifetime warranty
Asia Pacific Security Magazine | 49
TechTime - latest news and products
Arecont Vision releases a host of new products Arecont Vision, an industry leader in IP megapixel camera technology, has launched a unique 12 megapixel (MP) 360° panoramic camera with true Wide Dynamic Range (WDR). The new SurroundVideo® 12MP WDR 360° panoramic camera produces superior quality images of wide areas even in the most challenging lighting conditions without the aberrations produced by single sensor fisheye panoramic cameras. Arecont Vision’s WDR technology delivers a dynamic range of up to 100dB at full resolution without lowering the frame rates. By combining long and short exposures in the same fieldofview, WDR maximises the amount of detail in both bright and dark areas of a scene. The WDR performance of Arecont Vision cameras represents an up to 50dB improvement (300X) in dynamic range compared to conventional cameras. Also new for Arecont Vision is the MegaVideo® Compact Dual Sensor Day/ Night Camera. The megapixel camera features a colour 3megapixel (MP) image sensor with Wide Dynamic Range (WDR) along with a monochrome 1.3MP image sensor with superior low light performance. Together the dual sensors ensure that the camera captures highly detailed images in changing lighting conditions by switching from colour WDR to monochrome when light levels fall below a specified threshold or by streaming both sensors simultaneously. Arecont Vision’s new Compact Dual Sensor Day/Night Camera features dual H.264 (MPEG-4 Part 10) and MJPEG encoders, fast image rates, up-scaling on the 1.3MP monochrome sensor to 3MP, bit rate control, multi-streaming, forensic zooming and PoE. The new MegaView® 2 and MegaBall® 2 series of all-in-one Day/Night H.264 megapixel cameras have also been released. Both camera series feature remote focus and remote zoom P-iris lenses to ease installation, and optional true Wide Dynamic Range (WDR) at 1080p and 3 megapixels (MP). The MegaView® 2 cameras are available in resolutions of 1.3MP, 1080p, 3MP, 5MP and 10MP. They offer optional built-in infrared (IR) illuminator LEDs. MegaView® 2 cameras come with a junction box and an easy to adjust 3-axis wall mount to further simplify installation. Their bullet-style enclosures are IP66 environmentally rated. The spherically shaped MegaBall®2 cameras are available in 1.3MP, 1080p, 3MP and 5MPmodels, and come with an integrated cable management structure to simplify installation.
50 | Asia Pacific Security Magazine
A surface mount option for the new ultra low profile MicroDome™ cameras has also been launched. The new line of multi-megapixel cameras is designed for applications where both high-resolution and a minimal footprint are required. MicroDome™ cameras are available in resolutions of 1.3 megapixels (MP), 1080p, 3MP and 5MP with an option for true Wide Dynamic Range (WDR) imaging at 1080p and 3MP. In its surface mount housing, the Arecont Vision MicroDome™ camera is IP66 environmental rated to resist dust and water. The domes on all MicroDome™ cameras are IK-10 impact resistant. Also debuting is a unique new addition to its highly touted line of SurroundVideo® cameras. The new SurroundVideo® Omni Cameras feature four multi-megapixel sensors that can be individually adjusted to capture different fields of view within a full 360° range. This allows a single camera to provide detailed coverage of a
wide area including the ability to provide views directly under the camera or multiple fields of view using a variety of different lens options. Arecont Vision’s SurroundVideo® Omni Cameras feature the company’s Wide Dynamic Range (WDR) technology in the 12MP configuration which delivers a dynamic range of up to 100dB at full resolution without lowering the frame rates. By combining long and short exposures in the same field-of-view, WDR maximises the amount of detail in both bright and dark areas of a scene. The WDR performance of Arecont Vision cameras represents an up to 50dB improvement (300X) in dynamic range compared to conventional cameras. For more information visit www.arecontvision.com
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
Galaxy Control Systems expands access control portfolio
Galaxy Control Systems has presented its comprehensive line of innovative solutions at this year’s ASIS show in Chicago. Featured introductions included new Systems Galaxy Software and a new dual serial interface that deliver innovative features and integration for new and legacy access control systems while protecting users’ investments in existing hardware and infrastructure. “Satisfying the needs of customers with superior performance, support and cost-
efficiency has always been our first priority. This philosophy drives our business model and has been the foundation of our success for over 30 years,” says Robert Laughlin, President, Galaxy Control Systems. “Our latest introductions here at ASIS 2013 have been engineered with customers’ past, present and future needs in mind so that we can most effectively meet both their technical and financial objectives.” Leading the new products introduced at ASIS is Galaxy’s System Galaxy Software (v.10.3). The new software, which features a wide range of innovative capabilities, is backwards-compatible and interfaces with legacy Galaxy systems. System Galaxy Software enables users to add the latest functionality available while maintaining their existing investment in access control infrastructure, and without having to rip and replace entire systems. Galaxy also introduced the 635 Dual Serial Interface (DSI) for its 600 series Access Control Panel. Engineered to improve third party integration, enhance user convenience and ensure interoperability with a multitude of manufacturers’ current and legacy hardware, the new DSI board is another example of
Galaxy’s commitment to their customers. The 635 DSI supports wireless reader technology, relay controls, LCD displays and Galaxy 485 Remote DPI modules, with added support for multidrops and more power connections. For Government applications, Galaxy also featured its CAC Enrollment Solution, which captures information from the Common Access Card (CAC). Galaxy offers support for PIV I, PIV II, TWIC and CAC (Legacy, Transition and Endpoint) cards, along with FIPS 201-compliant controllers configured to accept data formats from 18 to 256 bits, providing unprecedented versatility within the PIV II specification. Galaxy Control Systems are also certified under the DIACAP provisions, are pre-cleared to operate on the DOD network and have an active DIACAP ATO for both hardware and software. With every product made in the USA and carrying an unconditional two-year warranty, Galaxy upholds its charter to meet and exceed customers’ expectations. All Government products are also available on the Galaxy GSA schedules 70 and 84.
Rackspace announces winner of Small Teams Big Impact Down Under competition Ollo Mobile has been named the winner of the inaugural Rackspace Australia Small Teams Big Impact Down Under competition. The startup has developed a 3G cloudphone, which aims to reinvent the monitored telehealth industry and improve the safety and communication of families world-wide. It is a specialised cellular phone, seamlessly integrated with a cloud based service platform, which helps notify families when seniors fall or need assistance. Ollo Mobile: • Replaces the call centre with smart software, lowering the cost of monitored telehealth services by 80 percent • Is a matchbox sized phone, waterproof, and wearable on a pendant or keyring • Has a variable volume speakerphone, voice control, long battery life (10 days+), automatic fall detection, and indoor geolocation • Charges on a dock, and has no cables or plugs
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
• Has a SIM card, and can be called like a regular phone. Rackspace launched the competition to find the best small team making a big impact, judged on the scope of innovation, the highest disruptive potential, and the greatest potential impact to the largest number of people or businesses. Co-Founder of Ollo Mobile, Hugh Geiger says, “We applied to the Rackspace Small Teams Big Impact competition because we know we are tackling a huge problem, and we just needed to get some global attention to help make it a reality. “We’ve been trying to get Robert Scoble’s ear for a while, so when it came about that he was going to come to Australia, we were really excited about entering the competition. “We’re thrilled to be chosen as the winner from this star-studded panel. Ollo Mobile is tackling a global problem, and we truly believe our idea can save lives. “The Ollo Mobile cloudphone technology
will reinvent monitored telehealth services for seniors and those with chronic health conditions. We lower the cost of service delivery by 80 percent and make the service socially engaging and desirable, without compromising safety. “We think this award can serve as a great launch-pad to help get our startup in front of a very broad audience.” Startup Liaison Officer of Rackspace, Robert Scoble commented, “Ollo Mobile caught our eye because it could potentially save our parents’ lives. “The startups overall in Australia were of a very high quality, and could definitely compete on the world stage. I can’t wait to come back to Australia.” (See image page 45).
Asia Pacific Security Magazine | 51
TechTime - latest news and products
Trend Micro’s Q2 warns of increase in online banking malware Android vulnerabilities, increased online banking threats and availability of sophisticated, inexpensive malware toolkits are among the growing concerns cited in Trend Micro’s (TYO: 4704; TSE: 4704) Q2 2013 Security Roundup Report. The report is a quarterly analysis by the Trend Micro Threat Analysis Team that describes cyber security threats from the previous quarter combined with analysis to evaluate and anticipate emerging attacks. Android devices are directly in the crosshairs of hackers as threats proliferate and the user-base expands with little thought given to security. The Security Roundup Report shows the number of malicious and high-risk Android apps has grown to 718,000 in the second quarter – a massive increase from the 509,000 high-risk apps found in the previous quarter. These malicious apps are on track to exceed one million by year’s end, as predicted by Trend Micro in the 2013 forecast. By way of comparison, it took a decade for PC malware to amass this number.
This fact, Trend Micro warns, combined with the Android network’s systemic problems leave a large number of Android devices exposed to a risk that will continue to spread. “Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective timeframe. In some cases, users will never get patches as vendors leave their customers at risk of attack,” says Jonathan Oliver, Software Architecture Director ANZ, Trend Micro. “Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly. At the rate this malware is accelerating – almost exponentially – we appear to be reaching a critical mass. To fight this, Android users need to take great care when using their devices and take the simple, but effective, step of adding security software to all mobile devices.” Online banking: The Trend Micro report also warned of increasing hazards to online banking, which saw malware increasing 29 percent from the previous quarter – from 113,000
to 146,000 infections. The US was the top target of malware, with more than one million instances amounting to 28 percent of global compromises, followed by Brazil at 22 percent and Australia at five percent. Preventative measures, such as closely monitoring account activity and using third-party security solutions, will help mitigate this growing threat. Malware toolkits: Adding to this onslaught of cyber-security risks, the Trend Micro report found that the methods for selling malware toolkits have evolved. Sophisticated malicious tools are now being sold via inexpensive, free or bundled pricing schemes, such as two-for-one packages. The ease of access to these effective malware toolkits increases the hazards Internet users will face going into the remainder of 2013 and beyond. For more information visit www.TrendMicro.com.au
RBC announces secure cloud – the first cloud-based mobile payments solution RBC has announced its RBC Secure Cloud mobile payments service (patent-pending). This new technology, a first in Canada, will allow clients to more safely and securely pay for purchases using their mobile devices. Keeping sensitive client data secure with RBC in the cloud, not on the phone, makes RBC Secure Cloud a safer, faster, more flexible solution. RBC will bring RBC Secure Cloud to market by the end of the year with debit and credit on a number of smartphone platforms. “We have designed a mobile payment solution that offers a better client experience and increased security than has been previously available, while meeting industry standards,” says Linda Mantia, executive vice-president, Cards and Payment Solutions, RBC. “The result is a solution that offers benefits and options to everyone in the payment ecosystem.” With RBC Secure Cloud, the financial institution assumes the security burden, since sensitive client data remains with the bank, as opposed to keeping it on the phone, as is the case with other models. The data is transmitted encrypted and decoded locally on
52 | Asia Pacific Security Magazine
the client’s mobile device at point of sale through partnerships with mobile service providers. While the solution thoroughly protects client financial data by leaving it at its source, clients are also protected by the existing Zero Liability Policy for Interac, Visa and MasterCard. “We understand the importance of security to our clients and make safeguarding their personal information our highest priority,” says Paul Gerics, Vice-President, Information Security at RBC. “RBC Secure Cloud is being built with the highest security standards in mind. We employ a diverse range of technologies and security mechanisms to help ensure the safety, confidentiality and integrity of our client’s information and transactions.” Initially focused on Near Field Communication (NFC), the RBC solution is flexible and can support new technologies such as bar or QR codes, or other standards, and allows offline transactions. Other benefits for the client include; • simpler and faster provisioning of account information • seamless card lifecycle management
including card replacement for lost, stolen and expire cards as well as setting preferences • an ‘open wallet’ architecture (meaning the ability to support non-RBC payment methods and inter-bank access to payment information in future). “This is a critical advancement for mobile payments in Canada,” says Mark O’Connell, President and CEO, Interac Association and Acxsys Corporation. “We are excited about RBC’s announcement and our participation in the evolution of mobile payments.” For more information visit www.rbcroyalbank.com/mobile
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
TechTime - latest news and products
Raytec’s award-winning VARIO lighting family now complete Raytec’s award winning family of VARIO illuminators is now complete with its own high-end range of dedicated power supply units. Designed to correctly power all VARIO illuminators including VARIO IP, the power supplies provide a range of advanced features and the easiest, quickest and safest wiring and installation platform. As a full product family, there is a PSU to power any VARIO illuminator; purpose designed to work together as a high performance system. VARIO PSUs provide the option to run multiple lights from one PSU, and offer CAT5 connectivity for VARIO IP network illuminators. The ‘Fast-Connect’ wiring system also allows the quickest and easiest wiring of all VARIO input and output connections. VARIO PSUs provide a high quality and robust IP66 enclosure making them suitable for
all environmental conditions. Innovative status LEDs are also provided to indicate correct voltage and to provide internal illumination support for during night-time installation. All VARIO PSUs require a 100-230V AC input and provide 24V output. 20W, 50W and 100W PSU options are available to provide a
solution for all VARIO low voltage lighting installations. VARIO PSUs are also provided with a 3 year warranty. For more information on the VARIO series of PSUs and the award winning VARIO family of illuminators, please visit www.rayteccctv.com
HID Global to Protect Online and Mobile Banking Transactions HID Global®, a worldwide leader in secure identity solutions, continues its drive to help financial institutions secure online banking services that nearly half of all their customers prefer for convenient account access. Through its forward-looking Identity Assurance portfolio and channel partnership initiatives, the company is fuelling adoption of layered authentication as part of a cost-effective security strategy for protecting online and mobile transactions from anywhere, and from any device, more frequently than ever before. “Because the explosive growth in online banking has attracted more sophisticated fraud attacks and increased regulatory oversight, it has become increasingly critical to move end users beyond simple, static passwords to strong, adaptive authentication that ensures accounts can only be accessed by authorised individuals, without intruding on the online convenience,” says Christy Serrato, Solutions Marketing, Identity Assurance, with HID Global. “We are seeing and serving accelerating demand for seamless, risk-based solutions that enable banks to tailor authentication choices for a wide variety of customers using their on-line and mobile services.” One of HID Global’s key focus areas is to make it easy for financial institutions to understand and interact with its ActivID®
Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media
authentication solution. In its retail banking and cards practice technology analysis, CEB TowerGroup awarded HID Global the best-in-class Customer Engagement rating, highlighting that its authentication factors, the broadest in the market, offer experience consistency across service channels and its customer self-service capability delivers intuitive management of credentials. “By combining Customer Engagement functionality with malware detection capabilities, HID provides authentication that is both foundationally sound and forward-looking,” says Jason Malo, Research Director, Retail Banking and Cards at CEB Towergroup. “The solution’s ability to support external authentication credentials provides flexibility for firms that have different implementations or multiple legacy systems.” HID Global has also broadened and strengthened its banking partnership initiatives with its Identity Assurance Technology Partner Program, which fosters deeper collaborative solution development engagements. Partners such as Temenos participate in the program to leverage layered authentication capabilities based on HID Global’s ActivID® Appliance and ActivID® Threat Detection Service for its highly flexible internet and mobile banking solutions. This and other partnerships play a key role in meeting customer requirements and the
increasing demand for secure next generation online financial services, with CEB TowerGroup expecting online transactions to grow by a multiple of 1.5 between 2009 and 2013 and mobile transactions to grow 10-fold during the same period. HID Global’s ActivID authentication offering promotes five critical layers for true, multi-factor authentication to enable trusted online transactions; strong user authentication advanced device authentication, browser malware protection, transaction-level authentication/pattern-based intelligence, and application hardening. This multi-layered approach enables institutions to conveniently layer online fraud protection with secure access to online services and cloud-based applications. HID Global’s unified approach is delivered via an integrated authentication platform so organisations can easily manage credentials across a broad range of users and device types, while delivering consistent yet convenient protection to combat the latest fraud concerns that financial institutions are facing world-wide. For more information visit www.hidglobal.com
Asia Pacific Security Magazine | 53
By Chris Cubbage, Executive Editor
N
ACTIVE SHOOTER GUIDELINES FOR PLACES OF MASS GATHERING Australia-New Zealand Counter Terrorism Committee.
ew guidelines are being introduced in all forms, all the time. But every now and then, there are those that should cause one to pause and take notice. For those in security, here is one such set of new guidelines which provide specific advice on the active shooter threat. In August 2009, police arrested four men in association with a terrorist plot targeting the Holsworthy Army Barracks in NSW, where several Australian Defence Force units involved in overseas deployments are based. The perpetrators planned to infiltrate the barracks and shoot as many people as possible. Historically, Australia and New Zealand have not been immune from active shooter events. Several significant incidents have occurred at Government buildings, shopping centres, universities and public spaces during the past 25 years. The Port Arthur, Hoddle Street, Strathfield, and Queen Street incidents in particular, demonstrate that active shooter mass casualty attacks in Australia remain a real and persistent threat to the community. Common elements of active shooter incidents include: 1. Occurs in confined or controlled areas – for high target concentration 2. Involves soft targets like shopping centres, schools and other public mass gatherings 3. Incident will occur rapidly and most likely be over within 10-15 minutes 4. Shooting will continue until offender(s) are confronted by law enforcement personnel or another type of intervention, or they commit suicide 5. Generally, incidents are not resolved through negotiation or other peaceful means. Therefore, for all first responders, and most likely security and police officers, the primary objective of any initial response planning should be to minimise the offender’s access to victims. All site owners and operators should develop and practise strategies aimed at evacuating or isolating people or the offender. Courtesy of US Department of Homeland Security, the Active Shooter: How to Respond guide outlines three key areas of focus. Evacuate: Building occupants should evacuate the facility if safe to do so. Evacuees should leave behind their belongings, visualise their entire escape route before beginning to move, and avoid using elevators. Maintaining concealment or cover while moving is also important. Hide: If safely evacuating the venue is not
54 | Asia Pacific Security Magazine
possible, occupants should seek to hide in a secure area where they can lock the door, blockade the door with heavy furniture, cover all windows, turn off all lights and remain silent. Mobile phones should also be turned to silent. Take action: If the option of hiding in place is adopted, individuals may also need to consider options to disrupt and or incapacitate the active shooter in the event they are located. This can include using or throwing available objects or using aggressive force when confronted. Such action should only be taken as a last resort and in order to protect Key recovery considerations following an active shooter incident will include; •
public information and community confidence • scene preservation and investigation activities • business continuity challenges. These guidelines have been endorsed by the Australia-New Zealand National CounterTerrorism Committee (ANZCTC) and will be maintained by the National Security Resilience Policy Division (NSRPD) of the AttorneyGeneral’s Department. Importantly also, guidance material on the threat posed by IEDs (improvised explosive device) will form the basis of a separate set of ANZCTC guidelines.
Have you recently published a security related book? Or have you just read a new, great security book? Please email us at editor@asiapacificsecuritymagazine.com
www.businessprotectionsummit.com 4-5 December 2013, Dubai MENA Business Infrastructure Protection 2013 Summit …Risk Management and Security Intelligence for Companies in MENA
Join us for this high-profile meeting that will provide a comprehensive platform for practitioners involved in the protection of critical infrastructure across the Middle East and North Africa.
Topics of discussion will include: » Preventing and mitigating physical attacks » Cutting edge techniques and technology » Updates on guidelines and policies » Vulnerability analysis on critical infrastructure » Cost analysis of new technology for security operations » Post attack and disaster recovery strategies » Best practices for business continuity planning » Mitigating hostage situations …and much more
Bo 30th ok by Oc and tober 15% get a disc oun t*
Speakers inlcude: Major Eng. Arif Mohammed Al Janahi, Head of CCTV and Surveillance, Department of Protective Systems, Dubai Police Cengiz Mogul, Project Security Manager, Muscat International Airport Project Mark Rodgers, Global Director of Security, DP World (including Jebel Ali Port) Huda Belhoul, Acting Director of Risk Management, Federal Customs Authority, UAE David Rubens, Director for International Development, The Security Institute Chris Holley, Security Systems Engineer, Samsung SDS Mustapha Harkouk, Security Manager, GDF Suez Algerie Tareque Choudhury, Chief Security, BT Middle East and Africa Wallace Koenning, Head of Business Continuity & Disaster Recovery, Saudi Aramco Harry Harper, Ports Security Officer, Abu Dhabi Ports Company Peter Lehr, Professor of Critical Infrastructure Protection and Terrorism Studies, University of St Andrews John Hamilton, Director, Cross-Border Information Dr. Theodore Karasik, Director of Research, Institute for Near East and Gulf Military Analysis (INEGMA) Chris Phillips, Former Head of Counter Terrorism, CPNI (MI5)/ Managing Director, International Protect and Prepare Security Office Representative from Frost and Sullivan
Organised by:
*Limited availability
For more information on the Summit please contact: Ben Hillary T: +44 (0) 207 111 1615 benh@irn-international.com
Special Feature - CCTV
Providing national Security
BY THE TERABYTE National security extends beyond the battlefield, and so does Lockheed Martin. Our best-in-class security capability is hard at work protecting Australia’s most vital data — in government and industry. Our NexGen Cyber Innovation & Technology Centre in Canberra is already providing leading-edge cloud IT and cyber security solutions. And with new investment in an innovative Security Intelligence Centre, Lockheed Martin is continuing to meet the security challenges of today — and tomorrow.
www.lockheedmartin.com.au