AUSTRAL ASIA’S LE ADING SECURIT Y RESOURCE FOR BUSINESS AND GOVERNMENT
When Technology & Terrorism Collide Understanding The Future Of Security
#96 JUL/AUG 2015 $9.95 inc GST / $10.95 NZ ISSN 1833 0215
APPreciate your security! WITH Videofied, a key player in the alarm system market!
1
On detection, the wide-angle camera records a colour video clip.
Depending on the selected panel: • Operates up to 4 years on one set of batteries • Quick installation wireless or powered • Alarm video sent over GPRS / IP • Connected, accessible, portable, usable anywhere
2
The video is sent to the monitoring station.
3
The monitoring operators can watch the video of the intrusion in real time, removing any doubt!
4
When there is a genuine intrusion, the monitoring station calls the police or required response...
Security
Peace of Mind
Connected
VIDEOFIED®, simply closer to you...
From your office, holidays or anywhere in the world, the APPlication allows you to check Videofied systems on your smartphone. It’s a real interactive tool between you and the panel. The APPlication* allows you to genuinely APPreciate your security system.
*Contact your distributor / Videofied dealer to upload your application for smartphones. Compatible with iPhone and Android
CONNECTED PRODUCTS THAT APPRECIATE YOUR SECURITY!
CALL US
NOW FOR EXCITING NEW PRICING!
1300 46 44 55
W PANEL
info@videofied.com.au www.videofied.com.au
APPRECIATE THE MODERN TECHNOLOGY!
The W panel is a wireless alarm system which adapts itself to the availability of transmission networks. During an intrusion, the W Panel is able to transmit alarms and videos on the ETHERNET network or GPRS. W-IP720 PANEL
W-IP730 PANEL
Hardwired inputs / outputs
Optional module (WIO100)
Optional module (WIO100)
Wired siren
Optional (WIS100)
Optional (WIS100)
GPRS Communication IP transmission
The wireless system with colour video verification Thanks to its wireless capability, the Videofied system is easily installed. It also transmits wirelessly through GPRS cellular communications.
Number of devices Power supply Radio
25
25
Mains power (WPS100) with battery back-up
Mains power (WPS100) with battery back-up
915 MHz
915 MHz
OUTDOOR MOTION VIEWER
Programming Button
Combine Indoor & Outdoor systems Extend security to protect outdoor assets
IP65 - All weather anywhere security 100% wireless battery operation Fast and Easy installations
Detector VGA Day/Night Video camera
Infrastructure
Marine
e-Guarding
Industrial
Commercial
Warehousing
Infrared LED Input/Output Integration terminals
*New model (as pictured) COMING SOON in early 2016
MORE REACH
than ever before
Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...
issuu.com/interactivemediasolutions
CONTENTS ISSUE 96
052
COVER STORY WHEN CRIME, TECHNOLOGY AND TERRORISM COLLIDE Technology is evolving rapidly. Everyday, more and more devices are connected to the Internet, more and more businesses move their operations into the cloud and we become more and more reliant on connected devices to work, live and play. The changing technological nature of the world is having a dramatic impact on the security industry and the nature of threats. How are criminals and terrorist groups exploiting technology? What new threats are emerging and what does the security industry need to do to combat the potential for techno-crime?
028.
THE NEXT GENERATION OF GLOBAL TERRORISM Neil Fergus looks at the growing security concerns around Islamic State of Iraq and the Levant (ISIL), more commonly referred to as Daesh. How is it attracting new recruits, what danger does it pose and what should the international security community be doing to combat this growing threat?
064.
THE NEXT GENERATION OF GLOBAL TERRORISM
028
SMARTPHONES AND APP SECURITY The number of mobile phone subscriptions worldwide is around the seven billion mark and growing. Smartphones are becoming more complex and more powerful in order to provide more functionality. Because of their unique characteristics, they present challenges that require new business models that offer countermeasures to help ensure their security. Graeme Cunynghame examines the growing concerns around security threats against smartphone users and the challenge this type of threat presents to the security of businesses and individuals.
072.
DEMYSTIFYING TECHNICAL SURVEILLANCE COUNTERMEASURES PART 3 In the last issue of Security Solutions Magazine, Michael Dever explored solutions to technical surveillance threats, how to design countermeasures and considerations when selecting a technical surveillance countermeasure (TSCM) service provider. In this issue, he explores some myths surrounding the provision of TSCM services and offers readers some procurement advice.
096.
SECURITY 2015 Find out everything you need to know about this year’s pre-eminent security conference and expo – Security 2015. We bring you floor plans, exhibitor lists, a conference program and all the information you need to get the most out of your visit.
100.
YOU WILL NOT BELIEVE WHAT A LITTLE BIRD TOLD ME: THE METADATA BEHIND THE TWEET Social media has become an integral part of daily life for hundreds of millions of people around the globe. People share important details of their lives, as well as trivial observations that appear to be of little interest to anyone else. What most people do not realise is that there is a whole industry built around capturing and analysing the metadata that accompanies every tweet and social media post. What hidden information can security professionals gain from these tweets and posts?
004 SECURITY SOLUTIONS
SMARTPHONES AND APP SECURITY
064
Presco™ Event Logger
INTRODUCTION
FEATURES
The Presco™ Event Logger makes programming multiple Presco™ door access controllers a breeze, providing a user friendly platform for access control with full upload/ download capabilities directly from your PC.
• 12 Volt D.C. operation.
Maximum security is provided with 3 different operator levels for programming, editing user details or simply viewing events. When an event is logged it is locked into memory and cannot be manipulated, so you know the integrity of your access control system is assured.
• Stores 5,000 events with time & date stamping.
PC software supplied for Windows™ Vista, 7 & 8.1.
• 36 month manufacturer’s warranty. • 800 Users with names up to 32 characters.
• Up to 8 Presco™ PAC controllers can be monitored simultaneously giving control of up to 16 doors. • Internal replaceable button cell holds memory and keeps clock running for up to 10 years.
Three software operator levels restricts access to program
For your local stockist visit:
www.presco.com.au Phone: +61 3 9808 6244
SECURITY SOLUTIONS 005
ALARMS
SPECIAL FEATURE
084
034
OPERATIONS
038
CONTENTS ISSUE 96
010.
LETTER FROM THE EDITOR
012.
BRIGHT IDEAS
014.
DID YOU KNOW?
016. SECURITY BYTES Funny stories, tips, tricks, trivia and news from the security industry.
068. LOSS PREVENTION Organised crime costs retail businesses millions of dollars each year. The question is, how do you know if your business is being targeted by organised crime?
018. CRIMINAL ODDITY
It should be called ‘What not to do to end up in this section’, but alas, we find a special home for those who are met with odd criminal situations and a lack of intellect.
020. EVENTS CALENDAR A look at upcoming industry events. 024.
076. AVIATION SECURITY Steve Lawson looks at changes to aviation screener training and asks, are the new procedures flawed?
078. LEGAL Q&A What role does an organisation’s culture play in developing an effective loss prevention program?
INDUSTRY NEWS All the latest from the industry.
026. MLA UPDATE We bring you the latest news and updates from the Master Locksmiths Association.
034. ALARMS Thermal imaging may not be new, but there are a number of new ways this technology can be employed to enhance the intrusion detection capabilities of any security system.
080.
ACCESS CONTROL How can you more effectively integrate
mobile devices into your access control infrastructure to better manage users and costs?
084. INSURANCE We examine some of the pitfalls and common
088. EMERGENCY RESPONSE When an emergency hits with no warning what, if anything, is the role of security?
038. OPERATIONS Richard Kay looks at the importance of a winning mindset in office survival.
092. HOMELAND SECURITY What are the indicators that security officers should be trained to look for when detecting potential surveillance by criminals or terrorists?
042. CCTV IP camera manufacturers often provide specification sheets to help you choose the right camera for the job, but which specifications are the important ones to consider?
048. BUSINESS BEYOND Ray Hodge looks at ways to increase the value of the security department within an organisation.
060. JUST LAW Dr. Tony Zalewski discusses issues relating to the use of force in the workplace, including matters relevant to the increased risk of workplace violence.
006 SECURITY SOLUTIONS
misconceptions around properly insuring sub-contractors.
105.
SECURITY STUFF
106. SPOTLIGHT 108. PROFILES 112.
PRODUCT SHOWCASES
116. SHOPTALK Company announcements from within the industry.
Bring Your Security to the Next Level TM
Bullet, Dome & PTZ Cameras & Recorders
Designed with outstanding HD resolution for both indoor and outdoor installation, IR and low-light capable solutions for exceptional night vision, and reliable IP PoE connectivity – FLIR has a security solution for you. • 1-5 MP resolution cameras • Third-party VMS Software compliant/ONVIF • Remote cloud-based viewing via iOS, Android, PC & Mac
Visit flir.com/security-solutions to learn more.
Yo u r c o m p l e t e s o l u t i o n f o r t h e r m a l a n d v i s i b l e s e c u r i t y ! Visit us at Security 2015 – stand H.37
SECURITY SOLUTIONS 007
www.securitysolutionsmagazine.com
Editorial Editor: John Bigelow john@interactivemediasolutions.com.au Sub-Editing: Helen Sist, Ged McMahon
Contributors: Peter Johnston, Bob Mesnick, Richard Kay, Neil Fergus, Ray Hodge, Dr Tony Zalewski, Graeme Cunynghame, Craig Harwood, Mike Dever, Anna Richards, Stephen Lawson, Jonathan Johnson, Kylie Howlett, Ami Tobin, Don Williams, Rick Draper.
Advertising sasenberger@interactivemediasolutions.com.au Phone: 1300 300 552 Publication Co-Ordinator: Stan Asenberger
Marketing & Subscriptions admin@interactivemediasolutions.com.au $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)
Design & Production Graphic Design: Jamieson Gross graphics@interactivemediasolutions.com.au Phone: 1300 300 552
Accounts accounts@interactivemediasolutions.com.au Phone: 1300 300 552
Publisher
Interactive Media Solutions ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au Disclaimer The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein. The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.
RS A DE VI
SSOCIATI
ON
ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au
O
SECURIT Y
PR
RALIA LTD UST FA
O
Written Correspondence to:
Or i g i n a l Si z e
O C I AT I
ON
Y P R OVI D
RIT
CU
D LT
SE
PR O
ASS
SPAAL
AU S T R A L I A
STRALIA LTD AU
SECURITY
RS
OF
E
Official partners with:
SSOCIAT IO N
OF
RS A DE VI
blue colour changed to this colour green.
COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................
008 SECURITY SOLUTIONS
NEXT GENERATION KEYLESS ACCESS CONTROL For World class wire-free building security
BATTERY OPERATED OFFLINE ELECTRONIC LOCK
JustIN MOBILE APP BY SALTO
BATTERY OPERATED OFFLINE ELECTRONIC CYLINDER
SALTO MOBILE SOLUTIONS mean more convenience and more security. Using SALTO developed JustIN apps, SALTO’s two mobile solutions make it easy and secure to use smartphones as a part of your access control solution that brings real-life usability and flexibility to access control.
SALTO’S JustIN Mobile Key app allows users to use their BLE-enabled smartphone to securely receive their keys online, anytime and anywhere, and then access doors directly with their phone.
• End-users gain convenience and productivity without sacrificing security. • Facility managers distinguish their property with cost effective solutions that clients truly value.
An alternative solution is JustIN mSVN (mobile SALTO Virtual Network) that permits extending or changing access rights instantly and remotely Over The Air (OTA) using SALTO’s mSVN app for NFC- enabled phones. Working with SALTO’s new ProAccess SPACE software, both of these mobile solutions easily and flexibly bring better security and usability to end-users as well as system managers.
Email: info.aus@saltosystems.com - www.saltosystems.com
SECURITY SOLUTIONS 009
LETTER FROM THE EDITOR This year marks the 30th anniversary of the Security Exhibition and Conference, Australia’s leading security event. While in the grand scheme of things thirty years may not seem like a long time, there would be few people (if any) currently still working in the industry who could lay claim to having been at that inaugural event in 1985. Yet, irrespective of the growth of the event, one cannot help but be staggered by the changes which have occurred across the industry in the last thirty years. The introduction of licensing for security personnel, consultants, control room operators and the like; registration for installers; tertiary qualifications and diplomas for those who want to take their career to a different level; and the establishment of not just Australian, but also international standards which govern security practices, have all meant the industry has evolved from not just a technical but also a professional point of view. This can has been seen through the emergence of various professionals groups like ASIAL, SPA AL, the VSI, NSA A, Security Professionals Australasia (to name just a few) giving rise to initiatives such as the Security Professionals Registry Australasia, as well as the widespread adoption of international groups such as the Australian Secret Intelligence Service (ASIS) by Australian security professionals. From a technical point of view, there can be little doubt that the security industry has seen significant evolution in the last thirty years, from the simple mechanical locking solutions of old through to the development of more technical analogue security and surveillance systems which have, in more recent times, moved into the digital domain through IP-based technology. This evolution continues to manifest through changes such as cloud computing, software as a service, 4K cameras and H.265 streaming standards, along with the endless potential for Bluetooth Low Energy (BLE) as a standardised platform for mobile credentials in access control and identification, building automation and so on. What is more, if we look forward to the next thirty years in security, it is difficult to imagine what we might find at Security 2045. Already we are seeing new security challenges thanks to the emergence of technologies that even five years ago would have seemed like the stuff of science fiction. Strolling through the Security 2045 Exhibition and Conference, we might possibly find augmented reality eyewear, though which guars could make use of the kinds of analytical tools that we now see in nextgen video management systems. This would give guards access to facial recognition databases in the field or the ability to detect when objects have been left or taken. Those same guards, through the use of augmented reality eyewear, might be able to use thermal imaging to see heat trails left by perpetrators. One might find exhibitors selling powered protective clothing made from smart cloth designed to provide protection from kinetic energy such as blunt force trauma (strikes with bats, sticks or other impact weapons) and ballistic protection against firearms. We might see solutions where drone is deployed to provide overwatch and defensive capabilities for security personnel responding to alarms or other incidents. Security systems might incorporate lowlevel artificial intelligence capable of interpreting information from multiple data sources such as CCTV, access control and even the body worn systems used by guards to evaluate, detect and identify threat before an incident can occur. It is hard to imagine what the industry will look like in another thirty years, but we can know one thing for certain. The evolution we have seen over the last thirty years is only the very tip of the iceberg in comparison to what is coming.
John Bigelow Editor
010 SECURITY SOLUTIONS
REGULAR
BRIGHT IDEAS The Multi-Threat Shield I remember, as a young boy, every time a new James Bond movie was released, eagerly waiting to see what wonderful new gadgets Q and his team would develop for Bond. From cutting-edge laser wristwatches to exploding fountain pens and more, every new gadget was a wonder of imagination. Apparently, I was not the only one who found Q’s inventions and innovation inspiring. Introducing the Multi-Threat Shield (MTS) from Force Training Institute in the US. In short, when the threat of a firearm is imminent, the MTS is deployed in seconds, providing a shield of ballistic protection. The MTS is the lightest, most discreet, versatile and affordable ballistic shield available. Weighing just 8lbs (3.6kgs) and with the appearance of a laptop computer bag, the MTS has applications in many environments ranging from home/family defence to law enforcement, fire/emergency management services, executive protection, corporate/ private security and more. According to the Force Training Institute (no, they do not train new Jedi), “Whether the threat is an intruder or an active shooter, a quick flick of the wrist swiftly deploys a 3-foot long blanket of protection to defeat multiple impacts from most handgun, shotgun and pistol calibre submachine gun threats.” Protection against highpowered rifles is available with a Level III insert plate, which is sold separately. The MTS’s primary design function is protection against threats from firearms. However, the MTS is a true multi-threat shield, offering protection from attacks with blunt objects and edged weapons, as well as punches and kicks.
012 SECURITY SOLUTIONS
The MTS is designed for everyday carry. To enhance its practicality, it includes an expandable utility pouch with covert access, which offers the ability to carry a wide range of equipment and accessories, from a handgun or Taser, to a laptop or tablet. Light enough to be held by a child, but strong enough to stop a .44 Magnum travelling 1412 feet per second, the MTS is truly a lifesaver. Visit http://forcetraining.com for more information.
A Dream Come True For those working long hours in the security industry, finding food they want to eat can often be a challenge. They may be onsite in the middle of the night or in a car or locked in a building that they cannot leave. Therefore, the idea of a nice pizza has been out of the question – until now. Military science is close to completing its most epic and delicious quest yet – to put pizza in a Meal, Ready to Eat (MRE). “Since the dawn of time – almost – pizza has been one of the most requested and sought-after components in an MRE,” said Jeremy Whitsitt of the US Army Natick Soldier Research, Development and Engineering Center in Massachusetts. “We are finally cracking the code in getting
the crust and the cheese and the meat to all live happily in a pouch for three years, without refrigeration.” Confronted by years of feedback from soldiers who have asked for pizza in MREs, military food technologists have finally harnessed technology that ensures the sauce will not soak into the crust and, after more than 1,000 days, it will still taste like pizza. Enter Michelle Richardson, a senior food technologist who has worked at Natick for 24 years. Based on the research that went into non-soggy, shelf-stable sandwiches added to the MRE in the 1990s, she has been looking for a pizza breakthrough. The problem is that pizza has different components with different levels of moisture and acid – bread, sauce, cheese and pepperoni – and they have a great potential to combine into a soggy mess. Additives can help, but too much will hurt the flavour. And how do you make sure it does not spoil? Finally, about a year ago, the effort began to come together. Richardson, after having some success with a focaccia bread she was developing, tried producing the pizzas commercially. “That is when it really took off,” she said. It is an exciting time for the team at Natick. There are several types of pepperonis and pizzas that scientists hope to have soldiers evaluate and down-select before further testing. “All of our scientists and engineers are proud that the work they are doing directly impacts the morale, the well being and quality of life of the war fighter on the battlefield,” Whitsitt said. “All of the people here realise the importance of the mission we are doing.”
INTELLIGENT POWER THAT
COMMUNICATES security / access / fire
plus
™
...now communicate over the network! - Altronix LINQ2 remotely reports accurate power diagnostics - Controls power and resets devices from anywhere - Email and SNMP trap message notifications - Event log tracks history - Eliminates service calls and creates RMR opportunities
Available at:
ASSET SECURITY DISTRIBUTORS LTD Australia: www.asdpty.com.au New Zealand: www.assetsecurity.co.nz
More than just power.™ Made in the U.S.A. - altronix.com - Lifetime Warranty
Download the free Altronix App!
SECURITY SOLUTIONS 013
REGULAR
DID YOU KNOW Did You Know… that 3D security is a framework promoting development, diplomacy and defence as security strategies? According to Wikipedia, the 3D security framework recognises that security challenges like terrorism, nuclear proliferation, global warming and severe acute respiratory syndrome (SARS) or Avian Flu epidemics require a variety of tools in addressing complex threats. These tools can be categorised broadly under the headings of development, diplomacy and defence – the 3Ds of security. 3D security or whole-of-government approaches have been promoted by countries like Canada and the UK for a number of years. Bipartisan congressional leaders and the Bush administration promoted 3D security as a new vision for rethinking security, as detailed in the 2006 National Security Strategy. Development refers to governmental and nongovernmental efforts to build the economic, social and political foundations of stable communities and societies. Diplomacy refers to communication or negotiation between people to solve shared problems and address conflicts through political and legal channels. Defence refers to a wide range of military tasks, including waging war, peacekeeping or co-ordinating disaster response.
Did you know... that according to Wikipedia, the term ‘hacker’ derives from the seventeenth century word of a ‘lusty labourer’ who harvested fields by dogged and rough swings of his hoe. Although the idea of hacking has existed long before the term hacker (with the most notable example of Lightning Ellsworth), it was not a word that the first programmers (pre-dating computer programmers) used
014 SECURITY SOLUTIONS
to describe themselves. In fact, many of the first programmers were oftentimes from engineering or physics backgrounds. But from about 1945 onward (and especially during the creation of the first ENIAC computer), some programmers realised that their expertise in computer software and technology had evolved not just into a profession, but into a passion. It was not until the 1960s that the term ‘hackers’ began to be used to describe proficient computer programmers. Therefore, the fundamental characteristic that links all who identify themselves as hackers are ones who enjoy “…the intellectual challenge of creatively overcoming and circumventing limitations of programming systems and who try to extend their capabilities”. With this definition in mind, it can be clear where the negative implications of the word hacker and the subculture of hackers came from.
Did you know... that the culture of hacking includes a number of subcultures, including ‘crackers’ – unskilled thieves who mainly rely on luck; ‘phreak’ – a type of skilled cracker; and ‘warez d00dz’ – a kind of cracker that acquires reproductions of copyrighted software. Within all hackers are tiers of hackers, such as the ‘samurai’, who are hackers that hire themselves out for legal electronic locksmith work. Furthermore, there are other hackers – ‘sneakers’ or ‘tiger teams’ – who are hired to test security.
Recognize and Analyze How often was he here this month?
Is he a known suspect?
How old is she?
Are they employees?
When, where did she enter?
Is this valued customer Mia Clark?
How many people are here? Is it too crowded in this area? New at the Security Exhibition and Conference, Melbourne, July 15-17, booth L8 FaceVACS-VideoScan C5 IP video camera combining face detection/tracking and camera technology into a single device
FaceVACS-VideoScan uses premier face recognition technology to detect and identify persons of interest while computing demographic and behavioral data, supporting security staff, marketing teams and operations management.
SECURITY SOLUTIONS 015
REGULAR
SECURITY BYTES As A Matter Of Fact… Fake Arrest Warrants To Scam Money According to SCAMwatch, an online service run by the Australian Competiton and Consumer Commission (ACCC), scammers have recently been calling Australians and falsely claiming to be from the Commonwealth Director of Public Prosecutions (CDPP) or the Australian Tax Office (ATO). The scammers tell the intended target that there is a warrant out for that person’s arrest. It has been widely reported that messages have been left on answering machines directing the recipient to call back. The telephone number provided is (02) 6100 3027 and people are being told to call during office hours to discuss the matter further. However, the telephone number is not listed with the ATO or any other state or commonwealth department. How these scams work: • A phone call is received out of the blue from someone claiming to be from the CDPP or ATO. • The call may sound like it is an automated message with an American accent. • The scammer will claim that you have an arrest warrant for some reason. • The scammer will ask you to telephone a number that appears to be Australian, but is likely to be a VoIP number. • The scammer will tell you that in order to resolve the matter you will need to pay a fee. • You may also be asked to provide your bank account details or other personal information so they can confirm they have the right person. • If you send any money via wire transfer, you will never see it again – it is nearly impossible to recover money sent this way. You will also never receive the promised rebate or refund. • If you provide your bank account details or other personal information, the scammer may use it to commit identity theft or to steal your money. If you have any doubts about the identity of any caller who claims to represent a government department, contact the body directly. Do not rely on numbers, email addresses or websites provided by the caller – find them through an independent source, such as a phone book or an online search.
016 SECURITY SOLUTIONS
You can report scams to the ACCC via the SCAMwatch report a scam page or by calling 1300 795 995.
the people I saw in speedos and bikinis the last time I was down that way.
Commonly Speaking The Law Is An Ass Now we have given our American cousins a fair pounding in recent issues over some very stupid laws but, in all fairness, we should not be too quick to cast aspersions as we have some pretty stupid laws of our own. For instance, where is the sense in having a law that states that it is illegal for children under 16 to purchase cigarettes, but it is perfectly legal for them to smoke cigarettes? Of course, on the one hand there are dumb laws, like the one just mentioned, that make no sense, while there are others that perhaps make more sense but are no less dumb. For example, it is illegal in Australia to roam the streets wearing black clothes, felt shoes and black shoe polish on your face, as these items are the tools of a cat burglar. Now I do not know about you, but I cannot remember the last time I was taken by the urge to roam the streets with black shoe polish on my face. And who owns felt shoes anyway? Of course, there are plenty of other stupid Australian laws, like you may never leave your car keys in an unattended vehicle – because everyone wants to do that. And of course, on the odd occasion that you are stupid enough to do so and your car gets nicked, you probably deserve to be charged for being such an idiot! But of course, let us not overlook such gems as: • Taxi cabs are required to carry a bale of hay in the trunk. • Bars are required to stable, water and feed the horses of their patrons. • It is illegal to wear hot pink pants after midday on Sunday. • And last but not least, you must have a neckto-knee swimsuit in order to swim at Brighton Beach. Actually, this one probably is not such a bad idea considering the condition of some of
CCTV and IT security speak can be confusing at the best of times, but when the real tech heads start spouting jargon, the average security pundit could not be blamed for thinking he is listening to a conversation between two aliens from another, more technically advanced, planet. Often, CCTV and IT security specialists will talk about bits and, in the case of CCTV, bitmaps and so on. Now, most readers know that ‘bit’ refers to information of some kind and a bitmap is a picture, but what do these terms really mean? According to CCTV guru Vlado Damjanovski, ‘bit’ is a contraction for ‘binary digit’; elementary digital information that can only be 0 or 1 – the smallest part of information in a binary notation system. A bit is a single 1 or 0. A group of bits, such as 8 bits or 16 bits, compose a byte. The number of bits in a byte depends on the processing system being used. Typical byte sizes are 8, 16 and 32. Now a bitmap (BMP) is a pixel-by-pixel description of an image. Each pixel is a separate element. This term can also apply to a computer uncompressed image file format. Bit rate, another term commonly encountered in IT and CCTV, is measured in B/s, which stands for bytes per second, not to be confused with b/s, which means bits per second. The digital equivalent of bandwidth, bit rate, is measured in bits per second. A measurement expressed in bytes per second can be multiplied by eight to get the measurement in bits per second. This measurement is used to express the data rate at which the compressed bitstream is transmitted; the higher the bit rate, the more information that can be carried. This measurement is extremely important when talking about things such as video streaming for CCTV systems.
SECURITY SOLUTIONS 017
REGULAR
CRIMINAL ODDITY We live in a world that is full of war, crime and despair. Be that as it may, it is good to focus on the ridiculous and hilarious in life sometimes. That is why it is great to look on the bright side of life… and read stories about really dumb criminals. It will help you learn to laugh about your own misfortunes.
Never Eat And Run
The Truth Hurts
We all know that it is both impolite and ill advised to eat and run. However, in the case of three would-be criminals, a lack of manners and etiquette is probably the least of their problems. Police in Mount Morris, New York, recently apprehended three burglary suspects after following a trail of macaroni salad left by the thieves while making their getaway. A release published by the Livingston County Sheriff’s Office reported that the thieves broke into a Build-A-Burger restaurant and not only stole a cash register, but also the establishment’s entire surveillance system and, of course, a large bowl of macaroni salad. Deputies picked up the criminals’ trail Hansel and Gretel style, thanks to the slew of cash register parts, surveillance system parts, rubber gloves, loose change and macaroni salad left in the suspects’ wake as they attempted to flee the scene while taking it in turns to eat the salad. Officers arrested Matthew P. Sapetko, 34, James P. Marullo, 35, and Timothy S. Walker Jr, 23, in relation to the offence. The three have been charged with third-degree burglary, third-degree criminal mischief and fourthdegree grand larceny. Walker faces additional charges for criminal possession of a controlled substance, say police.
Dishonesty is a bad thing, of course, but honesty can also have its downsides – especially if you are a clueless idiot. For example, Pablo Escobar may have been one of the greatest drug kingpins of all time, but he knew better than to walk around wearing a t-shirt with ‘I am a drug lord’ emblazoned across the front of it. It appears, however, that 32-year-old Ali Reza Tabibnejad, of Missoula, Mont, in the US was not endowed with the same level of commonsense or foresight. When Tabibnejad was recently pulled over for an incorrect lane change near La Pine, Oregon, the officer found him wearing a beanie with ‘Weed’ embroidered in large letters across the front. Deciding this might be a clue worthy of further investigation (kind of like finding the Cookie Monster covered in cookie crumbs), the trooper found approximately three kilos of marijuana worth around US$15,000 hidden in the car. Tabibnejad’s traffic violation quickly turned into charges of unlawful possession and delivery of a controlled substance. Interestingly, Tabibnejad’s story is not the first case of an idiot, sorry, criminal,
018 SECURITY SOLUTIONS
graphically telegraphing a crime. When Bryan Wendler of Marathon County, Wisconsin, was arrested on charges of drunken driving last year, he wore a t-shirt that read, ‘Been Drinking? Free Breathalyzer Test: Just Blow Here,’ accompanied by an arrow pointing to his crotch. Not surprisingly, the only thing blown was his driving record.
SECURITY SOLUTIONS 019
REGULAR
EVENTS IFSEC International 16–18 June 2015 ExCel, London If you are looking for access to the latest products, exclusive demonstrations of cuttingedge technology, case studies from your peers within security, inspiration from experts in the industry and the chance to rub shoulders with everyone who is anyone in security, then head to IFSEC International. Celebrating its 42nd birthday this year, IFSEC designs the event around what the industry wants: the Innovation Trail, featuring hundreds of brand new products redefining the security technology landscape; a state-of-the-art venue in the heart of London’s vibrant docklands and next door to Olympic Park; 40,000 visitors from 163 countries within security, fire, facilities, safety and service management; and Safe Cities to show you how the cities of the future will be safer and smarter. This year, they also bring three inspirational big names to speak at IFSEC 2015: Karren Brady, Ranulph Fiennes and Chris Hoy.
Launched in 2010, The Australian Security Medals Foundation Inc. (ASMF) was established to publicly recognise outstanding security operatives, security professionals and their achievements and contributions to our community. Through these awards, ASMF aims to promote security as a profession by: • raising awareness of the outstanding service(s) the medal recipients have provided • promoting awareness of what the security industry really ‘looks like’ – beyond the ‘guns, guards and gates’ image • raising funds for beyondblue in an effort to help tackle the issue of depression in Australia. Money raised from the event helps to provide material support for the families and loved ones of security personnel killed or seriously injured in the line of duty. If you would like to help celebrate the outstanding achievements of the men and women of the security profession and network with some of the industry’s leading luminaries, then be sure to book your tickets for this amazing event now.
Visit www.ifsec.co.uk for more information.
Visit www.inspiringsecurity.com for more information.
Australian Security Medal Awards 19 June 2015 Australian War Memorial, Canberra
Security 2015 15-17 July, 2015 Melbourne Exhibition Centre
Join our Patron The Hon. Philip Ruddock and the Board as the 2015 Australian Security Medals recipients are awarded at this year’s Australian Security Medal Foundation gala dinner, to be held at the Australian War Memorial in Canberra.
In 2015, Australasia’s premier security industry event, the Security Exhibition and Conference, celebrates 30 years of security innovation. Join us once again in Melbourne for this year’s edition from 15-17 July to get an overview of the ever
020 SECURITY SOLUTIONS
evolving industry and see how it has developed over the past three decades. Security 2015 incorporates the largest industry exhibition showcasing the latest security solutions from over 170 leading brands, new and exciting attractions and a world class conference, hosted by the Australian Security Industry Association Limited (ASIAL), featuring renowned local and international industry speakers. The Security Exhibition is the essential platform to discover new ways of managing security threats whilst meeting new clients or suppliers and connecting with industry peers. For more information visit: www.securityexpo.com.au
Black Hat USA 2015 1–6 August 2015 Mandalay Bay, Las Vegas Black Hat – built by and for the global InfoSec community – returns to Las Vegas for its 18th year. This six-day event begins with four days of intense trainings for security practitioners of all levels, followed by the two-day main event, including over 100 independently selected briefings, business hall, arsenal, Pwnie awards, and more. Visit www.blackhat.com/us-15/ for more information.
INTRUDER PIR Introducing the all-new PIR-T15WE: a high performance, high-mount (up to 6m), triple mirror passive infrared detector designed for both indoor and outdoor intruder applications. With 4 selectable operation modes including low position, high position, pet, and high density, the PIR-T15WE offers the ultimate in detection versatility; capable of reaching distances of up to 15 metres from a mounting height of 2 to 6m. A newly developed optical system ensures detection patterns are dynamically optimised for performance depending on the mounting height and operation mode.
NEW!
ACTIVE IR BEAMS
The ultimate in trouble free perimeter detection for distances up to 200m outdoor / 400m indoor.
+61 (3) 9544 2477
email: oz_sales@takex.com
BEAM TOWERS Rugged floor and wall mounted enclosures in 1/1.5/2/3m heights.
BATTERY BEAMS
Ideal for temporary or permanent perimeter systems up to 100m.
SENSOR SPEAKER
Record any message for warning, security & advisory applications.
OUTDOOR PIR
Hard-wired or battery operated outdoor PIR up to 180째 x 12m.
TAKEX AMERICA
021 SECURITY SOLUTIONS www.takex.com
REGULAR
EVENTS Oceania CACS Sydney 2015 10–11 August 2015 Sheraton on the Park, Sydney The Creation of Value, The Science of Trust Oceania CACS 2015, ISACA’s premier regional conference, is the world’s leading conference for IT audit; information security; governance, risk and compliance (GRC); and IT risk professionals to stay on top of the trends and opportunities of the dynamic technology industry. This year’s event will feature four distinct but complementary streams covering governance, audit, security and risk. Visit www.oceaniacacs2015.org for more information.
Security in Government Conference 2015 31 August – 2 September 2015 National Convention Centre Canberra The 27th annual Security in Government (SIG) conference is scheduled to be held at the National Convention Centre, Canberra from 31 August to 2 September 2015. The theme for the SIG 2015 conference is Security risk management – getting it right! The conference theme will consider the evolution of security risk management in recent years, focusing on case studies, best practice and
022 SECURITY SOLUTIONS
current and emerging strategies available for getting security risk management right! The Attorney-General, Senator the Hon George Brandis QC will open the SIG 2015 conference on Tuesday 1 September. Attached to the SIG 2015 conference is the extensive trade exhibition which will provide an insight into the latest developments and innovations in protective security products, technology and educational opportunities. The SIG conference is targeted at senior executives responsible for managing security in agencies, officers from all levels of government who contribute to the development of security capability and response, and security practitioners from the public and private sectors who provide protective security services to government. For more information visit: www.ag.gov.au/sig or contact: SIG@conlog.com.au
Gartner Symposium/ITxpo 2015 26–29 October 2015 Gold Coast Convention and Exhibition Centre, Gold Coast Digital business is where it all changes for CIOs. The stakes are higher; the pay-offs bigger; and the need to lead enterprise transformation more urgent than ever before. At Gartner Symposium/
ITxpo 2015, the world’s most influential CIO conference, you will find what you need to succeed. You will have the time to reflect on the topics that match your most critical priorities, and the space to refresh your point of view. Guided by the unbiased advice of Gartner analysts and the insights of worldclass business and IT thought leaders, you will be empowered to build relationships, solve problems and embrace new ideas with your CIO peers. Most of all, you will be inspired to re-imagine ‘business as usual’ and strengthen your own personal brand as a key driver of the digital movement. Be a part of the industry’s most forwardthinking gathering of CIOs and senior IT executives for a CIO-focused exploration of technology, business and professional leadership. Visit www.gartner.com/technology/ symposium/gold-coast/ for more information.
RACKUS IDENTICUS. Series 210 cabinets
We’re proud to pin our reputation to our constant development in racking solutions. But as we make advancements for tomorrow, we never forget the past. Our commitment to continuity-of-design ensures each new product and advancement is back compatible with existing units, enhancing and prolonging the life of every MFB product. With a solid history of over 40 years supplying innovative, off-the-shelf and custom built racking systems, you can rely on MFB for consistent compatibility.
VIC -
P (03) 9801 1044 F (03) 9801 1176 E sales@mfb.com.au
NSW - P (02) 9749 1922 F (02) 9749 1987 E sydney@mfb.com.au
REGULAR
INDUSTRY NEWS Australian Security Medal Awards The 2015 Australian Security Medal recipients will be awarded at this year’s Australian Security Medal Foundation gala dinner to be held at the Australian War Memorial in Canberra on Friday, 19th June, 2015. Launched in 2010, The Australian Security Medals Foundation Inc. (ASMF) was established to publicly recognise outstanding security operatives, security professionals and their achievements and contributions to our community. With The Hon. Philip Ruddock MP as its Patron, the ASMF, through these awards, aims to promote security as a profession by: • raising awareness of the outstanding service(s) the medal recipients have provided • promoting awareness of what the security industry really looks like – beyond the ‘guns, guards and gates’ image • raising funds for beyondblue in an effort to help tackle the issue of depression in Australia. Money raised from the event helps to provide material support for the families and loved ones of security personnel killed or seriously injured in the line of duty. If you would like to help celebrate the outstanding achievements of the men and women of the security profession and network with some of the industry’s leading luminaries, then be sure to book your tickets for this amazing event now. Visit www.inspiringsecurity.com for more information.
Cybercrime Will Cost Businesses Over $2 Trillion By 2019 Hacktivism: Professionalising and Going After Bigger Targets New research from leading market analysts, Juniper Research, suggests that the rapid digitisation of consumers’ lives and enterprise
024 SECURITY SOLUTIONS
records will increase the cost of data breaches to $2.1 trillion globally by 2019, almost four times the estimated cost of breaches in 2015. The research, entitled The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation, has found that the majority of these breaches will come from existing IT and network infrastructure. While new threats targeting mobile devices and the Internet of Things (IoT) are being reported at an increasing rate, the number of infected devices is minimal in comparison to more traditional computing devices. The report also highlights the increasing professionalism of cybercrime, with the emergence of cybercrime products (such as the sale of malware creation software) over the past year, as well as the decline in casual activist hacks. Hacktivism has become more successful and less prolific – in the future, Juniper expects fewer attacks overall, but more successful ones. “Currently, we are not seeing much dangerous mobile or IoT malware because it is not profitable,” noted report author James Moar. “The kind of threats we will see on these devices will be either ransomware, with consumers’ devices locked down until they pay the hackers to use their devices, or as part of botnets, where processing power is harnessed as part of a more lucrative hack. With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools.” Other key findings of the report include: • Nearly 60 percent of anticipated data breaches worldwide in 2015 will occur in North America, but this proportion will decrease over time as other countries become both richer and more digitised. • The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected. The whitepaper, Cybercrime and the Internet of Threats is available to download from the Juniper
website, together with further details of the full research.
Awards For The Year’s Best Australian Crime Prevention Programs Applications are now open for the 2015 Australian Crime and Violence Prevention Awards (ACVPA), which are a joint initiative of the Australian, state and territory governments aimed at rewarding outstanding community-based crime prevention projects. Last year, awards up to $15,000 supported three projects from around Australia. The awards recognise good practice in the prevention or reduction of violence and other types of crime in Australia. They are designed to encourage public initiatives and to assist governments in identifying and developing practical projects which will reduce violence and crime in the community. Businesses, community networks and members of the public are encouraged to nominate local projects of any size that have made an impact on their community by reducing crime and violence. This year, the ACVPA Board is particularly interested in considering successful crime prevention projects that focus on: • violence against women and children • targeting technology-enabled crime, such as fraud and scams. Projects may address specific groups such as rural and remote communities, women, children, youth or the family, multicultural or Indigenous communities, or specific problems such as alcohol-related violence. Recent national winning projects have included: • Griffith Youth Forensic Service (QLD) • South Australia Police Home Assist Program (SA). Visit http://aic.gov.au/crime_community/acvpa.html to apply for this year’s awards.
SECURITY SOLUTIONS 025
REGULAR
MLA UPDATE Peter Johnson
Does Your Locksmith Have the Right Level of Insurance? Insurance is one of those things most business owners probably do not think about until they receive their renewal, or in the unfortunate situation when something happens and they need to make a claim. They take it as a given that their electrician or plumber is insured. But what about their locksmith? Does this person who looks after all of the business’ security needs and probably has access to the business on a 24/7 basis have insurance? If yes, is it the right level of insurance? And what is the right level of insurance? Does it allow their locksmith to look after them if something does go wrong? Having the right level of insurance is one of the key elements of the Master Locksmith Association’s (MLA) Vision 2020/Raising the Bar program, developed to ensure MLA locksmiths continue to be the best in the business. It will be compulsory for all MLA members to demonstrate that they have the right level of insurance, as determined by their Board, from 1 July 2016. What is the Right Level of Insurance? Public And Products Liability is considered to be one of the most important insurance covers for all businesses. It protects an owner and the business from the costs associated with any legal action as a result of actual or alleged negligence that has caused third party property damage personal industry. Unfortunately, accidents can and do happen!
026 SECURITY SOLUTIONS
Locksmiths have a duty of care to uphold to their clients, their employees and to the general public. On top of $20,000,000 cover for General Liability and Products Liability, the following extensions provide locksmiths, and importantly their clients, with the right level of protection: • Errors and Omissions $1,000,000 Limit • Statutory Liability $500,000 Limit • Care custody and control $500,000 Limit • Loss of keys $250,000 Limit What Does this Mean for the Client? Businesses who engage the services of an MLA locksmith can be confident that they are not only dealing with someone who is highly qualified, highly skilled and police checked, but someone who also has the appropriate level of insurance in the unlikely event that something does go wrong. Examples of what could go wrong: • A courier could lose a master key, resulting in the need for a complete rekey. • A motor vehicle could be damaged while being worked on. • A floor could be damaged during the removal of a safe. • An incorrect lock could be installed on a fire door.
Are MLA Locksmiths Currently Insured? Most locksmiths have insurance; however, there are currently variations in the levels of cover. A number of MLA locksmiths have already taken up the option of signing up for insurance offered as part of the Vision 2020/Raising the Bar program and it is expected the majority of members will have the level of insurance in place well before the 1 July 2016 deadline. How Do Clients Know if a Locksmith is Insured? An MLA locksmith will always provide a Certificate of Currency on request.
Peter Johnson is the General Manager of the Master Locksmiths Association of Australasia (MLA). You can find out more about the MLA at www.masterlocksmiths.com.au
STI and more... SAFETY TECHNOLOGY INTERNATIONAL
securITY 2015
SEE THE FOLLOWING BRANDS
WWW.LSC.COM.AU
secure your world ICT PROTEGE WX VISIT LSC MICROLATCH CREONE STAND C4 sallis BY SALTO The most complete source for all your security needs
JULY 15 - 17 MELBOURNE CONVENTION & EXHIBITION CENTRE WED: 9.30AM - 5PM THURS: 9.30AM - 5PM FRI: 9.30AM - 2.30PM
SECURITY SOLUTIONS 027
028
The Next Generation Of Global Terrorism By Neil Fergus Daesh (Islamic State) and Al Qaeda have been competing violently on the battlefields of Iraq and Syria over the last couple of years – showing no quarter to each other. However, a much more insidious aspect of their enmity – reflecting their respective ambitions to be the pre-eminent jihadist group internationally – involves the competing outreach programs they have both carefully constructed. Daesh has developed sophisticated public relations and media units that are constantly working on new methods to get its messages to an international audience to motivate its current supporters and to attract new supporters and fighters. Unfortunately, it is clear its outreach strategies have been achieving a worrying degree of success. In the late 90s, security forces became acutely aware of the danger posed to the civilised world by the ‘Afghan alumni’; a large cadre of veterans who had honed their military and terrorist skills in the Afghanistan conflict. This Afghan alumni was subsequently used as a recruitment and resource base by Al Qaeda to export terrorism around the globe, including to Australia and in its immediate region. The world is now confronted with a new alumni phenomenon, as the scale of the Iraq–Syria alumni will be dramatically larger than the numbers of terrorists that emerged out of the Afghan conflict. It is anticipated that significant numbers of returned fighters will continue to pursue terrorism in other parts of the globe long after the Iraq–Syria conflict eventually ends. It is critical for a multi-tiered strategy to be developed by political leaders to try to mitigate the public security consequences of this new alumni phenomenon.
029
The Islamic State of Iraq and the Levant (ISIL), also known as Islamic State (IS) or commonly referred to as Daesh, is an offshoot from Al Qaeda. It emerged as a part of the insurgency movement that grew up after the 2003 invasion of Iraq and it joined Al Qaeda in 2004. Since at least early 2006, its leadership was represented on the Mujahideen Shura Council in Iraq. However, its leader, Abu Bakr al-Baghdadi, fell out with the leadership of Al Qaeda and, following several months of wrangling, Al Qaeda and its Iraqi group, Jabhat an-Nusra (the al-Nusra Front), expelled alBaghdadi and his supporters in early 2014. As a consequence of their split, Daesh and the al-Nusra Front have been at constant war with each other in Syria and northern Iraq. Daesh has been just as merciless in its dealings with its former terrorist associates as it has been in its genocide against its other political or religious enemies, and al-Nusra has responded in kind. They are effectively in competition for members, finances, geographical territory, influence and, as perverse as it sounds, the global leadership of jihadist terrorism. Al-Baghdadi has adopted a different approach to Al Qaeda based on his determination to stake out territorial gains and create a geographical caliphate – his version of an Islamic state. Following some extraordinary military successes, Daesh currently controls an extraordinary swathe of territory in Syria and northern Iraq. Just as worrying, a number of foreign terrorist groups have switched allegiance from Al Qaeda to Daesh, including terrorist groups in Libya, Egypt and Yemen, as well as Boko Haram in Nigeria and Abu Sayyaf in the Philippines. Al-Baghdadi is a classic megalomaniac – he now claims political, religious and military authority over all Muslims worldwide (rejected,
between US$2m and US$3m per day. It has also seized significant cash as it has occupied major cities, including over US$500m of cash and bullion from municipal banks after its forces captured the city of Mosul in 2014. Furthermore, it is estimated that Daesh has received in excess of US$120m in ransom payments for the release of kidnapped persons in the last 18 months. Daesh is using its financial resources to build a state-like administration and infrastructure. Headquartered in modest circumstances in Aleppo a few years ago, it had significant command and control elements in its de facto capital of Raqqa, Syria, but it quickly decentralised operations as soon as the coalition aerial campaign commenced against its forces and infrastructure. In fact, there is confirmed intelligence that shows it had prepared detailed plans to dissolve its administrative structures into the urban environments of the major cities it occupies well in advance of the aerial campaign. Within Daesh’s organisational and functional structure is a sophisticated media capability that regularly demonstrates professional broadcast standards and issues material in numerous languages. The al-Fuqan Media Foundation produces many of its more violent videos, including the beheadings, and presents it in a perfunctory newsreader style. The alHayat Media Center is even more professional and is aimed directly at western audiences. It focuses on community stories aimed at influencing and seducing the Ummah (the global Muslim community). It uses computer graphics, slow motion, smoked effects and an enhanced colour palate. The outputs from these two ISIL media units are supplemented by a proliferation of amateur social media postings by IS fighters and supporters in Iraq and Syria – using Instagram, YouTube, Twitter,
unsurprisingly, by all credible Islamic scholars and leaders). However, there is a one key factor that is assisting him to progress his vast ambitions – he has access to very significant cash reserves to fund his operations. Daesh controls significant hydrocarbon reserves and is able to sell its oil products on the spot market through a range of intermediaries in the region (even selling oil to its supposed arch-nemesis the Syrian Government). Estimates of its oil and gas earnings vary from
Facebook and other blogs. As social media staff quickly delete Daesh content from their sites, the group has been able to successfully maintain its online presence through a maze of backup and copycat accounts with slight permutations of names and titles. Overarching all of the ISIL social media content is the Daesh flag-ship digital publication called Dabiq (named after the site where, according to Islamic myth, a final apocalyptic battle will take place). Several
030
editions of this glossy, high production value publication have been issued on the internet over the last couple of years, covering all the major activities of Daesh within the Middle East and further afield. Among the more interesting characteristics of the Dabiq publication is its sheer chutzpah in claiming responsibility for disparate acts of violence, anywhere in the world, as an ISdirected operation, including the stabbing of two police officers in Melbourne in late 2014 and the Lindt Café siege and hostage situation in Sydney around the same time. However, despite the dubious nature of some of the related claims made in Dabiq, there is no doubt that the digital outreach program of ISIL has impacted on many impressionable or disturbed Islamic youth around the globe. And it must be conceded that even if some of the attacks were not directed by Daesh, the perpetrators had been exposed to and influenced by the material it is placing on the internet. Similarly, there is no doubt that many of the foreigners that have been motivated to leave their homes and travel to Syria to join Daesh have been significantly influenced by the material they had been accessing on the internet. In April this year, the Victorian and Australian Federal Police (AFP) arrested an 18-year-old allegedly planning an Anzac Day attack in Melbourne – he was heavily influenced by ISIL propaganda he accessed on the internet. And, a month later, a 17-yearold was separately charged in relation to three improvised explosive devices (IEDs) he was allegedly intent on using in terrorist attacks in Melbourne. The police will allege he had been cultivated over the internet by a jihadist recruiter associated with ISIL. While the detail of some Daesh claims can be disputed, there is no denying the relative success of Daesh in spreading its messages around the globe and influencing a number of people to support its cause. It is undoubtedly one of the reasons there are now estimated to be nearly 20,000 foreign fighters from over 100 countries in Syria and northern Iraq; that is a truly astounding figure. To put the figure in context, during the mujahideen struggle to eject the Soviets from Afghanistan – from 1980 to 1992 – it is estimated 5,000 foreign fighters were involved
ICOM5003
FULL DUPLEX COMMUNICATION OVER WIRELESS LAN AND IP NETWORKS
IP 100H Icom Australia has released a revolutionary new IP Advanced Radio System that works over both wireless LAN and IP networks. The IP Advanced Radio System is easy to set up and use, requiring no license fee or call charges.
To find out more about Icom’s IP networking products email sales@icom.net.au WWW.ICOM.NET.AU
in the conflict. It has of course been well documented that Bin Laden had access to the details of most of the foreign fighters who went through mujahideen training camps and used them as the basis for creating the Al Qaeda global terrorist network. Many members of the so-called Afghan alumni were adroitly recruited by Bin Laden and his operations chief, Khalid Sheikh Mohammed, and these veterans were involved in every major Al Qaeda terrorist operation, including in Australia’s region. Hambali, the operational commander of Jemaah Islamiyah (JI), who authorised the 2002 Bali attacks that killed 202 people, including 88 Australians, was a member of the Afghan alumni. Muklas and some other key members of the JI team that planned and carried out the Bali attacks were also veterans of the Afghan conflict. While Al Qaeda is certainly not a spent force as a global terrorist group, it is clear, in just a few short years since it split from Al Qaeda, that ISIL has overtaken Al Qaeda as the major global jihadist group. Its success in recruiting members has been a key factor in that development. Given the damage that Al Qaeda has caused international security over the course of the last 20 years, empowered by its ability to draw on the 5,000 or so foreign veterans from the Afghan conflict, it begs the question what ISIL might be able to achieve if it is able to draw on the 20,000 foreign fighters who have been trained and blooded in the current conflict in Syria and Iraq? Many of these fighters will return to their home countries while others, prevented from returning home for a variety of reasons, will stay in the Syrian region or relocate to other parts of the globe. Apart from a quite small minority who might be likely to recant and avoid involvement in future acts of violence, it should be anticipated that this diverse pool of jihadists will, just like the Afghan alumni of a generation earlier, pose a very significant security risk for the foreseeable future. There are some strategies that need to be carefully formulated to mitigate the potential risk; however, the options all require a considerable level of international co-operation and appropriate resourcing. The International Criminal Court (ICC), headquartered in The Hague, is the only permanent impartial tribunal empowered to
032
try cases of genocide, war crimes and crimes against humanity. However, the ICC currently has no jurisdiction in Syria or Iraq, as both Russia and China exercised their power of veto at the United Nations (UN) Security Council to prevent the ICC receiving a remit in relation to the conflict, believing the motion was motivated by the US desire to target members of the Assad regime over alleged chemical attacks on the Syrian population. Individual countries who are members/ signatories of the court can give the ICC a mandate to investigate specific citizens. Jordan, Tunisia and several European nations have done so in response to a number of their citizens joining ISIL as foreign fighters. Nevertheless, the senior ICC prosecutor has stated that without jurisdiction being conferred by the UN Security Council, there is no basis for the ICC opening a preliminary examination into the wider assertions of systemic crimes against humanity in Syria and Iraq. Under the Rome Statute that governs the activities of the ICC, the various national authorities, including from Australia, have primacy to investigate and prosecute their citizens that have been involved in crimes against humanity abroad. The AFP has the lead in those matters, but clearly has an unenviable task to gather admissible evidence in what is, in effect, a war zone. The AFP will be reliant to a certain extent on support and assistance from Australian intelligence agencies, but even then will still find the task extraordinarily difficult; particularly as much of the human intelligence is likely to be deemed hearsay and inadmissible by the courts and some of the technical intelligence will be subject to public interest immunity provisions given its operational sensitivity. To ensure the serious offenders among the Daesh fighters face justice and are removed as threats to international security, there needs to be a co-ordinated international strategy to ensure the ICC has a jurisdictional remit to coordinate investigations. Furthermore, all the reputable national law enforcement agencies need to co-operate and share appropriate information. This will require a focused diplomatic effort on the part of Australia and others, and some significant commitments on resources and funding. Similarly, Australian diplomatic resources, the AFP and Australian intelligence agencies
are going to need to devote considerable energy to locating where Australian foreign fighters in Iraq and Syria (and those who might be stripped of Australian citizenship) relocate to as and when they depart from the conflict zone. It is inconceivable for Australia to ‘wash its hands’ of these people simply because they have not been brought before a court and/ or have not returned to Australia. As well as potentially posing a risk to public safety in the international context, they are likely to continue to pose an ongoing risk to Australian interests from elsewhere in the world. Keep in mind that a number of the Australians fighting for Daesh have made some very direct and violent threats against Australia, the Australian authorities and the Australian public, in their emails and blogs. Based on experience with Al Qaeda and the Afghan alumni that group relied on for so long, it can be expected that the security problems caused by Daesh fighters will consume international security forces for many years to come. It is absolutely essential that considerable thought is given, as early as possible, to strategies to mitigate the related risks – otherwise the problems the world face will be much more severe and the threat could endure for another generation. Neil Fergus is Chief Executive of Intelligent Risks (IR), an international management services company specialising in the delivery of security, risk and crisis management services. It has delivered projects and crisis response services for government and corporate clients in over 100 countries, including complex assignments for the US Anti-Terrorism Assistance (ATA) Program. Before co-founding IR in 2001, Neil served in senior diplomatic roles in Europe and the Middle East. Neil is a regular commentator on international security issues for the Nine Network and public broadcasters. He is the author of over 50 articles for professional journals and is a co-author of Security Risk Management for Standards Australia. He has presented on terrorism, security and corruption issues at numerous international conferences, including for the United Nations, US State Department, Europol, ASIS International and APEC SOM. Visit www.irisks.com for more information. This article is based on a presentation made at the 2015 ASIS International NSW Conference.
KeyWatcher is a reliable and extremely easy to use electronic key management system, designed to prevent mismanaged, misplaced, or stolen keys. KeyWatcher eliminates outdated metal boxes, unreliable manual logs and messy key identification tags utilising a computerised storage cabinet. The system releases keys only to the individuals with correct authorisation, recording each user transaction and providing total system accountability.
KEYWATCHER SYSTEM OFFERS to 14,400 keys and 10,000 user per site l “Site” concept uses a common database l Numerous high level interfaces for access control, contractor management and vehicle fleet systems l Longer user IDs can be up to any 6 digits, plus a 4 digit PIN l Bright 7” full colour, touch screen l “Key Anywhere” allows keys to be returned to any KeyWatcher Touch within a site l On-screen guides for users, along with voice commands l Up
Available in Australia through: AST Pty Ltd T: +61 2 8020 5555 | M: +61 417 089 608 | F: +61 2 9624 7194 E: di@astpl.com.au | www.astpl.com.au
ALARMS
034 SECURITY SOLUTIONS
THETHE THERM RMAL ALREV REVOLU OLUTIO THERMAL REVOLUTION TIONN––AANew New THE Way To Look tems Look At CC TV Sys Way CCTV Systems Historically, CCTV systems have been installed for three reasons: to deter people from potentially doing something illegal, because the insurance company insisted and to record events of what has already happened. But imagine being able to actually prevent incidences from happening rather than just record what did happen. It is easy to justify the purchase of an expensive piece of equipment if, when it is installed, it starts making money. However, as CCTV systems often do not create profit and rarely add to the bottom line of a business in the short term, they can sometimes be a tough sell. There is no question that they help create a safer environment and can provide evidence to the authorities of activities that have already occurred. Furthermore, CCTV can assist greatly when faced with a public liability claim or an occupational health and safety issue with staff members. However, CCTV systems often create the most value for end-users by providing recorded images that can save an end-user, such as a shopping centre, millions in damages. This is assuming, of course, that the system is working. Unfortunately, most CCTV systems are poorly maintained and rarely serviced. Invariably, when something does happen, a user accesses the system to extract footage only to find either the system has not been working or the images are of such poor quality that he or she cannot identify anyone or anything. Over the last 20 years, the industry has gone through multiple technological revolutions – from VCRs to DVRs fifteen years ago, from analogue CCTV cameras to digital megapixel IP cameras over the last five years and now the migration
from physical matrix switching systems to software-based video management systems (VMS). All of these changes have been built around the desire for higher resolution images combined with longer recording times. However, none of these improvements address the fact that a standard CCTV system is designed to record events that have already happened. That said, recent developments in some specialist areas of CCTV have made it possible and affordable to enhance CCTV technology in order to identify and prevent incidences from happening. Early warning detection systems (EWDS) traditionally consisted of blind technologies such as electric fences, bollards, photo electric beams, microwave sensors and the like. The integration of thermal cameras, combined with analytics, IP cameras and a back-end VMS all linked to lighting, speakers and mobile devices can transform traditional blind EWDS into a pre-emptive tool that enables users to not only be aware of a threat, but actually see the nature of the threat. This type of design changes the way the industry should look at CCTV systems. It turns CCTV from a reactive tool providing historical evidence into a proactive system that can prevent things from happening. Originally developed for military applications, thermal technology has, until recently, been a somewhat expensive technology. However, with defence contracts drying up globally, companies that have traditionally catered to defence and military requirements have shifted focus, creating commercially attractive thermal products for use in everyday CCTV applications. This has given rise to an increase in production volume, which in turn has seen a reduction in the cost
of thermal technology. For example, as recently as five years ago, a 640 x 480 resolution thermal camera would have retailed for approximately $20K. Depending on the type of lens being used, that same level of technology today is available for less than half that price. The 320 x 240 resolution thermal cameras – still capable of seeing great distances – are half that again. As such, security consultants and managers need to better understand the capabilities of thermal cameras as this technology has the capacity to change the way they think about and deploy normal CCTV systems. When used in conjunction with analytic software, perimeter cameras can detect and trigger an alert if someone is approaching the premises anywhere from 50m out to 2km if required. This alert can then be acted upon to stop an event from occurring if a guard is on-site or if he is linked in with a speaker system on site. Obviously, early warning perimeter protection cameras are not for everyone. There are, however, a number of vertical markets such as mining, critical infrastructure, air and sea ports, large logistics warehouses, search and rescue, rural fire, police, solar farms, councils, oil rigs, refineries, universities, military installations and government departments that can benefit from this type of technology. This technology certainly comes into its own when there are large open spaces in remote locations that need to be monitored. Thermal can provide costeffective, invisible, long-range perimeter protection in areas lacking lighting or power. Most thermal cameras run on low power, enabling the use of a small solar panel on a trailer if cabling is not an option. Aside from its obvious applications in
SECURITY SOLUTIONS 035
ALARMS
perimeter protection, where else might thermal imaging provide benefits for security professionals? Some real-world examples of outside-the-box applications include: 1. To monitor compost heaps in large sheds on rural properties. Believe it or not, compost can heat up in the middle of a large mass, leading to spontaneous selfcombustion. Farmers have lost sheds worth $100,000. In this scenario, a thermal/ radiometric (thermal camera that assigns temperature and colour to a scene) would detect the heat build-up and be able to alert the farmer of an impending fire. 2. To monitor laundry. As strange an application as this may sound, there have been documented instances of heat building up in the middle of a pile of freshly dried clothes/linen, causing the pile to catch fire and burn down the laundromat. The same can occur in garbage and recycling plants. 3. To locate buried bodies. Although thermal will not see through anything, it can detect a temperature difference between land that has not been disturbed and an area of land that has been dug up. The emissivity of the two areas will be different. Some other uses for thermal imaging technology include using the thermal core and putting it in an unmanned aerial vehicle (UAV) to look for cattle on a property as well as identifying fires or electrical heat build-up in power lines. Obviously, this type of technology has created an advantage in military applications as well, enabling troops to see where the enemy is situated by flying the UAV over the battleground and looking at the thermal image transmitted on a monitor. Some CCTV purists have an issue with thermal technology due to its limitations. It cannot identify someone. CCTV has traditionally been about resolution and identification, hence the push for megapixel cameras and hard drive recording. This might make sense in a banking environment, as well as business or retail applications. However, thermal cameras are not designed for these applications. Thermal technology is designed with early warning detection in mind – mainly external,
036 SECURITY SOLUTIONS
long-distance applications where it does not matter who it is – just that someone is there when they are not supposed to be. Thermal can cut through smoke like it is not even there. Fog, sandstorms and foliage are not a problem either. People and animals will stand out in any of these situations with a thermal camera, day or night. As mentioned, typical external detection to date has comprised photo electric beam and microwave sensors. These technologies are good; however, they are prone to false alarming whenever a rogue animal is wandering or the wind blows with any force. Another advantage of thermal is no false alarms. An image of the perimeter can be sent to a phone and security personnel will be able to tell the difference between a man and a dog. The wind does not affect the camera in any way whatsoever and intruders cannot jump over it like they can a beam. How does thermal work – every living thing and inanimate object will absorb and emit energy (which is normally measured as temperature and referred to as heat) at a different rate. The emitted radiation will vary depending on the object that is transmitting whether it be a human, a desk, a pen or a TV as every object gives off a different amount of energy or heat. Thermal cameras are able to identify and analyse the temperature differential between objects in a scene, and radiometric cameras can actually assign a temperature value to everything in that scene. The key to the success of thermal imaging is camera placement. Thermal technology works on picking up emitted radiation (object heat) at distance. If you are looking at full bodied fixed cameras, you need to design the perimeter so there are no holes through which a perpetrator might slip past cameras. Having the cameras all pointing in the same direction from inside the perimeter, with the right distances between each camera, will ensure there are no holes in your perimeter. There are a multitude of thermal technologies to help secure a site that encompasses a variety of challenges, including but not limited to, a large land mass. These include pan/tilt thermal
cameras with digital zoom for commercial applications, as well as thermal cameras featuring continuous zoom. However, cameras of that nature often cost over $100K and need to be cooled. There are also thermal and optical combined cameras on the market. While these cameras might be a little more expensive, they provide users with the best of both worlds – optical capabilities for identification of an object or suspect during the day and thermal imaging for early warning detection at night. There is no doubt that Thermal Cameras are a growth product in the security industry. Megapixel versions are already on the market and allow significantly improved recognition features, as well as exceptional long range performance in poor visibility conditions. These cameras are still very expensive but can make the difference in finding people in adverse conditions at night and potentially saving lives. As the technology continues to advance and the manufacturing yields improve, thermal imaging detectors will continue to go down in cost. Moreover the ability to make the pixel size in the detector array smaller will allow the use of smaller optics, which is now a significant portion of the cost of a thermal camera. Because the lens material in thermal cameras is not glass, but rather Germanium, a “metalloid” in the Carbon Group, it is quite expensive and difficult to manufacture into a lens form. In current uncooled Long Wave Band thermal cameras, the cost of a lens is generally higher than the detector once the focal length exceeds 50 - 60mm. Higher volumes also allows manufacturing savings, but it is not expected to radically change costs in the near term. In summary, thermal cameras now offer genuinely affordable and usable solutions in the growing commercial security market for specific applications where detection rather than recognition is the paramount. Where day and night operation is essential or where low power (and lighting) are limiting or preferred options and where seeing through atmospheric obscurants is a necessity.
GIVING HOTEL GUESTS SECURE ACCESS AND THE ULTIMATE IN-ROOM EXPERIENCE
we use the latest bluetooth lowenergy technology... streamlining the check-in process!
RELIABILTY IS THE KEY +61SOLUTIONS 2 9472 2000 037 SECURITY
www.vintech.com.au
038
Survival Concepts Operational Safety By Choice, Not Luck
By Richard Kay The most basic, underlying concept of defence is fear. Whether it is defensive tactics or defensive thinking, they are based on fear. The very idea of self-defence is fearful: a person is more concerned with reacting than acting. He is worried about what the attacker will do to him, rather than vice versa. Defensive thought entails watching and waiting; then, when the attacker moves, attempting to counter the movement. The person is reacting to actions that have already taken place; through hesitation and inaction, the attacker is in charge of this situation.
039
Anyone who has been trained to raise his hands in some sort of defensive stance as a prelude to action is operating with a defensive mindset. His first move does nothing to change the situation. The modelling of defensive posture induces a fear state in his mind, making him indecisive and vulnerable. The defensive ‘block’ and offensive ‘strike’ interfere with one another. The fear felt at seeing the attacker move causes hesitation, resulting in action that does not have 100 percent commitment. Everyone has seen fights in which people repeatedly hold their hands up in a defensive stance and feint toward each other, then jump back away. Sometimes they lash out at each other, but always half-heartedly. This is because they are operating in a fear-state. They would really like to get the other, but they are too afraid
the manner most appropriate and advantageous to the situation. A winning mindset is taught through two processes – neural linguistics and physical modelling – taking people from fearful to fearless by using proactive linguistics to change thought patterns, and then anchoring those thought patterns through physical action. Neural linguistics uses positive rather than negative terminology. Words have emotional weight, dependent on the situation in which those words were learnt and their associated ideas. The words used to describe things affect the way people feel about those things. If a word has a connection to a mental picture whose emotional content is fearful, then it must be replaced with a fearless word in order to achieve a winning mindset.
A winning mindset is a positive thought process, devoid of fear, that leads to demonstrable physical increases in performance. to commit. They are preoccupied with defence. A winning mindset is a positive thought process, devoid of fear, that leads to demonstrable physical increases in performance. A person possessed of the winning mindset will act rather than react. Such a person thinks positively and affirmatively. This thought process is applicable and useful in all human endeavours. The goal is to eliminate fear – the basis of defensive, reactive thinking. Without fear a person is free to act immediately and directly. There is no internal debate or indecision. He makes things happen when they need to happen. The difference between offensive and defensive thinking is as simple to understand as action versus reaction, cause versus effect. Defensive thought is concerned with reacting to actions that have already taken place. The defensive thinker will take in external stimuli and turn inward, concerned with the effect on the self (worrying). The offensive thinker is the cause of effects – creating strategies within the mind and moving them outward into the physical world as action. He will take the same external stimuli and make decisions, which are executed as actions, to affect the source of the stimuli in
040
For example, the idea of blocking (which is mentally linked to the word) is defensive and based on fear – a person blocks because he is afraid of getting hit. Now, if instead the person is told to strike the attacking limb, no fear state is induced. In fact, the opposite is done and a positive, take-charge attitude is induced. The person has the source of his fear (‘blocking’) replaced with a proactive action (‘striking’) with different connotations – the ‘defender’ controls the situation, imposing his own strategy on the situation. A winning mindset can be taught to anyone, for any purpose, to increase performance. The key is in isolating reactive words and replacing them with proactive words. The new terminology is then reinforced through the modelling of proactive physical structure. Take an example and convert it from a thought problem to the real, physical world to anchor the changes in the thought process. For example: • Reactive = block evade defence try • Proactive = strike penetrate offence do In conjunction with a proactive winning mindset, here are some important operational
safety concepts for the management of resistive subjects. Officer Survival Principles These five principles have been synthesised from numerous officer encounters on the job: • Watch the palms – most attacks occur with the hands, either empty or with a weapon. Clearing a subject’s hands should always be a primary consideration. Maintaining awareness of the subject’s hand position and status should be an ongoing consideration throughout the situation. • Seek cover – in situations involving firearms, officers should always seek cover that offers protection from ballistics. In the event of an impact or edged weapon assault, cover will also provide protection. • Maintain distance – safe separation gives officers reaction time. The right distance means that an officer can position himself so that he is comfortable to control the situation, while his opponents feel comfortable too, but only in a sense that they perceive no threat. • Keep the weapon back – if an officer uses a weapon, such as a baton or firearm, he should keep the weapon close to his person, especially if the subject is closing distance. Extended away from his body, a weapon can be grabbed and disarmed or deflected to allow the subject to enter his personal space. Where possible, the officer should move towards the weapon side so his body position also protects against weapon retention situations. • Control the dominant hand – in a confrontation, an officer should endeavour to control the subject’s dominant hand first. Conversely, when releasing the subject, release the dominant hand last. This denies the subject’s use of his strong or ‘comfortable’ hand. Look for clues as to which hand is dominant (watch, writing, blading, and so on) but remain alert for ambidextrous people. Personal Safety Principles If a subject escalates resistance, remember this three-step process for ensuring personal safety: • Abort intent – since physical action originates from psychological process, this stage entails using distractions to ‘defuse’ this mentalto-physical process of attack and provide opportunities for disengagement or control. Strategies can be verbal (questions) or physical
Success in a physical confrontation involves balance. Without balance, a person cannot move efficiently or generate power properly. (strikes), and can be deployed by the person involved or by a third party (using either strategy). • Break balance – success in a physical confrontation involves balance. Without balance, a person cannot move efficiently or generate power properly. The strategy is simple – an officer keeps his balance and disrupts the subject’s balance so he can move and use power properly, but the subject cannot do so in return. • Create distance – distance provides reaction and assessment time. With distance, an officer can choose to disengage or consider other strategies. Distance also relates to balance; by keeping slightly out of range of the subject’s attacks, he will most likely overextend, which
helps destabilise him. Distance = time = options. Survival Reaction Time There are four key stages in reacting to a threat: • Perception – this involves perceiving an attack via the senses – eyes, ears, intuition and so on. The earlier an attack is perceived through various cues (verbal, non-verbal, environmental), the sooner an officer can react. • Evaluation – this involves the officer deciding what type of threat is present and what risk it poses to himself. • Formulation – this involves matching an appropriate response to the attack, based on an officer’s evaluation of type, threat level, experience and so on.
• Initiation – the final stage involves the physical reaction to the attack, largely based on what information is available in an officer’s midbrain; the part that operates under stress and is educated by stress inoculation training. Officers must understand that operational safety is an ongoing commitment. The reality is this: somewhere, someone out there right now is training seriously. If an officer is not and he meets that someone, he may lose. Losing is not an option for officers; there is no second place trophy on the street. Officers must train hard, train well and prepare themselves to prevail.
Richard Kay is an internationally certified tactical instructor-trainer, Director and Senior Trainer of Modern Combatives, a provider of operational safety training for the public safety sector. For more information, please visit www.moderncombatives.com.au
SECURITY SOLUTIONS 041
CCTV
042 SECURITY SOLUTIONS
IP Cameras: The Important Specifications For A Security System
SECURITY SOLUTIONS 043
CCTV
By Bob Mesnick
IP camera manufacturers provide product specification sheets that help in the selection of the right camera for individual IP security and surveillance systems. But which specifications are important? They include such things as resolution, minimum light sensitivity, lens, wide dynamic range, signal to noise and so on. The importance of each of the camera specifications depends on the objective and application. For example, the low-light specification is important if the camera is to be used outdoors where it can get dark. If the IP camera will only be used indoors, the viewing angle width may be more relevant. This article reviews the important camera specifications and how to avoid being fooled by ‘specsmanship’ (from the marketing department). Resolution This is an important specification. Resolution is usually defined by the total number of pixels in the sensor or the horizontal and vertical pixels. Marketing people also use the terms ‘HD’, ‘720p’ or ‘1080p’ and, most recently, ‘4K’. • Megapixel camera: This is a general term used for any camera that has over one million pixels in the sensor. There are many cameras that have over one megapixel resolution. The pixels are organised in a matrix of horizontal and vertical pixels. The relationship between the horizontal and vertical pixels is called the aspect ratio. The aspect ratio (vertical to horizontal ratio) is usually 4:3 or 9:16 (wide). The latest sensors (especially the ones that claim 4K resolution) have different aspect ratios that are similar to the very wide formats used in the cinema market. • HD camera: This is more of a marketing term and is defined as either a 720p or 1080p type HD camera. This specification comes from the video broadcast market rather than the security market. The 720p refers to 720 horizontal lines. The
044 SECURITY SOLUTIONS
‘p’ indicates that the lines are progressive rather than interlaced. There is only one scan per frame that includes 720 lines. The 1080p HD camera has at least 1080 horizontal lines. 720p cameras usually have a sensor with at least 1.0 megapixels. Pixel resolution is 1280 x 1024, or it can be 1280 x 800. 1080p cameras have at least a 2 megapixel sensor and are considered to be the higher resolution HD cameras. To add to the confusion, some manufacturers call their 3 megapixel or 5 megapixel cameras 1080p as well. • 4K camera: This usually refers to a camera with over 8 megapixels of resolution. It has approximately 4,000 horizontal pixels. The number of vertical and horizontal pixels and the aspect ratio are defined differently. For example, Sony announced that their new (coming soon) camera has a chip with 4096H × 2160V pixels, which runs at up to 60fps. Axis announced a camera with 3840 x 2160, which runs at up to 30fps (which is called Ultra HD). The marketing people call all these cameras 4K. The resolution of a camera is defined not only by the sensor, but also the lens and the electronic circuits. Megapixel IP cameras are sometimes advertised for under $200. Be careful; the sensor may have the megapixels, but the lens may be plastic and the result is a very low quality image. Minimum Illumination (or Low-Light Sensitivity) The minimum illumination is the lowest light level (measured in lux) that provides a reasonable image from the IP camera. This can be very subjective and depends on what the viewer thinks is an acceptable image. Low-light images are not only dark, but can also be very noisy. At the low-light level, the amplifiers are working very hard and there can be circuit noise that affects the video image. This is
called the signal to noise (S/N) ratio. The better manufacturers also include the relative level of the signal (IRE), which is a measure of how hard the amplifier has to work. For example, a camera that is operating at 30 IRE is receiving 30 percent of the signal from the sensor circuits, while one operating at 50 IRE is receiving 50 percent of the signal. The lower the number, the harder the amplifier has to work to boost the signal so it can be seen. The noise level can be as high as 20 percent of the signal, so the resulting video can look very noisy when the signal level is very low. The minimum light level is also affected by the shutter speed, which relates to the frame rate. The longer the shutter is opened, the more light can reach the sensor. The longer the shutter stays open, the lower the frame rate. There are some camera specifications that indicate very low minimum illumination (0.0001 lux), but this is measured at a shutter speed of 0.5 sec. This translates to a maximum frame rate of 2fps. The minimum illumination level is also determined by the lens. The lower the f-number of the lens, the more light it will let through. Lens Many IP cameras come with a lens. A wide angle lens could be used to view a small room, while a narrow angle lens (with more magnification) can be used to see an area that is far away. The lens can also affect some of the other specifications, such as minimum illumination, frame rate and resolution. If the IP camera does not include a lens, it usually includes a standard type CS (or C) mounting capability, so various third party lenses can be used. • Lens angle: The lens is measured in millimetres. The lower the number, the wider the viewing angle. A 2mm lens may have an angle of about 110 degrees, while
SECURITY SOLUTIONS 045
CCTV
The importance of each of the camera specifications depends on the objective and application.
046 SECURITY SOLUTIONS
a 50mm lens has an angle of about 5.5 degrees. The angle of the lens depends on the size of the sensor and the distance from the sensor to the lens. • Lens light capability: The f-number of the lens indicates how well the light is transferred through the lens. A camera with an f-number of f1.2 can pass more light than one that has an f2.0 lens. The lens angle can affect the f-number – the wider the angle the more light can get in, so the illumination specification is usually measured at the widest lens angle (when a variable lens is included). • Types of lenses: There are fixed, variable and zoom lenses. A fixed lens, as the name implies, has only one mm or angle setting. A variable lens can be manually adjusted through a range of angles. A zoom lens is similar to the variable lens, but it can be controlled remotely. • Iris: Iris control adjusts how much light falls on the sensor and affects the depth of field. The smaller the iris opening, the longer the depth of field. When the scene is very dark, the lens iris opens and the field of view is reduced. This means some areas that are close or far away are not in focus. There are manual iris controls, DC auto iris and p-iris lenses. o Manual iris is manually adjusted and depends on how much light is expected in the scene. A manual iris lens is usually used with indoor cameras where there is a small light variation. o DC auto iris lenses are usually used with outdoor cameras. The camera electronics adjust the iris opening depending on how much light it detects. At night it opens the iris and when there is bright sunlight it closes the iris. o P-iris lenses are similar to the DC auto iris lens, except they add additional intelligence to the lens opening. When the iris is closed all the way, it can reduce the clarity of the image (when
used with megapixel cameras). A p-iris camera system works with the camera electronics to prevent the iris from closing all the way. Conversely, when the view is very dark, the camera tries to open the iris to let in as much light as possible. As the iris increases, the depth of field is reduced. A p-iris lens prevents the lens from opening all the way and compensates by increasing the camera amplification of the video signal. • Focus: The focus of the IP camera can be adjusted either by adjusting the lens or by remotely adjusting the distance between the lens and the sensor (back focus). Lenses can have a fixed focus (it cannot be changed) or manual focus. Back focus is not part of the lens, but is usually listed with the lens specification. It makes installation much easier, enabling the focus to be adjusted at the computer instead of at the camera. • Infrared (IR) corrected lenses: Lenses bend the light to achieve the right focus and magnification. IR light can bend at a different angle than visible light when the wrong type of glass is used in the lens. IR corrected lenses compensate for the focal difference and provide a much clearer image. This is most apparent at higher resolution. Special Applications That Require Specific Capability • Wide dynamic range: To view an area with challenging lighting conditions, it is best to select a camera that provides good, wide dynamic range (WDR). For example, a camera that either provides back light control or, better yet, WDR, will be needed to view a lobby with a large window. Wide dynamic range has been dramatically improved in the latest cameras. Older cameras provide about 50dB of WDR; newer models provide over 120dB. • Frame rate: Frame rates are not
particularly critical in most applications, but most megapixel cameras support reasonably good frame rates. What is reasonable? It depends on the application. Video is very smooth even at 10fps. There are a few applications where higher frame rates may be needed, such as in gambling casinos, or in special testing situations, where there is very fast motion; but in most cases, users can save bandwidth and storage by reducing the frame rate. In certain cases, the frame rate has to be reduced. For example, frame rates tend to be lower in very high-resolution cameras (over 3 megapixel). The frame rate can also be affected by very low-light situations. By increasing the time that the shutter stays
Summary Understanding the specifications allows users to select the right camera for their IP camera system; however, before reviewing the specifications, users should fully understand their required application and objectives. Bob Mesnick is President and owner of Kintronics, an organization specialising in providing network attached IP camera surveillance and security systems. With over 30 years experience in the technology industry, Bob also provides specialist advice on optical storage systems and network attached storage systems. He can be contacted at www.kintronics.com
The lens can also affect some of the other specifications, such as minimum illumination, frame rate and resolution. opened, users can improve the low-light performance of most cameras. But be careful; increasing the shutter speed to 0.5 seconds changes the maximum frame rate to only 2fps. • Audio: Audio capability can be very important in some applications, such as when connecting an intercom to the camera. In this case, a camera with audio input capability is required. Some cameras have a built-in microphone, but be aware that it is always best to have the microphone close to the person talking. • Input and output (I/O): Depending on the application, input and output connections may be required. For example, to release a door lock, an output signal to control a relay that can open an electric lock is needed. To detect that a door has been opened and start recording video, then an I/O input connection to the camera is required.
SECURITY SOLUTIONS 047
BUSINESS
048 SECURITY SOLUTIONS
Increasing The Value Perception Of The Security Department By Ray Hodge Managers of security know that what they do within the organisation is extremely valuable. But do others? One of the challenges for security division managers is not only the effective communication of what they are doing, but the value that they contribute to the broader organisation. The security department needs to be seen as an essential division that contributes significant value rather than that which is required out of necessity. Internal Marketing: Where There is Music… Do others hear music coming from the department or is there silence on the airwaves? In order for other managers to understand the value of the security division, security managers need to create the music of marketing and play it loudly (and appropriately). Departmental managers can suffer the same plight as small business owners: ‘the results speak for themselves’ or ‘people should just know that’. The trouble is, others will not know unless security managers blow their own horn. The goal of marketing for a business is buy in from both new and existing customers. Customers buy into the value the company is offering (by way of products and services) and then part with their resources for the acquirement of such. The marketing of a department reflects similarly. Security managers understand their core business, they know who they effectively have to sell to (other division heads and senior management) and the strategies for that communication. One of the frequent mistakes made when marketing is that they tend to promote what they provide as opposed to the value and benefits of that provision. When considering security, some of the immediate things that spring to mind on the value side are: • increased personnel safety • contribution in the marketing of the broader organisation (promoting security results) • increased consumer satisfaction • brand repute • financial results
SECURITY SOLUTIONS 049
BUSINESS The marketing goal of the security department is to communicate to other divisional heads and senior executives the value of the division so that others buy into that vision for mutually beneficial outcomes. Ascertaining Value In an interview with Dr Robert Floyd, Director General of Australian Safeguards and Nonproliferation Office, he mentioned, “Some deal with security as another impost on business but it needs to be seen more in the light as providing the right to operate. It bolsters reputation and brand protection, and in some cases even provides the public support to be able to operate.” These are statements of value – the right to operate; reputation bolstering; brand protection; public support. As security managers well know, it is one thing to write these words in a beautifully presented monthly report, but it is quite another to substantiate them. Given that senior executives tend to deal more in certainty than ambiguity, it is essential wherever possible to quantify such value. Here are some suggested value questions to ask senior management and business owners: • What do you think that recent improvement saved you on costs? • How have personnel benefitted here from the new initiatives? • What amount of time did we save on those process improvements? What does that time equate to in available time for work re- distribution? Cost savings? Freeing personnel to work in other areas? Increased delivery times? • I noticed that you have begun using some of the initiatives and results of our work in your marketing. What do you anticipate that will return over the next 12 months? • What is the effect this has had on lowering the stress levels of those involved? Obviously, some of these are tangible outcomes and some intangible. The more ammunition security managers have to load the marketing gun and the more factual, the better. A good practice is to make a list of every possible way that the security division provides value, along with a list of value questions. Then, on an ongoing basis, always ask both others and those in the department itself what value the department is contributing to the organisation Communicating Value It is one thing to be armed to the eyeballs with value to share. It is quite another to communicate this
050 SECURITY SOLUTIONS
in an influential way. The communication failure in many of today’s organisations is derived from leaders communicating in their terms, not the terms of those they are influencing. For example, to gain approval from the chief financial officer for a significant increase to a budget allocation for the next fiscal year, begin by ascertaining what his goals are first. What drives him? What is the most concerning to him? Is it: • market perception? • revenue growth? • strategy and goal achievement? • current cost-cutting initiatives? • personnel protection? • increased customer satisfaction? • favourable perception by more senior executives (ego related)? • keeping his job due to recent bad press? If security managers can link their departmental goals, values and achievements to those of other departments and senior management, they have a much higher chance of getting what they require. Relational Giving Again, Dr Robert Floyd stated, “We prefer to go the route of building relationship and partnerships rather than just enforcing compliance from a distance. To get 100 percent buy in wherever possible is the goal.” Making the effort to build relationships and to establish common goals across departments goes a long way towards corporate success. Every division and senior manager will have goals that are specifically important to them. The astute leader understands that ‘if I can help you reach your goal I am more likely to fulfil my goals’. This issue presents itself in all facets of life; from children demanding what they want to the lazy worker demanding more pay, it plays out the same. People who focus purely on themselves will usually get left to themselves. Those who help others get what they want will progressively get more of what they want. Everyone reaps what they sow and gets back what they give. Productivity and Communication Tips Here are some final tips to help security managers in their productivity and communicative efforts: • Be an initiator. • Demonstrate high energy and enthusiasm. • Exhibit confidence yet teachability. • Meet spoken and unspoken expectations. • Dig for the value that the department contributes then communicate it in every instance. • Learn the art of asking quality questions and
listening 80 percent of the time. • Actively assist others in fulfilling their goals and work with them to create common goals. • Address things directly, quickly and politely. Do not let the negativity pot simmer; when it boils over the mess is not pleasant. • Brevity – executives are busy people and are skilled at going directly to the bottom line on many issues. A one-page summary or a five-minute succinct verbal briefing is often enough to communicate the essential. Here are some keys to assist in communicating to busy people: o background – give just enough to provide the foundational setting upon which to build the case o if the report is extensive, provide a one- page summary with references as to where more information can be located within the document or online if that is the case o use bullet points o provide ONLY the information that is pertinent to the reader o quick meetings are good meetings – prepare the agenda in advance. Just as people do not hear about the products and services of a local business unless they hear the music of marketing playing, so it goes for the security department. Security managers must go ahead and make their music. Marketing skills with high people skills will stand security managers and their departments in good stead to be heard. Good luck!
Ray Hodge is the director of Ignite Business Consulting. Known as the ‘efficiency driver’, Ray appears regularly as a speaker in Australia and consults to businesses and organisations, with the Department of the Australian Prime Minister and Cabinet on his list of accomplishments. He has held positions as general manager in the tourism and construction industries, and has successfully run his own businesses in the finance, property and accommodation sectors. Ray has coached and provided consulting services to leaders and teams for over 20 years. He can be contacted at ray@ ignitebusinessconsulting.com.au or directly on 0403 341 105.
SECURITY SOLUTIONS 051
COVER STORY
052 SECURITY SOLUTIONS
When Technology, Crime And Terrorism Collide Understanding The Future Of Security
SECURITY SOLUTIONS 053
COVER STORY
By John Bigelow Imagine a world in which everyone and everything are connected to everyone and everything else, all day, every day, 365 days a year. This is the Internet of Things and it is becoming a reality faster than most people realise or would care to admit. Consider the following scenario. In this brave new world, the chip attached to the thin wire inside the plastic container of milk will register a temperature difference between the top twothirds of the container and the bottom third, denoting that you are low on milk. This will in turn trigger the chip in the milk to send a signal to the fridge, which then contacts the online grocery provider and adds milk to your weekly shopping. The grocery store sends you
video, is immediately sent to your smartwatch, at which point you can choose whether or not to override the alarm that is about to be triggered. If you do not override the alarm, police and building security, along with the delivery driver’s employer, are immediately notified of the security breach. The employer’s system then sends a signal to the delivery van, disabling the engine. The driver’s picture is transmitted to police and security along with the GPS co-ordinates of the delivery driver’s smartphone, which is accompanied by a live GPS feed so police can track and locate the driver in real-time. In this world, quite literally, everything and everyone can talk to everything and
of the Internet and the predicted depletion of available addresses, a new version of IP (IPv6), using 128 bits for the address, was developed in 1995. IPv6 was standardised in 1998 and its deployment has been ongoing since the mid-2000s. Mathematically, the new address space provides the potential for a maximum of 2 to the power of 128 (2128), or about 3.403×1038 addresses. In layman terms, that means an individual IP address could be assigned to every single grain of sand on earth and there would still be plenty of addresses left over. This of course raises the question, how do security professionals begin to think about, prepare for and protect against the threats that arise in such a connected world?
a message at the end of the week with a list of items for your approval that the service intends to deliver the next day. Upon approving the list, the cost is automatically debited from your chosen account while a background request is sent to your building’s access control system for a one-time password that will allow the delivery person to enter the building, access the elevator (but only to your floor) and open your apartment or office based on a facial recognition credential that it obtains from the online grocery provider’s employee database. The CCTV system in your apartment or office sets up a set of direction-based rules that allows the delivery person to travel from the front door, down the corridor directly to the kitchen and back out again along the same path. If the delivery person deviates from the specified path, an alert, with live streaming
everyone. While this provides an unlimited world of possibilities for security product manufacturers, distributors, integrators and service providers, it also provides untold new opportunities and vulnerabilities for criminals and terrorists. According to Marc Goodman, security futurist and author of the book Future Crimes, “If today’s Internet is the size of a golf ball, tomorrow’s will be the size of the sun”. According to Goodman, this has been made possible through the introduction of IPv6, a new standard for the addressing of Internet Protocol (IP) devices (every device that has an online connection). The original designers of the Internet Protocol defined an IP address as a 32-bit number and this system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, because of the growth
In the last 30 years, virtually every major car manufacturer from Mercedes-Benz to General Motors, Nissan, Renault, Toyota, Audi, Volvo, Peugeot and more have experimented with self-drive or autonomous vehicles in one form or another. As manufacturers get closer to perfecting the technology, countries are starting to pass laws permitting the use of autonomous vehicles. For example, in 2013, Nevada, Florida, California and Michigan in the US all passed laws paving the way for the use of self-drive vehicles. In Europe, cities in Belgium, France, Italy and the UK are planning to operate transport systems for driverless cars, while Germany, the Netherlands and Spain have allowed the testing of robotic cars in traffic. In a future world full of driverless cars, what might happen if a hacker or group of hackers with the right skills were to take control
054 SECURITY SOLUTIONS
AME System produces its customisable ActivConsole range of electric height adjustable and fixed height control room consoles from their local design studio and manufacturing facility in southeast Melbourne, Australia. The ActivConsole range has revolutionised control rooms throughout Australia and worldwide, introducing state-of-the-art ergonomic technology into a 24/7 monitoring environment. Able to be customised to suit any application, the ActivConsole plays
a vital part in keeping your workplace and employees healthy and productive. By utilising new modern production methods and combining them with high quality materials and finishes, the ActivConsole range continues to adapt to new technologies and trends, ensuring unparalleled versitility and flexibility in every design. Customising ergonomic solutions for over 20 years, we continually ensure safety and quality for a whole new generation of operators. Contact us now for a tailored solution.
SECURITY SOLUTIONS 055
COVER STORY
... everything and everyone can talk to everything and everyone. While this provides an unlimited world of possibilities for security product manufacturers, distributors, integrators and service providers, it also provides untold new opportunities and vulnerabilities for criminals and terrorists.
of an autonomous car or cars during peak hour in a major city? According to a report filed by Reuters on 11th August, 2009, medical science is now using Internet-addressable devices such as pacemakers to improve patient health. A 61-year-old US resident, Carol Kasyjanski, became the first American recipient of a wireless pacemaker that allows her doctor to monitor her health from afar – over the Internet. According to Dr. Steven Greenberg, the director of St. Francis Arrhythmia and Pacemaker Center, the new Wi-Fi pacemaker technology helps him better treat his patients and will likely become the new standard in pacemakers. However, if it can be accessed remotely, it can be hacked. Imagine crime or terrorist groups having the power to hack a person’s pacemaker and stop his or her heart with a few key strokes. How might a security manager protect the CEO or head of state who has such a device from an attack? Just how sophisticated have hackers become and do terrorist groups really have the capability? In an article on cyberterrorism published in issue 65 of Security Solutions Magazine, Nick Ellsmore, one of Australia’s leading experts in information security strategy and governance, and Arun Raghu, a consultant in the areas of online fraud, cybercrime and IT security law, wrote, “The US Department of Justice has stated that the cost of the capability for a cyberattack is negligible; and the capability to perform such attacks – potentially requiring just a PC and network access – is ubiquitous. Cyberterrorism may be carried out by either a terrorist group directly, or through the use of hired expertise. In the last decade, an efficient black market has arisen for the development of targeted malicious code, the hiring of botnets, or other specialist hacking services. Eastern Europe in particular has provided a significant source of hacker groups readily able to provide
056 SECURITY SOLUTIONS
technical support to illegal activities, due to a high incidence of crime, a large population of highly educated and often unemployed workers, and unstable governmental regimes (Techrepublic, April 2004). “Moving beyond the concept of a remote Internet-originated strike, as the terrorism threat focus shifts from overseas extremists to home-grown terrorists, the risk of an internal cyberterrorist strike must also be considered. Accepting that ‘sleeper’ terrorist cells can exist in a country also means accepting that these cells can exist in a company; and the likely impact of a cyberterrorist strike originated from inside an organisation, by attackers with comprehensive knowledge of systems, networks and the external environment, is significant.” A Real and Growing Threat Ellsmore and Raghu went on to state, “Cyberterrorism is not mere fiction. Examples already exist of individuals successfully targeting important infrastructure and causing harm as a result. In 2000, a contractor
The rapid proliferation of technology, both digital and physical, is changing the very nature of security threats.
successfully hacked into an Australian waste management control system and caused real-world environmental damage. In 2008, a system administrator who had been employed by the city of San Francisco took control of the city’s computer system and prevented others from accessing emails, payroll information and prison and police records.” “While these attacks did not cause violence to the public, they are a powerful proof of the concept of remote interference with critical infrastructure systems, and systems responsible for human welfare or protection. Clearly, the threat is real. The reality of the cyberterrorism threat was acknowledged back in 1997 when the US Joint Chiefs of Staff conducted a military exercise, code-named Eligible Receiver, to find out how easy it was for an enemy to attack US critical infrastructure and military computers. The exercise found that attackers, using ordinary computers and widely available software, could disrupt military communications, turn off sections of the power grid and shut down parts of the emergency telephone networks in several American cities. It has been reported that the attackers also gained access to the IT systems of a Navy cruiser at sea.” According to the Cisco 2014 Annual Security Report, “The sophistication of the technology and tactics used by online criminals – and their nonstop attempts to breach network security and steal data – have outstripped the ability of IT and security professionals to address threats. Most organisations do not have the people or the systems to monitor their networks consistently and to determine how they are being infiltrated.” The same report claims that, in 2014, Cisco had estimated the security industry would have a shortfall of more than one million cybersecurity professionals across the globe. The gap is expected to blow out to five million
EasyGate an award winning range of speedgates DDA Compliant Secure – up to 1800mm high barriers Stylish – European design and manufacture Reliable – 24 month warranty & 3,000,000 MTBF Fast – Throughput rates of up to 60 people per minute
With 14 years’ experience delivering entrance control solutions and 5 offices across Australia & New Zealand Centaman is here to help you make the right entrance
T: 1300 858 840 E: sales@entrancecontrol.com.au
www.entrancecontrol.com.au
SECURITY AUDITS & TRAINING WHS AUDITS DIAGRAMS & EMERGENCY PROCEDURES Beaware Solutions was incorporated in May 2006. Our company was developed to provide services to manage risks within any organisation or building. We concentrate primarily on security, WHS and emergency management. Our consultants have tertiary qualifications and experience in any or all of the following fields: • • • • •
Security and Risk Management Work Health and Safety Workplace training and assessment Emergency Management Public Safety
FIND OUT MORE
SCAN HERE
info@beaware.com.au 1300 71 81 31 SECURITY SOLUTIONS 057
COVER STORY
by 2020. Also in short supply are security professionals with data science skills, which are necessary to understand and analyse security data in order to improve alignment with business objectives. The rapid proliferation of technology, both digital and physical, is changing the very nature of security threats. Traditionally, security managers have addressed security threats in the physical realm as largely twodimensional challenges posed by conventional attack vectors such as a person or persons, either on foot or in a vehicle, using a firearm or some other type of weapon, or the delivery of packages containing explosives or harmful powders or chemicals, to name just a few. In an attempt to detect, deter and or detain individuals engaged in carrying out breaches or attacks of these types, security departments employ a layered approach to security consisting of CCTV, access control, intrusion detection, perimeter protection, guards and so on. But what happens when the traditional threat vectors no longer apply? What happens when new technologies provide avenues of attack not previously possible? Take, for example, remote control drones. Gone are the days of billion dollar military drones ruling the skies. According to data analysis company Terapeak (www.terapeak. com), in the last 11 months of 2014, eBay sales of remote control drones reached nearly $30 million, resulting in nearly half a million drones being shipped to customers around the world. Of those, more than 50 percent were equipped with some type of surveillance capability. For security managers, such figures should represent more than just an interesting insight into a lucrative new market. Data like this represents a significant shift in the security landscape. On 10th March, 2014, The Australian newspaper reported that a man had been arrested after attempting to use a drone to smuggle drugs into Metropolitan Remand Centre, with similar operations being reported in a multitude of other countries around the
058 SECURITY SOLUTIONS
... successful security managers will need to break out of their traditional paradigm of security as a silo, where information and practices need to be guarded and protected.
world in the last 12 months. From the UK to the US, Mexico to Melbourne, there have been a slew of reports involving crime gangs and cartels using drones to smuggle everything from drugs and weapons into prisons or across borders around the globe. Security managers need to turn their minds to such new challenges while technology vendors should see such threats as an opportunity to create new security equipment designed to detect and defeat these threats. The traditional fences, CCTV cameras and access control systems are ineffective against a drone that can be flown over all such measures and directly into the heart of a facility. How does a security manager protect against a drone carrying an explosive device or firearm that is flown onto company grounds? There are a multitude of examples on YouTube demonstrating the viability of such ideas (https://youtu.be/X20Y-DgJPzU). While in many cases the videos of drones equipped with firearms raise questions as to the accuracy and usability of such devices, the fact remains, a perpetrator does not really need the device to be accurate. What potential damage might be caused to an organisation’s brand or reputation if an incident occurred in which a drone was flown into an event and started firing a gun at random? That in itself
would be enough to cause widespread fear and damage. In the case of a sporting event or concert, the crowd numbers negate the need for accuracy. Another technological advancement, 3D printing, has been described as an innovation that has the power to change the world. The rate of evolution in 3D printing in just the last two years has been phenomenal. Since the first Liberator 3D-printed handgun was fired on 7th May, 2013, advances in materials sciences and 3D printing has meant that unreliable, singleshot hand guns are a thing of the past. Defense Distributed, the organisation that developed the plans for the now infamous Liberator, now offer the Ghost Gunner, “a general purpose CNC mill, built upon a large body of open source work, including the gshield 3 axis motion hardware, the grbl g-code parser and motion controller, and popular microcontrollers.” According to their website (ghostgunner. net), “As shipped, Ghost Gunner manufactures any mil-spec AR-15 lower receiver to completion. With simple tools and point and click software, the machine automatically finds and aligns to your 80 percent lower to get to work. No prior CNC knowledge or experience is required to manufacture from design files. Legally manufacture unserialised AR-15s in the comfort and privacy of your home.”
A quick online search reveals that there are now a wide array of organisations offering individuals plans and machines designed to print firearms and other weapons. In fact, if one really wanted to, it is relatively easy to print and create one’s own drone as well. From a security perspective, traditional protections afforded by measures such as border controls, immigration checkpoints, customs, airport and port security all become somewhat redundant when an individual or group can simply print and manufacture their own untraceable weapons upon arriving in a country. There can be little doubt that technology and the Internet are dramatically changing the threat landscape for security professionals.
Moving forward, Goodman believes that the security professionals of tomorrow will require a more technical skillset but, more importantly, successful security managers will need to break out of their traditional paradigm of security as a silo, where information and practices need to be guarded and protected. Goodman believes that tomorrow’s security managers will need to look to other departments within an organisation for help in achieving security goals and understanding the true nature of potential threats. Further, security managers will need to listen to the new generation of security managers, the digital natives who have been raised in a world of social media and connected living and who have a better understanding of the threats and challenges. Most importantly, he believes security managers need to embrace curiosity, read, examine, learn, enquire and always look for ways to think outside the box. While the old security paradigms are not necessarily dead, security managers need to be more elastic in their approach to security and open to new and different approaches to solving non-traditional problems.
Marc Goodman’s new book Future Crimes is available in print via Amazon or in digital formats through both Amazon and iTunes.
SECURITY SOLUTIONS 059
JUST LAW
060 SECURITY SOLUTIONS
Use Of Force And Workplace Violence: A Growing Risk SECURITY SOLUTIONS 061
JUST LAW By Dr Tony Zalewski Increasing crime rates for violence, including domestic violence, illicit drug use such as ice and a more challenging public to authority of public safety personnel, has further impacted upon the ability of operational security staff to meet workplace objectives. Inevitably, some interactions between members of the public with security staff have the potential to escalate to a physical level, with some interactions requiring the use of force. Typically, force is a potential option to remove a patron from licensed premises, to stop an unauthorised entry into a building or to complete the arrest of a resisting shoplifter outside a retail store. This article will discuss issues relating to the use of force in the workplace, including matters relevant to the increased risk of workplace violence. The Statistics Common forms of assault throughout Australia remain prominent within reported crime statistics. Victoria’s 2014 assault data disclosed an increase of 1.7 percent for reported assaults to 46,912. For the same period, the rates for New South Wales remained constant at around 34,000 non-domestic assaults and in Queensland around 18,100 annually. Reported crime statistics do not disclose incidents involving security staff, albeit the New South Wales crime statistics did recently report an 8.1 percent increase in assaults on police. A growing area of concern is domestic violence and its potential impact within the workplace. Throughout Australia, one woman is killed every week and one hospitalised every three hours due to a domestic incident. Victorian police attended 65,393 domestic incidents in 2013–14, twice as many as in 2009–10, and charges were laid in approximately 30,000 of those attendances. Most Australian police forces report up to 50 percent of all operational policing time is now spent handling domestic incidents. Workplace disputes are another area of concern, whether between workers or others in or around the workplace. Safe Work Australia and other state or territory agencies have published guidance materials to assist safety and security leaders to develop appropriate proactive and reactive measures for their workplaces.
062 SECURITY SOLUTIONS
Security staff operate in diverse environments, including hospitality and gaming premises, commercial and public buildings, air and maritime ports, high-risk defence and other government sites and major retail operations to name a few. It is therefore foreseeable there will be circumstances requiring physical intervention by security staff, whether intervening to keep the peace or to effect a lawful purpose such as arresting a shoplifter or removing an aggressive patron. It must be remembered that any physical intervention is a high-risk activity, hence the importance of an appropriate system. Industry Guidance There is a plethora of information freely available on the Internet to assist employers and security leaders to develop an appropriate system to cope with aggression and violence in the workplace. For example, the Australian Capital Territory (2010), New South Wales (2002), Victoria (2003 and 2014) and Western Australia (2010) have published materials addressing the risk of workplace violence. Each recommends a risk assessment as the foundation for developing any strategy. For security staff this is reinforced by AS/NZS2241:2011 Guard and Patrol Security Services (2.6.1) where a risk assessment should be conducted prior to the commencement of any work. This is particularly important to minimise risks associated with workplace violence. Use of Force and Tactical Options Model As use of force is a high-risk activity, it is important that all staff are regularly appraised to ensure their competency level is maintained. It is not acceptable to rely on pre-licensing training of security staff as a measure for competency. Employers must ensure each employee receives appropriate training against the perceived level of risk TACTICAL associated with force in an WITHDRAWAL operational perspective at their workplace. There should also be operating procedures to guide staff in both understanding PREVENTATIVE MEASURES the organisation’s and relevant legal requirements.
Security staff operate in diverse environments... It is therefore foreseeable there will be circumstances requiring physical intervention by security staff, whether intervening to keep the peace or to effect a lawful purpose.
DEFUSING TECHNIQUES USE OF FORCE Access Consider Take best course COMMUNICATIONS TECHNIQUES
EXTERNAL AGENCY
Use of force typically involves three considerations: 1 Lawful justification to apply force. 2 Reasonableness in that force was a necessary option. 3 The amount of force was proportionate to the danger in the circumstances. Pre-licensing training and various materials such as those provided by industry associations can further assist to elaborate upon these points. However, if each of the three considerations cannot be clearly evidenced, this high-risk activity may impact adversely upon the individuals, the organisation and ultimately the industry. This highlights the importance of employers ensuring current competency of their employees in this high-risk area of work and a complete understanding of their tactical options when confronted with a potential use-of-force incident. Many organisations use a tactical options model in the development of their staff. Use of such a model can assist staff to understand that, as an incident continues, ongoing assessment in the use of tactical options must also occur. There are variations on tactical options models; however, it is important that any model is relatively simple to understand and not complicated with unnecessary content or jargon. Below is an example of a basic tactical options model. Note that assessment commences in the centre of the model and works out and around to determine the most appropriate tactical option at any given time. It is important that employers, in the context of the relevant workplace, ensure staff are provided with procedures that explain each of the options for that particular workplace. A generic tactical options document is inappropriate and will lead to mere confusion in a high-risk incident. Preplanning is essential, hence the importance of a risk assessment with risk controls developed prior to any work activity. This approach in itself will minimise risk. Procedures that enhance operational security activity involve step-by-step instructions of how to perform routine for common tasks. For example, a procedure for approaching should include the following before any instructions about communication or the use of force: 1 Before approaching the person, conduct a quick safety risk assessment, that is, dual
As use of force is a high-risk activity, it is important that all staff are regularly appraised to ensure their competency level is maintained.
purpose weapons, associates of the person in the immediate vicinity, furniture or others that might create a danger and the like. 2 Notify another staff member (or summon support if working as part of a team). 3 Approach the person, adopting a position of safety and advantage. This method further minimises risk whilst also enhancing safety for everyone present. Common Problems Common problems associated with the use of force by security staff involve unlawful striking or the overuse of physical controlling measures to achieve an outcome. For example, unlawful striking often involves blows to the head of another. This is hard to justify in most circumstances. A poor controlling measure might involve applying a transport wrist lock as a punishment rather than an escort hold. In these circumstances the hold could lead to permanent injury and litigation. Laying with one’s bodyweight on another can cause serious injury, as has been evidenced across Australia in a number of positional asphyxia cases. Some areas of security work also have particular issues to address, such as ensuring staff understand limitations on external activity and their authorised areas of work. This is commonly evidenced in crowd control at licensed premises where discretion on where external staff can operate needs to be removed. It is never justifiable to follow a removed patron
down the footpath away from the venue or across the street to resolve a conflict. Similarly, it is never justifiable to chase a fleeing shoplifter through a busy shopping centre to effect an arrest. Conclusion Use of force is a high-risk but inevitable requirement within security operations. Employers must ensure a suitable system of work has been developed that takes into account, in the context of the relevant workplace, risks associated with the use of force. Statistics suggest the risk of physical interventions is a foreseeable option across all industry sectors. As security staff are the front-line defenders for security and safety at any workplace, their competence must be maintained through a formal system of assessment, guidance and supervision. Such competency assessment and guidance should also be recorded within staff files to ensure there is evidence of an employer’s attention to this high-risk security activity.
A generic tactical options document is inappropriate and will lead to mere confusion in a highrisk incident.
For over 20 years Dr Tony Zalewski has provided expert security reports to courts in all Australian jurisdictions. He has worked on some of Australia’s leading security-related civil actions and currently provides advice about security across industry sectors, as well as being a member of relevant industry associations, and a security adviser to governments locally and abroad.
SECURITY SOLUTIONS 063
FEATURE ARTICLE
Smartphones And App Security
064 SECURITY SOLUTIONS
SECURITY SOLUTIONS 065
FEATURE ARTICLE
By Graeme Cunynghame The number of mobile phone subscriptions worldwide is around the seven billion mark and growing. Smartphones are becoming more complex and more powerful in order to provide more functionality. Because of their unique characteristics, they present challenges that require new business models that offer countermeasures to help ensure their security. Concerns are increasing regarding security threats against smartphone users. Smartphones generally use the same software architecture as that used in personal computers, and are vulnerable to similar classes of security risks such as viruses, Trojans and worms. The rapid and worldwide diffusion of applications (apps) for smartphones has produced a complex environment composed of users, developers and vendors with sometimes contrasting and sometimes matching interests. Being an all-in-one device, smartphones and their associated apps provide very real convenience to users by providing services such as banking, social networking, games, emails, word processing, book readers, newspapers, day journals, photos and so on. The audio and camera functions on smartphones, which are formidable, have changed the landscape when it comes to recording day-to-day conversations, activities and spontaneous events. In terms of human decision-making, the world is becoming a more complex place where black and white, good and bad, right and wrong as concepts have been displaced to some degree by complicated constructs that leave a large proportion of people in the dark. This concept has been referred to as the Black Box Model. Smartphones provide an example of a technologically advanced device that people choose to have faith in rather than understand. Their inner workings are not well understood by the average user but, nonetheless, users integrate their inputs and outputs into their decision-making. In support of that thinking, marketing companies use strategies that are designed to influence people with images and emotions rather than factual or technical information. Subsequently, smartphone users place a considerable amount of faith in these devices in the absence of the knowledge required to completely understand the complexities and impacts of the device. However, it should be
066 SECURITY SOLUTIONS
acknowledged that many smartphone users are high-tech; however, others are technically unsophisticated, which is problematic. Research on how users evaluate and decide on particular apps is still being conducted; however, it would appear the average user is impulsive more so than considered, especially in terms of any sustained security threat analysis. Curiosity is one of the drivers when it comes to installing apps and, while threat awareness in relation to privacy is clearly denunciated, users are often dismissive, with few reading the service agreements or conditions, which are often longwinded and contain a degree of jargon. Smartphones nevertheless are becoming the mobile hubs of information for many people and companies. What started as a way to provide users with the flexibility of installing apps to enhance the usability of their smartphone has grown into a global market with hundreds of thousands of apps built by thousands of developers. Apps run inside a security sandbox and need permissions to interact with the smartphone and the data stored on it. One of the issues is that users may not be aware of what specific permissions mean, why they need to be granted and the consequences. While there are plenty of established companies developing useful apps or entertaining games, there is no easy way to distinguish them from developers that put users at risk or worse, choose to dispense malware or spyware. Many attacks operate in a stealth mode; users might not notice these attacks for days or even months. In addition, a malicious user could plant malware in a smartphone but not use it until later. Some malicious apps are believed to be sponsored by Nation States and have access to significant budgets. Not all developers are paying attention to security, in part due to the rapidity of technical advancements. Some of the more sinister developers are using the app as a gateway into smartphones, with menacing motives. Some apps are mining data for marketing purposes; however, others are potentially part of the chaotic cybercrime world. Malicious third party apps ported on smartphones target the privacy and security of unknowing users by accessing confidential data or inserting malicious code, which could potentially damage or alter
information, the firmware or software. Ratings are often used in distinguishing ‘good’ apps from ‘bad’ ones and these reviews are supposed to provide the user with an assessment of an app’s trustworthiness by real people. However, fake reviews written by collaborators of the developer or the developer themself are activities designed to boost an app’s ranking. Along with the rapid, worldwide adoption of smartphones, there has been tremendous growth in the number and diversity of apps available in the marketplace (for example, Android Play, the Apple App Store, Amazon App Store). Smartphone users select and install apps based on their own needs and interests, in a short timeframe with just a few clicks. Regrettably, there have been cases of malicious apps authorised and unknowingly distributed by Apple Store and Google Play. In one report, the top free gaming apps in both iOS (96 percent) and Android (84 percent) operating systems could access user and sensitive private information (such as contacts, location and calendar details). Empirical research suggests users are more likely to trust the authorised apps such as those accessed through Google Play, Kindle or Apple for example. Apps may also be installed on the recommendation of someone else, such as a friend or business associate, without any other considerations. It is common practice for users to download apps or games because their colleagues and friends already have them on their smartphone. These recommendations provide users with a level of confidence on the innocent nature of the app, despite the fact some of those apps may be malicious but undetected by their friends. There are many considerations when it comes to app installation. However, significant discrepancies emerge between how users perceive privacy and security risks, and their actual behaviours. Research indicates permissions requested by apps were assessed as a cost by the user and weighted in respect to other needs. Users may rationalise the decision to allow an app access to personal data (contacts, addresses, phone numbers) because they regard that content as unimportant. This raises security concerns when a person’s details might be accessed through someone else’s smartphone (for example, an unlisted telephone number)
because they do not value the information the same as that person might. Users with different levels of knowledge regarding smartphones and apps usage treat these issues differently. What the user should understand is the smartphone is, in many respects, a smaller version of the laptop or desktop computer, and security should be a major consideration. Smartphone popularity has also translated into increased hacker interest and a concerted push in targeting such platforms. In fact, a large amount of smartphone malware has attempted to exploit the unique vulnerabilities of smartphones. A smartphone security study identified Trojans that use voice-recognition algorithms that can steal sensitive information spoken over smartphones. Such threats not only invade privacy and security of smartphone users, but also manage to generate coordinated large-scale attacks on the communication infrastructures by forming botnets. Security approaches based on running lightweight intrusion detection processes on smartphones, which effectively fail to provide any serious protection due to constraints involving limited memory, battery power, storage and computational resources, are underwhelming. Present research suggests these programs do not have the capability to run a real-time, in-depth, effective detection analysis. Technology no doubt will address security issues; however, due to the high rate of technological turnover, decisions in relation to app security often take a backseat to marketing strategies when it comes to getting the product to the user as quickly as possible. Importantly, businesses are in the firing line due to the proliferation of smartphones and the potential of apps. It is estimated about 70 percent of security threats to any organisation will arise internally. Businesses operating without adequate policies and procedures addressing specific issues in relation to smartphone use (both private and business mobiles) are exposed in terms of security risks. Many businesses utilise workers’ private smartphones and have little idea, if any, regarding the app content of those devices. Smartphones can easily be used to facilitate the movement of confidential information (emails, charts, reports, budgets) from the business to elsewhere. App usage on private and business smartphones is potentially a
security threat to an organisation and should be addressed in security management plans. Unfortunately, small- and medium-sized businesses are disproportionality exposed to security risks as they often do not have access to the required expertise and defer to reactive rather than proactive security strategies. Any organisation that views smartphone security as ‘grudge expenditure’ is taking unnecessary risks. Trust assessments of apps are necessary and important since smartphones are becoming the new information hubs for people and companies, but their security is generally lacking and, as such, there is no guarantee that information is safe. Some of the threats to users of smartphones include eavesdropping, unathorised device (physical) use, unauthorised access, crashing, misuse of phone identifiers, sensitive information disclosure, spyware corrupting or modifying private content, client side injection of malware and direct billing. The list is dynamic and by no means conclusive; technological advances will continue to reveal further threats. Users ought to remain vigilant to security warnings and report incidents, particularly those in a business environment. Recommendations for users and organisations include: 1. Possess a basic knowledge of the numerous ways smartphone usage can be risky, including the use of Bluetooth, SMS services and Wi-Fi applications, and the dangers posed by the numerous data ports open to cybercrime; turn off Wi-Fi or Bluetooth if it is not needed. 2. Close ports that are no longer required to be open (threat of scanners). 3. Utilise PIN/key lock codes. 4. Be suspicious of any messages from known and unknown senders, and do not open unrecognised links. 5. Do not root the phone; this is an increasingly common practice among Android users that essentially involves modifying the file system to allow users access to read-only files and parts of the operating system the manufacturer or service provider does not want users to change. 6. Install and activate anti-virus protection to protect from unauthorised access (it takes about three weeks from discovering a virus until the release of a patch).
7. Install the latest updates of the operating system and running application as vendors release them. 8. Subject private smartphone access to a business modem to a risk assessment (reasons for connection, access to documents, emails, porn access prohibition, app content). 9. Know to whom and how to report security incidents as a matter of policy. 10. Report any cases of data manipulation or privacy intrusion. 11. Deploy remote locking and the ability to remotely erase data. 12. Implement smartphone policies and procedures and ensure compliance. 13. Backup on a regular basis and do not be reluctant to do a regular reinstall of the smartphone operating system and delete redundant apps. 14. De-activate emails, SMS and any other applications that utilise Wi-Fi, and reset the device to the factory (original) settings if selling a smartphone. The main actors apart from the users of the app environment include developers, vendors and researchers. All have a role to play in ensuring security is a vital aspect of smartphone deployment. In the haste to market, there is evidence that security is not a major consideration. However, it is the responsibility of the user to remain vigilant in relation to apps; users are the first line of defence against smartphone threats and they should be educated on security best practice.
Graeme Cunynghame served in a number of areas during his policing career, including the Fraud Squad, Corporate Affairs Commission, Drug Enforcement Agency, National Crime Authority, and NSW Crime Commission. Graeme attends Edith Cowan University where he reads Security Science (Honors). He is a member of ASIS and ACFE. Graeme welcomes referrals relating to fraud matters, workplace investigations, and security risk management concerns. He can be contacted on: 0408 787 978, email pripol@pripol.com.au or www.pripol.com.au
SECURITY SOLUTIONS 067
LOSS PREVENTION
Loss Prevention – A Culture Of Change And Dynamic Focus By Craig Harwood Loss – nobody wants it, everybody fears it. Loss prevention is more than protecting stock from light-fingered miscreants. Loss stalks business everywhere – it takes many forms and can affect the bottom line and the people within that business. In this day and age, loss prevention includes managing and de-risking product loss, conflict in the workplace, sexual harassment, unsafe work practices, cyber and data protection, intellectual protection (IP) and brand protection, to name just a few. The ‘no win, no fee’ lawyer marketing strategy has meant companies will at some stage find themselves lawyering up to protect their business or themselves and protect against loss in most of the above categories. Often, the problem is not that a company lacks the processes, procedures or accreditation; it is the people who manage and use them! Sigh…
068 SECURITY SOLUTIONS
SECURITY SOLUTIONS 069
LOSS PREVENTION
People I hear readers say; but that is the point of this article. It is the culture and focus of the people on the loss prevention team that makes the difference. Cultural change and focus is always difficult, particularly when dealing with the sensitive subjects that loss revolves around and stalks. Cultural change around loss subject matters is even more difficult, as different departments (such as human resources, IT, operations and site teams) often deal with areas where loss can occur. This means that the focus on cultural change has to be a whole-of-business approach that permeates all levels and functions of the business. This is easier said than done. Change is hard at the best of times since most people are creatures of habit and comfortable in what they know.
ultimate loss of business. A culture is underpinned by practices such as operational procedures, a defined process that maintains the business ethos and approach to business. Process and procedure is extremely important in loss mitigation across all disciplines, as it provides a reference and benchmark to measure individuals and hold them accountable for failures. Cultural change also sometimes requires a unique approach to alter a team’s or individual’s behaviour. Some readers may be familiar with the story of a father with a teenage daughter. The daughter was very combative with other family members and would often storm off into her room, slamming her bedroom door loudly every time. After several warnings, the father decided a cultural change was necessary
hacked, they soon will be. Cyber criminals are not just some lonely basement-dwelling teenage geniuses with time on their hands; they are now government-sanctioned divisions or professional criminals intent on data, IP theft and the collection of information to compromise companies and individuals. Cultural change of staff to not click on unknown emails, download unknown files and so on is a major shift in open and free-flowing use of technology. People with ingrained culture that is deemed a risk to the business and could cause loss do not respond well to small incremental change; it is often best when talking loss-related subject matter to remove the doors and cancel the box or change email communication protocols. When the behaviour has thus been modified, a more balanced approach is often used to
Values of company respect, pride and following the company direction need to be instilled for an organisation to combat loss. The paradox of maintaining diversity yet cultural unity in a fast-paced, technically changing business environment is definitely a challenge. Culture is not a singular element, but is made up of two mutually reinforcing elements – values and practices. If the two are confused, the business will suffer loss. Values of company respect, pride and following the company direction need to be instilled in all staff for an organisation to combat loss. This inevitably comes from senior management, who must live the values and not be seen to be flouting the very rules everybody else is adhering to. A key value also has to be innovation and cultural change. One only needs to look at Xerox, a company that developed a culture based on technical excellence with great sales and after sales service support. However, when competitors started selling copiers that were cheaper and required less service, all that pride and cultural history meant nothing. Companies must maintain a culture of change and advancement to ensure survival and protect the
070 SECURITY SOLUTIONS
to alter his daughter’s behaviour. He simply removed the whole bedroom door, placing it in the garage for storage. Of course, the daughter rapidly realised the error of her ways and her behaviour was thus modified. Another example of cultural change methods was a prominent Australian businessman who had a corporate box at a major stadium. The intent was that managers would use the box to entertain clients of the business. On a random check, the businessman attended the box on a major AFL game day. He rapidly discovered that the box was full, but not one client could be found in it. Instead, his staff and their families and friends looked at him with horror. In order to prompt a change in approach, the businessman cancelled his sponsorship of the box and the problem was solved. Despite widespread procedures and a thorough auditing process, sometimes technology creates opportunity for loss. One of the major issues for companies today is cyber and data security. IT experts will tell management that if they have not already been
mitigate the shock of change. At the heart of all this cultural change are communication and a focussed, dynamic approach to the issue at hand. A task force with clear mission outcomes, a defined leader and timelines are essential when dealing with loss-related subjects. This is especially relevant when the loss risk crosses departments and business streams. John Ruskin said, “What we think, or what we know, or what we believe is, in the end, of little consequence. The only consequence is what we do.” So, in order to mitigate loss in a business, start listening and doing – it is not yesterday’s bullets that are the issue, it is tomorrow’s.
A former member of the Victorian Police Special Operations Group, Craig Harwood is the original founder and currently a joint Managing Director of Securecorp, one of Australia’s largest privately owned integrated services companies providing services in the areas of security, alarm monitoring, cleaning and security electronics.
Security Systems are going IT and
you don’t have to do IT alone.
SEKTOR LAUNCHES SECURITY DIVISION
Networking
Mobile Computing
Point of Sale
Security
Healthcare
Sektor is Australasia’s leading technology distributor to the Networking, Mobile Computing, Retail Point of Sale and Healthcare markets. Their world‑leading IT brands include: HP, AEROHIVE, ARUBA, HONEYWELL, DATALOGIC, EPSON, TOSHIBA, and ZEBRA.
Recognising the trend of security solutions becoming more IT centric, Sektor established its Security Division to support resellers and their customers with these new challenges and proudly brings its extensive expertise to the Security market with innovative solutions from: *
**
Staying one step ahead of your competition is a constant challenge. Selling exclusively via integrator channel partners, Sektor’s ongoing research into emerging trends and technologies ensures its partners are ideally placed to bring the latest innovations and solutions to their customers. Sektor enhances integrators’ businesses via its online partner portal as well as expert advice, service and support from its team of highly skilled technicians with full IT experience. Sektor also provides integrator training programmes as new technologies are introduced to the market.
Find out how Sektor can help you keep on top of IT. AU p: 1300 273 586 I e: security@sektor.com.au I www.sektor.com.au NZ p: 0800 735 867 I e: security@sektor.co.nz I www.sektor.co.nz * Bosch products only available in Australia ** Panasonic products only available in New Zealand
SECURITY SOLUTIONS 071
FEATURE ARTICLE
072 SECURITY SOLUTIONS
Demystifying Technical Surveillance Countermeasures Part Three
SECURITY SOLUTIONS 073
FEATURE ARTICLE
By Michael Dever This article explores some myths surrounding the provision of TSCM services and offers readers some procurement advice. Previous articles in this series have highlighted that the threat to the security of information from hostile technical intelligence gathering techniques is real and growing for Australian businesses and governments. Professional technical surveillance countermeasure (TSCM) surveys are a major part of the information security paradigm that protects information in all its forms. The purpose of a TSCM survey is to detect the presence of covert technical surveillance devices, as well as to identify any vulnerability in protective security measures at a facility that would allow or facilitate technical surveillance. Most people, even some security professionals, do not comprehend all that is required to do a TSCM survey properly. Movies and television shows do not begin to even scratch the surface of what is required to do a professional TSCM survey. Unfortunately, some unethical and fraudulent players in this field propagate lies and myths on their websites about the provision of TSCM services. There are so many myths and misleading claims out there that space precludes a discussion of all of them, nevertheless the ‘myth of frequency range’ is discussed later in this article. It is always revealing to visit the web pages of some so-called TSCM providers. They are a rich source of myths perpetuated by nonprofessionals, who make life hard for real TSCM professionals. There are websites with images that show equipment the provider probably does not own (or worse still, rents); equipment that is over 40 years old and designed for outdated threats; and test and measurement equipment that would be illegal to use in Australia. It is unclear whether these providers are really that stupid or hoping that their client will not be informed enough to ask the right questions. To assess the effectiveness of a particular TSCM service provider it is useful to think of a TSCM service as a ‘system’ that is integrated components designed to achieve an objective according to a plan. The objective of the TSCM
074 SECURITY SOLUTIONS
system is to detect covert surveillance devices. The components of a TSCM service are people, equipment and procedures. Professional TSCM services are successfully achieved through the application of three main components: appropriate technology, qualified and experienced specialists and specific protocols (aka tradecraft) combined into a system for the detection of technical surveillance threats. Providing TSCM services is equipment and labour intensive and can be expensive. To properly equip, train and house a TSCM team will cost a minimum of AU$500k. Many organisations outsource TSCM services because they cannot afford these costs. The provision of TSCM services is a very complex and demanding field. To avoid a costly ‘false sense of security’, it is advisable to check the qualifications, equipment, experience and reputation of anyone offering TSCM services. The technical surveillance threat is constantly evolving and changing along with technological advancements is electronics. Genuine TSCM
security adviser, video surveillance professional/ installer, security risk assessor, security guard or ICT professional may contribute to background TSCM knowledge, these professions should not necessarily be considered as providing direct and relevant TSCM knowledge or experience. Look for tertiary electronic engineering qualifications and full membership of recognised TSCM professional associations such as the TSCM Institute (www.tscmi.org) and the Espionage Research Institute International (www. erii.org). There is no recognised professional association for TSCM practitioners in Australia. Full membership of the TSCM Institute is only available to individuals who have satisfied technical, operational and ethical criteria to a panel of international peers. The cost of providing a professional TSCM service to a customer is dictated by the high cost of specialised equipment, tools and training required. For a number of years now, professional TSCM providers in Australia have been assailed by amateurs, incompetents and
Professional technical surveillance countermeasure (TSCM) surveys are a major part of the information security paradigm that protects information in all its forms. professionals are involved in their craft as a full-time occupation and regularly attend conferences, seminars and workshops around the world to keep abreast of developments in technical surveillance and TSCM methods. It is unlikely that firms or individuals offering TSCM services who also advertise criminal and civil investigations, fraud investigations, matrimonial matters, firearms training, VIP protection and so on are qualified to provide professional TSCM services. Do not be misled by the false veil of secrecy some operators use to conceal a lack of qualifications or experience. Genuine TSCM professionals will happily discuss their qualifications, experience and methods with clients. While experience in government or law enforcement or as a security consultant, physical
downright frauds. Unfortunately, the apparent high profitability of TSCM services has attracted a number of incompetent and unethical individuals and organisations to enter the field. Often, new entrants to the TSCM world see the provision of TSCM services as a nice money earner on the side of their other businesses. This is particularly the case with private investigators that provide TSCM services. It does not require much analysis to see that private investigations firms, like the private security industry, are generally very low profitability businesses. When an opportunity to make ‘hundreds of dollars an hour’ doing ‘sweeps’ presents itself, most will not turn down the opportunity, despite not having the correct qualifications, training and equipment to do the work professionally. After all, all private investigators need to do is buy a ‘bug
detector’ online for less than $1,000 and they can put their shingle out as a TSCM expert. Why not? It is unlikely that the customer will know the right questions to ask. Some ‘TSCM providers’ may have attended some very basic training courses that are offered by TSCM equipment manufacturers; however, these courses are designed around their proprietary equipment. They are limited to how to use their particular brand of equipment and not the theory of operation of the equipment. Like most new professions there are few standards or widely accepted codes of practice for TSCM services in the commercial world in Australia. Consumers are advised that they should engage with a recognised TSCM professional about their concerns before they spend and potentially waste a lot of money for a ‘false sense of security’. Undertaking an effective TSCM inspection typically requires that the TSCM provider possesses significant experience in a range of disciplines and an extensive inventory of inspection equipment. The disciplines include radio frequency (RF), voice and telecommunications (including VoIP), electrical (general wiring, building management systems), ICT infrastructure, building construction techniques, acoustics, security alarm and electronic access control systems, and nondestructive testing techniques. As a minimum, a TSCM service provider should have access to a significant inventory of state-of-the-art inspection equipment. There is no one piece of equipment that satisfies all inspection requirements. Prospective clients for TSCM services should scrutinise the equipment used by TSCM providers for relevance, currency and the limits of its capabilities. Typical TSCM survey equipment suites will include an RF analysis system, non-linear junction detector (NLJD), ‘near-field’ RF detectors, highgrade thermal imaging cameras and audio test equipment. More advanced teams will also have access to industrial radiography (X-ray), subsurface radar, network protocol analysis, Wi-Fi, Bluetooth and similar discovery and location equipment, infrared detection equipment, and a number of complementary technologies.
The Myth of Frequency Range Some TSCM providers would have clients believe that the RF part of a sweep must cover a specific (their) range of frequencies. Often, the range of frequencies quoted matches the particular piece of kit they have purchased, and has no relationship to the real world of RF communications. It has almost become an issue of bragging rights, with some firms claiming that their
The objective of the TSCM system is to detect covert surveillance devices. The components of a TSCM service are people, equipment and procedures. equipment covers a wider range of frequencies and therefore must be better – after all bigger is better! The claim that the RF detection system should cover a specific range of frequencies is demonstrably wrong technically and therefore a myth. At the very least, these statements demonstrate the technical incompetence of the authors. It is generally accepted amongst TSCM professionals that the RF detection system used during a sweep should be capable of covering a specific range of known frequencies for surveillance devices. In any case, the frequency range of the RF detection system should be determined by the threat assessment and, in particular, intelligence about the capabilities of the client’s adversary. Enter the Laws of Physics Any communications engineer knows that any device using RF frequencies will behave in ways that can be scientifically predicted and tested. For example, in the real world, the highest frequency range of concern for most commercial threats is actually much less than 6GHz. Some TSCM equipment will cover a much higher frequency range (24/26.5 GHz); however, this coverage is designed to deal with esoteric threats that generally only exist in the highest end of the threat spectrum.
Procurement of TSCM Services Before hiring any firm to conduct a TSCM sweep, consumers should find out their background and qualifications. Many private investigative firms advertise that they perform TSCM services, but few have the experience and/or equipment to do a thorough job. Typically, there is no specialised licensing or certification required for TSCM. While a legitimate TSCM sweep performed by a true TSCM specialist typically costs more, what is the value in paying for anything less? Consumers should also ensure that TSCM personnel have the necessary professional insurances, Workplace Health and Safety (WHS) training and other relevant certifications necessary to undertake the TSCM survey work. This includes, but is not limited to working at heights; working in confined spaces; electrical safety; and Australian Communications and Media Authority (ACMA) cabling licence, with endorsements for working on data and telecommunications cables. A final word of caution, consumers who are going to allow a stranger into their inner sanctum should make sure they are trustworthy and not working for someone else or with a secret agenda.
Michael Dever CPP is a Canberra-based independent consulting security adviser who specialises in TSCM. Michael is an internationally recognised subject matter expert on TSCM. He can be contacted via: michael@edpsolutions.com.au
SECURITY SOLUTIONS 075
AVIATION ALARMSSECURITY
Flight Deck Security By Steve Lawson As a result of the recent Germanwings tragedy, I looked at some of my old files from the period following the September 11, 2001 terrorist attacks in New York and Washington when flight deck security was a critical issue. Following the September 11 attacks, the workload in the Qantas Security Department was understandably very high and each of the security operations executives supported each other. The range of issues looked at included: defensive training for aircrew; the introduction of air security officers (air marshals); new security operating processes (SOPs); air cargo security; new bollards; blacklists; changes to the carriage of persons in custody; new ID for staff; new passenger and baggage screening procedures; and mail handling procedures, including how diplomatic mail was dealt with. Additionally, there were numerous timeconsuming meetings with government regulators both here and overseas. One of the pressing issues at these meetings was flight deck security. Although my primary area was air cargo security, I attended some of the early meetings. It was, to say the least, an eyeopening experience. In December 2001, I had been in Israel and had the opportunity to look at how El Al protected their flight decks. I recall thinking, before the Qantas meetings, that it should be a simple issue to fix as the major issues had been addressed by others. I was wrong. Some of the ‘mundane’ issues that were considered (today, some of the answers may seem obvious but they needed to be
076 SECURITY SOLUTIONS
addressed) include: • Is the flight deck completely sterile? That means that from the time the crew board until they depart, the flight deck is off limits to everyone. If that is the case, consider: o Could someone secrete themselves on the flight deck before crew enter? o What about paperwork? o What about toilet breaks? o What about meals? o What happens if a crew member is incapacitated? o Should there be communication between the flight deck and the cabin of the aircraft? If yes, what form of communication should that be? This seems a minor issue, but what happens if a terrorist takes hostages and threatens them to gain access to the flight deck? If the communication system fails, should there be some form of ‘code’ that allows cabin crew to warn the flight deck of any issue or, alternatively, that the cabin is clear? o Should there be a master key or override on the outside of the door? o Who could access or be carried on the flight deck? Again, this sounds trivial, but airlines utilise the flight deck for the carriage of a range of people, primarily staff and regulators, but should everyone be excluded? o Changes to SOPs were required, but how would those changes cascade through the organisation? Unintended consequences is a very real issue when introducing emergency measures. o There are some security devices on
aircraft like handcuffs. They can only be used with the permission of the Pilot in Command, so they were kept on the flight deck. Should they be relocated into the cabin? If so, how does the Pilot in Command give permission for them to be used? What if those items fall into the hands of terrorists? • There needed to be input from the aircraft manufacturer. Pressure differences in the aircraft are important, so there needed to be a way that pressure could be quickly addressed in the event of a rapid decompression. • While price was not an issue, each door cost approximately US$50,000. Given the fleet size, it had to be a consideration. • Strengthened doors are about three times heavier than standard doors, so what are the range implications on aircraft? If that sounds trivial, remember the aircraft painted with Aboriginal designs – the weight of the paint meant that seats had to be removed from the aircraft. • What size aircraft should have strengthened doors? Different regulators were looking at different thresholds. Even in Australia there is a range of regional aircraft and it would be difficult to add strengthened doors to some of them. • What about crew safety in the event of a fire or other emergency? Apart from crew needing to be able to egress the aircraft easily, what happens if they are incapacitated after an accident? How do emergency services get into the flight deck quickly? • If the flight deck is not completely sterile,
at what point is access restricted and how restricted should it be? o Should passengers see if the door to the flight deck is open in flight? If not, how should the fact the door is open be kept from passengers; should there be another strengthened door to create a secure airlock? If not a strengthened door then another door, curtain or screen? o If a pilot leaves the flight deck, should someone replace the pilot? What skills should that person have, if any? Following the September 11 attacks, the European Union (EU) acted very quickly and in November 2001, the European Joint Aviation Authorities (JAA) released a policy paper to member states. It provided guidance on the design and installation of enhanced flight compartment access doors. Then in July 2002, as part of the changes to flight deck security, the US asked for final comments on Security Considerations for the Flightdeck on Foreign Operated Transport Category Airplanes within the US. (US final notices tend to be pro-forma; the decision was already made – they were just issuing the paper because they were required to.) In that paper, the Department of Transportation said, “The FAA [Federal Aviation Administration] finds that it is unacceptable to create two levels of flight deck protection for the same operations to and from US airports. It would be irresponsible to expose passengers, and those on the ground, to greater risks based solely upon the country of registration of the aircraft… And to meet this goal of corresponding protection, it is essential that the standards be imposed at the same time. If the requirements do not have a synchronized compliance time, the security risk will be shifted to the unprotected aircraft. Unsynchronized implementation of the security measures should not create a more attractive target for terrorists.” Then the International Civil Aviation Organisation (ICAO) required the installation of hardened cockpit security doors in aircraft having 60 or more seats, or weighing 45,500kg or more, by 1 November 2003. The Civil Aviation Safety Authority (CASA) still had to approve any
modifications to aircraft, but to some extent this took at least the engineering issues of the flight deck door out of Australia’s hands. However, there were still a slew of other issues to resolve. Flight deck access if a pilot is incapacitated remains one of the more complicated issues because there is no consistent or correct answer. In February 2002, the US FAA – then responsible for aviation security in the US – suggested in an ICAO Ministerial Conference on Aviation Security that contracting states should, “establish a means to enable a member of the cabin crew to enter the flight compartment in the event of the incapacitation of a member of an aircraft’s flight crew”. The FAA, in its requirements for the design and construction of strengthened flight deck doors, said, “For an airplane that has a lockable door installed between the pilot compartment and the passenger compartment: (a) Means must be provided to enable flight crew members to directly enter the passenger compartment from the pilot compartment if the door becomes jammed. (b) There must be an emergency means to enable a flight attendant to enter the pilot compartment in the event that [all of] the flight crew becomes incapacitated.” This seems a logical suggestion and, in the light of the Germanwings tragedy, justified. When readers ask how logical that concept is, consider, if the flight deck security locking system has an override, such as a master key or code, it will, of necessity, be common through the airline’s fleet. If that is the case, it is likely that it will be quickly compromised. Even if it is not compromised before an attack, how long would a staff member be able to hold out if a terrorist placed a knife at a child’s throat? This article is not intended to be an answer to the Germanwings accident; if Lubitz wanted to crash the aircraft there are a number of examples from other incidents where access to the flight deck was irrelevant to a flight crew murder/suicide incident. The article is intended to give readers an idea that answers in aviation security are rarely simple, quite regularly out of the control of an airline and fraught with the possibility of unintended consequences.
Strengthened doors are about three times heavier than standard doors, so what are the range implications on aircraft?
Steve Lawson has over 20 years of experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on 0404 685 103 or slawson@avsecconsulting.com
SECURITY SOLUTIONS 077
LEGAL
Q&A Anna Richards
What Happens When A Dispute Arises Between Partners Of A Business – Part 1
Basics Firstly, this article focuses on unlimited or general partnerships. It does not deal with unlimited partnerships or incorporated partnerships. What is a ‘partnership’? Whether or not a relationship between two or more people is a partnership is something that is determined according to legal principles (born through Court cases) and also encoded in Parliamentmade law (legislation). In most states of Australia, there is legislation which provides some regulation of partnerships. The Norm In many situations, people embark upon a joint business without any form of agreement being entered into between them. The disadvantage of this is that it means that the partners have probably not even contemplated many important matters and agreed upon how those matters are to be dealt with. Using the analogy of a marriage, it is akin to spouses having never agreed upon whether they wish to have joint bank accounts and pool their income; whether they wish to have children; if they have children, whether they wish for the children to be cared for by one of them and, if so, for how long; whether they agree to the wife returning to work after having a child; whether they wish to travel; or whether they wish their children to have any religious education or not. From this example, the failure to agree on such matters creates fertile ground for disputes to arise between them.
078 SECURITY SOLUTIONS
Common Areas of Dispute Probably the most fertile ground for dispute arises from there being no agreement as to how to deal with the following situations: • one partner is obtaining additional benefits from work carried out by the partnership business; for instance, where a partner also obtains contracts for another business he runs • a partner is providing services which compete with the partnership business • a partner is not carrying out his duties • a partner is pursuing other enterprises and neglecting the business of the partnership • a partner is engaging in a manner that is damaging the reputation and hence the value of the business partnership • a partner is not working similar or the same hours as that of the other partners • a partner becomes incapable of carrying out his duties as a result of mental illness or another illness, such as dementia. In such situations, it is easy to see why protracted disputes can occur between partners. Default Position Luckily, even when business partners have never entered into a formal partnership agreement, legislation in each state and territory of Australia provides some regulation of partnerships. Unfortunately, time and space only permits
this article to address the legislation in one state. However, the legislation across the states and territories tends to follow a similar theme. This article will address some aspects of legislation in Victoria, which is called the Partnership Act 1958 (Victoria) (the Act). What Type of Business Relationships does the Act Cover? The Act states that a partnership is the relation which subsists between persons carrying on a business in common with a view of profit. However, it is not always clear whether a particular relationship falls into this category or not. The Act sets out rules for determining whether or not a partnership exists and hence whether or not the Act regulates that type of business arrangement. For instance, it states that the sharing of gross returns does not of itself create a partnership even if each person has a joint or common right or interest in any property from the use of which the income or returns are derived. For instance, the fact that two people jointly owned a race horse and shared the winnings arising from the horse being raced in itself does not necessarily mean that their relationship would be treated as a partnership business relationship. Similarly, the joint ownership of property does not of itself mean that there is a partnership between the joint owners. Many spouses own real estate interests as joint tenants. Clearly, that does not mean that they are in a business partnership arrangement.
LEGAL
Q&A However, the receipt by a person of a share of the profits of a business is treated as evidence, on the face of it, of a partnership business arrangement between them. Agent of the Firm The Act provides that each partner is treated as an agent of the firm or business which the partnership conducts. For instance, if Partners 1, 2, 3 and 4 act for Firm A, all acts of each of the partners (for the purpose of the business of the partnership) are treated as being carried out on behalf of Firm A. Partners Bind the Firm Further, the Act provides that all acts of any partner which involve conducting business in
above example, this means that Shop Z could attempt to enforce the debt for the stock it provided to Firm A against whichever of the partners of Firm A it believed to have the most assets against which a court order could be enforced. For example, if Partners 1, 2 and 3 have no real estate interests or other assets of any value, but Partner 4 owns his own house, then once Shop Z obtained a court order entitling it to recover the debt for the stock against Firm A, Shop Z would then be likely to attempt to enforce that debt against only Partner 4, because the other partners do not have any assets against which the court order could be enforced. The net effect of this situation is that Partner 4, who had nothing to do with the transaction with Shop Z, is now
In most states of Australia, there is legislation which provides some regulation of partnerships. the usual way are binding on the firm. This means that if Partner 1 enters into a contract with Shop Z, for instance, to purchase a huge amount of stock for Firm A without seeking the consent of the other partners or Firm A, all of the partners are jointly and severally liable to pay Shop Z for the stock, despite them not knowing that Partner 1 was going to purchase it. Joint and several liability means that a creditor is entitled to attempt to recover a debt owed by the firm from any one or all of the partners conducting the business. In the
likely to be the only partner bearing the brunt of an action by Partner 1. However, the Act provides some protection to the other partners, such as in the case of the pledging of the credit of the firm for a nonbusiness purpose. For example, if Partner 1 was to purchase goods for his own home and not for a business purpose by using a credit account that Firm A holds with Shop Z, then Shop Z would not be able to successfully recover the debt for the goods from Partners 2, 3 or 4.
Admissions and Representations of Partners The Act also provides that an admission or statement made by any partner concerning the partnership affairs made in the ordinary course of its business is evidence against the firm. For example, if Partner 1 professes that he is an expert in an area and provides incorrect advice (a statement or representation) to Client Z, then Partners 1, 2, 3 and 4 would be liable for his negligence in the event that Client Z decided to sue the firm. That is, Client Z would sue Partners 1, 2, 3 and 4, constituting Firm A. Part 2 of this two-part article in the next edition of Security Solutions Magazine will continue to examine aspects of the legislation that affect and regulate partnership business relationships. Anna Richards is the Legal Director and a lawyer from Victorian Legal Solutions Pty Ltd and practices in the areas of Commercial law including Commercial litigation and other areas. Anna Richards and Victorian Legal Solutions can be contacted on (03) 9872 4381 or 0419 229 142.
Whilst every effort has been taken to ensure its accuracy, the information contained in this article is intended to be used as a general guide only and should not be interpreted to take as being specific advice, legal or otherwise. The reader should seek professional advice from a suitably qualified practitioner before relying upon any of the information contained herein. This article and the opinions contained in it represent the opinions of the author and do not necessarily represent the views or opinions of Interactive Media Solutions Pty Ltd or any advertiser or other contributor to Security Solutions Magazine.
SECURITY SOLUTIONS 079
The Insecurity In Security By Jonathan Johnson As a part of their overall risk management strategy, security professionals spend countless hours carefully selecting a firewall vendor, selecting and maintaining malware control and prevention systems, designing networks and gaining peer review so that exposure to the myriad threats posed to an organisation is eliminated, minimised or at the very least transferred to other external parties; but what if the threat is not from outside as traditionally viewed? Physical security systems can be immaculately conceived and implemented – access control, CCTV, intruder detection systems, credential management – and made secure from a traditional standpoint and from traditional attack methods. Nevertheless, what if an attack is not targeting the information system’s core platforms that are routinely monitored and protected? Or what if the attack is not targeting the physical infrastructure directly, but using one as leverage against the other? A Different Landscape Whilst not the first time hackers have targeted industrial systems, the events that created world headlines caused by Stuxnet back in 2010 brought the awareness of such possibilities and the potential impact of them to the forefront. Since the broad acknowledgement of real-world cyber warfare, there have been many cyberattacks on industrial infrastructure, notably Duqu, Flame and Gauss and, very recently, Energetic Bear, BlackEnergy and DragonFly, along with the Mayhem botnets leveraging the Shellshock vulnerability, among many others. The threat landscape that is now not only targeting assets in the virtual realm but causing physical impacts through cyber-based attacks is almost unrecognisable for a large number of security professionals who are used to combating more traditional risk event profiles. In days gone by, it was unlikely that
080
a cybersecurity attack could be the method used by an attacker to physically breach an otherwise comprehensive risk treatment solution. Today, it is not only possible, it is becoming the easier method, with substantially lower barriers to entry. Traditional cyberattacks had perhaps one or two internet connections and maybe a wireless remote-access facility to target and these were all handled by the IT department. Modern blended systems have dozens of external network entry points, none of which need to be connected to the internet to be attacked, and are managed by many different parties as diverse as physical security vendors, IT services, building management providers and HVAC vendors, most of whom are oblivious to the risks. The Nature of Progress The rapidly accelerating progression of technology is creating vast opportunity for the progressive company, consultant and vendor to leverage cutting-edge developments to improve efficiencies, reduce costs and add real-world value by many methods, none having greater impact or being more pervasive than flexible, extensible and powerful communications. Bringing legacy systems into a networked environment can bring ‘up-to-thesecond’ business and operational intelligence to the fingertips of the people.
them operating and being resistant to both accidental and maintenance-related downtime, and also malicious or opportunistic impact. Whether it be duty of care to the human element, or financial impact, the motivation for an organisation and its stakeholders is high for these systems to operate at peak efficiency and unimpeded.
For many industries, this is a quantum leap forward. Analogue control systems, manufacturing systems, monitoring and control of systems in hazardous environments, the vastly improved performance of surveillance systems, networked access control, automated stock tracking, intercoms and public address, traffic control and even digital signage and marketing points of contact – the linking and integration of these systems in itself can save millions of dollars a year in labour costs for manual visits, adjustments and maintenance, let alone the added benefits of being able to integrate the data from these sources across a global enterprise or government departments for analysis to be able to provide great agility to an otherwise cumbersome, slow-moving ‘beast’. Perhaps more obvious for many are the direct savings from leveraging common communications infrastructure instead of having the expense of installing parallel communications paths simply because the old legacy systems were proprietary and closed to external integration or the need for manual data capture and handling. There are constantly new and more innovative ways to capitalise on improving communications across an organisation. The unfortunate part of the equation that many miss is that the greater the benefit of these advancements, the greater the importance of
The Problem with Ballooning Capabilities Just as with a workstation, smartphone or information systems server infrastructure, every device, from the surveillance camera to the card reader to the control system, that is brought onto a communications network has an operating system and, consequently, also has inherent vulnerabilities; however, unlike the traditional information systems, these control systems have no way of defending against worms, viruses and other attack methods. Firewalls, anti-malware and ‘security updates’ simply do not exist for these devices, be it due to insufficient processing power, restrictive storage or simply because it is not feasible in a real-world environment to apply the same protection methods to the particular device. This opens up these systems to exploitation, both directly and also as a leverage point to access and breach other protections and systems. The Target is no Longer the Target In the past there was a distinct methodology to an attack on technological and physical systems; if attackers wanted to affect the operation of water pumping systems, they would attack the pumping systems directly or seek to impact the physical operation. In the age of the connected device, this is no longer necessarily the case. A breach of physical access is now a more easily achieved goal by using more powerful methods that utilise subversion of another system or multiple systems rather than using brute force entry.
SECURITY SOLUTIONS 081
Potential entry paths may include leveraging a Voice over Internet Protocol (VoIP) phone system to gain access to financial data, hijacking intercom systems to gain free access to secure areas in a different site in another state or country, mimicking a camera stream to cover other intrusion activities or subverting critical cooling or control systems to cause other infrastructure to be degraded. Facilitating Attack Vectors by Nature of the Service Itself By way of necessity, most of the devices that would be ‘first line’ targets are located in physically vulnerable locations. For example, access card readers are located close to hand, intercom call stations are located on the insecure side of physical barriers at comfortable speaking (and access) height, surveillance cameras are usually located in areas some distance away from security personnel and remote process control systems are often at remote unattended sites with minimal security. It is this physical location that both makes these devices of functional use and also provides additional facilitation of an attack via these channels, making it even easier to gain physical access to a known communications access point into the network. Readily Available Tools In today’s world of mobile communications and portable computing there is an abundance of inexpensive, readily available and powerful laptops and tablet computers to launch multipronged attacks on an organisation. Powerful laptops aside, many readers will have heard of products such as the Raspberry Pi, Arduino, any number of Android-based devices and other low-cost, readily available devices designed to enable development and learning of embedded systems. These devices are powerful enough to embed into a network and launch attacks and snooping from inside the network undetected, only needing to communicate to the remotely
$30 Raspberry Pi computing platform…
082
located perpetrator of the incursion when it has completed the task it was deployed to achieve. Even before these devices, a smartphone running low-power software tools designed for use to secure and test networks and equipment could be utilised to penetrate a network environment. The low cost, ease of use and ubiquity of USB memory devices have made most people complacent in their use. Most service personnel utilise them at some time during their day. Yet this ubiquity and generic nature of them also provides a very easy avenue for an infected device to be introduced into an otherwise unconnected environment; a generic USB stick could be dropped into an open briefcase, bag or toolbox in passing, let alone in the crowded environment on public transport many commuters utilise in lieu of driving. These devices may be scanned by traditional anti-malware packages, but these protection tools are neither looking for the types of malware that target embedded devices nor are they capable of detecting zero day attack vectors or even Trojans and other malware embedded in the firmware of the USB controller within the device. Many will say that there is no point in protecting against this kind of malware as it will not infect the computer or mobile device operating system; yet this is one of the most dangerous aspects of them, because no alarm bells ring due to unusual activity on the machine that may be used as a gateway to further spread the threat while it sits quietly in the background until it reaches the target systems. “It will never happen to my site/ systems/clients,” is the catch cry of the person burying his head in the sand and rolling the dice with both his own future and that of those relying upon him to provide professional services. Detecting Attacks and Mitigating Threats All of these embedded networks and devices have quite unique operating parameters; they are relatively fixed in their physical characteristics and very regular in their network and traffic behaviours. Knowing these
characteristics and subsequently monitoring them for changes away from these patterns can provide insight into potential intrusion attempts. A change in the cable length to a device, sudden unscheduled changes in power consumption, a change in target traffic, different ports, changes in protocol, removal or addition of devices, changes in optical path characteristics of optical fiber links – these and other things are all possible indicators of potential attack on a system or infrastructure. These threats cannot be countered or minimised by strict application of virtual local area network (VLAN) settings, address allocation and media access control (MAC) address authentication. VLANs can be and regularly are broken through, IP addresses and hardware MAC addresses can be spoofed. If an attack abides by the same traffic management rules as the device it is leveraging, there will be no notifications or restrictions upon it moving freely about a system. If an attacker’s first and only task is to replicate a device’s IP and MAC address and to then have relatively unencumbered access to escalate access to other network elements, then the network is essentially an open book. This is exacerbated by the fact that most of these embedded-type devices utilise insecure protocols and do not employ either encryption or authentication; the ones that do use a password usually send this as well as the control data in ‘cleartext’, or completely unencrypted form. All attackers need do is gain access briefly to network cabling or a field device and start sniffing for traffic and, within a short period of time, they will be presented with an array of freely readable passwords and logins for even the more ‘secure’ devices on the network. These can then be used to leverage a deeper attack on other systems and other elements within a given system. So, because traditional methods of controlling and managing network traffic are ineffective in mitigating threats to embedded devices, other layers of detection and protection are needed. The next instalment of this series will present a number of methods that can be leveraged to make systems and assets a less vulnerable and attractive target.
Powerful insights into security and property related matters that occur in and around the work place. SIMTRACK™ is the solution of choice for organisations to manage and track security related incidents across all business sectors in a structured and unified environment. Built with complete mobile and tablet support, SIMTRACK™ allows incidents to be reported as they happen, where they happen. Intelligent insights to trends, incidents hotspots, serial offenders and more emerge through powerful inbuilt real-time reporting. Businesses can mitigate risks effectively with strategic implementation of preventative measures. l l
Hosted in Australia Incident Forensics
l l
Secured facilities Web based
l l
Full data encryption Securely Hosted
‘Locate incident hotspots, track serial offenders and identify trends as they emerge with powerful in built real-time reporting.’
simtrack.com
Visit us at: STAND H42
STAND 59
“providing your business with solutions to do business”™
Founded 1999
3 Dimensional Consulting 211A Swan Street Richmond Melbourne Victoria Australia, 3121
Australia: International: E-mail: Web:
1300 881 711 +61 3 8844 7550 enquires@simtrack.com www.3dc.com.au
SECURITY SOLUTIONS 083
SPECIAL FEATURE
084
Pitfalls In Insurance When Using Subcontractors – Vicarious Liability By Kylie Howlett The use of subcontractors is common in the security industry. A subcontractor is a person or company who has been contracted to provide a service that a contractor has agreed to provide to a principal. It is important to understand that liability issues may arise from appointing subcontractors. Principals, head contractors and subcontractors all owe duties of care to each other and to any third party who is injured or has their property damaged. In the event of a third party loss, it is possible that one or more people may be liable for the third party loss. This depends entirely on the circumstances that led to the damage or injury. A contractor’s liability policy will protect the business where it becomes legally liable to pay compensation in respect of personal injury and/or property damage, including vicarious liability. Vicarious liability is a legal doctrine that assigns liability for an injury to a person who did not cause the injury, but who has a particular legal relationship to the person who did act negligently. Generally speaking, the principal may be found vicariously liable for the acts of the head contractor and, in turn, the head contractor may be found vicariously liable for the acts of the subcontractor. The relationship between these three parties may also have a bearing on the outcome of who is liable. The law is not always clear; however, there are some recent court rulings that have been based on the relationship between the head contractor and subcontractor. In the following case, the high
court rejected the vicarious liability claim; however, the defence costs were no doubt substantial and would be covered by the liability policy if one was in place. Refer to http://www.findlaw.com.au/articles/20/highcourt-rejects-vicarious-liability-claim.aspx for details. Should a contractor fail to ensure the subcontractor has a current and valid liability insurance policy, and the subcontractor is either partly or fully legally liable for a third party loss, the contractor runs the risk of being sued for breach of contract/agreement by the principal and/or damaging their professional reputation. Business owners and contractors should request proof of insurance from their subcontractors on an annual basis. A good habit to get into is for them to request a Certificate of Currency when renewing their own insurance policies. Another way for contractors to protect their business is to consider covering the subcontractor’s legal liability under their own liability policy as a named subcontractor. This option should be carefully considered, as any claim brought against the subcontractor whilst contracted by the business would be recorded against its claims history/experience and ultimately may affect the insurance premium or ability to obtain insurance. This option is more commonly used when the subcontractor is solely contracted by the one business and is under its instructions and supervision.
SECURITY SOLUTIONS 085
SPECIAL FEATURE
Vicarious liability is a legal doctrine that assigns liability for an injury to a person who did not cause the injury, but who has a particular legal relationship to the person who did act negligently. Injury to a Subcontractor Contractors need to know if their liability policy protects them against injury to subcontractors. Some insurers provide this cover automatically and some automatically exclude it unless the cover is required. Contractors may believe that if subcontractors have their own workers compensation insurance or personal accident insurance then they are protected. Think again! If a contractor is negligent or partly negligent in respect to the injury to the subcontractor, the subcontractor’s insurer (including workers compensation insurers) may seek subrogation/ recovery from the contractor or the injured subcontractor may sue the contractor directly. This is very likely if they do not have any personal accident insurance/workers compensation insurance. Contractors can help protect themselves against claims brought against them for injury to subcontractors by insisting that subcontractors have personal accident/workers compensation insurance to reduce the possibility of such claims. Hold Harmless Hold harmless is an agreement or contract in which one party agrees to hold the other free from the responsibility for any liability or damage that might arise out of the transaction involved. It should be carefully considered before entering into a contract. Most public liability policies only cover the insured’s legal liability for third party property damage or personal injury. They are not intended to cover another person’s legal liability. An insurance policy usually covers common law liability, not contractual liability. This means indemnity clauses in a contract may be a problem from an insurance perspective; that is, if there is a difference between liability assumed under a contract and the liability under the common law, often the policy will not respond.
086
The following is an example of a common exclusion under liability policies: “You must not enter into an agreement with another person which excludes or reduces Your rights to make a claim against that person at any time without our prior written consent. If You do, We may reduce the amount of any claim You make under this Certificate by the extent to which Your agreement prevents Us making a claim against that person under Our rights of subrogation.” An example of a hold harmless clause is: “The contractor holds the principal harmless from any action, claims, liability or loss in respect of the performance of services.” Under this hold harmless clause, the contractor is prevented from bringing any claim against the principal (even if the principal has contributed to the loss or liability in the first place). If contractors sign a contract with a hold harmless clause/indemnity clause this means they are waiving the insurer’s right of subrogation, which is an issue often overlooked when parties agree to accept risks under such clauses. In summary, all contractors should be fully aware of their insurance and legal obligations, particularly with respect to vicarious liability, when using subcontractors to complete work. This helps to ensure that financial and reputational risks to the business are reduced.
The above information is general in nature and is intended as a guide only. It is not a substitute for obtaining specific insurance and legal advice that takes into account your specific circumstances. Kylie Howlett has been a professional insurance broker for 25 years, providing her clients with all their general insurance needs. In 2008, Guardsafe Insurance Brokers was formed to service the growing needs of the security industry with industry-specific, tailor-made policies. Kylie can be contacted via email at kylie@guardsafe.com.au or on 1300 880 320.
Contractors may believe that if subcontractors have their own workers compensation insurance or personal accident insurance then they are protected. Think again!
MASTER LOCKSMITHS Master Locksmith Association members are highly trained, fully qualified security professionals with access to the very latest in restricted key systems, from mechanical keys and locks to the world-leading electronic master key systems.
Find your nearest locksmith and MLA member at
THE MLA ADVANTAGE
DOMESTIC
COMMERCIAL
AUTOMOTIVE
SAFES
RESTRICTED KEY SYSTEMS
ELECTRONIC SECURITY
CCTV
FOLLOW US ON
SECURITY SOLUTIONS 087
EMERGENCY RESPONSE
088 SECURITY SOLUTIONS
The Role Of Security During Emergencies By Don Williams
When the emergency hits with no warning what, if anything, is the role of security? Basically, they should take over. Unless it is a fire in a highrise building, in which case the wardens, using the existing emergency plan, may cope. Thirty-five years of observation suggests that the Emergency Control Organisation and the site Emergency Plan, both compliant with AS3745, will not provide effective support during an emergency. If the emergency is limited to a small area, say someone suffering a heart attack, those nearby may apply initial first aid and will call for an ambulance. The local warden may be involved but the emergency communication officer (ECO) is unlikely to get involved. If the evacuation tone sounds, then wardens will move to their locations and assist with the egress of people, regardless of the nature of the emergency. The chief warden and ECO will then go to the communication panel and wait for the ‘firies’ to arrive. If it is any other sort of site-wide emergency, then the ability for the ECO to respond appropriately is less likely. This may be to do with the people who have been ‘volunteered’ as wardens and senior ECO members, but it is more due to the plans they work from and the training
provided. Often, the role of area warden is unfilled as it is an unpaid, extra duty. A person is better off being a first aid officer as that usually attracts some sort of paid bonus. Emergency planning committee (EPC) members are often appointed to the committee because of their position rather than any particular leadership or crisis management skills. There is no doubt that having the facility manager on the EPC is of great benefit – if that person is actually on site. Similarly, having executive suite members on the EPC provides top cover, if the people are not travelling most of the time. For all EPC and ECO members, the duty is part-time and usually an embuggerance that takes them away from their real work for that couple of hours every quarter – unless they can get out of it. The emergency plans, particularly the ‘Insert client’s name here’ type, offer little practical guidance on dealing with anything other than a standard evacuation. They are often being filled with ‘chief warden makes wise decision here’ statements. The associated training usually matches; it may mention bomb incidents, active shooters and gas leaks, but rarely teaches ECO members how to think and use the resources on site and how to avoid the hazards that exist in the building and
SECURITY SOLUTIONS 089
EMERGENCY RESPONSE
nearby. Nor do they explain how to integrate the company’s plan with that of the neighbours and how to manage a situation where everyone is trying to evacuate to the same site, or is not allowed to evacuate to the favourite area. As for how to initiate, manage and communicate the need to shelter in place should the hazard be external to the building, the ECO is largely left to make it up as they go along. The EPC is responsible for “the development, implementation and maintenance of the emergency plan, emergency response procedures and related training” (AS3745 para 2.2). These are functions that are usually contracted out with less oversight and validation than any other deliverable and yet they directly relate to protection of people and the business. A simple test is for the senior members of the EPC to actually read the emergency plan and to walk it through, physically on the ground and to ask management-type questions such as: • What will happen if we really do this? • Can we physically do this in the time available? • How does this relate to the time taken to close down processes? • What are the business implications of doing this? • How does this relate to our business continuity plan? • How do we secure our information and other valuable assets during an evacuation? • How do we communicate with our people before, during and after the emergency? • How do we protect our people from the weather when they are outside? • What are the cost implications of holding people in the building? • Can the facility manager advise how long we can stay in the building (probably depends on water and sewerage) and then what we do if we exceed that? • What is the process for ensuring the site is safe to reoccupy? • Does the plan address the child care centre? (some do not!) • What if we do not know where the hazard is or it is mobile, such as a violent employee? • Does the plan address how we seek to control staff taking videos and posting them; and how we manage the media?
090 SECURITY SOLUTIONS
The security manager, assuming there is one, is paid to think about protecting the assets and functions of the business.
If management are satisfied that the plan addresses all of their concerns and that the wardens are capable of initiating an appropriate response to any and all types of emergencies, then all is well. If it is the role of the EPC to organise the emergency response capability and of the ECO to implement it when the emergency suddenly happens, where does security fit in? Firstly, the security manager, assuming there is one, is paid to think about protecting the assets and functions of the business. Even if this is a part-time position, the security manager should be aware of the assets and hazards on site, know the emergency, business continuity, media management, human resources support and related plans. The security staff are engaged to identify hazards, report them and then protect the people. Even a Certificate II level guard should have attained competencies that wardens may not have, such as the ability to: • communicate effectively • respond to a security risk incident • manage conflict through negotiation. Security staff know it is their job to take control and to guide people to a safe area away from the hazard. If there are roving patrols then security staff probably have a better idea of the site layout than the wardens do, including the back-of-house areas and alternate exits. So why not make the security staff the wardens? Some sites nominate the security staff as wardens and there may be some advantages to this, but there are also some serious disadvantages. Wardens need to be familiar with who works in their area, who is away on the day and who needs special assistance. Security staff are unlikely to have this work area specific knowledge.
While security staff may take the lead in helping manage the immediate incident, it is not their primary function. If they are made wardens, what does the EPC want them to do during an emergency: stand at stairwells assisting people or look at protecting the site, secure the assembly area(s) and conduct other protective functions? They cannot do both. Also, there are rarely enough security staff to provide the required number of wardens. Similarly, if the security manager is the chief warden, he can only concentrate on one of the roles during the emergency. It may be better for the security manager to assist the chief warden and offer advice while considering how the site will be secured during and after the evacuation, what valuable assets need to be protected or removed and when, how a secure reoccupation can be initiated and how to protect the dignity of the members of the executive. The EPC should be confident that the chief warden and the rest of the ECO are capable of implementing relevant and effective site emergency plans for all types of emergencies, whether documented in the plan or not. If this is not the case then the security staff will probably step to the fore and do what is expected of them: identify the hazard and then stand between it and the people, for which they are paid less than anyone else in the building.
Don Williams CPP RSecP holds qualifications in security management and security risk management. He is a certified protection professional and registered security professional. He has long-term relationships with the venue and facility management associations. Don can be contacted via email at donwilliams@dswconsulting.com.au
Contact us on 1300 364 864 Follow us on
Delivering Proven Solutions for Security & Safety We Protect People & Assets SECURITY SOLUTIONS 091 www.magneticautomation.com.au
HOMELAND SECURITY
092 SECURITY SOLUTIONS
[ Surveillance Indicators ]
SECURITY SOLUTIONS 093
HOMELAND SECURITY By Ami Toben Many people tend to think that in order to detect physical surveillance, be it of a person or a property, one should look for individuals who seem suspicious, out of place, or otherwise engaged in nervous observations. Though these characteristics might be observed in many situations, the very first thing that a well-trained surveillance operative will learn is how to not exhibit these traits. As was discussed in an earlier article in the last issue of Security Solutions Magazine, some of the more subtle indicators that a person might be conducting surveillance can include (but are not limited to): observing and/or photographing the target, movements along/behind a mobile target, and communicating or even simply gesturing in conjunction with a target’s movements or actions. To get an idea of just how subtle such indicators can be, try to imagine a targeted individual, say, a CEO, walking into a crowded restaurant for a scheduled lunch meeting with an important client. As the CEO sits down at the table, a person from the back of the crowded restaurant picks up his mobile phone and types a few things into it before putting it back down. Forty-five minutes later, when the CEO and his client get up and leave the restaurant, the man at the back table, who was already holding his phone, types a few things into it again. He then pays for his meal and leaves the restaurant a few minutes later. Considering the fact that most people have their phones in their hands much of the time, one out of any number of individuals holding their phones in a busy restaurant should not seem the least bit suspicious. And yet, for a well-trained observer, the timing of such a thing (at the arrival and departure of the target), in addition to the location from which this was done (a table that provides a logical vantage point), might indicate a very subtle yet real correlation to the target. Even the most casual of actions could be all it takes to communicate, take note, or even photograph when such a target arrives, who he meets and when he departs. Another type of correlation that was previously discussed is a correlation over time and distance. This correlation could be either harder or easier to detect (unfortunately, it is usually harder), since no correlative action is necessarily detected. The correlation in this case is the mere presence of the same individual (or possibly a number of individuals) in the vicinity of the target. No direct observation, communication, photographing,
094 SECURITY SOLUTIONS
movement, or even subtle correlative gestures are detected, and yet, there the person is – over and over again in different times and places where the target just so happens to be. The reasons why no correlative actions are being detected might be a result of the surveillance operative’s skillfulness, his/her use of covert devices, the relatively lower skill set or operational abilities of the surveillance detection (SD) operative, or all of the above. This is not a matter of failure or blame (even experienced SD operatives are only human after all), but simply a question of being open to more available options when it comes to potential surveillance indicators. One of the things that makes detecting correlation over time and distance so difficult, however, is that it is not so much a matter of detecting the person him/herself as it is the ability to remember or recognise that one individual out of a roomful of people, who also happens to be the same individual from an earlier roomful of people a few hours ago; who was also the same individual from an even earlier street full of people yesterday. This means that an additional dimension of difficulty is added to the detection of surveillance. Real-time detection of correlative actions might not be enough. There might be a need to memorise or list all the individuals who have occupied tables, benches or any other potential vantage point around the target during the day (regardless of whether or not they correlated in action) and later on compare those individuals to future individuals in different times and/or locations around the target. If any individuals come up as common denominators, this might indicate that a correlation over time and/or distance is happening. There will be an abundance of false positives when it comes to detecting surveillance indicators of this sort. Keep in mind that people – all people – tend to be creatures of habit. The same individual looking out of a coffee shop window at a secured facility every morning is worth noting to be sure, but this has to be balanced out somehow with the simple realisation that every coffee shop has its regulars, who often like to sit at the same tables. While experience and a number of very good tools might help clear out some of the white noise, there are no silver bullet formulas that can absolutely guarantee no false positives. One way to think about it is that SD operatives
should always have more potential positives than actual ones – as long as they do not go overboard with it. It is true that anyone could potentially conduct surveillance, but ending up with 50 potential surveillance operatives at any given location, even if one of them happens to be real, means it is unlikely the surveillance needle will be found in the potential haystack that has been piled up. One useful tip, at least when it comes to correlations over distance, is that if the same person is seen once again, it is a coincidence, twice again elevates it to suspicious, three times and it is a correlation. This is imperfect, but it at least provides a starting point. A useful exercise that might help grasp the concept of correlation over time and distance is something the author likes to call Where’s Waldo? (or the Australian version Where’s Wally). The general idea behind the Where’s Waldo game pretty much corresponds to the gist of detecting correlations over time and distance; spot the individual who keeps appearing over and over again in different places and times. The added difficulty when it comes to surveillance detection, however, is that who this person is and what they look like is usually unknown, so before ‘playing’ Where’s Waldo, it is necessary to figure out who is Waldo. As always, no article, book, or seminar can be said to actually teach people how to perform surveillance detection. Though some of the wording in this article might seem instructional, please keep in mind that this article is not intended to teach anyone how to execute surveillance detection operations. Ami Toben is the director of consulting, training and special operations at HighCom Security Services, a security and investigation company based in the San Francisco Bay area in the US. He is an experienced security director, trainer, account manager and published writer with over 14 years of military and private sector security experience and a successful record of providing high-end services to Fortune 500 corporations, government and law enforcement agencies, foundations and wealthy individuals. His professional experience includes: full-spectrum facility security operations, special-event security, executive protection, low-profile and covert security projects, metal detector operations, estate security, shareholder meeting security, surveillance and surveillance detection projects.
DO YOU KNOW WHO IS IN YOUR BUILDING? WITH THE NEW
WERRA ENTRANCE
CONTROL RANGE
The Answer Is EZI… With Entrance Control products to suit any solution, Werra ensures that you eliminate access to any unauthorised people, as is often the case with security personnel! By combining security and functionality, Werra allows quick access for authorised people with an incredible rate of up to 35 people per minute! Even large flows of people can be monitored and effectively controlled with the right solution… TYPICAL APPLICATION AREAS
º
OUR OFFERING
º Public institutions and administration buildings º Tripods º Financial and telecommunications sector º Mid-height turnstiles º Event buildings, leisure parks º Full height turnstiles º Sports arenas and concert halls º Speed gates º Airports, train stations º Swing gates º Industrial premises º Security gates Education system
What are the right answers with Entrance Control?? – THE ANSWER FIND OUT MORE ABOUT US!
AUSTRALIA NATIONAL
IS EZI!!
1300 558 304 11 Cooper Street Smithfield NSW 2164 www.ezisecurity.com.au sales@ezisecurity.com
FEATURE ARTICLE
WHERE MELBOURNE CONVENTION & EXHIBITION CENTRE WHEN 15-17 JULY 2015 REGISTER SECURITYEXPO.COM.AU
THE SECURITY EXHIBITION & CONFERENCE IS TURNING 30! FACEBOOK /SECEXPO TWITTER @SECURITY_EXPO REGISTER SECURITYEXPO.COM.AU USING PROMO CODE: SOLUTIONS 096 SECURITY SOLUTIONS
In 2015, we are delighted to be celebrating a milestone anniversary for the Security Exhibition & Conference. You are invited to join us at the Melbourne Convention & Exhibition Centre from 15 – 17 July to honour 30 years of Australasia’s premier security industry event. Its longevity is a testament to the event’s unmatched success – this year’s exhibition is expected to connect more than 4,500 attendees with 170 leading brands in the security industry, including Central Security Distribution, Gallagher, Hills, Pelco by Schneider, Salto and Honeywell.
Last year was hailed as the most successful in the event’s 29 year history including the relocation, with the event being held in Melbourne for the first time in more than a decade. Following the outstanding success of the 2014 event with record attendance, a sold-out floor plan and over 160 brands exhibiting, we are pleased to return for the second year in Melbourne. It’s fantastic to remain in the Victorian market for another year to allow visitors and exhibitors to build on relationships and for business to continue to grow in the region.
CELEBRATING The Security Exhibition presents an annual opportunity for security professionals and end-users to experience the latest products in access control, video surveillance, perimeter security, intruder alarms, fire and safety, biometrics and IP networking with a great line-up of both new and returning suppliers. Furthermore, the ever-popular New Product Showcase returns in 2015 to feature the top new and innovative products to hit the Australasian security marketplace in the last 12 months. We also have a first-class education program featuring the Security Conference and Executive Briefing hosted by the Australian Security Industry Association Limited (ASIAL). The ASIAL Conference is a twoday program for security end-users featuring an exceptional line up of experts including Dr. Kelly W.
LEAD INDUSTRY PARTNER
PRINCIPAL EXHIBITION SPONSOR
YEARS Sundberg, President of the SAFE Design Council (Canada) and US Global Security Advisor and Futurist, Mark Goodman. The half-day Executive Briefing on Crisis Communication by international expert Bruce Blythe, will be an active and hands-on session to help security professionals give and receive timely information in order to effectively manage any crisis. Finally, the exhibition will feature a free informative seminar series designed for installers and integrators based on current key trends offering practical advice. Details on the full educational program can be found on the event website, securityexpo.com.au.
OF CONNECTING THE SECURITY INDUSTRY decades of the security industry. Visit the 30th Year Commemorative Corner to enjoy a coffee whilst reminiscing about products, solutions, companies and advertising from days gone by, plus you can enter our prize draw to win $5,000 cash. With this and so much more going on as part of the celebrations, 2015 is a year not to be missed. We look forward to welcoming you to the Melbourne Convention & Exhibition Centre in July! Best wishes, Alanna Phillips Security 2015 Event Manager
As this year’s Security Exhibition & Conference marks the 30th anniversary of the event, we will be providing attendees with the oneoff chance to relive the past three
ORGANISED BY
SECURITY SOLUTIONS 097
098 SECURITY SOLUTIONS
A9
A11
A15
A27
A35
CONFERENCE CATERING
B1
C7
C20
C8
C14
C48
ENTRANCE & EXIT
B8
B10
B28
B36
B42
B46
ENTRY POINT
B44
B14
A20
A28
A30 B29
A36 B35
A38
A42 B41
A44 B43
ASIAL CONFERENCE THEATRE
A17
A25
A29
A33
THE MARCH NETWORKS NEW PRODUCT SHOWCASE
SEMINAR THEATRE
A48 B47 B49 B50 C47
C2
C4
C28
C32 E28
E32
E36
E38
D8
D2 E1
E7
D14
E8
F2
F8
H42
G42
G7
G28
G32
G36 H35
i41
G2
G8
G14
H20
H28
H30 i29
H36
H38
H44
G44
H47 H49 H48
G38 H37
F20
F14
F7
F28
F36
F10
F1
G41
F38
F42
F44
F9
E14
E2
E42
E44 F43
CAFE SEATING AREA
CENTRAL BAR
D28
D32
D36
D38
D42
C42
C36
D44 E43
C44
C50 D47 D48
FLOORPLAN 2015
J36
J41
J43
K50
ENTRANCE & EXIT
ENTRY POINT
i8
i20
i28
i30
i36
i38
i42
i50
J8
J2
K7
K9
J14
J18
J24
L8
L10
L12
L14
L18
L20
L22
L24
L28
L30
L32
L34
30TH YEAR COMMEMORATIVE CORNER
EXHIBITOR STANDS
FEATURE AREAS
LEGEND
FEATURE ARTICLE
SECURITY SOLUTIONS 099
Fullnet Security ......................................................................................F9 Gallagher Security ...............................................................................G2 Genetec ..................................................................................................... J18 Geutebruck ..............................................................................................B14 Grandstream Networks .....................................................................B1 Gunnebo Australia ...............................................................................F10 Handheld APAC.....................................................................................A44 Hikvision ....................................................................................................E28 Hills ..............................................................................................................i8 Honeywell Security Group ............................................................... J24 ID Warehouse .........................................................................................G7 Inner Range..............................................................................................J14 Integral Risk Group...............................................................................B35 ISCS ............................................................................................................. A15 Jacques Technologies ....................................................................... F8 JJ SecuWatch..........................................................................................L24 Joinoutlet ..................................................................................................E1 Kaba Australia ........................................................................................F2 KORE Wireless ........................................................................................H35 LEDA Security .........................................................................................H28 Lockit Systems........................................................................................H47 LSC ...............................................................................................................C4 Magnetic Automation..........................................................................i30 Mainline Security Products ..............................................................E36 March Networks ....................................................................................A31 Master Locksmiths Association ....................................................L30 MOBOTIX AG ..........................................................................................F28 Natural Power Solutions ....................................................................i38 Navtech Security...................................................................................D48 Nemtek Electric Fencing ................................................................... G32 Ness Corporation ..................................................................................J2 Nuctech Sydney ....................................................................................A36 Optical Solutions Aus.......................................................................... C32 Panasonic ................................................................................................. G28 Pelco by Schneider Electric .............................................................E7 Perimeter Systems Australia ...........................................................i36 PPM 2000 Inc..........................................................................................F37 PRESCO .....................................................................................................E36 Proscan Australia .................................................................................. H36
Pulse Security Limited ........................................................................F42 Putney Insurance Group....................................................................H49 Q Security Systems ..............................................................................E14 SALTO Systems......................................................................................A20 Seadan Security ....................................................................................C8 Seadan Security ....................................................................................D8 Securitag Assembly............................................................................. L12 Security Distributors Australia ........................................................ F7 Security Electronics Magazine ....................................................... L18 Security Merchants Australia ..........................................................G14 Security Monitoring Centres ............................................................D36 Security Solutions Magazine...........................................................L22 See Security ............................................................................................G41 Sensor Dynamics ..................................................................................K9 Senstar Corporation ............................................................................ K7 Shenxzhen Tinfull Technology .......................................................E43 simPRO Software ..................................................................................F14 SIMTRACK ................................................................................................H42 Sony.............................................................................................................C28 Spectur - Solar Cam.............................................................................H44 Stentofon Communications ..............................................................J36 Sylo ..............................................................................................................C20 Synology ...................................................................................................L10 SystemWare-Pacific.............................................................................C48 TAKEX .........................................................................................................i28 Tdsi Australia...........................................................................................F44 Teleradio Engineering ........................................................................ B44 Top Smart Vision Australia ............................................................... L32 Unimet Security...................................................................................... i50 UTC Fire & Security Australia.......................................................... H20 Video Security Products ....................................................................D28 Videofied...................................................................................................J8 Western Advance..................................................................................E32 A WorkForce Software Company ................................................B41 World Reach RFID.................................................................................E42 Xiamen Dnake Technology Co., Ltd ............................................G42 Zhejiang Tianjie Industrial Co. Ltd. ...............................................G38
FIND OUT MORE AND REGISTER FREE AT SECURITYEXPO.COM.AU USING PROMO CODE: SOLUTIONS
A.Triple.S.................................................................................................... L28 Access Communications ................................................................... F38 AG Neovo .................................................................................................B42 Aiphone...................................................................................................... H30 Alarm IP Australia ................................................................................. E38 Alloy Computer Products.................................................................. B1 Alloys ..........................................................................................................A38 Alluser Industrie ..................................................................................... i20 ASIAL........................................................................................................... B10 Assa Abloy ............................................................................................... G8 Austco ......................................................................................................... L20 Australian Security Technology..................................................... A30 Avigilon ......................................................................................................D14 Avnet Technology Solutions............................................................ A35 Axis Communications ......................................................................... C14 BFT Automation Australia................................................................. C2 Bollinger - The Automatic Choice ................................................. D42 Boon Edam............................................................................................... J41 Braemac ....................................................................................................B8 B-Sealed ...................................................................................................E44 Building Services Recruitment Australia.................................... G36 Camvex Video Surveillance Systems ......................................... D2 Canon Specialised Imaging............................................................. B28 Central Security Distribution............................................................ F20 Centrevision .............................................................................................i29 Chemical Security.................................................................................D44 Chip Development................................................................................ A42 Cognitec Systems ................................................................................. L8 Commend Australia ............................................................................. i42 ComNet ...................................................................................................... F43 Console Concepts ................................................................................ L34 CR Kennedy Surveillance ................................................................. F36 Defense Systems Australia .............................................................. A25 ECA Group ............................................................................................... A11 EKA Hybrid Access System ............................................................ B36 Electro-Com Aust ..................................................................................E8 EVVA ...........................................................................................................B36 FLIR Systems Australia....................................................................... H37 FSH Fire & Security Hardware........................................................ A28
EXHIBITOR LIST
FEATURE ARTICLE
100 SECURITY SOLUTIONS
You Will Not Believe What A Little Bird Told Me: The Metadata Behind The Tweet By Rick Draper A tweet is limited to a maximum of 140 characters, but that is much less than the amount of information it actually carries. Social media has become an integral part of daily life for hundreds of millions of people around the globe. People share important details of their lives, as well as trivial observations that appear to be of little interest to anyone else. What most people do not realise is that there is a whole industry built around capturing and analysing the metadata that accompanies every tweet and social media post. The Reach of Social Media For most regular users, Twitter and its contemporary social media platforms enable close to real-time communication with relatively small groups of friends and acquaintances. For others, like singer Katy Perry for example (the most followed person on Twitter), social media connects them directly with vast audiences that can be in the order of tens of millions of direct followers. Considering the prospective number of re-tweets that might be generated by those receiving the initial tweet, the potential reach of a single 140-character message is extraordinary to contemplate. Facebook still holds the number one position in terms of the number of active users, with some 1.28 billion people using the platform; over a billion of whom choose to do so on a mobile device each month. In second place is Google+ with 540 million monthly active users. Instagram has now overtaken Twitter as the third largest social media platform, with some 300 million active monthly users, compared to Twitter’s 284 million. However, Twitter still has a sizable edge on Instagram in terms of activity,
with over 500 million tweets per day, compared with an average of 70 million photo shares each day on Instagram. Other social media platforms may have less users, but the numbers are still significant. Professional networking site LinkedIn has some 187 million monthly active users, with a total user base exceeding 300 million. Pinterest has the highest ratio of registered users active each month, with more than 40 million out of 70 million users interacting with ‘pins’. Twitter’s Vine platform was only launched in 2013, but already has a major following, with a similar number of Vine loops played daily when compared to YouTube mobile videos (that is, more than a billion every day). Given the numbers, there is a mind-blowing amount of information circulating in social media circles. What is Metadata? In August 2014, the term metadata was introduced to the general public in Australia through separate interviews with the Prime Minister and the Attorney-General, Senator George Brandis, along with later clarifications from their offices. Many people were left as confused as the political leaders appeared to be in trying to explain the concept. While this discussion about metadata centred on the proposed data retention laws and somewhat expected concerns about privacy, the reality is that all use of the Internet generates large amounts of metadata. Much of this metadata is collected and retained by a range of organisations for a variety of purposes. Some of it is openly sold to third parties. For example, when a user visits a website, the
IP address from which he appears to be coming is logged, along with details of the web browser he is using. If he was using Google Chrome on a Mac, the browser information might look something like the following (even if he is in ‘incognito mode’): Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36. If he visited the same site using Internet Explorer, a different profile would be seen: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0). This might not seem all that interesting, but when combined with the user’s screen size, IP address and other data logged on previous visits to related websites, it is actually possible to build up profiles that can be linked to individuals. Even if the user is not personally identifiable from the metadata, his digital footprint is recognisable. How unique that footprint might be depends on a number of factors, but it becomes understandable why metadata is highly valued by marketers and law enforcement agencies. So What is Behind a Tweet? There are certain rules around reproducing and distributing Twitter metadata, so the example below is in fact only part of the metadata that is available. There is a lot written on the envelope used to send the tweet! The metadata is divided into three general areas: • about the user • the post itself • location information The IP address from which the tweet originated is not included.
SECURITY SOLUTIONS 101
FEATURE ARTICLE
Within the metadata of every tweet, there is a complete mini profile of the user at the time the tweet was sent. For example, in the example tweet I sent from @QR2id, anyone analysing the metadata would be able to tell the following: • account name: QR2id/display name: QR2id (users can change their display name) • account created: 4 April 2012 • account description: QR2id enhancing safety, security and efficiency • link to account: http://www.twitter.com/ QR2id • related links: o https://www.facebook.com/QR2id o https://QR2id.com o https://PlotAndAudit.Amtc.net • followers: 64/following: 236 • number of tweets: 302 There is also a link to the profile image for the account as it was set at the time of the tweet (which the user can change at any time), language information and Twitter’s internal ID for the account. More metadata surrounds the post itself: • generator (how the post was sent): Twitter for iPhone • posted time: 19 Jan 2015 21:34:24 GMT • time zone: Brisbane/GMT Offset: +10 hours • link to the post: http://twitter.com/QR2id/ statuses/557289998496452608 • post content: “Writing article about metadata for Security Solutions magazine” There are also separate fields containing lists of hashtags and mentions that were included in the body of the tweet, links to the website referenced in the text, as well as specific links to included images and media. As might be expected, there is a unique identifier for the tweet itself, and there are also links to relevant resources, including one to the app that was used (for example, http://twitter.com/ download/iphone). It is the area of location information included in the tweet that is most interesting for some consumers of metadata. In the sample tweet, the metadata revealed that the tweet had originated from Brisbane, Queensland, Australia within a polygon bounded by the coordinates 152.668522848, -27.767440994; 152.668522848, -26.996844991; 153.31787024, -26.996844991; 153.31787024, -27.767440994; 152.668522848, -27.767440994. If the person sending the tweet has location services
102 SECURITY SOLUTIONS
activated on his device, the actual reported GPS coordinates will be included in the metadata. There is similar metadata behind other social media posts, although geographic location
an extremely powerful use of metadata that can quickly turn a list of 300+ followers into a group of ten or so close associates. It is interesting to note that the volume of social media posts with geolocation information seem to vary from around 10 percent to well over 30 percent, with higher rates observed at major sporting events. Of course, some people always have location services enabled for their applications, which means that the locations from which they post to social media form part of their data history; all of which is in the public realm and not subject to any privacy restrictions. It is therefore possible to track the movement of these individuals without the high costs associated with physical surveillance.
What most people do not realise is that there is a whole industry built around capturing and analysing the metadata that accompanies every tweet and social media post. details are most usefully presented by Twitter and Instagram. There are services that leverage the metadata, including location information, to enable analysts to more effectively examine related information. Security Uses for Metadata A classic example of the value of social media metadata in a security context comes from an actual event. This event happened in a public space around which all geocoded social media activity was being monitored. The offender hit a wall with graffiti and proceeded to take a photo of his work, which he promptly posted to Instagram. His Instagram account was set to automatically tweet a link to all new posts, and yes, he had location services enabled on his phone and the image showed up in the tweets within the selected radius of the location. Having identified an alleged offender in this way, it is possible to mine metadata from his social media posts to see whether initial assumptions are likely to be valid. People that he follows and that follow him can also be identified, as well as those who are mentioned most frequently in social media posts. This is
It should be noted that location information derived in this way can be inaccurate due to the way different devices determine and report their location. Information may also be misleading due to delays between when a photo was taken or post-prepared and when it actually uploaded to social media. However, if security personnel are careful to avoid leaping to conclusions and are prepared to validate the available information, there is a great deal that can be learned from social media metadata. Rick Draper is the principal adviser and managing director at Amtac Professional Services Pty Ltd. Rick has over 30 years’ experience in the security industry; the last 21 years as a consultant. He is an adjunct senior lecturer in security management and crime prevention at Griffith University and a member of the ASIS Loss Prevention and Crime Prevention Council. Rick has been involved in the development of web applications and tools to assist in undertaking security and crime prevention reviews since the 1990s, including the development of Plot & Audit (https://PlotandAudit.amtac.net). He can be contacted at Rick.Draper@amtac.net
IT’S HERE! THE FIRST EVER TRUE NATIVE IP PUBLIC ADDRESS SYSTEM! EXIGO
Does not require any specialised network hardware and can co-exist with other network systems
Supports all infrastructure - Buildings, Industrial, Remote Areas Extremely energy efficient with low power consumption and low heat dissipation Effortless scalability to any sized systems Excellent system management with advanced system maintenance and monitoring
Oceania Inquiries Phone: +61 3 9729 6600
www.stentofon.com.au sales@stentofon.com.au
SUBSCRIBE Security Solutions Magazine, Level 1, 34 Joseph St, Blackburn, Victoria 3130 | Tel: 1300 300 552
I wish to subscribe for:
oONLY $62 per annum!
Name: ............................................................................Company: ....................................................................................... Position: .........................................................................Address: ......................................................................................... Suburb:...........................................................................State: ................................. Postcode:............................................. Tel:..................................................................................Email: ................................................................. ........................... TERMS AND CONDITIONS For more information on subscriptions, or to contact Interactive Media Solutions, please phone 1300 300 552 or email to admin@interactivemediasolutions.com.au. Deductions will be made from your nominated credit card every year in advance of delivery. The direct debit request and subscription price may be changed by Interactive Media Solutions from time to time, however you will always be given at least 28 days notice. The authority to debit your account every year remains valid until you notify Interactive Media Solutions to cancel your subscription by contacting Interactive Media Solutions Customer Service. No refund is given after a payment is made. In the event of a cancellation of your subscription, the subscription will simply expire twelve months from when the last subscription payment was made. Information on how we handle your personal information is explained in our Privacy Policy Statement.
Credit Card oBankcard
oVisa
oMastercard
oAmex
oDiners
Card Number: ........................................................................................................................................................................ Exp: _ _ / _ _ Card Name: .................................................................................................................................................................................................................... Signature: ....................................................................................................................................................................................................................... When payment has been received and funds cleared, this document serves as a Tax Invoice. Interactive Media Solutions ABN 56 606 919 463. If this document is to be used for tax purposes, please retain a copy for your records.
Security Solutions Magazine now available on your iPad.
DOWNLOAD FREE FROM THE iTUNES STORE TODAY TO VIEW EXCLUSIVE CONTENT!
Subscribe to Security Solutions Magazine for
ONLY $62 per annum!
Simply fill in the form or call 1300 300 552
105 SECURITY SOLUTIONS
SECURITY STUFF C O N T E N T S
106
108 Spotlight
110
108 Profiles
114
112 Product Showcases
116
106
108 110 111
SAAB
Assa Abloy Salto ActivConsole
112 112 114
Canon VB-R11 Icom IP100H WLAN MyHome Connect
114
Social Media Rules Of Engagement
116 Shop Talk VinTech DORMA Beaware AST EZI FLIR
SECURITY SOLUTIONS 106
SPOTLIGHT
Is There A Better Way? Critical infrastructure operators are quickly discovering that to adequately protect their premises, more electronic systems are required. The traditional security systems such as intruder alarm and access control systems, CCTV, perimeter intrusion detection, pedestrian, vehicle and car park barriers and systems, duress systems and intercom systems are not the be-all and end-all. An effective onsite security control room must also monitor the visitor/contractor management system, building management system, fire and EWIS (Emergency Warning Intercommunications System), UPS and generators, lighting and Ethernet network for any changes that may impact the site. Security managers must also concern themselves with general asset tracking and social media activities that relate to the facilities and organisation. Of course security personnel need to communicate with each other and all other parties on site so use telephones, two-way radios, intercom and public address systems too. Then there are add-on systems like biometrics and video analytics for greater facility protection and site specific systems such as key safes, RFID systems, mobile phone detection systems, etc. These are simply the most obvious ones for critical infrastructure sites, but depending on site specifics, even more can be used. This is a large number of systems for security operators to manage and monitor, raising several issues and complications that must be addressed. For example:
106 SECURITY SOLUTIONS
• How easy is it to learn all these systems and operate them? • How many monitors must the operators keep their eye on to make sure they don’t miss anything? • When an event occurs, how stressed does the operator become and therefore how many mistakes could be made under pressure? • How many policies and procedures relate to all these systems and how confused are the operators? • Most importantly, what is the speed and precision of the current security staff to action alarms and events? • How difficult is it to conduct an investigation? Is there an efficient method of gathering the information from all these systems and collating them into time order so as to create a clear picture of the event? Basic high and low level system integration improves the speed and precision of some alarms and events but certainly not all. Integration also decreases the number of viewing screens and tasks performed by operators. Integration however, does not assist with training, stress, policies & procedures and investigations. Alternative methods must be used to solve these issues and this is where the global security industry is turning to Physical Security Information Management (PSIM) systems. Over the past 10 years PSIM has become an accepted term within the security industry and this acronym is starting to pop up everywhere, even in technical specifications. Originally PSIM’s were purpose built, however
as the technology advanced, PSIM’s have become a commercial off the shelf solution that fit many industries. A true PSIM has the ability to integrate with any system or device and is therefore non-proprietary. PSIM’s add tremendous value to organisations as they are a single human machine interface for all the security systems. Essentially PSIM’s are a single Graphical User Interface (GUI) for the multitude of disparate security sub-systems that are managed by security operators providing tremendous situational awareness. Understanding if the client needs a PSIM can be determined in a number of ways however generally the answer lies within a few requirements. First, the speed and precision required for responding to events and second, the number of sub-systems. The major benefit of a PSIM is that it integrates ALL security systems regardless of make, model or class. Be wary though, not all systems marketed as PSIMs are actually PSIMs. A true PSIM will allow multiple security systems such as access control systems and/or multiple video management systems to be integrated. If the PSIM manufacturer will not easily and openly integrate competing products, then the system is not a PSIM, therefore possibly not provide all the desired features and benefits and possibly lock you into proprietary solutions. For many reasons a security operation can have multiple security sub-systems such as video management systems forming part of the overall solution. A PSIM seamlessly integrates all disparate systems so the organisation can meet its key operational business needs. Control room
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
SAAB
personnel can simply learn and control a single The PSIM should include all the Security Often an overlooked benefit of a quality PSIM system, the PSIM. Operating Procedures (SOP’s) and present only is that it will eliminate desk top clutter within the A PSIM delivers a security ecosystem that the relevant SOP’s for each event – ie. when a control room. As all the systems are integrated provides complete situational awareness. duress alarm is activated the SOP’s for this event and operated from a single system, the result Personnel can apply an adaptive workflow are automatically presented so the operator can is that an operator simply uses a few monitors, including clearly defined procedures to follow, perform the task as efficiently as possible. keyboard, mouse, joystick, intercom and/or for each event. Best practice is applied with real The PSIM must retain a complete audit trail in telephone. All other devices such as multiple time information presented, whether the subchronological order of everything that happens two way radios, paper based SOP’s, intercoms, system is old or new. on the PSIM and every sub-system in a single keypads, switches, little sticky notes, etc. are all Defuse with a truly unified eliminated to reveal a clean and efficient control There are many situations functions of a PSIM andquicker as a repository. security solution minimum the solutioncontrol should collect androom analyse In this day and age geo-mapping should be room. De-cluttering the control room always the data gathered from all the sub-systems. As provided as a standard feature. This mapping results in well-organised, capable and happy Saab’s OneView is a next-generation feature physical security information all the systems are present in the single GUI, should essentially operate like Google control room operators and a safe and secure management provides levels of premise. the operator typicallyintegration receives data platform from these that Earth or Google unprecedented Maps, however the load times sub-systems as text or by way ofin icon changes should infrastructure be virtually instant. environments. There should not be Emanuel Stafilidis CPP has over 25 years subsystem integration mission-critical on a map. When the operator chooses to action any delay waiting for pages or maps to load. The experience in the Security Industry and OneView empowers operators effectively efficiently the event, the operator will click on the textto or respond PSIM should update theand status of the points to fromthe is Business Development Manager at Saab most stressful situations. Offering accurate intuitive situation awareness, icon and they will automatically be provided all each sub-system every second or faster. Systems Australia. www.saab.com/au the information associatedinterface, with the event update delays, such as map loads shouldn’t be Saab Australia is a major system integrator a simple operator fastand detection-response and comprehensive realise the benefit of the action PSIM. The informationOneView tolerated.is the ultimate choice for of Physical Security Information Management support for post analysis, from various systems is presented at the same The PSIM should facilitate alarm and event systems within Australia. The company has modern surveillance and security operations. time providing the operator a complete picture. searching as all recordable movements from developed and installed several systems in The PSIM should operator edge the each sub-system stored room within the PSIM’s prisons, defence bases and critical infrastructure You can rely onprovide Saab’sthethinking to bring your are control ability to respond to any situation more efficiently audit trail. Investigations are easier, more facilities across the Asia Pacific region. under real control. with additional information, which is presented in accurate and conducted in a more speedily a clean and well-laid-out display. fashion.
GAIN CONTROL WITH ONEVIEW
saab.com/australia
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
SECURITY SOLUTIONS 107
PROFILE
ASSA ABLOY
ADVERTORIAL
Aperio by ASSA ABLOY continues to break records
SECURITY is an inherently conservative industry; however, new-found consumer confidence in advancing electronic access technology is driving exciting trends in the field. Readers, software and wireless systems are becoming more functional and secure and are gaining momentum in the market, particularly because much of this innovation can be easily incorporated into existing legacy access control systems. Common legacy access control systems are becoming outdated and failing to meet demands that a heightened level of security requires. The cost of expanding systems to meet these growing requirements is forcing many businesses to compromise on security. This no longer needs to be the case. Advances in wireless access control and the introduction of multi-platform readers mean that the technology used to upgrade legacy access control systems has become practical and cost effective. ASSA ABLOY Business Development Manager for Electronic Access Control, David Ward, is experiencing this exciting trend first hand. Mr Ward said “Aperio wireless access control locks were ASSA ABLOY’s top performer in the electronic access control division last year, achieving 200% growth, a reflection of increased consumer faith in the new software and wireless capabilities.” Aperio is a cutting edge technology developed to complement new and existing electronic access control systems, providing end users with simple, intelligent way to upgrade the controllability and the security level of their premises.
108 SECURITY SOLUTIONS
Aperio technology allows a mechanical lock to be wirelessly linked to an existing access control system and means additional doors can be easily and cost effectively added to the access control system. When ASSA ABLOY launched Aperio five years ago, products were rolled out to niche markets such as heritage listed buildings, where wiring was difficult to install. “Now, wireless is the fastest growing area in the access control space, eliminating the need for hard wiring and reducing labour and installation expenses,” Mr Ward said. Wireless solutions have assisted the keyless trend, and as a result, security and facility mangers now have greater control, can easily respond to organisational changes and only need to monitor a single security system, while users only require a single access control credential.
“It is not only in the traditional access control market we are seeing a growth in wireless access control, we are also seeing a rise in the number of systems being installed on data rack cabinets, lockers, cupboards and drawers, Mr Ward said. According to Mr Ward, these developments are only the beginning and further expansions of reader technology are underway, driving the next step forward for the industry. “Readers are going to mobile credentials but it is early days. Rather than having a card, secure credentials will operate on smart phones, through NFC (Near Field Communication) or Bluetooth.” “A Bluetooth able phone will run an operating system for credentials, where a person will be able to walk within range, give their smart phone a ‘twist’ and it will unlock the door. Perhaps a person could be driving up to a gate, gesture with their smart phone and the gate would open.” Traditional legacy access control systems are becoming impractical and outdated, particularly in the commercial security environment, where issues with entry and exit points can decrease business productivity and safety. A security market desperate for an alternative has resulted in accelerated advances in wireless solutions, which can be easily incorporated into old legacy systems. Improved functionality and security also means the industry is experiencing a growing trend in the number of consumers confident in rejuvenating old systems, with wireless technology. Wireless compatible hardware is quickly installed and the software can be inexpensively upgraded to keep up with new demands and authorisation credentials.
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
PROFILE
ASSA ABLOY
ADVERTORIAL
Important ASSA ABLOY Australia Brand update announcement Over the coming weeks ASSA ABLOY Australia will be rolling out important brand changes to two current product ranges. The changes will take affect for Arrow by Lockwood and Padde by Lockwood. Padde by Lockwood – Lockwood Padde is an Australian-based, niche brand that has been supplying quality electromechanical door locking solutions since 1966. Padde has also proven capable of innovation to preempt future market needs. A strong commitment to R&D and new product development has ensured dynamic growth for the brand every year since incorporation. In 2005 the Lockwood hard endorsement was added to the Padde Logo, adding strength in the specification market where the Lockwood brand is the market leader. From July 1, 2015 the Padde brand will become a full Lockwood branded offering and will now be referred to as the Lockwood Padde range. This will include new Lockwood branded packaging, new point of sale and marketing collateral. The Padde product as we know and love today will not change, yet simply move into the Lockwood family brand. Having the range now under the Lockwood banner will allow us to leverage Lockwood’s brand equity, concentrate our marketing and R&D activities whilst also bolster and complement the full Lockwood door hardware package across all market channels. Arrow by Lockwood - Yale Yale is one of the oldest international brands in the world and probably the best-known name in the locking industry. The Yale history captures major innovations that have marked the evolution not just of Yale, but of the entire locking industry. In August 2000 Yale was purchased by the ASSA ABLOY Group, and has since then been an
important part of the global leader in door opening solutions around the world. The Yale brand was reintroduced into the Australian market in 2009, and will maintain its focus on the consumer market. To strengthen and bolster the Yale range in Australia the Arrow by Lockwood range will now come under the Yale brand offering. All current Arrow by Lockwood branded products including door closers and locksets will be re-branded to Yale effective July 1, 2015. Overtime new products will be added to the Yale range, further expanding the offering into semi commercial and residential platforms. New websites for both Yale and Lockwood will be launched in June 2015. The new responsive websites will have the respective product ranges added to Lockweb (Padde) and Yale (Arrow) including new product brochures and downloadable content including images. In addition to packaging and branding changes, all part numbers will be updated for both Arrow by Lockwood and Padde by Lockwood, part number conversion charts can be found on the new web pages below. Lockwood – www.lockweb.com.au Yale – www.yalelock.com.au About ASSA ABLOY ASSA ABLOY is the global leader in door opening solutions, dedicated to satisfying end-user needs for security, safety and convenience. ASSA ABLOY is represented in all major regions, in both mature and emerging markets, with leading positions in Australia, Europe and North America. ASSA ABLOY is the company behind leading brands in Australia including, ABLOY, Henderson, Lockwood, Whitco and Yale. For more information visit www.assaabloy.com.au
SECURITY SOLUTIONS 109
PROFILE ADVERTORIAL
apps, SALTO’s two mobile solutions make it easy and secure to use smartphones as a part of your access control solution that brings real-life usability and flexibility to access control.
allows users to use their BLE-enabled smartphone to securely receive their keys online, anytime and anywhere, and then access doors directly with their phone.
productivity without sacrificing security. • Facility managers distinguish their property with cost effective solutions that clients truly value.
An alternative solution is JustIN mSVN (mobile SALTO Virtual Network) that permits extending or changing access rights instantly and remotely Over The Air (OTA) using SALTO’s mSVN app for NFC- enabled phones.
SALTO
Working with SALTO’s new ProAccess SPACE software, both of these mobile solutions easily and flexibly bring better security and usability to end-users as well as system managers.
Email: info.aus@saltosystems.com - www.saltosystems.com
JustIN Technology by SALTO
Total Access Control made easy with your smartphone
Strike the right balance with SALTO’s JustIN technology that makes it easy and secure to use smartphones as a part of your access control solution. The flexibility and functionality gained by incorporating JustIN mobile technology mean a better user experience as well as productivity gains, without compromising security. JustIN mobile SALTO virtual network (mSVN) is ideally suited to healthcare, infrastructure and other industries where mobile workers are an important part of the workforce. It allows users to update their access rights remotely in real time without using a wired, online update point, and eliminates the need to return to the office to update access rights. JustIN mSVN updates a user’s access rights over the air (OTA) using SALTO’s mSVN app for near field communication (NFC) enabled phones. All an end-user needs is an NFC-enabled smartphone to update his DESFire EV1 credential using the JustIN mSVN app, thereby extending the reach and flexibility of an installation’s security. In hospitality, JustIN Mobile Keys app lets guests use their Bluetooth low energy (BLE) enabled smartphone to serve as their room key. The intuitive JustIN Mobile Key app communicates securely via the Cloud and permits users to receive their keys online, anytime and anywhere, or they can choose to receive a traditionally issued smartcard credential. Technologically cutting-edge, JustIN Mobile Key means the end to lost key hassles, expense and waste. The technology is not limited to the hospitality market. JustIN Mobile Keys can be used in a variety of settings, including main entrance doors, elevators, car park barriers, meeting rooms and more. It is the ideal solution for any door that needs access control.
110 SECURITY SOLUTIONS
SALTO’s mobile solutions make it easy and secure to incorporate smartphones as a part of your access control solution. Using SALTO’s JustIN technology, these solutions easily and flexibly bring better security and usability to both end-users and system managers. End-users gain convenience and productivity without sacrificing security, while facility managers distinguish their property with cost-effective solutions that clients truly value.
To understand the full potential of SALTO’s mobile solutions for your facilities and properties, contact your local SALTO office to set up a live demonstration. Contact SALTO via email at: info.aus@saltosystems.com or visit www.saltosystems.com for more information.
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
PROFILE
ActivConsole
ADVERTORIAL
ActivConsole
A true investment in your control room operation ActivConsole, AME System flagship product, has been revolutionising surveillance control rooms throughout Australia and internationally for the past 20 years. A strong push towards ergonomics within many surveillance room environments has shifted the role of consoles over the last 10-15 years. Consoles are no longer an outdated, inconspicuous piece of furniture offering no ergonomic benefit for its operator. Today’s consoles are custom designed, ergonomically beneficial and tailored towards each single operator and task. Height adjustable consoles are not just the future, they are the very much the present and they are very much a trend that needs to be embraced. Not only do they increase operator comfort and safety, productivity and alertness of each operator remains higher for longer. Australian made and owned, all ActivConsole models are designed and manufactured from their engineering facility and design studio in Melbourne, Australia. Utilising Australian suppliers whenever possible, the ActivConsole ensures that up-to-date technologies, services and ongoing support remain local and readily accessible for their customers. Over the last 12 months, ActivConsole models have been implemented in & associated with a variety of large scale, state-of-the-art projects throughout many of Australia’s top industries. Spanning across the various sectors of road and rail, mining, military, casino gaming, oil and gas and air traffic control, the ActivConsole models are as diverse as ever and proving to be the backbone behind many every day critical applications
required to ensure the security of Australia’s future. Internationally, ActivConsole models have recently been commissioned and installed within several major projects in casino gaming, audiovisual and education industries located within South East Asia, New Zealand and the United States. Each new console produced, whether incorporating specialised high-tech hardware, advanced touch screen technology or simply just a retrofit to an existing application, is meticulously designed and tailored to suit its application – ensuring the highest levels of practicality, comfort and ergonomic benefit have been identified and utilised. ActivConsole’s trained in-house design team ensure that all consoles created recognise all relevant control room standards and meet all applicable requirements from Australian and New Zealand Standard 4443:1997 and ISO 11064-4. All height adjustable consoles created under the ActivConsole brand utilise proven, internationallyrecognised electric lifting actuator technology to ensure the functionality and safety of its height adjustable operation are never compromised. At the touch of a button, each operator can set and save their desired working height to ensure an ergonomically beneficial position is met, without having to compromise between sitting and standing. The pivotal element of every ActivConsole is ergonomics. Technically speaking, this is the optimum way an operator interacts with every aspect of the console in order to achieve their
performance objectives, whether seated or standing. All ActivConsole models are designed with ergonomics at the forefront, taking an active approach to ensure the operators and the tasks they perform are accounted for first, prior to any design work being undertaken. It is this approach that ensures all consoles are designed specifically for a certain task or role, all the while creating an innovative 24/7 working environment and increasing workflow and productivity. The success of ActivConsole is embedded in its long lasting quality and repeat interactions with existing customers. Aligning itself heavily within growing companies, industries and technologies, the ActivConsole has continued to diversify into a wide variety of thriving sectors, ensuring it remains a benchmark in the console industry and a mainstay for years to come. Despite its already expansive customer base, the ActivConsole continues to expand rapidly into a variety of different markets internationally and throughout Australia. As customers continue to ebb and flow with this ever changing marketplace, new sites are constantly being fitted out with new, state-of-the-art ActivConsole models and old sites are being retrofitted to compete with the dynamic requirements of large-scale automation synonymous with the 21st century. Whether it’s a new project, a refurbishment or simply a retrofit, the ActivConsole is the proven first step towards a healthier and more effective workplace. For more details on AME System and their ActivConsole range, visit their website at: www.activconsole.com
SECURITY SOLUTIONS 111
PRODUCT CANON / ICOM / OMNIVISON / SOCIAL MEDIA RULES OF ENGAGEMENT
CANON VB-R11 The VB-R11 Indoor Speed Dome Network Camera from Canon is ideal for virtually any indoor environment requiring maximum visual coverage. With 360° continuous rotation, 30x Optical Zoom, 58.4° wide-angle view, 180° tilting with automatic image flipping, and 450° per second high-speed precision pan/tilt mechanism, users can be assured they will receive accurate tracking and monitoring without any stop points. This newly developed lens includes advanced auto focus capability for high focus accuracy and digital image stabilization, High UltraLow Dispersion lens elements to reduce chromatic aberrations, and an anti-reflective infrared (IR) lens coating to help improve IR sensitivity and reduce ghosting and flaring in night mode for clean, sharp images. The cameras advanced optics, combined with a 1.3 megapixel high-sensitivity CMOS sensor and Canon’s advanced DIGIC DV III Image Processor help to ensure exceptional image quality and low-light performance. The VB-R11 is also equipped with a powerful Canon DIGIC NET II Processor for simultaneous streaming of H.264 and M-JPEG video streams in multiple resolutions for versatile monitoring and recording (including monitoring on compatible smart phones and tablets). Canon has also simplified the integration and management of its cameras. ONVIF 2.4.2 Profile S and Profile G conformance facilitates quick and easy camera integration into a security system. The new Canon Camera Management Tool (CCMT) permits a user to configure and manage most Canon devices from a single screen. The VB-R11 also comes equipped with a wide selection of image-enhancing technologies, including Canon’s new Haze Compensation and AreaSpecific Data Size Reduction (ADSR), as well as a selection of On-board Video Analytics which includes Moving Object Detection with auto tracking, Removed and Abandoned Object Detection, and new Scream and Intrusion Detection capabilities. For added flexibility the VB-R11 can also be placed into an optional outdoor housing, further expanding the markets and applications this camera can be used in. The VB-R11 offers multiple power options including 12 VDC, 24 VAC, and PoE, and two-way audio communication is also possible when a speaker and microphone are connected to the camera. When an organization requires maximum performance and coverage, it can rest assured that it will get all that and more with Canon’s VB-R11 Indoor Speed Dome Network Camera. For more information visit www.canon.com.au or see our video review on SecuritySolutionsMagazine.com
ICOM IP100H WLAN OR IP RADIO Icom’s IP100H WLAN or IP radio is a compact, yet powerful device. Measuring only 95 mm high (~3.7 inches) and weighing 205 grams, the IP100H is one of the smallest professional radios on the market. The IP100H WLAN or IP radio bridges the gap between license-free and licensed radio devices through the use of standard WLAN networking products as infrastructure. The system uses the IEEE 802.11 a/b/g/n standard and as such, requires no licensing. Furthermore, the system is easy to connect to an existing wireless network and allows full duplex communication with reliable sound quality. And because communications are distributed across WLAN access points in an IP network, the system is easy to expand system. Handsets communicate via the use of a IP1000C controller that connects to the wireless network and allows grouped users to hear and talk with another group (individual calls are also possible). For those users requiring a more flexible solution, full duplex communication (as with a regular telephone) is possible providing the function has been enabled in the IP1000C controller and the IP100H handset is connected to a headset. Other handy features include: Up to 27 hours operation with standard BP-271; High security with encrypted communication* (*AES Encryption); Vibration function for incoming calls; Waterproof in accordance with IPX7 Versatility The IP100H is ideal for use in many settings, including: Large Stadiums; Hotels/Museums; Shopping Malls/ Department Stores; Security/Guards; Hospitals/Care facilities. For more visit www.icom-australia.com or see our video review on SecuritySolutionsMagazine.com
112 SECURITY SOLUTIONS
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.
128 SECURITY SOLUTIONS
SECURITY SOLUTIONS 113
PRODUCT CANON / ICOM / OMNIVISON / SOCIAL MEDIA RULES OF ENGAGEMENT
MYHOME CONNECT The myhome connect system from Omnivision is the ideal solution for distributors, installers and locksmiths who are looking to increase their reach into the residential and domestic markets. This wireless security, monitoring, and surveillance system is a first-of-its-kind, plug & play home security solution for homes or businesses. It requires no pairing and installs in minutes. The system provides reliable, 24/7 high quality live video so users can monitor their home or business from anywhere in the world, and it seamlessly integrates multiple video streams from different locations into one easy-to-use smartphone interface. Leveraging the Oplink Smart & Secure Cloud Technology and integrated software service platform, TripleShield provides fast, accurate alerts and notifications to multiple authorized users. It will even record and send a video clip 5 seconds before and 25 seconds after an event is triggered, providing users with the verification they need to take appropriate action. Like all Oplink solutions, users can quickly and easily expand their system at any time by adding other Oplink plug & play devices, such as additional cameras or sensors. • This compact, easy to use and install system provides customers with peace of mind as they can secure their home as well as their holiday home. • The system provides a great way to ensure their elderly parents are OK while also allowing users to receive alerts when their children come home from school in addition to providing a way to watch over their pets when they are not home. • With this system, users can protect doors, windows, manholes, even the liquor cabinet, safe or jewellery box. Users can move cameras and sensors around as and when they want. • The system is idea for renters, as they can take it with them when they move. No wires! • Users can receive real time push notifications with audio and video to visually verify if an alarm is real or false. • The system enables up to 5 other family members to be connected so they can also receive push notifications simultaneously if the alarm is triggered. The even allows the addition of 5 additional contacts like friends and neighbours for a second level of protection. • For those clients wanting to expand beyond the basic security system, they have the option to add on other devices such as Smart Plugs, Flood Detectors, Heat & Sonic Fire Detector, and Panic/Duress Buttons. For more information visit myhomeconnect.com.au
SOCIAL MEDIA RULES OF ENGAGEMENT: WHY YOUR ONLINE NARRATIVE IS YOU BEST WEAPON DURING A CRISIS The way we consume information has fundamentally changed, and now there are more people listening than ever. Social Media Rules of Engagement gives you the tools you need to avoid scandal, manage a crisis, influence audience response and take ownership of your online narrative. The success of your organisation could depend on it. Through first-hand experience, leading social media crisis communicator Nicole Matejic demonstrates how to save yourself and your organisation from disaster. More than just an author, Nicole Matejic is an internationally recognised military information operations adviser and social media crisis communicator. She is the co-founder and CEO of global military think tank Info Ops HQ, a regular lecturer and trainer to NATO, and the CEO of Social Media Monster aka The #SocialFirefighter®, offering crisis communications services and training to both the public and private sectors. In this, her first book, Nicole shows readers: • how to plan for a social media crisis before it happens • what to do, and not do, in crisis communications • how to make big social media data work for you • why social media influence is the currency of the future. Whether you work in the private or public security, in military strategic communications, information operations, public affairs, crisis and issues management or corporate affairs, this book shows you how to manage your social media presence so your #PRFail doesn’t manage you. For more information visit www.amazon.com
114 SECURITY SOLUTIONS
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.
RECON NAV SPC Series No. 8831 (kilometers) or 8832 (miles): 46mm, carbon reinforced polycarbonate case and case back, unidirectional ratcheting bezel with aluminum ring compass rose, antirefl ective sapphire crystal, walking tachymetric scale, water resistant to 200 meters, black PU Strap with raised scale and compass attached, Luminox self-powered illumination. Swiss Made. Preferred timepiece of Swiss Special Forces and outdoor enthusiasts.
www.luminox.com
NSW Fredman SVW, Sydney, 02 9221 3373 | Hennings Jewellers, Narellan, 02 4647 8555 | Lewis Watchmakers & Jewellers, Coffs Harbour, 02 6651 1612 | Melewah Jewellery, Haymarket, 02 9211 5896 QLD Vintage Watch Co, Brisbane, 07 3210 6722 | Hatton Garden Jewellers, Beenleigh, 07 3287 1230 | Richardson‘s Jewellers, Kawana, 07 5444 3272 SA JJ Brown Watchmakers, Adelaide, 08 8223 3207 VIC 8th Avenue Watch Co., Emporium Melbourne, 03 9639 6175 | Ekselman Watchmakers & Jewellers, Melbourne, 03 9670 5353 | Uccello Jewellery & Watches, Altona, 03 9398 8551 | Temelli Jewellery, Highpoint S/C, 03 9317 3230 | Temelli Jewellery, Southland S/C, 03 9583 2633 | Temelli Jewellery, Westfi eld Knox City S/C, 03 9800 0799 | Highly Tuned Athletes, Hampton, 03 9598 7888 | Duffs Jewellers, Geelong, 03 5221 6636 WA The Watch Spot, Perth, 08 9421 1093 | Jools of Claremont, Claremont, 08 9385 5476 | All About Time, Balcatta, 08 9349 0600 | Carmen Jewellers, Midland, 08 9274 1080 NT Goldsmith Pty Ltd, Darwin, 08 8981 4448
SECURITY SOLUTIONS 115
SHOPTALK
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Vintech Systems Launches Bluetooth Low Energy Into The Australian Hospitality Market. Ever since RFID technology found its way into off-line battery operated locks, the market has driven the guest experience to the next level, trying to enable a faster check in process at the hotel / accommodation site. Vintech Systems has introduced true BLE functionality across its full range of locks and other devices. With the development of a seamless secure KABA “Legic Connect” tunnel, the encrypted locking package of data can be sent to any mobile device. Having first registered the device with the properties PMS (Property Management Software), a simple to use but very secure app can be downloaded allowing the use of the BLE functionality of the device to communicate with the lock. Using a very low energy wake up field, battery life of the locking device isn’t effected and the guest benefits from avoiding check-in queues. Additional BLE wall panels around the property and in the guest’s room allow even further integration and functionality. In addition to tracking the guest’s phone, the system can send messages to guests according to their location and activities, as well as providing the ability to control lights and other services such as air conditioning according to real room occupancy. For more Information on BLE technology, please contact sales@vintech.com.au
Seeking Champion Service - Dorma The Automatic Door Experts Why have your automatic door serviced Automatic and manual door operators and wall systems are complex pieces of equipment that are subject to punishing wear and tear. A regular maintenance program ensures that wearing components are replaced or a malfunction is addressed before it becomes a problem. Regular maintenance helps prevent accidents, prolongs the life of the product and ensures the safety of users while reducing breakdowns and the accompanying inconvenience. Australian standard AS5007 “Powered Doors for Pedestrian Access and Egress”, Clause 5.1.3 states that it is the obligation of the owner to ensure their automatic entrance undergoes service and maintenance at intervals no longer than four months. Automatic doors can cycle open and close hundreds of times every day, so part of routine maintenance must also include the checking of activation and safety sensors. Prevention is better than cure Well-maintained DORMA products can provide safe and efficient use for over 20 years and are vital to the smooth operation of any business. Consider the risks of inefficiently operating doors and operable wall systems – reduced security, increased downtime, productivity loss, customer complaints, acoustic reduction, soaring air-conditioning and heating costs. National service network With over 40 years’ experience in the door service industry, DORMA is committed to ongoing specialist training for our technicians and service agents. DORMA employs over 140 service technicians throughout Australia and New Zealand, and is supported by an accredited service agent network. For more Information, visit www.dorma.com.au or call 1800 675 411
116 SECURITY SOLUTIONS
we pick the industry’s brain for all the best information...
real security news as it happens 24/7 the NEW App from Security Solutions no longer just a magazine...
SECURITY SOLUTIONS 117
SHOPTALK
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
The New Standard in Risk Assessment and Security Certainly not the new chum on the block, Beaware Solutions is like a sleeping giant. Their consultants have qualifications in Security and Risk Management, are licensed under State laws and have over 20 years experience in law and security fields. Beaware consultants use the Australian Standards Handbook 167 and the Security Risk Management Body of Knowledge promoted through the Risk Management Institution of Australasia to provide a structured framework in assessing buildings, assets, processes and people – key elements of every client’s needs. Beaware Solutions provides a comprehensive approach to security assessments, including the use of Crime Prevention through Environmental Design (CPTED) principles. Instead of concentrating solely on CCTV, alarms, locks or grilles, their consultants concentrate on the total environment and procedures associated within that environment. Special attention is also paid to external factors that can impact any building and its occupants and they are familiar with how these external factors can not only effect the actual building, but also the business continuity and any required recovery process. They genuinely exercise a truly holistic approach by also addressing other items and systems such as lighting, landscaping, traffic management, paths, parking, access, usage, contractor and employee management, emergency equipment, and opportunities for improvement. Find out more by contacting the team at info@beaware.com.au or 1300 718 131
AST announce new updates to KeyWatcher Management System and KeyPro Plus AST is proud to announce the recent launch of the updated KeyWatcher Touch. The recent upgrades make this unit more user-friendly and capable than ever before due to the large 7 inch touchscreen, improved integration capabilities and convenient features such as a mobile application. However, standout additions are the “KeyAnywhere” feature, which will enable the user to return a key to any KeyWatcher in the organisation and the “KeyFind” feature that allows you to locate which KeyWatcher a specific key is housed in, or determine who has it out at the time. For AST’s established customers, the KeyPro Plus application provides a single application platform, allowing KeyWatcher Illuminated and KeyWatcher Touch hardware to work together. The KeyPro Plus allows for customers to introduce an upgrade path if they require the KeyWatcher Touch’s hardware features and enhancements from the existing KeyWatcher Illuminated, such as Scheduled Report, User Group Profiles and Real Time Monitoring. As the KeyPro Plus is an open source platform, it allows for high level interfaces to numerous Security Management Systems. In order to find out more about the new exciting changes, contact AST directly: www.astpl.com.au or 02 8020 5555.
118 SECURITY SOLUTIONS
A R T EX A R T EX
eNews
! t i t u o b a l Read al
your email address here
SUBSCRIBE
Security Solutions Magazine eNewsletter Sign up to our eNewsletter and receive up-to-date valuable information regarding all things Security.
www.SecuritySolutionsMagazine.com
SECURITY SOLUTIONS 119
SHOPTALK
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Ezi Security’s M50 Bollard Stands Up To Any Test Just over two years ago, Ezi Security’s M50 movable bollard by Elkosta was vehicle crash tested to the American standard test method (ASTM) F 2656-07 with a 6.8 tonne vehicle travelling at 80kph where it achieved a penetration rating of P2. However, it appeared that the ASTM is still not as widely accepted throughout the world as hoped, despite being an internationally recognised standard. For example, many Commonwealth countries still hold on to the British Publicly Available Specification (PAS) 68 for impact testing of vehicle security barrier systems. In light of a promising project here in Australia which involved a considerable quantity of movable M50 Elkosta Bollards, it was decided to retest the bollard to PAS 68:2013 to meet all specified requirements. Ezi Security are thrilled to announce that the M50 Bollard has once more been successfully vehicle impact tested to arrest a 7.5 tonne truck travelling at 80kph! The achieved performance classification of V/7500(N3)/80/90:5.2/7.8 and performance rating v/7200(N3C)/8-/90:5.5 as per PAS 68:2013 and IWA 14-1:2013 respectively match the P2 penetration rating previously accomplished with the crash test to ATSM standards. This was extraordinarily impressive considering the less than favourable conditions which were many times more challenging than the original ASTM test over two years prior. To find out more of the test and learn of the new improvements to Ezi’s new Wedge, contact them at: www.ezisecurity.com or 1300 558 304
Rock solid solutions for your Rock solid solutions for your security & safety projects
security & safety projects
How Does A Us$1.5 Billion Global Security Company Get Even Bigger? Easy… If you’re FLIR Systems, the world’s largest company specializing in the design and production of thermal imaging cameras. Pioneers in thermal imaging, FLIR Systems, tirelessly manufacture advanced systems and components that are used for a wide variety of thermal imaging, situational awareness, and security applications, including airborneFC-Series and ground-based surveillance, condition FC-Series monitoring, R navigation, recreation, S Onboard Video Analytics Onboard Temperature Measurement research and development, manufacturing process control, search and rescue, drug interdiction, transportation safety and efficiency, border and maritime FLIR FC-Series S cameras include on-board video analytics The FLIR FC-Series R features on-board, non-contact patrol, environmental monitoring, and chemical, biological, radiological, nuclear, and explosives threat detection. capabilities for true edge intrusion detection with human temperature measurement capabilities for fire detection, FC-Series S FC-Series R and vehicle classifi cation. These intrusion based alarms safety, andbeing thermal monitoring equipment. The temperature It seems the natural progression for this large US based company is its very own Day/Night (CCTV) camera range. Actively sold inofthe US for a few Onboard Video Analytics Onboard Temperature Measurement can be sent by email or ONVIF and configured with the measurement tools can be configured with the FC’s web FLIR web interface, iOS app or FLIR Sensors Manager interface, iOS app or FLIR Sensors Manager (FSM). Temperature years now, the IP and HD over coax range of dome, bullet and PTZ cameras along with DVRs and NVRs came about from FLIR’s acquisition of Digimerge (FSM) and to externalnon-contact systems such as video management based alarms can be transmitted by email, digital output and to FLIR FC-Series S cameras include on-board video analytics The FLIR FC-Series R features on-board, and Lorex (already the world’s eleventh biggest in sales ranking). FLIR Systems has established itself as one of the market leaders within the North systems (VMS). systems (VMS). external systems such as video management capabilities for true edge intrusion detection with human temperature measurement capabilities for fire detection, vehicle classifi cation. These intrusion basedthese alarms products are safety, and thermal monitoring of equipment. The temperature Americanandmarket (currently the only place sold). • Digital I/O contact • Wide temperature range • Power over Ethernet (PoE) • Available in 320 × 240 and can be sent by email or ONVIF and configured with the measurement tools can be configured640 with the FC’s web -50ºC to +70ºC high-resolution × 480 • Edge Storage The introduction of the Day/Night (CCTV) range will see interface, FLIR Systems aiming these products at• Wide theDynamic entryRange level segment of the Australian market where FLIR web interface, iOS app or FLIR Sensors Manager iOS app or FLIRformats. Sensors Manager (FSM). Temperature • Surge protection built in (WDR) (FSM) and to external systems such as video management based alarms can be transmitted by email, digital output and to currently only Asian branded products exist. The brand equity of FLIR Systems, combined with R&D and the quality of the US based giant, will ensure F I N(VMS). D O U T M O R E AT F L I R . C O M . A U / S E C U R I T Y- S O L U T I O N S systems (VMS). external systems such as video management systems 1300 729 987 NZ: 0800 785 492 INF O@FLIR.COM. AU growth in FLIR’s sales. V I S I T U S AT S E C U R I T Y 2 0 15 – S TA N D H . 3 7 I/O contact Wide temperature range • Power over Ethernet (PoE) Available in 320 and These• products are× 240 currently being finalised to fit within •the Australian market and• Digital we will see the complete range of the products launched at Security -50ºC to +70ºC high-resolution 640 × 480 • Edge Storage • Wide Dynamic Range formats. 2015 in Melbourne this year (visit FLIR Systems willbuilt beinoffering a full 3-year manufacturer’s warranty as well as full access to the FLIR • Surge protection (WDR) at booth H37). FLIR High Resolution Video Analytics Reliable Temperatures UP TO 640 x 480 THERMAL IMAGING INT RUS ION ALARM S DIS C ERN T HERM AL M ONITORI NG FO R Cloud (FLIR’s proprietary software system). HUM ANS & VEHIC LES EQUIPM ENT & SAFE T Y F I N D O U T M O R E AT F L I R . C O M . A U / S E C U R I T Y- S O L U T I O N S 1300 729 987 NZ: 0800 785 492 INF O@FLIR.COM. AU
V I S I T U Sor ATcontact S E C U R03 I T Y9550 2 0 15 2800 – S TA N D For more Information, visit www.flir.com.au
H.37
High Resolution
Video Analytics
Reliable Temperatures
UP TO 640 x 480 THERMAL IMAGING
I N TR U S I O N A L A R M S D I S C E R N HU M A N S & V E HI C L ES
TH ERMAL MONITORING FOR EQ U IP MENT & SAF ET Y
FC-Series Security Solutions 0615 210x276 fp.indd 1
120 SECURITY SOLUTIONS
5/12/15 9:06 AM
CAPTURE EVERYTHING IN THE HIGHEST OF QUALITY The VB-S30D is the world’s smallest* Full HD Pan-Tilt-Zoom camera that features a 3.5 X optical Canon zoom lens, strong WDR performance utilising Canon’s exclusive ‘Smart Shade Control’ and six advanced intelligent functions at the edge. Other models in the range include the VB-S31D (FULL HD, Pan-Tilt camera), VB-S800D (FULL HD, Fixed dome camera) and the VB-S805D (HD, Fixed dome camera). VB-S31D
VB-S800D
VB-S805D
When Clarity Matters – Choose the Premium Quality Range you can rely on. *
As at 1 April 2015
Available from:
For more information visit canon.com.au/networkcameras call 13 13 83 or email specialised.imaging@canon.com.au
Switch to the access control that changes with you.
Move to HID Global’s adaptable iCLASS SE® Platform and start using the technology of tomorrow, today. When it comes to access control, it can be difficult to stay ahead of changing security concerns and technology demands. Go with HID Global’s iCLASS SE® Platform — the new standard in access control that positions you for the future with an open, adaptable solution that easily integrates smart cards, mobile devices and whatever tomorrow brings. Join the revolution in evolution and get greater security, flexibility and simplicity. Make your change by visiting hidglobal.com or contact us at +613 9809 2892 or email at asiasales@hidglobal.com. © 2015 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo, the Chain Design, and iCLASS SE are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission.