New Zealand Security - August-September 2021 by Defsec New Zealand

August/September 2021

New Zealand Security Magazine

THE FUTURE OF ARTIFICIAL INTELLIGENCE IN SECURITY Man on a Mission: Alistair Hogg With a career spanning decades, the Aotea Security CEO has had his ups and downs, turning adversity into opportunity.

IFSEC Global

Influencers announced Six New Zealanders feature among the winners of this annual award, with one in the running for top prize.

Protective Security Requirements FIRST Security COO Steve Sullivan writes that the NZ Government’s PSR are just as relevant for the private sector.

www.defsec.net.nz

e c u r i ty I

S ’s

mited 30 y Li e

Loktr

y tr s u

ervicing N

Three great brands that stand for QUALITY and VALUE

from Loktronic Limited SERVICE and SUPPORT drive us. Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 • Fax 64 9 623 3881 • 0800 FOR LOK mail@loktronic.co.nz • www.loktronic.co.nz

ISO 9001:2015

REGISTERED COMPANY Certificate No. NZ1043

eCLIQ - Rethink the Key Schools, museums, leisure centres, and commercial buildings all have the challenge of maintaining multiple security touchpoints. Now, with eCLIQ access management is so much easier. eCLIQ is uncomplicated and reliable, without compromising on security. Each key is individually programmable, offering; password protection, authentication and audit trails – all with the peace of mind, that access rights can easily be revoked. With its extensive range of different cylinder types, the eCLIQ system is designed for every kind of use, from the company entrance gate, to securing the alarm systems, lift doors and cabinets.

Cylinders are easy and quick to install, no cabling is needed.

New, future-proof CLIQ ® chip generation with AES encryption and rapid processing speed with efficient energy management.

More durable, more secure and more efficient than conventional locking systems

www.assaabloy.co.nz

CONTENTS ISSN Print 1175-2149 • ISSN Online 2537-8937

From the Editor.................................................................................................................................................................. 6 The future of Artificial Intelligence in Security........................................................................................................ 8 HeatPro Series brings accurate perimeter defence and fire detection to mass market........................... 12 Exclusive Profile: Alistair Hogg, CEO Aotea Security............................................................................................14 Facial Recognition: Pre-deployment considerations...........................................................................................18 Ransomware as a Service (RaaS) threat emerges ................................................................................................20 ASSA ABLOY: Three Levels of Physical Server Security........................................................................................22 Access Control Innovation at your fingertips.........................................................................................................24 Protective Security Requirements.............................................................................................................................26 NZSA CEO’s July Report.................................................................................................................................................30 Crowded Places Security Advisory Group update............................................................................................... 34 International Security Officers’ Day – 24/7............................................................................................................. 35 Security: A career to be proud of...............................................................................................................................36 Training and Professional Development SIG update...........................................................................................38 IFSEC Global Influencers Security & Fire 2021........................................................................................................40 UK NCSC launches zero trust architecture design principles............................................................................46 Industry Associations

* www.security.org.nz

www.asis.org.nz

www.masterlocksmiths.com.au

Three leading brands from

0800 367 565 www.loktronic.co.nz

NZSM

www.skills.org.nz

www.nzipi.org.nz

August/September 2021

STAND TALL FOR YOUR

COMMUNITY & COUNTRY Are you motivated to do your bit to help keep New Zealand government sites safe? FIRST Security has numerous security guard roles available now. Achieving a government security clearance is required for these high security locations.

APPLY TODAY & BECOME A CHAMPION FOR YOUR COMMUNITY

ON-JOB TRAINING PROVIDED. VISIT OUR CAREERS PAGE.

FIRSTSECURITY.CO.NZ/CAREERS

FROM THE EDITOR Welcome to the August-September 2021 issue of New Zealand Security Magazine! It’s been an interesting 12 months in security. Last August, in the thick of the 2020 election campaign, Prime Minister Jacinda Ardern announced that the Government would stop using private security contractors at managed isolation and quarantine (MIQ) facilities. They would be replaced, she said, by security officers employed directly by the Ministry of Business Innovation and Employment (MBIE). In the meantime, 500 additional NZDF personnel were marched into the MIQ hotels to ‘reduce reliance’ on private security guards and bolster public confidence in the security of the New Zealand’s COVID border. 12 months later, the security of New Zealand’s 32 MIQ facilities has been demonstrably effective. The private security industry has delivered a large-scale MIQ electronic security enhancement rollout, and in the absence of a quorum of government-employed security officers, the industry has continued to provide hundreds of guards to MIQ sites on any given day. Managed isolation aside, New Zealand’s security industry excelled as an ‘essential service’ during periods of lockdown, and our security officers have played a key frontline role in protecting vulnerable businesses and critical infrastructure, and in managing physical distancing arrangements at supermarkets and retail spaces across the country. Following last year’s release of the government’s Protecting Our Crowded Places from Attack: New Zealand’s Strategy, NZ Police has also turned to the security industry to support the provision of security advice to owners and operators of venues. A Crowded Places Security Advisory Group led and comprised of representatives from our industry is now driving this. In 2020-21, the government and the economy have depended upon Aotearoa’s private security sector to deliver in ways that it has never done before. And the private security sector has delivered in spades. Against this background, International Security Officers’ Day (ISOD) 2021 on 24 July had greater meaning this year. We have every reason to look back over the past 12 months and feel immense pride in relation to the thousands of women and men who have donned their uniforms or picked up their tools in order to make our communities safer. Having only been around for the last five years, ISOD is slowly gaining a degree of momentum internationally. However, if anything, the last year tells us that it’s a day that should be receiving recognition from more quarters than it does - starting with the Prime Minister’s office. Nicholas Dynon Auckland

DEFSEC

New Zealand’s National Defence, Fire and Security Publishers of: Line of Defence, FireNZ, New Zealand Security Magazine

Contact Details: Chief Editor, Nick Dynon Phone: + 64 (0) 223 663 691 Email: nick@defsec.net.nz Publisher, Craig Flint Phone: + 64 (0)274 597 621 Email: craig@defsec.net.nz Postal and delivery address: 27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand

NZSM

Upcoming Issue October / November 21 Professional, Business & Industry Awards, Accountants, Lawyers, Business Managers and Consultants

facebook.com/defsecmedia twitter.com/DefsecNZ linkedin.com/company/ defsec-media-limited

NZSM New Zealand Security Magazine

Nick Dynon Chief Editor Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security. Prior to NZSM he clocked up over 20 years experience in various border security and military roles. Disclaimer: The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use. Copyright: No article or part thereof may be reproduced without prior consent of the publisher.

August/September 2021

THE

U LT I M AT E

EXPERIENCE WITH 3 BUDDIES

NZ HAVE WON THE CUP

GAME 3 EDEN PARK

48 TIMES vs AUST 12

WATCH US WIN WITH THREE OF YOUR MATES ULTIMATE PACKAGE INCLUDES: • Pre and post-match corporate hospitality service • Reserved category A or B match tickets • Four course seated meal • Premium beverage service prematch and post match • Master of Ceremonies, guest speakers and entertainment • Match day programme - 1 per 2 guests

TICKETS WORTH

$4K

To win, spend over $1,000* at Hills New Zealand on DSC products to be eligible. Competition runs from 1st June to 30th September, 2021

210513 DSC NZSM v8

• Host service

For more information on DSC and other best-in-class solutions 08001 HILLS (44557) or hills.co.nz Follow us on

Hills Limited NZ

YO U C A N R E LY O N H I L L S Terms and Conditions: Every Hills NZ Limited (“Hills NZ”) customer resident in New Zealand and who spends a minimum of $1,000 excluding GST on DSC products on a single invoice through the promotion period from Hills NZ, will receive one (1) entry in the prize draw to win four tickets including hospitality to the Bledisloe Cup held at Eden Park in October 2021. The prize is valued at $4,000 including GST (RRP). Win the Ultimate Bledisloe Cup Experience runs between 1 June, 2021 and 30 September 2021 inclusive (“promotion period”). The winner will be drawn on Friday 1st October 2021, at Hills NZ head office in Auckland NZ. The winner will be notified by phone and published online at Hills.co.nz. If tickets are unavailable, Hills NZ reserves the right to substitute with a prize of equal value. Hills NZ reserves the right to change these terms at any time by notice on its website. Please visit the website Hills.co.nz/Bledisloe for full competition details, terms and conditions.

FOCUS ON

The future of Artificial Intelligence in Security Deep Learning, along with huge increases in processing power and data gathering capabilities, is bringing new intelligence to the ways security is performed, from threat anticipation to robot and drone patrols. The idea of machines that could act and think like men has been around for a long time. In Greek myth, Talos was a giant bronze man who guarded the island of Crete by throwing stones at the ships of unwanted visitors, acting as the very first security guard. The earliest computers were designed as “logical machines” that reproduced human capabilities such as basic arithmetic and memory, their engineers essentially seeking to create mechanical brains.

In AI, the goal has long been to create devices that would think like human beings, act like them, or both. As technology progressed, researchers in AI concentrated on mimicking human decision-making processes to carry out tasks in ever more human

NZSM

ways. To do that, they needed to incorporate one of humanity’s most fundamental characteristics—the ability to learn. Now, 60 years after Arthur Samuel created perhaps the world’s first successful self-learning program, Deep Learning systems are at the cutting edge of AI and are beginning to have a profound effect on security systems and protocols. Predicting the future with AI At its core, Deep Learning relies on data. This data is fed into neural networks that mimic the way people think and understand the world. These networks also hold a number of advantages, such as speed, accuracy and lack of bias. And their capabilities have the potential to be huge. For example, researchers at MIT have created a system which can

technically predict the future, albeit in a currently limited way. For the security sector, being able to predict how people might behave is incredibly valuable. Human beings have always possessed this capacity, but historically computers have only been able to utilise data which already exists. Predictive deep-learning algorithms, such as the one being utilised at MIT, point the way to AIcreated simulations of ever greater accuracy. Deep learning works on a system of probability. The neural network is able to make statements, decisions or predictions with a degree of certainty, based on the data fed to it. A feedback loop, which either senses or is told whether its decisions are right or wrong, modifies the approach it takes in the future. In this sense, it is able to learn. Where CCTV

August/September 2021

can only record a crime as it’s being committed, neural networks may be able to anticipate that crime before it occurs. If The Face Fits The rise of hyper-accurate facial recognition software has been at the foundation of today’s security protocols, and for many, facial recognition is the very definition of AI. In the wake of a mass shooting that resulted in ten deaths at a Texas high school in 2018, the School District contracted with a company called AnyVision for an artificialintelligence-based application that plugs into an existing camera network. Soon the system began recognising people based on 20-yearold photos, or when they were wearing hoodies or glasses. For the district’s director of technology, Kip Robins, the system’s capabilities were demonstrated when it was asked to search for one of his twin sons. It picked the boy out of a crowded hallway before Robins himself did. “I had to look twice and realize, ‘This is my son,’ he says. “I didn’t pick it up, but the software picked it up.”

August/September 2021

Another company, Evolv Technology, offers portable screening machines with facial recognition software that can process between 600 and 900 people per hour, a minimum of one per second. The software connects to a database containing approved profiles of VIPs, employees, ticket holders for events and repeat patrons who should be automatically allowed entry to a venue. The system’s algorithms can match the faces of attendees with those of persons of interest. If the visitor sets off a red light, they are blocked from entering and apprehended. If the visitor profile triggers a yellow light, indicating an unverified threat, security personnel can send the profile to central monitoring for realtime review and verification. When facial recognition is aligned with sensors that can detect the presence of physical objects, the potential for threat detection increases dramatically. Evolv offers a separate screening device that alerts operators to concealed metallic and non-metallic explosives, firearms and other weapons. Inductive sensors are used to detect metals using an electromagnetic field, while capacitive

sensors detect objects that have a dielectric constant that is different from air, such as plastic, paper and wood. Each can be used to determine whether an individual is carrying a dangerous object, even if it is not visible. Spot the potential threat Though sophisticated, the systems discussed above are primarily detection systems. They can see a previously identified threat—a person on a watchlist, an explosive device— and report it to security personnel. For AI to live up to its promise, it must be able to anticipate potential threats. Equally important, it must be able to distinguish these from false positives. The MIT deep-learning algorithm uses a method called adversarial learning, wherein two neural networks — one that generates video and another that attempts to discriminate between real and generated videos — try to outsmart each other. While researchers hope to scale up this technology, currently the videos are less than two seconds long and begin with an easily predictable scenario, such as a train on a track. Meanwhile, predictive AI technology NZSM

is already in use on a large scale in some countries. In Hong Kong, HD cameras, facial recognition and remote sensors gather huge amounts of data, while algorithms analyze events in real-time and indicate potential risks. These processes may be utilised in both public and private security applications. For the home, a US company called Deep Sentinel offers a system that integrates wireless cameras, predictive AI, and human intervention to identify potential threats. Deep Sentinel uses a combination of motion detection, human-body detection and facial recognition technologies. When motion is detected, the system begins to capture and record images. The deep learning algorithms determine if the presence is that of a human, animal or another moving object. If the movement is from a person, facial recognition algorithms can determine whether that person is the homeowner or family member. Predictive technology identifies patterns of behaviour and can determine whether the person’s actions are suspicious. If the actions continue and the person is not recognised, the system alerts Deep Sentinel’s human surveillance team, who can then identify and act on the potential threat.

NZSM

For larger commercial and infrastructure sites—electrical substations, oil and gas facilities— systems like the one offered by Digital Barriers can integrate multiple sensors, such as seismic ground sensors, wireless optical and thermal cameras, and video analytics to give users a single view of the area surveyed. The system is trained to ignore environmental effects like poor weather, camera shake, moving foliage and shadows, while differentiating between intruders and legitimate staff and visitors. Though highly sophisticated, such systems ultimately rely on human judgement to determine whether a threat exists, and what action to take. But they can greatly reduce the man hours required to monitor premises both physically and remotely and represent huge potential for reducing labour costs. Some companies might wish to entirely remove the human component from security processes, relying solely on artificial intelligence to identify and respond to threats. Currently, the greatest challenge in using analytics-powered surveillance alerts is the occurrence of false alarms. Over time, deep learning protocols will continuously increase accuracy of detection and greatly

reduce the instances of false positives. In terms of physical surveillance and response, the use of drones and robots will become more and more frequent. These are the drones you’re looking for Remotely operated robots have long been used for such dangerous tasks as bomb disposal. The new generation of unmanned ground, aerial, and underwater vehicles will be capable of learning to navigate their environments while performing surveillance, reconnaissance or clearing operations. Contracting to the US military, Shield AI offers Hivemind Nova, a quadcopter-type drone driven by Hivemind, a machine learning application that allows the robot system to learn from battlefield experiences. The Nova enables defence and security personnel to access and explore building interiors, urban areas, caves, tunnels, other high-threat environments, and GPSabsent areas to collect information about potential threats. While still requiring a human operator, the drone learns while in operation, collecting data automatically with no risk to personnel. The machine learning

August/September 2021

also enables the system to teach and work with other robots to complete missions faster and cover a wider area, according to the company. Security robots such as those built by Knightscope are used for groundbased monitoring, with the ability to provide 360º HD video streaming, detection of people, facial recognition and automatic licence-plate recognition. The units are designed to present an unthreatening appearance whilst carrying out their scheduled patrols. While the above systems are designed for data collection and transmission, the use of autonomous or semi-autonomous machines highlights the greatest potential danger when employing AI for security applications. A security system can be “trained” to recognise possible threats, and potentially to act on them, but humans will always need to be involved in the process. Eliminating human decision-making from physical security operations has the potential to cause catastrophic incidents, for individuals, businesses and the growth of AI itself. Questions of safety, privacy and personal data security are intrinsic to discussions about AI in security. Yet currently, there seems little in the way of pushback from the

August/September 2021

public. According to Paul Chong, chief executive of Singapore-based security company Certis Group, people trust their information is being collected for the right reason. “So long as people see that their information is not abused, they’d trade it for security, they’d trade it for convenience, they’d trade it for a lot of other things.” The future of ai is now Artificial intelligence has always been a future-based concept. What will it be capable of a year from now, or a decade? IBM’s Deep Blue computer beat chess grandmaster Gary Kasparov in 1997. In 2011 the same company’s question-answering system, Watson, won the quiz show “Jeopardy!”. Ten years on, AI is involved with ever-increasing aspects of our daily lives. We have seen that for the security sector, advances in machine learning are making big changes in the way the industry operates. Advance video analytics is already in practice in many organizations. AI eliminates the need for pre-programmed algorithms, allowing sensor technology available today to capture an incredible amount of metadata in real time. Cameras can specifically identify people and licence plates – information that

can be instantly cross-referenced to alert security personnel of potential threats. Operational efficiency is being increased, as detection systems learn to discount objects and artifacts which do not represent a threat, saving human operators valuable time. Smart security solutions, such as video management systems or networked access control and visitor management can now take the data being collected and correlate it with patterns of behavior for employees and visitors to a facility. Intelligent machines can take over dangerous or routine tasks, keeping security personnel both safer and more productive. AI-driven algorithms can help security officials make split-second decisions in the event of an incident, taking the guesswork out of answering alarms by determining which events require a call to law enforcement and which are false alarms. For all of these advantages, however, it is clear that whatever advances occur in AI, it will never remove the need for human intuition and judgement when making security decisions. People are innately unpredictable. Suspicious people can act innocently, just as innocent people may seem suspicious. It takes human intelligence to tell the difference. NZSM

HeatPro Series brings accurate perimeter defence and fire detection to mass market Hikvision, the IoT solution provider with video as its core competency, announced the launch of HeatPro, a new thermal series of cameras designed to provide affordable all-weather deterrent and alerts. It is especially useful in perimeter protection and fire prevention applications.

The HeatPro Series Cameras feature deep-learning thermal video analytics for perimeter protection, and object temperature measurement and fire detection with real-time alarms. Features like accurate human/vehicle classification, visual and auditory alarms for perimeter protection, and speedy temperature exception alarms for fire prevention make them ideal for SMB (small and midsize business) applications. Perimeter defence with AI When securing a perimeter, higher accuracy and a low false alarm rate can help reduce operation costs. The HeatPro Series achieves this by developing powerful video analytics based on Deep Learning algorithms, radically reducing false alarms. The cameras focus on short-range perimeter protection (0-50 meters), where they deliver target detection and classification. The use of AI means that the cameras can distinguish between a person and a vehicle. This comes in especially useful when the two targets are close together. Traditionally, they

NZSM

Temperature measurement for fire prevention

can only be recognised as one ‘target’, but intelligent algorithms mean that they can be detected separately, increasing accuracy. Thermal cameras are also able to easily locate potential threats in zero visibility conditions, where a conventional camera could not. They do this by detecting the latent radiation emissivity of an object, so not relying on visible light. This means they can operate in all-weather conditions and the darkest night. They also don’t emit light, which means their presence is not obvious, making them useful in scenarios where they need to be hidden. The HeatPro Series is also designed to be efficiently and quickly installed, with a simple, three-step deployment, bringing setup time down to 30 seconds. Traditionally thermal cameras require specialist engineers to configure and double check, takes both extra time and energy. HeatPro cameras have been designed with installation time and effort in mind – they are simpler to install and so installers can spend more time correctly configuring for optimum operations, and the lowest false alarm rate possible.

The HeatPro Series is also equipped with the ability to measure temperature. This process is very useful in a scenario where overheating could lead to fires. The camera can provide non-contact temperature measurement for fast and visible detection. This means that action can be taken earlier, potentially preventing a fire from the very beginning. The camera can trigger a fire alarm faster than a smoke sensor. The temperature measurement function can also be used to help check any potential overheating issue and troubleshoot problems. The series contains a number of different models and options, with bullet and turret forms, and Bi-spectrum or single lenses. The cameras can be built into a number of solutions, for instance seamlessly working with NVRs, AX PRO alarm systems, and even Hik-Connect for real-time mobile alerts by phone. They can be used in various scenarios – not least: residential buildings, offices, construction sites, car parks, retail outlets and warehouses. “Dedicated to bringing professional protection solutions to the mass market, these cameras provide perimeter protection with unparalleled accuracy, and fire detection with superlative sensitivity”, says Stefan Li, Director of Thermal Products at Hikvision. “Hikvision HeatPro Series provides professional protection made simple.”

August/September 2021

strobe

PIR detector camera

siren

AcuSense Live-Guard Solution Secure your property with a versatile and complete security system

Distributed by Australia

www.csd.com.au

Hikvision Oceania

New Zealand

www.nesscorporation.com www.videosecurityproducts.com.au www.atlasgentech.co.nz

www.hikvision.com.au Hotline 09 217 3127 salesnz@hikvision.com www.nfs.co.nz

Hikvision Oceania

PEOPLE IN SECURITY

Exclusive Profile: Alistair Hogg, CEO Aotea Security

Joanna Mathers is a freelance feature writer with years of experience in publishing. She has a particular focus on business and innovation, and also regularly writes for New Zealand Herald’s Canvas magazine.

NZSM

Alistair Hogg, CEO at Aotea Security, is one of the unsung heroes of the New Zealand security industry. With a career spanning decades, he’s worked throughout the industry, and although his company specialises in electronic security, considers himself a “generalist”. Hogg keeps a low profile (and he’s modest about his achievements), but his story is worth telling and likely to offer inspiration to anyone at a crossroads of their career.

Alistair Hogg, CEO at Aotea Security

The beginnings It was a mark of his early promise that Hogg was given the job of operations manager for Armourguard, Dunedin, in 1987, with no private security or general management experience. He was just a month short of his 21st birthday. “I had wanted a career step change, and took the role on the basis that it allowed me to gain some general experience and would help prepare me with a planned further career change within the following two years,” he explains.

These two years would become six: his own growth within the industry mirroring the growth that was occurring in the company. “For all of the positive experiences gained during my time with Armourguard, my initial reaction to onboarding, training, expectations and accepted behaviours were less favourable,” he says. “It’s obvious that Armourguard is a significantly more evolved company now than it was then, and I salute the vision and drive of the company’s leadership over the years in creating the benchmark that the company has become.” Nevertheless, the Armourguard years would see Hogg growing professionally and engage in extensive training in varied roles, and professional development opportunities external to the Armourguard environment”. He explains that these opportunities helped him to create a variety of networks (alongside developing new work skills) and satisfied his hunger for learning and personal and professional challenges.

“Considering Aotea Security’s reach, it’s beginnings were much more humble and as Hogg explains, that humility supports the company and its people still. Perhaps not surprising having spoken with the man himself, who explains that a mix of core work ethic, focus, hunger for experience and learning, combined with the approach of never wasting an opportunity or taking anything for granted, has supported him through the ups and downs of his career and helped him and his team build the company that Aotea has become.”

August/September 2021

“I believe this has made me a better person overall, and without question, has helped me to be a genuine generalist in an industry totally reliant on specialists,” he says. “Having by now developed an interest in Electronic Security, Hogg then then joined local Dunedin business, Southern Alarms Ltd. “It offered practical solutions for clients, at a time when technology in our space had not really caught up with our customers’ needs and wants”. Working as part of a small team, Hogg enjoyed the environment and learnt a lot, particularly around delivering service and giving value. “There was a real family culture within that business and like all families, we enjoyed some good, some not so good, but definitely some interesting times together”.

August/September 2021

With the unexpected demise of Southern Alarms in early 1997, and having by then enjoyed almost 10 years of continuous and varied experience within the broader security industry, He found himself out of a job for the first time in his life. As he explains, “many people have experienced the anxiety of job uncertainty and/or loss of income, and its confronting and sobering in a very real way”. Calling on his varied background and experiences, Hogg secured work as an industry trainer for a fixed period while he embarked on the next stage of his journey. “With no business experience and no money to speak of, we turned adversity into opportunity, backed ourselves and took a risk.”

Aotea Security Ltd was formed out of a mix of necessity and opportunity and they had a clear plan of what they wanted to be, what they wanted to do, and how they wanted to do it.” “Because our ‘why’ was very straightforward (we needed jobs and income), we really focused on the ‘how’ and the ‘who’,” he says. The fresh start was invigorating, but it also carried significant risk. Starting a business is a steep learning curve, and Hogg says there was a “fast-track” period of upskilling and building, both at a company and personal development level. “There were some challenging times to navigate, but as we pushed through the challenges, achieved our goals, enjoyed growth, built our team and of those around us, we could watch the plan coming together in real time as we learnt from our mistakes as much as our successes. There were plenty of both!” he shares. Since the early days, the company has gone from strength to strength. From a team of three based in Dunedin, to a team of 160 people over 18 locations in New Zealand, Aotea Security has come a long way. The company offers a range of services– from CCTV and VMS to bespoke security solutions designed by the company’s innovative design team. Industry insights Over 30 years of experience has given Hogg unique insights into the electronic security sector. He says that the biggest challenge is balancing technology promises and options with the fundamentals that underpin overall security risk management plans and strategies. “Technology offers us a range of tools to treat security risk, but often distract from the core issues and the basics that create the risk in the first place,” he says. “[These issues] might be better managed by attention to the physical environment, improved processes, awareness training, communication, and ultimately the relationship between technology itself and the people it is there to serve as one part of the overall security plan.” NZSM

He says that better and broader education and training, which bridges the gaps between the various sector specialists, would enable the industry to offer better advice and deliver better outcomes. New technologies are appearing all the time and Hogg says that they are driven by their customers when it comes to making decisions around the their needs in this space. “We listen to our customers and ask open questions to understand their wants and needs, and simply have the conversation. Then we do something about it. We build a team of capable, talented clever passionate people who want to make a difference and who see technology as a tool to help make that difference, and empower them to explore options and opportunities.” Hogg says that the they have good critical relationships with their primary manufacturers and suppliers, and share information about needs, wants, barriers, and opportunities. “We essentially have input into product and feature development at the front end, more so than trying to play catch up after the event. I guess it’s a combination of being proactive and empowering people throughout the entire chain to push hard for continuous improvements.” People first Hogg has always put people at the heart of his work vision; and says that as the company has grown, so have the people. “Our mantra is simple: One Company, One Team, One Vision, One Plan,” he shares. “There is no question that our people are our biggest asset and we operate as one team, everywhere we go, wherever we are, and every time.” He believes in a 100% accountability culture, which enables his team to work and build futures together. Aotea Security is an intrinsic part of Hogg’s life. He believes in the balance of work and family, but says that he gets a huge amount of satisfaction from the company he’s helped create.

NZSM

“The amazing people inside of our business create balance both for me and for the company and for that I am immensely grateful.” Innovation and hard work underpin Hogg’s success. He believes that opportunities are created, and tries to be an exemplar for excellence, while helping others along the way. “I created my own opportunities based on the circumstances of the time, as I now try to create opportunities for others. There are many great leaders in our business and there are even more that aren’t yet in our business but may be some day.” Secrets to success • I sought out education and professional development and again. I try to encourage others to do the same. Knowledge, experience and talent, supported by a relentless work ethic, support success and growth. • I worked hard and I trained hard and I studied hard because

that’s what it takes to succeed and to achieve. I am surrounded by younger, smarter people who understand that good things come with hard work and focus. • Personal/professional development opportunities come from a variety of sources, but they don’t get handed on a plate. My advice is to get involved, don’t be a spectator, take some risks, make some mistakes and put yourself out there. Learn from everything you do and never waste an opportunity. • I have had the benefit of a very long list of wise old mentors both inside and outside of our industry and for that I will always be grateful. I freely admit that I’m now old, I don’t claim to be wise, but I love encouraging our people to take risks and developing confidence. • Perhaps what I’m most grateful for, is that someone took a chance on me, and in return, I didn’t waste it, and I never took it for granted.

August/September 2021

i-PRO X SERIES powered by AI

Taking intelligent analytics on the network edge » Maximising network and bandwidth efficiencies » Installs up to three video analytics applications » Designed for third party application development » High endurance, high realiability even in extreme conditions » Five year warranty

AI Privacy Masking Available models: WV-X2571LN 4K outdoor dome camera WV-X2271L 4K indoor dome camera WV-X1571LN 4K box camera

WV-X2551LN 5MP outdoor dome camera WV-X2251L 5MP indoor dome camera WV-X1551LN 5MP box camera

business.panasonic.nz/security-solutions/

FACIAL RECOGNITION

Facial Recognition: Pre-deployment considerations Writing for ASIS International’s Security Technology magazine, Reese Huebsch suggests that improper use of facial recognition technology may increase an organisation’s liability or damage its brand. The use of facial recognition technology as a surveillance tool by the public and private sector is becoming more widespread. Organisations can benefit from reductions in investigation costs, improved incident management, and real time situational awareness.

Reese Huebsch is director of program development at Atriade, a security consulting firm. He has an extensive background in physical security operations, management, process, and technologies.

NZSM

These benefits can mean a reduction in risk to their people, information, and assets. But with the good, comes the bad; potential privacy concerns and the perception by some that facial recognition always delivers a perfect match can lead to the use of erroneous data. Another consequential drawback is the potential of racial bias in algorithms, which may not have been tested with a larger, more diverse population. As with any tool if not developed properly, facial recognition is not likely to be effective. It is critical that users educate themselves and understand the current state of facial recognition as a surveillance tool to ensure its successful deployment and appropriate use. Facial recognition has been used successfully in circumstances where an organisation actively manages access to its space for government, professional, or commercial purposes. Positive results in these areas are driven by effective environmental design, limited obstructions, good camera angles, proper lighting, and controlled checkpoints and

passageways to ensure high-quality surveillance data is collected. Some examples may include airports, arenas, event space, casinos, or a controlled office space. Employees and visitors in these spaces will have a lesser expectation of privacy as they are public in nature and typically have layers of security controls in place. In some cases, people will have gone through a formal verification and enrolment process and provided a credential. During this process, a person’s face may be captured for enrolment purposes. While there are currently no U.S. federal level requirement to notify that surveillance is in place, there may be local or state requirements. These checkpoints and visible controls should set privacy expectations accordingly. Organisations may choose to permit employees or visitors to opt-out or not participate in facial recognition surveillance programs but will need to have a formal process in place to ensure fairness of choice. Successful use cases of facial recognition include identification of banned attendees at events, unauthorised access, and identification of persons in secure areas. While these venues may have a high population of people, they have likely developed good surveillance conditions and usually have numerous other security tools in place to support the operation. Many

August/September 2021

of these factors create favourable conditions to support the success of facial recognition as a surveillance tool. Conversely, without the right conditions, it becomes increasingly difficult for facial recognition technologies to make accurate identifications, leading to false positives or negatives, potential lawsuits, and brand damage. Using facial recognition as a surveillance tool in poor conditions like lowquality lighting or poor visual angles negatively impacts accuracy. Furthermore, use as a mass surveillance solution, gathering images and comparing them with data in databases with millions of images from various sources (frequently social media scrapes or DMV photos), has led to wrongful arrests, high-profile mismatches in the news, distrust of the technology, and damaged reputations. In some instances, local authorities have banned the technology outright. As an organisation weighs the benefits of adding facial recognition technologies to its toolkit, there are important considerations to be made. First, conduct a comprehensive review of the facial recognition tools you are considering. Develop a clear use strategy, including outcomes. Understand the implications of false positives or negatives and what they may mean for individuals, as well as the organisation’s profile. Review with your legal team to understand all applicable privacy and compliance requirements for deployment. This review process will help determine if facial recognition is the right fit for the organization’s culture and provide enough detail for an effective business case to leadership to ensure buy-in and support. As with any purchase, the security team must invest time in selecting a quality product. Understand the history of the products you are evaluating to determine if the manufacturer is invested in the product’s future. Complete a thorough review of software and

hardware in your test environment prior to making any extensive investments. Establish a pilot program with a diverse sample of willing participants who will report on their user experience. Leverage your existing space types to emulate a live environment. Test practical, organisation-specific use cases and common changes in physical appearance—including masks, glasses, and hats—to ensure the product performs as advertised. More advanced scenarios that cannot be easily replicated will need to be researched and tested with the manufacturer. Engage IT stakeholders for infrastructure requirements, including power (PoE, PoE+), cabling, throughput, and access (ports, firewall rules, etc.). Testing should measure impacts on network resources and product performance. Next, create awareness programs so that teams understand how to use the tool most effectively. Identify success and failure criteria, and complete a detailed product scorecard. Review this scorecard with the manufacturer to understand how it will address shortcomings in the product roadmap. As with any technology review, it will be critical to understand information security controls and commitment of the manufacturer to deliver a secure product. Evaluate data protection strategies to understand how information will be stored and encrypted while at rest and during transport. Engage internal teams responsible for technical evaluations of products to ensure a comprehensive risk-based assessment is completed. Develop a clear understanding of how the manufacturer may retain access to data stored in the application. Determine if the product’s information security controls are compliant with your requirements. Build consensus and trust with peer organisations, and get buy-in from communities

through transparency of use and communication of benefits. Acknowledge drawbacks and limit use accordingly. Every community faces its own challenges and gaining buy-in can be tricky; however, presenting the community specific benefits and risks of facial recognition used for surveillance is a good starting point for the conversation. Finally, make sure your environment is right for facial recognition use. Create a detailed environmental and technical design to ensure the product will be successful, including lighting changes, device upgrades, and camera view studies. Plan for these adjustments as part of your facial recognition implementation roadmap and account for them in annual budget cycles or space refreshes. Employers should discuss the privacy implications of adding facial recognition as surveillance with human resources, corporate legal, and other relevant privacy teams to ensure local requirements are met—particularly in multinational organisations with global footprints. Consider the current workplace culture and whether an enhanced facial recognition driven surveillance program aligns with it. In highly secure environments with expansive existing security monitoring, adoption of facial recognition may receive minimal pushback. In organisations with minimal existing security controls, the initiative may meet substantial resistance. Ultimately, organisations and communities will need to weigh the benefits vs. risks and make the decision that is right for them. Facial recognition is a single tool in the security and safety toolbox, and should be used as intended. Proper use may result in risk mitigation, while ineffective use may increase your liability or damage your brand. It is up to the organisation itself to understand the implications and plan appropriately.

August/September 2021

NZSM

Ransomware as a Service (RaaS) threat emerges A new report from Nozomi Networks identifies emergence of Ransomware as a Service (RaaS) gangs cashing in on critical infrastructure organisations, and vulnerabilities in IoT CCTV cameras. Nozomi’s research has found that critical manufacturing vulnerabilities spiked 148% in the first half of 2021, with critical manufacturing the most susceptible industry, while a spotlight on IoT security cameras highlighted how quickly the attack surface is expanding.

“Colonial Pipeline, JBS and the latest Kaseya software supply chain attack are painful lessons that the threat of ransomware attacks is real,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “Security professionals must be armed with network security and visibility solutions that incorporate real time threat intelligence and make it possible to quickly respond with actionable recommendations and plans. Understanding how these criminal organisations work and anticipating future attacks is critical as they defend against this unfortunate new normal.” Nozomi Networks’ latest “OT/IoT Security Report” gives cybersecurity professionals an overview of the OT and IoT threats analysed by the Nozomi Networks Labs security research team. The report found:

NZSM

• Analysis of DarkSide, REvil and Ryuk highlight the growing dominance of RaaS models. • ICS-CERT vulnerabilities increased 44% in the first half of 2021. • Vulnerabilities in the critical manufacturing sector rose 148%. • The top 3 industries affected included critical manufacturing, a grouping identified as multiple industries, and the energy sector. • Software supply chain-related vulnerabilities continue to surface – as do medical device vulnerabilities. With more than a billion CCTV cameras expected to be in production globally this year, insecure IoT security cameras are a growing concern. The report includes an analysis of the Verkada breach and security vulnerabilities in Reolink cameras and ThroughTek software – discovered by Nozomi. “As industrial organisations embrace digital transformation, those with a wait and see mindset are learning the hard way that they weren’t prepared for an attack,” said Nozomi Networks CEO Edgard Capdevielle. “Threats may be on the rise, but technologies and practices to defeat them are available now. We encourage organisations to adopt a post-breach

mindset pre-breach and strengthen their security and operational resiliency before it’s too late.” “In Australia and New Zealand we’ve seen much greater impact in how OT attacks are affecting the lives of people and businesses in a very real way,” said Manager Solutions Delivery and Projects (APAC) for Nozomi Networks Malcolm Bailie. Colonial Pipeline, JBS and Kaseya all happened well away from our shores – yet those attacks would have been an important topic in board rooms here.” “The board room has become very aware of the ease of disruption that a similar industry cyberattack can cause their company. As critical organisations that we rely upon for the economy or critical parts of the supply chain are investing heavily in new digital services, it’s important that the convergence of IT, OT and IoT security risks are clearly understood and mitigated.” Nozomi Networks’ “OT/IoT Security Report” provides security professionals with key insights for re-evaluating risk models and security programs, along with actionable recommendations for securing operational systems. The report focuses on ransomware, new vulnerability disclosures and the security risks of IoT security cameras.

August/September 2021

e c u r i ty I Z

S ’s

ervicing

N Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz

Loktronic for ex-stock availability

mited 30 y Li e

Loktr

y tr s u

ASSA ABLOY: Three Levels of Physical Server Security Businesses, large and small, create data which needs protecting, whether in an onsite server room or co-located at a data centre. When imagining a corporate data breach, people often picture black-hat hackers pursued by cybercrime investigators. The reality is often more mundane: Only around a half of breaches involve hacking, according to a recent report. To ensure maximum security of company servers, ASSA ABLOY recommends three levels of security working together within an integrated access system. In the absence of appropriate physical server security, the mundane can be dangerous — and expensive. Recent research for IBM by the Ponemon Institute estimates the average total cost of a data breach at $3.86 million. According to the same benchmark report, this average is rising, by 6.4 percent in the last year alone. Some of the highest breach costs are borne by companies in Europe, including Germany, France, Italy and the UK. Closer to home, CertNZ reported, in 2020 cyber security incidents caused nearly $17 million of direct financial losses in New Zealand.

NZSM

Such costs can be direct: in business disruption, lost mailing lists or disabled logistics software. Or they can be indirect: an erosion of customer trust and damaged brand equity. Hard-earned goodwill and positive reputations are quickly reversed. Costs also come from fines levied by government and international regulators. As Big Data gets bigger, so does the regulatory landscape for data handling. The most relevant framework for those operating in the EMEA region is the European Union’s General Data Protection Regulation, the GDPR. This wide-ranging data privacy rulebook has been enforced since May 2018. The GDPR requires to protect storage of all personal

information, including customer and employee data. Safeguards must include both electronic and physical barriers to unauthorised access. Three levels of physical security for servers In a security white paper, ASSA ABLOY recommends three levels of security working together within an integrated access system. At the top level, perimeter security ensures only authorised personnel enter a data storage building. Here, door and gate electronic locks with credential readers can work alongside the likes of CCTV and monitored fencing. On level two is the server room access. This can be monitored and controlled with a range of access control door devices with inbuilt credential readers, including Aperio battery-powered escutcheons or complete security locks. Either device integrates seamlessly with access and security management systems from all major manufacturers. At room level, physical security must also include water- and dustproofing, electromagnetic security and protection against other physical threats to servers and data. The third, final level of physical data security is the server rack or cabinet. Server rooms have a steady flow of authorised traffic: cleaners,

August/September 2021

maintenance staff, repair technicians and others. Employee screening cannot be perfect — and accidents happen. Rack or cabinet locking with RFID readers is the last line of defence against a malicious or accidental physical data breach. Responsive rack protection ASSA ABLOY’s Aperio KS100 Server Cabinet Lock adds realtime access control and monitoring to server racks and cabinets. The lock works with an existing or new access control system; compatible credentials employ all standard RFID protocols including iCLASS, MIFARE and DESFire. With the Aperio KS100, users know right away if unauthorised access had even been attempted.

Once installed, KS100 locks integrate with the existing access control system and communicate wirelessly via an Aperio Communications Hub, even if the racks are co-located in a distant data centre. Once online integration with the security admin system is complete, lock access decisions are communicated from and recorded by the software wirelessly. “When Aperio replaces mechanical locking at all three levels of server access control, lost keys no longer compromise data security. Lost credentials are simply deauthorised and a valid replacement issued,” explains Todd Ryan, Electronic Locking Solutions Specialist at ASSA ABLOY Opening Solutions NZ. “The current status of any lock, at any level, is revealed with the click of a mouse. Generating detailed audit trails is straightforward, making the KS100 and other Aperio

wireless locks invaluable for incident investigation.” The right electronic locking keeps customer reputations intact, important data off the Dark Web, and managers on the right side of the multiple data protection regulations, including GDPR. ASSA ABLOY’s free 12-page briefing paper on data centre security can be downloaded on the company’s website. www.assaabloy.co.nz/Aperiopaper

K100 Server Cabinet Lock

August/September 2021

NZSM

Access Control Innovation at your fingertips In the third of our series offering tips on how to get the most out of your security solution we are looking at the latest in access control solutions, the Tecom ChallengerPlus in particular. You would think access control would be a priority for all Business’ premises and that keeping up to date with the latest technology on their first line of defence would be of the utmost importance. What we see is that upgrading access control solutions is a rare occurrence, and you have to wonder why? Is it cost prohibitive? Is it a case of if it ain’t broke….? Or is it simply that the benefits that come with the latest technology solutions in the market have not been explained to them.

ChallengerPlus is an advanced security solution designed for commercial and corporate sectors and is the perfect solution for the security requirements of banks, retail outlets, educational facilities and more. ChallengerPlus is a modular system which can be scaled for almost any application, from small to large commercial installations. With thousands of programmable options, ChallengerPlus has been designed to meet any security and access requirement and can be tailored to a business’ own security policies. Designed and built with the latest technology for superior access control and integrated networking, ChallengerPlus is the result of significant research and development, built on the successful foundations of Challenger10, Challenger V8 and all their peripherals. Are you wondering if you should know more? Are there any upgrade

NZSM

opportunities out there for you with existing customers? We sat down with Patrick Tocher, Tecom Trainer at Hills in Christchurch and quizzed him on the top ten questions security installers are asking about ChallengerPlus, here’s what he had to say.

Hills can supply an upgrade procedure document on request and our technical experts are happy to discuss the process in detail.

Top 10 Q&A on the ChallengerPlus 1. Can I upgrade from my customers V8 System to ChallengerPlus? Yes! Depending on the firmware of your customers existing peripherals (DGPs, Door Controllers, etc.), the upgrade process is a simple one, usually only requiring the swapping out of the main Challenger Board and updating the firmware chip on any connected Intelligent controllers.

No, Upgrading from Challenger10 to ChallengerPlus is only a firmware update. When performing the update CTPlus will also migrate the existing database. This process usually only takes 15-30 minutes. *note: this is dependent on the size of the system. Upgrade process may take longer depending on database size and number of intelligent controllers.

2. Do I need new hardware to go from Challenger10 to ChallengerPlus?

3. Can I program a ChallengerPlus remotely? Yes, with ChallengerPlus you can now program panels remotely using the free Challenger configuration software “CTPlus”. Full remote programming is possible with CTPlus via the Ultrasync secure connection platform allowing you to make changes to a ChallengerPlus system without having to physically visit a site.

August/September 2021

4. Does the Tecom ChallengerPlus have a mobile app? Yes, the new TecomPlus mobile app allows your customers to have control of their alarm anywhere on the world with minimal setup. This feature uses Ultrasync to connect and Push notifications. The app allows both monitoring and control of door access and intrusion events as well as user creation and management. There is no limit on how many people can use the app, however, there is a limit of 8 people that can receive push notifications. This is centrally managed so you can update the users who receive notifications as required.

The UltraSync+™ Cloud

• IPSEC Encrypted VPN • Fully Managed Network • 2N Redundancy

4G/3G Encrypted

• No single point of failure • EN/UL/AS2201 Graded for IP Reporting

Encrypted Over IP

Sensors

Broadband Router

Cameras

Customer Premises

UltraSync Portal

UltraSync+™ App

your monitoring station just like old phone-line based monitoring. 6. Do I need a phone line to access my ChallengerPlus system via Ultrasync? Unlike older systems Ultrasync does not require a phoneline (but does support PSTN if required). For sites without an active internet connection or phoneline, we can supply a 4G communication module that allows full system functionality. It is worth noting that many sites use these 4G modules as a backup communication path in case something happens to their hardwired phone or internet lines. 7. Can Hills supply training?

5. What is Ultrasync? UltraSync is a cloud service that connects everything happening between the installer, central monitoring station, push and mail services management, providers, as well as alarm handling and prevention. This is done using a secured encrypted connection service requiring only an internet connection to the device. There is no charge to use Ultrasync via the TecomPlus app, however when monitoring using Ultrasync you will be charged a fee by

August/September 2021

IPSec

Encrypted Over IP

Encrypted Panel

Encrypted Over IP

Yes, Hills can supply all the training necessary to get up to speed on all Tecom Systems. Hills Certified training is an in-depth hands-on course which shows technicians how to design, program and manage both Intrusion and Access control functions. 8. Can ChallengerPlus automatically arm the alarm if I forget? Yes, there is feature in the ChallengerPlus that allows for timebased arming in the event that the panel was not armed. You can also arm the alarm from your smartphone from anywhere using Ultrasync and the TecomPlus app.

Decrypted over IP

Automation Software

Monitoring Centre

9. Can I use 3rd party card readers and integrate to external systems? Yes, the range of Tecom door controllers can support 3rd party card readers that communicate via Wiegand and OSDP as well as wireless locks such as Sallis by Salto and Aperio by Assa Abloy. In addition, by using our powerful management software, TecomC4, we can connect to many other systems. For more information contact your Hills representative. 10. Are there any limitations on ChallengerPlus? A single ChallengerPlus panel can support up to 65,535 users*, 1008 alarm inputs and 128 doors (with appropriate I/O cards). If more doors or inputs are required, you can create a multi-panel system allowing for massive scaling. *ChallengerPlus supports 2000 users standard and 65,535 with the addition of a memory expansion module. Hills offers training courses for all Tecom solutions including the ChallengerPlus. For information on specific training courses call Hills on 0800 1 HLLLS (0800 144 557) or speak with your local Hills representative who is an expert and will be more than happy to help you better understand the features and benefits of the ChallengerPlus. NZSM

PROTECTIVE SECURITY

Protective Security Requirements Although the Protective Security Requirements (PSR) are designed for use by government agencies, FIRST Security’s Chief Operating Officer Steve Sullivan writes that they are just as relevant for the private sector. When I first came across the expression ‘protective security’, I found it a little curious. Given that the terms ‘protection’ and ‘security’ have a similar – almost interchangeable – meaning, why the need for the double-barrelled terminology?

Prior to joining FIRST Security as its Chief Operations Officer, Steve was General Manager – Regional Operations for Wilson Security, based in Melbourne. His 30 year security career has focussed on leading highly-respected security organisations to improved services, customer service and success.

NZSM

I settled upon a US Department of Defense definition, which described protective security as “the organised system of defensive measures instituted and maintained at all levels within an organisation with the aim of achieving and maintaining security.” The key to this definition is the word ‘defensive’. Protective security measures are specifically defensive in nature, designed to prevent a security breach altogether or otherwise to stop it in progress or minimise the damage. In New Zealand, the Government’s Protective Security Requirements (PSR) provides a framework for thinking about and implementing good protective security. Over in Australia, they use the Protective Security Policy Framework (PSPF), and there are similar frameworks in the UK, US and Canada. Although the PSR is a set of requirements that the Government has of its agencies, it’s also absolutely suitable to private sector organisations. For private companies that are suppliers to government or that are looking to become suppliers to government, I’d suggest that being compliant with the PSR is a very good idea.

August/September 2021

What is the PSR? According to the Government’s PSR website, the PSR is a “policy framework that sets out what your organisation must do to manage security effectively. It also contains best practice guidance you should consider following.” “Effective security,” it states, “enables New Zealand organisations to work together securely in an environment of trust and confidence.” This is a key idea. Being compliant with the PSR is a great benchmark to demonstrate to other organisations – whether they are your customers or in your supply chain – that your organisation has its security act together… that they can be trusted. The PSR’s core policies cover four key areas: security governance, personnel security, information security, and physical security. Let’s take a brief look at each domain: Security governance The PSR contains eight governance requirements which are aimed at ensuring effective oversight and management of all security areas within an organisation, including: • GOV 1 Establish and maintain the right governance • GOV 2 Take a risk-based approach • GOV 3 Prepare for business continuity • GOV 4 Build security awareness • GOV 5 Manage risks when working with others • GOV 6 Manage security incidents • GOV 7 Be able to respond to increased threat levels • GOV 8 Assess your capability

Personnel security Protecting your organisation means ensuring that access to its information and assets is only given to suitable people. In many ways, this is all about managing the ‘insider threat’. The PSR website points out that personnel security measures should start at the pre-employment stage and continue throughout the personnel lifecycle, and it advocates taking a risk-based approach. The four personnel security requirements are: • PERSEC 1 Recruit the right person • PERSEC 2 Ensure their ongoing suitability • PERSEC 3 Manage their departure • PERSEC 4 Manage national security clearances Information security The PSR guidance contains substantial resources on the information security domain, and it’s worthwhile also reading up on the Government’s New Zealand Information Security Manual (NZISM) for further guidance. The PSR covers the security measures your organisation should develop, implement, and review for protecting information from unauthorised use, accidental modification, loss or release. Measures can include establishing an information security culture, developing an information classification policy, and adhering to legal requirements, such as the Privacy Act.

It’s worthwhile noting that according to the PSR, an ‘information asset’ could refer to any form of information, including: printed documents and papers, electronic data, software or ICT systems and networks, intellectual information (knowledge) acquired by individuals, and “physical items from which information regarding design, components or use could be derived.” The four information security requirements are: • INFOSEC 1 Understand what you need to protect • INFOSEC 2 Design your information security • INFOSEC 3 Validate your security measures • INFOSEC 4 Keep your security up to date Physical security “Good physical security,” states the PSR guidance, “supports health and safety standards, and helps your organisation to operate more efficiently and effectively.” Again, the PSR guidance recommends that you take a risk-management approach to working out the right levels of physical protection for your organisation’s people, information, and assets. The four physical security requirements are: • PHYSEC 1 Understand what you need to protect • PHYSEC 2 Design your physical security • PHYSEC 3 Validate your security measures • PHYSEC 4 Keep your security up to date A risk-based approach Ultimately, the extent to which an organisation might adhere to the PSR is dependent upon the protective security risk context that organisation sits in. The greater

NZSM

the risks (or the greater the need to protect), the greater the need for the organisation to have more mature protective security capabilities in place. Earlier this year, FIRST Security was audited by the New Zealand Security Association (NZSA) in relation to our protective security capability, and as a result our level of capability maturity was found to be ‘optimised’ (the highest of the capability levels). This means that we ticked all the relevant mandatory requirements boxes and that, among other things, “long term planning is in place and integrated with business planning to predict and prepare for protective security challenges.” We were obviously pleased with this external assessment of our protective security capability, but at the same time we acknowledge that this is the level that we actually need to be operating at given the relatively high security risk context of many of our customer organisations. According to the NZ Government’s Capability Maturity Model for Protective Security, your maturity targets “must be considered and informed by your organisation’s security context, potential threats, and risk appetite. This approach might drive you to select different maturity targets for different locations, business activities, and dimensions.” In taking this approach, it cautions the reader to be “mindful that broad and disproportionately strong measures are not cost-effective and can impede business functions.” Reflecting good risk management practice, it comes down to the principle that measures should be proportionate to the risk.

August/September 2021

T H E U LT I M A T E E X P E R I E N C E WITH 3 BUDDIES GAME 3 EDEN PARK

TICKETS WORTH

$4K NZ HAVE WON THE CUP 48 TIMES vs AUST 12

WATCH US WIN AGAIN WITH THREE OF YOUR MATES! ULTIMATE PACKAGE INCLUDES: • Pre and post-match corporate hospitality service • Reserved category A or B match tickets • Four course seated meal • Premium beverage service prematch and post match

• Master of Ceremonies, guest speakers and entertainment • Match day programme 1 per 2 guests • Host service

210513 Dahua NZSM v8

To win, spend over $1,000* at Hills New Zealand on Dahua products to be eligible. Competition runs from 1st June to 30th September, 2021

For more information on Dahua and other best-in-class solutions 08001 HILLS (44557) or hills.co.nz Follow us on

Hills Limited NZ

YO U C A N R E LY O N H I L L S Terms and Conditions: Every Hills NZ Limited (“Hills NZ”) customer resident in New Zealand and who spends a minimum of $1,000 excluding GST on Dahua products on a single invoice through the promotion period from Hills NZ, will receive one (1) entry in the prize draw to win four tickets including hospitality to the Bledisloe Cup held at Eden Park in October 2021. The prize is valued at $4,000 including GST (RRP). Win the Ultimate Bledisloe Cup Experience runs between 1 June, 2021 and 30 September 2021 inclusive (“promotion period”). The winner will be drawn on Friday 1st October 2021, at Hills NZ head office in Auckland NZ. The winner will be notified by phone and published online at Hills.co.nz. If tickets are unavailable, Hills NZ reserves the right to substitute with a prize of equal value. Hills NZ reserves the right to change these terms at any time by notice on its website. Please visit the website Hills.co.nz/Bledisloe for full competition details, terms and conditions.

August/September 2021

NZSM

INDUSTRY

NZSA CEO’s July Report In this update, NZSA CEO Gary Morrison talks inclusion of Security Officers on Schedule 1A of the Employment Relations Act, Fair Pay Agreements, Covid-19 vaccinations, licensing for pubs, building consent for access control works, and more.

Gary Morrison is CEO of the New Zealand Security Association (NZSA). A qualified accountant, Gary originally joined Armourguard Security as a junior accountant and held several roles over two decades prior to appointment as GM for New Zealand and Fiji, after which he established Icon Security Group.

Fair Pay Agreements In April this year the Government announced the design of the Fair Pay Agreement (FPA) system. The design was informed by the Fair Pay Agreement Working Group and public consultation, as well as involvement from the NZCTU (representing unions) and Business New Zealand (representing employers and industry sectors). Current planning is that the Bill will be introduced in November of this year and that the first agreement negotiations will be initiated in early 2022. Whilst the detail is yet to be fully announced, it is clear that Security workers will be one of the first sectors to be covered by a FPA and as such, bargaining will be required between Etu (being the union covering security workers) and employers (under co-ordination of the NZSA or an alternate industry body). Again, this will have a significant and far-reaching impact on those providers offering guarding, patrol and cash-in-transit services and it is important that members are kept well informed on developments. We will provide on-going updates as more information becomes available. However, for more detailed background, please refer to our newsletter Important Employment Matters on our website. Covid-19 vaccinations It is apparent that the Government has back-tracked on earlier plans to prioritise the vaccination of essential service workers under a separate

NZSM

Group and vaccinations will be scheduled on the basis of: • Group 1 – Border and Managed Isolation and Quarantine Workers • Group 2 – High-risk frontline workers and people living in highrisk places • Group 3 – People who are at risk (over 65, underlying health issues, disabled, caring for a person with a disability, pregnant or an adult in a custodial setting) • Group 4 – Everyone aged 16 and over We are aware that members are often finding this a difficult area from an employment perspective and offer the following guidance: As a general rule, employers can encourage, but not force staff to receive Covid-19 vaccinations. Employers cannot engage or employ staff without Covid-19 Vaccination to work if: • The work is in specific areas legally requiring Covid-19 vaccination (generally at the border or MIQ); or • It is otherwise unsafe for that person to work due to the level of risk (under the Health and Safety at Work Act). To assess what can/should be done: First Stage: Work Location Where does the employee work? Does the Covid-19 Public Health Response (Vaccinations) Order 2021 apply (this lists who must be vaccinated to work)? Workers at Managed

August/September 2021

Quarantine and Managed Isolation Facilities are unable to work at these sites unless vaccinated. If this does not apply, move to next stage. Second Stage: Role Risk Exposure What are the risks applicable to the specific role? What is the likelihood of a worker being exposed to Covid-19 whilst performing the role; and what are the potential consequences of that exposure on others (e.g. community spread, vulnerable workers)? If the role involves regular contact with vulnerable people (as defined by the MoH), the consequences of passing the virus on to them could be significant, and so if there is a high likelihood that the person performing the role may be exposed to Covid-19, it is likely that the role needs to be performed by a vaccinated person. Third Stage: Other Considerations Take account of other factors. Good faith applies at all stages of the risk assessment. That requires open and responsive communication with the affected workers, and fair process. Any requirement to be vaccinated that is not related to health and safety will not be justified. Care needs to be taken for instance where an employee’s own circumstances/health/beliefs mean they cannot receive the vaccination. In those cases options such as site or role relocation should be explored and balanced against the second stage risk assessment.

August/September 2021

Licensing for pubs, clubs and other licensed premises The PSPLA has recently provided further clarification around the licensing requirements for pubs, clubs and other licensed premises. Section 11 of the Act states a person or entity is only required to hold a licence as a crowd controller if, for valuable consideration, they are carrying on the business of screening entry, keeping order, or removing any person from a place. The fact that a business employs crowd controllers to screen entry and keep order does not in itself mean that a pub or club is carrying on the business of being a crowd controller and critically, where they are not charging another entity for the service (being valuable consideration), a licence is not required. The exception to this would be where a pub or club is using their staff to provide crowd controller duties for other entities and charging for the service. This meets the definition of valuable consideration and the pub or club needs to hold a company licence under the Crowd Controller category. For larger operations that have security departments and recruit and train crowd controllers for deployment at several of their own establishments, it may be arguable whether they are doing it for valuable consideration however it would be best practice for the business to hold a licence under the PSPPI Act. From an individual licence holder perspective, all staff employed as crowd controllers responsible for

screening entry, keeping order and removing a person from a place are required to hold a Certificate of Approval under the Crowd Controller category. Building consent applications for access control works This continues to be a contentious area with councils applying different interpretations and requirements however, the following guidelines were provided by Christchurch City Council with regards to the documentation they require/expect when assessing a building consent discretionary exemption application for proposed access control works: • Plans clearly showing the locations of access-controlled doors. • Specifications of the products being used including specific reference for emergency release and where a fire alarm interconnection is installed. • A detailed statement outlining the contractor’s relevant experience in installing similar systems and their quality assurance and training measures. • Confirmation that on completion the installer will issue a construction statement confirming compliance and indicating the emergency release and fire alarm interconnection (the statement of compliance should reference NZBC C/AS2 (2019) paragraph 3.15.2 and 3.15.7). • Confirmation that on completion the installer will provide asbuilt floor plans confirming the NZSM

locations of installed accesscontrolled doors as per the approval. • Confirmation that photographs of the door installations will be taken and provided to Council on completion. • Confirmation that an IQP, separate from the individual installer, will provide a test and confirmation compliance following the installation. It could be reasonably assumed that similar documentation is required for a building consent application. Please note that this list should not be considered as definitive however it may assist when seeking a consistent and common-sense approach from local councils. Virtual Reality Security Training Platform We are pleased to advise that a handful of providers are now signed up and using the platform for the delivery of their CoA training. Initial feedback from learners and employers has been exceptional and all have commented on the benefit of experiencing real-life scenarios as part of the learning and the positive reinforcement of core skills such as risk assessment, wearing PPE and providing recorded incident reports. For further information on the SkillsVR Security Training platform

NZSM

or to arrange a live or online demonstration, please contact Chris Thomas on 021 771173 or chris@ skillsvr.com. Employment Relations Act changes Government has passed an Order in Council, effective 1 July 2021, that extends Part 6A of Schedule 1A of the Employment Relations Act 2000 to include Security Officers. Effectively this now means that Security Officers, defined as property guards, crowd controllers, mobile security patrols, cash-intransit officers and those who monitor premises on site, are given protections when their employment is impacted by restructuring that results in the contract for service shifting to another provider or taken in-house. In these situations there is an obligation on the new party providing the service to offer employment to the incumbent employees on terms and conditions no less favourable than they currently enjoy. This includes the transfer of leave and service entitlements and also prevents subsequent restructuring such as reduced hours or payments. In general, the new Order does not apply to restructuring situations where agreements were reached between companies before 1 July 2021. The NZSA has documentation available to members to explain and

enable the process for both outgoing and incoming service providers: • NZSA Overview and Definition • NZSA Member Guidance Part 6A • NZSA Part 6A letter for Security Workers • NZSA Part 6A letter for Customers • Part 6A Exempt Employer Repealed letter • NZSA recommended Employee Transfer Information template: – Costs Information • NZSA recommended Employee Transfer Information template: – Individualised Employee Information • NZSA notes to Employee Transfer Information templates To obtain a copy of these documents please email nzsa@ security.org.nz. NZSA webinar on Employment Relations Act changes Andre Reynolds provides insights on the impact of changes to the Employment Relations Act. The NZSA webinar discusses what it means to the security industry and what is required of employers to accommodate the change. This is now available for viewing on the NZSA website www.security.org.nz.

August/September 2021

e c u r i ty I

S ’s

mited 30 y Li e

Loktr

y tr s u

ervicing N

Loktronic for Electric Locking Hardware and Accessories

August/September 2021

Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz

NZSM

INDUSTRY

Crowded Places Security Advisory Group update Formation of the Crowded Places Security Advisory Group (CPSAG) is viewed as a positive step in recognising the contribution of the private security sector to public sector agencies. Subsequent to the release last September of Police’s September 2020, Protecting our Crowded Places from Attack: New Zealand’s Strategy, and following meetings with NZ Police, a Crowded Places Security Special Interest Group (CPSSIG) was established under the NZSA last February.

In accordance with the Crowded Places Strategy, three advisory groups were established: (i) a government Crowded Places Advisory Group New Zealand (CPAGNZ); (ii) a private sector Business Advisory Group New Zealand (BAGNZ); and (ii) a Community Advisory Group New Zealand (CAGNZ). The role of these groups is to contribute insights and ideas relating to crowded places resilience gathered from the sector they represent, and to share appropriate information back to their sectors. As reported in the April issue of NZSM, the NZSA hosted a 23 February meeting attended by Police and a small group of industry representatives to talk crowded places and the potential for industry involvement. While that meeting effectively gave birth to the CPSSIG, Police expressed a view at that point that the security industry not be represented in the BAGNZ due to conflict of interest. Police has since greenlighted the idea of a new advisory group under the Strategy, and now the CPSSIG

NZSM

Sir Ken McKenzie, CPSAG Chair and Head of Security, Health & Safety at Auckland Museum.

has become the CPSAG (Crowded Places Security Advisory Group). Described as a body of experienced security industry specialists, the CPSAG will provide specialist advice and direction in the protection of Crowded Places in line with the Strategy and the government Protective Security Requirements (PSR). According to the group’s chair, Sir Ken McKenzie, “CPSAG is a skilled, experienced and diverse group of industry specialists from across NZ and well known to and respected within the private and public security sphere.” “The formation of CPSAG is a positive step forward in bringing greater recognition to the significant contribution the private security sector provides in supporting the public sector agencies in NZ,” he

told NZSM. “We are committed to delivering robust policy and transparent assurance that the private security sector is equipped and recognised as a credible security delivery partner in these rapidly changing times.” Still in its very early days, the CPSAG will likely focus on areas such as intelligence, threat, vulnerability, critical risks and risk assessment, expanding to include protective security, counter terrorism, crowd control, physical security, security training competencies and associated licensing, security policy, research and development. The Group’s mission is to build stronger private and public partnerships, share information and provide guidance, implementing effective protective security and improving response while increasing resilience. It will partner the BAGNZ and CAGNZ and - via NZ Police – the Counter Threat Assessment Group (CTAG). “We are currently focused on establishing strong relationships within the private and public security sector,” said Sir Ken, “developing specialist competency frameworks to further support and enhance what is already on offer through NZQA with clear paths of learning and development opportunities for those seeking to grow a career in security consulting and a licensing structure that clearly aligns to the competency matrix.”

August/September 2021

INDUSTRY

International Security Officers’ Day – 24/7 24 July saw social media light up for the world’s private security officers on International Security Officers’ Day. According to many posts, the best way to recognise them? Better pay. “International Security Officers’ Day, celebrated on 24 July, is an opportunity to say thank you to Security Officers for keeping us safe 24/7,” wrote NZSA CEO Gary Morrison to Association members. “On behalf of the NZSA team we would like to say a big thank you to all security officers and acknowledge the great work that you do keeping us safe.”

Across the Tasman, the Australian Security Industry Association Limited (ASIAL) posted on LinkedIn: “Every day, our incredible Security Officers protect, assist and guide us towards a safer future. On International Security Officers’ Day, we recognise the incredible work of frontline staff around the country and across the world, and the sacrifices they make.”

“As we begin to bounce back from this crisis, we’d like to extend a special thanks to our cleaners and security workers,” posted the Living Wage Foundation.” Their tireless work has been instrumental in helping businesses and societies reopen, and they are a crucial part of the puzzle as we look to find our new normal.” “As we move forward, we are calling for all cleaners and security staff to receive the real Living Wage, recognising that the hard work they are doing deserves a fair day’s pay.” “For your dedication and commitment every time that you have stood a post, responded to an incident, taken the extra shift because it helped the team, gone the extra mile for a client, assisted a customer to find their way, their belongings or

made them feel safe – for this and all that you do – Thank you,” posted Neonie Colls, Director, Justice and Security Services, G4S “I just want to say a massive thank you to all my staff and contractors for their continued service delivery in what has been a very tough year for all,” posted Richard Short, Managing Director, RS Security Services Limited. “As a company director I have pledged another year to the living wage foundation ensuring our staff are paid a real living wage. We have retained this status since we began trading.” “The private security industry provides guarding and patrol services to governments, businesses, communities and -indirectly - to us all,” ” posted Optic Security Group. “The Security Officers who perform these services play a key role in keeping our streets, venues and public spaces safe. They are usually the first to observe suspicious behaviours, they are often the first to respond to an emergency incident, and they regularly perform outstanding acts.” “Next time you see a Security Officer going about their work, remember that they work long hours, they often get paid minimum wage, and they are regularly maligned in public discourse. They deserve our respect and - on this International Security Officers’ Day - they deserve our collective vote of thanks. Thank you to all Security Officers.”

INDUSTRY

Security: A career to be proud of With nine high school security career events down, and one more to go, the NZSA and Gallagher reflect on recent conversations around the security skills shortage in New Zealand. The New Zealand Security Association (NZSA), its Security Training and Professional Development Special Interest Group, and many of its manufacturer and integrator members have recognised the challenges of low awareness and professional recognition across the security industry – and are working together to address these issues. From Auckland to Porirua, Wellington to Hamilton, Whangārei to Christchurch, and Palmerston North to Rotorua, the NZSA has been all over the country, rolling out the Ministry of Education (MOE) Security Career Events to more than

Brad Small, Regional Sales Manager, Gallagher.

NZSM

300 students across nine schools. With one last MOE-funded event scheduled for South Auckland, the NZSA is exploring options to further develop a sustainable on-going school visit programme. Members of Gallagher’s New Zealand Sales Team have attended five of the nine Security Career Events at high schools across the North Island – sharing their career journey and engaging with students. Recently, Regional Sales Manager, Brad Small, attended an event at Māngere College in South Auckland. “I enjoyed spending time with the students. It was great to see them nodding along as I spoke about the NZ security industry and the vast

opportunities it offers,” Brad said. “It’s predicted that the industry will need 6,000 additional people before the end of 2025, and I hope some of the students we have spoken with over the past couple of months will be part of that influx.” Andrea Charlton, the NZSA’s National Training and Employment Services Manager, has been instrumental in the roll out of these events across the country. “I have enjoyed discussing the diverse career opportunities that exist within the industry, and it’s so rewarding to see the students listening so intently – many just have no idea what our industry does,” said Andrea. “I also appreciated listening to our industry speakers, who have such passion for their careers, and truly inspired students through sharing their personal journeys.” “The SkillsVR Virtual Reality COA Training was also a big hit with the students. It was amazing to see them pick up the headset and controllers and use the technology so naturally. The reactions from students when they are placed into the virtual world is great – they just absolutely love it!” According to Andrea, the reception from those who attended the events was extremely positive. “I was told by numerous careers advisors that the students really enjoyed the events and learnt a lot

August/September 2021

from the industry speakers – with many saying the information shared with students was useful, inspiring, and exactly what they needed to hear. It was these personal career stories, and genuine passion for the industry, that helped stir up interest with tomorrow’s talent.” When asked what is next on the agenda for connecting students to the world of security and helping them understand the career opportunities within the industry, Gary Morrison, NZSA CEO explained that the Association is looking to make this an ongoing area of focus. “We are exploring ways to develop a stronger connection with MOE, school career advisors, and pathway career counsellors, to ensure that security is part of the conversation when school leavers are discussing next steps after secondary education,” said Gary. “We are also focusing on further promotion of the Security Careers Pathways website.”

The Security Career Pathways website, https://securitycareers. co.nz/, is an NZSA initiative that was developed to promote the wide range of security careers on offer in Aotearoa. The security industry is a growing sector with a range of exciting career pathways for individuals to progress through, and the website is designed to illustrate just that. One of New Zealand’s largest security integrators, Aotea Security, is an example of an organisation that has retained many of its technicians for decades. “Aotea Security have a proud history of providing career pathways to our people,” explained Mike McKim, Provincial Manager, Aotea Security. “It is not uncommon to hear our managers reminiscing about the days when they were on the tools as trainees, taking orders from now retired staff. If we do not foster this talent, we cannot expect them to stick around for the opportunities available to them, this goes for all positions in our business.”

“There is too much effort required to continuously fill a bucket with a big hole in the bottom of it, identifying the cracks that lead to holes for both our business and the industry is important to us.” Despite the initiatives being driven by NZSA – including the schools programme, NZ Security Careers Pathways website, and behind-thescenes work with government on qualifications and apprenticeships – there remains much to be done. “I’ve said it before and I will say it again – we all need to work together to help New Zealand understand that security is a lucrative and rewarding career choice,” said Brad. “I’m extremely passionate about our industry, and believe it has a lot to offer both school leavers and people looking for a change in career path. I know there are others who feel the same as me within the industry, so if someone reads this and it resonates, I hope they reach out so we can have a chat.”

INDUSTRY TRAINING

Training and Professional Development SIG update We need to promote the varied careers pathways that exist within the private security industry, writes Andy Gollings, Chairperson of the NZSA Training and Professional Development Special Interest Group and Red Badge Group CEO.

The Security Training and Professional Development Special Interest Group is continuing to look at the needs of the industry, and to help ensure that we continue to have industry training that will shape the workforce of the future.

We have recognised the challenges of low awareness and professional recognition of much of our industry and that the industry needs to work together to address this. It seems that we will all benefit from wider recognition of the range of opportunities within our industry

Andy Gollings, STPDSIG Chair, and CEO, Red Badge Group.

NZSM

that would see people targeting development within our industry into leadership roles, as well as pursuing careers in specialist roles such as Security Technician, Security Integrator, Risk Manager or Project Manager. We have traditionally spoken of our industry as a great pathway into the wider security sector of military, police or prison service. This still holds true, however, we should inspire our current workforce to develop a career within our industry, thereby enhancing the awareness and capability of our own industry. The NZSA has been doing some great work with the Ministry of Education Security Career Events through New Zealand schools and in the development of the Security Career Pathways website. The link to this website is https://securitycareers. co.nz. There is a lot of good information on the site. The NZSA would welcome feedback on the contents and would encourage you to share this and the opportunities within our sector with your workforce and your community. The NZSA and partner SkillsVR are also now using Virtual Reality technology to train and assess the COA Unit Standards, with the VR being able to provide a high standard of simulation of at risk situations,

allowing trainees to feel how they might react in real life. The Skills Organisation has been working hard on the resources for an updated New Zealand Certificate in Security Level 3. This is planned to be available for use by the end of August. This is an exciting new development allowing online learning to a consistent standard anywhere in the country. It has been reported that literacy and numeracy remains a challenge within our industry. This is nothing to be ashamed of, as it is a challenge faced across the New Zealand workforce. To not work towards overcoming or addressing this challenge would be a shame. To this end the Special Interest Group is investigating the viability of a programme designed to support front line leadership understand and work to support the literacy challenges of those within their team. I feel that this is an exciting development as there is nothing more vital to the success of our staff than the capability and understanding of the people that lead them. The NZSA and the Special Interest Group are committed to making a positive difference to our industry and the people that work within it. If you have concerns or need questions answered I invite you to reach out, we are all in this together.

August/September 2021

REACH

NEW HEIGHTS in Professional Excellence

ASIS accredited certifications can help you reach your career goals.

Validates your ability to conduct security investigations through the effective use of surveillance, interviews, and interrogations. Designed for those with 5 years of related experience.

WHY EARN THE PCI DESIGNATION? • Provides independent confirmation of your specialized skills in security investigations • Gain global recognition by your peers and industry • Get a competitive edge in the marketplace • Enhance your career and earnings potential • Enjoy personal satisfaction and professional achievement Be one of the many ASIS board certified practitioners who are leaders, mentors, and trusted strategic partners, serving both their organizations and the profession.

Visit www.asis.org.nz

“PCI is an important element in the ASIS Certification programme, dovetailing into both CPP and PSP for a comprehensive understanding of broader security industry objectives. An effective and reliable investigation depends on objectivity, thoroughness, relevance, accuracy and timeliness. PCI helps identify critical investigative outcomes, including evidence collection, case management, and the process of offender detection, identification, interview and prosecution. Good physical security designs, together with robust policies and procedures are key elements in a successful investigation. The PCI certification provides an insight into how these pieces interrelate." - David Horsburgh, MSc CPP PSP PCI

WHY SHOULD AN EMPLOYER HIRE ASIS CERTIFIED PROFESSIONALS? • B uild a strong, dedicated team committed to high standards and continuing professional development • Promote ongoing education of critical job knowledge and skills • Feel confident that your staff are using best practices • Recruit the most qualified professionals • Reinforce or elevate your organization’s reputation and credibility Increase the competency level of your staff by supporting your security professionals in their certification journey.

AWARDS

IFSEC GLOBAL

INFLUENCERS SECURITY & FIRE 2021

The IFSEC Global Influencers in Security and Fire for 2021 have been revealed, and the good news is that a record six New Zealanders feature among the winners – proof that Aotearoa’s security industry is influencing well above its weight. Yes, it’s that time of year again – awards season! With the 2021 New Zealand Security Awards shortlist due out in early August, and the annual ASIAL awards in play across the Tasman, tuxedos will soon be dusted off in security professionals’ wardrobes across the country. Among the various annual awards programmes, the IFSEC Global Influencers in Security and Fire, awarded annually, is one of the most prestigious, yet perhaps least understood. IFSEC Global Influencers recognises ‘influencers’ in security from around the world. According to IFSEC’s definition, an influencer as a person who: • has played a key role in drivingc technological innovation. • has been a driving force in changing regulation, standards guidance or best practice.

NZSM

• holds insights/opinions that are widely respected and that are influential in shaping debate around industry issues. • has been instrumental in the success of the organisation or business they lead or are employed by. • has helped to raise the industry’s profile or been an influential voice in the national media. Nominations were judged by an international panel of two dozen highly respected judges, including NZSM chief editor Nicholas Dynon, who sought to identify the world’s biggest ‘influencers’. This year, security professionals were recognised across six security categories, including: • Security executives (the senior most official in an enterprise, whose primary duties encompass leading and managing security for the enterprise)

• Security end users (e.g. heads of security, directors of security) • Security manufacturers/vendors/ installers/integrators (those displaying exemplary work in the field of installation or specific projects, as well as technological innovation) • Security thought leadership (e.g. thought leaders, association figures, academics) • Security ‘One to watch’ (championing the sector’s rising stars, nominees should have worked in the industry for no longer than five years) • Cyber security professionals and thought leaders New Zealand winners emerged in the categories of ‘Association Figures, Academics, Thought Leaders’, ‘End Users’ and ‘One to Watch’. In a record showing for Aotearoa, our winners for 2021 are:

August/September 2021

fired up protection LOKTRONIC’s expansive product range has just become even wider with these first class EGRESS and FIRE PROTECTION DEVICES and PROTECTIVE COVERS.

NEW

STI-1130 Ref. 720-102

STI-WRP2-RED-11 IP67 Ref. 720-062R

Surface mount with horn and spacer 255mm H x 179mm W x 135mm D

Also available in White.

STI-RP-WS-11/CN Ref. 720-052W Available in White, Green, Blue & Yellow.

STI-13000-NC Ref. 720-090 Flush mount, no horn 206mm H x 137mm W x 69mm D

STI-RP-GF-11/CN Ref. 720-051G Available in White, Green, Blue & Yellow.

NEW

STI-RP-RS-02/CI

STI-13B10-NW Ref. 720-092 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D

Ref. 720-058 Cover included. Flush Mount Available. • •

STI-1100 Ref. 720-054

•

Flush mount with horn 255mm H x 179mm W x 86mm D

•

• • • • •

STI-6518 Ref. 720-060 Flush mount, no horn 165mm H x 105mm W x 49mm D

STI-13210-NG Ref. 720-093 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D

All STI ‘Stoppers’ are made of tough, UV stabilised polycarbonate. Many can be supplied with or without a 105 dB horn. Other models and sizes available including weather resistant options.

Approved to EN54-11 Current Rating: 3 Amps @ 12-24V DC, 3 Amps @ 125-250V AC Material: Polycarbonate Comes with Clear Cover 2 x SPDT switches Positive activation that mimics the feel of breaking glass. Visible warning flag confirms activation. Simple polycarbonate key to reset operating element - no broken glass. Dimensions: 87mm Length x 87mm Width x 23mm Depth (Flush Mount) & 58mm Depth (Surface Mount)

STI-6255 Ref. 720-042

Mini Theft Stopper discourages inappropriate use of equipment. Sounds a powerful 105 dB warning horn when activated. Tough, ABS construction. Reed switch activation for cabinets and display cases or unique clip activation for freestanding equipment. Does not interfere with use of protected fire fighting equipment. Compact design 85mm H x 85mm W x 25mm D.

STI-6720 Ref. 720-047

Break Glass Stopper. Keys under plexiglas. Protects emergency keys from inappropriate use. Keys remain visible. Fast, easy installation. Simple, inexpensive plexiglas. 3 year guarantee against breakage of the ABS housing within normal use.

NEW

Battery Load Tester Ref. 730-101

Fire Brigade Alarm: (Closed/Open) Ref. 730-231

Anti-Interference Device

ViTECH, strong, lightweight aluminum case, 5, 15 and 30 amp battery load tester for fire and alarm use. Weight: 500gms, Size: 165mm x 90 x 70mm.

ViTECH branded Type X (730-230) and Type Y (illustrated) models with temperature compensated pressure transducers with digital display showing pressures for defect, fire and pump start.

Ref. 730-400 series ViTECH AID for sprinkler valve monitoring; fits all ball valve sizes.

21620/1/18

21620

ViTECH products are designed and produced in New Zealand.

Jennie Vickers (1st – Association figures, academics, thought leaders)

Jennie Vickers has been focused on the Defence sector in Australasia for the last eight years, stepping down as CEO of the New Zealand Defence Industry Association (NZDIA) in April 2021 after four years in the role. During her tenure, she brought the Association into the 21st century and widened its remit to include members from throughout New Zealand’s security sector. As NZDIA CEO, Jennie championed courageous and open conversations between Government

and industry in the defence and security sectors to support better procurement outcomes and more SMEs in supply chains. Apart from significantly increasing the Association’s membership and its links across other industry sectors and internationally, Jennie pioneered the use of made-for-purpose virtual event platforms. This enabled the NZDIA to quickly pivot during COVID to virtual events, which was critical in ensuring that engagement among the NZ national security supply chain continued without missing a beat. It also ensured the successful launch of New Zealand Defence’s Information Domain. Jennie’s leadership and considerable online and cross-sector engagement has been instrumental in raising the profile of the private sector’s contribution to the defence and national security sectors in New Zealand. Now a consultant at Fortinet, Jenny describes her expertise as connecting people, building relationships, influencing, problem solving and supporting better business outcomes. Along with qualifications to practice law (commercial/IT) in

NZ, Australia and UK, Jennie is a WorldCC Fellow, Expert in SRM and CCMP qualified in CCM. As a category 1st place winner, Jennie remains in contention for the Global Influencer of the Year award! The winner of this award will be chosen between the winners of the five IFSEC Global Influencers security categories (not including the ‘One to Watch’ award). A final round of judging will be undertaken by an independent group of judges, after which the Global Influencer of the Year award will be announced live at the Security & Fire Excellence Awards, due to take place in London in November. Gary Morrison (13th – Association figures, academics, thought leaders) Gary Morrison has spent 40 years in the security industry, including running New Zealand’s largest security provider, establishing his own security company and more recently as the CEO for the New Zealand Security Association (NZSA), the industry association for New Zealand’s physical security industry.

NZSA CEO Gary Morrison introduces the Good Practice Guideline at the Securing NZ’s Borders, Facilities and Public Spaces conference in April.

NZSM

August/September 2021

a security guard awards programme to reward guarding excellence in the context of the COVID new normal. In addition to his work with the NZSA, Gary is a long-term ASIS member and in his private capacity sits on the board for a Community Health Trust. Ngaire Kelaher (16th – Association figures, academics, thought leaders)

Since joining the NZSA in early 2016, Gary has been instrumental in resurrecting the association as the voice for the security industry and the catalyst for many positive industry developments. In the last five years, the NZSA’s membership has grown by over 70% and the association has led significant improvements in industry training and standards and developed a Good Practice Guideline that clearly articulates industry best practice. During Gary’s tenure, the NZSA has also developed and introduced a Skills for Industry programme with the New Zealand Ministry of Social Development that supports and encourages those on benefit payments into fulltime employment with NZSA members. This programme has seen in excess of 400 beneficiaries take up full-time employment with NZSA members over the last three years. In the past 12-18 months, Gary has led several transformative initiatives, including the development and introduction of a virtual reality training platform for security guard licensing training; and he has stewarded the industry through the COVID pandemic, which included lobbying government for better recognition of the essential nature of security services, ensuring PPE supply certainty for security providers, and the establishment of

August/September 2021

annual Formal Certification Dinner to recognise and celebrate the achievements of new ASIS Board Certification certificants, and a calendar of frequent webinar and networking events significantly more active than previous years’. Ngaire’s enthusiasm is infectious, and she elicits wide respect due to her own professional example. Ngaire is also a member of the New Zealand Security Association (NZSA), the New Zealand Institute for Professional Investigators (NZIPI), the Security Institute (UK) and the International Foundation for Protection Officers (IFPO). John Battersby (18th – Association figures, academics, thought leaders)

Ngaire Kelaher CPP PSP is the Security Risk and Training Consultant for RISQ New Zealand and Bespoke Security Group. She started her career as a security officer in 1995 and continued to develop into the training sector of the security industry designing, facilitating and assessing various security programmes over the years. Ngaire has been an ASIS International member for just over 15 years, and is the first female in New Zealand to hold two ASIS international Certifications – Certified Protection Professional (CPP),and the Physical Security Professional (PSP). Ngaire is also the first female Chairperson of ASIS New Zealand and has held a variety of roles on the executive committee previously, including Secretary and Deputy Chair. As Chair, Ngaire has over the past 12 months instituted a number of key initiatives, including a Chapter Young Professionals’ Network, an

Dr John Battersby is a Teaching Fellow at the Centre for Defence and Security Studies, Massey University, Wellington, lecturing in Intelligence and Counter Terrorism. John spent a decade as a research historian specialising in military and policing aspects of nineteenth century New Zealand history. In 2005 he took up a law enforcement role, with various duties including time as a police prosecutor and then Practice Leader at the Leadership, Management and Command school at Royal New Zealand Police College. In 2016, John returned to academia as Research Fellow at the Centre for Strategic Studies, Victoria University, Wellington where he commenced research into the impact of terrorism on New Zealand. NZSM

Dr Battersby has been a major voice within New Zealand’s security sector in the wake of the 2019 Christchurch mosque attacks and subsequent roll-out of gun control laws and the publication of the report of the Royal Commission of Inquiry into the mosque attacks. In 2020, he was invited to speak on the opening panel of the hui on Countering Terrorism and Violent Extremism in Christchurch. Importantly, in 2019, Dr Battersby also founded the National Security Journal, a peer reviewed scholarly publication. The journal has in the subsequent 18 months become widely recognised in New Zealand and internationally, providing a vehicle for the showcasing of security related research and the highlighting of important sector trends and issues. This is an achievement of major national significance. John has also published on New Zealand Wars, New Zealand security and the United Nations, and terrorism in Australian and Zealand contexts, and he is a regular contributor to NZSM and Line of Defence Magazine. Andrew Thorburn (2nd – End users)

development consultant with a career that spans both the private and public sectors, he brings over 25 years of security technology and staff services strategy and implementation experience to colleagues and end user clients. Andrew is widely respected within New Zealand’s security industry and has worked hard to promote the participation and successes of women in security and to bridge traditional silos between physical security and information security professionals. He is also pursuing initiatives for the development of culturally aligned sector training for indigenous people. In 2020, Andrew founded the Women in Security Awards Aotearoa, a breakthrough event which recognised leading women in New Zealand’s security industry and government across several categories. The awards generated considerable interest and brought professionals together from across the physical security, cyber security and resilience domains. Andrew regularly contributes to the profession through voluntary sector leadership, development and delivery of subject matter to special interest groups, such as New Zealand Security Association, ISC2 and ASIS International, and contributes thought leadership pieces for industry publications, including NZSM. He is also a steering committee member of the New Zealand Security Sector Network (NZSSN), an organisation promoting cross-sector collaboration between the private sector, academia and government. Andrew is the immediate past ASIS International Chapter 148 Chairperson and the 2018 New Zealand Security Consultant of the Year. Ankita Dhakar (One to Watch)

Andrew D. Thorburn is Enterprise Security & Risk Manager at Atlas Gentech NZ Limited. A highly experienced and commercially astute protective security and organisational

NZSM

In the short time since founding cyber security consultancy Security Lit as its Managing Director in February 2020, Ankita has built a strong team and acquired noteworthy key clients. Her vision is to take Security Lit global and to keep educating businesses and individuals

about cyber security threats and how to protect themselves. Ankita has taken opportunities over the past 12 months to advocate strongly for increased security awareness and an understanding of the human factors driving cyber security outcomes. With Bachelor degrees in commerce and business administration, Ankita learnt about digital security from her previous work experiences. Now at the age of 28, Ankita is helping start-ups and SMEs in NZ and across the globe with security audits and penetration testing services, having teams in Hungary, India and New Zealand. She is also actively promoting cybersecurity awareness in the community and is also trying to get more women in IT security through multiple speaking and writing opportunities at/in sector events/ publications. Her focus for the next growth phase is to reshape the way people think about cyber security in NZ, to keep educating businesses and individuals about cyber security threats and how to protect themselves, and to provide practical ways for implementing a new status quo. Congratulations to our six New Zealand Global Influencers in security! With six awardees out of a total international awardee cohort of 90 across all categories, we can be proud that Aotearoa New Zealand punches well above its weight in international sector influence.

August/September 2021

PACIFIC SECURITY DYNAMICS 31 August - 3 September 2021 PACIFIC SECURITY DYNAMICS This four day course delivers an in-depth and interactive study of comprehensive security challenges and cooperation opportunities in the vast Pacific region which stretches from the Antarctic in the south to the Bering Strait in the north. The course includes presentations by prominent experts from academia and the public/private sector, daily small group deliberations, a concluding tabletop exercise and reflection on applying the learning back in the workplace. Topics will also cover the implications of the Covid-19 pandemic on security and cooperation in the Pacific region.

KEY TOPICS INCLUDE:

LEAD ACADEMIC PRESENTERS AND FACILITATORS Professor Rouben Azizian Dr Anna Powles Dr Germana Nicklin Also presentations by senior diplomatic, New Zealand government, business and civil society representatives.

WHAT: WHEN:

•

sources and factors affecting regional security and stability;

WHERE:

•

key regional actors, their policies and relationships;

PRICE:

•

regional flash points, such as the Korean Peninsula and South China Sea;

•

transnational crime, climate change and resource security;

•

security-trade-development nexus;

•

implications of the New Zealand Government policy “reset” towards the Pacific Islands.

LEARNING OUTCOMES: •

gain comprehensive knowledge of complex regional security challenges and strategic trends;

•

develop New Zealand responses to these challenges and trends.

To register visit: pacificsecuritydynamics.co.nz

CONTACT:

Professional Development Course 31 Aug - 3 Sept 2021 Executive Seminar Suite, Gate A, , Massey University, Wellington Campus $2799 (inc gst) Earlybird - $2519 (inc gst) (until 1 August) Claire Grant c.grant@massey.ac.nz 04 801 5799 extn 63597

CYBER SECURITY

UK NCSC launches zero trust architecture design principles The UK National Cyber Security Centre has just launched its Zero Trust Architecture Design Principles in order to help organisations implement their own zero trust network architecture in an enterprise environment. Launched on 23 July, the principles are intended to help organisations design and review zero trust architectures that meet their needs, and to select which zero trust based services might best support their journey to zero trust. The principles are: 1. Know your architecture, including users, devices, services and data In order to get the benefits from zero trust, you need to know about each component of your architecture. This will allow you to identify where your key resources are, the main risks to your architecture and also avoid any late stage pitfalls integrating legacy services that don’t support zero trust. 2. Know your User, Service and Device identities An identity can represent a user (a human), service (software process) or device. Each should be uniquely identifiable in a zero trust

NZSM

architecture. This is one of the most important factors in deciding whether someone or something should be given access to data or services. 3. Assess your user behaviour, devices and services health User behaviour, and service or device health, are important indicators when looking to establish confidence in the security of your systems, making them important signals for policy engines. Being able to measure user behaviour, device and service health is key in a zero trust architecture. 4. Use policies to authorise requests Each request for data or services should be authorised against a policy. The power of a zero trust architecture comes from the access policies you define. Policies can also help to facilitate risk managed sharing of data or services with guest users or partner organisations. 5. Authenticate & Authorise everywhere Authentication and authorisation decisions should consider multiple signals, such as device location, device health, user identity and status to evaluate the risk associated with the access request. The network should be assumed to be hostile and all connections that access your data or services should be authenticated and authorised.

6. Focus your monitoring on users, devices and services In a zero trust architecture, it is highly likely that your monitoring strategy will change to focus on users, devices and services. Monitoring of their behaviours will help you establish their health. Monitoring should link back to the policies you have set to gain assurance in their configuration. 7. Don’t trust any network, including your own Don’t trust any network between the device and the service it’s accessing, including the local network. Communications over a network, to access data or services, should use a secure transport protocol to gain assurance that your traffic is protected in transit and less susceptible to threats. A zero trust architecture changes the way traditional user protections such as malicious website filtering and phishing protection are implemented, these may need to provided by different solutions in your zero trust architecture. 8. Choose services designed for zero trust Services may not support zero trust and thus may require additional resources to integrate and increase support overhead. In these scenarios it may be prudent to consider alternative products and services that have been designed with zero trust in mind.

August/September 2021

NZ made

SECURITY TECHNOLOGY RELIABILITY

fire door holding

electromagnets 12 & 24 VDC selectable

rea

unb

le b a k

FDH40S

unbreakable universal mounting • Low power consumption - low operating temperature • One product suits floor and wall mounting • Universal armature - offsets to 55º to suit doors opening past 90º • Wall mount extensions available • 12 & 24 VDC selectable • Push off button with no residual magnetism • Oversize armature for easy alignment • Emergency release button • Electroless nickel plated armature and electromagnet • Stainless fastenings • Full local support and back up

10 YEAR GUARANTEE*

Standard, floor mounted, wall to door distance 114mm

Designed, tested and produced in New Zealand to AS4178 A) Wall mounted,126mm extn. tube (overall 202mm) B) Wall mounted, 156mm extn. tube (overall 232mm) C) Wall mounted, 355mm extn. tube (overall 431mm) B)

TEE

Option A – Surface Mounted

AN GUAR

FDH40S/R

Surface and Recess mounting This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting. Option B – Recess Mounted

10 YEAR GUARANTEE*

Satin Aluminium

Gloss Black

Gloss White

For expert advice and assistance with your security locking needs, trust in Loktronic, call us on 0800 367 565

GUARANTEE

*Standard terms & conditions of sale apply.

21556/1/18

NZSM

August/September 2021

New Zealand Security - August-September 2021

Articles inside

Security: A career to be proud of

NZSA CEO’s July Report

Training and Professional Development SIG update

International Security Officers’ Day – 24/7

Crowded Places Security Advisory Group update

Protective Security Requirements

Exclusive Profile: Alistair Hogg, CEO Aotea Security

The future of Artificial Intelligence in Security

ASSA ABLOY: Three Levels of Physical Server Security

Facial Recognition: Pre-deployment considerations

Access Control Innovation at your fingertips

HeatPro Series brings accurate perimeter defence and fire detection to mass market

From the Editor

Ransomware as a Service (RaaS) threat emerges