A U S T R A L A S I A’ S L E A D I N G S E C U R I T Y R E S O U R C E F O R B U S I N E S S A N D G O V E R N M E N T
ISSUE #107 MAY/JUN 2017
ISSN 1833 0215
How Will The Australian Public Respond?
$9.95 inc GST / $10.95 NZ
When Terror Strikes:
NEED SERIOUS SECURITY? THE ANSWER IS EZI!
Ezi Security designs, manufactures and installs a premium range of electronic perimeter security products designed for both vehicle and pedestrian control. These consisting of a wide range of security products suitable for low to high-risk applications. Ezi Security Systems has been manufacturing quality security products for over twenty-one years with equipment is installed in some of the very harshest of environments the planet has to offer. And all with outstanding results. While Ezi has a commitment to innovative design and quality products we also fully understand the importance of easy and efficient after sales service. Ezi Security Systems services and maintain the products we sell to ensure that your critical infrastructure and personnel are protected at all times. “ALL EZI SECURITY SYSTEM PRODUCTS ARE BUILT TO LAST A RELIABLE THIRTY YEAR (PLUS) PRODUCT LIFE SPAN WHEN MAINTAINED”
Ezi Security Systems has the most extensive offering of Hostile vehicle barrier products (HVB’s) and has the expertise to design and secure any critical infrastructure or site of national importance. Ezi has an extensive range AVB and HVB Crash Certified products such as the world famous TruckStopper, the renowned K12 Wedge, crash boom beams and crash rated static and automatic bollards. Ezi Security Systems has all the realistic solutions to meet your high security requirements while maintaining an aesthetically pleasing solution for your site. All Ezi Security System AVB & HVB have been vigorously crash tested and certified to meet all ASTM, IWA and PAS 68 stipulations. Ezi Security and its partners continue to the push boundaries on all crash products with our in-house R&D security experts providing market leading products designs. This specialist ability also involves our renowned installation expertise and advice with the all important civil work design & engineering. Ezi Security believes in pushing design frontiers for its products to keep pace with marketplace and security priorities. This year alone Ezi and PPG have successfully worked with CTS and crash tested to Pas 68 in 2016 the following products:
•
M30 Bollard Performance rating V/7500[N2]/48/90:0.0/0.0
•
M50 Bollard Performance rating V/7200[N3C]/80/90:5.5
•
Wedge II Performance rating V/7500[N3]/80/90:0.0/20.7 (tested with 4 m blocking width)
With our highly chosen business partners being the best in their field and coupled with our own Ezi Security R&D in house design team Ezi Security continue to push boundaries on market leading and state of the art crash rated designed products. Our ability also involves installation expertise and advice with all important civil work design & engineering.
Ezi also takes pride to provide our clients with more than just perimeter security solutions. We also offer a quality range of internal pedestrian control products from Werra Entrance Control. The Werra Entrance Control range compliments perfectly the already strong offering of pedestrian security control that Ezi Security currently offers to the market. The range includes a wide variety of systems suitable for pedestrian access management that includes the ability to hold and isolate persons of interest and/or concern. Ezi Security again has a quality product for every threat and contingency for building personnel security. All products offer quick access for authorised persons and reliable protection against unauthorised access. With a flow rate of up to 35/min even large flows of people can be monitored and controlled effectively. Werra Entrance Control not only stands for innovative for the individual’s passage of person, but also is an extension for our philosophy of being a professional fullservice provider of all components within perimeter security and access control. Ezi Security Systems, and their business partners, are privileged to be protecting some of the most prestige and iconic man made marvels of the modern era from the Burj Khalifa Tower in Dubai to Australia’s very own Parliament House in Canberra.
IF SERIOUS SECURITY IS YOU REQUIREMENT, LOOK NO FURTHER THAN EZI! FIND OUT MORE ABOUT US!
AUSTRALIA NATIONAL
1300 558 304 11 Cooper Street Smithfield NSW 2164 www.ezisecurity.com.au sales@ezisecurity.com
CUSTOMISABLE ELECTRIC HEIGHT ADJUSTABLE SIT STAND CONSOLES
Does your control room meet
Australian Ergonomic Standards?
www.activconsole.com
Clayton VIC 3168
Safe Work Australia, Nov 2015
“...in 2012-13 the cost impact of work-related injuries and illnesses was estimated to be just over $61 billion...�
State-of-the-art ergonomic lifting technology Lifetime Australia phone support AS/NZS 4443:1997 & ISO 11064
+61 3 9574 8044
sales@activconsole.com
CONTENTS107
COVER STORY: AFTER THE ATROCITY: HOW WILL THE AUSTRALIAN PUBLIC RESPOND?
052 032
Over the past two years, Australia would have experienced 15 terror attacks, including public beheadings, if most plots had not been foiled in their advanced stages, according to police. Government agencies have done a great and cohesive job to stop attacks but we won’t always be so fortunate. Security expert Lyndall Milenkovic draws on over 24 years of experience in the risk arena, specifically in emergency management, including four Olympic Games, two Commonwealth Games and the World Expo in Shanghai, to examine how Australia might respond in the wake of a major terrorist incident.
HEALTH PREPAREDNESS AND AUSTRALIAN COUNTERTERRORISM STRATEGY Anthony Bergin, senior research fellow at Australian National University’s National Security College and a senior analyst with the Australian Strategic Policy Institute (ASPI), looks at the potential adverse health consequences which may follow a mass casualty attack in Australia. How bad would it be and what could and should we be doing to minimise the effects of such an incident?
060
GOVERNANCE OF EMERGENCY INCIDENT MANAGEMENT Neil James, Executive Director of the Australia Defence Association, examines the structure of ministerial governance of the agency or agencies concerned in dealing with major incidents and the legislation under which they operate. Are they actually fit for purpose and how can this fitness be best maintained?
070
HOUSTON: WE HAVE A PROBLEM! Jo Stewart-Rattray, Director of Information Security & IT Assurance, BRM Holdich and ISACA International Board Director looks at the issues around the lack of women in technology roles in the security industry and the technology sector in general.
084
SECURITY LEADERSHIP Former lawyer, NSW Legal Services Commissioner and current Registrar for the Australasian Register of Security Professionals, Steve Mark draws together ideas, comments and suggestions from a number of ‘experts’ and then presents a small case study from the author’s own experience around what it takes to be an effective security leader following a major incident.
088
WHEN RISK BECOMES REALITY Michael Dever offers insights into contemporary security risk management methodologies and the design and management of physical security systems. In this article, Michael focus on the process side of security risk assessments that are used to provide decision makers with appropriate advice about any protective security measures that may be required following a major incident.
004 SECURITY SOLUTIONS
We are a leading player in the biometric identification market by pioneering In Motion Identification (IMID) access, a multimodal verification for instant, seamless, and non-invasive verification. Ask us about advanced features such as multi-modality, speed of identification, our committed accuracy, anti-fraud algorithm, double factor availability, restricted people alerts, simultaneous identification.
The solution is designed for enterprise and can be easily integrated with existing infrastructure. It can be added to any existing door, turnstile or speed stile, and any access control solution. Ask us about high availability, scalability, cyber security and encryption, multi-site management, traceability and auditability, our APIs and ease of integration.
FST Biometrics is a leading identity management solutions provider. The company’s IMID™ product line offers access control through its proprietary In Motion Identification technology. This provides the ultimate security and convenience for users, who are accurately identified without having to stop or slow down. IMID™ solutions integrate a fusion of biometric and analytic technologies that include face recognition, body behavior analytics and voice verification. For more information, please visit http://www.fstbm.com.
With IMID Access, authorized users do not have to slow down, sign in or stop. Rather, they are identified in motion, and granted seamless access to buildings and facilities. Ask us about our rich out of the box functionality, such as visitor management, time attendance, notifications, digital doorman and mobile applications.
Add-On APAC Innovative Solutions offers converged physical, cyber and communication security solutions. Operating across the Asia Pacific region, we harness advanced products and ground-breaking technologies, helping our customers transform the way they protect people, information and assets. Learn more about us at http://www.addonapac.com. Add-On APAC Australia Pty Ltd info@addonapac.com, 03 9607 8465
IMID is the future of access control. Prefer to take your own conclusions?
Ask us for a product demonstration, and see it for yourself. SECURITY SOLUTIONS 005
CONTENTS107 010
040
LETTER FROM THE EDITOR
012 LEADERSHIP Jason Brown looks at leadership in the wake of a major
044 CCTV Leading CCTV expert Vlado Damjanovski looks at the
importance of designing CCTV systems to provide the necessary information to help deal with major incidents.
incident.
014
CYBER SECURITY How should companies respond to a data breach?
048 BUSINESS What are the four steps crucial to integrating risk management into strategic planning.
016 RESILIENCE What is the role of security professionals in mass gatherings?
018
058
HUMAN RESOURCES How should your organisation deal with disaster recovery and response from a human resources perspective.
020 RISK MANAGEMENT What does risk management look like after a major attack?
looks at Critical Incident Management and the importance of post incident actions within a system.
064
LOSS PREVENTION What are the keys to developing a plan for dealing
with busy retail periods?
072 AVIATION Aviation is always one of the hardest hit sectors in the
wake of a terrorist attack. How can the aviation industry better prepare, from a security point-of-view, for effectively responding to a major incident?
professional relationships ‘before’ a major incident occurs?
THINKING ABOUT SECURITY How can the security industry help shape Australia’s response to an attack?
028 EVENTS A look at upcoming industry events.
076 ACCESS CONTROL How do you protect sensitive sites in a constantly changing and evolving security landscape?
080 PROFESSIONAL DEVELOPMENT How can security managers more effectively shape the thinking of an organisation’s senior management team in preparation for dealing with major incidents?
036 ALARMS When everyone is clamouring for equipment following a major incident, how should suppliers interact with customers?
032
LEGAL Q&A Dr Tony Zalewski
024 COMMUNICATIONS Why is it so important to develop good 026
OPERATIONS Richard Kay examines the building blocks required in order to successfully prepare officers for dealing with dangerous events.
068
088
092
SECURITY STUFF
106
PRODUCT SHOWCASES
094
SPOTLIGHTS
110
SHOPTALK Company announcements from within the industry.
100
PROFILES
006 SECURITY SOLUTIONS
SECURITY SOLUTIONS 007
www.securitysolutionsmagazine.com
Editorial Editor: John Bigelow john@interactivemediasolutions.com.au Sub-Editing: Helen Sist, Ged McMahon Special Guest Editor: Don Williams Contributors: Anthony Bergin, Karissa Breen, Jason Brown, Greg Byrne, Rod Cowan, Vlado Damjanovski, Mike Dever, Kevin Foster, Neil James, James Jordan, Steve Lawson, Steve Mark, Lyndall Milenkovic, Laurie Mugridge, Rita Parker, Daniel Pinter, Jo Stewart-Rattray, Don Williams, Tony Zalewski.
Advertising keith@interactivemediasolutions.com.au Phone: 1300 300 552
Marketing & Subscriptions admin@interactivemediasolutions.com.au $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)
Design & Production Graphic Design: Jamieson Gross graphics@interactivemediasolutions.com.au Phone: 1300 300 552
Accounts accounts@interactivemediasolutions.com.au Phone: 1300 300 552
Publisher
ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au Disclaimer The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein. The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.
RS A DE VI
SSOCIATI
ON
ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au
O
SECURIT Y
PR
RALIA LTD UST FA
O
Written Correspondence to:
Or i g i n a l Si z e
O C I AT I
ON
Y P R OVI D
RIT
CU
D LT
SE
PR O
ASS
SPAAL
AU S T R A L I A
STRALIA LTD AU
SECURITY
RS
OF
E
Official partners with:
SSOCIAT IO N
OF
RS A DE VI
blue colour changed to this colour green.
COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................
008 SECURITY SOLUTIONS
Series 2005 is the leading brand of 19” rack mount enclosure for data and communications installations, with a huge range of sizes. MFB have the right cabinet for your needs.
When you choose Australian made, you’re choosing more than quality and reliability, you’re choosing peace of mind.
DESIGNERS & MANUFACTURERS OF 19” RACK SYSTEMS
MFB’s range of innovative racking solutions is proudly made onshore, to ensure quality and consistency above all others. Backed by constant development, unsurpassed customer support and expedited delivery. MFB proves a solid project partner whatever your requirements. Australian made, makes Australia. With a solid history of over 45 years of supplying innovative, off-the-shelf and custom built racking systems, you can rely on MFB to ensure when you buy Australian, you’re investing and supporting Australian industry.
AUSTRALIAN MADE MAKES AUSTRALIA
www.mfb.com.au
VIC NSW -
P (03) 9801 1044 P (02) 9749 1922
F (03) 9801 1176 F (02) 9749 1987
E sales@mfb.com.au E sydney@mfb.com.au
SECURITY SOLUTIONS 009
LETTER FROM THE EDITOR It is an honour to be invited to be guest editor of Security Solutions Magazine. I take this opportunity to thank John Bigelow for his ongoing commitment and hard work over more than 17 years in keeping us informed, educated and constantly challenging us to improve ourselves and the security industry. As the Irish Republican Army (IR A) said after the Brighton bombing failed to kill Margaret Thatcher, “You have to be lucky every time, we have to be lucky once.” Australia will suffer a major security incident resulting in multiple deaths, many casualties and a severe shock to our image as a safe society. The groups that want to kill really have not changed since the 1960s, although they take turns being most prominent: fringe right and left wing parties, animal rights activists and eco-terrorists, ethno-nationalists and separatists, and religious and social extremists. Through a combination of good policing, intelligence, community liaison, social cohesion and luck, we have avoided a major atrocity, so far. As security managers and practitioners, we concentrate on protective security – preventing the incident from occurring. While we recognise the importance of consequence management, it usually receives considerably less thought than the likelihood part of the risk equation. This issue of Security Solutions addresses the question of what happens when the risk is realised. It will be interesting to see how we, as a society, respond when we are finally attacked in a way that shakes our fundamental belief in who and what we are. Will we lose faith in our system and leaders because they failed to protect us, or will we bind together under adversity to become stronger and more unified? The contributors to this issue were asked to consider what happens “after the incident”. They all raise interesting questions and, in some cases, provide answers. The articles cover legal aspects, sector leadership, government response, resilience, cyber concerns, emergency management and legal issues. The cover story addresses how we as a nation, and as a society, will respond, as well as the role of the security professional, noting that we are also members of the community and, although we may have a better understanding of what happened and why, will still be affected along with the rest. In all cases, it is apparent that more work needs to be done and we who are responsible for preventing it cannot just wash our hands and say “well now it has happened it is not my problem, talk to business continuity planning”. We need to be involved in the post-atrocity planning and probably help lead the discussion. Securing of the business during and after the incident will be needed, as will working with others to secure the survivability of the organisation. It is not a matter of if but when and we should be ready; apparently, we are not.
Don Williams Special Guest Editor
010 SECURITY SOLUTIONS
REGULAR
LEADERSHIP Leadership and command is not exercised by retreat to so-called coordination or to broad oversight. Leadership and command is not exercised by being available if necessary at the end of a telephone.” So, what does this mean? In summary, to be a leader in the face of disaster, one needs the psychological traits and the leaderships skills to suit the situation. Leadership comes to the fore in times of crisis and disaster; it comes from the heart, not just the brain.
Post-Disaster Leadership By Jason Brown In my last column, I discussed situational leadership and now I will consider a particular situation for leaders – post-disaster or traumatic incidents. At a time of crisis and disaster, the managerial rule book fails, as it is the innate traits and the learned high-end competency for leading and supporting people in stress that becomes more relevant. Consider some innate traits: • Empathy – the experience of understanding another person’s condition from his/her perspective. You place yourself in his/her shoes and feel what that person is feeling. • Sympathy – (from the Greek words syn ‘together’ and pathos ‘feeling’ which means ‘fellow-feeling’) is the perception, understanding and reaction to the distress in others. • Selflessness – having, exhibiting or motivated by no concern for oneself; unselfish: a selfless act of charity. • Esprit de corps – a common spirit of comradeship, enthusiasm and devotion to a cause among the members of a group. • Compassion – a feeling of deep sympathy and sorrow for another who is stricken by misfortune, accompanied by a strong desire to alleviate the suffering. The Harvard Business Review suggests, “There is, however, something leaders can do in times of collective pain and confusion. By the very nature of your position, you can help individuals and companies begin to heal by taking actions that demonstrate your own compassion, thereby unleashing a compassionate response throughout the whole organization.” When compassion is derived from empathy and is converted into action, it can touch all concerned. In the boxed quote at the end of this article from
012 SECURITY SOLUTIONS
Harvard (https://hbr.org/2002/01/leading-in-timesof-trauma), we can see the personal actions by the leader making a difference. The full article also has a telling comparison example of a leader who did the reverse. But what about the practical competence? Leaders in a time of crisis need to demonstrate the following skills and knowledge: • Two-way communications – listen, hear and speak; the process by which information is exchanged between individuals. It requires a shared understanding of symbol systems, such as language and mathematics. Communication is much more than words going from one person’s mouth to another’s ear. In addition to the words, messages are transferred by the tone and quality of voice, eye contact, physical closeness, visual cues and overall body language. • Organisation – the ability to efficiently allocate time, energy and resources in order to achieve a goal. • Decisiveness – the ability to make decisions quickly and effectively. • Delegation – the capacity to allocate authority, responsibility and resources to achieve a task. • Command – to direct with specific authority or prerogative; order: and to deserve and receive (respect, sympathy, attention and so on): Jack Rush, QC, counsel assisting the Royal Commission into the Victorian fires said, “We submit that leadership cannot be divorced from command. Command does not necessarily involve the issuing of orders or directions, or swooping in to take over at an incident control centre. Command demands a presence: to inform, and if necessary, reassure and inspire. But also to oversight and monitor to ensure that key objectives are being met by subordinates.
Jason Brown is the National Security Director for Thales in Australia and New Zealand. He is responsible for security liaison with government, law enforcement and intelligence communities to develop cooperative arrangements to minimise risk to Thales and those in the community that it supports. He is also responsible for ensuring compliance with international and Commonwealth requirements for national security and relevant federal and state laws. He has served on a number of senior boards and committees, including Chair of the Security Professionals Australasia; Deputy Registrar Security Professionals Registry – Australasia (SPR-A); Chair of the Steering Committee for the International Day of Recognition of Security Officers; member of ASIS International Standards and Guidelines Commission; Chair of Australian Standards Committee for Security and resilience. TJX president and CEO Edmond English, who lost seven employees aboard one of the planes that hit the World Trade Center, gathered his staff together shortly after the attacks to confirm the names of the victims. He called in grief counsellors the very same day and chartered a plane to bring the victims’ relatives from Canada and Europe to the company’s headquarters in Framingham, Massachusetts. He personally greeted the families when they arrived in the parking lot at midnight on September 15. Although told by English that they could take some time off after the attacks, most employees opted to come in to work, as English himself had done, and support one another in the early days following the tragedy.
• INNOVATIVE PRODUCT DESIGN • BULLET RESISTANT CERTIFIED • BURGLARY RESISTANT CERTIFIED • UNIQUE HPJ CONCEPT
High Security Anti-Tailgating Portals
44
YEARS IN SECURITY
With over 40 portals in the range here is a closer look at two C3 Security Portal
HPJ140 Security Portal
The C3 Security Portal offers
The HPJ140 Security portal offers
•
Ultra Sonic Tailgate Detection
•
Unique Half Portal design to ‘cap’ an existing access controlled door
•
890mm entrance for DDA compliance
•
Ultra Sonic Tailgate Detection
•
Open design for maximum user comfort
•
900mm to 1200mm entrance for DDA compliance
•
P1A all the way up BR4 and WK4 glass construction
•
P1A all the way up BR4 and WK4 glass construction
www.pathminder.com.au
Phone: 1300 750 740 SECURITY SOLUTIONS 013
REGULAR
CYBER SECURITY Responding To A Data Breach
By Karissa Breen It is coming up to the weekend and everyone is starting to relax; the beer and champagne are coming out and everyone is now talking about their weekend plans. I see some senior leaders gathering and going in and out of meeting rooms. Uh oh, something is definitely going on. I hope it is not because my time sheet was late. The senior leaders are starting to look more worried and appear a bit lost. I have now been told my presence is required at a meeting. I am definitely feeling anxious; it is not about the time sheet, something worse. It is 4pm, I have had a long week and I just want to go home. I walk into the meeting room and a few faces look at me in shock. “We have been breached.” Well, that was that, we have been breached. We will need a team to work over the weekend to assist with this incident. We are going to need a plan, we are going to need to identify what went wrong, what data has been breached and what we are going to say to our clients. We are a newly formed company, this is not good for our reputation. This story sets the scene on what does happen within organisations and it sometimes does happen on Friday afternoons; unfortunately, that is just the nature of the business. Everyone is puzzled as to how this has happened, as it has never happened before. But how can they be so sure?
014 SECURITY SOLUTIONS
Data breaches hold a significant risk to organisations within Australia. These breaches represent companies which fail to protect confidential data, opening a gateway to fraud and data exfiltration. A data breach is an incident that involves sensitive information, which has been viewed or stolen by an unauthorised source. Companies and consumers are affected by their data being exposed. The internal dialogue starts going through everyone’s heads – what happens now, how does the organisation circumvent this? The answer is that Australia has now implemented laws that stipulate mandatory notification to the Australian Information Commissioner and communication must be made to members of the public when companies are aware they have been breached. They can no longer keep quiet or try to bypass a community announcement, as this is now incumbent of the law. These mandatory laws have now brought the Australian standard in alignment with other countries around the world, which have implemented the same requirements. Australian organisations want to engender trust in their clients. They want to demonstrate that they take their privacy and security seriously by implementing the appropriate
security controls. Addressing data breaches in the Australian market will generate awareness and assist in maturing the industry. In the event of a data breach, organisations will either have their own internal security team perform the investigation or an external consulting firm to determine what went wrong, what data was compromised and to generate a response strategy, as well as to provide a road map to uplift a company’s current security posture. Breaches are becoming more prominent as the world moves towards a digital economy. Regulations have been put in place to assist in mitigating the potential risk due to these attacks. It does not matter the size of the company, big or small. All companies are at risk of having a potential data breach; it is about how they respond to them and what they are doing on a day-to-day operational basis to ensure they are being smarter than the cybercriminals.
Karissa Breen is currently working as a BDM for Green Light who are an IT service provider and has a background in Cyber Security and has consulted to financial institutions. Karissa publishes her own IT blog.
S K Y H AW K FOR VIGILANT SURVEILL ANCE
L E A R N M O R E AT S E A G AT E . C O M / A U
SECURITY SOLUTIONS 015
REGULAR
RESILIENCE Mass Gatherings – The Role Of Security Professionals By Dr Rita Parker
Without doubt, concentrations of large numbers of people in accessible places are potential targets for terrorist and criminal attack and present a unique set of challenges to security professionals. Places of mass gathering include sporting venues, shopping complexes, open-air markets, business precincts, tourism and entertainment venues, cultural facilities, hotels and convention centres, public transport hubs and major planned – and unplanned – events. Mass gatherings, particularly in larger cities, provide opportunity for attack because of their accessibility and vulnerability. They potentially have high symbolic value and high impact imagery is generated by an attack. Above all, mass gatherings have potential consequences in terms of mass casualties, economic impact and generating fear in the broader community. The Melbourne Bourke Street attack in January this year, the truck attacks in Berlin and Nice last year, the attacks at the Bataclan Concert Hall and the Stade de France in Paris in 2015, and the 2013 Boston Marathon attack all highlight the vulnerability of planned and unplanned mass gatherings in their many forms. While event managers, and owners and operators of places of mass gathering, are responsible for taking reasonable steps to ensure the protection and safety of people, responsibilities are now more broadly shared. In 2009, the Australian National Counter Terrorism Committee noted that the protection of places of mass gathering is most effectively delivered through a business–government partnership, and it agreed to coordinate at a national level the work associated with protecting places of mass gathering.
016 SECURITY SOLUTIONS
This was a notable shift in public policy and a recognition of the role of the private sector. Prior to 2000, national security policy focused primarily on securing state assets against international terrorism and it was almost exclusively delivered by government security services. At that time, and in keeping with traditional views of security, security professionals in the private sector played little or no role. This has changed considerably today, where security professionals now play a valued role in securing and maintaining critical infrastructure and major events, as well as essential services and personnel. This change is evidenced by the number of public–private partnerships in which governments, national and state, have increasingly sought to cooperate with private corporations and businesses as well as with regional and local authorities. While the media often focus public attention on the tragedies of attacks on mass gatherings, many mass gatherings, including those of significant size such as the Rio Olympics and the 2017 Super Bowl can, and do, take place without incident. While the level of risk and vulnerability can never be completely mitigated for any mass gathering, contributing success factors reflect increased efforts to focus on preparedness and preventative aspects of the resilience cycle. This means moving beyond the ability to absorb shock, with the focus instead on the ability of businesses, governments and communities to take preventative action. This has been an important and significant step-change. To assist security professionals to meet the challenges of mass gatherings, there is a wealth of publicly available material and tools to increase their awareness and knowledge to build resilience, security and safety at mass gatherings. For further reading on this topic, I suggest three important and useful publications. First, the
National Guidelines for the Protection of Places of Mass Gathering from Terrorism (2011) which was supplemented in 2015 by the second publication, the Active Shooter Guidelines for Places of Mass Gathering. The third relevant publication is Improvised Explosive Device Guidelines for Places of Mass Gathering. These improvised explosive device (IED) guidelines, released in 2016, are designed to help governments and businesses protect Australians from the potential use of IEDs in places of mass gathering and to prevent, prepare for and respond to an attack. All three publications were developed by the Australia-New Zealand CounterTerrorism Committee (ANZCTC). Minimising and mitigating risks and threats at mass gatherings is a collective responsibility and all security professionals can contribute by building resilience to make future events safer and more secure. Dr Rita Parker is a consultant advisor to organisations seeking to increase their corporate and organisational resilience and crisis management ability. She is an adjunct lecturer at the University of New South Wales at the Australian Defence Force Academy campus where she lectures on resilience and nontraditional challenges to security from non-state actors and arising from non-human sources. Dr Parker is also a Distinguished Fellow at the Center for Infrastructure Protection at George Mason University Law School, Virginia, USA. She is a former senior advisor to Australian federal and state governments in the area of resilience and security. Dr Parker’s work and research has been published in peer reviewed journals and as chapters in books in Australia, Malaysia, the United States, Singapore and Germany, and presented at national and international conferences. Rita holds a PhD, MBA, Grad. Dip., BA, and a Security Risk Management Diploma.
C
M
Y
CM
MY
CY
CMY
K
Why force customers to collaborate when they are just happy to do it?
Open technologies for a safer world
Be STid, be free Open technologies for secure and smart access control Expert in contactless identification for security and industry for 20 years. First RFID manufacturer to have received the ANSSI French Government Security Certification.
SECURITY SOLUTIONS 017
REGULAR
HUMAN RESOURSES Disaster Response And Recovery From A Human Resource Perspective By Greg Byrne One of the most important responsibilities of human resources (HR) is to prepare for a disaster, including streamlining safety initiatives, communicating with employees and headlining crisis management efforts. Beyond this, organisations also have a duty to protect their workers’ safety while on the job. Work Health Safety legislation places onus on businesses to provide an environment free from hazards that can cause death or physical harm. As an involved member of a crisis management team, the HR manager/department responsibilities at the planning/preparation stage include: • assisting in the development of a crisis management team • development of a robust strategy that preserves HR records, such as personnel files, payroll, rosters, sales records and so on • development of a communication strategy that identifies the various means of communication with employees, customers and critical business partners • keeping a list of 24-hour emergency numbers for all employees (especially critical for casual staff who could easily seek employment with a competitor) and develop a call tree to keep employees informed • involvement in business risk management planning • assisting with risk assessments and strengths, weaknesses, opportunities and threats (SWOT) analysis
018 SECURITY SOLUTIONS
• development of a contingency recovery plan with the crisis management team – this is a current document outlining the organisation’s chain of command, worst-case scenarios and so on • ensuring there is a clear link between the plan and the organisation’s mission and core values • consideration on what to do if the ability to deploy and locate staff is lost or, if staff are unable to temporarily relocate (such as control room) or work remotely (e.g. locksmiths) • consideration of the ramifications for disruption to the supply chain and of engaging more than one supplier for staff uniform, equipment and storage of HR records. Planning considerations should address: • How will this event affect people? • Are there adequate workers compensation provisions? • Is the organisation able to stop or lessen the crisis in any way? • Does the organisation have the resources to react in a meaningful or effective way? • What happens if HR is not involved in planning and reacting? Once a plan has been developed and approved by the senior management team (or the board) it should be rolled out. Roll-out can include distribution to those who have a role to play in responding (some employees and most
supervisors). Roll out should also include training on how and when to activate the plan and who are the initial contacts and who should be informed of the crisis. On an ongoing basis, the plan should: • be updated and tested regularly; one of the roles of that person or department responsible for the plan is to ensure it is updated (phone numbers, new and leaving staff contact details) • be tested through regular crisis management team meetings and either field exercises (such as evaluations) or table-top exercises • update relationships with assistance providers such as the local fire and police departments, utility companies, community assistance organisations and government agencies. In the response phase, it is HR’s role to act as part of the crisis management team and ensure that the team and the organisation has the will and ability to implement the plan effectively. This should include: • assisting the senior management team to preserve the business or organisation’s reputation – this immediate and direct action can include management of stakeholders, continued deployment of guards and staff, and ensuring that customer appointments are being kept • ensuring staff and customers are evacuated to safe locations and their welfare and basic needs are being managed; further, that movement of
HUMAN RESOURSES staff is managed and that HR knows who is on duty, where they are and who has been sent home. • ensuring payroll records are maintained • ensuring all HR records are protected by being backed up, preferably in the cloud through a reputable service provider – most payroll software will automatically backup payroll and personnel data, such as annual leave balances and so on. As part of the recovery phase, HR should: • participate in recovery and focus on the safety, welfare and health of all employees and identify post-emergency assistance including, where
appropriate, employee psychological recovery and debriefing • assist the organisation to return to business as usual as quickly as possible • analyse current plans after disasters or emergencies to reveal possible emergency prevention opportunities. HR professionals, including those in the security industry, play an integral role in the survival of an organisation. They provide invaluable sustainability tools, can successfully protect employees and can ensure that business continuity occurs in a timely fashion.
Greg Byrne is the Managing Director of Multisec Consultancy Pty Ltd. He lectures part-time at the Western Sydney University for an undergraduate diploma in policing and is a sub-editor for and board member of the Australian Police Journal. His academic qualifications include Master of Management, Diploma of HR, Grad Cert in Leadership and a Diploma a Security Risk Management. Greg can be contacted via email greg@multisec.com.au
FAST. SILENT. STYLISH. Our award winning speedgates keep your building secure with style. Find out which speedgate is right for you.
1300 858 840 www.entrancecontrol.com.au SECURITY SOLUTIONS 019
REGULAR
RISK MANAGEMENT Risk Management After the Atrocity
By Dr Kevin J. Foster For this issue, I was asked to write about risk management as it would apply in the aftermath of a terrorist attack. It is an interesting subject because if risk management strategies had been effective then arguably, the atrocity would not have occurred. However, disturbing surprises and risk management failures do happen. I want to look at risk management from the point of view of both sides – those on the receiving end of a terrorist act, and those who form the organisation or group delivering politically motivated violence. Terrorist acts are usually a form of violent political protest against the established order. From the terrorist’s point of view, this violent action is a form of societal risk management, albeit an extreme type. For circumstances when conventional risk management by the establishment ceases to be effective, then resilience is required. This resilience may be in technical, organisational or societal dimensions. For example, some level of physical resilience to blasts might be achieved using standoff distances created with vehicle barriers; resilient structures such as blast walls; or perhaps special film on windows to minimise harm from fragments of glass which are imploding into a room full of people. Good crisis management, business continuity planning, simulation exercises to practise the response, and procedures to recover operations quickly, all help with resilience. Risk managers need to plan for surprising disasters by drafting crisis management frameworks that might be utilised by crisis
020 SECURITY SOLUTIONS
managers immediately after an atrocity. Planning for the aftermath of catastrophic events is a type of risk management but quite different to conventional notions. I refer to post-atrocity risk management as ‘Type 4’ Risk Management. The first three types include risk management aimed at achieving high reliability operations in a regulated environment (Type 1); risk management directed at maximising the payoff in a competitive business environment where accidents or errors are normal (Type 2); and risk management in a political environment directed at finding a compromise solution that is tolerable for the majority of stakeholders (Type 3). In a Type 4 situation, all stakeholders are equal in that all are exposed to extreme danger, and survival is the primary consideration. A crisis manager needs to determine the immediate response to the catastrophe. The risk manager needs to think about strategies to return the organisation back to a steady-state condition. This may involve transitioning through different states or types of risk management, determined mostly by the nature of the operational environment through time. The worst case for risk management is when the maximum environmental variety exists. This is referred to as a ‘turbulent field’ (Emery and Trist 1965). After an atrocity of catastrophic proportions, relatively insignificant events are seemingly amplified within the turbulent field and so the organisations and people within the disaster zone find it difficult to predict future safe states of this new environmental reality. Conventional risk
Risk managers need to plan for surprising disasters by drafting crisis management frameworks that might be utilised by crisis managers immediately after an atrocity.
management thinking and tactics may be difficult to implement. Where is safe? How can people in the disaster zone find a safe place? What will happen next and how can people in the disaster zone cope with the hazards? A turbulent field is an inherently unstable nonlinear environment. It is one the inhabitants might perceive as ephemeral (Thompson, Ellis and Wildavsky 1990) or chaotic (Christensen 1985). Survival is determined by the environment and not guaranteed by tactics, operations or strategies. Crises prevail. The number of choice opportunities are too numerous and too disorganised (Jarman 2001) to evaluate in a value free way. Any small movement in the wrong direction could be fatal. Therefore errors of judgment are not acceptable. Risk is everywhere but rejected and deflected. The environment is dualistic, being both the
TALL. FAST. STYLISH. Our award winning speedgates combine state-of-the-art optical technology with a high barrier height to protect your building.
EASYGATE SPT
• • • •
Barrier heights up to 1800mm Fast throughput (up to one person per second) Ideal for Disability Discrimination Act compliance Choose from a number of models, including the LX, SPT, SG, IM or LG • Custom pedestals with an array of attractive finishes EASYGATE LX
Find out which security gate is right for you.
1300 858 840
www.entrancecontrol.com.au
EASYGATE IM
FULL HEIGHT TURNSTILE
TRIPOD TURNSTILE
SWING GATE
SECURITY SOLUTIONS 021
REGULAR
COMMUNICATIONS RISK MANAGEMENT
controlled variable and the disturbance. Floods and fires are typical examples. Another is the sectarian terrorist on a murderous rampage of revolutionary change. Emergency services personnel train to work in a Type 4 environment. However, even their training may be inadequate for worst case scenarios, or those not previously considered in risk management planning. Contemporary terrorism itself exhibits some of the characteristics of a Type 4 Risk Management state. Not only do terrorists cause carnage but they themselves justify their acts because they believe they are in a dangerous and turbulent field of operations. Terrorist organisations may regard their operational environment as being in crisis, caused by the established order. An organisation in a Type 4 operational environment regards their crises as normal but unacceptable. This is a risk management system that focuses on urgently correcting current crises. The system attempts to manipulate its operating environment. However, it has no long-term goals other than to prevent other decision systems from disturbing their operational environment. The aim of the system is to restore the operating environment to its natural but delicate and unstable state. Internal ‘grouping’ seeking new values is the hallmark: in a word – ‘millenarianism’ (Schwarz and Thompson 1990). The inhabitants of this type of organisation display a critical ‘logicality’ based on fundamental cultural beliefs about the existence of crises caused by disturbances from conventional risk decision cultures. A Type 4 organisation does not trust the other types “to do the right thing” and will demonstrate their fundamental objections to unacceptable values and behaviour. This type of ultra-participative messianic organisation rejects and deflects risks which are seen as the causes of further crises and instability. The emphasis on this
022 SECURITY SOLUTIONS
system’s behaviour is not towards reliability but towards sustainability through fundamentalism. Rules and regulations are not as important as responding to the crisis (current or future) led by a new messianic leader. A Type 4 organisation, also called a ‘Murphy’s Law Organisation’ (MLO) has elements grouped in a shallow hierarchical structure, but a grided hierarchy as in Type 1 does not exist. There is a leader (perhaps charismatic); however there is no formalised hierarchy. This is typical of a Sect. The leadership is small but all-powerful. Risks will be rejected, deflected and punished severely if ‘anti-group’. The focus is on creating a new operational environment for the benefit of all – for example the creation of an ‘Islamic State’. While risks are anticipated, there is a greater concern about responding to a current crisis that is escalating into chaos. Neither trials nor errors are acceptable. The two primary dynamic risk management strategies aim to: 1. Create a new value system. 2. Share pain and scarce resources consistent with new leadership values. Positive feedback is important for maintaining ethical values, solidarity and the achievement of fundamentalist goals. System failure occurs due to an inability to generate greater power or strategic force (especially if no charismatic leader is present); redundancy is generally rejected and there is a reluctance to accept system resilience. The Type 4 organisation can only exist in the short term. If successful, these Type 4 organisations evolve to become the new Type 1 order. Established Type 1 organisations will do all they can to prevent the Type 4 organisation from becoming the new order. If both the established Type 1 and the new Type 4 organisations evolve to be competitors in a Type 2 environment, then full scale war might be the result.
References: Christensen, Karen S. 1985. Coping with Uncertainty in Planning. Australian Public Administration Journal. Winter, 63-73. Emery, F.E., and Trist, E.L. 1965. The Causal Texture of Organizational Environments. Human Relations. vol. 18, no. 1, 21-32. Foster, Kevin J. 2010. Unstable Risk Management Systems: The Evolution of an ‘Intelligent Building’ in Singapore. Saarbrucken: Lambert Academic Publishing. Jarman, Alan. 2001. ‘Reliability’ Reconsidered: A Critique of the Sagan-LaPorte Debate Concerning Vulnerable High-Technology Systems. Chisholm and Lerner Paper. Thompson, M., Ellis, R. and Wildavsky A. 1990. Cultural Theory. Boulder Colorado: Westview Press. Dr Kevin J. Foster is the managing director of Foster Risk Management Pty Ltd, an Australian company that provides independent research aimed at finding better ways to manage risk for security and public safety, and improving our understanding of emerging threats from ‘intelligent’ technologies.
MULTIPLE CAPABILITIES SUPERIOR SOLUTION
Volvo Group Governmental Sales Oceania
IN HOSTILE ENVIRONMENTS, IT’S IMPORTANT THE SYSTEMS THAT YOU DEPEND ON CAN
STAND THE TEST OF TIME.
At Volvo Group Governmental Sales Oceania, our core business is the manufacturing, delivery and the support of an unparalleled range of military and security vehicle platforms; a range of platforms that are backed by an experienced, reliable and global network with over one hundred years of experience
superior solutions, providing exceptional protected mobility SECURITY SOLUTIONS 023 www.governmentalsalesoceania.com
REGULAR
LEGAL
COMMUNICATIONS The Time To Build Relationships Is Before A Disaster By Rod Cowan A disproportionate interest in terrorism is resulting in the Government and policy makers failing in the fundamentals of national security, which must entail an all-hazards approach to security and risk mitigation. Having spent more than 14 years building relationships through the Trusted Information Sharing Network (TISN) and the Security in Government (SIG) annual conference, policy wonks scrapped the latter and allowed the former to become all but moribund. SIG, held each year, was routinely attended by over 500 delegates comprised of Government Agency Security Advisors and, increasingly, corporate security managers. An associated exhibition and sponsorship subsidised the event, which not only meant the conference was priced to suit security department budgets but also generated a profit of more than $70,000, which the Attorney-General’s department used to fund outreach projects. All this and at no real cost to the department, since organising the entire event was outsourced. Someone somewhere decided to scrap the event. No one understands why. The fact is, 90 percent of critical infrastructure in Australia is privately owned — and even more rely on private security for protection. To have an annual event that briefs, educates and informs is eminently desirable. To be able to do so at a profit seems eminently sensible. This lack of understanding of the relationships between all concerned with the protection of the nation has had a knock-on effect for the Trusted Information Sharing Network (TISN).
024 SECURITY SOLUTIONS
To be sure, the TISN has been successful in the area of the financial sector, which was allowed to run its own race and, indeed, funded a project officer to assist it. Other sectors, however, did not get to the same level of understanding and, thus, were unconvinced about funding further development. In the past four months, A-G’s has gone through at least three reshuffles and Mr Brandis’ position as Attorney-General is tenuous at best. And, no wonder, given the lack of leadership. The fact is the security profession has had no clear engagement since Mr Ruddock and, to an extent, Mr McClelland, both of whom would attend industry events and spend time with people at the sharp end of the stick. When I suggested to an AGD senior staffer that the current A-G would do well to follow suit, I was told: “Good luck with that, if you don’t have the CEOs there”. Mr Brandis did recently reach out to CEOs with an invite to a sit down with him on national security matters. The CEOs naturally checked with their security managers and advisors, most of whom, if not all, told them not to bother. Most declined, offering to send their senior security person. However Mr Brandis made it clear it was a “personal invitation” and there was no need to send anyone else; clearly talking to people knowledgeable about security was not the aim. Clearly, something needs to change and relying on the government simply will not do. The conversation, however, repeatedly returns to who should speak on behalf of the industry? Part of the problem is the nature of security.
A head of security for a major corporation, for example, could hardly speak out on security issues for fear of falling foul of their media/ communications/branding/marketing department (or communications prevention department, depending on your view). In other industries the role would fall to the likes of industry associations or institutes. The Australian Security Industry Association Limited (ASIAL) performs well in providing member services to primarily small to medium size security providers. ASIS — despite attempts at rebranding as an international organisation — remains resolutely US-centric in content, American in outlook, and swallows up fees without investing in local operations. The effectiveness of other institutes and associations wax and wane depending on individuals championing their cause. None could claim to be a political force. The solution would be a platform for meaningful dialogue with a view to communication and cooperation across a range of public and private organisations and issues. But the dialogue needs to take place between those who know about security and those with the power to do something about it in order to ensure that Australia is prepared to respond and recover from an incident, regardless of the cause. It is also a dialogue sadly silent today. Rod Cowan is Editor-at-Large for Security Solutions magazine and Director of SecurityisYourBusiness. com. He can be contacted on mail@rodcowan.net
When a high level of security is essential, dormakaba turnstiles and full-height gates provide the ideal solution. The robust turnstiles and full-height gates are especially suitable for securing the perimeter of buildings and property.
Secure your perimeters
Benefits include versatality in design, safe passage, minimal power consumption and lasting quality for any indoor or outdoor installation. For the complete range of smart and secure access solutions, contact dormakaba. 1800 675 411 www.dormakaba.com.au
SECURITY SOLUTIONS 025
REGULAR
THINKING ABOUT
SECURITY Post Incident By Don Williams So far, through good intelligence, police work, community liaison and luck, Australia has avoided a major security incident such as a massfatality attack. There have been some close calls on a number of occasions and there have been a number of incidents with a few fatalities. The vehicle attack in Melbourne in January, while not terrorist motivated, showed how a free and open society will always be vulnerable. Even that attack resulted in six fatalities (at the time of writing). The deliberate driving down of people in Melbourne also shows the limited memory of society, the media and individuals. This is neither the first nor the worst mass death event to happen in Melbourne within living memory: Hoddle St 1987 (seven dead and 19 injured), Queens St 1987 (nine dead and five injured) and the Russell St bombing 1986 (one dead and 21 injured). What is of interest is the modern outflowing of public grief and tributes. In Issue 30 (2002), I wrote an article titled As Close As It Gets about the Bali bombing, the thrust being that after the largest loss of Australian lives in a terrorist incident Australia, as a nation, reacted as if it had occurred on its shores. But, it had not happened here. There is little doubt that the Australian spirit of community support and generosity will surface and the help provided to the victims and affected region will be, as always, effusive and openhearted regardless of who was injured and by whom. What is also certain is that once the dust settles there will be a surge of ‘blamestorming’ and accusations, with lawyers looking for class
026 SECURITY SOLUTIONS
action targets. This second element will bring out the worst of society, as people and organisations seek to find someone to blame and to pay – whether the accusations are reasonable or not. A mass-casualty attack could come from ethno-nationalists, eco-terrorists, right or left wing extremists, or religious fanatics of any creed. It is understood that, at times, some groups are more visible and vocal in their calls for violence than others, but the rest are still there and bubbling away with their grievances and plans. How governments and responsible agencies respond will also shape how the general public react and recover. If the government accepts that the incident has occurred despite the combined efforts of the public and private sector and demonstrates effective and responsible leadership, then there will be a central pillar for Australia’s resilience. If, on the other hand, there is ducking and weaving, shifting of responsibilities, finger pointing and opportunistic political point scoring, the public will be left largely unled and divided. Security professionals will have a specific role to play, as detailed in this column a few issues ago. They will be called upon to explain to managers, staff and clients what happened and why and how it can be prevented from happening in Australia. The executive will be tempted to throw large amounts of money to protect the business. While taking advantage of this long overdue windfall, security managers should provide doses of common sense and balance to ensure the resources are spent wisely. They will
A mass-casualty attack could come from ethnonationalists, eco-terrorists, right or left wing extremists, or religious fanatics of any creed. also be called upon to counter the claims and statements of the ‘experts’ who will suddenly appear like locusts all over the media. When Australia does have a significant masscasualty event, and it will happen, a large part of the responsibility for providing a balanced, nuanced and realistic response will fall to the security profession. The article As Close As It Gets is available from Security Solutions and from www.dswconsulting. com.au/publications Don Williams CPP RSecP ASecM can be contacted via email: donwilliams@dswconsulting.com.au
SECURITY SOLUTIONS 027
REGULAR
EVENTS Safeguarding Australia 2017: Turning Points in Security 3–4 May 2017 QT Canberra, Canberra Competing priorities, growing threats and increasing complexity will continue to present fundamental challenges to Australia’s national security agenda in the coming years. Public and private security professionals – policy makers, practitioners and providers – will be forced to address a wide range of issues which have developed over recent decades and continue to grow, such as violent extremism, cyber threats (from lone and state actors), border control and legislation. In coming years, they will need to also contend with the security issues inherent in societal issues, adding known-unknown dimensions to an already complex national security agenda, most notably an ageing population, technology creeping into all facets of life and diversity in the workplace reflecting an increasingly cosmopolitan society. Safeguarding Australia 2017 will help face those challenges and shape the security agenda, by taking on its most demanding theme to date: Security at a Turning Point – Innovation, Leadership and Diversity. For over 14 years, the Research Network for a Secure Australia (RNSA), a not-for-profit network of security policy makers, professionals and academics, has gathered at the Safeguarding Australia annual national security summit to hear from high-level speakers representing both government and corporate viewpoints, exchange ideas, debate issues, and learn about techniques, cases studies and ground-breaking research, to meet the security challenges of today and the solutions for tomorrow. In addition to briefings on current policies, trends and activities, Safeguarding Australia
028 SECURITY SOLUTIONS
IFSEC International 20–22 June 2017 ExCeL London The global stage for security innovation and expertise 2017 will go further by drawing on local and international experts to examine three overarching themes affecting the way security and risk is managed to protect the nation, namely: 1. Innovation – exploring knowledge around technology, standards and research. 2. Leadership – focusing on the next generation, the greying population and education. 3. Diversity – in particular, the role of communications as a security tool addressing disparate ethnicities, genders and culture. In addition to a pre-conference workshop currently being designed, Safeguarding Australia 2017 will begin by outlining current challenges and activities and lead into defining future directions and solutions. Safeguarding Australia is the only high-level conference run by and for leading thinkers, policymakers and practitioners in the national security domain, working across wholeof-government at state and federal levels, including law enforcement and intelligence agencies, as well as engaging with corporate and private security practitioners and providers. Past attendees and current bookings include: • senior representatives from security, intelligence, military and law enforcement • risk and security managers and consultants • agency security advisors • critical infrastructure owners and operators • engineers, scientists, technologists, researchers and academics • corporate and business executives responsible for security and risk. Visit safeguardingaustraliasummit.org.au for more information.
IFSEC International is the biggest security exhibition in Europe taking place over three days between 20 to 22 June 2017 at London ExCeL. IFSEC welcomes over 27,000 global security professionals to experience the latest technological innovations and hear from industry leaders – all under one roof, over three days. The event caters to everyone within the security buying chain from manufacturers, distributors, installers, integrators and consultants to end users. With over 600 exhibitors showcasing over 10,000 products, you will be able to find the perfect security solution your business is looking for. There’s more to it than just security. IFSEC International is co-located with FIREX International, Facilities Show, Safety & Health Expo and Service Management Expo, catered for those working across many platforms in building management and protection of people and information. For more information or to register please visit www.ifsec.co.uk
Security Exhibition & Conference 2017 26–28 July 2017 International Convention Centre, Sydney In 2017 the Security Exhibition & Conference is heading back to Sydney to the brand new International Convention Centre. This stateof-the-art precinct over looks beautiful Darling Harbour and is a short walk away from Sydney’s vibrant city centre.
THE ALL-NEWTXF-125E BATTERY OPERATED QUAD BEAM Introducing the eagerly anticipated TXF-125E; a high performance Quad Beam sensor designed for battery operation - perfectly suited for rapid deployment in creating temporary or permanent secure perimeter intruder systems. With 4 selectable frequencies, multiple beam sets can be used without crosstalk, whilst adjustable detection distance allows a single beam set to be re-deployed in a variety of installations throughout its operational life. Two 3.6V (17Ah) batteries power each unit for up to 5 years of service.
NEW!
ACTIVE IR BEAMS The ultimate in trouble free perimeter detection for distances up to 200m outdoor / 400m indoor.
+61 (3) 9544 2477
email: oz_sales@takex.com
HIGH-MOUNT PIR Triple mirror optics for maximum detection performance at 2 to 6m.
BEAM TOWERS Rugged floor and wall mounted enclosures in 1/1.5/2/3m heights.
INDOOR PIR Spot, 360°, wide angle, and curtain detection from 2 to 4.9m height.
OUTDOOR PIR Hard-wired or battery operated outdoor PIR up to 180° x 12m .
1300 319 499 csd.com.au www.takex.com
TAKEX AMERICA SECURITY SOLUTIONS 029
VIC: Mulgrave, Tullamarine NSW: Northmead, Waterloo ACT: Fyshwick QLD: Loganholme SA: Marleston WA: Balcatta
REGULAR
EVENTS The new venue features a total of 35,000sqm of exhibition space presented in a smart, stacked layout to capitalise on the inner-city location and provide much improved loading facilities. Plus the halls feature customised registration and ticketing areas and dedicated meeting rooms. ICC Sydney will be Asia Pacific’s premier integrated convention, exhibition and entertainment precinct, underpinning Sydney’s position as one of the world’s most desirable meeting and event destinations. The entire team is looking forward to reuniting the industry once again in sunny Sydney where Security 2017 will connect more than 4,500 security professionals with over 150 leading suppliers. For over three decades the event has provided a showcase for new and innovative security technologies and solutions. Whether you are looking for a solution to protect your property, people or assets, the Security Exhibition & Conference provides the opportunity to discover the solution that is right for your organisation. Make sure you put July 26–28 in your diary; and we look forward to seeing you again in Sydney for the Security Exhibition & ASIAL Conference! To register now visit securityexpo.com.au
ASIS International Australia Conference Contemporary Security Leadership In Australia 19 October 2017 Melbourne The ASIS International Australia Conference 2017 is the premier gathering of security professionals. The conference provides an established platform for education and business exchange, addressing the key trends and issues facing security professionals locally and globally. Key topics: • Terrorism • Cyber-Security • Behavioural techniques • Security Management • Emergency Management. The conference is a great opportunity to: • engage with peers and colleagues from the public and private sectors • join industry leaders accelerating the future of the security profession. Who should attend the event: • Security professionals across the public and private sectors • Security Risk Management professionals • Security service providers • Security consultants • Government and law enforcement professionals. For more information contact events@asisvictoria.org.au or visit www.asisvictoria.org.au
030 SECURITY SOLUTIONS
The 2017 Australian OSPAs 19 October 2017 The River Room Crown Casino, Melbourne The Outstanding Security Performance Awards (OSPAs) are pleased to announce the date for the 2017 Australian awards. They will be working for the third year in a row with the prestigious, Australian Security Industry Association Limited (ASIAL). The Outstanding Security Performance Awards (OSPAs) recognise and reward companies and individuals across the security sector. The OSPAs are designed to be both independent and inclusive, providing an opportunity for outstanding performers, whether buyers or suppliers, to be recognised and their success to be celebrated. The criteria for these awards are based on extensive research on key factors that contribute to and characterise outstanding performance. Aspiring to Excellence, a Security Research Initiative report conducted by Perpetuity Research. The OSPAs are being setup in collaboration with security associations and groups across many countries. By researching and standardising the award categories and criteria, the OSPAs scheme provides an opportunity for countries to run their own evidence-based OSPAs schemes while maintaining an ability to compete on an international level in the future, ‘World OSPAs’. For more information or to make a nomination, simply visit au.theospas.com
Recognize and Analyze How often was he here this month?
Is he a known suspect?
How old is she?
Are they employees?
When, where did she enter?
Is this valued customer Mia Clark?
How many people are here? Is it too crowded in this area? New: Recorded media import and advanced investigation tools upload sets of videos recorded at a specific location and time to track possible participants in a crime find a person enrolled in an image database or search for an unknown person locate appearances in multiple videos make use of filters that specify timeframe, camera location, age range, gender and glasses
See it in action at Security Expo in Sydney, stand K26!
032
Health Preparedness and Australian Counterterrorism Strategy
033
By Anthony Bergin Killings carried out by terrorists are becoming worse and more gruesome to achieve the shock factor. While there is no suggestion of any new specific terrorist threat to Australia, the Australian Government is looking again at security for public events following last year’s Bastille Day attack to make sure that all necessary arrangements are in place. The Nice attack, where Mohamed Lahouaiej Bouhlel ploughed a truck through crowds of Bastille Day revellers on the Promenade des Anglais and killed at least 84 people and seriously injured more than 200, could easily happen here. There have been three terrorist attacks in Australia in the past 14 months, with nine disrupted plots foiled. Australia’s security agencies are investigating about 400 terrorism cases. The planned Christmas Day attack allegedly included multiple-venue and masscasualty attacks in public places in Melbourne’s CBD, including improvised explosive devices. Arrests made in Sydney and Melbourne last year included charges of conspiring to obtain illegal firearms and manufacture explosive devices. Terrorists in Australia intend to inflict mass-casualty fatal attacks. Violent extremists will draw inspiration from the Nice atrocity. No doubt, Australia’s homegrown Gen Y jihadists will look to emulate the Nice attack modus operandi. By the depraved standards of terrorism, the Nice attack was a great success. It made a huge impression right across the jihadist world: one does not need to use a plane as a weapon like 9/11; simply grabbing a lorry and ploughing into a crowd can mount an effective attack. On the protective security side at mass gatherings here, close attention will need to be paid to the feasibility of putting up barriers to keep out vehicles, especially trucks. (But even here there will be a requirement to allow in cleaners, rubbish collection, media and other vehicles.) However, it will be impossible to secure some open sites – think of events such as a marathon or an Anzac Day march. One of the lessons for Australia from the Nice attack is it must think about how to protect areas beyond capital cities. Just as the terror attack occurred in the south of France, Australia needs to consider security arrangements for regional centres. Local councils will need
034
to review security arrangements for public gatherings, particularly their plans with first aid responders, like the St John Ambulance. However, events should not be cancelled – that way, the jihadists win. But no matter how many bollards are erected, protection of soft targets against the sort of unsophisticated attack seen in Nice will not be possible. These attacks can only be stopped if there is intelligence prior to a potential attack. What needs to be done here is to focus more on the consequence management side. How would services practically cope with huge numbers of fatalities? In the Black Saturday bushfires, given the number of people who died in the fires, there was a need to rapidly assemble temporary refrigerated rooms as morgues. How would services cope with hundreds of seriously injured people, particularly in a regional centre? Across Australia, there is a lack of available air assets and retrieval teams that would be able to provide support and respond to masscasualty events. There are only two, sometimes three, medical helicopters covering greater Sydney. The nearest others are in Orange, Newcastle and Wollongong, any of which may be more than an hour’s flying time from Sydney if on a task. With minimal investment and a contractual agreement with Qantas and Virgin, up to four aircraft from their commercial fleets on the east and west coasts could be configured with the requisite kit for medivac use as required, as part of the commercial fleet on the east and west coasts. Suitable military transport aircraft might be available, but the Royal Australian Air Force (RAAF) must balance this role with military operations, training and maintenance. In any event, defence assets rely on doctors and nurses who often have to balance their civilian life with their part-time military service as specialist reservists. There is a lot that could be done to prevent the adverse health consequences that will flow from disasters, but Australia is not doing enough to prepare for a mass-casualty attack. Disaster response requires a wholeof-service response: hot zone and tactical emergency medical response, pre-hospital care, retrieval, emergency department and intensive care theatre. All elements should
One of the lessons for Australia from the Nice attack is it must think about how to protect areas beyond capital cities. Just as the terror attack occurred in the south of France, Australia needs to consider security arrangements for regional centres.
be drilled simultaneously and with simulated failings at each stage to prepare for the reality of a terrorist disaster. There has been no real action to address the findings several years ago of a major study in the Medical Journal of Australia of the surge capacity for people in emergencies in Australia’s hospitals. It predicted that hospitals would be quickly overwhelmed and that 60 to 80 percent of seriously injured patients would not have immediate access to operating theatres, and that there would be a similar lack of access to intensive care unit (ICU) beds for the critically injured and to X-ray facilities for the less critically injured patients. It would be useful for those responsible for counterterrorism to engage those in the health system who understand what is required to manage a mass-casualty event. The Improvised Explosive Device Guidelines For Places Of Mass Gathering guidelines were issued last year by the Australia-New Zealand Counter-Terrorism Committee. The guidelines rightly note: “Terrorist or insurgent attacks using explosives occur regularly around the world. Terrorists favour explosives because of their proven ability to inflict mass casualties, cause fear and disruption in the community and attract media interest. Explosives are also generally within the financial and technical capabilities of terrorists and IEDs can be assembled with relative ease and used remotely.” The guidelines provide general guidance to those operating places of mass gathering – such as shopping centres, sporting arenas, theatres and railway stations – in terms of emergency service requirements and security principles. The document provides useful guidance on detecting suspicious activity. But one of the weaknesses of the guidelines is its treatment of healthcare issues. There is no mention of post-blast planning and response, including the fact that the site of such an attack would be a crime scene, especially if injuries have occurred. In a post-blast incident, there would also be implications for immediate first aid and rescue before emergency medical services arrive. The guidelines refer to ‘injuries’ and ‘people hurt’, but not that multiple fatalities and a correspondingly larger number of casualties
Disaster response requires a wholeof-service response: hot zone and tactical emergency medical response, pre-hospital care, retrieval, emergency department and intensive care theatre.
in a terrorist bombing in one of Australia’s major cities are likely. There is no discussion in the document of longer term health issues; not all casualties will be immediately apparent and there will be a need to record those who felt the blast effects for medical observation and monitoring. There is no discussion in the guidelines either of on-the-scene triage or on how venue managers might work with emergency medical services to transfer the injured to definitive care. The truth is that Australia is unprepared to respond to a major disaster. Surge capacity – the ability of the medical system to care for a massive influx of patients – remains one of the most serious challenges for national emergency preparedness. No major metropolitan hospital in NSW, Victoria, Western Australia, Tasmania or Queensland met state emergency department benchmarks in the first six months of last year. In developing the health response to a disaster, there are some fundamental constraints: • Most ambulance and hospital services are overstretched on a daily basis. Pre-hospital and paramedic capacity, along with medical and nursing shortages, limit surge capacity for a large influx of critically injured patients. • Few of Australia’s hospital staff and paramedics have been involved in no-notice, large-scale disaster exercises, using the equipment with which they are supposed to be competent.
• Finding adequate numbers of ambulances will be a problem for most states in the event of a disaster. There are no formal protocols between the states for the deployment of paramedics and ambulances. Clearly, there is a problem. The first step in working out a response is to identify the shortfalls and set some performance goals. An audit of the national healthcare preparedness for large-scale disasters is needed on a regular basis, then the healthcare system would know what it is reasonably expected to be able to cope with and could plan appropriately, including the funding required. While it would not be that hard, it would require some goodwill and cooperation between the health departments of the Commonwealth and state governments and the involvement of local councils. It would be much better to deal with this proactively rather than in an after ‘lessons learned’ report.
Anthony Bergin is senior research fellow at Australian National University’s National Security College and senior analyst, Australian Strategic Policy Institute (ASPI). He is the author of Are we ready? Healthcare preparedness for catastrophic terrorism, published by ASPI.
SECURITY SOLUTIONS 035
ALARMS
036 SECURITY SOLUTIONS
By Steve Lawson
To state the obvious: by far the best response to an atrocity is to make sure that a proper defence is in place before the atrocity. After a security incident has happened, there is pressure to ‘do something’, especially from the media and government. The media tend to look at the spectacular and government looks at the politics. Security professionals should be prepared to weather pressure from both of those quarters. A common reaction to a security incident is to install new or additional security equipment. However, equipment is not cheap, it is not usually sitting on the shelf waiting for deployment and the equipment that is available will be snapped up quickly. It can, for example, take six months for X-ray equipment to be manufactured and deployed. There can be an issue with fitting large security equipment into existing infrastructure and the consequent impact on operations. So, the best thing to do before deploying equipment is some research. Which leads to: What can you expect from an equipment supplier? The first and probably most important thing is the supplier should be a source of advice. Giving advice sounds trite, but advice given freely and honestly is vital in responding to any tragedy. There have been many examples, especially after major incidents, where equipment was rushed into service that was not fit for the purpose, was improperly deployed or was operated by untrained or inadequately trained staff. People assume that terrorists are stupid; they are not. They research, conduct reconnaissance and attack where a target is most vulnerable. Poorly deployed equipment may not be a strength, but a vulnerability. What would be the first piece of advice security professionals should expect? They need to think very clearly about what they are trying to defend against. There is not
much use deploying equipment that can detect explosives when knives are being looked for. I have always relied on suppliers that provide me with honest advice and there have been times when it has saved millions of dollars. As an example, I was in Los Angles and there was a call to screen all freight from the airport. We were doing that using explosive trace detection (ETD), but were asked to look at our ability to screen freight for other operations. It was such an attractive proposition that would mean making a large amount of money. The first issue was how. I knew that there was an L-3 truck-mounted X-ray in Boston that was available and we spoke with them about redeploying it to Los Angeles. There were a number of meetings with L-3 and, in the end, on the honest and balanced advice provided, we decided it was not fit for purpose. To be blunt, conventional X-rays, especially ones that are designed to X-ray built-up freight, are problematic finding explosives. As stated earlier, there can be an urge to ‘just do something’ and throw equipment at a problem. That can be a mistake – the immediate and then long-term response needs to be considered. So, divide the response into three phases: • short-term • medium-term • long-term. The short-term response may include redeploying the existing equipment or even changing the way things are done. Invariably, it is to look at the resources, see where they are effective and whether they can be deployed or managed better. Believe it or not, an effective change may just mean changing the ‘look’ of the space to make it seem more focused. I recall a meeting about our first introduction of real air cargo security at Qantas Freight and that we wanted people
SECURITY SOLUTIONS 037
ALARMS
to ‘feel’ like they had been screened, so we changed security’s uniform from a nice corporate one to something that looked more like police. Nothing else had changed, but that simple change made people comment that security had increased and the security staff now felt that their primary function was about security and not customer service. We wanted to screen air cargo, but we did not know what the government was going to certify as suitable equipment nor what legislation they would introduce. Nor did we have much space to deploy equipment and we wanted to introduce measures quickly. We did know that we wanted to find explosives in air cargo – or rather, that there were no explosives in air cargo! So, our short/medium response was to deploy ETD. Not because it was intended as our long-term solution, but rather it was one of only two screening methods certified by the US to find explosives. The other was computed tomography (CT) X-ray, which in those days had a huge footprint, was inordinately expensive and took well over six months to deploy. Once ETD and some other changes were in place, I then went around the world to look at a longer term solution and looked at some quite amazing pieces of equipment. Deciding on a longer term solution relies on advice, but some suppliers still try the hard sell, so security professionals need to equip themselves with base criteria – the ‘what am I trying to achieve’ statement. For air cargo it was simple – I wanted to find explosives or incendiary devices. My issue was that everyone told me how easy it was for their equipment to find explosives, but they were looking for trucksized improvised explosive devices (IEDs) and I wanted to find IEDs the size of a coke can. I came to the conclusion that I needed a simple statement to measure equipment and quickly came up with this: “If it is stupid for passengers or their checked baggage, it is stupid for air cargo on the same aircraft.” Later, I made that into a more succinct and palatable policy, but that was my base rule and applying it cut out the more extreme ends of the spectrum.
038 SECURITY SOLUTIONS
If an emergency happens, consider what can be done with the current equipment, how it can be best deployed and if there are upgrades that can quickly be applied. Have things changed in the supplier space in the last 15 or so years? Absolutely. Not so much with the advice (the people who have been there for a long time are still dedicated, honest and professional), but definitely in pricing and computing power. For example, it is probable that the screening of people will change dramatically in the next few years. Conventional X-ray machines will give way more to CT machines, which have changed in price, footprint and speed. As they get faster, body scanners will displace walkthrough metal detectors and the networking of systems will introduce new capabilities. Systems will be networked so that both the CCTV systems and the airline’s passenger record can profile a person. So how does this help with security professionals once the security incident has happened? Recall the first line in this article: by far the best response to an atrocity is to make sure that a proper defence is in place before the atrocity. That also means that the current equipment list should be continually reviewed, equipment maintained properly and people appropriately trained in its use. Consider the likely life of the equipment. It is not much use buying something that will be in place for 10 years if it cannot be upgraded. If an emergency happens, consider what can be done with the current equipment, how it can be best deployed and if there
are upgrades that can quickly be applied. Keep abreast of current developments in security equipment. Talk to suppliers (not just current suppliers), maintain a network of suppliers and keep on good terms with all of them. Always make sure there are short-term, medium-term and long-term plans in place. Create a checklist for various scenarios – a really good checklist should answer the question: If xyz happens now, what can I do? Short – medium – long-term.
Steve Lawson has over 20 years’ experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on 0404685103 or slawson@avsecconsulting.com.
www.facebook.com/luminox
www.luminox.com
VIC 8th Avenue Watch Co., Emporium Melbourne, 03 9639 6175 | 8th Avenue Watch Co., Westfield Doncaster S/C, 03 9840 6304 8th Avenue Watch Co., Chadstone S/C, 9569 7652 | Temelli Jewellery, Highpoint S/C, 03 9317 3230 | Temelli Jewellery, Southland S/C, 03 9583 2633 | Temelli Jewellery, Westfield Knox City S/C, 03 9800 0799 NSW Lewis Watchmakers & Jewellers, Coffs Harbour, 02 6651 1612 | Melewah Jewellery, Haymarket, 02 9211 5896 | Vintage Watch Co., Sydney, 02 9221 3373 | Hennings Jewellers, Narellan, 02 4647 8555 WA The Watch Spot, Perth, 08 9421 1093 | Leon Baker Jewellers, Geraldton, 08 9921 5451 QLD 8th Avenue Watch Co., Pacific Fair S/C, 07 5575 4883 | Hatton Garden Jewellers, Beenleigh, 07 3287 1230 | Watch Tech, Brisbane, 07 3012 7023
SECURITY SOLUTIONS 039
040
Scenario Design Building Blocks Of Operational Success
041
By Richard Kay An instructor’s obligation is to prepare officers for that aspect of their job that has the potential to put them at risk. Preparing officers to survive confrontational situations has several factors: physical skills to control situations and ensure safety, knowledge to make decisions within lawful parameters and emotional resilience for post-incident management, expressed as safety, survivability and consequence. To prepare officers any less is to fail to prepare them at all. A critical aspect of fulfilling this obligation lies with assessing competence in all aspects required for effective operational duty. Effective reality-based training involves experiential training, where participants use core skills and knowledge to solve realistic workplace situations and learn from both success and failure; scenarios and participant behaviours are carefully planned and implemented to achieve these results. Experimental training does not have programmed outcomes, but uses a waitand-see approach, hoping that there will be interesting training points for discussion at the conclusion of the scenario. Scenario Design The scenario design process begins with research into problem areas that would benefit from reality-based training. Include as many sources of reference as possible at this stage to form a scenario development committee – instructors, subject-matter experts, legal advisory and command staff. The first question to ask is, “What recurring operational problems are happening? ” It might be that there have been incidents where officers and subjects were hurt due to physical confrontations. Studies may indicate that injuries for officers and subjects are reduced in instances where a chemical agent is used prior to physical skills, and a review of the tactical response model confirms that chemical agent is used before physical skills, with a sampling of officers illustrating this understanding. Next, develop low-level scenarios where correct participant responses to role player actions are simple 1-1 drills that teach specific responses to specific threats (experience fragments). After specific threat responses are practised, they are tested in context using highlevel scenarios. Scenario design begins with establishing
042
performance objectives, that starts by asking, “At the conclusion of this scenario, what will participants have demonstrated? ” It provides a concrete set of behaviours and skills to be tested and includes: • Conditions: describe the circumstances under which the behaviour is performed, such as scenarios using a live role player, or scenarios on a video simulator. • Behaviour: describes observable participant behaviours and indicates the behaviours that instructors will be looking for and the type of response expected. • Criteria: specify how well the student must perform the behaviour and set the policy standard by which performance is judged. An example of a completed performance objective might be: In a scenario using a live role player, the participant will demonstrate approved communication skills, deployment of chemical agent, and physical skills against a verbally resistive subject who becomes physically resistive after being sprayed, in order to gain physical control of the subject in a manner consistent with the approved tactical response model. To meet the performance objective, participants must demonstrate performance activities, the ‘must dos’ required to successfully complete the exercise. Any activity sufficiently important to be listed as an official performance activity must be completed, either during the first attempt at the scenario or during remediation that follows the debriefing. Subject-matter experts define the optimal participant responses. During the scenario, the participant is required to demonstrate those responses in accordance with the approved response model, and also to justify such actions during a debriefing. Complexity is the bane of reality-based training and is caused by two main factors: • Over-complicated scenarios have no defined end point. They are caused by lack of proper planning, preparation and execution, and are attributed to having too broad a performance objective or too many performance activities. The core of well-structured scenarios is simplicity, which requires thought, time, effort and revision. • Over-simplification of role player guidelines ensures that there is too much improvisation and role players will likely change the scenario every time they get bored. Properly structured
scenarios avoid the hazards associated with the unknown. Writing scenarios is an inclusive process. After the committee has accepted the array of officer responses, approval is obtained from legal and command staff to confirm that the responses comply with policies and procedures. Once approved, the committee can flesh out the rest of the scenario and develop a set of role player behaviours that predictably trigger the correct responses from participants. Completion of this process creates the scenario framework. A story line, ideally taken from actual events to make it valid, creates context for the proposed action and makes it experiential. This process puts the scenario design into a useable format. It is time consuming but, once completed, the scenario can be used repeatedly and the agency will benefit from training commonality. Scenario Development The scenario overview provides a template to develop a scenario and includes: • The performance objective is the scenario mission statement (a clear statement of what participants demonstrate) and gives a clear indication to when the scenario is complete. Scenarios continuing past completion of the performance objective not only waste training time, but are often when injuries occur. • The synopsis is a brief narrative description of what the scenario is about and what is supposed to happen. • The site description provides a statement on the requirement, type, quality, size, layout and so on of the training venue. The site should be chosen to best approximate the most realistic setting for the situation that will be depicted by the scenario so that the highest level of statedependent learning will be facilitated. • Notes are used for any additional notes that might be necessary in order to set up the scene. The scenario outline is a simple sketch of the scenario general idea. The scenario is written backwards from a natural conclusion to a logical beginning, which forces a progression of the scenario scripting actions and dialogue that move the scenario toward the desired conclusion. The scenario outline interacts directly with the role player guidelines, which helps organise specific
role player actions in response to possible participant actions. Prior to running scenarios, a test phase is recommended, which helps discover possible unanticipated participant responses. The test phase can debug many possibilities never anticipated when the scenario was written. Of course, there will always be situations where certain participants cause resistance to avoid facing what is waiting for them in the scenario. This is more a trust than a tactical issue, due to the belief the scenario is designed to make them lose or look foolish. The scenario evaluation is used to evaluate, debrief and remediate participants. It is critical to any reality-based training program to document participant performance, so instructors must complete this for every participant going through a scenario. During the scenario presentation, the evaluation should be with the instructor, who records performance activities as they occur, since these are the specific actions necessary to fulfil the performance objective. The evaluation components include: • The identification block gives the name of agency, participants and instructors, and the time and date of training; it begins the recording process necessary to support the training activity. • The equipment check ensures a safe training environment; safety officers ensure participants have all necessary equipment for the scenario, instructors confirm the equipment is present, in place, and participants are marked with safety indicators prior to scenario commencement. Conducting a scenario without the proper protective equipment is negligent. • The final preparation occurs prior to commencing a scenario; a briefing addresses any final safety concerns, answers questions participants might have and confirms with the training site that instructors are ready to receive participants and they know the scenario is going live. • The situation explanation sets the scene for the participants; it tells them what they already know, describes events that preceded their arrival in reality and gives them a logical start point. Without this, they might do things which might be correct in a real situation, but wastes time while they get to the point where the scenario actually begins. Communication with participants while
Paying attention to detail is the first step in developing training that makes a difference to officers specifically, agencies in general, and the community as a whole. in character should be done through the radio to force them to manage that equipment, except during an administrative pause or while in direct contact with other officers. If the participant is not being dispatched, verbally explain the situation to set up the scene. • Performance activities are clearly observable, objective actions; avoid using indistinct statements when writing a scenario by asking someone with an understanding of tactical responses if he can pick up the scenario evaluation and check off specific actions as observed. If he reasonably asks, ‘what specifically does that mean?’ about a performance activity, then it is too subjective or vague. Each performance activity is recorded as complete or incomplete by scenario end. Elective points are techniques helpful in solving scenario problems or make operational sense; they are not mandatory for participants to demonstrate that behaviour, but should be recorded on the evaluation to show superior procedure. • The signature authorises scenario completion as proof to document training; participants and instructors sign the evaluation, which is placed inside a participant’s training file. During the debrief, instructors use the evaluation to review scenario performance. The participant takes the instructor through the scenario as if describing events to an investigation team. When an incomplete performance activity is reached, ask the participant if he knows what he was supposed to have done. He may remember he neglected to do something, he may believe he did it when he did not, and he will not know what was missed because he was never taught a certain procedure. Either way, the participant must demonstrate incomplete performance activities during the remediation upon completion of the debriefing. If the participant does not know
what is required to solve the problem, he should receive supplementary training outside the scenario environment prior to repeating it. If failure resulted from forgetting or neglecting, and it is demonstrated during remediation, indicate that the participant performed correctly during remediation and completed all performance activities. A 100 percent compliance evaluation system is preferable to a score-based system, as it demonstrates complete participant compliance with policy and law. Legal authorities cannot review compliance evaluation and state that a participant was only performing at 80 percent capacity. If the evaluation system is compliance-based, participants with the necessary knowledge and skill to complete the performance objective pass; if they do not, they require additional training, after which they are re-tested. Using this system helps instructors determine participant deficiency so that substandard performance is corrected before it becomes a real-world issue. Reality-based training is complicated. Purchasing equipment and sketching out scenarios is how most agencies begin and why poor training occurs. Paying attention to detail is the first step in developing training that makes a difference to officers specifically, agencies in general, and the community as a whole. Build in safeguards that ensure effective training, with the focus always on operational safety. It takes time to get a comprehensive realitybased training program going. Instructors should secure time on a regular basis for scenario development. Set a goal to write three good scenarios each year. Research what three main problem areas are and write scenarios around them. Three good scenarios should take about three weeks to write, debug and get approved. Three scenarios per year equals 15 in five years. It might not seem like much, but the cumulative effects of small movements forward can be astounding.
Richard Kay is an internationally certified tactical instructor-trainer, Director and Senior Trainer of Modern Combatives, a provider of operational safety training for the public safety sector. For more information, please visit www.moderncombatives.com.au
SECURITY SOLUTIONS 043
CCTV
044 SECURITY SOLUTIONS
The Role of CCTV In Resolving Major Incidents
SECURITY SOLUTIONS 045
CCTV
By Vlado Damjanovski
I was asked to write an article on the CCTV aspects of a hypothetical incident and “what will/could/should/may happen after a security-related atrocity or major incident occurs”. A worrying thought indeed. A major incident could be, for example, a bomb in a public place which could affect almost everybody in this city. There are such public places in all major cities around Australia. So, to give a hypothetical scenario, assume a bomb has been planted at a major public venue in the biggest city in Australia and is detonated, killing innocent civilians and causing widespread disruption to the daily busy lives of thousands of people commuting in and out of the city. What will be the first thing to happen? It is not very difficult to guess. Firstly, there will be traffic chaos. Roads, particularly in Sydney, are not designed to cope with something as unpredictable as that. As police sirens ring out across the city and ambulances and rescue vehicles rush to the crime scene, traffic would come to a standstill. Secondly, and most important in determining who is responsible for such a heinous crime, would be the gathering of all the CCTV footage from the cameras positioned across the crime scene, if there are any. If there are no cameras covering the area, there would be a barrage of awkward questions aimed at the owner of that particular (public) space where the detonation occurred. Security personnel know that the decision of what needs to be covered with a surveillance system in public spaces is predominantly based on a consultant’s advice, which is usually based on a security manager’s experience with past incidents and ‘hot-spots’ that he or she is aware of. Clearly, it is possible that some proximities are not covered if there has been no history of a previous incident. As is common knowledge, cutting short on the number of cameras is usually the first step in ensuring that a CCTV system falls within the allocated budget. However, chances are that all public spaces, in Sydney at least, are covered by
046 SECURITY SOLUTIONS
a camera from one point or another. So, the issue is not whether an infrastructure is covered by CCTV, but how good the coverage of these cameras may be. A few questions need to be addressed. Is the video clarity sufficient for the police to be able to draw any conclusions of who planted the bomb? Is the video in such a format that the police can replay the footage on their system in the first place? Will the low-cost, low-quality Chinese camera imports suffice, given that not many people know about them (except the installer that was sold such a system); and can their exported footage even be played back? These are important questions, but with many variables, and obtaining a correct answer may not always be easy. Firstly, the camera resolution plays a big role, followed by the lens quality, the angle of coverage (focal length of the lens), the image quality (both in frames per second and compression), the camera low-light capability (typically most critical incidents occur in low light), and so forth. Similarly, the recording quality and recording duration are also important parameters. Luckily, most recorders these days offer at least a week or two of recording, if not more. When a major incident happens, chances are the police will only want the last 24 hours of footage. Therefore, the length of a recording of such a major incident would not be an issue (unless the recording is discovered three weeks later). Instead, it will be the quality of recording that is important, taking into account the parameters mentioned above. Today, most of the installed CCTV cameras are set to cover an area with as wide a view as possible with little regard to the quality of the recorded details. Quality in this instance does not necessarily mean sharp and focused images, with ‘good’ compression. It refers to the quality of the viewed scene where object details have predefined recorded pixel density, at the area of an expected incident. There are known pixel densities defined in various standards and, when applied properly during the design and installation stage, they will
So, the issue is not whether an infrastructure is covered by CCTV, but how good the coverage of these cameras may be.
guarantee capturing the required details as expected by law enforcement agencies. Very few consultants, and even fewer installers, will provide the requirement for the camera coverage at the expected incident distance. Very few of them will clearly request for image pixel density sufficient to recognise or identify a person. Rather, most of them will just make an effort to set a vari-focal lens to cover an area as wide as possible, without really being aware that at least 250 pix/m for face identification, or at least 125 pix/m for face recognition at a certain critical distance is required.
Cameras are not introduced to observe people’s private doings in public places. CCTV cameras are there to protect the community from the ‘baddies’.
Unfortunately, in the security industry today, anybody can import a ‘cheap’ product from the Asian market without taking into consideration whether a possible major incident could be covered by such products. In my role as a consultant, I have been called as an expert witness in a court matter, only to find out that the recorded footage used in the defence could not be replayed by anything. Both the camera and the recording system had no details of the manufacturer, its brand, the model or serial number. When I investigated the company to make contact, I discovered that it was no longer in business. So, as a consequence of a hypothetical incident occurring, it would be tragic to learn that, although the public area might be covered by CCTV cameras, it is highly probable that such cameras would not have captured sufficient details to identify the suspect. Even worse, it is highly probable that the recorded footage cannot be replayed properly. Blurry and unclear images will flood the news and people will be pointing the finger to the dated and poor-quality CCTV system. Not many will consider that, actually, it might be the consultant’s fault for not specifying camera views properly. Equally, the installer may have cut corners by supplying inferior equipment which promises the ‘world’ to the customer. Certainly, very few people will point the finger at the owner of the system, who has agreed to work with an ill-informed consultant and paid for an inferior system, thinking that having any camera, rather than none, is good enough. Having poor footage in TV news stories contributes to ill feelings by the public in reference to CCTV being used in public places. One of the criticisms of public CCTV is that it is inefficient and unclear in places where it is needed the most. The next thing to happen, in the case of the hypothetical public incident, will be a barrage of government promises ensuring that future surveillance systems will be better and will guarantee the apprehension of suspects and prevent future civil unrest and crime.
Tragically, only then will the real purpose and use of CCTV systems and cameras be made evident. Cameras are not introduced to observe people’s private doings in public places. CCTV cameras are there to protect the community from the ‘baddies’. In order for safe and sensible protection, cameras must be designed, manufactured, installed and set-up to comply with Australian and international standards. This is no different to the concept of paying a higher price for a safer car with better fuel efficiency, intelligent sensors and a good chassis construction, which will then further protect occupants in the event of a car accident. Such extra safety features may never be used, but it is comforting to know that sound engineering design features can be relied on when needed. A CCTV system should be installed with the utmost care and with the assumption that a major incident might be recorded by that exact camera. Hopefully this will never happen, but installers should act as if it might. The questions that every installer should ask themselves are: Is my system going to provide sufficient quality video footage to be able to help police apprehend the perpetrator? Does my system serve that purpose? If the answer is no, changes need to be made sooner rather than later, not after an incident has occurred. Those changes include a better understanding of every component in the camera’s system, its most optimal settings and the best angles of view to cover an area with sufficient details, while allowing for sufficient light for recording at night, best video quality encoding and ease of access by law enforcement agencies. If the above is adhered to, then CCTV cameras will be seen as protectors and welcomed by all and not, as they are commonly referred to, as intruders into people’s privacy. Vlado Damjanovski is an internationally renowned CCTV author, lecturer, innovator and consultant. He can be reached via his company website www.vidilabs.com
SECURITY SOLUTIONS 047
BUSINESS
4 Steps To Integrate Risk Management Into Strategic Planning
048 SECURITY SOLUTIONS
By Alex Sidorenko & Elena Demidenko Let me first start by saying integrating risk management into strategic planning is NOT doing a strategic risk assessment or even having a risk conversation at the strategy setting meeting, it is so much more. You will also find it difficult to relate if the objectives have not been defined or documented in your company or if the objectives are not measurable. Kevin W Knight, during his first visit to Russia a few years ago, said ‘risk management is a journey… not a destination’. Risk practitioners are free to start their integration journey at any process or point in time. However, I believe that evaluating strategic objectives at risk can be considered a good starting point. The reason why I think this is a good starting point is because it is relatively simple to implement, yet has an immediate and a significant impact on senior management decision making. STEP 1 – STRATEGIC OBJECTIVES DECOMPOSITION Any kind of risk analysis should start by taking a high-level objective and breaking it down into more tactical, operational key performance indicators (KPIs) and targets. When breaking down any objectives, it is important to follow the McKinsey MECE principle (ME – Mutually Exclusive, CE – Collectively Exhaustive) to avoid unnecessary duplication and overlapping. Most of the time, strategic objectives are already broken down into more tactical KPIs and targets by the strategy department or HR, so this saves the risk manager a lot of time. This is a critical step to make sure risk managers understand the business logic behind each objective and helps make risk analysis more focused. Important note: while it should be management’s responsibility to identify and assess risks, the business reality in your company may be that sometimes the risk manager should take the responsibility for performing risk assessment on strategic objectives and take the lead. EXAMPLE: RISK MANAGEMENT IMPLEMENTATION VMZ is an airline engine manufacturing business in Russia. Their product line consists of relatively old engines, the DV30, which are used for the medium-haul airplanes such as the Airliner 100. The production facility is in Samara, Russia. In 2012, a controlling stake (75%) was bought by investment company AVIARUS. During the last strategic board meeting, AVIARUS decided to maintain the production of the somewhat outdated DV30, although at a reduced volume due to plummeting sales and, more importantly, to launch a new engine, DV40, for its promising medium-haul aircraft, the Superliner 300. The Board signed off on a strategic objective to reach an EBT (earnings before tax) of 3000 milllion rubles (approximately 70.3 Million AUD) by the year 2018. STEP 2 – IDENTIFYING FACTORS, ASSOCIATED WITH UNCERTAINTY Once the strategic objectives have been broken down into more tactical, manageable pieces, risk managers need to use the strategy document, financial model, business plan or the budgeting model to determine key assumptions made by the management. Most assumptions are associated with some form of uncertainty and hence require risk analysis. Risk analysis helps to put unrealistic management assumptions under the spotlight. Common criteria for selecting management assumptions for further risk analysis include:
• The assumption is associated with high uncertainty. • The assumption impact is properly reflected in the financial model (for example, it makes no sense to assess foreign exchange risk if in the financial model all foreign currency costs are fixed in local currency and a change in currency insignificantly affects the calculation). • The organisation has reliable statistics or experts to determine the possible range of values and the possible distribution of values. • There are reliable external sources of information to determine the possible range of values and the possible distribution of values. For example, a large investment company may have the following risky assumptions: the expected rate of return for different types of investment, an asset sale timeframe, timing and the cost of external financing, rate of expected co-investment, exchange rates and so on. Concurrently, risk managers should perform a classic risk assessment to determine whether all significant risks were captured in the management assumptions analysis. The risk assessment should include a review of existing management and financial reports, industry research, auditors’ reports, insurance and third party inspections, as well as interviews with key employees. By the end of this step, risk managers should have a list of management assumptions. For every management assumption identified, risk managers should work with the process owners and internal auditors while utilising internal and external information sources to determine the ranges of possible values and their likely distribution shape. EXAMPLE: RISK MANAGEMENT IMPLEMENTATION (CONTINUED) Macroeconomic assumptions • Foreign exchange • Inflation • Interest rates (RUB) • Interest rates (USD) Materials • DV30 materials • DV40 materials Debt • Current debt • New debt
SECURITY SOLUTIONS 049
BUSINESS
Engines sales • New DV30 sales volume • New DV40 sales volume • DV30 repairs volume • DV40 repairs volume • DV30 price • DV40 price Other expenses • Current equipment and investments into new one • Operating personnel • General and administrative costs. Based on the management assumptions above, VMZ will significantly increase revenue and profitability by 2018. Expected EBT in 2018 is 3013 Million Rubles (approximately 70.6 Million AUD), which means the strategic objective will be achieved.
We will review what will happen to management projections after the risk analysis is performed in the next section. STEP 3 – PERFORMING RISK ANALYSIS The next step includes performing a scenario analysis or the Monte-Carlo simulation to assess the effect of uncertainty on the company’s strategic objectives. Risk modelling may be performed in a dedicated risk model or within the existing financial or budget model. There is a variety of different software options that can be used for risk modelling. All examples in this guide were performed using the Palisade @Risk software package, which extends the basic functionality of MS Excel or MS Project to perform powerful, visual, yet simple risk modelling. When modelling risks it is critical to consider the correlations between different assumptions. One of the useful tools for an in-depth risk analysis and identification of interdependencies is a bow-tie diagram. Bow-tie diagrams can be done manually or using the Palisade Big Picture software. Such analysis helps to determine the causes and consequences of each risk, improves the modelling of them as well as identifying the correlations between different management assumptions and events.
050 SECURITY SOLUTIONS
The outcome of risk analysis helps to determine the risk-adjusted probability of achieving strategic objectives and the key risks that may negatively or positively affect the achievement of these strategic objectives. The result is strategy@risk. EXAMPLE: RISK MANAGEMENT IMPLEMENTATION (CONTINUED)
The risk analysis shows that while the EBT in 2018 is likely to be positive, the probability of achieving or exceeding the strategic objective of 3000 mln. rub. is 4.6%. This analysis means: • The risks to achieving the strategy are significant and need to be managed • Strategic objectives may need to change unless most significant risks can be managed effectively. Further analysis shows that the volatility associated with the price of materials and the uncertainty surrounding the on-time delivery of new equipment have the most impact on the strategic objective.
Management should focus on mitigating these and other risks to improve the likelihood of the strategic objective being achieved. Tornado diagrams and result distributions will soon replace risk maps and risk profiles as they are much better at showing the impact risks have on objectives. This simple example shows how management decision making processes will change with the introduction of basic risk modelling.
STEP 4 – TURNING RISK ANALYSIS INTO ACTIONS Risk managers should discuss the outcomes of risk analysis with the executive team to see whether the results are reasonable, realistic and actionable. If indeed the results of risk analysis are significant, then management, with the help from the risk manager, may need to: • Revise the assumptions used in the strategy. • Consider sharing some of the risk with third parties by using hedging, outsourcing or insurance mechanisms. • Consider reducing risk by adopting alternative approaches for achieving the same objective or implementing appropriate risk control measures. • Accept risk and develop a business continuity / disaster recovery plan to minimise the impact of risks should they eventuate. • Or, perhaps, change the strategy altogether (the most likely option in our case). Based on the risk analysis outcomes it may be necessary for the management to review or update either the entire strategy, or just elements of it. This is one of the reasons why it is highly recommended to perform risk analysis before the strategy is finalised. At a later stage, the risk manager should work with the internal auditer to determine whether the risks identified during the risk analysis are in fact controlled and the agreed risk mitigations are implemented. Alex Sidorenko is an expert with over 13 years of strategic, innovation, risk and performance management experience across Australia, Russia, Poland and Kazakhstan. In 2014 Alex was named the Risk Manager of the Year by the Russian Risk Management Association. As a Board member of Institute for strategic risk analysis in decision making, Alex is responsible for G31000 risk management training and certification across Russia and CIS, running numerous risk management classroom and e-learning training programs. Alex represents Russian risk management community at the ISO Technical Committee 262 responsible for the update of ISO31000:20XX and Guide 73 since 2015. Alex is the co-author of the global PwC risk management methodology, the author of the risk management guidelines for SME (Russian standardization organization), risk management textbook (Russian Ministry of Finance), risk management guide (Australian Stock Exchange) and the award-winning training course on risk management (best risk education program 2013, 2014 and 2015).
SECURITY SOLUTIONS 051
COVER STORY
When Terror Strikes:
How Will The Australian Public Respond?
052 SECURITY SOLUTIONS
SECURITY SOLUTIONS 053
COVER STORY
By Lyndall Milenkovic “The people [Australians] are immensely likable – cheerful, extrovert, quick-witted and unfailingly obliging. Their cities are safe and clean and nearly always built on water. They have a society that is prosperous, well ordered and instinctively egalitarian. The food is excellent. The beer is cold. The sun nearly always shines. There is coffee on every corner. Life doesn’t get much better than this.” Bill Bryson – In a Sunburned Country. Living in such an idyllic environment as Bryson has described, how would the Australian community react after a deliberate act of terror? Over the past two years, Australia would have experienced 15 terror attacks, including public beheadings, if most plots had not been foiled in their advanced stages, according to police. Government agencies have done a great and cohesive job to stop attacks. The terror attacks police were unable to prevent include the Lindt Café siege in Sydney, the killing of police accountant Curtis Cheng by a 15-year-old schoolboy in Parramatta and a non-fatal stabbing in Minto last year. In September 2014, an 18-year-old attacked two police officers with a knife outside a Victorian police station before being shot dead. These relatively small but not insignificant attacks have occurred and Australians have been affected, but what would happen if an entire community was subjected to an attack? Historically, Australians are renowned for being practical. In the book issued by the US Army titled Instructions for American Servicemen in Australia 1942 it said, “Aussies don’t fight out of a textbook. They’re resourceful, inventive soldiers, with plenty of initiative” they might seem undisciplined but when “the fighting begins; there isn’t any lack of discipline or leadership either.” Seventy-five years on and, in most circumstances, Australians still display that practical spirit – even in emergency situations. Every year, the nation is affected by natural emergencies like floods, storms and bushfires. Australian community spirit and survival plans are commonplace, they have created a resilient society. Could the community approach Australians apply to natural disasters also help communities build resilience after a terror attack?
054 SECURITY SOLUTIONS
When Australia suffers from a large-scale terrorist attack it will hit hard, because it is probable the wider public does not know what actions to take. Everyone will be terribly shocked and that may hinder the public's ability to process what has happened. The public do, of course, look to emergency services and security for reassurance in the hope they will handle the situation in the best possible way. This is why it is so important to review emergency services’ responses to crisis. The results are not always flattering but, with 20/20 hindsight, the public needs to know the services are always learning and improving. The public display after the Lindt Café siege set the scene of how the public might respond following the horror of two innocent people being killed, followed by a step-bystep investigation into how it was managed. All countries react differently. America, as an example, was brought to a standstill by the impact of 9/11. Although specifically targeting New York and Washington, there was horror across the whole country and indeed most nations for such a large attack on American soil. America appeared to unite against a common enemy and the war on terror was waged. There was a mass outpouring of patriotism. In London, the 2005 attacks were widespread throughout the CBD. The Strategic Emergency Plan for London appeared to operate well. It was developed after the 9/11 attacks as part of an integrated approach to emergency response in London. Following the London bombings, reviews largely acknowledged the plan contributed to saving lives. However, like with most incident reviews, it listed inter- and intra-government department communication, command and control as ‘improvement opportunities’. In the book Designing Resilience (2010), Comfort, Boin and Demchak explain, “In London even in the exceptionally difficult situation caused by bombs exploding in deep underground tunnels outbreaks of panic were limited to conditions where people thought they were trapped.” Panic, hysteria and screaming occurred in the trains due to the fear of the consequences of being trapped if fire was to spread throughout the carriages. Generally, people do not tend to panic. “Panic is a much misunderstood phenomenon that is transient,
When Australia suffers from a large-scale terrorist attack it will hit hard, because it is probable the wider public does not know what actions to take.
short lived and surprisingly rare” (Quarantelli, 2001). The blasts occurred on 7th July and then by 3rd August the Piccadilly line returned to service. The city settled back into London life, with those affected recovering. The English attitude of ‘carry on’ could have contributed to their quick recovery. The public seemed to know the attack was ruthless, but they appeared to set themselves a task of ‘let’s persevere’. Closer to home, Australians’ belief ‘we are removed and therefore safe’ changed in 2002, 2005 and 2015 as Bali endured attacks. In 2002, out of the 202 people killed, 88 were Australians. Four Australians lost their lives from the total of 20 killed in the 2005 bombings. Indonesia and the local Balinese asked for help in many ways and one was to not desert their holiday mecca. Slowly, Australians returned. Once again, Australians have become complacent about Bali because it is over 12 years since the multiple bombings of 2005 and nearly 15 years since the deadly Kuta bombings. According to figures from the Bali Tourism Board, Australian tourist numbers are more than those pre-2002. Just under 240,000 visited Bali in 2001 and that number was exceeded in just the first quarter of 2016. Due to the high threat of terrorist attack,
26-28 JULY 2O17
26-28 JULY 2O17 ICC SYDNEY DARLING HARBOUR
RETURNS TO SYDNEY Offering innovation in abundance, the annual Security Exhibition & Conference presents solutions from world leading suppliers to overcome business security challenges. Returning to Sydney for the first time in four years, the industry will reunite for three days of networking and knowledge exchange.
FOR MORE INFORMATION VISIT SECURITYEXPO.COM.AU
PRINCIPAL SPONSOR
LEAD INDUSTRY PARTNER
ORGANISED BY
SECURITY SOLUTIONS 055
COVER STORY
the Department of Foreign Affairs and Trade (DFAT) warned Australians to exercise a high degree of caution in Indonesia and Bali. Australians are still visiting in huge numbers while there is a Level 2 warning in place. DFAT are not saying do not go, they are simply saying to exercise a high degree of caution. Initially, Australians stayed away from Bali and then started to reappear. Could it be their happy-go-lucky attitude that is allowing them to travel there for holidays? Could their complacency be a hindrance or indeed a benefit to recovery? Maybe because they could pinpoint a villain, it was easier to recover when there was someone to blame? The Cronulla Riots appeared to stem from looking for someone to blame. The investigation of emergency services’ response to the riots revealed that the initial response was largely under-resourced as a result of a risk assessment that fell short (in hindsight). The result of the inquiry was similar to the criticism of the Lindt siege; the choice of command post, limited technology to provide situational awareness to commanders and poor communications in the field. Both were unprecedented events with significant criticisms finding a lack of clarity over who was in charge. For the Cronulla community, however, it has been irrevocably linked to one of Australia’s more shameful displays of racism, one that made headlines around the world. Cronulla became a call for racists around the country to unite. Ten years on, as Australia continues to grapple with race and religion, has Cronulla changed? Can the community move on from the stigma cast over it? One lingering outcome of the riots is the persistent public perception of Cronulla as a racist place. The stigma has undoubtedly affected the region. In the immediate aftermath of the unrest, few Australians from ethnically diverse backgrounds visited its beaches. Many have not returned at all. So, in a country made up of migrants, here was an example of racism at its worst and emergency services not prepared for such an issue. Once again, people are left with a desire to find someone to blame and they must work hard not to blame a culture or community group.
056 SECURITY SOLUTIONS
In just the same way communities applied bushfire survival plans, surely the Australian community needs guidelines to add to their practical solutions?
It seems it is easier for Australians to deal with the black and white of a disaster rather than the grey area of embarrassment. Forty years ago, The Granville Rail Disaster killed 83 people. An express train from Mount Victoria bound for Central Station derailed and crashed into a row of steel pylons, bringing down the Bold Street Bridge. Many people were killed instantly, still in their seats. A local priest was quickly on the scene. He called out and gave comfort to those who were trapped and gave support to the rescuers. “Many were professionals who were themselves in shock, feeling helpless at the enormity of it all.” He highlighted though the practical, responsive attitude of the community at the disaster scene that day. “In this industrial area, in the factories, all the resources and manpower that could be marshalled were immediately on offer,” he said. Now each year there is a blessing of 83 roses and a service to commemorate the lives that were lost. This shows the need for a place of quiet reflection and a commemorative service. There is an increased presence of security offices across Australia. In major cities, there are very obvious security guards in high-profile
locations. This satisfies a number of needs. Primarily, the additional officers are placed in a simplistic form to deter would-be attackers. If done correctly and provided by a reputable security company, those additional officers also provide a level of comfort to the public. Well-trained officers can assist and provide answers to frequently asked questions by the public. There is a security officer positioned on Pyrmont Bridge, Sydney who says “hello”, “have a great day” or “slow down” to a cyclist. The officer may be there to patrol and report unusual behaviour, but the officer’s attention covers all bases of providing safety and security on every level. This style of security is a clever use of a valuable resource. Project Griffin in the UK aims to advise and familiarise the community, especially security officers on security and counterterrorism issues. It works by encouraging the public to be vigilant and to report suspicious behaviour and activity around their community. This will help to combat both terrorism and crime. Project Griffin was developed by the City of London Police and was introduced in central
London in April 2004. It was a joint venture between the City and Metropolitan police forces in response to the impact of 9/11 in the US. Project Griffin has been adopted by police forces across the UK and overseas, but not successfully in Australia. A version of it was established in Victoria in the lead up to the 2006 Melbourne Commonwealth Games and since in South Australia, but the program was disbanded. The stated reason was that the department responsible for administering the program could not handle the administrative load and the cost/benefit of this administration. Many argue that it would be better to try to fix the issues rather than lose the assistance of a valuable resource. Security officers are an accessible source the public could turn to, to report to or take direction from in the event of an attack. The assistance would benefit Australia’s capital cities, particularly Sydney’s CBD Sub-Plan. The plan is a series of special arrangements established to manage a serious emergency event in the Sydney CBD or North Sydney CBD. The Sydney CBD SubPlan provides advice for workers, visitors and residents in the CBD area during a serious emergency. These arrangements have been put in place to ensure police and emergency services can manage the high concentration of people in these business districts, which are small, confined geographic areas. The plan contains a series of instructions for three situations: evacuate, shelter in place and remain at work. The remain at work and shelter in place were strategies used after the London bombings to enable emergency services to manage the immediately impacted areas without adding more of the general public to both street congestion and to public transport. The Sydney CBD plan even requires all schools in the CBD to be able to self-maintain for 12 hours, where the plan is then to bus all the children to a secondary safe location for collection by parents and carers at a later time. Sydneysiders in the CBD would be used to the ‘Sydney Alert’ electronic signage saying ‘the warning system is going to be tested’ and hearing the public announcement tests
from the large speakers in the streets. Although how many Sydneysiders know how these tools might assist them if this plan had to be put into action? Basically, if the public were given a framework and knew the general principles, it may be easy for them to prepare for these emergency situations. A framework and guidelines are needed. In just the same way communities applied bushfire survival plans, surely the Australian community needs guidelines to add to their practical solutions? No one in Tasmania, in Australia or at the time around the world knew how to process the loss of life caused by a lone gunman at Port Arthur 21 years ago. At the time, it was the world’s worst mass murder by one person. The community was dramatically affected. This was displayed through post-traumatic illnesses, broken relationships and even suicide. When the national spotlight was placed back on the
Just like emergency services in all the reviews, more effective communication is required and the public find it easier to follow instructions if they understand… In everyday circumstances, people operate better if they are given some information. After an attack will be no different.
incident as a 21-year anniversary, for some it reopened wounds better left alone and for others it reminded them that their loved ones would never be forgotten. So, how can Australians learn and move forward from these incidents? It appears that many want somewhere to grieve quite publicly, so large gatherings of those who need to share their outpouring should be expected. Others need to find their own quiet way of grieving, dusting off and carrying on. It seems that it is easier for the community to recover if it can find a group or an individual to blame. The public need to be reminded that an attack of terror is committed by individuals who claim to be doing it for a cause, so people should try not to blame a cultural group. Australians will need to develop better social and mental health agility to help them cope. Just like emergency services in all the reviews, more effective communication is required and the public find it easier to follow instructions if they understand. “Why has the train stopped?” “Why is my plane delayed?” In everyday circumstances, people operate better if they are given some information. After an attack will be no different. Can security professionals find a way to help educate others around them – staff, managers, clients and the community? Can security professionals provide simple context around which Australians can use their practical natures to build their own responses inside the government framework? This is why communities struggle to recover. Australians are resilient, but they do have needs and areas to focus on to prepare them for an attack. There is no real explanation of why behind acts of terror, but maybe the work on the how to respond and how to recover could begin. For a full list of references, email info@interactivemediasolutions.com.au Lyndall Milenkovic specialises in working with public environments. She has over 24 years of experience in the risk arena, specifically in emergency management, including four Olympic Games, two Commonwealth Games and the World Expo in Shanghai. She also provided consulting services for the Rio World Cup. Lyndall can be contacted via email Lyndall@riskworks.com.au
SECURITY SOLUTIONS 057
LEGAL
Q&A Dr Tony Zalewski
Critical Incident Management: The Importance Of Post-Incident Actions Within A System Effective critical incident management across any organisation does not happen automatically or spontaneously. It requires careful thinking and planning, usually over a considerable period of time, and involves a broad range of competencies. Organisations generally address critical incident management in response to obligations under workplace safety and within their approaches to emergency response, business continuity and disaster recovery. Of course, the sector, size and operation of the organisation will determine the complexity of its approach. Although Australia is generally known as a safe democracy within a politically stable environment, the risk of extreme or critical events is ever present. Sources of such events can vary considerably and incidents occur suddenly and unexpectedly with far-reaching impacts. For the purposes of this article, a critical incident is defined as any actual or threatened traumatic event that causes extreme stress, fear or injury. It is an abnormal condition that requires careful planning in response, thus managing critical incidents requires an organisation to develop a system of “policies, structures and processes by which the response to abnormal conditions is subject to command, coordination and control” (Standards Australia A practitioner’s guide to business continuity management, 2006). The objective of this article is to provide an understanding of critical incident management in the context of post-incident actions and the importance of organisational processes. The article discusses critical incidents, common organisational approaches and appropriate post-incident practices to minimise organisational risks. Understanding Critical Incidents Critical incidents place lives and property in danger. Depending on the severity and impact of the incident, resources from numerous sources may need to be coordinated to bring about a successful conclusion. For example,
058 SECURITY SOLUTIONS
the recent Bourke Street tragedy in Melbourne’s CBD provides an understanding of the diverse resources required post-incident, both public and private. Public emergency services, healthcare, local government and community support services were conspicuous across media reporting. What was not widely reported was the response by public and private organisations, large and small, to this critical incident. Staff working along Bourke Street and surrounding areas who were present and involved or witnessed the tragedy reported high levels of anxiety, fear, anger and grief. Commonly, critical incidents that impact upon organisations are categorised under five themes: 1. Terrorist activities that are often based upon religious or ideological fanaticism, such as use of weapons of mass destruction whether explosive or otherwise, violence associated with an active shooter or armed offender incident and the like. 2. Criminal activities involving serious violence, such as bombings or arson against organisations, kidnapping of or assaults on employees and armed robbery or extortion. 3. Fire and hazardous materials incidents involving explosions, chemical spills, gas leak and the like. 4. Accidents, whether transportation or other serious workplace incidents, such as death or serious injury sustained by a colleague. 5. Natural disasters that might flow from extreme temperatures, earthquake, flood or storm. It is well recognised that when a critical incident occurs, people will have a need or desire for information. Those that need to be considered in a communication strategy will include family and friends, work colleagues, the authorities and the media. Hence it is important that any critical incident management strategy has been carefully thought through to ensure appropriate organisational responses through communication include the welfare of staff, continuing dangers faced and action proposed.
Common Organisational Approaches Organisations typically approach critical incident management within strategies for emergency response, business continuity and disaster recovery. A team is usually allocated to take control and assume responsibility for management of a critical incident until normal operations have resumed. Below is an example of a typical framework and phases within critical incident management for a larger organisation.
(Source: Standards Australia HB292:2006)
Each of the phases depicted above will be incident specific and membership of a critical incident management team may vary depending on the nature, location and extent of the incident. For example, there may be individual response leaders appointed within a critical incident management team to take responsibility for initial action, ongoing progress, post-incident action or incident evaluation. Any critical incident may also need the involvement of internal and external resources through any phase, such as emergency wardens, human resources, emergency services, psychological support and counselling, IT support, legal advisory, corporate communications and the like. If planned appropriately, there should be a more effective response to critical incidents, better decision making, less likelihood of inappropriate reactions and better support for staff and others post-incident. Overall, this minimises risk and protects the organisation, including its reputation.
LEGAL
Q&A Post-incident Actions to Minimise Organisational Risks Organisational post-incident actions should be identified, clearly defined and documented. This approach removes the exercise of discretion and ensures stages within postincident activity are not overlooked. The importance of debriefing after critical incidents is well known, as those present or involved will often experience flashbacks, nightmares, anger and the like. The Australian Federal Police noted cases where workers receiving counselling rose from five percent to 31 percent after an air disaster incident; albeit incidents do not necessarily need to be horrific or a major disaster to generate “… a greater than usual adverse emotional response” (Rolfe, 1988). Post incident, an organisation unnecessarily exposes itself to various risks if it fails to formally: • ‘hot’ debrief all staff involved immediately after exposure to a critical incident and offer urgent counselling; formalised counselling should occur within 48 hours, face-to-face with an appropriate professional • highlight positive actions taken by staff as a measure of support and reinforcement • organise support for all staff through an employee assistance program or similar • obtain independent advice about the system for emergency preparedness and response and how the organisation actually performed against the system and its procedures – this will provide independent guidance about the adequacy or otherwise of the current strategy • in conjunction with the critical incident management team, enhance the current system as required • commit to a further test of the system at an appropriate time in the future, keeping in mind sensitivities that may be associated with staff involved in the recent critical incident. Of course, if there have been no incidents of note, the critical incident plan should be reviewed annually and, where required, modified to ensure it remains relevant. Any modifications or actions taken should be formally recorded as evidence of responsible activity and continual improvement.
Litigation involving critical incident management systems, including organisational responses post-incident, provide some further guidance. The following two cases highlight the importance of appropriate measures post incident. In Cahill v NSW Department of Education and Training, a male teacher’s aide was working with a female colleague. Both were employed at a Juvenile Justice Detention Centre and subject to critical incidents involving violence by detainees. During the first violent incident, personal duress alarms were activated by the teachers with no response, hence they were left alone to deal with a violent detainee. The violent detainee left the area, but returned a short time later with another detainee and further threats of violence were made. Again, the duress alarm activation did not result in support. Further, there were limitations in support, including counselling, for the workers after the incident. Both teachers took sick leave and were later diagnosed and treated for psychological injuries. The court found, amongst other things, the injuries were a manifestation of work, there was an unsafe system in place and there were deficiencies post incident that included failures in debriefing and counselling. In Howell v State Rail NSW, a worker employed at a railway station was required to attend a suicide a short distance from the station where a female had thrown herself in front of a train. His duties at the scene included to take charge, protect the site and supervise the transfer of the body. His employer had procedures in place that included ‘Trauma Group Debriefing’ where the importance of critical incident debriefing and counselling were recognised. It was agreed this activity should preferably occur within 48 hours of an incident. The court found, amongst other things, that the employer engaged a psychologist to conduct a debriefing; however, the session was not conducted face-to-face but rather over the telephone. Further, the psychologist failed to follow-up by meeting with the worker formally at some later stage, although State Rail expected this to occur. The court found for the worker.
These two cases highlight the importance of a carefully thought through approach to post-incident actions that include support for individuals involved or exposed to critical incidents. Conclusion Although Australia is a relatively safe democracy with high workplace safety standards, critical incidents are a risk that need to be considered in the development of an organisational critical incident strategy. This strategy must include formation of a critical incident management team supported by operating procedures. A system for critical incident management must include post-incident actions that have been carefully thought through and formalised. Areas that need to be considered within postincident actions include staff welfare through debriefing and support, in addition to system review and testing. Adopting a strategic and formalised approach means risk to the organisation, staff and, therefore, the local community are minimised. For a full list of references, email info@interactivemediasolutions.com.au Dr Tony Zalewski is a director of Global Public Safety and a forensic security specialist with qualifications in law, criminology and the social sciences. He provides advice and training to governments and the private sector in Australia and abroad on matters relating to operational risk, security and safety. He is also an expert with practical experience in some of Australia’s leading civil actions involving security and safety.
Whilst every effort has been taken to ensure its accuracy, the information contained in this article is intended to be used as a general guide only and should not be interpreted to take as being specific advice, legal or otherwise. The reader should seek professional advice from a suitably qualified practitioner before relying upon any of the information contained herein. This article and the opinions contained in it represent the opinions of the author and do not necessarily represent the views or opinions of Interactive Media Solutions Pty Ltd or any advertiser or other contributor to Security Solutions Magazine.
SECURITY SOLUTIONS 059
FEATURE ARTICLE
060 SECURITY SOLUTIONS
Governance Of Emergency Incident Management
SECURITY SOLUTIONS 061
FEATURE ARTICLE By Neil James Much contemporary discussion on the command and control of emergency management tends to focus on responsiveness and effectiveness at the tactical level, either at the incident or supporting it from elsewhere. Or it addresses how well the relevant operational headquarters supervises the handling of the incident and the management of the wider and often inter-agency support required. Requisite attention surely needs to be focused higher up the control and accountability chains. This chiefly concerns the structure of ministerial governance of the agency or agencies concerned and the legislation under which they operate. In other words, are they actually fit for purpose and how can this fitness be best maintained? At both state and federal level, there appears to be insufficient attention paid to ensuring such fitness for purpose, particularly amid the other considerations that influence ministerial reshuffles and terms of office, or the priority afforded the relevant machinery-of-government legislative amendments in parliamentary programs versus those bills perceived to bring immediate electoral or other political benefit. Background Until the mid-1970s, most contingency and other emergency planning by federal and state agencies concentrated on three broad areas in rough order of likelihood: natural disasters (fires, floods, cyclones and so on); bombs and bombs hoaxes; and wartime counter-sabotage and counter-espionage measures. As modern counterterrorism measures became increasingly added to this mix from the mid-1970s onwards, they initially built on the structure and culture of existing emergency management procedures. Moreover, as terrorism threats were then largely foreign inspired rather than domestic, and mainly involved the threat of bombings, assassinations or siege–hostage incidents, in practice, they largely fitted within existing frameworks for policing and security–intelligence prevention and response. With a Westminster-system constitution and political culture, and legal and criminal justice systems based on British common law, Australia initially followed British practice – itself evolving from Northern Ireland experiences from 1969. By the mid-1980s, the quality of potential
062 SECURITY SOLUTIONS
operational responses to terrorism risks had improved. Army bomb squads in the capital cities and some regional centres with large Australian Defence Force (ADF) bases provided efficient backup to federal and state police forces. The Army’s Special Air Service Regiment (SASR) was well practised and generally well equipped to supplement the armed response resources of police forces should this be required. The larger state police forces developed special operations groups to improve their armed response responsibilities. There was a National Anti-Terrorist Plan (NATP), a Standing Advisory Committee on Protection Against Violence (SAC-PAV) coordinating federal and state/territory actions (and their funding), and regular exercises to practise and test tactical and operational-level responses. The security needs of the Sydney Olympics in 2000 brought some updated legislation, but much of this had sunset clauses. Cultural Inertia Underlying cultures remained an inhibitory factor in important aspects. First, instead of developing modern statutes to provide an adequate legal basis for resolving terrorist siege–hostage incidents when armed military assistance to police forces is necessary, old attitudes and habits died hard. Federal and state lawyers were long besotted with justifying such action by resorting to complex legal arguments involving principles and precedents stretching back to 18th century riot control and other military aid-to-the-civil-power. Second, siege–hostage contingencies involving terrorists were generally regarded as simply bigger and more complex versions of the type of hostage incident that police forces frequently encountered in dealing with family disputes involving threatened or actual violence. Such family disputes were and remain mostly resolved by negotiation, rather than force. Terrorists were then perceived as mostly taking hostages as bargaining chips. The similarity reinforced existing law enforcement attitudes. It also reinforced the attitudes and procedural habits adopted by ministers relying on advice from their legal and police experts, and believing that such measures and their ministerial authorisation would be either infrequent or not needed at all in practice.
Third, the conduct of modern politics changed faster than, and in ways often unhelpful to, best-practice ministerial governance of complex emergency management responsibilities. Modern Dilemmas Among other things, the effect of the Internet on daily lives across the world, the rise of social media, increased incentives and opportunities for international travel, and the rise of Islamist extremism and terrorism due to a religiously inspired ideology, have all changed this situation. But Australia has been slow to change in response, not least because some of these influences have also triggered distracting effects at the popular and political levels. Until the 1980s, emergency and contingency measures adopted by Australian governments were largely accepted by a population who had experienced wartime risks and by their children. The long peace since 1945, however, has now led to both greater public complacency and cynicism about the necessity of such actions. The Islamist terrorist attacks in New York, Bali and London, and the trial and conviction of numerous terrorist plotters in Australia over the last two decades, brought some updated legislation and some thought about updated ministerial authorisation procedures. But this has largely related to preventative measures such as electronic surveillance, data retention, preventative and post-sentence detention, and tweaks to the applicability of Australia’s treachery and citizenship laws. A key modern dilemma is that, in a bombing or siege–hostage incident undertaken by Islamist terrorists, the killing of civilians, rather than subsequent successful negotiations on an issue, are the intent of the attack. Furthermore, the Islamist ideology driving the terrorists leads them to welcome their own death as religious martyrdom, and the deaths of those bombed or taken hostage as of no consequence morally or practically. In such circumstances, reliance on negotiations as the primary or only solution seems pointless, and indeed additionally dangerous, unless valid doubts are held about the religious zeal of the terrorists concerned or, in the case of a lone terrorist, the effect of any mental health issues. The Lindt Café terrorist attack, and the inquest into it, has drawn attention to areas
Requisite attention surely needs to be focused higher up the control and accountability chains. This chiefly concerns the structure of ministerial governance of the agency or agencies concerned and the legislation under which they oper ate.
where the updating of emergency control thinking and requisite responses has clearly lagged behind modern understandings and assessments of the risks. At the tactical level, the NSW Police adopted a negotiation strategy, probably because they doubted the degree of Islamist zeal in such a recent convert to Sunni Islam and/or his mental stability. But, even if a negotiation strategy was valid – and they never obtained direct communications with the terrorist – their negotiation capability was seriously hampered anyway because their Commonwealth-funded specialist communications vehicle (provided under SACPAV resourcing) had worn out and not been replaced from NSW resources because of local priorities. At the operational and tactical levels, there also appears to have been insufficient priority given to planning and, if necessary, executing a deliberate action (DA) to forcibly end the siege and rescue the hostages. This meant once the first hostage was murdered, thereby automatically invalidating continued negotiation attempts, there was no alternative to initiating a far riskier (for all concerned) immediate action (IA). For whatever reason, there also appeared to be a reluctance to request specialist military assistance from the federal government, particularly for the execution of a DA. It is not clear whether this emanated from NSW Police command or ministerial level, or how much this may have been due to police overconfidence in negotiation as the best response for cultural as opposed to operational reasons. It is also unclear whether it eventuated from insufficient police and ministerial understanding of the necessity, or qualitative ability, of the ADF to mount such a DA given extensive operational experiences raiding highly defended premises overseas since the Sydney Olympics era. In terms of public confidence, testimony at the inquest from senior NSW Police commanders has not been clear or indeed encouraging in this regard. Finally, the effect of modern political practice, and media-driven popular culture generally, has had highly unhelpful effects on ministerial governance of emergency
response capabilities where significant armed force is involved. Ministerial reshuffles at both state and federal level are more frequent. Ministerial terms are often shorter, especially for competent ministers in junior portfolios who prove their competitiveness for promotion to a senior one. This necessarily affects the time available to establish proper ministerial grasp of a portfolio and, in the case of emergency management, to personally practise such responsibilities in demanding exercises before having to make decisions for real in an actual emergency. It also detrimentally affects the ability of ministers to recognise where legislation needs to be updated, and have the time to convince prime ministers and premiers of its legislative priority and steer it through parliament. Another and seemingly larger problem is that the allocation of ministers to portfolios often now appears to pay far more attention to a range of personal, factional and party loyalty factors than it does to the suitability of a minister for a demanding portfolio involving complex emergency management understandings and skills. Finally, the number of ministers allocated to portfolios now seems to be more due to perceptions of electoral or factional advantage than to the actual governance needs of the portfolio. At the federal level, the Department of Defence, for example, has less ministers than the size, span and complexity the portfolio requires, especially when benchmarked against relevant overseas examples. At state level, the recent NSW decision to split counterterrorism responsibilities from the police portfolio has yet to be clearly explained, especially in terms of how this might strengthen rather than weaken ministerial governance. In terms of emergency management, particularly where the type of risk or incident requires the application of state-sanctioned armed force, it is just as important to modernise ministerial governance and the relevant legislation as it is to update the operational command and tactical capabilities required. Neil James is executive director of the Australia Defence Association.
SECURITY SOLUTIONS 063
LOSS PREVENTION
064
4 ToSteps Developing A
Loss Prevention Plan To Deal With Busy Sale Periods By Daniel Pinter Sale times create unique challenges for LPMs (loss prevention managers). These periods typically involve very large crowds of people trying to move through the store competing for bargains. This air of excitement and anticipation can create safety and security challenges that are simply not present during everyday store operations. Safety becomes an even more prominent priority for the LP (loss prevention) team, with additional resources required to manage the risks. Organised criminals see this as a lucrative opportunity to target stores and become even more active. Their planning starts months before the sale begins, and so must that of LPMs. The key to LP success is effective planning and the purpose of this article is to help LPMs in address this challenging but necessary task. The Importance Of A Plan LPMs know that sale periods bring unique challenges and therefore the store team needs to be prepared specifically to deal with these. Large sales are ‘unusual’ to say the least. They create an environment that the store operatives are not used to, with a new set of challenges and stresses. By creating a storewide LP plan that identifies the groups that will be affected by the sales period, and more importantly addresses what these groups can expect and how they should react, the LPM is making sure that the increased opportunity for losses during this period is proactively managed.
The significant benefit of having a plan that is documented in detail is that it can be implemented over and over again as required. The significant work of planning and documenting usually only has to be done once; LPMs are able to use this as a starting point for any future planning requirements. The plan is flexible and any adjustments can be made as required. As LPMs learn from each particular event and update the plan as a result, the plan gets more effective after each application. This article is restricted in length and therefore will focus only on the area of the LP plan that specifically relates to the LP team; however, the four-step planning process is introduced. Step 1 – Develop A Store LP Strategy The number one task when preparing the LP plan is to develop an overarching LP strategy with the involvement of senior store management. To have a plan that will actually be executed by all parties, there must be buy-in from senior management and developing the priorities of the plan together is by far the most effective way to achieve that. The LPM will most often be the person who proposes the priorities by identifying the potential risks and their consequences, but it is through the input of management that the plan becomes a real set of objectives with true commitment of implementation. Step 2 – Identify Stakeholders The next step is the identification of all relevant stakeholders that need to be involved or considered during the preparation. Usually, the key stakeholders for LPMs will include management,
065
LOSS PREVENTION
store staff, customers and police. Depending on the set of challenges, others that may also be considered include suppliers, centre management, warehouse and maintenance staff and so on. These groups will not be discussed in this article but they play significant roles during sales periods. Step 3 – Develop And Roll Out A Plan For Each Stakeholder Group The next step is to ensure that each stakeholder group is considered individually and a plan is created specifically for that group. This article will concentrate on the plan relating to only the LP team but a plan will need to address the wider group of stakeholders. The LP Team Plan 1. Rostering Typically, an LP team plan for busy sale days will have to identify the resources required and how those resources will be utilised. There are a number of factors that will impact the rostering requirements, including the roles and responsibilities that the LP team will be required to carry out. For example, if the LP team need to ensure crowd safety and will be positioned at exit and entry points, lift entrances, top and bottom of escalators, next to areas of the store identified as high risk, then that will require a significant increase in LPO (loss prevention officer) numbers. In these cases, LPMs will develop a number of rostering options; usually one of them is a worst-case scenario and maybe two others that utilise reduced numbers of LPOs. This will ensure that no matter what the risk profile and the final agreed budget, a plan will already exist. Rostering will include time for officer briefings, lunch breaks, control room operations and supervisors, and contingencies for when LPO numbers are affected. 2. Roles and responsibilities The better the plan for the sale, the easier it will be to manage the LP operations. Each type of LPO posting (including that of the LPM) requires the preparation of specific roles and responsibilities and these should be available as handouts to be provided to the LPOs. They should include the priorities and the specific tasks of each role, along with general information about what to do in typical safety or security situations, who to contact and how, and even what to do for lunch breaks and toilet breaks.
066
Contract LPOs who are unfamiliar with the stores will find this information invaluable and their management on the day will be that much easier. Supervisors from the contract company should always be utilised when large numbers of contract LPOs are present. It will be their responsibility to deal with any personnel issues, organise breaks and conduct briefings. Contract LPOs are usually posted in static positions around the store with specific responsibilities, whilst in-house LPOs (with excellent knowledge of the store) are posted in more dynamic roles around the store, checking high-risk areas and responding to calls for assistance. On the day, management of the operations should be run from a centralised control room. This is where the LPM, store managers, supervisors and the police are able to meet to discuss and adjust strategies whilst observing the shopfloor via CCTV cameras. This centralised control room will also be utilised as the communications centre, receiving calls for assistance and managing radio traffic. A communication plan will be required outlining clear steps of how potential issues will be communicated to key decision makers. 3. New challenges Criminal activities thrive during sale times and this must be addressed in advance. Organised retail crime will always increase. Criminals will begin planning early for the sales periods and so must LPMs. Target merchandise will need to be identified through good intelligence and a review of trends. Refund fraud will also be on the increase (usually post sales) and LPMs will need to work with other store teams to prepare them for this threat and help them devise an effective response. Remember to prepare for all possible contingencies. An Example Of How LP Strategies And Tactics Change During Sale Periods: Apprehensions During a sale, when stores are packed with excited shoppers and it is at times hard to move from place to place, the use of covert officers can significantly lose its effectiveness. The main role of covert officers is to detect and apprehend shoplifters, but during sale times this task becomes a hard one to execute. Coverts will find it difficult to move through large crowds and maintain constant surveillance of suspects before and after an offence takes place. But even more
importantly, apprehending offenders brings with it a new set of challenges and consequences. For example, take a simple scenario where a couple is detected concealing seven pairs of jeans into a plastic bag. To continue to observe this couple is risky, as losing them in a large crowd happens easily. Even if they are observed leaving the store and LPOs are able to stop them, taking them back through the crowd into the LP office is often a challenge. Once back in the office, the time taken to process and supervise the offenders has a serious impact on the number of LPOs available to be on the shopfloor. After all that, the police will need to attend to process the offenders and normally this can take up to a couple of hours, but during sale time the police are bound to be busier themselves, extending the waiting time and keeping LP resources off the shopfloor. An alternative approach may need to be implemented during sale times. For example, when the couple is detected concealing merchandise, they may be approached immediately, the items placed back on the shelf and, where possible the details of the persons be recorded right there and then. The couple can then be escorted from the store, with clear CCTV images taken of them for use in future intelligence reports. If this type of strategy is implemented, the LPM could make the decision to place some or all of their covert officers into uniforms during the busiest days of the sale, utilising them in a deterrence capacity. Step 4 – Review, Learn And Document Finally, as part of any planning process, it is important to review how the plan performed in all areas. The LPM learns from every experience, so post-sale review is important, and the plan should now be updated. This is a critical step that will ensure that lessons learned are documented and the effectiveness of the LP efforts for any future sales will be enhanced. Documenting everything will make the LPM’s job easier for future sales, as the plans will already exist and will only require implementation, rather than development from the ground up.
Daniel Pinter is a security consultant with extensive security industry experience across a number of sectors, including retail loss prevention, university security and risk management. He can be contacted via email at daniel@ThePinterGroup. com, or find him on Linkedin.
KeyWatcher is a reliable and extremely easy to use electronic key management system, designed to prevent mismanaged, misplaced, or stolen keys. KeyWatcher eliminates outdated metal boxes, unreliable manual logs and messy key identification tags utilising a computerised storage cabinet. The system releases keys only to the individuals with correct authorisation, recording each user transaction and providing total system accountability.
KEYWATCHER SYSTEM OFFERS to 14,400 keys and 10,000 user per site l “Site” concept uses a common database l Numerous high level interfaces for access control, contractor management and vehicle fleet systems l Longer user IDs can be up to any 6 digits, plus a 4 digit PIN l Bright 7” full colour, touch screen l “Key Anywhere” allows keys to be returned to any KeyWatcher Touch within a site l On-screen guides for users, along with voice commands l Up
Available in Australia through: AST Pty Ltd T: +61 2 8020 5555 | M: +61 417 089 608 | F: +61 2 9624 7194 E: di@astpl.com.au | www.astpl.com.au
SECURITY SOLUTIONS 067
FEATURE ARTICLE
Houston: We Have A Problem!
068 SECURITY SOLUTIONS
SECURITY SOLUTIONS 069
FEATURE ARTICLE
By Jo Stewart-Rattray The recent film Hidden Figures tells the story of the impact three African-American women had on the National Aeronautics and Space Administration (NASA) space program in the 1950s and 60s. The movie highlights the struggle these women experienced working in a maledominated industry. Fast forward to 2017 and women are still vastly underrepresented in the science and technology industries. I recently met a young woman in Ireland who was working toward a technology-oriented degree, and she recalled being among three women in her course at the beginning of the semester. By the end of the semester, she was the last woman standing. The student suspected that her female classmates wavered on continuing their course of study because their classes were so male dominated. I can empathise, having experienced more than my share of conferences and board meetings lacking female presence. A report by Payscale (Inside the Gender Pay Gap) finds only 21 percent of executives in the technology industry are women, despite the evidence that diversity in the workplace leads to greater innovation and profitability. Recently, ISACA’s report The Future Tech Workforce: Breaking Gender Barriers identified the top barriers women face working in IT as: 1. Lack of mentors (48 percent). 2. Lack of female role models in the field (42 percent). 3. Gender bias in the workplace (39 percent). 4. Unequal growth opportunities compared to men (36 percent). 5. Unequal pay for the same skills (35 percent). While some women are more comfortable than others being vastly outnumbered, the shortage of female mentors and role models in the technology sector poses a major concern. Additionally, women have still not reached wage parity with men. According to the Payscale report, women are paid 18 to 22 percent less than men. Unfortunately, Australia and New Zealand ranked highest in the ISACA research for pay gap disparity, with 80 percent reporting that male colleagues tend to be paid more compared to 53 percent in Europe and 42 percent in North America.
070 SECURITY SOLUTIONS
Further compounding the problem is the global need for skilled cybersecurity professionals. According to the ISACA State of Cybersecurity 2017, 59 percent of organisations say they receive at least five applications for cybersecurity job ads, compared to most job ads that receive 60 to 250 applicants. Additionally, fewer than one in four applicants have the qualifications an employer needs. The study also found that over 25 percent of respondents say it can take up to six months to fill a cybersecurity position. Given the urgent needs of organisations and governments to hire skilled professionals to address the constant barrage of cyber threats they face daily, the solution seems obvious. Encouraging women in all facets of technology roles, but especially cybersecurity, could greatly improve the current skills gap. A Silver Lining in Australia’s Cybersecurity Needs? They say admitting there is a problem is the first step in fixing the problem. Thankfully, I believe the Australian tech industry has officially woken up and recognises the need to address gender diversity. I am constantly questioned by an everincreasing group of men at conferences asking what more can be done to encourage women to join them in their careers. Most have partners and daughters who are interested in careers in IT security. And I am resolute in my response: we must address the underlying problems. To address this gender gulf is everyone’s responsibility – men, women, employers, educators and industry associations. After researching and discussing the issue with industry peers, here are my recommendations to address the problem: Establish a mentoring program and seek role models: These were the two biggest barriers faced by women in the technology workforce, according to the ISACA survey, but they can be quickly and cost-effectively addressed. Women should be encouraged to be confident and persistent in pursuit of their technology careers, and a mentor in the field – whether male or female – can be the most effective person to make that case. Providing mentors and role models helps to achieve goals and share knowledge, improves
employee retention and job satisfaction, and increases productivity. Create a culture of corporate diversity: There is a scene in Hidden Figures in which one of the NASA scientists asks Mary Jackson, “If you were a white male, would you wish to be an engineer?” To which Mary replies: “I wouldn’t have to, I’d already be one.” According to ISACA’s survey, only eight percent of women said they never experienced gender bias in the workplace, and only 22 percent of women believe their employers are very committed to hiring and advancing women in tech roles. Blind recruitment and reviewing promotion policies are a good start, but gender diversity needs to be acknowledged and addressed from top leaders within the organisation in order for women to feel like their work and contributions are worthwhile. Ookeditse Kamau, CISA, MBA, CIA, CRMA and IT internal auditor, said companies should, “Embrace a culture that does not make it feel like women have to work harder than a man to get the job.” Cultivate tertiary students: Students are not always aware of the job opportunities that are available to them. According to Girls in Tech MasterCard research, which surveyed teenagers in Australia and Asia about Science, Technology, Engineering and Mathematics (STEM), young Australian women are the least interested in these subjects compared to the rest of the region. If a greater level of interest cannot be sparked, the cybersecurity skills gap will continue to increase. Organisations should consider creating an outreach program or internship program with a local university. Actively speak with professors to find out how they are engaging their students to get involved and remain interested in a course, and ask what the business can do to assist. Businesses need to profile IT security career opportunities so that there is an even greater pool of talent. Through this active engagement, students will be able to see the possibilities. Provide the right education and tools for the job: According to Girls Who Code, the proportion of computer science degrees obtained by women has dropped 20 percent since 1984 to a mere 18 percent. There are programs underway to address this, including that by Melinda Gates of the Gates Foundation, who is exploring ways
By providing more opportunities, including career advancement programs, long overdue progress can be made in ensuring that women are more equitably represented in the technology workforce.
to make computer science more appealing to women. After university, women need the same kinds of training and support as men in order to succeed in their careers. The ISACA research shows that only 57 percent of women feel they have access to those important resources. The numbers are similar when women were asked if they were getting appropriate feedback for their work and training. Investing in performance-based mechanisms for hiring and retention can help organisations assess the performance level of all staff, and onthe-job training can be provided to keep skills current. Establish career advancement programs: Even at a time when more women are urgently needed, women still deal with too few career opportunities and too many barriers to advancement. By providing more opportunities, including career advancement programs, long overdue progress can be made in ensuring that women are more equitably represented in the technology workforce. Organisations should actively identify women from within their organisation with tangible skills to move into cybersecurity positions, which can incentivise and motivate employees. Provide flexible working options: Providing flexible working arrangements is another important component of addressing the gender disparity. Having ‘Keep in touch’ days when women are on maternity leave, in addition to encouraging professional development opportunities such as webinars and online courses, are other worthwhile ways to ensure that women remain connected to the organisation while on leave. Work-fromhome arrangements are an easy option for all employees, empowering and motivating them to manage their own schedules around their personal and work life. The ISACA survey findings reinforce that while many people are aware of the issues within the industry, there is much work left to be done. Women are vastly underrepresented in the global technology workforce. This is not only a societal concern, but also a workforce problem, given the critical shortage of skilled technology professionals faced by many enterprises. In addition to promoting a more just society, enterprises have bottom-line motivation to hire and promote women. Research from The
Encouraging women in all facets of technology roles, but especially cybersecurity, could greatly improve the current skills gap. Peterson Institute for International Economics and EY (Is Gender Diversity Profitable? Evidence from a Global Study, 2016) shows that an organisation with at least 30 percent female leaders could add up to six percentage points to its profit margin. A challenge this large can feel overwhelming, but there are steps everyone can take to make meaningful progress. With determination, the day will come when classrooms, offices and boardrooms are filled with empowered women ready to make their mark on the technology workforce. Jo Stewart-Rattray has over 25 years’ experience in the IT industry. She specialises in consulting in information security issues with a particular emphasis on governance in both the commercial and operational areas of businesses. Jo provides strategic advice to organisations across a number of industry sectors including banking and finance, utilities, automotive manufacturing, tertiary education, retail and government. Jo heads ISACA’s Connecting Women Leaders in Technology, and chairs the Branch Executive Committee of the Australian Computer Society. She is also past chair of ISACA’s Audit Committee, Leadership Development Committee and Security Management Committee.
SECURITY SOLUTIONS 071
AVIATION ALARMSSECURITY
072 SECURITY SOLUTIONS
Expectations in an Emergency
By Steve Lawson When the theme of this edition, After the Atrocity, was proposed, my first thought was that I have done a few similar articles recently, but then I considered my involvement in the responses to a number of atrocities and the issues they had in common. Firstly, exercises and training are rarely accurate. That is not because they are not developed from real experience, or that they are not done with the best of intentions; they are just not real. Given time restraints, they miss vital issues, such as the confusion that happens immediately after an incident. The best exercise I remember was back in the days of Australian Airlines when the airline hijacked one of its own aircraft! An exercise cannot be made completely real, so the crew and passengers were all volunteers and the whole network knew that there would be an exercise involving a hijacked aircraft. The aircraft was a B727 and, if I recall, it departed Melbourne and the ‘terrorists’ were members of Defence. The terrorists were the only ones who knew what would happen and where the aircraft would be taken. The whole thing was filmed and afterwards turned into a documentary-style video. It was early in my aviation security career and it made a great impression on me. I recall a couple of interesting scenes. The captain said that he had spent his whole career secure in the knowledge that the flight crew was in command of the aircraft, especially in an emergency or similar incident. Even though he knew something would happen, someone erupting into the flight deck with a firearm, shouting and telling them to put their hands on the combing was confronting and mindnumbing. No previous training prepared him for that level of shock. Another was the customer service manager (CSM) in charge of the cabin crew, who said that his training had always focused on him negotiating with any terrorists but, in this exercise, he was handled quite roughly and had no chance to negotiate at all. Eventually, the aircraft landed (I think in Sydney) and the part of the exercise that involved the police and army trying to resolve the incident started.
SECURITY SOLUTIONS 073
AVIATION ALARMSSECURITY
Those exercises still happen, but you always know where the exercise aircraft will be and have time to prepare, whereas in this exercise, that was up to the terrorists. Readers will have seen the images of terrorists using passengers to impress the authorities with their ‘determination’ – they shoot someone. In this exercise, the terrorists selected the most junior cabin crew member and told her to select a passenger. I remember her saying that training always emphasised that she should follow the lead of the CSM but, in this case, they handled her reasonably roughly and told her not to even look at the CSM and pick someone. Eventually they picked someone and shot him. The passenger that was shot was an actor; I am not sure explaining a real ‘kneecapping’ to the insurance company would have been easy. This hijacking exercise was as realistic as possible, but I have been involved in some that were wildly unrealistic. Remember, you should train as you do, not as you want. The first was an emergency exercise where an aircraft had crashed on approach and landed early on a major road before sliding onto the airport and coming to rest. It was supposed to happen at 6am on a Sunday morning. The ambulance representative was a senior person in the Ambulance Service and he said that he would be in their operations centre at the time. He then laid out the actions he would take and things he would authorise. There were a couple of us who said that was unrealistic, that no one of his rank would be in the control room at that time and it would be someone junior making decisions, but he was adamant. He then gave response times and capabilities for the hospitals that were also unrealistic. At that time, he was stopped by a doctor who said something like, “Well I am in charge of those areas and unlike you I will be in bed at 6am on Sunday and I can tell you it will take me an hour to get on site and that none of the hospitals you have mentioned have the capability to handle that many casualties in that time frame.” I will not say the ambulance representative wrecked the exercise, but it showed either unrealistic expectations of their capability or perhaps a lack of confidence in his staff. The second was another hijack exercise. In this one, an aircraft was supposed to have left Melbourne airport and, within 15 minutes, terrorists attempt to hijack the aircraft. They had
074 SECURITY SOLUTIONS
not breached the flight deck door, which at the time of the exercise were armoured. According to the exercise, the aircraft immediately landed at a regional airport. I did comment that in reality the aircraft would have returned to Melbourne and, if the crew had spoken with us, we would have told them to clear the runway ASAP and, as distasteful as it sounds, we would have told them to leave the aircraft via the flight deck emergency escape. The reason for that was that it made the aircraft useless to the terrorists; they could not move or fly it if there was no one able to operate the aircraft. Anyway, it was just a comment, but a rep from the government jumped in with a, “Yes, we would be involved in that decision”, at which point I thought, “In 15 minutes?” I do not think so – we would have been lucky to have been involved, never mind anyone else. That is a segue into my final point about after the atrocity – government. This is especially an issue in aviation when the incident may be anywhere on the planet. I also know this will be disputed by people in government, but the response by government is one of the most frustrating issues in any incident. It is not that they intend to create problems, but there tends to be a reasonable amount of rear-end covering, both at a department level and politically, and, more annoyingly, posturing by different arms of government. My best example is still the response to September 11. As I have covered in earlier articles, I was on one of the first flights from LA into New York after the attack and, as expected, it was a little chaotic. Aviation security was then under the auspices of the Federal Aviation Administration (FAA), but the attacks were seen by many departments as an excuse to show how they needed an increase in budget or control, how much more active they are in the terrorist sphere and how patriotic they are! One of the more difficult things to manage was the competing expectations of the different players. For me, it came to a head when I later flew from Sydney to New York for a ‘major’ announcement by the Food and Drugs Administration (FDA) regarding biosecurity. The briefing was in Washington and broadcast to other nominated locations to which we were invited. With our local management, I sat and listened to the FDA announcement, which was basically that they wanted the contact details
of any facility handling food and so on entering or crossing the United States. I am not sure if it was jet lag, but I did say quite loudly that I had just flown half way around the planet because the FDA had lost its phone book and I was unsure how that equated to a biosecurity announcement. So, having been to a number of ‘after the atrocity’ incidents, I have this: • The offender has a major vote in how things will unfold. • Nothing goes as planned. • The people who will make the first decisions are lower in the organisation than most plans dictate. Junior people are usually forced to make decisions way above their training, capability or pay grade. • The first thing that happens after an incident is that your mind turns to mush and needs a quick restart. • Training, while vital, can give a false sense of capability or realistic expectations. It is important, but it needs to be very realistic. • Politics always plays a role. Can readers recall the scene in We Were Soldiers when the colonel grabs the lieutenant deploying with his squad off the helicopter and says, “You are dead,” then he asks the sergeant, “What do you do?”; no answer, so he says, “You are dead”; to the next in command, “What do you do?” Having made his point, he then tells them to make sure that each person knows how to do the job of the person above and below them. Welcome to an emergency. Steve Lawson has over 20 years of experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on: 0404 685 103 or slawson@avsecconsulting.com
Contact us on 1300 364 864 Follow us on
Delivering Proven Solutions for Security & Safety We Protect People & Assets SECURITY SOLUTIONS 075 www.magneticautomation.com.au
076
Protecting Sensitive Sites In A Changing World By Laurie Mugridge
In the wake of various terrorist attacks that have been carried out around the world in recent years, sensitive sites are facing a broader range of potential threats than ever before. These atrocities have been characterised by their unexpectedness and the difficulties involved in protecting against them. As a result, businesses are re-evaluating their defence systems in search of a complete security solution, but it is important not to ‘panic buy’. Implementing a poorly thought out security strategy could put a site at even greater risk, especially if the existing system flaws that contributed to the recent devastation in Europe, the US and here in Australia are not considered. So, how can security professionals and the businesses they serve remain protected in a new world? The key could lie in understanding what makes terrorism in the 21st century so difficult to combat. The Changing Face of Terrorism Recent attacks around the world have highlighted the risk of ‘lone wolf’ terrorism and have revealed holes in global security infrastructure as well as understanding of the threat itself. Countless examples spring to mind, including the 2016 attacks in Nice and Orlando, the 2017 Quebec City mosque shooting and the 2014 Lindt Café siege closer to home in Sydney. These shocking events represented a seismic shift in how targeted strikes are carried out, and are a world away from the highly strategised approach of organisations like Al Qaeda. A report on the changing face of terrorism compiled by Aon breaks down many of the recent attacks and identifies two key groups of perpetrators, which provides a clue as to why traditional forms of security have struggled to cope with these strikes. These two sets of potential attackers are categorised as returning extremists and homegrown radicals.
Returning extremists typically arrive from a conflict zone and are more directly aligned with the strategies of groups such as Islamic State. These individuals are usually known to local intelligence agencies and they often have combat experience as well. Home-grown radicals, on the other hand, are young, heavily influenced by social media and have likely been influenced by extremist literature online. While they do not have the same training or expertise as returning extremists, they are far less visible to local authorities. There are many differences between these two types of perpetrators, but what they have in common is the one characteristic that perhaps gives contemporary terrorism its greatest strength. This is the simple fact that these individuals operate alone, allowing them to be unpredictable and commit an attack anywhere, at any time. For this reason, they are known as lone wolves. A New Threat, with New Intent It is not just the perpetrators of terrorist attacks that have changed. With less operational power and a more off-the-cuff approach, focus has shifted away from the government and financial sectors towards easier targets such as businesses or venues in civilian areas. The Aon report identifies that, on a global scale,
SECURITY SOLUTIONS 077
businesses are affected by terrorism twice per day, while the company’s Director of Business Development and Network Relations within Crisis Management, Scott Bolton, warns that civilians are now the primary target, with the goal of an attack being to create chaos, fear and anger. “These new attacks are about terrorising a community and widening ethnic and religious divisions within the target country. Their aim is to attract and push further disaffected individuals to the cause, while deepening existing divides,” he summarised. This perspective was echoed by former Central Intelligence Agency (CIA) officer Jack Rice following the vehicle attack in Nice, “There was a time when attacks were taking place directly from the likes of ISIL or Al Qaeda and you could follow the link, you could see what they were doing and there was a command and control structure. What you’re seeing now frequently is attacks based on inspiration. The real problem is that it is almost impossible to stop an inspired attack that is low-tech. Because – where do you start?” Securing Sensitive Sites in the 21st Century The big terrorist attacks touched on in this article all have one thing in common. They may have occurred on opposite sides of the world, using different weapons, but they all were completely unexpected, at least for the targeted groups or locations. This unexpectedness is what makes a lone wolf so difficult to protect against, and the only real solution is to be aware of the potential threats and be constantly on guard to defend against them. This approach has seen the security industry return to physical defence measures, moving away from electronics such as biometrics systems and digital security. Of course, the interconnected nature of modern technology means that the two are heavily intertwined anyway. The difference today is that security needs to serve multiple purposes in order to cover businesses from all manner of potential situations. The success of modern security systems comes down largely to infrastructure and preparedness. Planning becomes essential, with the approach used at a specific site dictated by what goes on there, the surrounding
078
environment, reaction capacity, potential damage and the extent to which the flow of property and people can be controlled. In addition, systems need to meet certain certified protection standards and be maintained with a high level of service after installation. Existing security measures that have worked in the past may need to be upgraded to meet these requirements, with Aon’s study concluding, “Employers should consider reviewing security and the training tools available to educate their people about active response. Without preparation, there remains the potential for liability and casualty claims in the event that the worst should happen.” The InfoSec Institute reiterates this importance of planning when designing security, stating, “Without proper planning, there are chances that the implementation is doomed to fail. Buying padlocks, alarms and CCTV cameras without identifying the strategic locations and the barriers doesn’t solve the security issue.” Deter, Delay and Defend The resources used in a defence system should complement one another, providing multiple levels of security in the event of an attack on a specific site. The Gunnebo approach is to design a set of measures for existing infrastructure to prevent and counter threats, or to minimise consequences if an assailant succeeds in penetrating a site. This approach can be broken down into three key areas – deter, delay and defend. 1. Deter Deterrence is the ideal solution, and it can prove especially effective when combating inexperienced lone wolves who may be more easily dissuaded by the obvious challenges of attacking a site. Deterrents can be physical (gates or barriers) or more psychological (video surveillance), but both serve a similar purpose in signifying that a site is protected. A more extensive option is entrance control, with solutions that protect civilians and sites by regulating who can access the area. Different options will suit different locations, with speed gate turnstiles preferable for high-traffic areas, while higher risk sites may require airlocks or portals.
2. Delay If deterrent measures do not work, the next step should be to make an attack as difficult as possible. This gives staff, civilians and assistance services more time to react, respond and escape. Once again, entrance control works well here, providing a barrier to entry for the attacker, or an emergency setting for safe evacuation. Additional delaying options include everything from attack-resistant windows and doors through to crash barriers outside the perimeter. Security doors and partitions are also essential, as they provide additional obstacles for an attacker to overcome. 3. Defend Finally, there are the critical measures needed to protect the most valuable assets. A common approach is often referred to as the security onion, with layers of protection circling inwards from the perimeter of a building. At the heart of this onion sits the most extensive defensive solutions – safes and vaults. There are all sorts of different options here, including safes that are fire resistant and vaults which can withstand explosives and diamond core drills. As with the other aspects of the protection trident, the level of security required will depend on the site. These are unfamiliar times when it comes to securing high-risk sites from terrorist attacks. The dangers of a lone wolf are different to other threats, but by being prepared for any eventuality, it is still possible to design infrastructure capable of meeting the challenge. There may not be much that a business or site can do to resolve the problem of lone wolf attacks, but by taking steps to improve their systems and cooperating closely with law enforcement, it is certainly possible to minimise the potential impacts.
Laurie Mugridge is an expert in physical security, with more than 20 years’ experience in providing solutions to government, public and commercial buildings and sensitive sites around the globe. Laurie can be contacted via email Laurie.Mugridge@Gunnebo.com
NEW INT-QUADIP For PB- Series Quad Beams
IP INTERFACE MODULE
LAN/WAN
With the new IP interface module, our intelligent PB- series Quad Beams are as easy as IP cameras to install and integrate with leading VMS solutions.
VMS
Most intruder detection systems rely on legacy technologies which require a number of third-party products and man-hours to install. The INT-QUADIP module utilises infrastructures already in place with CCTV, Access Control, and other security systems; dramatically reducing installation costs whilst providing a fully integrated security system which can be easily expanded and configured as desired.
KEY SPECIFICATIONS ● ● ● ●
PoE Class 3 IEEE 802.3af VMS Compatible Direct control for cameras including: - Axis - Bosch - Hikvision - Sony
● Plug & play web browser interface ● No software installation required ● One cable installation
PB-IN-HF/HFA The ultimate in trouble free perimeter detection for distances up to 200m.
1300 366 851 www.seadan.com.au
PB-F/FA Single channel quad beams ideal for simple perimeter systems.
PB-IN-100AT Anti-crawl beam for high security perimeters up to 100m.
PB-KH TAKEX quad beam performance for use in beam towers.
(02) 9427 2677 www.sprintintercom.au SECURITY SOLUTIONS 079
PROFESSIONAL DEVELOPMENT
080 SECURITY SOLUTIONS
Understanding and Shaping Management’s Response To An Incidient By James Jordan
Security practitioners have for some time been enhancing and developing their ability to predict and prevent incidents from occurring to their organisations. With the increasing awareness of more advanced analysis techniques, such as risk management, they have also become more aware of their ability to influence the scale of the incident to reduce the potential for an atrocity to occur. To put this into current terminology, they have become better at reducing the uncertainty of risk and at controlling the likelihood of sources of harm as they exist before the incident has occurred. It is in the aspects of consequences that security professionals have yet to mature their thinking. With the acceptance of concepts such as ‘low as reasonably practicable’, practitioners need to consider that the risk has not been
SECURITY SOLUTIONS 081
PROFESSIONAL DEVELOPMENT
reduced to a point of elimination, but just to a point that the introduction of further resources would not have substantial benefits. In simple terms, this means the risk can still eventuate and, if it does, it will have the capacity to achieve all of the assessed consequences. It is in assessing these potential consequences that many fail to capture the risk environment. In the assessment of risk, there is a tendency to focus on the direct impact of consequences to the organisation and its assets in terms of how it will disrupt, degrade or make them unavailable. What is less likely to be considered is how they may affect the organisation, both internally and externally, after the initial impact. There are two key aspects which occur as a result of the disruptions, degradation or loss of an asset that need to be incorporated into a consequence analysis: • the ability to maintain capability • perception of the organisation externally and internally. The former is an aspect that has been growing in awareness with the introduction of concepts such as disaster recovery and business continuity management, which are topics for another day. The second is far more complex in that how the organisation and, more importantly, management, will react (or overreact in some cases) to an incident needs to be considered. Any risk that is realised will by its very nature have an impact on the organisation in some way. In all cases, this will elicit requests from management as to how and why the incident was ‘allowed’ to occur. It is also likely that this will require a response that whatever occurred is not able to happen again. If security professionals are not prepared for this, management may dictate a solution, as they often feel that they should be seen to be taking charge and doing something, with effects that can be seen quickly, particularly after an incident that has had a significant impact. This can result in a very kinetic type of response that does not consider the long-term impacts or the ability of the solution to have any measurable effect on the risk to the organisation. Kinetic refers to a control that is more likely than not to be physical in nature and is, generally, very visible, such as CCTV, fences and guards. An example of this situation is the recent
082 SECURITY SOLUTIONS
comment from the Prime Minister in regard to the Bourke Street Mall incident where he called for bollards to be introduced to address a “concerning vulnerability” for pedestrian areas across Australia (http://www.smh.com.au/ federal-politics/political-news/a-vulnerabilitywe-need-to-address-malcolm-turnbull-callsfor-more-bollards-in-melbournes-pedestrianareas-20170126-gtznfw.html). This is normally also followed up with questions about how security could have let such an incident happen. Note that care is required as to how management’s attention is brought to a previous risk assessment or briefing which states that the potential was identified and the decision had been made to not resource the solution. Coming at the situation with a gloating ‘I told you so’ not only looks unprofessional, but will normally not win any favours in the future. Equally, the security professional needs to be prepared with the answer to the question of why nothing was done to prevent a situation if the risk was not identified, needed resources not requested or the threat not identified at all. With all problems, there are a number of solutions that can be developed to prevent a similar incident from happening again. Most security professionals have started to consider options such as: would the cost of the infrastructure have the same effect as a change to police procedures, or is this a mental health issue? All options need to be given due consideration, but when the pressure is on to ‘fix the problem’, the security professional may not have the right information to respond effectively. One of the consequences that is unconsidered in these situations is the impact on available resources to the security profession in developing the idea into a solution. Not only will this take up valuable time during the recovery period, but also may potentially take financial resources away from other more valuable projects, both now and in the future – especially if management decided that the implemented solution has ‘fixed’ the problem, regardless of what was discovered with more careful and considered analysis. This is particularly true in organisations that may be subjected to budgetary controls or a management that does not like to see that it may have made a ‘wrong’ decision. What is needed initially is a solution to the
current risk, particularly with regard to how the expectations of management will be managed. Security may prefer to delay management’s ‘fix’ while a better solution is developed, taking into account the ongoing expansion in technology and the ability for wider communication. However, the potential for managers to place more pressure to have their decision enforced has increased. How management will react in a situation is an organisational risk, and security professionals must acknowledge and gauge what types of events will be more likely to elicit a potentially negative response in their assessments. This knowledge can then be used to determine how best to mitigate the risk. This is not something that can be developed on the spot; it takes time to shape the understanding of management in the aspects of crisis management and the role security provides. With this foundation, security can then consider how to build awareness about those risks so that they can manage their likelihood. If used correctly, it will provide security with the opportunity to educate and prepare management in a manner which will strengthen an organisation’s ability to reduce the impact of incidents. One of the best ways to shape management thinking is to have them focus on themselves before an incident as a means to prepare. This requires the security professional to shape management’s understanding around risk. Be careful not to be the ‘bringer of doom’ by forcing them into a full desktop exercise or similar situation – this is more likely to bring on the ‘it cannot happen to us’ argument than any valuable cooperation. It is better to seek an opportunity to empathise with management about how a disruption will impact on their objectives. A personal favourite was to discuss how the common evacuation drill was impacting on them and pointing out how bad it would be if it was real. This is especially opportune if there has been an incident locally. James Jordan is a recognised leader in the protective security profession as a deliverer of governance and practical solutions and as a leading educator and mentor. His experience has been gained over 15 years of providing effective and deliverable solutions in the governance aspects of protective security guidance to all levels of government. He can be contacted via email jcjordan@internode.on.net
MORE REACH
than ever before
Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...
issuu.com/interactivemediasolutions
SECURITY SOLUTIONS 083
Sec urit yL
ead ers hip
FEATURE ARTICLE
084 SECURITY SOLUTIONS
By Steve Mark Security is 90 percent psychological and 10 percent physical; that is, many see security as protecting people and property from intentional harm, and doing so by focusing on, for example, physical or digital barriers. This is of course entirely appropriate; however, it only forms part of the security ‘picture’, because security also connotes the psychological state of being secure, being free from fear. As stated on the Security Professional Registry of Australasia website (www.SPR-A. com.org), “The concept of security is more than just protection. Security also means enabling individuals to live in their communities free from fear. Persons registered must recognize and achieve a balance between providing the competencies and ethics of ‘protection’ on the one hand with the social need for ‘belonging’ on the other.” When talking of security leadership, particularly when considering leadership in relation to a serious or catastrophic event, it is necessary to address the creation of a security culture, a culture of resilience, and the type of leadership required to achieve it. This article puts together some ideas, comments and suggestions from a number of ‘experts’ and then presents a small case study from the author’s own experience. As stated by information security expert Joseph Granneman, “Success in building a
lasting information security program can be achieved only through influencing organizational culture. The most important factor for any CISO building an information security program is the ability to change the organizational culture. The main indicators of an organization’s readiness for cultural change will be the existence or lack of executive support.” Granneman refers to the often stated maxim that, without being driven from the top, organisational cultural change seems doomed. Other conceptual approaches to leadership advocate for a bottom-up approach. But whatever approach is adopted, most focus on the attributes necessary of a successful leader. Security Magazine’s Lynn Mattice and Jerry Brennan reported , “Chief Executive Magazine last year [2015] published the results of a survey they conducted of CEOs asking them to identify the top 10 skills needed for effective leadership. The results were as follows: 1. adaptability to change 2. strategic thinking 3. integrity 4. very good communicator 5. being trustworthy and open 6. vision 7. develops and fosters diverse teams 8. delegation 9. a positive mind-set 10. high self-awareness”
While these are very fine attributes, they address the skills an effective leader should possess, not how or why to exercise them. Care however must be taken, as attributes without action will achieve nothing. “Effective leadership is not about making speeches or being liked, leadership is defined by results not attributes” (Peter F. Drucker). Another question that needs be addressed is whether these skills need only be possessed by the leader rather than by a range of people in any organisation. Myles Munroe stated, “Leadership is the capacity to influence others through inspiration, motivate by passion, generated by vision, produced by a conviction, ignited by a purpose.” However, there is also the wisdom of Lao Tzu, “A leader is best when people barely know he exists, when his work is done, his aim fulfilled, they will say: we did it ourselves.” In an organisation with a resilient security culture, aspects of leadership exist in many parts of the organisation. Of course, building a resilient security culture is not a simple task and certainly requires executive leadership as well. This is particularly the case when building a culture to prepare for and survive a major security incident. It is here that a focus on the psychology of security is paramount. “All of the great leaders have had one characteristic in common: it was the willingness to confront
SECURITY SOLUTIONS 085
FEATURE ARTICLE
unequivocally the major anxiety of their people in their time. This, and not much else, is the essence of leadership” (John Kenneth Galbraith). In the article Houston, We Have a Problem: Leadership in Times of Crisis about the Challenger disaster, Winston Scott, a retired astronaut and consultant, outlines what he considers to be the most important steps in preparing for and surviving a catastrophic event. These include: • Space Mission Lesson #1: Prepare for the unknown – a leader needs to anticipate any potential problems. • Space Mission Lesson #2: Conquer communication barriers – get to know the members of your team well. Ascertain their communication strengths and weaknesses, particularly in times of crisis. • Space Mission Lesson #3: Be alert to nonverbal communication – a good leader will pick up on cues to potential problems and misunderstandings before they arise. • Space Mission Lesson #4: Ask for help – a leader must demonstrate an immediate understanding of the problem. You cannot appear wishy-washy, even if, at the moment, you do not have a clue what is going wrong. You need to demonstrate self-assurance to show that you are in control. People follow confidence. Keep in mind, however, that confident does not mean omniscient. • Space Mission Lesson #5: Earn real experience – business leaders, like astronauts, obviously need technical training in their fields, but equally important are maturity and experience at making real-time decisions. While Scott talks about leadership in a space mission crisis, his suggested steps are valuable for both preparation and dealing with any crisis event. An inference that can be drawn from his five lessons is that successful leaders should have a high degree of emotional intelligence to be able to anticipate problems and understand non-verbal cues, while demonstrating selfassurance, maturity and experience. A big ask, but it is true to say that everyone needs to develop such attributes, no matter where they sit in an organisational structure. The beginnings of my personal approach to understand and apply some of the issues
086 SECURITY SOLUTIONS
In an organisation with a resilient security culture, aspects of leadership exist in many parts of the organisation. raised here occurred many years ago when I was president of the NSW Anti-Discrimination Board (ADB). I had joined the ADB initially as a rather green lawyer to head up a small legal team to give advice and run discrimination cases before the Equal Opportunity Tribunal. This was my first foray into team leadership, and I struggled at first with how best to manage for results. The ADB was a high-stress environment with a large work load of extremely sensitive and politically charged cases. My first learning was that I did not always have to be the smartest member of the team (even at times when I might have thought I was!). Acknowledging the strengths of the other members promoted trust and open communication. As an aside, I would recommend that everyone try to employ or work with people smarter than them; it is the best way to grow. Subsequently, I was promoted to be principal conciliation officer and deputy president. My challenge then was to work cross-functionally across the different branches of the ADB. My difficulty was that I was a lawyer and now charged with managing a large team of conciliators within a culture where lawyers were not considered adept at conciliation. My learning here was to listen and learn from the staff that had the skills that I lacked. Being open to learn, give positive feedback as often as possible and accept criticism where deserved also engendered trust. Ultimately, I managed to change the focus of the ADB from advocating for complainants to working with actual and potential respondents to attempt to eliminate discrimination and reduce complaints. This was achieved by stating a clear purpose and ensuring all staff understood and accepted it. One day after being appointed president of ADB, I was walking through the reception area when a dozen or so balaclava-wearing members of National Action (an ultra-nationalist group)
burst through the doors and demanded of me to see the president. I informed them that I was the president, but they did not believe me! As it was clear to me that their main purpose was intimidation, I chose to remain calm and present them with a question: If I was not the president, then why would I say I was in the face of their intimidation and, if I was the president, then the intimidation had not worked. This caused sufficient confusion in the group. Eventually, the spokesperson demanded to speak about immigration, so I simply asked him what he had to say. As this was not expected and they had no sensible arguments, relying on intimidation alone, which had not been successful, they eventually left. During the time I was talking to them, my office manager had seen what was happening and managed to get all the staff out of the office and down the back stairs. This was good security management which did not need a direction from me. While I make this scenario sound almost humorous, a number of my staff required counselling, which I of course made available to all who requested it. I was extremely proud of my staff for the way they had handled the situation. They did so because we had a culture of helpfulness, open communication and trust. This was the first, and not the last, experience in security leadership that I have experienced, each of which have taught me more about leadership but, more importantly, about myself.
Steve Mark AO is a lawyer, Chairman of the Australian Section of the International Commission of Jurists, and was the NSW Legal Services Commissioner. He is the Registrar, Australasian Register of Security Professionals and a Director of the Australian Security Medals Foundation and sits on the International Standards for Security Agencies Technical Committee. Steve can be contacted via email steve@creativeconsequences.com.au
Securityatat a turning point: Security a turning point: leadership, diversity, innovation leadership, diversity, innovation
If you fit the profile, don’t miss out, book now at: www.safeguardingaustraliasummit.org.au
www.safeguardingaustraliasummit.org.au www.safeguardingaustraliasummit.org.au SECURITY SOLUTIONS 087
FEATURE ARTICLE
088 SECURITY SOLUTIONS
WWhen hen RRisk isk BBecomes ecomes RReality eality
SECURITY SOLUTIONS 089
FEATURE ARTICLE
When Risk
By Michael Dever Before considering what will/could/should/ may happen after a major incident, definitional issues need to be considered. How is a ‘security-related atrocity’ or a ‘major event’ defined? In this context, what is being looked at is high-consequence, low-probability and lowfrequency attacks causing a major incident and the appropriate reasoned and logical response to the incident in the post-event stage. This article seeks to offer further insights into contemporary security risk management methodologies and the design and management of physical security systems. It is not intended to discuss possible responses to specific major events, but rather to focus more on the process side of security risk assessments that are used to provide decision makers with appropriate advice about any protective security measures that may be required. Security risk management (SRM) is closely linked with emergency management (EM) and business continuity/recovery planning. There should be a continuum between each of the pre-event (SRM, EM planning) and post-event (incident response, recovery) phases. Security risks become security incidents if the probability parameter of the risk equation being used becomes 1. Testing the amount of uncertainty in the security risk assessment (if done properly) can also be used as a tool to plan for incidents by artificially adjusting risk parameters to see ‘what if’. Every trade and profession has its own vocabulary which is well known to its practitioners. Protective security is no different. Understanding words and their meaning is very important to a complete understanding of contemporary security risk assessment and management issues. The Oxford English dictionary defines atrocity (noun) as, “An extremely wicked or cruel act, typically one involving physical
Atrocity can also have a humorous meaning, such as mocking people by referring to their fashion atrocities or even ‘security-related atrocities’. Security advisers are constantly bombarded with security-related atrocities represented by the many inadequate (and therefore ineffective) physical security measures deployed to protect assets in the built environment. However, security professionals now have at their disposal various well thought out methodologies and tools to support modelling of physical security systems and their resilience to attack. At the other end of the spectrum is what can only be described as ‘over the top’ (OTT) measures. OTT measures can even sometimes introduce their own security risks, particularly if humans are involved. Unless there is regular
system testing, human complacency can set in and even heavily guarded facilities can be compromised by determined or delusional adversaries. At the very least, these OTT measures represent a potential wastage of resources that could be better used elsewhere. The Australian Institute for Disaster Resilience provides this guiding definition for a major incident from an emergency management perspective, “An event which requires response by police, emergency services and the community which may affect a wider area over a longer period of time but is not a declared disaster.” Note: there is also no mention of numbers affected in this definition. Australians enjoy the protection of professional intelligence agencies, police,
safety without fear. It would be of interest to consider the reasons why certain types of attacks seem to attract more reaction, and how they relate directly to the human consequences of the apparent randomness of the event. The Melbourne attack was not deemed to be a terrorist act. Terrorist act offences are contained in the Criminal Code Act 1995. In the immediate aftermath of this major incident there were understandable emotional responses to the uncertainty caused by the attack. Society demands that a solution be found to the perceived ‘problem’ of public safety. In many cases, unless there is strong clear leadership from governments, there may be a loss of perspective about the real risks people face as they go about their daily lives
violence or injury.” There is no mention in this definition about the number of people involved as victims of actual physical violence. By this logic, an atrocity can be committed against an individual.
fire and rescue, ambulance and emergency response agencies. Nevertheless, no government can guarantee the safety of individuals or the public in all circumstances. All individuals bear a non-transferrable
and, consequently, faulty decisions are made regarding solutions to the problem, if indeed it is a problem. As professional advisers, security personnel need to keep a calm head, even if others
090 SECURITY SOLUTIONS
responsibility to care for their own safety and those they cherish and to mitigate the risks they face. If the collective has any responsibilities, then it should be to make its citizens aware of the realistic threats based on facts without creating even the perception of fear in the community. Every now and then a major incident will occur, which causes society much reflection and reaction, especially if the number of people killed or injured rises much above whatever society’s risk tolerance level is for unacceptable death. The recent tragic events in Melbourne have demonstrated how a population reacts to an attack on public safety itself. After all, Australians enjoy freedom and are meant to be able to walk the streets of their cities in relative
If the collective has any responsibilities, then it should be to make its citizens aware of the realistic threats based on facts without creating even the perception of fear in the community.
Becomes Realit y around them are not. Public safety decisions should be based on rigorous risk management practices and not knee-jerk reactions. As security professionals, the overall goal should be to reduce uncertainty for decision makers by improving security risk assessment methodologies. It is fair to say that considerable intellectual effort has been applied globally to increase the international body of knowledge regarding security risk quantification and assessment methodologies for physical security over the past two decades. The goal of improving methodologies and the accuracy of outcomes from any assessment (threat, vulnerability, or risk) is not a case of iterating a flawed or inaccurate methodology. The goal should be to analyse the security risk assessment
and guidelines and Standards Australia HB 167:2006 Security risk management. ISO 31000 defines risk as “the effect of uncertainty on objectives”. Readers are immediately reminded by the Standard that risk is related to uncertainty. How many organisations mention uncertainty in their current security risk assessments? The US Department of Homeland Security (DHS) Risk Lexicon defines uncertainty as: “[The] degree to which a calculated, estimated, or observed value may deviate from the true value.” Uncertainty in security risk assessments has now been recognised by the US DHS as an issue worth considering. The DHS has created a separate branch for integrated security management, called risk analytics, as part of
An important stage of a security risk assessment, which is often overlooked, is the vulnerability assessment of existing protective measures. processes being used to improve the reliability of the assessment and reducing uncertainty by gaining insights from experience and qualified subject matter experts. Risk-based approaches to security and public safety problems have been adopted by many governments and private sector organisations around the world with varying degrees of adoption, implementation, success and failure. Australian governments were early adopters of the risk-based approach to the many security challenges they are confronted with. The Commonwealth Government went from a prescriptive approach to protective security as defined in the now obsolete Protective Security Manual to the risk-based Protective Security Policy Framework (PSPF).
the evolution of risk assessment standards and processes to reduce uncertainty. The Commonwealth PSPF defines physical security as, “The part of protective security concerned with the provision and maintenance of a safe and secure environment for the protection of agency employees and clients as well as physical measures designed to prevent unauthorised access to official resources and to detect and respond to intruders.” From this definition and other PSPF documents, the Commonwealth’s asset protection objective is to deter or defeat an adversary who is attacking Australians by using a layered (zoned) physical security system with all the components of deterrence, detection, delay and response based on a security risk
The Commonwealth Government now requires that departments and agencies prepare security plans based on security risk assessments in accordance with AS/NZS ISO 31000:2009 Risk management – Principles
assessment. When implementing physical security measures, it is critical to ensure that each component is effective and the tactical response, as well as recovery efforts and business continuity measures, should be
tested to provide greater assurance about the measures deployed. Internationally recognised best practices for critical infrastructure security suggests that the risk-based approach to physical security is based on the interplay of consequences, threats and vulnerabilities. Any security risk assessment will start with a comprehensive view of the threats faced by the organisation. Every organisation faces multiple threats from natural, technological and human sources (malicious or inadvertent). An important stage of a security risk assessment, which is often overlooked, is the vulnerability assessment of existing protective measures. Threats and vulnerability are often confused by stakeholders. Vulnerability assessments are designed to quantify (or even test) the effectiveness of existing physical security measures to inform the security risk assessment. One of the benefits of using a risk-based approach to design of physical security measures is that it provides security professionals the ability to scale the protection requirements and the ability to apply metrics, such as measuring the effectiveness of a physical security system. Organisations are increasingly taking a strategic security risk management approach to physical security planning. Asset protection objectives are determined by security risk assessments regarding various laws and compliance standards. The risk-based approach provides a reasoned method to provide decision makers with vital information about the selection of physical security measures to improve the use of scarce resources and to measure success. What are you going to do when the probability of the security risk becomes 1?
Michael Dever CPP PSP RSecP RSA is a respected, highly qualified and experienced security professional. He can be contacted via email dca@bigpond.net.au
SECURITY SOLUTIONS 091
SECURITY STUFF C O N T E N T S
SPOTLIGHT
PROFILE
PRODUCT SHOWCASES
SHOP TALK
Add-On
094
Dahua
100
Avigilon Control Center
106
LSC distributes AMC Alarms 110
STid
096
dormakaba
102
PathMinder Access
106
2018 Commonwealth Games 110
BQT
098
HIKvision
104
Cognitec FaceVAC VideoScan 107
Marseille Police and STid
Centaman Entrance Control 107
Nominations for the 2017 Australian Security Medals are Now Open! 111
HID Global’s goID™ platform 108 Sarix Enhanced IP Camera 108 Dahua Mobile Solution 92 SECURITY SOLUTIONS
109
Magnetic’s Pedestrian Gates 109
111
SECURITY SOLUTIONS 93
IGH T SPO TL
On Innovation in Security - from Facial Recognition to Visual Identification They say necessity is the mother of invention. This simple proverb provides a great insight into why a small country like Israel is becoming a hotbed of technology innovation competing in the global economy. Israel, with very little in the way of resources, a small domestic market and a myriad of security challenges, has reinvented itself in recent years through the creation a hub of advanced industries. Many of those industries are now challenging tech titans found in more traditional tech hotbeds such as Silicon Valley. An example of the innovation and commercialization process in Israel’s own ‘Silicon Wadi’ can be seen in the emergence of FST Biometrics, a leader in the space of in-motion visual identification. The idea itself was born out of a need, following the Second Intifada, where upon Israel had to institute onerous security checks for the tens of thousands of Palestinians who work in Israel. General A. Farkas, founder of FST Biometrics and former head of the Israeli Military Intelligence Directorate, watched as approximately 35,000 Palestinians crossed from Gaza into Israel each day, waiting in long lines for hours at the security checkpoints. While there has been a mutual benefit to both Palestinians and Israel allowing Palestinians to cross into Israel for work, boarder checkpoints had become an unfortunate necessity in the wake of rising Islamic Fundamentalism. It was while observing one such check point that Gen. Farkas had his “Eureka” moment. This insight would later form the basis upon which FST would build its security paradigm and its biometric solutions. In short, Gen. Farkas realized in that one defining moment that it would be far faster develop and easier to a solution which would quickly identify and validated trusted or known workers, thus saving the costly, manual and slower screening approaches for cases where technology is not available to provide the solution.
094 SECURITY SOLUTIONS
Upon retiring from the armed forces, after spending most of his life in service of defense of Israel, Gen. Farkas turned his attention a challenge that has troubled him throughout most of his career – creating a technological solution that would help ease the pain of the security measures imposed upon Palestinians entering into Israel in the hope that such a solution might reduce anger among young people whom were merely trying to make a living. This is how FST Biometrics originally started, and later evolved into the solution it is today. Today, because of significant increase in global terror combined with increased crime rates as a side effect of urbanization, security has become a global issue. Countries and organizations alike struggle to find solutions that strike an appropriate balance between security, privacy and freedom. How to balance the constant threat of criminal and terrorist attacks against the fear that we might end up living in a police state if security becomes too pervasive? Biometric technology is possibly the best, least intrusive solution to this challenge. Instead of spending enormous amount of resources looking for and identifying the few bad apples in the orchard, making everybody’s life difficult in the process, this technology can and is being adopted by the public to “self-screen”, allowing scarce resources to be spent on the ones who do not cooperate or participate in this effort. In the past, the biggest obstacle in the quest for wide spread biometric technology adoption has always been the cost in terms of inconvenience for the user. This is the reason why, IMID Access, FST Biometrics’ product, has been designed from the ground up to provide non-intrusive and seamless user experience for access control. Through investing in In-Motion Visual Identification, and the power of a fusion of
biometric modules, IMID Access promises visual identification at the speed of life. Using face recognition, as well as body behavior analytics to assess body gate, and optional secondary modules such as voice biometrics, personal pins or physical cards, IMID access creates a fusion of identification technology which is highly accurate, and second to none regarding ease-ofuse and speed, allowing users to be identified in motion, without stopping, while they walk towards an access point that could be a door, a speed stile, or even a self-serve kiosk. When Frost & Sullivan decided to recognize FST Biometrics with the Visionary Award for leading the marker in Biometric based in motion identification in November of 2016, it was yet a further proof the FST was on the right track. This award is presented annually to the company that demonstrates the understanding to leverage global mega trends, integrating a vision into processes to achieve strategic excellence. In this case, this award signals the recognition of the significance of a product that is non-invasive, instantaneous for end users, yet still meets the security and identification needs of todays’ range of organizations. Except necessity, a different approach to solve a problem is sometimes required to make real progress. In the case of FST, they decide to think outside the box by redefining what the box is. Most people considering their solution tend to ask initially “How does this solution compare to the other main facial recognition players?” After seeing the product in action, most people wonder how is it possible for their solution to work so quickly and accurately. The answer is simple, FST biometrics operates on a completely different paradigm. One based on visual identification as opposed to simple facial recognition. Compared to facial recognition, visual
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
Add-On
www.addonapac.com
identification is an approach that seeks to identify a person and not simply compare two photos to each other. Image acquisition for nonstationary individuals is not perfect, with many of the individual frame photos being blurred, with people looking towards a camera at an angle. As such, the entire image acquisitions task requires that every image taken from the video stream must first be optimized through a process of applying appropriate cleaning technologies and filters before attempting to identify a face. In addition, the face is only one aspect which can be used to identify an individual. Every person has a specific way of moving through space which is unique to us, referred to body gait, and this information is, in many case,s available to the camera from a further distance, and is less impacted by external factors such as lighting and the angle of the camera. The fusion of these modules is what enables the solution from FST biometrics to be so fast and so accurate, enabling a truly innovative solution to be so effective. In the case of the IMID Access solution, this identification is then used to provide secure access control through secure gates, at the speed of life. FST Biometrics is represented in Asia Pacific by Add-On Apac Innovative Solutions. We offer converged physical, cyber and communication security solutions. Operating across the Asia Pacific region, we harness advanced products and ground-breaking technologies, helping our customers transform the way they protect people, information and assets. For more information of FST Biometrics, please visit www.fstbm.com. For more information on Add-On Apac, please visit www.addonapac.com, or call us on 03 9607 8465.
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
SECURITY SOLUTIONS 095
IGH T SPO TL
Bringing secure access to smartphones With more than 20 years of offering high-quality, innovative products and exceptional customer service, STid designs and markets instinctive solutions to be used for security as well as industrial track and trace solutions. We recently spoke with Vincent Dupart, CEO of STid, about how and why STid’s teams stand out from the competition in two such demanding fields of expertise.
Could you introduce your company? Vincent Dupart: STid is a French company with a worldwide reach that specializes in contactless Radio Frequency Identification technologies such as RFID, NFC and Bluetooth® Smart. We have been inventing and providing solutions for more than 20 years. Our products are RFID readers and tags for the most demanding security and industrial asset tracking markets. We are now the French market leader in highsecurity access control solutions and are now expanding overseas, with subsidiaries in Mexico, the UK and Australia, as well as teams in Europe and North America that are growing. A key factor for success is to be close to our partners, to provide them with support in choosing their access control system and in managing their technological migration issues.
The competition in this field is high. How do you distinguish yourselves from other vendors? Vincent Dupart: As RFID pioneers, we manage the entire RFID equipment design and manufacturing process. Innovation is a key part of our DNA, with a constant focus on technological research and the creation of added value for all parties in the value chain. We support and train companies, industries and governments in the protection of people, their sensitive data and assets.
096 SECURITY SOLUTIONS
98% of employees see access control as a constraint. STid helps Security Directors to facilitate the employees’ acceptance of the Security Policy. A solution may be technically faultless, but if it is not accepted by users, it will never be rolled out widely. Moreover, 60% of customers are looking for convenient and user-friendly access control solutions. Our latest mobile access control solution, STid Mobile ID®, is so ergonomic and intuitive that identification becomes instinctive and provides unhindered access. Imagine opening a door by placing your hand close to the access control reader. In addition, our solutions are developed using open, non-proprietary technologies. Our customers choose STid freely, not because they are forced to in any way. We offer all the tools that Chief Security Officers (CSOs) need to work independently in managing their security. The difference between us and our competitors is more than just our products – it’s a question of corporate culture. All our activities are based on a close relation¬ship of trust with the clients, which is how we fulfill our mission - promoting trust and ease-of-use in the digital world.
We also offer the most secure access control readers on the market – as certified by an independent body, the French Network and Information Security Agency (ANSSI). We were the first manufacturer to receive the First Level Security Certification.
Which future trends do you see in the access control market? Vincent Dupart: In our connected society, ensuring security in the access to corporate data and information has become a priority. But beyond economic issues, security is an issue for all, as recent tragic events have shown. Protecting people, by ensuing that their identity and access rights are secure, is now an absolute necessity. With increasing mobility in businesses, a technological revolution is underway, with interconnected resources. Access control is changing, with new uses and new equipment affected. Smartphones offer new ways of interacting with access control readers. Our STid Mobile ID® offering already anticipated these trends.
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
STid
Access control solutions need to be secure and user-friendly at the same time. How do you manage to get this done? Vincent Dupart: In this context, STid is reinventing access control, to make it more intuitive for users, alongside the use of badges. To achieve large-scale roll-out of mobile solutions, the applications must be fun and user-friendly. For example, with STid Mobile ID®, your smartphone can now be used to open the door to your office simply by tapping the phone or by using a hands-free function – and the smartphone is still in your pocket the whole time! With part of the security solution now in the smartphone, the technology and security aspects need to be very well managed. Mobile solutions need to demonstrate protection levels, based on recognized encryption methods that comply with government requirements. Confidence in the solution is a key factor for success. And again, depending on the level of security and
independence the client is looking for, the solution may require tools for storing sensitive data on the user’s premises and not in a proprietary cloud system. We are the only company able to offer that today.
Could you describe how STid Mobile ID works in few words? Vincent Dupart: STid Mobile ID® has been developed with RFID and Bluetooth Smart technologies, bringing the access badge onto smartphones. It can work alongside or replace traditional RFID access badges. This virtual badge offers a range of intuitive and userfriendly methods that can be tailored to use in any situation – proximity or hands-free mode, “tap tap”, remote control, touch and more. With the Online application, a virtual badge can be sent instantly to a remote user with an Android phone or iPhone. The Offline application can be used to create virtual badges, in the same way
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
as conventional badges. Our solution is Plug & Play thanks to the free CSN access card which is directly included in our application. STid Mobile ID® has won several awards including the Gold Trophy 2017 of the best mobile access control application, issued by the SIA, at ISC West Las Vegas. The company’s abilities to develop intuitive, easy-to-use, secure and open solutions were the main factors behind this win. According to a member of the award panel, this solution takes the difficulty out of access control and it represents a real revolution in this field. More information: www.stid.com / info@stid.com / 02 9274 8853
SECURITY SOLUTIONS 097
IGH T SPO TL
Reader and Card Security Considerations It should come as no surprise that not all access control systems are created equal. An Access Control System is made up of many elements, beginning with a panel which incorporates a feature set designed to facilitate proper verification and enrolment procedures. The panel should also enable continued credential maintenance procedures for the maintenance of both the approved credential lists and unauthorised credential lists. Perhaps the most important component of any access control system is the selection of smart reader and card technology. With so many different types of smart readers and card technologies available, it is often difficult to know what to choose. Which combination smart reader and card technology will minimise the chances of someone successfully presenting false credentials with a view to gaining access, or the ability to compromise communications within the system through hacking and cloning of authorised credentials and reader data? Choosing the right technology, one which has a level of security commensurate with your level of security risk, is vitally important. Proper risk analysis is the key to ensuring that the right Smart Reader choice is made. For example, some Smart Reader products, such as 125Khz prox or CSN/UID readers, offer no protection against hacking and cloning cards. Others readers are based on technology platforms that have, at some point, been compromised. However, the level of sophistication required to compromise the technology is sufficiently high enough that it does represent a threat to medium level security applications. Alternatively, new counter measures many have
098 SECURITY SOLUTIONS
been incorporated into the existing platform to insure that it once again provides sufficient protection for medium security applications. Then there are the high security smart reader and card systems which are designed using technology platforms that support higher encryption standards which are considered safe for protecting sensitive and classified data. As is the case with any security design, a balance must be struck between ease of maintenance and use and the degree of security provided based on the perceived level of risk. In the case of access control systems, the decision to implement a more user friendly, easier to maintain system often comes at a cost to the integrity of the system’s security, especially where reader technology is an ‘offthe-shelf’ solution chosen primarily because of factors such as how easily components can be purchased, maintained, replaced. The cheaper and more readily available the components of a system are, the lower the level of security they are likely to provide. Furthermore, it is often the case that ‘off-the-shelf’ access control systems are much easier to administer because such systems offer little or no encryption, hence minimal security. BQT Solutions are uniquely different in that their miPASS card and reader systems offer economical “off the shelf” convenience with the right level of encryption and security for both medium and high risk security applications. They can also provide tailored Smart Reader and Card systems with custom “secret” keysets and/or encoders and configuration software for larger organisations or classified installations.
Encryption Card Readers communicate between the access Credential and the Reader through radio frequency and also to the Access Control Panel via a protocol such as Wiegand. For a security risk analysis to be considered complete, an examination of both of these methods of communication is required in order to assess the how easily data in the system could be compromised. This risk assessment then determines the appropriate technology platform and encryption standard. BQT Solutions advise that medium security products such as their miPASS 2 secure card and reader system, which include modern MIFARE® Crypto1® encryption, may be implemented at a similar budget to non-encrypted technology such as such as 125Khz prox or CSN/UID readers, eliminating the need to expose an organisation to the kinds of hacking and cloning security risk associated with cheaper systems. The standard of card and smart reader encryption for high security applications requires a higher level of encryption such as Triple DES (3DES) and AES which have been approved by organisations such as the US Department of Commerce, National Institute of Standards and Technology (NIST) for the protection of sensitive and confidential data. BQT Solutions miPASS 3 secure card and reader system provides a suitable “off the shelf” solution which implements Triple DES (3DES) encryption between the card and the reader to protect against hacking and cloning of these communications. BQT Solutions also offer a smart reader range that has custom keys and output formats, as
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
BQT
well as a choice of platform, encryption standard (as available for the platform) and output protocol. These readers offer MIFARE® Classic with Crypto1® encryption, MIFARE® DESFire® EV1 with DES, 3DES or AES encryption and/ or MIFARE Plus® with AES encryption. Output protocols offered as standard include Wiegand and both plain and AES encrypted RS485 with plain or encrypted OSDP as a further option.
Smart Reader Output (Communication With The Access Control Panel) Most access control panels on the market today communicate data from the smart reader as Wiegand protocol. This communication is unencrypted, plain text and may be hacked and replicated to allow unauthorised access. Many models in the range of BQT Solutions readers include the option of RS485 protocol communications encrypted with AES. Data from the reader is then sent to a High Security Module (HSM) installed next to the Access Control Panel in a secure area and decrypted back to Wiegand data for use in the Access Control Panel.
Diversified keys and Random UID enhance a Smart Reader and Card System’s security and integrity, making hacking and cloning of systems more difficult. Many BQT Solutions products include Diversified Keys and Random UID techniques within feature sets, providing additional peace of mind.
not the back-end, which grants access based on a string of data that it receives, but on the authentication and verification of the individual seeking access. Essentially, this means that the security risk is mitigated at the Smart Reader. As there are cost implications to each additional factor of authentication, most organisations determine the authentication and verification processes based on the constraints of time and of money and take a zonal approach to increasing factor authentication as the security risk or value of property being protected increases. The Multifactor approach to security is strongest at three factor authentication and verification providing three key ingredients:What you ARE - (Biometric Information e.g. a fingerprint) What you HAVE - (A credential such as a Smart Card) What you KNOW - (A PIN, kept secret)
Other Authentication
Backend Security Procedures and Controls
It has often been noted among security experts that the strength of an access control system is
An Access Control System is only as strong as its weakest component or procedure. Just
Other Security Features
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
as important as the technology selection are the procedures that are implemented around enrolment, and suspension of system users and custody of credentials. System lists of authorised and unauthorized issued credentials should be strictly maintained on an on-going basis, strong policies should be adopted with regard to lost/ stolen cards and practices such as tailgating and card sharing should be prohibited.
BQT Solutions BQT Solutions has a range of smart reader products that cover all applications and risk levels from low to high and critical risk applications and multiple factor authentication readers are available. Their technology is installed at over 3,500 sites globally and is trusted for some of the most high risk security applications in the world. They offer both “off the shelf” secure smart reader and card systems and tailored solutions which can be specified for any security application. For more information visit www.bqtsolutions.com or call +61 (0)2 8817 2800
SECURITY SOLUTIONS 099
PRO FILE
ADVERTORIAL
Dahua Smart Carpark Solutions
In the last two decades, global economic growth has led to a tremendous increase in the number of vehicles on the road in almost every corner of the world. Reports showed that in many cities, most high rise apartment buildings had difficulties managing their parking spaces. ID card issuing, billing, entrance control and payment made the entrance procedure very inefficient. Traditional smart card management systems limit access to those who hold an allocated smart card. However, cards can be stolen and the processing of a lost card is painful. Drawing on its wealth of experience in video surveillance, Dahua has launched its new, comprehensive and intelligent car park solution. The Dahua smart car park solution is based upon video surveillance and video analysis technologies. Moreover, it is integrated with background smart analysis system DH-DSS4004-EMS. The entrance control function of Dahua’s smart car park solution saves labor costs while delivering an easier, safer entry experience. The Dahua Smart Car Park Entrance Control Function is designed around 4 essential aspects. • Digital Entrance Control via ANPR Cameras Efficiency is enhanced significantly through the use of ANPR technology. Authorized vehicles will be identified by ANPR cameras, which read a car’s license plates and controls the gate. Alternatively, visitors need only press the video intercom button and talk to an operator. • Real-time Entrance Surveillance through fast and accurate License Plate Recognition ANPR cameras ITC237-PU1A-IRHL have a recognition rate higher than 95%, and recognise license plates common to most countries.
100 SECURITY SOLUTIONS
• Fuzzy Search of all Car Plates via 4K NVR Camera Dahua NVR5208-8P-4KS2 supports 4K ultra HD resolution (3840 x 2160) recording, live viewing and playback. If you use the 'refine search' function, information including vehicle picture, license plate number, entry and exit history log, and recorded video will be displayed in the window. The NVR also supports export of license plate data strings with exact date, time, channel and so on. • Smart Management Via DH-DSS4004-EMS system Based upon Windows management software, background smart analysis system, DH-DSS4004EMS is specially designed for a management center. It is cross-functional, easy-to-use, and cost effective. The management center can respond to an emergency call from a VTT201 intercom and support searches of video and images by date/time and license plate number from the storage system. For more information visit www.dahuasecurity.com
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
ADVERTORIAL
FILE PRO
WE’RE VIDEO HEADS
In a digital and fast paced world, video is an ever advancing asset to your arsenal. Whether you’re in need of a promotional, corporate or explainer video, a motion graphic or animation, IMS has you covered. Show the world what you can do, harness the power of video today.
www.interactivemediasolutions.com.au
Interactive Media 101 SECURITY SOLUTIONS Solutions
PRO FILE
nter the warehouse? Who has the key o the workshop? How long was the xternal company and its trademen in he building? Kaba exos provides the nswers to these and many other uestions.
Kaba exos for enhanced security and efficiency.
ADVERTORIAL
T: 1800 675 411 www.dormakaba.com.au
_Keeping access under control_NOV 2016.indd 1
7/10/2016 3:49:47 PM
dormakaba Orthos Personal Interlocks resistant layouts. The different variants are certified from WK2 up to WK4. • Smooth and silent running performance • Minimal space requirement due to compact design • Additional security with contact mats, weighing equipment or Quattro-Vision camera system • Resistance classes WK2, WK3 and up to WK4 with square locks • The following options are possible: o Leaves and folding wing doors o Fire protection leaves and/or doors o Emergency exit function o Bullet-resistant doors and break-in resistance
When a high level of security is essential, dormakaba Orthos Security Interlocks provide the ideal solution. Orthos electronically monitored security interlocks meet the most versatile security requirements and offer optimum protection for sensitive areas of a building. The required safety levels are provided individually: from the authorisation of staff access by a card reader or keypad to verification of identity using biometric systems in the interior of the lock. Security interlocks can be equipped with a range of different resistance classes, biometric verification, weight checking, or one or two-zone contact mats. Key features of Orthos security interlocks A second person can be detected in the interior of the lock by the incorporation of contact mats or a
0102 SECURITY SOLUTIONS
weighing system. Additional biometric identification systems in the interior help to identify users and rule out misuse. The Orthos product range also includes the modular PIL-M02 for use in airports at airsidelandside crossover points. The modular Orthos PIL-M02 Security Interlock only allows passage in one direction. Different security levels are possible depending on the configuration selected. Orthos PIL Personal Interlocks round or square The degree of separation may be accomplished by means of body weight, sensors or an additional check point for identification in the middle of the interlock. With regard to the security requirements the interlock may be equipped with contact mat, scales or in-cabin monitoring. Alternative versions for high-security areas are bullet and burglary-
Orthos PIL-M02 One-Way Interlock with only one direction of passage for airports This modular interlock controls the passenger flow at airports from airside to landside. Depending on the structural environment the individual half- and full-height swing doors may be combined in a way that the passage in the opposite direction or even the throwing through of objects is made impossible. Various sensor packages triggering alarms are available for separation of people, recognition of unauthorised passages in opposite direction or even left objects. • Modular, adaptive system • Designed as an angled lock system • User-friendly passage even with luggage • Sophisticated sensors ensure a high level of personal security and protection for property • Visual and acoustic alarm in the event of unauthorised passage (optional) • Visual user guidance (optional) To learn more about our complete range of smart and secure access solutions, contact dormakaba. www.dormakaba.com
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
ADVERTORIAL
FILE PRO SECURITY SOLUTIONS 103
PRO FILE
ADVERTORIAL
Hikvision PanoVu cameras help South Korea to track pollution hot-spots Helping to identify the location of erroneous odors permeating around areas of the Metropolitan City of Deagu in South Korea, Hikvision, the world’s leading supplier in innovative video surveillance products and solutions, has supplied its PanoVu series 180 degree Panoramic + PTZ cameras to form part of an integrated atmospheric information system. Seo-gu (Seo District) in western Daegu, is a major transportation nexus which went through urban street development in the 1960s and massive industrialization in 1970s. Today, the bustling city has a population of 230,000. Airborne bad odor problem In response to a mass of complaints raised by the city’s residents about frequent airbourne bad odors emanating from the dyeing industry complex in the western region of Deagu, in July 2016, a meeting was held with the Daegu Metropolitan City’s economic, environmental and industrial dyeing stakeholders. From that meeting, it was decided that the Seo-gu Office would go-ahead with the construction of an atmospheric information project, to establish a bad odor monitoring and tracking system that would help to provide an effective and welcome solution to the issue. System specification Looking to secure a high-performance imaging solution for the project that would enable the capture of high-quality panoramic, and separate PTZ imaging over the entire city, Seo-gu Office turned to Hikvision. After a consultation exercise, Hikvision proposed that their PanoVu DS2DP0818Z-D Series 180 degree Panoramic camera with its combined 4 fixed 2MP cameras and 36x optical zoom PTZ camera, could deliver the right solution.
0104 SECURITY SOLUTIONS
To provide a practical demonstration of the camera’s suitability, a test installation was conducted within South Korea's largest industrial area, in Busan Metropolitan City, the country’s second largest city next to Seoul. Along with also being shown at the ‘Korean new Government Ver 3.0’ exhibition, a government devised initiative to deliver customised public services and generate new jobs, the Hikvision PanoVu camera demonstration was not only deemed a success, but also regarded as ‘a perfect fit’ for the monitoring system’s requirement. Installed in November 2016, the new atmospheric information system is capable of measuring in realtime, complex odors composed of hydrogen sulfide, ammonia and volatile organic compounds in and around the surrounding industrial area. The main control point, located at the Lifelong Learning Hall in Seo-gu, monitors system equipment consisting of 2 sets of 4 PanoVu DS-2DP0818Z-D cameras, 11 malodor measuring instruments (serving as a neural network in the monitoring complex), and two weather measurement instruments, which collect weather data such as wind speed, humidity and temperature. Monitoring the entire city area, the Hikvision cameras are integrated into the system’s atmospheric pollution sensors and capable of visually pinpointing the source of any atmospheric bad odor release. The result “The Seo-gu Office Atmosphere Monitoring Centre is extremely pleased with the high-resolution picture quality they can now display on their large format video wall, and in combination with the PanoVu cameras’ Panoramic Mode + PTZ tracking function, are able to display wide-area coverage and close-up visual tracking via integration with the system’s atmosphere sensors,” says Joey
Kim, SI Team, Hikvision Korea. “The atmospheric information system’s pollution monitoring sensors and integrated PanoVu cameras can define the precise location of each sensor’s triggered event and with the PanoVu PTZ camera, automatically track and target the precise location of the event actuation.” Looking to the future, the integrated atmospheric information system is set to become a blueprint solution for use within other atmospheric monitoring projects in other regional districts and by the Korean Ministry of the Environment. The director of Seo-gu Office said: "In addition to the construction of the high-speed Korea Train Express and the environmental improvement project linking the reclamation projects of the Seo Daegu general industrial and dyeing complexes, the operation of the new atmospheric information system has created a cleaner and more comfortable living environment.” For further information about Hikvision’s PanoVu camera range, customers can visit www.hikvision.com/en/Products_683.html
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
ADVERTORIAL
FILE PRO SECURITY SOLUTIONS 105
PRO DU CT
S E S A C W O H S AVIGILON CONTROL CENTER (ACC) 6.0 WITH AVIGILON APPEARANCE SEARCH™ Avigilon Control Center (ACC) 6.0 with Avigilon Appearance Search™ technology offers the most advanced version of the Avigilon video management software to date. It represents a significant evolutionary step in Avigilon’s video surveillance solutions. Avigilon Appearance Search technology is a deep-learning, artificial intelligence (AI) search engine that sorts through hours of footage to quickly locate a specific person or vehicle of interest across all cameras on an entire site. The quick search capabilities of Avigilon Appearance Search technology enable operators to save time and effort during critical investigations, as it intelligently analyzes video data, helping to track a person’s or vehicle’s route and identify previous and last-known locations. This can dramatically improve incident response time and enhance forensic investigations by enabling operators to build robust video evidence and create a powerful narrative of events. Avigilon Appearance Search technology: • Enables the ability to comb through footage and group video data • Provides results relevant to the time and place of an event • Offers playback, bookmark and export tools to compile evidence from multiple sources • Works with Avigilon self-learning video analytics cameras to generate, record, and classify information Avigilon Appearance Search technology is integrated with Avigilon Control Center (ACC) 6.0 Enterprise edition software, Avigilon cameras with self-learning video analytics and select Network Video Recorders. Integration with ACC software provides advanced video search capabilities that enhance the user experience of the entire Avigilon solution. Through the power of AI, Avigilon continues to develop technology that helps focus human attention on what matters most in order to increase the effectiveness of security systems. For more information about Avigilon Appearance Search technology, visit avigilon.com or request a demo at asksales@avigilon.com
HOW TO STOP TAILGATING ON AN EXISTING ACCESS CONTROLLED DOOR PathMinder recently launched their new HPJ range of anti-tailgating doors which are designed to stop all forms of unauthorised entry attempts through existing access controlled doorways. The HPJ is a half portal designed to ‘cap’ any existing door that needs to increase its security level to stop any tailgating or unauthorised entry attempts through the entry point. The HPJ features a 900mm opening for DDA compliance and is available in a 1400mm and 1900mm wide variant for existing single and double doors. This makes the HPJ an ideal solution to retrofit to any access controlled door that has tailgating problems. The HPJ anti tailgating door creates a 2-door interlocking system with the existing door. The intelligent controller in the HPJ makes sure only one door is open at a time thereby restricting access. A highly sophisticated ultra-sonic tailgate detection system scans the door to ensure only one person gains access. If there is more than one person, the second door doesn’t open and access is thereby prevented. As standard, the HPJ anti tailgating doors are designed to be burglary resistant and are certified as P1A but can be rated all the way up to class 3 & 4 attack resistant with BR3 glass. PathMinder Security portals can work with any access control system and can have their security level raised by adding metal detectors or biometric readers. “Unlike simple infra-red or camera based tailgate detection systems which only alert to unauthorised entry after the event, our HPJ anti tailgating doors actually prevent these types of events from happening.” says Nicola Luckie of PathMinder.
106 SECURITY SOLUTIONS
‘The half portal concept is an ideal retrofit option for any high security, access controlled door to stop tailgating or increase its attack resistance rating’ For more information call PathMinder PTY LTD Systems on 0417 229 801 or visit www.pathminder.com.au
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.
CT DU PRO
SHO WC ASE S COGNITEC FACEVAC VIDEOSCAN Cognitec’s Advanced Investigation Tools Enable Complex Person Searches in Video Footage. The video screening and analytics technology from Cognitec, FaceVACS-VideoScan, allows users to perform complex searches and analyses on persons appearing in real-time camera streams and video footage. The latest product version introduced a user-friendly interface to quickly import sets of recorded video and then carry out detailed investigations. For example, security and law enforcement agents can upload the video files of a specific location, at a specific time, to find possible participants in or witnesses to a crime. Users can find a person that was previously enrolled in an image database or search for an unknown person and find their appearances in multiple videos. Person searches can also make use of filters that specify age ranges, gender and ethnicity. FaceVACS-VideoScan employs leading-edge face recognition technology to analyze the count, flow, demographics and behavior of people visible in video streams. Surpassing traditional video surveillance systems, the technology detects and extracts people’s faces in live video streams or video footage and uses anonymous facial analysis to count individuals, generate demographical information, track people movement in time and space, detect frequent visitors and crowds, and much more. The product applies Cognitec’s premier face recognition technology to compare faces to image databases and instantly find known individuals. Businesses and organizations can detect and prevent unwanted behavior in much faster and more efficient ways, as operators can track individuals in real time, or receive alerts on mobile devices to act within the immediate vicinity of a suspect. On the other hand, FaceVACS-VideoScan can identify authorized individuals or high-ranking customers in real time. Positive authentication can prompt access to restricted areas or alert personnel to provide special treatment. For more information visit www.cognitec.com or call +61-2-9006-1510
INVESTIGATE BETTER SECURITY WITH DOOR DETECTIVE PLUS ‘LIKE HAVING A GUARD 24/7’ Technologically innovative security for access-controlled doors Centaman Entrance Control has launched the new Door Detective Plus in Australia and New Zealand to build upon the success of the original. The, updated Door Detective Plus comes in a newer, larger design with built in anti-crawl sensors for a higher security solution. Door Detective Plus works seamlessly with both control access and building management systems to provide a superior level of security and detection. Door Detective works to reinforce access control systems by monitoring the throughput of open, access- controlled doorways, corridors and passageways. It ensures that the ‘one person, one door access’ rule is met, overcoming the age-old problem of controlling how many people pass through an access-controlled doorway, and in which direction. Using multiple infrared beams from enclosures mounted near the door frames, Door Detective accurately monitors movement in both directions each time a person presents electronic credentials to pass through the doorway. Alarms identify violations to alert staff and our Fastlane technology eliminates false alarms so you can be confident that only authorised visits are being made. Door Detective Plus is Ethernet-compatible, which means that the unit can be controlled and monitored over a network to further speed up installation and compatibility with modern access control and building management systems. “Door Detective is a unique concept designed to overcome one of the biggest problems in access control, Tailgating. The new Door Detective Plus is a higher security solution to combat this growing threat of tailgating”, commented Michael Bystram, Head of Entrance Control for Centaman Systems PTY For more information call CENTAMAN Systems on (02) 9906 7522 or visit www.entrancecontrol.com.au
SECURITY SOLUTIONS 107
PRO DU CT
S E S A C W O H S HID GLOBAL’S goID™ PLATFORM HID goID™ platform for mobile IDs delivers the secure infrastructure to allow citizen ID’s to be safely provisioned to and authenticated on a smartphone. HID goID allows smartphones to be used for identification purposes, but also for transactions in ways not possible with an ID card. Today, citizens use a national ID or driver’s licence at the airport for domestic travel, but also carry a boarding pass separately on a phone or a piece of paper. With HID goID, the two converge – providing greater security, convenience and flexibility for both the citizen and the authenticating party. Rather than in wallets, IDs can now be securely stored on smartphones. HID goID can be customised to only release relevant information, so that citizens can control when and how much information is shared, allowing them to protect their privacy. For example, when a citizen is purchasing age-restricted goods, they only need to provide their photo and age – none of the other personal information loaded on a physical driver’s licence needs to be shared. Other HID goID advantages include the ability to renew or modify the driver’s licences and other ID credentials remotely, saving citizens from traveling and waiting in a crowded office environment. This is also good news for government agencies, which can do their jobs more efficiently. HID goID™ is also the only platform able to provision mobile IDs directly into citizens’ mobile phones. Unlike other solutions that rely on wireless cloud connectivity, HID goID is always available, no matter the connectivity to the cloud. This is extremely important in
the case of national and public security, where identity needs to be securely verified–both online and offline. The ability to provision IDs directly onto smartphones for offline verification also enables interoperability among different governing jurisdictions. A single downloadable app allows any authorizing party to verify anyone’s mobile ID as authentic, wherever it is used, thus helping to eliminate fake IDs. For more information visit www.hidglobal.com
SARIX ENHANCED IP CAMERA The Sarix™ Enhanced Range with SureVision™ 3.0 is designed to deliver the best possible image in difficult lighting conditions, such as scenes with both bright and shaded areas that cannot be captured accurately using standard cameras. These rugged fixed IP cameras are designed with superior reliability and fault tolerance for missioncritical applications. Sarix Enhanced IP Cameras feature Pelco’s exclusive SureVision 3.0 technology to capture superior images in difficult lighting conditions where highly contrasted lighting sources exist within the same scene. An enhanced WDR of 130 dB, advanced low light performance with full color down to 0.05 lux, anti-bloom technology, 3D noise filtering, enhanced tone mapping for color accuracy, and more, ensures excellent performance for myriad mainstream applications. Sarix Enhanced IP Cameras also feature preloaded analytics on every model, including: abandoned object, intrusion detection, camera sabotage, wrong direction, loitering detection, object counting, object removal, and stopped vehicle. The analytics can be remotely enabled and configured, and are compatible with Pelco VMS as well as third-party VMS partners that support Pelco’s open API. Additional key features include: high frame rate operation of up to 60 fps (or 30 fps with WDR enabled) to capture fast-moving events at full resolution; and optional IR illumination which enables operation in complete darkness (0.0 lux) at distances up to 30 meters (approximately 100 ft.).
108 SECURITY SOLUTIONS
Sarix Enhanced IP Cameras are available in several configurations to meet project needs, including dome, box, and bullet styles. The compact design, motorized zoom lens, built-in analytics suite, and other advanced features of Sarix Enhanced provide a best-in-class user experience anywhere a robust camera with exceptional image quality is required. Current customers come from a wide variety of industries, including city surveillance, airports and seaports, gaming casinos, LPR and traffic control, oil and gas facilities, and universities and campus environments. For more information visit www.pelco.com
Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.
CT DU PRO
SHO WC ASE S DAHUA MOBILE SOLUTION Leading security equipment manufacturer Dahua has recently released their new, advanced mobile solution to enable drivers and users of transport services such as taxi’s and bus to address and minimise safety threats as well as poor user experiences. The Dahua Mobile Solution consists largely of a front-end camera, a recorder and a server located in a control center. In order to meet the different needs of various markets, Dahua has released three versions of the system, an IP version as well as a HDCVI and an analog version. The recorder, featuring a maximum resolution of 5MP, supports IR and IP67. Aside from recording and local storage, the recorder is capable of exchanging data with the platform through 3G/4G and WIFI, including real-time sending of video, GPS data, alerts and so on. Dahua offers a variety of accessories to support different applications including a handheld microphone to support two-way communication, a panic button to deal with emergencies, fuel level sensor to collect fuel consumption and swipe card reader for drivers to check on work attendance. They also provide a 7-inch screen, audio pick up, protection box and so on. The DSS server is the brain to Dahua Mobile Solution. Supporting a maximum 2000 channels, the DSS server is mainly utilized to control and manage the mobile recorder. There are two versions of the server – a pure software version as well as software and hardware integration to meet different needs of different customers.
In order to better fulfill the actual demand of different applications, the mobile solution is divided into Bus Mobile Solution, Logistics Mobile Solution, School Car Mobile Solution, Law Enforcement Vehicle Mobile Solution and so on, covering most mobile surveillance requirements. Visit www.dahuasecurity.com to learn more.
MAGNETIC’S MPH PEDESTRIAN GATES Magnetic’s MPH pedestrian gates are an ideal solution for the access control of visitors as well as providing authorised access into secured areas. A wide variety of space-saving applications for pedestrians and wheelchair users can be easily implemented using a combination of modules with wings on one or two sides of the gate to accommodate either narrow or wide passages. Photoelectric switches reliably detect users and objects and open the wings before they can make contact with objects or people moving through the gate. The sensitive impact detection of the MHTM™ drive ensures maximum personal safety. The MHTM™ drive unit is maintenance-free, energy-efficient and quiet. In addition, the photoelectric switches used in the drive system contribute to security as they not only detect people and objects moving towards the gate, they also register the passage of persons attempting to follow tailgate, or pass through the gate in the wrong direction, or pass through the gate without proper authorization, thereby triggering an alarm. The wing gates can be used bi-directionally and can be regulated with all common access control systems. The barrier wings are available with toughened or laminated safety glass. As an added safety feature, the gates will automatically open if power fails. The MPH is designed for 10 million opening and closing actions. Magnetic stands for pioneering products – in every way. Our access control systems for vehicles or pedestrians clear the way for thousands of people every day – at car parks, toll gates, stations, airports and in buildings. Our technology is also pioneering, however: with innovative drives, intelligent control systems and well thought-out details it provides maximum safety and longevity. Contact Magnetic Automation on 1300 364 864 or visit www.magnetic-access.com.au
SECURITY SOLUTIONS 109
LK
SHO PTA
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
LSC to bring Italian-made AMC Alarms to Australian shores through exclusive distributorship
Security wholesaler LSC has been appointed as the exclusive distributor for Italian based alarms manufacturer, AMC Elettronica. Founded in 1974, AMC has developed a reputation for their market leading design. Their international distribution network is substantial, covering over 50 countries across South America, Europe and Asia. “We are delighted to be bringing such a high quality brand to Australian shores” said LSC product manager, Scott Leonard. “The high quality and comprehensive range of intrusion alarm devices available from AMC will be a welcome addition to our electronic security portfolio, as we are seeing an increase in demand for these products from traditional locksmiths who are looking to expand their service offering”. Customers can expect to get more than a glimpse of the full AMC product range at the upcoming SecTech roadshow in May as well as the Security Exhibition & Conference in July. As the exclusive distributor for both the Australian and New Zealand regions, LSC will be conducting product-specific training sessions for this new range, as well as providing Level 1 and Level 2 technical after care support. AMC Alarms – A history of innovation AMC is a wholly Italian owned company with a primary focus on the production and commercialisation of alarm components. Their headquarters are located in Alzate Brianza, only 30km north of Milan, the design capital of the world. Their test laboratory and fully automated production line for manufacturing SMT technology electronic boards is located in Lurago d’Erba, just a few kilometres away from the headquarters. They regularly perform CE approval for third parties at this state-of-the art test laboratory. Since their inception, AMC has continued to bring innovative solutions to the market. They are one of the few brands to have embraced smart device Alarm management, having recently launched the AMC Manager app, designed to enable users to manage and monitor their K or X Series alarm from their phone or tablet. Compatible with both iOS and Android systems, the intuitive app supports both portrait and landscape use, and allows users to view their alarmed zones on an imported map of the alarm location or building. For more information visit www.lsc.com.au Phone: 1300 786 211
Security Licensing And Compliance For 2018 Commonwealth Games According to a recent release by the Queensland Office of Fair Trading, the influx of visitors, athletes, support staff and media for the Gold Coast 2018 Commonwealth Games (the Games) will increase opportunities for security personnel looking to work at the Games. To ensure the safety of everyone involved, the Games organisers have employed four primary security contractors, who will employ more than 4,000 security personnel. It is envisioned that the security workforce will include both newly trained and experienced personnel. The four contractors are: • MSS Security • Wilson Security • SecureCorp • SNP Over the next several months, the Games organisers and the four primary security contractors will be advertising security positions. Anyone who is appropriately licensed and who wants to become a part of the Games can apply for positions at the Games jobs website (goldcoast2018.seek.com.au) or through the websites of each primary security contractor.
110 SECURITY SOLUTIONS
PTA SHO
Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.
LK
Marseille Police Force selects STid for weapons management and security STid and the City of Marseille are pleased to announce the inauguration of Be-Weapon, the first police weapons and equipment management solution that uses RFID technology. The inauguration ceremony and media presentation was held at the Plombières weapons storage facility in Marseille, in the presence of Mrs. Caroline Pozmentier-Sportich, Deputy Mayor of Marseille and Vice President of the PACA Region, who is responsible for Security and Crime Prevention, and Mr. Marc Labouz, who is Head of Security for the City of Marseille. The initiative was launched in 2015 by Marseille City Council, with the aim of streamlining operations and ensuring the security of people and assets within municipal police weapon storage facilities. The City Council issued a tender for the development of a computerized tracking system to enable the police force to accurately log movements of weapons and other security equipment in and out of the stores. Although many companies bid for the contract, the City of Marseille selected STid, a market-leading trailblazer in the design of secure RFID solutions. Key selection criteria included STid’s expertise in large-scale project management, its “made to measure” identification and tracking solutions and its experience in RFID integration in difficult environments. “For an organization like the Marseille Municipal Police Force, we were not just looking for a contractor merely able to meet specifications. The solution needed to offer real user benefits to ensure that officers buy into the new system,” explained Caroline Pozmentier-Sportich, Deputy Mayor of Marseille. The solution has been successfully integrated at the Plombières pilot site and this will mean that it can now be rolled out other weapons facilities across the city, including the Longchamp site. The City of Marseille is delighted to be the first municipality in France with a police force that has a cutting-edge technological solution for weapons store management. For more information visit : www.stid.com
Nominations For The 2017 Australian Security Medals Are Now Open!
Since its inception in 2010, The Australian Security Medals Foundation Inc. (ASMF) has grown to become a credible force in change for the good not just in the security industry, but across the community as a whole. In order to continue the good work being done, the Foundation requires your support. We need you help to identify the outstanding men and women in our industry who are worthy of recognition. As many people will be aware, the awards are divided into two categories defined as the following: THE AUSTRALIAN SECURITY VALOUR MEDAL (ASVM) & THE AUSTRALIAN SECURITY MEDAL (ASM) ELEGIBILITY A security manager, security professional or licensed security operative in any State or Territory of Australia can be nominated.
PROCESS Nomination may be brought to the attention of the Awards Panel through the following: • Through a written submission by a member of the public with direct information relating to the event; • Through information from law enforcement, emergency services, government departments or judiciary; • Through a written submission by the officer’s current or previous manager/employer; or • Through information provided through a credible industry professional or a registered Security Industry Association. (Self nominations will not be accepted) It should also be noted that nominations are not restricted to acts or services provided or performed within the last twelve months. Nomination can be made for worthy persons going back to the beginning of the Foundation in 2010. For a full explanation of the criteria for nominations in both categories of awards, as well as nomination forms, please visit www.inspiringsecurity.com Remember, nominations close June 17th.
SECURITY SOLUTIONS 111
SUBSCRIBE Security Solutions Magazine, Level 1, 34 Joseph St, Blackburn, Victoria 3130 | Tel: 1300 300 552
I wish to subscribe for:
oONLY $62 per annum!
Name: ............................................................................Company: ....................................................................................... Position: .........................................................................Address: ......................................................................................... Suburb:...........................................................................State: ................................. Postcode:............................................. Tel:..................................................................................Email: ................................................................. ........................... TERMS AND CONDITIONS For more information on subscriptions, or to contact Interactive Media Solutions, please phone 1300 300 552 or email to admin@interactivemediasolutions.com.au. Deductions will be made from your nominated credit card every year in advance of delivery. The direct debit request and subscription price may be changed by Interactive Media Solutions from time to time, however you will always be given at least 28 days notice. The authority to debit your account every year remains valid until you notify Interactive Media Solutions to cancel your subscription by contacting Interactive Media Solutions Customer Service. No refund is given after a payment is made. In the event of a cancellation of your subscription, the subscription will simply expire twelve months from when the last subscription payment was made. Information on how we handle your personal information is explained in our Privacy Policy Statement.
Credit Card oBankcard
oVisa
oMastercard
oAmex
oDiners
Card Number: ........................................................................................................................................................................ Exp: _ _ / _ _ Card Name: .................................................................................................................................................................................................................... Signature: ....................................................................................................................................................................................................................... When payment has been received and funds cleared, this document serves as a Tax Invoice. Interactive Media Solutions ABN 56 606 919 463. If this document is to be used for tax purposes, please retain a copy for your records.
Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...
Subscribe to Security Solutions Magazine for
ONLY $62 per annum!
Simply fill in the form or call 1300 300 552
112 SECURITY SOLUTIONS
TR
OR
HÉE D’ OP