AUSTRAL ASIA’S LE ADING SECURIT Y RESOURCE FOR BUSINESS AND GOVERNMENT
Avoiding Social Media
Bombshells
How To Take Control In A Crisis
#95 MAY/JUN 2015 $9.95 inc GST / $10.95 NZ
WIRELESS VIDEO ALARM SYSTEMS
THE WIRELESS ALARM SYSTEM WITH COLOUR VIDEO VERIFICATION Home, Business & Outdoor Protection
Videofied products are scalable, reliable and proven performers-no matter how tough it gets. Call Videofied today on 1300 46 44 55 for more information
INDOOR MOTION VIEWER L CAMERA
Full VGA colour for remote smartphone app
k-in k-in
™
L
™
Smartphone management app
via
LArm/disarm k-in LL k-in k-in remote color photo viewing L k-in remote color video viewing ™ ™ ™ ™
Alarm status (system armed/disarmed) Alerts, e.s. upon system disarm
ILLUMINATORS
PIR DETECTOR
CALL US
NOW FOR EXCITING NEW PRICING!
Faster video transmission to central station Colour/day, Monochrome/night Integrated camera/detector with illuminators for night vision Programmable PIR sensitivity Programmable video resolution Up to 24 MotionViewers per Videofied® alarm system Up to 5-year Battery Life
L L
OUTDOOR MOTION VIEWER CombineIndoor&Outdoorsystems Extend Security to Protect Outdoor Assets
k-in k-in
™
™
IP65-AllWeatherAnywhereSecurity 100% wireless battery operation Fast and Easy installations
Detector Video camera Infrastructure
Marine
e-Guarding
Industrial
Commercial
Warehousing
Infrared LED
The wireless system with colour video verification Thanks to its wireless capability, the Videofied system is easily installed. It also transmits wirelessly through GPRS cellular communications.
provides the reassurance and convenience of remote video request and review (arm, disarm, request videos and photos...).
Compatible with Iphone and Android.
AUSTRALIAN
ARRESTS TO DATE Contact Videofied today for more information 1300 46 44 55 info@videofied.com.au www.videofied.com.au
intelligent storage the creone keybox is a new solution for management of valuables & keys. absolute control easy to use With the Creone KeyBox range you will have complete control over your keys and valuables. Whatever your requirements you can choose a basic or more advanced solution.
There is one important requirement when it comes to storage systems that are used by a number of different people: the easier to use, the better.
Creone offer everything from key cabinets and value boxes that will meet your basic needs to advanced systems that monitor every single key and user.
Creone intelligent technology automatically keeps things in good order, and thanks to the user-friendly software, it is easy for the administrator to monitor key use and control.
Total flexibility
Key Features
Creone KeyBox systems are flexible, which makes it easy for you to adapt your system when your needs change. Start with a solution that is suitable for your current needs, and expand it as your needs grow. Your storage solutions are future-proof when you invest in a Creone KeyBox to manage your keys and valuables.
• A simple and flexible solution • Over 40 different models and styles available • Easily expandable • Intuitive management software • Made in Sweden Visit lsc.com.au/creone for more information about Creone and the benefits to you and your customers. See Creone’s extensive KeyBox range when you visit the LSC stand C4 at Security 2015.
Creone develop intelligent storage systems. They have being doing this since they started in 1979, and today supply solutions to companies in 30 countries. Creone have three keywords for their storage solutions; Control, Flexibility and User-Friendliness. Whatever your needs, they have a solution you can offer with security and good order – both today and in the future.
A Solution to Suit Creone’s extensive KeyBox range offers storage solutions to a variety of industries.
Pharmacies
Banks
Car dealerships
Hospitals
Shops
Hotels & Hostels
Offices
Fire departments
Police
Taxis
Aged care facilities
Public sector
Energy suppliers
Education
Factories
Post offices
THE FUTURE
A R T O F I N N O VAT I O N UNLOCKED BY HID MOBILE ACCESS
To launch HID’s Mobile Access® Technology in Australia, we invited some of Sydney’s leading architecture and construction companies to experience the Future Art of Innovation for themselves.
At Sydney’s MCA, we celebrated 10 emerging young artists and the revolutionary new technology of HID’s Mobile Access®.
HID MOBILE ACCESS
THE ART OF INNOVATION HID Mobile Access® securely enables staff to use their smartphones to enter buildings using NFC or Bluetooth with the following benefits: Replace managing physical cards with a secure, cloud-based portal for easily issuing, managing and revoking digital keys. HID’s “Twist and Go” technology is perfect for long-range access to gates and garages. Reader design can be partially concealed or incorporated into a range of building materials, making it less visible and vandal proof.
1 Use HID’s Secure Identity Service portal to remotely issue Mobile IDs
2
3
Download the HID Mobile Access App and receive a valid mobile ID
Open doors with “Tap” or “Twist and Go” technology
CONTACT US artofinnovation@hidglobal.com +61 3 9809 2892 First Floor, 1196 Toorak Road Camberwell, VIC Australia 3124 www.hidglobal.com
CONTENTS ISSUE 95
054
COVER STORY THE CRISIS ECONOMY Nothing sells news like a scandal, but while you’re busy protecting the people and assets of your clients… who is looking out for you? Communicating during a crisis in a security incident or emergency context differs significantly from communicating with the media, your shareholders and workforce during corporate crises. In this issue’s cover story, we look at some of the do’s and don’ts of social media and crisis communications.
030.
ISIS AND THE RISE OF HOMEGROWN TERRORISM IN THE WEST The flow of impressionable young Westerners – males and females – going off to fight jihad, has been on the rise in recent years and it does not look like it will stop soon. The international call to jihad, originating first with Al Qaeda and popularised by Anwar Awlaki, has taken on a new appeal with ISIS since they euphorically declared an Islamic caliphate in Syria and Iraq last June. Internationally renowned terrorism expert Dr Anne Speckhard looks at the rise of ISIS and its impact on home grown terrorism.
066.
ISIS AND THE RISE OF HOMEGROWN TERRORISM IN THE WEST
030
LESSONS FROM MARTIN PLACE While the inquest and other reviews are underway into the tragic events in Sydney in December 2014, Rod Cowan says security should start now to examine its role in a crisis.
074.
DEMYSTIFYING TECHNICAL SURVEILLANCE COUNTERMEASURES PART 2 In the last issue of Security Solutions, Michael Dever demonstrated that the technical surveillance threat to information security is real, serious and evolving. In this issue, he explores solutions to technical surveillance threats, how to design countermeasures and considerations when selecting a TSCM service provider.
098.
THE IMPACT OF INTERDEPENDENCE ON PROVIDING PROTECTION FOR CRITICAL INFRASTRUCTURES Much attention and many resources are given over to providing for the protection of critical infrastructure. To date, most efforts have been towards identifying critical infrastructures and building resilience into the organizations that run them. In Australia at least, not enough thought has been given to the interdependence of infrastructures. We look at the ways in which infrastructures interact with and depend on each other and how those connections open up and magnify vulnerabilities that sectors may not have anticipated.
102.
MULTI-SITE SECURITY REVIEWS: GETTING BOTH CONSISTENCY AND ACCURACY The practice of undertaking security reviews is generally well understood. However, delivering reliable, consistent, accurate and useful assessments across multiple sites can be difficult, particularly if there are teams of reviewers involved. How can this be done more effectively?
006 SECURITY SOLUTIONS
LESSONS FROM MARTIN PLACE
066
SECURITY SOLUTIONS 007
ALARMS
LOSS PREVENTION
070
036
OPERATIONS
040
CONTENTS ISSUE 95
012.
LETTER FROM THE EDITOR
014.
BRIGHT IDEAS
016.
DID YOU KNOW?
070. LOSS PREVENTION Organised crime costs retail businesses millions each year. The question is, how do you know if your business is being targeted by organised crime?
018. SECURITY BYTES Funny stories, tips, tricks, trivia and news from the security industry.
020. CRIMINAL ODDITY
It should be called ‘What not to do to end up in this section’, but alas, we find a special home for those who are met with odd criminal situations and a lack of intellect.
022. EVENTS CALENDAR A look at upcoming industry events. 026.
INDUSTRY NEWS All the latest from the industry.
028. MLA UPDATE We bring you the latest news and updates from the Master Locksmiths Association.
078. AVIATION SECURITY Steve Lawson looks at changes to aviation screener training and asks, are the new procedures flawed?
080. LEGAL Q&A We do our best to answer your legal queries, pro bono.
082.
ACCESS CONTROL How can you more effectively integrate
mobile devices into your access control infrastructure to better manage users and costs?
086. CRISIS MANAGEMENT What would you do if your organisation was hacked and data was stolen? Dr Tony Jaques looks at crisis management strategies for cyber security attacks and the lessons learned from breaches in 2014.
036. ALARMS Purchasing new security equipment such as alarm technology can entail significant expense and effort. So why don’t more people engage in pre-purchase testing and evaluation?
040. OPERATIONS Richard Kay confronts the realities of attacks
090. EMERGENCY RESPONSE Every operator in a first responder role runs the risk of developing post traumatic stress disorder (PSTD). Would you know how to recognize the signs and symptoms of PSTD and what to do about it?
against security involving multiple offenders.
044. CCTV 4K might be the next big thing in CCTV, but there still seems to be some confusion around when and where users might take advantage of 4K cameras.
094. HOMELAND SECURITY Ami Tobin looks at some of the methods and techniques used by terrorist groups when planning an attack with a view to helping security personnel better detect potential surveillance activity.
050. BUSINESS BEYOND We all know that it takes a lot more time and effort obtain a new customer than it does to retain an existing one. We look at the importance customer service in security and its impact on the bottom line of your organisation.
107.
062. JUST LAW Dr. Tony Zalewski looks at some of the possible issues
114.
that can arise from not effectively inducting new staff into the workplace.
008 SECURITY SOLUTIONS
SECURITY STUFF
108. SPOTLIGHT PRODUCT SHOWCASES
118. SHOPTALK Company announcements from within the industry.
es S
eri FC-S
pact Com ies r D-Se
SECURITY SOLUTIONS 009
www.securitysolutionsmagazine.com
Editorial Editor: John Bigelow john@interactivemediasolutions.com.au Sub-Editing: Ged McMahon, Emma Stanley
Contributors: Rod Cowan, Vlado Damjanovski, Michael Dever, Rick Draper, Ray Hodge, Dr Tony Jaques, Steve Katanas, Richard Kay, Steve Lawson, Nicole Matejic, Tony McHugh, Jon Novakovic, Anna Richards, Dr Anne Speckhard, Ami Tobin, Winfried L. Vervenne, Dr Tony Zalewski
Advertising sasenberger@interactivemediasolutions.com.au Phone: 1300 300 552 Publication Co-Ordinator: Stan Asenberger
Marketing & Subscriptions admin@interactivemediasolutions.com.au $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)
Design & Production Graphic Design: Jamieson Gross graphics@interactivemediasolutions.com.au Phone: 1300 300 552
Accounts accounts@interactivemediasolutions.com.au Phone: 1300 300 552
Publisher
Interactive Media Solutions ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au Disclaimer The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein. The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.
RS A DE VI
SSOCIATI
ON
ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au
O
SECURIT Y
PR
RALIA LTD UST FA
O
Written Correspondence to:
Or i g i n a l Si z e
O C I AT I
ON
Y P R OVI D
RIT
CU
D LT
SE
PR O
ASS
SPAAL
AU S T R A L I A
STRALIA LTD AU
SECURITY
RS
OF
E
Official partners with:
SSOCIAT IO N
OF
RS A DE VI
blue colour changed to this colour green.
COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................
010 SECURITY SOLUTIONS
1300 007 007
EVVA keys are so durable we guarantee* them to not bend, break or wear out for at least 10 years! And if one does we’ll replace it at our cost • EVVA 3KSplus patented until 2025; DPS until 2022
• Cylinders to suit most locks
• Australian standard rated to Sc8 AS4145.2 Table 3.3
• Industry-leading coding flexibility
• SL3 rated SCEC approved for government facilities
• Manage large and complex systems
Worn, bent or damaged keys wear out your locks faster. EVVA master keys are made from hard-wearing, long-life Teflon-coated carbide. This makes EVVA blanks the most durable, tough and hardwearing keys in the world. An EVVA key will effortlessly turn the lock whether it’s the 100,000th time you’ve opened it, or the first.
It’s not only the keys that are built tough. EVVA master key cylinders use a patented springless lock design with very few moving parts. The result is a high-security, low-maintenance master key system guaranteed to keep on keeping on. * Based on normal industry use and conditions.
Find out more: evva.com.au/securitysolutions
1300 007 007 SECURITY SOLUTIONS 011
LETTER FROM THE EDITOR
In Marc Goodman’s new book Future Crimes he states that “if today’s internet is the size of a golf ball, tomorrow’s will be the size of the sun”. What Goodman is referring to is the internet of things, where all people and devices are connected 24/7. What’s more, when referring to the ‘the internet of tomorrow’, Goodman is not talking about 10 years from now but rather, two or three years from now. Technology is advancing at an exponential rate and the reality is, security thinking, practice and methodology is struggling to keep up. Take for example, the recent emergence of drones. Not more than five years ago, drones were Unmanned Aerial Vehicles (UAV’s) used by governments such as the U.S. to spy on and attack targets from afar. Today, walk into any photography, video or hobby store and one can purchase a drone for a few hundred dollars. Some of the slightly more expense drones are capable of lifting a payload of a few kilos as that is what a professional video camera rig fitted to a gimbal can weigh. Should one wish to remain more anonymous, it is quite feasible to download the plans for a drone from the internet and then, using a 3D printer, simply fabricate the necessary parts which, combined with some basic supplies from the local electronics shop, would enable one to build a quite effective home-made and relatively untraceable drone. To what end you might ask? Aside from the obvious surveillance applications, let us not forget that virtually every high security installation has, until now, been designed around the principals of a two dimensional threat. That is, someone attempting to breach a perimeter either on foot or by vehicle such as a car or truck. Therefore, we build concentric layers of security with perimeter detection such as cameras, electric fences and motion sensors. These are supported by barriers, access control measures, intrusion detection and so on. Of course, airborne threats have always been possible but from a risk assessment point of view, extremely unlikely and therefore not worth worrying about – until now! What would happen if someone intent on doing harm were to simply load a home-made IED into a cheap drone and fly it over all the security measures at a site and into the side of the CEO’s office? Take a high rise building as another example. The board of a major corporation meets in the boardroom on the 32nd floor, traditionally considered safe and secure because of its height. However, those fantastic floor to ceiling windows which give breathtaking views of the city also now act as a great source of shrapnel when a drone carrying an IED is detonated next to the window during a board meeting. The threat does not even have to be as extreme as an IED. What damage could be done by simply loading a drone with flour and flying it onto the grounds or balcony of a building whereupon it dumps its white powder payload on senior executives thereby potentially shutting the business down for hours – not to mention the potential damage to reputation, brand and so on. Modern security thinking needs to evolve as rapidly as technology if the industry is to have any hope of adapting to current and emerging threats. Be honest, how much time have you really given to thinking about modern threat vectors and how you might mitigate such threats in the last twelve months? If the answer is very little, then perhaps now is a good time to take pause and examine what you are doing.
John Bigelow Editor
012 SECURITY SOLUTIONS
REGULAR
BRIGHT IDEAS Say Hello To Biometric Authentication Biometrics have long been seen as the next big thing in security authentication. However, biometrics have struggled to gain acceptance in the broader commercial market beyond dedicated security applications. This can be attributed to a number of factors ranging from cost to usability to accuracy and so on. However, when Apple launched the iPhone 5s in 2013 with biometric access control, it signaled a significant shift in the market for biometrics, with millions of users now experiencing the positive benefits of biometrics. The recent announcement by Microsoft that it too will begin using biometrics as an embedded form of authentication and access control as part of the impending Windows 10 operating system will lead to even greater user exposure to biometric access control. The new feature within Windows 10 dubbed, Windows Hello, is a biometric authentication system which can provide instant access to your Windows 10 devices. However, unlike Apple’s system, Windows Hello will not be limited to biometric enabled devices. You will be able to use the Windows Hello feature on any machine or device running Windows 10 by simply connecting specified hardware, including fingerprint reader, illuminated IR sensor or other biometric sensors. With Windows Hello, you will be able to just show your face, or touch your finger, to new devices running Windows 10 and be immediately recognised. Microsoft claim that not only is Windows Hello more convenient than typing a password — it’s more secure! They
014 SECURITY SOLUTIONS
say their system enables you to authenticate applications, enterprise content, and even certain online experiences without a password being stored on your device or in a network server at all. So how does it all work? Windows Hello introduces system support for biometric authentication – using your face, iris, or fingerprint to unlock your devices – with technology that is much safer than traditional passwords. You – uniquely you – plus your device are the keys to your Windows experience, apps, data and even websites and services. Modern sensors recognise your unique personal characteristics to sign-you-in on a supporting Windows 10 device. Which devices, you ask? According to Microsoft, there will be plenty of exciting new Windows 10 devices to choose from which will support Windows Hello. Alternatively, if your device already has a fingerprint reader, you will be able to use Windows Hello to unlock that device. For facial or iris detection, Windows Hello uses a combination of special hardware and software to accurately verify it is you – not a picture of you or someone trying to impersonate you. The cameras use infrared technology to identify your face or iris and can recognize you in a variety of lighting conditions. Of course, convenience and simplicity should never sacrifice security and privacy. According to Microsoft, Windows Hello offers enterprisegrade security that will meet the requirements of organisations with some of the strictest
requirements and regulations. It is a solution that government, defense, financial, health care and other related organisations will use to enhance their overall security, with a simple experience designed to delight. Windows 10 will ask you to verify that you have possession of your device before it authenticates on your behalf, with a PIN or Windows Hello on devices with biometric sensors. Once authenticated with “Passport”, you will be able to instantly access a growing set of websites and services across a range of industries – favorite commerce sites, email and social networking services, financial institutions, business networks and more. “Passport” also will work with thousands of enterprise Azure Active Directory services at launch, and Microsoft has joined the FIDO (Fast IDentity Online) alliance to support replacing passwords with a growing set of financial, consumer, and other security services over time. Windows 10 will also have industryleading security and identity protection for enterprises, so they can deploy new Windows 10 devices with hardware necessary to use Windows Hello, enabling enterprise-grade protection of the device and more secure password-free authentication to enterprise line of business applications. According to Microsoft, a user’s ‘biometric signature’ is secured locally on the device and shared with no one but the user. It is only used to unlock a device and “Passport”, it is never used to authenticate a user over the network.
CAPTURE EVERYTHING IN THE HIGHEST OF QUALITY The VB-S30D is the world’s smallest* Full HD Pan-Tilt-Zoom camera that features a 3.5 X optical Canon zoom lens, strong WDR performance utilising Canon’s exclusive ‘Smart Shade Control’ and six advanced intelligent functions at the edge. Other models in the range include the VB-S31D (FULL HD, Pan-Tilt camera), VB-S800D (FULL HD, Fixed dome camera) and the VB-S805D (HD, Fixed dome camera). VB-S31D
VB-S800D
VB-S805D
When Clarity Matters – Choose the Premium Quality Range you can rely on. *
As at 1 April 2015
Available from:
For more information visit canon.com.au/networkcameras call 13 13 83 or email specialised.imaging@canon.com.au
SECURITY SOLUTIONS 015
REGULAR
DID YOU KNOW
Did You Know… that human security refers to an emerging paradigm for understanding global vulnerabilities whose proponents challenge the traditional notion of national security by arguing that the proper referent for security should be the individual rather than the state? Human security holds that a people-centred view of security is necessary for national, regional and global stability. The concept emerged from a post-Cold War, multi-disciplinary understanding of security involving a number of research fields, including development studies, international relations, strategic studies, and human rights. The United Nations Development Programme’s 1994 Human Development Report is considered a milestone publication in the field of human security, with its argument that insuring “freedom from want” and “freedom from fear” for all persons is the best path to tackle the problem of global insecurity. Human security is now frequently referred to in a wide variety of global policy discussions and often taught in universities as part of international relations, globalisation, or human rights studies. Critics of the concept argue that its vagueness undermines its effectiveness; that it has become little more than a vehicle for activists wishing to promote certain causes; and that it does not help the research community understand what security means or help decision makers to formulate good policies.
016 SECURITY SOLUTIONS
Did You Know… that the US Government wanted to try and build a gay bomb! That’s right, according to a report on the CBS 5 news website (Jun 8, 2007), a Berkeley watchdog organisation that tracks military spending said it uncovered a strange U.S. military proposal to create a hormone bomb that could purportedly turn enemy soldiers into homosexuals and make them more interested in sex than fighting. Now if that claim is not strange enough, Pentagon officials actually came out shortly after the report’s release and confirmed to CBS 5 news service that military leaders had considered, and then subsequently rejected, building the so-called “Gay Bomb.” Apparently, the plan was uncovered when Edward Hammond, of Berkeley’s Sunshine Project, used the Freedom of Information Act to obtain a copy of the proposal from the US Air Force’s Wright Laboratory in Dayton, Ohio. According to the documents obtained, which showed the proposal was part of a military effort to develop non-lethal weapons, the Air Force lab asked for $7.5 million to develop a chemical weapon that would “cause enemy soldiers to become gay, and to have their units break down because all their soldiers became irresistibly attractive to one another,” Hammond said after reviewing the documents. Not surprisingly, a US Department of Defense spokesperson has since announced that the “gay bomb” idea was quickly dismissed after its initial proposal.
Did You Know… that the first alleged recorded act of terrorism took place on November 5, 1605, when a group of conspirators lead by Guy Fawkes, attempted to destroy the English Parliament on the State Opening. Their plan was to detonate a large quantity of gunpowder secretly placed beneath the building in an attempt to kill King James I along with the members of both houses of Parliament. In the resulting anarchy, the conspirators planned to implement a coup and restore the Catholic faith to England. However, Guy Fawkes and his conspirators where thwarted after their plan was betrayed. It is debatable whether or not this could actually be considered an act of terrorism, however, as aim of the attack was nothing short of a total annihilation of the English Government, which would have killed the King along with leading noblemen and led to the installation of a Catholic monarch. As such, the plot should more reasonably be seen as a treasonous act of attempted regicide.
Recognize and Analyze How often was he here this month?
Is he a known suspect?
How old is she?
Are they employees?
When, where did she enter?
Is this valued customer Mia Clark?
How many people are here? Is it too crowded in this area? New at the Security Exhibition and Conference, Melbourne, July 15-17, booth L8 FaceVACS-VideoScan C5 IP video camera combining face detection/tracking and camera technology into a single device
FaceVACS-VideoScan uses premier face recognition technology to detect and identify persons of interest while computing demographic and behavioral data, supporting security staff, marketing teams and operations management.
PLAY VIDEO
SECURITY SOLUTIONS 017
REGULAR
SECURITY BYTES Property Crime Drop: The Offenders View
Criminologists and criminals are in general agreement about the reasons for the big drop in property crime over the past decade according to a new Australian Institute of Criminology (AIC) report. Property crime has declined significantly in Australia since 2001 - motor vehicle theft by 57%, burglary by 49% and “other theft” such as bag snatching and shop-theft by 32%. The decline continued between 2010-13, with further reductions of 3% in motor vehicle theft and 6% in burglary (but with a 4% uptick in other theft). Almost 470 police detainees, of which there were a substantial number of admitted thieves (23%), provided answers on this crime decline when asked by the AIC: Can you think of any reasons why property crime has decreased over the last 10 years? Many of their answers coincided with prominent criminological analyses. “Surprisingly, answers correlated with criminological theories on this international trend,” Deputy Director (Research) Dr Rick Brown said. Police detainees most frequently cited: • Improvements in security (31%) • Better policing (20%) • Increased community affluence over the last decade (11%) reducing the need to steal. • Increased imprisonment (10%) • Use of CCTV (6%) and • Improved community crime prevention responses (8%), with the most frequent reason given under this category related to members of the community having a greater awareness of crime prevention.
018 SECURITY SOLUTIONS
Criminologists have variously found that reductions in property crime were associated with increases in arrests and imprisonment, and with reductions in heroin use. However, the strongest effect on reducing property crime was associated with increases in community members’ income. Improvements in security have also been suggested as a possible explanation for the reduction in property crime in Australia, and where motor vehicle theft is concerned, the start of the reduction coincided with the introduction of mandatory installation of electronic immobilisers on new vehicles (from 2001 onwards). “The most striking finding to emerge from this study is the strength of opinion regarding the role played by improvements in security, not only from the significant number of detainees who cited that particular reason, but also from those who noted the improved level of crime prevention awareness in the community. This has made people more security conscious and made it more difficult to steal successfully,” Dr Brown said. This paper is based on the analysis of data collected in the second quarter of 2012 as part of the AIC’s Drug Use Monitoring Australia (DUMA) program which is a face-to-face survey that involves interviewing individuals arrested and detained in police watch houses, about their substance misuse and offending behaviour. The full paper is available at www.aic.gov.au
The Law Is An Ass Let’s face it, we all like to laugh at stupidity. And while it may not be politically correct to laugh at stupid people (not sure why), or people doing stupid things (just as funny), we can laugh at the stupid laws people make. More importantly, we can sit in awe as we ponder the situations that must have given rise to these laws in the first place. For example, in North Carolina, Bingo games cannot last more than 5 hours. Seriously, that has to be a law? In Quitman, Georgia, chickens are not allowed to cross the road, which kind of kills the whole “why did the chicken cross the road” thing. In Arizona, if you cut down a cactus, you could be sentenced to 25 years in prison (why?) while in Paulding, Ohio, policemen are allowed to bite a dog if they think it will calm the dog down. I am not quite sure how that works and I have never been calmed down by having someone bite me. Best of all, in Texas, it is illegal to sell your eyeballs. You can carry a gun, shoot intruders, put criminals to death and a whole range of other interesting things, but do not sell your eyeballs. (Does anyone even do that?)
SECURITY SOLUTIONS 019
REGULAR
CRIMINAL ODDITY We live in a world that is full of war, crime and despair. Be that as it may, it is good to focus on the ridiculous and hilarious in life sometimes. That is why it is great to look on the bright side of life… and read stories about really dumb criminals. It will help you learn to laugh about your own misfortunes.
Jailhouse Surprise
Modern Day Pink Panther
We have all heard of the old ‘hide the file in a cake trick’ when visiting someone in jail. The idea being that you hide the file in the cake and then give the cake to the prisoner who takes it back to his or her cell and uses the file to break free. In reality, no one is actually dumb enough to actually try such a ploy as anyone with even half a brain knows that prison visitors are thoroughly searched upon entering the prison – right? Everyone knows this. It is not a secret… Well, apparently no one told 53-year-old Jose Gonzalez of San Antonio that it was a bad idea to try and smuggle things into a prison. According to reports, Gonzalez, while trying to visit his jailed son, managed to land himself behind bars when his walking cane set off the security scanners. Gonzalez presented his walking cane for inspection before walking (without the aid of his cane) through a security checkpoint. However, unlike Gonzalez, the cane did not make it through security before setting off alerts. It turns out the Gonzalez’s cane concealed a two foot sword. According to the Bexar County Sheriff’s Office spokesman James Keith, the cane, which features a handle fashioned like the head of a snake, was confiscated after it set off a security scanner. An officer twisted off the top of the cane and drew out the sword, and the father was arrested. 53-year-old Jose Gonzalez now faces a charge of unlawfully carrying a weapon.
If we were to believe all that we see in movies, then we might be of the misguided belief that some criminals are highly intelligent and can evade capture by performing sneaky acts of daring and cunning. Apparently, a burglar in Seattle, Washington believed exactly that when he devised a cunning plan to escape the scene of his crime. The un-named burglar was reportedly disturbed in the middle of a high-stakes heist by a resident of the apartment block where the would-be thief was attempting to steal change from a vending machine. Fearing that his dastardly deed would see him locked up for life, the burglar quickly shut the door to the laundry room, where the vending machine was located, and then reportedly screwed the door shut to prevent the building’s residents from entering and apprehending him. The fact that the burglar had just sealed
020 SECURITY SOLUTIONS
the only door into and out of the room was no obstacle for this wily thief who apparently cut his way through a series of plaster walls, moving from room to room. The plan was working brilliantly until our thief found himself blocked by a brick exterior wall located behind a plaster which was preventing further egress. Not one to easily give up, this modern day Houdini crawled into the cavity between the exterior brick wall and the interior plaster wall in an attempt to make his way to the street level where he intended to access a vent to escape into an alley way where he could disappear like the ghost he believed himself to be. When firefighters finally managed to cut the man free of the wall some time later, after he had become trapped between two air ducts, he was asked if he needed medical attention. Not surprisingly, his only response was “Heroin”.
ICU SOLARCAM seeing is believing
Instant Security | Instant Monitoring icusolarcam.com
SECURITY SOLUTIONS 021
REGULAR
EVENTS Counter Terror Expo 21-22 April, 2015 Olympia, London Counter Terror Expo (CTX), held at the Olympia Exhibition Centre in London, is the premier international event for bringing manufacturers together with buyers and industry VIPs from across the spectrum of Government, Military, Law Enforcement, Emergency Services, Critical National Infrastructure, Private Sector and the Security Services. At the heart of this event is an operationally critical and highly respected centrepiece conference with a well deserved reputation for its delivery of insight, analysis, and perspective on the range of threats faced. The conference gathers together over 150 internationally recognised experts in the field of counter terrorism annually to debate the issues we face, define operational strategies, and to help shape future policy within the secure conclave of a conference. Counter Terror Expo’s centrepiece conference is a multi-stream event bringing clarity to the most critical and topical issues of concern to the international counter terrorism community. CTX typically attracts over 10,000 attendees involved in the protection and security of private and public interests from across the globe to explore solutions for threat mitigation, protection against attacks and to understand the risks they face. The exhibition, featuring over 300 exhibitors, showcases the latest counter terror technology and solutions. In recent years it has been the launch platform for some of the most innovative products on the market. CTX 2015 will see the launch of a range of interactive Feature Zones. The zones will provide the perfect opportunity to explore crucial aspects of counter terrorism in detail and will host informative seminar sessions, demonstrations and the latest products and services. Zones include: Transport Security Live, Policing & Special Ops, Advanced Technologies and Cyber Threat Intelligence. For more information visit: www.counterterrorexpo.com
022 SECURITY SOLUTIONS
APCO Australasia 2015 29-30 April, 2015 Melbourne Exhibition Centre
&
Convention
The APCO Australasia Conference connects the largest network of public safety and emergency management leaders in the Asia Pacific region with innovative organisations within the communications and technology industries. The rapid rate of technological advances makes it essential for emergency managers to collaborate and plan for the changes that face our sector. The connections made and creativity demonstrated at this event provide insight and practical solutions that will assist in improving communication, managing resources, efficiency and response as well as helping your agency to manage information and community expectations. The conference program runs over two days and comprises local and international keynotes, expert panels, interactive pre-conference workshops and an extensive public safety solutions exhibition. Key topics: • Technology advancement • Emergency management • Future challenges • Community expectations • Cross-industry collaboration For more information visit: www.apcoaust.com.au
ASIS International NSW Chapter Annual Conference. 26 May, 2015 Dockside Convention Centre - The Balcony level, Cockle Bay Wharf, Darling Harbour It is with great pleasure that ASIS NSW chapter invites participants to this year’s Annual Conference & Networking event. This year, amidst the ever-changing global landscape of terrorism, we evaluate Australia’s position and the events of recent times. Hear from leading industry professionals, law enforcement, scholars and journalists who are at the coalface of these events and issues.
The line up of keynote speakers includes; Dr. Khuram Iqbal, Director Institute for Security and Peace Studies, Islamabad and is the Assistant Professor, National Defense University, Islamabad - will present on “Understanding Suicide Terrorism and Counter Strategies”. Australian Journalist and former Time Magazine and CNN correspondent in Baghdad, Michael Ware, who will discuss his on the ground observations and analysis of the hardened Jihadi Groups, their nature and potential follow on domestic ramifications and other lessons learned. Renowned Futurist, thought leader and International & Foreign Affairs Editor and Expert Dr. Keith Suter who will examine some of the domestic issues associated with combatting terrorism and outline some suggested recommendations for action. Australian Federal Police, Coordinator NSW Protection, Superintendent Peter Mullins who will provide an update from the AFP perspective on the structure of the National Security Portfolio with respect to Counter Terrorism and Protection and the AFP’s capability/response and the whole of government response and expanding on how that links into Police/Crisis Committees. Senior Regional Vice President – Eastern Hemisphere Graeme Polley, CPP who will be providing an update as to the work the ASIS International Foundation and its Research Council have completed and have undertaken with regards to providing research and educational opportunities as well as actionable knowledge for ASIS Members on these important learning areas to enhance the security profession. Neil Fergus – Founder and CEO at Intelligent Risks Limited – will be speaking on “The Next Generation Terrorist Alumni” discussing the sophisticated and carefully constructed outreach programmes used by Jihadist Groups to get their message to an international audience to both motivate current supporters and attract new supporters and fighters. Panel with selection from the above – This Panel is now being hosted by well known and widely respected, Gold Wakely Award Winner, Sarah Ferguson from the ABC Four Corners. For full details www.asisaustralia.org.au or visit http://www.stickytickets.com.au/22604 to register
SECURITY SENSORS TAKEX is a leading Japanese manufacturer of Security Sensors specialising in Active Infrared Beams for Perimeter Protection, and Outdoor PIR for CCTV activation and Intruder Detection. With more than 50 years of engineering experience, we are proud to be specified at the highest level of Royal, Government and Military organisations worldwide.
PLAY VIDEO
NEW!
ACTIVE IR BEAMS
The ultimate in trouble free perimeter detection for distances up to 200m outdoor / 400m indoor.
+61 (3) 9544 2477
email: oz_sales@takex.com
BATTERY BEAMS
Ideal for temporary or permanent perimeter systems up to 100m.
NEW!
DUAL-ZONE PIR
Hard-wired or battery operated outdoor PIR up to 180째 x 12m.
SENSOR SPEAKER
Record any message for warning, security & advisory applications.
HIGH-MOUNT
Triple mirror PIR for maximum detection performance at 2-6m.
www.takex.com
023 SECURITYTAKEX SOLUTIONS AMERICA, INC.
REGULAR
EVENTS Pro-Active Security Threat Assessment & Predictive Profiling Workshop 11-12 May, 2015 Spotswood, Victoria Internationally renowned counter terrorism instructor Albert Timen, presents a two-day proactive security threat assessment and predictive profiling workshop. Based on over 20 years of active service in special operations as an undercover operator in one of the Israeli Defence Force’s Counter Terrorism special units and Police Central Intelligence Counter Terrorism branch, Albert will explain the guiding principles for planning and executing a terrorist attack with a view to helping participants better understand and predict probable terrorist methods of operations and subsequent suspicion indicators. The course covers: • Suicide Bombers – Methods of operations and the mitigation procedures used to thwart and prevent suicide terrorism • Proactive Threat Assessment Using Predictive Profiling methodology Principles of Security System Testing & The Cyclic Security Engineering Process • The Physiology of Threat Assessment and Decision Making • Principles of Questioning. By the end of this two-day workshop, participants should have a solid understanding of terrorist planning and methodologies and how to use that information to detect and deter potential attacks. Places are limited for rare opportunity to learn from one of the world’s most experienced counter terrorism trainers. Visit http://foenixprotection.com for more information.
Biometrics Institute Asia-Pacific Conference 2015 27 - 28 May, 2015 Dockside, Sydney The Biometrics Institute is pleased to announce the dates for the 2015 conference. Following an unprecedented response to
024 SECURITY SOLUTIONS
the 2014 conference, this special event will once again be held at Dockside venue which showcases an unmissable view of Sydney’s stunning harbour side. With a promising line up of international and expert speakers, along with the intention to make this event bigger and better than the last, this conference is shaping up to be the most successful Biometrics Institute event yet. In 2014, this two-day event was attended by over 140 industry professionals who represented organisations including (but not limited to): • Australian Federal Police • Australian Government Attorney-General’s Department • Australia Post • Ball Aerospace & Technology Corporation (USA) • CrimTrac Agency • Crown Casino Melbourne • Department of Foreign Affairs and Trade • Department of Immigration and Border Protection • Department of Planning, Transport and Infrastructure (South Australia) • Defence Science & Technology Organisation • IDP Education • Ministry of Business, Innovation and Employment (New Zealand) • NSW Police Force • PCS Security Pte Ltd (Singapore) • Queensland Police Force • University of New South Wales • University of California, Berkeley (USA) • Victoria Police Force. For more information visit: www.biometricsinstitute.org
Security 2015 Melbourne Exhibition Centre 15-17 July, 2015 In 2015, Australasia’s premier security industry event, the Security Exhibition and Conference, celebrates 30 years of security innovation. Join us once again in Melbourne for this year’s edition from 15-17 July to get an overview of the ever evolving industry and see how it has developed over the past three decades.
Security 2015 incorporates the largest industry exhibition showcasing the latest security solutions from over 170 leading brands, new and exciting attractions and a world class conference, hosted by the Australian Security Industry Association Limited (ASIAL), featuring renowned local and international industry speakers. The Security Exhibition is the essential platform to discover new ways of managing security threats whilst meeting new clients or suppliers and connecting with industry peers. For more information visit: www.securityexpo.com.au
Security in Government Conference 2015 31 August – 2 September, 2015 National Convention Centre Canberra The 27th annual Security in Government (SIG) conference is scheduled to be held at the National Convention Centre, Canberra from 31 August to 2 September 2015. The theme for the SIG 2015 conference is Security risk management – getting it right! The conference theme will consider the evolution of security risk management in recent years, focusing on case studies, best practice and current and emerging strategies available for getting security risk management right! The Attorney-General, Senator the Hon George Brandis QC will open the SIG 2015 conference on Tuesday 1 September. Attached to the SIG 2015 conference is the extensive trade exhibition which will provide an insight into the latest developments and innovations in protective security products, technology and educational opportunities. The SIG conference is targeted at senior executives responsible for managing security in agencies, officers from all levels of government who contribute to the development of security capability and response and security practitioners from the public and private sectors who provide protective security services to government. For more information visit: www.ag.gov.au/sig or contact: SIG@conlog.com.au
CRAFTSMANSHIP OVER COMPROMISE. When building our quality racking systems we stick to one rule – craftsmanship over compromise.
Class B and Class C cabinets SCEC approved
Using only the highest quality materials, selected for strength and durability, we meticulously handcraft every cabinet for optimum functionality and usability ensuring quality above all others. Then we proudly put our name on it. With a solid history of over 40 years supplying innovative, off-the-shelf and custom built racking systems, you can rely on MFB for unsurpassed craftsmanship and quality, without compromise.
VIC -
P (03) 9801 1044 F (03) 9801 1176 E sales@mfb.com.au
NSW - P (02) 9749 1922 F (02) 9749 1987 E sydney@mfb.com.au
REGULAR
INDUSTRY NEWS
Australian Security Medal Nominations Now Open For 2015 Everyday, someone in the security industry makes a difference to someone’s life. These special people who step into harm’s way to protect life, property and people from all manner of horrific attacks and assaults all too often go un-noticed. They spend hours, weeks and even years of their life working for the sake and safety of others. They don’t do it for the money; they don’t do it for the fame or recognition – they do it because it is the right thing to do; because if they don’t, no one else will. The Australian Security Medals are designed to publicly recognise outstanding security operatives, security professionals and their achievements and contributions to our community. It is the aim of the Foundation, through these awards, to promote ‘Security’ as a profession by: • Raising awareness of the outstanding service(s) the Medal recipients have provided; and • More broadly, by promoting awareness of what the security industry really ‘looks like’ – beyond the “guns, guards and gates” image • To raise funds for the Foundation’s nominated Charity or Charities and; • To raise funds that will go towards supporting security industry members and their families when a security practitioner is seriously or fatally injured as a result of performing his or her duties.
026 SECURITY SOLUTIONS
You can help be a part of this valuable and worthy cause. Either nominate someone whom you believe deserves recognition for an act of bravery or initiative, or who has contributed to security professionalism or provided examples of outstanding citizenship, positive leadership, insights or influence at a strategic management level. Nominations are now open. For more information on how to make a nomination, or for more information about the foundation itself, please visit inspiringsecurity.com
2015 Australian Security Industry Awards ‘Go Global’ The Australian Security Industry Association Limited (ASIAL) and World Excellence Awards Limited (WEA) have announced the launch of the Outstanding Security Performance Awards (OSPAs) in Australia. Part of a global initiative, the 2015 Australian OSPAs provide an opportunity to recognise companies and individuals across the security sector who have demonstrated exceptional achievement. The criteria used for the awards are based on extensive research on key factors that contribute to and characterise outstanding performance (Aspiring to Excellence –
Perpetuity Research 2014). Commenting on the announcement ASIAL Chief Executive, Bryan de Caires said: “The OSPAs are an exciting new global initiative that provides recognition for the increasingly important role performed by the millions of private security professionals around the world.” Professor Martin Gill, Chief Executive of UK-based OSPAs said: “I am delighted that Australia is at the forefront in supporting the OSPAs which will recognise outstanding performers in the security world globally.” We are looking forward to working with ASIAL and the whole Australian security sector in identifying those who are exceptional at what they do and can serve as role models to others. In short, the OSPAs are about uniting the security sector in celebrating all that is good in security.” The OSPAs will be presented alongside the 20th Annual Australian Security Industry Awards for Excellence to be held at the Westin Hotel (Martin Place) Sydney on Thursday 22 October 2015. Nominations open on 1 May 2015. Further information on award categories and criteria can be found at: www.asial.com.au/events/category/awards-forexcellence
Sylo
®
SECURITY BY DESIGN
“Launching the Next Generation of Multi-Megapixel Cameras”
LOGIPIX 15 MP
sylo.com.au SECURITY SOLUTIONS 027 To contact us, call (07) 3841 8882 or email sales@sylo.com.au
REGULAR
MLA UPDATE Peter Johnson
Locksmiths – All Rounders or Specialists The locksmithing industry is continually evolving, and the locksmith of today has needed to develop new skills and look for opportunities outside their traditional areas of operation. The demand for locksmithing services is very strongly skewed to the commercial and industrial sectors, residential work has declined significantly (deadlocks and window locks are fitted as “standard” in most new private dwellings), and the proliferation of the big-box hardware stores and shopping centre key cutters has catered for many residential needs such as basic key cutting and the supply of hardware. Some businesses have made the decision to specialise in the one field, with automotive and EAC (electronic access control) the two main fields where we are seeing our members become specialist locksmiths in. Other businesses continue to offer more traditional locksmithing services, including lock installation, master keying, safe and vault work, and general automotive. Automotive The automotive game changed when immobiliser technology become compulsory in all Australian manufactured and delivered cars in 1993. Locksmiths wishing to continue to be able to handle all automotive work had to invest in new and very expensive equipment, and they needed to learn a whole new set of skills. At the same time the average car key that may have cost less than $10 was now well over $100. And as quickly as locksmiths were learning new skills and manufacturers were developing new automotive diagnostic tools, the car manufacturers were busy making changes to negate the effectiveness of the new skills and equipment.
028 SECURITY SOLUTIONS
Over the last 10 years we have seen the introduction of a new type of locksmiths – the specialist automotive locksmiths. This locksmith has invested heavily in equipment (sometimes in excess of $250K), used the internet to look for the very latest tips and tricks, attended the specialist courses put together by suppliers of high-end equipment, and even travelled overseas to attend specialist automotive locksmithing trade shows, such as Just Cars in the USA. The type of work this locksmith does also includes high end diagnostic analysis, ECU resetting and eeprom programming. The real winner has been the consumer, with automotive specialists locksmiths able to offer a fast and reliable service that is often significantly cheaper than a dealer charges. EAC Previously the domain of alarm technicians and even electricians, more and more locksmiths are seeing the benefits of electronic access control. Advancements in technology have resulted in numerous products available that are essentially “plug and play”, especially at the entry level and the costs of these products are very competitive. We are seeing more and more of our members enter the EAC segment. They already have great relationships with their clients through the provision of mechanical security systems, and electronic security is seen as a natural progression. There are also numerous training courses available to help improve their skills in this area. The move into EAC is not without risk because: • the margins are generally lower than for traditional mechanical security • there is a need for project management skills
• • •
to deal with sub-contractors being up-to-date with the latest building codes and regulations is essential there is the potential need to outlay funds long before any return cost overruns, call backs and rectifications are commonplace.
All Rounder or Specialist While a number of smaller locksmithing businesses are specialising, most of the larger business still provide the full gamut of locksmithing services; however, they engage the services of specialists in specific areas or select and train their existing staff in specialist areas. The real enigma is all of this is the country / regional locksmiths. Our country locksmiths are perhaps the most highly skilled of all locksmiths. Their regional location means they need to have the skills to work in the areas of locksmithing, including high end automotive and EAC.
Peter Johnson is the General Manager of the Master Locksmiths Association of Australasia (MLA). You can find out more about the MLA at www.masterlocksmiths.com.au
Get the latest in locking technology. The multi-award winning ABLOY® PROTEC2 CLIQ and CLIQ Web Manager with CLIQ Remote is a combination of the proven, SCEC endorsed ABLOY® PROTEC2 mechanical keying system and the CLIQ electronics developed by ASSA ABLOY. ABLOY® PROTEC2 CLIQ offers the ultimate synergy between the superior mechanical ABLOY® PROTEC2 and the programming ease and flexibility inherent in electronic locks and keys. ABLOY® PROTEC2 CLIQ is a true one key solution where CLIQ keys are able to operate both the electromechanical and mechanical cylinders. ABLOY® PROTEC2 CLIQ is a very cost effective solution. CLIQ cylinders are installed in areas which require electronic features such as audit trails, time limited access and easy blocking of lost keys. Those areas could for instance be the perimeters, storerooms or server rooms. Mechanical ABLOY® PROTEC2 cylinders are then installed in the other areas.
Key Features • Electronic access control without wiring • Cost effective one key solution • Audit trails stored in both keys and cylinders • Flexible access permissions • IP57 Rated CLIQ Keys • IP68 Rated Padlocks • Access permissions can be updated remotely • Cloud (web) based software • Easily replaced standard battery • Dual security; mechanical and electronic • Central management philosophy
Scan the QR code to watch how the ABLOY® PROTEC2 CLIQ is leading the way in locking solutions!
An ASSA ABLOY Group Brand abloy.com.au
SECURITY SOLUTIONS 029
030
ISIS And The Rise Of Homegrown Terrorism In The West
031
By Anne Speckhard On 22nd October 2014, Canadian Michael Zehaf-Bibeau opened fire at the Canadian National War Memorial killing Corporal Nathan Cirillo, a Canadian soldier on ceremonial sentry duty. From there, Zehaf-Bibeau went on to the Parliament building in Ottawa where he attempted to kill as many parliamentarians as possible. A shootout ensued in which ZehafBibeau was killed. Zehaf-Bibeau, inspired to his actions by Islamic State (ISIS) apparently believed he had been acting on behalf of Islam, that he would be ‘martyred’ and go straight to paradise. These kind of ‘stay and act in place’ attacks, along with a steady flow of impressionable young Westerners – males and females – going off to fight jihad are on the rise in recent years and it does not look like it will stop soon. The international call to jihad, originating first with Al Qaeda and popularised by Anwar Awlaki, has taken on a new appeal with ISIS since they euphorically declared an Islamic caliphate in Syria and Iraq last June. English-speaking Awlaki, who has a particular appeal to Western Muslims, was killed in a US drone strike in 2011, but lives on via the internet. From beyond the grave he continues to inspire acts of terrorism both at home and abroad. His internet lectures are implicated in nearly every Islamic-related Western terror attack since his death. Awlaki argued, and still manages to convince many, that every Muslim has a duty to take hijrah – that is, travel to the battlefield and to fight jihad endlessly until Muslims bring in the end times as predicted in the Koran. According to ISIS, everyone has a part to play and is significant to the shared vision. They claim, like Awlaki did, that all Muslims are obligated to take part in bringing their apocalyptic vision to fruition. Now with ISIS controlling territory and claiming a caliphate, for those wanting adventure there is a real and accessible place to come to. That place, Sham and Iraq, is held sacred in the apocalyptic vision of the end times and strongly resonates with the shared
032
vision that ISIS is ushering in the new age of Islamic victory. Unlike foreign fighters who went before them to fight Syrian leader Bashar Assad, the Muslims who agree to take hijrah to join ISIS in Syria and Iraq generally believe they are coming to live a ‘pure’ Islamic life and take part in building the new utopian state. They are joining in a worldwide battle and apocalyptic vision far greater than toppling Bashar Assad. With the rise of ISIS and their slick social media campaign, Muslims from every Western nation have been drawn into the battle. Unlike Al Qaeda, that heavily vetted anyone who wanted to come and had many barriers to joining, ISIS welcomes all. Indeed, an estimated 15,000 foreign fighters have already joined their ranks, with estimates of 800 from France, 200 from the US and over 200 from Australia; and ISIS has simplified things for those not ready to make hijrah. Travel is not required – they can act in place, just as ZehafBibeau did. Chillingly, the Ottawa shootout occurred the same week as the release of the book Undercover Jihadi: Inside the Toronto 18 – Al Qaeda Inspired, Homegrown Extremism in the West, which details the inside story of terrorist plotters who, in 2005, also plotted to storm the Canadian Parliament with assault rifles. Their plan was to take over the Parliament and behead the Prime Minister and members of Parliament to demand Canadian troops be withdrawn from Afghanistan. While many thought the 2005 plots were the wishful fantasies of terrorist wannabes and that the attacks could never have been actualised, part of the group was serious enough to have managed to build a working remote detonator and order tons of fertiliser for truck bombs to be placed in three different sites around Toronto. The blast charges of the bombs they plotted to detonate would have been similar to those that were used to take down the Murray Federal Building in Oklahoma City. They would have caused a series of catastrophic attacks – the most lethal attacks in North America since 9-11.
It was only the actions of two undercover agents – Mubin Shaikh, primary among them – that saved Canadians from the disastrous effects of such a series of attacks. Undercover Jihadi details that account and highlights how groups like Al Qaeda and now ISIS get into the minds of young people and can motivate them to form homegrown cells to carry out lethal attacks in Australia, Canada, the US and Europe. “We will attack the Parliament buildings of Canada,” the ringleader of the Toronto 18, Fahim Ahmad, crowed to his cadres. “First we will distract the police with bombs going off all around the city. That will take all the security forces’ attention away from the Parliament,” Fahim continued. “And when they are responding to the car bombs, we will storm the Parliament buildings!” He went on to tell his cadres that they would take the Parliament members hostage and behead first the Prime Minister and then the Members, one by one. His plan, thought by many to be far-fetched, now sadly has been shown, in part at least, to be conceivable. And while the Toronto 18 members were rounded up, resulting in 11 convictions, Canadian extremism did not disappear. Indeed, with the conflict in Syria and the rise of al-Nusra and now ISIS, Canadians, Australians and Belgians are presently overrepresented among Westerners in the fight. And the ideology of ISIS is fanning the flames around the world. The ISIS claim of having created a real caliphate and having anointed a legitimate caliph (al-Baghdadi), along with their call to an idealised version of being a Muslim (to live like the original Companions) speaks to the inner needs of many Western first and second generation Muslim immigrants who are somehow failing in their lives, as well as religious seekers who have converted and sought out an extremist form of Islam. For them, this call to ISIS resolves issues of identity. If they go on hijrah and migrate from Western lands to the land of Sham and Iraq where ISIS is in charge,
XS4 2.0 by SALTO:
The new standard in electronic locking.
Smarter thinking. Smarter performance. Smarter design. THE SALTO ACCESS CONTROL SYSTEM USES OUR ADVANCED SVN AND WIRELESS RFID TECHNOLOGY TO TURN ANY DOOR INTO A FULLY FEATURED ACCESS CONTROL DOOR. SECURE • Create ‘keyless’ buildings. • Secure all interior and exterior doors. • Credentials and locks are simply and quickly updated, restricted or deleted remotely.
BETTER USER EXPERIENCE • Secure access to resources, rooms and facilities for staff and visitors. • Integrate third party services such as cashless vending, photocopying, library, identity management...
COMPATIBLE WITH ANY DOOR • SALTO’s extensive range covers virtually every door on the market.
MOBILE VIRTUAL NETWORK • JustIN Mobile SVN (mSVN) is an innovative identification updater system that allows users to update contactless identification cards.
BUILDING MANAGEMENT • Monitor and manage all user access rights. • Provide full audit trail capability. • Minimise lost key expense. • Integrate all your users’ and staff’s physical security needs into a single platform management tool.
Email: info.aus@saltosystems.com - www.saltosystems.com
they believe it will provide them with a ‘safe’ place to practice their extremist form of Islam. Sadly, they do not realise that they actually have their highest religious freedoms inside Western countries and will forfeit nearly all of their rights in joining ISIS. ISIS, in its social media outreach, claims, “we are all ISIS” thereby creating a community of belonging. Indeed, their films and social media outreach make a big point of the international gathering, that those of all skin colours and ethnic descent are welcomed with open arms. All Muslims belong and everyone is accepted. Not only that, they claim that fighting jihad brings religious rewards and earthly ones as well, ranging from cures for depression to the pleasures of owning sex slaves. For Western Muslims lost in their path of self-actualisation, failing somehow in their lives and looking for some way to redeem their manhood, womanhood, their sense of self, or to bolster a failing identity or belonging, ISIS offers them a compelling vision for a path forward – to bring about the final caliphate. It just requires a commitment to violent action. In October of 2014, ISIS spokesman Abu Muhammad al Adnani ash-Shami stated, “If you can kill a disbelieving American or European – especially the spiteful and filthy French – or an Australian, or a Canadian, or any other disbeliever… including the citizens of the countries that entered into a coalition against the Islamic State, then rely upon Allah, and kill him in any manner or way however it may be.” The current ISIS meme that is replicating itself virally over the internet via Twitter, Facebook and other social media, builds upon the ideology laid down by Al Qaeda; namely that Islam, Islamic people and Islamic lands are under attack by the West and that Muslims need to band together and enact terrorist attacks to fight back. As long as the ISIS meme keeps replicating itself in the minds of young, disillusioned, marginalised and even mentally ill Muslims in the West, these attacks will continue to occur and grow in numbers.
034
For Western Muslims lost in their path of self-actualisation, failing somehow in their lives and looking for some way to redeem their manhood, womanhood, their sense of self, or to bolster a failing identity or belonging, ISIS offers them a compelling vision for a path forward.
Ultimately, the lethal cocktail of terrorism relies on the interaction of a group, its ideology, the social support that exists for both and the vulnerabilities of individuals who are exposed to the group and its ideology. While it is unlikely ISIS will be defeated anytime soon, the Western world can work to delegitimise its ideology, poking holes in its claims and showing what is actually happening in Iraq and Syria, and de-glamourising the call to jihad. It can identify vulnerable persons and begin to redirect them to other ways of answering their needs and concerns. But these things take time, resources and thoughtful approaches. Until Western governments commit to spending on thoughtful counterterrorism prevention, intervention and redirection, committing resources as they do for military kinetic solutions, there will be no end to either ISIS or stay in place attacks.
One should recognise that the strongest memes are those that replicate themselves well, often even at the expense of their host. In the case of ISIS, the meme requires that the host be willing to self-sacrifice on behalf of the group and its cause to supposedly win the ultimate rewards of paradise. A small number of Muslims who cannot find their way to belong to society, feel rejected or lack purpose in their lives, who want adventure or to bolster their sense of manhood or womanhood, or who are angered by geopolitics and insults to their religion are buying in to that belief. If left unstopped, they will continue to cause death and destruction in the West. The belief among those who drink the ‘kool-aid’ proffered by ISIS is that they are engaging in a powerful compact with Allah. They may have to kill and die for it, but it is their Muslim identity and duty to do so, even inside Western countries they now call home.
Anne Speckhard Ph.D. is Adjunct Associate Professor of Psychiatry at Georgetown University in the School of Medicine and of Security Studies in the School of Foreign Service. She is author of Talking to Terrorists and coauthor of Undercover Jihadi. Anne was responsible for designing the psychological and Islamic challenge aspects of the Detainee Rehabilitation Program in Iraq to be applied to 20,000 detainees and 800 juveniles. She has also interviewed over 400 terrorists, their family members and supporters in various parts of the world, including Gaza, the West Bank, Chechnya, Iraq, Jordan and many countries in Europe.
SECURITY is not a colour...
Security is Seagate SURVEILLANCE HDD.
7
th GENERATION
UP TO
16
DRIVE BAYS
UP TO
RV
SENSOR
32
CAMERAS IDLE 3
TIME TO READY
247
3
YEARS WARRANTY
seagate.com/surveillance CREATING SPACE FOR THE HUMAN EXPERIENCE For more information on the right surveillance drive for your system, Call us on 1800 147 201 Email us at apj.sales.enquiry@seagate.com with email title “SSM, May”
ALARMS
036 SECURITY SOLUTIONS
The Benefits Of Pre-Purchase Equipment Testing And Evaluation By Winfried L. Vervenne
Buying a piece of equipment, whether it be for security detection, deterrence, surveillance or access control, represents an important investment. Some tenders involve the purchase and installation of hundreds of thousands of dollars worth of equipment. And yet, very often, little to no serious pre-purchase testing or evaluation of the equipment is conducted. There are two main consequences to this. One is to buy the equipment believing it will do the job because: • the brochure looks professional and the salesperson’s demonstration was convincing • it is produced and/or distributed by a reputable company • it is expensive, so it must be good • other government departments and/or reputable companies have purchased it • there is money available in the budget. The other consequence is not to buy it for reasons ranging from a lack of understanding of the technology and its general capabilities to a bias for dealing with a specific manufacturer or distributor. No matter what the reasons, independent testing and evaluation of equipment is extremely important in helping to make an informed and balanced decision on whether to purchase a piece of equipment or not. Who Benefits from Independent Testing and Evaluation? Independent testing and evaluation is beneficial not only to the purchaser but is equally beneficial for manufacturers and distributors. For the purchaser, it can: • advance understanding of the technology that is available • indicate whether an item will actually perform as it is marketed
• help find what is best suited to needs • help determine the best value for money • reveal whether there could be any legal or financial repercussions in the future from using the equipment • assist in developing ways of integrating the equipment into the current business/ departmental situation. For the manufacturer, it can lead to: • improved design, functionality and suitability of the equipment for the consumer • increased credibility in the product and the manufacturer • greater levels of consumer satisfaction • higher sales and higher profits in the long-term. For the distributor, there will be: • fewer problems with unsatisfied customers • a diminished risk of litigation • a greater degree of understanding of and ability to explain the capabilities of the equipment. To give the reader an idea of some of the advantages of independent testing and evaluating, the remainder of the article discusses some different types of equipment that the author has tested and his findings.
• • • • • • •
Outdated Technology with Design Authority A perimeter surveillance unit for military or civilian use, supposedly designed by exUS Navy SEALS, was recently obtained. It contained a base monitor with built-in antenna, remote sensors and cameras, and was marketed as being portable, waterproof and capable of transmitting images back to the base monitor in the field. Situational tests revealed the following problems: • no night vision capabilities (is warfare
Remote Controlled or Remotely ‘Out of Control’ These days, transmission problems are ever increasing as the airways are flooded with transmissions from all sorts of devices. This became apparent during a recent demonstration of a remote-controlled explosive ordnance disposal/improvised explosive device (EOD/IED) robot, which operated on the 2.4Ghz range – a common, non-controlled frequency. This expensive robot operated without problems for about
only diurnal these days?) monitor needed repositioning as the receiving antenna was directional sensors were waterproof only if turned upside down setting up each camera unit required two people, one to monitor the picture and another the set up the camera who then needed to make radio contact with the first person to verify view and reception any use of a radio device near the system caused interference with the monitor transmission no recording capability unnecessarily bulky to carry, particularly in combat situations the technology was generally outdated. Now, in all fairness, with some changes it could be a dream product. The concept was good, but, at the time of testing, the results were less than acceptable, particularly considering that in a combat situation lives could be at stake. The distributor advised that several units had already been sold to some government agencies. Are those agencies really using the unit? They most certainly could not have conducted any thorough situational tests on it, and they almost certainly were not getting real value for money.
SECURITY SOLUTIONS 037
ALARMS
20 seconds then started jerking around without the operator touching the controls. He looked up and advised that there must be interference from another gizmo operating on the same frequency close by. Most nanny cams, wireless cameras and thousands of toys operate on the 2.4Ghz frequency, so the equipment would work fine under lab conditions or in a remote location where transmission interference was unlikely. But what if the robot was required to render safe an explosive device in the CBD? Without testing it under realistic conditions, its use in a real situation could be negligible – or even fatal! Worth the Ticketed Price? Another aspect in testing equipment concerns the components from which the item is made. Many products are composed of original equipment manufacturer (OEM) modules easily available from the internet and assembled and sold with fancy marketing descriptions like ‘cutting edge’, or ‘designed to millspec’ (military specifications). They are packaged nicely and sold for exorbitant prices. Tests have been undertaken on units where the retail value was around $12,000 a piece, but where the components were readily available for a total of $600. To be fair, it requires a certain know-how to put the components together. However, the markup on such units seems way beyond what could be regarded as reasonable, and unsuspecting buyers really are paying much more than they should be. In some cases, it would be more cost effective to have the item custom made. Minor Improvements, Major Price Hikes If a product sells well, an ‘improved’ version is often released. However, in many cases, after testing, the improvements have been found to be largely cosmetic. It uses the same old technology, but has a new name and a different housing that simply looks more attractive and functional. However, it is often sold for at least 25 percent more. Independently testing these ‘new’ and ‘improved’ items can shed light on what exactly has been changed and can give buyers the authority to negotiate the price,
038 SECURITY SOLUTIONS
which by all accounts should not be much more than a few percentage points. The Real Thing – Yes, it Exists! Getting a piece of equipment properly field tested is not always going to point out the problems. It may actually confirm that the product is the real thing and excellent value. When recently looking for a high-end piece of equipment, a US manufacturer provided a referral to a distributor in Australia and the latest model was obtained for testing. It was put through its paces under various realistic conditions. The price tag was not cheap, but it outperformed expectations. The marketing information matched the design and capabilities, and the service and staff communication was excellent. Remember, companies that sell the ‘real thing’ are more likely to give consumers confidence-inspiring warranties, coupled with good pre- and after-sales service. Field Testing vs Lab Testing Lots of products are sold with detailed specifications, but unless otherwise stated, these specifications are almost always relevant to controlled conditions in an optimum situation. Take the gizmo into the real world and the story is different. The need to independently test and evaluate a potential purchase or a product that is ready to place on the market is real and should not be done only under controlled conditions. Even if the accompanying information states it has been field tested, it is still wise to conduct some independent tests that suit the conditions in which the equipment will be used. But why get equipment independently tested and evaluated? Firstly, a salesperson will not talk about a product’s flaws; he or she is interested in selling the product. More than that, expertise from outsiders sometimes needs to be added to the decision-making process in order to make a balanced and informed decision. Although professional, independent testing and evaluation is highly recommended, here are some tips for consumers that decide to do it themselves:
Sample Marketing Features
Simple DIY Tests
All weather/all terrain
Test it outside in different weather conditions and locations.
Waterproof
Leave it in the rain. Put it underwater.
Shockproof/drop proof
Drop it a few times. Slam it against a wall.
Uses radio frequencies
Use it in an environment with other devices.
Portable
Carry it the distance with everything else that will be carried at the same time.
Secure transmission
Check for possibility of interception.
Forensic
Ensure that it does not change data. Check retrieval with and without the device. Test as though the test results will be used in court.
Safe
For whom is it safe?
Simple to use and set up
Try setting it up. Check whether it will interfere with other software or equipment.
Designed by military experts
Find out when.
High tech
Do some research.
Above all, do not accept the specifications and marketed capabilities at face value. Put the equipment through its paces and see the results. Winfried Vervenne has extensive experience in the field of military intelligence, including 11 years in Europe and several years working as an instructor for Tradecraft in the central African region, achieving the rank of Colonel. He has not only field tested but also designed a range of equipment (mechanical and electronic) that still sets the standard today.
SECURITY SOLUTIONS 039
040
Multiple Attackers: Outnumbered Does Not Mean Outmatched! By Richard Kay It is sad but true that a fair fight is a rare thing these days. If officers are faced with a situation in which they need to defend themself or others from violence, the chances of it being a straight conflict between two people are low. Apart from domestic violence, most fights involve more than two people. What they say about bullies also holds true for violent criminals – they are generally cowards and prefer to go around in large groups picking on smaller groups or individuals that they think are easy targets.
041
Statistics released from a police crime study a few years back showed that one of the most common physical attacks in unarmed assaults was kicking. This may seem surprising, since most people (even ‘trained’ people) will often not kick in a fight because under stress they simply resort to instinct and are busy using their legs for standing and moving. What the statistic reflected, however, was that kicks were common not because people liked to kick, but because the most common attacks in modern society are multiple attacker situations where a group targets an individual. In this scenario, it is common for the outnumbered victim to be knocked down or ‘taken’ to the ground, where the group can then use their numerical advantage to best effect … stand around and over the downed victim and kick. Therefore, statistically, the number of kicks in the confrontation increases dramatically. This type of situation is of particular concern for security personnel who operate in environments that contain large groups of people, such as security guards or crowd controllers working at shopping centres, licensed venues, concerts, or public events. However, this does not negate the need for personnel who work in ‘quieter’ environments, such as mobile patrols or static guards, as any situation has potential for risk, especially if the officer has no back-up readily available. A mass attack can happen in a variety of situations, and so quickly and unexpectedly that officers have little or no time to think about it. Multiple attackers mean angles, weapons and levels of attack increase exponentially, not just by the sum of the number of attackers. For example, four attackers do not just mean four times the trouble – there are now 16 times as many weapons to contend with. As part of a complete operational safety tool kit, it is well worth officers knowing about the specific issues around how to protect themself and how to prevail against multiple opponents, to give themself the best chance if the worst does ever happen and they are confronted by a group of people. It is important to think about it now and address this situation in training. It is possible for a single person to prevail against multiple attackers. General tips: • Think quickly, keep it simple, and resolve quickly.
042
• Control your breathing to keep anxiety low and your energy high. • Adopt a positive, realistic, and assertive mindset – instill anxiety into opponents. • Move continuously with balance, and position yourself tactically. • Be proactive and act seriously. • Use every opportunity to your advantage. • Be careful not to injure your hands. Obviously, there are a huge number of variables that come into play here like officer vs. subject skill, and officer vs. subject physical attributes, etc. Officers need to have superior movement and evasion skills, striking skills, and the ability to render opponents unable to continue in the fight. They also need superior verbal skills. Instill fear and doubt into an opponent through verbal means, but do not threaten. This only serves to give away the element of surprise. Do not strike a pose; this gives the group time to think about their response and to fuel their group rage. Remember, disengagement is a good option. Officers in foot pursuits are usually only successful in capturing a subject in the first 150 to 200 metres of the chase. After 200 metres, the odds of catching the subject rapidly diminish. The same experience should also apply in reverse. If officers can string the group out over 200 metres, they can then engage each opponent separately. For all the verbal or physical responses to multiple opponents, the general rule is to create an advantage and use it. This may involve using the environment, or more importantly, a weapon. The disadvantages of facing multiple opponents are staggering. In situations with two, three or four opponents against one, it is literally a few seconds before the one defender is swamped by the group. There are theories that say that multiple opponents get in each other’s way, but experience shows that moving to line up two of them often ends up moving right into one of the others. There are a few basic principles, rather than specific techniques, which can make a real difference: Prevention Stop the fight before it starts. Positive and assertive interaction with the group may off-set any violence. Try not to do anything that will cause the opponents to escalate. Remain aware of multiple attack dynamics, and try to negate them as soon as possible. Often, there will be
one or two dominant personalities in the group who will attempt to control the situation. This also serves to distract from other group members positioning themselves to surround the victim. Once in place, they can launch their attack from a position of tactical advantage. Mindset Deal with reality, not delusion. If you face multiple attackers you are outnumbered and at a severe tactical disadvantage, and there is a high probability that if they attack you will be hurt. Accept these ‘facts’, but do not let them defeat you. The attackers are human too, and therefore feel fear and pain. Make them aware that you will not stop fighting, that if they defeat you, they will have to work for it, and some of them will suffer too. This is not bravado, it is reality-based psychology that can create doubt and hesitation in their minds. Mobility Never get caught up with one person. Keep moving around all the time and immediately disengage into space. If you allow yourself to get caught up engaging with one person, or if you are just very focussed on one of the attackers, then you are effectively defenceless against any of the others. Stability Getting knocked down to the ground is a dangerous reality. Kicking might be a powerful attack, but it carries a high risk of getting knocked down if you do not land it perfectly, or if your leg is caught. Keep both legs firmly planted on the ground. Positioning Do not get surrounded. The ideal position for a person against multiple opponents is to line up the attackers so that you can deal with only one at a time. The worst position is to have them all in a circle surrounding you. As you continually keep moving, you need to keep this in mind … ‘stack’ your opponents in a line, but do not let them ‘bracket’ you. Use the Environment Having your back to a surface can be a good thing. If you have a wall to your back then it is impossible for anyone to attack you from behind, and if you are in a corner then it is very hard for more than one person to attack you at once. If
you are attacked by more than one person then surviving the fight should be your first priority. If there are possible and realistic avenues of escape then you should do everything you can to keep this option open, and should avoid getting trapped. Any obstacle, from a concrete bollard to a car, can be used in a similar way to stop them all attacking you at once, and to stop anyone from being able to approach you from behind. Similarly, if you have ‘weapons’ (baton, firearm, etc.), strongly consider using these early, perhaps even as a show of force to defuse a situation from escalating. This may seem unnecessarily pre-emptive to some, but if they do attack it is highly likely that they will overwhelm the officer and strip the weapons anyway. If you do not have issued duty weapons, consider what in your immediate environment may be used to give you an advantage, and before they do. Making a choice to use them when an opportunity arises may help you gain control. Act seriously Officers should always view striking a subject
GPS Tracking Live Tracking Vehicle Stops Vehicle Trips Distance Travelled Over speed Job Dispatch Fleet Utilization Metrics Geofence Alerts Driver Identification Cost Effective!
as a last resort. However, a multiple attack situation is very serious, and highly dangerous. There is no point in striking your opponent if you have no chance of either winning or getting away, because you will only aggravate them and encourage them to cause more trauma to you. Do not strike for the sake of it, pick your moment and only strike when you think you have a chance of it having an effect. Reduce your opponents’ numerical advantage by any means necessary. It is impossible to defend from multiple angles, so you need to be the first to act. Do not threaten or give away your intentions once you have committed to action. Target vulnerabilities to stun, disorient and disable. Disengage Unless you are highly skilled or in a situation where you cannot escape, your best option is to disengage. This is less likely going to be a confrontation you are going to win, and will more likely be a fight you are going to have to escape. Head to somewhere public and call for help. Running is also likely to separate your attackers,
making it more likely to be able to confront them individually. However, when running, be extra careful, as they can set a trap for you and eventually surround you. Like every aspect of operational safety, preparation starts firstly with developing a realitybased mindset, and then engaging in realistic, appropriate and regular training. Officers should incorporate multiple attack scenarios into training, both with and without weapons, and always add the element of the unknown for proper stress inoculation. After all, failing to prepare is preparing to fail!
Richard Kay is an internationally certified tactical instructor-trainer, Director and Senior Trainer of Modern Combatives, a provider of operational safety training for the public safety sector. For more information, please visit www.moderncombatives.com.au
UniGuard
Overspeed Alert
Overspeed Alert
Vehicle Asset003 is currently travelling at 65 kmph ! This is 15 kmph above the designated limit.
Vehicle Asset003 is currently travelling at 65 kmph ! This is 15 kmph above the designated limit.
Call today for a free info pack - 1300 1333 66 - www.UniGuard.com.au SECURITY SOLUTIONS 043
CCTV
044 SECURITY SOLUTIONS
4k And Beyond! The electronics industry provides one of the most efficient and productive technologies of modern times.
SECURITY SOLUTIONS 045
CCTV
By Vlado Damjanovski
In the late 1940s and after the invention of transistors following WWII, the electronics industry has continued to evolve and develop, from the humble transistor to the latest super microprocessors. The industry has helped convert cameras from the old film type, through tube pick-up devices to the modern electronic counterparts with charge-coupled device (CCD) and now complementary metal-oxide semiconductor (CMOS) technologies. The old standard definition analogue electronic cameras created in the 1960s, with 576 horizontal scan lines (D1 resolution), made way a few years ago for the modern high definition (HD) digital cameras with 1080 horizontal scan lines. HD is a digital video format used from its source, rather than being converted from
Final Paths Ad 396 x 121.indd 1
046 SECURITY SOLUTIONS
analogue into digital, as was the case with DVD media. The HD television format (also known as 1080HD) is the current television standard, with 1920 horizontal x 1080 vertical pixels. Essentially, HD offers five times the pixel count of D1 resolution. When an HD signal is produced by a camera, it appears as a 1.5Gb/s or 3Gb/s stream, depending on whether it is 1080i (interlaced) or 1080p (progressive). This is huge data traffic coming from a digital camera, impossible to imagine 20 years ago. A new video compression standard, the now common standard H.264 compression (also known as advanced video coding – AVC), was introduced about 12 years ago to enable cameras to transmit and store such large amounts of video data. However, the latest camera sensor
technologies, such as the 4k video, are now offering even larger video formats than HD, with four times the pixel count compared to HD (that is 3840 x 2160 pixels). Using the current terminology for HD, the 4k could be referred to as 2160HD. It is also known as Ultra-HD-1 resolution. The 4k is basically equivalent to live streaming an 8 megapixel video, of which an uncompressed stream occupies around 12Gb/s, making it necessary to compress the 4k stream. While the H.264 compression can be applied to 4k video, more efficient video compression was needed; the H.265 (also known as high efficiency video codec – HEVC) was introduced two years ago. An even more impressive format called 8k is currently being developed and tested, offering another quadrupled resolution to
However, the latest camera sensor technologies, such as the 4k video, are now offering even larger video formats than HD, with four times the pixel count compared to HD.
the 4k, with 7680 x 4320 pixels, which is almost 32 megapixels of live streaming video. This is known as Ultra-HD-2. When viewing 4k and 8k video, a viewer sits closer to the display relative to the viewable details and this immerses the visual senses completely. It is said that the viewing experience is almost threedimensional (3D) without having the 3D goggles. This was reported by many viewers watching the 2012 London Olympics with an experimental 8k video. The CCTV industry always tries to minimise equipment costs while still maximising recorded pixels and extending storage time. This is not easily done, but the trends are certainly going in that direction. One way to reduce the cost of high-resolution cameras is to make the sensors smaller, despite
increasing the number of pixels. Making smaller sensors means lenses with smaller projection circles, which means smaller lenses. Ultimately, smaller lenses mean less glass and lower cost. Unfortunately, the miniaturisation of sensors means smaller pixels, and this in turn means more noise and less dynamic range. When imaging sensors become smaller and at the same time the number of pixels increase (for example, when going from HD to 4k), the result is even smaller pixels and even more noise. Smaller and more dense pixels require even better optics; better than what was in use in the analogue days. To top it off, more pixels means streaming more data, which in turn requires a better network and more storage. At first glance, the above barriers to
You’re in very secure company
21/9/14 9:20:10 PM
SECURITY SOLUTIONS 047
CCTV
The 4k is basically equivalent to live streaming an 8 megapixel video.
048 SECURITY SOLUTIONS
advancement make the new 4k (and certainly the upcoming 8k) almost impossible to implement, expensive and unattractive, to say the least. Yet the modern demand for more pixels, sharper details and larger storage is insatiable. This demand ultimately drives technology toward new solutions, better sensors, more storage, better lenses and, paradoxically, lower prices. This is important for the CCTV industry! To illustrate, people with longer experience in the CCTV industry will remember that some of the first analogue CCD cameras, back in the early 1990s, were over $1,200 – and that was excluding the lens. Today, an HD or megapixel camera, with lens (even with a built-in zoom lens) and with smart electronics would cost no more than half the amount that it did two decades ago. Even
the 4k models now appearing on the market are not a lot more expensive. Similarly, the first large LCD television sets from 10 years ago were close to $10,000. Only a few years later, their prices plummeted to around $2,000. It is evident that 4k has arrived in consumer electronics as well, with 4k television sets costing nearly the same amount. It should be unnecessary to forewarn future users of 4k CCTV cameras that it is pointless buying such cameras without having 4k-capable monitors. An HD monitor can be used since it has the same aspect ratio of 16:9, but do not forget that the standard HDMI cable will also need updating. The cables designed for 4k resolution are called display port cables; however, the latest HDMI v.1.4 will support 4k as well.
This demand ultimately drives technology toward new solutions, better sensors, more storage, better lenses and, paradoxically, lower prices. This is important for the CCTV industry! In most CCTV applications, using 4k cameras will be by way of using some version of Windows operating system, a super fast processor and a super powerful graphics card. A 4k-capable computer display would be needed, of which there are very few at present. Most users would opt for a 4k TV display, which is physically much larger than a conventional computer monitor. A lot of processing power is needed to decode one or more 4k video streams and only the latest versions of Windows, with a special graphics card, may support 4k resolution. When deciding on whether to implement 4k, users should take into account the above-mentioned considerations: smaller pixels, low light performance, the optics required, increased network bandwidth, storage load and demands on computer decoding power. Potential users should check all of this before deciding whether 4k is appropriate with the current computer hardware and software they own. If all of the above boxes are ticked, then go for it! Many broadcast studios and production houses are already using 4k for their daily production. An Australian company, BlackMagic Design, is making very affordable yet excellent quality 4k cameras for video production. However, the broadcast industry makes good money through their productions and they do not shy away from spending good money for good results. While the CCTV industry has started to embrace the technology, in comparison, it is one of the most penny-pinching industries. It is not easy to be innovative in technology without prior training, learning and without spending money, even when all the boxes are ticked. The 4k will certainly not be the concluding component in CCTV technology; it is just a part of the electronics industry’s advancement. It is always inspiring and encouraging in the CCTV industry when ‘new kids on the block’, such as the 4k, come along.
Vlado Damjanovski is an author, inventor, lecturer, and closed circuit television (CCTV) expert who is well-known within the Australian and international CCTV industry. Vlado has a degree in Electronics Engineering from the University Kiril & Metodij in Skopje (Macedonia), specialising in broadcast television and CCTV. In 1995, Vlado published his first technical reference book – simply called CCTV, one of the first and complete reference manuals on the subject of CCTV. Now in its 4th edition, and translated into four languages, Vlado’s book is recognised the world over as one of the leading texts on CCTV. Vlado is the current chairman of the CCTV Standards Sub-Committee of Australia and New Zealand. In his capacity as chief contributor, Vlado has helped create the Australian and New Zealand CCTV Standards (AS4806.1, AS4806.2 and AS4806.3). He can be contacted through his website www.vidilabs.com
SECURITY SOLUTIONS 049
BUSINESS
050 SECURITY SOLUTIONS
Customer Service And The Bottom Line By Ray Hodge Security companies, sole traders, and those blessed with the entrepreneurial gift spend inordinate amounts of time and energy focussing on increasing sales and profits, and rightly so. Always on the hunt for new opportunities, they create front-end strategies, strategic partnerships, and referral mechanisms to build the ever-evolving sales pipeline. Included in this frontend activity is often expensive, laborious and intensive activity centred around creating new customers, which can sometimes yield little in the way of results. Perhaps there is an easier way? Ockham’s Razor (one of the statements linked to the medieval philosopher, William of Ockham, that accentuates the shaving away of unnecessary assumptions) indicated, “the best solution to a problem is usually the easiest one”. Business owners and managers tend to overcomplicate the problems and issues that surround them; looking for the one cause with the easiest solution is at the heart of the statement.
In my personal experience, both as a business owner and a customer, one of the ‘easier ways’ sits right under the progressive and analytical noses of most business owners. It escapes their notice because of its profound simplicity. That easier way is by providing exceptional customer service and adding significant value to both existing and new customers. Following is both a positive and negative, personally experienced example for reinforcement. Walking with some friends on a warm summer evening along the South Bank restaurant strip in Brisbane, the place was abuzz and most restaurants were overflowing with patrons. We walked past one that had only a few customers, but it enticed us nevertheless
SECURITY SOLUTIONS 051
BUSINESS due to its aromatic impact. We decided to eat there. What happened over the next hour helped me understand why the place was empty. The welcome was gloomy, we had to ask for water, I lit the candle on our table, we had to wait (and wait) for the waitress (who was not busy), we had to get up and get serviettes, there was no eye contact as staff walked past us… and so it went. The food was great, service was lousy, and I have never been back, nor will I ever. The antithesis to this experience was my first visit to the Pan Pacific Hotel in Perth, Australia. Warmly welcomed, called by name, preferences listed, rooms cleaned perfectly, and so on, made for ongoing and repeat visits. Having stayed there over a 12-month period, I decided, for a bit of variety, to try out another hotel in the vicinity. The rooms and presentation were excellent, but the service was incredibly average. The cleaner left dirty cups in my room, no one called me by name, my booking was messed up and eye contact was lacking. Needless to say, I am back at the Pan Pacific. Upon my return, nothing had changed. Warm greetings with numerous “nice to see you Mr Hodge” and I am treated as if I am the most important person there. What was I thinking by trying somewhere else? The restaurant referred to above, like many other businesses, is potentially spending thousands of dollars on advertising, but lousy customer service only gives them one-time business rather than repeat business. Thus the bottom line is seriously impacted by both increased advertising spend and decreased patronage; not a great recipe for any business. On the other hand, the hotel, after dealing with it once, created a pathway back with no additional marketing cost and has extracted large amounts of revenue from my wallet. The Easy Way For a Healthy Bottom Line For new customers: • Add value straight up. This might, for example, be in the form of an upgrade to what customers have paid for, a small thank you gift, additional service, or a free product. • Ensure the process is explained to customers, along with what they can expect, pricing and so on. • Take the risk away. Offer strong guarantees in favour of the customer that emphasises that the business has to perform, and that their patronage is valued. • Call customers by name. • After customers have completed their first lot of business, follow-up with a phone call to ensure their complete satisfaction, or send them a loyalty card or discount voucher to assist in their return.
052 SECURITY SOLUTIONS
• Ask customers for permission to be added to a mail-out list and keep in touch with them through newsletters or updates every 30 days. For existing customers: • Develop a system that when customers call or walk in, their details are easily accessible. Train all team members to remember names. • Create levels of memberships that have increasing value. • Reward customers for their ongoing patronage. Examples might include upgrades, free entry to upcoming events, social invites, special client evenings, Christmas gifts, or complimentary drinks. • Give preferential treatment. Categorise customers and provide something to top-tier customers over and above what is provided to the general customer base. Referrals Referrals are another one of the simplest, easiest and most overlooked ways of generating business. Simply asking for referrals works. The acquisition cost is next to nothing and is the absolute best way of filling the sales pipeline. Training the Frontline Team This is easy, but often neglected. Train all staff to smile (including yourself), talk intelligibly, look at customers in the eye and have staff go out of their way to make the customer’s experience incredible. It might mean making coffee for customers, cleaning up after a job (in the tradesman’s case), showing them around, explaining the process, and so on. Surveys and Follow-Up The best method here is a phone call. BMW Brisbane is exceptional at this. Within 24 hours of my car being serviced, and without faltering in five years, I receive a phone call to ensure I am happy with the service received. In closing, here are some personally experienced examples. The Great • Security staff who remember my name with the simplicity of a genuine smile. • Employees who notice the small things, taking it upon themselves to improve my condition. • The security officer, mindful of my time, who works to get me through the checkpoint as quickly and diligently as possible without compromising standards. • The company that makes me feel like I am their
Referrals are another one of the simplest, easiest and most overlooked ways of generating business.
most important client, not just a number or dollar. The Bad • The security officer who asks, “What do you want?” • The security team member who asks, “Can I help you?” when what he or she clearly means is, “Please do not bother me, I have better things to do”. • The installer who grunts and leaves a mess. • Salespeople who are more interested in getting the sale than in my needs. The Ugly • Tech support who, upon hearing my complaint, say, “I understand” – how can they, they are not me! • Invoices that end up double what I expected because things were not explained properly at the start. • Overhearing foul language from security staff. As in all things, what business owners and staff value shapes their actions. If the company puts customers first and communicates that customers are important, they will more than happily be longterm, paying customers. They will refer their friends, be the business’ evangelist, and open their wallets.
Ray Hodge is the director of Ignite Business Consulting. Known as the ‘efficiency driver’, Ray appears regularly as a speaker in Australia and consults to businesses and organisations, with the Department of the Australian Prime Minister and Cabinet on his list of accomplishments. He has held positions as general manager in the tourism and construction industries, and has successfully run his own businesses in the finance, property and accommodation sectors. Ray has coached and provided consulting services to leaders and teams for over 20 years. He can be contacted at ray@ ignitebusinessconsulting.com.au or directly on 0403 341 105.
SECURITY SOLUTIONS 053
COVER STORY
054 SECURITY SOLUTIONS
s i s i r C e Th
y m o n o ec SECURITY SOLUTIONS 055
COVER STORY
By Nicole Matejic Nothing sells news like a scandal, but while security companies are busy protecting their clients’ people and assets, who is looking out for them? ‘News that sells’ is the mantra of modern-day media. From print newspapers to talkback radio, social media and online news, the telling of stories is now more than ever embedded in a click-bait profit cycle that is at its best informative and educational, yet at its worst is profiteering on the misfortunes of others. Akin to the subculture of ambulancechasing legal firms, today’s news media profit indiscriminately from the scandals of corporations and people around the world. Social media compounds the issue, making a crisis far more newsworthy than it may have otherwise been, while citizen armchair commentators troll brands like it is a newfound hobby. News geared for profit is one of those inconvenient truths everyone knows exists but largely ignores. Everyone tolerates it, always hoping that the next big trending #PRFail is not theirs. Until of course, it is. For the security industry, this presents a multitude of challenges for those in leadership roles. Communicating during a crisis in a security incident or emergency context differs significantly from communicating with the media, shareholders and workforce during corporate crises. For a start, management has no command and control over the media landscape. Early on during a corporate crisis, they are also highly unlikely to have command and control of the situation that caused the crisis in the first place. Worse still, despite their best efforts and investment in their workforce through stringent pre-employment screening, training, mentoring, compliance and regulatory certification, the organisation’s greatest reputational risk remains at the coalface. Management need to consider how much the organisation’s reputation is worth and think about it comparatively; while the bottom line may dive during a crisis, the follow-on impacts to other parts of the organisation – contracting, new clients, staff attrition, recruitment – can be just as profound. During a crisis, reputational damage is felt organisation wide.
056 SECURITY SOLUTIONS
In the security industry, an organisation’s reputation is its trading currency. Its legacy of trustworthiness and operational success is the reason why clients hire and continue to do business with the organisation. When scandal erupts, even the most loyal of clients will quietly reconsider their contractual position. Guilt by brand association is a strong motivating factor in a marketplace that is teeming with consumers who have exceptional brand acuity. That means, while the organisation’s brand is being bashed in the media, its guards are still patrolling client premises in uniforms bearing the company logo. Clients and their stakeholders will not be oblivious to this fact. If the organisation’s brand will harm theirs, the organisation becomes collateral damage as contracts are withdrawn and new clients vanish. Organisations not only need to plan for every risk their clients may face, and even perhaps some internal business risks, but also for the risk of bad publicity. From the Battlefield to the Boardroom: 3 Lessons in Crisis Communication from the Military Developing a bulletproof crisis communications strategy to positively influence the audience during a corporate crisis is much easier than most people realise. In fact, organisations that are experts in their industry are best placed to identify and mitigate the risks that are likely to arise when their reputation is under fire.
1
The first lesson of war is to plan for it during peacetime. Savvy nations invest in defence forces in case they need to defend their sovereignty, strategic interests or the sovereignty of their allies. For strategic and tactical advantage, they do this well before soldiers’ boots hit the ground. Similarly, organisations that invest in crisis communications planning in case they need to defend their reputation, strategic interests, or perhaps even the reputation of a stakeholder, have the strategic and tactical upper hand. While the media count on an organisation’s lack of preparedness in response to their ambush, being ready for them before they camp out on the front lawn gives management
far more control over the organisation’s narrative (or the story it wants to tell) than the old escape and evade tactic.
2
The second lesson of war is to be strategic. Know the enemy. When the media come calling, management should already have a fair idea of their modus operandi. From tabloidesque publications to serious investigative journalism and everything in between, appreciating the nuances between each media outlet and the way they tell stories is an essential element in developing a strategic approach to response. Never before has the how, when and who of message delivery been as important in crisis communications as it is today. Part of an organisation’s planning for reputational risk needs to include strategically providing management with options to communicate their side of the story in a way that provides as much control of the narrative as possible. Social media gives management a range of options to proactively control their own narrative and be the creator of their own news. If a crisis is about to unfold, breaking the news themselves by calling a press conference or issuing a written or video statement takes the scandal out of the story, provided they take a mea-culpa approach. Savvy organisations may even build their own newsrooms over the longer term to ensure their ability to communicate during operational business as usual and during times of crisis. This is effective and places them in a position of authentic brand leadership. Authenticity, honesty, and strategic intent are the biggest allies in remediating reputation. Whether an organisation is on the offensive by breaking bad news first, or on the defensive in responding to media questions, management need to think beyond the press release and toward YouTube, Facebook and other social channels that provide an opportunity to proactively engage with the audience that will be online, with or without their input. Management must answer the hard questions; do not avoid them like a politician who tries to spin the story sideways to redirect attention away from the elephant in the room. The media rarely ask questions they do not
AME System produces its customisable ActivConsole range of electric height adjustable and fixed height control room consoles from their local design studio and manufacturing facility in southeast Melbourne, Australia. The ActivConsole range has revolutionised control rooms throughout Australia and worldwide, introducing state-of-the-art ergonomic technology into a 24/7 monitoring environment. Able to be customised to suit any application, the ActivConsole plays
a vital part in keeping your workplace and employees healthy and productive. By utilising new modern production methods and combining them with high quality materials and finishes, the ActivConsole range continues to adapt to new technologies and trends, ensuring unparalleled versitility and flexibility in every design. Customising ergonomic solutions for over 20 years, we continually ensure safety and quality for a whole new generation of operators. Contact us now for a tailored solution.
SECURITY SOLUTIONS 057
COVER STORY
Social media compounds the issue, making a crisis far more newsworthy than it may have otherwise been.
already know the answers to – do not make a bad situation worse by demonstrating a lack of situational awareness and creating a perception that the organisation has something to hide. Do not give anyone a reason to believe there is more to the story than there really is.
3
The third lesson of war is to train the army. It is no secret that some of the best, most impressive military operators in the world come from nations that invest heavily in the development of their niche skill set. Driving a tank or flying a jet is not a skill one is born with; likewise, dealing with the media during an organisational crisis is a not a skill that comes naturally for most people. The leadership team must be able to deliver professional, authentic and on-target messaging during a crisis. Invest in training people together as a team. This will not only serve to ensure everyone in leadership roles has the skills required to speak on behalf of the organisation, but it also provides the organisation with critical contingency options. It is tempting to think less is more in this equation, but issues such as succession planning and key employees being on leave can quickly destabilise the ability to deliver effective crisis communications in a 24/7 environment. Plan for these variables to avoid becoming a victim of Murphy’s Law. Leaders are not immune to crisis. If the CEO or another member of the executive or leadership team is the cause of, or embroiled in the crisis itself, quickly sequester him or her away from the organisation and out of public sight while he or she is managed. This frees up the organisational spokesperson to concentrate on the crisis at hand without competing for airtime. Social Media Rules of Engagement Crises arising from social media can pose very different challenges for security organisations.
058 SECURITY SOLUTIONS
While the news media’s publishing of the story online will certainly outrank even the best search engine optimisation strategies, the variable factor on social media lies in each network’s global user base. If an organisation has built a social media community around its brand, when the trolls come out to play so too will the community that may actively advocate on its behalf. Organisations that are exceptionally social media savvy and use their networks as a customer service portal, newsroom or regular community engagement channel can, with the right team in place, use social media to manage the crisis effectively. Having primed their audience and built their trust over the long-term, their ability to continue to leverage social media channels to manage the crisis in a transparent manner will give them unprecedented control over their own narrative. Being the source of factual information places the organisation in a strong position of leadership, and demonstrates a commitment to customer experience.
Developing a bulletproof crisis communications strategy to positively influence the audience during a corporate crisis is much easier than most people realise.
Conversely, if organisations are not corporately present on social media, people will still be talking at them and about them. By default, an offline crisis will move online. Whether or not organisations track these conversations should form part of their strategy. If they choose not to monitor online sentiment, they risk missing out on valuable insights into how the crisis is developing, subsiding or worsening. Regardless of whether it is using social media or not, the key to an organisation’s reputational remediation online lies in its authenticity, honesty and ability to engage with the audience it offended or wronged. A word of warning: a crisis should not be the reason an organisation suddenly becomes active on social media. In fact, commencing a social media existence in response to a crisis can present more issues than solutions at a time when fewer complications, not more, are needed. Skills and resourcing are at the top of that list. Who is going to run and monitor those networks? Who in the organisation’s workforce is aptly trained and experienced in social media community moderation? Social media is a 24/7 proposition and is not a task for the intern or administrative assistant. Organisations should not jump on the bandwagon during a crisis if they do not have the expertise to manage social media effectively. Organisations that are not present on social media should not let their absence give other people opportunity. Proactively protecting an online reputation should form an essential part of an organisation’s crisis communications strategy. The brand’s intellectual property, for example, is one of the easiest things to protect – yet it is commonly overlooked. Securing an organisation’s brand @handles on Twitter and Instagram will prevent enterprising or nefarious individuals from masquerading as the organisation online
EasyGate an award winning range of speedgates DDA Compliant Secure – up to 1800mm high barriers Stylish – European design and manufacture Reliable – 24 month warranty & 3,000,000 MTBF Fast – Throughput rates of up to 60 people per minute
With 14 years’ experience delivering entrance control solutions and 5 offices across Australia & New Zealand Centaman is here to help you make the right entrance
T: 1300 858 840 E: sales@entrancecontrol.com.au
www.entrancecontrol.com.au
SECURITY SOLUTIONS 059
COVER STORY
by creating accounts in its name. Similarly, establishing official Facebook, LinkedIn, Google Plus and YouTube presences will ensure the brand is not easily confused with that of an imposter. Of course, it is best if an organisation is active on these networks rather than becoming a corporate cyber squatter; however, at a minimum, an organisation should be the one holding the social media keys to its brand on every network. Social media impersonation can be both the cause of and a continually damaging factor to organisational crises. Not only can imposters fool customers, stakeholders, and the general public into thinking they represent an organisation, but they can also steal an organisation’s online traffic, sending anyone who clicks on links to any number of nefarious places. The same approach should be taken toward securing variations of an organisation’s URL; whether it has a website or not is a moot point. Proactively controlling a web presence denies opportunistic individuals from causing or exacerbating a crisis. Hearts and Minds At the heart of every scandal lies a story with an emotive trigger. The scandal resonates with people on an emotional level, and their reaction will define how an organisation’s crisis plays out in the short to medium-term. Recognising what this emotive trigger is within the crisis is an essential step toward being able to communicate effectively towards remediating the organisation’s reputation. Security officers, for example, are held to the same ethical and moral standards as other law enforcement professionals. When an incident occurs that involves a guard that has demonstrated a lack of ethics or morality, it is perceived as an affront to public confidence. Security companies should move quickly to distance themselves from employees who have demonstrated such behaviours by managing those individuals out of their workforce and
060 SECURITY SOLUTIONS
Social media gives management a range of options to proactively control their own narrative and be the creator of their own news.
publically apologising for their behaviour. ‘Sorry’ is one of the most powerful words an organisation can employ when genuinely delivered. Organisations are vicariously liable for the actions of their employees. Showing corporate leadership and conviction of character by taking corporate accountability in a public way is essential; no one should be left in any doubt about management’s feelings on the crisis and the events that caused it. #AFinalWord Communication, particularly during a crisis, should be an open dialogue between an organisation, its stakeholders, clients, workforce and the media. ‘No comment’ is not a viable crisis response in today’s prevailing climate of 24/7 news and citizen journalism. ‘No comment’ only succeeds in sending a clear message that the organisation is not in control of the crisis and has something to hide. An organisation that removes itself from the news media conversation is effectively giving its blessing to journalists and the general public to write the crisis narrative for it. Unsurprisingly, management are unlikely to enjoy what they publish. Perhaps the most fortunate aspect of crisis communications in today’s digital and
social media environment is the fact that an organisation does not have to live through its own crisis to learn from the mistakes of others. A Google search for #PRFail will return a myriad of examples of how organisations have found themselves in the crisis communications hurt locker and how they navigated their way back into business as usual. It is not pretty reading, but it is educational. The most common point of failure in every organisational crisis is a lack of preparation and training. The ‘it will never happen to us mentality’ is a negligent response from leaders who fail to appreciate the dynamics of the news and social media cycle. With most crises the result of internal issues and mismanagement, can any organisation afford to ignore planning for its known risks? Let management’s actions in response to a crisis speak louder than their words. Do not be organisationally defined by a crisis: be defined by the response to it.
Authenticity, honesty and strategic intent are the biggest allies in remediating reputation.
Nicole Matejic is an internationally acclaimed military information operations adviser and crisis communicator specialising in the social media battle space. A regular speaker and trainer for North Atlantic Treaty Organization (NATO), Nicole’s first book, Social Media Rules of Engagement, will be published through Wiley in June 2015 (available for pre-order at http://www.wiley.com/buy/9780730322252). Connect with her on LinkedIn or on Twitter @NicoleMatejic or visit her online at: www.nicolematejic.com
SECURITY SOLUTIONS 061
JUST LAW
062 SECURITY SOLUTIONS
Workplace Inductions: Minimising Human Risks
SECURITY SOLUTIONS 063
JUST LAW By Dr Tony Zalewski Relevant and timely induction processes for new staff are an essential component within any system of work. It is a vital part of minimising operational risk whilst also ensuring new staff are productive in meeting business objectives as soon as possible. Security leaders have long identified this important area within engagement of new staff, but not always in a consistent way. Having investigated induction processes across a number of security organisations, there are many lessons to be learned. This article discusses strategic induction methods for security providers. Induction is discussed in the context of operational security risk management in making new staff inductions both a valuable and effective process. Induction Types Regulators have long supported a formal approach to induction of new staff. Within its Australian Work Health and Safety Strategy 2012-2022, Safe Work Australia and also the Fair Work Ombudsman recommend that a formal induction process occurs for new staff. The Fair Work Ombudsman has developed a checklist for employers that is freely available on its website. Similarly, industry associations and unions such as United Voice also support the induction process as an essential entry requirement for work. However, like many processes in business, there is no one-size-fits-all induction process. Some induction programs are provided over days, and others in a matter of hours. In larger organisations the induction process is usually formalised, the responsibility of a human resource team and conducted in a predictable and consistent way. In smaller organisations the process can be quite different, with a level of inconsistency depending on organisational or client needs and the level of staff turnover, and it is often informal and not well documented. Security Industry Inductions Leading security industry associations ASIS International and Australian Security Industry Association Ltd (ASIAL) both recognise the importance of induction for security industry personnel. A number of resources are available on their websites to support the induction process.
064 SECURITY SOLUTIONS
Formal inductions are also supported in various standards and industry guides. For example, ISO31000:2009 Risk Management – Principles and Guidelines recommends, “… roles, accountabilities and responsibilities should be part of all the organisation’s induction programmes” (p22). AS4421:2011 Guards and Patrols provides, “Induction training shall be provided for all personnel engaged for security duties, whether full or part-time (seasonal and casual categories included) and shall be given prior to their first operational duties” (p14). AS4421 provides information on the minimum requirements for employee engagement, many of which can be elaborated upon during a formal induction process, such as: • the organisation’s structure and key positions • protocols that include policies, plans, site orders and procedures (administrative and operational) • issuing materials and confirming conditions associated with organisational identification, corporate confidentiality, and work-related equipment • roles and responsibilities associated with the employee’s security employment in a position description or similar • confirmation of key terms and conditions of employment that should have already been provided in writing as part of initial engagement • types and lines of communication and accountability, including urgent and routine telephone calls, radio transmissions and the like • relevant supervisory and management staff and their points of contact • incident reporting and debriefing processes • situational or client-specific issues where there are multiple workplaces, such as work health and safety issues, work times and breaks, emergency preparedness, personal protective equipment, personal phone/email/internet usage, workplace surveillance, incident response and the like • skills practices associated with operations such as using radio communication, internal radio codes, working as part of a response team, site specific tasks and so on.
... a good induction program should also build practical competence.
Practicalities are Important Often inductions focus on corporate policies such as equal opportunity, anti-discrimination, safety and the like. These policies are important; however, a good induction program should also build practical competence such as: • demonstrating how to access and then move around the workplace after being shown • completing an incident report after being shown an incident on video • having the new employee writing the steps they might take on detecting a suspicious person near the workplace • demonstrating how to use a portable radio or other equipment. Completion of practical tasks during induction confirms competence, builds confidence of new employees, and makes induction to the workplace real and enjoyable. Common Problems Most planned inductions proceed without incident and staff enter the workforce and perform their work effectively over many years without problems. However, the author’s experience discloses that problems arise when: • there was no formal induction or the induction was conducted over a very short period of time on the assumption the new employee ‘knows what has to be done’ • the content for induction sessions was not documented • dates, times, locations and information provided during the induction were not recorded in writing • staff conducting induction sessions were not qualified, competent or experienced in the role; this is especially important in specialist roles such as advanced first aid, management of chemical hazards, or other high-risk work activities • the new employee was not provided with documents that supported content of the induction program; that is, no induction manual, or the materials provided were deficient • new employees did not demonstrate competence, and/or there was no documented evidence that the new employees were competent, against their induction training.
New staff that are correctly inducted will better understand their new workplace, its structure, culture and, most importantly, key people in the organisation.
Conclusion Induction sessions do not need to be drawn out, they just need to address the important features of work and retain a level of practicality. Good inductions introduce new employees to the workplace culture as they are ‘shaped’ into their new environment. New staff that are correctly inducted will better understand their new workplace, its structure, culture and, most importantly, key people in the organisation. Some organisations are able to provide workplace mentors or ‘buddies’ to further enhance new employee competence and minimise operational risks. Finally, an induction program will continue to evolve as a business grows and new markets are entered. Employers should ensure new employees are able to evaluate the program in addition to senior staff. These two diverse perspectives in evaluation will assist to enhance induction processes and, therefore, drive a quality business forward. For over 20 years Dr Tony Zalewski has provided expert security reports to courts in all Australian jurisdictions. He has worked on some of Australia’s leading security-related civil actions and currently provides advice about security across industry sectors, as well as being a member of relevant industry associations, and a security adviser to governments locally and abroad.
SECURITY SOLUTIONS 065
066 SECURITY SOLUTIONS
Image: Robert Cicchetti / Shutterstock.com
FEATURE ARTICLE
Lessons from Martin Place
SECURITY SOLUTIONS 067
FEATURE ARTICLE By Rod Cowan
The Federal Bureau of Investigation (FBI) makes a distinction between a crisis and a hostage situation. Only four percent of cases could be classified as a hostage negotiation, which is where the plan is to trade people for money or transport, or for political demands to be met. “Included in the remaining 96 percent are emotionally-driven crises where a person is barricaded by themselves or with one or more victims, or is suicidal,” writes Detective Jeff Thompson on the FBI Law Enforcement Bulletin website (leb.fbi.gov). “In these situations, the person is not making substantive demands or asking for anything from the police because they do not need anything from the police. Rather, they are in crisis, meaning that their normal coping mechanisms for dealing with life’s day-to-day challenges have been overwhelmed. Their emotion level is high while their rational ability is low.” By all accounts – take away the demands for a Daesh, or the Islamic State of Iraq and Syria (ISIS), if you will, flag – and it sounds pretty much like Martin Place falls into the 96 percent bracket. It is clear, after all, that Monis was a troubled individual who had no connections with terrorist groups beyond his imagination. Former counterterrorism adviser to the White House, Richard Clarke, summed it up neatly on ABC News in the US. “I do not think this was a lone wolf terrorist, I do not think this was a terrorist at all. I think this was someone who was committing suicide by police as a lot of people with mental problems do, and now, if they say they are a terrorist, if they say they are somehow associated with ISIS or Al Qaeda, it becomes a major event that shuts down the city and gets international attention,” Clarke told ABC News. “This was a person with a mental problem who tried to gain attention and succeeded, tried to shut down the city and succeeded, merely by putting up a flag that was something like the flag of ISIS.” Why the preoccupation with whether it was a terrorist attack or simply the actions of a delusional and desperate individual? Simply put, in times of emergency, communications
068 SECURITY SOLUTIONS
mean everything and the language used shapes intelligence that informs decisions and subsequent actions. No doubt the various inquiries will provide 20/20 vision in hindsight; various inquiries being the NSW Police critical incident investigation, the Australian Federal Police inquiry and, of course, the NSW Coroner’s inquest, which is mandatory when people die in a police operation and is already underway. There was also a federal–state joint review released in February, covering Monis’ earlier interactions with the government, such as access to firearms and his use of various aliases, which found that the judgements made by government agencies were reasonable. For example, the review reckoned that the Australian Security Intelligence Organisation’s (ASIO) 2008–2009 review of Monis was thorough and found that he was not involved in politically motivated violence, nor had
and, as a result, spreading further fear and panic. But what choice did security managers, collectively responsible for the security and safety of thousands of people and millions of dollars of assets and revenue, have? They were for the most part reliant on mainstream media reports, but mainstream reporting and events beyond what was happening in Martin Place itself were pretty much being driven by social media. At the very least, this means most security managers were relying on secondhand and often unreliable sources. Okay, some may have also been looking at social media, but it would have been few; ask around and it becomes obvious that senior security managers at most have rarely visited LinkedIn accounts (unless they are about to start job hunting), even fewer have Facebook accounts (primarily “for the kids”) and fewer still run Twitter accounts.
Security managers in the Sydney CBD had scant information on which to base critical decisions or advice affecting thousands of people employed in the city. significant contact with groups of security concern. The 18 calls from the public about Monis’ Facebook page did not relate to any pending attack and, therefore, ASIO did not deem him a threat. The upshot being the review recommended reforms to the bail laws, “new programs to counter violent extremism”, and a review of immigration policies and visa applications. But, again, this is all hindsight. None of this information was readily available during the 17 hours of the crisis, and security managers in the Sydney CBD had scant information on which to base critical decisions or advice affecting thousands of people employed in the city, not to mention friends and relatives concerned about loved ones working in the CBD. As fear and panic rippled through the city, office blocks a brisk 20 minute walk or further from the scene – and people would have to have walked due to public transport being shut down and roads closed – were going into lockdown or sending staff home
Social media, however, played such a significant role that the Coroner’s inquest, which had an extraordinarily detailed opening to try to scotch some of the speculation and rumours surrounding the event, will have an unprecedented focus on social media. It will take several months to sift through video, sound recordings, texts, Facebook pages and other social media in an effort to answer the State coroner Jeremy Gormly’s question in his opening address, “What interactions occurred between hostages, police, nonpolice parties and hostage families? How did social media contact impact the prospects of the resolution?” Regardless of Gormly’s findings, it is clear that social media plays a significant role in any crisis, whether it be an attack – madman, terrorist, whatever – an emergency, or a natural disaster. As such, security operations need to become more adept at interpreting media surrounding events in order to make sound decisions. This includes learning how social
Image: Robert Cicchetti / Shutterstock.com
While the inquest and other reviews are underway into the tragic events in Sydney in December 2014, Rod Cowan says security should start now to examine its role in a crisis.
media operates and affects events, how it can be used to gather open-source intelligence and, importantly, how it can be used to communicate within their own networks. Moreover, it informs how staff should be briefed to deal with social media, both in terms of being victims and in terms of watching events unfold. Security managers could also play a crucial role in stemming the tide of hysteria and alarm. When discussing the absence of credible security voices in the media sphere on the likes of Twitter, a group of security managers responded that they would never “comment on an ongoing police operation”. That may well have been the proper course of action in the days of morning newspapers and evening news, with radio bulletins in between, but if credible, knowledgeable, trusted voices of reason are missing from today’s milieu, what else can be expected other than the spread of rumour and confusion? To be sure, not commenting on police operations is valid, but even if those voices were saying nothing more than to calm down, that the police have the situation in hand, and to rely on official sources such as police media rather than ratingsinspired coverage or hits-hungry online posts, they would have helped rather than hindered the authorities, surely?
rely heavily on private security for protecting 90 percent of its infrastructure, including many public spaces. Indeed, today’s first responders in shopping centres, office towers, government buildings, airports, sea ports and places of mass gathering are most likely to be security officers. Incorporating and developing a communications channel with those responsible for managing those resources – such as the security managers that either employ security officers or hire contractors for such work – from a technical viewpoint would not be difficult. For that to work, however, it would involve engaging with security on a different level than in the past; not through providers or their representatives (though they would need to be involved), but by dealing directly with security managers who, at the end of the day, will make decisions, or at least recommendations, that will affect their organisations and their employees. It is worth remembering, however, that Project Griffin did not come about through law enforcement initiatives, but was driven by London’s financial sector and spread from there. If CEOs and businesses in Australia’s CBDs would like to at least limit, if not mitigate, disruption during events similar to Martin Place, it may be they will need to lead the way.
It is clear that social media plays a significant role in any crisis. Even better, in this day and age, is to question why there is no communications process for liaising with security managers and providing them with solid information to share in order to calm things down. That is not to suggest a full-blown Project Griffin is required. Griffin operates in the UK to bring together the police, fire brigade, ambulance services, private security industry and other government agencies in the event of terrorist attacks and gets depressingly regular outings. Maintaining momentum in such a project in Australia has proved to be difficult. What is needed, nonetheless, is a keen awareness that modern cities, especially in Australia,
Rod Cowan is Editor-at-Large for Security Solutions Magazine and writer/director for www.securityisyourbusiness.com
SECURITY SOLUTIONS 069
LOSS PREVENTION
Will You Fall Victim To Organised Retail Crime? By Ray Esposito Organised retail crime (ORC) has become one of the more widely discussed topics in the loss prevention community. ORC is different than the traditional forms of shoplifting that most retailers encounter. Although the theft methods are the same, the scale, frequency and losses of each incident are much greater. Unlike the thrill-seeking teenager or the drug addict supporting a habit, ORC is a network of well-trained individuals whose sole purpose is to shoplift in large quantities for profit. As the name suggests, these shoplifters are more organised and tend to work in groups, allowing them to blitz a store, distract associates and provide lookouts to assist in the crime. These ORC ‘gangs’ rely on their experience, expertise and well-planned execution to hit stores quickly, while removing as much merchandise as possible.
070 SECURITY SOLUTIONS
The objective of an ORC network is to resell the stolen merchandise through fences, diverters and even wholesalers. Goods are often shipped overseas, resold to merchants who believe it is discount-priced goods, or placed on black markets. Often, the merchandise makes its way to online auction sites for sale to the general public. The reach of an ORC gang can be global, extending well beyond a single country’s border. Who are these People? ORC groups are created with a well-established network of roles and responsibilities. Members come from various ethnic groups, age ranges and gender. In countries like the US for example, groups have been identified from South and Central America, Asia, Russia and North America. The central theme in ORC is
that, regardless of size or cultural difference, the groups are well-networked, well-trained and well-equipped. Ongoing intelligence indicates that roles and responsibilities extend up and down the organisations from the actual thieves to the organisers, fences, diverters and the sales personnel who get the merchandise back out to the market. While members are welltrained and educated in their roles, knowledge and contact with other members is minimised, either by design or by nature, making it difficult for law enforcement to break up an entire ORC network. The Extent of the Problem The exact financial impact of ORC within the retail community is still undetermined, although an increased number of retailers have confirmed incidents of ORC. National news and
SECURITY SOLUTIONS 071
LOSS PREVENTION Organised retail crime is a network of well-trained individuals whose sole purpose is to shoplift in large quantities for profit. television has highlighted only a fraction of these occurrences, but even these show hundreds of thousands of dollars worth of recovered goods. Various surveys and studies throughout the last five plus years have also shown alarming individual losses, but with little movement to overall industry statistics. At first glance, this contradiction seems to create a problem in any claims of increased ORC activity. Although difficult to place an industry-wide value on the costs of ORC, the investigation results and shoplifting apprehension numbers support the contention that a growing problem exists. Many larger retailers, who have quantified large ORC losses, have developed specific loss prevention teams to combat ORC. These task forces travel the country tracking incidents, following leads and gathering intelligence in an attempt to apprehend ORC groups. Through a coordination of efforts with local, state and federal law enforcement, some of these task forces are making a difference within their retail organisation. Who will become a Victim? Answering this question is difficult when talking to an individual retail company. The majority of the known ORC incidents suggest that it is more prevalent in department stores and large specialty store environments; however, this may be more a condition of loss prevention focus than actual occurrence. It seems more likely and prudent to assume that victimisation depends more on retail business factors than just the square footage. The most important factors to consider include: • store location • merchandise type • resale value (street value) • loss prevention/operational measures. The geographical location of the retail establishment does play a role in it becoming an ORC target. Although store location alone does not mean that a retailer is susceptible to increased loss, various risk assessment analysis has proven that certain geographic retail locations have seen more incidents of crime, including retail crimes, than others. Merchandise type and resale (street) value is
072 SECURITY SOLUTIONS
considered a primary factor in a retailer’s target potential. ORC groups are attuned to consumer demands and trends, and target those items that they can turnover quickly. In addition to demand, thieves must think in terms of portability. A 55” flat-screen television may have high demand and high resale value; however, it is often difficult for a shoplifter, organised or amateur, to walk out of the store carrying the television. Merchandise that is more portable to the thief is a larger target. Items often found to be in demand for ORC operators are trendy apparels, baby formula, razor blades and small electronics. Any merchandise that can be sold easily on the street or in various markets (black, overseas and wholesale) would be those of obvious choice for the ORC criminal. ORC networks and operators pick the targets and plan their operation well in advance. Learning the retail target’s environment is a part of their regular planning. They look for various security measures that are in place (EAS, CCTV and guards), employee awareness and customer service techniques, and operational procedures, such as how many employees work at given times, how employees service customers and, so on. Retailers with fewer security measures and lack of operational controls increase their chances of being viewed as easy or profitable targets by the ORC networks. Indicators that a Retailer has become a Victim Studies in the US indicate that one in 11 people shoplift. Additionally, since shoplifting and theft are near the top of the crime statistics in many countries, it is fairly safe to assume that all retailers experience some degree of external theft. The extent of the incidents and its bottom line impact is dependent on the quality of loss prevention controls and measures used to deter shoplifting. Unfortunately, there appears to be no single or simple answer to whether or not a retailer is being victimised by an organised group. Knowing whether or not the loss of merchandise is from ORC or from what can be classified as ‘general shoplifting’ can be difficult. The easiest or most direct determinant is to witness or apprehend a unified group who
has stolen large quantities of merchandise. That, along with certain indicators of the perpetrators, such as quantities of other retailer’s merchandise, information on the network, choice of targets, and so on, will provide proof that a network is operating within a retail environment. Based on ORC practices, one could then assume that a single location is most likely not the only target. The best indicator is the tracking of inventory losses in specific items or stock keeping units (SKUs). The capacity to track losses at the SKU level during inventory periods will help determine if a specific item is being targeted. More effective and timely is the implementation of cycle counts, which is a proactive tool that allows retailers to track potential shortages as they occur, rather than awaiting less frequent inventory results. The benefit is the ability to identify issues and add deterrence factors and reactionary processes as quickly as possible to avoid larger losses from sustained problems – ORC or otherwise. The Final Determination For a small- to mid-size retailer, the potential for falling victim to ORC may be less than that of larger retail partners. The best precaution is a holistic approach to shoplifting in general, including employee training, education and awareness, strong operational controls, development and testing of the on-the-floor customer service practices of employees and for identified problem locations, and the allocation of physical security measures to raise the deterrence level. ORC may be more frequent or the industry’s awareness of the issue may have increased; either way, it makes sense to stay informed and think proactively.
Ray Esposito is a solutions expert with 20+ years of experience in specialty retail, department store, grocery, and restaurant industries. Ray is currently the Senior Vice President of Strategic Initiatives at LP Innovations, a US-based loss prevention specialist. He can be contacted at www.lpinnovations.com
Security Systems are going IT and
you don’t have to do IT alone.
SEKTOR LAUNCHES SECURITY DIVISION
Networking
Mobile Computing
Point of Sale
Security
Healthcare
Sektor is Australasia’s leading technology distributor to the Networking, Mobile Computing, Retail Point of Sale and Healthcare markets. Their world‑leading IT brands include: HP, AEROHIVE, ARUBA, HONEYWELL, DATALOGIC, EPSON, TOSHIBA, and ZEBRA.
Recognising the trend of security solutions becoming more IT centric, Sektor established its Security Division to support resellers and their customers with these new challenges and proudly brings its extensive expertise to the Security market with innovative solutions from: *
**
Staying one step ahead of your competition is a constant challenge. Selling exclusively via integrator channel partners, Sektor’s ongoing research into emerging trends and technologies ensures its partners are ideally placed to bring the latest innovations and solutions to their customers. Sektor enhances integrators’ businesses via its online partner portal as well as expert advice, service and support from its team of highly skilled technicians with full IT experience. Sektor also provides integrator training programmes as new technologies are introduced to the market.
Find out how Sektor can help you keep on top of IT. AU p: 1300 273 586 I e: security@sektor.com.au I www.sektor.com.au NZ p: 0800 735 867 I e: security@sektor.co.nz I www.sektor.co.nz * Bosch products only available in Australia ** Panasonic products only available in New Zealand
SECURITY SOLUTIONS 073
FEATURE ARTICLE
074 SECURITY SOLUTIONS
Demystifying Technical Surveillance Countermeasures Part Two
By Michael Dever Goal:
to provide a secure environment for people, information & other assets
ICT Security
Information Security Policies & Procedures
Personal Security
Security Management
Vetting Policies & Security Awareness
Technical Security COMSEC, TSCM Risk Management Policies & Procedures
In the first article it was demonstrated that the technical surveillance threat to information security is real, serious and evolving. Part two explores solutions to technical surveillance threats, how to design countermeasures and considerations when selecting a TSCM service provider. Whilst most organisations have protective security measures in place to protect people, cyber and physical assets, the protection of conversations and other forms of confidential communication are generally not of concern to senior executives and therefore are given little or no priority. This lack of concern is due in part to a general lack of awareness of the threats and the appropriate risk management strategies that could be implemented to prevent an attack in the first instance. Another factor is the relaxed Australian attitude towards certain security risks, which is best expressed by the phrase ‘that wouldn’t happen here’, despite mounting evidence of the rapidly growing threat that technical surveillance poses to an organisation’s privacy. The goal of a protective security programme is to provide a secure environment for people, information and other assets. The interrelationship between protective security measures is shown in Figure One.
Physical Security
Barriers, locks, containers, alarms, EAC, guards Figure One – Protective security goal
SECURITY SOLUTIONS 075
FEATURE ARTICLE
A comprehensive information security plan will include implementation of relevant technical surveillance countermeasures (TSCM). The question facing most security directors is how to decide what TSCM are required to protect the confidentiality of an organisation’s information. The need for TSCM can only be determined by a systematic analysis of individual situations. The first step is to recognise the potential to be a target. The second is to assess the threat of technical surveillance and the third is to assess how vulnerable the organisation is to technical attacks. The final step is to develop a risk management strategy. Depending on the threat level that an organisation is exposed to, effective TSCM can be very expensive to implement and, therefore, before deciding which measures are needed, a detailed threat, vulnerability and risk assessment should be conducted by a recognised professional TSCM specialist. The assessment should consist of a detailed review of existing countermeasures and of technical security weaknesses that could facilitate a technical surveillance attack. The findings of the TSCM risk assessment and recommendations for improvements should be contained in a written report for consideration by the senior management of the organisation. Inspections One solution to the threat of technical surveillance is a TSCM inspection. Governments and businesses conduct TSCM inspections because they need privacy to operate effectively. This becomes more relevant when there are important board meetings, outside meetings, strategy planning sessions or offices at executive residences that are used for sensitive discussions. The principal objective of a TSCM inspection is to provide the client with a high level of assurance that those conversations, images or other data contained within the nominated secure areas remain private. To counter contemporary technical surveillance threats to the security of people and information, a TSCM inspection of sensitive areas requires the combination of: • people (vetted, TSCM trained and experienced) • TSCM tradecraft • specialised TSCM equipment (designed
076 SECURITY SOLUTIONS
to detect technical surveillance devices and attacks). A TSCM inspection is basically a technical investigation with an emphasis on detection. Depending on the identified scope of work, there are different types of TSCM inspections that can be provided. A professional baseline TSCM inspection should, as a minimum, include the following activities: • TSCM inspection plan, involving discussions with the client to determine the client’s concerns and logistical issues, such as access and timing of survey • radio frequency analysis, involving the use of a spectrum analyser to check the radio frequency spectrum for unauthorised transmissions • conducted emissions analysis to ensure that no room conversations are being carried out of the premises by telephone, intercom, public address, fire or security alarm wiring • search of electromagnetic spectrum for infrared transmissions • detailed physical search of the target area(s) to ensure that no surveillance devices are present; conducted using specialised tools as required • assessment of oversight • evaluation of the audio security environment and sound dampening measures • written report outlining the work done and any findings and recommendations. In-conference monitoring is similar to a full TSCM inspection with the addition of realtime monitoring of an important event. Some organisations may even have a need to protect themselves against technical surveillance 24 hours per day. It cannot be overemphasised that the type of TSCM inspection needed should be guided by the TSCM risk assessment.
The question facing most security directors is how to decide what TSCM are required to protect the confidentiality of an organisation’s information.
In-house vs Outsourced Services The high cost of maintaining up-to-date TSCM equipment and training means that most organisations will use outsourced solutions rather than establish their own TSCM capability. Each solution has relative advantages and disadvantages that need to be weighed up by the individual organisation. In-house solutions: • Advantages: o secrecy (no need to involve outsiders) o may be able to use existing staff and therefore reduce overall costs • Disadvantages o cost of equipment and training (>$500k) o complacency of own staff Outsourced solutions: • Advantages: o more cost effective for most organisations • Disadvantages: o involvement of outsiders o no national standards, therefore, it can be difficult to judge the competency of providers Inspection Protocols A best-practice TSCM inspection methodology is necessary to ensure that inspections are effective and implemented without alerting those seeking to obtain information by covert means. Activities should be covert so as not to alert a potential adversary. The inspection work itself is highly dependent on strict operational security being observed. For maximum effectiveness, TSCM inspections should be conducted in two phases, namely the non-alerting and alerting phases: 1 Non-alerting phase During the non-alerting phase of a TSCM inspection, every effort is made to conceal the TSCM activities so as not to alert potential eavesdroppers. The importance of the nonalerting phase cannot be overemphasised and failure to observe this practice could lead to a false sense of security and negation of other TSCM procedures. 2 Alerting phase The physical search of the target areas is conducted during the alerting phase.
Service Providers The provision of TSCM services in Australia is completely unregulated in the commercial sector, therefore, clients for these services should perform the same sort of due diligence that they would apply to the provision of professional services in general. There are many different types of entities offering TSCM services in Australia. Unfortunately, there are two tiers of providers – professional TSCM providers and the rest. Currently in Australia there are probably fewer than five professional TSCM providers. The rest consist of wannabes, such as private investigators, retirees from government service, part-timers, moonlighters, hobbyists, amateurs and downright frauds. For a relatively small amount of money,
any prospective client should not assume that providers are trustworthy without conducting these background checks. Unfortunately there are currently no recognised competency standards or codes of practice in Australia for this highly specialised work. So how do consumers determine whether the company or individual offering these services is competent and trustworthy? Genuine TSCM practitioners will always be happy to discuss their particular qualifications, accreditations and experience. TSCM specialists must have a background in electronic engineering (an advanced diploma or undergraduate degree) with an emphasis on radio frequency and communications systems, as well as a minimum of three years relevant TSCM experience. No
these people? • Are the team members aware of their obligations under Work Health and Safety law and possess training to carry out the inspection work in a safe manner? • What is included in the TSCM inspection? • Can the company provide preconstruction advice? • Can the company offer training and education to management/key personnel? Technical security is a highly specialised technical field that requires a professional TSCM specialist possess a detailed knowledge of modern radio and communication systems, building construction techniques and physical security.
The principal objective of a TSCM inspection is to provide the client with a high level of assurance that those conversations, images or other data contained within the nominated secure areas remain private. anyone can purchase a ‘bug detector’ from the internet and hang out their shingle as a TSCM expert. Impressive websites do not tell the whole story about who can and who cannot provide a professional TSCM service to a high level. Before hiring a TSCM service provider, organisations should determine the provider’s background and qualifications to ensure the provider has the correct equipment and personnel who know how the equipment operates. Many private investigative and engineering firms advertise that they perform TSCM services, but few have the experience and/or equipment to do a competent job. Beware of firms that offer so-called debugging or sweep services. Usually these firms only perform certain parts of the inspection, such as an electronic search for radio frequency room bugs, without a physical search or conducted emissions analysis. Whilst some Australian governments maintain their own organic TSCM inspection teams, they explicitly do not endorse commercial providers. Anyone who claims government endorsement is providing misleading information. There is no mandated security licencing, criminal history or security checks of commercial TSCM providers in Australia. This means that
matter how sophisticated or expensive the piece of electronic hardware being used, the operator should have training in electronics and communications to fully understand the readings and signals given by the machine. Do not be fooled by persons claiming previous law enforcement or intelligence backgrounds. Unless they possess direct and recent experience in a TSCM team, it is likely they are using their previous employment to provide them with a de facto endorsement. Always be dubious of anyone who claims to have found many devices. When selecting TSCM providers, ask the following questions as a starting point: • Is TSCM the only service provided by the company? • What is the reputation of the company? • Will the company sub-contract this service out? • What equipment does the company use? • Is the equipment up-to-date? • What are the backgrounds of the TSCM team? • Are TSCM team members security cleared? • Are the team members qualified and authorised to look at electrical, structured cabling systems or telephone systems? • Are the team members trustworthy? • Do I want to discuss my/our weaknesses with
Conclusion TSCM inspections used alone are of limited value unless the other protective security domains are also effective. An organisation is put at great risk from a false sense of security if too much reliance is placed on electronic inspections without a proper assessment of the threat and a detailed TSCM inspection involving audio, radio frequency and carrier current checks and a detailed physical inspection. With computers becoming a fixture in business and private lives, any TSCM inspection should also take computers into consideration. Sensitive corporate and personal information are likely to be contained on computer hard drives. If security is important enough to pay for a TSCM inspection, then it is important enough to pay for a legitimate sweep conducted by a trained, experienced and equipped TSCM professional.
Michael Dever CPP is a Canberra based independent consulting security adviser who specialises in TSCM. Michael is an internationally recognised subject matter expert on TSCM. He can be contacted via: michael@edpsolutions.com.au
SECURITY SOLUTIONS 077
AVIATION ALARMSSECURITY
Changes To Aviation Screener Training – Are They Flawed? By Steve Lawson About two years ago, the author wrote a couple of articles about aviation screener training in Australia and then presented on the subject at the Australian Security Industry Association Ltd (ASIAL) Security 2013 Exhibition & Conference. In the first of those articles, he said, “A change to screener training to some extent... presupposes that there is something wrong with the current screening regime in Australia or that some weakness needs to be fixed urgently... From my experience with screening in Australia and overseas, aviation screening in Australia is, if not the best, certainly among the best in the world.” He stands by that statement for current screeners. However, since then, the new training requirements have been introduced. The changes to aviation screener training are an example of a process where many experienced people have put into place a regime that is logical and was developed with a huge amount of industry input. Yet it is fundamentally flawed. Firstly, let us look at the current regime and then where there are issues. To be qualified, an airport screener must hold either a: • Certificate ll in Aviation Transport Protection, or • Certificate ll in Security Operations. Note that it is no longer a requirement for a screener to hold a security licence. The Certificate II in Security Operations is the old qualification and will remain as an alternative qualification during the transition
078 SECURITY SOLUTIONS
period, after which only the Certificate II in Aviation Transport Protection will be acceptable. The Certificate II in Aviation Transport Protection is divided into two qualifications: • AVI20713 – Certificate II in Aviation Transport Protection (Checked Baggage Screener), and • AVI20613 – Certificate II in Aviation Transport Protection (Passenger/Non- Passenger Screener). As nationally recognised training, these qualifications are delivered by Registered Training Organisations (RTOs). However, there are restrictions on the RTOs that may provide these qualifications for screeners at securitycontrolled airports. Abbreviating the restrictions, they must have access to: • the facilities of a security controlled airport where they can train and assess participants using the National Assessment Tool (NAT), and • the NAT. The NAT covers four of the units of competence and is only provided to authorised RTOs that meet the conditions above. The NAT is consistent across all airports. This all sounds very logical and was developed with industry consultation, so why is it flawed? Firstly, are security companies going to hire someone who does not hold the relevant qualification? In practice, probably not. They will want to hire someone who at least holds a base qualification and then provide further training. Otherwise, they could spend an inordinate amount of money training a person
only to find that he or she is unsuitable. The recruitment timeline would increase and, given the retention rate for screeners, could cause an issue at regional airports. Secondly, to be a useful screener it is necessary to hold both qualifications; admittedly some units are the same, but not all. Next, none of these qualifications are applicable to air cargo. It can be argued that a person able to screen check baggage should be able to screen air cargo. If that is the case, then why are there different qualifications for checked baggage and passenger screeners? It can be argued that there is probably a greater difference between these qualifications and air cargo screening. At present there is not an air cargo screener role under the regulations, but there is in practice and it would be reasonable to assume that there will be in the reasonably near future. Now let us consider the screener providers and their workforce. It is important to remember that almost all screening providers are security companies and at many airports they provide both airport screeners and airport guards. At many airports the same person may be both a screener and a guard. So does the new qualification cover both guards and screeners? No! To be a guard, the regulations require that he or she: holds at least a Certificate II in Security Operations, or holds another qualification that, in the secretary’s opinion, is equivalent to a
1 2
Certificate II in Security Operations, and is licensed as a security guard in the state or territory in which the airport is located, if required by state or territory legislation, and has completed training, approved by the secretary, which is designed to ensure familiarity with the Act (in particular, the power of an airport security guard under section 92) and the Regulations. The Office of Transport Security (OTS) says that the Certificate II in Aviation Transport Protection qualification “is recognised as at least equivalent to Certificate II in Security Operations”. These are nice words, but it is not the equivalent of the Certificate II in Security Operations for security licence purposes so it cannot be argued that the Certificate II in Aviation Transport Protection covers point two above when a state security licence is required. Once transition has completed, to work at an airport it is probable that a screener will need to hold three qualifications and a security licence! The next problem is the number of RTOs that are authorised by the OTS to access the NAT. There are currently seven on the list, although it is possible that one or maybe two do not have the current qualifications on scope (they are not authorised by the Australian Skills Quality Authority [ASQA] to deliver the training). Such a small group with such high entry barriers creates an oligopoly where these companies have control over the price. Oligopolies are not always bad, but they are like monopolies; with so few participants they have an inappropriate market power. They still compete, but it is not always as rigorous as it should be and typically an oligopoly will result in higher prices. There is also an issue with the application of the NAT. While there is no suggestion that the examples given have happened, they are possible. Consider this scenario. I am a security screener provider at an airport. I am not the screening authority. The screening authority provides access to the screening point to an RTO. (This assumes that the course is offered to people other than employees of the screening provider.) As the screening provider, these are just some of my questions:
3 4
• As the company responsible for screening, do I have to accept the students working on a live screening point? • Who bears the cost of supervising those students? • If I am not supervising the students, what relationship do I have to have with the trainer/ supervisor? • Who has the liability in the event of a breach of the screening point when a student was involved? Similarly, I am now a security screener provider at an airport and also the screening authority. I provide access to the screening point to an RTO. If I were the airport authority, I would have similar questions. These issues can be fixed by including them in contracts, but contracts for something as complex at this cost money and are not usually bulletproof, especially when a breach occurs. Other than criticising, what is the solution? It is quite simple really: Keep the Certificate II in Security Operations as the base qualification for screeners. Create a smaller aviation screener skill set. The skill set would be no more than four to five units providing skills across passenger, checked baggage and air cargo screening. Provide screening providers with a NAT that is conducted in the workplace. Consider variations of the NAT for different security categories of airports; so a person who was assessed at a category 1 airport can work at all other category 1 airports without further assessment, but a person who was assessed at, for example, a category 5 airport would need further assessment before being able to work at a higher category airport. This is not because there would be major differences in the NAT, but there should be an upgraded NAT to familiarise people with more complex environments. Points one and two would be provided by RTOs and do not require access to an airport. This act alone would increase competition and may have a downward pressure on training costs. In any case, there would be an immediate downward pressure by reducing the number of qualifications. Importantly, screening providers would have a pool of applicants who already hold
1 2 3
a base qualification. The role of the screening provider now becomes the application of the NAT. Point three would be provided by the screening provider. Effectively, a person who completes points one and two would hold a base qualification. Point three is an endorsement that allows them to work at a security-controlled airport. An additional advantage would be that other industry areas, such as courts, prisons, detention centres and event security, could modify the screener skill to suit their environment. Should the government immediately drop the current system and implement these suggestions? Obviously not, but there needs to be another good look at screener training before the Certificate II in Security Operations is dropped as an acceptable qualification. In security, the best security is usually simple. It is the same in training; it should be simple and relevant. Part two of this article in the next issue of Security Solutions Magazine continues the discussion on aviation training, looking specifically at the recent government changes for air cargo training and the consequences of those changes.
Steve Lawson has over 20 years of experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on 0404 685 103 or slawson@avsecconsulting.com
SECURITY SOLUTIONS 079
LEGAL
Q&A Anna Richards
Do Directors Really Know What Duties They Owe Under The Law? It is amazing how many people in the security industry open businesses based on the idea ‘I can do it better’. While entrepreneurial spirit is a great thing, those same people often do not give a great deal of thought to the ramifications of taking on the position of director of a company. Source of Directors’ Duties Duties are imposed on directors through a number of sources, including: • statute or legislation • case law or court-made law • the constitution of the company. Statute or legislation refers largely to the Corporations Act 2001 (Commonwealth) (the Act) which is an Act of Parliament that sets out various legal provisions, including directors’ duties and penalties applicable if those duties are breached. Case law (also known as common law) is law created by courts. Often such laws arise where there are gaps in the legislation/statute and when the courts are called upon to define how statute should be applied to particular cases. The company constitution is the document which sets out various rules that apply in relation to the particular company. The provisions of a standard constitution are often adopted from legislative provisions. Due to the substantive nature of the above matters, this article only explores those duties on directors which are imposed by legislation. Who is a Director? Section 9 of the Act defines a director of a company or other body as including: • a person who is appointed to the position of director or alternate director regardless of the name that is given to his or her position, and
080 SECURITY SOLUTIONS
• most importantly and interestingly, a person who is not validly appointed as a director, but either: o that person acts in the position of a director, or o the directors of the company or body are accustomed to act in accordance with that person’s instructions or wishes. Therefore, even the statutory definition of director means that people other than those who are clearly appointed as being one can still be viewed as owing the duties of directors under statute/legislation and case-made law. Statutory or Legislative Duties Owed by Directors 1. Section 180 (1) – Duty of care and diligence and the business judgment rule This section requires a director or other officer of a company to exercise his powers and discharge his duties with a degree of care and diligence that a reasonable person would exercise if they: (a) were a director or officer of a corporation in that corporation’s circumstances, and (b) occupied the office held by, and had the same responsibilities within the corporation as, the director or officer. 2. Section 180 (2) – The business judgment rule This section states that a director or other officer of a corporation who makes a business judgment is taken to meet the requirements of section 180 (1) and his equivalent duties at common law and in equity in respect of a judgment if he: (a) makes the judgment in good faith for a proper purpose, and (b) does not have a material personal interest in the subject matter of the judgment, and (c) informs himself about the subject
matter of the judgment to the extent that he reasonably believes to be appropriate, and (d) rationally believes that the judgment is in the best interests of the corporation. A ‘business judgment’ is taken to be any decision (including to omit to do something) relating to the business operations of a corporation. It is not sufficient for a director to simply deny being aware of the risks of having the company transact in certain ways without having carried out due diligence or informed himself of the risks of the transaction. 3. Section 181 – Duty of good faith Section 181 (1) of the Act states that a director or other officer of a corporation must exercise his powers and discharge his duties: (a) in good faith in the best interests of the corporation, and (b) for a proper purpose. A director might be found in breach of this provision even if he believes that he is acting honestly. 4. Section 182 – Duty not to make improper use of position Section 182 (1) of the Act states that a director, secretary, other officer or employee of a corporation must not improperly use his position to: (a) gain an advantage for himself or someone else, or (b) cause detriment to the corporation. A director can be found in breach of this duty even if he or another person does not in fact receive some form of benefit or cause some form of loss to the corporation if he is found to have conducted himself with the intention and purpose of obtaining the benefit or causing the detriment. An example would be where a director uses information which he learned through his position in the corporation (and which was
LEGAL
Q&A not public knowledge) to have the company engage in a transaction which benefitted himself or his family. A well-known example would be what is commonly referred to in the media as insider trading. 5. Section 183 – Duty not to make improper use of information Section 183 (1) of the Act states that a person who obtains information because he is, or has been, a director or other officer or employee of a corporation must not improperly use the information to: (a) gain an advantage for himself or for someone else, or (b) cause detriment to the corporation. Again, regardless of whether an advantage is obtained or a detriment is caused, a director or former director can still be found in breach of this duty if he has the intention and purpose of obtaining such an advantage or causing detriment. Again, insider trading would fall into this type of category. 6. Section 184 – Criminal offences Directors can also become liable for criminal offences under the Act in certain circumstances. The penalties for criminal offences tend to be more severe and can involve imprisonment. The main penalties for criminal offences arise under section 184 of the Act. The following is a summary of the types of scenarios in which criminal liability can ensue. 1) Where a director is reckless or intentionally dishonest and fails to exercise his powers and discharge his duties: • in good faith in the best interests of the corporation, or • for a proper purpose. 2) Where a director uses his position dishonestly: • with the intention of: o gaining an advantage for himself or someone else, or o causing detriment to the corporation, or
• recklessly as to whether the use may result in him or someone else: o gaining an advantage, or o causing a detriment to the corporation. 3) Where a person obtains information because he is or had been a director or other officer or employee of a corporation if he uses that information dishonestly: • with the intention of: o gaining an advantage for himself or someone else, or o causing detriment to the corporation, or • recklessly as to whether the use may result in: o him or someone else gaining an advantage, or o causing detriment to the corporation. 7. Section 588G – Duty not to trade whilst insolvent Section 588G of the Act also imposes a duty on a director to avoid the corporation trading whilst insolvent. A corporation is deemed to be insolvent when it is unable to pay its debts as and when they fall due and payable. A director will be in breach of this duty if: • he is or was a director of the corporation at the time it incurred a debt, and • the corporation was insolvent at that time or becomes insolvent by incurring that debt, and • at the time of incurring the debt, there were reasonable grounds for suspecting that the company was insolvent or would become insolvent as a result of incurring the debt. However, the following defences are open to such a director: 1) where it can be proved that, at the time that the debt was incurred, that the person had reasonable grounds to expect, and did expect, that the company could pay its debts as they fell due and became payable and that it would remain in that position even if it incurred the debt.
2) where the person, at the time that the debt was incurred had reasonable grounds to believe and did in fact believe that: • a competent and reliable person was responsible for providing adequate information about whether the company was solvent, and • that other person was fulfilling that responsibility, and • on the basis of the information provided that the company was solvent at the time and would remain solvent upon incurring that debt and any other debts at that time. 3) in the case of a director, where at the time that the debt was incurred by the corporation, that director did not take part in the management of the company because of illness or for some other good reason. 4) if the director took all reasonable steps to prevent the corporation from incurring the debt. So, in summary, becoming a director of a company has many implications. For that reason, it is imperative that anyone taking on this role is aware of those duties and responsibilities so that he at least has the knowledge to hopefully avoid situations that may lead to a breach of any of those duties. Anna Richards is the Legal Director and a lawyer from Victorian Legal Solutions Pty Ltd and practices in the areas of Commercial law including Commercial litigation and other areas. Anna Richards and Victorian Legal Solutions can be contacted on (03) 9872 4381 or 0419 229 142.
Whilst every effort has been taken to ensure its accuracy, the information contained in this article is intended to be used as a general guide only and should not be interpreted to take as being specific advice, legal or otherwise. The reader should seek professional advice from a suitably qualified practitioner before relying upon any of the information contained herein. This article and the opinions contained in it represent the opinions of the author and do not necessarily represent the views or opinions of Interactive Media Solutions Pty Ltd or any advertiser or other contributor to Security Solutions Magazine.
SECURITY SOLUTIONS 081
Merging Security And Convenience With Mobile By Steve Katanas Mobile Access Using a mobile device to gain access to different buildings is not only about solving a particular problem. It is also about doing things better by embracing technological advances and delivering a concept that will change how users interact with readers and locks and open doors using their mobile devices. In the era of mobility and cloud computing, enterprises and individuals are increasingly concerned about the security and protection of their physical environment. Correctly implemented, mobile access has the potential to change how users open doors as it is the first time in history there has been a solution that can increase both security and convenience. Mobile Trends The mobile industry is known as one of the most innovative and fast-paced industries, and advancements in recent years have been nothing short of remarkable. Industry research firms project that the number of shipped smart, connected devices will grow to 1.7 billion units in 2015. This rapid growth is affecting the underlying technologies and standards in mobile devices as more people use them in their daily lives and new applications are developed. At the same time, much of the technology used in mobile devices today has been around for quite some time before being accepted by the mobile community. Bluetooth was introduced in 1994, but it took 15 years before it became a de-facto standard in mobile devices. Browsing the internet on mobile devices has been possible since the beginning of 2000, but it was not until the introduction of the iPhone in 2007 that the use of a mobile device as a connected computer became widespread. Near field communication (NFC) was introduced in the Nokia 6131 in 2006 and since then most device platforms have added support for NFC; nevertheless, the number of launched services based on NFC has been less than impressive.
082
Opening doors with mobile devices is not a new idea. Early technology tests were performed in the beginning of 2000 to make payments, ride the subway and open doors. In different parts of the world, solutions have been made available to the public. Interest in contactless services has always been high, but creating the user experience and added value that end-users expect has proven challenging. Using an existing payment or access card is, in many cases, perceived as workable enough, while the relevant underlying technology has made it difficult to launch services that can scale. There have been many different approaches to enabling mobile access control using different technologies such as micro SDs, add-on sleeves, MIFARE Classic, NFC Peerto-Peer, and Bluetooth Classic, each with their unique sets of challenges. History shows that it is essential to have an architecture that is both agnostic to underlying technologies, such as NFC or Bluetooth Smart, and adaptable to any new trends in the ever-evolving mobile industry. Technologies That Support Mobile Access Today Confidence and education in the use of contactless applications and technologies such as NFC, Bluetooth, mobile wallets, iBeam and iBeacon are continuously growing, and so is the understanding of what technologies are best suited for mobile access control. No matter what the technology, mobile devices offer an unparalleled way to change the way users open doors. However, security administrators and IT directors will need to review which mobile-related technologies will allow them to best engage with their employees to create the optimal access experience on their premises. Near Field Communication (NFC) NFC was developed to address the dilemma of multiple contactless standards, but its
introduction into mobile devices has been less than smooth. Emulating a contactless card on a mobile device was, up until very recently, only possible via a secure element (SE), such as a SIM card. An ecosystem in the form of trusted service managers (TSM) had to be setup to support the SE-centric model, which resulted in complex technical integrations and business models that made it difficult to launch contactless applications based on NFC. In 2013, Google introduced a new NFC feature in Android 4.4 called host-based card emulation (HCE). HCE allows a contactless card to be emulated in an app without dependencies on an SE. With HCE it is possible to launch NFC services in a scalable and costeffective way as long as a standards-based card technology is used. HCE will make NFC more accessible and versatile so that developers will then expedite services to market, which, in turn, will stimulate consumer familiarity and encourage adoption. At the same time, however, the iPhone is a very popular device in the enterprise segment, and many are used in organisations around the world today without NFC support. The number of installed Android 4.4 devices is growing fast, but with the lack of NFC in the iPhone 4 and iPhone 5, coupled with the fact that NFC support in the iPhone 6 is currently only available for Apple Pay, there is still questionable market penetration for HCEbased solutions. NFC host-based card emulation: • allows standards-based contactless cards to be emulated by an app • works with NFC-enabled readers if a standards-based card technology is used • is a good solution where a tap experience is preferred • is not supported by iPhone. Mobile operating systems with support for NFC host-based card emulation: • Android 4.4 • BlackBerry 9 and 10.
Bluetooth Smart Bluetooth Smart was introduced into the Bluetooth Standard in 2010 and, having gained a lot of traction in markets such as healthcare and fitness, is now finding its way into the payment and coupon redemption industry. One of the success drivers for Bluetooth Smart is the support the technology has received from Apple, who has supported Bluetooth Smart since the iPhone 4S. Google added Bluetooth Smart to Android 4.3 and, as of 31st October 2013, Bluetooth Smart is the only contactless technology capable of supporting a service on the two major mobile operating systems, Android and iOS. Its low power consumption, no need for pairing and the long reading distance makes Bluetooth Smart an interesting option for mobile access control. Bluetooth Smart: • does not require pairing and has low power consumption, which makes Bluetooth Smart, combined with a standards-based contactless card technology, a good technology for enabling mobile access • enables readers to be placed on the safe side of the door or be hidden • opens doors from a distance as users park their cars, or opens the door for someone ringing the doorbell • enables configuration of readers including firmware with a Bluetooth Smart- enabled device (such as a phone or tablet). Mobile operating systems with support for Bluetooth Smart: • iOS 7 and 8 • Android 4.4 • BlackBerry 10 • Windows Phone 8.1. With mobile access technology continually evolving, it is best to ask the mobile access product vendor for a list of supported handsets in order to assess and compare products. Transactional Experience Rarely misplaced and consistently in hand, the mobile device has become the most valued technology most people own. Using mobile devices to open doors is moving physical access control forward and merges security and convenience. The longer read range with Bluetooth Smart opens up new ways to open doors and offers new options for where to place readers. A door can be unlocked upon approach, for a quicker and smoother experience when entering a building. Having Bluetooth Smart-enabled readers in parking
garages has proved to be much appreciated; instead of rolling down the car window and reaching out of the window to access a reader, it is now possible to gain effortless access while driving up to the gate. For some types of doors, like conference rooms where multiple readers might be located in close proximity, a tap-like experience with a physical card might be a better option, to ensure that the correct door is opened. Architectural ingenuity is pushing building design in bold new directions and the traditional reader placement next to the door might not fit in an office constructed mainly of glass walls. Readers and locks, typically placed on the outside of doors, may also be targets of vandalism. Combining the long read range of Bluetooth Smart with a directional antenna can increase security by mounting readers on the safe side of the door; for aesthetics, readers can be placed out of sight. Given the nature of contactless technologies, the reading distance can vary depending on the environment in which a reader is placed. In an elevator, the reading distance can be greatly amplified by the surrounding metal. The type of smartphone used can also affect the reading distance. Having the option to configure readers for the right opening mode, long range or tap, and to fine-tune the optimal reading distance depending on the environment are important features of a carefully considered mobile access solution. When implementing any new type of solution, it is crucial to consider the impact it will have on users. First impressions are lasting ones and the solution may be easily dismissed if it does not meet expectations. The experience of opening doors with mobile devices must be streamlined, intuitive and convenient; the user should not be required to perform too many steps. If one has to unlock the device, start
up in a short time frame at the beginning of the year. Ordering, printing, handing out and managing lost cards takes up valuable time for security personnel, as well as employees and students. The benefits of mobile access are not limited to the convenience of opening doors. Connected mobile devices introduce new possibilities to manage mobile identities in near real time. Using a cloud-based portal to centrally manage identities frees up time for staff, who today are managing physical badges. A robust mobile identity management system has proven processes for managing employees and students, and the entire life cycle of mobile identities to increase the efficiency of security administrators. A key feature to consider when implementing mobile access control is how an employee is on-boarded and issued a mobile identity. Simply adding a user’s name and email should trigger the process to send out an invitation email to the employee with instructions on how to install the app. When the app is installed and configured, the correct mobile identity should be provisioned to the mobile device and the security administrator should be notified when the process is complete. For larger organisations, it should be possible to mass upload user data from a file. The mobile identity platform should validate the data and, for each user, go through the process of sending an invitation email, issuing an appropriate mobile identity and notifying the security administrator when a user has installed the app and has been provisioned a key. Mobile identities should be unique and, when ordered, they should automatically be configured to match the specific attributes of the organisation and the facilities where they will be used. Issuing a mobile identity to an employee or student should require only
an app, select a mobile ID and then present the device to the reader, the user will quickly find their current physical badge to be a better solution. It is also important that the user has an equally smooth experience on different mobile platforms; having one experience on Android and a different on iOS will result in confused employees, and more training and support calls for the security staff.
selecting the user and the correct mobile identity. Manually entering physical access control system (PACS) numbers and facility codes is prone to errors and is time consuming, which will likely result in a bad experience for the staff managing the mobile identities. Many organisations have offices around the globe with different access control systems and an employee visiting a remote office is often required to get a visitor badge. With a mobile access solution supporting multiple mobile identities per mobile device, an employee can receive an additional mobile identity before leaving or upon arrival. As iPad and tablets become more common in
Management Considerations Managing badges and identity cards can be a time-consuming task for security staff. University administrators have their own set of challenges when thousands of students show
SECURITY SOLUTIONS 083
the workplace, having the ability to connect an employee with different mobile devices will be another important feature. Using a mobile device for logical access to authenticate to different services is a clear trend in the market. Many organisations today see the benefit of converging physical and logical access to cut costs and improve security. A common mobile identity platform for both physical and logical access makes it easier for security administrators to manage access rights and for employees to authenticate to different services as the mobile device will be a common platform. A security administrator can send out identities on demand to a single employee or a group of employees; these can then be used for logical access to enable signing on to services such as virtual private network (VPN) and email using strong authentication, all managed in one mobile identity platform. Security Considerations Attacks can come from many directions, utilising many tools and tactics. Protecting each link within a mobile access solution and ensuring that there is no single point of failure between readers, mobile devices and backend security systems requires a multi-layered security model. In the rare event criminals succeed in breaching one layer, the doors beyond remain locked. Managing digital keys on mobile devices requires a holistic view of end-to-end security, beginning with how the digital keys are generated, managed over their life cycle and stored on mobile phones. The mobile identity platform must be designed with security as the first priority; all mobile identities and user information should be protected in a secure vault based on hardware security models (HSMs), where all encryption keys are stored and used in cryptographic operations. Modern mobile operating systems such as Android and iOS are built to maintain a high level of security and a mobile access app should be built to take advantage of the security features. The app should run in a dedicated sandbox that ensures that no other apps can access or modify data used by the app, and sensitive data and keys should be protected by a device keychain, an area on mobile devices used for storage of sensitive data. In addition to the security of the mobile operating system, mobile identities should be signed and encrypted to prevent any manipulation of the mobile identities.
084
As with physical cards, the ultimate control of who is allowed access to a building is decided by the local access control system. If a mobile device is lost, stolen or compromised, the access rights for its digital credential can be inhibited in the access control system, preventing any unwanted access. In the unlikely event a mobile device is compromised, the attack should be limited to the specific mobile identities installed on the device, as each digital key should be unique. An employee is also far more likely to notice a lost mobile device than a physical badge. Mobile devices also have an advantage over physical cards as they are online; if a security administrator wants to remove a digital key from a device, the mobile identity can be revoked over the air as long as the device is connected to the wireless network. If an employee reports a lost device, the mobile identities can be revoked before the device ends up in the wrong hands. To further reduce the impact of a stolen device, mobile identities can be configured to only engage with readers when the mobile device is unlocked. This means that an unauthorised user would have to get around the device personal identification number (PIN), face recognition or fingerprint protection to be able to use it to open doors and access the building. Considerations When Implementing Mobile Access When implementing mobile access there are a few things to consider before deciding on the type of reader to invest in. The installed base of mobile devices can affect the technology choice as iPhones 5s and earlier do not support NFC. In organisations with a large base of iPhones, Bluetooth Smart is the only option. The types of doors to be mobile-enabled should also be considered. Parking garages, main entrance doors and elevators can all benefit from a longer read range by increasing convenience for the employees. Areas where many readers are in close proximity to one another should utilise a tap experience to minimise risk of opening the wrong door; both NFC and Bluetooth Smart-enabled readers can support a tap experience. Many organisations have a mobile device management platform where corporate apps are published and run in a specific container on the mobile device. Making sure the mobile access solution is interoperable with the
mobile device management (MDM) platform can make sense, especially if security settings are controlled by the MDM platform. Leveraging existing investments in physical cards and readers should also be considered. Even though mobile access increases convenience, some organisations might allow their employees to keep the physical badge as a backup, while still promoting a seamless migration to a more secure standard and mobility. Summary As companies merge security and convenience at the door by transforming smartphones and other mobile devices into trusted, easy-touse digital credentials that can replace keys and smart cards, there are certain things to consider when choosing a mobile access solution. To be certain the solution works with the latest smartphone technologies and is able to evolve with the mobile industry, it should be rooted in a standards-based card technology that can be emulated on a large number of mobile phones, tablets and wearables. To gain acceptance among employees and students, the user experience must be equal to that of physical cards. First impressions last and the solution may be easily dismissed if it does not meet expectations. The experience of opening doors with mobile devices must be streamlined, intuitive and convenient; the user should not be required to perform too many steps. An interesting value proposition of mobile access is the possibility of sending and revoking mobile identities in almost real time, and for maximum benefit, the mobile identity platform must be designed for administrator convenience and efficiency. Mobile access presents the opportunity to dramatically alter how users open doors and interact with their environment and, when implemented correctly, the future of access control will come knocking.
Steve Katanas is the Director of Sales AU, NZ for HID Global. For more information, please visit www.hidglobal.com
2015
S NOMINATION NOW OPEN
128 SECURITY SOLUTIONS
SECURITY SOLUTIONS 085
086
Cybersecurity Takes Centre Stage As A Crisis Risk By Dr Tony Jaques 2014 was a landmark year for cybersecurity, one which saw a real change in reputational risk for corporations and other organisations. It also reinforced once and for all that hackers and data breaches are never ‘just an IT problem’. The year began with US retailer Target admitting that hackers stole personal financial details of up to 70 million people in a pre-Christmas raid, and the World Economic Forum in Davos declaring cybersecurity a major global risk. The year ended with hackers compromising the details of 83 million accounts at JP Morgan Chase, making it one of the biggest data breaches in history, followed by the utter debacle of the Sony hacking attack, and North Korea threatening retaliation over a supposedly funny movie about the assassination of Kim Jong-Un. 2015 has not started much better, with hackers hitting the US military’s Central Command Twitter and YouTube accounts, as well as hacking accounts at Delta, Twitter and Newsweek. The Pentagon decided to call their breaches an “annoying prank” and said they did not affect military networks and that no classified or operational data was accessed. Privately, however, they must have been very worried. Of course, cybersecurity is nothing new. But recent events have helped moved the focus from firewalls, and criminal penalties, and technical solutions to corporate crisis response and reputation management. Organisations that are the victims of hackers are routinely criticised for poor online security, for failure to take proper measures, and for slow or inadequate communication to affected parties.
Moreover, the cyberattack on Sony and its decision to withdraw the movie The Interview in the face of North Korean threats moved cybersecurity onto front pages around the world and mobilised a new crowd of stakeholders and commentators, including film stars, freespeech advocates, and politicians right up to the White House. It is ironic that all of this attention should be generated by a movie which film critic Scott Mendleson called a “below average comedy” on his list of top ten most disappointing movies of the year. While Sony eventually authorised a limited release of the film, a conga line of self-appointed experts attacked every aspect of the company’s response – for giving in to threats, for potentially endangering the lives of moviegoers, for undermining free speech, and for making the movie in the first place. Managers everywhere should take note that cybersecurity has now well and truly moved to centre stage as a crisis risk. It has always been true that how an organisation responds to a crisis can be a far greater risk than the crisis event itself and can endanger the reputation of the whole enterprise. As the Sony case shows, this is certainly true when it comes to a cyberattack. The CEO of Sony admitted his company had “no playbook” for how to respond, but he argued that his firm was “adequately prepared” but “just not for an attack of this nature”, which he said that no firm could have withstood. Maybe he deserves some sympathy, but the reality is that many organisations are still focussed mainly on technical solutions
SECURITY SOLUTIONS 087
It is easy to be critical after the event, but IT failures and cybersecurity breaches do not have to be a reputational disaster. and are not prepared to manage a cybercrisis at a management level. The threat is not confined to American corporate giants. A recent report showed that Asian countries are seen as the most likely targets of cyberattacks in the world, and a study of Australian small to medium businesses showed that more than half have no risk plans or strategies in place in the event of a crisis. In fact, it was an Australian IT disaster – the payment system crash at National Australia Bank (NAB) in November 2010 – that helped reinforce the crucial link between system security and corporate response and reputation. The crisis quickly spread across the finance sector and left millions without pay or social benefits, and no access to accounts, ATMs or EFTPOS. Some of the bank’s ‘explanations’ were most unhelpful, such as “the outage was caused by a corrupted file” and “someone in IT uploaded a faulty software code”. Equally damaging to the company’s reputation and credibility were the constantly changing predictions of when the problem would be fixed, that presumably came from over-optimistic IT engineers and were blindly accepted by corporate communicators. On day one, the time to sort out the disaster was “hopefully by later today”, but two weeks later NAB was still reporting “some inconsistencies”. NAB even committed the elementary mistake of allowing its spokespersons to say, “These things are very rare. This is, hopefully, a one-off incident.” Such statements are bound to backfire and, sure enough, the NAB payment system briefly crashed again less than two weeks later (9 December). Little wonder that Fairfax Business Reporter Chris Zappone concluded NAB had a reputation as “the most accident-prone of the major banks in Australia”. There were many contributing factors, but it is clear that a major factor was the failure to publicly demonstrate that top management was taking responsibility, and that this was much more than just a systems problem. In
088
fact, the then CEO had no substantial media presence during the crisis, other than putting his name to a national apology advertisement published five days after his company’s systems went down. It is easy to be critical after the event, but IT failures and cybersecurity breaches do not have to be a reputational disaster. In February this year, American health insurer Anthem reported that personal information of 80 million of its clients – including social security numbers and credit card numbers – was exposed through a cyberattack. Moreover, reports indicated that Anthem failed to encrypt the personal data in its systems and that the breach was enabled through a simple password hack, made worse by its singletiered access design of the network. At a technical and business level it was a disaster. But the company’s response was a lesson in how to protect reputation. Anthem: • self-discovered the breach and reported it to authorities • publicly announced the crisis within days of the discovery • provided extensive and coherent information and updates to the public • communicated to all stakeholders in the form of an extraordinarily effective letter from the CEO
After clearly stating the facts and what the company was doing about it, CEO Joseph Swedish wrote, “Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration and I assure you that we are working around the clock to do everything we can to further secure your data.” He concluded, “I want to personally apologise to each of you for what has happened, as I know you expect us to protect your information. We will continue to do everything in our power to make our system security processes better and more secure, and hope we can earn back your trust and confidence.” Anthem justifiably won widespread praise for its response. But the case underscores one critical point. Cybersecurity clearly now rests firmly in the executive suite as a crisis risk and no manager has any excuse for thinking that it is ‘just an IT problem’.
Dr Tony Jaques is an internationally recognised authority on crisis and reputation. His Melbourne-based company specialises in best practice audits of issue and crisis processes (www.issueoutcomes.com.au). Tony writes Australia’s only issue and crisis newsletter, Managing Outcomes, and is author of the new book Issue and Crisis Management: Exploring Issues, Crises, Risk and Reputation (Oxford University Press, Melbourne).
Cybersecurity clearly now rests firmly in the executive suite as a crisis risk and no manager has any excuse for thinking that it is ‘just an IT problem’.
MASTER LOCKSMITHS Master Locksmith Association members are highly trained, fully qualified security professionals with access to the very latest in restricted key systems, from mechanical keys and locks to the world-leading electronic master key systems.
Find your nearest locksmith and MLA member at
THE MLA ADVANTAGE
DOMESTIC
COMMERCIAL
AUTOMOTIVE
SAFES
RESTRICTED KEY SYSTEMS
ELECTRONIC SECURITY
CCTV
FOLLOW US ON
SECURITY SOLUTIONS 089
EMERGENCY RESPONSE
By Tony McHugh
Recognising And Dealing With Post-Traumatic Stress Disorder
Post-Traumatic Stress Disorder (PTSD) is a psychiatric consequence of exposure to potentially traumatic events (PTEs); that is, events where the person experienced, witnessed, or was confronted by an incident involving actual or threatened death, serious injury or threat thereof to the self or others. Such events include war and war-like occurrences, physical and sexual assault, serious accidental injury, and (natural and man-made) disasters.1 Who gets PTSD? While exposure rates to such events within the general community are often as high as 60-65% 2, and in some populations have been reported to be as high as 84% 3, these rates increase considerably in (serving and retired) members of organisations whose role routinely involves exposure to PTEs. This includes military personnel, security officers, and members of emergency service organisations such as police, ambulance and fire services. The prevalence of PTSD following exposure to PTEs is much less common than the occurrence of trauma. However, that can vary, with lower rates between 5-10% reported following non-interpersonal events, such as accidental injury and natural disaster. Higher rates of between 25-50% can occur following interpersonal traumas, such as combat and assault, with the highest rates being among those exposed to sexual assault4. It is important to note, however, that the likelihood of developing PTSD increases with repeated exposure to PTEs 5.
090 SECURITY SOLUTIONS
Recognising the Signs and Symptoms of PTSD The Formal Definition PTSD is understood to be characterised by three sets of symptoms. The first relates to the re-experiencing of the traumatic event and includes such phenomena as intrusive thoughts and images of the event, recurrent nightmares, and physical and emotional distress at exposure to reminders of the event. The second symptom set comprises avoidance and numbing symptoms. These include active avoidance of thoughts and feelings related to the event and places, or activities that act as event reminders, and interpersonal detachment and the numbing of feelings. The final symptom set relates to the hyper-arousal symptoms. These include disturbances in sleep and concentration, exaggerated startle, hyper-vigilance and increased anger 6 . What People Typically Report People can be reluctant to report such reactions, be it to a GP, work colleague, family member or friend. This reluctance can be motivated, among other things, by embarrassment, fluctuating wellness, difficulty in describing symptoms, and clinician attitude. Thus, people are more likely to admit to or exhibit clear signs of: • disrupted sleep and consequent loss of concentration and problem-solving ability
• • • • • •
being unusually irritable relationship problems physical illnesses of a psychosomatic origin (e.g. gastro-enteric problems — a particularly noteworthy example being Irritable Bowel Syndrome) pain conditions (from physical injuries associated with or exacerbated by trauma) co-morbid problems or behaviours (e.g. alcohol abuse or problem gambling) risky behaviours (e.g. reckless driving or sexual encounters).
Co-morbidities of PTSD While PTSD is a critical, Trauma-Related Mental Health Disorder (TRMHD), its symptoms rarely exist in isolation. In reality, co-morbidity is the norm rather than the exception. For example, co-morbidity rates in the often-studied military and veteran populations have been reported to be as high as 90% (Kulka et al., 1990; O’Toole et al., 1996). The most common co-morbidities include depression, other anxiety disorders, and substance use disorders. A range of broader, psychopathological features are also associated with PTSD. Such features include trauma-related guilt and anger. Understanding How PTSD Works PTSD will be more or less likely to occur depending on the operation of the following factors. Trauma Characteristics Trauma(s) can fall into any of four descriptive categories. That is, those relating to humancaused trauma, where acts are either intentional (e.g. crime) or accidental (e.g. road traffic accidents), and nature-related trauma that are complicated by human actions or not. Human-caused or complicated traumatic events are well known to have greater potential for traumatisation. Thus, person-implicated events that are horrific, prolonged or repeated, deliberate and malevolent, have the greatest capacity to negatively affect people. Personal Characteristics There are certain members of the community who are at greater risk of negative, psychological and functional outcomes
following trauma. Known high-risk groups include women, the young and elderly, those with chronic illnesses and diseases (especially pain and mental health conditions), people who are economically, materially or socially disadvantaged and, as mentioned, those who have experienced cumulative, traumatic events. Individual Response Characteristics It is well known that response styles will help or hinder people in dealing with PTEs. For example, those who have highly-anxious, pre-trauma response styles and tend to avoid (especially through the abuse of substances or engaging in unhelpful behaviours such as problem gambling), and those with rigid response styles, are less likely to recover speedily or easily. Those who have cynical response styles or who are self-critical and hence unable to respond to advice or offers of assistance with an open mind, are unlikely to aid their recovery process. Very angry, post-trauma response styles are also likely to interfere. Anger is known to be a powerful predictor of recovery — the greater the anger, the more difficult and delayed will be the coping and the process of recovery. How to Help People Who May Be Suffering With PTSD Exposure to trauma, as highlighted throughout this commentary, is common. Most people will have some psychological reaction(s) to trauma — fear, sadness, guilt and anger are common, possible feelings. The majority of people, however, re-establish functioning quickly. Similarly, the vast majority recover over time and only a small proportion go on to develop TRMHDs. Health professionals, who are experienced in the treatment of TRMHDs, use the following simple questions as preliminaries to deciding whether someone who has been exposed to a PTE has PTSD: • Do you have vivid memories of an event? • Do you avoid things which remind you of the event? • Do you feel emotionally cut off? • Are you irritable or constantly on edge?
These are important signs for us all to consider when a colleague, friend or family member is not functioning normally after a stressful event. However, the task of the caring observer in the workplace, and beyond, is typically not that of a mental-health professional. There are, instead, vitally important roles we can all play after a colleague, friend or family member has experienced trauma. These are best summarised as: Respectful and watchful waiting — as emphasised throughout this article, although most people will recover without the need for treatment after experiencing a PTE, some will not. It is important that those with a role to play in assisting people exposed to trauma, maintain an awareness of their variable needs. Some will display a lesser ability to cope to the point where specific assistance may be required. Some of the signs of the need for assistance are described below. Making Psychological First Aid (PFA) available — we should not underestimate the power of simple acts of caring to people who have experienced a significant stressor. The power of the cup of tea and metaphorical shoulder-to-lean-on to help, is a repeated finding from studies of refugees and disaster-survivors.
1
2
Psychological First Aid Overview • Provide support for distressed. • Facilitate links with family and friends. • Provide information/foster communication/education. • Protect from further harm. • Reduce physiological arousal. • Provide comfort and reassurance. • Encourage return to work and usual activities. • Encourage use of professional help, if necessary.
3
Emphasising the importance of maintaining normal functioning — presenting for work, engaging in family and social activities, and even going dancing, to the movies or exercising, etc; are not minor matters in maintaining wellbeing.
SECURITY SOLUTIONS 091
EMERGENCY RESPONSE
How to Reduce the Likelihood of Vicarious Traumatisation Look after yourself and think more realistically, for example: • I want to carry out my endeavours well but, like everyone else, I will occasionally find it hard going or (be perceived to) fail/make a mistake. I can handle that and do better. • Work may be influenced by factors outside of my control (e.g. client anxiety about change). • Worrying about work that might go wrong won’t stop it from happening and will just make me unhappy. Be easy on yourself. Quality practitioners will openly acknowledge their experience of difficulties. • Acknowledge the clinician’s illusion — the behaviour you may observe is not typical of people in general. Beware of heroic or catastrophic thinking, for example: • I must be completely competent and find no client difficult. • It is dreadful, the end of the world, when this is not so. • If something raised is challenging or unpleasant or frightening, it is better to put off thinking about it. • I am the only one who can help this person. Be prepared and able to acknowledge difficulties: • Look after yourself, so you can work and play more effectively, especially diet, exercise, relaxation and work/life balance. • Place limits on how much time you spend in the field or helping others. • Encourage use of professional help, if necessary.
4
Knowing when to refer — interactions with workplace colleagues who are showing persistent signs of stress (see below) should, however, alert us to the importance of a referral to a professional who is an expert in the assessment and treatment of TRMHDs. Often, early referral can result in impressive gains after small amounts of treatment.
092 SECURITY SOLUTIONS
What sort of support will help someone suffering PTSD? It is important to emphasise that people demonstrate, time and again, the capacity to survive traumatic/significant, stressful events and continue to live meaningful and satisfying lives. Thus we speak of PTEs, rather than traumatising events. One of the most important factors in being able to come to terms with trauma and traumatic loss is what is known as resilience. Individuals who are resilient have been found to experience lower rates of depression, substance abuse and post-traumatic stress following traumatic events than their lessresilient counterparts.7 Resilience is defined as the capacity of people to effectively cope with, adjust to, or recover from stress and adversity. Resilient people will not typically need a great deal of assistance post-trauma. It is important to accurately identify the resilient from those who will need more assistance, without any sense of discrimination or judgement. Such assistance may include PFA or any or all of the five psychological recovery skills. Skills for Psychological Recovery • Problem solving. • Symptom management. • Developing support networks. • Positive activities. • Review and relapse prevention.
For this group, it may be necessary to sensitively encourage them to seek treatment from a health practitioner who is an expert in the treatment of TRMHDs. Such action should be considered if the person, weeks after the event: • • • • • • •
still feels upset or jumpy most of the time persistently exhibits changed behaviour compared to pre-trauma has difficulty with normal activities has worsening relationship issues — especially because of anger has disturbed sleep keeps dwelling on the event(s) seems unable to enjoy life and appears numb or withdrawn
• •
there is evidence of depression, persistent high anxiety or risky alcohol and/or drug use there are concerns about risk to self/ others or capacity to care for self and/or others.
Tony McHugh is the Manager of the Psychological Trauma Recovery Service (PTRS) at Austin Health. Before that, he was the Manager, and principal psychologist of the Post-Traumatic Stress Disorder (PTSD) Programme at Austin Health. In these roles, Tony has been responsible for the set-up and development of comprehensive psychological treatment programs for severely traumatised ADF personnel, combat veterans and members of the public. He has also acted as a psychological advisor to the Australian Centre for Post-Traumatic Mental Health and to the Transport Accident Commission of Victoria. Tony has routinely provided workshops across Australia on the topics of psychological treatment of post-traumatic reactions (including PTSD and other anxiety disorders), depression and, most often, problematic anger. He has also written a number of articles about traumatic stress. Prior to his time at Austin Health, Tony held various significant appointments, including Assistant Director for the Early Psychosis Prevention and Intervention Centre (EPPIC). He also runs, part-time, a small but busy, private psychology practice. Through these various experiences, he has attained considerable experience in the treatment of a range of post-traumatic conditions, including severe anxiety and mood disorders. A special focus of his work has been the treatment of problematic anger. Tony can be contacted at: tony.mchugh@austin.org.au For a full list of references contact: admin@interactivemediasolutions.com.au 1 — Diagnostic and Statistical Manual of Psychiatric Disorders Version IV (DSM-IV; APA, 1994). 2 — Creamer, Burgess & McFarlane, 2001; Kessler, Sonnega, Hughes & Nelson (1995) 3 — Vrana & Lauterbach (1994) 4 — Creamer, Burgess & McFarlane, 2001; Kessler, Sonnega, Hughes, & Nelson, (1995). 5 — Rees, Silove, Chey, Ivancic, Steel, Creamer, Teesson, Bryant, McFarlane, Mills, Slade, Carragher, O’Donnell, & Forbes (2011) 6 — Diagnostic and Statistical Manual of Psychiatric Disorders Version IV (DSM-IV; APA, 1994). 7 — Bonnarno (2004)
YEARS OF CONNECTING THE SECURITY INDUSTRY
MELBOURNE CONVENTION & EXHIBITION CENTRE 15-17 JULY 2015 REGISTER FREE NOW SECURITYEXPO.COM.AU
Join us once again in Melbourne for this year’s 30th anniversary edition of the Security Exhibition & Conference. Australasia’s premier security event brings the industry together from 15-17 July 2015 with new and exciting attractions to celebrate the ever evolving world of security.
PROMO CODE: SOLUTIONS LEAD INDUSTRY PARTNER
PRINCIPAL EXHIBITION SPONSOR
ORGANISED BY
SECURITY SOLUTIONS 093
HOMELAND SECURITY
094 SECURITY SOLUTIONS
A Very Brief Introduction To Surveillance Detection By Ami Tobin There has been a great deal of discussion lately around the potential for homegrown terrorism potentially carried out by young men returning to Australia from the conflict in Syria feeling disillusioned, angry and radicalised by their experiences and exposure to people who would see harm done to Australian citizens and businesses. To that end, the Australian Government is working hard with Australian security agencies to detect and deter such individuals before they can carry out any sort of attack. However, as everyone knows, it only takes one person. Therefore, the question becomes, what can the security industry do to play a role in preventing terrorist attacks on Australian soil? One possible course of action is to better understand the process undertaken by individuals intent on carrying out attacks with a view to thwarting attacks and better protecting shopping centres, sports stadiums, public transport terminals and so on. Surveillance detection (SD) is the attempt to covertly determine if surveillance is being conducted and, if so, to collect general information on the surveillance entity – time, location, appearance, actions and correlations to the target. Before introducing some of the fundamentals of this subject, following are some general clarifications about the intentions behind this article: • The field of SD is both wide and deep, and many of its fundamental principles admit some exceptions, and even exceptions to the exceptions. The purpose of this article is to provide a simple and brief introduction. It is therefore important to keep in mind that no such introduction can possibly contain the countless details and case-by-case contingencies and exceptions that exist.
• No article, book or seminar can be said to actually teach people how to perform SD. Though some of the wording in this article might seem instructional, this is primarily for the sake of brevity; it is not intended to teach anyone how to execute surveillance detection operations. A good way to begin explaining surveillance detection is to break it into its two components: Understanding what to look for – what it is about other people that needs to be detected. Understanding how and from where to look – what it is about the SD operative that will enable him or her to look for surveillance (SD location, appearance, demeanour and so on).
1 2
What to Look For Many people tend to think that in order to detect surveillance, one should try to spot anyone who seems suspicious, out of place, nervous, or taking a special interest in the asset in question (such as intently observing, taking notes, photographing or videotaping). Though these factors might exist, it is important to note that rather obvious indicators of this sort will only be detected if the level at which the surveillance is being carried out is low. In other words, the very first thing that a well-trained surveillance operative will learn is how to NOT display any of the above indicators. Operatives can always hope for easily detectable surveillance indicators (and should always look for them), but they would be wise to also try to detect the less obvious indicators of surveillance as well. The single most important indicator that a person might be conducting surveillance (on any level) is the person’s correlation to the target. If the term correlation seems a bit vague or general that is because it is. This is one of the reasons why surveillance can be quite difficult to detect,
especially the higher levels of surveillance when correlations are at their most subtle. In general, a correlation can be any act of observation, movement, signalling, communication, or even just presence over time and distance in some kind of conjunction with the location, timing and/ or movements of the target. And though there are ways to blur and camouflage these types of correlations, except for very rare cases there is no real way to completely eliminate them while still conducting effective physical surveillance. The best way to understand what correlations to a target might look like, and why they almost always exist when surveillance is carried out, is to experience how it actually feels to conduct surveillance and to therefore correlate to a target oneself. After an operative experiences how surveillance feels in the flesh, he will be much better positioned to spot people who are going through the same experience. In much the same way, casinos and fraud detection units have been known to hire ex-cheats, frauds and con artists, who have become extremely adept at detecting the very same tricks they themselves used to employ. This is a relatively rare situation when ‘it takes one to know one’ – or at least to detect one. Hostile surveillance is a process that begins by understanding the area around a target, locating potential vantage points and understanding what kinds of people spend time at the vantage points (what they do, what they look like and so on). A vantage point is a location from which the operative can conduct surveillance on a target, and a good surveillance vantage point is one that gives the operative access to important visual information, while allowing him to appear completely natural. Good vantage points might be coffee shops, park benches, crowded areas, or any environment into which the surveillance operative can naturally blend while observing the target.
SECURITY SOLUTIONS 095
HOMELAND SECURITY
What makes surveillance so difficult, however, is that as seemingly normal as an operative might strive to appear, the fact will always remain that there is a constant tension – or even a contradiction – between how the surveillance operative appears and what the operative is actually doing. And it is within the scope of what the operative is actually doing – visually collecting information on the target – that most surveillance correlations are to be found. Hiding or blending in is easy if the focus is to hide and blend in. But if the operative is also trying to visually collect information on a target, spot a particular action or movement of a target, or observe changes and habits of a target, then as subtle as they may be, correlations to the target are almost inevitable. The simple act of observing a target is a correlation. Moving in conjunction with or following a target is another type of correlation. Paying close attention to the target at specific key moments can be a type of correlation. Signalling, gesturing, hiding, telephoning, texting, or even just checking the time in conjunction with a target’s movements or activities can all be a
How and From Where to Look With an understanding of what to look for, the question now becomes how and from where should operatives look for it? To answer this question, it is necessary to understand two things: A correlation, not unlike an equation, has two sides to it. In this case, the two sides are the target and the surveillance operative. Therefore, to establish whether or not a correlation exists, in most cases, it is necessary to be able to observe both sides of the correlation – simultaneously if possible. Exceptions to this rule do exist, where surveillance can be detected without also observing the target, but these usually require the SD operative to either have advanced knowledge of the target’s exact movements, timing, actions and so on and/or to be in covert communication with either the target itself, or (in most cases) the target’s security or close protection unit. Since SD needs to be done covertly (without the surveillance operative noticing it), an SD vantage point should be one that gives
1
2
Surveillance detection is the attempt to covertly determine if surveillance is being conducted. correlation. A particularly difficult correlation to detect is what is called correlation over time and/ or distance. If, for example, the target is a CEO who is staying at a hotel for a week while on a business trip, a correlation can be something as subtle as an individual spending every morning at that hotel lobby, every day for the duration of that week. Even if the individual does not appear to be observing, filming, or communicating as the CEO moves through the hotel lobby (there are a number of electronic tools that can make these actions very difficult to detect), the simple presence of the individual over time can be a correlation in itself. If the CEO happens to be on a multi-city business trip and the same individual in question is seen spending time in the lobby of each hotel the CEO is staying at, then, again, even without correlating in action, merely being present over time and distance in conjunction with the CEO can be a type of a correlation.
096 SECURITY SOLUTIONS
the SD operative a single field of vision that includes both the potential surveillance vantage point and the target – that is, one that does not require turning one’s head back and forth (the above-mentioned exception applies here as well). The ideal SD vantage point, therefore, will be somewhere behind the potential surveillance vantage point. In this way, not only will an SD operative be able to simultaneously see both sides of the correlation (target and surveillance operative), but it will be easier for the SD operative to remain hidden from the surveillance operative. For example, if an outward-facing bench at the edge of a nearby park is recognised (mapped out) as a good potential surveillance vantage point on a company headquarters, a potential SD vantage point might be a bench further back in the park, overlooking both the surveillance vantage point bench and the company headquarters.
It is important to remember that convenient notions of ideal SD situations or ideal SD vantage points often tend to crash on the hard rocks of field reality. Ideal situations, in other words, are not always available, and one of the most important purposes of realistic field training is to learn how to deal with less than ideal conditions and still get the job done. Ami Toben is the director of consulting, training and special operations at HighCom Security Services, a security and investigation company based in the San Francisco Bay area in the US. He is an experienced security director, trainer, account manager and published writer with over 14 years of military and private sector security experience and a successful record of providing high-end services to Fortune 500 corporations, government and law enforcement agencies, foundations and wealthy individuals. His professional experience includes: full-spectrum facility security operations, special-event security, executive protection, low-profile and covert security projects, metal detector operations, estate security, shareholder meeting security, surveillance and surveillance detection projects.
RECON NAV SPC Series No. 8831 (kilometers) or 8832 (miles): 46mm, carbon reinforced polycarbonate case and case back, unidirectional ratcheting bezel with aluminum ring compass rose, antirefl ective sapphire crystal, walking tachymetric scale, water resistant to 200 meters, black PU Strap with raised scale and compass attached, Luminox self-powered illumination. Swiss Made. Preferred timepiece of Swiss Special Forces and outdoor enthusiasts.
www.luminox.com
NSW Fredman SVW, Sydney, 02 9221 3373 | Hennings Jewellers, Narellan, 02 4647 8555 | Lewis Watchmakers & Jewellers, Coffs Harbour, 02 6651 1612 | Melewah Jewellery, Haymarket, 02 9211 5896 QLD Vintage Watch Co, Brisbane, 07 3210 6722 | Hatton Garden Jewellers, Beenleigh, 07 3287 1230 | Richardson‘s Jewellers, Kawana, 07 5444 3272 SA JJ Brown Watchmakers, Adelaide, 08 8223 3207 VIC 8th Avenue Watch Co., Emporium Melbourne, 03 9639 6175 | Ekselman Watchmakers & Jewellers, Melbourne, 03 9670 5353 | Uccello Jewellery & Watches, Altona, 03 9398 8551 | Temelli Jewellery, Highpoint S/C, 03 9317 3230 | Temelli Jewellery, Southland S/C, 03 9583 2633 | Temelli Jewellery, Westfi eld Knox City S/C, 03 9800 0799 | Highly Tuned Athletes, Hampton, 03 9598 7888 | Duffs Jewellers, Geelong, 03 5221 6636 WA The Watch Spot, Perth, 08 9421 1093 | Jools of Claremont, Claremont, 08 9385 5476 | All About Time, Balcatta, 08 9349 0600 | Carmen Jewellers, Midland, 08 9274 1080 NT Goldsmith Pty Ltd, Darwin, 08 8981 4448
FEATURE ARTICLE
098 SECURITY SOLUTIONS
The Impact Of Interdependence On Providing Protection For Critical Infrastructures
SECURITY SOLUTIONS 099
FEATURE ARTICLE
By Jon Novakovic Much attention and many resources are given over to providing for the protection of critical infrastructure. To date, most efforts have been towards identifying critical infrastructures and building resilience into the organisations that run them. In Australia at least, not enough thought has been given to the interdependence of infrastructures. The ways in which infrastructures interact with and depend on each other open up and magnify vulnerabilities that sectors may not have anticipated. Early definitions of national security typically were concerned with the ongoing survival of a country. These days, there has been a shift in thinking, and in a way the bar has been raised, with national security now referring to the maintenance of the well being of the nation state that is supported by a dynamic and interconnected series of critical infrastructure. The critical infrastructure sectors identified in Australia by the Attorney-General’s Department are: • Banking and finance • Communication (including telecommunications and broadcasters) • Emergency services • Energy • Food chain • Health • Mass gatherings (including shopping centres and sporting grounds) • Transport (including aviation, maritime and surface transport) • Water services. Criticality is typically defined as a measure of the consequences associated with the loss or degradation of a particular asset, including consequences of loss (such as, economic, financial, environmental), restore times and the relative ‘attractiveness’ of the target. The assessment of criticality of assets in some Australian agencies is based on a conventional risk management approach; risk = likelihood x consequences. The level of likelihood determined is directly related to the assessed attractiveness of an asset to the threat in question. Consequences is determined via a formula containing three variables: impact on economic well being, facility downtime, and impact on social/environmental well being. The scoring table for economic well being is based on generic descriptors, such as
100 SECURITY SOLUTIONS
significant state or regional economic loss, and social/environmental well being is determined by the number of customers affected. The final result is a quantitative measure of criticality, the highest levels being marked critical infrastructure of federal and state significance, down to of low importance at an organisational level. There are two key omissions from the various risk management frameworks for infrastructure. The first is that the risk assessment takes place on an internal level to the individual organisations. However, something identified as a critical risk in organisation A may not have nearly as much impact on society as something identified as medium risk by organisation B. What is lacking is an independent external measure, and the development of such a measure could quite feasibly be incorporated into the responsibilities of existing groups responsible for bringing together Australian infrastructure sectors. The second failing is that, when analysing the fallout of damage to their infrastructure, organisations will only look at the impact on those
relationship exists where a depends on b through some links, and b on a for others. There are four principle types of interdependence (Rinaldi, Peerenboom & Kelly, 2001): • Physical – a physical linkage between the inputs and outputs of two infrastructures • Cyber – an infrastructure has a cyber interdependency if its operation depends on information transmitted through communications networks • Geographical – if infrastructures can be affected by a local environmental event (for example, the Goulburn St carpark structure houses two train lines, two electricity cables, part of the Sydney CBD’s water supply and a telephone exchange) • Logical – ‘a control schema’ that links two infrastructures without any direct physical, cyber or geographic connection. For instance, rolling blackouts could reduce confidence in a country’s economy, affecting the local finance industry, which in turn would then struggle to fund upgrades to the electricity sector.
A necessary step in providing adequate protection against threats to critical infrastructure is the identification of vulnerabilities, and key vulnerabilities can be found in, and magnified by, a concept known as interdependency. directly reliant, and typically give only cursory attention to flow-on effects that arise from the interdependencies of infrastructure networks and that can magnify overall fallout, and may result in misallocation of risk. A necessary step in providing adequate protection against threats to critical infrastructure is the identification of vulnerabilities, and key vulnerabilities can be found in, and magnified by, a concept known as interdependency. An interdependency is a bidirectional relationship between two infrastructures through which the state of each infrastructure influences or is correlated to the state of the other (Laprie, Kanoun & Kaaniche, 2007). A bidirectional
The communications, energy, transportation, and banking and finance sectors are considered to be particularly interdependent and highly connected, whereas the water, health, food and emergency services sectors are regarded as being dependent infrastructure. Interdependencies are one of the greatest weaknesses of modern infrastructure systems, greatly increasing the vulnerability of corresponding infrastructures as they give rise to multiple error propagation channels from one infrastructure to another, making seemingly safe sectors more prone to exposure to accidental and malicious threats. There are three types of failures relevant when
analysing interdependent infrastructures (Laprie, Kanoun & Kaaniche, 2007): • Cascading failures • Escalating failures • Common cause failures. The provision of these facilities and services can no longer be referred to as public infrastructure. In New South Wales, critical infrastructure lies in the hands of both the public and private sector, with approximately 76% publicly owned and 24% privately owned. In some parts of Australia, however, up to 90% of critical infrastructure is privately owned and operated on a commercial basis. It is not unusual to see the electricity sector sitting at the centre of diagrams demonstrating a country’s overall infrastructure interdependencies. One of the potentially most vulnerable, yet critical, parts of that sector is the transmission network. Dependents (Samborski, 2009): • Water (pumping stations, control systems, facilities) • Communications (switches, exchanges, facilities) • Emergency response (police/fire/ ambulance stations, their communication networks [a cascading dependency]) • Transportation (public transport, goods delivery, signalling and switches) • Banking and finance (consumer confidence, facilities). Dependencies: • Transport (component shipping, access for inspection and repair) • Communications • Banking and finance (financial services, investment). Infrastructure owners historically concerned with the operation of their own, often well-defined domains must now contend with unbounded networks brought about by greater information technology connectivity and the understanding of the proximity of their asset to other infrastructure. Cyber interdependencies are relatively new, and are the result of “pervasive computerization and automation” of infrastructure over the last few decades (Mendonca, Lee & Wallace, 2004). Every new interdependency opens the door for potential new vulnerabilities. Information technology’s capability to increase operational efficiency also made infrastructure a more attractive investment
Interdependencies are one of the greatest weaknesses of modern infrastructure systems, greatly increasing the vulnerability of corresponding infrastructures as they give rise to multiple error propagation channels from one infrastructure to another... option. The move towards deregulation of some sectors, such as electricity and natural gas, resulted in the shedding of excess capacity that had previously been mandated by government. The combination of these two factors creates a modern environment where infrastructures are increasingly inter-reliant and have little redundancy in the case of failure. In Australia, a federal agency, Geoscience Australia, undertook what was referred to as the Critical Infrastructure Analysis – Pilot NSW Critical Infrastructure Project. The pilot project highlighted a number of key features a national governing body would require to successfully evaluate and assess the protection of critical infrastructure. There is a need to: • gain high level government and industry backing to facilitate and promote the project because of the sensitivity of the information • define and develop models of impact, and tools to assess response and recovery • develop an understanding of the dependencies between sectors and interlinkages between business and service providers, especially electricity • develop models and assessment tools that link the economic effects to events and interdependencies. As of 2009, key responsibility for this area of study lies with the federal AttorneyGeneral’s Department and their CIPMA (Critical Infrastructure Protection Modelling and Analysis) Program. Most of the emphasis is put on maintaining business continuity plans with the operators of infrastructure (Australian Government, 2007). The operations research department at the
Naval Postgraduate School in California has developed a piece of software based on an attacker/ defender mathematical model they are calling VEGA (Vulnerability of Electric Grids Analyzer), designed to analyse weak points in networks and make predictions of the consequences of a failure cascading through interconnected networks. A drawback of this is that it would require gaining buy-in from the military (thus the addition of yet another stakeholder), as their expertise would be needed when searching out inputs for the attack variables. At the moment, there is a significant likelihood that funds designated for the protection of critical infrastructure in Australia are being misallocated, or used inefficiently, due to threat-analyses with too narrow a scope being conducted. As well as wasting money, there is the possibility that significant vulnerabilities are being exposed in the interconnected networks of Australia’s infrastructures. The best way forward is through the empowerment of a peak national body responsible for developing and co-ordinating a significantly more expansive risk management framework, based on expansive studies conducted on Australia’s infrastructure interdependencies. A full list of references is available upon request to editorial@australianmediagroup.com.
Jon Novakovic has a degree in public communication, and currently works for the NSW electricity transmission company, TransGrid. He is currently completing his masters in policing, intelligence and counterterrorism. Mr. Novakovic can be contacted at jon_novakovic@hotmail.com
SECURITY SOLUTIONS 101
FEATURE ARTICLE
102 SECURITY SOLUTIONS
Multi-Site Security Reviews: Getting Both Consistency And Accuracy By Rick Draper The practice of undertaking security reviews is generally well understood. However, delivering reliable, consistent, accurate and useful assessments across multiple sites can be difficult, particularly if there are teams of reviewers involved. It is important to draw the distinction between security risk assessments and security reviews. Essentially, a security review may serve to inform a risk assessment, but by definition does not necessarily involve qualifying or quantifying the level of any specific risks. This article relates to security reviews, but the principles can easily be expanded to incorporate collection of additional data to support multi-site risk assessments. The Output Drives the Approach It is not possible to generalise about the requirements that might exist across the many different contexts that may apply. As with any single-site security review, the outputs necessary from multi-site reviews will set the requirements for the approach that needs to be undertaken. The format that the reports need to take, timing and key areas of concern are all driving factors that will influence the reviewer’s approach. A good starting point is to mock up sample reports that reflect the required outcomes and then deconstruct them to establish the variables that apply, and the information and observations that are needed from each site. Security review reports generally include a mix of factual data and observation, conclusions derived through analysis, and recommendations based on a
range of factors and influences (such as a policy that states that every site must have a CCTV camera providing clear images of persons entering the reception area versus a conclusion based on understanding of likely risks). The structure of reports varies so widely across applications that it is not possible in an article of this nature to provide specific guidance. However, a multi-site review, similar observations will be expected to be reported consistently, although context may require a different set of recommendations at one site compared to another; the reader should be able to understand the rationale for any perceived discrepancies. This is where reverse engineering reports are so valuable in the planning stages of a project involving multi-site security reviews. The process enables foresight of the issues and the opportunity to refine the approach according to the specific project needs. Background Data Gathering While it is important for reviewers to prepare prior to any single-site security review, the importance is amplified when dealing with multiple sites. Having the right background information for each location and reviewing it prior to going on-site will greatly enhance efficiency during fieldwork. In doing so, reviewers need to be cautious about assumptions that might arise from preliminary information and should validate the background data when on-site. Depending on context and outcomes required from the reviews, required background data may include:
• names of the sites/facilities (as they are referred to internally) and brief descriptions • list of contacts, including key stakeholders • location maps, site plans, floor plans, and elevation drawings • descriptions of primary purpose (what happens where) • as-installed drawings of security-related systems and copies of maintenance records • copies of relevant plans, policies, procedures, standing orders and instructions • job descriptions and duty statements for relevant positions • occupancy and activity levels in various areas of the site, including seasonal variations • date and time information, such as normal hours of operation, staff arrival and departure time, regular out-of-hours activities such as cleaning and maintenance • details of alarm monitoring, guard and patrol services, and other contracted security functions • copies of security awareness materials • photos of relevant areas (including dates taken) • details of recorded security-related incidents at the sites/facilities • information about security incidents and/ or crime occurring in similar facilities or in the vicinity of the subject sites. Collating this background information can be time consuming for the facility and it is important that the reviewer is clear in his or her requirements. Familiarisation with the language
SECURITY SOLUTIONS 103
FEATURE ARTICLE
and terminology used by the organisation and a request for information that is consistent with the terms used internally is helpful. It can be useful to provide a checklist in the form of a spreadsheet that incorporates columns/fields to assist the site with managing the collation process (such as source of information, task assigned to, target date, date supplied, and so on). Recognising that background materials take many different forms, it can be useful to provide a secure web-based facility to upload at least some of the documentation and collect responses to preliminary questions. However, care needs to be taken to ensure the facility being used reflects the security needs of the organisation, which often rules out a range of cloud-based tools. On-site Data Collection Depending on the complexity of the security reviews being undertaken, the options for gathering consistent data across multiple sites can be limited. At the most basic, a paperbased checklist or scalar survey form can be created. Such tools can then be adapted for use in electronic form to enable data collection on iPads, tablet computers, or even smartphones. With a wide array of traditional applications (such as spreadsheets) now available for mobile devices, it has never been easier to collect information in the field in a way that minimises post-processing. There are also a number of web-based tools and applets available to assist with data gathering in the field. For example, if the security reviews are occurring across a larger area where geolocation of observations is important, tools like Plot & Audit can be extremely effective. Similarly, if the data collection is limited to a single area on each site, applications such as iAuditor can be a good choice to streamline data collection. Irrespective of the approach to collecting the data, it is highly recommended that any tools developed be tested multiple times on the same sites by all of the project team members to ensure that the required level of consistency is being achieved. It is important to recognise that whilst consistency does not equal accuracy, both are important in undertaking multi-site reviews. Testing of the data collection and site review tools should also involve practicing contingency
104 SECURITY SOLUTIONS
plans, such as damage to equipment or lack of internet connection. If the sites are all relatively accessible, there may not be an issue with rescheduling the on-site aspect of the review. However, if the sites are remote, the opportunity to revisit may be limited and very costly. As with all data collection, back-ups are essential. For paper-based records, scan the originals and make physical copies. If data is collected on spreadsheet applications, synchronise the files with a back-up server at the earliest possible opportunity. And, of course, consider the security of the backup choices. A Picture’s Worth… While a picture might be worth a thousand words, it is important to provide annotation so readers understand the image being presented. While it might be obvious to the photographer immediately after he or she leaves the site, the following information should always be recorded with photographs: • date/time taken • photographer’s name • where the photo was taken (site/area/ location) • description of key matters of note in the photo/reason for taking the photo. Photos taken for orientation purposes can be extremely valuable, but may not be suitable for inclusion in the final reports. However, they should still be annotated and stored in a format that allows them to be used in the future. Plot & Audit and iAuditor include facilities for linking photos to data collected during the review, with the capability to generate PDF outputs that include the photos. Generating the Output Regardless of the preparation and data gathering time, the success of a multi-site security review project will be judged on written outputs; whether that is as basic as a photo
survey or detailed reports for each site. Writing each report from the available data can, of course, be done manually, perhaps with a good smattering of copy and paste. However, as the number of sites increases, the time and tedium associated with generating the final output starts to increase. Notwithstanding the tools and applications available, one really simple technique to generate a large number of reports in short order from a set of consolidated data is to use the mail merge facility in a word processing application. The data collection spreadsheets can incorporate calculations that place words, sentences and even paragraphs in mail-merge cells, which will then appear in context in the report. For example, the output in relation to the attractiveness of a particular cash handling point as a target for robbery, dependent upon a specific set of variables, might appear in the relevant reports as either: • “[some recorded observations] make this location unattractive as a target for robbery”; or • “[some recorded observations] make this location only moderately attractive as a robbery target”; or • “[some recorded observations] make this location potentially very attractive as a robbery target”. Having the ‘recorded observations’ collected consistently in a compatible data source, along with the associated variables, means the reports will virtually write themselves. In practice, the report should be outputted to a merged file and the wording fine-tuned after proofreading. This technique can save many hours of work and deliver high-quality, consistent outputs for multi-site security reviews. Rick Draper is the principal adviser and managing director at Amtac Professional Services Pty Ltd. Rick has over 30 years’ experience in the security industry; the last 21 years as a consultant. He is an adjunct senior lecturer in security management and crime prevention at Griffith University and a member of the ASIS Loss Prevention and Crime Prevention Council. Rick has been involved in the development of web applications and tools to assist in undertaking security and crime prevention reviews since the 1990s, including the development of Plot & Audit (https://PlotandAudit.amtac.net). He can be contacted at Rick.Draper@amtac.net
11t
Me
h&
urn 12th eV M ict ay ori a
lbo
2 Day Pro-Active Security Threat Assessment & Predictive Profiling Workshop
THREAT? THREAT?
THREAT?
THREAT?
Internationally renowned counter terrorism instructor Albert Timen, presents a two day pro-active security threat assessment and predictive profiling workshop. Based on over 20 years of active service in special operations as an undercover operator in one of the Israeli Defence Force’s Counter Terrorism special units and Police Central Intelligence Counter Terrorism branch, Albert will explain the guiding principles for planning and executing a terrorist attack with a view to helping participants better understand and predict probable terrorist methods of operations and subsequent suspicion indicators. The course covers: • Suicide Bombers – Methods of operations and the mitigation procedures used to thwart and prevent suicide terrorism • Proactive Threat Assessment Using Predictive Profiling methodology Principles of Security System Testing & The Cyclic Security Engineering Process • The Physiology of Threat Assessment and Decision Making • Principles of Questioning By the end of this two day workshop, participants should have a solid understanding of terrorist planning and methodologies and how to use that information to detect and deter potential attacks. Places are limited for rare opportunity to learn from one of the world’s most experienced counter terrorism trainers.
www.foenixprotection.com
Albert Timen
International Renown Counter Terrorism Trainer
SUBSCRIBE Security Solutions Magazine, Level 1, 34 Joseph St, Blackburn, Victoria 3130 | Tel: 1300 300 552
I wish to subscribe for:
oONLY $62 per annum!
Name: ............................................................................Company: ....................................................................................... Position: .........................................................................Address: ......................................................................................... Suburb:...........................................................................State: ................................. Postcode:............................................. Tel:..................................................................................Email: ................................................................. ........................... TERMS AND CONDITIONS For more information on subscriptions, or to contact Interactive Media Solutions, please phone 1300 300 552 or email to admin@interactivemediasolutions.com.au. Deductions will be made from your nominated credit card every year in advance of delivery. The direct debit request and subscription price may be changed by Interactive Media Solutions from time to time, however you will always be given at least 28 days notice. The authority to debit your account every year remains valid until you notify Interactive Media Solutions to cancel your subscription by contacting Interactive Media Solutions Customer Service. No refund is given after a payment is made. In the event of a cancellation of your subscription, the subscription will simply expire twelve months from when the last subscription payment was made. Information on how we handle your personal information is explained in our Privacy Policy Statement.
Credit Card oBankcard
oVisa
oMastercard
oAmex
oDiners
Card Number: ........................................................................................................................................................................ Exp: _ _ / _ _ Card Name: .................................................................................................................................................................................................................... Signature: ....................................................................................................................................................................................................................... When payment has been received and funds cleared, this document serves as a Tax Invoice. Interactive Media Solutions ABN 56 606 919 463. If this document is to be used for tax purposes, please retain a copy for your records.
Security Solutions Magazine now available on your iPad.
DOWNLOAD FREE FROM THE iTUNES STORE TODAY TO VIEW EXCLUSIVE CONTENT!
Subscribe to Security Solutions Magazine for
ONLY $62 per annum!
Simply fill in the form or call 1300 300 552
106 SECURITY SOLUTIONS
SECURITY STUFF C O N T E N T S
114
108 Spotlights
115
114 Product Showcases
119
108 110 112
Seagate Sektor EZI
114 115 116
Videofied Future Crimes Reputation Rules
117
Undercover Jihadi
118 Shop Talk Sylo Introduces Logipix SALTO’s ProAccess SPACE UniGuard GPS Tracking Seadan Security Partnership With Pelco Albert Timen Workshop Cognitec's Real-Time Face Recognition Technology
120 SECURITY SOLUTIONS 107
SPOTLIGHT
Why CCTV Requires Surveillance-Optimized Hard Drives. As digital surveillance (IP CCTV) becomes more and more pervasive in the security industry, so too does the need for strong, reliable storage specifically designed for the rigours of surveillance applications. Designing a CCTV system using high-end cameras, state-of-the-art analytics and a cutting edge VMS recording back to storage systems, which incorporates hard drives not properly engineered for the job, would be akin to installing the brakes from a 1960’s Volkswagen on new Porsche. Surveillance applications are amongst some of the most demanding with regard to hard drive performance due to a variety of factors. The question is, which type of hard drive is going to best suit your needs?
Additionally, the Seagate line of surveillanceoptimized HDDs offers low-power profiles, which not only help with energy conservation, but also ensure cool operating temperatures and enhanced system reliability while working a 24×7 profile. Seagate Surveillance HDDs also provide industry-leading AFRs (Annualised Failure Rates – a measure of estimated probability that a device or component will fail during a full year of use), as measured in their respective environments - ensuring dependable storage for personal and critical video content. This means your DVR or surveillance systems are less expensive once deployed in the field - needing little maintenance or repair.
Leading Storage Technology Surveillance HDDs vs Desktop HDDs Relying on traditional desktop drives, while they may have the required storage capacity, is not a good practice because they are not built to withstand the constant data writing involved when capturing multiple streams of high-definition video. The rigours of today’s video surveillance systems require true 24x7x365 operation, and standard desktop drives just can’t handle the workload. They are not tuned for video streaming performance. Therefore desktop drives are not an option for Surveillance environments.
24×7 Reliability Seagate Surveillance HDDs (the new generation SV35 HDDs), are designed for heavy-duty continuous recording of 24x7 video surveillance operations, with features like rotation vibration (RV) sensors to optimize reliability. Desktop drives, on the other hand, are designed to run 8x5 workloads.
108 SECURITY SOLUTIONS
In conjunction with their ability to handle highwrite workloads and 24×7 operation, Seagate Surveillance HDDs feature industry-leading storage technology for today’s DVR and video security applications. With up to 6TB capacity, Seagate’s Surveillance HDDs offer powerful dual processor technology and video-optimized write-cache management. This blend of features meets the storage needs of multiple, high-quality video streams, which are common in DVR and environments. Furthermore, it enables long-term retention of important video archives - a key need for many video security configurations. By melding high capacity points with the unique ability to withstand the vigorous demands of video environments, Seagate Surveillance HDDs maximise cost-per- gigabyte performance, giving system builders and integrators the best value for money!
Seagate Rescue Services Video footages may be critical to helping customers or authorities bring closure to cases and thus the video data recorded becomes a critical piece of evidence. Seagate understands that businesses need the peace of mind that comes from knowing that even in the worst scenario, they can help clients recover lost video data through Seagate Rescue services – a fast and easy data recovery solution that offers a greater than 90% success rate. Seagate offer a Rescue and Replace option designed to help customers walk away with not just their hardware, but their precious data as well. If a hard drive fails, they will send you back your data on a brand-new hard drive of equal or greater value. Not only will their plan
Robust Surveillance Storage The seventh-generation 1TB-6TB Seagate® Surveillance HDD addresses the increasing need for high-resolution cameras and camera counts, and ensures cost-effective performance and durability in always-on surveillance systems. • 1TB-6TB capacities support up to 16 drives and 32 cameras per system • Precision-tuned for high write surveillance workloads • Reliably performs in multi-drive systems with RAID support • Rotational vibration sensors for reliable performance • Customise power settings to best support motion-activated cameras with Idle 3 support
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
SEAGATE
Seagate Rescue services — How It Works
1
Submit a claim by calling Seagate hotline. http://www. seagate.com/contacts/contactnumbers
Seagate Rescue services complement our security system portfolio, enabling us to deliver both data protection and security and to provide greater support for our customers. Mr. Stanley EL Komala, National Product Manager of Q Security Systems give you peace-of-mind to know you’re covered in the face of catastrophe or simply clumsiness, but it will save you the hundreds it would cost to recover your files after the loss. According to Mr. Stanley EL Komala, National Product Manager of Q Security Systems, the combination of purpose-built reliability and the support of Seagate’s Rescue services options make them ideal partners for security applications. “We are looking forward to working with Seagate and being able to offer Surveillance HDDs and Rescue services for the DVR and NVR (Network Video Recorder) storage applications,” said Mr. EL Komala. “Seagate Rescue services complement our security system portfolio, enabling us to deliver both data protection and security and to provide greater support for our customers.”
2
Drop your drive to the nearest Receiving Center and it will be shipped to Seagate lab for free
Mr EL Komala’s sentiments are echoed by Nathan Walters, Sales Engineer of Rhino Co. Technology who believes “The Seagate Rescue services are essential for any Video Surveillance system. Not only is it a reliable storage solution, but it also has a guaranteed disaster recovery plan that will offer our customers the assurance they can rely on for the retrieval of their most crucial video footage.” “With more than 30 years in the electronic security industry behind us, we strive to support our valued customers with the best products.
The Seagate Rescue services are essential for any Video Surveillance system. Not only is it a reliable storage solution, but it also has a guaranteed disaster recovery plan that will offer our customers the assurance they can rely on for the retrieval of their most crucial video footage.
3
The company will recover your data and send it back to you.
We believe that with Seagate’s partnership and integration of its Surveillance HDDs and Rescue services, we have come a step closer to achieving our goal.” The demanding requirements of video surveillance applications require hard drives with specialised features to deliver 24x7 reliability and optimised performance. Designed to accommodate high-write workloads, always-on demands and considerable amounts of video content from multiple camera streams, Seagate surveillance-optimised HDDs offer system integrators and end-users significant long-term benefits over budget-priced desktop options. And by minimising service costs for deployed systems, these purpose-built drives contribute to greater cost-savings over time. When combined with Seagate’s Rescue services, you can be sure that clients can enjoy complete peace-of-mind.
For more information on Seagate Surveillance storage portfolio, Visit www.seagate.com/surveillance Call us at 1800 147 201 Email us at apj.sales.enquiry@seagate.com with email title “SSM, May”
Nathan Walters, Sales Engineer, Rhino Co. Technology
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
SECURITY SOLUTIONS 109
SPOTLIGHT
Managing the Migration to Future Solutions The Challenge of IT and Security Convergence When the first centralised IP camera was released by Axis Communications in 1996, it heralded the dawn of a new era for the security industry. The Axis Neteye 200 represented a paradigm shift whereby security integrators, managers and consultants – traditionally conversant in analogue systems and technology, were confronted with the reality of an increasingly digital world full of IP addresses, networks and bandwidth. Areas that had previously been the domain of IT professionals, who appeared to practice seemingly magical arts while cloistered away in rooms full of mysterious electronic wizardry, suddenly became relevant to physical security. At the other end of the spectrum, IT professionals found themselves suddenly having to defend corporate IT networks against the encroaching hoard of physical security practitioners who understood no more about the principles of networking than they did super string theory. This clash of cultures has, to varying degrees, continued for almost two decades as more and more of the traditional analogue security systems, such as access control, intrusion detection and identity management, have slowly migrated into the digital realm. Today it is well accepted IP cameras are outselling analogue cameras, especially in Asia Pacific, a clear indication that analogue technology is going the way of the typwriter. Despite the fundamental shift across the security industry away from legacy analogue
110 SECURITY SOLUTIONS
technology to next generation digital systems, the level of technical proficiency amongst many security installers, integrators and consultants lags behind the ever accelerating pace of technical development and evolution. This growing skills gap means that, in many instances, integrators and installers are struggling to create and implement solutions that leverage the full capabilities of the systems they are selling in a manner that keeps margins strong and jobs profitable while ensuring the client achieves the best possible outcome. This is largely because a certain level of separation still exists between the knowledge and expertise of physical security experts and IT professionals. What has been required is a group of specialists with knowledge from both the IT and physical security arenas who can effectively bridge the gap by helping integrators and installers create and deploy solutions in a timely, cost effective and reliable manner… Enter Sektor. Sektor is an innovative provider of technology solutions across a wide array of areas, including but not limited to security, surveillance, retail POS, data capture, warehouse/logistics, network infrastructure and mobility products. Not your average distributor, Sektor works with installers, integrators and consultants to take the complexity and pain out of technical installations while helping to reassure IT managers that the systems and technologies being installed will in no way compromise existing IT infrastructure. According to Andre van Duiven, General
Manager at Sektor Security, “We often encounter instances where a consultant or integrator wants to install a second network alongside the existing corporate network, for the purposes of running security systems such as CCTV, access control and so on. This can occur for a variety of reasons, not the least of which is a desire to reduce risk to the existing network. A part of our role is to help both sides understand why that isn’t necessary, and how the security infrastructure can co-exist
Areas that had previously been the domain of IT professionals, who appeared to practice seemingly ‘magical arts’ while cloistered away in rooms full of mysterious electronic wizardry, suddenly became relevant to physical security. with other network systems to reduce cost, deployment time and maintenance. It is also not a sustainable business practice,” explains Andre. “Imagine building the Sydney Harbour Bridge just for cars and a separate harbour
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
DIVISION
SEKTOR Australasia’s leading technology distributor to the Networking, Mobile Computing, Retail Point of Healthcare markets. Their world‑leading IT brands include: HP, AEROHIVE, ARUBA, HONEYWELL, GIC, EPSON, TOSHIBA, and ZEBRA.
ng the trend of security solutions becoming more IT centric, Sektor established its Security Division t resellers and their customers with these new challenges and proudly brings its extensive expertise curity market with innovative solutions from: *
**
ne step ahead of your competition is a constant challenge. Selling exclusively via integrator channel Sektor’s ongoing research into emerging trends and technologies ensures its partners are ideally bring the latest innovations and solutions to their customers. Sektor enhances integrators’ businesses ne partner portal as well as expert advice, service and support from its team of highly skilled s with full IT experience. Sektor also provides integrator training programmes as new technologies uced to the market.
t how Sektor can help you keep on top of IT.
00 273 586 I e: security@sektor.com.au I www.sektor.com.au 00 735 867 I e: security@sektor.co.nz I www.sektor.co.nz
ducts only available in Australia products only available in New Zealand bridge for buses with yet another for trains and
so on. The costs of such an endeavour make the entire project unviable. It is no different with information networks. We help our partners and clients understand how all of that traffic can hes Security Ad 276x210mm.indd 1 be managed on the one network. Furthermore, we provide them with the skills to make that happen.” “However, that is only a part of what we do,” explains Andre. “Our vision is to help our clients, who are the integrators and installers, better understand and operate in an IT-rich environment. As a part of that vision, we are working to change the way our partners view video in a security environment.” According to Andre, what they refer to as ‘video’ differs from CCTV insofar as “CCTV has traditionally been viewed and used by the security industry as a reactive measure, watching events from the past. However, now when talking about video from security IP cameras, video can be a proactive measure that combines traditional CCTV tools and infrastructure with other IT technologies to provide business solutions and data driven outcomes that help our clients be more effective. Video becoming the next evolution beyond CCTV, enhancing business processes.”
To illustrate his point, Andre uses the example of a retail loss prevention solution whereby, through the use of IP cameras, point of sale technology, warehousing systems, stock control measures and so on, a retailer, with the help of their integrator, is able to set up a system that can capture valuable data around any transaction and then use that metadata to link video to that specific event. “This means that a senior manager no longer has to spend hours trawling through endless gigabytes of footage to find a relevant event. Using these tools, any business user can view precise and relevant footage (and only that footage) in their business system. This means that in contrast to the traditional system where an authorised manager would go the VMS to secure retail POS footage, now a duty manager accesses just the specific transaction footage from inside their business system. This can be used to monitor not only retail employees activities at POS as currently done more traditionally, but can now expand to any transaction such as all stock movements of a particular fridge – being received at the warehouse, loaded on the truck, receipted at the retail store, sold and then delivered to the customer. Each at the press of a single button.” “The same could be done in the case of an out
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
going stock delivery for example. When a client calls up to say that the delivery only contained eleven items instead of twelve, the person taking the call asks for an invoice number and this could be entered into the system to bring up the 1/04/15 9:54 am video of the delivery being packed and shipped to see exactly how many items went out.” The possibilities are endless when you begin to delve into what can be done by combining various systems, software and infrastructure to capture, and more intelligently make use of, data. “Our goal is to take the pain out of the IT aspects of systems integration for our integrators while helping them understand how they can effectively capture more of the value they are creating for their clients; helping their clients achieve better return on investment and a more streamlined, effective and intelligence driven operation with video integration.”
For more information on Sektor and their products and services, visit www.sektor.com.au
SECURITY SOLUTIONS 111
SPOTLIGHT
Making Security EZI In recent years, the security market has experienced significant challenges arising from a multitude of factors impacting the global economy. The contracting economy has put into place downward pressures that force many businesses entities to look for areas in which costs can be cut. As a result, there has been an increase in the number of installations involving high security sites where lesser quality, low cost options are being substituted for properly designed, tested and rated perimeter security products. And while many of these products might look secure, the reality is that in many cases, they have not been tested, let alone rated. Research indicates that security failures often arise from poor decisions made during the purchasing process where security equipment is chosen based on cost alone. This can unfortunately result in the introduction of risk factors into a project design brief. All too often, these risks and vulnerabilities are not properly identified until after an incident at which point it is too late to make changes as the chosen solution/s has failed. Of course, in reality, these ‘security errors’ are often not the result of anything a properly trained and qualified security consultant or engineer has done, but are instead, almost always the result of external influence exercised over a project by finance and accounting personnel. Even in instances where a security budget has been adequately allocated, designing the final security overlay requires careful balance and consideration to ensure that the right balance has been struck between proactive and reactive measures. For
112 SECURITY SOLUTIONS
example, a CCTV camera cannot stop a truck, yet similarly, one needs to be able to monitor and control a gate. In short - at a time where the risk of terrorism is possibly the greatest it has ever been, achieving a properly balanced approach to security must not be sacrificed in favor of the lowest possible bidder.
Research indicates that security failures often arise from poor decisions made during the purchasing process where security equipment is chosen based on cost alone. As one of Australia’s leading perimeter security companies, Ezi boasts an extensive range of products including the Perimeter Protection Group’s crash rated products consisting of wedge barriers, TruckStopper, and bollards. Ezi’s extensive crash proof range has been vigorously tested and certified to meet both K12 and PAS 68 standards. The combination of years of experience and an extensive range of high security products enable Ezi security to fortify and protect critical infrastructure anywhere.
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
EZI
Sydney Storage Boat Facilities recently approached Ezi Security Systems to secure the boat facilities yard with a shared common boundary with Sydney Ports, which will enable fire crews to use the boat facilities fire pump out station in case of an emergency while retaining a highly secured international port. The security of White Bay needed to meet specific aesthetic, functional, and economic goals, which proved challenging in the current economic climate. Ezi Security Systems was able to work with the client to provide a Pas 68 certified TruckStopper security gate. Unfortunately, on projects of this type, it is often the case that high-level security measures, which are properly designed, tested and rated, are installed alongside cheaper, lower security products, in an effort to minimize costs, effectively neutralizing the benefits of the properly rated solution. Ezi Security Systems proposes that the physical security industry must introduce and enforce a minimum standard of safety, quality and professionalism. Saving money by lowering security standards is like trying to save time by stopping your clock. It simply doesn’t work.
ÂŽ
Nee The
For more information about Ezi Security Systems, please visit www.ezisecurity.com.au
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Ezi Security Systems manufactures and installs a SECURITY SOLUTIONS 113 premium range of vehicle and pedestrian control security products, including automated cantilever
PRODUCT VIDEOFIED / FUTURE CRIMES / REPUTATION RULES / UNDERCOVER JIHADI
VIDEOFIED It is well known that it is harder and more expensive to obtain new customers than it is to service existing customers. Developed by RSI Video Technologies, Videofied is not only a class-leading security solution, but also a great way to grow a business and/or secure property. Anyone looking for a security system that provides peace of mind should look no further than Videofied. This innovative, wireless and self-powered alarm with built-in video verification for priority police/guard/user response, incorporates state-of-the-art technology and features. The latest version of the Videofied system features the new W Series control panel that enables communication to devices over military-grade radio frequency and to the central station over cellular, Ethernet/IP or Ethernet/IP with cell backup. The W Series features modular expansion options to allow for Wi-Fi communication to the central station, a wired siren and input/outputs for integration with third-party devices and video verification upgrades. The most recent panels in the Videofied range also enable the ability for end-users to interact with the system via their smartphone. With the VideoApp4All app, users can remotely: • arm and disarm the entire system or special areas • view system events log • look-in through MotionViewers VideoApp4All is compatible with all Videofied panels, but it does require that the control panel has a power supply. It is also recommend that the control panel be connected to Ethernet to save on cellular communication data costs. With a range of accessories available, such as indoor and outdoor motion viewers and detectors, reed switches, code pads and arming devices, Videofied is also a great way to help grow an existing security business. With minimal training, a team can be installing Videofied systems across a customer base in no time. What is more, because the system is completely wireless, installation does not require running of cables or complicated networking, which ensures fast turnaround and minimal time onsite. For more information visit www.videofied.com.au or call 1300 46 44 55
114 SECURITY SOLUTIONS
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.
FUTURE CRIMES One of the world’s leading authorities on global security, Marc Goodman takes readers deep into the digital underground to expose the alarming ways criminals, corporations, and even countries are using new and emerging technologies against you—and how this makes everyone more vulnerable than ever imagined. Technological advances have benefited our world in immeasurable ways, but there is an ominous flip side: our technology can be turned against us. Hackers can activate baby monitors to spy on families, thieves are analyzing social media posts to plot home invasions, and stalkers are exploiting the GPS on smart phones to track their victims’ every move. We all know today’s criminals can steal identities, drain online bank accounts, and wipe out computer servers, but that’s just the beginning. To date, no computer has been created that could not be hacked—a sobering fact given our radical dependence on these machines for everything from our nation’s power grid to air traffic control to financial services. Yet, as ubiquitous as technology seems today, just over the horizon is a tidal wave of scientific progress that will leave our heads spinning. If today’s internet is the size of a golf ball, tomorrow’s will be the size of the sun. Welcome to the Internet of Things, a living, breathing, global information grid where every physical object will be online. But with greater connections, come greater risks. Implantable medical devices such as pacemakers can be hacked to deliver a lethal jolt of electricity and a car’s brakes can be disabled at high speed from miles away. Meanwhile, 3-D printers can produce AK-47s, bioterrorists can download the recipe for Spanish flu, and cartels are using fleets of drones to ferry drugs across borders. With explosive insights based upon a career in law enforcement and counterterrorism, Marc Goodman takes readers on a vivid journey through the darkest recesses of the internet. Reading like science fiction, but based in science fact, Future Crimes explores how bad actors are primed to hijack the technologies of tomorrow, including robotics, synthetic biology, nanotechnology, virtual reality, and artificial intelligence. These fields hold the power to create a world of unprecedented abundance and prosperity. But the technological bedrock upon which we are building our common future is deeply unstable and, like a house of cards, can come crashing down at any moment. Future Crimes provides a mind-blowing glimpse into the dark side of technological innovation and the unintended consequences of our connected world. Goodman offers a way out with clear steps we must take to survive the progress unfolding before us. Provocative, thrilling, and ultimately empowering, Future Crimes will serve as an urgent call to action that shows how we can take back control over our own devices and harness technology’s tremendous power for the betterment of humanity—before it’s too late. For more information, visit www.amazon.com
SECURITY SOLUTIONS 115
PRODUCT VIDEOFIED / FUTURE CRIMES / REPUTATION RULES / UNDERCOVER JIHADI
REPUTATION RULES In our lightning-fast digital age, a company can face humiliation and possibly even ruin within seconds of a negative tweet or blog post. Over the last year companies such as BP, Goldman Sachs, and Toyota have experienced serious blows to their images that could have had reduced impact if their leaders had implemented reputation management into their business strategy and culture. There is no one in either the corporate or academic sphere with greater expertise in the area of corporate reputation than Dr. Daniel Diermeier. An award-winning professor at the Kellogg School of Management, Northwestern University, Dr. Diermeier has blazed a path in understanding the significance of reputation management and demonstrating how a company can create a program so powerful that it can help turn a potential public disgrace into a public image success story. Reputation Rules is a landmark work bringing to light Dr. Diermeier’s groundbreaking insights in this critical area. He offers the frameworks, strategies, and processes for changing your company’s focus as quickly as the world is changing around you. He touches on all of the reputational issues that need to be managed from a strategic level, describing how to: • Overcome direct challenges from influential activist and political forces • Manage corporate scandals, including executive compensation • Use external, seemingly unrelated events to boost reputation • Build a reputation management process into everyday operations In addition, Dr. Diermeier provides case studies of Shell’s confrontation with Greenpeace, Mercedes’s recovery from the Moose crisis, AIG’s executive bonus fallout, Wal-Mart’s reputation-building response to Hurricane Katrina, and numerous other scenarios illustrating what works and what doesn’t when it comes to reputation management. Brimming with keen insights and lucid examples, Reputation Rules is a guidepost for your organization’s future—and a salve for crisis management. “Reputation Rules breaks new ground in what has until now been an elusive challenge for companies and consultants alike. An exquisite compendium of navigational tools. . . This is a game-changing book to be sure.” —Harlan A. Loeb, Executive Vice President, Director of U.S. Crisis and Issues Management, Edelman “Daniel Diermeier has continuously caught the attention of the business world with insightful and compelling facts that should once again challenge our thinking and actions. In today’s fast-changing business environment, values and reputation are the foundation, and Daniel presents sound reasoning and experience as to why they are so important.” —Jeff Stratton, Executive Vice President and Chief Restaurant Officer, McDonald’s Corporation For more information, visit www.amazon.com
116 SECURITY SOLUTIONS
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.
UNDERCOVER JIHADI: INSIDE THE TORONTO 18 - AL QAEDA INSPIRED, HOMEGROWN, TERRORISM IN THE WEST Mubin Shaikh was born and raised in Toronto, Canada amidst twenty-first century, Western values. He attended public school. But at night, his parents insisted he also attend Islamic madrasa. Mubin joined the Canadian Army Cadets, used drugs, had sex and partied just like the other kids. He fit right in—until he didn’t. Going through an acute identity crisis at age nineteen, Mubin recommitted himself to Islam. But a chance encounter with the Taliban in Pakistan and then exposure to Canadian extremists took him down the militant jihadi path. Mubin initially celebrated the 9-11 attacks, although he found the killing of innocent civilians in the name of Islam disturbing. 9-11 prompted him to travel again, to Syria—to become involved in the “great jihad”—the Muslim version of the final apocalypse in “the land of Sham and the Two Rivers.” There he learned the truth of his religion and faced a fork in the road. Mubin went back in—but this time working undercover with the Canadian Security Intelligence Service (CSIS) and the Royal Canadian Mounted Police (RCMP). Ultimately joining the “Toronto 18”, Mubin walked a tightrope between Western culture and Islamic jihad. Risking everything, he gathered inside information about the group’s plans for catastrophic terror attacks—to detonate truck bombs around the city of Toronto, behead the Prime Minister, and storm the Parliament Building in retaliation for Western intervention in Muslim lands. Their cadres included Americans who had similar ideas for Washington, D.C. Mubin Shaikh is one of the very few people in the world to have actually been undercover in a homegrown terror cell. His is a story of growing up Muslim in an age where militant jihad is glorified, of being caught between two identities and finally emerging victorious. Because of this courageous experience, Shaikh is considered an expert for topics related to radicalization and violent extremism and has appeared on ABC, NBC, CBC, CNN and multiple outlets to speak on these topics. He remains closely connected to various governments and their national security functions. Anyone concerned about the returning Jihadist threat in Australia needs to read this book. For more information, visit www.amazon.com
SECURITY SOLUTIONS 117
SHOPTALK
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Sylo Introduces Logipix CCTV Solutions To Australia Sylo, Australia’s leading Security Architects specialising in best-of-breed, innovative and custom security solutions, has signed an exclusive regional agreement with Hungarian CCTV manufacturer Logipix. The Logipix range of products, including the new LOGIPIX ONE, represents the very latest in CCTV technology. According to Peter Jeffree, General Manager at Sylo, “The cutting edge, next generation technology in Logipix products makes them an ideal fit for Sylo. We pride ourselves on providing tailored solutions that balance market-leading innovation with old-fashioned levels of service.” Logipix is definitely a market leader. The LOGIPIX ONE camera features a 1” sensor that provides 14 MP resolution @20 FPS. “The increased sensor size in the Logipix One (3x larger than the average sensor), provides more detailed images with sharper edges and improved low-light performance, resulting in the camera being capable of producing images with less noise and better dynamic range,” explains Jeffree. High Resolution is not the only benefit, it also delivers a massive 20 fps of video stream at the full 14MP resolution, offering fluid video content. “Sylo is in the process of integrating LOGIPX ONE into Axxon Next VMS. This is being developed in-house by Sylo’s Oleg Malashenko, a former lead software developer at AxxonSoft, in partnership with the Axxon development team,” says Jeffree. LOGIPIX ONE is precision engineered, and undoubtedly a state-of-art multi-megapixel camera which is set to revolutionise the video surveillance industry. For more Information, visit www.sylo.com.au or call +61 7 3841 8882
SALTO’s ProAccess SPACE SALTO’s ProAccess SPACE web-based software brings a new level of powerful flexibility to access control so that users can order the functionalities that they most need and upgrade accordingly as a system and needs grow. In addition to the abundance of important new functionalities, SPACE also has a modern interface that is more user-friendly to help users find and operate the functions they want to use as quickly and intuitively as possible. ProAccess SPACE takes you to the next level of access control in terms of security, usability, flexibility and efficiency. An improved and more intuitive interface results in improved security because operators can create and manage users easier than ever. And because it’s web-based, there are no worries about different operators using different versions of the software – with one install or update it’s straightforward to keep all operators up to date. But just because it’s easy, doesn’t mean it’s a lightweight: SPACE is compatible with the stringent IT requirements that smart organizations demand. The richness of features included in SPACE results in this software being the ideal solution for virtually any type of installation – from a project that is small in scope and users, to a massively complex organization with a mix of buildings, services, and a multitude of user profiles. SALTO with its mobile solutions solves the challenge of the increasing number of system users that need mobility. SALTO ProAccess SPACE and the SALTO JustIN application keeps users’ access rights up-to-date even when they are far from installed update points, without sacrificing security or effectiveness. For more information, visit www.saltosystems.com
118 SECURITY SOLUTIONS
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
SHOPTALK
UniGuard GPS Tracking UniGuard offer state of the art GPS tracking solutions to network your workforce and keep everyone accountable while providing a safe work environment throughout their shift. Using UniGuard will allow you to keep track of your staff and assets with live web based tracking. This enables you to monitor their position in real time along with their speed, distance travelled, ignition status, geofence alerts (if staff travel into or out of a predefined area), heat maps, voice and image feeds directly from the vehicle and more. UniGuard will also send you custom alerts based on your inputs that will inform you of any issue raised in the system. If a driver is travelling above an allocated speed, leaves a designated geofenced area or simply needs to refuel, you can be alerted via SMS and email about the situation before it gets out of hand. Comprehensive reports such as trips, distance, overspeed, geofence and more will provide you with the information you need to keep your business and facilities running at optimum performance. Maintain a safe working environment for your mobile staff while providing your clients with a superior service. For more information, visit www.uniguard.com.au
Seadan Security & Electronics Further Expands CCTV Division By Announcing A New Strategic Partnership With Pelco By Schneider Electric Seadan Security & Electronics forges ahead in rapidly expanding their CCTV Division by confirming a strategic partnership with Industry giant Pelco by Schneider Electric. Seadan continues to grow their CCTV Division by forming a new partnership with Pelco. This newly formed alliance will provide the Australian market with a greater breadth of choice in CCTV innovation and technology. About Seadan Security & Electronics Seadan Security & Electronics is a leading Australian wholesale supplier of security system solutions, including CCTV. Seadan is pleased to be appointed a supplier of Pelco and their products will be on display shortly in all showrooms across Australia. About Pelco by Schneider Electric Pelco by Schneider Electric is a world leader in the design, development and manufacture of IP-based video security systems, software and services ideal for any industry. The Pelco brand of products includes a wide range of network cameras, discreet camera domes and enclosures, video management systems, thermal imaging products, extreme environment systems and much more – all in the never-ending pursuit of achieving the highest level of customer satisfaction possible. Pelco product launch details to follow. For more information, visit www.seadan.com.au
SECURITY SOLUTIONS 119
SHOPTALK
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Internationally Renowned Counter Terrorism Instructor Coming To Melbourne Internationally renowned counter terrorism instructor Albert Timen, presents a two day pro-active security threat assessment and predictive profiling workshop. Running from 11-12 May, 2015, in Spotswood, Victoria, this incredible two-day workshop is based on experiences gathered over 20 years of active service in special operations as an undercover operator in one of the Israeli Defence Force’s Counter Terrorism special units and Police Central Intelligence Counter Terrorism branch. Over the course of the two days, Albert Timen will explain the guiding principles behind planning and executing a terrorist attack with a view to helping participants better understand and predict probable terrorist methods of operations and subsequent suspicion indicators. The workshop will cover: • Suicide Bombers – Methods of operations and the mitigation procedures used to thwart and prevent suicide terrorism; • Proactive threat assessment using predictive profiling methodology, principles of security system testing & the cyclic security engineering process; • The physiology of threat assessment and decision making; and • Principles of questioning By the end of this two-day workshop, participants should have a solid understanding of terrorist planning and methodologies and how to use that information to detect and deter potential attacks. Places are limited for this rare opportunity to learn from one of the world’s most experienced counter terrorism trainers.
Albert Timen
Visit http://foenixprotection.com for more information.
International Renown Counter Terrorism Trainer
Cognitec Introduces Video Camera with Integrated Face Detection and Tracking to Complement Real-Time Face Recognition Technology Cognitec now offers a highly specialized IP video camera with built-in face detection and tracking technology as a component of its FaceVACS-VideoScan product. The FaceVACS-VideoScan C5 camera provides optimal image quality for real-time face recognition, even under challenging conditions, while requiring low computing hardware and bandwidth resources. Currently, users of high-resolution machine vision cameras require constant high bandwidth to receive uncompressed face images for optimal recognition performance. This scenario requires a dedicated network connection between camera and software. Typical surveillance cameras with moderate bandwidth requirements produce compressed images, leading to decreased biometric performance of the face recognition software. FaceVACS-VideoScan C5 combines advantages of the options above: the high image quality of machine vision cameras and moderate bandwidth requirements of surveillance cameras. The camera performs real-time, gapless face detection/tracking and generates lossless, cropped video streams for all faces appearing in front of the camera. An integrated camera control provides optimized exposure on the face area. FaceVACS-VideoScan C5 supports RTSP/H.264 video streams for integration with digital video recording systems. The camera delivers optimal integration with Cognitec’s product FaceVACS-VideoScan, enabling the technology to detect and identify persons of interest in real time and with great accuracy. In addition, anonymous facial analysis over time allows the software to compute people count, demographical information, people movement in time and space, and to detect frequent visitors and crowds. About Cognitec Cognitec develops market-leading face recognition technologies and applications for enterprise and government customers around the world. Various independent evaluation tests have proven the premier performance of our FaceVACS® software. Cognitec’s portfolio includes products for facial database search, video screening and analytics, border control, ICAO compliant photo capturing and facial image quality assessment. Corporate headquarters are located in Dresden, Germany; other offices in Miami, FL; Rockland, MA; and Sydney, Australia. For more Information, visit www.cognitec.com or email info@cognitec.com
120 SECURITY SOLUTIONS
Melbourne store now st located fir floor
Switch to the access control that changes with you.
Move to HID Global’s adaptable iCLASS SE® Platform and start using the technology of tomorrow, today. When it comes to access control, it can be difficult to stay ahead of changing security concerns and technology demands. Go with HID Global’s iCLASS SE® Platform — the new standard in access control that positions you for the future with an open, adaptable solution that easily integrates smart cards, mobile devices and whatever tomorrow brings. Join the revolution in evolution and get greater security, flexibility and simplicity. Make your change by visiting hidglobal.com or contact us at +613 9809 2892 or email at asiasales@hidglobal.com. © 2015 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo, the Chain Design, and iCLASS SE are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission.