Facebook Instagram Linkedin Twitter Youtube
Advertisement
Home Blog Page 96

The ASIS International Australia Conference 2017

By
John Bigelow
-

The ASIS International Australia Conference 2017 is the premier gathering of security professionals. The conference provides an established platform for education and business exchange, addressing the key trends and issues facing security professionals locally and globally.

Key topics

  • Terrorism
  • Cyber-Security
  • Behavioural techniques
  • Security Management
  • Emergency Management

The conference is a great opportunity to:

  • Engage with peers and colleagues from the public and private sectors
  • Join industry leaders accelerating the future of the security profession

Who should attend the event:

  • Security professionals across the public and private sectors
  • Security Risk Management professionals
  • Security service providers
  • Security consultants
  • Government and law enforcement professionals

Visit Website for more details

The 2017 Australian OSPAs

By
John Bigelow
-

The Outstanding Security Performance Awards (OSPAs) are pleased to announce the dates for the 2017 Australian awards. They will be working for the third year in a row with the prestigious, Australian Security Industry Association Limited (ASIAL).

The Outstanding Security Performance Awards (OSPAs) recognise and reward companies and individuals across the security sector. The OSPAs are designed to be both independent and inclusive, providing an opportunity for outstanding performers, whether buyers or suppliers, to be recognised and their success to be celebrated.

The criteria for these awards are based on extensive research on key factors that contribute to and characterise outstanding performance. This research can be found here: Aspiring to Excellence, a Security Research Initiative report conducted by Perpetuity Research. The OSPAs are being set-up in collaboration with security associations and groups across many countries.

By researching and standardising the award categories and criteria, the OSPAs scheme provides an opportunity for countries to run their own evidence based OSPAs schemes while maintaining an ability to compete on an international level in the future, ‘World OSPAs’.

Core Values

  • Independent: The OSPAs are independent. You don’t have to be a member of an association to be involved – anyone from the security sector can enter a category which is relevant to them. The only requirement is that you have shown outstanding performance in your field.
  • Credible: The criteria for each award category have been carefully considered and based on extensive research across different security sectors and by looking at how outstanding performance is recognised and judged in other fields. There is strict criteria for who is appointed as a judge and for ensuring that judging decisions are fair and impartial. Representatives from each country will assess entries and make the final decisions on the winners.
  • Transparent: We want everyone to know the criteria for entering, how judges are selected and how the judging process works, so these details are published on the website.
  • Respectable: The OSPAs will become a worldwide brand, generating honour and opportunities for our winners. Furthermore, winners will be widely recognised as driving outstanding performance across the sector.

Why enter the OSPAs?

There are many great reasons for entering the OSPAs:

  • Credibility– you will become part of an evidence based scheme which understands what ‘outstanding performance’ really means, and recognises it.
  • Gain Recognition and Brand Exposure – by joining the OSPAs you will become part of an international scheme recognised across the industry.
  • Value – by entering the OSPAs you will show people that you recognise the value of the security work carried out by your business.
  • Industry Benchmarking– you will be able to set yourself apart from the competition by committing to a scheme which rewards evidence based achievement and is committed to openness and credibility.
  • Business and Networking Opportunities– The OSPAs will bring together people from all over the industry, you’ll have the chance to meet new people and make important industry contacts.
  • The Awards Night– you will be a part of a brilliant and enjoyable event, that will be one of the premier nights on the security calendar.
  • Winners– You have the chance to become the winner of an OSPAs award, and to be promoted on both your country’s OSPA website and the Global OSPAs website.

Who Can Enter?

Anyone working in the security sector of a country with an OSPAs scheme can enter. You don’t have to be a member of an organisation or association to do so. The main criterion for entry is that you can show that you or your company have performed at an exceptional level. You are permitted to enter more than one award category.

How Do You Enter?

It is very simple to enter the OSPAs there are two simple questions to answer for each category and it can all be done online or via email. Simply visit https://au.theospas.com

Creating A Resilient Organisation

By
John Bigelow
-

Resilience – what does it mean? Bounce back, bounce forward, to recover and prosper?

For Global Resilience Group Director Mark Carrick, it is about moving forward and never giving up. “For me personally, the first thing I always seem to think of is Indiana Jones, relentlessly pursued by that enormous rolling ball in the original Raiders of the Lost Ark. His focus on not only avoiding the ball, but treating each setback as a minor inconvenience, and organisational and personal learning event, working our way through the challenge to safety! Resilience to me seems to be a pursuit undertaken by humans, something that can often be forgotten in fast-paced expanding and emerging industry that now looks to engulf singular functions of organisations globally.”

To say that there is both confusion and debate surrounding the subject of resilience would undoubtedly be an understatement. In fact, it is rare to find two practitioners that agree on more than generic principles, let alone fundamental and practical application. As Foxtel’s Business Resilience Manager Amit Bansal points out, “It is one of the interesting and frankly energising points to consider. Resilience is and should be bespoke; it is not a one-size-fits-all process and those seeking to brand, export and sell it as such will be in for quite a surprise.”

By its very nature, resilience needs to be considered or applied with a clear understanding that it will be for a certain period. One organisation deemed resilient at a set point can easily be judged as disrupted and unprepared at another. Robert Crawford, Group Manager for Security and Resilience for the Thiess Group, adds, “The principles of resilience call for unification, silo breaking, communicative business units and management support, all aligned to best prepare for and respond to disruption.”

While this aspirational goal sounds both interesting and justifiable, does it mean that global organisations are clambering to invest time, money and resources into resilience? The answer it would seem is yes and no. As an emerging industry, resilience now sits in an interesting position of having no owner, yet with many suiters.

According to Ken Simpson, Managing Consultant of the VR Group, there is still plenty of debate on where resilience sits and with whom. “For several years, the business continuity and risk management communities have played tag with adoption, likewise in recent years crisis, security and emergency management practitioners have all launched a campaign of association. In more recent times, cities, communities and infrastructure have all contributed and placed a bid for alignment if not ownership. This interest, while productive in building awareness, has not exactly embedded resilience or established it as a must have; rather, for many it is seen as a nice to have.”

So, while the world debated, a group of Australian resilience practitioners, backed by the Risk Management Institute of Australasia (RMIA), decided to put some thought into the local scene. Supported by the RMIA’s Special Interest Group (SIG), the chair of the committee, Jason Gotch, outlined how the group was formed. “It was during the 2015 RMIA National conference, I approached the RMIA President Anthony Ventura and asked if he was interested in setting up a SIG specifically focused on considering the links between risk and organisational resilience. At that stage, it was just an idea, but I felt if I could get a group of well-known practitioners together, lock them away for a year, we would be able to come up with something of interest.”

Recalling Jason’s enthusiasm for the project, Anthony Ventura says, “Jason is always convincing as he brings a high level of drive and commitment to all of the projects that he is involved in. While resilience and risk are somewhat related, just how and where the areas converge is up for debate. I felt that our members would benefit from knowing more about the subject. It is important to have a tangible benefit from these activities, so we felt that an industry-based whitepaper would be of interest and value.”

While there were plenty of volunteers interested in assisting with the project, getting them focused and in one location was not always that straightforward. Jason recalls, “I was keen to get a real mix of practitioners with varied backgrounds, many of the groups working on resilience projects are made up of all the same type of people or often come from the same background. I feel any investigation into resilience should be made up of practitioners from as many of the disciplines as possible. Resilience is not owned by business continuity, risk or security. Perhaps a cliché, but it is the parts that make the whole.”

With the group being composed of both embedded resilience staff and freelance consultants, there were often times when not all parties agreed. As Pete Gervasoni, Senior Risk Partner at Victoria’s TAC recalls, “It is all pretty competitive to be honest, with consultants and internal staff often at odds with each other over the direction of resilience. For example, I am coordinating a large program here at the TAC, it takes time and considerable energy to gain engagement and buy-in. On the other hand, consultants often work faster and to some extent in a lighter fashion, meaning they can move quickly from one organisation to another.”

This meeting of minds, while occasionally problematic, proved to be a benefit in terms of creativity. Lisa Cameron de Vries from Phoenix Resilience agrees, “It was a fantastic experience to look through both lenses, for the embedded practitioner there are challenges around management buy-in and availability of resources while working towards implementation. Initiating change in organisations in any case is a challenging and time-consuming process and certainly embedding resilience in everyday decision making can take some time. As a consultant, we are often working to very fast delivery times and set budgets, with high expectations that our work delivers industry best-practice outcomes that also strengthen the internal competencies.”

While the group felt that a whitepaper focused on the viewpoints of practitioners would be of benefit, a guiding principle was to avoid an academic approach. Phillip Wood, Head of Department, Security and Resilience, at Bucks New University explains, “I was interested in assisting with this project for the very reason that it was not an academic exercise. Those types of papers are everywhere these days, in fact there are so many of them it gets quite confusing for those people either just starting out in the industry or for those already in it.”

Jason Gotch adds, “We decided as a group that the outcome of the project would be to produce a practitioner’s view of resilience, written by those already working within the industry. Anyone who truly understands resilience will tell you that it is always relevant. Relevant to environment, to a point in time, to an organisation, the whitepaper is also an opinion piece, one based upon our own experiences. It is not designed to be a definitive guide or to be dismissive of any other research into the field. We hope that it will add to the debate on resilience and contribute to helping people understand an evolving and very exciting industry.”

Launched at the 2016 RMIA National Conference in Melbourne in November, the whitepaper has already been downloaded over 1500 times and shared widely within both Australia and globally. The 2017 SIG will commence from February, with an international committee made up of practitioners from Australia, the United Kingdom, the United States, Sweden, Hong Kong, Indonesia and Singapore. Co-chair for 2017 Pete Gervasoni adds, “Jason has been able to bring together a fantastic group for this year, with a wide and varied set of skills and backgrounds. I am excited to be able to co-chair and work alongside so many great practitioners.”

Internationally renowned crisis management specialist Bob Jensen, managing director at the US-based STRAT3 consulting firm, also feels that this year’s group should be able to develop something interesting given the wide backgrounds. “I am super excited to be again joining the group. Last year was a wonderful experience. I gained a huge amount from being involved in the process and expect to learn and share plenty this year.”

Visit www.rmia.org.au or dynamiqglobal.com/news-insights/news/rmia-whitepaper for more information.

Jason Gotch works for Dynamiq, an international risk management company, as a business development manager, specialising in the areas of business resilience and travel risk management. Jason is a well-known and senior member of the Australian risk and resilience community, having formed several resilience-related associations.

Bomb Safety and Security: The Manager’s Guide

By
Don Williams
-

Bomb safety and security managers guideLike so many aspects of security, bomb safety and security has become a topic of significant concern to every organisation in the last decade. Any business, regardless of how large or small it might be, how innocuous it might appear, could and possibly will be subject to some type of bomb related incident through the course of its operating life. Whether it be through disgruntled employees, or as a result of operating in a target rich environment such as a large retail shopping centre or strip, or as the result of a misunderstanding or poor communication or could even simply be wrong place wrong time. The fact remains, the explosive growth (pardon the pun) of extremist activity combined with the proliferation of information freely available via the world wide web means that anyone with the motivation, means and opportunity can instigate an explosives related threat.

This is why I believe this book is an important read for anyone responsible for the safety of people and/or property, from facility managers through to retail, event, business and security managers.

Unlike other security related texts, this book has been written in a way that makes it accessible to everyone. You do not need years of experience in security or a grasp of convoluted acronyms and complicated security theory to get the most from the book. Full of easy to understand, no nonsense explanations and insights, Bomb Safety and Security: The Manager’s Guide help readers understand how to not only develop and implement appropriate bomb safety and security measures to safeguard life, property, and reputation, but more importantly, to do so while minimising unnecessary disruption, maintaining operations and protecting profitability.

The book provides guidance on how to prepare for and respond to:
– Bombs of various types
– Threats
– Unattended items
– Post-Blast situations

Drawing on 20 years experience as a bomb technician, follow by a successful career in security including such positions as the Bomb Risk Manager for the Sydney 2000 Olympics and Paralympics and the Defence Officer at a National Bomb Data Centre, Don done an enviable job of providing practical common sense approaches to problems that will make sense to both security professionals and non-security professionals alike.

Available from asrc.com.au

Enhancing the security at Southgate Shopping Centre with Hikvision

By
John Bigelow
-

SouthGate Shopping Centre is an outdoor destination/retail park area located in central Bath. Opened in 2009 it boasts 96 shops, restaurants and large underground carparks. As an extensive space, it is essential that the CCTV equipment is up to date and effective to reassure staff and shoppers of their safety.

Peter Parkinson, SouthGate’s deputy general manager says: “Hikvision fulfills our CCTV needs completely. With the platinum service any maintenance or call-outs are included in the package, which makes Hikvision more cost effective. With its wide range of products, the underground carparks, cash points, shops and back of house service areas are fully secure.”

SouthGate Shopping Centre was struggling with seven year-old, out-dated CCTV equipment. 30 cameras were faulty and had recording issues on DVR, others were obsolete and the maintenance of the old system became a major expense. The analogue cameras underperformed and the solution was neither upgradeable or scalable. There was an urgent need for new and high quality equipment.

Trusted partnership

The Hikvision IP cameras were installed by BWS Standfast Fire and Security. The company planned every aspect so that the shoppers were not disturbed during the implementation process, which took place during opening hours. It took one month to install 150 cameras and systems thanks to the excellent work of BWS Standfast.

Sales surveyor at BWS Standfast, Steve Hopkins, led the installation and believes the innovative cameras’ reliability and price are what ensures he chooses Hikvision every time. He says: “The focus on research and development at Hikvision is proven with so many new products coming out monthly. I feel safe in the knowledge that I install the latest and best products for my customers.”

HIKVISION SOLUTIONS

IP cameras

It was crucial for the centre to upgrade from analogue to IP cameras, which can send and receive data via a computer network and the Internet. This ensures up to the minute clear images and updates.

Varifocal dome cameras and fixed dome cameras

The dome cameras help the security team to see crystal clear HD images from various angles, which is perfect for busy open spaces. The powerful infrared LED night vision means the camera can see up to 30 metres in total darkness for excellent clarity of recorded images.

PTZ Dome cameras

These enable the security team to see everything from all angles. A PTZ (pan tilt zoom) camera is essential and ideal for large communal areas.

Channel Network Video Recorder (NVR)

An NVR software programme records video in a digital format to a disk drive, USB flash drive, SD memory card or other mass storage device. This means all content recorded in the centre is stored and available to view easily by security staff, which was previously an issue with the old equipment.

Video management software

The video management software provides multiple functionality, including real-time live view, video recording, remote search and playback and file backup to meet the needs of the monitoring team. The convenience and usability of this software helps SouthGate keep the centre secure at all times.

Why SouthGate Shopping Centre chose Hikvision

When asked what is the biggest difference Hikvision has made to the centre Peter says: “Knowing that all of the 150 Hikvision cameras are fully working, reliable and provide high quality images and video is a huge reassurance. Security is of the utmost importance, so I am pleased I do not have to worry about the new system.”

The centre needed a state-of-the-art IP solution at a reasonable price and Hikvision fitted the bill. With the work from BWS Standfast, the entire fleet of cameras were installed within one month with minimal disturbance.

Peter adds:“The customer service from both Hikvision and BWS Standfast was outstanding. I look forward to our continued work together.”

Products installed

A range of Hikvision’s innovative IP cameras were installed including PTZ domes and fixed domes to ensure a crystal clear image from all angles.

Because the centre is a large, busy, open space it is necessary to have all areas covered. BWS Standfast also ensured each of the SouthGate security team were trained in how to use each of the Hikvision products.

 

For more information, please visit Hikvision’s website at www.hikvision.com.

VIVOTEK Join Forces with Neural Labs and Vialseg for Revolutionary Red-Light Enforcement System in Argentina

By
John Bigelow
-

With a population of 45 million people, Argentina has grown since its beginnings as a colony and trading center for the Spanish empire in the Americas to become a thriving nation and center of trade and commerce for the region. In fact, beyond its clear regional importance, the country has increasingly become the focal point for several global events.

The Challenge: To develop a traffic light enforcement system without a physical connection to the street and traffic light

Up until Vialseg developed this new system the traffic light enforcement in Argentina relied on devices based on physical inductive loops installed under the pavement and a physical connection to the traffic light controller. This created constant downtimes resulting on lack of violations captured due to road maintenance or lost connection with the traffic light itself as two common examples.

The Solution: VIVOTEK, Selnet Integrated Solutions, Neural Labs and Vialseg Unite to Intelligently Solve This Issue

Vialseg, the leading provider of Traffic Speed Enforcement systems for the private and public sectors in Argentina came up with the innovative idea of combining two cameras and a robust License Plate Recognition (LPR) solution, so they combined forces with VIVOTEK´s local distributor Selnet and LPR software partner Neural Labs. Vialseg then developed the system and software based on technology provided by the world leader in total surveillance solutions – VIVOTEK, and its revolutionary H.265 3-megapixel box type network camera IP9171-HP (AB6117-HP). Working hand in hand with experts in License Plate Recognition (LPR), Neural Labs, Vialseg and its partners developed a system in which the Vialseg Red-Light Enforcement system utilizes high resolution imagery taken from the IP9171-HP (AB6117-HP) cameras and using Vialseg custom made software apply this image to Neural

Labs’ LPR software to analyze the traffic light status (red/yellow/green) and vehicle position in the intersection to detect whenever a vehicle violates a red light. Traffic officials will then receive all imagery automatically to use as evidence in the prosecution of such violations.

The red light enforcement systems are already applied in the cities of Escobar, Moreno, Necochea and Coronel Pringles, all in the Buenos Aires Province, the largest both in size and population in Argentina, and the system is expanding continuously. Plans to continue deploying systems in the city of Buenos Aires and other major metropolis are underway, with estimation for over 100 systems to be installed during 2017.

VIVOTEK’s H.265 3-megapixel Box Type Network Camera – A Workhorse Intent on One Goal: Accuracy.

Acting as the system’s vital eyes, VIVOTEK’s IP9171-HP (AB6117-HP) is a brand-new professional H.265 box network camera offering up to 30 fps at 3-megapixel with superb image quality and provides accurate identification of license plates in any conditions.

To speak of the IP9171-HP (AB6117-HP) as the eyes of this system is no overstatement. Vialseg choice was based on various key features of this camera:

  • Corridor view:This unique function allows capturing panoramic images of the traffic light and intersection in a much efficient
  • True Day & Night:In the case of the “Zoom Camera” it´s pointed at a smaller area of the intersection to identify the vehicle using LPR and features infrared lighting to improve license plate reading under bad lighting conditions and overnight.
  • Remote Back Focus:helps installers adjust the focus more precisely without the need of ladders or another lifting means
  • Combining WDR Pro and Supreme Night Visibility (SNV) technologies, the camera can adjust to and capture high resolution imagery in both high-contrast lighting conditions found in the bright of day, and the lowest light conditions of the dark of night. Together, these features enable the camera to provide video quality strikingly close to the capabilities of the human eye and provide the underlying optical technology necessary to ensure the rigorous enforcement of traffic light signals across the country. It was the ability of the IP9171-HP (AB6117-HP) to seamlessly integrate with Neural Labs LPR software and provide supreme video quality that made such a system

www.vivotek.com

Marseille Police Force selects STid for weapons management and security

By
John Bigelow
-

STid and the City of Marseille are pleased to announce the inauguration of Be-Weapon, the first police weapons and equipment management solution that uses RFID technology.

The inauguration ceremony and media presentation was held at the Plombières weapons storage facility in Marseille, in the presence of Mrs. Caroline Pozmentier-Sportich, Deputy Mayor of Marseille and Vice President of the PACA Region, who is responsible for Security and Crime Prevention, and Mr. Marc Labouz, who is Head of Security for the City of Marseille.

The initiative was launched in 2015 by Marseille City Council, with the aim of streamlining operations and ensuring the security of people and assets within municipal police weapon storage facilities.

The City Council issued a tender for the development of a computerized tracking system to enable the police force to accurately log movements of weapons and other security equipment in and out of the stores.

Although many companies bid for the contract, the City of Marseille selected STid, a market-leading trailblazer in the design of secure RFID solutions.

Key selection criteria included STid’s expertise in large-scale project management, its “made to measure” identification and tracking solutions and its experience in RFID integration in difficult environments.

“For an organization like the Marseille Municipal Police Force, we were not just looking for a contractor merely able to meet specifications. The solution needed to offer real user benefits to ensure that officers buy into the new system,” explained Caroline Pozmentier-Sportich, Deputy Mayor of Marseille.

The solution has been successfully integrated at the Plombières pilot site and this will mean that it can now be rolled out other weapons facilities across the city, including the Longchamp site.

The City of Marseille is delighted to be the first municipality in France with a police force that has a cutting-edge technological solution for weapons store management.

About STid

Our business – Protecting people, goods and data by securing identity and access

STid is a trailblazer in designing contactless solutions using Radio Frequency Identification technologies (RFID, NFC and Bluetooth® Smart). For more than 20 years, we have been inventing smart solutions in the access security and asset track and trace markets for the most demanding industries, including the aeronautic, energy and defense fields.

More information on: www.stid.com

Building Risk Culture Is Easier Than Making Hot Dogs

By
Alex Sidorenko
-

Risk Culture - Easier than making hotdogs

Yes, building risk culture is that easy! Before I explain, let me first clear some misconceptions about risk culture that have been floating around in the non-financial companies.

  1. Making decisions under uncertainty is not natural for humans

Back in the 1970s, scientists had a breakthrough in understanding how the human brain works, what influences people’s decisions, how cognitive biases impact on their perception of the world and so on. Daniel Kahneman and Vernon Smith received a Nobel prize in Economic Sciences back in 2002 “for having integrated insights from psychological research into economic science, especially concerning human judgment and decision-making under uncertainty”. It is amazing how many risk managers and consultants continue to simply ignore this research. Identifying, analysing and dealing with risks is against human nature. They need to stop kidding themselves. The sooner the professional community accepts this, the easier it will be to integrate risk management into decision making.

  1. Managers do not take risks into account by default

One of the biggest deceptions floated around is that most business processes already take into account risks and decisions that are made by management after careful consideration of risks. Not so. Naturally, managers do consider some of the more obvious risks and there are exceptional cases where risk analysis is already integrated into the decision making. For the other 95 percent of companies, existing processes and management tools barely account for inflation and ignore or purposefully hide significant risks. If risk managers, instead of running useless risk workshops, had a deep hard look, they would soon discover that budgets are overly optimistic, project plans are unrealistic and some corporate objectives are borderline naïve. But then again, maybe not, because the rest of the company is fine with how things are and will do everything to stop risk managers from getting involved.

  1. Making risk management everyone’s responsibility is just wishful thinking

There seems to be an idea that strong, robust, risk-aware culture is the ultimate objective. It is the end result. While it sounds great, it is physically impossible. This is why so many risk managers have failed and so many more are struggling to make an impact. They are trying to move the rock that is not meant to be moved. This is probably the most important point of this article: The only person in the company who thinks strong risk culture is a positive thing is the risk manager. The rest of the organisation sees risk management as a direct threat to their personal interests, their income and their position in the corporate world.

Most managers ignore risks and take uncalculated risks for a reason. Most, but not all managers, and not all the time. That is where the risk manager comes in, trying to change the culture of certain individuals some of the time.

  1. Risk management culture is not about hearts and minds

Hopefully by now, readers realise that management does not care about risk culture. They will still say the right words when the risk manager is present but, deep down, nobody will care. The only chance for risk culture to stick is if it makes business sense for the individuals. This does not mean soft things like transparency, corporate governance and other nonsense; it means the direct impact on the bottom line or the personal security of an individual. The best examples of managers suddenly becoming very risk aware are when they can be shown that, by better managing risks, individuals could protect their role, avoid prosecution, have better business case for investors, save on insurance, save on financing costs or to get higher bonuses.

So… Takeaway Instead of Hot Dogs?

Despite everything above, building risk culture is a piece of cake. Risk managers just have to realise that they will not be able to convert everyone and some people are beyond help. There is also no single solution that will do the job. It is all about finding what makes each individual tick. It is time consuming yes, but not difficult at all. Hence, it can be equally applied by large corporations and small and medium-sized businesses.

Here are some practical ideas to get started:

  • Develop high-level risk management policy. It is generally considered a good idea to document an organisation’s attitude and commitment to risk management in a high-level document, for example, in a risk management policy. The policy should describe the general attitude of the company towards risks, risk management principles, roles and responsibilities and risk management infrastructure, as well as resources and processes dedicated to risk management. Section 4.3.2 of ISO31000:2009 also provides guidance on risk management policy.
  • Integrate risk appetites for different risk types into existing board-level documents; do not create separate risk appetite statements.
  • Regularly include risk items on the board’s agenda.
  • Consider establishing a separate risk management committee at the executive level or extend the mandate of the existing management committee.
  • Reinforce the ‘no blame’ culture by finding a number of arguments for different situations and different people on why it makes more business sense to disclose and account for risks.
  • Include risk management roles and responsibilities into existing job descriptions, policies and procedures and committee charters, not into a risk management framework document.
  • Update existing policies and procedures to include aspects of risk management.
  • Review and update remuneration policies.
  • Provide risk awareness training regularly.
  • Use risk management games.
  • Most importantly, get personally involved in business activities.

More ideas about integrating risk management into day-to-day operations and building risk culture can be found in the book that will be available to download next month for free at www.risk-academy.ru/en/download/risk-management-book

 As a Board member of Institute for strategic risk analysis in decision making, Alex is responsible for G31000 risk management training and certification across Russia and CIS, running numerous risk management classroom and e-learning training programs. Alex represents Russian risk management community at the ISO Technical Committee 262 responsible for the update of ISO31000:20XX and Guide 73 since 2015.

Presenting CCTV Evidence In Court: A Case Study

By
Gary Palmer
-

With Internet Protocol (IP) and high-definition (HD) CCTV now a part of everyday life for residential, retail and corporate business, it is more important than ever that the fundamentals of basic operation and system objectives are met. If not, the likely outcome will be a very expensive set of electronics that now provides little or no useful information to prosecute an offender.

As an example, and to highlight the issues related to providing useful CCTV, the following scenario will be of benefit when designing, installing and maintaining a surveillance system.

A few years ago at a licensed premises, which included a gaming facility, there was a confrontation between two individuals resulting in the death of one. Almost all of the activity was captured successfully on an analogue digital video recorder (DVR). The DVR was recovered and removed from site by police and a technician. To fully secure the evidence, the unit was stored in a secure vault within the court complex.

At the time, we suggested to police that a backup be made of all video data for the full 24-hour period surrounding the incident from all 16 cameras on-site in case of a hard disk failure while the unit was in storage. Following consideration by police and the court, a copy of the video data was transferred onto a new hard disk drive supplied by police.

During the process of backing up video data, the supervising officer (also the officer that attended the venue on the night of the incident) asked how best to ensure that the DVR would be fine and ready for use in court when the need occurred. This posed a number of issues.

The question was raised regarding how long might it take before the evidence on the original DVR could be presented. The answer was understandably vague, as the processes involved in preparing the case, which involved both police and the court, were very detailed and would take considerable time to complete. The main issues surrounding the preservation of the DVR were as follows:

  • that the unit not undergo any significant or unnecessary movement
  • under no circumstance could the unit be dropped during relocation
  • the unit should not be opened or manipulated unnecessarily in any way

The last point triggered a bigger issue that had not been considered previously.

All of the people involved in the handling and storage of the DVR to this point were supremely confident that the data stored on the original unit was intact and that it was encrypted and watermarked in such a manner that would be acceptable for use in a court environment. They could also be reasonably confident that the unit would not need to be moved or relocated and certainly not dropped. The unit was tagged appropriately and boxed with its polystyrene packaging and carton and stored securely, so “all should be well when we get to court” we all said with a sigh of relief. We shall return to this particular incident in a moment.

After a couple of weeks had passed, a shoplifting incident occurred at an unrelated site and video data was backed up from the ageing DVR and provided to police. It was noted during the process of completing the on-site backup that, although the incident had occurred during daylight savings time, the DVR had not automatically updated its time correctly as the time server IP address in the DVR was no longer valid. Upon further investigation, it was found that the CMOS battery on the motherboard was dead, resulting in the time and date on the unit being reset to the unit’s default, most likely following a complete power re-boot.

This initially triggered some concern about the ability to retain secure video data on older models of DVRs. However, further thought led us to explore the necessity of ensuring that systems are maintained in a manner that would reduce the risk of unreliable video evidence. This incident immediately prompted concern regarding the previously discussed DVR, which was being held for evidentiary purposes by the court, with my immediate thought being ‘what if’. A concern which would very soon become pertinent.

Contact was made with police to point out that if the DVR in question was going to be held in a secure evidence store for an extended period of time, the CMOS battery might fail, which would not corrupt any of the existing video data on the drives, but could and probably would reset the system time to the default 01-01-2000. Furthermore, on power up, the unit would begin recording from that date. Therefore, surely when the unit was used in court to provide evidence, the recorded video history would clearly show that the most recent video data recorded appears to be up to eight years older than the video being presented for evidence. Did this render the video evidence of the incident unusable or unreliable?

It was decided that during the lead up to trial, the DVR would be periodically brought out of the evidence store and run up in a secure environment within the court facility with a police and court witness present at all times. This would ensure and confirm that the DVR would be functional and ready to present the video data recorded at the time of the event from its original source, not a backup. It was also decided that during the trial, I should be available to present factual evidence with regards to the construction of the DVR, the software used to create the recordings and original installation, maintenance, recovery and continued care of the unit.

The positioning of cameras on-site was considered at the time of installation and, of course, had evolved during the life of the CCTV system to reflect the growing needs of the venue. We had discussed during the installation that the balance between the length of recorded history and the number of frames each camera would capture each second was a critical decision, but could be easily adjusted over the initial month to get the best possible outcome. The eventual frame rate agreed upon was seven frames per second. It was felt that this would provide around 60–70 days of recorded history and all at a very good motion detect sensitivity.

The cameras utilised were of relatively good quality, with some even being re-used when the system was upgraded. The cameras were at least 500TVL day/night, so good images were produced, regardless of the local lighting and weather conditions. A number of the cameras were inside the building and a couple were on the external facade to cover car parks and entry points.

The Trial

The trial ran over a number of days, with my attendance being required for the duration of the hearing. Although I had attended many court cases to provide support to police or the court, this was the first that involved the death of a person clearly recorded on CCTV.

Coincidentally, the camera that captured the final event was not an expensive 600TVL day/night camera with sens-up or clever backlight compensation (BLC) adjustments; it was an older, full-bodied camera in a dome housing that had been installed some years before.

My initial court attendance involved being required to re-install the DVR into the actual courtroom where the trial would commence later that day and then training prosecution and defence barristers on the use of the unit’s playback characteristics. I was present when the incident was shown to the court and was then questioned at length on the construction, programming and security of the recorded video data. I was also asked about my personal experience and longevity in the security industry, including my historic knowledge of this particular DVR and software. All of the aforementioned questions were answered with little need for further questioning. However, it should be remembered that when giving such evidence, one must only state the facts and no assumptions may be made regarding any part of the evidence provided and to remain calm and confident in your answers.

I would like to say at this point that the idea of having to provide evidence in court is an easy thing to do, but it is not. It is stressful and sometimes disconcerting. The most difficult points to relay to the court were the understanding of video compression (why does it need to be compressed), frame rate (explaining what might have been missed in the other little bits of that one-second period recorded), motion detection (what bits do not get recorded) and the watermarking of video (security), all of which would have a direct bearing on the final outcome of the trial. To make these points clearly and concisely in a manner that the court could understand, a large whiteboard came in very handy.

The outcome of the trial was never going to be positive for the individuals involved, but it proved that the best possible CCTV evidence is a critical component for police and the court to come to a definitive decision.

As a result of my involvement with this and other court cases, I have been able to develop a number of key points which need to be taken into account when considering the implementation and maintenance of any CCTV system. They are as follows:

  • Regularly maintain the system, including camera mounting, cleanliness, focusing and alignment to the subject.
  • Check the system time against a known correct source frequently and correct accordingly.
  • Retain records of system maintenance.
  • Only use recording equipment that records watermarked images and therefore cannot be manipulated, altered or changed in any way.
  • Restrict the number of employees that have access to the CCTV equipment.
  • Provide training to key staff on the use of the system, ensuring they can backup video for police on request.
  • Remember that the person that provides the video data to police will become a witness; they should have a good understanding of the CCTV system and be able to give evidence of the steps they took to make a backup copy of the video data supplied to police.

Some guidance on camera location, purpose and objective is provided below in accordance with South Australian Police requirements for closed circuit television.

Location Camera Purpose Objective
Entrance and exit Identify Identify all persons entering and leaving the premises
Service counters Identify Identify and clearly record actions of customers and staff
High-value merchandise Recognise Clearly record actions of customers and staff
Pay points (customer side) Recognise Clearly record actions of customers at the payment point
Pay points (business side) Recognise Clearly record actions of staff at the payment point
Vehicle gates/driveways Recognise Clearly record entry and departure of all vehicles
Shop floors/display areas Detect Identify customers and staff and establish their movements
Car parks Observe Determine the date and time of persons and vehicles in the area
Fuel station forecourts Recognise Record images of vehicles and persons re-fuelling vehicles
Fuel station forecourts Identify Identify all vehicle number plates
Hazardous materials Recognise Clearly record actions of customers and staff at the counter

The Growing Threat Of Terrorism In Australia

By
John Bigelow
-

By Dr David Wright-Neville

The recent release of the respected 2016 Global Terrorism Index carries some worrying implications for Western nations such as Australia. Of particular concern is the increasingly migratory nature of the kind of fury that inspires terrorism in other parts of the world. The report drives home the point that in the 21st century, anger does not need a passport. It travels quickly and efficiently so that resentments fuelled by events in, for example, the Middle East, increasingly merge with local frustrations to form a highly combustible rage that has erupted in the streets of Paris, Nice, an Orlando nightclub and other spaces once considered safe.

Although much of this increase in terrorist violence in the West has been inspired by Islamic State – 18 deaths caused by IS-affiliated attacks in the Organisation for Economic Co-operation and Development (OECD) countries in 2014 rose to 313 deaths in 2015 – it would be incorrect to credit the group as the only reason for the growing incidence of terrorism in the West.

Terrorism has been trending upwards globally for over a decade, a development from which Western countries have not been immune, as witnessed by tragedies such as the attacks on the public transport systems in Madrid (2004) and London (2005) – killing 192 and 56 people respectively – the killing of 77 people in Oslo by the right wing extremist Anders Breivik (2011) and, among others, the Boston marathon bombing (2013).

Over this period, there have also been a series of near misses with a combination of good luck and good police and intelligence work avoiding mass casualty attacks in places ranging from Copenhagen to Times Square.

And, of course, Australia has not been immune from this trend, with a series of small-scale terrorist attacks and a few larger scale strikes interrupted by police and security services before being carried out, suggesting that like comparable Western nations, terrorists reside among Australians and public spaces no longer offer protection.

Just a small sample of these incidents occurred in September 2014, when the 18-year-old Numan Haider was shot and killed by police after stabbing two officers outside a Melbourne police station. Several months later in December, a refugee from Iran, Man Haron Monis, took 17 people hostage in the Lindt café in inner Sydney, resulting in three deaths (including Monis). Then in February 2015, two men from Sydney (a 24-year-old and a 25-year-old) were arrested and charged with preparing to commit an act of terrorism. A homemade Islamic State flag was discovered in their possession. In May 2015, a 17-year-old boy from the outer Melbourne suburb of Greenvale was arrested after being discovered in possession of homemade bombs. This was followed in October 2015 when a 15-year-old Iranian-born Kurdish refugee shot dead 58-year-old accountant Curtis Cheng outside the Paramatta police station in Sydney. More recently, in September 2016, a 22-year-old student was arrested after allegedly stabbing a pedestrian in a park in the Sydney suburb of Minto – a copy of the Islamic State’s online magazine Dabiq was reportedly found on his computer.

Although not on the same scale as attacks in Western Europe and the United States, the attacks in Australia have nevertheless impacted significantly on the national psyche and rendered the threat of terrorism as an organising principle for many aspects of public policy.

In many respects, Australia’s reaction to the threat of terrorism can be explained by the nation’s comparable lack of experience with terrorism. Until the events of 9/11 – when 11 Australians were among the 2,996 people killed – the nation had been relatively immune from the threat. Small, isolated acts in the name of Irish nationalism during the late 1800s; an attack on a picnic train by two Turkish nationalists near Broken Hill on new year’s day 1915; a series of bombings and shootings targeting Turkish, Yugoslavian and Jewish interests in Sydney and Melbourne in the 1970s and 1980s; the 1978 bombing of the Sydney Hilton during the Commonwealth Heads of Government Meeting (CHOGM), and a series of small-scale arson attacks by white supremacist groups in the 1990s meant that acts of terrorism were small and rare compared to equivalent Western societies in Europe and North America.

But since 9/11, Australians have changed the way they think about their safety, about the right of government to pry into their private affairs in the name of security, and in the way they treat people of different faiths and backgrounds. Terrorism, or fear of terrorism, is now firmly embedded within the Australian consciousness and is a fixed part of the political landscape. It now informs Australia’s foreign policy, its willingness as a society to trade away key rights for the dubious promise of ‘safety’, its approach to refugees and asylum seekers, and even local planning laws (witness the long debate over the construction of a mosque and Islamic cultural centre in the small Victorian rural town of Bendigo).

In the wake of these episodes, it is now understood that a terrorist might be the young person at the tram stop, a neighbour’s teenage son, a nephew or niece, or sadly for a growing number of parents even their own children. Yet despite this, many Australians continue to labour under a troika of misperceptions about the nature of the terrorist threat confronting the country.

Grounded in hysteria and a seemingly irresistible urge to reduce the complex phenomenon of terrorism to glib clichés and headlines, an informal alliance of politicians and media seem to have become addicted to peddling these non-sequiturs.

In short, what is needed is a calmer approach to discussing the nature of the threat faced by Australia, beginning with the dispelling of three enduring myths.

Myth 1: Terrorists hate Australia for its way of life

In the aftermath of any significant terrorist attack it is common to hear politicians attribute the actions to the terrorists’ ‘hatred’ of Australia’s way of life. People are told that terrorists, particularly those linked to Al Qaeda or Islamic State, hate freedom and democracy and are hell bent on its destruction. This reduction of terrorist motivations to a single obsession glosses over some important nuances and diverts attention from a more detailed and sophisticated understanding of what drives terrorists to kill.

Stripping away the surface-level rhetoric of terrorists and examining the life histories of those who commit such acts reveals that the violence is very rarely motivated by any existential contempt for the accoutrements of modern liberal democratic lifestyles. Although they might not agree with the universal franchise, the consumption of alcohol, licentious behaviour or wear revealing clothing, this disagreement is not enough to trigger the urge to kill. Rather, violent rage is more often based on the belief that the dominance of these lifestyles leaves little room for alternatives.

In the case of groups such as Al Qaeda and Islamic State, anger with the West is given added momentum by foreign policy where support for repressive regimes in the Middle East is conflated with a general hostility towards Islam and a desire to prevent Muslims from pursuing the kinds of social choices that are taken for granted in the West.

This view was articulated clearly by Osama bin Laden himself after the 9/11 attacks when he rejected the view that the attacks were motivated by a hatred of freedom per se but were the result of opposition to American foreign policy. “I say to you that security is an indispensable pillar of human life and that free men do not forfeit their security, contrary to Bush’s claim that we hate freedom. If so, then let him explain to us why we don’t strike, for example, Sweden?” he said.

The same is true of Islamic State and its recent attacks by its supporters’ targets in the West. It is important to note that until the commencement of the Western-led bombing campaign in August 2014, the group’s message focused on trying to attract Western recruits to assist in consolidating the so-called caliphate declared by its leader Abu Bakr al-Baghdadi. This only changed with the commencement of Western-led airstrikes and overt Western actions designed to roll back Islamic State’s successes.

Of course, this is not to argue that the international community, particularly the West, should not have involved itself in the struggle to defeat Islamic State, whose grotesque use of violence posed both a moral and political challenge to the entire international community. But it is wrong to argue that Islamic State’s actions against the West are motivated by an existential hatred of Western society and a desire to obliterate democratic freedoms in the West.

Myth 2: Terrorists are insane

Another myth about terrorism is that those who perpetrate the violence must be insane or in some way mentally impaired, with the most common diagnoses suggesting either psychosis or paranoid or narcissistic personality disorders. Until very recently, there was no evidence to support this view. In fact, most research suggested that the vast majority of terrorists were as ‘sane’ as ordinary members of the public. Some research even suggested that the rate of psychopathological illnesses within terrorist communities is slightly lower than their incidence among the general population.

This research makes sense when the difficult circumstances under which terrorist groups exist are considered – the need to remain alert to police and intelligence operations militates against the presence of mercurial personalities within terrorist networks, particularly those prone to erratic or unpredictable behaviour likely to attract the attention of the authorities.

It is true that some research suggests this might be changing with the growing phenomenon of lone wolfs and solo actors. The development of digital communication technologies and the associated emergence of virtual terrorist communities has certainly opened a space for personality types which in previous times would not have struggled to find a place within terrorist groups. However, research in this area is still in its infancy and a clearer picture is still some time away.

Myth 3: Religion causes terrorism

As demonstrated by the research of Peter Neumann and others, a large number of those fighting for Islamic State have been attracted to the organisation, not because of its religiosity – for they themselves are often religiosity illiterate – but because membership addresses deeper feelings of inadequacy and social impotence. Whereas once they felt powerless and weak, as part of Islamic State they feel empowered and important, imbued with a social significance and authority they could never have dreamed of in their previous mundane lives.

In other words, it is not religion per se that fuels their violence; it is a complex set of grievances and psychological dispositions that are given a veneer of religiosity through their attachment to a highly selective use of Islamic thought.

In the same vein, it would be wrong to blame Christianity as a whole for the actions of Eric Rudolph, the man convicted of the Atlanta Olympics bombing and a series of attacks against abortion clinics and a lesbian bar, despite his affiliation with the shadowy Army of God. Rather, Rudolph – a loner with long-standing grievances against women and homosexuals – was angry and primed for violence before gravitating towards a terrorist network whose warped interpretation of Christian scripture provided a pseudo-religious justification for Rudolph to act out his pre-existing anger under the guise of religiosity.

Reducing terrorism to these myths partly explains why after over ten years of the incremental erosion of human rights and civil liberties in the name of security – the so-called freedom-security trade off – the nation is no safer. Indeed, the data released by the Institute for Economics and Peace suggest the nation is at greater risk than ever before.

There is no denying that Australia’s police and intelligence services do an outstanding job in anticipating and eliminating threats as they emerge. But it is also true that they remain hamstrung by a lack of political and social leadership and are more often than not reactive rather than proactive when dealing with the terrorist threat.

This lack of leadership is epitomised by the ease with which political leaders and journalists retreat into the easy stereotypes discussed above. Holding to these myths not only obviates the needed for deeper reflection and more honest explanations about the complexity of the threat, but also feeds a public expectation that defeating terrorism is simply a matter of killing, capturing or incarcerating irrational fanatics who hate Australians for their way of life.

But this is precisely what Australia has been trying to do for more than a decade and, despite its efforts, the threat continues to grow. Surely it is time for a more honest public discussion about the complexities of the challenge that confronts Australia.

 

Dr David Wright-Neville is a Senior Political Risk Analyst at Globe Communications. He can be contacted via email davidwn@globecommunications.com.au

Schneider Electric announces new appointment for Automation Pacific Hub Leader & Industry VP for Australia

By
John Bigelow
-

Schneider Electric, a global specialist in energy management and automation, is expanding its expertise within the Industry business unit, with the announcement of a new appointment, Neil Smith. As of 1 March 2017, Neil has begun his role as Schneider Electric’s Pacific Hub Leader & Industry VP Australia.

Neil’s new role will see him take charge of the Process Automation, Software and OEM/BIC business portfolio, which includes market leading brands Modicon, Citect, ClearSCADA, WonderWare, Foxboro Triconex, and Altivar.

“We are thrilled to welcome Neil into our leadership team at Schneider Electric. With a rare blend of leadership and technical skills coupled with strong commercial acumen, Neil has a long standing record of meeting and exceeding the needs of our industry customers. This appointment recognises Neil’s ongoing commitment to Schneider Electric and his ability to drive our team to succeed in a fast-evolving landscape,” said Gareth O’ Reilly, Zone President, Pacific International Operations.

Smith has over 15 years’ of experience in the automation industry where he began and held both global and regional segment roles for Oil & Gas market with Rockwell. In 2014, Smith joined the former Invensys Australia as Director, Project Delivery Engineering. Post integration, Neil took on a different leadership role focusing on Product Management and Business Development for Process Automation before taking up a Sales Leadership position at Schneider Electric in early 2016.

“I’m excited to be taking on this new role with Schneider Electric. To move into a strategic leadership position at a company at the forefront of innovation in developing connected technologies and solutions that address industry challenges is a real honour. I am proud to continue working for Schneider Electric and look forward to being part of a team setting the future direction of this global energy management and automation market leader,” said Smith.

About Schneider Electric

Schneider Electric is the global specialist in energy management and automation. With revenues of ~€27 billion in FY2015, our 160,000+ employees serve customers in over 100 countries, helping them to manage their energy and process in ways that are safe, reliable, efficient and sustainable. From the simplest of switches to complex operational systems, our technology, software and services improve the way our customers manage and automate their operations. Our connected technologies reshape industries, transform cities and enrich lives. At Schneider Electric, we call this Life Is On.

Growing number of Australians accessing Dark Web

By
John Bigelow
-

By Natalie O’Brien

More Australians than ever are secretly accessing the notorious Dark Web as cyber experts warn the explosion in use of the anonymous internet platform could have serious ramifications for crime.

Data collected by The Tor Project shows a spike in users in the past two months using “bridges” an intermediary internet access point which goes one step further in hiding internet browsing activity by also hiding computer IP addresses.

It comes as Information compiled by the Oxford Internet Institute at Oxford University has revealed that for every 100,000 internet users in Australia up to 50 are now using the Dark Web.

The latest rise in figures has prompted warnings from cyber-crime experts like former top U.K. Cop Peter Davies.

Mr Davies, now the executive director of analysis and response for Austability, warned that his biggest concern is that many authorities do not have any visibility on what is happening on the Dark Web.
“Organised Criminals are utilising the Dark Web for the sale of drugs, guns, contraband and images of sexual and child abuse,” said Mr Davies.

“You don’t know who you will come into contact with by using it,” he said.

The Dark Web was infamously used for money laundering and drug trafficking through the site known as The Silk Road, before it was busted by the FBI.

The Dark Web is alternate internet engine which was established by the US Navy to enable anonymous internet browsing and secure communications for the military.

It is similar to a search engine like google, but is only accessible through special software.

It can be used to find things or sites that are hidden or encrypted and not searchable using google and other internet search engines.

Mr Davies told the CYMASS 2017 conference in Dubai that restrictions on internet use in some countries may also be driving people to use the Dark Web.

He explained that it can be used as a tunnel to get around censorship or blocking of sites by authorities.

Mr Davies said the problem for law enforcement is that they don’t know what is going on in the dark web and they struggle to assess the extent of its use.

He said authorities everywhere needed to step up their working knowledge and surveillance of activities on the Dark Web.

“However much we know now, it won’t be good enough in the next 10 years,” said Mr Davies.

“It is possible, like never before, to plan (nefarious) activities that are under the radar”, said Mr Davies, “that is why the use of the Dark Web is so worrying.”

 

This article originally appeared on MARCH 13, 2017 on the Security Is Your Business website securityisyourbusiness.com

ASRC MASTERCLASS SERIES 2017

By
Security Solutions
-

Following the launch of the book “Bomb Safety and Security – the Manager’s Guide” in late 2016 the Australian Security Research Centre is hosting a ½ day Masterclass based on the book.

ASRC Masterclasses enable peer-to-peer discussion of relevant topics guided by a leader in the field.

Takeaways from this Masterclass are the principles underpinning a safe and sensible response to bombs, threats, unattended items and post-blast scenarios.

The emphasis being on providing a safe and secure environment while minimising disruption to the organisation and protecting it from claims of mismanagement.

Additional topics:

  • Physical and procedural protective considerations
  • Hazardous mail
  • Search planning and management
  • Emergency procedure considerations including evacuation for bomb incidents
  • Training and testing
  • Risk assessment and mitigation and
  • Blast modelling factors

Attendees are invited to bring their site’s security and emergency management plans to refer to during the Masterclass.

Date and Time: Thursday, 20th April 2017, 0830-1230, followed by lunch.

Location: Level 10, 111 Bourke St, Melbourne.

Cost: $275.00 plus GST.

Discounted fee of $250.00 plus GST for: Registered Security Professionals, Members of ASIS International, VMA and FMA.

All attendees will receive a copy of the book “Bomb Safety and Security – the Manager’s Guide”.

Register: http://asrc.com.au/publications/uncategorized/masterclass-4-bomb-safety-and-security-melbourne

Presenter: Donald S. Williams CPP RSecP ASecM MIExpE IABTI IAPS. Don is a recognised thought leader with over 100 published articles and papers. He was a bomb technician for 20 years, was the Bomb Risk Manager for the Sydney 2000 Olympics and Paralympics, for which he received the Olympic Order of Merit. He was the Defence Officer at the Australian Bomb Data Centre in the mid-

90’s. He is a member of the ASIS International, the Institute of Explosive Engineers, the International Association of Bomb Technicians and Investigators and the International Association of Protective Structures.

The ASRC Masterclass series enables managers and senior practitioners to meet with and discuss topics with subject matter experts.

Will the internet break in 2017?

By
John Bigelow
-

The size and impact of Internet attacks in the past few months highlights concerns about the Internet’s resilience and the ability of networks in general to handle the evolving threat landscape. Some pundits have suggested the entire Internet is likely to go down in 2017, so it’s essential for businesses to do their part to better secure the Internet and keep it available, according to Aleron.

Mark Wroniak, director, Aleron, said, “The WikiLeaks allegation that the CIA knew about but didn’t disclose several flaws in software from key providers seems to confirm fears that most internet-connected devices are at risk of being hacked. If the CIA can do it, then agents of other countries or organisations can do it also, creating potential vulnerabilities in devices from smart TVs to mobile phones.”

The distributed nature of the World Wide Web was originally designed to build resiliency into the Internet. However, now that so much of the Internet is hosted by so few companies, the Internet itself has become vulnerable to attacks.

“Companies like Google, Amazon and Microsoft host the lion’s share of the internet, creating a metaphorical black hole if they go down. The rollout of the nbn high-speed network across Australia potentially adds to the risk for local businesses because this super-fast internal network can effectively be used to attack Australia from within.”

On 1 March 2017, Amazon’s cloud storage service S3 began having high error rates, bringing down some of the world’s biggest sites and apps. This highlighted the potential for targeted attacks to bring the Internet down entirely.

Mark Wroniak said, “According to Amazon, Amazon S3 didn’t go down because of a deliberate attack but because of a typo by an engineer inputting a command. Imagine the impact of a targeted, coordinated attack on one or more of these major providers. We got a taste of this in 2016 when a distributed denial of service attack against Dyn brought down sites including Twitter, Pinterest, WhatsApp and more. Dyn is a DNS provider that translates web addresses into the numbers that computers need to point your browser to the right place. If it’s not working, it effectively renders the Internet useless.”

The Dyn attack was fuelled by Internet of Things devices, taking advantage of their typically low security to spread the attack. This highlights the importance of securing endpoint devices including IoT devices.

Mark Wroniak said, “If large swathes of the Internet go down, the ramifications won’t just be felt by people who can’t access their Internet banking or their Facebook page. It’s likely that the financial markets would take a hit and governments would need to work overtime to keep things like public transport on track. Mobile phone towers could be hacked, making communications challenging; Australia’s mobile phone network is unlikely to be able to cope with a massive surge in demand. Businesses would find it difficult to function with no email and no access to documents stored in the cloud.

“Businesses can take steps to protect themselves and the Internet from a catastrophic outage by distributing their services across multiple regions and, if possible, providers. Redundancy is the keyword. Having a single point of failure is never the recommended option. When just a few hours’ outage can cost companies millions of dollars, it becomes a significant threat to the business.

“Responsible business managers must insulate their organisations from this type of fallout. This means putting strong security measures in place as well as building in redundancy.”

Instinctive Security Technologies

By
John Bigelow
-

Contactless identification technologies are increasingly used in today’s world. The term refers to all technologies used to make smart objects that communicate with the world around them. Guy Pluvinage understood the importance of this up-and-coming technology when he founded STid in 1996. His deft intuition paid off, because STid, now managed by Vincent Dupart, has become a market leader in corporate security services. How has a French enterprise become the benchmark setter in an international market? We asked Vincent Dupart to explain.

The French company STid and its team of 40 employees focus their business on protecting people and business data. STid makes security a top priority and was the first access control reader manufacturer to be awarded First Level Security Certification by the French Network and Information Security Agency (ANSSI). But Vincent Dupart’s ambitions were bigger still, “By using technology to meet security requirements, you are addressing a primary need – ensuring that anyone going through a door is authorised for entry. But when you analyse all user needs, the solution also has to be scalable, interoperable and extremely easy to use.”

Employees use their access badges an average of 11 times a day and 98 percent of them feel that this is a burdensome activity. Times are changing though, and people should no longer have to fumble around at the bottom of a bag or remember to get their badge out every time. STid has developed a new contactless identification system where a person’s smartphone is his door key. “A technological revolution is underway, based on interconnected resources, shifting access control towards new uses and new devices. Smartphones offer new ways of interacting with access readers and resolve issues generated by increasing staff mobility,” adds CEO Dupart.

These social changes have led STid to draw on its experience to develop the STid Mobile ID solution. STid Mobile ID has been developed with RFID, NFC and Bluetooth Smart technologies, transferring an access badge to a smartphone, to work alongside or replace traditional badge technologies.

These days, everyone comes to work with their mobile phone. “[Mobile] phones have become an essential everyday item, with all of the freedoms and functions they offer. Using smartphones can help employees accept the company security policy, by making usage instinctive and user friendly,” explains Vincent Dupart.

The virtual badge offers a range of intuitive and easy-to-use methods that can be tailored to any situation. Hands-free mode can be used for identification without requiring any user action, or other methods implemented, such as double-tapping the phone (even in the user’s pocket), or raising a hand to the reader, even if one is already on a call. This solution is the most instinctive on the market and has won STid three technology prizes, including the Gold Trophy at the 2016 Security Awards. The future is bright for STid. Its ability to think out of the box has enabled it to offer these user-friendly innovations.

STid, a French champion

In a challenging economic climate, STid has held its own and developed. Success has been due to the team’s ability to anticipate future needs and innovate, along with its unique and clear market positioning. “Our partners have chosen to remain free by adopting open technology, leaving them fully independent and in control of their security,” explains Vincent Dupart. The figures speak volumes. In the mature and competitive access control market, which saw four percent growth in 2016, STid grew by more than 20 percent.

New frontiers for 2017

Given the company’s development plans, it does not look likely that STid’s growth will slow any time soon. According to the latest forecast from the Gartner technology research and advisory firm, 20 percent of organisations will be using smartphones instead of traditional access badges within the next three years. STid’s corporate strategy is ambitious, but the approach taken on the ground fits these goals. “We have focused on developing innovative, high-value products before starting to invest in international sales development. That now leaves us in a strong position to penetrate new markets.”

In 2017, STid is setting its sights on North America, among other key markets.

For more information, visit www.stid.com, email info@stid.com or phone 02 9274 8853.

Lessons From The Assassination Of A Russian Ambassador

By
Ami Toben
-

Assassination

On the evening of the 19th of December, 2016, the world was shocked as news started coming out about the assassination of the Russian ambassador to Turkey, Andrei Karlov. Karlov was shot from behind as he was delivering a speech at the Cagdas Sanat Merkezi centre for modern arts in Anka. The assassin, off-duty Turkish police officer Mevlüt Mert Altıntaş, showed his police credentials in order to appear like he was assigned as Karlov’s protection officer. He then got behind Karlov as he was delivering his speech and shot him a number of times. Altıntaş then made a number of religious and political statements, and was later shot and killed by police.

It is certainly not every day that an ambassador gets assassinated, much less one from a major world power. And the fact that the entire event was captured in such high-definition footage makes it all the more astounding. But why is paying attention to case studies of this sort so important?

For starters, it is very natural for people to focus all their attention on the attack itself, especially when there is such high-quality footage of it. But keep in mind that once the attack gets started, there is no longer much to learn about how it could have been prevented. Yes, there is certainly what to learn from a reactive sense, but from a proactive, preventive sense, the useful information being looked for is mostly to be found before an attack begins.

Many case study articles and seminars tend to miss this point and only concentrate on the attack and its aftermath. But case studies that do not reveal specific information about hostile planning and that subsequently have nothing to teach about how to potentially prevent hostile planning in the future, are not all that useful for those in charge of preventive security. Yes, they are fascinating, and yes, they are very useful for those in charge of reactive, force-on-force countermeasures. But for those in charge of prevention, always keep in mind that preventive security does not target the attack itself; it targets what comes before the attack. It targets hostile planning. It is therefore the hostile planning process that security need to concentrate on, understand how it works, locate its weaknesses and target it in order to prevent the next attack before it happens.

As the attempt is made to understand what exactly led up to this specific attack, it is important to remain patient. Security obviously want to learn what happened as quickly as they can so that they can implement the lessons from this case study, but it often takes quite a bit of time until vital information gets released (and keep in mind that neither the Turkish nor Russian authorities are known for their transparency).

Still, considering the little that is known, and what can be induced from the footage, there are a few preliminary conclusions that can be reached.

The first thing known is that many hostile plans involve various forms of intelligence collection – one of which coming from open sources (public information, media, various publications, and so on). Another piece of the puzzle is that it had been announced that Karlov would be attending, and speaking at, the Cagdas Sanat Merkezi centre for modern arts for the opening night of the Russia through Turks’ eyes exhibition.

This means that the information (or rather intelligence) about Karlov being in a specific location at a specific time had been made available in advance. Add this to what is known from case studies about open-sourced information collection and a pretty solid risk exists.

Now, risks of this sort should be expected, especially by diplomats whose very jobs largely consist of attending various events that are announced in advance. A diplomat, unlike a clandestine operator, is supposed to be a public figure. But this is why the abovementioned risk must be mitigated (as much as possible and/or desirable) by some type of protection program. And yet, another piece of the puzzle is that no physical protection operators were present around Karlov. This, along with the fact that Russian-Turkish relations have been strained for some time, and along with the risks to Russian interests due to their involvement in the Syrian civil war, meant that a substantial vulnerability had opened up – consisting of both hostile motives and hostile opportunity. The obvious conclusion here is that it was a mistake for the Russian ambassador to attend an event that had been announced in advance without any protection.

Lest this seem like hind-sighted, after-the-fact, armchair quarterbacking, from my experience with, in and around diplomatic security in the San Francisco Bay area (which is much less dangerous than Ankara these days), I can tell you that one of the parameters for deciding if a diplomat should have a protective detail at an event is if their presence at the event has been announced in advance. And if this is standard operating procedure in the San Francisco Bay area, it should definitely have also been the case in Ankara.

Now, just in case readers think that a protective detail would have not necessarily prevented an off-duty police officer, posing as an official police representative, from executing the attack, keep in mind that this is not the main lesson to learn here. Even if it is accepted the idea that a protective detail would not have prevented the attack (not that such a thing could be proved), it still does not negate the main lesson – that diplomats (especially ones in higher risk areas) should receive a protective detail if their presence at a specific location and time is announced in advance.

Remember, learning from case studies is not a retrospective game of what-if. The exact details of any attack, let alone the details of its planning, can never be completely copied and repeated. Instead, case studies are important opportunities to take actual (rather than theoretical) data and derive certain principles from them. Rather than concentrate on each detailed tree, try to take a wider angled view of the forest to learn important principles that can come into play in future events.

1...959697...132Page 96 of 132

Follow us on Instagram @securitysolutionsmedia

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

© 2020 Interactive Media Solutions Pty Ltd