February/March 2021
New Zealand Security Magazine
Christchurch attacks inquiry
Kendra Ross: Cyber trailblazer
Massey University academic argues history is lost on Christchurch Attacks Royal Commission of Inquiry.
Industry disruptor and 1st Tuesday co-founder on her career and the importance of diversity in cyber.
COVID-19 and bank security
A Trojan on your network?
Report suggests risky times – from terrorist financing to cyberattacks and cryptocurrency concerns.
Solarwinds attack has wreaked immense havoc, and electronic physical security systems are vulnerable.
www.defsec.net.nz
NZ made
SECURITY TECHNOLOGY RELIABILITY
fire door holding
electromagnets 12 & 24 VDC selectable
rea
unb
!
le b a k
FDH40S
unbreakable universal mounting • Low power consumption - low operating temperature • One product suits floor and wall mounting • Universal armature - offsets to 55º to suit doors opening past 90º • Wall mount extensions available • 12 & 24 VDC selectable • Push off button with no residual magnetism • Oversize armature for easy alignment • Emergency release button • Electroless nickel plated armature and electromagnet • Stainless fastenings • Full local support and back up
10 YEAR GUARANTEE*
Standard, floor mounted, wall to door distance 114mm
Designed, tested and produced in New Zealand to AS4178 A) Wall mounted,126mm extn. tube (overall 202mm) B) Wall mounted, 156mm extn. tube (overall 232mm) C) Wall mounted, 355mm extn. tube (overall 431mm) B)
C)
TEE
Option A – Surface Mounted
AN GUAR
FDH40S/R
Surface and Recess mounting This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting. Option B – Recess Mounted
10 YEAR GUARANTEE*
Satin Aluminium
Gloss Black
Gloss White
Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz
For expert advice and assistance with your security locking needs, trust in Loktronic, call us on 0800 367 565
GUARANTEE
*Standard terms & conditions of sale apply.
21556/1/18
A)
is now a premium distributor of
WIN A
WEBER BBQ *
Shimano Softbaiting Combo
To celebrate, Hills and Dahua have put together a very special offer – Simply buy $2,000 worth of Dahua products on one invoice to go in the draw to win a Weber Genesis II E455 Gas BBQ and 2 fishing combos. RRP $4,900.
For entry details see in store or online at www.hills.co.nz Promotion Dates - 1 February 2021 to 30 April 2021
200121 Official Partner NZ A4 v4
Shimano Stickbaiting Combo
P lus g n 2 Fishios Comb
For more information on these and other best-in-class solutions 08001 HILLS (44557) or hills.co.nz Follow us on
|
Hills Limited NZ
YO U C A N R E LY O N H I L L S *Terms & Conditions: Every customer who spends a minimum of $2,000 ex GST on Dahua products on a single invoice from Hills NZ Limited through the promotion period will receive one (1) ticket into the prize draw to win a Weber Genesis II E455 BBQ and Fishing Pack. Win a Weber BBQ promotion runs between 1st February 2021 to 30th April 2021. The total prize is valued up to $4,900 (RRP). Winners will be drawn on Friday 7th May 2021, at Hills NZ Limited head office in Auckland NZ. Winners will be notified by phone and published online at Hills.co.nz. Hills NZ Limited reserves the right to change these terms at any time without notice.
Hills has a DSC alarm solution for DSC PROMO HERE what ever your customer requires. Come in - we have plenty of stock.
CONTENTS ISSN Print 1175-2149 • ISSN Online 2537-8937
14
24
8
40
year 10 guarantee ENJOY a
*
on Loktronic Indoor Electromagnetic Locks!
Industry Associations
www.security.org.nz
www.asis.org.nz
www.masterlocksmiths.com.au
0800 367 565
20851
4
*Standard terms & conditions of sale apply.
From the editor..................................................................................................................................................................................................................................................6 Q&A: History lost on Christchurch Attacks Royal Commission of Inquiry.......................................................................................................................8 Hikvision launches convergent cloud-based security service solution Hik-ProConnect................................................................................... 12 Addressing the home-grown threat.................................................................................................................................................................................................. 14 Digital ID - A revolution in access control....................................................................................................................................................................................... 18 Rise in scams impersonating NZ businesses during COVID-19..........................................................................................................................................20 Leading woman in security keeps Bay of Plenty safe..............................................................................................................................................................22 We need to talk about cybercrime.....................................................................................................................................................................................................23 Women in Security: Cyber trail blazer Kendra Ross................................................................................................................................................................... 24 Is there a trojan on your network?..................................................................................................................................................................................................... 28 Good Practice Guidelines: Accountability and Reporting.....................................................................................................................................................30 NZSA CEO’s January Report..................................................................................................................................................................................................................... 32 Securing our borders, facilities and public spaces....................................................................................................................................................................34 The Rise of Cyber Due Diligence in Deal-Making.......................................................................................................................................................................38 US bank regulator reports key risks and effects of COVID-19..............................................................................................................................................40 Making New Zealand safer for everyone........................................................................................................................................................................................44 Youth Justice Indicators reveal continued fall in youth offending rates....................................................................................................................... 45 Leading economists call on UN to end anonymous companies......................................................................................................................................46
www.loktronic.co.nz
NZSM
www.skills.org.nz
www.nzipi.org.nz
February/March 2021
i-PRO X SERIES powered by AI
Taking intelligent analytics on the network edge » Maximising network and bandwidth efficiencies » Installs up to three video analytics applications » Designed for third party application development » High endurance, high realiability even in extreme conditions » Five year warranty
AI Privacy Masking Available models: WV-X2571LN 4K outdoor dome camera WV-X2271L 4K indoor dome camera WV-X1571LN 4K box camera
WV-X2551LN 5MP outdoor dome camera WV-X2251L 5MP indoor dome camera WV-X1551LN 5MP box camera
business.panasonic.nz/security-solutions/
FROM THE EDITOR Welcome to the February/March 2021 issue of New Zealand Security Magazine! In this issue we focus on the security issues of most concern to banks and financial institutions, with a focus on the security of assets and information in sectors where issues of fraud and data protection loom large. The Financial Markets Authority (FMA) has reported a steep rise in the number of investment scams attempting to impersonate legitimate New Zealand businesses since the emergence of COVID-19. We peer into FMA research that shows one in five New Zealanders have been targeted by investment scams. New Zealand’s fraud landscape is shaped by what’s happening internationally. With the United Nations General Assembly’s Special Session against Corruption to be held mid-year, we feature international efforts to put an end to the abuse perpetrated by anonymous companies and other legal vehicles that facilitate cross-border corruption and other crimes. We also review the US Office of the Comptroller of the Currency’s (OCC) Semiannual Risk Perspective, which reports elevated credit, strategic, operational and compliance risks resulting from economic downturn, malicious cyber activity and altered work environments in the wake of COVID-19. We speak with Massey University’s Dr John Battersby on the Royal Commission of Inquiry into the Christchurch terror attacks. What did the report identify, where are the gaps, will the recommendations enhance the security of New Zealanders, and how will they be implemented by government? Against the backdrop of the Inquiry report, we’re joined by security consultant Marc Collins who writes on the challenges governments face in countering the threats posed by violent extremism while also safeguarding freedoms. Continuing our Women in Security Awards Aotearoa coverage, we profile award-winning cybersecurity trailblazer Kendra Ross and Tauranga-based finalist and security personnel services legend Jill Priest. Some great updates as well from our sponsors and partners on their latest security solutions, including Gallagher’s Digital ID access control solution, Hikvision’s Hik-ProConnect convergent cloud-based security service, and SonicWall threat protection software. There’s plenty more in this February-March issue of NZSM! To ensure you don’t miss out on any of the news and analysis we publish, subscribe to our email newsletters via our website, and follow us on LinkedIn via the address listed on this page. Despite its myriad of challenges, 2020 was a big year for NZSM, with our cutting-edge print content driving a 30 percent increase in visitors to our website – and an over threefold increase in page views. As always, feel free to get in touch to find out about how your business can benefit by being part of New Zealand’s premier security and risk management industry publication in 2021. And, if you’ve got something to write about, we’d like to hear from you! Nicholas Dynon Auckland facebook.com/defsecmedia twitter.com/DefsecNZ linkedin.com/company/ defsec-media-limited Upcoming Issue April / May 21 Government, Transport, Tourism, Access management, IT security threats
6
NZSM
Disclaimer: The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use. Copyright: No article or part thereof may be reproduced without prior consent of the publisher.
NZSM New Zealand Security Magazine
C
M
Y
CM
Nick Dynon Chief Editor
MY
CY
Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security. Prior to NZSM he clocked up over 20 years experience in various border security and military roles.
Contact Details: Nick Dynon, Chief Editor Phone: + 64 (0) 223 663 691 Email: nick@defsec.net.nz Craig Flint, Publisher Phone: + 64 (0) 7 868 2703 Email: craig@defsec.net.nz Postal and delivery address: 27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand
February/March 2021
CMY
K
Q&A: History lost on Christchurch Attacks Royal Commission of Inquiry Massey University intelligence and counter terrorism specialist Dr John Battersby answers our questions on the report of the Royal Commission of Inquiry into the Christchurch terrorist attacks. NZSM: The government has accepted all 44 recommendations of the report of this Royal Commission of Inquiry into the terrorist attacks of 15 March 2019. What, for you, are the standout recommendations?
Dr John Battersby is a Teaching Fellow in the Centre for Defence and Security Studies at Massey University. He is a specialist on terrorism and counter terrorism.
8
NZSM
JB: The government accepted the 44 recommendations ‘in principle’ but the finer detail of what the government’s position is remains to be seen. The report and recommendations, given the budget it had, the resources available to it, and the time it took – was large in volume but less incisive than it could have been, with an almost pro forma set of recommendations often seen in these post event assessments. Of the more insightful observations the Royal Commission made was the lack of centralised and coordinated Counter Terrorism system – some of us had already published critiques of the public, bureaucratic and political disinterest in CT, but the Commission can be credited with casting a light on the need for a better level of coordination among government agencies which looks - from the outside at least - as a disconnected set of mutually exclusive half-formed parts. However, the time-honoured recommendation to create yet another bureaucratic body which would add a further set of barriers
through which information has to pass, and with which responses need to be coordinated, seldom solves the intelligence-sharing and coordination issues so common in this field. Firearms regulations and licensing reform is long overdue. The licensing regime has been under-resourced for decades, and successive governments have shown little concern of the risks of an unregistered and growing national recreational arsenal. The Thorp Inquiry report, which followed the Port Arthur mass shooting in Tasmania in 1996, recommended changes which were ignored; a coroner’s report called for reconsideration of the Thorp report after Jan Molenaar killed a police constable and held police off for three days in 2009. It’s no surprise therefore that our firearms regime features among several recommendations in the Royal Commission’s report. Maybe the government will listen and act this time. I applauded the immediate cessation of over the counter sales of Military Style Semi-Automatics, but I was less sure that the buy-back and amnesty was required, or required so quickly. Those who surrendered their firearms had not done anything wrong and surely there was a way for government and gun owners to explore a solution which did not pitch them against each other.
February/March 2021
bl1a1na A brand of
L1 legrand'
�\!!® (I) Ci),. @w ®-@,., © <D-®- © © ®-@
-\
Our innovative range of Bticino video intercoms have been a quality, reliable product serving commercial and domestic tenants in New Zealand for over 20 years. Introducing Bticino Intercom Systems including optional Wi-Fi [app). This intercom system is not only fast and easy to install, but is robust enough to handle tough conditions; from multi-storey apartment towers including The Antipodean [pictured), to Auckland Hospital and large Aged Care Facilities nation-wide. From a trusted international brand Legrand, the Bticino door entry system features a modern and elegant design, capable of meeting all installation needs. Simple, smart, stylish.
Contact: 0800 34 88 88 l info@incnz.co.nz l www.intercom.co.nz
INNOVATION ENTRAL C
�ci}"'�
Terrorism is the use of violence to influence the political environment inherently connected to a prevailing context– the Royal Commission’s recommendations toward social cohesion (as perfectly reasonable as they may be in themselves) will not socially engineer terrorism out of our society. No amount of policy on social cohesion would have eliminated the risk Timothy McVeigh, Anders Brevik or Brenton Tarrant presented. These men simply absented themselves from their mainstream societies, as terrorist groups and lone actors have always done and will continue to do. NZSM: Where are the gaps and weaknesses? JB: The report uses 15 March 2019 as the baseline event defining current and future terrorism. Given the terms of reference, there was a natural orientation to do this, but the Commissioners should have lifted themselves above it. Brenton Tarrant was an Australian, not a New Zealander, and his ‘radicalisation’ was almost exclusively
10
NZSM
fuelled online through largely US alternative-right, supremacist, and neo-Nazi influences. He was not drawn by any strong, extremist right-wing community here, nor did he find or connect with such a community when he got here. Recommendations on social cohesion may well be taking us into the over-reaction error, common in CT responses – like the gun buyback, applying a cure to everybody because a single individual was sick. Terrorism needs to be understood as a tactic used by those prepared to use violence – it is not defined by their ideological standpoints. The Report asserts an inappropriate amount of security sector resource was given to Islamist extremism – and not enough on Right Wing Extremism, yet its own evidence undermines the assertion. On Pages 400-405 the report cites 9/11 and 32 other international terrorist events as formative in shaping Five Eyes security arrangements between 2001 and 2018. Of these, 24 were militant Islamist attacks killing 4,069 people. Only 6 attacks
listed over the period were carried out by Right Wing extremists, killing 111 people. On this evidence, it is difficult for the Royal Commission observation to stand. A far better approach would have been to argue for a dispensing of labels identifying ideology – people can have a religion and uncompromising views yet be no risk to society. It’s those people who advocate or actively seek to impose their views on the rest of us by threats and acts of violence who pose the risk, and it’s them we need to find a way of focusing our resources on that somehow avoids labelling whole communities as suspects. Some solutions offered here would have been a major benefit because this is no new problem. The experiences of Muslims in the UK after the 7/7 bombings are almost identical to Irish people living in England during the Troubles. NZSM: Are there areas beyond the terms of reference that might have been useful to look at?
February/March 2021
JB: The terms of reference did not require the Royal Commission’s attention on successive government’s lack of attention to administration and resourcing of the Arms Act, or reviewing and amending policy and practice as clear indications of risks presented, as they were with mass shootings at Aramoana, Port Arthur, Raurimu and the Molinaar siege mentioned above. The Royal Commission’s report mentions Operation Eight, but does not discuss it – due it being outside its terms of reference (but were there lessons here that may have been instructive?). Nor is the jaded and disinterested approach successive governments have taken to terrorism legislation since 2001 included in the terms. This is all critical context, and consideration of the last 20 years of the evolution and development of modern terrorism could provide a better foundation for future policy than concentration on a singular event. NZSM: The ‘private sector’ is mentioned eight times among the report’s 44 recommendations. What are your perspectives on where the report sees a role for the private sector, and which elements of the private sector are relevant here? JB: There is a tendency among bureaucrats and politicians to believe they solve problems by appointing people at the top, when often the genuine work is done on the ground where people talk with each other and observe things. In 1975 it was a simple burglar alarm that alerted police to three men attempting to break into the Horokiwi Quarry north of Wellington. Police responded and caught them – the men later admitted they were going steal gelignite to blow up an overseas diplomatic mission in Wellington. In 1985 it was a sharp-eyed travel agent who spotted passport irregularities that led to the arrest of two DGSE agents involved in the bombing of the Rainbow Warrior.
February/March 2021
Throughout the Northern Irish Troubles, or terrorist endeavours of the Weather Underground in the US, or the Baader Meinhoff Gang in Europe, it was often observant security guards, curious members of the public or police constables who noticed something out of place – and acted, preventing devastating events from occurring. New Zealand overall has a lazy, complacent and very poor attitude to the risks that geopolitical changes, organised crime, cyberspace, climate change and terrorism will have on us, and while we certainly need leadership and direction in higher places, we all seem to think that security precautions are inconvenient and unnecessary. This mindset has to change. What we actually need is a better understanding of security in general, a holistic approach to all risks, a better integration of public and private security approaches – and a genuine understanding that the little person actually matters. You ask which elements are relevant to the private sector, I’m going to ask which elements aren’t? NZSM: What are your thoughts on the ability of government to effectively implement the report’s recommendations? JB: The government needs to carefully consider which of the recommendations will actually genuinely make a difference. New Zealand has a terrorism history since 1968 of less severity and less frequency than many other countries, a lack of sequenced or organised terrorist violence and a pattern of intermittent and unconnected lone actors, often not linked to any overseas influence and usually failing to stimulate any following. Clear and sensible arms regulations reform should, and I expect will, happen, but the broader based recommendations of social cohesion and coordinated government approaches may struggle to gain traction. The problem is New Zealand
has no clear terrorism risk – it has a potted history of one-time-only lone actors committing one-time-only acts. We also seem to have had a small number of wannabe actors, exhibiting desires to carry out acts of terrorism, but either being careless or incapable of actually doing so before being identified and caught by police. This creates a very difficult environment in which the government and security agencies need to tread carefully, avoiding our old complacency but at the same time not overstepping the mark of a proportionate and effective response. NZSM: Will New Zealand be safer as a result? JB: Frankly, I do not believe we are in any greater danger of a terrorist attack now than we were before. Although, to be sure, we were always at greater risk before than most people realised. Terrorism risk will not remain static, and is connected to political context. International terrorism trends need to be monitored because cyberspace connects us to everywhere else. Cyber activated and mobilised lone actors driven by one ideology or conspiracy theory or another may emerge at any time – we will see the idiots coming, but the genuinely careful planners and security conscious lone actors we can never be certain to catch. Old leftist causes have long since died, but inactivity on climate change may well see increasing activism from the left that will drift toward violence to stimulate change, and more nuanced issues such as 1080 or our race relations may undulate as they have in the past. Overall impetus to any one, or to all of these, could be derived from increasing economic disparity as New Zealand continues its failure to control living costs, fix regional disparities in opportunities and tolerates out of control house prices that threaten to make our children a generation of tenants. New Zealand will only ever be as safe as our caution and consideration of possible risks allow it to be.
NZSM
11
SECURITY SOLUTION
Hikvision launches convergent cloud-based security service solution Hik-ProConnect Hikvision, an IoT solution provider with video as its core competency, has launched Hik-ProConnect, a convergent, cloud-based security service solution with a suite of signature features and benefits.
C
M
Y
CM
MY
CY
CMY
K
With Hik-ProConnect, users can converge Hikvision devices to cover video, intrusion, access control, intercom, and more to address their security needs. Users can also authorise their professional security advisors to complete necessary system management, such as remote system health checks and maintenance. “Today, millions of devices are being connected into networks, including cameras and other security equipment, making them parts of the IoT world. We believe the security industry is ready for a new type of cloud-based systems and services,” said Frank Zhang, President of the International Product and Solution Center at Hikvision, “Hik-ProConnect addresses the needs of today’s security market, offering cuttingedge technologies, convergence, and straightforward system configuration and service delivery, greatly boosting users’ security capabilities and providing increased efficiency and peace of mind.” Hik-ProConnect delivers numerous benefits to users, including: • Reduced costs – Because the system is cloud-based, it can be deployed on-demand, with no server or local
12
NZSM
VMS needed, which means no large upfront investment. Through the Hik-ProConnect’s unified web portal, devices can be added in batches and configured quickly, reducing installation time and costs. • Continuous system up-time – Users who incorporate and authorise Remote System Management and Health Monitoring will enjoy an always-on system supported by their professional security advisors. The Hik-ProConnect portal can identify and resolve device failures, communications loss, and other issues remotely and efficiently; users are automatically notified of the latest updates on their mobile devices. • Flexible linkage across devices – HikProConnect brings disparate devices together to increase security as a whole, expanding both performance and value for users. This goes above and beyond conventional systems made up of disparate elements. Integration of devices provides users with flexible methods for setting rules for event types, time schedules, and triggered actions. Examples of device
linkage include merging intercom calls and intrusion or access events with video verification. The result is a solution that improves situational awareness and thus enhances safety for people and property. • Easy access using mobile devices – Users can access and manage their connected devices with one login and on one platform from anywhere, at any time. The solution supports both web-based portal and mobile app. • Guaranteed system security – HikProConnect employs industryleading standards and protocols for maximum security and reliability. This includes the TLS protocol for private and secure data transmission, a user-defined AES encryption key for stream encryption, and more. Hik-ProConnect is an ideal solution for small and medium-sized businesses and residential applications including, for example, apartments, family homes, factories, chain stores, and offices. For further information on Hik-ProConnect, please visit www.hikvision.co.nz.
February/March 2021
R
Convergent security service solution E n e r g i ze yo u r b u s i n e s s with
added efficiency and peace of mind
Enables remote maintenance,
proactive status monitoring
and services to enhance your efficiency
14
Addresses your customer needs with converged physical
25 Add Device
security devices
Add Linkage Rule
Expands your businesses by creating subscription plans
for recurring revenue
Scan and register on
Portal
Scan and download the
App
Distributed by Australia
www.csd.com.au
R
New Zealand
www.nesscorporation.com www.videosecurityproducts.com.au www.atlasgentech.co.nz
Hikvision Oceania
www.nfs.co.nz
www.hikvision.com.au Hotline 09 217 3127 salesnz@hikvision.com Follow us on |
Addressing the home-grown threat With recent terrorist attacks in the West ‘home-grown’, Wellington based Security Consultant Marc Collins explains how governments might go about countering the threat whilst preserving freedoms.
According to the Department of Homeland Security’s (DHS) Strategic Framework for Countering Terrorism and Targeted Violence, the US is facing a growing threat from ‘home-grown’ terrorism. Domestic threat actors often plan and carry out their acts of violence alone and with little apparent warning, in ways that limit the effectiveness of traditional law enforcement investigation and disruption methods.
Marc Collins CSyP is Director of Straif Security Specialists. He has 35 years of security and intelligence experience in military, government and private sector roles.
14
NZSM
The Australian Security Intelligence Organisation (ASIO) in its annual threat assessment in March 2020, issued a warning that right-wing groups are more organised than in previous years. “In Australia, the extreme right-wing threat is real, and it is growing. In suburbs around Australia, small cells regularly meet to salute Nazi flags, inspect weapons, train in combat and share their hateful ideology.” Technology plays a critical role in facilitating the spread, evolution and interaction of violent ideologies and narratives of personal grievances, and the subsequent security implications, are recognised. For some time in the US, there has been a move towards recognising terrorism and targeted violence as intertwined and interrelated, and the DHS national-level strategy explicitly
states that terrorism and targeted violence overlap, intersect and interact as problems, and that they necessitate a shared set of solutions. Guiding principles in countering the ‘home-grown’ threat Defending borders is necessary to prevent foreign terrorists and other hostile actors from entering the country. Border security, however, cannot stop violence originating from within the country. Governments must therefore focus on empowering and equipping agencies and the public with prevention strategies and capabilities. Prevention efforts must be multidisciplinary and include enhanced whole-of-society partnerships with mental health professionals, social service providers, and civil society in order to provide “off-ramps” away from terrorism and targeted violence. The DHS details five guiding principles for operationalising countering terrorism plans, all of which are relevant to other governments facing similar challenges: 1. Understanding and adapting to the threat environment A government’s capacity to respond to terrorism and targeted violence depends on its ability to understand the evolving threat environment, and
February/March 2021
to adapt to it. Intelligence priorities and capabilities must adapt to the new security landscapes and craft innovative responses. Prior to the Christchurch Mosque attack, carried out in March 2019 by an Australian-born white supremacist, New Zealand’s assessed level of threat from a terrorist attack was Low (an attack is assessed as possible but is not expected). It was assessed that an attack would most likely be carried out by Islamic extremists or their affiliates, including a small number of ‘foreign fighters’ who had returned from the Middle East, and the intelligence services were monitoring up to 40 New Zealanders on a government watch list. The threat from domestic extremists was assessed as Very Low (an attack is assessed as unlikely). Prior to the attack, the New Zealand Intelligence Community’s security settings were focused on a fairly narrow part of the threat spectrum. The Intelligence Community, which is understandably limited in terms of resource and capability, had not made one specific mention of the threat posed by white supremacists or right-wing nationalism in the last ten years.
February/March 2021
It has also been evident that the Mosque attacks have raised important questions about what happened in the lead-up to that day and the performance of state sector agencies, many of which were captured in the report of the Royal Commission of Inquiry into the attacks published 08 December 2020. The report focused on the actions of the attacker, the actions of relevant Public sector agencies and any changes that could prevent such terrorist attacks in the future. Making 44 recommendations around four themes: (i) the requirement for strong government leadership and direction; (ii) a need for engaged and accountable government decisionmaking; (iii) the role that everyone plays in making New Zealand safe and inclusive; and (iv) the need for fit for purpose laws and policies. In the New Zealand Security Intelligence Service Annual Report 2019, the threat from terrorism, and home-grown violent extremism, was included in the list of National Intelligence Priorities. This demonstrated a subtle change in mindset post-Christchurch and a more realistic understanding of the wider spectrum of threats, including the threat from ‘home-grown’ violent extremist actors.
2. Understanding technology and its malicious use Terrorists and violent extremists have proven adept at exploiting the internet’s potential, leading to changes in target selection and modus operandi. These so called ‘Gen Y Terrorists’ have a desire for instant gratification, meaning they are more likely to carry out low capability or less-sophisticated attacks that require minimal training and planning, such as active shooter attacks, and as a result become much harder to detect and prevent. Online extremist communities lionise attackers, encouraging others to follow in their footsteps, and the online space has made attackers more operationally competent, as they use the Web to glean technical information for their attacks. The widespread adoption of social media, development of the ‘dark web’, and the proliferation of encryption and anonymising technology has helped people to view themselves as part of global communities that transcend national borders. They provide users with a sense of intimacy with others half a world away and emboldens the adoption of identities or causes that may once have been obscure, marginalised, or otherwise unknown.
NZSM
15
As part of the strategy to counter the threat, governments must understand technological advances that attackers will employ, and should: • conduct risk-based assessments of these advances • examine the promise and peril of emerging technologies, including unmanned systems, such as drones • work closely with the private sector, including Internet Service Providers and social media companies, to address the spread of violent extremist content on their platforms • encourage the sector to help inform the public of the risks associated with the spread of violent extremist ideology • participate in and contribute to prevention and resilience efforts. 3. Collaboration between agencies Multiple layers of security and intelligence can provide awareness of hostile threat actors long before they attempt an attack. However, ‘home-grown’ threat actors pose a particular challenge as they tend
16
NZSM
to operate alone, with little or no communication regarding their intention and capability to cause harm. They do sometimes leave a trail of pre-attack activities, such as target reconnaissance, overseas travel and social media exchanges, which if collected and collated centrally, could indicate a cause for concern and warrant proactive action. The sharing of information between agencies and, where appropriate, private sector partners, is a key element of any government’s strategy to counter the threat from home-grown actors. The gathering and sharing of Suspicious Activity Reporting (SAR), and the need to establish robust standards for gathering, documenting, processing, analysing and sharing of terrorismrelated SAR information, are central to this strategy. The development of a Fusion Centre can also play a critical role in collaboration and information sharing efforts, as this becomes the central repository for all threat-related information, increasing the likelihood that ‘dots can be joined together’ to form a pre-emptive picture of an emerging threat.
4. Whole of society approach Working closely with academia, mental health professionals, educators, and faith leaders is crucial in order to better understand the threats faced and to develop strategies to address them. To enhance the efficacy of prevention programmes, governments and state sector agencies need to take a whole-of-society approach working with stakeholders to employ strategic frameworks that integrate various programmes to increase community resilience and reduce the number of individuals exposed to violent extremism, while identifying with individuals (‘offramping’) before violent or criminal acts occur. This approach recognises that peers are best positioned to notice individuals exhibiting signs of radicalisation to violent extremism and mobilisation to violence. Awareness briefings, engagement strategies and outreach efforts are required across the widest crosssection of society, explaining what to look for and how to respond if an individual is mobilising to violence. Denmark’s de-radicalisation strategy, known as the Aarhus
February/March 2021
Flowers and Candles at the Hanau shooting site, Germany, February 2020.
Model, is a globally renowned whole-of-society approach. The programme is based on holistic collaborative efforts between various public, private and people sectors agencies and has gained global attention due to its ‘soft’ approach towards home-grown extremists, in contrast to many Western countries programmes which involve detention and incarceration. The Danish de-radicalisation model is composed of an assortment of multiple agencies and has its roots in a broader approach to crime prevention in Danish society. The programme comprises three main guiding principles: • inclusion rather than stigmatisation or exclusion • strong collaboration between the various private sector bodies, institutions and government agencies • importance of a scientific foundation for the deradicalisation programme. 5. Upholding civil rights Any strategy to counter the threat from ‘home-grown’ actors must respect and protect national values,
February/March 2021
including the prioritisation and protection of civil rights, civil liberties and individual privacy. Governments and agencies must uphold the rule of law and earn and maintain the trust of the public. Domestic terrorism and ‘homegrown’ violent extremism are inherently tied to ideas and ideologies. Planning or committing acts of violence is a crime, while expressing or holding radical or extreme views is part of civil freedom. Any government must take care while addressing the scourge of violence, to avoid stigmatising populations, infringing on constitutional rights, or attempting to police what the public should think. Additionally, how terrorism and targeted violence is identified and detected requires faithful adherence to fair information practice principles and privacy-focused agency policies. Agencies must consistently incorporate privacy protections in all they do, ensuring they consistently work within the parameters of their operational remit and in adherence to the legal framework within which they operate.
Conclusions ‘Home-grown’ terrorist and violent extremist attacks are on the increase. They present a different set of challenges to governments and agencies by limiting the effectiveness of traditional law enforcement investigation and disruption methods. In order to counter this ever-evolving threat, governments, Intelligence Communities and state sector agencies need to work collectively to understand and adapt to the changing threat environment. They must also understand the role that technology plays and how it can be used or misused for malicious purposes, collaborating together and sharing threat-related information whilst adhering to robust information sharing protocols in order to establish a whole-of-society approach through multi-stakeholder prevention strategies and programmes. Most importantly, any strategy must also strike a balance between the secrecy necessary to operate effectively, the public’s expectations of accountability and transparency, and the legal framework they operate within. The protection of privacy, civil rights and civil liberties will remain a constant challenge.
NZSM
17
ACCESS CONTROL
Digital ID - A revolution in access control With streamlined remote provisioning, Gallagher’s Digital ID access control solution makes for an improved experience – both for credential managers and users. Access cards are a reliable solution when managing site access for personnel, and they remain a popular method across numerous industries. However, as our world becomes more digitalised, the demand for photo identification alternatives grows, and so do the benefits that come with it. Digital identification is proving to be transforming the way in which businesses manage access control. Through smart, flexible technology, even the most complex of sites can securely issue mobile credentials for their staff, contractors, and visitors. Access control solutions like Gallagher’s Digital ID remove the inconvenience of issuing physical photo ID cards, instead providing a secure, on-phone and digital alternative through Gallagher Mobile Connect. Digital ID streamlines ID provisioning with the ability
18
NZSM
to issue and revoke IDs remotely, while real-time updates through the Command Centre software keep IDs permanently up to date. This is an ideal feature for sites that require the management of credential verification for temporary contractors and visitors, as remote provisioning allows access credentials and Digital IDs to be set up in advance of a user visiting a site and can be disestablished as and when required. A university campus, for example, has the considerable task of managing the access control of thousands of students, including an influx of new starters and leavers each semester. Having a digitalised system with remote provisioning makes for an improved student experience – eliminating the long queues at the enrolment office that come with issuing a physical ID card. Users can store multiple Digital ID cards in Mobile Connect. Continuing with the example of universities, this means students can store ID and access cards for campus buildings, student accommodation, the library, the university gym, and more, all in one location on their mobile device. Beyond convenience, utilising digital photo ID solutions provide wider advantages for organisations. Removing physical cards eliminates the creation of new, or replacement of lost, stolen, or expired, plastic ID cards, not only reducing costs but also lowering their environmental impact.
“The use of digital access control credentials removes the need for standard plastic ID cards, which are made from durable, non-renewable materials, and are usually discarded at the end of their life cycle.” says Trish Thompson, Product Strategist for Gallagher’s security division. “It’s great to have alternatives which are just as effective, but also better for the environment.” Once approved users are set up with their Digital ID, it also provides the ability to set up streamlined communication channels. Through Gallagher’s Mobile Connect, push notifications can be sent to users to communicate important information with immediacy, ideal in emergency situations. To learn more about how you can revolutionise your access control and improve your efficiency, visit security. gallagher.com.
February/March 2021
™
Talk to our team today security.gallagher.com
sales.nz@security.gallagher.com
07 838 9800
Rise in scams impersonating NZ businesses during COVID-19 Financial regulator reports increase in investment scams involving unlawful use of legitimate business details and fake websites and social media accounts. The Financial Markets Authority (FMA) has reported a steep rise in the number of investment scams attempting to impersonate legitimate New Zealand businesses since the emergence of COVID-19. According to an FMA media release, the regulator’s research has also shown one in five New Zealanders have been targeted by investment scams. From 1 April to 5 November 2020, the FMA issued 61 warnings about investment scams. 34 percent of these related to impostor scams, where the names and details of legitimate businesses are unlawfully used by scammers to trick investors, such as fake websites or social media accounts.
By comparison, in the same timeframe during 2019, the FMA issued 40 warnings, of which only ten percent related to impostor scams. The regulator is warning New Zealanders to be on the lookout for signs of such scams, which could include overseas phone numbers or addresses being mixed up with New Zealand contact details, or the website domain name not matching the content of the website. Other red flags include the promise of high returns and ambiguity about what is being offered., bearing out the saying that looks too good to be true generally tends not to be. According to Liam Mason, FMA Director of Regulation, warnings
about scams and fraud have been a priority for the regulator throughout COVID-19, as consumers may be more susceptible to seeking high return investments in uncertain economic conditions. “We’re constantly vigilant about the scams that are targeting New Zealanders but it’s like cutting the head off a hydra – two more will pop up in its place. You can never stop or warn about them all and they often operate outside our reach, especially overseas,” Mr Mason said. “The best solution is for New Zealanders to be inherently sceptical of any investment opportunity that seems too good to be true and to do a bit of background research if there are any red flags. “In the past, scammers have attempted to exploit New Zealand’s image as a well-regulated market but these impostor scammers seem to be more sophisticated and could be due to growth of online commerce due to COVID-19. There’s a lot of public information available regarding the registration of New Zealand businesses, which is important for our transparency, but scammers may try to exploit this.” Christchurch investment firm impersonated GRC Investments Limited, a private investment company based in Christchurch, is one of the New
20
NZSM
February/March 2021
Flags that could point to an imposter website A vauge promise
Big returns A call to action
Email us right now Incorrect New Zealand phone numbers, addresses or url’s 007 4967 5468 7987 • Ulitsa Fedorova, 19, Podolsk, Russia Zealand businesses that scammers have sought to exploit. The FMA issued a warning in September that an investment scam appeared to be operating under a similar name – G.R.C Trustee. G.R.C Trustee’s website falsely claimed it was owned, operated and regulated in New Zealand, and gave the same Christchurch address as the New Zealand business. It even linked to a copy of GRC Investments Ltd’s Certificate of Incorporation, to further fool investors. In actuality, GRC Investments had nothing to do with the impostor and never sought public investors. It was solely used for private investing by its owner, Garry Carleton. Mr Carleton was first made aware of the impersonation when the FMA contacted him. “I was annoyed and worried when I first found out,” said Mr Carleton. “Annoyed that investors’ money could be stolen and concerned that somebody might turn up on my doorstep and threaten my family if we didn’t pay what they’d lost to the scammers.” “Initially I felt powerless to do anything, but then I remembered the Companies Office has added optional fields to their website that let me to add extra details about my company. I’ve used those to add a warning about the scam, should anybody look up my company.”
February/March 2021
“Sure enough, as soon as I did this, the scammers’ website stopped linking to my company’s entry on the Companies Office website.” “I’m now looking at updating my other companies’ details, to advise that they are private companies not dealing with the public.” He recommends other companies do the same, and is in no doubt why such scammers are stealing Kiwi companies’ identities. “We have a good reputation because the vast majority of our businesses operate honestly and responsibly,” he suggested. “The scammers are simply abusing that to steal other peoples’ money.” Who scammers target and how More than one in five Kiwis have been approached about a potential investment scam in the past, according to supplementary questions in the FMA’s annual Investor Confidence Survey. Men were significantly more likely to be approached than women (27 percent versus 18 percent) and onethird of those aged 70 or over have been approached. Cryptocurrency was the most common type of investment scam, which nearly half of those targeted had been approached about. This was followed by investment software packages and seminars, and shares.
bigreturns.co.ru Scammers use a variety of channels to approach people, but email was found to be the most prominent method (41 percent), followed by social media (26 percent) and over the phone (24 percent). What consumers/investors can do: • Don’t use contact details from the website. Find the company’s phone number or email address from an independent source, such as a directory, and contact the business directly • Check any claims of being licensed or registered in NZ. • Check the domain name, which can be done via dnc.org.nz for .nz domain names and ICANN’s WHOIS service for .com domain names What businesses can do: • Issue direct and public communications to clients/ customers warning your business is being impersonated (e.g. posting on your social media pages) • Report the case to a relevant government agency (e.g. FMA, CERT) • Update your business’ details on Companies Office or the FSPR to warn about the scammers More information about investment scams can be found on the FMA website, www.fma.govt.nz.
NZSM
21
WOMEN IN SECURITY
Leading woman in security keeps Bay of Plenty safe Selected as a finalist in the inaugural Women in Security Awards Aotearoa, Tauranga-based security personnel manager Jill Priest combines trade mastery with inspiring leadership. A popular Women in Security Awards Aotearoa finalist, the December announcement of Jill Priest’s achievement was met with a tide of social media approval from her fellow security officer colleagues. The new awards programme, which featured in the DecemberJanuary issue of NZSM, was established to recognise women who have advanced the New Zealand security industry. The awards attracted nominations in seven categories from across physical and cyber security occupations and from both the private and public sectors. As FIRST Security’s Client Services Manager for the Bay of Plenty, Jill has responsibility for over 70 staff throughout the Bay of Plenty, Coromandel, and the Hawkes Bay and Gisborne areas. “Jill’s a hard worker and honest as the day is long,” said FIRST’s Wellington-based Senior Account Manager Natasha Pennell. “She is a straight shooter and won’t beat around the bush when it comes to getting the job done. Jill lives and breathes security. She is involved in every aspect of it.” According to her colleagues, Jill leads by example and from the front. One minute she’s in the office dealing with a management issue, and the next she’s in a patrol vehicle responding to an alarm or noise
22
NZSM
Jill Priest, was selected as a finalist in the inaugural Women in Security Awards Aotearoa
control complaint, or rounding up an ‘offender’ on animal control duties. “Jill gives a human face and formidable personality to security, and this combined with a mastery of her trade makes her a truly inspiring leader to her teams of security and regulatory enforcement officers.” According to Natasha, Jill is a prime example of an individual who has excelled in security from the ground up.
Getting her start at FIRST Security in 2011, Jill cut her teeth as a CCTV Operator before gaining experience as a static guard at Toi Ohomai Institute of Technology. She then went on to learn noise control, animal control, and bylaw enforcement; as well as EMS (which is part of FIRST Security’s justice sector work for monitoring offenders serving home-based sentences and defendants on bail). Prior to joining FIRST, Jill spent 15 years in the hospitality industry, and was manager of a large hotel complex. In addition to a New Zealand Certificate in Security Level 2, Jill has gained certifications and employer qualifications associated with the many security roles she has performed. Natasha says that Jill’s involvement in setting up new contracts is invaluable from a frontline experience point of view. “She creates jobs for people that they want to come to – she doesn’t accept work that won’t benefit her staff both physically, emotionally and financially,” continued Natasha. “Always community-minded, Jill’s holistic approach to security and community safety puts people first.” For information on where a security career might take you, visit the NZ Security Career Pathways website https://securitycareers.co.nz.
February/March 2021
CYBER SOLUTION
We need to talk about cybercrime This isn’t a topic that is often talked about until it’s too late. If the door on your office wasn’t closing properly, it would be addressed instantly. If a CCTV camera feed went out, you’d investigate straight away but online protection seems to be the elephant in the room. Perhaps it’s because most people don’t feel they’re tech savvy enough to have that conversation. No one wants to look like the “boomer” in the room so we tiptoe around the subject, but with 2020’s events forcing the workforce to shift to various remote working models, businesses can no longer afford to avoid the topic. Here’s some good news - if you don’t really understand threats in the digital world, you’re not alone. In fact, most people don’t really understand cybersecurity. Most people know the terms like malware, hack, phishing, end-to-end encryption, etc; but very few people understand what all that means. Ask someone you know, “How does end-to-end encryption protect against a sophisticated phishing attack and how can you defend against social engineering?” and you’ll find most of us are stumbling around in the dark. Hackers could answer those questions though. They could most likely tell you a whole host of workarounds to the solutions as well. The world has never been more suited to hackers. People all over the world have been forced into remote working scenarios regardless of computing ability. They’re being made to adapt quickly to the world of remote teams, Zoom meetings and VPN’s without “lunch room learning” to help them adapt as they would to a new technology in a traditional office setting.
February/March 2021
Hackers have lived in this world for years. Through online message boards like 4chan, they’ve connected with likeminded cybercriminals all around the world allowing them to share knowledge, develop new tools and even coordinate cyberattacks. Those familiar with these sites have often remarked that the users appear to operate with a hive mind mentality when launching attacks. Some attacks are done for traditional financial gain but often, these cyberterrorists will attack a high security target purely to see if they can. 4chan hackers were responsible for the iCloud photo leak when thousands of private photos, including nudes, from celebrity iCloud accounts were posted online. They’ve also hacked politicians’ emails and even caused Apple stock prices to plummet. In today’s world, cybercrime is organised and the rest of us are scrambling to just keep up. SonicWall are network specialists that know exactly what threats are faced and the outlook isn’t good. Data collected from SonicWall threat protection software found malware variants increased 62% in 2020 and instances of malicious office files
being detected were up 172%. There’s no reason to expect those numbers to not rise even higher in 2021. SonicWall collects data from 214 countries and uses deep learning AI to respond rapidly to emerging threats which ensures 80% of cyberattacks are resolved in 2 seconds. SonicWall has several advanced features that use AI to protect against the most evasive threats, allowing you to analyse captured threats in a quarantined environment, as well as see what threats are trying to compromise in real time. SonicWall also believe in sharing their knowledge to make everyone safer and host webinars to help customers understand cybersecurity better. You may not ever be as savvy as the cybercriminals but with SonicWall you can be sure you’ve got the best protection possible so you can get back to business. Hills is an official supplier of SonicWall network solutions. To learn more visit Hills.co.nz or connect with Hills Strategic Business Development Manager, Paulo directly on Paulo. Jorge@hills.co.nz. This is such a hot topic stay tuned for more to come.
NZSM
23
PROFILE: WOMEN IN SECURITY
Women in Security: Cyber trail blazer Kendra Ross Kendra Ross has spent decades at the forefront of the New Zealand cybersecurity industry, writes Joanna Mathers, and the sector is all the better – and more diverse – for it.
When NZX trading was halted last year due to heavy cyber attacks, the media had a field day. The news that New Zealand’s stock exchange had been hacked was met with consternation from many, as commercial and personal data was accessed by cyber criminals. A recent report by Financial
Kendra Ross is General Manager at Duo, a division of Sektor. She is cofounder of the 1st Tuesday security professionals’ network and its offshoot, Project Wednesday.
24
NZSM
Markets Authority claimed the attacks were foreseeable and should have been planned for. It was a wakeup call that such a seemingly lockeddown organisation could be so readily compromised: none of us are safe from online criminal activity. Kendra Ross, general manager of online security distributor Duo and co-founder of cyber security professional support group 1stTuesday Security Network, is well versed in this type of breach. She’s been in the cybersecurity game decades and understands the huge amounts of damage that can be caused when cyber criminals get through the walls of digital security. “Cybercrime can have a devastating effect on business and individuals,” she says. “As an example, we’ve recently seen people affected by crimes involving fake invoices, with losses ranging from several hundred to half a million dollars. And due to the privacy law requirements, we are hearing more about this than ever before.”
In dollar terms, the global figure of cybercrime numbers in the trillions. And it’s becoming the crime of choice for organised crime rings – it’s safer than drugs and often far more profitable. For Ross, cybersecurity is as much a passion as a career. A university drop-out (she didn’t enjoy the theory and wanted something practical to sink her teeth into) her first job was a sales support role at Epson. But she’s always been a “geek at heart” and started wholesale technology distributor Duo with a business partner in 1996. They soon saw opportunities for expansion to Australia, but this wasn’t to be a success. “We made loads of mistakes. We were trying to work remotely, but we didn’t understand the Australian market, the different rules of each state, and this was all happening around the time of the GFC. It almost sent us bankrupt. We had to shrink our business from 18 to three.” But the self-proclaimed “dyslexic thinker” wasn’t to be defeated that easily. Looking around for new opportunities, talking to customers, partners and end users, she discovered that cyber-crime was emerging as a major threat. So, Ross set about investigating ways in which her business could pivot to create opportunities in the under-serviced sector.
February/March 2021
The answer came in the form of IronKey. An encrypted USB flashdrive, funded by Homeland Security and the FBI. Duo gained the rights to distribute the product, and soon garnered an excellent reputation in the field. Concurrently, Ross started to look for ways in which to broaden the company’s portfolio in the space, seeking a group that may offer ideas and support. Sadly, there wasn’t one. In 2008, when Duo released IronKey, cyber-security was still in its infancy in New Zealand. Technology was developing apace, and cybercrime alongside it, but there wasn’t an official (or any) industry body or group where people could share their knowledge. Ross decided to remedy this. 1stTuesday Security Network offered a space for IT security professionals to share knowledge and learn from experts in the field. Now in its 12th year, the growth of 1st Tuesday mirrors the growth of the cyber-security industry as a whole. “When we started, we would get about 20-30 people attending each month,” she explains. “Now we get over 100 people every month.” Just as the size of 1st Tuesday reflects the industry nationwide, so does the gender makeup. The group (and its offshoot Project Wednesday, started for those who are new to the industry and to cater for the overflow
February/March 2021
from 1st Tuesday) is approximately 20 percent female. This percentage is possibly higher than the industry wide numbers, which Ross claims sit at around the 10 percent mark: “Diversity is something the industry lacks.” This is significant, both for gender equality and cyber security as a whole. Ross refers to cyber-security executive Jane Frankland’s book InSecurity, which she views as an astute analysis of the current male-dominated paradigm. “InSecurity puts forward the argument that lack of diversity makes us all less safe,” says Ross. It postulates that women and men are fundamentally different: women are more risk averse, compliant with rules, and embracing of technology changes than men. She also claims that women have more intuition, plus the ability to remain calm in times of crisis. The upshot of this is, in Frankland’s view, that a lack of women in cybersecurity roles equals greater risk of threats being realised – to the detriment of all. It’s not just gender diversity that matters in the cybersecurity industry, Ross says. In a world where millions of attacks occur every minute, ethnic diversity and diversity of thought are also vital. “If you just have one type of person working in cyber-security, they will be missing things that people
with different ways of thinking may identify,” says Ross. She says the role, while often seen as tech-heavy, actually requires thinkers of all sorts. “We have seen people coming into our company with degrees in music, marketing people who are skilled at messaging and storytelling. There are so many different roles in cybersecurity, and there is a huge skills shortage across the world.” The past year has been uniquely challenging for all of us, and further outlined the need to a robust workforce that tackles cybercrime. With Covid-19 necessitating remote work, cyber security threats widened significantly. Digital transformations that may be been in the pipeline were fastforwarded as work moved from the office to home. But the speed with which this was expediated opened up organisations to major security threats, with sensitive information being shared to remote devices that didn’t have the appropriate layers of protection. Ross says that the pandemic highlighted just how underinvested many organisations and individuals have been in cybersecurity. The convergence of physical and the digital with the development of internet of things (IoT) has compounded this. For canny cyber criminals, there are opportunities everywhere.
NZSM
25
The classic Kiwi “she’ll be right” attitude extends to cybersecurity, she says. “A lot of people make the mistake of thinking they are too small to be a target, but what they don’t realise is that they might be part of the supply chain; that cyber-criminals might be using them to get to a much bigger target.” “You see people setting up IoT devices with their default user names and passwords, and not changing them. People at all levels, including consumers, need to come to the party and be aware of the importance of protecting their information.” Covid-19 also highlighted just what data was important for organisations. “A lot of businesses don’t know what their ‘crown jewels’ are when it comes to data. This is a big part of what Duo does, working out which data is the most important and how to protect it.” Ross says that New Zealand’s cybersecurity landscape has been greatly enhanced by the development of Cert NZ, established in 2016. The national Computer Emergency Response Team (CERT) is part of an international network that provides
26
NZSM
information and advice around cyber risks, as well as collating risk reports and presenting them in a quarterly publication. The most CERT recent report from the third quarter of 2020 showed no let-up in malicious online activity: in fact, the opposite. In Q3 cyber-attacks rose by 33 percent. There was $6.4m of direct financial loss (up a whopping 255 percent from Q2) reported. Phishing led the activity, with 1064 reports; followed by malware then scams and frauds. Individuals, organisations, and IT professionals are all able to report to CERT. The threats are increasing, but the perennial skills shortage means that many of these can slip through the gap. Ross says that this is the biggest issue within the industry, and she is committed to educating people around the possibilities of this as a career. Ross is involved with Year 13 students; educating them around the opportunities to be found in the cyber security sector. “There are so many different roles in the sector, including non-techy roles. We get students together in a room with partners across New
Zealand (including Ernst and Young, Deloitte, Trade Me, and many others) and get grads to talk about a day in the life of a cybersecurity professional.” When it comes to women and cybersecurity, Ross is passionate about the opportunities it offers. “Women have the opportunity to blaze their own trail. We are still pioneers,” she says. She admits that working in such a male dominated industry comes with some challenges, but these can be surmounted. “You do need to have resilience and a good support network. And there are great women in security groups where women in the sector can find help and advice from people in the same industry.” Duo was bought out by business tech company Sektor in July 2019, but Ross continues to head Duo as general manager. In 2016 she was granted a Massey University sponsored New Thinking gold award; she was also asked to be a guest speaker at a graduation ceremony for the university. “I thought it was very good of them, seeing that I didn’t actually complete my degree!” she laughs.
February/March 2021
MEM2400LP
World leaders in revolutionary Electric Locking Design and Craftsmanship. Proudly stocked and supported by NZ’s leading authorized distributor…
• Suits low door height or narrow profile frames • High holding force up to 1000kg • Releases with up to 70kg of side pressure; early warning alarm • Supplied with anti-tamper bracket • 12/24 VDC, low power consumption • 4 hour fire rated • Lock Status & Door Status Sensors MEM2400LED-LZ • Features as for MEM2400LP with L/Z Bracket for inward opening doors
FES20M • High security stainless steel strike rated up to 1490kg holding strength • Quick and easy Power to Lock/Power to Open interchange • Mounting kit with adaptor tabs • 12VDC 220mA; 24 VDC 120mA; 36 VDC 80mA • Door, Lock & Frame status monitors • Pre-drilled for extension lips, 25mm & 50mm available
FES 10 and FES 10M • Stainless steel faceplate & keeper rated up to 1300 kg holding strength • FES 10 is IP56 rated • Dual voltage capable; 12VDC 200mA, 24VDC 100mA • Pre-drilled for extension lips, 25mm and 50mm available • FES 10M has door latch monitor
SECURITY TECHNOLOGY RELIABILITY
• ELECTROMAGNETIC LOCKS
VE1260
• STRIKES • DROP BOLTS • ELECTRIC MORTICE LOCKS
FEL990M
• 5 YEAR WARRANTY
Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz
• High security, 1000 kg holding force, 35kg pre-load capability • Accepts 12-30 VDC • Door status & Lock status monitors • Square & radius edge models • Pre-taped glass door housing available for radius edge version • Special strike plate caters for up to 12mm door misalignment • • • • • • • •
Multi-functional and field changeable Vestibule or combination Fail Safe/Fail Secure selectable 12/24 VDC Left or Right hand Key override Monitors: Door, Lock, Key & REX 12 pin connector
21136/REV11.17 21336/1/18
Your FSH Electric Locking range includes…
CYBERSECURITY
Is there a trojan on your network? The Solarwinds attack has wreaked havoc across thousands of organisations, writes Planit Software Testing’s Dave Withers APP, and electronic physical security systems are particularly vulnerable to it.
US Government departments are among the 18,000 enterprise customers affected by a serious supply chain attack using the SolarWinds Orion Product. Does anyone you connect your systems to use it?
David Withers APP is a Security Consultant with experience in large CCTV installations. He has also worked for over 20 years in Quality Assurance. As a Shadow Committee member of the ASIS NZ Chapter, David establishes and supports Auckland-based ASIS certification study groups.
28
NZSM
“An Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” read a 05 January joint statement from the FBI, ODI, NSA, and CISA. “At this time, we believe this was, and continues to be, an intelligence gathering effort.” “CISA is tracking a significant cyber incident impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations,” The US Cybersecurity and Infrastructure Security Agency (CISA) recently reported. “An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked.”
The SolarWinds Orion Product is an infrastructure monitoring and management platform designed to simplify IT administration, giving users a single view of the IT Stack. It manages security and is linked to all core IT infrastructure in the organisations that run it. Governments and large enterprises are among its users. Given its deep integration to such organisations, it was the perfect trojan to spread tools for gaining access to systems, including cloud servers, at a wide array of organisations. How did it happen? The initial access to Solarwinds used external remote access services, employing password guessing, password spraying, and the use of insecure administrator credentials. Once the actor had gained access to internal networks or cloud services, it gained administrator rights that allowed it access to all resources (local or cloud). With this access it injected its code into the build systems, leaving the source code untouched. It is known that all patches between March 2019 and December 2020 had the actor’s code attached. Any of the 18,000 customers who applied these patches was then infected with the Sunspot malware, which inserts a Sunburst backdoor code into affected systems.
February/March 2021
Its sophisticated design makes it very hard to detect. It is engineered to avoid detection. Also, being a security product, it was excluded from checking by some customers’ malware checkers due to false positives. How does this affect me? Electronic physical security systems are particularly vulnerable to this type of attack. These systems typically need to use facilities’ IT infrastructure to link monitoring and management tools to CCTV and access control infrastructure. Given the nature of the infrastructure used, it is common that: • Systems that are installed stay in place for decades • The systems allow access to organisation’s business networks • Security on physical security devices is typically weak (i.e. default or shared passwords between devices; no 2FA) • Once installed, these devices are infrequently patched, if ever. Given all these weaknesses, any part of your physical security network could be infected with a trojan or malware and you may not know
February/March 2021
about it. Ironically, they are typically monitored by tools like Solarwinds. The Solarwinds attack relies on not being detected to gain best value by spreading wider, constantly hunting for new hosts, burrowing deeper and deeper into your network. Given the weak security of many physical security systems and the access they provide to business networks, it is a perfect vector for such an attack. What IT security practices should I follow? Ferdinand Hagethorn, Director Security Services at Planit Testing, recommends you follow the zero trust practices, including: 1. Security is everybody’s responsibility, including the business’ 2. Position security as a business enabler - show you do security well 3. Security is part of the design and implementation 4. Leave that ‘build now, secure later’ attitude at the door 5. Secure your tech, people, and processes 6. Apply the least privilege principle – not everybody needs admin/root,
and neither does everybody have a ‘need to know’ 7. Secure all your environments, including your test environment – Yes, I’m looking at you, company that is holding a copy of production data there, because “it’s easy, so why not?” 8. Keep track of current threats 9. Keep track of current vulnerabilities – in your code, third party libraries, and infrastructure components 10. Budget for security efforts, including tech, training, support. 11. Be proactive! Be prepared to find a vulnerability and breach - it’s not if, it’s when; and respond fast IT security has to be part of the design and not an afterthought. It also needs everyone considering it when they operate the business day-to-day. Constant vigilance and a strong security culture is required to keep your business safe. So do you have a trojan in your network? The time to act is now. If you need help, engage an IT security consultant to assist you to protect your business from cyberattack.
NZSM
29
INDUSTRY
Good Practice Guidelines: Accountability and Reporting Launched in June last year, the NZSA’s New Zealand Security Industry Good Practice Guidelines provides guidance on a range of topics. In this excerpt we step through its section on accountability and reporting.
Accountability Your security company is answerable for its delivery of contracted property security guard and mobile security patrol services. This delivery includes achieving the objectives and results in performing the service and reporting on the service delivered in a transparent, fair and accurate way. We strongly discourage engaging in conduct that is misleading or deceptive, or is likely to mislead or deceive. Such behaviour is completely unacceptable. It would have serious consequences for both the security company and its staff. Your security company must share its accountability policy with the guard(s) in a timely manner. It must also ensure that the guard(s) understand training on and use of the policy and consult with them on anything that affects their health and safety. Customer communication Your security company should establish a policy for communicating with the customer on the delivered or contracted property security guard and mobile security patrol services. This customer communication policy should be in writing and set out your security company’s commitment to customer communication. It should include: • what property security guard and mobile security patrol services will be delivered • how the services will be delivered
30
NZSM
Security Services in New Zealand
Good Practice Guidelines od Guidelines JUNE 2020 New Zealand Security Association E tū WorkSafe New Zealand
• who internal and external stakeholders are • contract reporting requirements • communication method • communication frequency • communication format
Page
• details of the task to be delivered and what constitutes completed or non-completed service delivery • what services will not be delivered • the process of remediation if the service is not delivered.
February/March 2021
Record keeping and reporting Proof of service Credibility of the delivery of both property security guard and mobile security patrol services to a customer’s premises is a professional responsibility. Your security company should document this in the form of performance criteria. Your security company should provide proof of service, or be able to provide proof of service, digitally and/or in hard copy, for all attendances at a customer’s site by property security guards and mobile security patrols. Digital proof of attendance may include: • GPS locator record – including smart device records (e.g. mobile phones, smart devices, tablets) • geo-tagging – including smart device records (e.g. mobile phones, smart devices, tablets) • on-site digital recording devices (site electronic buttons, access control and/or alarm deactivation or activation) • digital record of communicating site attendance to an operations centre. Your security company may use a guard tour management system (GMS) if the system meets proof of service requirements. Providing digital proof of attendance is a requirement in addition to meeting any customer requirements or process for making entries of attendance in an on-site manual log book. Your security company must keep records confirming proof of service for the period required in any relevant legislation or, where legislation does not specify a time period, for three years. Reporting Your security company should establish a reporting system that records, and is capable of reporting, the delivery of all property security guard and mobile security patrol services in a transparent, fair and accurate manner.
February/March 2021
Record keeping and management Your security company must keep records to comply with all legislative and licensing requirements. These records must include details of all attendances by property security guards and mobile security patrols and their response to customer premises. This includes identifying each attending or responding security guard. Privacy of the data is an important consideration. Your security company must manage data and critical customer information in line with the Privacy Act 1993. Documentation To ensure it has an accurate and reliable record of all the actions and communications it makes to manage the health and safety risk to property and mobile security patrol guards, your security company should document all of these actions and communications and keep this documentation as evidence if it is required. Use of technology We encourage your security company to use technology to provide the greatest possible protection to its people and assets. Technology can provide accurate, reliable and timely protection for property and mobile security patrol guards. It also has value as highquality evidence if it is required. Your security company should proactively seek out technology products and services that enhance safety in the workplace and dedicate time to encouraging innovation within the company. Subcontracting Where a security company subcontracts another business (including a related entity) to carry out property security guard or mobile security patrol services, the security company must ensure that the subcontractor carries out the work in line with these guidelines. The security company and the subcontractor should agree on safe work procedures, including
arrangements for managing health and safety incidents. The security company should monitor the subcontractor’s activities regularly. The subcontractor is responsible for reporting, recording and communicating proof of service to the security company. The security company is responsible for reporting on proof of services and for communicating this to the customer. A security company that provides mobile security patrols by subcontract should advise the customer that a subcontractor is providing or may provide the service. Due diligence When considering a subcontractor relationship or service, your security company should conduct due diligence on the subcontractor. This due diligence should cover the subcontractor’s: • legal structure and financial health • management structure – showing control and accountability at each level of its operations • evidence of business licences • evidence of individual security licences • evidence of service-level agreement • evidence of insurance and certificates of currency • compliance with policies, laws and regulations, including those related to health and safety • document exchange and review • evidence of handling procedures • right to audit • evidence of its membership of a recognised security industry association. The New Zealand Security Industry Good Practice Guidelines can be read or downloaded from the NZSA website www.security.org.nz
NZSM
31
INDUSTRY
NZSA CEO’s January Report In this update, NZSA CEO Gary Morrison talks security career pathway website, update to Good Practice Guideline, Crowded Places Strategy Group, privacy law reform, SkillsVR training and more.
Gary Morrison is CEO of the New Zealand Security Association (NZSA). A qualified accountant, Gary originally joined Armourguard Security as a junior accountant and held several roles over two decades prior to appointment as GM for New Zealand and Fiji, after which he established Icon Security Group.
32
NZSM
Recent events around the world have highlighted how fortunate we are to be able to conduct business and go about our everyday lives with some normality. Whilst the planned roll-out of the COVID vaccine is fantastic news, the reality is that the impacts, both in health and economic terms, will be with us for a considerable period and 2021 is likely to be a challenging year for many individuals and businesses. As always, we will strive to assist our members with timely and relevant guidance and communications and to work with our stakeholders in further lifting standards and professionalism within the security industry. I also look forward to the reimplementation this year of our Regional Visit programme and the chance to meet our members in their own business. This is a great chance for me to better understand your business and to discuss those issues that are most important to our members. Details of the Regional Visit programme will be made available shortly. Security career pathway website The new NZ Security Career Pathways website www.securitycareers. co.nz was launched in December and has attracted a large number of views and favourable comment. The website has been designed to provide a comprehensive and structured introduction to roles within the security industry and the pathway opportunities for those seeking career progression to more senior positions.
The website includes information on the roles, skill set requirements, training requirements and options, indicative pay scales and possible pathways to other sectors or industries. It also includes short videos of employees in their roles, talking about their jobs and what they enjoy most. Further videos will be added as we continue to develop the site. Whilst the website will provide a great tool for our MSD Skills for Industry programme, it is equally designed as a resource for our members to assist in their recruiting process and to encourage new workers to our industry. SkillsVR security training platform Development of the SkillsVR training platform is now complete and waiting for pre-moderation to ensure it meets the outcomes and performance criteria specified within the unit standards. `Once the timing for this has been confirmed we will formalise dates and locations for a national roadshow tour that will coincide with the opening of the new regional MSD service hubs. `In the interim SkillsVR are happy to arrange demonstrations for providers - contact Chris Thomas on chris@ SkillsVR.com or 021 771 173. Further professional recognition of the security industry? The NZSA, together with the Training Special Interest Group (SIG) and Skills will be looking at how our industry could benefit if we formed a professional Registration body for individual security operatives.
February/March 2021
and experiences to the role and will provide strong governance and direction for the Association in coming years. We are also pleased to advise that Andy Gollings, CEO of Red Badge, was elected to the NZSA Board at the AGM late last year, replacing Chris Whiting. Existing Board Members Brett Wilson, Matt Stevenson, Lance Reisterer and Wade Coneybeer were also re-elected for a further three year term.
As you will be aware, the NZSA is a member organisation, and combining this with a Registration body may provide improved professional recognition for individual workers in the industry and enhance the overall standing of the entire industry. `This is only at its early concept stages and initially Skills will be carrying out a feasibility study over the next couple of months. We will keep you posted on how this study progresses, and if it does show promise we will seek your input later in the year. Update to Good Practice Guideline The Security Industry Good Practice Guideline was developed and launched by the NZSA last year as an industry resource providing operational and health and safety standards for all New Zealand companies operating in the guarding and security patrols sectors. With the assistance and input from a working group, including event security providers and event and venue hosts, the NZSA has developed additional sections specific to guidance on Crowd Controller roles and duties and providing security for Events, Venues and other Crowded Places. The additional sections are aligned with the recently issued Protecting our Crowded Places from Attack: New Zealand’s Strategy programme and the various resource tools. The amended copy of the Good Practice Guideline, including the new sections, can be downloaded from the NZSA website within the next few weeks.
February/March 2021
Crowded Places Strategy Group Last September the New Zealand Police released a strategy to assist owners and operators increase the safety, protection and resilience of crowded places across New Zealand. Protecting our Crowded Places from Attack: New Zealand’s Strategy sets out a consistent approach to protecting crowded places throughout New Zealand. It introduces guidelines and tools to help owners and operators of crowded places reduce the threat of attack occurring, and lessen its consequences, using methods that are proportionate to the threat. The strategy, guidelines and planning tools can be accessed via the Police website. The NZSA has also been working with the Police to ensure that the resources and capability of the private security industry are recognised and utilised as part of the strategic approach. Whilst membership is yet to be formalised, the NZSA will represent the security industry at the launch of the Crowded Places Advisory Groups and we will be hosting a Provider Forum during February focused on how best the industry can support and promote the Crowded Places strategies. Independent Chairperson and new Board Member In a very positive step, the NZSA Board has appointed Gray Paterson as its first independent Chairperson. Gray is a very experienced and accomplished Board Chair who brings a wealth of relevant skills
Privacy law reform New Zealand’s privacy laws changed on 1 December 2020 with the introduction of the Privacy Act 2020. The most significant changes include: • Mandatory notification of a privacy breach - this applies to all “notifiable privacy breaches” being where the breach has caused, or is likely to cause, an individual serious harm. • Privacy Commissioner can issue public compliance notices - The Commissioner will have the ability to issue a compliance notice to any agency requiring them to take action, or stop taking a particular action in order to comply with privacy laws. • Disclosure of personal information outside New Zealand - this will put more limits on foreign disclosure by requiring an agency to satisfy one of six requirements before disclosing personal information overseas. • Identifying information cannot be collected unless requested - this prohibits an agency obtaining more identifying information from an individual than is necessary for the purpose for which it is collected. Office relocation From 1 February 2021 our office will be located at Level 2, 31 Northside Drive in Westgate. The new office will allow us to re-implement on-site interviewing of MSD candidates and as always, we welcome any member who wishes to call in for a coffee, to recharge their devices or requires brief use of an off-site office space.
NZSM
33
THE EVENT
Securing our borders, facilities and public spaces Following its successful Wellington debut in 2019, Securing NZ’s Borders, Facilities & Public Spaces is back for 2021. This time, the event brings a pantheon of renowned physical security specialists to Auckland. Scheduled for 13-14 April at Auckland’s Vodafone Events Centre, Securing NZ’s Borders, Facilities & Public Spaces will focus on key currents shaping today’s security landscape with presentations by renowned local and international practitioners and academics and the latest case studies. The conference is set to draw together professionals concerned with safety and security at the border and at facilities where people tend to congregate, including airports, managed isolation facilities, stadiums, gyms, pools, parks, shopping precincts, hotels, hospitals, museums and education facilities, places of worship, transport hubs, government facilities, commercial buildings and critical infrastructure (refineries, tank farms, ports, oil companies, water and gas). The conference is effectively the 2021 iteration of Conferenz’s successful 2019 offering Safe & Secure Facilities & Public Spaces, but reconfigured for security in the COVID era, extending its public spaces gaze to aviation, the border and managed isolation. As media reports constantly remind us, things might have started to feel normal, with new strains and continuing outbreaks in the northern hemisphere, the ongoing threat of COVID has not disappeared entirely from our borders. Questions are being asked as to what new or additional measures might be put in place to
34
NZSM
safeguard public health and protect our people at work, at play, and visiting public spaces. As part of the event’s international line-up, Dr John Coyne, Head of Strategic Policing and Law Enforcement at the Australian Strategic Policy Institute (ASPI) will explore security at the Australian border. He will discuss how data and technology can be best utilised to improve border security and how temporary and longer-term personnel arrangements can be implemented to beat pandemics swiftly. While the COVID context has presented the need to treat potentially crowded spaces in an even more complex and diverse way than before, 2020 also saw the September release of the New Zealand Police’s longawaited Protecting our crowded places from attack – New Zealand’s strategy. Aimed at assisting owners and operators of ‘crowded places’ across New Zealand increase the safety, protection and resilience of their venues, the strategy cascades from the also recently released NZ Countering Terrorism and Violent Extremism National Strategy. Inspector Fleur de Bes, NZ Police’s Prevention Manager - National Security, New Zealand Police, will open Day Two of the conference, providing specialist insights into how the crowded places strategy will work. Securing NZ’s Borders, Facilities & Public Spaces is co-located with National Safety Leaders’ Summit and
Wellbeing at the Front-Line event, and features a jam-packed two-day speaker line up, with just some of the sessions including: The shifting landscape of Australian aviation security – Clinton McCaughan, General Manager Aviation Security, Queensland Airport Ltd - ISS Facility Services • Explore the threats to aviation • International and national objectives of Australian aviation security and legislation • Change in screening to advanced screening using CT technology/ body scanners • Recognition of firearms and explosives including dangerous goods Security at national and civic level – funding, collaboration, and strategy – Darroch Todd, Risk Manager, Auckland Unlimited • An understanding of the decisions to allocate funding to increase safety and security in New Zealand is crucial for security professionals, hear about what is being done at the national and civic level to make this country a safer place. • Analyse strategy used to react to security threats in the long and short term • Learn how funding is allocated to various departments and services • Gain insight into how New Zealand operates security at a national and civic level
February/March 2021
Increased Security and Public Safety is more important than ever before - sharpen your focus on the wider range of significant scenarios.
FACILITIES & PUBLIC SPACES
Neil Quarmby Intelligence Rising, Australia *Author of Intelligence in Regulation
Dr John Coyne Australian Strategic Policy Institute
Clinton McCaughan Queensland Airport Ltd ISS Facility Services
Inspector Fleur de Bes New Zealand Police
Nicholas Dynon Defsec Media
Chris Kumeroa Global Risk Consulting
LOCAL EXPERTS
INTERNATIONAL SPEAKERS
13 - 14 April 2021 | Vodafone Events Centre, Auckland
TOP 3 REASONS TO ATTEND: • Be at the forefront of the latest concepts and technologies related to border security and safety in public spaces • Leading experts share on the delivery of security, health & safety at quarantine facilities • Keeping up the momentum on key counter-terrorism issues and strengthening international cooperation and collaboration
VIEW AGENDA ONLINE: CONFERENZ.CO.NZ/SECURING
Sopporting Organisations:
NZSM New Zealand Security Magazine
DEFSEC
Media Partner
Line of Defence New Zealand’s Defence and National Security Magazine
Building safer cities – how security technology and architectural design are mitigating harm – Dr Lee Beattie, Deputy Head of School School of Architecture + Planning , The University of Auckland • With many of New Zealand’s largest cities undergoing modernisation and transformation, building in security and safety features is becoming increasingly common. • Innovations in architecture, designing cities to reduce hostile threats • Integrating innovative security technology into public spaces • Hostile architecture, security features designed to reduce antisocial behaviour Cyber-attacks on public infrastructure – the dangers of attacks on infrastructure and the potential physical harm – Philip Whitmore, Partner - Cyber Security, KPMG • Cyber-attacks are increasing in complexity and threat, with international and domestic hostile agents increasingly targeting critical areas of infrastructure. • Determine the highest risk areas of infrastructure in New Zealand • Analyse the potential fallout of a damaging cyber attack • Evaluate the current trends in cyber terrorism
36
NZSM
Reviewing the latest developments in the New Zealand security industry – Nicholas Dynon, Chief Editor - New Zealand Security Magazine • How has the security industry weathered the challenges of 2020? • Where are we now – what challenges and opportunities are there going forward? • Examining the private security industries involvement in the delivery of Government managed isolation • Mapping the impact of the pandemic on major events in New Zealand – what’s on in 2021 and what’s not - what does this mean for the security sector? Legal Clinic: Maintaining public safety within legal parameters – James Warren, Partner, Gretchen Fraser, Senior Associate, Dentons Kensington Swan • Understanding the rights of the public and your obligations at law is critical to delivering effective security and safety services. • Understand your obligations under the Health and Safety at Work Act 2015 when providing security and safety services • Learn how to avoid breaches of privacy of your personnel and others • Identify other rights and obligations impacting the role of security organisations and
their ability to deliver security effectively and within the law (including mitigating areas of risk) Shaping the Enterprise Security Risk Management (ESRM) Architecture and Design Process – Chris Kumeroa, Director, Global Risk Consulting • Reviewing internal and external events that help shape Security Design • Key elements of the Security Predesign Phase • Understanding your organisation’s exposure to security related risks and its security vulnerabilities • How best to articulate your organisation’s risk profile and vulnerabilities to decision makers Curated to address our current fast-changing environment, the agenda will feature thoughtprovoking contributions from a wide range of experts from across police, law enforcement, government, legal, sports, venue operators, risk management and the security industry. It’s therefore a must for those responsible for security and safety at NZ’s border, facilities and public spaces, as well as event operators and security professionals from across New Zealand. For more information, visit www. conferenz.co.nz.
February/March 2021
From
, a cleverly designed,
Motorised Hook Lock to simplify electric locking of sliding doors. Available now from Loktronic. HL1260 • Up to 650 kg holding strength for the toughest jobs • Motor driven hook captures roller on strike plate • Recessed or surface mounting for easy fitting to most door types • Fail Safe/Fail Secure field changeable for simplicity • Accepts 12-30 VDC • Door Position Switch • Hook Position Switch • Tested to 400,000 cycles for durability • 5 year warranty for peace of mind
Also from FSH, the expertly designed
VE Lock
sets
new standards of reliability. VE1260 • 1,000 kg holding strength… ideal where high security is needed • Release with up to 35 kg pre-load makes for easy unlocking • Field changeable between Fail Safe and Fail Secure • Accepts 12-30 VDC • Door and Lock status monitoring for total status reporting • Radiused and square edged models suit new installs and upgrades • Can be installed horizontally, vertically and into surface mounted housings • Pre-taped housings make for simple installation onto frameless glass • Special wide V strike plate allows for up 12 mm door offset
Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz
16078. REV 11.17
These fine products from world leaders in electric locking design, FSH, are proudly stocked and supported by NZ’s leading authorized distributor,
The Rise of Cyber Due Diligence in Deal-Making Neglecting cyber in due diligence may lead to not only brand and reputational risk, but also unaccounted remediation costs, writes senior editor of ASIS International’s Security Management magazine Megan Gates.
It was a deal that made Marriott International the owner of the largest hotel chain in the world. In 2015, the company announced that it would buy Starwood Hotels & Resorts Worldwide, Inc., for $12.2 billion—combining the two companies’ 5,500 hotels with 1.1 million rooms worldwide. But unbeknownst to Marriott, the deal would open up a massive area of liability just a few years down the road when the U.S. Federal Trade Commission (FTC) would fine Marriott for a breach of Starwood’s guest reservation database—which exposed the personal information of up to 500 million people. “The hotel chain says the breach began in 2014 and anyone who made a reservation at a Starwood property on or before September 10, 2018, could be affected,” according to the FTC’s announcement. Marriot later clarified in an update in 2019 that approximately 383 million guest records were compromised in the breach— including 20.3 million encrypted passport numbers and 5.25 million unencrypted passport numbers. Along with the fine from the FTC, the hotel owner was also fined more than £99 million ($130 million) by the United Kingdom’s Information Commissioner’s Office for the breach; the commissioner’s office has since reduced the fine to £18.4 million ($25
Megan Gates is Senior Editor at ASIS International’s Security Management magazine. She joined the Security Management team in 2013 after graduating from Missouri State University with a Bachelor of Science in Journalism.
38
NZSM
million) because of the COVID-19 pandemic. Additionally, Marriott has faced a slew of legal complaints related to its handling of the breach. One of the largest is a class action lawsuit brought by two members of Starwood’s—and now Marriott’s— customer loyalty program on behalf of all victims of the breach. “It is particularly egregious that Marriott did not discover this serious data breach during the course of its due diligence efforts in conjunction with its 2016 Starwood acquisition,” said Amy Keller, partner at DiCello Levitt and co-lead counsel on the suit. “Marriott seems to forget that part of being in the customer service business includes actually taking care of its customers. Through this lawsuit, we intend to ensure that it never forgets that again.” And while those efforts are focused on ensuring that Marriott learns from previous mistakes, recent findings from a Deloitte survey suggest that organisations are taking cybersecurity more seriously during the merger and acquisition (M&A) process— especially when those deals are being made virtually. In the Future of M&A Trends Survey of 1,000 U.S. corporate merger and acquisition executives and private equity firm professionals, Deloitte found that deal activity in the United States plunged after the World Health Organisation declared COVID-19 a pandemic in
February/March 2021
March 2020. But in April 2020, the situation changed with 60 percent of respondents saying their organisations were more focused on pursuing new deals. Six in 10 survey respondents also said they expected U.S. merger and acquisition activity to return to pre-COVID-19 levels within the next 12 months. “When it comes to cyber in an M&A world—it’s important to develop cyber threat profiles of prospective targets and portfolio companies to determine the risks,” said Deborah Golden, cyber and strategic risk leader, Deloitte. “CISOs understand how a data breach can negatively impact the valuation and the underlying deal structure itself. Leaving cyber out of that risk picture may lead to not only brand and reputational risk, but also significant and unaccounted remediation costs.” In practice, this means that organisations are increasingly giving CISOs a seat at the table and making them part of the due diligence process, says Jaime Fox, partner and principal at Deloitte Cyber Risk Services. Fox leads Deloitte’s work on cyber due diligence in strategic acquisitions. Previously, security representatives were only brought into the deal-making process during the closing aspects so they could focus on integrating the organisations involved, she says. Taking that approach, however, means that organisations might not discover a cyber risk—like the Starwood data breach— before finalising the deal, opening themselves up to potential liability, higher remediation costs, and more consequences down the line. Initially, organisations began to transition their approach to cyber due diligence by doing a high-level cybersecurity assessment. This included aspects like looking at a broad threat landscape and overall network security, Fox explains. Before the COVID-19 pandemic hit in early 2020, clients were requesting that cyber be more fully addressed in due diligence.
“Now in a COVID world, we’re seeing deeper dives into what clients are looking at,” she adds. “We see acquirers doing things in terms of threat intelligence and research on the Dark Web to gain a greater understanding around things like leaked user credentials for sale. It’s very encouraging to see…and helps the CISO frame the mind-set: ‘This is the house I’m about to buy. These are the things I’ve uncovered. This is what my remediation costs are going to be.’” These deep dives include creating a cyber playbook that defines the areas the parties want to cover in their due diligence process, including threat intelligence, Dark Web research, cyber reconnaissance, and assessments of network flows to identify potentially suspicious traffic. Some also choose to engage in penetration testing. “Oftentimes the target will approve doing something like that— sometimes they won’t,” Fox says. “It’s very encouraging to see clients and acquirers push to get this type of information. It really helps to home in on their top 10 questions—after they’ve gathered this intelligence, they can go to the target and gain a better understanding of what they’ve found.” This was on display, for instance, when Verizon reduced its offer to acquire Yahoo! by $350 million after Yahoo! disclosed two major breaches. And the portion of Yahoo! that was not part of the Verizon deal agreed to assume 50 percent of the liability related to any future lawsuits stemming from the breaches, according to analysis from PricewaterhouseCoopers (PwC) When Cyber Threatens M&A. “This isn’t an issue for only tech companies. Cyber threats have spread to industries that weren’t targeted earlier in the digital age; restaurant chains, for example, can be attacked for the customer information—either credit card numbers or information from their loyalty programs,” PwC said.
“Furthermore, the goal of a cyberattack can be more than a simple data grab. Consider a pharmaceutical company’s formula for a drug, a manufacturer’s product design, or a distribution company’s transportation model. All of that is intellectual property that can be a crucial part of a deal’s value.” These threats raise the risks for acquirers looking to make a deal— and make their potential acquisitions a more lucrative target during the integration process—but do not tend to push them away from the table. “While cyber threats are more prevalent, it’s still rare for a breach or other issue to harm a transaction to the point that an acquirer completely walks away; delaying the transaction is a more common result,” according to PwC. “Yet delays, added costs, and questions about a target’s value all have consequences for the deal process. To avoid such damage, acquirers need to understand the cyber risks of the target so they can limit surprises, model appropriately, and ensure a reasonable transaction.” This is key, Fox adds, because discovering this information sooner in the process will allow acquirers to negotiate better terms. “Right off the bat we tell our clients that going through this process sooner is only going to help you in the end,” she says. “Understanding the impact of security breaches, controls around customer data, and arming them with information around how it’s important to understand the entity you’re about to buy…when you present it from a risk perspective, you show that these are things we should be able to quantify.” There’s also a renewed focus on cybersecurity as many of the mergers and acquisitions happening today are being done virtually. Eighty-seven percent of respondents to Deloitte’s survey said their organisations have effectively managed a deal in a purely virtual environment, and more than 55 percent said they anticipate virtual deal-making will be the preferred platform even after the pandemic.
© 2019 ASIS International, 1625 Prince Street, Alexandria, VA 22314. Reprinted with permission from the January 2021 issue of Security Management.
February/March 2021
NZSM
39
US bank regulator reports key risks and effects of COVID-19 The US Office of the Comptroller of the Currency’s Semi-annual Risk Perspective for Fall 2020 reports risky times for banks – from terrorist financing to cyberattacks and shady cryptocurrency activity.
The Office of the Comptroller’s (OCC) Semiannual Risk Perspective addresses key issues facing banks in the US, focusing on those that pose threats to the safety and soundness of banks and their compliance with applicable laws and regulations. Published in November 2020, this edition is something of a COVID ‘special issue’, with the report noting increased risk exposures in the areas of credit risk, strategic risk, operational risk and compliance risk, and highlighting emerging areas of risk fuelled by the new realities of the COVID era. Credit risk According to the OCC, credit risk is increasing in the US as the COVID induced economic downturn impacts on customers’ ability to service their debts. COVID – and efforts to contain its spread –triggered a historic economic downturn from March. “The private service sector suffered the most, with massive job losses in high-touch industries, such as leisure, hospitality, and retail trade,” the report stated. Placing the impact in historical context, real GDP in the US declined 10.1 percent between the fourth quarter of 2019 and the second quarter of 2020, compared with a peak-to-trough decline of 4.0 percent during the 2008–2009 recession.
40
NZSM
Despite a rebound in economic growth due to businesses reopening after initial lockdowns, commercial, retail, and mortgage credit risks are all increasing. Added to this, states the report, unprecedented government stimulus packages are likely masking significant losses within financial services. In terms of commercial lending, there are challenges in most sectors. According to the OCC, businesses that were weak before the pandemic, including highly leveraged borrowers, are especially vulnerable. “Commercial real estate, oil and gas, retail businesses, transportation, leisure and hospitality, and agricultural lending are areas of increasing risk exposure,” it stated. “Commercial borrowers’ cash flows have been negatively affected, including businesses that do not offer telework flexibility.” Its guidance to banks is that they continue to work prudently with borrowers that are or may become unable to meet payment obligations, and that they maintain accurate and timely loan risk ratings based on the borrower’s repayment ability and ability to manage through the COVID crisis. Strategic risk Strategic risk is an emerging issue, says the OCC, due to historically low interest rates, potential credit stress, extent of asset growth in low yielding assets, and weak loan demand.
These all negatively impact on bank profitability. “During the second quarter of 2020, net income declined sharply due to higher loan loss provisions and lower net interest margins (NIM) primarily due to banks holding high levels of low yielding assets. Secondquarter NIM was the lowest measured in the past 30 years.” Banks will face pressure to improve earnings by cost cutting and increasing risk. As asset managers seek alternative revenue sources or ways to reduce costs, risk exposure will increase. “In response to similar challenges, banks have traditionally cut costs to maintain margins. Key control functions and processes, such as risk management, audit, compliance, and staff development, should be maintained to ensure risk management oversight during times of economic stress.” Operational risk The move to remote working and an evolving and complex operating environment are elevating financial institutions’ exposure to operational risk. Cybersecurity threats are a key contributor to this heightened operational risk environment. “Financial institutions are adjusting to a changing cyber landscape to protect their operations and customers from cyber criminals and fraud while many employees are working remotely,” observed the OCC. “Growth in bank employees’
February/March 2021
teleworking during the crisis increased controls risks. “Banks adjusted operating models to accommodate large-scale telework but are having to manage the complexities of unique security and internal control challenges. Additionally, the adoption of new and innovative products and operating models in the financial sector requires banks to manage rapid technological and operational changes to business processes.” The sector has seen an increase in ransomware attacks, with phishing emails as the predominant attack vector. Malicious cyber actors are not only targeting and encrypting bank data for ransom, but also threatening to auction or publish customer information on the dark web. According to the OCC, potential operational impacts from ransomware include “disruption of core business activities, operational outages, lockout of business data, and switching to manual operations.” The regulator suggests that banks need to have the capability to identify
February/March 2021
and respond to new threats in a timely manner in order to prevent potentially significant impacts. “Bank personnel should be made aware of possible threats that may affect their line of business, and the board of directors and senior management should be informed of critical cybersecurity threats that may affect the bank, its customers, or suppliers.” Compliance risk Compliance risk has also been elevated, states the OCC, due to a combination of remote working and the need to rapidly operationalise COVID recovery programs designed to support businesses and consumers. “Banks expedited the implementation of assistance programs, which elevated compliance risk. These programs featured increased compliance responsibilities and high transaction volumes while banks were trying to assess the impact of a weakened economy.” Added to this, criminals have adapted their approach and moneylaundering techniques to new COVID
context, scamming people into moving illicit money on their behalf through funds transfers, physical cash movements, and other methods. The OCC urges banks to be vigilant in identifying potentially illicit activity, “including monitoring for schemes designed to take advantage of people affected by the COVID-19 pandemic and other means that criminals can use to exploit the situation.” COVID-related scams are likely to increase if the pandemic drags on, the regulator suggests. Scams may include the targeting of people in need of care by advertising and trafficking counterfeit medicines and phishing schemes aimed at stealing personal and financial information. “Criminals and terrorists may exploit the public’s goodwill by setting up fake charities to accept donations that appear to be intended to help others suffering from the pandemic. Other scams include work-from-home schemes aimed at people who are out of work or those looking to earn a living while quarantined at home.”
NZSM
41
The OCC recommends that banks ensure their anti-money-laundering programs are commensurate with their risk profile, and that they monitor information provided by law enforcement agencies in relation to trends in scams and moneylaundering techniques targeting vulnerabilities created by the pandemic. Emerging risks The report also highlights emerging risks in payment products and services. interest in electronic and other forms of contactless payment has increased due to the COVID, and evidence suggests that nearly 40 million Americans own cryptocurrencies. The increased use of mobile technologies, apps, and contactless payment devices have broadened the delivery channels and functionality of payment systems. “The adoption of these innovative delivery channels, however, may require additional
42
NZSM
or different controls to continue to safeguard against fraud, terrorist financing, or operational errors.” The introduction of new entrants into the payment ecosystem has also provided a wider threat landscape, with many banks turning to thirdparties to manage new technologies and payment products. “As part of this growth, banks are entering into partnerships with nonbanks to offer faster payment functionality, especially for retail payment services,” observes the OCC. “Banks should conduct appropriate due diligence and oversight commensurate with the risk of the payment activity to manage these third-party relationships. “As the processing of payments evolves and new entrants are introduced into the payment ecosystems, it is important that bank’s risk management and controls keep pace with this change. Controls include governing the integrity, timeliness, security, and
resilience of payments regardless of the technologies used or innovative process used.” The OCC The OCC regulates, and supervises national banks and federal savings associations in the US as well as federal branches and agencies of foreign banking organisations in order to ensure they operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations. The OCC’s National Risk Committee (NRC) monitors the condition of the federal banking system and identifies key risks. The NRC also monitors emerging threats to the system’s safety and soundness and ability to provide fair access to financial services and treat customers fairly. The fall 2020 Semiannual Risk Perspective report reflects data as of 30 June 2020, and is available from the OCC website www.occ.treas.gov.
February/March 2021
REACH
NEW HEIGHTS in Professional Excellence
ASIS accredited certifications can help you reach your career goals.
Globally recognized as the gold standard for more than 40 years, the CPP is designed for senior-level security managers with seven to nine years of related experience.
WHY EARN THE CPP DESIGNATION? • Validate your security management expertise • Gain global recognition by your peers and the industry • Get a competitive edge in the marketplace • Enhance your career and earnings potential • Enjoy personal satisfaction and professional achievement Be one of the many ASIS board certified practitioners who are leaders, mentors, and trusted strategic partners, serving both their organizations and the profession.
"This gave me a better understanding of security management, and in turn made my conversation with clients and stakeholders more meaningful and useful. It has also increased my profile in the profession. I encourage any security professional to become board certified. I wish I had done this sooner." - Rehan Du Toit CPP
WHY SHOULD AN EMPLOYER HIRE ASIS CERTIFIED PROFESSIONALS? • Build a strong, dedicated team committed to high standards and continuing professional development • Promote ongoing education of critical job knowledge and skills • Feel confident that your staff are using best practices • Recruit the most qualified professionals • Reinforce or elevate your organization’s reputation and credibility Increase the competency level of your staff by supporting your security professionals in their certification journey.
Visit www.asis.org.nz for more information
NEWS
Making New Zealand safer for everyone Government response to the recommendations to the Royal Commission of Inquiry into the Terrorist Attack on Christchurch Mosques aims to promote inclusion and recognising the value diversity brings to communities.
Additionally, National Centre of Excellence will be formed that will bring together academia, civil society and government to research social cohesion and the prevention of radicalisation, and guide the work of policy agencies across government.
Social Cohesion A new Ministry for Ethnic Communities will take the place of the Office for Ethnic Communities in a move aimed at increasing the standing and mana of the agency and providing a greater ability to better support and respond to the needs of diverse communities. “With these actions, we are laying the foundations for a better future, and a fairer more equitable New Zealand”, Minister for Diversity, Inclusion and Ethnic Communities Priyanca Radhakrishnan says. To address recommendations around increased representation in the public sector, the Government will launch an Ethnic Communities Graduate Programme providing 30 graduates over 18 months with employment within the Public Service and the opportunity to input broader cultural competency into the public sector.
44
NZSM
Te Raranga “The [newly established Te Raranga] programme will look to improve frontline [Police] practice to identify, record, and manage hate-motivated incidents and hate crimes,” according to Minister of Police Poto Williams. “The Royal Commission of Inquiry was clear about the need to improve responses and recording of hate crime incidents. The name Te Raranga, The Weave was chosen to reflect the need to weave people, whānau, and communities together to reduce incidents of hate crime and hate incidents.” “Te Raranga, The Weave, will also implement a victim-centric hate crime approach and work with partners to develop restorative justice options for victims, communities and those that cause this type of harm.” Multi-Agency Coordination and Intervention Programme The Multi-Agency Coordination and Intervention Programme will work to prevent terrorism and violent extremism as early as possible, said Police Minister Poto Williams.
“Those identified by the Programme are expected to receive tailored, wrap-around support to disentangle themselves from harmful influences, and direct their behaviour away from violent extremism and acts of hate,” said Poto Williams. “Interventions include tackling vulnerabilities, such as risk of suicide and self-harm, mental health and disability needs, alcohol and drug issues, poor education and limited or no employment opportunities. Strengthening laws against inciting hatred Justice Minister Kris Faafoi has confirmed the Government’s intention to strengthen laws related to hatemotivated activity and inciting hatred against an individual or group. “In line with the Royal Commission of Inquiry’s recommendations, Cabinet has agreed to a number of measures to improve provisions in the Human Rights Act (1993) relating to incitement,” said Kris Faafoi. “The Government intends to establish an engagement process with community groups to discuss these changes. “New Zealand is a diverse country, and that diversity is a source of our strength,” he continued. “Our society is full of insights, skills and opportunities because of the many different people who call New Zealand home.”
February/March 2021
NEWS
Youth Justice Indicators reveal continued fall in youth offending rates Latest Youth Justice Indicators Summary Report shows a continuing drop in the rate of youth offending while highlighting opportunities in the youth justice system to further reduce offending. The result follows the substantial drop in youth offending which was identified in the first Youth Justice Indicators Summary Report two years ago.
This is the third report published in the series, providing insight into the performance of various aspects of the youth justice system from 2009/10 to 2019/20. The first report covered the period from 2009/10 to 2016/17 and the second report 2010 to 2018. “This latest report shows that between 2009/10 and 2019/20, offending rates among children aged 10 to 13 dropped by 63 percent. Over the same period, offending rates among young people aged 14 to 16 dropped by 65 percent,” Justice Minister Faafoi said. “Significantly, the Youth Court appearance rate nearly halved (decreased by 47 percent) between 2016/17 and 2019/20 for Māori, compared with a 27 percent reduction for European/Other.” The report shows the flow of children and young people through the youth justice system from 2009/2010 to 2019/2020. Oranga Tamariki, Police, and the Ministry of Justice each capture data about the performance of the youth justice system which is then analysed to produce the report.
February/March 2021
“These reports help those involved in the youth justice system better understand the issues and trends that arise. These latest results are encouraging and show the youth justice system has performed well over the last 10 years,” Kris Faafoi said. “We hope it will continue to encourage discussion and action towards important goals: effectively holding children and young people who offend to account in a way that recognises their needs and vulnerability and making a positive difference in their lives,” states the report’s Introduction. According to the report, the number of Pasifika young people whose offending is serious enough to lead to a family group conference or court action decreased by 63 percent between 2009/10 and 2019/20. This compared with a 54 percent reduction for Māori and 69 percent decrease for European/Other. “Recent trends are particularly positive for rangatahi Māori and build on progress noted in previous reports. The number of young Māori aged 14 to 16 who appeared in the Youth Court reduced by 41 percent from 2016/17 to 2019/20, from 1,375 to 810. The Youth Court appearance rate for Māori decreased by 47 percent over the same period. “While the results are encouraging, this report also
shows that there are opportunities in the youth justice system to further reduce youth offending. For example, despite encouraging findings for rangatahi Māori, the numbers of young Māori appearing before the Youth Court in 2019/20 were 8.3 times higher than the numbers of European/Other. “The information in these reports contributes to discussion and action around how best to hold young offenders to account, while also recognising their needs and vulnerability so that positive differences can be made in their lives,” Kris Faafoi said. The report can be viewed or downloaded from the Ministry of Justice website www.justice.govt.nz.
NZSM
45
NEWS
Leading economists call on UN to end anonymous companies Ahead of a first-ever United Nations General Assembly Special Session against Corruption to be held mid-year, a coalition of economists and NGOs calls for action on Panama Papers style shell companies. A group comprised of leading economists, trade unions and civil society organisations came together for International AntiCorruption Day 2020 to call for an end to the abuse of anonymous companies. In an appeal to national leaders preparing for the first-ever United Nations General Assembly Special Session against Corruption (UNGASS) scheduled for June 2021, the signatories call for the forum to commit to making central, public beneficial ownership registers a global standard. “Anonymous companies have long been known as a cover for financial crime,” said Maíra Martini, Research and Policy Expert on Corrupt Money Flows at Transparency International. “The diversity of stakeholders signing the letter illustrates the growing consensus that shell companies undermine social justice and collective security. Removing the veil of secrecy will not only help authorities fight cross-border corruption and other crimes, but also facilitate due diligence by legitimate businesses,” continued Martini. The problems caused by the lack of information on companies’ real owners have been in the international spotlight for over a decade and especially since the Panama Papers in 2016. While there has been some progress in ending their abuse, research by Transparency
46
NZSM
International shows that has been much too slow. As long as some jurisdictions allow anonymous companies to conduct transactions, they will continue to be used for cross-border corruption and other crimes. “A central, public register of companies and their ultimate beneficial owners – in addition to information on legal ownership and directors – is the most effective and practical way to record such information and facilitate timely access for all stakeholders,” reads the letter signed by 22 organisations. “With the United States set to join its global peers in taking action against anonymous companies through the Corporate Transparency Act, there is growing momentum and a clear consensus that transparency in company ownership serves the common good,” said Delia Ferreira
Rubio, Chair of Transparency International. “It also improves the environment for businesses themselves.” “But a consensus needs to translate into meaningful action. The United Nations General Assembly has a unique opportunity through the Special Session against Corruption in 2021 to help end the abuse of corporate secrecy. “Doing so would have a major impact on the lives of the world’s poorest and most vulnerable communities, by ending the vehicle of choice for the corrupt to hide the theft and misappropriation of desperately needed public funds and resources,” continued Ferreira. Preparations for the UNGASS 2021 are currently underway with country representatives negotiating the text of a political declaration to be presented in June 2021.
February/March 2021
fired up protection LOKTRONIC’s expansive product range has just become even wider with these first class EGRESS and FIRE PROTECTION DEVICES and PROTECTIVE COVERS.
NEW
STI-1130 Ref. 720-102
STI-WRP2-RED-11 IP67 Ref. 720-062R
Surface mount with horn and spacer 255mm H x 179mm W x 135mm D
Also available in White.
STI-RP-WS-11/CN Ref. 720-052W Available in White, Green, Blue & Yellow.
STI-13000-NC Ref. 720-090 Flush mount, no horn 206mm H x 137mm W x 69mm D
STI-RP-GF-11/CN Ref. 720-051G Available in White, Green, Blue & Yellow.
NEW
STI-RP-RS-02/CI
STI-13B10-NW Ref. 720-092 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D
Ref. 720-058 Cover included. Flush Mount Available. • •
STI-1100 Ref. 720-054
•
Flush mount with horn 255mm H x 179mm W x 86mm D
•
• • • • •
STI-6518 Ref. 720-060 Flush mount, no horn 165mm H x 105mm W x 49mm D
STI-13210-NG Ref. 720-093 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D
All STI ‘Stoppers’ are made of tough, UV stabilised polycarbonate. Many can be supplied with or without a 105 dB horn. Other models and sizes available including weather resistant options.
Approved to EN54-11 Current Rating: 3 Amps @ 12-24V DC, 3 Amps @ 125-250V AC Material: Polycarbonate Comes with Clear Cover 2 x SPDT switches Positive activation that mimics the feel of breaking glass. Visible warning flag confirms activation. Simple polycarbonate key to reset operating element - no broken glass. Dimensions: 87mm Length x 87mm Width x 23mm Depth (Flush Mount) & 58mm Depth (Surface Mount)
STI-6255 Ref. 720-042
Mini Theft Stopper discourages inappropriate use of equipment. Sounds a powerful 105 dB warning horn when activated. Tough, ABS construction. Reed switch activation for cabinets and display cases or unique clip activation for freestanding equipment. Does not interfere with use of protected fire fighting equipment. Compact design 85mm H x 85mm W x 25mm D.
STI-6720 Ref. 720-047
Break Glass Stopper. Keys under plexiglas. Protects emergency keys from inappropriate use. Keys remain visible. Fast, easy installation. Simple, inexpensive plexiglas. 3 year guarantee against breakage of the ABS housing within normal use.
NEW
Battery Load Tester Ref. 730-101
Fire Brigade Alarm: (Closed/Open) Ref. 730-231
Anti-Interference Device
ViTECH, strong, lightweight aluminum case, 5, 15 and 30 amp battery load tester for fire and alarm use. Weight: 500gms, Size: 165mm x 90 x 70mm.
ViTECH branded Type X (730-230) and Type Y (illustrated) models with temperature compensated pressure transducers with digital display showing pressures for defect, fire and pump start.
Ref. 730-400 series ViTECH AID for sprinkler valve monitoring; fits all ball valve sizes.
Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz
21620/1/18
21620
ViTECH products are designed and produced in New Zealand.
Simplified Solutions
PROFESSIONAL
BUSINESS
CORPORATE
EXPRESS
Three new Integriti Software Editions which include up to 30 features and integrations which were previously purchased as separate licenses Simpler than ever to design and quote systems using a clear and easy licensing model Client seat licenses changed to floating licenses to add further flexibility High quality hardware now backed by a 3 year factory warranty
+61 3 9780 4300 IREnquiries@innerrange.com www.innerrange.com
0800 222 220 innerrange@atlasgentech.co.nz www.atlasgentech.co.nz