Asia Pacific Security Magazine, Mar/Apr 2016 by MySecurity Marketplace

Print Post Approved PP255003/10110

THE REGIONâ&#x20AC;&#x2122;S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.asiapacificsecuritymagazine.com Mar/Apr 2016

Safe Cities

Ring of defence tatics to reduce hacking

New frontier for the globalisation of terrorism

Cyber security at sea

CANALYS Special Feature

Cloud and internet hacking on the rise

INNOVATION & SECURITY VERSUS

$8.95 INC. GST

1 | Asia Pacific Security Magazine

CYBER & TERROR ATTACKS

PLUS

TechTime l Cyber-TechTime Security Predictions 2016

CLIENT VIEWING Workstations/ Network Switches/ Service and Support

IP Video STORAGE solutions

THE DAWN OF A NEW ERA FOR SMALL PROJECTS

The Aurora Series are built to fill a void in the small project market: economically-driven, enterprise-class storage systems. They bring features never before seen in budget projects such as redundant power, multiple RAID sets, and server-grade CPU’s with 10000 PassMark ®ratings. High-end features, while maintaining the price points required for the small project market. The Aurora systems alter the landscape on video recorders - in price and performance. For more info visit bcdvideo.com or email peaceofmind@bcdvideo.com

SCALABLE SOLUTIONS Solutions that fit every need, from small retail to airports and casinos

Global

Over 17,000 deployments worldwide partnered with global on-site support.

2 | Asia Pacific Security Magazine

Guaranteed Calculations Follow our journey around the globe

BCDVideo’s calculations are guaranteed, so you never have to worry about project accuracy.

From the War Room to the Board Room, Huntsman速 Defence Grade Cyber Security Platform delivers: Advanced Threat Detection and Incident Response Continuous Compliance Serious Cyber Security ROI

Proven in the most secure and sensitive environments within the intelligence, defence and criminal justice networks across the 5 Eyes community. 3 | Asia Pacific Security Magazine

LEARN MORE TODAY 1300 135 897 huntsmansecurity.com

Contents Contents Editor's Desk Editor’s Desk Frontline Intenational Safe Cities - Uniting through Oceans Executive Editor / Director Executive Editor / Director Chris Cubbage Chris Cubbage Director / Co-founder Director / Co-founder David Matrai David Matrai Art Director Art Director Stefan Babij Stefan Babij Correspondents Correspondents Sarosh Bana Sarosh Bana Naomi Oakley Kema Johnson Tony Campbell CISSP

MARKETING MARKETING AND AND ADVERTISING ADVERTISING promoteme@australiansecuritymagazine.com.au promoteme@australiansecuritymagazine.com.au SUBSCRIPTIONS SUBSCRIPTIONS

TT||+61 +61886361 63611786 1786

subscriptions@mysecurity.com.au subscriptions@mysecurity.com.au Copyright Copyright©©2015 2015--My MySecurity SecurityMedia MediaPty PtyLtd Ltd 286 286Alexander AlexanderDrive, Drive,Dianella, Dianella,WA WA6059, 6059,Australia Australia TT| |+61 +61886465 64654732 4732 EE| |info@mysecurity.com.au info@mysecurity.com.au E:E:editor@australiansecuritymagazine.com.au editor@australiansecuritymagazine.com.au

All AllMaterial Materialappearing appearingininAustralian AustralianSecurity SecurityMagazine Magazineisis copyright. copyright.Reproduction Reproductionininwhole wholeororpart partisisnot notpermitted permitted without withoutpermission permissionininwriting writingfrom fromthe thepublisher. publisher.The Theviews views ofofcontributors contributorsare arenot notnecessarily necessarilythose thoseofofthe thepublisher. publisher. Professional Professionaladvice adviceshould shouldbe besought soughtbefore beforeapplying applyingthe the information informationtotoparticular particularcircumstances. circumstances.

3 5 244

Frontline Training in security programs Safe And Cities the answer is

6 147 16

Training security programs NationalinSecurity And We the mustanswer speak isup

178

National Security 2016 - 2020 insider’s reﬂection on aviation security We must speak upsurveillance Unmanned aerial for Australian border security

9 18 10 19

2016 - 2020 insider’s refl ection on aviation security Terrorism Unmanned aerial for Australian border security A new frontier forsurveillance the globalisation of terrorism

20 12

Terrorism Australia’s Jihadis ACanalys new frontier for the globalisation of terrorism Special Feature - Channels Forum

Page 4 - Safe Cities Page 14

15 22 16 25 22

Australia’s Jihadis 2016 Security Predictions Canalys Special Feature Channels Forum 2010 - 2016 Cyber Attack- Risk Vectors Security Predictions 2016 Cyber Security

30 24 36

2016 attacj risk vectors CyberCyber security at sea

36 26

Cyber Security Attacks on the internet and cloud will continue

Cyber security seatime’ and ‘intelligence’ collection. The illusion of at ‘real

40 30

Attacks on“ring the internet and cloud will strategy continueto reduce hacker theft Adopting of defence” licensing

42 32

Protecting from cybercollection. attacks The illusion critical of ‘realinfrastructure time’ and ‘intelligence’

34 44

How to build world news class infoSec workforce TechTime - thea latest and products

36 47

Protecting theReview enterprise Editor’s Book in a world of hackers

38 52

The every-day life of Australian information security practitioners

TechTime - the latest news and products

Editor’s Book Review

Page 12 - A new frontier for the Page 22 of terrorism globalisation

OUR NETWORK OUR NETWORK

Like us on Facebook and follow us on Twitter and LinkedIn. We post about new Like us on Facebook and follow us on issue releases, feature interviews, Twitter and LinkedIn. We post about new CONNECT CONNECT WITH WITH US US

Page 32 - Protecting the enterprise Page 42 of hackers in a world

events and other topical discussions. issue releases, feature interviews, events and other topical discussions.

www.facebook.com/apsmagazine www.facebook.com/apsmagazine www.twitter.com/apsmagazine www.twitter.com/apsmagazine www.linkedin.com/groups/Asia-Pacificwww.linkedin.com/groups/Asia-PaciﬁcSecurity-Magazine-3378566/about Security-Magazine-3378566/about

Correspondents* & Contributors

www.youtube.com/user/MySecurityAustralia www.youtube.com/user/MySecurityAustralia

www.asiapaciﬁcsecuritymagazine.com www.asiapacificsecuritymagazine.com

www.drasticnews.com www.drasticnews.com

Eric Flis

Anooshe Aisha Mushtaq

John Kendall

Tony Campbell*

Also with:

www.chieﬁt.me www.chiefit.me

Jane Embury Terry Flanders

Peter L. Lacey

www.youtube.com/user/ MySecurityAustralia www.youtube.com/user/ MySecurityAustralia |

www.cctvbuyersguide.com www.cctvbuyersguide.com

4 | Australian Security Magazine 4 | Asia Pacific Security Magazine

Benn Alp

Naomi Oakley*

Sarosh Bana*

Steve Beards

Shannon Sedgwick

Dr Jodie Siganto

Editor's Desk This is the future we seek in the Asia-Pacific—security, prosperity and dignity for all ... let there be no doubt: in the Asia-Pacific in the twenty-first century, the United States of America is all in.

- U.S. President Barack Obama, speech to the Australian parliament, November 2011

he rapid militarisation of the South China Sea by China in many respects brings about the completion of the jigsaw for global conflict, with the picture depicting the US and Western allies pitched against Russia, China and their allies, and then there is the Islamic State. It may well be time to be pessimistic if current military conflicts deteriorate any further. Since 2001, hundreds of thousands have died, in what has been 15 years of heavy fighting on a number of fronts - and the West has not been winning, despite early claims of victory. Less than six months after Australia’s newest Prime Minister Malcolm Turnbull declared there has never been a more exciting time to be alive, the Australian Government has released the Defence White Paper 2016 which declares ‘over the next two decades, we face greater security uncertainty and complexity, globally. “This should be underlined with recent warnings of a “new world war” from Russia’s Foreign Minister should the ceasefire process break down over Syria, and Australia’s Foreign Minister Julie Bishop holds ‘deeply worrying’ concerns over China’s militarisation in South East Asia. In the past 20 years, China and India have almost tripled their share of the global economy and increased their absolute economic size almost six times over. By 2025, the Asia Pacific region as a whole will account for almost half the world’s output. Many millions of people will have been lifted out of poverty. As the 2012 ‘Australia in the Asian Century White Paper’ declared “The transformation of the Asian region into the economic powerhouse of the world is not only unstoppable, it is gathering pace. In this century, the region in which we live will become home to most of the world’s middle class. Our region will be the world’s largest producer of goods and services and the largest consumer of them. History teaches us that as economic weight shifts, so does strategic weight. Thriving in the Asian century therefore requires our nation to have a clear plan to seize the economic opportunities that will flow and manage the strategic challenges that will arise. Our nation has benefited from Asia’s appetite for raw materials and energy. The challenge we must now address is how Australia can benefit from 5 | Asia Pacific Security Magazine

what Asia will need next.” However what Asia, or more specifically China may want next, may not fit with what the US and Australia is willing to give. Despite economic trade increases, the Asian arms race has also been steadily intensifying. Starting in 2011 the Philippine President warned a visiting Chinese Defence Minister of a possible arms race in the region if tensions worsened over disputes in the South China Sea. The Council on Foreign Relations provides a sobering update: China’s land development has profound security implications. Beijing has reclaimed more than 2,900 acres, since December 2013, more land than all other claimants combined in the past forty years. The potential to deploy aircraft, missiles, and missile defense systems to any of its constructed islands vastly boosts China’s power projection, extending its operational range south and east by as much as 1,000 kilometers. Despite extensive trade ties, the parties to the dispute could respond to a rise in tensions by imposing economic sanctions. In response to a Chinese action, for instance, the United States could sanction financial transactions, the movement of some goods and services, and even travel between the two countries. In retaliation, Beijing could bar U.S. exports and cut back on its extensive holdings of U.S. Treasuries. Claimants could also manipulate exports and relaunch boycotts of goods. Signals of such a response have already been seen. In terms of domestic and corporate security, supply chain risk assessments and management plans need to be reviewed and monitor the geopolitical environment closely. There are numerous scenarios of conflict that could play out in the region and ship restrictions or blockades in the South China Sea are possible if tensions increase and economic sanctions begin being applied. Retired Air Vice Marshall John Blackburn has warned Australia’s food, water and medicine distribution was entirely reliant on transport fuel and the supply operated on a “just in time” philosophy for the sake of logistical efficiency. Mr Blackburn has highlighted four of the country’s seven oil refineries have closed down in three years. “We’re heading towards 100 per cent import

dependency, but when the British were passing 40 per cent import dependency, they said they had a national security concern.” University of New South Wales Professor of International Security Alan Dupont has also agreed that Australia’s growing dependency on imported fuel was “obviously a vulnerability” with essential services likely to stop ‘within a week’ of disrupted supply. As an example of the potential domestic impact in Australia, the 2008 explosion at a processing plant on Varanus Island caused the sudden loss of almost 35% of gas supply to Western Australia and had immediate social impacts, as well as significant short and long-term economic effects. Many businesses were forced to curtail or cease operations, resulting in workers being stood down or forced to take annual leave, and the government requested that businesses and householders conserve energy usage. The Chamber of Commerce and Industry estimated the overall cost of the incident was around $6.7 billion and The Reserve Bank reported “the disruption reduced national GDP growth by around 0.25%, with the impact spread across two quarters. In 2016, the WA Government already finds itself perilously in debt and can ill afford an economic hit on a larger scale. Other Australian states and the Federal Government are in a similar financial position. Any rise in political or military tensions in the Asia Pacific is naturally going to have flow on effects and will not only be economic but social and industrial in nature. With some pessimism, if conditions deteriorate, there will be a corresponding and commiserate change needed in the domestic and corporate security postures across the region also – so best to buckle up! And on that note, as always, we provide some thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.

Yours sincerely,

2nd annual

SECUREaustralia 2016 15-17 March 2016 I Powerhouse Museum Sydney I Australia

Building organisational resilience to terrorism and critical security breaches Delivering key security experts including:

Johnnie Müller Head of Security Copenhagen International Airport

Darren Kane Chief Security Officer NBN Co

Dr. John Moss National Manager Operational Intelligence Australian Crime Commission

Neil Gaughan National Manager Counter Terrorism Australian Federal Police

Jason Brown National Security Director Thales

Frank Colley First Assistant Secretary Security and Vetting Service (CSO) Department of Defence

Sue Max Trent Burnard General Manager Event Security Lead & Venue Management Origin Energy ANZ Stadium

Mike Whitelaw General Manager, Critical Infrastructure & Security NSW Roads & Maritime Services

Craig Sheridan Former Superintendent Commander State Planning Unit, Major Events & Incidents Group NSW Police

Andre Bertrand Head of IT Risk and Security SEEK

Kate Drews Market Leader Property and Buildings - Defence, Aviation and Transport Security GHD

Claude Colasante Director Intelligence Australian Transaction Reports and Analysis Centre

Sean Haran National Security Manager Startrack

Dai Hockaday Business Continuity Manager Sydney Water

John Ferguson Assistant General Manager Operations and Sustainability Sydney Olympic Park Authority

Wayne Ronaldson, Co-owner, Riskoffensive Paul Burrow, Head of Customer eTrust and Change, The Information Security Office, ANZ Mathew Curtis, Chair, Australasian Council of Security Professionals Phil Kowalick, President, Australian Institute of Professional Intelligence Officers Michele Grossman, Director, Centre for Cultural Diversity and Wellbeing, Victoria University Mike Davies, Research Leader, Cyber Assurance and Operations, Defence Science and Technology Organisation

Luke Schibeci, Manager Safety Risk & Environment, Sydney Cricket & Sports Ground Trust Mark Stewart, Professor, University of Newcastle Julian Droogan, Senior Lecturer, Department of Policing, Intelligence and Counter Terrorism, Macquarie University Saso Virag, Security Architect, NEC Australia Don Williams, Advisory Board Member, Australia Security Research Centre Wayne Miller, Community Resilience Unit, VIC Department of Premier and Cabinet

Addressing the key challenges for today’s security leaders:

PLUS! Full day in-depth learning sessions on Thursday 17 March

Keeping up to date with the evolving threat environment and the challenges it brings Improving public – private cooperation to achieve better security outcomes for all Building cyber protection capabilities to detect and defend against cyber threats Creating risk mitigating strategies to improve security for critical infrastructure Developing a security culture and practices in an organisation in order to maximise resilience capabilities Reducing safety and security risks by improving community engagement strategies Addressing specific security approaches for complex mass gathering events and iconic buildings

In-depth Learning Session A:

Enhancing organisational security through technological innovation and strategic risk partnerships In-depth Learning Session B:

Tackling the enterprise cyber threat by developing information security strategies and capabilities

Download the conference brochure at www.questevents.com.au

Supporting bodies:

Media partners:

6 | Asia Pacific Security Magazine

+61 (0)2 9977 0565

Organised by:

+61 (0)2 9977 0567

info@questevents.com.au

www.questevents.com.au

PRESENTING THE 4TH ANNUAL

Police Technology Forum Innovation, Leadership, Design

22 â&#x20AC;&#x201C; 23 March 2016 | Hyatt Hotel, Canberra PRESENTATIONS FROM: Assistant Commissioner Pierre Perron, Chief Information Officer, Royal Canadian Mounted Police Superintendent Jevon McSkimming, Director Mobility and Innovation, New Zealand Police Commissioner Ian Stewart, Queensland Police Assistant Commissioner Doug Fryer APM, Road Policing Command, Victoria Police Assistant Commissioner Richard Cowling, Planning and Development, Tasmania Police Greg Bouwmeester, General Manager Solutions, Motorola Solutions David Dennis, Senior Business Development Manager, Hexagon Safety and Infrastructure John Labou, Chief information Officer, Northern Territory Police, Fire and Emergency Services Lee Walton, Chief Information Officer, CrimTrac Professor Clive Williams MG, Visiting Fellow Strategic Defence Studies Centre, Australian National University Mark Skidmore AM, Director Aviation Safety, Civil Aviation Safety Authority

GOLD SPONSOR:

PLATINUM SPONSOR:

Dr Adam Molnar, Lecturer in Criminology, Deakin University, Board Member, Australian Privacy Foundation CONFERENCE SUPPORTERS:

MEDIA PARTNERS:

www.informa.com.au/ptech16 7 | Asia Pacific Security Magazine

LUNCH SPONSOR:

COFFEE CART SPONSOR:

DISASTER &

EMERGENCY

MANAGEMENT

Australian & New Zealand

Disaster and Emergency Management Conference 30 - 31 May 2016 I Jupiters Hotel, Gold Coast

anzdmc.com.au The Conference theme ‘EARTH, FIRE and RAIN’ will continue to examine issues that impact preparedness, resilience, response and capability.

The program will provide all participants with an opportunity to contribute, learn and network with peers. It will examine the lessons learnt from recent national and international events and provide a comprehensive forum to examine the expertise, competencies and systems relating to our preparedness and response. The Conference Program will include an extensive range of topics with Keynotes, Concurrent Sessions, Case Studies, Panel Discussions and Poster Presentations. TOPICS WILL INCLUDE:

• Consequence Management - from Preparation to Business Continuity

• International Response to Disasters

• Crisis Leadership

• The Recovery Process

• Psycho-Social Implications of Disaster Management

• Understanding and Enhancing Resilience

• Emerging Technology and Capability Needs

• Volunteers in Emergencies

• Urban Search and Rescue

bushfire&natural HAZARDS CRC

8 | Asia Pacific Security Magazine

Ju 1 pi Ju te n rs e 2 ,G 0 ol 16 d Co as t

The 2016 Australian & New Zealand Search and Rescue Conference (SAR16) will continue to provide a platform of discussion that began in 2015 for the Search and Rescue Community. The Conference aims to tackle the issues and challenges while continuing the support of professional development in new training, techniques and requirements of Search and Rescue. The Committee will design the program to cover a range of topics varying from Water to Land to Air and Mining SAR missions. As the only trans-tasman multi-sector SAR Conference, this event allows the chance for all organisations and SAR workers to come together and continue our understanding of development in the SAR sector. CONFERENCE FORUMS INCLUDE: 1. Technology and Operations How are advancements in technology changing the way SAR operations are conducted? 2. Training How do we ensure that people are appropriately trained and have the right skills for all different aspects of SAR? 3. Organisation How do we enhance the interconnectedness between multiple SAR agencies to coordinate the most effective SAR response? 4. Working with Stakeholders Lost Person Behaviour (Mental Health), Crisis Management and Communication Strategies

www.sar.anzdmc.com.au 9 | Asia Pacific Security Magazine

International

Uniting through oceans

B By Sarosh Bana Correspondent

10 | Asia Pacific Security Magazine

olstered by its mighty surface, undersea and aerial capabilities, India’s blue water navy staged a spectacular maritime pageant off the eastern seaboard as it hosted its International Fleet Review (IFR) 2016 that was stunning in scale and turnout. Fifty countries ranging from the United States, United Kingdom, Germany, France, China, Russia, Australia and Japan to Iran, Israel, Mauritius, Myanmar, Somalia and even landlocked Turkmenistan participated in this landmark event that was held by the Indian Navy at the port city and Eastern Naval Command (ENC) base of Visakhapatnam from 4 to 8 February 2016. Twenty-four foreign warships and 75 of the Indian Navy, including three submarines, as also two ships from the Indian Coast Guard (CG) and three from mercantile marine, were at anchorage in six columns for review by President Pranab Mukherjee, who is also Supreme Commander of India’s armed forces. In attendance were Prime Minister Narendra Modi, Defence Minister Manohar Parrikar, and the state Governor and Chief Minister. So were 22 navy chiefs, including the host Chief of the Naval Staff (CNS), Admiral Rabindra Kumar “Robin” Dhowan, as also 27 heads of delegations, apart from over 4,000 international naval officers and men. The review concluded with a fly-past by the Naval Air Arm and a daring display by Marine Commandos (Marcos). The fly-past by 15 formations of 45 aircraft, including two CG formations, showcased the latest acquisitions of the Indian Navy such

as the Russian-built MiG 29K and AEW helicopter Ka31, and the U.S.-made Long Range Maritime Reconnaissance aircraft P8I. “The sheer number of navies represented from across the globe is an endorsement and recognition of India’s emerging status as a major naval power,” said Dhowan. “The event allows the host nation an occasion to display its maritime capabilities and the ‘bridges of friendship’ and trust it has built with other maritime nations.” As fulfillment of its assigned military, diplomatic, constabulary and benign roles, the Indian Navy regularly conducts joint exercises with other navies at their shores or in Indian waters, embarks ships on goodwill missions that call on navies internationally, and lends ships for peacekeeping and anti-piracy operations from the Horn of Africa to the Malacca Straits. Indian warships have besides assisted in evacuating the embattled from the war zones of Yemen (Operation Rahat in 2015), Libya (Operation Safe Homecoming in 2011), Lebanon (Operation Sukoon in 2006), and the Maldives (Operation Cactus in 1988), apart from moving out victims of national disasters as the Gujarat earthquake in 2001 and the tsunami at the eastern coast in 2004. The country has also gifted or sold several warships, new and used, and occasionally also maritime patrol aircraft, to smaller nations such as the Maldives, Seychelles, Mauritius, Vietnam, Sri Lanka and Bangladesh. India’s vast coastline of 7,615 km abuts onto the Arabian Sea, Bay of Bengal and the Indian Ocean, and

International one of its island enclaves, Andaman & Nicobar, is closer to Myanmar and Thailand than to the Indian mainland. With 66 per cent of global oil, 50 per cent of global container traffic and 33 per cent of global cargo trade passing through the Indian Ocean Region (IOR), that stretches from the Persian Gulf to the west to the Malacca Straits in the east, the India Navy has a vital responsibility in ensuring the safety and security in keeping sea lines open to global maritime movement. Noting that navies the world over conduct fleet reviews to symbolise their loyalty and allegiance to the nation, and to strengthen bonds between sailors and the state, President Mukherjee said IFR 2016 did all this and more. Addressing the Fleet during the Review, he observed that IFR 2016, while showcasing the prowess of the Indian Navy, had brought together navies from across the globe to Indian shores, underlining a common desire to use the seas to promote peace, cooperation and friendship, as also to develop partnerships for a secure maritime future. Of the 27 visiting heads of navy was Australia’s Vice Admiral Tim Barrett, who led his sizeable contingent that had steamed in on HMAS Darwin. The 4,200 tonne long-range escort frigate’s roles include area air defence, anti-submarine warfare, surveillance, reconnaissance and interdiction. “The Indian Navy and Royal Australian Navy have a proud history of partnership and this cooperation continues to grow and includes trips by Indian Navy ships to Australia, joint membership in the Indian Ocean Naval Symposium and recent Royal Australian Navy participation in exercises with the Eastern Fleet,” said Commander Phillip Henry, Darwin’s commanding officer. “Events like this IFR help foster understanding and mutual support.” Darwin’s crew was visibly impressed to see the vast array of warships anchored in formation off the Visakhapatnam coast as it sailed into the harbour. With their camaraderie, the crew and the naval band endeared themselves with the Indian crowds and audiences. Vice Admiral Barrett also met Prime Minister Modi during the event. HMAS Darwin was to sail onward to the Middle East after the IFR as part of Operation Manitou, Canberra’s contribution to the international effort to promote maritime security, stability and prosperity in the Middle East. It will relieve sister ship HMAS Melbourne, which completed her rotation and was returning to her home port of Sydney. IFR 2016 was only the second international review ever conducted in India, the first having been organised by the WNC in Mumbai in February 2001 in the presence of then President, K.R. Narayanan. It had elicited a turnout of 29 foreign and 60 Indian warships. There have besides been nine Presidential Fleet Reviews since India’s Independence in 1947, the first such having been held in 1953 and the last, in 2011. By their nomenclature, these have been national rather than international exercises. ‘United through Oceans’ was the motto and underlying theme of the IFR, signifying that while the world was divided by geography, it was unified by the seas. There was repeated emphasis that oceans were the great blue ‘commons’ that not only linked the global community, but granted it unfettered access. “IFR 2016 has enabled us to join hands and work together to secure our seas for the

11 | Asia Pacific Security Magazine

"India’s vast coastline of 7,615 km abuts onto the Arabian Sea, Bay of Bengal and the Indian Ocean, and one of its island enclaves, Andaman & Nicobar, is closer to Myanmar and Thailand than to the Indian mainland. With 66 per cent of global oil, 50 per cent of global container traffic and 33 per cent of global cargo trade passing through the Indian Ocean Region" greater good of humanity and the world,” the President maintained. This need was reiterated by speakers at the concurrent two-day International Maritime Conference, on the theme Partnering together for a secure maritime future. There were concerns over sea-borne terrorism, piracy, smuggling of arms and drugs, and immigrants, across the seas, and the security challenges in the East and South China Seas where China has maritime disputes with many of its neighbours in the littoral. In his presentation, Prof. Ye Hailin of Beijing’s Chinese Academy of Social Sciences, saw this “dispute” escalating as competitive issues got emphasised instead of cooperative solutions. “It is argued that given the overlap among the actions and policies of parties, the situation in the SCS [South China Sea] may deteriorate with the possible risk of serious conflict due to collision of differing interests,” he warned. The return of Asia-Pacific to the centre of world affairs is the great power shift of the 21st century. With this economically integrated region traversed by half the world’s commercial shipping worth $5 trillion of trade a year, the participating navies deemed it imperative to secure the regional Sea Lines of Communication (SLOC) that are critical to the survival of the entire Asia-Pacific community.

International

The Indian Navy is mindful of Washington’s keenness to check Beijing’s growing maritime assertion and its looking to India as the power that can tilt the strategic balance. Ultimately, all three countries will define the strategic nature of maritime influence. India has emerged as the regional superpower and views the IOR, which it dominates, as its theatre of influence, just as China is seeking a similar role in the Western Pacific. Though India has no disputes in the IOR, its navy already maintains a stronger force, on conventional warfare, than Russia, France or the UK, and is poised to emerge as the third strongest, after the US and China, in the coming years. It is in this context that IFR 2016 gained importance, with 50 nations joining it in an acknowledgment of India’s emergence as a maritime power, and by extension, its role and importance in international geo-politics. Apart from a vast fleet that includes two aircraft carriers, 10 destroyers, 15 frigates, one nuclear-propelled submarine and eight dieselelectric submarines, the Indian Navy has 41 ships on order from Indian yards at a combined cost of Rs1,08,761 crore (about $16 billion). It is again in this context that India and the U.S. are exploring the joint development of India’s next-generation aircraft carrier that will have combat capabilities superior to its Chinese counterparts’. The visiting Chief of U.S. Naval Operations, Adm. John Richardson, said talks on this, potentially the biggest military collaboration between the two countries, were progressing well and ranged from its design to construction. The joint working group on the project is meeting in New Delhi later in February to take this forward. “Today, U.S.-India defence ties are strong and continue to grow stronger with each passing engagement,” said Richardson. “We are two countries with similar values -

12 | Asia Pacific Security Magazine

democratic governments, civilian control of the military and all volunteer forces, and there is much that binds our nations and navies together.” Representing the U.S. Navy at the IFR were the Ticonderoga Class guided missile cruiser, USS Antietam, and the Arleigh Burke Class guided missile destroyer, USS McCampbell. “A central line of effort is to expand and strengthen our network of partners and the visit to India and interactions with Indian and other navy leaders help deepen relationships and expand shared maritime interests,” Richardson remarked. “We value like-minded partner countries like India, as a close, continuing and expanding partnership is important for security and stability in Asia and for effectively managing Indian Ocean security in the 21st century.” Lt Cdr T. Öwezgulyýew, Vice Chief of the Turkmenistan Naval Staff, said his landlocked navy, essentially a compact flotilla of patrol boats, safeguards its waters in the Caspian Sea, which is variously classed as the world’s largest lake or a full-fledged sea. A landlocked navy is that operated by a country bereft of a coastline. The Caspian states are Turkmenistan, Azerbaijan, Russia, Kazakhstan and Iran and in 1993, the former Soviet Union’s Caspian Sea Flotilla was divided among the first four states. The Caspian states have to deal with the challenges of drug smuggling, the ‘sea’ having become a transit route for narcotics coming from Afghanistan, human trafficking, cross border crime, extremism and terrorism. All this is confounded by the fact that maritime borders are not yet settled between them and they have differing views on how ownership should be divided. Struck by the maritime power of the Indian Navy, Öwezgulyýew said bilateral partnership will need to be

International

heightened with construction launched last December on the TAPI pipeline running 1,814 km from Turkmenistan through Afghanistan and Pakistan all the way to Fazilka in Punjab, India. This route, especially through Afghanistan and Balochistan in Pakistan, is fraught with peril. Militant groups like the Taliban and Islamic Movement of Uzbekistan had briefly captured villages on Turkmenistan’s borders in 2015. The pipeline, estimated to cost $10 billion and to be functional by 2019, will carry 33 billion cu m of gas from southern Turkmenistan. In Indian fleet reviews, the President’s yacht steams past an impressive array of ships of both the Indian and merchant navies and the Coast Guard, while reviews held by some other navies have ships sailing past the reviewing yacht or ship. The Royal Navy, from whom the Indian Navy has inherited much of its customs, dates its first Review to 1415 when Henry V – King of England from 1413 to 1422 - inspected his fleet before embarking for war with France. It was also an occasion, perhaps the only one, when the ruler or sovereign appeared before the sailors as symbol of his country to strengthen the bond between Lord and subject. A fleet review is a long-standing tradition followed by various navies and is a grand occasion when every operational ship is spruced up, proudly displaying its crest and company. It was perhaps conceived as a show of naval might or an inspection of readiness for battle at sea,

while later reviews were celebratory demonstrations for victories in battle, for a coronation or a royal visit. Reviews today entail parading of warships without any belligerent intentions. Indian Navy ships have often sailed across the seas to participate in fleet reviews of friendly nations. While India’s maritime traditions hark back to the Vedic times (1500 – 500 BC), its earliest recorded fleet review was in the 18th century by the powerful Maratha fleet off the Ratnagiri fort on the west coast. A highlight of IFR 2016 was the Operational Demonstration and International City Parade at the Visakhapatnam waterfront in the presence of the Prime Minister. Several warships, submarines, aircraft and squads of Marcos displayed the multidimensional operational tasks of the various arms of the Indian Navy. The city parade had marching and military band contingents from the visiting navies and the three Indian services, replete with floats and dances. The parade was followed by illumination of ships and pyrotechnics, culminating in a light and sound show.

The Region’s Leading Government and Corporate Security Portals Print Post Approved PP255003/10110

THE REGIONS’ LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.asiapacificsecuritymagazine.com Aug/Sep 2014

CIOs, IT Leaders and decision makers • Big data • Communications • Cloud computing • Technology systems • Interviews with industry thought leaders

DRONES

plus much more.

TechTime | Movers & Shakers | Women in Security and much more...

For more information and to subscribe visit: www.australiansecuritymagazine.com.au | www.asiapacificsecuritymagazine.com

13 | Asia Pacific Security Magazine

Frontline

Safe Cities by 2050, about 70% of the world’s population is expected to live in towns and cities.

By Jane Embury Wrightstyle

4 | Australian Security Magazine 14 | Asia Pacific Security Magazine

e increasingly live and work in them. But how safe are our cities, and what does the future hold for them and for us? Jane Embury, of Wrightstyle the company’s marketing director, discusses our growing love affair with cities, and the new kinds of threat they face. According to the UN, more than half of the world’s population lives in urban areas and, by 2050, about 70% of the world’s population is expected to live in towns and cities. The current level of urbanisation ranges from 82% of the population in North America to 40% in Africa, according to the Economist Intelligence Unit, in their Safe Cities Index 2015. Every day, over 187,000 people become city dwellers, posing enormous challenges to basic infrastructure such as water, sanitation and transport. The urban trend reflects both population and economic growth. In 1950, New York was the world’s first megacity, defined as having a population of more than 10 million people. Now there are more than 20 megacities and, by 2025, New York is likely to have dropped to sixth on the list – behind Tokyo, Delhi, Shanghai, Mumbai, and Mexico City. It’s an urban trend that, the Economist notes, is being repeated the world over. For example Lagos, the most populous city in Nigeria, is expected to double in size over the next 15 years. However, it’s not a trend that can be applied to every city, as the UN’s latest World Urbanisation Prospects study underlines. For example, Seoul, the capital of South Korea, has shrunk by 800,000 since 1990. There are also wide country-by-country variations. Bahrain and Australia have urbanisation rates of well over 80%, while Bangladesh has a low rate of 34.3% and

Cambodia 20.7%. However, the Economist report debunks the myth that population size and public safety are inexorably linked. New York, which had a homicide rate of 2,245 in 1990 – six murders a day – had a homicide rate of 335 in 2013, while piling in an addition one million inhabitants. But personal safety is only just one aspect of what makes a city “safe.” The Economist Intelligence Unit Safe Cities Index summaries the primary issues as being digital security, health security, infrastructure safety and personal safety. Stitching the Index’s main findings together, the world’s most populous city, Tokyo, is also the safest – despite being in an earthquake zone. Unsurprisingly, cities in the developed world tend to be “safer” with those in the developing world less “safe.” That said, wealth is no guarantee of urban safety. Four out of five cities on the Index in the Middle East, while considered high income, do not feature in the top half of the Index. US cities come out well in digital security, with New York leading the way. Underlining the importance of technology, the report notes that the smartest cities use data to monitor the real world – for example, helping to prevent crime or the spread of disease. In North America, Toronto and New York come out top; in Europe, Stockholm and Amsterdam; in Asia, Tokyo and Singapore; and in the Middle East, Abu Dhabi and Doha. Baghdad is ranked as the most risky city in the world. Two other Iraqi cities, Mosul and Ramadi, are second and third. Most cities classed as being at “extreme risk” are in the Middle East. However, it’s not enough simply to live in a statistically safe place. What’s important is how safe we actually feel

Frontline

‘Every day, over 187,000 people become city dwellers, posing enormous challenges to basic infrastructure such as water, sanitation and transport..’ – whether travelling on public transport or simply walking down a street at night. The challenge for cities globally is to address the myriad issues that do actually impact on public safety, while addressing the very real perceptions – or misconceptions – that a city’s population may have. It’s a Big Brother approach to urban safety that’s being driven by advances in “Big Data” – the ability of city authorities to harvest vast amounts of seeminglyunconnected information in real time from, among others, traffic management systems, utility companies and emergency services, and to predict where problems are likely to occur. All that has to be set against a backdrop of growing population size with all its negative impacts on infrastructure – and monitored against risk factors that may be wholly unpredictable: from natural disaster to terrorism, from civil unrest to criminality, and from economic downturn to pandemic. Urban safety is also about the design and layout of our streets, transport systems and the buildings in which we live and work. That design-led approach was given fresh impetus after 9/11, with greater imperative given to vertical escape routes (including lifts), more effective sprinkler systems, and better fire fighter access. Not least, around the world, it’s led to a better understanding of the importance of compartmentation – the ways in which fire, accidental or terrorism-related, can be contained at source and not allowed to spread unchecked to other parts of a building. It’s not just about the human cost of getting things wrong. Cities contribute up to 85% of gross national product (GNP) in high-income countries, and generate a large proportion of government tax revenue. What happens in a major city can therefore have far-reaching consequences for everyone. We now live in a new urban age, with new complexities and an ever-shifting range of threats. Mitigating against those threats, and building resilience into city infrastructure, is perhaps the greatest challenge facing municipal authorities – and a challenge for everyone who works in the built environment. About Wrightstyle A leading European supplier of advanced steel and aluminium glazing systems, supplying fire and blast resistant systems worldwide. Steel and aluminium glazing systems designed to resist the blast pressure of a lorry bomb or stop fire and toxic gases for up to two hours. To read more about Wrightstyle visit www.wrightstyle.co.uk Perth City’s new Elizabeth Quay

15 | Asia Pacific Security Magazine

Australian Security Magazine | 5

Frontline

Training in security programs in Australia ASQA review determines inconsistent licensing arrangements are driving distortions in where training is occurring, compared to where the jobs are and potentially compromising public safety. ASQA has reported to the Minister for Vocational Education and Skills following a strategic review into security training. The review was conducted in response to concerns raised in successive reports by Coroners investigating the deaths of patrons during or as a result of restraint or intervention by security personnel in the course of incident control, particularly around licensed premises. As at 1 June 2015, there were 121 ASQA-regulated RTOs registered to deliver either the Certificate II or Certificate III in Security Operations. These qualifications were the focus of review. Of the 67 RTOs audited, the majority of those offering security training were not fully compliant at the initial audit, with over 80 per cent not compliant with at least one of the national training standards. It is not surprising then that security services have been the subject of significant public scrutiny. “The coroners’ reports raise significant public safety issues and suggest that a number of training and assessment issues are potentially contributing factors to fatalities. The coroners’ findings, together with ongoing stakeholder feedback, indicate that concerns about the security industry, including about the adequacy of training, have been longstanding and persistent.” The review found that inconsistent licensing requirements across states and territories, coupled with inadequate specificity in training packages, is leading to poor quality training and assessment being provided by RTOs, and posing fundamental challenges to ensuring high-quality licensed security personnel across the country.

6 | Australian Security Magazine 16 | Asia Pacific Security Magazine

KEY FINDINGS •

•

• •

•

Coroners in several jurisdictions have expressed concerns over public safety given poor training for security personnel. Despite the decision of Australian Governments in July 2008 to harmonise job skills requirements for the security industry, this is yet to occur. The operation of the Mutual Recognition scheme allows RTOs and students to avoid increased state-based licensing requirements by obtaining their licenses in other states and then having those licenses recognised in their home state. Inconsistent licensing requirements across states and territories, lack of specification in the training package, and inadequate content in qualifications are key issues to be addressed. Training courses are generally very short and do not allow sufficient time for the development and assessment of skills and knowledge. Almost no assessment is being conducted in the workplace. There is evidence of learners with inadequate levels of language, literacy and numeracy skills to undertake security qualifications or to work in the industry. There is a deficiency in the training package, in that it does not explicitly address the risks and dangers of restraints and the safe use of restraint techniques. The qualifications required for unarmed security guards and crowd controllers need to be accurately aligned to the job roles. More strategic engagement between ASQA and the licensing authorities would assist in identifying providers of concern that require greater regulatory scrutiny

The report can be obtained at www.asqa.gov.au

Corporate Manslaughter Review - Frontline

And the answer is…

n March 2012, the Asia Pacific Security Magazine published an article, ‘Could you be a corporate killer?’ This question was answered in the affirmative, when two years later, on 7 March 2014, a South Australian truck driver employed by Colbert Transport Pty Ltd was killed when the brakes on his truck failed. In the 2012 article, I spoke of history and foresight leading inexplicably to an end event. The article also raised questions surrounding corporate due diligence and what I call the ‘Sergeant Schultz defence’. Sergeant Schultz used ignorance as a shield to avoid liability. So did Peter Colbert the Managing Director of Colbert Transport Pty Ltd. On 21 August 2015 Mr. Colbert was sentenced to ten years imprisonment for the manslaughter of his driver after being found guilty at trial. In the Colbert matter the evidence was that Mr. Colbert had known that the brakes on the truck in which the driver was killed were faulty. This had been reported to him on a number of occasions, yet Mr. Colbert did not retire the vehicle from the fleet, nor did he have the brakes repaired so that it was roadworthy. In reading the transcript of the Court case I was struck by how similar the scenario was to other workplace fatalities. In fact, in October 2013 a Cootes Transport fuel tanker crashed into stationary vehicles at Mona Vale. The resulting collision and fire killed two motorists and injured five others. In this matter the 47 year old driver was charged with a number of offences including dangerous and negligent driving occasioning death. The prosecution in this matter have alleged that speed was a factor in the petrol tanker collision but the tankers brakes were also found to be faulty. Later an inspection of Cootes Transport vehicles showed that many of them had deficiencies, including defects. Shortly after the petrol tanker crash, Cootes Transport vehicles were inspected in different States of Australia, not just New South Wales. Would there be anyone in the Transport Industry that was not aware of what was happening? Yet, less than six month later history repeats itself. There is clearly a similarity between the two collisions. Both involved failure of (mobile) plant or equipment. Policies and procedures (maintenance) were not followed. People were killed. Both matters were investigated by Police and not Work Cover Authorities and criminal charges were laid. What is interesting to note when comparing both matters is the focus of the different police investigations. In the Cootes Transport matter the criminal investigation was

17 | Asia Pacific Security Magazine

directed at the driver not the senior executives in charge of the company. Clearly in the Colbert Transport matter the senior executive was the focus of the investigation and not the driver who was killed. Why is this so? The short answer is that it is very difficult at law to show that a company has a guilty mind. Remember James Hardie? So the direct handson approach to business shown by Mr. Colbert would seem to have increased his risk of criminal liability as he was the ultimate corporate decision maker who decided not to act. In 1949 Edwin Sutherland an American Sociologist published an article that caused people to look more closely at the actions of corporate citizens that hide behind the corporate veil, and engage in what could be considered criminal activities. So the concept of white collar crime was born. It was some time before the legislators acted on this concept but nowadays the term white collar criminal has meaning that comes with conviction. If you analyse workplace fatalities there is always a similar pattern in the background behind the incident. The Court system isn’t interested in patterns, just lineal causality. So it is that invariably the judicial process only treats the cause and not the symptoms. Patterns highlight symptoms that in themselves are a manifestation of something more malevolent and less well defined. In both fatalities trucks were not properly maintained. While Colbert Transport failed to maintain one truck, Cootes Transport had many more. In both cases companies poor vehicle maintenance could be said to have been normalised over time. Focus only on the collisions, and you may attribute blame on the drivers. Now step back and consider maintenance, company monitoring or reviewing processes, incident reporting or complaint handling. All the administrative aspects behind the collisions that form safe systems of work and promote organisational learning. Now take another step back and think about the management style that would not support vehicle maintenance allowing unroadworthy heavy vehicles on the road. Management style is also known as corporate culture. A toxic corporate culture can usually be assessed by the high number of workplace injuries and high staff turnover. It took time for the concept of white collar crime to be generally accepted. Does the Colbert Transport matter herald a turning point in the health and safety space? A new type of white collar crime for a new type of criminal known as the corporate killer. I think it does, what do you think?

By Terry Flanders

Australian Security Magazine | 7

National Security

We must speak up

S By Naomi Oakley Correspondent

8 | Australian Security Magazine 18 | Asia Pacific Security Magazine

exual Harassment is alive and well within the security industry today. As a woman who has come from one male dominated workplace to another, (VICPOL to the security industry), I believe that I can assist in creating more awareness and driving much needed change. The following statistics from a 2008 survey indicate that sexual harassment continues to be a problem, despite some improvement since 2003, and that more action is required. The survey found that 22% of women and 5% of men aged 18-64 have experienced sexual harassment in the workplace in their lifetime, compared to 28% of women and 7% of men in 2003. Around one in three women in Australia aged 18-64 have experienced sexual harassment in their lifetime. The majority of sexual harassment continues to be experienced in the workplace (65%). Nearly half of those who have been sexually harassed in the last five years report that it has also happened to someone else in the same workplace. Over one in ten Australians have witnessed sexual harassment in the workplace in the last five years. In the last five years, 4% of Australians have experienced sexual harassment in the workplace, compared to 11% in 2003. After conducting extensive on-line research I have established the lack of face-to-face programs available within the security industry in regards to this topic. Therefore I am currently liaising with a registered training organization, AuSAFE, (Australian Security and First Aid Education), with the aim to provide face-to-face Sexual Harassment Awareness programs to ensure employees have a better understanding as to what constitutes sexual harassment and companies show initiative and promote a zero tolerance to sexual harassment.

An article in The Age recently highlighted the lack of training in sex harassment for security at entertainment and music venues. Interestingly, after the article was published, a number of women within the security industry contacted me to tell me about sexual harassment incidents that they were experiencing at work on a daily basis. These included: Male workers reading porno magazines in armored vehicles in the presence of female workers; Male security ‘hitting on them’ at work or ‘hitting on’ patrons. Dirty jokes and constant smut talk (including Email and SMS). Magazines with sexual content left on tables in staff areas. Clearly, these kinds of behaviours should not be happening in 2015, in a society that is working to provide higher participation rates for women at work and greater safety for women in general. The awarding of Rosie Batty as Australian of the Year 2015 put domestic violence, particularly male violence towards women and children, in the spotlight. Perhaps this is an indication that in Australia, we’re finally beginning to understand the impact that domestic and family violence can have on those who experience it. But, as former Sex Discrimination Commissioner, Elizabeth Broderick stated, in an interview with Women’s Agenda: “All too often we don’t think in the same way about sexual harassment. We think the person crossing the line didn’t mean any harm, or say to ourselves ‘he’s just like that – don’t take it personally. She goes on to say that ‘…every day the courageous people who stand up and speak out when they see harassment at work are accused of not being able to take a joke, and derided as ‘too PC’.’ ‘But – as all of us know – sexual harassment isn’t a joke and it does have a serious impact on those who experience it.’

Aviation Security

‘Plane grounded in Poland after bomb threat hoax’ ‘Egypt crash to spur demand for strict aviation security’ ‘Security shows xray of bullets in passenger luggage’

2016 - 2020 insider’s reflection on aviation security

s 2015 came to a close, the media was awash with a series of devastating and deeply concerning events, ranging from the terrible events that led to the Metrojet crash near Sharm-elSheihk to the attacks in Paris, and most recently, the evacuation of an Air France jet after a suspicious item was found. With heightened security across Europe, Redline Assured Security have seen a huge increase in enquiries, and are making constant updates to their services in line with recent developments. Jim Termini, Director and former pilot, discussed the events and the changes which must be made for global security today. According to Termini, the recent attacks have highlighted a number of disparities in security standards across the globe. “If we can get everyone to the same standard that would be a massive bonus – at the moment there is a huge disparity of standards between the EU, US and some other countries,” he says. With that in mind, Termini advises that in order to guarantee high quality security standards, we need to understand risk. “Threat isn’t something we own – it’s owned by the would-be attacker. We own the vulnerabilities, so the risk is a combination of the threat and vulnerabilities. We need to close down vulnerabilities which could be exploited by the attacker.” These key principles are something which Termini is keen to exercise across the whole business, which has recently expanded into events, CNI, corporate and cyber security fields. Of course, within each sector, some threats are graver than others, and Termini advises there are a number of dangers we should look out for across each one of them.

19 | Asia Pacific Security Magazine

“For aviation security, the biggest threat is the insider threat – someone who has passed background checks but later becomes radicalised. There are behavioural markers which can be used to great effect to mitigate this.” Meanwhile, for the corporate and CNI sectors, Termini identifies the ‘lone wolf’ or copycat attacker as the biggest threat. “The recent attack at Leytonstone station was a good example of that – someone who may or may not be known to the authorities, who has become radicalised. “We cannot stop that from happening, but we can use robust procedures to deal with it effectively.” With large events coming up such as UEFA Euro 2016 Termini advises that overt security is the best way to deter an attacker. “Armed police, bag and body searches and CCTV are all good deterrents. If you think back to the Olympics, there were even soldiers being used for security.” While Redline Assured Security are still working on their cyber security offering, the team have already begun expanding their product range in line with recent attacks. “When we had the alleged bomb plan from Sharm el-Sheikh, we updated our training products, so that in the event of copycat use, operators and screeners would have a better chance of recognising a potentially dangerous device.” Termini acknowledged that financial constraints have slowed the development of some threat-mitigating technology. “As an example, we’re only now getting to grips with effective technology that can deal with liquid explosives. The liquid bomb plot was in 2006.”

Australian Security Magazine | 9

National security

The future of unmanned aerial surveillance for Australian border security By Peter L. Lacey

ustralia has always had to contend with an enduring border security dilemma: over 59,000km of coastline borders, only a fraction of which is populated and subject to natural surveillance. The Gillard government’s 2013 National Security Strategy specifically referred to border security as a critical component of Australia’s national security. The Commonwealth government now intends to deploy unmanned surveillance drones as a means of more effectively coping with the security risks inherent in our borders. Although the drones will be operated by the RAAF as military aircraft, the intention is that they will be used to support the newly-reformed Australian Border Force’s operations at the border. Compared to the United States and United Kingdom, Australia has been slow to adopt drones for military and security operations. The planned acquisition of the new drones presents an opportunity for Australia to develop both capability for and confidence in drones for domestic security operations. The drone acquisitions The acquisitions are linked to the Defence Capability Plan (DCP) established back in 2012. Up to now, Australia has relied on a fleet of 18 P-3 Orion maritime surveillance aircraft to support border surveillance. The Orions were first designed around 1959, and are reaching the end of their service life. The DCP AIR 7000 plan is to replace the ageing Orions with a mixed fleet of new manned aircraft and unmanned drones. The current proposal is to phase in 8 P-8

10 | Australian Security Magazine 20 | Asia Pacific Security Magazine

Poseidon maritime surveillance aircraft supported by 7 MQ4C Triton unmanned drones. The MQ-4C Triton is a specialised surveillance drone entirely unlike the types of commercial drones seen elsewhere in Australia. It has a wingspan of 39.9 metres, around twothirds that of a Qantas A330 passenger plane. It is much larger than the Predator UAVs used for combat missions, and much nearer in size to the existing P-3 Orions used by the RAAF. It is intended to carry a payload of sophisticated sensors rather than weapons. The Tritons are well-suited to domestic security operations over Australian waters. Their maximum flight time is 28 hours, almost double that of the new P-8 Poseidon manned aircraft. This would allow the RAAF to conduct longer surveillance patrols, or remain on-station at an incident for longer. It is also specifically designed for the maritime operating environment, with systems for de-icing and coping with rough weather. This will enable the RAAF to continue to gather incident intelligence even if weather conditions deteriorate. For border security applications, drones require more sophisticated sensor suites than are typically found on commercial and recreational drone systems. The MQ-4C Tritons will be expected to detect and identify suspicious vessels accurately within a large environment. Northrop Grumman provides a “multifunction active sensor” radar system with the Triton, which aims to provide 360 degree detection in-flight. It is also fitted with long-range detection sensors, infrared imaging, and electronic support systems to enable effective intelligence processing in the field.

National security

Implications for Australian security practice The eventual deployment of the Triton fleet will be a significant step forward in the use of drones for security in Australia. It will be the first time that drones have been used for Australian domestic security. The drones may be operated by the ADF, but it is clear from public releases that the intention is that the Triton fleet will play a major role in enacting domestic security policy. The superior endurance of the MQ-4C Triton will potentially enable the Australian Border Force to detect and intercept more irregular maritime entries than is currently possible with the manned air and sea fleets. The drone fleet will also bring benefits for domestic defence capability. The drones are likely to be based in South Australia, or possibly at the top end of Australia, making use of existing facilities in the region. The MQ-4C has a wingspan comparable to that of the P-3 Orions already operating from RAAF facilities. According to government media releases, the drones will likely be piloted from control centres in South Australia. This will enhance Australia’s domestic drone expertise and capability, by engaging drone pilots, technicians, and ground crews. The benefits for Australia’s domestic defence and security industries will be more limited. The planned drone acquisitions have been negotiated as Foreign Military Sales, which means that the Australian Defence Materiel Organisation will have very little influence over the suppliers used. Supply of the drones and associated technologies will likely go to American-preferred suppliers. However, if the drones operate as effectively as hoped, the success of this Triton fleet may create confidence in further drone acquisitions, which could potentially benefit Australian security industries in the long run. It is possible that other government agencies will take their lead from the success or failure of the new Triton fleet. In due course, the Australian Border Force may be in a position to operate its own drones directly. In the United States, for example, the success of military drone systems created opportunities for their Customs and Border Protection (CBP) service. The CBP was authorised to commence drone operations in 2004, and currently operates a fleet of Predator B drones to patrol the US-Mexico border. The US provides a good example of some of the pitfalls that may be encountered when domestic security agencies attempt to integrate drones into their operations. Agencies like the American CBP are not aircraft specialists: they are border protection and security specialists. The CBP has encountered many problems with operating its drone fleet. Shortages of skilled technicians, spare parts and operating budget have severely restricted the effectiveness of the Predators. Each drone costs around $12,000 per hour to operate, and operations are limited by weather conditions at the border. The sophisticated VADER person and vehicle recognition system acquired by CBP is reportedly only operable over part of Arizona, meaning that drone operators rely on video imaging to identify suspicious targets elsewhere along the border. As the use of drones expands in Australia, domestic security agencies should be wary of the same problems.

21 | Asia Pacific Security Magazine

‘Their maximum flight time is 28 hours, almost double that of the new P-8 Poseidon manned aircraft. This would allow the RAAF to conduct longer surveillance patrols, or remain onstation at an incident for longer. It is also specifically designed for the maritime operating environment, with systems for deicing and coping with rough weather.’ While the Australian Defence Force has limited expertise in border protection, it does have the infrastructure and expertise to effectively operate aircraft. Agencies like the Australian Border Force, Australian Federal Police and the Australian Fisheries Management Authority will be relying on the expertise and experience of the RAAF. Few other nations in the world have the same expanses of open ocean border to secure that Australia does. The acquisition of the MQ-4C Triton will provide a unique opportunity to expand the use of drones for security in Australia, and it will also provide a proving-ground for the Triton technology. The first drones are planned to enter service from 2019. Triton unmanned aircraft system completed its first flight May 22, 2013

Australian Security Magazine | 11

Terrorism

A new frontier for the globalisation of terrorism By Anooshe Mushtaq National Practice Lead, UXC Saltbush

12 | Australian Security Magazine 22 | Asia Pacific Security Magazine

A New Frontier for The Globalisation Of Terrorism Sub-Saharan countries are about to helplessly witness a new geopolitical era. Alliances forged between Islamic extremist groups and criminal organisations throughout the Sahel threaten state sovereignty and pose significant threats to both regional and international security. The impacts of the Libyan civil war are still perceptible as the flow of weapons continues to militarise jihadist movements in the region. Western interests are dangerously confronted by the radicalisation of the local population who are targeted by fundamentalist groups capitalising on the shortcomings of weak states. “Once I am gone, Libya will turn into the headquarters of a new war against Europe and America,” predicted Colonel Muammar Qadhafi shortly before his death in October 2011. While his motives for making the assertion can be disputed, there is mounting evidence of an increase in both the size and capabilities of extremist groups in Libya, Mali, and the broader Sahel region. The name ‘Sahelistan’ has been given to the vast expanse of central Sahara comprising southern regions of Morocco, Algeria, Tunisia and Libya and northern areas of Mali, Niger, Chad and Sudan. As

implied by the name, Sahelistan is a region that defies state boundaries and rule of law. Sahelistan comprises 7,500 kilometres of lawless land that has long been a safe haven for drug and arms traffickers, and more recently, human trafficking and terrorist activity. It is the vastness of the territory and lack of traditional state power that present unique challenges to those seeking to reign in these destructive forces. As acknowledged by the rebel leaders in Sahelistan themselves, Western countries will not be able to simply appoint a West-leaning leader into power as they have done previously in Iraq and Afghanistan. Sahelistan’s thousands of armed men belong to various, at times overlapping, entities including: nomadic Tuareg rebel groups (primarily in Mali), IS-affiliated Boko Haram (based in Nigeria), Al Qaeda in the Islamic Maghreb (AQIM), the Movement for Oneness and Jihad in West Africa (MUJAO), and Ansar Dine. While all of these groups have their own hierarchies, there are growing linkages, collaboration, and consolidations between these groups and the international leadership of Al Qaeda and Islamic State that presents serious threats to regional and international security. Orchestrating some of these significant consolidation efforts are two local leaders

Terrorism

the potential to fundamentally alter Sahelistan’s geopolitical landscape: Iyad Ag Ghaly and Hamadoun Kufa.

‘A Mauritanian news source has

Iyad Ag Ghaly: The rebel in rich man’s clothes

reported that AQIM will pay militants

Iyad Ag Ghaly, also known as Abū al-Fal, was born in 1955 to a noble family of the Ifoghas tribe in northeast Mali. Despite his elevated status, Ghaly was not immune to the impacts of the droughts, rebellions and unrest following Mali’s independence from France in 1960. In the 1980s he, like many other Tuaregs (inhabitants of the Saharan interior of North Africa), joined Gadhafi’s Islamic Legion in Libya where he received military training and excelled in weaponry. Recognising his talent, Gadhafi sent Ghaly on missions to Lebanon and Chad where he participated in the coup of President Habré. After Gadhafi dismantled the Legion in 1987, Ghaly swapped his military uniform for that of the Tuareg rebellion and soon became a regional icon in the movement for an autonomous Azawad, the region of Northern Mali that has long protested state rule by a government more attentive to the economically privileged South. Whatever his political inclinations, other personal motivations soon became apparent when Ghaly wielded his networks and influence to broker negotiations between the Tuaregs and the Malian government and between foreign governments and AQIM for the release of hostages. In return for his efforts, Ghaly received undisclosed, but reportedly large sums of money as well as a diplomatic posting in Saudi Arabia. Ghaly’s establishment of Ansar Dine (Anār ad-Dīn) in 2011 revealed a significant shift in his leadership ambitions to incorporate radical Islamist ideology into what began as a primarily politically and territorially motivated exercise. His founding of Ansar Dine could be seen as a result of the combination of setbacks he experienced in the internal Tuareg power struggle and his increasingly Salafist views favouring strictly-interpreted, state-imposed Shariah rule. These views were likely developed during Ghaly’s time in Saudi Arabia. However, some trace his increasingly extremist views to his time in Tablighi Jamaat, a Pakistan-based Islamic organisation generally associated with apolitical, spiritual jihadism through good deeds, despite an alumni list that includes Ghaly, Abu Musab al Zarqawi, Khalfan Khamis Mohammed and Ahmed Khalfan Ghailani (Dar es Salaam and Nairobi embassy conspirators). A significant consequence of Ghaly’s time in Tablighi Jamaat was meeting Hamadoun Kufa, a Quranic scholar who would go on to create the Macina Liberation Front (MLF) in 2015. The MLF is an Islamic militia consisting primarily of the Fulani, a large nomadic group with a history of waging jihad throughout West Africa. Though Kufa has from time to time joined Ghaly’s efforts in the north, the MLF remains more active in the central region of Mopti where Kufa has claimed as the capital of the future caliphate. In his calls to consolidate the region under Shariah law, Kufa often invokes the name of Sékou Amadou, the Fulani founder of the Islamic Massina Empire in the nineteenth century. His efforts to unify Mali under Islamic law was gaining traction when together with Ansar Dine, the MLF briefly took control of the city of Konna in 2013. MLF

70,000 euros for foreign tourists, so long

23 | Asia Pacific Security Magazine

as they are not taken from their obliging host country of Mali. If there are no hostages to be had, there are still plenty of other options including the smuggling of arms, cocaine and other drugs, ivory, diamonds, cars and people.’ has since been involved in terrorist activity throughout central Mali including the siege of a hotel in Sévaré earlier this year that killed at least 13 people, including several UN workers. Like Ghaly, Kufa’s religious ideology has not always been a central element in his leadership ambitions. Rather, the establishment of the MLF largely resembles that of Ansar Dine in that its adoption of radical, revivalist Islam reads more as a rebranding and partnership strategy for local leaders to gain an upper hand in entrenched ethnic conflict over power and resources. However, dismissing their activities as purely local, ethno-sectarian conflict is precisely part of the plan. A letter recovered from former AQIM strongholds in Timbuktu reveal that Ghaly was instructed to make Ansar Dine’s operations appear ‘domestic’ in nature in order to avoid international interference. The correspondence evinces not only the strategic prowess of AQIM, but also the complex and interrelated web of influences and interests present in Sahelistan. Though Ansar Dine, MLF, and AQIM are all bound, at least rhetorically, by their common interest in establishing an Islamic caliphate in the region, they also have a shared economic interest in Sahelistan’s smuggling routes, which represent both a critical source of funding for their respective movements as well as the potential for their undoing. How to make a million dollars in the desert The vast, lawless areas of the Sahara provide AQIM, Ansar Dine and other extremist groups a range of profitable activities. Among the most lucrative is foreign hostage taking. Terrorist organisations operating out of Sahelistan have extracted millions of dollars in ransoms from foreign governments, including the German’s exchange of 5 million euros for 32 European hostages last year. A Mauritanian news source has reported that AQIM will pay militants 70,000 euros for foreign tourists, so long as they are not taken from their obliging host country of Mali. If there are no hostages to be had, there are still plenty of other options including the smuggling of arms, cocaine and other drugs, ivory, diamonds, cars and people. It

Australian Security Magazine | 13

Terrorism

is also reported that Al Qaeda militants offer their protective services to South American drug cartels operating in the region in exchange for weapons and ammunition. Mokhtar Belmoktar, the ruthless, one-eyed Algerian fighter, has served as the primary connection between Al Qaeda, Ansar Dine and various underworld entities operating throughout the region. Solidifying his network in Sahelistan by marrying into wealthy local tribes, Belmoktar was made a senior leader in AQIM before founding Al Murabitoon, an Al Qaeda-affiliated militant group responsible for the deaths of 40 hostages in the In Amenas siege in Algeria. Though the French claimed to have killed Belmokthar in 2013, he has ‘reappeared’ in typical Al Qaeda fashion at various times to take responsibility for terrorist actions, including a strike on a French enterprise in Niger that killed at least 12 soldiers. Belmokhtar may currently be hiding in Derna and relies heavily on his ties to Kufa and Ghaly for survival. Nevertheless, Belmoktar, sometimes referred to as Mr Marlboro for his success in cigarette smuggling, has left an enduring footprint in the form of a booming illegal economy in an otherwise deserted land. The resources acquired from these various illegal activities line the pockets of extremist leaders and trickle down to fund all aspects of their operation. They have proven particularly useful for recruitment. Ansar Dine, under the leadership of its ostentatiously dressed leader, Igar Ag Ghaly, successfully recruit Tuareg youth due in large part to the region’s economic strife. In one of the poorest regions of the world with little hope for the young, militant groups such as Ansar Dine can afford to supply young men with salaries and arms. In many cases these resources are far more than what is offered to soldiers of national armies in the region who sometimes do not receive salaries for months at a time. Recruitment of these youth often takes place face to face at mosques or through direct contacts of religious leaders. In addition to recruiting the youth, there is evidence that Al Qaeda intends to use funds from its Sahelistan operations to govern the region by assuming the provision of public goods in an area where states have been largely ineffective in doing so. Letters found in Timbuktu addressed to AQIM leader, Abdelmalek Droukdel, reveal Al Qaida’s intention to provide electricity, water and even garbage disposal to win over local populations to their cause. International reactions and implications Prior to the UN Security Council Resolution to establish a multinational coalition in Mali, France and the United States were the only Western countries to have a continued presence in Sahelistan. French involvement began in 2013 following the attack on a French outpost in Niger. The United States, aware of the smuggling in the region and its potential to fund terrorism worldwide, sent Special Forces to train Malian military troops patrolling the area and established an intelligence outpost in neighbouring Niger. Despite the concerted efforts of MINUSA to provide a multifaceted approach to building security in the region, bringing order to this lawless land presents significant, enduring challenges. First, as many observers have noted, it is difficult to distinguish terrorists from other, relatively more

14 | Australian Security Magazine 24 | Asia Pacific Security Magazine

innocuous traffickers and smugglers in the region as their activities become more intertwined and a shared interest in keeping Western influences out of the region is fostered. Anti-Western rhetoric is echoed by militants throughout the region and is becoming increasingly audible in Bamako, where dormant cells are thought to be formulating in the city’s centre of Hamdalay. High on the list of potential targets of the cells are foreign embassies not only in the capital city of Bamako, but also in Nouakchott (Mauritania), Dakar (Senegal), and Abidjan (Ivory Coast). Second, powerful alliances between AQIM, Ansar Dine and other extremist groups in Mali could signal a future consolidation of power and resources sufficient to topple Mali and extend to areas of neighbouring countries. Speaking under anonymity, a security specialist in Bamako expects Sub-Saharan Africa will remain Al Qaeda territory, with the likely formation of Al Qaeda in West Africa according to plans Belmokhtar put in place. If consolidated under one entity, the group would pose a formidable force. The jihadi militants of the north, particularly Tuareg rebels, are highly trained and experienced. They are expert weapon handlers, bomb makers, and gaining formidable strategic competency, particularly in launching surprise attacks at night. Given the massive influx of arms from Libya, these militants already pose a serious threat to national and regional security and Western interests in the region. However, if these groups consolidate, joined by their determination to remain free from Western influences and under the auspices of realising an Islamic caliphate, their presence will be felt far beyond the sands of Sahelistan. About the author Anooshe is a first generation Australian of Pakistani origin. She spent her early years in Pakistan and several years in Libya on posting with her family. Since her arrival in Sydney in 1985 Anooshe has experienced first-hand the changing cultural landscape of Australia. She is studying a Masters of Terrorism and Security at Charles Sturt University. She has published extensively and spoken on the topic of Muslim youth radicalisation, violent extremism, Islamic State’s ideology and National Security Threats.

Terrorism

Australia’s Jihadis

M By Shannon Sedgwick

ore than half of Islamic State’s recruits are foreigners, and they’ve got one thing in common. They don’t know much about Islam. Most are recent Islamic converts with minimal connection to Syria or Iraq. Another common denominator is their search for a meaningful cause and reason for their life. To belong to a common moral ground and fight for a religious belief, however disillusioned it may be, is a large attraction to these disaffected individuals. Melbourne teenager Jake Bilardi perfectly fit this profile. Going from his suburban bedroom, to a role as an Islamic State “martyr” in a matter of months, Jake was targeted with Jihad Da’wa — an ‘invitation to conduct jihad. Most likely, he was in contact with Al Hayat, the IS social media unit. The unit is highly sophisticated and polished. The high quality and choreographed nature of videos indicates the people behind them have western training. This social media campaign is a large part of what attracts foreigners to the Islamic State cause. And it’s likely IS’s capture of Ramadi, only 90 minutes from Baghdad, will make stemming western recruitment even more difficult. The Islamic State is no longer operating as an insurgency - the Islamic State is conducting a war. The group now controls an area larger than some European countries. With a fully formed government that provides all the necessary civil services to those under their control. IS has evolved as a terrorist organization and those combating this group must also evolve if they hope to succeed. To overcome Islamic State, we must understand how they operate. THE COMMON DENOMINATOR IN WESTERN RECRUITS Islamic State recruits are from all walks of life and education, however a common denominator is their ignorance of Islam; with the majority of western recruits being recent Islamic converts with minimal connection to Syria or Iraq. Another common denominator is their disillusionment with their current life, and their search for a meaningful cause and reason for life. To fight for a common belief, however disillusioned it may be, is a large attraction to the recruits. FIRST STEPS TO RECRUITMENT The first step for potential IS recruits is to source, either online or in person, a spiritual leader with hard line Islamic

25 | Asia Pacific Security Magazine

views. These spiritual leaders or mentors most likely have a connection with or know someone who has joined IS ranks. These spiritual leaders will then introduce the IS hopeful to a recruiter either via Twitter, Skype or Facebook ahead of an interview process to evaluate the interviewee’s commitment to the cause. HOW DO THEY GET THERE? Once the vetting is finalized and the recruit is deemed worthy then logistics are discussed. What is the best way to travel to Syria? What will draw the least attention from authorities? Most Islamic State recruits enter Syria via Turkey’s extremely porous southern border. I have witnessed firsthand the many illegal border crossings from Turkey into Syria and the ease with which one can cross the border into and out of Syria. The recruit is usually met by a contact on the Turkish side of the border who facilitates their transition into Syria and then another contact once they have crossed the border. WHAT HAPPENS WHEN RECRUITS FIRST ENTER ISIS? Upon entering Syria and within IS ranks the recruit is then required to hand over their complete social media and online identity. IS controls every aspect of the recruit’s life and if the recruit was to become disillusioned then IS does not want that negative perception to be spread via social media. The recruit is also required to hand over his passport and mobile phone. The recruit then begins two to three months of physical, tactical and ideological training to prepare them for the role IS will delegate to them. HOW RECRUITS ARE DIVIDED Depending on your experience and skill set, IS will delegate a position for the recruit within the ranks. Those with IT experience will be sent to Al Hayat, the IS social media unit. Those with previous military training will either be sent to fight at the frontline or be used as a trainer. Possibly, as in Jake Bilardi’s case, they will be used in martyrdom operations (suicide attacks). Regardless of what role they perform, a foreigner fighting for Islamic State will be used heavily via social media to create publicity and inspire other foreigners to join IS. For more information, twitter or email @globalmediarisk or contact info@globalmediarisk.com

ASIS NSW 2016 Annual Conference.

“I.T – The New Frontier Of Security”

I.T – The New Frontier of Security. Where: Dockside Cockle Bay Wharf, Darling Harbour. All exhibits, sessions, breaks and lunch. When: Tuesday 31st May 2016. Commences at 9am. Registration open from 8:30am Who:

How:

This is the event of choice for the most senior security professionals in Australia.

Bookings can be made at: https://www.stickytickets.co m.au/34949 Why:

Pricing Group discounts may apply. Please contact us directly for more details.

Australia’s Leading Educational Event for Security Professionals.

Cost:

The ASIS Annual Conference is designed to

$395.00 for Members.

professionals to access the most current

$455.00 for Non-members.

$410.00 for Police/Military. $300.00 for Students.

Sponsorship Packages Also Available.

26 | Asia Pacific Security Magazine

Practical learning, new solutions and visionary thinking all under one roof.

be the place for the country’s security methodologies and hear from leading

industry experts across the full breadth of the industry on emerging trends, dynamic

threats and risks and cutting edge services and solutions.

Please visit: www.asisaustralia.org.au

3 1 2

The Iconic Dockside Cockle Bay Wharf, Darling Harbour. ASIS NSW would like to sincerely thank its valued supporters for their continued assistance in support of industry development.

Presenter and Session Overview.

Four individual sessions followed by a panel session with all our presenters. Dr. Keith Suter. Renowned futurist, thought leader and international Foreign Affairs Editor. Wayne Ronaldson’s session is on “Red Commander Katsogiannis will be Teaming Cyber Security” and will provide Dr. Suter’s has been presenting at the ASIS focusing his session on key trends in real life scenarios of how adversaries have Conference now for three years running cybercrime over the preceding twelve carried out attacks on companies and will and his presentations have always been months and discussing its impact on the suggest strategies that can be deployed to incredibly well received. His session is general business community. “How has Information Technology manage the cyber threat become the latest security threat” Arthur Katsogiannis. Commander, Fraud and Cybercrime Squad NSW Police.

Mr Wayne Ronaldson. Principal Consultant, Risk Offensive.

Chairman’s Message:

We have a unique lineup of thought provoking presenters of the highest caliber, who will be discussing aspects pertaining to this rapidly evolving and dynamic area of our industry that is important to us all as security professionals, as responsible community members and also as concerned parents or guardians.

27 | Asia Pacific Security Magazine

Is our digital privacy slowly evaporating? Is business evolving rapidly enough to deal with threats on this modern front? If social media security, cyber security and safety as well as ransomware and cyber terrorism concerns aren’t on your radar, they should be. I look forward to seeing you there and learning alongside you. Scott Taylor, CPP Chapter Chairman – ASIS NSW.

28 | Asia Pacific Security Magazine

29 | Asia Pacific Security Magazine

Channels Forum

SPECIAL FEATURE

By Chris Cubbage, Executive Editor

Security tops agenda for ‘Innovation & Technology’ channels Canalys Channel Partner’s Forum APAC, Bali Indonesia, Nov 2015

Canalys’ events have taken the Channel market by storm, quickly expanding to deliver countless opportunities for technology and certified channel professionals and senior Canalys analysts to participate in a variety of industry and vendor events. This includes trade shows, business strategy sessions, sales meetings and press conferences. I met with senior executives from AMD, Cisco, HP, Dell, Zebra and Delta to learn about the latest in technology developments, business activities and what 2016 holds for each of these tech giants. Canalys Market Review and Outlook Canalys CEO, Steve Brazier, opened the event with a broad market analysis, highlighting some

16 | Australian Security Magazine For 30 | Asia Pacific Security Magazine

of the big changes that are affecting the global workforce. In particular, Brazier explained that an increasingly younger workforce demographic is building over the next decade and changes are occurring in the workplace offering the capability for staff to work from anywhere and everywhere. These changes will pose their own issues and risks for tomorrow’s businesses, where the workforce doesn’t have the same level of collective experience it has today and is not collocated in one place, hence no face-toface communications. In 2015 the titans of the commodity and consumer technology industry have war chests collectively totalling more than $500B in cash, with Apple holding about 40 percent, while Internet cloud services, Amazon and Salesforce, together lost over $3B. There were only 15

technology IPOs throughout the entire year, which is the lowest number of new companies floating on the stock market since 2009. Software-as-a-service is the new reality for application provision and Infrastructure-as-aservice is forecast to reach an incredible $35B in 2016. The significant drop in the oil price in 2015 (and continuing through to January 2016) has contributed to destabilised currencies and caused disparities in price controls throughout the international technology market. Canalys’ Shanghai 2014 forum had a distinct focus on China, however, this year’s forum had shifted focus to India as the strongest performing technology market and strongest performing economy. As regulation remains a barrier, the market is expected to remain very unstable

Information presented in Cyber TechTime is provided by the relevant

information on 2016 Channel Forums visit www.canalyschannelsforum.com advertiser and are not necessarily the views of My Security Media

Channels Forum

IT security Worldwide, share of units (%) by category, 2019

issue for business that it’s clear no one really yet understands what it means for the APAC region and the channel. Shifting to Datacentres The storage and servers market has shifted from on-premise computing to being provisioned out of mega data centres. By the end of 2015, nearly half of the entire server and storage market had moved to datacentres, with reports of component shortages due to the speed of data centre growth, appearing at the tail end of

the year. The ‘Open compute’ project, run by Facebook, is a prime example of this shift to innovative new way of operating, with pressure increasingly coming from end users rather than suppliers. Trends into 2016/2017 are for growth in hyper-scale data centres and hyperconverged infrastructure. Though still relatively nascent, this market is growing quickly, offering data centre scalability.

throughout 2016, with India or China (or both) having the greatest influence in the APAC region. APAC is an extremely complex market and, as such, the channel network is critical to success. For example, in 2015, Lenovo invested $760M across all of its channels, including the distribution of 90 million units per quarter in China alone. As Lenovo’s CEO, Roderick Lappin, explained, “[it is] not uncommon for some individuals to be carrying up to four devices when mobile” and “with Cloud mobility analytics and big data, business is going to see more disruption in the next 5 years than it has in the last 50 years.” Valerie Beaulieu, Microsoft’s General Manager SMS&P APAC, outlined the company’s mission is getting back to their core values, allowing Microsoft to remain in a unique position to link individuals to organisations and organisations to organisations across the globe. Beaulieu suggested developing wearables, sensors, mobile devices and investing in the subsequent user experience is key to market success, with Microsoft’s own strategy of ‘mobile first, cloud first’, driving their own strategy. Attesting to their success, Beaulieu said that Microsoft’s own cloud computing platform, Microsoft Azure, is growing by 250% per year. Security Focus The forum’s primary theme was security. Across the channel network, security was a top issue for all businesses, with strong buying behaviour for security infrastructure reported for APAC across all sectors. There is a clear shortage of cyber security skills, especially in our “connect it - hack it” environment, and this trend is set to continue. Cyber warfare is also an issue that was mooted, however, this is such a nascent

Australian Security Magazine For information on 2016 Channel Forums visit www.canalyschannelsforum.com

31 | Asia Pacific Security Magazine

| 17

Channels Forum - latest news and products Cyber TechTime

DELL’S doing the heavy lifting Cheryl Cook, VP Global Channels & Alliances The Canalys event came hot on the heels of Dell’s fifth annual customer conference, Dell World, in Austin, Texas, where Dell executives made a number of important program and investment announcements. Cheryl Cook, VP Global Channels & Alliances briefed me on the latest developments. “Our Channel partner program, globally, continues to experience strong growth and geographically balanced across the market, so all regions and all lines of business. We measure our PC core appliance business, as well as our enterprise datacentre business, which includes our servers, storage and networking, as well as our software business. We are experiencing record levels of engagement, as measured by deal registration – which, for me, is a proxy to the market activity level. In our most recent quarter, we continued to set the bar on record levels of deal registration, with over 200,000. That feels very positive and, as a consequence, when growth rates are that positive, we are continuing to pay record level rebates and incentives to the channel partners. The global revenues for the channel business with Dell exceed well over 40% and just two years ago that was 30%. Channel partners are a now major part of Dell’s growth strategy. Another area of expansion is Tier 2 distribution that allows greater stock and sell capabilities to partners around the region, opening access to new partners that otherwise may not have been within reach. The Future Ready Channel is aimed at delivering enablement and capabilities of our partners while keeping it relatively simple and straightforward. Our channel program is still young, only eight years old, and a lot of the feedback is about training, certification and competition around our products. For software, we have expanded and delivered more in the form of data protection, network security, and big data analytics. We also announced, for the first time, a solutions track for competencies. Everyone wants to have much higher, more relevant discussions around workloads and business outcomes than merely just integrating silos of information and infrastructure together. We worked jointly with our enterprise product team, who worked with partners, like Microsoft, VMware and took an approach for an endgame basis, encompassing blueprints and reference architectures. There are now over 1,300 engineered systems and appliances with over 21 reference architectures

18 | Australian SecurityFor Magazine information 32 | Asia Pacific Security Magazine

and whitepapers that can be activated for their market or client. We set up labs to test and certify configurations against known use cases and user levels so that, levels. So with confidence, we can deliver to our partners configurations and reference architectures that are inclusive of software management, and deployment services, in addition to the infrastructure and the software, so that time to revenue can be shortened for them to focus on working with the customers. So, the OEM (Original Equipment Manufacturer) between Dell and Microsoft or Dell and VMware has already done a lot of the heavy lifting in meeting performance levels, whether it be to a small population of 50 or less, or up to into the hundreds and thousands, certifying the channel partners against those user cases. Whether it is unified communications and collaboration, virtual desktop, virtualisation or big data analytics, we are driving to a ‘solutions’ conversation. Like with cloud certifications, our partners are able to drive private, on-premise and hybrid deployments in Microsoft Cloud and cloud platform systems that are tailored for very highend enterprise workloads, as well as smaller enterprise workloads. We have also announced new incentives and rebates, as of February 2016, and to be supported by new branding for our partners. We have enjoyed 11 consecutive quarters of shared gains, globally, in the PC market, and we see the market consolidating between Dell, Lenovo and HP and we want to maintain our dominant position. However, we recognise this growth is going to have to come from our customers and we want to reward our partners more handsomely because we know it is expensive to operate in this business, but reward them when aligned to our own strategy for growth. We are doing the same in our datacentre offerings and

approaching number one in the server business in Asia, and already number one in North and Latin America. It is about maintaining momentum and keeping the incentives driving growth. We have had, for many years, a financing capability with Dell Financial Services, which assists with end-customer leasing options. In the last 12 months, we have introduced Dell Global Financial Solutions, aimed at partners and smaller companies to give them access to capital and increased credit and extended payment terms that reduce the burden of cash flow to allow growth. It has been phenomenally successful and in the first year of operation we financed over US$5 billion, with over 2,000 partners. We will be continuing this program as it seems to be meeting a solid business need. Included are flexible payment alternatives, such that you can pay as you grow, or a utility billing model offering other flexible options. Many partners are feeling the pressure of business model changes, with this flexibility suiting these changing needs to resource cash flow. As well as enablement around our solutions, we are providing the servicing and financing which are key pillars. Finally, we have introduced a ‘services competency before deployment’ model for partners who want to deliver some of our services, which traditionally have only been delivered by Dell. So, we have opened up a certification program, launched in over 120 countries, which creates the opportunity to manage an entire end-to-end solution for customers and co-deliver and compliment our services. There is a lot of energy and excitement in the business and despite the pressures and fluctuation in the market, we are all feeling it is creating its own set of opportunities for our partners too, by adapting and modifying their business models, they will continue to meet customer needs across multiple facets.

Information presented in Cyber TechTime is provided by the relevant

on 2016 Channel Forums visit www.canalyschannelsforum.com advertiser and are not necessarily the views of My Security Media

Channels Forum National

Hewlett Packard’s customers have become sensitive to security Chris Ogburn, Vice President Worldwide Channel Marketing Chris Ogburn has channel marketing responsibilities for Hewlett Packard Enterprise (HPE). “Part of the portfolio we are focused on is around the infrastructure side of the business, servers, storage, networking, converging systems and devices and services in supporting cloud and hybrid cloud. We have also picked up responsibility with the restructure for software. So, we’re fresh in building competencies in our team for IT management, big data and security. With so many elements, it is a multipronged approach. For example, with a data centre build out, it isn’t new but has become more pronounced over time and this is reflected in changes in product sets. There is an entire organisation within HP that is solely focused on developing and building scale-out server architectures, specifically for the increasingly high demand for data centres, which is a change from a few years ago. Alongside, we have had a need to build the capacity of our service providers through our channel programs. We are not only selling them the infrastructure they’re using to host and support and drive workloads, but also, at a country level, we’re partnering and working with customers to look at opportunities where they want public cloud capability using a local service provider – especially so, with growing data concerns in country and not wanting to have data moving outside of the jurisdiction. Looking at HPE, over 70 percent of our revenues come from our channel partners and in Asia Pacific it is well over 80 percent. So, the vast majority of what we do is going through our channel partners, with the remainder being typically large-scale global service providers, or large footprints within government, financial services or telecommunications, who prefer to deal with us directly. In 2015, HPE signed a definitive agreement to divest the network security business, TippingPoint, to Trend Micro. TippingPoint was an important component of HPE’s security offering, however, we decided to partner in network security as opposed to own it, so they can invest in other areas of their security portfolio. The final deal is expected in early 2016. “From our discussions and round tables with customers, security has become the top most priority they have in business today, managing the data security element from the device to the datacentre. Customers have become sensitive to security-by-design in

our innovations, because they recognise its importance. We have also improved, as a result, with major strides in device-level security and the way we think about managing security from a datacentre perspective. Security is so broad and extends right across our portfolio, so it’s an excellent tie-in when we think about the way our teams do product design and engineering, tying back to the investments made in security – it is now much better integrated. For our big data analytics portfolio, the focus is on enabling decision making using the information you already have available, pulling it together and driving insight and action out of that insight. The theory is to have the ability to make very fast business decisions based not only on your internal information, but what else may be happening in real-time, such as social media. There are incredible tools that allow governments and companies to understand what is happening from a social perspective across myriad platforms, searching words and expressions and taking into account neutral, negative and positive sentiment. This analysis is used in conjunction with internal data to evaluate and surface business insight. Other aspects of the analytics portfolio include Vertica and Autonomy, so the source can be internal, supplier, or customer, as well as a wide range of private and social media databases. HP Vertica is a next-generation high-performance SQL analytics engine, available on-premise, in the cloud, or running on Hadoop. Queries will

“Looking at HPE, over 70 percent of our revenues come from our channel partners and in Asia Pacific it is well over 80 percent.” reportedly run 50-1,000 x faster than any data warehouse or database technology, running at petabyte-scale, with openness to using any BI or ETL tool, run as SQL on Hadoop, while leveraging scalable predictive analytics and a comprehensive library of built-in analytical functions.

Australian Security Magazine For information on 2016 Channel Forums visit www.canalyschannelsforum.com

33 | Asia Pacific Security Magazine

| 19

Channels Forum

Cisco has security everywhere Pramodh Menon, Managing Director, Sales, Cisco Systems, India Pramodh Menon highlighted the architectural approach to Cisco’s ‘security everywhere’ theme. “Building on what Cisco has always believed: the network is a centre point of coordination for all security, as opposed to the conventional way we used to build and look at security, which was to build an endpoint product and fortify the perimeter. Those concepts are not valid anymore since, especially due to cloud, mobility and virtualisation, the definition of the perimeter has become void because you don’t know where the device is connected to the network” So, we have the concept of the network as a sensor, with some of that capability enabled in our products, such as TrustSec and NetFlow. We also look at the network as a security enforcer, so once you see a breach, you can shut down the ports, offer segmentation, confining malware to one segment so that it can’t traverse the rest of the network. You can then determine who has been compromised and institute management so we can know how to deal with it. This was the initial role of

TrustSec, however, we now have a lot more added to it to ensure we have a very robust end-to-end architectural solution. It’s not just antivirus, malware protection or firewalls; it’s more of an overall architectural approach. This plays to our strengths as most customers have a Cisco network, along with those other capabilities, therefore we can turn them on with most of our existing installations. Overall, we are seeing a significant amount of customer spend, related to their security position being strengthened, which is a very important conversation to have with every enterprise customer. With the recent acquisition of Sourcefire we now have advanced malware detection, threat defence and the recently announced Lancope acquisition. The Lancope team will join the Cisco Security Business Group, led by David Goeckeler, senior vice president and general manager. Under the terms of this agreement, Cisco pays $452.5 million in cash and assumed equity awards, plus additional retention-based incentives, for Lancope employees who join Cisco. The

acquisition is expected to close in mid-2016, subject to customary closing conditions including regulatory review. Anthony Stitt, Cisco Systems’ General Manager Security in Australia, highlights that Cisco offers the breadth and depth of a “security everywhere” approach, be it the endpoint or in the cloud. “Cisco changed its attitude to security a number of years ago and, seeing the way technology will be used by digital transformation, security could no longer be an add-on or afterthought. It needs to be far more central. What you’ve seen Cisco do over the years, is acquiring a number of organisations to fill or improve and develop the integrated products across the broader spectrum, such as the Cisco data centre and data collaboration strategy.”

The new AMD has more Commercial focus Vinay Sinha, Regional Director Enterprise Business, Asia Pacific Japan (APJ) Vinay Sinha enthusiastically introduced the new AMD. “We have a more commercial focus and over the last year, we achieved some key milestones. With a dedicated commercial organisation, AMD Pro is only for commercial enterprises, due to its longevity and increased warranty. We are now only certifying OEMs for AMD Pro.” “In terms of security, we have ARM Trust Zone, which is hard wired into the system at the CPU level.” In contrast to fixed-function TPMs (Trusted Platform Module), TrustZone is a vastly more versatile mechanism and are freely programmable using a powerful generalpurpose CPU architecture. (Source: An Exploration of ARM TrustZone Technology) “Overall, you are seeing the market not as repeat as we’d want it to be, even, it is said, India is doing well but we are finding it is holding steady. There is some consolidation happening, so that means the pie is about 500,000 units (devices) a quarter and it has remained at that number, without deceleration, a trend that seems consistent across the APJ. However, the number of players has decreased, so there is more available from the same sized pie.

20 | Australian SecurityFor Magazine information 34 | Asia Pacific Security Magazine

“...over 500 customers over the last year across the APJ and 90-95 percent have welcomed us and stated they needed us back.” With the currency markets as unstable as they have been, there has definitely been challenges, with some markets slumping and others spiking. Overall though, I would say it has been rather static. In the short term, that means we just need to be smart enough to grab the opportunities we are seeing in Thailand, the Philippines, India, Australia and New Zealand. The other aspect that has changed for AMD is that we now have OEM backing and the commercial skillset to take these opportunities – the market has always welcomed competition and choice. The support and endorsement from customers has been overwhelming for

us and I met over 500 customers over the last year across the APJ and 90-95 percent have welcomed us and stated they needed us back. There have been huge margins and little price pressure for competitors. The fact we have been so welcomed back also includes our performance, therefore the days of perceiving you have to pay for performance is being challenged. We can match the performance of leading brands at a lower price. When there is a monopolistic market, you will naturally see higher profit margins and we are near a third of some of our competitor’s margins. For example, we will match the performance of the HP A10 or A12 system and Dell or Lenovo i5 or i7, so you can compare the price and there is a saving of about $400 with zero compromise on performance, allowing customers to use that saving on other aspects of the system.”

on 2016 Channel Forums visit www.canalyschannelsforum.com

Channels Forum National

Digitalisation and supply chain intelligence Ryan Goh, Vice President of Sales and General Manager, Zebra Technologies APAC “Zebra was established in 1965, starting as a barcode printing company and manufacturer of specialised barcode printers. In 2014, Ryan Goh explains, “we acquired the enterprise business from Motorola (valued at $2B) and that part of the business consists of mobile computer handheld products, wireless LAN infrastructure and RFID computer and scanning devices. So, it has been a year since we completed the transaction and it complimented our strategy in building a business model of enterprise asset intelligence or EAI. EAI is about reclassifying the three categories of sensing, analysing and action. It is what we call ‘giving a digital voice to the physical world’. We provide the ability for assets to be tracked, converting them to a digital voice. In terms of parcel delivery, it allows the entire supply chain process to be optimised and the fastest route(s) to be selected, allowing an operational director to make decisions on the best way to get products to the consumer or customer. We don’t use random serialisation, instead using barcodes to achieve the same thing, such as in tracking animal products. From the time an animal is born to the time when the meat is

delivered and displayed in the supermarket, it is tracked using a barcode. This barcode is tagged on the animal’s ear and its history is tracked, logged and analysed at every stage of delivery. The key objective is food security, so we know and can immediately trace any food product back to its source. This provides intelligence into the entire supply chain and avoids a costly review if something goes wrong, allowing for an immediate response. Increasingly, there are more and more customers using this technology. Using a cloud-based ring scanner, you can track assets in real time from anywhere. One major aspect is security and how 60% of enterprises are yet to step up into using cloud services: this is the major limitation perceived around security. What we do at Zebra is offer a mobility extension on our mobile devices, using Android as an operating platform. The last two quarters in 2015 saw doubledigit growth and we think EAI is now at the point of crossing the chasm. If you can create meaning from the data and show an impact, such as in a shopping mall, we can start to afford meaning to foot traffic, buying behaviour and effectiveness of promotions,

signage and product displays. Another example is our real-time location system, as used with the NFL in tracking players throughout the game with an RFID inserted in the back of the player’s jumpers. We can track where each player is, the speed they are running, including acceleration rates and total distance, offering quarter-to-quarter comparisons while making this all available for display on a tablet in real time. As the player moves, you see the outcome on screen, and can determine how each of the players is competing and working together. We are now tracking all of the NRL players, allowing far more insight into game assessments, review and team analysis. Naturally, this technology is not limited only to sport science, as it has applications across all sectors. When our customers come to us, they ask how canwe help them transform their business, often most interested in how they can apply technology for better business outcomes. Retail is our leading market and, in terms of countries, I would say Singapore is our leading country in deployments. We are quite bullish for 2016. Zebra is listed on the US stock exchange.

R&D focus is on efficiencies Max Perez, Delta Energy Systems

“Delta was founded in 1971 and has grown to revenues of $7.5 billion in 2014 with R&D centres in Taiwan, China, Thailand, Japan, USA and Europe, with over 30,000 staff. Delta is the world’s largest vendor of power supplies and has three main pillars of business: power and electronics, energy management and smart green life.

The Mission Critical Infrastructure Solutions (MCIS) provides highly-reliable and efficient power management products and datacentre infrastructure solutions for continuity of mission critical operations. One solution is called InfraSuite, consisting of power systems, racks and accessories, as well as environmental management systems. The R&D focus is on building energy efficient solutions for datacentres and we’re seeing gradual growth with operations in Australia over the last two years, having established a strong distribution channel partner with Avnet, one our largest channel partners. Our key target markets also include education and the security industry, such as CCTV systems. About Canalys Canalys is an independent analyst company that strives to guide clients on the future of the technology industry and to think beyond the business models of the past. Canalys delivers smart market insights to IT, channel and service

provider professionals around the world. Canalys or their customer-driven analysis and consulting services empower businesses to make informed decisions and generate sales. “We stake our reputation on the quality of our data, our innovative use of technology and our high level of customer service.”

SPECIAL MENTIONS Canalys Channel Partner Awards • Channel Partner of the Year 2015, Accel Frontline, India • Revenue growth partner 2015 - BIT Group, Malaysia • Innovation and Transformation Partner 2015 ACPL Systems, India • Cloud Software Partner 2015 Data3, Australia • Cloud: Managed Services Partner 2015, Microwear alignment, Hong Kong • Infrastructure Growth Partner 2015 ProNet, Philippines

Australian Security Magazine For information on 2016 Channel Forums visit www.canalyschannelsforum.com

35 | Asia Pacific Security Magazine

| 21

2016 Cyber Security Predictions

Palo Alto Networks’ 6 cybersecurity predictions for Asia Pacific in 2016 1. Ransomware Ransomware will continue to evolve its methods of propagation, evasion techniques and continue to hide its communication and the targets it seeks. As reported by the Cyber Threat Alliance, ransomware has been very lucrative for cyber criminals to launch campaigns and in a short period of time derive large revenue streams. Today, the value of credit card data is so low compared to ransomware, where higher value can be extracted from more victims. Research by the Cyber Treat Alliance reported that CryptoWall v3, generated more than $325 million for the group behind it. This will drive further versions of ransomware style attacks to be released allowing more cyber criminals to extort users to pay the ransom to get the decryption key for their data. We predict to see this crossing over to other platforms, such as OS X and mobile operating systems. 2. Sharing of threat intelligence Efforts have been around for years to share threat intelligence in some verticals and we predict that 2016 will mark a year where the private sector and security vendors look to share more of this than they ever have in Asia Pacific. Today, many adversaries often write one piece of malware and send it to multiple organisations, with only minor changes made to make it undetectable. However, if we, as a community, can force cyber adversaries to create multiple unique attacks each time, it will force their costs to go up. And if we can share the information, the defender costs go down. The benefits grow exponentially if we automate this process whereby organisations do this in real time, whilst preventing the attacks. By knowing what kinds of actors are targeting you, the tools that they have available and the tactics they employ allows organisations to defend their networks more effectively. Although the debate continues on how effective these regulations will be, Asian governments should look to foster the sharing of threat intelligence and organisations should think about how they can share in their vertical and go cross vertical in their efforts. We should ensure

22 | Australian Security Magazine 36 | Asia Pacific Security Magazine

that there are responsible privacy protections in place, for the purpose of identifying, preventing, mitigating and responding to cyber threats, vulnerabilities, and malicious campaigns. The faster organisations can share this information, the better we can serve to protect each other and push the cost back to the attackers. We expect this trend to continue, as more organisations begin to realise the benefits of sharing knowledge as a means to unify efforts to fight against cyber intrusions in Asia Pacific. 3. Secondary victim attacks More and more we are seeing that when we know the motive of an attack, there is usually a secondary victim. The 2015 Verizon Data Breach Report, highlighted that adversaries are using third-party websites to deliver their attacks. This often can mean that the person or organisation that experiences the initial breach isn’t the real target, but rather a pawn in a bigger attack. From the perspective of an attacker, this allows them to take advantage of trust and use the resources of another company for their gain. The most common method seen in Asia Pacific has been “watering hole attacks”, where an organisation’s website is infected with exploit code to try and infect visitors of their site. We predict that this will continue to rise with more reported incidents coming to light in 2016. 4. Trust in our security models Over the past few years, cyber attacks have escalated and gotten more aggressive and successful. Not only have we seen it become easier and cheaper to launch successful attacks, it has eroded our digital trust in online systems. That trust also extends itself to the failure of legacy security architectures, due not only to an outdated assumption that everything on the inside of an organisation’s network can be trusted, but also the inability of legacy countermeasures to provide adequate visibility, control, and protection. We expect to see more organisations adopting new security models, such as “Zero Trust” where it is intended to remedy the deficiencies with perimeter-centric strategies and the legacy devices and technologies used to implement them. It does this by promoting “never trust, always verify” as its guiding principle. This differs substantially from conventional security models that operate on the basis of “trust but verify.” essential security capabilities are deployed in a way that provides policy enforcement and protection for all users, devices,

* For more information on these articles in Security Survey Summary check out our website at www.australiansecuritymagazine.com.au

applications and the communications traffic between them, regardless of their location. We expect this will continue across Asia Pacific in 2016. 5. Attacking the Internet of Things Whole new categories of digital device are getting connected to the Internet, from domestic appliances to home security and the list goes on. Gartner predicts the number of connected things will rise from 6.5 billion in 2015 to almost 21 billion by 2020, growing by a staggering 5.5 million “things” each day. This will continue to accelerate in 2016 but sadly we see no reason why these things won’t become a target for cybercrime. During this year we have seen some evidence of this emerging trend, like attacks on cars, smart rifles and many more shown at Blackhat USA in August this year. We don’t expect to see millions of devices compromised in 2016 across Asia Pacific, but we should be prepared to see more attacks and proofs of concepts trying to exploit these types of devices. 6. Cyber crime legislation Asia Pacific has often operated under very lax regulations when it comes to cybersecurity. It is a global issue, however regulations to safeguard businesses and consumers are still evolving across the world. It’s unsurprising that the USA is taking the lead on this front, given the number of high profile attacks reported to have targeted US firms in recent years. This has resulted in cybersecurity becoming a focus for policy, most recently seeing the introduction of The Cybersecurity Information Sharing Act (CISA), which aims to help US companies to work with their government to combat hackers. Similarly, the European Union has also laid out 14 actions to improve cyber security readiness, along with a policy on Critical Information Infrastructure Protection (CIIP), which aims to strengthen the security and resilience of vital ICT infrastructure by supporting high level of preparedness, security and resilience capabilities, at a national and EU level. We expect that will see a significant shift in the mindset of governments and regulators in Asia Pacific to take on an even more active role in protecting the Internet and safeguarding its users. Cybercrime laws will be in discussion, and changes to out-dated cyber security standards will be mandated to bolster an improved stance on security.

Unisys predicts entirely new classes of cyberthreats will require fresh countermeasures in 2016. Rogue intelligence officers, machinecontrolled physical attacks, and the rise of quantum computing will demand new approaches such as micro-segmentation and quantum encryption Following a year of damaging security incidents at organisations ranging from the U.S. Office of Personnel Management to the Ashley Madison web site, security experts at Unisys Corporation predict that leading security professionals around the world will adopt a new mindset in 2016, embracing advanced approaches such as microsegmentation to counter increasingly sophisticated attacks by cyber criminals. “Corporate and government leaders understand that as their enterprises have grown beyond their four walls and threats have moved from concept to reality, their whole approach to security must change now,” said Tom Patterson, vice president of global security, Unisys. “In 2016, corporate leaders will take the actions needed to protect themselves in this new reality.” Consequently, Patterson predicted the rise of a new security approach that embraces microsegmentation, which allows enterprises to easily and economically divide their physical networks into hundreds or thousands of logical micronetworks, or microsegments. Such an approach understands that adversaries will ultimately infiltrate an organization, but limits the damage they can do once they’re in, making the difference between a routine cyber incident and a business catastrophe. Patterson predicted additional new developments in 2016, including new security threats from rogue intelligence officers; cyberattacks that result in physical destruction; and the rise of quantum computing threatening encryption-based defences.

37 | Asia Pacific Security Magazine

HID Global Looks Ahead at Top Trends for Secure Identity in 2016 •

•

Mobility and a growing focus on the user experience will be a strong focus for organisations Trusted digital identities will proliferate across increasingly connected environments for greater convenience, fueling opportunities to enhance productivity and drive compliance to security policies. Privacy protection will continue to grow in importance, forcing organisations to improve best practices for preventing breaches and safeguarding identities, even after they’re stolen.

HID Global’s broad industry perspective has positioned the company to pinpoint five key developments that it believes will have the greatest impact during this year on identity and access management, citizen identification and the Internet of Things (IoT). “We’re watching several developing trends in the new year, including growing demand for a more mobilecentric and satisfying user experience that HID Global believes will be the primary driver for security technology innovation in 2016,” said Stefan Widing, HID Global President and CEO. “Customers will increasingly aspire to a comprehensive secure identity experience for their users that can provide the foundation for more flexible, adaptable solutions in a new era of interconnected digital identities and the Internet of Things.” HID Global’s 2016 trends point to a more mobile and connected experience, ongoing advancements in privacy protection and broader adoption of best practices for solution deployment.

Allied Telesis Unveils Industry Trends and Predictions for 2016. The three key trending topics unveiled include Secure Enterprise SDN,Wireless and Security and the Internet of Things (IoT). Software-Defined Networking – New methods of operating Enterprise networks will be seen in the market to deal with the increasingly diverse demands that are placed upon them. SoftwareDefined Networks, or SDN, which have largely been deployed in carrier networks and data centres, will begin to see increasing relevance in the Enterprise as application vendors begin to leverage the capabilities of SDN to simplify business processes and deliver value to the Enterprise. C-level executives and technology managers will need to develop strategies for integrating SDN into their Enterprise networks, and with a strong emphasis on security. Wireless – While 802.11ac technology may still be in the early stages of adoption and deployment, the focus on wireless will move away from technology and performance and increasingly focus on unified management using a cloudbased platform of an organisation’s infrastructure. Application awareness and the ability to manage traffic on a per-flow basis will become increasingly important as organisations take a unified approach to connectivity. This is particularly relevant as the growth in mobile devices continues to increase while the deployment of fixed devices stagnates. Security and IoT – The ever-increasing number of devices or “things” being connected throughout Smart Cities and across the “Internet of Things” will make embedded devices and machine-to-machine networks more attractive targets. Next-generation security for organisations that operate and manage embedded networks will become as important as, if not more important than, the security of the organisation’s Enterprise network.

Australian Security Magazine | 23

2016 - 2020 Cyber Attack Methods

Centrify’s Country Manager for Australia and New Zealand Lachlan McKenzie said 2015 breaches globally included high profile criminal and state-sponsored attacks. “Breaches involved millions of personnel records of government employees, tens of millions of records of insurance customers, and hundreds of millions of customer records from various other companies,” he said. “Last year we even heard of a billion-dollar bank heist! Many of these companies had implemented advanced malware protection, next generation firewalls and delivered regular security training sessions for their employees. Yet the breaches continue. “Australia and New Zealand are not protected from these sort of assaults by our remote locations in the world. In fact, we are more at risk than ever before because of our increasingly online economies.

Check Point software technologies is predicting that attacks on point of sale (PoS) terminals will increase in 2016.

With over seven billion credit cards in circulation worldwide, fraud in the retail sector is also likely to continue to rise, as cyber attackers bid to steal millions of identity and credit card records as well as other data and merchandise. A 2015 report from digital security firm, Gemalto, estimates that one billion data records were compromised across 1,500 attacks last year. More than half of these attacks involved the retail industry, with much of the focus on point-of-sale (PoS) systems. Larger breaches in 2016 will be the result of custom malware that is designed to bypass even the most sophisticated security defenses. Giant retail corporations will be targeted, but startup companies will also be vulnerable to attacks because they don’t have as many resources to strengthen their defenses. Methods of payment are also becoming more digital as consumers are increasingly using mobile devices to make purchases. Mobile PoS systems are beneficial for retailers, but can also put customer data at risk. Digital currencies like PayPal, Apple Pay, and Google Wallet can provide new attack surfaces for hackers to exploit.

24 | Australian Security Magazine 38 | Asia Pacific Security Magazine

Check Point advises retailers to add layers of security for stronger protection while also taking the time to teach their employees about proper use of PoS systems and learn the signs that tell when security might have been breached. Consumers can also take precautions in order to minimise the impact of a data breach. In addition to staying aware of phishing attempts and malware-installing websites, shoppers should regularly monitor their accounts to flag any suspicious activity.

ATTACK TYPE 1

FireEye finds chinese APT group attacked Hong Kong media outlets.

FireEye has released the results of its research into a recent campaign carried out by a Chinese cyber threat group – referred to as “admin@338″ – targeting Hong Kong-based media organisations. In August, the group sent spear phishing emails about newsworthy developments with malicious attachments to Hong Kong-based media organisations, including newspapers, radio, and television outlets. One email referenced the creation of a Christian civil society organization to coincide with the anniversary of the 2014 protests in Hong Kong known as the Umbrella Movement. Another email referenced a Hong Kong University alumni organization that fears votes in a referendum to appoint a Vice-Chancellor will be co-opted by pro-Beijing interests. The group employed malware called LOWBALL which abuses Dropbox, a legitimate cloud storage service, for command and control purposes. When FireEye researchers alerted Dropbox to the group’s activities, Dropbox promptly blocked the access token used by LOWBALL. In doing so, Dropbox disrupted the group’s command and control capabilities in all observed versions of the malware. FireEye has observed targeted attacks by multiple Chinese threat groups on journalists at international and domestic media organisations in Asia. These attacks have often focused on Hong Kong-based media, particularly those that publish pro-democracy material. Journalists located in Taiwan, Southeast Asia, and elsewhere in the region have also been targeted. “Journalists in Asia are routinely subject to these targeted cyber attacks. They are dependent on

information from many different sources, which makes them easy to target. The information journalists have and the identity of their sources can be valuable intelligence. Without adequate technological defenses, they make easy victims,” said Bryce Boland, chief technology officer for Asia Pacific at FireEye. FireEye has tracked admin@338’s activity since 2013. The group has largely targeted organisations involved in financial, economic, and trade policy. FireEye first observed the group targeting media outlets in April 2015.

ATTACK TYPE 2

Android.Bankosy gets updated to steal passwords sent through voice calls generated by 2FA systems.

In the last quarter of 2015, we observed an emerging trend among financial Trojans. An information-stealing Android threat (detected by Symantec as Android.Bankosy) added functionality to its code to enable it to deceive two-factor authorization (2FA) systems that use voice calls. What does two-factor authorization using voice calls involve? In a typical 2FA system, the second factor—normally a generated one-time passcode (OTP)—is sent to the user’s registered mobile number through SMS. In the past, we have seen several cases where the malware installed on the victim’s device snooped on or intercepted the incoming SMS containing the OTP. To improve the security of OTP delivery, some financial organisations started delivering OTP through voice calls instead of SMS. Of course, malware creators have already devised ways to take advantage of this development. So how does Android.Bankosy take advantage of voice-based 2FA? Once the malware is installed on the victim’s device, it opens a back door, collects a list of system-specific information, and sends it to the command and control (C&C) server to register the device and then get a unique identifier for the infected device. If the registration is successful, it uses the received unique identifier to further communicate with the C&C server and receive commands.

ATTACK TYPE 3 Influx of fake Instagram profiles luring users to adult dating sites. Three fake Instagram profile variations used to earn scammers money through affiliate programs.

In recent months, Symantec Security Response has observed a steady influx of fake profiles on the social photo-sharing service Instagram. These fake profiles, which use photographs stolen from legitimate profiles, feature three variations to follow users and like photos. Through these interactions, they lure users to their profiles in order to earn a commission through affiliate links to adult dating websites.

•

applications containing these malicious links. Attacks manipulated search engine results – when searching for a combination of common words such as “cheat” and “story”, it was apparent that the “cheating stories” application appeared on the first page of the leading search engines. Analytics showcased impact of attacks– Threat Research looked at Alexa analytics and the ranking of the “cheating stories” application dramatically increased during the three month span.

criminals using creative ways to the exploit the cracks of a more connected world,” said Oded Vanunu, security research group manager, Check Point. “The Internet of Things trend will continue to grow, and it will be important for consumers and businesses to think about how to protect their smart devices and prepare for the wider adoption of IoT.”

ATTACK TYPE 5

ATTACK TYPE 4 New Check Point Report Reveals How Hackers Can Outsmart Smart TVs Research on vulnerability with EZCast dongle highlights unique security challenges for consumers and businesses in an Internet of Things ecosystem Akamai Identifies SEO Web Application Attack Campaign. Attackers use SQL injections to manipulate search engine rankings, impacting an organisation’s revenue and reputation

Akamai Technologies has issued a new Web security threat advisory from the company’s Threat Research Division. Threat Research has identified a sophisticated search engine optimisation (SEO) campaign that uses SQL injections to attack targeted websites. Affected websites will distribute hidden Hypertext Markup Language (HTML) links that confuse search engine bots and erroneously impact page rankings. A full report detailing the attack is available for download here: http://www.stateoftheinternet.com/seo-attacks Overview

Over the course of a two week period in Q3 2015, Threat Research analysed data gathered from the Akamai Intelligent Platform and observed attacks on more than 3,800 websites and 348 unique IP addresses participating in the various campaigns, revealing the following key findings: • Evidence of mass defacement – when searching the Internet for the HTML links that were used as part of this campaign, Threat Research identified hundreds of web

39 | Asia Pacific Security Magazine

Check Point Software Technologies has published a report identifying network security vulnerabilities with EZCast, an HDMI donglebased TV streamer that converts non-connected TVs into smart TVs. The findings show a hacker’s ability to gain full, unauthorised access to an EZCast subscriber’s home network, thereby compromising personal information and taking control of home devices. Currently used by approximately 5 million users, the EZCast dongle runs on its own Wi-Fi network and is controlled through a smartphone device or PC. The device represents a growing trend of connecting devices to the Internet – known as the Internet of Things (IoT) – and further introduces unique security challenges for both consumers and business. The latest Check Point research report highlights significant risks: • Attackers can enter through the Wi-Fi system, allowing easy access into both the EZCast and home networks. • Once in, the attackers can move around the networks undetected, providing the ability to view confidential information and infect home devices. • The attacks can be initiated remotely; hackers can execute malicious code anywhere. “This research provides a glimpse of what will be the new normal in 2016 and beyond – cyber

Australian Security Magazine | 25

Cyber Security

Cyber security at sea

A By Tony Campbell CISSP

26 | Australian Security Magazine 40 | Asia Pacific Security Magazine

side from the big cyber stories of 2015, where traditional hacking saw criminals make off with millions upon millions of sensitive customer records, we also saw coverage of a new breed of cyber threat. Cars were cyber-jacked, aircraft were shown to be susceptible to remote takeover and children’s’ toy manufacturers were shown to have vulnerable toys that could expose them to cyber hacking and stalking. Across a multitude of these market sectors and industry verticals, security professionals are seeing a trend whereby industry bodies and regulators are waking up to the fact that cyber-attack is a real problem, especially in markets where this has never been a problem before. Regulators are now publishing guidelines for these industries, with the intention of helping their charges understand these risks, in a world where cyber has never even entered their daily lexicon. The shipping industry is the latest market to jump on board (no pun intended), which is why in January 2016, BIMCO released, “The Guidelines on Cyber Security Onboard Ships.” This publication is aimed at ship owners, operators, managers, brokers and agents, and offers some excellent advice on assessing the cybersecurity risks related to shipping. “The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant. Responding to the increased cyber threat, a group of international shipping organisations, with support from a wide range of stakeholders, have

developed these guidelines, which are designed to assist companies in developing resilient approaches to cyber security onboard ships.”- BIMCO: The Guidelines on Cyber Security Onboard Ships BIMCO has coauthored a set of cybersecurity guidelines to help the global shipping industry prevent major safety, environmental and commercial issues that can result from cyber security incidents on board a ship. The focus of the report is that of risk management, which, naturally, the best approach is for anyone wanting to start the processing of maturing in response to cyber security. What’s great about this report is that it focuses not only on the standard information technology aspects of shipping, but it also pays attention to the often underserviced aspects of operational technology (OT) that also affect many large-scale heavy industries, such as resources, utilities and construction. BIMCO’s approach fully aligns with the steps taken by the majority of organisations that already have an established process for information security management. The report suggests that shipping companies should introduce a fundamental programme of security awareness training that underpins the introduction of the full risk management lifecycle. The process offered up by BIMCO aligns perfectly with international standards, whereby shipping companies begin by identifying threats that may affect their systems and information, identify the vulnerabilities they may be subject to, then move into a process of risk assessment and

Cyber Security

risk management. Companies are shown the means by which they can include security controls within their security architecture as well as being offered help on establishing the contingency and remediation plans for dealing with an attack, should one occur. What are the threats? It’s interesting to see that the range of threats faced by the shipping industry is actually no different to the threats faced by any other business. BIMCO suggests that companies should be concerned about activists, including disgruntled employees, who would be motivated by causing reputational damage against the shipping line, or possible disruption of operations. They may try to destroy information, physical assets, media, expose sensitive data on the Internet or to the press, or incite negative media attention, all of which could be critical to operations and profitability. Criminal gangs, opportunists the usual swathe of nation-states, statesponsored and terrorist organisations are also cited as threat actors in this paper. Interesting, though, competitors and the media are not listed as threat actors, where those are often represented as specific callouts in threat assessments in other industry verticals. Nevertheless, the paper represents the concept of threats well and is a good first publication. Types of Attacks The BIMCO report lists two categories of attack: targeted and untargeted. An untargeted attack occurs when, “a company or a ship’s systems and data are one of many potential targets.” In effect, this means the ship is attacked as a result of a vulnerability scan across numerous IP ranges and the ship just happens to be one of the identified targets identified. On the other hand, a targeted attack, not surprisingly, is when the company or ship is directly in the sights of the attacker and the attacker is motivated by something related to that company or vessel. What’s nice to see is the footnote that suggests the list of common cyber-attacks shown has been lifted from a CESG publication, entitled “Common Cyber Attacks: Reducing the Impact.” BIMCO has clearly consulted with the UK government and is using the best collateral to build its awareness campaign. Who or What is CESG? CESG is the UK’s National Technical Authority for all things cyber security related, and more information can be found here: www.gov.uk/government/uploads/system/ uploads/attachment_data/file/400106/Common_Cyber_ Attacks-Reducing_The_Impact.pdf

Managing Onboard Systems Threats Aside from the traditional information security risks that IT systems are subject to, the interesting perspective that the shipping industry faces, as do the other sectors, such as utilities, resources and construction, is that they have so-

41 | Asia Pacific Security Magazine

called Operational Technology (OT). OT refers to control systems and specialist systems that are often bespoke and run on specialist hardware, where the logic runs as programmable firmware rather than easily managed software. Furthermore, even some of the modern OT systems that do rely on modern software models and operating systems, are so critical to a business operation that they cannot be taken offline to patch and upgrade, so they end up being vulnerable to attacks that have been all but eradicated in the enterprise world. BIMCO calls out cargo management systems interfacing with onshore controllers, especially when the ship is littoral, as well as bridge systems that interface with specialist navigation control systems and the ship’s propulsion systems, as being particularly high risk. Passenger and crew services systems can also be attacked, especially on cruise liners, as they can contain vast amounts of PII and potentially credit card information. All of these systems need to be protected and should be incorporated into the risk assessment, along with all of the more traditional security models that the Infosec world is used to, relating to secure network designs, reducing the effects of malware, application and OS patching, use of administrative privileges, etc.

What is BIMCO? BIMCO has over 2,200 members and claims to be the world’s largest global shipping association, providing a wide range of services to ship owners, operators, managers, brokers and agents. They operate as an advisory body across the entire shipping industry, offering standard contracts for members to make use of in business engagements, as well as providing information, advice and education, such as the guidelines we’ve looked at here on ‘Cyber Security Onboard Ships’. For more information on BIMCO’s products, services and membership, check out the website at: www.bimco.org

Contingency and Resilience BIMCO’s contingency planning advice includes the shipping company ensuring it has fully documented who has decisionmaking authority, especially in a crisis situation, and explains when to call in the experts (such as third-party incident responders or law enforcement) and who those experts are, by name. It’s advisable as part of the planning to already have interviewed and contracted with the relevant third parties so that it’s not yet another issue to consider during the incident management or contingency management phase. Recovery plans and all associated documentation (forms, communications lists, etc.) should all be accessible to officers on board ships and they should be educated in how to use them and when to escalate an issue to the littoral support. Responsibilities should be well-defined in the plans and the purpose and scope of each individual or specific plan should be defined and understood by the officers as well as all external IT personnel who provide support to the company or the ship. Conclusion This is a very good document and certainly great advice for an industry that has before been underserviced by the information security community. BIMCO has done a great job in offering standard-based advice and guidelines in the context of the shipping industry, which I’d argue needs be adopted by everyone involved in shipping. However, until there is widespread regulation and legislation that enforces some semblance of compliance with cybersecurity guidelines, the chances of companies doing this properly and calling in the expensive experts is remote. If it comes down to cost, then there needs to be a compelling motivator to invest before anyone will jump to make the necessary changes and improvements.

Australian Security Magazine | 27

Cyber Security

Attacks on the internet and cloud will continue

F By Sarosh Bana ASM Correspondent

28 | Australian Security Magazine 42 | Asia Pacific Security Magazine

ortinet, the global leader in high performance cybersecurity solutions that is based in Sunnyvale, California, foresees the emergence of increasingly sophisticated evasion techniques that will push the boundaries of detection and forensic investigation as hackers seek to counter increasing pressure from law enforcement. In their report titled, New Rules: the Evolving Threat Landscape in 2016, Fortinet and its threat research division, FortiGuard Labs, anticipate attacks on the known vulnerabilities of the Internet of Things (IoT) and cloud to continue in the coming year, with new malicious tactics and strategies creating unique challenges for vendors and organisations alike. “Threats on these new platforms will continue to rise as these technologies continue to be used more pervasively, including by Indian enterprises,” the report notes. NASDAQ-listed Fortinet was founded in 2000 by brothers Ken Xie, who is Chairman and Chief Executive Officer (CEO), and Michael Xie, who is President and Chief Technology Officer (CTO). Ken Xie was previously President and CEO of NetScreen, where his brother held positions as Software Director and Architect. Led by a management team with deep experience in networking and security, Fortinet provides network security appliances and security subscription services for telecom carriers, data centres, enterprises, and government entities through its 100-plus offices around the world. Its revenues totalled $770 million in 2014, and were $260 million in Q3 2015. Fortinet established FortiGuard Labs over 10 years back as its dedicated security research arm, staffed by over 200 researchers, analysts, engineers and forensic specialists located globally. They deliver security updates round-the-clock, with

industry-leading response times to new and emerging threats targeting customers’ networks, content and mobile devices. FortiGuard Labs is capable of rapid response to emerging threats and can every minute intercept 72,000 spam emails, resist 210,000 network intrusion attempts, neutralise 68,000 malware programmes and block 310,000 malicious website access attempts, in addition to thawing 67,000 botnet C&C (command and control) attempts. In India, Fortinet is headquartered in the country’s IT capital of Bengaluru (formerly Bangalore) where it has a large technical support centre. Apart from offices in seven cities in India where it employs over 250 technically skilled professionals, Fortinet also has offices in Sri Lanka and Bangladesh that serve the SAARC region, the South Asian Association for Regional Cooperation constituted of Afghanistan, Bangladesh, Bhutan, India, Maldives, Nepal, Pakistan and Sri Lanka. The company has long-term plans to heighten its profile in the Asian region and believes that in the near future, it can achieve growth better through enhancing quality headcount rather than mere quantitative expansion. Montana-based research firm IDC (International Data Corporation) ranks Fortinet third in India’s security appliance segment, with a market share of 11.2%. The market size in India was estimated at $88.1 million for H1 2015. Rajesh Maurya, Fortinet’s Country Manager for India & SAARC, attributes this gain to several key initiatives his company has implemented, such as establishing direct touch teams for key accounts, aggressively expanding its partner base to cover new technologies and geographies, and enabling and enforcing stricter service standards. “Various solutions launched in 2014 are running on Fortinet’s latest NP6 processor that has

Cyber Security

broken all performance records,” he asserts. “The company has been gaining both revenue and shipment market share in the data centre, enterprise and SMB (small and medium business) market segments.” Maurya says that Fortinet has also boosted investment in R&D, and rolled out products and services to help enterprises cope with new requirements like advanced persistent threat (APT) defence and secure application delivery. An R&D centre has been set up by FortiGuard Labs in the south Indian city of Hyderabad that works very closely with its parent R&D centre in Sunnyvale. Its primary focus is on building the hardware logic for FortiDDoS appliances used for mitigation of Distributed Denial of Service (DDoS) attacks. Such attacks are typically targeted at blocking legitimate traffic to a website by sending a large number of simultaneous service requests to the web server of that site, with the intention of bringing down that site or for some other malicious purpose. The engineers at Hyderabad also specialise in digital design for high-speed Internet security applications. The team works on developing hardware logic for TCP/IP, HTTP, DNS, SIP and other networking protocols. Fortinet’s research team has observed an increase in Microsoft Remote Desktop Protocol (RDP) brute force login attempts, as detected from its threat intelligence in India. “There was almost a ten-fold increase in RDP brute force login attempts in the second quarter of 2015 as compared to the first,” remarks Maurya. “A further 33% increase in RDP brute force login attempts was seen in the third quarter as compared to the second, categorising it as the top attack detected in India for Q3 2015.” Referring to the enterprise security threats and trends in India, Fortinet’s threat intelligence report indicates ZeroAccess as the top botnet observed in India in the first three quarters of 2015. It maintains that though incidents detected have decreased by almost 34% in Q2 2015 over the previous quarter, there was a 7% increase again when comparing Q3 2015 to Q2 2015. “The decrease in Q2 2015 may be attributed to more effective security measures taken by the Indian security industry and enterprises to mitigate ZeroAccess malware propagation, and also to the efforts to take down the ZeroAccess command and control (C&C) server infrastructures,” it adds. Nevertheless, the slight increase in Q3 2015 shows that the botnet is still capable of re-establishing its foothold, and Fortinet counsels organisations to continuously strengthen the security of their networks to mitigate cyber security threats. The company protects more than 15,000 customers in India, including the leading telecommunications companies, government and PSUs, banks, educational institutes, manufacturing units and hospitals. While ZeroAccess was the top botnet, the Mydoom virus was the top malware observed in India, with security incidents involving it rising 32% in Q3 2015 over Q2 2015. Though this virus was first observed a few years back, the statistics show that older malware are yet capable of infecting systems. Disturbingly, while the technique of propagating malware like Mydoom via email has been used for many years, inadequate cyber security awareness and measures motivate hackers and cyber criminals to use the same methods over and over again to infect the victims’ systems.

43 | Asia Pacific Security Magazine

Highlighting Fortinet’s “very successful year 2014”, where it experienced immense revenue growth of 51.9% in the Network Security Market in India, Benoy CS, Director, ICT Practice, Frost & Sullivan, says the vendor has created an ecosystem in India with large service providers to give customers a broad choice of solutions for protecting their infrastructures. “Its high-end appliances and hardware engineering capability enable an exceptional level of performance, deployment flexibility, and security for large- as well as mid-sized networks,” he observes. “The underlying philosophy behind Fortinet’s growth is attributed to its continuous pace of innovation, delivery of new features and products, and ease of deployment and management of its appliances onsite.” IDC’s Worldwide Quarterly Security Appliance Tracker, 4Q14, released in March 2015, indicates that Fortinet’s security appliance shipments and worldwide revenue continued to grow in the fourth quarter of 2014, the 21st consecutive quarter of revenue growth. “Fortinet remains the largest security appliance vendor in terms of shipments globally, with 18.8% share of total unit shipments in 4Q14,” it notes. According to the report, Fortinet has globally shipped more than 2 million security appliances since its inception and has shipped more security appliances each year than any other vendor since 2013. The company has also had the largest market share of combined appliance shipments since 2012. In the security world, it has been a long tradition to share information on new malware and botnets, and newly discovered threats and vulnerabilities. Ken Xie was in February invited to the White House Summit on Cybersecurity and Consumer Protection to provide industry insight and commentary on public-private collaboration on cybersecurity. “Security vendors see responsibility in sharing threat findings with each other and other agencies and enduser advocacy groups, because the best way to combat the creativity and negative impact of malware and adversaries is to build security solutions based on data from wide and diverse sources,” he notes. The Washington event brought together stakeholders from across the US who collaborated and explored partnerships to help develop the best ways to bolster cybersecurity. FortiGuard Labs collaborates with other network and security vendors, and threat monitoring and law enforcement agencies. Its partnership with Exodus Intelligence combines its broad threat research coverage and Exodus’s unique expertise on emerging zero-day threats that helps gain advance notice of attacks before they infiltrate an organisation’s network. The two partners are additionally developing new customer-facing threat mitigation and incident response services. In the first move of its kind for sharing threat information in the interest of their collective customers, Fortinet has co-founded the Cyber Threat Alliance (CTA) with Intel Security (formerly McAfee), Palo Alto Networks and Symantec. The end goal for the information sharing is to raise the situational awareness about advanced cyberthreats and enable members and organisations worldwide to use the latest threat intelligence information to improve defences against advanced cyber adversaries.

‘FortiGuard Labs is capable of rapid response to emerging threats and can every minute intercept 72,000 spam emails, resist 210,000 network intrusion attempts, neutralise 68,000 malware programmes and block 310,000 malicious website access attempts, in addition to thawing 67,000 botnet C&C (command and control) attempts.’

Australian Security Magazine | 29

Cyber Security

The illusion of ‘real time’ & ‘intelligence’ collection” By Eric Flis

ver the past year there has been an explosion of services being offered in the threat intelligence space. These services for the most part focus on the cyber security market. Over this time WorldStack has noticed a growing trend with services claiming to offer “real time” cyber threat intelligence and products and/or services that provide “intelligence collection”. The use of the terms “real time” and “intelligence collection” in these contexts as we see it are being used as nothing more than a marketing ploys by companies claiming to offer such services using these as buzz words. This is doing real intelligence and the benefits it can provide to clients a great disservice. The Issues The terms real time and intelligence do not go together. By its nature intelligence is a product, and the creation of intelligence product takes time. The length of time depends on a number of factors such as the level of detail required by the end user and whether you are looking at Strategic, Operational or Tactical intelligence. Even at its simplest form the intelligence cycle consists of steps, generally these steps would be Planning, Collection, Collation, Analysis and Dissemination. By its nature it is a process that takes time, as can be seen there are three steps that need to be undertaken before you can actually provide a client with an intelligence product. Likewise stating that you collect intelligence or you have a product that collects intelligence is a great misuse of the

30 | Australian Security Magazine 44 | Asia Pacific Security Magazine

term intelligence. At the collection stage in the intelligence cycle what is actually being collected is raw data or information. That is unless you are accessing already finished intelligence products. The raw data collected then needs to be assessed, information verified and validated and analysed to determine what that actually means, if anything for a client. Without this process the raw information provides little if any value to an end user. What constitutes intelligence? There are many services and products that claim to provide threat intelligence. But what constitutes threat intelligence? Many products and services provide information such as known bad IP addresses or URLs, to be blacklisted by a client’s network to protect the network against infection from malware and other forms of attacks and intrusions. However, is a bad IP address or URL Intelligence? We would argue it is not. At least not on its own. On its own it is a piece of information, granted it is a piece of information that can help protect a network, however it is not intelligence, not in the true sense. In order for a known bad IP address or URL to be called intelligence there needs to be some insight into why it is bad, what that means for the client it is being provided to. This means the who, what when, where and why need to be analysed in relation to the IP address or URL. In a lot of cases this type of technical based intelligence is also reactive, not proactive. As an example, a network is

Cyber Security

such as counter terrorism. This comes

capabilities and are after the clients crown jewels? All of these are important questions that need answering when providing threat intelligence to a client, be it in cyber security of more physical realms such as counter terrorism. This comes from investigating the who, what, when, where and why in relation to such technical information. Granted this information may just not be available,. however every effort in answering these questions for a client should be made and be the main focus of anyone provided threat intelligence services or products.

from investigating the who, what, when,

Conclusion

where and why in relation to such

So what can be done to not dilute the power of what true intelligence product can provide? Firstly, it is highly unlikely that companies will change their marketing tactics and will continue to try and capitalise on using buzz words such as “real time” and “intelligence collection”. Therefore clients need to become more sophisticated in their understanding of what intelligence is and more importantly what their intelligence requirements are. The first step a company selling threat intelligence services should do for a client is help them identify what their intelligence gaps are, if they have not already done so. Then work with the client to define what is they hope to get from your service or product. If a client determines they require an IP blacklisting service then so be it, as long as it is what they require to fill their needs. However they should not be sold this as an intelligence product as it is not intelligence in the true sense of the word, it is merely a piece of information. The term intelligence for many holds the expectation that there will be insight and understanding attached to a product or service using this term. This can lead to clients being disappointed as their expectations have been let down as the reality of the service they receive does not meet with their expectations. This is where the watering down of real threat intelligence occurs, when clients do not see value in it. When in fact what they may have been getting was not intelligence product at all.

‘All of these are important questions that need answering when providing threat intelligence to a client, be it in cyber security of more physical realms

technical information.’ Figure 1 – Intelligence cycle

observed being scanned by system operators and the IP address is subsequently blacklisted on the network. This is reactive rather than proactive. Other services provide lists of known bad IP addresses and URLs, which are subsequently blacklisted on the network, this scenario is at least a more proactive approach. From our perspective the who, what, when, where and why in relation to a piece of information is extremely important. This is what will determine whether a client is being provided an intelligence product or just a piece of information. If that information is coupled with analysis and insight it can become quite powerful for a client. Not only can it protect them in the short term by blocking that IP address, knowing who may be using that IP address and their motivations allows the client to become more proactive in their security planning. This stems from knowing who the threat actor is and what their motivations for attack are. For example is it a one off low level attack by a script kiddie? Is it a threat actor motivated to some social or political issue to which they see the client being linked to in some way, indicating they may be a repeat offender? Or is it a threat actor with known ties to a nation state, who have advanced

45 | Asia Pacific Security Magazine

About the Author Eric is a Director and Chief Operating Officer of WorldStack Pty. Ltd. Eric holds a Masters in Policing, Intelligence and CounterTerrorism from Macquarie University and his professional career spans both cyber security, intelligence and physical security arenas.

Australian Security Magazine | 31

Available online! See our website for details

1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE

Get each print issue per year for only $88.00 SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, (1 year). ☐

AUSTRALIA

88.00

(inc GST)

1 YEAR

☐

INTERNATIONAL

158.00

(inc GST)

1 YEAR

Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag)

No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.

Go to

www.australiansecuritymagazine.com.au/subscribe and fill in our subscription form online. Dont miss an issue! Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)

42 | Australian Security Magazine 46 | Asia Pacific Security Magazine

PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155

FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059

Email subscriptions@mysecurity.com.au

GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056

Within TechTime you will find the very latest information, news and products from a wide variety of security industries, ranging from cameras, computers, software and hardware.

Illustra Pro 2 megapixel 30x PTZ camera,

To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au 47 | Asia Pacific Security Magazine

Latest News and Products Australian Security Magazine | 43

TechTime - latest news and products

Astute Smart Locks launches Noke – the world’s smartest bluetooth padlock Astute Smart Locks, a thought leader and pioneer of smart lock & smart access technology, is excited to announce the launch of Noke into the Australian market. Noke is a bluetooth enabled smart padlock that you unlock with your smartphone eliminating the hassle of keys and combinations forever! All Noke locks are compatible with iOS, Android and Windows smartphones, and work in conjunction with the Noke app for smart, convenient security. Features Designed to be the simplest electronic device you own, Noke automatically finds and connects to your Bluetooth 4.0 enabled smartphone. Instead of fumbling for keys, simply walk up to your Noke, press the shackle, and instantly access your possessions. Noke’s app even lets you share guest access with friends and family, so they can unlock your Noke with their own smartphone. You can allow a guest unlimited access, onetime access, or create a custom schedule of specific times and days of the week. For added control and peace of mind, Noke lets you monitor its history so you know where, when, and by whom your lock was accessed. In case your smartphone battery dies, Noke has a back-up plan called ‘Quick-Click,’ so you’re never left stranded. Noke’s QuickClick technology allows you to create a custom access code of short and long clicks on the shackle so you have the option to open it manually if necessary. Security Noke uses the latest in anti-shim technology so security is not compromised. It also uses the latest in PKI technology and cryptographic key exchange protocol to stand up to hackers. Product Quality Made of boron-hardened steel, Noke is not only attractive, but also incredibly strong. It’s designed to stand up to the toughest environments and weather conditions so Noke can go where you go. Battery Noke locks are packed with a long lasting battery, giving you over a year’s worth of use before needing to be replaced or recharged. Fleet Management

44 | Australian Security Magazine 48 | Asia Pacific Security Magazine

With Noke, it’s easy to take the benefits of a smart lock—ease, convenience, control, security, durability—and scaling that to work for an entire enterprise. It will help professionals better manage their fleet by allowing them to be the administrator over an unlimited amount of locks. They can issue locks to individual employees, while still having the power to revoke access as well as monitor where and when the locks are used. No more giving up control and no more changing locks and combinations again.

Bluetooth: 4.0 Battery: 2032 coin cell battery For more information, please visit: www. astutesmartlocks.com or email: info@ astutesmartlocks.com

Customers Noke locks are wildly popular among all ages and demographics. Kids tend to use Noke on bikes and school lockers, while adults use Noke for locking up their back gate, gym locker, storage units, shed, cabin, trailer and more. Noke also accommodates business professionals by adding control to everyday security needs ranging from enterprise shipping containers to individual employee lockers. The use cases are endless and the benefits unparalleled. Noke Padlock Specs Material: Zinc alloy body with boron-hardened steel shackle Colors: Silver, Black Water Resistant Strength Rating: IP66 Operating Temperature Range: -23degC to 65degC Security: PKI technology and cryptographic key exchange protocol

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

Improving forensic searching & identification at greater distances Tyco Security Products introduces the new Illustra Pro 2 megapixel 30x PTZ camera, offering a powerful 30x optical zoom to deliver better forensic detail over greater distances. The new Illustra Pro PTZ camera offers 30x optical zoom and 12x digital zoom, compared with the 20x zoom of the previous Illustra PTZ model. The combination of the PTZ’s advanced optical capability and high quality HD resolution video allows users to identify critical details such as reading license plate characters at distances of more than 1,000 away from the camera. To improve operator control with better precision and control accuracy, the Illustra PTZ uses zoom adjusted program (ZAP) technology to automatically control the pan and tilt speed in proportion to the amount of zoom used. The Illustra Pro 2MP 30x PTZ helps reduce the costs in network overheads and storage costs with improved low light performance and noise reduction. Available in indoor and outdoor models, the new Illustra Pro PTZ delivers a greatly improved true wide dynamic range performance ensuring premium quality surveillance is maintained in the most challenging of lighting conditions. These camera’s clear video quality is maintained during rain, fog or snow through the advanced auto defog feature, while the whiteout highlight reduction feature ensures that car headlights or street lamps do not compromise the image during nighttime surveillance. The 30x PTZ also supports electronic image stabilization for lower effects of vibrations from wind and other sources when using long range optical magnification. This Illustra Pro 30x PTZ introduces a new

intelligent guard tour feature using embedded intelligence to autonomously track, zoom in and record events or suspicious activities, allowing the operator to concentrate on other priorities without missing any vital activities. This feature unites motion detection, auto tracking and preset sequences to allow the PTZ to perform independent of a control room operator. While moving through a preset tour without an operator present, the intelligent

guard tour feature enables the camera to deliver the video evidence needed to identify key details necessary, often making the difference in forensic investigations.

Milestone appoints Hikvision as elite partner Milestone Systems, the open platform company in networked video management software (VMS), has elevated Hikvision to the status of Elite Partner in the Milestone Camera Partner Program (CaPP). To be named a Milestone Elite partner, companies must demonstrate outstanding sales, implementation, consulting and support for Milestone Systems solutions and consistently show excellence in business initiatives and marketing. Both companies have dedicated targeted efforts to elevate the mutual technical and commercial engagement to a new level, resulting in the Elite Partner status for Hikvision.

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

49 | Asia Pacific Security Magazine

“To achieve Milestone Elite level status a camera partner must demonstrate commitment in achieving maximum return on investment for our joint customers through superior product knowledge and a focus on long-term customer satisfaction,” says Henrik Sydbo Hansen, Head of the Camera Partner Program at Milestone Systems. “From this increased partnership our channel partners and customers will receive an exclusive level of engagement and commitment with the advantage of cost-effective camera technology fully supported by Milestone software.” The ongoing relationship between Hikvision

and Milestone Systems has been evolving over the past several years, and the announcement of Elite status demonstrates the solidity of an already close partnership.

Australian Security Magazine | 45

TechTime - latest news and products

New compact external drive provides highcapacity storage. Seagate Technology has announced the launch of the Seagate Backup Plus Ultra Slim, the world’s thinnest 2TB mobile hard drive. This new product builds on the award-winning Backup Plus Slim drive, delivering a stunning new design with the same leading capacity in an even slimmer profile. The Backup Plus Ultra Slim also includes 200GB of Microsoft OneDrive cloud storage and Lyve software compatibility, so users can back up, access and share their favourite files from any device or location. “The launch of the Backup Plus Ultra Slim builds on Seagate’s rich history of awardwinning innovation to give users even more capacity in an incredibly small form factor,” said Tim Bucher, vice president for Seagate’s Consumer Group. “Based on our breakthrough ultra-mobile hard drive technology, this new

storage solution gives them a better way to manage the increase in both data volumes and number of devices.” At just 9.6mm, the Backup Plus Ultra Slim external drive employs Seagate’s latest 2.5-inch HDD technology, making it more than 50 percent thinner than other 2TB drives on the market. Thanks to its low-profile, high-capacity design, users can keep more than 500,000 songs, 320,000 photos or 240 hours of high definition video in their pocket*. Available in gorgeous golden or platinum metal finish, this sleek new product is designed to complement the looks of stylish computers, tablets and phones.

Thales nShield hardware security modules secure Vormetric data security manager Thales and Vormetric have announced that the Vormetric Data Security Manager (DSM) is now secured with Thales nShield hardware security modules (HSMs). Customers in highly regulated and security conscious industries such as finance and banking can now benefit from the heightened levels of trust and security provided by Thales HSMs. Vormetric DSM centralizes control of dataat-rest security enabling organisations to protect their sensitive data and meet new security

mandates and compliance requirements. Where high levels of trust and security are demanded Thales HSMs provide FIPS 140-2 certified protection and key management. To meet the demands of customers with deployments distributed across multiple data centres, Thales HSMs offer Vormetric a superior approach to HSM initialization and ongoing administration. By utilizing the unique Thales Security World architecture customers can increase their security posture without the

operational difficulties often associated with alternative solutions. Thales recently signed a definitive agreement to acquire Vormetric which, when completed, will extend Thales’ data protection and key management solutions to further protect enterprises against cybersecurity threats.

Secure Identity Alliance (SIA) publishes ‘Civil Registry Consolidation’ With identity a key priority on the United Nations’ 2030 Agenda for Sustainable Development, the Secure Identity Alliance (SIA) has published a report outlining a best practice approach for consolidating civil registries through national electronic identity (ID) schemes. The SIA’s ‘Civil Registry Consolidation through Digital Identity Management’ report provides the deep sector insight necessary to support the development of government registration and identity programs across the world – particularly in the developing world

46 | Australian Security Magazine 50 | Asia Pacific Security Magazine

where many citizens lack official documentation to prove their identity. For those countries that have implemented an electronic identity program, but whose civil registry is incomplete, the existence of an eID database is a chance to rebuild a comprehensive registration process. When national ID systems and civil registration are not at the same level of development, a circular and dynamic approach between civil registration and eID systems can be used to complete them both. This report should be of particular interest

to international organisations and government agencies involved in the establishment or reorganization of civil registration and identity systems across the world. With a global population set to reach 11.2 billion by the end of the century, the ongoing European and MiddleEast refugee crisis and growing population mobility, identity is a key geopolitical issue.

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

Senstar Announces FiberPatrol-PL for pipeline integrity monitoring Senstar has announced FiberPatrol-PL, an advanced security system for buried pipelines, optimized to detect third-party interference (TPI). FiberPatrol-PL is the latest addition to Senstar’s renowned FiberPatrol intrusion detection systems, which have been protecting critical infrastructure around the world since 2009. FiberPatrol-PL uses fiber optic cable buried along the pipeline to detect and locate ground vibrations and acoustic signatures associated with TPI activity. A single FiberPatrol-PL processor can detect and locate TPI over a distance of up to 72 km (45 mi) and within 10 m (33 ft) accuracy. “FiberPatrol-PL provides the longest protection per single processor currently on the market, addressing one of the biggest issues to effectively securing pipelines – covering long distances between above-ground infrastructure

locations where electronic equipment can be installed,” said Senstar’s Product Manager Stewart Dewar. “No electronics, power, communications infrastructure or grounding points are required for spans of up to 72 km (fiber distance), making FiberPatrol-PL a costeffective solution for long pipelines.” FiberPatrol-PL detects TPI activity that threatens pipeline integrity: machine or manual digging, heavy machinery operating nearby, and even people walking in the vicinity of the pipeline. The system’s advanced detection algorithms optimize the detection of TPI activity while rejecting nuisance alarms. It can also reject vibrations caused by traffic on roads and railways running parallel or perpendicular to the pipeline.

About Senstar Corporation Senstar, the trusted innovator safeguarding people, places and property, has been manufacturing, selling and supporting the world’s largest portfolio of perimeter intrusion detection sensor technologies for more than 30 years. Senstar is also a leading provider of life safety / emergency call solutions, cyber solutions that protect security networks against threats, and a cellular detection and location solution. Senstar’s products and solutions can be found around the world in more than 80 countries, in tens of thousands of sites including borders, ports, military and government, correctional facilities, and other critical sites.

Pelco by Schneider Electric announces integration of Optera and Spectra camera ranges. Pelco by Schneider Electric has announced that its Optera range of panoramic cameras as well as Spectra Enhanced high-speed PTZ domes are now compatible with the latest version of the Genetec, Inc. Security Center, 5.3 (SR3). This collaboration reflects Pelco’s continuing commitment to provide fully integrated, robust solutions. “This certification and integration gives our joint customers two more options for clear, state-of-the-art video images,” said Jonathan Lewit, Director of Business Application at Pelco by Schneider Electric. “These integrations provide security professionals with better situational awareness by leveraging the panomersive experience and the full analytics capabilities in both Optera and Spectra Enhanced cameras.” In this suite, the new version of Security Center will benefit those with a need for improved motion detection responses, with motion indicator bars now visible in the Security Desk timeline. Security Center 5.3 also features simplified tools for security investigations that promote collaboration between operators and external organisations, such as support of presets, the ability to display multiple cameras simultaneously, and sharing of select Automatic License Plate Recognition (ALPR) data.

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

51 | Asia Pacific Security Magazine

In turn, Security Center 5.3 users will be able to enjoy the advanced image quality delivered by the award-winning Optera and Spectra Enhanced range of cameras. The Security Center 5.3 integration with Optera enables a separate view of a continuous panorama in a single cell. This feature is made possible exclusively through this innovative integration and is the first of its kind in the industry. The Optera series delivers a single seamless view of a panoramic, 180° scene, constructed from four 3MP image sensors. With full ePTZ on both live and playback video, Optera provides stitched and blended panoramic views to gain great situational awareness. SureVision 2.0 image processing and Anti-Bloom technologies enable outstanding image quality in the most challenging of lighting conditions, without ever leaving true wide dynamic range (WDR) imaging. Spectra Enhanced provides industry-leading image quality and great PTZ control along with SureVision 2.0 and 130 dB WDR, at up to 60 images per second video. These and a whole host of features make the camera system an ideal solution for detecting and capturing faces, license plates, tattoos, and evidentiary details in nearly any lighting situation. “These releases further strengthen the tight relationship between Pelco and Genetec Inc.

with mutual dedication to an integrated product offering and the highest industry standards that each require of their products,” added Lewit. Pelco customers can access Genetec Security Center 5.3 information as well as additional integration details on the Partner First website. Pelco’s Partner First program marks a new level of openness and commitment to identify and bring to market additional features, capabilities and solutions through development of strategic partnerships. For more information about Genetec, visit: www.genetec.com

Australian Security Magazine | 47

I THE DIGITAL AGE THE DE F I N I T I VE CYBE RSE C U R I T Y G U I D E F OR DI RE CTORS AN D O F F I C E R S

Navigating the digital age: The definitive cybersecurity guide for Directors and Officers Front Cover.indd 1

48 | Australian Security Magazine 52 | Asia Pacific Security Magazine

11/09/15 2:31 pm

n 2005 I conducted a thesis study on security risk management in corporate governance and surveyed sixty ASX200 listed companies. The study determined there was a significant lack of security risk awareness at board level within Australian public companies and less than 30 percent had a security related policy in contrast to safety, environment and financial risk. A decade on, we have far more powerful and cheaper cyber networks, mobile devices and connected things. The global security threat environment for business has clearly worsened and cyber security has evolved to beyond simply an IT issue but a “business problem of the highest level” (Sharf, CEO Visa Inc). With this in mind, Palo Alto Networks has produced a ‘must read’ for any Company Director and C-suite officer. In its 2015 Data Breach Report, Verizon found that 60 percent of the nearly 80,000 security incidents reviewed, including more than 2,000 confirmed data breaches, cyber attackers were able to compromise an organisation within minutes. Alarmingly, only about one third of the compromises were discovered within days of their occurrence (Brewer, Fmr CIO, US Department of Energy). The current average discovery takes 205 days (Ashar Aziz, FireEye, October 2015). As attacks continue, they are also likely to increase in sophistication and profitability and is “simple for hackers to assemble very accurate profiles of individuals and their positions in companies and launch socially engineered attacks or campaigns. These attacks can be hard to spot in the absence of proper training for individuals, and difficult to control in the absence of good practices and procedures regardless of how good the technology is that is deployed to protect an organisation.” (McLaughlin, CEO, Palo Alto Networks) A survey on behalf of KPMG found that of 130 global institutional investors, with $3 trillion under management, affirmed that cyber events may affect investor confidence in the board and demand for the affected company’s shares. Investors opined less than half of boards of the companies they currently invest in have adequate skills to manage rising cyber threats. It was also found 43 percent of board members have ‘unacceptable skills and knowledge to manage innovation and risk in a digital world.’ 86 percent of investors want to see increases in time boards spend on addressing cyber risk.” Boards would be wise to raise their game by disclosing more detail of their board oversight efforts and engaging with investors when cyber incidents occur, or they may run the risk of a loss of investor confidence. (McGurn, ISS Special Counsel) For additional verification of this issue,

according to a PWC report, Deciding on Data, in 2013 Australia missed out on $48 billion of potential data-driven productivity improvements, particularly within government, health and agriculture. Yet a thriving innovation ecosystem has the potential to increase Australia’s productivity and raise GDP by $37 billion in 2024. (Kumar, WAdirector, Issue 54, Australian Institute of Company Directors) World Economic Forum research showed 90 percent of executives feel they only have nascent and developing capabilities to combat cyber threats. Still very few organisations have developed ways to assess their cyber risk exposure and to quantify them. The aggregate impact of cybercrime on the global economy can amount to $3 trillion in terms of slowdown in digitisation and growth and result in the slower adoption of innovation. Even the annual cost of economic espionage reaches $445 billion. As an example, Target’s breach cost the company more than $140 million, a large portion of which went to cover litigation costs. Aon research shows that more than 80 percent of breaches cost the companies less than $1 million. (Kvochko & Kerimi, World Economic Forum) Although a silver bullet to achieve cyber resilience doesn’t exist, organisations need to consider comprehensive frameworks for quantifying and mitigating risk factors, including cyber risks. For organisations the focus will shift from the attacker to assets and how to secure them in a distributed digital ecosystem, where everything is vulnerable. (Kvochko & Kerimi, World Economic Forum) The attacker’s business plans are expansive with extremely generous profit margins. Multiple reports suggest cybercrime is in the hundreds of billions of dollars. They can use identical attack methods against multiple targets and their ‘market’ is accessible to them worldwide. Meanwhile, cyber defence tends to be almost a generation behind as anticipating the method and point of attack is extremely difficult. Moreover, law enforcement is almost non-existent with less than 2 percent of cyber criminals prosecuted. Traditional government methods to fight criminal activity have not matured to address the threat and may be inappropriate to meet the dynamic nature of this uniquely twenty-first century problem. Notwithstanding also that consumers tend to prefer utility and function over security, which is a disincentive for companies to enhance new devices with added security, which often slows or limits utility. Corporate boards are faced with the conundrum of needing to use technology to grow and maintain their enterprises without risking the corporate Crown Jewels or hard won public faith

in the bargain. (Clinton, CEO Internet Security Alliance) Directors are well advised to proactively fulfil their risk oversight functions by driving senior management toward a well-developed and resilient Cybersecurity program (Kim & Dunne). Corporate spending on Cybersecurity has doubled over the past few years and totals more than US$100 billion a year. In contrast, the total US Government spending on Cybersecurity is generally estimated to be near US$16 billion. Despite the spotlight on Cybersecurity one recent survey found nearly half of directors had not discussed the company’s crisis response plan in the event of a breach or other considerations around insurance, engaging experts, risk disclosures, national standards and compliance frameworks. (Clinton, ISA) To help accelerate toward the same level of stability and comfort had with financial and other risk issues, a board level Cybersecurity blueprint may include six key areas: 1. Inclusive board level discussion and empowering all directors to be accountable for Cybersecurity; 2. Proactive cyber risk management should incorporate Cybersecurity into early stage business decisions; 3. Differentiate assets for varying levels of security and Cybersecurity; 4. Investment in human defences will ensure the organisation’s cybersecurity investment goes beyond technical to include awareness, education and training programs for employees. 5. Limit exposure through business partners; and 6. Incident response policies and procedures to mitigate risk should a breach occur. (Cox) One of the most important defences against cyber-attack is an informed, vigilant employee population. Employees and executives are often targeted with carefully crafted emails designed to be relevant to the employer’s personal or work life. In reality these emails are loaded with malicious code. One click by a less careful individual can deploy a cyber weapon into the company’s network and execute various actions that shut down critical business functions or steal information and accounts. The bottom line is that human behaviour is equally important as security technologies in defending against cyber threats. Boards should know if employee awareness and training programs are in place and how effective they are. It also helps to build a culture of security awareness. (Cote) Under executive leadership it is very

53 | Asia Pacific Security Magazine

important that there is continued improvement in processes used to manage the security of organisations. People must be continually trained on how to identify cyber-attacks for people to take appropriate steps to take in the event of an attack.” (McLaughlin, CEO, Palo Alto Networks) In the wake of a breach, a victim’s security will also come under scrutiny, and a contractual counterpart may argue that the security was inadequate under the contract. It is difficult to define such terms adequately and still provide flexibility in the face of changing threats. (Woods, Banno, Graves) This book is a compilation of contributions from subject matter experts and business leaders and details all relevant and critical issues, considerations and best practice solutions for what is indeed a twenty-first century problem. Technology continues to progress rapidly. Note 2015 was the year the Future of Life Institute released a letter signed by some 1,500 artificial intelligence (AI), robotics and technology researchers calling for an international ban on offensive autonomous weapons, which could target and fire weapons without meaningful human control. Companies must be in front of the game wherever possible and cyber security is one such critical element and a business enabler – the subject matter is broad but this book will steer you in the right direction for cyber threats, cyber insurance, understanding cyber espionage and theft of trade secrets, combatting the insider threat and importantly, the needs for corporate structures, legal and regulatory considerations and incident response, risk management and workforce development. Recommended and essential reading for any public or private sector senior officer, director and above. Thanks to Palo Alto Networks and Recognition PR for the holiday season read. We also look forward to hosting executive boardroom lunches with Palo Alto Networks during 2016. If you have a Director or CXO needing to get across the issues, I welcome to register your interest here: editor@australiansecuritymagazine.com.au

Australian Security Magazine | 49

54 | Asia Pacific Security Magazine

CivSec 2016 CONGRESS AND EXPOSITION 31 MAY - 2 JUNE 2016 MELBOURNE AUSTRALIA

CIVIL SECURITY AND CIVIL DEFENCE FOR THE INDO-ASIA-PACIFIC A COMPREHENSIVE FORUM FOR LEADERS AND PROFESSIONALS Border Control l Transport, Resource and Infrastructure Security l Physical, Cyber and CBRNE Security l Policing and Emergency Services l Surveillance, Intelligence and Response l Community Safety and Public Protection l Disaster Relief and Humanitarian Assistance l Remediation, Reconstruction and Resilience l Safety, Search and Rescue l Capability and Research l Technology and Innovation

FREE ADMISSION - PRE-REGISTRATION REQUIRED