Security Solutions Magazine Issue 101 by Interactive Media Solutions

A U S T R A L A S I A’ S L E A D I N G S E C U R I T Y R E S O U R C E F O R B U S I N E S S A N D G O V E R N M E N T

ISSUE #101 MAY/JUN 2016

ISSN 1833 0215

WILL POPULARITY TRUMP SECURITY?

$9.95 inc GST / $10.95 NZ

I DON’T WANT YOU

intelligent storage the creone keybox is a new solution for management of valuables & keys. absolute control easy to use With the Creone KeyBox range you will have complete control over your keys and valuables. Whatever your requirements you can choose a basic or more advanced solution.

There is one important requirement when it comes to storage systems that are used by a number of different people: the easier to use, the better.

Creone offer everything from key cabinets and value boxes that will meet your basic needs to advanced systems that monitor every single key and user.

Creone intelligent technology automatically keeps things in good order, and thanks to the user-friendly software, it is easy for the administrator to monitor key use and control.

Total flexibility

Key Features

Creone KeyBox systems are flexible, which makes it easy for you to adapt your system when your needs change. Start with a solution that is suitable for your current needs, and expand it as your needs grow. Your storage solutions are future-proof when you invest in a Creone KeyBox to manage your keys and valuables.

• A simple and flexible solution • Over 40 different models and styles available • Easily expandable • Intuitive management software • Made in Sweden

visit us at...

Visit lsc.com.au/creone for more information.

Creone develop intelligent storage systems. They have being doing this since they started in 1979, and today supply solutions to companies in 30 countries. Creone have three keywords for their storage solutions; Control, Flexibility and User-Friendliness. Whatever your needs, they have a solution you can offer with security and good order â&#x20AC;&#x201C; both today and in the future.

A Solution to Suit Creoneâ&#x20AC;&#x2122;s extensive KeyBox range will offer storage solutions to a variety of industries.

Pharmacies

Banks

Car dealerships

Shops

Hotels & Hostels

Offices

Police

Taxis

Aged care facilities

CONTENTS101

COVER STORY: IF POPULARITY TRUMPS SECURITY

058

034

What if US presidential candidate Donald Trump continued to defy all expectations and was elected to be the 45th President of the US? According to the Economist Intelligence Unit, the election of Trump could be one of the top 10 greatest risks to global stability. Colin Wight, Professor of Government and International Relations at The University of Sydney, looks at what kind of foreign policy we might expect from Trump and the security implications of that policy.

THE LETHAL COCKTAIL OF TERRORISM: THE FOUR NECESSARY INGREDIENTS – PART ONE In the first of a special two-part series, international terrorism expert and researcher Dr Anne Speckard looks at the four main factors instrumental in driving potential recruits into terrorist organisations.

076

CRISIS MANAGEMENT PLANNING Paris, Brussels, Sydney, Boston and Parramatta all provide examples of where local businesses were caught up in bombings or shootings. Do you have a crisis management plan? When was it last updated? Don Williams looks at pertinent points of crisis management planning.

092

EFFECTIVE SECURITY LEADERSHIP Gone are the days of guns, guards and gates. Today’s security professionals are expected to be business professionals alongside HR, finance and operations. To achieve this, you must first be an effective leader. Jason Brown looks at some real-life examples of effective leaders and the lessons they can teach security professionals.

096

2016 TRENDS IN ACCESS CONTROL Blake Kozak of the internationally renowned market research group IHS looks at the emerging trends in access control for 2016–17.

002 SECURITY SOLUTIONS

SECURITY SOLUTIONS 003

CONTENTS101 008

LETTER FROM THE EDITOR

010

BRIGHT IDEAS

026 LEGAL What happens when we fail to act on the risk of terrorism? 028

THINKING ABOUT SECURITY When the risk is identified and the incident has occurred, who is responsible for managing the consequences?

012 CRIMINAL ODDITY It should be called “What not to do to end up in this section”, but alas, we find a special home for those who are met with odd criminal situations and a lack of intellect.

030 EVENTS A look at upcoming industry events. 040 ALARMS Why do we still need to be fingerprinted and hold licences

014 LEADERSHIP How does culture impact strategy? 016

CYBER SECURITY How can you address the need for greater awareness of advanced persistent threats amongst company staff?

018 RESILIENCE How can you apply resilience in a security context? 020

HUMAN RESOURCES What are the dangers of casual employees in the

in every state of Australia?

044

OPERATIONS Richard Kay looks at the reality of phone cameras in the age of social media.

048 CCTV What is HVEC? 054

BUSINESS What are the little things that can have a major impact

on the success of your security business?

070

LEGAL Q&A How does social media impact workplace bullying?

072

LOSS PREVENTION How can you achieve loss prevention on a budget?

security industry?

022 RISK MANAGEMENT Dr Kevin Foster explores a new risk assessment standard for security and operations.

024 COMMUNICATIONS Why do we need to make more noise as an

080 AVIATION Steve Lawson looks at the need to think differently about airport security following the recent Brussels attacks.

industry?

034

076

084 ACCESS CONTROL Can the traditional access token survive the Internet of

092

102

SPOTLIGHTS

110

PRODUCT SHOWCASES

114

SHOPTALK Company announcements from within the industry.

Things?

088

PROFESSIONAL DEVELOPMENT How well do you understand the cues to

deceptive behaviour?

100

SECURITY STUFF

004 SECURITY SOLUTIONS

SECURITY SOLUTIONS 005

www.securitysolutionsmagazine.com

Editorial Editor: John Bigelow john@interactivemediasolutions.com.au Sub-Editing: Helen Sist, Ged McMahon

Contributors: Jason Brown, Gary Barnes, Rita Parker, Greg Byrne, Kevin Foster, Rod Cowan, Tony Zalewski, Don Williams, Richard Kay, Anna Richards, Darren Egan, Steve Lawson, Jonathan Johnson, Bob Ansett, Brett McCall, Vlado Damjanovski, Ray Hodge, Colin Wight, Liz Corbett, Blake Kozak.

Advertising rdias@interactivemediasolutions.com.au Phone: 1300 300 552 Publication Co-Ordinator: Ranjit Dias

Marketing & Subscriptions admin@interactivemediasolutions.com.au $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)

Design & Production Graphic Design: Jamieson Gross graphics@interactivemediasolutions.com.au Phone: 1300 300 552

Accounts accounts@interactivemediasolutions.com.au Phone: 1300 300 552

Publisher

Interactive Media Solutions ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au Disclaimer The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein. The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.

RS A DE VI

SSOCIATI

ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au

SECURIT Y

RALIA LTD UST FA

Written Correspondence to:

Or i g i n a l Si z e

O C I AT I

Y P R OVI D

RIT

D LT

PR O

ASS

SPAAL

AU S T R A L I A

STRALIA LTD AU

SECURITY

Official partners with:

SSOCIAT IO N

RS A DE VI

blue colour changed to this colour green.

COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................

006 SECURITY SOLUTIONS

AME System produces its customisable ActivConsole range of electric height adjustable and fixed height control room consoles from their local design studio and manufacturing facility in southeast Melbourne, Australia. The ActivConsole range has revolutionised control rooms throughout Australia and worldwide, introducing state-of-the-art ergonomic technology into a 24/7 monitoring environment. Able to be customised to suit any application, the ActivConsole plays

a vital part in keeping your workplace and employees healthy and productive. By utilising new modern production methods and combining them with high quality materials and finishes, the ActivConsole range continues to adapt to new technologies and trends, ensuring unparalleled versitility and flexibility in every design. Customising ergonomic solutions for over 20 years, we continually ensure safety and quality for a whole new generation of operators. Contact us now for a tailored solution.

SECURITY SOLUTIONS 007

LETTER FROM THE EDITOR For generations, Australia has been referred to as the lucky country. This description has been bestowed upon Australia for a multitude of reasons, including but not limited to our beautiful, wide open country and pristine beaches, our amazing mineral wealth and abundance of natural resources, our quality of living and prospering cities – but more recently, the lack of a Brussels or Paris-type terrorist attack. And while it is true that we have been very fortunate to date, I do not think it is fair to say that we have been lucky. Undoubtedly, luck has played a small role, but I believe most of the credit should go to our intelligence and law enforcement agencies, as well as the Muslim community itself. I recently wrote a piece in which I stated that blaming the Islamic faith for terrorism is akin to blaming fast food advertising for the obesity epidemic. I stand by this comment. That said, I am not so naïve as to believe that all Islamic leaders within Australia are supportive of Australia’s involvement in recent conflicts. That not withstanding, we achieve nothing by further demonising Islam and refugees or immigrants to Australia. In fact, we only make it easier for people preaching hate and dissent to perpetuate such nonsense. Untangling the complex and incredibly intricate problem of terrorism in the modern context is not something that can be done in a day, week, month or even a year. It will take years and will be something that, in my opinion, our children’s children might finally overcome. But one thing is for sure; we cannot solve the problem with an ‘us and them’ mentality, which is why this issue’s cover story looks at the possible security implications of Donald Trump being elected as the next US president. We have already seen and heard Trump talk on numerous occasions about banning all Muslims from the US; deporting Muslims already living in the US; building a wall between the US and Mexico and other such outlandish, headline-grabbing propaganda. Now Trump has expressed reservations about the security alliance between the US and Japan and suggested that perhaps the best way to secure peace in the Asia Pacific region would be to encourage Japan and South Korea to develop a nuclear arsenal of their own with a view to keeping China and North Korea at bay. Colin Wight, a professor in the Department of Government and International Relations at The University of Sydney, has drawn on his extensive understanding of both international relations and terrorism to provide an overview of what he believes might be the likely challenges arising from the US moving forward. That said, regardless of what happens in the US, we cannot hope to be the lucky country forever. We need to do all we can to strengthen ties to the Islamic community in Australia, not erode the relationship. The Australian Islamic community has traditionally been something of an early warning system in so far as it provides information about people making the kind of noise that might lead to a potential problem. By alienating that community, I truly believe we erode our ability to detect, deter and prevent incidents.

John Bigelow Editor

008 SECURITY SOLUTIONS

GAIN CONTROL WITH ONEVIEW Defuse situations quicker with a truly unified security control room solution Saabâ&#x20AC;&#x2122;s OneView is a next-generation physical security information management integration platform that provides unprecedented levels of subsystem integration in mission-critical infrastructure environments. OneView empowers operators to respond effectively and efficiently to the most stressful situations. Offering accurate intuitive situation awareness, a simple operator interface, fast detection-response and comprehensive support for post action analysis, OneView is the ultimate choice for modern surveillance and security operations. You can rely on Saabâ&#x20AC;&#x2122;s thinking edge to bring your control room under real control. saab.com/australia

REGULAR

BRIGHT IDEAS Mining Everyday Technologies To Anticipate Possibilities

DARPA’s ‘Improv’ effort asks the innovation community to identify commercial products and processes that could yield unanticipated threats. For decades, US national security was ensured in large part by a simple advantage: a nearmonopoly on access to the most advanced technologies. Increasingly, however, offthe-shelf equipment developed for the transportation, construction, agricultural and other commercial sectors features highly sophisticated components, which resourceful adversaries can modify or combine to create novel and unanticipated security threats. To assess this growing security challenge and identify specific potential risks, a new Defense Advanced Research Projects Agency (DARPA) effort will ask experts across multiple disciplines to look at today’s bustling tech marketplace with an inventor’s eye and imagine how easily purchased, relatively benign technologies might be converted into serious security threats. The endeavour is dubbed ‘Improv’, an abbreviated reference to the potential for improvising with widely available technology to create new and unanticipated risks.

010 SECURITY SOLUTIONS

“DARPA’s mission is to create strategic surprise, and the agency primarily does so by pursuing radically innovative and even seemingly impossible technologies,” said program manager John Main, who will oversee the new effort. “Improv is being launched in recognition that strategic surprise can also come from more familiar technologies, adapted and applied in novel ways.” Improv will explore ways to combine or convert commercially available products such as off-the-shelf electronics, components created through rapid prototyping, and open-source code to cost-effectively create sophisticated military technologies and capabilities. To bring a broad range of perspectives to bear, DARPA is inviting engineers, biologists, information technologists and others from the full spectrum of technical disciplines – including credentialed professionals and skilled hobbyists – to show how easily accessed hardware, software, processes and methods might be used to create products or systems that could pose a future threat. DARPA will assess candidate ideas and offer varying levels of support to develop and test selected proposals. The emphasis will

be on speed and economy, with the goal of propelling winning submissions from concept to simple working prototypes within about 90 days. “DARPA often looks at the world from the point of view of our potential adversaries to predict what they might do with available technology,” Main said. “Historically, we did this by pulling together a small group of technical experts, but the easy availability in today’s world of an enormous range of powerful technologies means that any group of experts only covers a small slice of the available possibilities. In Improv, we are reaching out to the full range of technical experts to involve them in a critical national security issue.” DARPA intends to fund selected Improv proposals through a short feasibility-study phase, during which performers will refine their ideas and compete for the opportunity to build prototypes. DARPA will evaluate the results of that work and a subset of the prototypes will proceed to a detailed evaluation regimen. If performance warrants, DARPA may advance the relevant capabilities in separate follow-on efforts.

SECURITY SOLUTIONS 011

REGULAR

CRIMINAL ODDITY

Making A Clean Getaway Anyone who has ever had their home broken into knows the horrible feeling of coming home and finding one’s possessions scattered all over the floor – minus the things that were taken. Now, imagine coming home and finding that, instead, the house had been broken into and someone had cleaned up. I have known a few people in my time to whom I may have been tempted to do this to. It may sound ridiculous but according to a report in the Huffington Post, a woman in Indiana of The United States came home from a night out only to find a man had broken into her apartment, swept her floors, folded her clothes and then started to cook a meal of chicken and onions. According to reports, when confronted, the offender refused to leave the apartment even after police had been called. Police arrived a short time later and arrested the offender who claimed that he thought it was his apartment and that he lived there. I don’t know about you, but I am fairly sure that I would know if I was folding someone else’s clothes. I am also pretty sure that if I

012 SECURITY SOLUTIONS

had to kick the door in because my key didn’t fit the door lock, I might realise I was in the wrong apartment.

A Short Story Every cloud has a silver lining – so the saying goes. Therefore, it stands to reason that the silver lining in the cloud of the criminally stupid is that, so long as no one is injured or permanently deprived of assets in the course of their antics, they keep the rest of us amused. Sometimes we laugh at them. Sometimes we laugh with… no, hang on, we just laugh at them. Take for example, 43-yearold Eli Escaldera of Stock Island in The United States. Mr Escaldera wanted money. He wanted money quickly. So, he walked into a bank in the Florida Keys and passed the teller a note which, according to Miami New Times, read, “Give me what are 20’s and 50’s.” Now, if you are having trouble understanding the note, never fear, so did I when I first read about it and, apparently, so did the bank teller – who was further confused by the fact that Mr

Escaldera appeared to be wearing his shorts on his head… Yes, according to the story, and the accompanying images, Mr Escaldera had decided that the best way to disguise his identity was to wear a pair of shorts, on his head. Because that’s what I do when I want to remain inconspicuous and anonymous. According to a report by Monroe County Sheriff’s Officers, when the bank teller confronted Mr Escaldera, asking him in a somewhat confused and bewildered tone of voice “is this a bank robbery?”, Mr Escaldera simply mumbled “never mind” and walked away. According to the report, the teller informed his manager of the incident, who then informed police, who found Mr Escaldera only a few blocks from the bank, attempting to get away on his pushbike. In Mr Escaldera’s defence, the police had an unfair advantage given that there probably were not too many Hispanic men wearing a blue shirt, dark cargos and shorts on their head in the area. So many questions, so few answers.

OFFICE BUILDINGS WAREHOUSES DAY CARE CENTERS HOSPITALS SCHOOLS ACCOMMODATION & HOSTELS RETAILSTORES AIRPORTS GYMS SMALL BUSINESSES PROPERTIES

Triview CCTV, We’ve got “YOUR” solution Covered ! WHY TRIVIEW VISION? WE STRIVE TO PROVIDE OUR CUSTOMERS WITH HIGH QUALITY FULL HD 1080P PRODUCTS AT AN AFFORDABLE PRICE. OUR PRODUCTS ARE BACKED UP BY OUR TECHNICAL KNOW HOW AND FOCUS ON CUSTOMER SERVICE AND SATISFACTION.

w w w . t r i v i e w . c o m . a u For more information contact Nidac Security

T: 03 9808 6244

THE EXCLUSIVE DISTRIBUTOR OF

E: sales@nidac.com CCTV PRODUCTS

SECURITY SOLUTIONS 013

REGULAR

LEADERSHIP Seizing The Moment By Bob Ansett

In an interview about his military career, Australian Victoria Cross winner Corporal Ben Roberts-Smith noted that “culture trumps strategy every time”. It was a phrase I had not previously heard but, after thinking about it, I realised how right he was. Having placed so much emphasis on building and maintaining a powerful culture within my business over the years, it truly resonated, even though I had never thought of it in those terms. But realistically, whether it is a business, or the military, a security department or government, to effectively develop a strategy there must first be in place a culture capable of implementing the strategy. Intuitively, good leaders know their first task when taking on a leadership role is to determine the quality of the existing culture within the organisation they are about to lead. If it is weak or fragmented, it has to be repaired or rebuilt from scratch before new objectives can be launched. I had the good fortune to start my business from scratch, so I was able to create rather than change a culture. This enabled me to put my personal imprimatur on every aspect of the business from day one. I focused on teamwork driven by a ‘can-do’ attitude, always putting the customer first (which in the case of a security department might be the other departments within the organisation), thus running the business to suit the customer, not employees. No matter how difficult the task might be, it was embraced with energy, enthusiasm and good humour. The foundation for this culture was an environment where everyone worked hard to make the job as interesting and satisfying as possible. Four basic rules were employed that

014 SECURITY SOLUTIONS

management were expected to implement and maintain, as they wanted employees to really look forward to coming to work each morning: 1. Ensure employees (team members) got satisfaction out of their day’s work. 2. Employees were to be recognised for their work ethic. (This could be a pat on the back or something more substantial if appropriate.) 3. Constant reinforcement of the team principal, ‘all for one and one for all’. 4. To make it as much fun as possible by celebrating successes and then setting higher goals. In time, this environment morphed into a very powerful culture where expectations of one another grew exponentially to the point everyone was ‘match fit’ and truly believed they could achieve any realistic objective. Leadership is the key element in building positive cultures or changing them within organisations. The latter is clearly more difficult than the former, but nevertheless doable through leading by example with that can-do spirit. Unfortunately, courageous leaders in business these days are in short supply. Industrial relation laws have dumbed down the entrepreneurial spirit in organisations. Rampant fear has sent many business cultures into a downward spiral. Workplace stress is at its highest level in many years as workers fear for their jobs. So these times call for strong, courageous leaders prepared to take risks and focus on improving every aspect of their business in preparation for the economic upturn that will inevitably arrive. But it is not easy, even with a strong can-do

culture within the organisation. It calls for bold confident leadership applying all the basic traits of leadership. Start with a clear concise message outlining the plan and the way in which it will be implemented. Set the example by always doing the right thing even when no one is watching. Take personal responsibility for all that goes on, never go it alone and, most importantly, be fearless. Shakespeare wrote, “Some are born great, some achieve greatness and others have greatness thrust upon them.” Perhaps in the case of Ben Roberts-Smith, greatness was thrust upon him, but he seized it with all his might. His Victoria Cross citation records he showed conspicuous gallantry under enemy fire. With members of his patrol pinned down by enemy machine gun fire, Corporal Roberts-Smith exposed his own position in order to draw enemy fire away from his patrol. Then, with total disregard for his own safety, he stormed the enemy position, killing the two machine gunners. Leadership is all about seizing the moment.

Bob Ansett is the founder of Bob Ansett Marketing, a consulting firm in the field of customer service. Bob is also a familiar name in Australian business, synonymous with Budget Rent a Car, which he established in 1965. Bob can be contacted at bob@bobansett.com.au

THE ALL-NEW TXF-125E BATTERY OPERATED QUAD BEAM Introducing the eagerly anticipated TXF-125E; a high performance Quad Beam sensor designed for battery operation - perfectly suited for rapid deployment in creating temporary or permanent secure perimeter intruder systems. With 4 selectable frequencies, multiple beam sets can be used without crosstalk, whilst adjustable detection distance allows a single beam set to be re-deployed in a variety of installations throughout its operational life. Two 3.6V (17Ah) batteries power each unit for up to 5 years of service, and integrated wireless transmitter battery sharing provides a customisable low-battery warning notification output.

NEW!

ACTIVE IR BEAMS The ultimate in trouble free perimeter detection for distances up to 200m outdoor / 400m indoor.

+61 (3) 9544 2477

email: oz_sales@takex.com

HIGH-MOUNT PIR Triple mirror optics for maximum detection performance at 2 to 6m.

BEAM TOWERS Rugged floor and wall mounted enclosures in 1/1.5/2/3m heights.

INDOOR PIR Spot, 360째, wide angle, and curtain detection from 2 to 4.9m height.

OUTDOOR PIR Hard-wired or battery operated outdoor PIR up to 180째 x 12m.

TAKEX AMERICA www.takex.com

SECURITY SOLUTIONS 015

REGULAR

CYBER SECURITY Advanced Persistent Threats

Addressing The Growing Need For APT Awareness By Garry Barnes Advanced persistent threats (APTs) continue to enjoy the spotlight in the wake of their successful use to launch several high-profile data breaches. Every year, the damage and costs related to cyberattacks multiply at a shocking rate. Cybercriminals continue to exploit individuals and enterprises while increasing profits from more than US $300 billion in 2012 to an estimated US $1 trillion in 2014. Juniper Research has predicted that profits will top US $2 trillion in 2019. Major cyberattacks targeting financial, retail, healthcare, government and the entertainment industries have resulted in the stealing of sensitive data, exposed records and money, with billions spent on remediation and with significant damage to many brands. Opinions differ on what makes a threat an APT. Some state that APT is just a marketing term; others believe there is no difference between an APT and a traditional threat; yet others say that an APT is a nation-statesponsored activity that is geared toward political espionage. This article adopts ISACA’s definition of APTs – they are prolonged, stealthy attacks aimed at the theft of intellectual property (espionage) as opposed to achieving immediate financial gain. APTs also employ different attack methodologies and display different characteristics from those evidenced by traditional threats. Furthermore, as technology changes and information security tools evolve, so too do the tactics, techniques and procedures of threat actors. Social engineering remains at the centre of APT activity to gain footholds into information systems. Early APT efforts began with phishing, often involving an attachment or a link that contained malware or an exploit. However, over the past three years, APTs have moved on to the Internet as the main attack vector (for example, websites,

016 SECURITY SOLUTIONS

social media and mobile applications). Despite the damaging nature of APTs, a gap in the understanding of what they are and how to defend against them remains. A 2015 ISACA study designed to uncover information security professionals’ understanding and opinions of APTs, revealed that 67 percent of the respondents believe that they are ready to respond to APT attacks to some degree, representing a decrease from 2014’s statistic of 74 percent. It is evident that efforts to stay ahead of cybercriminals and APTs are not being aided due to advances in technology, coupled with the existing skills gap in the information security workforce. Of the ISACA survey respondents who categorised their enterprises as ‘not very likely’ targets of an APT, only 48 percent reported feeling prepared for an attack to some extent. The data indicates that enterprises have not really changed the ways in which they protect against APTs. The technical controls most often cited as being used to prevent APTs are network perimeter technologies such as firewalls and access lists within routers, as well as anti-malware and antivirus. While these controls are proficient for defending against traditional attacks, they are not as well suited for preventing APTs because APTs exploit zero-day threats, which leverage unknown vulnerabilities, and many APTs enter the enterprise through well-designed spear phishing attacks. This indicates that different types of controls – an increased focus on email security and user education – could benefit an enterprise immensely. With that said, the survey reveals that there is a strong correlation between the perceived likelihood of an APT attack on the enterprise and the enterprise’s adoption of improved cybersecurity practices. In almost all cases, the

higher the perceived likelihood of becoming a target, the more consideration is being given to APTs in terms of technology, awareness training, vendor management, incident management and increased attention from executives. This activity and corresponding effort form an excellent base for information protection. Yet not all avenues for APT intrusion are fully locked down. Mobile device security is lagging, despite acknowledgment that the bring your own device (BYOD) trend increases APT risk, and a preference is seen for technical controls over education and training, even though many successful APT attacks gain entry by manipulating individuals’ innate trust and/or lack of understanding. Enterprises and governments need to be continually vigilant and ensure they are well staffed and trained to deal with these everchanging threats. ISACA recently established Cybersecurity Nexus (CSX) to help enterprises take a skills-based approach to cybersecurity workforce development. It is critical for all staff to receive cybersecurity training, and for cybersecurity teams to receive continuous development that focuses on building their capability to protect and defend against these insidious attacks.

Garry Barnes is practice lead, Governance Advisory at Vital Interacts (Australia). He has more than 20 years of experience in information and IT security, IT audit and risk management and governance, having worked in a number of NSW public sector agencies and in banking and consulting. The above article is based on ISACA’s 2015 Advanced Persistent Threat Awareness Report. For a more detailed analysis of the report, go to http://www.isaca.org/apt-wp

SECURITY SOLUTIONS 017

REGULAR

RESILIENCE Resilience And Identifying Potential Disruptions By Dr Rita Parker As noted in the previous article in this column, definitions of the concept of resilience vary within different disciplines and sectors, such as critical infrastructure, homeland security and emergency, and disaster management response. However, the common characteristics of adaptability, transformation and flexibility appear generally consistent. While resilience has been described as “the capacity for complex systems to survive, adapt, evolve and grow in the face of turbulent change” (US Council of Competitiveness, 2006), by extending this description, it is possible to extrapolate that resilience is a counter to insecurity. In this extended context, resilience addresses unknown future challenges and uncertainty; that is, the inability to know what combination of conditions will occur in the future. If the future were predictable, resilience would lose its importance because all planning would be based on a known set of conditions. But because the future is unpredictable, it is necessary to plan for a wide range of possible conditions and outcomes, including some which may be unlikely but could result in significant harm if they are not anticipated. To apply the resilience concept it needs to be considered in a specific context; that is, who or what needs to be made resilient to whom or what threat or risk. This is where the role of security professionals can contribute to achieving resilience in an organisation. Within the context of a business or a corporation, resilience means having the capability and skills to adapt quickly to disruptions while safeguarding people, assets and reputation and while maintaining business operations. This is directly linked to the security of those people, assets and resources. Not all personnel or resources will be essential to maintain an organisation’s functions or

018 SECURITY SOLUTIONS

Whatever approach is used [to detect risks and threats], the results need to be constantly reviewed because internal and external factors change. critical services during a disruption. Security professionals are well placed to assist and to advise C-Suite executives to identify which assets and resources would be essential and therefore need to be made resilient, as well as identifying essential personnel. To do this requires defining what functions, elements or systems are critical and, therefore, need to be resilient to changes that may lead to disruption. Keep in mind that an organisation is an interconnected system composed of many different components that form different system levels. This means that an organisation can be resilient at some of the levels but not necessarily at others, meaning other parts of the organisation can be vulnerable. Resilience is similar to vulnerability in that it cannot simply be measured in a single metric; its importance lies in the ultimate multi-dimensional outputs (the consequences) of the system for any specific inputs (risks and threats). Detecting those risks and threats is a constant challenge. Different organisations use different processes and types of analysis to identify future potential disruptions. Some organisations do this by using trends analysis, which is a simple approach based on historical events and data to project into the future. The problem with this

approach is that it assumes past events are likely or may recur, and it assumes an absence of unprecedented future events. Other organisations use a process of horizon scanning to detect early signs of potentially important developments that may lead to disruptions. It does this by determining what is constant, what changes and what constantly changes both inside and outside the organisation. This approach enables identification of unexpected issues as well as identification of persistent trends and problems that may be potential risks or threats that contribute to or cause a disruption. Whatever approach is used, the results need to be constantly reviewed because internal and external factors change. This means that a simple tick-the-box approach cannot be used to achieve resilience. Dr Rita Parker is a consultant advisor to organisations seeking to increase their corporate and organisational resilience and crisis management ability. She is an adjunct lecturer at the University of New South Wales at the Australian Defence Force Academy campus where she lectures on resilience and nontraditional challenges to security from non-state actors and arising from non-human sources. Dr Parker is also a Distinguished Fellow at the Center for Infrastructure Protection at George Mason University Law School, Virginia, USA. She is a former senior advisor to Australian federal and state governments in the area of resilience and security. Dr Parker’s work and research has been published in peer reviewed journals and as chapters in books in Australia, Malaysia, the United States, Singapore and Germany and presented and national and international conferences. Rita holds a PhD, MBA, Grad. Dip., BA, and a Security Risk Management Diploma.

For over 30 years Perimeter Systems Australia has been delivering Perimeter Intrusion Detection Systems (PIDS) to Critical Infrastructure, Government, Industrial and large Commercial customers.

High end detection with minimal false alarms NE W !

Passive Infrared & Microwave Intrusion Protection False Alarm Free performance and lowest nuisance alarm rate possible.

The only outdoor motion sensors that really works!

Electronic Taut Wire Fence System • • • •

Utilises very reliable strain gauge technology Software sensitivity adjustment Each sensor can be adjusted separately Very reliable and difficult to defeat

Don’t forget, we also have competitive pricing on Takex products. Call for a quote today!

Palmgrove Business Park, D413-15 Forrester St. Kingsgrove NSW info@perimetersystems.com.au | www.perimetersystems.com.au

Call us on (02) 9150 0651 or visit www.perimetersystems.com.au SECURITY SOLUTIONS 019

REGULAR

HUMAN RESOURSES Legislative Requirements For Australian Employers This edition’s column details the industrial and employment legislative requirements of all employers in Australia. This flows on from last edition’s column that outlined what casual employment and sham contracting is. The intent of the first three or four columns is to work through the human resource issues as they are for the security industry in Australia and the potential risks they pose. Next edition’s column will discuss how relevant the requirements, as discussed here, are to the security industry in Australia and the level of risk posed by non-compliance. All businesses in Australia with employees are required to comply with the Fair Work Act 2009 (Cth) and the Fair Work Regulations 2009 (Cth). These regulations affect all employee/employer relationships in Australia and are designed to provide a safety net of minimum standards, flexible working arrangements and to prevent discrimination against employees. Under provisions of the Fair Work (State Referral and Consequential and Other Amendments) Act 2009 (Cth) and the Fair Work Amendment (State Referrals and Other Measures) Act 2009 (Cth), the states are able to refer matters to the Australian Federal Government to form a national workplace relations system. Before this, workplace laws were set and administered by most individual states. States kept their workplace relations powers over state and local government employees. In addition to the legislative requirements of employment, all businesses in Australia (with employees) are required to comply with the National Employment Standard (NES). The NES is a document detailing the 10 minimum employment entitlements that must be provided to all employees. An award, employment contract, enterprise agreement or other registered agreement cannot provide for conditions that are less than the national minimum wage or the NES. The 10 minimum entitlements of the NES are: • Maximum weekly hours No employee in Australia can be directed to work more than 38 hours per week. The spread of

020 SECURITY SOLUTIONS

hours is 7am to 7pm, meaning any hours worked outside those hours can attract penalty rates. • Requests for flexible working arrangements Employees (including casuals) who have worked for an employee for more than 12 months have the right to request flexible working arrangements. The conditions of the request are that they are: a parent and need special consideration to care for children, older than 55 years, a carer under the Carer Recognition Act 2010 (Cth), and/or a victim of domestic violence. • Parental leave and related entitlements Parental leave is leave following the birth or the adoption of a child. Both the mother and father are entitled. Casuals who have a claim to regular ongoing employment are also entitled to parental leave. • Annual leave All employees (except casuals or those on leave without pay) are entitled to four weeks of annual leave per year. The accrual is at the rate of 2.923 hours per completed week of service (for full-time employees) and pro-rata for part-time employees. • Sick and carer’s leave, and compassionate leave All employees, apart from casuals, are entitled to sick and carer’s leave. Both entitlements come under the same entitlement, which is 10 days per year for full-time employees and pro-rata for parttime employees. All employees, including casuals, are entitled to two days of carer’s leave without pay per year; however, full-time and part-time employees are only entitled to avail themselves of unpaid leave if they do not have any sick days left. • Community service leave Employees are entitled to unpaid community service leave. There is no limit to the amount of leave that can be taken. • Long service leave Entitlements vary from state to state, but generally are accessible after seven years’ employment. • Public holidays Entitlements for public holidays vary from state to state. The salient points are employees’

entitlements are based on where they are based and not where they happen to be working at the time, and the manner in which the entitlement is satisfied is dependent on the particular award or workplace agreement. The accepted methods of payment or compensation are additional pay, days off, or time in lieu. • Notice of termination and redundancy pay This is the most controversial part of the current employment standards and will be addressed in more detail in later columns. The salient point is that, in most cases, certain periods of notice for termination (from both employee and employer) must be given. • Fair Work Information Statement All new employees must receive a copy of the Fair Work Information Statement as soon as they start a new job. The statement provides information on conditions of employment including: o the National Employment Standards o modern awards o making agreements under the Fair Work Act o individual flexibility arrangements o freedom of association and workplace rights (general protections) o termination of employment o right of entry o the role of the Fair Work Ombudsman and the Fair Work Commission.

Greg Byrne is the Managing Director of Multisec Consultancy Pty Ltd. He also lectures part-time at the Western Sydney University where he teaches an under-grad diploma in policing as well as working as a sub-editor for the Australian Police Journal and serving as a member of the board of directors. He possesses a number of academic qualifications including; Master of Management, Diploma of HR, Grad Cert in Leadership and a Diploma a Security Risk Management. He can be contacted via email; greg@multisec.com.au. Also see www.multisec.com.au.

Series 400 is a fully welded 19” rack mount wall cabinet with heavy duty load carrying capabilities.

When you choose Australian made, you’re choosing more than quality and reliability, you’re choosing peace of mind.

DESIGNERS & MANUFACTURERS OF 19” RACK SYSTEMS

MFB’s range of innovative racking solutions is proudly made onshore, to ensure quality and consistency above all others. Backed by constant development, unsurpassed customer support and expedited delivery. MFB proves a solid project partner whatever your requirements. Australian made, makes Australia. With a solid history of over 45 years of supplying innovative, off-the-shelf and custom built racking systems, you can rely on MFB to ensure when you buy Australian, you’re investing and supporting Australian industry.

AUSTRALIAN MADE MAKES AUSTRALIA

www.mfb.com.au

VIC NSW -

P (03) 9801 1044 P (02) 9749 1922

F (03) 9801 1176 F (02) 9749 1987

E sales@mfb.com.au E sydney@mfb.com.au

SECURITY SOLUTIONS 021

REGULAR

RISK MANAGEMENT A New Risk Assessment Standard For Security And Operational Risk By Dr Kevin J. Foster Many organisations claim their risk management structures and processes comply with the International Standard on Risk Management Principles and Guidelines, ISO31000:2009. However, if risk assessments used by these ‘compliant’ organisations are poor, then risk management failures will almost certainly occur. If a security manager guesses that a risk is low, medium or high, then questions need to be raised about whether or not this is a suitable risk assessment. It is common for security managers to have only some of the information needed for a comprehensive assessment. However, information gaps may not be documented in the assessments provided to decision makers in management roles (who may not have security expertise), so the latter may be unaware that they are making important decisions without all of the pertinent information. Late in 2015, ASIS International and the Risk and Insurance Managers Society published a new American National Standard titled Risk Assessment. The standard is designated ANSI/ASIS/RIMS RA.1-2015. This attempts to provide guidance on how to establish and maintain a reliable risk assessment program. This new standard is intended to supplement ISO31000:2009 and provide more detailed guidance than the International Standard on Risk Assessment Techniques, ISO31010:2009. RA.1-2015 provides more operational advice than ISO31000 on the risk identification, risk analysis and risk evaluation processes needed to produce a reasonable risk assessment. Similar to ISO31000, this new standard utilises the PlanDo-Check-Act (PDCA) cyclic model: • The Plan stage of the assessment cycle defines and analyses threats, hazards and consequential

022 SECURITY SOLUTIONS

issues, and contexts. • The Do stage focuses on solving problems by developing a detailed action plan that is then systematically implemented. This may involve, for example, finding more information to fill a knowledge gap, or determining options to reduce risk or to increase opportunities. • The Check stage ensures quality control in the risk assessment process to make sure the assessment outcomes are in accordance with plans and, if necessary, initiates measures to rectify deviations from the plan. • The Act stage aims to standardise solutions and define new issues that need to be addressed in the Plan stage of the next cycle of the assessment. The risk assessment guidance provided by RA.1-2015 is structured in a way that makes sense to security practitioners and their managers. Firstly, the principles of risk assessment are explained. For example, the standard describes a risk assessment as “an effective tool for evaluating the organisation’s risk and resilience challenges and maturity, and to drive performance improvements. In addition, the risk assessment provides assurance to decision makers that the adopted risk- and resilience-based management system and risk management measures are achieving their intended objectives.” The standard explains the principles that need to be followed to achieve this. These include impartiality and objectivity, trust and due professional care, honest and fair representation, responsibility and authority, a consultative approach, a fact-based approach, confidentiality, change management, and continual improvement. Following the principles section of the standard is a description on managing a risk

assessment program. This goes into much more detail than ISO31000 and includes the roles and responsibilities of people who contribute to the risk assessment process. Note that the security manager should not perform all the roles on his or her own! The standard recognises that risks of strategic importance and complexity must be assessed differently to those that are routine, simple and frequent. The standard has a section on performing individual risk assessments across a portfolio of risk categories, including strategic, operations, financial and external. This section includes a number of analysis ideas, including the T4RA model that was first used by some Australian Government security analysts in the early 1990s. There are many good ideas in this section of the standard, including guidance on how best to assess the level of risk and how to present risk assessments to decision makers. Finally, there is a section on confirming the competence of risk assessors. There are also some appendices that provide additional information such as data gathering, ‘root cause analysis’, contents of a typical risk assessment report, document protection and business impact analysis. This risk assessment standard, ANSI/ASIS/ RIMS RA.1-2015, written by practitioners for practitioners, is well worth a read.

Dr Kevin J. Foster is the managing director of Foster Risk Management Pty Ltd, an Australian company that provides independent research aimed at finding better ways to manage risk for security and public safety, and improving our understanding of emerging threats from ‘intelligent’ technologies.

SECURITY SOLUTIONS 023

REGULAR

COMMUNICATIONS Integrity Means Finding Ways To Speak Out By Rod Cowan Perth TV reports a vicious attack on a security guard trying to remove gatecrashers from a concert. Footage of teenagers kicking in the guard’s head while he lies on the ground is sickening. Sydney news reports that a security guard was attacked at a bar in Sydney’s CBD in the early hours of Australia Day – the guard was hospitalised with facial fractures and head injuries. When a patient almost killed a police officer and security guard, media talk turns to a “rise in violent assaults due to [the fact that] ICE is turning hospitals into battlegrounds” and a deepening “security crisis” in NSW hospitals. Outside a Sydney pub, a passer-by films a woman repeatedly slapping and racially abusing security officer Ali Hamam. The evidence is all there on video and played on the nightly news. No arrests though. The woman is allowed to go on her way. In that case, the media focused solely on the racist nature of the assault. Physical and verbal abuse, however, is a daily reality for security officers. Compared to all other Australian occupations, security is in the top three for work-related injuries and deaths from occupational violence, with security officers ranking number one in both instances. Missing from all of these reports and many others is a complete lack of outrage. At best, the Australian Security Industry Association Ltd (ASIAL) posts a media release

024 SECURITY SOLUTIONS

following what it calls a “spate of violent attacks against security officers”, including the stabbing of a 72-year-old security officer in Moss Vale and another being knocked unconscious in Padstow during an armed robbery. ASIAL responds that it is “encouraging all Governments to ensure that appropriate protections are in place to enable security officers to perform their duties”. Encouragement is what is offered to pre-schoolers learning to finger paint. When attacks, verbal abuse and attackers are allowed to go scot-free and to become business as usual, leadership demands strident calls for the government and the police to do their jobs, and to do them properly. If the industry is silent in the most heinous of circumstances, what chance is there of being taken seriously when it comes to, say, misuse of security funding or budget cuts? There are many cases of security being used as a blatant excuse to rip off the public, and plenty where lives are at stake because of continual cutbacks to a point where good luck plays a larger role than good management in keeping people safe. Admittedly, there was a time when access to the media was difficult and expensive. Today, however, media tools are readily available, and journalists are gagging for stories they do not have to work for, not to mention radio shows scrambling for material for their morning audiences. If ISIS can readily grab media attention by pumping out videos from a cave in Pakistan,

there is no excuse for security failing to make its views loud and clear. Maybe people do not care because they see security as a secondhand industry, taking the cast-offs of policing and intelligence, accepting people that could not get a job elsewhere, or retired cops and spooks supplementing their pensions. On the contrary, many people in the industry choose security as a career and see not only a future but also honour in protecting lives and property. Some argue that lack of time due to budget cuts leaves them overstretched. So, when it comes to bragging rights about dealing with their Board, it appears access is not the same as being listened to. Other managers, consultants and selfappointed industry representatives whine that they cannot speak in the media because of the brands they work for or people they represent. Maybe their superannuation is a higher priority than their obligation to lead. There it is, three reasons for silence: not caring, sloth or cowardice. But there is no reason the silence should continue, and every reason it should not.

Rod Cowan is a Contributing Editor to Security Solutions Magazine. He can be contacted via email mail@rodcowan.net

KeyWatcher is a reliable and extremely easy to use electronic key management system, designed to prevent mismanaged, misplaced, or stolen keys. KeyWatcher eliminates outdated metal boxes, unreliable manual logs and messy key identification tags utilising a computerised storage cabinet. The system releases keys only to the individuals with correct authorisation, recording each user transaction and providing total system accountability.

KEYWATCHER SYSTEM OFFERS to 14,400 keys and 10,000 user per site l “Site” concept uses a common database l Numerous high level interfaces for access control, contractor management and vehicle fleet systems l Longer user IDs can be up to any 6 digits, plus a 4 digit PIN l Bright 7” full colour, touch screen l “Key Anywhere” allows keys to be returned to any KeyWatcher Touch within a site l On-screen guides for users, along with voice commands l Up

Available in Australia through: AST Pty Ltd T: +61 2 8020 5555 | M: +61 417 089 608 | F: +61 2 9624 7194 E: di@astpl.com.au | www.astpl.com.au

SECURITY SOLUTIONS 025

REGULAR

LEGAL Failing To Act On The Risk Of Terrorism By Dr Tony Zalewski

Risks associated with a terrorist incident are should adopt reasonably practicable positive well reported within Australia and abroad. The action such as aligning with the considerations Australian Government raised its terror alert level listed under the National Guidelines For in 2014 from medium to high. In Protecting Critical Infrastructure CERTAIN 2015, a new National Terrorism From Terrorism. Threat Advisory System was Although the workplace may EXPECTED launched that replaced the not be part of the sector for critical previous four-step approach to infrastructure, the guideline a scale of five levels. still provides some relevant PROBABLE The new scale provides considerations in the context of public advice about the work. For example, there should be POSSIBLE likelihood of a terrorist act a general review of the system for occurring in Australia. This workplace security and safety as it NOT EXPECTED public advice will also enable relates to: authorities, businesses and individuals to take • staff and contractors, so they are aware of the appropriate measures to minimise security- and increased risk and measures being implemented safety-related risks as part of their preparedness • control of people and property on-site through and response planning. Of course, such public use of staff and visitor identification and inspection advice should also allow employers such as of property such as parcels prior to entering a site security leaders to ensure an appropriate level or designated area of precaution and vigilance is maintained across • staff awareness to increase the likelihood of their workplace. detecting suspicious people, items and vehicles There are various guidelines to assist employers in and around the workplace to respond to changing levels within the National • perimeter protection to increase the effort of a Terrorism Threat Advisory System. For example, perimeter breach and the risk of an early breach the current level is ‘Probable’ and the National detection Guidelines For Protecting Critical Infrastructure • liaison or communication with local emergency From Terrorism (2015) list 11 considerations in services seeking advice about local issues response. • emergency preparedness and business As discussed in the previous article in this continuity planning column, employers and those responsible for • protocols to ensure they remain adequate to workplace safety and security owe a duty of care assist and guide staff in terms of proactive and under common law. A duty of care is a legal reactive measures, including the issues outlined obligation imposed that requires adherence to a above. standard of reasonable care that could foreseeably Prudent organisations have also reviewed harm others. In the context of this article, one their current insurance protections to ensure would consider that an employer or person there is adequate coverage should a terrorist responsible for workplace safety and security incident occur. In some cases, it has been

026 SECURITY SOLUTIONS

determined that nuclear, biological, chemical or radiological terrorist events are excluded, hence the importance of a policy review. A relevant case, although outside the jurisdiction, disclosed risks with failing to act. The case arose from a carpark bombing incident in which six people were killed. The New York State Supreme Court (2005) found the local Port Authority had failed to heed warnings based upon the 9/11 attacks to close or substantially improve its carpark security. The costs were an estimated US$2 billion in claims. As the risk of a terror-related event is well known, it is important that employers, those responsible for systems of work and security leaders take reasonably practicable actions to minimise the risk of terror-related incidents in and around their workplace. These risks must be formally addressed proactively and reactively in line with public advice. Failing to act on the risk of terrorism exposes those responsible for workplace safety and security to litigation, plus various risks including operational, financial and reputational. In addition to reviewing the system of work through a risk assessment, it is recommended that frequent reference is conducted to the Australian National Security website.

Dr Tony Zalewski is a Director of Global Public Safety and a forensic security specialist with qualifications in law, criminology and the social sciences. He provides advice and training to governments and the private sector in Australia and abroad on matters relating to operational risk, security and safety. He is also an expert with practical experience in some of Australia’s leading civil actions involving security and safety.

MORE REACH

than ever before

Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...

issuu.com/interactivemediasolutions

SECURITY SOLUTIONS 027

REGULAR

THINKING ABOUT

SECURITY

Managing the Consequences By Don Williams

Security is often seen as preventative – stopping the villains from taking or damaging what people have, and addressing the ‘likelihood’ element of risk management. This is true enough, as most of security management is about identifying assets and functions, determining threats (who wants to do harm), identifying exposures and vulnerabilities, and putting measures in place to prevent the bad guys from doing what they wish. But when the risk is realised and the event occurs, who is responsible for managing the consequences? The security manager will certainly be involved in the investigation and will be the centre of the questions such as, “Why did this happen?”, “Why did we not know this was going to happen?” and “What are you going to do to stop it from happening again?”. All are questions that a sound risk analysis, risk mitigation plan and records of requests for resources may address. Managing the consequences of the incident will probably rest with a combination of management disciplines. In a large business, ownership of these disparate elements may be dispersed both geographically and organisationally. In a small business, they may all fall to the one person. In

all cases, the interdependency of the plans, their ability to reduce immediate and future losses, and to protect the reputation of the business and the owners needs to be recognised. If there is a risk to life, then the chief warden will have a major role. It is worth asking if the emergency plans are suited to protecting staff, clients, visitors, contractors and the public if the incident is security rather than safety related. Discussions between the security and emergency manager can identify possible trigger events and appropriate response measures for inclusion in the emergency plans and training. The business’ media plan will play an important part in presenting the appropriate message to the public, staff and stakeholders. With the prevalence of mobile technology and the active encouragement by news media organisations for ‘live’ amateur feed, the ability to control what is hitting the airwaves and Internet is severely limited. So what can the business media plan hope to achieve and how fast can it respond? The security manager may help identify the types of incidents that may occur, the types of messages that can be sent and even help draft templates for use in different situations. A key difference

Managing the consequences of the incident will probably rest with a combination of management disciplines.

028 SECURITY SOLUTIONS

when considering a security incident is that it was a deliberate act by a human and, therefore, has a different social impact to, say, an industrial accident. Human resources (HR) will be important in responding to a security incident in the immediate and longer term. If there are injuries, then HR will need to be involved in tracking the staff members, advising family and so on. If the site is to be closed for any length of time, then how staff will be informed, paid, employed and otherwise managed are also HR issues. There may be the need for ongoing monitoring and counselling of all those directly or indirectly involved. Legal, insurance, business continuity/ resilience, facility management and environmental management will probably have roles to play in managing the immediate and longer term responses to a security incident. Even a relatively minor incident such as a punch-up in the workplace, theft of some goods or graffiti attacks will involve more than one manager. As part of the responsibility of protecting the business, it is up to the security manager to ensure that the other managers are aware of their involvement in consequence management and that the plans are at least vaguely aligned.

Don Williams CPP RSecP ASecM is a recognised thought leader in the field of security management. He is a member of relevant security and engineering professional associations and often sits on their committees. Don can be contacted via email donwilliams@dswconsulting.com.au

SECURITY SOLUTIONS 029

REGULAR

EVENTS ISC West 6–8 April 2016 Sands Expo Centre, Las Vegas ISC West is THE largest security industry trade show in the U.S. At ISC West you will have the chance to meet with technical reps from 1,000+ exhibitors and brands in the security industry and network with over 28,000 security professionals. Find out about new and future products and stay ahead of the competition. Encompassing everything from access control to Facial Recognition software, you are sure to find products and services that will benefit your company and clients. This year don’t miss our new IT Pavilion featuring the latest cyber security solutions. Working with SIA, ISC also features world class education to learn about every facet of the security industry. For more info on SIA Education@ISC visit: www.iscwest.com

Safeguarding Australia 2016: Protecting The Homefront The 13th National Security Annual Summit 11– 12 May 2016, QT Canberra The national security threat posed by contemporary terrorism ranges from organised

030 SECURITY SOLUTIONS

attacks against societies, to inspired attacks against individuals. At the core of the threat is the spread of extremist propaganda used to radicalise, recruit and inspire others. The frontline of this conflict spans the globe and reaches the homes of ordinary citizens through traditional media and social networking platforms. Today’s counterterrorism initiatives include interdicting and disrupting terrorists operations, but they focus more than ever on Countering Violent Extremism (CVE) and combating terrorist propaganda. Safeguarding Australia 2016 will bring leading industry experts from state and federal governments, the corporate sector and Australian and international universities to explore evolving national security threats and opportunities for improving Australia’s resilience to violent extremism Key Conference Themes Include: • Professional Development Session: Career management in the national security sector • The internet as a force multiplier for violent extremists • Counterterrorism Intelligence Simulation: The Bayzhanov Deception

• Australia’s Countering Violent Extremism (CVE) policy • Radicalisation and extremist propaganda • Foreign fighter recruitment and disruption • Partnering with local communities For more information, visit safeguardingaustraliasummit.org.au

AusCERT2016: Ubiquitous 23–27 May 2016 Surfers Paradise Marriott, Gold Coast AusCERT is hosting AusCERT2016, the 15th annual AusCERT Information Security Conference. As society increasingly moves towards ubiquitous computing and the Internet of Things, the innovations and benefits for society, health and wellbeing are profound and exciting. We are seeing innovation in sensors and data analytics, context aware systems, wearable devices, drones and robotics, and machines and critical systems that have not previously been accessible remotely now being connected.

CivSec 2016 A FREE FORUM FOR PROFESSIONALS IN SECURITY, SAFETY, EMERGENCY SERVICES & PUBLIC PROTECTION 31 MAY - 1 JUNE 2016

MELBOURNE, AUSTRALIA

CIVIL SECURITY AND CIVIL DEFENCE FOR THE INDO-ASIA-PACIFIC A COMPREHENSIVE FORUM FOR LEADERS AND PROFESSIONALS Border Control l Transport, Resource and Infrastructure Security l Physical, Cyber and CBRNE Security l Policing and Emergency Services l Surveillance, Intelligence and Response l Community Safety and Public Protection l Disaster Relief and Humanitarian Assistance l Remediation, Reconstruction and Resilience l Safety, Search and Rescue l Capability and Research l Technology and Innovation

FREE ADMISSION - PRE-REGISTRATION REQUIRED

www.civsec.com.au

SECURITY SOLUTIONS 031

REGULAR

EVENTS Advances in medical science using embedded medical devices that can prolong life, restore hearing and allow the visually impaired to ‘see’ through machines are some remarkable examples of ubiquitous computing. However, ubiquitous systems also create challenges and risks for everyone and everything. The interconnectivity of devices and systems; the ability for them to be remotely accessed or controlled; and the ability for them to be exploited and misused can have adverse consequences for individuals and societies that were not intended by their designers. The information security community must address and respond to these challenges and risks while nurturing the innovations that benefit society and individual wellbeing. Come to AusCERT2016 to hear a great line up of talented speakers discuss and explore the security challenges and risks associated with ubiquitous computing, and network with your peers. Visit conference.auscert.org.au for more information.

Biometrics Institute Asia-Pacific Conference 2016 25–26 May 2016 Dockside, Sydney The Biometrics Institute is delighted to announce the dates of their annual event for 2016. If you are interested in sponsorship or speaking opportunities, please email: steven@biometricsinstitute.org

032 SECURITY SOLUTIONS

CIVSEC 2016 31 May – 2 June 2016 Melbourne Convention and Exhibition Centre, Melbourne CIVSEC 2016 is an international forum dealing with the acutely relevant and inextricably interconnected imperatives of civil security and civil defence in the preservation of sovereignty, the protection of people and the safety of communities. It confronts the complex and increasingly interdependent challenges of the control of borders, the maintenance of law and order, the prevention of terrorism, the defence against threats to society, the protection of people and communities, the security of infrastructure and resources, the provision of emergency services, the response to disasters, the coordination of relief and the management of crises. Comprising a congress of specialist conferences and an associated exposition of equipment, technology and services, CIVSEC 2016 will bring together leaders and decision makers, policy makers and advisers, managers and officials, operational professionals, technical specialists, strategists and academics, researchers and consultants, technology developers and industry suppliers. While focusing on the Indo-Asia-Pacific region, CIVSEC 2016 will address issues of global significance. From the Indo-Asia-Pacific to Africa and the Middle-East, from Europe to the Americas, the world faces similar challenges with respect to the preservation of sovereignty and the protection of people. The peace,

prosperity, safety and cohesion of societies and communities everywhere are threatened by natural disasters and emergencies, by human catastrophe and civil disorder, by criminal activity and terrorism and by the movement of distressed populations across porous frontiers. The key players who respond to these challenges are diverse: governments and non-government organisations, aid agencies and emergency first responders, police and paramilitary law enforcers, national armed forces, immigration and customs authorities, border protection agencies and specialists in the law, medicine, infrastructure, civil affairs and search and rescue. Visit www.civsec.com.au for more information.

Security Exhibition & Conference 2016 20–22 July 2016 Melbourne Exhibition Centre, Melbourne As an industry you have spoken and your event is returning to Melbourne in 2016! The Security Exhibition & Conference will return to Melbourne again in 2016 following another outstanding event last year. Having held the Security Exhibition & Conference in Sydney for 12 consecutive years, it’s great to remain in Melbourne to consolidate relationships and to nurture business in this market. For more information visit securityexpo.com.au

SECURITYEXPO.COM.AU | 03 9261 4500 | SECURITYEXPO@DIVCOM.NET.AU

034

The Lethal Cocktail of Terrorism: The Four Necessary Ingredients Part One

035

By Anne Speckhard

The author recently returned from an interview trip in Belgium, the European country with the highest per capita rate of foreign fighters going to Syria; young men and women who travel there sometimes for good, but mainly to join groups like ISIS and Jabhat al-Nusra (the Syrian franchise of Al Qaeda). With over 500 Belgians having gone to fight jihad and over 100 foreign fighters now having returned (half of them put in prison, half returned into society) authorities are struggling with the staggering numbers that have been attracted into militant jihadi groups. They are wondering why and how that comes to be, as well as what can be done to prevent and turn back those already entered onto the terrorist trajectory. After interviewing almost 500 militant jihadi terrorists, their family members, close associates, and even their hostages, from places ranging from Palestine, Lebanon, Iraq, Jordan, Syria, Russia, Chechnya, Israel, Canada and Western Europe, the author believes she has a good idea of how and why some people get onto the terrorist trajectory. This is her explanation of the necessary ingredients for the lethal cocktail of making a terrorist, along with an explanation of the individual vulnerabilities/motivations that may also play a role, depending on the context and the individuals involved. First, there is nearly always a group. Ted Kaczynski (the Unabomber) and Chris Dorner (the former LA policeman and shooter) each formed their own manifestos and attacked on their own, but these types of true lone wolves are rare. There is usually a group purporting to represent some faction of society and offering terrorism as an answer. Second, the group offers an ideology – one that always wrongly attempts to justify terrorism and the attacking of innocent civilians for the cause. Third, there is some level of social support that can vary widely by context. A youth in Gaza thinking about joining a terrorist group, for instance, is likely to have many friends who are also part of Hamas or Fatah and may choose his group the way youth in other countries choose a football team. In contrast, a youth growing up in Boston, as Tamerlan Tsarnaev

036

did, will have to dig deeper in his community to find other like-minded individuals; although with the Internet, having a smartphone or computer handy means that one can quickly and easily tap into social networks supportive to terrorist groups. ISIS currently maintains a 24/7 presence on the Internet and produces thousands of videos, posters and memes for individuals to interact with on all of the social media sites. When a person shows interest in their activities, they quickly swarm in, providing him with one-on-one attention, care and nurture that is often lacking in his own life to recruit him further into the group. Lastly, there is some individual vulnerability that resonates with the first three factors – the group, its ideology and the social support

Lastly, there is some individual vulnerability that resonates with the first three factors – the group, its ideology and the social support provided by the group. provided by the group. This article identifies 50 factors that have to do with individual motivations and vulnerability (see Table One) and these can be broken into two groups: by whether or not the person lives inside or outside a conflict zone. According to the author’s research, those who reside in conflict zones are most often primarily motivated by trauma and revenge, as well as frustrated aspirations. They most often have family members who have been killed, raped, tortured, imprisoned or otherwise unfairly treated. They may have lost their home, territory, jobs and resources, and may be living under occupation. Often, there are checkpoints and conflicts that keep them from engaging in their studies or block them from steady employment. They are angry, hurt and easily resonate to a group that

offers to equip them to strike back. They often want their enemy to feel the same pain they do and, even if they know their terrorist act may be futile in every other way, they may be willing to even engage in a suicide attack in order to express their outrage, make the enemy suffer similarly, and sometimes even to end their own pain. If they are highly traumatised, a suicide mission may offer them psychological first aid of a short-term nature – they can honorably exit a life overtaken by psychological trauma, painful arousal states, flashbacks, horror, anger, powerlessness, survival guilt and traumatic bereavement. If the group is good at selling suicide, they may even believe that they will immediately go to Paradise, also earn Paradise for their family members, and that they will reunite with lost loved ones by taking their own lives in a suicide attack. But what about those residing in nonconflict zones like Belgium? What are the individual vulnerabilities that may contribute to their entering the terrorist trajectory? There are many. In places like Belgium, the Moroccan second- and third-generation still live uneasily, segregated from their white neighbours. They find themselves easily able to gain an education, but less easily hired and allowed into the mainstream middle class, which can lead to anger over marginalisation and discrimination. Unemployment, underemployment and frustrated aspirations can all lead to feelings of alienation and a longing for personal significance that a terrorist group may offer. When interviewing youth in Belgium (long before ISIS arose), the author found that youth of Moroccan immigrant descent reported being told “Go home Moroccan” at nightclubs, and at job interviews that prospective employers could never hire a Moroccan for the front office. One youth, Jamal, told, “If this country does not want me, I can find one that does,” referring to joining a militant jihadi movement. Now with ISIS having declared its caliphate, this draw is even more powerful to the socially alienated, the person falling off his tracks or unable to succeed in the society in which he lives. In the city of Brussels where the commune of Molenbeek has been labelled a

SECURITY SOLUTIONS 037

hotbed of terrorism, unemployment levels for Belgian citizens of Moroccan descent hover at around 30 percent. Yet ISIS currently offers any Muslim who is finding it hard to make his life in Europe or elsewhere a job, a wife, a sex slave, a house, perhaps even a car, and the promise of being a significant part of building the so-called caliphate. Anger over geopolitics, particularly if it is mirrored on the micro-level in one’s own life, can also play a very important part in providing a fertile ground for terrorist recruitment. Hamid in Antwerp, Belgium, told that he answered the call to Al Qaeda terrorist recruitment after the recruiter brought the conflict back home to local politics for him – asking if he did not live uneasily with his ‘white’ Belgian neighbours and fear what might happen if things rapidly fell apart in Belgium someday as they had in the Balkans when Muslim women became mass rape victims. Terrorist groups today use video, images and the Internet to portray extreme traumas and perceived, as well as actual, injustices in conflict zones such as in Syria, Iraq, Kashmir, Palestine and Chechnya. They argue the traumas are caused by an enemy other than the terrorist group and then call the viewer to fight against that enemy to restore justice and defend the defenseless. Al Qaeda for years argued that Islamic people, lands and even Islam itself were under attack by the West and therefore people all over the world had a duty to rise up and join a defensive jihad. The same is being argued today by ISIS. In a sense, these groups instil secondary trauma in the viewers of their raw and graphic videos. A Moroccan friend of the Casa Blanca bombers told, “We all viewed these videos of the war in Iraq and what was happening in Fallujah and we began to shake from the emotions of it all.” He surmised that the terrorist recruiter of his friends referred to what they had all seen on these videos and how they could fight against it. “You see how we have nothing here and will never get jobs or be able to be married. The most we can be is drug addicts as you see us, but their recruiter cleaned them up and showed them another way.” That way was self-sacrifice, attacking on behalf of others, and terrorism. He did clean the youth he recruited of their drug addiction, as well as provide purpose and significance

038

Unemployment, underemployment and frustrated aspirations can all lead to feelings of alienation and a longing for personal significance that a terrorist group may offer.

and he used the secondary trauma that the video recruiting materials caused to put them on a path that tragically and violently ended their lives and the lives of others. Part two of this article in the next edition of Security Solutions Magazine will continue the examination of individual motivations and vulnerabilities that may contribute to the making of a terrorist. Anne Speckhard Ph.D. is Adjunct Associate Professor of Psychiatry at Georgetown University in the School of Medicine and

Director of the International Center for the Study of Violent Extremism. She is author of Talking to Terrorists and Bride of ISIS and co-author of Undercover Jihadi. Anne was responsible for designing the psychological and Islamic challenge aspects of the Detainee Rehabilitation Program in Iraq to be applied to 20,000 detainees and 800 juveniles. She has interviewed nearly 500 terrorists, their family members and supporters from various parts of the world, including Gaza, the West Bank, Chechnya, Iraq, Jordan, Russia, Canada and many countries in Europe. Visit www. AnneSpeckhard.com for more information.

FAST. SIL ENT. STYL I S H . Our award winning speedgates keep your building secure with style. Find out which speedgate is right for you.

1300 858 840 www.entrancecontrol.com.au

Centaman Entrance Control Ad 2.indd 1

17/02/2016 11:27:40 AM

MASTER LOCKSMITHS Master Locksmith Association members are highly trained, fully qualified security professionals with access to the very latest in restricted key systems, from mechanical keys and locks to the world-leading electronic master key systems.

Find your nearest locksmith and MLA member at

THE MLA ADVANTAGE

DOMESTIC

COMMERCIAL

AUTOMOTIVE

SAFES

RESTRICTED KEY SYSTEMS

ELECTRONIC SECURITY

CCTV

SECURITY SOLUTIONS 039

ALARMS

040 SECURITY SOLUTIONS

Alarm Online By Kim Khor

Physical security systems have benefited from the technology revolution. Control modules are network-aware, or at least they connect to a PC. Some are PCs. They interact with a website account, or they contain a website. They provide remote access. They get system updates. The great thing about this is that users can interact with the system and configure and review it without needing all those special tools used in the old days. The convenience of using common software to configure systems, monitor online, send emails and SMS alerts, remotely access video feeds, and zoom in and out, is all too curious to resist. So, also, say the hackers. As an adversary, anyone can jump online and buy a zero-day, spear-phishing template for a few dollars. This lets a hacker create an email to send to a target, infect and control his PC, find out what software he uses, what gadgets are connected, what passwords he uses, and what web addresses he frequents. If he has remote video monitoring, the hacker now has that too. Neat. Included here are all detection, analysis, surveillance and alarm systems. For example, many people have global positioning system (GPS) trackers on their car for when it is stolen. What treasure might this decision expose to online adversaries? Could they hack the website account and monitor the car at whim? Would that let them turn on the hands-free kit and listen to a conversation?

History Physical security systems have a long history. In recent decades, they have become quite sophisticated and have followed the evolution of other digital embedded systems; that is, mechanical systems that contain computer software. Bigger or older physical security systems needed maintenance from skilled technicians with special cables. This meant that hacking these systems required high levels of creativity. As time passed, security systems became more like network devices that happened to relate to security. They were integrated into building management and automation systems, telecom systems and office networks. They were made easier to operate, and more feature-rich. This is a natural evolution for such systems. It is necessary for these systems to keep pace with the population’s appetite for risk, convenience and gadgetry. But there is a downside. While there is a range of sophistication and maturity in the systems, there is also a spectrum of self-preservation capability. The hardness of the system is often balanced against its ease of use. Concessions are also made for reasons of commercial efficiency. Sometimes, comically, there is no rational explanation for a risky design decision. A lack of operator expertise can compromise the state of the system in terms of IT security. The end result is a wide range of vulnerabilities being exposed with little awareness of the associated risks.

Scenarios Networked camera vulnerability A few years ago, a significant manufacturer of domestic security cameras accidently introduced a bug into its camera software. The bug allowed an intruder to view the camera feed on the internet, without the need for a password. Bulletin board websites and internet newsgroups started listing the web addresses at which the camera images could be viewed. Numerous breaches occurred, exposing the private video surveillance of households and elsewhere. The bug remained active in the software for the cameras for a number of years! It was estimated that only five percent of customers had registered with the manufacturer, so it is difficult to know how many people were affected, or how many know of the compromised camera systems. Data breaches The fact that people’s information is held by a third party means it can be improperly obtained from another source. The infamous Sony data breach (an arbitrary example among many) demonstrates that big budgets and ‘terms of use’ do not necessarily guarantee security. If a physical security provider is compromised in this way, what information and capability is exposed? Now that so-called advanced persistent threat resources are available for hire on the internet, the attack surface of physical security systems and their associated

SECURITY SOLUTIONS 041

ALARMS

technology must be re-thought as “From where am I visible?” Stuxnet The Stuxnet computer worm became famous for targeting nuclear fuel refinement robots (centrifuges) in Iran. It is said to have caused real physical damage in an unmanned sabotage operation. In broad terms, the malware turned up the rev limiter on the robots so they spun out of control and blew up. Although not a completely accurate description, it shows the concept. The systems it targeted were not connected to the internet. It jumped, morphed and hid. The studies have revered the design of the malware as if it were a magnificent mythical beast. This shows that a properly motivated intruder can overcome almost any obstacle via design ingenuity in the tactics or the tools. Social mechanics Quite often, the hardness of the system alone is not the deciding factor. Much hacker folklore is based on combination attacks. Social engineering is the practice of exploiting human behaviour for tactical advantage. In computer hacking, it is typified by examples such as: • Arrive at reception dressed like a maintenance guy. Ask for a visitor pass to get in, perhaps to clear a blocked drain (and plug in a little box). • Use 100 points of identification to change someone’s password or personal identification number (PIN) over the phone. • Get hold of a support guy’s toolkit. They often contain master passwords – back doors. • Drop a USB gadget in the car park for an employee to find, inherit and use at work. • Follow someone through a secured door, like the door to the shared bathrooms corridor, which also has the telco wiring riser and a wiring distribution frame to play with – piggybacking.

042 SECURITY SOLUTIONS

While there is a range of sophistication and maturity in the systems, there is also a spectrum of self-preservation capability. The hardness of the system is often balanced against its ease of use.

Whose responsibilities are these? Do not consider computer security and physical security as separate forces. They must interweave. Solutions Resist gimmicks The manufacturers of systems rush to give consumers a reason to be interested in them. They will give consumers half-baked software as long as the list of features sounds right. What many people fail to realise is that the gimmick which enticed them to purchase the software, or one of its many unused features, may be the very thing that makes it interesting to an intruder.

Include it in the risk matrix Anyone on the risk committee, or who gives advice to such committees, should get these issues on the table and state that there are connections between systems and there may be vulnerabilities. What to do? It is okay to just say, “We acknowledge the question, and will consider how to increase our knowledge.” That is an important step. Ask suppliers questions in writing Especially if there are any specific concerns, consumers should ask questions via email so they get a written reply and therefore a record of the supplier’s stated position. If the supplier dodges the question, politely restate it. If the consumer ends up in a bad corner, it can be valuable to be able to show that he made conscious efforts. Test suppliers Users should ask suppliers for logs, or something, and see how they respond. Tell them an IT security scenario is being firedrilled. Do they email a text-based log file that can be easily analysed, or do they fax shadowy pages that can hardly be read? Does it take minutes, or days? Use security awareness education Spear phishing cannot be forced on anyone; they have to fall for it. If consumers know what it looks like, they probably will not fall for it anymore. Staff, clients and system users are the best guardians of the systems, and the best coaches for each other. Empower them to do the work. They will enjoy being competent, and their confidence will spread beyond the office to their personal lives.

Kim Khor is a computer forensics expert. He consults on network security, incident response, risk and compliance, investigations, and electronic evidence management in the Asia Pacific region. He can be contacted at kimkhor@gmail.com

Delivering Proven Solutions for Security & Safety We Protect People & Assets SECURITY SOLUTIONS 043 www.magneticautomation.com.au

Conflict And Cameras: Facing The Reality Of Social Media

044

045

By Richard Kay Technology can benefit public safety operations in many ways. With advances in technology increasing at a staggering rate, there are many options available for public safety agencies to increase operational efficiency. However, pointof-view (POV) technology is now prevalent in people’s daily lives and, in the age of smartphones and CCTV, security personnel need to understand that they are always under scrutiny. This article examines the risk POV technology may pose to officers in the form of cameras and uploaded content to the public domain. Most readers will have seen, or at the very least heard about, incidents of interpersonal conflict and violence being videoed and uploaded to social media websites such as YouTube or Facebook. Most smartphones now have inbuilt apps that upload content directly to the user’s page with the simple press of a button. There have been numerous incidents of violence in schools that have been filmed and uploaded as a form of bullying and victimisation, sometimes with tragic consequences. A recent incident in Queensland involved a transit security officer who was verbally abused by a young offender whilst his friend filmed the whole thing on his smartphone and later put the video online. In this instance, the security officer remained calm and professional and did not react to the harassment from the offenders and, as a result, the incident was resolved without escalation – certainly a credit to the officer involved. With so many people in modern society having ready access to a camera, what can security officers do in relation to this matter? The key is to remain calm and employ appropriate interpersonal strategies to resolve incidents in a professional manner, the basis of which is taught during security licensing training. Harm Minimisation The objective in conflict situations is to defuse conflict before it reaches the level of physical aggression, so officers should be aware of the levels of conflict escalation. People often resort to aggression as a last resort, acting out of fear or desperation, whilst some choose violence as an ‘easy’ option, intimidating others to get their way rather than communicating rationally. Violence rarely occurs without reason and there

046

are usually precipitating factors to any violent episode. Officers should be aware that what they bring personally to the interaction can contribute to conflict, and this includes assessment of stressors and their style of interacting: • Are there ongoing problems in their life that are affecting their work? • How stressful is their work and is there greater stress on a particular day? • Are there clients or colleagues that ‘push their buttons’? • What is their attitude towards the subject? With additional stressors, anxiety increases and people become susceptible to errors in judgement. It is important to make a deliberate effort to diminish the impact of stressors by developing an awareness of personal style, as self-control is important to achieve situation control. Negative language reflects the mindset of the speaker and affects the outcome of a situation. It is common for people to view the world as dichotomous – only two possible choices, positive or negative – which leads to judgements and a closed mind. When resolving conflict, keep an open mind to all possibilities and opportunities. Once a pattern is developed, it takes effort to change this entrenched behaviour, so practice maintaining a flexible mind every day. It is important to accept each person and situation on its own merits and only deal with the situation at hand. Previous history can be useful, but do not let it affect the management of a situation. To effectively negotiate conflict situations, officers should endeavour to: • control breathing to stay calm • be patient and avoid arguing with the subject(s) • be aware of emotional triggers and ignore them • be objective and neutral • offer options, not ultimatums • incite empathy so the aggressor sees them as a person, not an object • adopt an assertive, not a confrontational, approach. The ability to ‘step back’ from an escalating conflict is an extremely valuable skill. Taking a step away or physically withdrawing can provide space, time and an opportunity to reassess.

It also sends a conciliatory, non-threatening message to the other party. Mentally stepping back is a process of reviewing, assessing and rethinking the strategy in a conflict situation. Interpersonal Communication To effectively communicate with people, it is important to understand the factors that affect interpersonal communication and seek to diminish their negative impact on the situation. Language should be clear, concise and appropriate to the situation, and communication should be courteous and reflect sensitivity to social and cultural differences. The verbal aspect (the words used) has the least impact in communication, but tends to be the aspect most people focus on. Obviously, the choice of words should be carefully considered at all times, as it can be as simple as having a single word misinterpreted for conflict to escalate. Officers should be adept at communicating with people at many different levels.

The key is to remain calm and employ appropriate interpersonal strategies to resolve incidents in a professional manner, the basis of which is taught during security licensing training. Tone (how the words are said) includes rate of speech, volume, pitch and inflection. The tonal aspect of communication is important, as any particular phrase can have a different meaning depending on how it is spoken and, therefore, how it is perceived. For example, loud volume, fast rate and high pitch can indicate anxiety and stress. Low volume, even rate and low pitch indicate calmness and assertiveness.

Body language makes up the bulk of interpersonal communication. The body gives a true expression of what a person is feeling, so it is important to observe for signals that indicate whether they are positive or negative in relation to an officer’s message. Officers should ensure consistency in their verbal and non-verbal messages, as the subject will perceive body language messages more accurately. An important feature of aggression is that it does not generally occur as an isolated act, but as part of a process. Awareness of this cycle can assist in assessing the subject’s immediate potential and choose an appropriate method for dealing with a situation before it escalates. Early intervention begins with detecting the subject’s emotive state and involves: • questioning: ask how he feels; does he have needs that are not being met • listening: hearing ‘feelings’ allows for identifying the source of agitation and can provide clues on how to assist him • validation: acknowledging feelings is extremely important, even if it is difficult to attend to the need or request. Verbal and Non-Verbal Strategies People have a personal space which they regard as their own. Officers need to respect this personal space whilst maintaining awareness of people entering theirs, especially in potentially violent situations where close proximity increases their vulnerability to attack. Maintain a balanced and relaxed posture to display confidence, and keep a safe distance of two-arm’s length; otherwise stand at 45 degrees to the side of the subject, if possible. Proper use of eye contact shows confidence and assertiveness and helps focus the subject’s attention on an officer. The incorrect use of eye contact may be deemed inappropriate and cause conflict by sending the wrong message to the receiver. Personalise communication by using names and terms like ‘us’ and ‘we’ to show involvement, rather than ‘you’ and ‘I’, which tends to separate. Officers should show respect for the subject’s position, display empathy and promote the benefits of taking their course of action, rather than consequences of choosing another. Ask questions to gather information and engage the subject’s brain, which assists in

reducing options for resistance; but give him an opportunity to answer in his own way. Active listening involves co-operation with the speaker, not competition. Using eye contact to focus on the subject and making listening noises indicates interest and shows him he is being ‘heard’. Provide feedback to clarify understanding, avoiding personal opinion or interpretation. Establish a cause for the subject’s behaviour. Encourage him to express his frustration or distress, but set reasonable limits and clear consequences. Clearly inform him that aggression is unacceptable, and outline the consequences if it occurs. Offer assistance by asking the subject what can be done to assist or help him and, where practicable, provide him with a choice of options. Keep requests to a clear, simple and direct manner. Remain neutral and avoid arguing. Do not criticise values or beliefs, or get involved in ‘power’ struggles. This supports a notion of being right and wrong, and will not support the process of resolution. Stay focused on the issue at hand and avoid being side-tracked. De-escalation versus Compliance Communication varies depending on the stage of conflict and what officers are aiming to achieve. The initial strategy will revolve around using language that de-escalates the intensity of the situation. If this does not work, then communication that asserts proactive control may be required. De-escalation phrases are used to defuse potentially violent situations by verbally offering alternatives to the subject’s current intentions, or outlining consequences of his course of action. Compliance commands are used for affecting assertive control. ‘Commands’ does not mean officers start screaming at the subject; it simply means they have chosen to take assertive control of the situation. Once this is achieved, return to normal communication, stressing calmness and cooperation.

Effective verbalisation during an incident is vital because it: • demonstrates reasonableness • informs the subject what the officer requires of him • creates witnesses from bystanders. A critical skill in officers developing effective conflict management strategies is the ability to assess a wide range of factors, including the subject, the situation/context, their own responses, the potential for escalation, risk factors and environmental issues. Assessment and strategic planning drive the choice of conflict management options, and it is important to ensure that this assessment is as thorough as possible. It is clearly important to acknowledge that assessment must sometimes be carried out in difficult situations, or even while trying to defuse a hostile confrontation. Focusing on assessment, however, helps to maintain a resolution-based approach and an awareness of any potential escalation features. Security companies should be proactive in creating awareness, through internal education strategies such as presentations, internal memos and updates to company orders, as officers representing the company in the workplace pose a risk through vicarious liability if they make poor operational decisions. It is only a matter of time before someone gets the idea to deliberately set up a security officer and video the confrontation in an effort to either gain social media notoriety or try to extract dollars from a security company through a lawsuit. No company wants their branding displayed over social media in a negative manner. Personal cameras and social media are a fact of life and officers need to remain alert to this in the operational environment. It is important that officers are not only seen to DO the right thing, but are heard to SAY the right thing. Officers should presume they are being filmed each and every time they conduct operations and act accordingly, because the reality is, they probably are! Richard Kay is an internationally certified tactical instructor-trainer, Director and Senior Trainer of Modern Combatives, a provider of operational safety training for the public safety sector. For more information, please visit www.moderncombatives.com.au

SECURITY SOLUTIONS 047

CCTV

The New Video Compression HEVC / H.265

048 SECURITY SOLUTIONS

SECURITY SOLUTIONS 049

CCTV

By Vlado Damjanovski

Video compression has come a long way since the introduction of the first digital transmission, the Integrated Services Digital Network (ISDN), back in the 1980s. Utilising (now long forgotten) H.261, a video compression standard used mostly for video conferencing, it was introduced by the CCIR (Consultative Committee on International Radio) group, which later became known as ITU (International Telecommunication Union). H.261 worked with CIF size video (352 x 288 pixels) and achieved sufficient good quality for video conferencing, especially when predominantly static people are just talking and hardly moving in a video conference. Around the same time, near the end of 1980s, personal computers became more popular and a new video compression standard was introduced for converting analogue VHS and S-VHS movies to fit onto a CD media – the MPEG-1. This was proposed by the Motion Pictures Experts Group (MPEG), and the main idea was to advise a video compression that can encode movies with up to 1.5 Mb/s, sufficient streaming speed to be played back from a CD media. The digitisation of analogue video became seriously attractive after the introduction of of CD media and larger computer hard drives. The MPEG-1 standard was the first attempt to digitise the video industry, predominantly the broadcast and multimedia. Like the H.261, MPEG-1 also worked with CIF size video and achieved sufficient good quality comparable to VHS recorded quality – i.e. up to 240 TV lines. After the introduction of S-VHS analogue recording some time in the 1990s, which claimed 400 TV lines of horizontal resolution, the broadcast industry had to come up with a video compression that equals or exceeds the S-VHS. Consequently, around 1993/1994, the MPEG-2 standard was proposed. This was a more advanced form of video compression than MPEG-1,

050 SECURITY SOLUTIONS

and allowed for much higher picture quality. Instead of saving movies on Betamax and S-VHS video tapes, it became possible to save a full featured movie in a digital format, in MPEG-2 on a newly created DVD media. Cable television was possible, where MPEG-2 streams were used to transmit the content. MPEG-2 was designed to use more than 1.5 Mb/s, although it was backwards compatible with MEPG-1, it could go over 16 Mb/s. The DVD quality movies were typically encoded with around 4 Mb/s, surpassing VHS and even S-VHS resolution of 400 TV lines. A typical MEPG-2 encoded high quality video was using so-called D1 resolution (or 4CIF) which was designed to offer up to 450 TV lines. Ten years have passed since the introduction of MPEG-2, and the television industry decided on yet another huge jump – the High Definition TV (HD TV) format. The HD is a digital video format from the source, rather than being converted from analogue, as was the case with DVD media. The HD format is the current television format and it is also known as 1080HD with 1920 x 1080 pixels. HD offers five times the pixel count of D1 resolution. When an HD signal is produced by an HD camera, it comes out as 1.5 Gb/s or 3 Gb/s stream, depending on if it is 1080i (interlaced) or 1080p (progressive). This is huge data traffic coming out from one HD camera, impossible to imagine 20 years ago. In order to be able to transmit and store such a huge amount of video data, a new video compression was needed. Although MPEG-2 was flexible enough to cater for HD video format as well, a more efficient video compression was needed. As a result, about 10 years after the introduction of MPEG-2, the Advanced Video Codec (AVC), also known as H.264, was introduced. The H.264 is the current most popular video compression, used for broadcasting, saving high quality movies on Blu-Ray

disks, or recording HD and MP multiple CCTV cameras. The H.264 offers at least four times the efficiency of the MPEG-2, so that a nice looking HD stream would require around 16 Mb/s with MPEG-2, but the same visual quality can be achieved with only 4 Mb/s using H.264. AVC or H.264 is still the most popular video compression today, used in broadcasting, storing HD movies on BlueRay disks, and certainly in IP CCTV for recording and transmitting multiple HD and MP CCTV cameras. H.264 offers at least four times the efﬁciency of MPEG-2, so while a nice looking HD stream would require around 16 Mb/s with MPEG-2, the same visual quality can be achieved with H.264 using only 4 Mb/s. In fact, what was a very decent compression for SD D1 video using MPEG-2, at 4Mb/s, it is the same streaming bandwidth of only 4Mb/s with H.264 that achieves a very good video quality for 1080 HD. Now, another 10 years have passed since the introduction of the H.264. The latest television advancements are now offering even larger video formats, socalled 4k video, with quadruple the pixel count of HD, i.e. 3840x2160 pixels. 4k is basically equal to live streaming of 8 mega pixel video. It is also known as Ultra-HD-1 resolution. Many broadcast studios, and many production houses, are already using 4k on their movie sets. An even more impressive format called 8k is being experimented with, offering another quadruple resolution of 7680x4320 pixels, which is almost 32 mega pixels of live streaming video. This is also known as Ultra-HD-2. When viewing 4k, and 8k video, a viewer sits closer to the display relative to the viewable details and this immerses the visual sensors completely. It is said that the viewing experience is almost three dimensional without having the 3D

QUANTUM DELIVERS

an intelligent, scalable storage platform to build the new video surveillance and physical security infrastructure.

Addressing the challenges created by more cameras, higher resolutions, and increasingly complex analytics, Quantum solutions enable customers to maximize critical data value by storing, sharing and preserving digital assets over their entire lifecycle.

Find out more from Quantum ANZ: ANZsales@quantum.com or 1 800 999 285 (Aus) or 0800 105 999 (NZ) www.quantum.com/video-surveillance

SECURITY SOLUTIONS 051

CCTV

goggles. This was reported by many viewers watching the London Olympics in 2012 with the experimental 8k video. The H.264 compression can be applied to 4k video too, but more efficient video compression was sought after. So, in 2013, a new video compression, H.265, also called High Efficiency Video Codec (HEVC), was introduced. What are the key features of the HEVC/H.265? First, and most importantly, it is twice as efficient when compared to AVC/H.264. This means, to produce the same visual quality of what H.264 would produce with 4 Mb/s, HEVC/H.265 could produce it with 2 Mb/s. To put this another way – with the same stream as H.264, H.265 will produce a video stream twice as nice visually and smoother to watch (if there was a way to measure nice and smooth). In 2014, a subjective video comparison was conducted by BBC among the students at the University of West Scotland and the following score was produced: H.265 average bit-rate reduction compared to H.264 Video format => 576i 720p 1080p 4k HEVC/H.265 52% 56% 62% 64% This potentially means saving a lot of hard disk space if we were to encode with H.265 but wanted to obtain the same visual quality as what we are doing today with H.264. Of course, in order to do that, the source material needs to be encoded with H.265. Certainly, this also means saving in network bandwidth, not just storage space. The key technical reason behind the improvement of H.265 over H.264 is in the more complex intra-prediction of moving objects, using partitions of the frame versus macro blocks, and allowing up to 64 x 64 pixel blocks. While HEVC/H.265 increases the compression ratio, at the same time it is also more effective at predicting the details of moving objects, subdividing the compression blocks to quarter size, and managing colours more efficiently. This is

052 SECURITY SOLUTIONS

necessary because, while the 4k sensors have an increased number of pixels, they may also have an increased number of frames per second (50, 60, 120 or even 240 fps). Currently, 25 fps (frames per second) is considered as sufficient for “live motion” in CCTV. However, larger displays using 4k resolution (and soon to be released 8k displays) have a more noticeable flicker effect when viewed up close. The flicker effect is the result of the old 24 pictures per second phenomenon from the early days of film, known as human eye persistence. The eye persistence effect is more noticeable with our peripheral vision and it is stronger with bigger and brighter displays. In order to minimise the flicker effect on our eyes, displays need to produce more frames per second. One way to increase the displayed frames per second is to simply duplicate the frames within the TV itself, without necessarily having to capture footage using 50 frames at the camera, you just double the frames of a 25 fps signal. That said, the proper way to reduce the flicker is to increase the frames per second on the camera itself. Eventually, all cameras in the near future will not only have 4k display or more, but they will produce more fps as well. To encode such a high megapixel stream with such a large frame rate, more capable video compression will be required. This certainly has been considered in H.265. Switching from HD to 4k When switching to 4k video, with H.265 video compression, your system will use the same bandwidth as with HD video with H.264 video compression. There is no need to update the network or your storage. Of course the cameras and the displays will need to be upgraded from HD to 4k. Many broadcast studios, and many production houses, are already using 4k on their movie sets. Many CCTV camera manufacturers have already showcased and are now shipping 4k cameras. Some of them are using H.264 video compression for the 4k format, but some have already

embedded H.265 encoders inside their 4k cameras. 4k Display screens are already available and they are not much more expensive than their HD predecessors were a few years ago. How about 8k? An even bigger and more impressive format known as 8k is being experimented with now. 8k offers quadruple again the resolution of 4k equaling 7680x4320 pixels. This is 32mega pixels of live streaming video, also known as Ultra-HD-2. When viewing 4k, and 8k video, a viewer sits closer to the display relative to the viewable details and this immerses the visual sensors completely. It is said that the viewing experience is almost three dimensional, without having to use 3D goggles. This was reported by many viewers watching the London Olympics in 2012 with the experimental 8k video.

More processing power and better displays There is a price to pay for such an advancement in video compression. This price is even higher demand for processing power than what was needed for H.264. HEVC technical papers state that H.265 encoders require 3–5 times more processing power than the H.264 encoders. This would typically be done in the silicon (encoder chips) of the new 4k cameras. The H.265 decoders should be a little bit less demanding then the encoders, but would still require 1.5–3 times more processing decoding power than H.264. This is important for anyone in CCTV to understand, as most of the decoding in CCTV is done in the software of the operating system, as is the case today with most HD client stations. This will clearly require even more CPU and GPU computer power, and more efﬁcient viewing software.

Certainly, display quality needs to be adequate as well. When using 4k cameras, one should really use 4k displays as well. While it is still possible to display a 4k feed on a HD display, unless you have digital zooming ability in your client software, having 4k cameras on an HD display is almost pointless. When making the switch to 4k, make sure you have suitable workstations that have sufﬁcient processing power to decode and display 4k video streams smoothly. You need to be even more cautious if you wish to view multiple 4k streams simultaneously. Vlado Damjanovski is an author, inventor, lecturer, and closed circuit television (CCTV) expert who is well-known within the Australian and international CCTV industry. Vlado has a degree in Electronics Engineering from the University Kiril &

Metodij in Skopje (Macedonia), specialising in broadcast television and CCTV. In 1995, Vlado published his first technical reference book – simply called CCTV, one of the first and complete reference manuals on the subject of CCTV. Now in its 4th edition, and translated into four languages, Vlado’s book is recognised the world over as one of the leading texts on CCTV. Vlado is the current chairman of the CCTV Standards Sub-Committee of Australia and New Zealand. In his capacity as chief contributor, Vlado has helped create the Australian and New Zealand CCTV Standards (AS4806.1, AS4806.2 and AS4806.3). He can be contacted through his website www.vidilabs.com

SECURITY SOLUTIONS 053

BUSINESS

054 SECURITY SOLUTIONS

The Gate:

How Little Things Make Big First Impressions

SECURITY SOLUTIONS 055

BUSINESS By Ray Hodge Some home entry gates are enticing, welcoming and warming. People imagine that, once opened, a charming path leads to the grand homestead. Other gates are old and dilapidated, where it is imagined that, upon entry, the path beyond is riddled with potholes, obstacles and wilting weeds guiding the way to a rundown shack. First impressions are the gate of a business. Customers make up their minds almost immediately (seven seconds is what some researchers have discovered) and it is those little things that make the big difference. In today’s highly competitive business environment, it is not good enough just to be the cheapest (and nor should that be the goal if a company wants a decent bottom line). Each individual organisation requires a point of differentiation – how it can stand out amongst the competition. Strangely enough, one of the most effective starting points is perfecting the basics. It is in the perfecting of these foundational elements that new customers will be attracted and where existing ones will return. In today’s business world of dismal customer service and poor presentation, it does not take much to stand out from the crowd – and that is before even considering core business differentiation. The following are some of the basics that many businesses neglect: • culture of personable professionalism • staff presentation • response times • order and cleanliness • keeping promises • energetic communication.

Culture of personable professionalism Underlying all first impressions is the company culture and, like it or not, the culture that exists in a business is a direct reflection of its leadership. The author recently dined in one of Brisbane’s top restaurants. The food was wonderful, but the service he labels as detached professionalism. Yet another down the road had the mix of professional and personable right. He has been a patron there for years. Customers want staff to be professional, but also to be friendly and interested in them as a person. Talking about their dog, their work or their family speaks volumes to customers. If leaders are not demonstrating this, and the business is all about productivity and profitability, then the business will miss this point of differentiation.

056 SECURITY SOLUTIONS

Each individual organisation requires a point of differentiation – how it can stand out amongst the competition. Strangely enough, one of the most effective starting points is perfecting the basics. Being personable starts at an internal level within the company. It is about leaders and their people connecting at a personal level while they are doing their work. It might also mean establishing a regular social activity or a weekly meeting where leaders and staff eat and drink together to foster a feeling of community. If employees are connecting personally and are happy in their work, it stands to reason it will flow out to customers. Customers return to companies where they feel they are valued as a person, not just valued for the money they spend. A company’s culture will not change overnight, but establish a vision for it, make plans for changes and introduce one thing at a time.

Staff presentation Presentation here is about how staff ‘present’ to the customer in language, appearance, interest and so on. Unironed shirts, unkempt hair, a waitress asking “what do ‘yous’ want?”, a receptionist using the ‘f’ word when customers are in reception, a salesperson disinterested in the customer… no doubt, readers have experienced similar. This is a big one for first impressions. The first interaction with a company should be the customer experience that invites the person through the gate.

Promptness People love promptness. Even if the initial reply is a message that says “I will call you tomorrow at 10am”, prompt communication is one of the basics that many neglect and will set a business apart instantly.

Order and cleanliness Customers will quickly form first impressions around order and cleanliness. When customers walk through the door, will they see order or chaos? Things should be tidy, with a friendly atmosphere that welcomes people through the gate; it should not look like no one cares. For example, if a

tradesman turns up to a customer’s home in a filthy vehicle, looks like he slept in his clothes or leaves a mess upon his departure, the customer will more than likely judge the company to be unprofessional and think twice about using it again.

Keeping promises “I will have the quote to you tomorrow.” “I will give you a call this afternoon.” “Our technicians will be there at 4pm.” It is a strange thing, but customers actually believe what staff say they will do. Then, when they do not follow through, it dents trust. Break enough promises and a business will fully shatter trust.

Energetic communication The initial contact with a potential customer at the gate for many companies is via the phone. The energy and corresponding voice tone communicates either a friendly welcome to come inside or a ‘go to the next gate’. Ever called someone and he/she sounded like he just got out of bed? Or have callers felt like they have just intruded on a receptionist’s day or encountered a dreary voicemail message? Leaders must work on themselves and their employees to raise personal energy when communicating, whether in person or via the phone. Summary Will a business always get the basics right? No. Humans are involved. But business owners and leaders can make a commitment to perfect the basics through an incremental and improvement change process. Establishing written standards, exemplary leadership, social activities with employees, key performance indicators, customer surveys and reward systems all play a part in creating a company that is different purely based on treating people with respect, which in the end all boils down to common sense. Leaders need to create a gateway to their business where customers love to return. There is never a second chance to make a first impression. Ray Hodge speaks and consults to government, businesses and organisations. His emphasis is on improving critical efficiencies to dramatically increase key results. He has coached and provided consulting services to leaders and teams for over 25 years. Ray can be contacted at: ray@rayhodge.com.au or on 0403 341105.

Real Time GPRS Starter Packs SPECIAL • 1 UniGuard 12 software † • 1 Year Server Access Fee • 1 GPRS RFID Recorder OR GPRS iButton Recorder • 1 GPRS Charger • 1 GPRS Pouch • 20 iButton checkpoints or 20 RFID Passive Checkpoints • BYO Sim Card* *or ask the sales rep for additional Sim card. †

$1595 +GST $ 1 1 9 5 +G ST

Premium software pack: was $4940 NOW $3940

Offer is valid for a limited time only. Get in while it’s hot!

UniGuard management & security

www.UniGuard.com.au 1300 1333 66

R E L I A B L E. EF F ICI E N T. Our award winning turnstiles keep your building secure with style. Find out which turnstile is right for you.

1300 858 840 www.entrancecontrol.com.au

Centaman Entrance Control Ad 3.indd 1

17/02/2016 11:27:25 AM

SECURITY SOLUTIONS 057

COVER STORY

058 SECURITY SOLUTIONS

IF POPULARITY

TRUMPS SECURITY

SECURITY SOLUTIONS 059

COVER STORY

By Colin Wight It is not entirely clear quite when it happened but, at some point over the last three months, the improbable became likely. Indeed, barring a spectacular collapse in popular support, or convoluted Machiavellian contortions at the Republican convention, it looks likely that Donald Trump will be the GOP (Grand Old Party – a term used to refer to the Republican Party) candidate for president later this year. The GOP hierarchy may be lining up against Trump’s candidacy, but they are not fools, and the grassroots anger that has gotten him this far will only get angrier if the Republican establishment attempt to deprive him of their nomination. It is easy for outsiders to deride Trump’s bombastic and hate-driven form of populism, but his speeches are not targeted at outsiders. Trump knows his audience and has reached out to them with spectacular success thus far. It is difficult to see how he can translate that success at the party level into national success in a presidential campaign. Yet, this is politics and stranger things have happened. What if Trump continued to defy all expectations and was elected to be the 45th president of the US? In particular, what kind of foreign policy could be expected from Trump and what would be the security implications of that policy? According to the Economist Intelligence Unit, the election of Trump would be one of the top 10 greatest risks to global stability. This is a remarkable intervention into the domestic politics of the world’s pre-eminent superpower and it is the first time that a US (yet to be nominated) candidate has been included in the list. A Trump presidency, according to the Economist, both threatens the global economy, as well as US politics and national security. Rated on a scale of 1 to 25, with 25 considered the most dangerous, Trump scored a 12. Yet the reasoning of the Economist Intelligence Unit is as flawed as most of Trump’s foreign policy announcements. Indeed, Trump’s global stability rating can only be based on assumptions about what he might do if he wins the presidency. And that judgement can only be made on the basis of Trump’s utterly incoherent foreign policy declarations.

060 SECURITY SOLUTIONS

A Trump presidency, according to the Economist, both threatens the global economy, as well as US politics and national security.

In effect, the Economist Intelligence Unit has taken Trump’s statements on foreign policy at face value, and that is far more seriously than they deserve. Trump’s foreign policy statements at this point in time are a poor guide to the kind of foreign policy he would be likely, or able, to pursue if he were to be elected president. There are two reasons for this. First, his current foreign policy stances are aimed at gaining the Republican nomination and are not a clear set of policies that he will implement if elected president. That explains why he has thus far failed to attract any major foreign policy heavyweights to his team. And it is not only that he has failed to attract them, but also he does not want them. Aligning himself with key figures in the Republican foreign policy establishment would automatically send a signal of intention about his real foreign policy stances and that will not play out well with the audience he needs to attract to get the Republican nomination.

Trump’s success thus far has been based on his ‘outsider’ status. He is outside the Republican Party elite and outside the Washington cognoscenti. It is a place he is happy to be. Until he gains the nomination, he will do nothing to change that stance. This means that all of his foreign policy pronouncements to date should be taken with a large pinch of salt. Second, the idea that even if he were serious about his foreign policy stances, that he would be able to implement them when in power misunderstands the nature of the foreign policy decision-making process. Often described as the most powerful person in the world, even the US president does not operate in a context lacking in constraints. Anyone who doubts this should reflect on Barack Obama’s ongoing attempts to close Guantanamo Bay; something he promised to achieve by 2009. Obama’s audacity of hope in the possibility of change was at the heart of his first election campaign. Yet, what he encountered when entering office

BIG

on reliability on storage on security on ideas on performance

terabytes

NAS - 24x7, 180WLR, RV Sensors, 5 Year Warranty, +Rescue Option, 8 Drives per Bay

A landmark 10 years - A landmark 8TB drive Enterprise NAS - 24x7, 300WLR, RV Sensors, 5 Year Warranty, +Rescue Option, 16 drives per bay

With a decade of innovation & development, Seagateâ&#x20AC;&#x2122;s new 8TB drive makes for a truly reliable surveillance partner. SURVEILLANCE - 24x7, Up to 64 Cameras, RV Sensors, 3 Year Warranty, +Rescue Option,

seagate.com

Archive - 24x7, 180WLR, RV Sensors, 3 Year Warranty, SMR Technology

Desktop - 7200RPM speed, 256MB Cache, 3 Year Warranty

SECURITY SOLUTIONS 061

COVER STORY

Trump’s foreign policy statements at this point in time are a poor guide to the kind of foreign policy he would be likely, or able, to pursue if he were to be elected president.

was a structural context that impedes change, and that context would likewise confront Trump. The ability of any politician, including the US president, to mould foreign policy in new ways is severely circumscribed by the world itself and the structural context in which decisions are made. Those involved in foreign policy decision making tend to be conservative, and with good reason. So even if Trump were totally serious about his foreign policy announcements, he will face an institutional and structural environment that is highly resistant to large-scale change. And this is not just the diplomatic core, which Trump is often so scathing about, but also the Pentagon and the Joint Chiefs of Staff who are clearly unhappy with many of the outcomes of poorly conceived foreign policy adventures. Still, this does not mean that there are no insights to be gained into how a Trump presidency might approach foreign policy, and there are glimmers of a policy that occasionally

062 SECURITY SOLUTIONS

shine through the bombastic bluster of Trump playing to the disaffected Republican crowd. In short, what can be expected from a Trump presidency will be a well-travelled route based on ‘America first’, nationalistic isolationism and moralistic public pronouncements, but little in the way of resources aimed at following up those pronouncements. This is pretty much the standard foreign policy line of all Republican administrations apart from George W. Bush, who disastrously went off at neoconservative tangents. It is best described as a form of realism brilliantly articulated by the likes of Hans Morgenthau, one of the major twentiethcentury figures in the study of international politics. However, there are also important differences between Trump’s vision of foreign policy and that of Morgenthau’s. Some of the crazier things Trump has said about foreign policy can simply be dismissed. The Great Wall of Mexico for example, plays to the Republican crowd, yet even if he builds

it there is no way Congress will pay for it, let alone Mexico. Banning Muslims from entering the US will run into all sorts of legal challenges, although it is conceivable he could increase ‘profiling’. As for bringing back torture, well there is simply no way that he will persuade military and security officers to violate international law. These are the outer edge of a foreign policy stance that is verging on fantasyland. Many of Trump’s supporters find them attractive, but they are not realistic policy options, and Trump knows this. That said, there are at least two sources where hints of his actual beliefs can be found. The first is a lengthy interview by Maggie Haberman and David Sanger of the New York Times. The second is his foreign policy address to the American Israel Public Affairs Committee (AIPAC) that was markedly different in style from his usual, off-the-cuff campaign comments. Taken together, both the speech and the interview could have been delivered by

Your one stop shop for an Interlogix security solution

A complete Intrusion and Access Control solution for your businesses.

Engineered to provide exceptional sensing and detection performance.

Superior video surveillance capabilities to meet modern commercial application needs.

Formerly Sentrol, ITI provide hard-wired intrusion detection options, including switches and magnetic contacts.

IFS速 delivers cost-effective, high-performance network transmission solutions for IP Video, Access and Life Safety Applications.

MELBOURNE | SYDNEY | BRISBANE | ADELAIDE | PERTH

1300 663 904 securitymerchants.com.au

SECURITY SOLUTIONS 063

COVER STORY

any of the Republican presidential candidates this year. Two broad things differentiate Trump’s view of foreign policy and the typical ‘America first’ type of realism that Morgenthau and most Republicans have espoused. Morgenthau’s sixth principle of international politics suggests that politics is an autonomous realm of human activity. Politics is concerned with power and influence, not the financial bottom line. Trump, on the other hand, does not seem to understand the basics of foreign policy and treats it as a branch of business or economics. His grand narrative is that the US is in decline and what explains that decline is the economic costs associated with US leadership of the international system. Trump expects the US to continue to provide leadership of the international system, but to have the costs of that leadership borne by those who most benefit from it. As he puts it, “Now, I am a person that – you notice I talk about economics quite a bit, in these military situations, because it is about economics, because we do not have money anymore because we have been taking care of so many people in so many different forms that we do not have money… I mean, we defend everybody. (Laughs.) We defend everybody. No matter who it is, we defend everybody. We are defending the world. But we owe, soon, it is soon to be $21 trillion. You know, it is 19 now, but it is soon to be 21 trillion. But we defend everybody. When in doubt, come to the United States. We will defend you. In some cases free of charge.” Trump’s view of foreign policy as a branch of economics is not surprising given that he has no background in foreign policy, but extensive experience in business. Indeed, he has admitted that what he knows about foreign policy comes mostly from the media. Astoundingly, he also believes that on the basis of this limited knowledge he has an aptitude for foreign policy matters; as he puts it, “But it was not something that came into play as a business person. But I had an aptitude for it I think, and I enjoyed reading about and I would read about it.”

064 SECURITY SOLUTIONS

In short, what can be expected from a Trump presidency will be a welltravelled route based on ‘America first’, nationalistic isolationism and moralistic public pronouncements, but little in the way of resources aimed at following up those pronouncements.

The second major aspect of Trump’s approach to foreign policy is the emphasis he places on the importance of ‘unpredictability’. There is nothing unusual about this in terms of foreign policy practice and in many respects he is simply following many of the precepts set out by Machiavelli in The Prince. Still, while there is some logic to the non-disclosure of intentions in relation to enemies, in a globalised and highly interdependent world, ‘trust’ is highly valued and helps oil the wheels of interstate cooperation. Hence, not communicating intentions to friends can only increase the possibility of misunderstandings. Given these broad approaches, what then can be expected in terms of specifics from a Trump doctrine? To begin with, his ‘America first’ policy will inevitably lead to a more isolationist foreign policy than has been witnessed for the last two decades or so. Typically, isolationism refers to America’s longstanding reluctance to become involved in European alliances and wars. Isolationists have always believed that America’s perspective on the world was different from that of European societies, and that America could advance the

cause of freedom and democracy by means other than war. Importantly, however, American isolationism did not entail disengagement from the world stage. Isolationists were not averse to the idea that the US should be a world player and further its territorial, ideological and economic interests. This form of isolationism is at the heart of the Trump doctrine. However, given that isolationism is not equivalent to disengagement, then what kind of policies might Trump adopt? First, there is no doubt that there will be a return to a more unilateralist policy coming out of Washington. Left to his own devices, Trump would clearly withdraw from global and regional institutions if his demands were not met. Thankfully, he will not be left to his own devices but, nonetheless, there is no doubt that he would push for what he perceives to be a more equitable economic input from states that benefit from US leadership in international affairs. He has said this clearly in relation to The North Atlantic Treaty Organization (NATO), but also South Korea. In both cases, he thinks that the Germans and the South Koreans in particular are not

paying their way in terms of covering the costs for the security blanket the US provides. This is not a new argument, and it forms the basis of Robert Kagan’s influential neoconservative book Of Power and Paradise. However, Trump’s economic version of it misses some vital facts about foreign policy. What America gains from NATO and close contacts with South Korea cannot be measured in purely economic terms. Trump clearly is not conversant with how power operates in the international system, or he thinks it comes out of the vaults of a bank. What American leadership of the system facilitates is influence, alliances and a role that allows them to shape the international order in ways that benefit the US. Despite the many problems with the concept, ‘soft power’ is as important today as is military power. The normative environment surrounding the use of force has radically changed, and it is no longer possible to use military force to achieve one’s ends without taking into account the negative normative costs associated with the use of that power. It can seem that Trump has no understanding of these developments and that he intends

to dismantle the post-WWII world order and return the international system to one where the great powers constantly compete. However, despite his claims, there is little prospect of this happening, not least because in reality, this system was constructed to serve American interests, but also because many of the other major states in the system, including China, benefit from it. Of course, many states suffer as a result of this post-WWII system, but those are not the type of states Trump would want to ally with. However, Trump will clearly use trade as a weapon, particularly in relation to China, and for a country such as Australia, which is so dependent on trade with China, that is perhaps the greatest worry. Any trade war between the world’s two largest economies can only be bad for business for everyone. Australia would not be immune from this. In fact, for a businessman, Trump has a strange understanding of the role of trade in the global security framework. Trump has repeatedly condemned what he views as unfair trade deals that have allowed countries like China to benefit at the expense of US jobs. He has said he supports free trade, but not “stupid trade”. “I feel that we have had horrible negotiators, horrible trade deals,” he said at the most recent Republican debate.

“The jobs in this country are disappearing, and especially the good jobs.” But yet again, most of these pronouncements can be taken with a large pinch of salt, and it is simply not going to be possible to rip up trade deals in the way he suggests. Once again, his rhetoric can largely be explained as a siren call to those Republican voters he needs to gain the nomination. What about Israel, Iran and the Middle East? He has claimed he “would knock the hell out of ISIS in some form. I would rather not do it with our troops, you understand that.” Effectively, what this means is that he would attempt to put pressure on other countries to use their troops and supply US air support; basically a continuation of Obama’s policy. Given his bellicosity, however, it would be expected to see an increase in drone activity and a ramping up of air support in Iraq and Syria. But in Syria, as well as in Europe, he clearly believes that he can do business with President Putin. This suggests that he would be prepared to leave dictators and autocrats in power free of external interference. It is certainly clear that he believes that if Assad and Gadhafi were still in power, the Middle East would not now be such a mess. Also, of course, he has argued that he wants to dismantle the nuclear weapons deal with Iran.

However, Trump will clearly use trade as a weapon, particularly in relation to China, and for a country such as Australia, which is so dependent on trade with China, that is perhaps the greatest worry. SECURITY SOLUTIONS 065

COVER STORY

In the final analysis, a Trump presidency, however unlikely, would not be the foreign policy disaster many are predictingâ&#x20AC;Ś Foreign policy has its own dynamics and logics as the Trump doctrine will discover.

According to Trump, the biggest concern with the deal is not necessarily that Iran is going to violate it, but that they can keep the terms and still get to the bomb by simply running out the clock and, of course, using the dividend gained from the lifting of sanctions to fund their attempt to gain pre-eminence in the region. This is something he could achieve, and there are many on the right in the US who would support rejecting the deal with Iran. The consequences of doing so, however, could be increased tensions in the Middle East, and an emboldened Israel taking unilateral action

while the Trump regime looks the other way. His support for Israel seems to be genuine enough, although if he follows through on his plan to move the US embassy from Tel Aviv to Jerusalem, the prospects of achieving a solution to that conflict would seem to be beyond reach. Finally, there are Trumpâ&#x20AC;&#x2122;s contentious views on nuclear proliferation, which ironically enough, do have some basis in the academic literature; although it is clear Trump has not read it. Strange as it sounds, the idea of using well-managed proliferation to bring stability

to certain regions is the argument advanced by American political scientist Kenneth Waltz. However, it is surely a dead-end argument, and the possibility of terrorists gaining access to nuclear material of any kind makes the thought of proliferating nuclear weapons a particularly dangerous idea. In the final analysis, a Trump presidency, however unlikely, would not be the foreign policy disaster many are predicting. Australia should not be complacent, but the prospects of him achieving some of his stated foreign policy goals, even if elected, are even more remote than the possibility that he will be elected. Foreign policy has its own dynamics and logics as the Trump doctrine will discover. Colin Wight is a Professor in the Department of Government and International Relations at The University of Sydney. In addition to his current roles as a lecturer and PhD supervisor, Professor Wight is Editor in Chief of the European Journal of International Relations, and has written a number of books, including Rethinking Terrorism: Terrorism, Violence and the State and Agents, Structures and International Relations: Politics as Ontology, both available through Amazon.com He can be contacted via email at: colin.wight@sydney.edu.au

Image: GrAl / Shutterstock.com

066 SECURITY SOLUTIONS

SECURITY SOLUTIONS 067

FEATURE ARTICLE

Is Security Really About Security By John Bigelow In the quest to test and possibly even burst assumptions, one must put forward thoughts and ideas designed to test established paradigms. The aim of this short piece is not to provide definitive proof via academic research of a particular flaw in current thinking around security management, but rather, to highlight the possibility that some security managers have become entrenched in a particular way of viewing the world, and that this view may be at odds with that of their corporate masters. Further, it has been written with a view to promoting discussion around the concept that there is a middle ground between the traditional aims of security managers and the needs of the organisations they serve. And that by seeking this middle ground, security managers can not only more effectively achieve the goals of their department, but also add significant value to an organisation. For some, these ideas may seem obvious; to others they may seem ridiculous. Either way, as long as people discuss them, then they can start to burst assumptions.

068 SECURITY SOLUTIONS

Even today, there are people who still think that security is all about using guns, guards and gates to protect people, property and assets. Of course, 20 years ago this may have been true, but a great deal has changed in the world of security in the last two decades â&#x20AC;&#x201C; especially in the world of corporate security. It is reasonable to assert that much of that change has been driven by the changing nature of threats affecting security over the last 20 years. However, to believe that this has been the only driver for evolution would be to ignore what is arguably one of the greatest driving factors in the evolution of modern security â&#x20AC;&#x201C; the desire for security to be seen as a profession as opposed to a function. In the quest to effect this change, savvy security managers have come to understand that the quickest path to corporate legitimacy and acceptance is paved with gold â&#x20AC;&#x201C; literally. If they wish to gain a seat within the the C-Suite, alongside finance, marketing and human resources, then they need to be

able to demonstrate the ability to achieve yearly revenue targets and generate income as opposed to simply being a red line at the bottom of the corporate ledger each financial year. Of course, the journey from the traditional, reactive role of guns, guards and gates to a more modern proactive security position of protecting brand, reputation and information (in addition to the traditional protection of people, property and assets) has not only required a paradigm shift within security, but it has also given rise to the need for security professionals to break out of their silo and develop mutually beneficial relationships with other departments within an organisation. The days of secrecy and isolation have, by necessity, given way to openness and cooperation. Today, the savvy security manager knows that the best way to achieve his or her goals is to find ways to tie those goals into the goals of other departments within the organisation. How can security help marketing achieve

their revenue targets or protect the brand that marketing has spent millions to create? How can security help human resources (HR) minimise financial damage to the business by way of reducing the potential for hiring unsuitable candidates or minimising the number of expensive workplace lawsuits? How can security help finance and procurement reduce costs and increase profits? How can security help operations minimise downtime and ensure that the business is resilient enough to get back on its feet as quickly as possible in the aftermath of an incident? How can security help IT protect valuable intellectual property and data? These are the questions that drive many modern security departments. This new focus, born of the need for security to have greater interoperability with other business units, has given rise to new and interesting possibilities with regard to budget acquisition for today’s security departments. Once upon a time, a security manager would be required to go before the board, cap in hand, in the hope of securing funding to upgrade systems or retain staff. Today, security managers are starting to realise that accessible sources of revenue can be found through other departments within the organisation, such as marketing and HR, if they can aptly demonstrate how security can use those funds to help those departments meet their key performance indicators (KPIs). For example, where a security manager might have previously struggled to petition the board for funds to upgrade the current analogue CCTV system to a newer digital system, especially where the current analogue system is still working, the same request might achieve three times the funding if channelled through the marketing department. In order to achieve this, security need only demonstrate to marketing, and the board, how the new digital system can help to improve marketing returns by way of things like helping to identify which promotional campaigns are and are not working. Take the example of a busy casino, shopping centre or airport. Using heat mapping as a function of the new digital CCTV system, security can track which promotional displays attract the greatest attention as opposed to the displays which attract little or no attention. Further, CCTV cameras positioned within digital signage, while providing greater covert

Today, the savvy security manager knows that the best way to achieve his or her goals is to find ways to tie those goals into the goals of other departments within the organisation.

coverage of an area, could also be used in conjunction with video analytics to track eye movement to determine which parts of an advertising campaign are drawing the viewer’s attention. Alternatively, security might also be able to help marketing more accurately focus their efforts to increase returns by using CCTV to gather information about demographics. This might include information about how many men versus women are in the building at a given time of day, or whether certain age groups are more prevalent within the property at certain times of day and so on. Modern security systems can gather extraordinary amounts of data. What can be done with that data is limited only by one’s ability to come up with new and useful ways in which to mine and use the data. During a recent interview, Microsoft Chief Security Officer Mike Howard disclosed how he secured funding to build three new Global Security Operations Centers (GSOC) by showing the sales department how these centres could be used as a sales tool. Howard now invites key clients from around the world to come and tour the Microsoft GSOC facilities with a view to demonstrating Microsoft’s point of difference, specifically, how secure the client’s sensitive data will be with Microsoft as opposed to its competitors. Since completion of the GSOCs, Howard has been able to show a demonstrable increase in yearly sales directly attributable to the activities and resources of the security department.

At the end of the day, the question must be asked – what does a corporate board really care about? Does the board really care that the company’s assets are now protected by a new state-of-the-art digital surveillance system? Or is it more interested in the fact that marketing has increased its return on investment by 20 percent in the last financial year? Is the board really impressed that its new facilities are protected by tier one access control systems? Or are they more interested in the fact that the revenue is up by 10 percent because they are seen as the safest airline in the world – in part because they are a much harder target than their competitors. A board’s first and foremost concern is the financial performance of the company. Put very simply, the board answers to shareholders. Shareholders invest in shares with a view to making financial returns. When the board can dispense dividends, shareholders are happy and the board has done its job. Bottom line, the board cares about investor confidence and making a profit because that is what they have been appointed to do. This begs the question, in the quest to gain the acceptance of the board and the C-Suite, and be seen as not only a profession, but also a business unit on equal standing with finance, sales, marketing and HR, is security really about security in the traditional sense, or is security merely a by-product of what happens in the quest to increase profits? It is arguable that security managers who still believe that their role is solely to protect people, property and assets while identifying, mitigating and managing risk are not only at odds with the thinking of the board and C-Suite, but are doing themselves and their profession a disservice in the process. Where those goals were once the metrics by which a security department was measured, perhaps today they are simply functions which form the basis upon which security managers should be building more profit-centric programs run in partnership with other departments? This paper was originally presented at the Australian Security Research Centre’s event Challenge Security Paradigms: Bursting The Assumptions Bubble, held in Canberra in march of this year. For more information on the ASRC and its future events please visit: www.asrc.com.au

SECURITY SOLUTIONS 069

LEGAL

Q&A Anna Richards

Workplace Bullying And Social Media Social media has become a ubiquitous part of modern society. In fact, rare are those who do not in some way engage with, communicate via or access social media either in their private lives or as part of their work duties. However, this new and somewhat omnipresent form of social interaction, whilst providing a range of benefits, can have some very negative outcomes when it is abused or used incorrectly. Of late, there have been a number of cases in which employees have alleged that they have been the victims of workplace bullying which has occurred via social media. This raises important questions around how vulnerable businesses are regarding the conduct of employees and the use of social media. Is the business liable or responsible if one employee abuses another employee via social media in their own personal time? Readers might be surprised by the answer. What is Workplace Bullying? What sort of conduct could amount to workplace bullying? The two most important sections of the relevant legislation, the Fair Work Act (Cth) 2009 (the Act) are set out below. The first section defines who is capable of asking the Fair Work Commission (the Commission) to intervene by making orders which regulate the conduct of the person alleged to be engaging in workplace bullying. Section 789FC (1) says, “A worker who reasonably believes he or she has been bullied at work may apply to the Commission for an Order under section 789FF of the Act.” The second is section 789FD which deals with when a worker is bullied at work. It states: “(1) A worker is bullied at work if: (a) while the worker is at work in a constitutionally covered business [which includes a business operated principally in Australia] an individual or a group of individuals repeatedly behaves unreasonably towards the worker or group of workers of which the worker is a member; and

070 SECURITY SOLUTIONS

(b) that behavior creates a risk to health and safety. (2) To avoid doubt, subsection (1) does not apply to reasonable management carried out in a reasonable manner.” What Should an Employer do? What an employer should do in order to protect itself will depend on whether or not the employer permits employees to access and use social media whilst they are carrying out work duties or duties regarded as being at work. Access and Use Prohibited If an employer chooses to prohibit employees from using and accessing social media platforms, then the answer is a little more simple. Effectively, the employer should have a clear written policy that is provided to all workers stating that they are effectively prohibited from accessing or using social media whilst at work or whilst carrying out any work duties. Further, they should retain evidence of having provided each worker with that policy and have the workers sign a written acknowledgement of having read and understood the policy. Obviously, the employer would need to provide the worker with sufficient time to read the policy. Ideally, the employer should establish a chain of evidence that the worker read and understood the terms of the policy. This could be done by emailing the policy and then requiring the worker to email a signed acknowledgement back to the employer. Both of these documents (including the policy attached to the email) should be retained by the employer. Access and Use Allowed The second situation, where an employer permits workers to access social media, is probably the most common situation in workplaces in Australia. The answer to the question of how such an employer should protect itself from claims is much more complicated.

The Scope of the Definition of Workplace Bullying What are the limits regarding where and when the bullying conduct takes place? For instance, does the conduct need to occur during usual work hours or at a work site? The relevant part of the legislation states, “A worker is bullied at work if, while the worker is at work… an individual or group of individuals repeatedly behaves unreasonably towards the worker or group of workers… and that behaviour creates a risk to health and safety.” The big hurdle then becomes what sort of conduct constitutes being bullied ‘at work’. More particularly, what does ‘at work’ mean? The Meaning of ‘At Work’ Readers may think that in most cases it is easy to establish that the offending conduct occurred “while the worker is at work”; most commonly, where a worker makes a remark about another worker on social media during normal working hours and at the workplace of the employer. However, most readers would probably be shocked at the broad scope of where and when the offending conduct can occur. As a result of a 2014 Commission case (Bowkers and Others v DP World), it is possible for workplace bullying to occur: • when the offending social media remark is made by a worker (the perpetrator) on a social media platform in his own private life; that is, outside of work hours, whilst the perpetrator is not carrying out any work functions and even where the perpetrator is using his own computer or phone to make the remarks; and • when the bullied person (the complainant) is exposed to the remark (on a social media platform) when carrying out work duties or even when on a normal work break, regardless of where that work or work break is taken; that is, if that worker is permitted to work away from a work office or work site, it is possible for the bullying to take place if that complainant accesses the remarks and is

LEGAL

Q&A

exposed to them even if on a work break whilst working from home. Readers might quite reasonably ask how far the scope of “being at work” is going to increase and encroach upon private time and private locations. The Commission acknowledged this in the 2014 case referred to above. A couple of scenarios which it discussed where it might not be clear-cut as to whether a worker was ‘at work’ include: • where a worker receives a phone call from a supervisor about work-related matters whilst the worker is at home and at a time outside the worker’s usual work hours. • where a series of Facebook posts are made about a worker when the worker is not at work and the worker later accesses the comments when he or she is in the workplace. The Commission made it clear that it may find that workplace bullying had occurred in both cases, though its actual decision would depend on the particular facts of each separate case. What is not Workplace Bullying? One thing that appears clear from the 2014 Commission case referred to above is that, unless the worker accessed the social media comments whilst he or she was at work (and hence, either in the workplace carrying out work duties [including during work breaks] or at some other time while engaged in activity permitted by the employer) then it would probably find that there was no workplace bullying and hence would not be able to make an order regulating the conduct of the alleged perpetrator. That is, it would not be able to order that the perpetrator of the conduct alleged to be workplace bullying stop engaging in that behaviour. Employer Protection The employer should develop a social media policy with full explanations of what conduct is permitted and prohibited in the digital space. Further, such policies should provide:

The employer should develop a social media policy with full explanations of what conduct is permitted and prohibited in the digital space. • an explanation that workplace bullying can extend to conduct that occurs during that person’s private life; that is, conduct that occurs outside of working hours and whilst the worker is not carrying out any work duties. • an explanation that workplace bullying can extend to comments of a worker (such as Facebook posts or tweets) made during that person’s private life, if read or accessible by a worker whilst working, whether working from a workplace or when carrying out work duties from home or any other place. Obviously, the employer should follow the same steps as outlined above regarding being able to prove that each worker was provided with the policy, read and understood the policy, and acknowledged having done so. What does this mean in practice? A worker will be regarded as being ‘at work’ where he or she is: • in the office, factory, shop, warehouse, work site; • on a lunchbreak or other routine work- related break; • travelling between work sites. A worker will not be ‘at work’ when he or she is: • at home or elsewhere other than a usual workplace and not performing work-related duties; • socialising after work at a social venue.

A worker will be bullied at work if he or she reads a remark on social media whilst he or she is performing work duties, even if the remark was posted in private time and from a private location. It is likely that a worker will not be bullied at work if he or she reads the negative remark on a social media platform whilst at home or another non-work related venue and at a time outside his or her working hours and whilst he or she is not carrying out work-related duties. Why is this so important? It is extremely important to adopt the sort of policies described above because there are severe consequences of workplace bullying, which may include: • the development of a hostile working environment • high rates of absenteeism of workers • reduced efficiency of workers because of the adverse effect on their mental health • damage to the health of those involved • the substantial impost of incurring significant legal costs of defending claims • adverse costs orders where the claim is made out by the worker. Anna Richards is the Legal Director and a lawyer from Victorian Legal Solutions Pty Ltd and practices in the areas of Commercial Law including Commercial litigation and other areas. Anna Richards and Victorian Legal Solutions can be contacted on: (03) 9872 4381 or 0419 229 142.

Whilst every effort has been taken to ensure its accuracy, the information contained in this article is intended to be used as a general guide only and should not be interpreted to take as being specific advice, legal or otherwise. The reader should seek professional advice from a suitably qualified practitioner before relying upon any of the information contained herein. This article and the opinions contained in it represent the opinions of the author and do not necessarily represent the views or opinions of Interactive Media Solutions Pty Ltd or any advertiser or other contributor to Security Solutions Magazine.

SECURITY SOLUTIONS 071

LOSS PREVENTION

072

Retail Loss Prevention On A Budget: The Power Of Staff Networking

By Darren Egan For small to medium and possibly even a large retail business, is it possible to operate a wide-ranging loss prevention program which consistently delivers company best results, under a very limited loss prevention budget? The answer is a resounding yes! To set about achieving the above, it is first necessary to look at the setting up stage and what the retail business should consider in order to get off to the best possible start: • needs of the business – in which areas and what savings are expected? • suitable candidate – what type of person is going to fit the bill? • the level of support the business is willing to offer loss prevention to achieve the potential bottom line wastage savings on offer. Anyone who has worked in retail for a length of time will understand the following concept; in order to stay commercially viable, a typical retail business must sell relatively huge volumes of merchandise to reap a fractionally smaller

profit – that is after all business operating costs (such as wages, rent and the cost of stock to name a few) have been paid for. Lurking within every retail operating cost structure is wastage. Wastage, or shrinkage, if not effectively curtailed, can erode and ultimately cancel out a retailer’s bottom line profit. The most common form of wastage is stock loss; however, wastage comes in many forms and occurs across all levels of a retail business. On the flipside, the potential for converting wastage savings into bottom line profit is an option few retailing businesses can afford to ignore. An important question is: What is a bricks and mortar retailer’s most important resource and, by extension, its greatest asset? The answer, of course, is its staff. Indeed, the combination of staff, in conjunction with networking, can prove an irresistible force against wastage. All that is needed to bring these two elements together is a suitably experienced loss prevention professional who is able to demonstrate the following skill sets.

COMMUNICATE

INVESTIGATE

ANALYSE

073

LOSS PREVENTION

Indeed, the combination of staff, in conjunction with networking, can prove an irresistible force against wastage.

Thinking about loss prevention in the past conjures the image of a physical security guard towering over a flock of staff who (apparently) have little or no comprehension about wastage or how to prevent it. Thank goodness that perception is changing! Fast forward to the present and the picture involves the same team of staff, only now each staff member has the confidence and ability to handle waste management in their particular roles. More importantly, there is no physical security to be seen anywhere. So, how does networking make the difference in waste management? • By investigating the root cause of waste (do not guess!) and through developing initiatives/ processes designed to highlight, manage and finally reduce the wastage. • By analysing data, converting results into factual tables and compliance reports, tracking historical data, providing routine feedback to key stakeholders. • By communicating loss prevention across all levels of the business (from floor staff to general manager if possible) and ensuring that ALL staff are aware of waste management issues. • Wherever possible maintain a positive and thoroughly supportive attitude! The benefits of waste management through networking include: • over time, staff and management assume responsibility and accountability for company waste • identifies key company talent • the bottom line waste savings available will far outweigh costs associated with the loss prevention function. Example 1: How do I reduce the impact of shoplifting on my retail business without hiring more staff or expensive external security? Solution: When existing staff are well coached and supported, the opportunity to impact

074

shoplifting is huge. Changing culture and staff attitude towards shop theft hinges on several factors, the biggest being the sales team’s willingness to confront the problem. Although it is the manager who must assume responsibility for wastage, including theft, more often than not it is the sales team who should be encouraged to take ownership of the issue. The positive is that within every sales team there is at least one person (other than the manager) who is ready to step up and take ownership of external theft. Once this person is identified, it then becomes a relatively simple task of coaching the staff member through a selection of easyto-follow processes, all specifically designed to deter shop theft. Once the staff member has gained a measure of confidence in the process, the loss prevention message can then be spread throughout the entire sales team (often the original staff member will do this without being prompted). Progress can be measured (to a point) through the company stocktake cycle. However, what the loss prevention professional ultimately strives for is a consistent result. Indeed, consistency can and should be viewed as a measuring tool in its own right. Consider, for example, a multi-site retail business operating 20 stand-alone stores. Aside from reducing stock loss, it is critically important to close the stock loss gap between the best and worst performing stores (for comparison, think of a marksman’s grouping – the tighter the grouping the more accurate the shooter). Over time, closing the gap becomes an indicator for consistency, providing clear evidence that the company’s loss prevention initiatives are working effectively. Alternatively, if store stock loss results are ranging wildly from stocktake to stocktake, this can be an indicator that there is something seriously amiss with the company’s stock loss methodology and that a closer look at the issue is warranted.

Example 2: How do I reduce register variances? Solution: Register variances should be placed under the heading of ‘controllable’ wastage, simply because once counted, a register will either balance or it will not. This also illustrates the key pressure point when controlling register variances. Where the temptation is to focus on the dollar variance amount (which is variable), the true controlling pressure point lies in the variance itself. Focusing on the number of variances as opposed to the dollar amount goes to the root cause of the problem (usually staff training). Just as important, once a company’s register variances begin to improve, there will be a similar improvement flow-on to the amount of dollars being lost to the business. Finally, at the top of the article there was a pointed reference made to the level of support a retail business would be willing to offer a future loss prevention candidate. The greatest thing a company can offer its appointed loss prevention representative is support and an open mind. Loss prevention, as a resource, works most effectively when it is communicated directly to the employee. When people are forced to jump through hoops to gain access to a resource, the outcome can be frustrating and the results spurious at best. However, if that same resource is brought to the coal face, the response can be totally opposite, producing amazing results. Although still not widely practised, it is this writer’s view that the future of loss prevention lies in the collaborative approach, where loss prevention strategies and waste management principles are rolled out directly to staff in a positive, non-threatening manner, ensuring that the loss prevention function is not only cost effective but also truly integrated.

Darren Egan has 15 years of experience in the loss prevention field and is the Loss Prevention Manager for the Star Retail Group.

MULTIPLE CAPABILITIES SUPERIOR SOLUTION

Volvo Group Governmental Sales Oceania

IN HOSTILE ENVIRONMENTS, ITâ&#x20AC;&#x2122;S IMPORTANT THE SYSTEMS THAT YOU DEPEND ON CAN

STAND THE TEST OF TIME.

At Volvo Group Governmental Sales Oceania, our core business is the manufacturing, delivery and the support of an unparalleled range of military and security vehicle platforms; a range of platforms that are backed by an experienced, reliable and global network with over one hundred years of experience

superior solutions, providing exceptional protected mobility SECURITY SOLUTIONS 075 www.governmentalsalesoceania.com

FEATURE ARTICLE

076 SECURITY SOLUTIONS

You Have Been Warned SECURITY SOLUTIONS 077

FEATURE ARTICLE

By Don Williams Paris, Brussels, Sydney, Boston and Parramatta all provide examples of where local businesses were caught up in bombings or shootings. No one can claim that they were not aware of the risk or that “it cannot happen here”. That said, it is clearly time to find and dust off the crisis management plan (CMP). The CMP is not the emergency plan that a predecessor or neighbour paid the lowest price for some years ago that tells how to evacuate in case of a high rise fire; the plan that is full of ‘warden makes wise decision here’ statements and is almost identical to that of most of the surrounding buildings and businesses, regardless of function, design or tenants. The CMP, or whatever name it was given, is the plan that helps managers think their way through a problem. This is the plan which focuses on what the business does, and the image that it wishes to portray in a crisis (not a fire or bomb threat). It is the plan that recognises that the business has a responsibility to its staff, the stakeholders and even to the wider community. The CMP acknowledges that during a crisis there will be a lot of conflicting demands, there will be a degree of chaos, information will be sparse and sometimes contradictory, and that managers will have to make the initial decisions in limited time with limited information. The CMP will have considered what the legal and moral responsibilities are, what the main drivers are to keep the business alive, as well as keeping the staff and others on site alive and safe. The CMP will have considered what in-house and external resources may be available and which ones may be cut off during the crisis. The main focus of the CMP, however, will be to provide the relevant on-site managers with the initial tools to do the best they can under trying circumstances. That is why CMPs are drafted during quiet times, when effort can be put into developing clear and simple guidance. The guidance will differ from site to site; in some cases it will reflect how to protect the corporate headquarters, in others it may be to inform the shift manager of the local coffee shop of his options.

078 SECURITY SOLUTIONS

The main focus of the crisis management plan, however, will be to provide the relevant on-site managers with the initial tools to do the best they can under trying circumstances. If the incident is something like a fire in the building, then the emergency plan is initiated and the chief warden takes over, until everyone is outside and then corporate communication, business continuity, staff comfort and other issues need to be addressed. The CMP brings all the plans together and makes sure they are compatible and consistent. The CMP also helps the managers decide if the emergency plan actions are the most appropriate for the incident. If there is no immediate threat to life, then evacuation may not be the best idea. If the hazard is external, then sheltering in place and locking down the entrances may be a better solution. Which begs the question, do the emergency plans adequately address ‘shelter in place’ procedures, capability, building structure, control over doors, and so on? If the decision is made to lock down the building because of a bombing or shooting outside, what about those people trying to get in to find shelter and to get away from the shooter? Will they be let in? What if the shooter or another bomber comes with them? Can those people be left out there? Where does the priority lie, where is the duty of care? If staff are caught up in the incident, do the managers know the corporate human resources (HR) plans and contacts? Do they know how to contact the police and other emergency services and what information the services will need, particularly if it is a hostage situation? A CMP should assist managers to understand what is happening and how they can influence events. It may help them suggest to the emergency services that having staff locked down in a building opposite the incident for hours is not the best idea, especially when they can be extricated

safely from a rear entrance, thereby removing a few thousand people from the incident. Or, if the police are insistent that everyone must stay put, to decide how to feed, water and look after the staff and others now trapped inside. A CMP may also help managers consider how they will help staff if the buses and trains are out of service, or perhaps to decide that this is not a problem for the business. If there is a childcare centre on site, as well as considering if it is adequately addressed in the emergency plans, it will add other factors such as how to look after the children for an extended period, and how to deal with parents that cannot get to the building or who cannot leave. Where a CMP fits in the hierarchy of documents can be discussed over many a long coffee: is it superior to the emergency, security and business continuity plans (BCP); is it only the communications element of the BCP (a somewhat limited view that assumes the only crises are related to image protection); is it off to the side providing an overview of the incident; can the CMP considerations be built into the emergency plan; how does it relate to security planning? If the CMP fits within the corporate structure and helps bring together the other plans in a cohesive manner, it probably does not matter too much. As long as there is some document and associated training providing managers with the tools to think their way through the problem. The relationship between a crisis and an emergency needs to be considered. An emergency, according to AS3745 is, “An event that arises internally, or from external sources, which may adversely affect the occupants or visitors in a facility, and which requires an immediate response” and that the emergency

plan “provide(s) for the safety of occupants… leading up to and during the evacuation.” A crisis is more than this; it addresses the wider picture. There may not be a life-threatening incident, it may be a business continuity issue, a security problem, a societal or health problem, but it is one that affects the business. AS3745 also states that “the emergency plan… may form part of a higher level emergency management or disaster management plan.” A crisis will probably be beyond the capability of any one person, be it the chief warden, security, HR, facility, environmental, legal, media or other manager. Resources from a number of business units will be needed and probably a crisis management team will be formed, unless of course there is only one manager in the coffee shop. At any site, from the corporate headquarters to the small coffee shop, a crisis will be outside the normal scope of operations. Any guidance will be of value as to what is expected, where the priorities lie, what resources are available, and what immediate and longer term considerations should be thought about.

The CMP should not be a long and complex document, rather it should provide key thinking points, list the other plans and show how they can/should work together, highlight some of the resources available and, most importantly, explain what the underlying expectations are in terms of protection of life and other assets, protection of reputation and corporate image and in keeping the business operating. The CMP should not be a checklist, but rather a series of thought joggers to help the manager or team think through all the aspects of the crisis, both short-and long-term. Issues that might be considered include: • Have families been contacted – check with HR? • Who is the police/emergency services point of contact for this incident? • How is staff transport or accommodation to be paid for – check with finance or the BCP? • Images of the incident taken from the building are already on social media – what is the company’s liability, can this be controlled, is there a policy – check with legal and media communications?

• If the manager cannot get advice because the landlines and the mobile phone networks are down, what are the key responsibilities, priorities and messages? • How can it be determined if this is an emergency that can be adequately addressed through the emergency plan or if it is a crisis with greater ramifications? Getting the people out of the building (or locking them in) is only part of the picture. How each business will make the bigger and often harder decisions will depend on what is in the CMP (or equivalent) and what training the local manager had. The crisis will occur and everyone has been warned. Time to find and dust off the CMP and see what it says.

A crisis will probably be beyond the capability of any one person... Resources from a number of business units will be needed and probably a crisis management team will be formed. Don Williams CPP RSecP has provided managerial advice on security and strategic security analysis for 30 years. Don can be contacted at: donwilliams@dswconsulting.com.au

Pho tog raph: Naz

Photograph : Roman Yanushevsk y / Shutterstock.com

ar Fur yk/ Shu tter

stock.com

SECURITY SOLUTIONS 079

AVIATION ALARMSSECURITY

080 SECURITY SOLUTIONS

Think Inside The Box, Differently By Steve Lawson Following the 22 March attacks in Brussels, I listened, like many, to the news and the various commentators to learn as much as I could about what went wrong, what went right and what could be done better. It was not long before I started to become more than a little frustrated by comments made by many people who apparently think they know about aviation security. One of the most frustrating themes was that (physically) Australian airports are not as vulnerable as Brussels. Rubbish! I listened to two stars on TV lamenting that it was pitiful that the baggage managed to get into the departure hall without being examined. Guess what – baggage is not screened until it is either checked in and goes through checked baggage screening or it is put through the passenger screening point as carry-on baggage. My next favourite comment was that people should be screened into the terminal. Sure, that would mean an inordinate amount of inconvenience to passengers and spending large amounts of money to develop the infrastructure, and all that would be achieved is to concentrate victims into a more convenient place for the terrorist. Then, these people were known to police, how did they get into the airport? Known to police and being on a watch list are two different things. Even known to police is not really the same as having a criminal record. These people were, apparently, on a United States watch list, but not on one in Belgium (which is another conversation, as is the use of intelligence). However, these people had not checked in. They were in a public part of the airport, no different to a local shopping centre. Are people screened into the local shopping

centre or refused entry if they are known to police or have a criminal record? Before readers say that airports are different, according to the University of Maryland, transport accounted for about 5.2 percent of terrorist incidents between 1970 and 2014, and airports were 6.4 percent of transport incidents. Buses and trains accounted for about 61 percent. Should everyone be screened onto a bus or people with criminal records be stopped from using public transport? It is assumed the answer is no. So, the question is what can be done to improve airport security within Australia? To be blunt, not much. Aviation security in Australia is amongst the best in the world. There are some improvements that may have made attacks such as Brussels more difficult, but not by much. An effective measure is a more extensive use of profiling and while some commentators suggested the introduction of an Israeli-style aviation security system (of which I am a great fan), it must be remembered that Israel really only has a single airport of note, that 97.5 percent of Israeli security is paid for by the government, and that Qantas Link carries more passengers than El Al. For implementation in Australia, Israeli security is cost prohibitive and the adverse impact on aviation would be significant. But consider Israel in relation to Brussels. Security starts before passengers arrive at the airport. The names of passengers are checked by authorities and profiled. As they drive into Ben Gurion Airport, they are stopped at a vehicle checkpoint by security personnel who do no more than ask reasonably pleasant questions, but they are checking passengers’ reaction to those questions. In short, people do not get into the terminal unless the authorities

are reasonably certain that they are not a threat. Security continues through the check-in and boarding process, and is heavily reliant on intelligence and profiling. Frustratingly, last year AvSec tried to put together a series of workshops looking at security profiling. One of the speakers was a former Head of Security for El Al and one of the principle developers of aviation profiling. There was a surprising lack of response, both from industry and government. So were there any interesting reactions to Brussels? As it happens, yes. Since 22 March, various airports have put in security measures, many just for show. For example, how is an armed soldier meant to prevent an attack such as Brussels other than to watch as a suicide bomber presses a button; it is too quick. But this type of reaction makes people feel safe and looks like something is being done. On the positive side, Dallas Forth Worth’s reaction has been innovative. Dallas police cars (like Australia’s) have cameras that read number plates and check against criminal databases. They placed police cars at the entry roads to airports to check each number plate as the vehicle enters the airport. It is not a perfect solution; it will not cover taxis, limousine services or loan cars and so on, but someone at least came up with an interesting solution that is a step beyond window dressing. As a short-term solution, number plate recognition is terrific, but what is really needed is facial recognition and, while many airports are introducing facial recognition systems, it can be very expensive. After 22 March, I was sent an article discussing a system developed by a major company for the US military. It uses a “high-speed, multi-resolution camera capable of capturing a facial image even at an angle”

SECURITY SOLUTIONS 081

AVIATION ALARMSSECURITY

Aviation security in Australia is amongst the best in the world. There are some improvements that may have made attacks such as Brussels more difficult, but not by much.

and “could be deployed on city streets or on the road to an airport”. Sounds great, but this is not a cheap system. What is needed is a system that is cost effective enough to be put into a local shopping centre but is on a par with or as close as possible to the “high-speed, multi-resolution camera” and allows a smartphone to be strapped to the vest of a soldier that will alarm if it ‘sees’ a suspect. Impossible? Probably not – it happens to have been developed in Australia. In January, I was briefed about a system first developed by a local university team and now being deployed commercially. The following example caught my imagination – it is not a practical use of the system, it is just an illustration of capability. If you place a smartphone with web access on the front window of a train approaching a station at 50km/h, and say there were three people every metre on the station standing in two rows facing the train. It can check all of the visible faces and, if they use their own photograph in their Facebook profile, match them… and give a result before the train has gone through the station. Better still, the system is designed to use low-quality cameras in less than optimal environments, which is a nice way to say crappy cameras in crappy places – the sort seen at local shopping centres or at the local train station in bad weather! After the briefing, I went away and thought about how airports could use such a system, and not just for security – identifying frequent flyers as they approach the check-in counter or airline lounge; an automated radio warning that a runway is clear when pilot-controlled lighting is activated; an airport perimeter protection system to rival a radar system; and even a surface movement control for smaller airports. Obviously, I also considered its use as a security system attached to the existing CCTV systems at airports, which leads me to Brussels.

082 SECURITY SOLUTIONS

Building on the Dallas Fort Worth idea, think of CCTV cameras of a standard found at local shopping centres, integrated into the existing CCTV system. Expand that CCTV system to include cameras attached to the ticket dispensers at airport carpark entries, taxi ranks, bus stops, even built into traffic light poles to enable a view into cars entering the airport – all attached to a system that is capable of using a smartphone on the front of a train. That would be an interesting layer of security and would move one level of security checks away from the terminal. Then think of the same system, using a smartphone or body camera, attached to the vest of security or police patrolling the terminal, even the person checking on parked cars outside the terminal; now it gets more interesting. Make it so cost effective that the local IGA, Coles or Woolworths can introduce it! Should current aviation security systems be changed or drastically altered because of Brussels? Absolutely not, unless those same changes are going to be made at the local shopping centre, train station or sporting arena! Are Australia’s airports vulnerable to the same type of attack as Brussels? Yes, and anyone who says that is not the case is being disingenuous. Things can be improved, but do not just think outside the box. People need to continue to think inside the box, differently. The guys in Dallas did.

Steve Lawson has over 20 years of experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on: 0404 685 103 or slawson@avsecconsulting.com

An effective measure is a more extensive use of profiling.

As a short-term solution, number plate recognition is terrific, but what is really needed is facial recognition.

Recognize and Analyze How often was he here this month?

Is he a known suspect?

How old is she?

Are they employees?

When, where did she enter?

Is this valued customer Mia Clark?

How many people are here? Is it too crowded in this area? See it in action at Security Expo in Melbourne, stand F42: FaceVACS-VideoScan C5 IP video camera combining face detection/tracking and camera technology in a single device

FaceVACS-VideoScan uses premier face recognition technology to detect and identify persons of interest while computing demographic and behavioral data, supporting security staff, marketing teams and operations management.

SECURITY SOLUTIONS 083

084

Token Behaviours By Jonathan Johnson

The Internet of Things (IoT) has stirred the imaginations of vastly diverse groups, from the C-level executives at the world’s largest corporations, to the engineers designing applications, to the component manufacturers trying to cram the ‘perfect’ feature/price balance into their latest silicone creation and to consumers, the most prolific source of most of the ‘big data’ outside the machine to machine (M2M) world. It generates vast quantities of data, has the potential to create large volumes of recurring revenues and to provide the material for mining valuable knowledge from the immense information resource gathered. But what impact will this have on the access control and security markets? Most people are aware that the uptake of bring your own device (BYOD) programs and the ever-growing presence of near field communication (NFC) in cellular devices has changed the credential practices of many organisations in the enterprise sector. Bluetooth entry systems have also been around for quite a few years now in the lower security residential markets. In some ways, these have taken away some of the lack of choice of credentialing for many users, adding in biometrics – fingerprints, hand geometry, iris recognition, vein pattern recognition, facial recognition to a lesser degree, and others. They have all opened up options for those with a need to control access to resources using machine verifiable means; however, what about going beyond this? Many people have radio-frequency identification (RFID) and biometricprofile verified passports, but what further path might this take? The following explores some concepts and applications of technology that may disturb some of the more paranoid people amongst the community; those with foil hats in the drawer may want to dig them out and strap themselves in! Size Matters Many people mistakenly associate the IoT exclusively with M2M events and communications, but this is not reality. Any device that can generate, consume, or analyse data can and likely is already a part of the IoT world, and many of these devices only need transitory connection to the greater hive of devices to contribute.

Smartphones are one of the most common items carried by pretty much anyone involved in business and many consumers as well. With in excess of two billion smartphone users estimated to be active by 2016 and with uptake accelerating year on year, it is one of the growth sectors contributing to the IoT ecosystem; but it does not stop there. Wearables are becoming increasingly common and everything from cars to light fixtures are coming online with some embedded intelligence. No matter how seemingly inconsequential, the number of devices becomes truly staggering. A common figure projected is 50 billion devices online by 2020, not counting industry and city-wide applications. Secrets and Lies Most credentials are based upon something that is not readily replicable. In most cases, this is a secret of sorts, be it a data sequence in a physical token, a code or password that users enter, or a physical trait on a person. These are all things that are considered difficult for outsiders to replicate because they have limited knowledge of the secret, be it code digits or the edges of a person’s fingerprint. It is postured that the next move for credentials to control access to resources and facilities will likely follow in line with the ‘something you have’ principle, rather than the path of biometric analysis and ‘something you are’ or ‘something you know’ knowledgebased secret. The obvious path of implant-

SECURITY SOLUTIONS 085

based credentials or skin-applied barcodes, whilst popular in many film scenarios set in the future, has the vast majority of the population cringing at the thought of it. Short of forcibly implanting the populace with an RFID device, there is very little chance this will eventuate into the populace encompassing practice envisioned in Hollywood. The old faithful access card is well entrenched and provides a means of linking a recognisable identifying marker (photo) with a machine readable and verifiable secure token. Usually, the wide publication of easily broken or broad copying of these credentials is what sounds the death knell of a credential technology, at least at the deployment level. Yet, even the most secure card protocols are still vulnerable to human nature when used as the only verification method. As an additional factor in broad, generic use of card-based identity systems, there has always been a stigma in certain groups about being issued a credential. In years past, there was outcry over centrally managed and issued unified identification cards for citizens. Fear not, that is not where the path lay! No one needs a card for this to occur; the ‘establishment’ does not need to DNA sample a person to enable identification. Tomorrow’s Next Big Gadget…You! Many people are now aware of and understand the value of data gathered from the users of many of these devices – the ‘Freemium’ gaming industry being well and truly on top of monetising interactions and certain addictive human traits – but what are the others? Card readers are by far the most commonly used devices for granting access and people are aware of their direct, conscious interaction with them. However, surveillance devices are pervasive in today’s world, be it a surveillance camera, a dash cam, traffic cameras or camera phones, and most people will be recorded, on average, over 70 times a day. This may increase if a person’s employment takes him anywhere considered to have a higher risk profile. The data from these video surveillance devices is often missed in the IoT analysis. The implementation of Intelligent Video Analytics (IVA), facial recognition engines, gait analysis, audio analysis and more has created a ‘virtual layer’ of devices that do not in themselves exist

086

but parasitically reside on top of others, using whatever physical resources may be available to gather data about what is going on in the physical world around them. This is very much akin to providing game developers valuable data through apps, only it is embedded deeper and is visible to a relative few instead of the tens of millions of people knowingly using them. Whether most people are aware of it or not, at various times in their daily life they will likely be captured, analysed and have data extracted about just what quantifies ‘you’. This dataset may be limited in many regards today, but in a very short time, the rich source of data that is a person’s daily life will be able to be compiled into an ever-growing array of patterns, a digital fingerprint of sorts that will be capable of allocating a percentage probability of his identity based upon different subsets of data that has been gathered – the what of you, the how of you, the when and even the who with regard to how you interact with others, the time it takes you to perform certain tasks, the route you take between rooms or destinations, the approximate times of day you interact with your environment in certain ways. They all leverage the IoT to gather a vast amount of data. This data is most often used to improve a person’s life or make it easier, increase energy efficiencies, or reduce costs of achieving certain tasks, but in a large enough sample, it can be used to predict many behaviours and define the differences between individuals. A person may ask, how could it know you are you… ‘Robert Smith’ at your particular home

address? It does not have to. It simply needs to know ‘you’ are database entry ‘kz5pw934’, the same person it identified at 37 previous interactions earlier today, or this week, or however long the fingerprint was identified, to be able to use it to expand and enhance the dataset. Familiarity in Chaos This can be compared to the very human trait of getting to know a person’s behaviour and habits. People get to know and anticipate what a person will have a high likelihood of doing next; they may even be able to recognise someone by these behaviours if they were to look completely different. However, thanks to the IoT, this is done by a cluster of computing engines and interlinking communications paths, instead of a human mind becoming familiar with the person. This level of technology cooperation may not only provide society with greater flexibility and more secure security credentials, it will very likely enable a significantly safer world, where terrorists will not only need to procure a new credential, they will need to change everything about themselves in order to hide. Jonathan Johnson has nearly 20 years’ experience in security and related technologies. Starting at the technical level, he has experience in hands-on and consulting roles across the spectrum up to board level. He is currently Regional Sales Manager in the Oceania Region for Senstar Corporation and APAC Cyber Security Products Lead.

ViDiLabs Calc

CCTV and Video specific iOS application ViDiLabs calc is an Australian designed iOS App that gives you the best choice of camera, lens and exposure setup for your IP CCTV/Video system. Perfect for installers, integrators, consultants, manufacturers and end-users. The ViDiLabs calc can be used by film makers, photographers, cinematographers, and anybody using digital cameras. ViDiLabs calc is an irreplaceable tool for finding: - Horizontal and Vertical Fields of View (HFOV and VFOV) - a focal length lens to see required scene width and height - Pixel Density for any given sensor, senso lens and distance - a required lens for any given sensor to achieve Face Identification, Recognition and Inspection quality - the best exposure to minimise the appearance of Motion blur due to moving objects - the required storage capacity to achieve certain days, weeks or months of recording - the required number of hard disks for any RAID or JBOD configuration - the approximate visual quality for a chosen video or image compression Search under ViDiLabs Calc on iTunes App store, or check www.vidilabs.com

SECURITY SOLUTIONS 087

PROFESSIONAL DEVELOPMENT

088 SECURITY SOLUTIONS

The Truth Of A Lie By Lizz Corbett I was sitting in my favourite cafe when I noticed a small magazine with a number of topical articles, along with advertising featuring local businesses. On the front cover there was a bold heading that read, “How to detect lies, the easy way”. I thought, “Great! I have been studying and teaching this topic for over 14 years and now, somewhere in this little gem of a magazine, the easy way of spotting a liar will be revealed.” So I flicked through to find the article that would uncover this foolproof method my research had missed. There, the author revealed his secret – a liar always averts his or her gaze. He claimed that if someone is answering a direct question and looks away when answering, it is a surefire, reliable sign the person is not being truthful. Suffice to say, I was disappointed that the conclusion reached by the author was, in fact, less than definitive. It is true that a person who is under stress and telling a lie may well find it difficult to look someone in the eye as he delivers that lie. But the reverse can also be true. In fact, only last year, I had a close friend tell me a significant lie and, whilst she delivered the words, she maintained a very solid gaze. It was almost as if she was evaluating whether or not I was ‘buying’ the lie. So, while eye contact and eye positioning is certainly something to be considered, unfortunately it is not the easy answer when spotting deception. Based on research, there is no telltale, sure-fire, absolutely reliable sign of lying. That one thing in a person’s demeanour or physiology which is always present when telling a lie and always absent when being is truthful is yet to be discovered. But that does not mean it is not sometimes possible to do far better than chance in discerning whether a person is lying or telling the truth. Many popular TV crime shows will have viewers believe that the best chance they have of spotting lies is through the use of a polygraph machine, also referred to as a lie detector. However, it would be more accurately described as a change monitor. Changes in heart rate, respiration and sweating on the palms or fingers are recorded when the subject responds with a yes or no answer to a series of questions that

have been explained before the test so that there will be no surprises. The hope is that the guilty person will show an increase in these measures of autonomic nervous system activity when asked a question relevant to the matter being investigated. The polygraph can be useful if there are crucial facts known only to police or investigators and the suspect. What is called a ‘guilty knowledge’ series of questions can then be asked. The person who knows the answer, presumably only the guilty person, is more likely to show an increase in autonomic physiology when the correct answer is mentioned. But this method is not perfect and, more often than not, information known only to the police and the suspect does not exist. In a more typical polygraph examination, the accuracy of the readings attained by the polygraph give the interviewer a more clear indication of a person’s truthfulness under questioning than one might obtain by chance. However, the chances of attaining false positives (an innocent person labelled guilty) and false negatives (a guilty person labelled innocent) are significant. Mistakes can be made and they can depend on the examiner, the individual examined, the questions asked and a variety of other factors. Putting aside measurement of physiology, many people believe they can identify lies from demeanour: what is said, how it is said, gaze direction, posture, gesture and/or facial expression. There are many false clues to deception in circulation, based upon conjecture, anecdote or imagination, all of which are endlessly repeated in the media. One of the most popular ideas, still taught in some areas, is that whether a person looks to the left or right when asked a question clearly distinguishes the liar from the truthful person. This is a fundamental tenet of what is called Neurolinguistic Programming (NLP). But tests carried out by expert Dr. Paul Ekman and his colleagues have shown this concept to be invalid, though some people still swear by it. Also worth taking into account is that lies are, of course, not all born of criminal motivations. There are many reasons why people lie. These

SECURITY SOLUTIONS 089

PROFESSIONAL DEVELOPMENT

include avoiding punishment, getting out of an awkward situation, helping another person, obtaining a reward which would not normally be possible (or not as easily accessible) without lying, lying just for the excitement of taking a risk of being caught and lying to control another person.

Based on research, there is no telltale, surefire, absolutely reliable sign of lying.

Similarly, there are a variety of reasons why lies succeed. Often, it is because the target simply does not care. Does the dinner party host scrutinise to see if the guests are truthful when they said they had a lovely evening? And often the person asking questions unwittingly colludes in being misled. Does the employer really want to find out he hired an embezzler any more than parents want to discover their children are using hard drugs or a spouse wants to learn he or she is being betrayed? Psychologically, people sometimes put off discovering bad news even if it will get worse later; at least they do not have to face it now. Yet there are times when people really do want to find the truth, no matter the cost. This is especially the case when working in a security role and being tasked with duties such as loss prevention, fraud investigation, crowd control and so on. Therefore, it must be asked, are there clues in a person’s demeanour which indicate that person is being dishonest? Not if the lie is trivial. “Sorry, I am on my way out the door” or “I cannot make it next week, babysitting problems” are not high-stakes lies. Lies may be more easily uncovered only when there is a lot to be gained or lost if the lie is discovered. In such a situation, unless the person is extremely well prepared and rehearsed, there are both cognitive and emotional signs that can be helpful in evaluating a person’s truthfulness. For example, there is

090 SECURITY SOLUTIONS

often an increase in hesitation and a decrease in the use of the hands to illustrate speech when someone is thinking hard about what they are saying as they say it. This could be creativity, inventiveness or fabrication. But if there is hesitation or a decrease in hand gestures, it is the job of the interviewer first to notice it and then to ask more to find out more. High-stakes lies may also generate emotions that do not fit or match what the person is saying. Fear of being caught, guilt about lying, or what Ekman calls ‘duping delight’, may leak in the face, body or voice and suggest the person is not being truthful. But these indicators need to be seen for what they are: red flags highlighting the need for further exploration. Discrepancies between what someone says and how he says it can arise for many reasons. Emotions do not divulge their source. In the Shakespeare play of the same name, Othello made the error of not recognising that the fear of being disbelieved can look the same as the fear of being caught in a lie; as a result, he convinced himself, wrongly, of Desdemona’s infidelity from her fear reactions.

Lies may be more easily uncovered only when there is a lot to be gained or lost if the lie is discovered. To avoid Othello’s error, it is necessary to investigate why a person may be showing an emotion that does not fit what he is saying. The most subtle signs of emotion sometimes present during a lie are by definition very small and can be restricted to a single region of the face. There may be a movement, barely noticeable, in the chin, lips, cheeks, lower or upper eyelids, or brows. When these slight movements, called subtle expressions, appear in this isolated way, they signal that an emotion is just beginning. The person showing the

Discrepancies between what someone says and how he says it can arise for many reasons. Emotions do not divulge their source.

expression may not yet be aware of feeling an emotion and it may not register in his consciousness for many more seconds. Subtle expressions and micro-expressions also may occur as ‘leakage’ – facial movements that escape deliberate attempts to conceal signs of what is actually being felt. While these can be hard to spot and are usually missed, once a person has learnt to read facial movements more effectively, it does get easier to spot them. Knowledge and awareness of behavioural and emotional skills can be used for more than just spotting liars. Managers can use these skills to be more in tune with employees and recognise problems before they become a concern. Negotiators can use them to get a better feel for a situation, knowing when to push and when to pull back. In fact, when building any type of professional relationship, increasing behavioural awareness can assist in connecting and influencing the direction of another person. For those people working in a role where reading behaviour is important and evaluating truthfulness and credibility matters, they should continue to develop their skills and awareness and they will begin to notice behaviour and signs that other people miss. Lizz Corbett is the Managing Director of Training Group International (TGI), an Australian-based training and consulting company delivering training in Australia and internationally. Visit traininggroup.com.au for more information.

SECURITY SOLUTIONS 091

FEATURE ARTICLE

092 SECURITY SOLUTIONS

Leadership in Security By Jason Brown

I have been privileged to have a number of leadership roles in security, both within government and private enterprise, but no matter what my role, there was always someone to report to and, as the ‘boss’, they generally held the leadership role. The best of these bosses allowed people to be leaders themselves by listening to and being guided by their advice. In this article, I touch on a few in my experience who demonstrate many of the characteristics of good leadership. Importantly the leaders of an organisation set the standards in the way they address its customers, stakeholders and, not least, their own people. I have seen a few examples of companies that really “walk the talk” for the values and culture of an organisation, including security, and noted the difference it makes to all staff. It should be an aspiration for all companies. In my current role of National Security Director in Thales, I report to the Chief Executive Officer, Chris Jenkins, and to the Security Committee of the Board of Directors, and it is here I see that aspiration working in reality. The Security Committee is chaired by Stephen Loosely and consists of the overall Chair of Thales in Australia and New Zealand, formerly Paul McClintock and now Belinda Hutchinson, and the CEO. It is an interesting experience reporting to people who are either smarter or more experienced (or both) than you. Importantly, it is an opportunity for me to observe leadership in action and to learn from it.

The first characteristic of leadership that they all share is strategic vision and understanding. They guide the organisation over the long-term, but also demonstrate the capacity to regularly identify immediate emerging issues of strategic importance. In this context, they demonstrate an acute sensitivity for identifying and moving to mitigate risks and seize opportunities. The second important characteristic is a willingness to recognise their own lack of experience and knowledge in some areas and they correct this by being willing to ask questions and listen to advice. In continuing to learn as a leader myself, it is the questions that they put to me, sometimes out of ‘left field’, that challenge me to be across the security brief and be willing to admit when I do not know things myself. They do, however, expect me to go and find out! The third characteristic is a willingness to participate in staff briefings and training activities. I remember vividly Paul McClintock’s timely intervention during a crisis management simulation when there were a few sceptical senior participants. He engaged directly with the attendees, providing some personal examples that absolutely reinforced the scenario, and his participation directly demonstrated the importance of the exercise. Similarly, Stephan Loosely actively engages with security events to provide advice, support and presentations, reinforcing the message to all that security is an important issue for

Thales and is fundamental to the Board’s considerations. He takes this role onto many public activities, such as Chair of the Australian Strategic Policy Institute. A fourth characteristic is a genuine care for the people of the company. All Security Committee members take a deep and abiding interest in the security for travellers program and expect immediate action to protect travellers at risk. This also translates through to a deep commitment to health and safety, and appropriate resourcing for security and safety functions reflects this. It is further reflected in the leadership support for the employment assistance program available to all staff. Just to show that this is not only the ‘soft stuff’ the Committee focuses on, the security outputs and my leadership is judged on how well I am meeting them. Some readers will recall a previous article on security metrics. These metrics grew out of what the CEO and Security Committee identified as important to them in understanding how security was making a contribution to the company. Therefore, another important element of leadership is being able to explain what you plan, what you have done, how effective it has been and if the results made the difference that the time and expenditure warranted. I have learnt a lot about security by being forced to test my own assumptions and attitudes in the face of Security Committee questions about these elements.

SECURITY SOLUTIONS 093

FEATURE ARTICLE

Many people learn by imitation and tend to emulate those who hold higher status, so the culture and, therefore, the success of an organisation depend very much on the observable behaviour of the organisation’s leaders. When leaders in an organisation fail to live up to the stated organisational ethics and values, it is not long until the rest of the employees also start to fail. The case of the Volkswagen (VW) diesel emissions scandal is a case in point. Roland L. Trope of Trope and Schramm LLP and Eugene K. Ressler of the US Military Academy Emeritus Faculty, in their article Mettle Fatigue – VW’s Single-Point-of-Failure Ethics draw out the consequences of a failure of ethics at the leadership level of VW. Trope and Ressler focused on four dysfunctional practices that took root at VW and provide the most plausible explanation for how VW engineers and officers could decide to engage in widespread, repeated dishonesty. They used the term ‘dysfunctional practices’ to denote a significant departure from good engineering, whether by engineers, their superiors up the chain of command, or their bosses at the company’s apex who started out as engineers. The common ingredient in each case was dishonesty. They derived four dysfunctional practices from an analysis of facts published in open sources. When set forth in a chronology, the causal relationships become discernible. The dysfunctional practices were: • senior officers’ insistence on the pursuit of infeasible objectives with no tolerance for failure • suppression of open communication, enforced by an intolerance for bad news and dissenting views • creation of software to cheat, rather than solve, engineering problems and protection of that software from disclosure as if it were a trade secret • departure from honesty in the chain of command and reckless disregard for the consequences. To directly quote the article: “German auto executives are reportedly ‘used to getting what they want’. Winterkorn’s management style was reportedly one of intolerance for bad news: ‘He does not like bad news. Before anyone reports to him, they make

094 SECURITY SOLUTIONS

sure they have good news.’ He reported to a chairman who boasted publicly that he would fire any engineering team that failed to achieve an objective. The 10 December 2015 interim report confirms this by acknowledging that change was necessary. According to VW’s new CEO Matthias Muller, ‘the future will be about more open discussions… and a willingness to allow mistakes if they are understood as an opportunity to learn.’” It is human nature not to want to get into trouble, so who would wish to stand up to Winterkorn given his statements? The reputational and financial damage to VW has already occurred and will continue for some time. It is also worthwhile to look at another failure of leadership in the BP response to the Deepwater Horizon oil spill, the largest marine disaster of all time. In reviewing the event, poor leadership came out as a significant factor that compounded the financial and reputational damage to BP. Daniel De Wolf and Mohamed Mejri in Crisis communication failures: The BP Case Study summarised: “Because of his arrogance, negligence, its famous statements and particularly being not prepared to a crisis, former BP CEO has significantly contributed to BP loss of reputation. Instead of assuming its responsibility and expressing its compassion towards the victims, the BP former CEO Tony Hayward – as the company spokesman, had a series of mistakes during this crisis. He initially downplayed the spill and minimized its severity considering that ‘its environmental impact would likely be very modest’ and that it is ‘relatively tiny’ in comparison with the big size of the ocean. He also told a news cameraman to ‘get out of there’, complained that he wanted his life back stating to reporter that ‘There is no one who wants this thing over more than I do, I would like my life back’, and went to watch his yacht race while oil spews into the Gulf. As a consequence, the former BP CEO has become the most hated man in the United States.” It is clear that under pressure, Hayward provided a list of characteristics that are not desirable in a leader. Moving away from the CEO level, work done at the Royal Melbourne Institute of Technology indicates that there are a number of common

behaviours recognised in an effective team leader at the helm of a productive team. In particular, an effective team leader displays the ability to: • communicate effectively – listen, consult, share and explain strategy (goals and objectives) and provide feedback • recognise the developmental requirements of team members – know his people, their capability and needs, delegate effectively and provide development opportunities • set goals and motivate the team to achieve them – ensure goals are achievable and aligned with strategy, monitor progress • provide enthusiastic and creative encouragement – recognition is a motivator and solving problems is rewarding • model acceptable behaviour – subordinates will respond or copy a leader’s behaviour, good or bad; as their primary role model at work, a leader’s behaviour must reinforce the values and ethics of the organisation. In summary, there are a range of positive behaviours that demonstrate good leadership and get results and there are clearly some bad ones that can lead to disaster. These will be examined in more detail in the next column, which will also introduce a leadership game that anyone can play.

Jason Brown is the National Security Director for Thales in Australia and New Zealand. He is responsible for security liaison with government, law enforcement and intelligence communities to develop cooperative arrangements to minimise risk to Thales and those in the community that it supports. He is also responsible for ensuring compliance with international and commonwealth requirements for national security and relevant federal and state laws. He has served on a number of senior boards and committees, including Chair of the Security Professionals Australasia; Deputy Registrar Security Professionals Registry – Australasia (SPR-A); Chair of the Steering Committee for the International Day of Recognition of Security Officers; member of ASIS International Standards and Guidelines Commission; Chair of Australian Standards Committee for Security and resilience.

WEâ&#x20AC;&#x2122;RE VIDEO HEADS

In a digital and fast paced world, video is an ever advancing asset to your arsenal. Whether youâ&#x20AC;&#x2122;re in need of a promotional, corporate or explainer video, a motion graphic or animation, IMS has you covered. Show the world what you can do, harness the power of video today.

www.interactivemediasolutions.com.au

Interactive Media 095 SECURITY SOLUTIONS Solutions

FEATURE ARTICLE

096 SECURITY SOLUTIONS

Access Control Expectations for 2016

SECURITY SOLUTIONS 097

FEATURE ARTICLE

By Blake Kozak

As physical and logical (IT) threats to corporations evolve, so must electronic access control. Additional deployments of logical and physical access control, mobile credentials, biometrics and cloud-based services are expected in 2016. To ensure success – and speed growth – access control companies need to keep pace with the ever-changing market environment. The global access control market grew 6.6 percent in 2015 and is expected to grow 7.2 percent in 2016. Global gross domestic product (GDP) is forecast to grow 2.6 percent, and total construction spending is increasing by 3.3 percent, which will have a positive impact on the access control market. Access control suppliers that grew the fastest in 2015 did not focus on only one segment of the total available market. Instead, these

electronic locks, biometrics also experienced strong growth in 2015. The global market for biometrics will grow by nine percent in 2016 – with double-digit growth expected in 2017. Although biometrics-enabled products have been available in the market for over a decade, only recently has growth been consistent enough to meet market expectations. Access control open standards, software and integration will also improve in 2016. Although open standards have been discussed for several years, progress has been slow. Many companies continue to deploy and promote their own forms of open standards and open application program interfaces, while the Physical Security Interoperability Alliance (PSIA), Open Network Video Interface Forum (ONVIF) and other industry groups work to bring the industry together.

Additional deployments of logical and physical access control, mobile credentials, biometrics and cloudbased services are expected in 2016. companies deployed IP-based solutions with remote, web-enabled features, while others expanded on existing customer contracts by adding wireless electronic locks. These types of solutions are scalable to any organisation, no matter its size. The industry’s strong growth is primarily due to the following factors: price, accuracy, aesthetics, and reduction in physical cards. Depending on a country’s privacy laws and the level of security required, biometrics offer card-free access control capabilities that can greatly reduce cost over time. In addition to web-based solutions with remote management functionality and wireless

098 SECURITY SOLUTIONS

Despite these efforts, the access control market remains mostly proprietary and is now one of the last of the security industry sectors to fully embrace open standards. For example, the intruder alarm market took big steps toward creating open standards in 2015, and 2016 will

prove to be even more exciting with the Z-Wave becoming UL certified in the fourth quarter of this year. Software and integrations will also be focal points in 2016, as suppliers look to differentiate themselves from competitors. Today’s customers expect access control to provide security beyond the door. Access control can be used to collect data on building efficiencies or joined with compliance standards to maintain a safe work environment. Access control software can also monitor anomalies in daily habits and schedules to detect potentially malicious behaviour that can cause network and computer downtime. Continued positive results are expected for the access control market for the remainder of the year as end-users look to protect their assets in an uncertain marketplace. Thanks to innovations and technology improvements, access control suppliers, integrators and dealers are well positioned to offer customised and turnkey solutions, with the opportunity for upselling and repeat business from electronic locks, mobile credentials and professional monitoring services. Blake Kozak is a principal analyst with the Security and Building Technologies group within IHS. Since joining IHS in 2008, he has authored market reports on intruder alarms, electronic physical access control, access control as a service (ACaaS), perimeter security and residential security. Blake is a regular voice in the industry, presenting at industry events around the world.

Access control open standards, software and integration will also improve in 2016.

Distributed IP Access Control: • User Management • Access Control • Door Management

Advanced Access Control: • Zone Management • Device Management • Template Management

Time and Aendance Features

• Monitor Aendance • Hours Worked Calculaon • Holiday, Leave & Shi miPass Access offer i ff key features that allow users to extend the system beyond convenonal access control systems. miPASS Access is BQT’s Biometric access control system based on IP connecvity and biometric security. BIO X/XK devices work not only as a reader for mulple types of credenals, but also as an intelligent controller removing the need for a tradional controller. miPass Access includes features that allow adminstrators to define me, shis, daily schedules and holidays. miPASS Access can administer employees to comply with “On Site” and “Off Site” procedures, restrict access to off-duty employess and generate aendance reports. miPASS Access Time and Aendance features also give admininistrators the ability to generate a variety of reports. Contact our distributors for further informaon or a demonstraon SECURITY SOLUTIONS 099

SECURITY STUFF C O N T E N T S

SPOTLIGHT

PROFILE

EZI 102

MAGNETIC AUTOMATION

AST

104

BQT

106

100 SECURITY SOLUTIONS

PRODUCT SHOWCASES

SHOP TALK

108

Centaman 112

ASIAL Awards 116

STid

109

INTREPID™ UniZone™

113

Hikvision Blazer Pro

AME

110

INTREPID™ Model 336

113

SecuSafe 118

P2WT

111

Seagate 8TB 3.5in HDD

114

Quantum 119

DrivePro Body 10

114

Elvox Video Intercom

118

119

SECURITY SOLUTIONS 101

IGH T SPO TL

Successful US Crash Test There is a well know axiom which states that in attempting to carry out an attack, terrorist only have to get it right once where as those looking to prevent a terrorist attack need to get it right every time. For those people responsible for designing security plans and systems specifically aimed at preventing attacks, the need to get it right every time is a heavy burden to bare. However, it is not the kind of burden one has to bare alone. With the right partner, and the right tools, what seems to be an insurmountable challenge can quickly become eminently achievable. For over twenty years, Ezi Security Systems have been designing, manufacturing and installing a comprehensive range of high quality perimeter security products covering both vehicle and pedestrian control requirements across a wide range of applications including both low and high risk sites. Their solutions have been installed in the harshest of environments the planet has to offer, and all with outstanding results. While Ezi Security Systems has a commitment to innovative design and quality products, they also understand the importance of easy and efficient after sales service. Ezi Security Systems fully service and maintain the products they sell to ensure that your critical infrastructure and personnel are safe and protected at all times. With a track record of proven results and constant innovation, Ezi Security Systems

102 SECURITY SOLUTIONS

products have been used in the protection of the most prestige and iconic man made marvels of the modern era, from the Burj Khalifa tower in Dubai to Australia’s very own Parliament House in Canberra. Building on a well established tradition of continual improvement and innovation, Ezi Security Systems recently announce that working in conjunction with their partners Perimeter Protection Group (PPG) the ‘Wedge II’ barrier solution has passed the vehicle impact test as per ASTM F2656/F2656M–15 with flying colours using a standard test truck (M) travelling at 50 mph. Their ‘Wedge II’ solution arrested the truck with negative penetration receiving an ASTM classification of M50/P1. “With its decreased installation depth and foundation footprint combined with the lowest foundation thickness in the world, the new ‘Wedge II’ reduces installation costs significantly and allows installation in areas where foundation depths are limited due to underground utilities. Supplied as a compact ready-to-install assembly unit, the ‘Wedge II’ can be installed very quickly and easily,” says Yvonne Kolatschek, Elkosta Product Manager for High Security products. The outstanding result of this vehicle impact test as well as the fact that it was executed on a wedge II with a blocking width of 2.0 meters puts Ezi Security Systems in a unique position.

The ‘Wedge II’ is • The first of its kind to be crash-tested as per the new ASTM F2656/F2656M–15 standard • The only product on the high security market which has successfully proven its impact resistance in compliance with all three major and internationally renowned standards: • PAS 68:2013 V/7500[N3]/80/90:0.0/20.7 (tested with 4 m blocking width) • IWA 14-1:2013 V/7200[N3C]/80/90:0.0 (tested with 4 m blocking width) • ASTM F2656/F2656M–15 M50/P1 (tested with 2 m blocking width) • The only solution of its kind outside the USA which has been crash-tested in minimum and maximum width configurations, thereby in turn validating the assumed impact resistance for all intermediate sizes! The test results can only be described as impressive, both by British and International standards. Clearly, Elkosta has once again raised the bar for high security products. In the types of high risk environments into which these sort of solutions are typically deployed, such as airports, military premises, jails, power plants, embassies and other such sensitive areas, only the most effective and proven solutions will do. The new Elkosta ‘Wedge II’ has undoubtedly secured

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

EZI

it position as a leading solution in the high security market due to its pioneering technical construction and proven results Compared to the previous model, the Wedge II features many technically innovations such as • State of the art foundation and reinforcement. • Offers high-energy efficiency due to employment of pressure spring pistons • Starting power and lifting power for raising of blocking element due to energy stored in pressure springs have been fully optimized as well. • Working oil volume was reduced due to single hydraulic cylinder. • Further improvements are: o The scale-downed versions of accumulator for EFO and RO3 function. o LED`s and a safety skirt are available as optional extras.

All Ezi Security System solutions are built to last and operate safely with a reliable over a thirty year (plus) product life span. Ezi Security Systems has one of the most extensive ranges of high to very high security gate products (HVB’s) on the market today. Furthermore, their expertise and experience gives them the ability and design and install solutions specifically tailored to secure any critical infrastructure or site of national importance. Ezi has an extensive range AVB and HVB Crash Certified products, such as the world famous TruckStopper, the renowned K12 Wedge, crash boom beams and crash rated static and automatic bollards. For anyone seeking high security vehicle and pedestrian access control

solutions designed to meet the requirements of the most secure sites, in the most harsh of environments, without compromising the aesthetics of the location, look no further than Ezi Security Systems. *All Ezi Security System AVB & HVB have been vigorously crash tested and certified to meet all ASTM and PAS 68 stipulations.

Contact Details: Troy Donnelly – 1300 558 304 sales@ezisecurity.com Address: 11 Cooper St Smithfield 2164 NSW Australia

SECURITY SOLUTIONS 103

FIND OUT MORE ABOUT US!

IGH T SPO TL

Morse Watchmen KeyWatcher Touch Every facility is safer with the addition of a key control and management system from Morse Watchmans. Physical keys continue to be mission-critical for every type of organization, and Morse Watchmans is dedicated to delivering the best solutions for managing, controlling, tracking and auditing all your keys. KeyWatcher Touch Systems are the access control solution for physical keys. Every key is accounted for at all times, with full tracking, reporting and alerts for your defined incidents. SmartKey™Locker Systems deliver the same level of accountability for small assets including weapons, cash trays and more. Key Anywhere saves time by allowing you to return a key to any KeyWatcher in your operation, while Key Find lets you locate which KeyWatcher a specific key is in, or determine who has it out. Keys available to a user can easily and quickly be called up on the screen. Key reservations and notes can now easily be entered on the screen. The unified KeyWatcher Site design allows a network of KeyWatcher Touch systems to share a single database, which can accommodate more than 14,000 keys and over 10,000 users. All control and management of the system, including programming, remote functions and reporting is managed via KeyWatcher TrueTouch software.

104 SECURITY SOLUTIONS

KeyWatcher Touch Features and Options: • Easily identify the correct keys • Return keys to any location • User interface controls various access devices • Alarm and access control integration capability • Built-in Ethernet. Modular, Scalable Design Lets You Customize Your KeyWatcher System From a single key management system to multiple cabinets holding hundreds of keys, it’s easy to expand KeyWatcher as your needs grow. Each additional unit can be controlled by a single console and monitored by the advanced software. KeyWatcher can hold keys of almost any size, including Folger Adam keys. Plus, the systems are capable of incorporating additional lockers for valuable items. Available modules include 16-key, 8-key, 6-key, card, and a variety of locker sizes. These key modules can be customized in a wide range of cabinet sizes. The flexibility that is available in the modular design enables sites to utilise all the accountability for not only keys but, laptops, mobile phones, IPad’s and so on.

Smart Keys The smarts behind the system is the Smart Key itself, designed to enable flexibility with return methods which include random return, this method enables smart keys to be returned to any open slot in the cabinet. The non-random return enforces the requirement for a Smart Key to be returned to the same location each time. Keys are secured to the Smartkeys which features an identification microchip and 1/8″ stainless steel locking ring for additional security and functionality. Smart Keys are available in a range of colours which enables administrators to easily differentiate areas of their business by the colour of the Smart Key. True Touch Software KeyWatcher TrueTouch software comprises the KeyWatcher TrueTouch client interface and the KeyWatcher Server for enhanced administration and control of the KeyWatcher Touch system. Key Inventory Software Features: • New access control-style interface. • Auto-sync for automatic updates of KeyWatcher systems as changes are made. • New “Profiles” feature for quicker, easier programming of users.

AST

• • •

Profiles to quickly assign users key and group permissions, access level, and many other settings. New, easier to read reports. All reports can be saved in PDF and CSV file formats. KeyWatcher TrueTouch client interface is designed to run all programming, remote functions and reports. Add users from a global list and all specific settings (added or modified) will be automatically synchronized across the system. Quick profiles can be assigned for improved user control. Administrative access levels are designed to allow reports only or alarms only in addition to the five system administration levels. Integration and High Level Interface’s The requirement for a number of industries is to provide a solution that has integration options and also provide operational efficiencies and Morse Watchmans continues to deliver; with integration to some of the world’s leading Access Control providers such as Honeywell ProWatch, Honeywell EBI, Lenel, Gallagher, Inner Range Integrity, and SMAG Symmetry the Morse Watchmans Touch enables administrators to reduce the demands of running both Access Control and KeyWatcher data bases by enabling this interfacing.

The Morse Watchmans range of solutions including the KeyWatcher Touch are available exclusively through Australian Security Technology. For more information please contact David Ishak, General Manager on 1300 539 928 or email him di@astpl.com.au

SECURITY SOLUTIONS 105

IGH T SPO TL

Reader and Card Security Considerations It should come as no surprise that not all access control systems are created equal. An Access Control System is made up of many elements, beginning with a panel which incorporates a feature set designed to facilitate proper verification and enrolment procedures. The panel should also enable continued credential maintenance procedures for the maintenance of both the approved credential lists and unauthorised credential lists. Perhaps the most important component of any access control system is the selection of smart reader and card technology. With so many different types of smart readers and card technologies available, it is often difficult to know what to choose. Which combination smart reader and card technology will minimise the chances of someone successfully presenting false credentials with a view to gaining access, or the ability to compromise communications within the system through hacking and cloning of authorised credentials and reader data? Choosing the right technology, one which has a level of security commensurate with your level of security risk, is vitally important. Proper risk analysis is the key to ensuring that the right Smart Reader choice is made. For example, some Smart Reader products, such as 125Khz prox or CSN/UID readers, offer no protection against hacking and cloning cards. Others readers are based on technology platforms that have, at some point, been compromised. However, the level of sophistication required to compromise the technology is sufficiently high enough that it does represent a threat to medium level security applications. Alternatively, new counter measures many have

106 SECURITY SOLUTIONS

been incorporated into the existing platform to insure that it once again provides sufficient protection for medium security applications. Then there are the high security smart reader and card systems which are designed using technology platforms that support higher encryption standards which are considered safe for protecting sensitive and classified data. As is the case with any security design, a balance must be struck between ease of maintenance and use and the degree of security provided based on the perceived level of risk. In the case of access control systems, the decision to implement a more user friendly, easier to maintain system often comes at a cost to the integrity of the system’s security, especially where reader technology is an ‘offthe-shelf’ solution chosen primarily because of factors such as how easily components can be purchased, maintained, replaced. The cheaper and more readily available the components of a system are, the lower the level of security they are likely to provide. Furthermore, it is often the case that ‘off-the-shelf’ access control systems are much easier to administer because such systems offer little or no encryption, hence minimal security. BQT Solutions are uniquely different in that their miPASS card and reader systems offer economical “off the shelf” convenience with the right level of encryption and security for both medium and high risk security applications. They can also provide tailored Smart Reader and Card systems with custom “secret” keysets and/or encoders and configuration software for larger organisations or classified installations.

Encryption Card Readers communicate between the access Credential and the Reader through radio frequency and also to the Access Control Panel via a protocol such as Wiegand. For a security risk analysis to be considered complete, an examination of both of these methods of communication is required in order to assess the how easily data in the system could be compromised. This risk assessment then determines the appropriate technology platform and encryption standard. BQT Solutions advise that medium security products such as their miPASS 2 secure card and reader system, which include modern MIFARE® Crypto1® encryption, may be implemented at a similar budget to non-encrypted technology such as such as 125Khz prox or CSN/UID readers, eliminating the need to expose an organisation to the kinds of hacking and cloning security risk associated with cheaper systems. The standard of card and smart reader encryption for high security applications requires a higher level of encryption such as Triple DES (3DES) and AES which have been approved by organisations such as the US Department of Commerce, National Institute of Standards and Technology (NIST) for the protection of sensitive and confidential data. BQT Solutions miPASS 3 secure card and reader system provides a suitable “off the shelf” solution which implements Triple DES (3DES) encryption between the card and the reader to protect against hacking and cloning of these communications. BQT Solutions also offer a smart reader range that has custom keys and output formats, as

BQT

well as a choice of platform, encryption standard (as available for the platform) and output protocol. These readers offer MIFARE® Classic with Crypto1® encryption, MIFARE® DESFire® EV1 with DES, 3DES or AES encryption and/ or MIFARE Plus® with AES encryption. Output protocols offered as standard include Wiegand and both plain and AES encrypted RS485 with plain or encrypted OSDP as a further option.

Smart Reader Output (Communication With The Access Control Panel) Most access control panels on the market today communicate data from the smart reader as Wiegand protocol. This communication is unencrypted, plain text and may be hacked and replicated to allow unauthorised access. Many models in the range of BQT Solutions readers include the option of RS485 protocol communications encrypted with AES. Data from the reader is then sent to a High Security Module (HSM) installed next to the Access Control Panel in a secure area and decrypted back to Wiegand data for use in the Access Control Panel.

Diversified keys and Random UID enhance a Smart Reader and Card System’s security and integrity, making hacking and cloning of systems more difficult. Many BQT Solutions products include Diversified Keys and Random UID techniques within feature sets, providing additional peace of mind.

not the back-end, which grants access based on a string of data that it receives, but on the authentication and verification of the individual seeking access. Essentially, this means that the security risk is mitigated at the Smart Reader. As there are cost implications to each additional factor of authentication, most organisations determine the authentication and verification processes based on the constraints of time and of money and take a zonal approach to increasing factor authentication as the security risk or value of property being protected increases. The Multifactor approach to security is strongest at three factor authentication and verification providing three key ingredients:What you ARE - (Biometric Information e.g. a fingerprint) What you HAVE - (A credential such as a Smart Card) What you KNOW - (A PIN, kept secret)

Other Authentication

Backend Security Procedures and Controls

It has often been noted among security experts that the strength of an access control system is

An Access Control System is only as strong as its weakest component or procedure. Just

Other Security Features

as important as the technology selection are the procedures that are implemented around enrolment, and suspension of system users and custody of credentials. System lists of authorised and unauthorized issued credentials should be strictly maintained on an on-going basis, strong policies should be adopted with regard to lost/ stolen cards and practices such as tailgating and card sharing should be prohibited.

BQT Solutions BQT Solutions has a range of smart reader products that cover all applications and risk levels from low to high and critical risk applications and multiple factor authentication readers are available. Their technology is installed at over 3,500 sites globally and is trusted for some of the most high risk security applications in the world. They offer both “off the shelf” secure smart reader and card systems and tailored solutions which can be specified for any security application. For more information visit www.bqtsolutions.com or call +61 (0)2 8817 2800

SECURITY SOLUTIONS 107

PRO FILE

ADVERTORIAL

Protecting People & Assets Through Proven Solutions for Security & Safety Effective perimeter security is about more than gates and turnstiles. Like everything in life, effective perimeter security is a balancing act in which one must seek the right blend of design, price, quality and service. Being the cheapest most certainly does not make something look the best, just like being the most expensive is not always a guarantee that one will receive great service. It is the ability to balance all four, design, quality, price and service which sets true industry leaders apart from the competition. It is for this reason that Magnetic Automation has been a leader in the perimeter security industry in Australia for more than 30 years offering locally manufactured products that are designed, engineered, and installed in accordance with international standards. Magnetic is also certified to ISO9001, ISO14001 and OHS18001. The Magnetic product range includes every kind of product one might need from barriers and boom gates, to automated slide and swing security gates, turnstiles and other pedestrian access control technologies – all of which can be custom tailored to a client’s specific needs. With extensive experience in commercial and industrial environments, Magnetic Automation has installed a wide range of solutions across a diverse range of industries including mining, rail, corporate buildings, industrial sites, government installations, critical infrastructure projects and defence sites. In fact, the depth and breadth of their work stands as testament to their service, quality and reliability. Within government environments, Magnetic Automation offers a variety of high security products enhanced through the addition of value adding features and services. The full height turnstile is fully risk assessed, IP65 rated, solar powered (optional), a can be constructed using A portable plynth (optional) in addition to being constructed using Australian RHS galvanised hot dipped steel

108 SECURITY SOLUTIONS

(stainless steel option available). Their Road Blocker has been installed in various correctional facilities and can be customised to meet individual site requirements. The Magnetic Telescopic gate provides a high level of security for vehicle access where restricted gate run off areas are found. In fact, there are numerous examples of Magnetic’s gates which have been installed gates in various high security government locations. Furthermore, Magnetic's Pedestrian High Door speed gate offers a stylish and robust security solution which can be integrated with existing and/or new access control systems. Whatever the situation, Magnetic Automation can provide a total solution for individual needs, incorporating complete traffic control systems for both vehicles and pedestrians. All Magnetic products are supported by a comprehensive, preventative maintenance, service and spare parts programs.

Magnetic Automation is part of the global FAAC Group – a world leader in access control and automation since 1965. To ensure the highest levels of service and support, Magnetic Automation maintains a presence in every state, with a Head Office in Tullamarine, Victoria and branches in Western Australia, Queensland and New South Wales. In this way, you can be assured that whether you require a consultation, service technician, installation or just have a question, a Magnetic Automation staff member is only ever a phone call away. Why not turn to a name you can rely on and trust the next time you need someone to provide proven solutions for security and safety to help protect your people and assets. Contact Magnetic Automation 1300 364 864 or visit www.magneticautomation.com.au

ADVERTORIAL

FILE PRO

STid Technologies Set New Standards In Mobile Access Control Data and information have become a priority in our smart, mobile and connected society. Beyond the economic realities, human authentication through the securing of people's identity and access is essential. Are you ready to face the change mobile technologies have brought to access control? To respond to these new challenges, STid anticipates market trends and introduces new access control concepts, offering contactless Radio Frequency IDentification technologies (RFID, NFC & Bluetooth® Smart). The French company with a worldwide reach invents, designs and provides solutions in the security and industrial asset track and trace markets for the most demanding industries and governments. As French market leader, STid develops innovative products and solutions for high security access control and automatic vehicle identification (AVI). STid offers awarded innovative solutions STid Mobile ID® access control solution and Architect® Blue upgradable readers were awarded the “Think outside the box” award and the Innovation Trophy at the latest security trade fairs. The reasons for this success is evident… STid Mobile ID® allows you to secure your access and to protect your sensitive data with your smartphone. The mobile access control solution, combined with Architect® Blue secure upgradable readers, merges the best security levels of the market, rewarding human experience and open technologies to keep control of your security. Improve the human experience The user-friendly solution allows 5 identification modes of intuitive, smooth and unhindered management of your access points: • Badge mode by placing your smartphone in front of the reader.

• Tap Tap mode by tapping your phone twice in your pocket for Prox or remote opening. • Slide mode by placing your hand close to the reader. • Remote mode by controlling your access points using a smartphone app. • Hands-free mode by entering while carrying a smartphone loaded with a valid credential. These 5 modes are possible thanks to STid's exclusive, patented technology that can differentiate between access points depending on their distance. This means that multiple Bluetooth® readers can be installed in the same area. Easy access to High Security STid is the first RFID manufacturer to have received First Level Security Certification (CSPN). This French government certification is a recognition of their unique know-how, the technological and security expertise that are implemented in your access architecture, whether new or existing. Managing digital keys on a smartphone requires expert control of the security chain: phone, reader and system. STid offers unprecedented security levels while protecting and encrypting all data and communications between the mobile phone and the access reader. Architect® Blue readers use the latest MIFARE® DESFIRE EV1 / EV2, Bluetooth® Smart and NFC

technologies with new data security mechanisms. The innovative tamper protection system is the best way to protect sensitive data while making it possible to delete the authentication keys (patent pending). Create your own scalable configuration The concept can be tailored to your needs, offering the optimum solution for any situation and ensuring that all functionalities and security levels can be upgraded across all your readers. Architect® Blue is the first modular range of secure RFID, Bluetooth® Smart and NFC readers offering both flexibility and simplicity. The awarded readers are based on a common smart RFID core to which various interchangeable modules can be connected, such as card reader, keypad, touch screen, biometric device... Tailor your own access control readers The design of Architect® Blue readers is immediately recognizable, with a dynamic and elegant style, featuring clear pure lines. STid offers a wide range of customization options to tailor your reader to your corporate image and integrate it fully in its installation environment: logo printing, casing color and material-effect, multi-colored LEDs… For more information visit www.stid.com

SECURITY SOLUTIONS 109

PRO FILE

ADVERTORIAL

ActivConsole

A true investment in your control room operation ActivConsole, AME System flagship product, has been revolutionising surveillance control rooms throughout Australia and internationally for the past 20 years. A strong push towards ergonomics within many surveillance room environments has shifted the role of consoles over the last 10-15 years. Consoles are no longer an outdated, inconspicuous piece of furniture offering no ergonomic benefit for its operator. Today’s consoles are custom designed, ergonomically beneficial and tailored towards each single operator and task. Height adjustable consoles are not just the future, they are the very much the present and they are very much a trend that needs to be embraced. Not only do they increase operator comfort and safety, productivity and alertness of each operator remains higher for longer. Australian made and owned, all ActivConsole models are designed and manufactured from their engineering facility and design studio in Melbourne, Australia. Utilising Australian suppliers whenever possible, the ActivConsole ensures that up-to-date technologies, services and ongoing support remain local and readily accessible for their customers. Over the last 12 months, ActivConsole models have been implemented in & associated with a variety of large scale, state-of-the-art projects throughout many of Australia’s top industries. Spanning across the various sectors of road and rail, mining, military, casino gaming, oil and gas and air traffic control, the ActivConsole models are as diverse as ever and proving to be the backbone behind many every day critical applications

110 SECURITY SOLUTIONS

required to ensure the security of Australia’s future. Internationally, ActivConsole models have recently been commissioned and installed within several major projects in casino gaming, audiovisual and education industries located within South East Asia, New Zealand and the United States. Each new console produced, whether incorporating specialised high-tech hardware, advanced touch screen technology or simply just a retrofit to an existing application, is meticulously designed and tailored to suit its application – ensuring the highest levels of practicality, comfort and ergonomic benefit have been identified and utilised. ActivConsole’s trained in-house design team ensure that all consoles created recognise all relevant control room standards and meet all applicable requirements from Australian and New Zealand Standard 4443:1997 and ISO 11064-4. All height adjustable consoles created under the ActivConsole brand utilise proven, internationallyrecognised electric lifting actuator technology to ensure the functionality and safety of its height adjustable operation are never compromised. At the touch of a button, each operator can set and save their desired working height to ensure an ergonomically beneficial position is met, without having to compromise between sitting and standing. The pivotal element of every ActivConsole is ergonomics. Technically speaking, this is the optimum way an operator interacts with every aspect of the console in order to achieve their

performance objectives, whether seated or standing. All ActivConsole models are designed with ergonomics at the forefront, taking an active approach to ensure the operators and the tasks they perform are accounted for first, prior to any design work being undertaken. It is this approach that ensures all consoles are designed specifically for a certain task or role, all the while creating an innovative 24/7 working environment and increasing workflow and productivity. The success of ActivConsole is embedded in its long lasting quality and repeat interactions with existing customers. Aligning itself heavily within growing companies, industries and technologies, the ActivConsole has continued to diversify into a wide variety of thriving sectors, ensuring it remains a benchmark in the console industry and a mainstay for years to come. Despite its already expansive customer base, the ActivConsole continues to expand rapidly into a variety of different markets internationally and throughout Australia. As customers continue to ebb and flow with this ever changing marketplace, new sites are constantly being fitted out with new, state-of-the-art ActivConsole models and old sites are being retrofitted to compete with the dynamic requirements of large-scale automation synonymous with the 21st century. Whether it’s a new project, a refurbishment or simply a retrofit, the ActivConsole is the proven first step towards a healthier and more effective workplace. For more details on AME System and their ActivConsole range, visit their website at: www.activconsole.com

ADVERTORIAL

FILE PRO Redefining Wireless Security

Despite advances in IP camera and security management system technologies, Dr. Patrick Lam, founder and CEO of P2 Wireless Technologies, realised that the backend of most surveillance network designs is still heavily reliant on cable. P2 focuses on the creation of innovative, reliable and large-scale wireless mesh networking technologies for industrial and commercial use. Based in the prestigious Hong Kong Science Park, P2 has blossomed under Dr. Lam's leadership and his Silicon Valley management experience. Rather than simply building on existing wireless technology models and systems, every P2 technology is uniquely designed from scratch, resulting in revolutionary products. P2's patented MeshInfinity technology provides the ultimate security solution. The MeshInfinity powered wireless mesh networks enable transmission of security information and HD, or even 4K, video streams across various terrains where cabling was previously not feasible. With the maximum capacity of 80 HD or 20 4K simultaneous video feeds per mesh backhaul or path, P2’s MeshRanger product line is set to change the security eco-system. MeshRanger comes in 2 lines of products. The MeshRanger X20 line is a 2-Radio mesh router providing up to 867Mbps raw throughput across the entire wireless mesh network up to 20 wireless hops. The MeshRanger X30 line is a revolutionary 3-Radio sibling providing the world’s highest 1.7Gbps raw throughput over the entire wireless mesh network up to 30 wireless hops and featuring P2’s unique self-healing technology that ensures

no interruption in mesh connection even under the most adverse situations. A typical security surveillance network solution may comprise of a combination of the two product lines depending on terrain and density. Flexibility, adaptability and capacity are not MeshRanger's only attributes. One of its most attractive features is its extreme cost-effectiveness. Better yet, the MeshRanger product lines are designed to be compatible with most, if not all, existing security systems and IP surveillance cameras - meaning it is instantly deployable, with minimum disruption to existing service. In the wake of heightened demand for increased security as a result of recent global events, P2's timing could not have been better. P2's MeshRanger is poised to make a significant impact on communities around the globe. For more information visit www.P2WT.com

SECURITY SOLUTIONS 111

PRO DU CT

S E S A C W O H S CENTAMAN ENTRANCE CONTROL PROVIDES SECURE ACCESS TO THE NEW NOVARTIS FACILITY

Access to Novartis Pharmaceuticals new campus in Sydney’s Macquarie Park has been secured in style with three lanes of Centurion EasyGate HG speedgates from Centaman Entrance Control. The new development represents Novartis’s continued long-term local commitment to delivering healthcare solutions that help make a difference to the health and wellbeing of Australians, now and in the future. Part of the requirement for the building was to control tailgating in the main reception area of the campus – limiting access to only authorised occupants and visitors. As such, three lanes of EasyGate HG were installed and integrated with the Novartis’s usual access control system. Centurion EasyGate HG uses glass barriers of up to 1800mm in height, in conjunction with state-of-the-art optical technology to provide a high throughput security gate. The bi-directional glass barriers are designed to work in a ‘normally closed’ mode and open after a valid card has been presented to allow the authorised user to pass. The barriers are designed to close quickly behind the authorised person to deter tailgaters whilst the IR sensors monitor the lane to detect unauthorised entry and ensure the safety of users. The ‘swing barrier’ design of the EasyGate HG allows the same slim pedestal to be used for both standard width and wheelchair width lanes alike, making it ideal for installation in areas with space constraints. These turnstiles offer unrivalled processing speeds coupled with an aesthetic design which sits comfortably in a building designed to put everything on display. “The elegance and simplicity of the design affect the image of the access control. Security should no longer seen as an obstacle. EasyGate HG’s open design makes it an ideal solution for the reception area of a building like this,” commented Michael Bystram, Entrance Control Manager at Centaman. For more information on CENTAMAN Systems visit www.entrancecontrol.com.au

112 SECURITY SOLUTIONS

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.

CT DU PRO

SHO WC ASE S INTREPID™ UNIZONE™ PLUG-AND-DEPLOY FENCE DETECTION SENSOR Offering unprecedented ease of installation and deployment, INTREPID™ UniZone™ Plug-and-Deploy Fence Detection Sensor is a highperformance, standalone perimeter intrusion sensor designed to reliably and cost-effectively protect smaller critical infrastructure sites vulnerable to terror attack, sabotage, asset theft, or liability risk. Based on Southwest Microwave’s field-proven MicroPoint™ smart-sensor technology and designed to perform in harsh outdoor environments, UniZone protects up to 200 linear metres of fence against cut or climb attacks. Advanced shielding and surge protection make it ideal for lightning-prone sites or those with high electromagnetic or RF interference. As a plug-and-deploy detection sensor, the UniZone set-up process is simple. An installer uses a laptop USB connection to configure and calibrate the system in minutes via user-friendly Installation Service Tool software. Like all of Southwest Microwave’s fence detection systems, UniZone employs patented Point Impact Discrimination™ to monitor activity along the sensor cable in one-metre increments, letting the system analyse the characteristics of each disturbance and reliably detect intrusion attempts while ignoring harmless environmental noise like wind, rain, or vehicle traffic. UniZone also employs Sensitivity Leveling™, a proprietary software-based calibration process, to account for variations in fence fabric or tension and achieve uniform detection along the protected fence line. For more information visit www.southwestmicrowave.com/UniZone

INTREPID™ MODEL 336 LONG RANGE DIGITAL MICROWAVE LINK This advanced, standalone volumetric sensor couples Southwest Microwave’s field-proven RF detection technology with leading-edge embedded digital signal processing to reliably discriminate between intrusion attempts and environmental disturbances, mitigating risk of site compromise while preventing nuisance alarms. Designed for protection of fence lines, open areas, gates, entryways and rooftop applications, the all-weather Model 336 has a 457m detection range and operates at K-band frequency, optimising detection of slow-moving intruders and limiting interference from external radar or other microwave systems. Unique parabolic dish and antenna design assure superior beam control and predictable Fresnel zones, further enhancing detection probability and nuisance alarm prevention. Offering maximum protection against sabotage, Model 336 is an ideal solution for security-sensitive sites. Heavy duty components and packaging, radome tamper switches and optional steel enclosures prevent physical abuse. Integrated EMI/RFI shielding protects sensor electronics against electromagnetic or radio frequency interference. Standalone configuration and on-board relay outputs for monitoring of alarms eliminate risk of digital compromise. Model 336 features six crystal-controlled, field selectable modulation channels with narrow band filtering, preventing interference between sensors. Units can be dual, triple or quad-stacked for ultra-high security applications. User-friendly Installation Service Tool software simplifies sensor set-up, and graphically administrates sensor status, control parameters and signal strength with laptop convenience. For more information visit www.southwestmicrowave.com/Model-336

SECURITY SOLUTIONS 113

PRO DU CT

S E S A C W O H S SEAGATE ENTERPRISE CAPACITY 8TB 3.5IN HDD The ninth generation, 8TB Seagate Enterprise Capacity 3.5in HDD is a drive designed for nearline applications with 550TB/yr workloads and requires 24x7 reliability. Leading the industry in capacity, reliability and performance, the Enterprise Capacity 8TB HDD is available in various configurations, such as 6Gb/s SATA or 12GB/s SAS for different DVR/NVR requirements. Power consumption and performance is continuously monitored and calibrated with the PowerBalance feature. The SED versions featuring Instant Secure Erase help to ensure secure data access and drive retirement cost-savings. Supporting the industry’s best response time for an 8TB nearline drive, the Seagate Enterprise Capacity 3.5 HDD enables the fastest data transfers thanks to Seagate’s comprehensive caching technology. With RAID Rebuild functionality built into the Enterprise Capacity’s firmware, it can target bad data sectors and remove the requirement for rebuilding an entire array. With a five year warranty for peace of mind, the Enterprise Capacity 3.5in HDD ensure you can meet all of your critical bulk data storage requirements. The Seagate Enterprise HDDs have been voted as Best-In-Class for the past four consecutive years by IT professionals. Learn why at www.seagate.com/au/en/internal-hard-drives/enterprise-hard-drives/hdd/enterprise-capacity-3-5-hdd

DRIVEPRO BODY 10 Day or night, indoors or outdoors, Transcend’s DrivePro Body 10 may well be a security officer’s most valuable health and safety tool while providing a wide array of other useful functions. Collect evidence day and night With a large ƒ/2.8 aperture, a wide 160° viewing angle and a high-quality camera lens, the DrivePro Body 10 can automatically adjust to different lighting conditions to capture all details of actions during either daytime or nighttime in clear and smooth 1080P (30fps) recordings. In addition, as the infrared LEDs will automatically activate in low light conditions, recording incidents at night is now easier than ever before. The DrivePro Body 10 also features a 360° rotatable clip which enables officers to firmly attach the camera to their clothing or straps on equipment, making it easy to record all details anytime, anywhere. With a built-in 1530mAh Li-Polymer battery, the DrivePro Body 10 can record up to 3.5 hours of footage (without LEDs activated) on a fully charged battery, enabling officers to record what happens on the front line without the need for a power adapter. The handy snapshot feature allows users to take photos while recording video. During an incident, one need just press the snapshot button to capture the irrefutable evidence on the spot. (Snapshots taken with infrared LEDs will be in grayscale.) The rugged DrivePro Body 10 provides excellent protection for outdoor recording. The IPX4 water resistant feature offers protection against splashing water from any direction. The DrivePro Body 10 also offers great shock resistance, meeting the rigorous U.S. military drop-test standards (Based on MIL-STD-810G 516.6-Transit Drop Test). The camera even comes with a 32GB microSDHC memory card that can record up to 240 minutes of Full HD video, so there is no need to worry about storage capacity. Built with top-tier MLC NAND flash chips, the Transcend’s 32GB microSDHC memory card provides consistent long-life durability and endurance. For more information visit www.signalone.com.au

114 SECURITY SOLUTIONS

CT DU PRO

SHO WC ASE S

the peak body for security professionals. 115 SECURITY SOLUTIONS

SHO PTA

Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

Recognising excellence within the Australian security industry The 21st annual Australian Security Industry Awards for Excellence and 2nd annual Outstanding Security Performance Awards provide an opportunity for exceptional companies and individuals across the security industry to be recognised. Organised by the Australian Security Industry Association Limited (ASIAL) and World Excellence Awards, the event is designed to be both independent and inclusive, providing an opportunity for outstanding performers, whether buyers or suppliers, to be recognised and their success to be celebrated. The Outstanding Security Performance Awards form part of a global initiative which includes events in Germany, Norway, Poland, Romania, United Kingdom and United States of America. This year’s awards are supported by the Australian Information Security Association, ASIS and Security Professionals Australasia. The 2016 judging panel will comprise of: • Damian McMeekin, Head of Group Security, ANZ Bank • Mark Edmonds, Manager, Security Capability, Sydney Trains • Vlado Damjanovski, CCTV Specialist, ViDi Labs Pty Ltd • John Adams, Editor, Security Electronics Magazine • Chris Beatson, Director, NSW Police Force – PoliceLink Command • Sean Giddings, Director of Security Operations, Australian Parliament House ASIAL awards for Excellence categories Individual Achievement – General Security Individual Achievement – Technical Security Individual Achievement – Security Student Gender Diversity Indigenous Employment Special Security Event or Project (<$200k) Special Security Event or Project (>$200k) Integrated Security Solution (<$200k) Integrated Security Solution (> $200k) Product of the Year (Alarms, Access Control, CCTV, Communication/Transmission System) OSPAs categories Outstanding In House Security Team Outstanding In House Security Manager Outstanding Contract Security Company (Guarding) Outstanding Security Consultant Outstanding Security Training Initiative Outstanding Security Partnership Outstanding Investigator Outstanding Police / Law Enforcement Initiative Outstanding Risk Management Solution Outstanding Cyber Security Initiative Outstanding Female Security Professional Detailed information on the criteria and conditions for award nominations can be found at www.asial.com.au Awards Ceremony and Dinner Award winners will be announced at a special dinner to be held at the Westin Hotel (Martin Place, Sydney) on Thursday 20 October 2016 from 7.00pm. The cost of attendance is $175 per person or $1,650 for a table of 10 (prices include GST). For further information visit www.asial.com.au

116 SECURITY SOLUTIONS

PTA SHO

Do You Know This Person?

This person has made a difference to someone’s life. It may be that he or she, through an act of courage or valour, has stepped in harm’s way so that someone else may be safe. It may be that he or she has put in tireless hours, made great personal sacrifices and dedicated a career to making the security industry a better place. Please, help us find and reward this person. Nominations are now open for the 2016 Australian Security Medals. Whether you are nominating a medal recipient, making a donation to the Foundation or booking seat (or table) at the industry’s premier charitable event, you will be helping to create a more professional security industry of which we can all be proud. For more information about making a nomination or providing sponsorship, please visit the Australian Security Medals Foundation website today!

www.inspiringsecurity.com SECURITY SOLUTIONS 117

SHO PTA

Hikvision Blazer Pro All-in-One Server Hikvision Blazer Pro All-in-One server is a video management software station that comes preloaded with a licensed VMS in a Windows environment, boasting advanced features in storage capacity, system scalability and centralised management. Easy deployment and maintenance Blazer Pro has a pre-installed activated operating system (Win 8.1) and a preloaded VMS, which makes the unit even more comprehensive. The VMS and OS are installed in SSD Card, with 64GB capacity for operation and management. Pluggable as it is, the SSD Card allows much easier after-sales maintenance. Moreover, Hikvision Blazer Pro supports power-off data protection to ensure operation safety. Data reliability Designed with reliability in mind, the Hikvision Blazer Pro provides dual redundant power supply to ensure seamless video recording even when one power supply crashes. It also provides performance enhancement and fault tolerance by employing RAID 0,1,5,10 disk management. System scalability The default license of Hikvision Blazer Pro offers 128 or 256 channels connection. This could be extended to 256 or 512 channels when largescale project requires. The same goes for storage. It contains 7 HDD slots. Users can further add miniSAS, 16-disk and 24-disk storage cabinets for necessary storage extension. As preloaded with VMS, the Blazer Pro shares all the features with Hikvision video management software, including real-time video preview, video playback, alarm management and smart features. It also supports vertical modules including Transact module and a Business Intelligence module for retail, License Plate Recognition module for transportation and parking sectors, as well as Access Control module for building facility management.

SecuSafe Launches New DigiGuard 3MP IP Turret Network POE Camera SecuSafe Pty Ltd, an Australian importer and distributor of electronic security products located in Sydney, introduces their new 3MP IP Turret Network POE Camera for SME surveillance industry. The attractive DigiGuard Matrix IR Turret Network Surveillance IP Camera, is fitted with a 2.8mm security lens available in grey and white colour, this can achieve an impressive wide angle view of 98° at 2MP (1920 x 1080) and 3MP (2048 x 1536) with a 86° angle of view. With the Matrix IR Illuminator you have auto switched night vision, up to 30m in zero lux conditions. One of the key features is in the 3D Digital Noise Reduction, and a Digital WDR. It is rated IP66 suitable for outdoor installations. Power for this DigiGuard Camera, can be either 12Volt DC or PoE (802.3af). Available Models: • IP-3MP3332-I4 (White Turret with 4mm lens) • IP-3MP3332-I28 (White Turret with 2.8mm lens) • IP-BLK3MP3332-I28 (Grey Turret with 2.8mm lens) With dedicated people, warehouses in Melbourne, Perth and Brisbane, we can support customers locally and nationally. For more information about our full range of IP and TVI series, please contact SecuSafe Pty Ltd at: (02) 9649 4477 or email: sales@secusafe.com.au or visit http://www.secusafe.com.au

118 SECURITY SOLUTIONS

PTA SHO

Storage Now a Critical Component Storage is now a critical part of a robust video surveillance solution. Increasing camera resolutions, longer retention times, and increasing use of analytics all lead to larger digital storage capacity requirements. Across the industry, storage demands are increasing at existing sites undergoing upgrades and refreshes, and also in greenfield installations. Quantum, a global leader of the storage industry, now offers their best-of-breed multi-tier storage solution for security and video surveillance projects. The Quantum multi-tier storage solution combines various types of storage media – flash or SSD drives, high performance hard drives, standard hard drives, file-based tape, and the Cloud. These tiers of storage are specified according to the usage profile of the solution – high performance to match the video write requirements, and hard drives and file-based tape or Cloud for longer term retention. The resulting combination provides the highest performance, largest overall storage capability, at the lowest cost of ownership. Typically, 40% less than comparable all hard-drive solutions. For ease of use, the Quantum multi-tier storage solution unites the storage media under a software layer – StorNext 5 – which presents all the combined storage as a single name space – as simple as accessing a C: drive. Quantum Storage products and StorNext 5 are certified and tightly integrated with leading VMS providers (Milestone, Genetec, 3VR, Avigilon, etc). To learn more, contact Quantum on 1800 999 285 (Aus) 0800 105 999 (NZ), ANZsales@ quantum.com or check out www.quantum.com/video-surveillance . Until 30 June, mention Security Solutions Magazine for exclusive 10% discount offer.

Elvox Video Intercom System To Be Showcased At Design Build 2016 Seadan Security & Electronics, one of Australia’s leading wholesale suppliers of Security and Intercom system solutions, will be showcasing the latest technology from Elvox at this year’s premier building and construction event – DesignBuild Expo 2016. Taking place from 4-6 May 2016 at the Melbourne Convention & Exhibition Centre, this annual event attracts thousands of architects and assorted building professionals from both the residential and commercial markets in addition to professionals from across the construction sector, all of whom come to the show with a single goal, to find the latest in state-of-the-art designs and cutting-edge solutions. Based in Italy, Elvox is an internationally recognised manufacturer of innovative, premium quality video door entry systems, intercoms and integrated access control solutions. On display at the show will be a number of stand-out products including the Elvox Pixel, Pixel Heavy and the TAB series supported by the Due Fili Plus system, a proprietary solution designed to facilitate faster, more practical and flexible video and audio door entry systems. The Pixel entrance panel, with its slim and sophisticated design, comes in four versatile colour finishes all of which are sure to complement even the most modern construction. Protruding just 14mm from the wall and only 100mm wide, Pixel is the ideal solution for elegant installations, even in confined spaces. Capitalising on its sleek European styling, the Due Fili Plus system highlights the most elegant of building designs while facilitating functionality for up to an astonishing 6,400 stations. The Due Fili technology is distinctiveness in that it carries not only data, voice and video, but also power over a single pair of cables. This makes Due Fili Plus highly practical in that it resolves the vast majority of cabling issues by eliminating the normal mass usually experienced when installing large intercom systems. For further details on the entire range of Elvox Intercom solutions and a chance to see the award winning products in operation, visit the Seadan Security & Electronics Elvox display at DesignBuild 2016. For further information call 1300 366 851 or email: john.varthalis@seadan.com.au

SECURITY SOLUTIONS 119

SUBSCRIBE Security Solutions Magazine, Level 1, 34 Joseph St, Blackburn, Victoria 3130 | Tel: 1300 300 552

I wish to subscribe for:

oONLY $62 per annum!

Name: ............................................................................Company: ....................................................................................... Position: .........................................................................Address: ......................................................................................... Suburb:...........................................................................State: ................................. Postcode:............................................. Tel:..................................................................................Email: ................................................................. ........................... TERMS AND CONDITIONS For more information on subscriptions, or to contact Interactive Media Solutions, please phone 1300 300 552 or email to admin@interactivemediasolutions.com.au. Deductions will be made from your nominated credit card every year in advance of delivery. The direct debit request and subscription price may be changed by Interactive Media Solutions from time to time, however you will always be given at least 28 days notice. The authority to debit your account every year remains valid until you notify Interactive Media Solutions to cancel your subscription by contacting Interactive Media Solutions Customer Service. No refund is given after a payment is made. In the event of a cancellation of your subscription, the subscription will simply expire twelve months from when the last subscription payment was made. Information on how we handle your personal information is explained in our Privacy Policy Statement.

Credit Card oBankcard

oVisa

oMastercard

oAmex

oDiners

Card Number: ........................................................................................................................................................................ Exp: _ _ / _ _ Card Name: .................................................................................................................................................................................................................... Signature: ....................................................................................................................................................................................................................... When payment has been received and funds cleared, this document serves as a Tax Invoice. Interactive Media Solutions ABN 56 606 919 463. If this document is to be used for tax purposes, please retain a copy for your records.

Subscribe to Security Solutions Magazine for

ONLY $62 per annum!

Simply fill in the form or call 1300 300 552

120 SECURITY SOLUTIONS

Powerful insights into security and property related matters that occur in and around the work place. SIMTRACK™ is the solution of choice for organisations to manage and track security related incidents across all business sectors in a structured and unified environment. Built with complete mobile and tablet support, SIMTRACK™ allows incidents to be reported as they happen, where they happen. Intelligent insights to trends, incidents hotspots, serial offenders and more emerge through powerful inbuilt real-time reporting. Businesses can mitigate risks effectively with strategic implementation of preventative measures. l l

Hosted in Australia Incident Forensics

l l

Secured facilities Web based

l l

Full data encryption Securely Hosted

‘Locate incident hotspots, track serial offenders and identify trends as they emerge with powerful in built real-time reporting.’

simtrack.com

20-22 July 2016

Visit us at:

MELBOURNE CONVENTION CENTRE

STAND J 35 “providing your business with solutions to do business”™

Founded 1999

3 Dimensional Consulting 211A Swan Street Richmond Melbourne Victoria Australia, 3121

Australia: International: E-mail: Web:

1300 881 711 +61 3 8844 7550 enquires@simtrack.com www.3dc.com.au

SPEED UP! with Aperio® V3

Experience the next generation of Wireless Access Control

WIRELESS LOCKS REACT IN A HEARTBEAT WITH THE NEW V3 PLATFORM! ASSA ABLOY’s Aperio® V3 platform is a new generation of battery-powered locks packing more powerful electronics enabling faster response times. Its remote unlocking commands pass from access control systems to doors and locks almost instantly, providing users with an effective remote opening function. With a comprehensive lock range covering almost every door style and opening there’s no reason to delay upgrading to faster wireless access control with Aperio® V3.

Cost-effective Increased battery performance

To find out more please phone 1300 LOCK UP or visit aperiotechnology.com.au

Multi credential Supports multiple high frequency RFID technologies and SEOs mobile access

Real-time Heartbeat communication: 5-10 seconds