Asia Pacific Security Magazine, May/June 2018 by MySecurity Marketplace

THE REGION’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.asiapacificsecuritymagazine.com May/June 2018

INDIA IN-FOCUS

ASEAN Australia Summit 2018

The future is here: India’s digital programme

– Security enhancements

Booking Facebook in India

Walls have ears: Why culture and process matter in improving cybersecurity

How is India coping with cyber threats? The essence of learning & knowledge management in emergency services

Australia’s 2018 Federal Budget – Security sector focus

Beware of the Black Swans

Australia’s cyber offensive capability – Policy brief

Blockchain – Analyst Insight

IS THIS TIME DIFFERENT? $8.95 INC. GST

PLUS

Women in Security | Techtime

Cyber Security

Weâ&#x20AC;&#x2122;re TRANSFORMING Join us as we embark on the next phase of our journey

- visit our new online store at hills.com.au -

HCORP0011-Jan18-v1

For more information on these and other best-in-class solutions from Hills call us on 1300 HILLS1 (445 571) or visit hills.com.au

facebook.com/HillsLtd/ C2 O N N E CT E N T E RTA I N | Asia Pacific Security Magazine

SECURE

Asia Pacific Security Magazine | 3

Cyber Security

25 – 27 JULY 2018

SECURING INNOVATION The 2018 Security Exhibition + Conference: Powered by ingenuity and invention, showcasing the latest technology and cutting edge thinking. From physical and electronic solutions, to biometrics and cyber security. Australia’s largest security event offers three days of business networking and intelligence sharing. Take a first-hand look at what’s next for the security environment including intelligence on managing threats and identifying risks.

MELBOURNE CONVENTION + EXHIBITION CENTRE EXHIBITION IS FREE REGISTER NOW securityexpo.com.au

#security2018

4 | Asia Pacific Security Magazine

RD BI LE Y B RL ILA EA VA ED A IT ES M S LI A S P

THE ASIAL SECURITY 2018 CONFERENCE

INTELLIGENCE AND APPLICATIONS TO MITIGATE RISK AND VULNERABILITY The ASIAL Security Conference hosts a compelling program of renowned local and international experts and academics with case study evidence on how to protect your business, brand reputation and vital assets along with mitigating risk and vulnerability. It is your annual opportunity to receive fundamental updates from the organisations shaping today’s security landscape in a program carefully curated by the industry’s peak body. The format and content has been updated to reflect critical industry updates on the first day, followed by your choice of streamed sessions on the second and third day of the program. Learn proven strategies to tackle your security challenges with crucial intelligence on the ever-changing landscape.

HEADLINE SPEAKERS

COMMANDER GEOFFREY SMITH

DR GAVRIEL SCHNIEDER

CAROLINE SAPRIEL

DANNY BAADE

Group CEO, Risk 2 Solutions Group & Head Lecturer of Psychology of Risk, ACU

Managing Director, CS & A International

Head of Security, Gold Coast 2018 Commonwealth Games Corporation

DAVE BROOKS

ARYE KASTEN

DAVID CROMPTON-GUARD

DR LISA WARREN

Post Graduate Course Co-coordinator, Security Science, Edith Cowan University

Chief Executive Officer, M.I.P Security

Business Continuity Manager, Safety, Security & Resilience, Metro Trains

Clinical/Forensic Psychologist and Founder, Code Black Threat

Commander, Tasmania Police

SECURITYEXPO.COM.AU FOR FULL SESSION DETAILS Book now to take advantage of this discount and avoid disappointment as the 2016 and 2017 programs sold out.

Lead Industry Partner

EXHIBITION HOURS

CONFERENCE HOURS

Wed 25 July 9:30am-5:00pm

Wed 25 July 9:00am-5:00pm

Thurs 26 July 9:30am-5:00pm

Thurs 26 July 9:00am-3:30pm

Fri 27 July 9:30am-3:30pm

Fri 27 July 9:00am-3:30pm

Asia Pacific Security Magazine | 5

Cyber Security

2018 #SecurityAwards Call for Nominations g By

Anna Ho, Marketing and Communications Officer, Australian Security Industry Association Limited (ASIAL)

he vital role performed by Australia’s private security industry will be recognised later this year at a special awards ceremony in Sydney organised by ASIAL. The 2018 Australian Security Industry Awards for Excellence and Outstanding Security Performance Awards will recognise excellence in the security industry. Nominations are open to all and provide an opportunity to recognise individuals, including frontline security personnel who have gone beyond what could reasonably expected of them in providing a level of service that exceeds client’s expectations. Likewise, organisations and teams who have demonstrated leadership and innovation will also be recognised. Judging of the awards will be undertaken by an independent panel of judges, that includes Damian McMeekin, Managing Director of CT Intelligence & Insight; John Adams, Editor, Security Electronics and Networks Magazine; John Curtis, Director, IPP Consulting Pty Ltd; Michael Walker, Senior Manager, Security Services, Facilities Management, Reserve Bank of Australia; Rachell DeLuca, Senior Security Consultant, ARUP and Vlado

6 | Asia Pacific Security Magazine

Damjanovski, CCTV Expert Specialist and MD, ViDi Labs. Nominations open 1 July and close 31 August. Winners will be presented at a special awards ceremony to be held at Sydney’s Doltone House Hyde Park on Thursday 18 October 2018.

2018 AWARD CATEGORIES INCLUDE: • Individual Achievement – General • Individual Achievement – Technical • Gender Diversity • Indigenous Employment • Special Security Event or Project – Under $500,000 – Over $500,000 • Integrated Security Solution – Under $500,000 – Over $500,000 • Product of the Year – Alarm – Access Control – CCTV – Camera – CCTV – IP System/Solution – Communication /Transmission System

– Physical security (bollard, gate, barrier, lock)

AWARD CATEGORIES INCLUDE: • Outstanding In-house Security Manager/ Director • Outstanding Contract Security Manager/ Director • Outstanding Security Team • Outstanding Security Training Initiative • Outstanding Security Partnership • Outstanding Security Officer • Outstanding Female Security Professional • Outstanding Guarding Company • Outstanding Security Consultant • Outstanding Security Installer • Outstanding Information Security Company For more detailed information on the award nomination criteria and process visit www.asial.com.au/ securityawards2018

RECOGNISING EXCELLENCE

#secur ityawards Organised by:

2018

AUSTRALIAN

Security Industry The Australian Security Awards Ceremony & Dinner The night is an opportunity to celebrate excellence and innovation in the security industry, and network with likeminded security professionals. www.asial.com.au/securityawards2018 Date: Thursday 18 October 2018 | Venue: Sydneyâ&#x20AC;&#x2122;s Doltone House Hyde Park Entertainment Sponsor:

Lead Dinner Sponsor:

2018 Asia Pacific Security Magazine | 7

Contents Editor's Desk 8 Cyber Security Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Art Director Stefan Babij Correspondents Jane Lo

MARKETING AND ADVERTISING T | +61 8 6465 4732 promoteme@australiansecuritymagazine.com.au SUBSCRIPTIONS

www.australiansecuritymagazine.com.au/subscribe/ Copyright © 2017 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E: editor@australiansecuritymagazine.com.au

The #FUTURE is here

Booking Facebook in India

Beyond the horizon insights

Cryptocurrency - Is this time different?

Walls have ears

Australia’s 2018 Budget Security Industry Wrap-up

Beware of the Black Swans

Connection not collection

Security enhancements from ASEAN-Australia Summit 2018

Cybersecurity in Space & Military Operations

Blockchain briefing

The impact of AI Technology on cybersecurity

By 2050 – we will be beyond the cloud and on mars

TechTime - the latest news and products

Book review

Page 14 - Facebook in India

Page 40 - Connection not

collection

All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.

CONNECT WITH US www.facebook.com/apsmagazine

Page 44 - ASEAN in Australia

Summit – Security Enhancements

@AustCyberSecMag

OUR NETWORK

www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about www.youtube.com/user/MySecurityAustralia

Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.

Correspondents* & Contributors Also with

www.australiancybersecuritymagazine.com.au

Page 46 - Cybersecurity in

Fiona Wade Mike Stone

Space & Military Operations

www.asiapacificsecuritymagazine.com

Jane Lo

Nick Johnson

www.aseantechsec.com

www.drasticnews.com

www.chiefit.me

www.youtube.com/user/ MySecurityAustralia

Sarosh Bana www.cctvbuyersguide.com

8 | Asia Pacific Security Magazine

Chas Capewell

Page 50 - The impact of AI Technology on cybersecurity

Editor's Desk "China’s peaceful construction in the Spratly archipelago, including the deployment of necessary national defence facilities, is aimed at protecting China’s sovereignty and security. Those who don’t intend to violate [this sovereignty] have no reason to worry." -Hua Chunying, China’s foreign ministry spokesperson, 19 May 2018, South China Morning Post

n a regional perspective, the Asia Pacific region, or Indo-Pacific, depending your preference, continues to be troubled with the disruption to the Korean Peninsula peace process, albeit somewhat predictable and always pretentious. China has also confirmed it has exercised long-range H-6K bombers landing and taking off from Woody Island, China’s largest base in the Paracel Islands. Together, these events maintain ominous signs of advancing militarisation and future conflict. North Korea cancelled high-level talks with South Korea, just prior to them occurring and it appears likely to also cause the withdrawal from a summit with the United States. Opportunity to divert engagement was taken in reacting to the military exercises between the US and South Korea. North Korea's Central News Agency (KCNA) called the US-South Korean "Max Thunder" air combat drills, which it said involved US stealth fighters and B-52 bombers, a "provocation" that went against the trend of warming North-South ties. "This exercise, targeting us, which is being carried out across South Korea, is a flagrant challenge to the Panmunjom Declaration and an intentional military provocation running counter to the positive political development on the Korean Peninsula," South Korea's Yonhap news agency quoted KCNA as saying. "But we are no longer interested in a negotiation that will be all about driving us into a corner and making a onesided demand for us to give up our nukes and this would force us to reconsider whether we would accept the North Korea-US summit meeting." In addition to the Korean fissure re-appearing geo-politically, the mid May terrorist ‘family’ bombings in Surabaya, East Java, Indonesia has again reminded us of concerns about the South East Asian region and the risk posed by returning Islamic State fighters. Indonesia raised its alert status to siaga 1,

the highest level, across Jakarta and key regions in the wake of the bombings, conducted by an entire family, that hit three churches and killed 10 people and injured over 40. The following day, a bomb exploded at the entrance to Surabaya Police headquarters, a few hours after a bomb prematurely went off in Sidoarjo. The police station attack injured four police officers and six civilians. Malaysia experienced a surprise election result with the unlikely rapprochement between Mahathir Mohamad and his former political nemesis, Anwar Ibrahim. Mr Anwar has been promised leadership of Malaysia's new governing coalition when Dr Mahathir, 92, decides to step down within two years. Malaysia has been dogged with political corruption, economic stagnation and the election is seen as a significant change in optimism for the country. A country to watch closely as revised central politics plays out over the next six to twelve months. In Australia, the federal budget provides $294 million for airport security upgrades, $6.9 million over two years to continue the work of the Australian Border Force Airline Liaison Officers (ALOs) at 19 key overseas international airports and a further $121.6 million over four years to support new screening technology for passengers, baggage and cargo. The Australian Government has signalled the need for an additional 140 AFP Counter Terrorist First Response officers to be based at airports and a further 50 officers to provide tactical intelligence and other support at an additional cost of $122 million. In this edition we have several insights into India’s growing adoption of technology. In July 2017, India, with 241 million users, edged past the US, with 240 million, to become the country with the highest number of Facebook users. The Cambridge Analytica scandal has aggravated privacy concerns of Indians, who are already grappling with a mass surveillance system put in

place by the right-wing Bharatiya Janata Party (BJP)-led government. This issue is now before the Supreme Court that will be adjudicating on the necessity – and legality – of the 12-digit unique identification (UID) number called ‘aadhaar’, that is mandated for availing of 139 government and private services and schemes. Our cover feature on Cryptocurrency is highly relevant with Asia Pacific being the largest potential trading market. Singapore sits alongside the U.S. and Switzerland as the leading jurisdictions for entrepreneurs considering where to launch their ICOs. Some countries have outright banned BitCoin trading and South Korea, host to some of the world’s larger crypto exchanges, triggered a USD100 BLN loss in the markets early this year when it announced an intention to “prepare a bill to ban cryptocurrency trading through exchanges”. Demonstrating the breadth of the region in the security and risk domain, we have a growing number of event partners, with major industry events promoted in Australia (Melbourne, Sydney, Gold Coast), Singapore, Hong Kong, Shanghai, Mumbai and Tokyo. We encourage you to reach out, attend and engage with your colleagues where ever possible. And on that note, as always, we provide plenty of thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.

Sincerely,

Chris Cubbage CPP, CISA, RSecP, GAICD

Executive Editor

Asia Paci ic Security Magazine | 9

Frontline

The #FUTURE is here

A By Sarosh Bana Mumbai Correspondent

10 | Asia Pacific Security Magazine

s the Indian government rolls out its Digital India programme that seeks to transform the entire public service ecosystem by leveraging information technology (IT), it is curiously the Communist-ruled state of Kerala that has taken up this mission in earnest to set itself on the path to becoming a digitally empowered society and knowledge economy. Kerala today is the only one of India’s 29 states that is under Communist rule and has been pursuing transformative initiatives for raising the quality of life of its people. A recent global digital summit, labelled ‘#FUTURE’ and having the theme Towards a Digital Future, helped launched the southern Indian coastal state towards its goal of becoming a knowledge-based society. The landmark event was attended by over 2,000 IT professionals and experts, government and industry leaders, start-up entrepreneurs, and knowledge stalwarts. At the inaugural, Kerala Chief Minister Pinarayi Vijayan informed the gathering - that included S.D. Shibulal, Kris Gopalakrishnan and Nandan Nilekani, the founders of India’s second largest software major Infosys, former Reserve Bank of India governor Raghuram Rajan, Kerala’s economic advisor and Harvard University economist, Gita Gopinath, and a galaxy of achievers from the Indian diaspora - that his

government is putting in place all infrastructure and policy framework to achieve this objective. An industry initiative supported by the state government, #FUTURE showcased Kerala as a global digital and IT destination that is drawing on its wealth of highly qualified and skilled human resource and world class physical and digital infrastructure to connect and collaborate in enabling a digital lifestyle for all. “Through this summit, we look to equip our industries and government services like our education system, social welfare and healthcare so as to make the best use of emerging technologies,” affirmed the Chief Minister. The state, famed for its verdant landscapes and sylvan beaches, is promoting startups through technical and financial support and is also investing in skill development platforms, apart from ensuring last mile connectivity. #FUTURE also saw the launch of M-Kerala, a unified mobile application to enable and simplify government services, Kerala having the largest public wi-fi deployment in the country. While the state has excellent primary, secondary and higher education systems in place, it looks now to the next logical step of readying a platform for its highly qualified youngsters from where they can make their dreams take off. Kerala is not only the first state in India to declare internet access a basic human right, it has also earmarked

Frontline

“India cannot afford to miss out on the artificial intelligence and robotics revolutions,” he stresses. “We need not be a victim of that change, but can embrace it and participate on our terms; we have to be leaders rather than followers

a special fund for providing internet connections to two million families either free or at subsidised rates. Manoj Nair, CEO of Smart City Kochi, which is jointly promoted by the Kerala government and Dubai Holding, says the state believes that new-age technologies should not be denied to anyone in a country that is rapidly heading towards a cashless economy and efficient governance. A thousand public hotspots have already been set up for wi-fi in Kerala, with plans to scale this up by an additional thousand every year. #FUTURE was also the first ever completely digitised event in Kerala to use mobile-based services for registration, entry and communication. Shibulal, who now chairs Kerala’s High Power Committee on IT (HPIC), deems it significant for the event to be held at a time the world is on the threshold of a massive change affecting the entire spectrum of activities. “The aim of #FUTURE is to think about the future of Kerala and India,” he mentions. “A direct outcome of the event will be the formation of a ‘Digital Achievers Network of Kerala Origin’, the members of which will, on a collective and individual basis, become the brand ambassadors of the state.” Keeping in mind the massive changes taking place, Kerala has identified six vital areas: cognitive science, enabling financial services with block chain technology, data analysis,

cyber security, electronic vehicle regime and leveraging space technology. The uniqueness of Kerala’s IT policy lies in the fact that it is committed to making timely revisions and the first such exercise will take place over the next few months. Rajan, who is now Professor of Finance at University of Chicago Booth School of Business, says the world is changing fast and India cannot remain indifferent to the changes. “India cannot afford to miss out on the artificial intelligence and robotics revolutions,” he stresses. “We need not be a victim of that change, but can embrace it and participate on our terms; we have to be leaders rather than followers; the world is coming to India and we have to be prepared.” He urges policy-makers to address the weaknesses in education, skill development and employment in the country, maintaining that any failure in remedying these weaknesses will turn the country into an economy that will have ‘haves’ living aloof to be served by an army of supportive staff. “This is not an ideal situation socially, or desirable for a stable society in the long term,” he avers. “Countries such as India cannot afford to remain complacent, because unlike in the west, we do not have jobs to lose - we need far more jobs.” Speakers at the conclave felt the need of the hour was for world class higher education institutes, and that the country would do well to bring back some of its talented emigrants to administer these institutes. It was felt that India was not as global as it should be, and needed to join the global supply chain sooner rather than later. They called for policy-level initiatives in smoothening the paths so that industries could flourish with innovative financing solutions. The lack of risk financing was a major lacuna, and this was compelling some Indian companies and start-ups to incorporate abroad, leading to their ownership by foreign entities. At a panel discussion on banking, experts felt that with banks increasingly functioning with new age technologies, the banking sector would need to address the issues of privacy and security. “The concept of a bank’s branch is changing and while banking will exist in a new form, branches may disappear as they may no longer be necessary in a physical form,” said Federal Bank Chairman and Managing Director Shyam Srinivasan. Recalling that the introduction of ATMs in the US in the 1980s had raised concerns of job losses in the banking sector, Gita Gopinath maintained that employment had, in fact, been enhanced. “The advent of ATMs made running

Asia Pacific Security Magazine | 11

Frontline

the branches cheaper and led to a 50 per cent increase in branches in the US,” she said. Referring to cyber and data security, HPIC member Rajesh Nair was of the opinion that while Blockchain – the world’s leading platform for digital assets - might have inspired certain innovations, it could not be said that this technology was an answer for all the issues. HPIC member V.K. Mathews, who was also the Convener of #FUTURE, notes that all disruptions taking place globally offer enormous opportunities as well as challenges. “The purpose of #FUTURE is to inspire and energise people towards a knowledge-driven digital future,” he says. “Such renewed energy, drive and aspiration will help facilitate the accelerated growth of IT/digital opportunities.” Calling Kerala a miniature future world, he realises why this tech-savvy state of 38 million people that boasts of 100 per cent literacy, houses India’s largest IT Park and is the favoured test site for global cyber giants. “Considering Kerala’s digitally adept workforce and its track record as a disruptive IT force on a global scale, various industry bodies and alumni associations have joined hands to explore its full potential and empower its next-generation leaders,” he observes. “#FUTURE, organised by these industry insiders in association with the Kerala government, is the first leap towards that end and is the fire-starter of a conversation.” An array of innovative and disruptive startups showcased their products and technologies at #FUTURE, and digital zones, the first of their kind for any event in Kerala and created by global companies, sought to demonstrate what the digital future would hold for the society. One such start-up was Watasale, India’s first fully automated unmanned retail store that is open round-theclock to provide customers a seamless shopping experience of buying anything, anytime, anywhere. Another startup, Kochi-based Sastra Robotics, makes industrial robotic manipulators aimed at testing car infotainment and mobile phone touchscreens. HIRO (Humanoid Intended for Robotic Operations) has been developed by Kochi-based startup Robo Inventions to help with shopping and to wait at the dining table, with the capability of handling objects weighing upto 120 kg. The inventers claim the humanoid robot can also be linked to any software used in the hospitality and healthcare sectors, and can converse with humans, with the ability to answer three to four questions at a time. Another startup, Nirmai, an artificial intelligence-based model, can diagnose breast cancer among women, while Gloheal, co-produced by Aster Medicity and Tata Communications, is a medical platform designed to bridge the gap between patients and specialists. The 11 startups showcased at #FUTURE were of the 48 produced at Maker Village, India’s largest hardware electronic incubator, on the outskirts of Kochi, by various teams of IT professionals from all over the country. Maker Village CEO Prasad Nair said the 25,000 sq ft facility was developed by the Kerala Startup Mission as a joint initiative with the Ministry of Electronics and IT (MeitY) and Indian Institute of IT and Management Kerala (IIITM K). Their joint endeavour was to create an ecosystem that will enable startups and entrepreneurs in the electronics sector to build, break and innovate, leading to products that will transform the landscape of the Indian economy. “Our focus in hardware will be IoT [internet of

12 | Asia Pacific Security Magazine

'The 11 startups showcased at #FUTURE were of the 48 produced at Maker Village, India’s largest hardware electronic incubator, on the outskirts of Kochi, by various teams of IT professionals from all over the country.' things], robotics and wearables,” he mentioned. Broadening such initiatives will be the Trans Asia Cyber Park coming up at the special economic zone (SEZ) in Puthencruz, also outside Kochi. Its vice president Mathew Cherian points out that in view of the upcoming IT boom, his agency has ventured into its next realty project that will comprise schools, malls, banks and other public utilities. “Trans Asia Cyber Park straddles 600,000 square feet and conforms to standards for energy efficiency,” he says. Gopalakrishnan, who now operates seed fund and accelerator Axilor Ventures that he co-founded with Shibulal, says that #FUTURE will be a bi-yearly event that will create and nurture a network of digital achievers and inspire them to participate in the digital ambitions.

Frontline

Are your people, really your people? Analysing human behaviour for real-time early risk detection

FREE TRIAL

Expose the Hacker [before they do damage] Security breaches happen every day, every hour. The costs are enormous and create complex damages for the attacked organisation.

Real-Time Alerts By using ResponSightâ&#x20AC;&#x2122;s behavioural analytics software you will be able to monitor desktop, laptop and server use, identify abnormal user behaviour and detect real-time enterprise risk, giving you confidence that your people are really your people. ResponSight is an early warning risk intelligence and business decisionmaking tool.

FREE TRIAL - Register today: www.ResponSight.com/freetrial

www.ResponSight.com

Asia Pacific Security Magazine | 13

Frontline

Booking Facebook in India

I By Sarosh Bana Mumbai Correspondent

14 | Asia Pacific Security Magazine

t sounds far from reassuring when the founding head of the world’s largest social media platform testifies before the United States Senate that his company is committed to maintaining the integrity of elections across the world, including India, the country with the most elaborate electoral exercises. The question that indeed arises is why he needed to make such a pledge in the first place. Evidently, online social networking companies like Facebook, whose chief executive and founder, Mark Zuckerberg, was the one called for the Congressional hearing, wield power and influence well beyond bringing people together to chat with one another. “This is my top priority for 2018,” Zuckerberg added in his testimony, seeking to calm India’s vast electorate where the key southern state of Karnataka will go to the polls in May. Facebook, with 2.1 billion active users who give it a global usage penetration of 23 per cent, is the biggest and most popular social network on the web, and is headquartered rather incongruously at 1 Hacker Way, Menlo Park, California. In July 2017, India, with 241 million users, edged past the US, with 240 million, to become the country with the highest number of Facebook users.

The tech behemoth has come under a cloud after the Cambridge Analytica (CA) scandal surfaced recently, with charges of 87 million Facebook users’ personal data having been shared, without their knowledge and permission, with the British political and business consultancy that worked with the Trump campaign. Almost 80 per cent of users were from the US, and half a million in India. Facebook users sign up for free, but the 2004 start-up mines their data to target ads and campaigns, selling sensitive information to advertisers. CA CEO Alexander Nix – who was dismissed soon afterwards - claimed in an interview that his company had run “all the digital campaign, the television campaign, and our data informed all the strategy” for Donald Trump’s campaign, which helped Trump edge out his Democrat rival Hillary Clinton in the November 2016 US Presidential elections. While in a separate statement, his company, which had worked on Facebook ads for the Trump campaign, maintained it had “never claimed” it had won the election for the President, it added: “We are proud of the work we did on that campaign and have spoken in many public forums about what we consider to be our contribution to the campaign.” CA’s own website proudly claims: “Data drives all we do.

Frontline

“We are beginning small and know it is important to learn from this test and listen to our community as we continue to update ways for people to understand what might be false news in their News Feed.”

Cambridge Analytica uses data to change audience behavior.” While the US Federal Trade Commission is inquiring into Facebook’s handling of user privacy, the company suffered hugely from news of the scam, with its market value driven down nearly $50 billion and its share-price plunging by 10 per cent within two days of the news breaking out. As India has had similar misgivings about Facebook’s possible manipulation of elections in the country in the past, the company has announced a third-party fact-checking programme in Karnataka, where polls are to be held on 12 May, in order to counter the spread of fake news on its platform. The social media giant says it will partner BOOM, the independent digital journalism initiative and factchecking website, for a pilot programme in the state. BOOM was founded in 2014 as part of Mumbai-based Ping, a Food to Living digital video network. “…BOOM, certified through the International Fact-Checking Network, non-partisan international fact checking network at Poynter, will be able to review English language news stories flagged on Facebook, check facts, and rate their accuracy,” noted

Facebook in a blog post. “We are beginning small and know it is important to learn from this test and listen to our community as we continue to update ways for people to understand what might be false news in their News Feed.” Once Facebook rates a story as false, it will reduce its distribution by 80 per cent, with the hope of stopping the hoax from spreading and reducing the number of people who see it. “Pages and domains that repeatedly share false news will also see their distribution reduced and their ability to monetise and advertise removed,” it added. Both the BJP and the opposition Congress Party have traded charges on allegations that Cambridge Analytica and its Indian affiliate, Ovleno Business Intelligence, were hired by political parties to profile voters using their Facebook data, with an aim to influence the outcome of elections. Cambridge Analytica has uploaded as a case study on its website the work it did in the 2010 elections in the northern state of Bihar. India, however, is viewing the issue very seriously. Threatening “stringent action” against any company found blameworthy, IT and Law Minister Ravi Shankar Prasad said, “...let me make it very very clear, we fully support freedom of press, speech and expression; we fully support free exchange of ideas on social media; but any attempt, covert or overt, by social media, including Facebook, of trying to influence India’s electoral process through undesirable means will neither be appreciated nor tolerated.” Addressing the Facebook CEO directly, the Minister intoned: “Mr Mark Zuckerberg, you better note the observation of the IT Minister of India. We welcome the FB profile in India, but if any data theft of Indians is done through the collusion of FB system, it shall not be tolerated. We have got stringent power in the IT Act, we shall use it, including summoning you in India.” New Delhi also issued a notice to CA, inquiring whether it had used the data of Indian Facebook users in the course of its work for clients during polls in the country. Denying any such activity, CA retorted that it had undertaken surveys in India and followed proper guidelines and procedures for that, and that it did not have data of Indians. In its reply to a similar notice, Facebook maintained that “a total of 562,455 people in India” were potentially affected by the unauthorised sharing of data with CA. The Indian government has warned both the companies of action under its IT Act if any users come forward to file complaints about any harm or damage they may have experienced as a result. Facebook pointed out that it was investigating all apps that had access to large amounts of information and would conduct a full audit of any

Asia Pacific Security Magazine | 15

National

app with suspicious activity. In his deposition, Zuckerberg told the panel of 44 Senators that he wished to ensure against interference in any more elections, including in India. “Our goals are to understand Facebook’s impact on upcoming elections — like Brazil, India, Mexico and the US midterms — and to inform our future product and policy decisions,” he said. “The most important thing I care about right now is making sure no one interferes in the various 2018 elections around the world.” He said Facebook would ensure that its platform was not misused to influence elections in India and elsewhere. He was clearly mindful of the fact that his company would be in crisis if it faced any blockade or restraints in its biggest market. Despite this, Facebook has made only relatively small investments in India and has been without a country head, betraying an indifference to a market so lucrative. In fact, India is also the largest user base - with over 200 million users - for Facebook’s popular messaging app, WhatsApp, but this too has been bereft of a full-time executive. Also, neither Facebook nor WhatsApp has a local server in India. Facebook India has not filled the positions of Umang Bedi, who quit as Managing Director last October, and of Facebook India and South Asia Director Sandeep Bhushan, who left in February. The CA scandal has aggravated privacy concerns of Indians, who are already grappling with a mass surveillance system put in place by the rightwing Bharatiya Janata Party (BJP)-led government. This issue is now before the Supreme Court that will be adjudicating on the necessity – and legality – of the 12-digit unique identification (UID) number called aadhaar that is mandated for availing of government as also private services and schemes. The petition before the apex court contends that this world’s largest biometrics-based identity programme treats citizens as suspects and seeks their identification rather than their identity. It argues that such personal data can be routed to state surveillance mechanisms through “state and non-state entities” holding that data. It is now becoming increasingly clear that Facebook has more information on Indians than perhaps even the government of India. On the eve of the 2014 polls that brought in the present government, Facebook India put up a post that said: “Lok Sabha 2014 elections start April 7 and Facebook is committed to encouraging people to participate in the democratic process and on ensuring that people know when they can cast their ballots.” Facebook also exhorted voters with the announcement: “As part of the Election Commission of India’s (ECI) National Voters’ Day pledge, people who are 18 years and above will receive a reminder in their Facebook News Feed to take a National Voters’ Day pledge on 25th January [2018].” Within days of Zuckerberg’s testimony, Facebook India posted another message: “We understand the importance of keeping your data safe, and are making it easier for you to control which apps you share information with. You can go to the Apps and Websites section of your settings anytime to see the apps and websites you've used Facebook to log into. You can also remove the ones you don’t want connected to Facebook anymore.” It is now known that not only does Facebook mine copious data of all its users, even the occasional ones, it does this even when the users are offline, and indeed it can track

16 | Asia Pacific Security Magazine

even those who are not its subscribers but correspond with those who are. Users convey basic personal data upon signing up for Facebook, and gradually add to it on their own and when they add third-party apps. Facebook can use these data to target users with ads or announcements, and over time the data could include the preferences of the users, their likes and dislikes, their friends and contacts in the network, including those that have been deleted, the clubs, groups, associations they belong to, all IP addresses used upon logging into the Facebook accounts, and quite simply just about all the users’ activities. Facebook describes its activity log as “a list of your posts and activity, from today back to the very beginning. You’ll also see stories and photos you’ve been tagged in, as well as the connections you’ve made – like when you liked a Page or added someone as a friend.”

National

AuSec2018 4th Australian Security Summit: DETECT. DETER. DISRUPT

17th July 2018

QT Hotel Canberra, 1 London Circuit, Canberra ACT 2601

Tim Morris Executive Director, INTERPOL (France)

Jeremy Douglas Regional Representative, United National Office on Drugs and Crime (Thailand)

Paddy McGuinness Deputy National Security Adviser for Intelligence, Security and Resilience â&#x20AC;&#x201C; Cabinet Office (UK)

Patrick Stewart Assistant Chief, United States Border Patrol (USA)

Register now Call: (02) 9008 7676 Email: info@publicsectornetwork.com.au Visit: events.publicsectornetwork.com.au/event/ausec-2018

Bart Raeymaekers Director General, Federal Crisis Centre, Belgium Government

Karin von Hippel Director General, RUSI (UK)

Quote ASM50 50% off* you for r ti - My Security cket Media subscribers *G overnm en

t O NLY

Asia Pacific Security Magazine | 17

Cover Feature

Beyond the horizon insights: How India is coping with cyberthreats?

A By Sarosh Bana, Asia Pacific Security Correspondent

18 | Asia Pacific Security Magazine

massive debate is raging across India on the rightwing Bharatiya Janata Party (BJP)-led government’s agenda on mining personal data for putting a mass surveillance system in place. The issue now lies before the Supreme Court that will be adjudicating on the necessity – and legality – of the 12-digit unique identification (UID) number called aadhaar that the government has mandated for availing of 139 essential services and schemes. These range from opening bank accounts, purchasing mobile phones and filing Income Tax returns to applying for permanent account numbers (PANs), house subsidies, even death certificates, subsidised foodgrain, healthcare and education for the desperately poor, booking train tickets, supplementary meals at crèches, and maternity benefits, vocational training and loans for underprivileged women. Requiring iris scan and fingerprinting, biometric-based aadhaar is a single authenticator of identity and domicile, but it can also be used as a customer verification mode and for maintaining profiles. It is, however, distinct from the US’s nine-digit social security number (SSN) launched in 1936 to ensure benefits and track individual earnings in the social security system. From 1961, it was used by the Internal Revenue Service for identifying taxpayers, just like aadhar today, prompting the Carter administration in 1977 to halt its use as a national identity document. The Social Security Administration also does not fingerprint SSN applicants, as this method is associated in the public mind with criminal activity. Today, an SSN is required to secure a job, and access

social security benefits and some other government services. The fear that personal information can be compromised if aadhaar databanks are hacked has been validated by a study by Bangalore-based Centre for Internet and Society (CIS) that indicates data leakage of over 130 million aadhaar card holders from just four government websites. The data include bank account numbers. A 31-year-old man was also arrested in August for illegally and unauthorisedly accessing the UIDAI server. As many as 1.1 billion of India’s population of 1.34 billion have already enrolled in the aadhaar scheme. The petition before the Supreme Court contends that aadhaar enrolment, which was previously voluntary and then made compulsory and which requires biometric profiling, treats citizens as suspects and seeks their identification rather than their identity. It cites this world’s largest biometricsbased identity programme as one linking sufficient data to facilitate profiling as it can track one’s spending habits, contacts and assets, even trips overseas, apart from other intrusive information. In a previous related case, the Court noted that though information may exist in silos, it has the potential to profile every individual if interlinks are established. It deemed it easy for such personal data to be routed to state surveillance mechanisms through “state and non-state entities” holding that data. The Indian government’s push to advance digitisation (through its Digital India programme) has also raised questions on online vulnerability owing to possible threats of cyber attacks. Numerous cyber attacks affecting key infrastructure assets like ports and major payment companies

Cover Feature

have made headlines recently. In India’s social context, almost 70 per cent of transactions are cash-based, with the majority earning and making purchases in negligible amounts that do not require cheque or bank transfer payments. In fact, the demonetisation initiative of the government of November 2016 had digitisation as one key purpose. While demonetisation had a grievous fallout on the national economy and businesses, especially small businesses, one major beneficiary had been India’s largest digital payments company, Paytm, which reported a 700 per cent surge in traffic, and 1,000 per cent growth in transaction volumes post-demonetisation. While this company - majority of which is held by Chinese internet giant Alibaba and Japanese telecom major SoftBank, with its founder and CEO Vijay Shekhar Sharma holding only 19 per cent - had reported losses of Rs1,534 crore (A$ 313 million) in the year before demonetisation, recorded revenues of Rs814 crore (A$ 166 million) in the year after. Its net worth stands at Rs2,376 crore (A$ 485 million) and it now has over 220 million active wallet users. Recognising the importance of data protection and keeping personal data of citizens secure and protected, India’s Ministry of Electronics and Information Technology (MeitY) has constituted a Committee of Experts comprising members from the government, academia and industry to study and identify key data protection issues and recommend methods for addressing them. The committee will also suggest a draft Data Protection Bill. MeitY expects protection of data to provide a big boost to the digital economy of the country. The Ministry last month also approved a programme called Cyber Surakshit Bharat (Cyber Secure India) that has been proposed by an industry consortium led by Microsoft India. This programme will be executed in association with the National e-Governance Division (NeGD) to train the Chief Information Security Officers (CISOs) and other Information Technology officers of the Central and State governments, public sector banks and enterprises and other institutions to address cybersecurity challenges. Jan Neutze, Microsoft’s Director of Cybersecurity Policy for Europe, Middle East and Africa, deems cybersecurity a vital aspect of any economy that is digitising rapidly, especially at the rate India is currently seeing. He notes that in this push to advance digitisation, India has the opportunity to avoid some of the challenges and mistakes made by other countries and ensure that security is built into its framework right from the start, rather than bolt it on at the end. “The Cyber Surakshit Bharat initiative, for which Microsoft is a partner, seeks to build out the cybersecurity capacities of CISOs across the government by training 1,200 of them,” he says. “We think this initiative has great potential and we will see if we can replicate it elsewhere in the world.” Referring to the cyber threats and security issues for businesses and industries in India and the risks to the country, he mentions that while cybercriminals are becoming more sophisticated, threats are also emanating from hostile nationstates that are developing cyberoffensive capabilities. To tackle these challenges, Microsoft last year opened a Cyber Security Engagement Centre (CSEC) in India, its mission being to drive public-private partnerships that

strengthen cooperation with Indian businesses, academic organisations and government on cybersecurity. “The CSEC also aims to fight cybercrime by securing Indian computers and internet users from various cybercrime threats by bringing together experts such as security response experts, investigators and attorneys from Microsoft’s Digital Crime Unit,” says Neutze. “Cybersecurity challenges don’t stop at national borders, so you need a global network of capabilities, which is exactly what we have set up.” In this regard, Microsoft has opened Transparency Centres all over the world, in North and Latin America, Europe and Asia, which provide access not only to its source code, but also secure access to Microsoft experts. This ensures a global approach to cybersecurity that helps mitigate threats in one part of the world, and then extends this protection to customers in equal or equable ways around the world. “Microsoft’s Government Security Programme currently includes over 70 organisations in more than 40 countries,” observes Neutze. “We have over 3,500 internal security professionals that work on cybersecurity and cloud security at Microsoft, and invest over $1 billion on cybersecurity every year.” Rajesh Maurya, the Bangalore-based Regional Vice President for India and SAARC (South Asian Association for Regional Cooperation comprising eight member-states) of California-based cybersecurity major Fortinet, finds hyperconnectivity and proliferation of online devices creating a criminal playground that is increasingly difficult to secure. “The proliferation of online devices accessing personal and financial information, and the growing connection of everything – from armies of IoT (internet of things) devices and critical infrastructure in cars, homes, and offices, to the rise of smart cities – have created new opportunities for cybercriminals and other threat actors,” he says. “The cybercriminal marketplace is adept at adopting the latest advances in areas such as artificial intelligence to create more effective attacks.” Fortinet’s just-released Global Enterprise Security Survey reveals that 87 per cent of Indian businesses surveyed are planning programmes in 2018 to educate employees in IT security, reflecting a growing awareness that breaches are caused by carelessness and ignorance as much as maliciousness. It also finds that 73 per cent of Indian IT decision makers (ITDMs) at 250+ employee organisations are confident in their cybersecurity posture, despite 84 per cent of organisations being breached in the past two years. Additionally, 96 per cent believe they are doing better than their peers with regards to cybersecurity, while only one per cent believe they are lagging behind. Respondents reveal that 39 per cent of breaches experienced in the last two years were the result of social engineering, ransomware and email phishing. “Another top concern for Indian organisations is protecting access to the network,” the study points out. “Only three quarters of ITDMs feel confident that they have full visibility and control of all devices with network access, and of the access level of all third parties who frequently have access to networks.” Besides, basic security measures like network segmentation are only being planned by 21 per cent of businesses in 2018. Without network segmentation, malware entering a network will often be left to spread.

Asia Pacific Security Magazine | 19

Frontline

Cryptocurrency - Is this time different?

D By Jane Lo Singapore Correspondent

20 | Asia Pacific Security Magazine

riven by investors’ “fear of missing out” (FOMO) in the latest innovations, and the seemingly effortless ease to launch an Initial Coin Offering (ICO) ICOs of BlockChain ventures reached a peak in 2017 with the total amount raised surpassing that via the traditional venture capitalist route. The success of these all-but-unknown companies attracting funds in some cases hundreds of millions, is striking. Many did not exist a year ago; some do not even have a functioning prototype. The rise of the ICOs is compared to the Tulip mania, the Dot Com boom, or even the more recent Sub-prime lending boom. Is this time different though? To answer this, we look at a few frequently asked questions.

“estcoin” plans in a December 2017 blog. With a cluster of rich investors and digital pioneers specialists, and the publicity generated from the successful fund raising of Ethereum and related projects, Switzerland emerged as a crypto hub. Tezos, for example used Switzerland‘s (in addition to the US) as a base. The US topped the chart as the largest base used by crypto start-ups, such as the blockchain company EOS raising close to $200million (a record until Tezos overtook it three weeks later). Singapore, wtih a regulator who espouses transparent communications and approaches, and a vibrant stat-up scene, was another hub for investors: Tenx and Quonine (a joint Singapore Japanese) were examples of high profiles ICOs.

How well did cryptocurrency do in 2017?

Is the cryptocurency mania running out of control?

The U.S., Singapore, and Switzerland are currently the leading jurisdictions for entrepreneurs considering where to launch their ICOs, although all governments are still figuring out how to regulate ICOs,” wrote Kaspar Korjus, managing director of Estonia’s e-residency program, as he detailed

With the stratospheric rise of BitCoin, a flurry of companies jumped on the cryptocurrency bandwagon. Even late comers to the party were able to capitalize on market’s insatiable demand for crypto related ventures: The 130-year-old Eastman Kodak company, a one-time

Frontline

leader in photography, ushered in 2018 with blockchain plans to secure digital photograph rights and royalties. Its share price saw triple digit increase. Rich Cigars, Inc.’s filed for a name change preChristmas, to 'Intercontinental Technology, Inc.' to align with the Company's direction and overall strategy, including “entry into the business of cryptocurrency mining by our ownership and operation of multiple cryptocurrency mining machines.” Its share price jumped by more than 2000%. Long Fin Inc, while a legitimate business, saw its stock jumped by more than 1,000% on its December announcement of acquiring cryptocurrency player Ziddu.com, adding Ziddu “coins,” to its mix of services. Long Island Iced Tea Corp, a little-known company making non-alcoholic lemonades and ice teas, changed its name to Long Blockchain Corp and saw its shares soared by as much as 500% percent in pre-market trading. (As at time of writing, both Long Fin Inc and Long Island Iced Tea Corp are facing potential delisting from Nasdaq.) How are contributors and investors reacting? Two high profile 2017 crypto coin launches were Tezos and Bancor - the former raising $232 million in a few days during July, beating the $150 million by the Bancor ICO some weeks before. But as reports of alleged attempted embezzlement surfaced, Tezos’ investors filed class action lawsuits accusing the company of securities violations and fraud, arguing that the funds were not “non-refundable donations” to the Swissbased Tezos foundation and need to comply with securities legislations. The Board restructured recently and its price recovered from the November lows, although there was still no updates on launch date for the Tezos coins. With the Tel Aviv-based project Bancor, its value plunged a few months after its ICO as investors grew disillusioned with its value proposition as a liquidity provider for tokens, especially for those with unconvincing model and unable to sustain sufficient interest to grow customer base. In January 2018, it released news of growth statistics (35 tokens traded on the platform, with token exchange volume going from $3 million per week in November to $37 million per week in January) that briefly drove up its price. Another suit by disgruntled investors was recently brought in February 2018 against another company, claiming securities laws violations by offering and selling unregistered securities during its ICO period. Paragon, which aims to aim to use BlockChain to address challenges in the cannabis industry by tracking everything from seed to dispensary, covering the entire supply chain such as growers, laboratories, logistics, raised more than $70 million during its Oct ICO. While its price had plunged weeks after the October ICO, the law suit drove it to new lows. How are the banks responding? Amidst the competing opinions from proponents and sceptics, remarks from the banking industry focusing on Bitcoin had grabbed the most headlines. Last year, banking titans, Jamie Dimon of JPMorgan

Quoine, which has roots in Japan and Singapore, closed its ICO – which raised $105 million in an oversubscribed ICO – to fund the launch of Quoine Liquid, a platform for listing various digital tokens generated during ICOs, in order to provide a platform offering liquidity to token holders and investors. Mike Kayamori is QUOINE's Co-Founder CEO, at Money 20/20 Asia 2018, on “The Winding path towards mainstream adoption of cryptocurrencies”. Photo Credit: Quoine.

With strong industry support having graduated from the PayPal startup incubation program, and winning first at the DBS Blockchain Hackathon as OmniChain, TenX, raised USD $80 million in just 7 minutes. But what comes next? Paul Kittiwongsunthorn, Co-founder & CPO of TenX, talked about what happens after the ICO: how to deliver value to the token-holders, what the duties are and what the relationship dynamic is like with this new investor class at Money 20/20 Asia 2018. Photo Credit: Tenx

famously said he would "fire in a second" any JPMorgan trader who was trading BitCoin; Lloyd Blankfein of Goldman Sacs said “something that moves 20% [overnight] does not feel like a currency. It is a vehicle to perpetrate fraud”; Chief Information Officer of the largest lender in Southeast Asia, DBS, said, “We see BitCoin as a bit of a Ponzi scheme”. And in February this year, Bank of England Governor Mark Carney said Bitcoin has so far “failed” to meet two key requirements of a currency: it is neither a medium of exchange, nor a store of value.

Asia Pacific Security Magazine | 21

Frontline

But there were some recent signs that increase the acceptance of the crypto currency.

Share prices of Kodak and Rich Cigar – on announcements of Blockchain related ventures and activities. Source: icodrops.com

In Feb 2018, The Israeli Supreme Court reached a decision and issued a temporary court order to prohibit Israel’s Leumi Bank from limiting in any capacity the bank account of Israeli crypto company Bits of Gold, which acts as a broker in facilitating the buying and selling of digital assets. In March, Coinbase (one of the world's biggest cryptocurrency exchanges and wallets) obtained a bank account with a U.K. lender Barclays, marking the first major partnership between a U.K. bank and cryptocurrency exchange. Coinbase also said it was granted an e-money license by the U.K. Financial Conduct Authority (FCA), thereby reducing transaction time and exchange rate charges for users to convert directly into pound without going through the euro. How are the regulators responding? Some countries have outright banned BitCoin trading; some see it as a solution to its struggling economy, such as Venezuela which launched an oil-reserves backed Crypto. Others experiment with the underlying BlockChain technology (Canada’s Project Jasper). Gibraltar is even launching a Gibraltar BlockChain Exchange. Host to some of the world’s larger crypto exchanges, South Korea’s intention to “prepare a bill to ban cryptocurrency trading through exchanges” triggered a USD100 BLN loss in the markets early this year. Denounced by the government a few days later (who was instead considering firing the Minister of Justice), with a subsequent clarification a week later that “trading is approved only from established-name bank accounts”, its regulatory direction seemed set until a comment a month later that it “should rather work more on normalization than increasing regulation”. The evolutionary approach was underlined by a Korean-based Crypto specialist at Money 20/20: “the government believed the technology is beneficial to the economy, and is familiarising itself with the ecosystem and studying the technology to come up with practical regulations.” Regulators are increasingly focusing on assessing if the tokens are considered security for investment purposes. In the US, since the SEC’s July ruling that Dao tokens were considered securities, the Howey Test had become the reference for such assessment. In short, if you as an investor has a reasonable expectation of profits based on the efforts of others, then your investment of money or value is a security. FINMA (Swiss Financial Regulator) also focuses on the function and transferability of tokens: A Payment ICO or Utility ICO (which solely confers digital access rights to an application or service) is not considered securities (though the former requires compliance with anti-money laundering regulations); while Asset ICOs (representing participations in physical underlyings, companies or earnings, or entitlements to dividends or interest payments, and economically are analogous to equities, bonds or derivatives), are considered securities, which requires compliance with securities and civil law under the Swiss Code of Obligations (e.g. prospectus requirements). Singapore’s regulator MAS has also clarified “where the crypto tokens represent ownership or a security interest over

22 | Asia Pacific Security Magazine

ICO Returns - how much the token price has changed relative to the initial ICO token price. Source: icodrops.com Ravi Menon, Managing Director, Monetary Authority of Singapore. “Striking a balance between innovation and stability” Money 20/20 Asia 2018. Photo Credit: Money 20/20 Asia 2018

an issuer’s assets or any property, or a debt owed by the issuer, they may be regarded as securities under the Securities and Futures Act”. What about Cyber Security Risk? Concerns expressed by would-be adopters focus on power consumption requirements (which had been compared by some to say, Ireland) and slow transaction processing speed (7 transactions per second versus say 2,000 by Visa) as reasons

preventing scalability. Agreeing that "crypto-assets do not pose risks to global financial stability at this time," (as noted by regulators at a recent G20 summit), concerns for most regulators tend to focus on crypto’s role on facilitating illicit flows of funds, in addition to potential ICO mis-selling scandals. But hacking on the other hand, a highly profitable prospect for those with the rare skillset, is a risk often overlooked, pointed out at Money 20/20 Asia “Preventing Cryptocurrency theft: Learning from the past to avoid a major breach”. Attribution is also notoriously difficult, making it hard to catch hackers and recoup losses. In jurisdictions where crypto currency is not regulated, regulators have made it clear there are no safeguards for losses. Even in regulated jurisdictions (e.g. Japan), regulations struggle to catch-up. When Mt.Gox was hacked and eventually declared bankruptcy, charges of fraud and embezzlement, and computer systems manipulation were brought against the CEO - yet there is no explicit charge related to the missing 650,000 bitcoins. Hacks of Bitfinex, Parity Multi-Sig, NiceHash, CoinCheck highlighted the increasing targeting of exchanges and wallets by Cyber criminals as values of crypto currencies rise. At BlackHat Asia 2018, David Wong and Mason Hemmel (Security consultants at NCC Group) highlighted known Ethereum smart contracts vulnerabilities (published in a “Top 10 of vulnerabilities” on www.dasp.co), starting with the infamous DAO, a decentralized crowd-funding platform. Launched in 2016 raising USD 150 million in only 28 days (the largest crowdfunding event at the time), a hacker used an unthought-of exploit “reentrancy” and made away with USD 50 million shortly after. "For 700 lines of code, it was effectively the largest bug bounty ever". Parity multi-signature wallet, used by many holdings and ICOs to store their ethers and ERC-20 tokens was another. The open sourced smart contract failed on two occasions during 2017, which led to the theft of 150,000 ethers and tokens in the first occasion, and removal from the Ethereum network of 513,774 ethers and more tokens in the second. "I accidentally killed it." said the mysterious developer named "devops199” – and the culprit and his/her initial intentions remained unknown. Front-running, a practice long outlawed in the financial markets - where brokers who have knowledge of market moving trading intention of their clients, place their own trades before their client’s buy order in order to profit of rising price - was discovered to be easily exploitable on the Ethereum system, in particular in vulnerable smart contracts like those of the Bancor exchange. Denial of services, which are usually temporary for websites and web services, could be fatal for most smart contracts. This class of unrecoverable attacks includes many variants (such as attacks using the practical gas limit of Ethereum transactions or the (bad) accounting of smart contracts) and will probably see a lot of development in the years to come. “Ethereum is still in its infancy. The main language used to develop smart contracts, Solidity, has yet to reach a stable version and the ecosystem's tools are still experimental. Some

Brad Garlinghouse, CEO, Ripple, at Money 20/20 Asia, on Managing Director, Monetary Authority of Singapore. “Striking a balance between innovation and stability” Money 20/20 Asia 2018, on the current payment infrastructure, Ripple’s XRP cryptocurrency creating a faster, cheaper and safer digital payments system, and regulations. Photo Credit: Ripple

Black Hat Network Operations Centre at Black Hat Asia 2018. Photo Credit: BlackHat Asia

David Wong, Mason Hemmel, Security Consultants, NCC Group at Black Hat Asia 2018, on A Deal with the Deveil: Breaking Smart Contracts.

Dr. Elizabeth Baylor, Researcher. Money 20/20 Asia “Preventing Cryptocurrency theft: Learning from the past to avoid a major breach”. Photo Credit: Money 20/20

Asia Pacific Security Magazine | 23

National

Money 20/20 Asia 2018 audience, at Marina Bay Sands, 20 – 22 March 2018 .

of the most damaging smart contract vulnerabilities surprised everyone, and there is no reason to believe there will not be another one that will be equally unexpected or equally destructive. As long as investors decide to place large amounts of money on complex but lightly-audited code, we will continue to see new discoveries leading to dire consequences”, said David and Mason. Summing up … Bitcoin opened the new year with a massive correction that almost halved its value from pre-Christmas peak of USD 19,000. But the momentum built up last year with its tripledigit returns seemed resilient as bargain hunters reportedly rushed in to buy on the dip. However, most wealth managers caution against significant investments in cryptocurrency, expressing concerns with the topics above – price volatility, technological immaturity, regulatory uncertainties, hacking risks, US Commodity Futures Trading Commission, which allowed two exhanges to offer futures contracts based on bitcoin, warned investors “Do not invest in products or strategies you do not understand”. A day after Bitcoin hit an all-time-high last December, MAS reminded the public to act with extreme caution and understand the significant risks they take on, “as most operators of platforms on which cryptocurrencies are traded do not have a presence in Singapore, it would be difficult to verify their authenticity or credibility. There is greater risk of

24 | Asia Pacific Security Magazine

fraud when investors deal with entities whose backgrounds and operations cannot be easily verified.” MAS also emphasized that “before investing in cryptocurrencies, members of the public should carefully consider the claims being made about the products being offered – if the touted ease of making significant profits sounds too good to be true, it probably is. Investors should carefully assess whether an investment in cryptocurrencies is suitable for their investment objectives and risk appetite”. On the encouraging side, Falcon Private Bank became one of the first Swiss banks last July to receive authorization from the Swiss Finanical Supervisory Authority (FINMA) to provide BlockChain asset management solutions for its clients, enabling them to exchange and hold Bitcoins via Flacon by using their cash holdings. Almost all investment literature warns potential investors that past performance is no guarantee of future results, but the exuberance reflected in the prices implies the belief that “this time is different”. Indeed, there are many bright minds studying the proof-of-work, cryptology, Byzantine problem important concepts underpinning BlockChain – pointing to potential for significant breakthroughs to solve key challenges faced today. Ultimately, as MAS’s Ravi Menon pointed out at Money 20/20 Asia 2018, “The litmus test will be public trust and acceptance. Basically, the history of privately issued money has not been an inspiring one. Will people put their faith in Money that is not backed by a trusted public institution like a central bank dedicated to protecting its value?”

09 - 10 July

•

Conrad Hong Kong Hotel

ENRICH. ENABLE. EXCEL. At (ISC)2 Security Congress APAC 2018, you’ll get to engage with over 400 security-minded individuals, discover solutions to the latest cybersecurity threats, and gain insight from international industry experts.

2 Days 6 Tracks 35+ Sessions

40+ Speakers

Tracks Include:

Why Attend? Invest in yourself in 2018 Gain insights from regional cybersecurity leaders

and experts

Create valuable connections with like-minded individuals

if e

Enjoy a customized learning journey Earn up to 16 CPEs

n sA rmy K

Cloud Security

Critical Infrastructure

Emerging Technologies & Security

Governance, Risk & Compliance

Professional Development

Security Operations

Enjoy 10% off with the code: M18MSEC Standard Price: US$ 432

5% additional discount for group purchase.

#ISC2congressAPAC

For inquiries: (852) 2850 6953 securitycongressapac@isc2.org In Partnership with:

Visit apaccongress.isc2.org

Supported by:

Platinum Sponsors:

E TUN IN ! NOW

www.australiancybersecuritymagazine.com.au 26 | Asia Pacific Security Magazine

PODCAST HIGHLIGHT EPISODES

Episode 28 – Australia’s eSafety Commissioner, Julie Inman-Grant discussing online safety, cyber bullying and child exploitation

Episode 15 – Protecting media & journalists in hostile environments – Shannon Sedgwick, CEO of GM Risk Group

Julie Inman-Grant, the Australian eSafety Commissioner at the Office of the eSafety Commissioner, speaks with Chris Cubbage at the Women in Cyber Mentoring Event in Sydney. Julie discusses her role and her focus on online safety, preventing cyber bullying, and child exploitation, and how her 17 years formerly at Microsoft, as well as Adobe, and Twitter, assist her in her role as the Commissioner of eSafety.

In this interview, Chris Cubbage interviews Shannon Sedgwick, CEO of GM Risk Group, a consulting firm specialising in protecting media staff, both in terms of physical and cyber security, as they travel in hostile environments.

Chris and Julie also discuss the three pillars within eSafety of safety, security, and privacy and their inter-connectedness and priorities, and how parenting and education are still the two major lines of cyber-defence.

Shannon has personally provided protective services to media companies and has travelled to over 30 countries this year, including the Congo, Afghanistan, and Iraq. Shannon discusses the services that GM Risk Group provide, how to mitigate risk, and the increased focus of media companies on duty of care and overall safety for journalists. If you, or members of your team work in regions of the world, where data or physical safety are at risk, then you’ll enjoy this interview with Chris Cubbage and Shannon Sedgwick.

Episode 25 – ECU Cooperative Research Centre & Dr Peter Hannay’s research into historical location data within digital devices In this interview, Dr Peter Hannay of Edith Cowan University (ECU) provides insight into the recent completion of his doctoral research which focused on historical location data that can be gathered from small and embedded devices. This research was used by WA Police to assist in homicide cases, for tracking a suspect’s movements, as well as providing a credible alibi. Peter also talks about ECU’s Cooperative Research Centre, a $130 million-dollar project, as well as leading research in cyber security, particularly IoT. If you’re interested in cyber security research, and true crime, then you’ll enjoy this interview with Chris Cubbage and Dr Peter Hannay.

Episode 8 – Meet Renowned Autonomous Vehicle Security Architects & “White Hat” Hackers, Dr. Charlie Miller and Chris Valasek, GM’s Cruise Automation You’ll love this interview with Charlie Miller and Chris Valasek. As the sixth interview at #AISACON17 in Sydney, we met these celebrity ‘security architects’, who first hacked two non-connected, commercially available cars using a diagnostic port. While some consideration was made to security in the original software, Chris and Charlie highlighted that with a little problem solving, and a lot of patience, control systems, effecting steering, brakes and lights could be manipulated. Later, the dynamic duo set their sights on ‘remotely’ hacking a Jeep SUV. In this interview, we’ll learn how they were able to bridge the gap between the ‘head unit’ or radio, and the control systems, and take control. All while the driver was travelling at over 100 km per hour. Enjoy the discussion!and privacy and their inter-connectedness and priorities, and how parenting and education are still the two major lines of cyber-defence.

Episode 17 – Tackling online extremism through inclusion and tolerance: The Raqib Taskforce In this interview, Chris Cubbage interviews Anooshe Mushtaq, Chair and Founder of The Raqīb Taskforce, an organisation that promotes social inclusion and cohesiveness for Australia’s Muslim community, particularly the youth. Anooshe shares how her grassroots organisation is helping to debunk hate speech, remove division, and promote the voice of young Muslims, to counter extremism both within and outside the Muslim community. This involves a host of online and social media strategies. Ultimately, the Raqib Taskforce aims to build a tolerant and cohesive society, through better understanding of all sides. Please Note: This interview was arranged and conducted by MySecurity Media independently of the Risk Management Institute’s National Conference. Recorded November 16, 2017, Canberra.

Episode 9 – Cyber Threat Alliance (CTA) President Michael Daniel in Sydney #AISACON17 Our seventh interview at #AISACON17 in Sydney in October, is with the President of the Cyber Threat Alliance, Mr Michael Daniel. In this interview, Michael Daniel talks about his new role at the Cyber Threat Alliance, or CTA, and how his organisation and the 12 member companies are sharing threat intelligence at speed and scale. In particular, you’ll hear about the CTA’s ‘sharing rule’, that ensures collaboration, and improves all members’ products and services. And this sharing is quick. Michael highlights that the time from detection by one member company to deployment by another member company can be as short as only 54 minutes. In this interview you’ll hear cyber security vendors working together to collectively, systemically disrupting the ‘bad guys’.

www.australiancybersecuritymagazine.com.au Asia Pacific Security Magazine | 27

PODCAST HIGHLIGHT EPISODES

Cyber Security

Episode 49 ASEAN-Australia AUSTRAC Codeathon 2018 – Interview with AUSTRAC’s Chief Innovation Officer & Director for Innovation, Information & Transformation Chris Cubbage talks to Leanne Fry, Chief Innovation Officer, and Rajesh Walton, Director for Innovation, Information & Transformation, both of AUSTRAC, at the ASEAN-Australia Codeathon held in Sydney.

Episode 37 Red Hat, the world’s largest open source software company in APAC & video surveillance You’ll hear about the role of Red Hat as a technology steward, bridging open source software with enterprises, while maintaining piece-of-mind, the Red Hat product suite, and their role in reducing the costs within the surveillance market through more efficient data compression algorithms and storage.

Episode 47 The entertaining Adam Spencer, MC of the ASEAN-Australia Codeathon, hosted by AUSTRAC

Episode 36 Artificial Intelligence, Deep Learning & Neural Networks

The always entertaining and intelligent Adam Spencer, MC at the ASEANAustralia Codeathon in Sydney, hosted by AUSTRAC. Adam discusses the importance of regional collaboration, with respect to cyber security, and also how blockchain technologies could help to increase integrity in our daily lives.

Hans Skovgaard, the Vice President of Research & Development with Milestone Systems discusses Artificial Intelligence, it’s changing popularity over the past 30 years, and its resurgence in relation to deep learning, due to the power of today’s computational neural networks

Episode 48 Implications & Opportunities of the European Union’s GDPR and Australia’s NDB scheme

Episode 31 Women in Cyber – Sandra Ragg, Deputy National Cyber Security Adviser within the Department of Home Affairs and Cabinet & Heide Young, National Events Manager, Australian Women in Security Network

David Kemp, Specialist Business Consultant, and Matthew Hanmer, Regional Director Security Software, both from Micro Focus, the 7th largest pure software company in the world, discuss the implications of the European Union’s GDPR, or General Data Protection Regulation, and Australia’s Mandatory Notifiable Data Breach (NDB) scheme.

Episode 45 Insight into MarkLogic’s Secure NoSQL Database Tim Macdermid, VP of Sales for APJ, and Jason Hunter, the CTO of Asia-Pacific, both of MarkLogic talk about the company’s growth, and expansion starting from servicing publishing, public sector, intelligence agencies, and financial services, big and small, as well as its application within cyber security.

Sandra Ragg, Deputy National Cyber Security Adviser within the newly formed Department of Home Affairs and Heide Young, the National Events Manager for the Australian Women in Security Network, or AWSN discuss the role of the AWSN, its rapid growth in membership, future plans of cooperation and initiatives, its role in mentoring women in cyber security, as well as the cultural change required to increase the percentage of women in cyber security, but also the importance of inclusion of women, not just diversity for diversity’s sake.

Episode 30 CISO Insights – Narelle Devine, Chief Information Security Officer – Australian Department of Human Services

Episode 22 Analyst Insights – Enterprise cyber security market & China’s citizen score card with cyber regulations

Narelle Devine, Chief Information Security Officer for the Department of Human Services discusses the difficulty in going out to market to find talent in cyber security, and how it takes ‘all sorts’ with a broad experience to build a strong cyber security team. The interview also discuss her role as a CISO and the importance of developing a peer-to-peer network to generate solutions and collaborate on ideas.or General Data Protection Regulation, and Australia’s Mandatory Notifiable Data Breach (NDB) scheme.

Claudio Stahnke, Research Analyst focused on IT security with Canalys, recorded at the Canalys Channels Forum, 5-7 December, 2017 in Perth discusses the enterprise cyber security market in general, the EU’s General Data Protection Regulation, or GDPR, as well as mandatory reporting on security breaches, cyber insurance, vendor mergers, IoT predictions, and China’s citizen score card (Social Credit System) and their cyber regulations.

www.australiancybersecuritymagazine.com.au 28 | Asia Pacific Security Magazine

W O N

S G A E E-M

T U O

N I L N O

THE

VERN

G GO

EADIN

’S L NTRY COU

e s in th try Trend logy indus o n h c e t d

fine are de Softw ing th every RIT

IN AZ

SIO

ous

onom

sics

l foren

Digita

n tio uta p e r ur t yoeach c e r t Pro er a b aft ncy rre u c pto ity Cry ecur ain s kch ent c In o l m m B age reu Man e h Et ntity ple Ide peority? e k u c ta we T Se Cant of Io ou $8.95

INC. GS

curity

maga

zine.c

om.a

Feb /

March

2018

e 4,

S RATE ORPO

Issu

F RO

U t ECf au So IONe RTis s MA R le O vehic INF IAN

anse

sa nge a e u te cha Clima security iss S l a n io nat he sing t p THE Clo a REG g ls IO il kN urity s ’S LEADING c e S r GOV .au Cybe ERN om MEN e.c T AN Cybe azin DC n a ag ORP g m in r t s ORA a e ity e r r c ag u TE S C o u M c f 201 c rity T orld – ECU Se r rse e e RITY w 8 r yb e yb e tC n c c s MAG n d n u s e s m lia ig @A AZIN ll a te r e s t y S in E | ust e a n . to www 8 w s 1 e 0 il 2 .asia ww pac MIPS The s M ifics ecu tate ncr ritym o i of m aga t y p zine a t a o h c .com l m i c c fi i i n ous rity ing ti rea n o S u m c n b e o a S i r t h ou cat t Pho in l n c a e n o m a Wo l: Pers ver Cont nes as Ac Bre st ab notifi Altern pecia li rol C poweanadtive pa S iration to de rity rede cess t ju ’ n ntial is secu d nby yinmspents tre orew s c B e Trend lockc Sp eltd s h a i n i n M the t i n d Dark ustry ec d – op hnology b, bri Anon WeH por ymit yTosr i&cs s c ale & tunity, yren Chin o F a AGAZ

ITY M

ECUR

ND NT A

INE

ali .austr www

000032

ed PP1

t Approv

Print Pos

201

READ NOW

ost e m ster h t e o is ve t m? Wh ensi e roo h ff o in t

Auto

nom The Rise ous V ehicl of es

echtim ty | T

CA YBERH T SECURIT A C Y TREND D EA S R B Wome

INC.

2018

Intel Creating ligen a t Wo n rld

$8.95

/ April

ecuri n in S

READ NOW

GST

READ NOW

March

2F O0C1U S 8 R BE

PLUS

Wom en

in Se

curit

y | T echt im

www.australiancybersecuritymagazine.com.au Asia Pacific Security Magazine | 29

Cyber Security

NCT

A Vision of IB Consultancy

Conference, Exhibit 28- 30 May 2018 | M Live CBRNe Capability Demonstration by the JGSDF Chemical School - Parallel Conference and Workshop Streams - Asiaâ&#x20AC;&#x2122;s Largest CBRNe Exhibition - Large focus on CBRNe response at High Visibility Events and Medical Countermeasures. NCT Asia Pacific is coming to Japan for its third edition! Taking place in the Marriott Hotel in Tokyo from May 28-30, 2018. The event will kick-start with a live capability demonstration performed by the Japanese Ground Self-Defense Force (JGSDF), at Camp Omiya, on the 28th of May. The demonstration is followed by a two-day conference, workshops and a large indoor exhibition which will bring together national and international civil and military CBRNe stakeholders from across the world.

30 | Asia Pacific Security Magazine

Asia Pacific

tion, Demonstration Marriott Tokyo, Japan The conference will be chaired by Dr. Makoto Akashi, Executive Officer of the QST. In the opening plenary, he will be joined by an international panel of high level decision makers including Major General Shunji Yoshino, Commander of the JGSDF. Topics will include medical countermeasures for CBRNe, CBRNe emergency preparedness and response in preparation of the Tokyo 2020 Summer Olympics, lessons learned from nuclear disasters, securing High Visibility Events and new trends in decontamination solutions.

w w w . n c t a s i a p a c i f i c . c o m

Asia Pacific Security Magazine | 31

Cyber Security Frontline

Walls have ears: Why culture and process matter in improving cyber security By Mike Stone Global Head of Technology Transformation for Infrastructure, Government and Healthcare, KPMG International

32 | Asia Pacific Security Magazine

hen organizations consider cyber security, they usually focus most of their attention on technology, partly because that is what the market pushes them towards. In my view, however, 50% of cyber security is cultural, 30% process and just 20% technology. Cyber security is an arms race and the boards of all organizations need to take it seriously. Frankly, if it isn’t one of the key items on a board’s risk register, that board is asleep at the wheel. But many of the right responses on culture and process are neither new, nor are they particular to cyber security. On culture, the insider threat has long been a problem for organizational security. British government posters during the Second World War reminded citizens that ‘Careless talk costs lives’, with one 1940 Ministry of Information poster also having someone telling a friend ‘Don’t forget that walls have ears!’ in front of wallpaper patterned with Adolf Hitler’s face. But ‘careless talk’ is now something that millions of people indulge in, assuming that they can share everything through social media. While some may be put off by recent coverage of how their data is used, many people are in the habit of sharing their personal and professional lives online by default. To help tackle this, organizations need education – not just about cyber threats such as phishing, but more broadly about how you treat any form of information sharing or access. It might not matter if an employee posts a picture of themselves online, but it might matter very much if it

includes a screen showing sensitive information or a sticky note with a password. Educating people on this is not just about cyber security but how you treat any form of information sharing or access. Security professionals should consider culture too The onus is also on security professionals to consider how employees actually behave rather than how they believe they should. According to the UK’s National Cyber Security Centre (NCSC) British citizens have an average of 22 online passwords, far more than most people can realistically remember. So they reuse them, using the same password for an average of four websites. Many of these passwords will be weak ones, with research based on five million leaked in 2017 suggesting that the favorite choices remain ‘123456’ followed by ‘password’. Security professionals can help with more user-friendly authentication processes. NCSC backs the use of password management software for individuals, which can generate strong passwords for each service – it is more likely that users can remember a single strong master password than two dozen. For organizations, a single sign-on service provides a similar option. NCSC also discourages organizations from forcing users to change passwords regularly, on the grounds that many people will use a similar weak one as the replacement. There are also technology-focused approaches for

'IT leaders can either take a “defense in depth” approach, where they build an ecosystem that integrates products and layers from multiple vendors, or go with a single provider and accept that they are not going to have best of breed in every area.'

spotting insider threats, such as behavior analysis, a useful technique that I will discuss in a future article. Integrating IT security into IT operations On process, it makes sense to integrate security into day-today IT operations. Some organizations run separate network operations centers (NOCs) and security operations centers (SOCs). I believe that having a separate NOC and SOC is not only inefficient insofar as it is doubling up in some ways, but it is also ineffective. It is much better to run a single NOC-SOC, both for efficiency but also because this makes security an integral part of the process of running an organization’s network. A combined NOC-SOC can be controversial and many people believe they should be totally separate. As a practitioner, I believe that it’s much more sensible to bring them together and this is increasingly happening in the market. I’m a great believer that ‘operate’ and ‘defend’ are two sides of the same coin. Good cyber hygiene is no different from good IT operations hygiene – to take another example, business continuity and disaster recovery plans aren’t just a mark of good cyber security but of good IT operational practice. IT leaders can either take a “defense in depth” approach, where they build an ecosystem that integrates products and layers from multiple vendors, or go with a single provider and accept that they are not going to have best of breed in every area.

Both approaches present benefits and risks, but I recommend defense in depth. In my opinion, there is a wide open market opportunity around the provision of a ‘security orchestration bus’ that would take the input from the various products and layers, and make that data available to the others through an API to allow true ‘plug and play’ across the enterprise and throughout the course of business. None of this takes away from the fact that cyber security is a very real problem and I don’t want to take people’s eyes off the ball. But I do want people to concentrate on what actually is important – and that means considering culture and process at least as much as technology. Mike Stone (mailto:Mike.Stone@kpmg.co.uk) is KPMG’s Global Head of Technology Transformation for Infrastructure, Government and Healthcare. He served as an officer in the British Army for 28 years and has worked as Chief Digital Information Officer for the UK Ministry of Defence as well as President of Service Design and Chief Information Officer for BT Global Services. This is the second in a series by Mike Stone on cyber defense in depth.

Asia Pacific Security Magazine | 33

Cyber Security Frontline

Australia’s 2018 Budget Security Industry Wrap-up By Fiona Wade Canberra Correspondent

34 | Asia Pacific Security Magazine

he 2018 Australian Federal Budget was never going to be a dazzler. And true to the predictions of many political pundits, it was indeed targeted towards relieving some of the pressures on middle Australia. With government’s focus clearing towards the next election, it really is no wonder that tax cuts and aged care has taken centre stage of the post Budget rhetoric. On national security, Government has been decidedly quiet. Maybe it’s because this year’s Budget was a bit light on comparatively speaking. That said, a handy $294 million has been ear-marked to: “strengthen security at airports, international mail centres and air cargo facilities over four years as part of new initiatives.” These measures are a direct result, according to Minister for Home Affairs Peter Dutton, of the planned terror attacks thwarted by the authorities last year, which were unprecedented, sophisticated and represented a significant change in the national security environment. “These terrorist plots showed a very real and disturbing danger,” Mr Dutton said in his 2018 Budget media release. “The Government and industry responded immediately to disrupt and contain the threat, increasing law enforcement and strengthening security screening”, he said. Airports, a preferred target for terrorists, are often considered soft targets, with many security experts, pilots and unions warning that regional airports are the most vulnerable. This Budget aims to alleviate fears that regional airports are the ‘weak link’ in the country’s security with over 50 million specially for upgrading security in regional airports.

While the Government has pledged to provide $6.9 million over two years to continue the work of the Australian Border Force Airline Liaison Officers (ALOs) at 19 key overseas international airports, back at home there will be a further $121.6 million over four years to support sophisticated new screening technology for passengers, baggage and cargo. They have also signalled the need for an additional 140 AFP Counter Terrorist First Response officers to be based at airports and a further 50 officers to provide tactical intelligence and other support at an additional cost of $122 million. There is a question over whether this will mean that the government will restore a permanent presence of AFP officers at Hobart airport, following their withdrawal in 2014 and which, according to the state police union, has put pressure on police. But it is the announcement of funding for the National Criminal Intelligence System (NCIS) that has people in the policing and security sector smiling. Providing frontline police with the information and intelligence needed to combat crime and disrupt the terrorism threat, the Australian Criminal Intelligence Commission (ACIC) will now be able to begin the basic build of NCIS and prove its worth beyond a shadow of a doubt thanks to the Budget allocation of $59.1 million over four years. According to a departmental spokesperson: “This commitment by Government will fund the partner connectivity, that will allow the linking of all the states into a system that is fundamentally aligned to the safety of police officers across the country.” Not that the police across the country have any doubt

"One is assuming that some of the above spending measures will be offset by the $256.3 million earmarked over five years that the Government is anticipating saving through the creation of the Home Affairs portfolio."

•

• •

•

that NCIS is needed. And needed now. The Police Federation of Australia, the country’s national police union that represents 60,000 police, first raised the issue of a national case management system and a better shared intelligence regime at hearings of the then Parliamentary Joint Committee into the Australian Crime Commission in 2007. NCIS will allow front line police and counter terrorism operatives to access the complete picture of a suspect. It includes contemporary deconfliction services, rapid search, graphical representation, visual analytics and other intelligence that is already available but currently cumbersome to access. As a whole of government capability operating in a secure, national information sharing environment, NCIS is a joint Commonwealth and State build that will support the collation and sharing of criminal intelligence and information, transcending the state, territory and commonwealth divide. “Through these new measures and finding initiatives, the Government is ensuring the Home Affairs portfolio and security agencies have the tools needed to keep Australia open for business while managing the increasingly complex security environment,” Mr Dutton said. Also announced in the national security space: • the ongoing funding of $62.2 million to maintain Australian Border Force Cutter Ocean Shield at capacity to prevent and disrupt people smuggling; • stronger protection for children through the establishment of the Australian Centre to Counter

• •

•

Child Exploitation, a $68.6 million investment in new capabilities to target criminals engaged in child exploitation; the appointment of the first Commonwealth Transnational Serious and Organised Crime Coordinator to ensure effective Commonwealth action against the most serious criminals; $12.6 million over four years from 2018-19 to the AFP to continue proceeds of crime litigation; $24.4 million in 2018-19 to ASIO to support current operations and undertake preliminary work to enhance future operations; $130 million to upgrade the Department of Home Affairs’ ICT infrastructure for visa processing, identity management and threat analysis, to better detect and prevent threats; the establishment of the Office of National Intelligence and funding for a Joint Capability Fund; $70.2 million to augment the Office of the Inspector General of Intelligence and Security and a comprehensive review of Australia’s national security legislative framework; dedication of $102 million to a smarter biosecurity system to better target the prediction, surveillance and enforcement of biosecurity risk and an undisclosed additional funding over two years from 2018-19 to enhance the capacity of the Australian Secret Intelligence Service to meet the government’s national security objectives.

One is assuming that some of the above spending measures will be offset by the $256.3 million earmarked over five years that the Government is anticipating saving through the creation of the Home Affairs portfolio. Stipulated within the Budget papers, the efficiencies are being achieved by “reducing areas of duplication, creating centres of expertise and achieving economies of scale though coordinated procurement and service delivery functions.” In the meantime, a $7 million review to be undertaken of the Home Affairs portfolio during 2018-19 and due to report before next year’s Budget, will identify opportunities for integrating capabilities, reducing duplication and maximising efficiencies. Let’s hope it can make the efficiencies projected in the forwards.

Asia Pacific Security Magazine | 35

Frontline

Beware of the Black Swans

N By Jane Lo Singapore Correspondent

assim Nicholas Taleb’s “The Black Swan: The Impact of the Highly Improbable” appeared in 2007, during the year when the Dow Jones Industrial Average index peaked at 14,164. Topping the New York Times bestseller list for weeks, Nassim Taleb’s argument that banks and trading firms were vulnerable to improbable events and exposed to losses beyond predictions modelled on standard scenarios, was however taken to be an academic one. That was, until the Global Financial Crisis imploded a year later. The collapse of Lehman Brothers, one of the oldest and largest investment banks on Wall Street; Merrill Lynch, another which verged on bankruptcy; and an incessant string of banking bail-out announcements by governments on both sides of the Atlantic sent global markets plummeting and into a period of extreme volatility. “Black Swan”, a term that describes impossibility, is derived from the presumption that 'all swans must be white', until the discovery of black swans in Australia. The Great Financial Crisis hit home the lesson that “Black Swan”- rare, unexpected but highly significant events - are much more common than we think.

36 | Asia Pacific Security Magazine

The Cyber-Physical attack on Prykarpattya Oblenergo power plant in Western Ukraine, the first cyber-physical attack since Stuxnet degraded Iran’s uranium processing capability in 2010, was an unexpected but highly significant event. At the Safety Case Symposium 2018 held in the Singapore Institute of Technology (14th March 2018, partnered with TÜV Rheinland, SITLEARN, Singapore Standards Council), with 200+ delegates from more than 10 countries, we sat down with Mike Bates (Principal Consultant, Risktec, TÜV Rheinland), to chat about risks and Black Swans in the critical infrastructure sectors. What were some major accidents in the past? There was the 2005 explosion at the third largest refinery in the US – the BP’s Texas City Refinery, triggered by the ignition of a hydrocarbon vapor cloud, killing 15 workers, injuring more than 180. In Singapore, there was the fire at Shell’s refinery off the mainland at Pulau Bukom in 2011, which began near pipelines carrying petroleum products, and took more than 100 firefighters 32 hours to extinguish. In the UK, the one that lead to the introduction of

Frontline

Safety Case Symposium 2018 held in the Singapore Institute of Technology. Photo credit: Safety Case Symposium 2018.

Mike Bates (Principal Consultant, Risktec, TÜV Rheinland) at the Safety Case Symposium 2018 held in the Singapore Institute of Technology (14th March 2018). Photo credit: TÜV Rheinland

offshore safety case was the 1988 explosion and fire of the Piper Alpha platform in UK North Sea, killing 167 of 226 men onboard. Several recommendations included best practices for operational safety - clear shift handovers, adequate safety and evacuation training, operational firewater system, timeliness of management decisions. Recommendations from this incident also formed useful guidelines for other countries when drafting their own regulations. In today’s world, what does it mean to ensure safety of a modern industrial control system? Digital transformation across the industrial and OT sector means no one process or a piece of hardware is considered completely “safe” in an always-on, connected nvironment. Functional safety and cybersecurity are now inextricably linked in modern plant and process control systems. A plant that meets the necessary functional technical safety design requirement could be compromised by a cyberattack impacting its safety integrity level. Embracing Industry 4.0 means embracing the challenge of both safety and cybersecurity risks. So, in Singapore, you have the Singapore Cybersecurity Bill that was recently passed, requiring critical information

infrastructure owners and operators to take responsibility for securing their systems and networks; while the regulations for Safety Case Regime kicked in last September. What are the obligations under the Safety Case Regime? All Major Hazards Installation (MHI) companies are required to submit a Safety Case. ** MHIs in Singapore comprise petroleum refining, petrochemical manufacturing facilities, chemical processing plants and installations where large quantities of toxic and flammable substances are stored or used .. around 110 in Singapore Fundamental obligations under the regulations to prevent major accidents include identification of hazards and risk that may lead to a major accident, control measures, and how organisational, technical and human factors contribute to safety, and arrangements to rectify identified shortcomings. What are the key concepts for a good safety case? Avoid performing a ‘paper exercise’ and generating reams of documentation that is neither read nor practicable.

Asia Pacific Security Magazine | 37

Frontline

Follow a SHAPE approach: S-“Succinct”, H-“Homegrown”, A-“Accessible”, P-“Proportionate”, E-“Easy to Understand”. For example, “Homegrown” means involving staff from different levels of the organization including leadership, middle management, supervisory and ground staff, personnel who understand plant design and operation, staff with expertise in quantitative risk assessment and process hazard analysis, engineers, emergency response team members. By “Proportionate”, we mean the time and effort spent producing a safety case should be proportionate with the risks from the facility. A small plant with high fatality potential may need more effort than a very large facility with low fatality potential. “Beware of Black swans” – does this mean predicting the unpredictable? It is not possible to identify and predict all plausible hazardous scenarios of an Infrastructure Control System where there are multiple interdependencies with millions of possible interlinked chains of events and outcomes. It is more critical to have a crisis management approach to effectively manage the situation, in other words, emergency response and business continuity plans to recover from events. These set out detailed system and flexible resources, appropriate and relevant teams, communication channels to escalate and inform stakeholders, pre-established partnerships including third parties who can work with you to help. Keep the plan up-to-date. Conduct drills, whether is an integrated response drill within the facility or a role-play or desktop exercise, and to attest mutual aid agreement. Simply put, if I were an investor, I would want to know that the company is still running, after an event happen. What are some practical steps? Establish your context and scope of the assessment. Use a recognized framework such as the relevant ISO. Conduct workshops to take an inventory of hazards and risk factors. Involve the right participants, start with what they consider are high risk areas based on their experience. In a refinery for example, high energy materials such as oil and gas present a significant hazard with pressures and temperatures adding to the risk. So, a hazardous scenario could be damage to a live pipework causing loss of containment of these materials which, under specific pressure and temperature conditions, may cause fire or explosion. But how you rate the risk is unique to the environment, for example, depending on your asset’s distance from source of explosion – the nearer you are, the higher the impact for example. Quantifying the risk likelihood and impacts would help rate your risks and design the appropriate safeguards and mitigants. And if you use industry software pre-loaded with scenarios, parameter settings and algorithms – remember that the these may be derived from certain assumptions of laws of physics (e.g .Boyle’s law). So, calibrate these results to your environments. For example, gas and pressure behave differently in a

38 | Asia Pacific Security Magazine

'Many industrial major accidents are colloquially described as black swans, when in fact they were entirely foreseeable and preventable...' dessert versus, say, in Jurong Island of Singapore. And the societal impact of an explosion in a dessert is arguably lower given the lower population density. On the other hand, resources to manage the situation is also arguably limited. So, safeguards for the same hazard in two different locations call for different protocols and designs. And of course, the settings need to be tweaked for season (eg. winter or summer). Key things to keep in mind? Your stakeholders extend beyond your company and employees, to suppliers, the neighbors, and ultimately the end-users. What is the contingency plan if power supply is cut off and consumers have no access? Also ensure sensitive information and data are protected and secured when communicating with your client. Manage your physical security risk such as authorized access to facilities. There is also a difference between high-risks from a business continuity perspective, and those from an operational risk perspective. A high dependency on adequate firefighting resources in case of an emergency is an example of a business continuity risk. Whereas a high dependency on the competency of operations staff following the safety procedures is an operational risk. Final Tips? Many industrial major accidents are colloquially described as black swans, when in fact they were entirely foreseeable and preventable - a good place to start is to foster a culture that has a ‘collective mindfulness’ of such risks. So, a safety case could help to foster and formailse a such a culture, and should include all of the above, • • • • •

•

Focus on managing risk Clearly define the scope, and keep within it Focus on what the key users and stakeholders need to know Include ‘workers’ in the development to ensure ownership Present information clearly and concisely – be easy to understand and easy to navigate, minimise repetition, and use up to date, relevant references/supporting information Contain clear and implementable recommendations, either contain or reference an implementation plan

But most importantly, it should be signed by highly senior company personnel to demonstrate commitment from senior management commitment.

INNOVATORS

LEADERS

SIXTH EDITION | 7 JUNE 2018 | THE LEELA MUMBAI | #BFSITechShow

WE ARE LONG PAST SIMPLY ANALYZING EMERGING TECHNOLOGIES.

MEDIA PARTNERS

IT IS TIME TO ACT NOW AND TRANSFORM THE WAY BFSI AND NBFC BUSINESSES FUNCTION.

SPEAKERS

SPONSORS & PARTNERS

GOLD PARTNERS

SRIRAM NAGANATHAN

MAYANK BHARGAVA

KERSI TAVADIA

President â&#x20AC;&#x201C; Technology & Digital Innovation Liberty General Insurance Ltd

Chief Information Officer DHFL Pramerica Life Insurance Company Ltd

Chief Information Officer BSE LTD

NETWORKING PARTNER

SILVER PARTNERS ideas made real

BRONZE PARTNER

AJAY BOHORA

ANUPRITA DAGA

JYOTHIRLATHA B

Co-Founder & MD HDFC CREDILA

CISO Reliance Capital

CTO DHFL

ASSOCIATE PARTNER

EXHIBITORS

National

Connection, not Collection The Essence of Lesson and Knowledge Management in Western Australia’s Emergency Management Sector.

An adapted article from a research thesis.

T By Chas Capewell

here has been steady improvement toward understanding the value of knowledge through lessons in Australia’s Emergency Management sector, particularly since the National Strategy for Disaster Resilience (Department of the Attorney-General, 2011) highlighted that emergency service organisations must focus on a sector-wide attitude to knowledge sharing. Smith and Elliot’s (2007) argument however, is that any useable post-event information still fails to be properly integrated for it to work and for any length of time. So, the question is if the lessons-learned approach is the way forward, how it is implemented for emergency management agencies to comprehend it? Smith and Elliot’s argument is that although organisations must learn from previous events if they wish to be successful in the future, they must do more to practice information sharing, reflect on learned and acquired knowledge to become valuable in an operational environment full of uncertainty. Study Background Lesson and knowledge management is not a new concept in the emergency management domain. Prince’s (1920) examined the lead up and response to the 1917 Halifax explosion and outlined preparedness stages to ensure such events would not reoccur. This highlights a pioneering

40 | Asia Pacific Security Magazine

example into preparedness using lessons-learned (Perrow, 1967). In examining Princes work, Rostis (2007) concluded that lessons must motivate change, or at minimum, adaptation, to ensure repeated oversights do not reoccur. Nevertheless, research continually highlights that emergency management agencies are yet to be as effective as they could be given their operational tempo demands adaptability to changing situations. Torlak (2004) stressed that a critical aspect of staying ahead in such environments, is for agencies to be cognizant of generating a workplace committed to learning and as Edmondson, Gino and Garvin (2008) explain, a competent learning organisation is particularly savvy across two critical skill sets. First, their aptitude to acquire, interpret, share and retain information and second, their ability to adjust their organisational mindset to this new information. Argyris and Schön (1978) and Senge (2003) suggest that if agencies commit to a culture of learning, then decision makers and leaders build the ability to grow individual and operational capabilities through knowledge retention and integration. Study Significance This study examined the barriers to effective lesson and knowledge integration from previous inquiries to potentially advance the capability of emergency management in Western

National

'Uncoordinated response and recovery, specifically those events requiring a multi-agency approach to larger scale incidents were related to an inability to extract and learn from previous experiences to enhance preparedness.'

Australia. By identifying persistent challenges and the means to overcome them, agencies may be better attuned at addressing events in the prevention phase. However, preparedness requires considering why lessons remain unresolved and how as a sector, emergency management may adapt processes to enhance behavioural transformation. Method The study employed a two-phase design through a literature critique of lesson and knowledge management categories to identify the key aspects for knowledge implementation emergency management agencies require. This assisted in developing the semi-structured interviews with Western Australian emergency management agency personnel who were drawn from the areas of risk, capability, impact, engagement, governance and support. Both phases were interpreted and analysed by integrating the literature and interviews to understand how learned lessons can be more efficiently synthesised and integrated into existing emergency management knowledge structures. Phase One Findings There was limited works relative to lessons and knowledge integration for emergency management within Western

Australia. Nevertheless, recent inquiries, such as the Waroona Fire Special Inquiry examined the efficacy of Keelty 1, A Shared Responsibility – Report of the Perth Hills Bushfire and Keelty 2, Appreciating the Risk – Report of the Special Inquiry into the Margaret River Bushfire. The first Keelty report examined emergency management operations surrounding the Roleystone-Kelmscott fires and subsequently produced fifty-five recommendations and improvement opportunities covering agency policy, statutory improvements, interagency and intergovernmental integration. Many recommendations faced an uncertain future as agencies argued that unrealistic timeframes and the number of recommendations expected to meet are unachievable. It was further noted that fire management operates within one of the most complex legislative frameworks that currently exist. While primary guidelines regarding fire (bush) is contained within the Bush Fires Act 1954, it converges with the Fire Brigades Act 1942 and the Fire and Emergency Services Authority of Western Australia Act 1984. (State Law Publisher, 2015). These three Acts not only articulate the different response required, but land ownership also dictates the responding agency. Keelty 2 revealed that some inroads were made towards improving sector-wide collaboration. However, effort was still required by state-level emergency management toward response capability and operations, of note was the assessment of one agencies decision to conduct prescribed burnings. The report noted a lack of communicating and consulting of risks surrounding the burn to other agencies, furthermore, those charged with pre-planning the burn did not account for the risks of a fire escape (Keelty, 2012). Criticism was further levelled at the continued omission and exclusion of volunteerbased agencies and local knowledge. For example, when community members became aware of the fires, they did not call authorities as a heavy presence of fire agency personnel were in the area and assumed the burn was under control. However, communities did not know that it was an escaped fire. Those volunteers monitoring fire agency communications decided to mobilise and directly engage the fires on their own accord. Keelty 2 (2012) found this was a failure in communicating event severity and a lack of using local knowledge, revealing that most decisions were based on agency culture, referred to as ‘bias for action’ (Keelty, 2012, pp. 64). It was noted this culture was accountable for not fully appreciating the risks associated with the fire, citing

Asia Pacific Security Magazine | 41

National

that this approach was inhibiting agency decision making and demoralising agency personnel. The report noted, such a culture made others (personnel) in the agency “with less stronger personalities more difficult to question the actions of those in leadership positions”. (Keelty, 2012. p. 64). The Waroona Inquiry claimed that Western Australian emergency management must move from response and recovery to prevention and preparedness by reinvesting in education and training of local communities and agencies, as the inquiry highlighted the continual oversight rural fire services. Ferguson (2016) discovered that several recommended treatments against identified threats emerging from Keelty’s reports had not been fully implemented, either operationally or within governance procedures. Fire agencies received criticisms for absences of structured procedures to capture lessons for improvement opportunities through their Integrated Planning and Reporting System (IPRS), a system specifically designed to synthesise post-event data to produce learning material. (Ferguson, 2016, p. 45). The inquiry stressed that agency transparency, oversight and accountability would benefit from the establishment of an independent governing body to ensure recommendations have been implemented and understood, to avoid what was described as “counting recommendations completed” (Ferguson, 2016, p. 46). Phase 2 Findings The emergency management literature supported the view that there are profound cognitive, social, and organisational barriers preventing emergency management agencies from learning as effectively as they could (Thompson, 2012). Likewise, participants highlighted that the agency directly responsible for the hazard do not reflect past their own remit and while participants agreed that agencies work well together in principle, it was clear that a significant barrier is a commitment to sharing. Although it was discovered Western Australian agencies want to learn, it was evident that a significant barrier inhibits long-term and sustainable commitment to sharing. Agency culture and leadership. This translated into missed opportunities for sector improvement, a widely held view by participants who associated this as a lack of agency transparency and accountability, a factor whether collaboration occurred. Milton (2009) stated that leadership must encourage, apply and ensure lesson management and collaboration is a priority within an agency doctrine, Meyer (1982) and Levitt and March (1988) add that organisations learn by interpreting not only their past but those from others. These methods capture the practical lessons, making them available to those who have not lived through such history as some agencies were viewed as open to change and collaboration. Of those agencies, they received minimal attention with recommendations, particularly lesson sharing and knowledge integration. However, some problems were reported to be self-inflicted, as some agencies do not appear to place any sense of priority toward seeking out improvements, inferring that culture has a significant impact on what has been discovered. Furthermore, the study identified that a satisfactory model does not exist for Western Australia, or, a system to address agency lesson and knowledge retention.

42 | Asia Pacific Security Magazine

Interpretation The barriers to lesson and knowledge integration encompass a lack of sharing and understanding of both individual and sector-wide responsibilities. Of which, trust is a critical component. Additionally, there was a need for strengthened, multi-organisationally aligned, clear strategies from inquiry recommendations, mainly from the view of Ferguson (2016) who supported improvements across the operational structure of Western Australia’s emergency management sector. The report commented, “there is still significant work to be done to have a true multi-agency, pre-formed, incident management teams” (Emergency Preparedness Report, 2016, p. 92). Uncoordinated response and recovery, specifically those events requiring a multi-agency approach to larger scale incidents were related to an inability to extract and learn from previous experiences to enhance preparedness. This was highlighted within Keelty (2011) and Ferguson (2016) reports, stating that failing to learn from the past translated into overlooked opportunities for future capability. The challenge however, is how to establish a common framework that appeals to Western Australia’s sector. Consequently, the lack of guidelines, particularly for sector-wide preparedness has resulted in suppression tactics, rather than anticipation strategies and missed opportunities impact the ability to learn from previous experiences. Conclusion Keelty (2011) summed it up when he stated that a shared responsibility must shift to a shared resilience and it was clear that culture influences an agency and how it impacts on what manner they analyse, build and collaboratively share knowledge. This may provide an explanation as to why agencies wrestle with understanding the value of lesson and knowledge sharing strategies. Although there is a widespread willingness to learn, siloes still exist and will remain to do so if agencies continue developing their own distinct methods, impacting on sharing. Yet for any recommendation to be achievable, they must focus on areas which have the best opportunities to survive and prosper. About the Author Chas Capewell BSc(Security)Hons AFAIM MAIPIO: JLL WA Precinct Security Manager for the Government of Western Australia Dumas Precinct. Responsible for all aspects of security and serves as the expert advisor in the development, implementation and maintenance of physical protection systems, continuity management and systems resilience.

INNO VATE

HOW ARE YOU MANAGING YOUR CYBER RISK? Attend the most comprehensive cyber conference in Australia! Participate in business tracks free of technical language, hear from international thought leaders in cyber and engage in workshops and training to equip you with a better understanding of how you can manage this risk.

Register now at cyberconference.com.au From only $275 Save up to $825 on conference fees by becoming an AISA member today and access the many benefits received by our membership network

OCT 9-11

2018

AUSTRALIAN CYBER CONFERENCE

BROUGHT TO YOU BY

aisa.org.au Asia Pacific Security Magazine | 43

Regional Security

Security enhancements from ASEAN-Australia Summit 2018

T With Chris Cubbage Executive Editor

he Australian Prime Minister called it “a new era of engagement with ASEAN” as the first ASEANAustralia Summit was held in Sydney in March. With special meetings and conferences held across the domains of business, industry, economics and security, the region’s leaders and representatives created agreements and MOUs to address an equally wide range of issues. In a security and technology context, there was ASEANAustralia Joint Declaration for Cooperation to Combat International Terrorism, supported by a package of counterterrorism initiatives intended to strengthen regional efforts to counter terrorist activity, assets and funding. This includes technical and regulatory assistance to develop best practice counter-terrorism legislation, and regional dialogues and workshops on topics such as electronic evidence, financial intelligence, and countering online radicalisation. MySecurity Media attended the ASEAN-Australia AUSTRAC Codeathon and interviewed the always entertaining and intelligent Adam Spencer, MC and Chief Innovation Officer Leanne Fry and Director of Innovation, Rajesh Walton. The Codeathon presented six challenges for participants from across the region to solve in 32 hours: 1. Using big data to combat terrorism financing 2. Disrupting money launderers, terrorists and cyber criminals across ASEAN-Australia 3. Exploiting financial data to gain insights into crime and

44 | Asia Pacific Security Magazine

terrorism risks 4. Applying artificial intelligence to improve Anti-Money Laundering and Counter-Terrorism Financing (AML/ CTF) compliance and suspicious matter reporting 5. Applying blockchain technologies to improve financial services, AML compliance or secure intelligence sharing 6. Collaboration and knowledge sharing to combat cybercrime, money laundering and terrorism PODCAST interviews are available at www.australiancybersecuritymagazine.com.au

Cyber-physical systems security industry Amongst government, industry and business events, the SME Conference was held with the Australian Prime Minister announcing the ASEAN-Australia Digital Standards, which will aim to build regional regulatory consistency and a framework for Australia and ASEAN countries to cooperate in developing, adopting and using international standards to promoted digital trade and support inclusive economic growth in the region. The CSIRO’s Data61 CEO Adrian Turner also released a study, ‘Sunrise Industries’ which has identified the top seven emerging industries within ASEAN and neighbouring nations that will fuel future regional growth, international collaboration and job creation. Importantly,

Regional Security

of these industries, Cyber-Physical systems security is identified. Adrian Turner stated, “a new class of assets is emerging, ‘Industry utility assets in a cyber-physical world’, with cybersecurity set to be a US$180 billion global market opportunity’. The Sunrise Industries report states, “While cyberphysical systems (i.e. systems which have intertwined software and physical components) are becoming increasingly widespread, they can be vulnerable to hacking, creating new opportunities for the cyber-physical systems security industry. The report aims to inform government and industry on potential future areas for growth – ranging from AI to energy storage – and help decision makers capitalise on opportunities for the region. The report highlights the use of drones, increasing globally, with worldwide revenue from drone production for commercial and personal use growing by 35.5 percent in 2016; similar growth rates are predicted for 2017. In the Asia Pacific region, spending on robotics (including drones) and related services is estimated to rise from $85 billion in 2017 to $210 billion by 2021 – over 70 percent of the global robotics market. The remote piloting of drones is susceptible to outsider interference and attack; as such, as drone use increases, there is growing global interest in drone-related security. (Reference: CSIRO Data61 – Sunrise Industries Report, 2018, p20) This technology and innovation will drive the Cyberphysical systems security industry. This industry will provide protective security for cyber-physical systems, consisting of both software and physical components (e.g. smart grids, autonomous cars and drone fleets). Cyber-physical security is also becoming increasingly important as acts of geopolitical aggression are executed through attacks on cyber-physical systems. Additional security cooperation agreements include: • The ASEAN-Australia Maritime Cooperation package of initiatives to strengthen the protection of regional fish stocks, civil maritime and border protection, maritime domain awareness, and maritime law and its applications. •

•

An ASEAN-Australia Cyber Cooperation will improve joint efforts to harness the opportunities that cyberspace enables, promote peace and stability in cyberspace, and guard against growing threats online. The ASEAN-Australia Postgraduate Defence Scholarships will bring together emerging defence and security leaders from ASEAN countries and Australia; creating an alumni and fostering future cooperation on regional security challenges. ASEAN-Australia Counter-Trafficking will strengthen criminal justice responses and victim rights protection in ASEAN and support the region’s agenda to stamp out trafficking in persons. An ASEAN-Australia Women, Peace and Security dialogue will strengthen cooperation in the areas of peacekeeping, protection of human rights and promotion of gender equality in contributing to stability, peace and security. The Health Security ASEAN Fellows will increase capacity in the region by fostering professional

"While cyber-physical systems (i.e. systems which have intertwined software and physical components) are becoming increasingly widespread, they can be vulnerable to hacking, creating new opportunities for the cyber-physical systems security industry.”

MySecurity Media attended and interviewed the always entertaining and informative Adam Spencer, MC and Chief Innovation Officer Leanne Fry and Direct of Innovation, Rajesh Walton.

Singapore Prime Minister Lee Hsien Loong and Australian Prime minister Malcolm Turnbull presenting at the SME Conference

development of field epidemiologists to address disease outbreaks across the region creating opportunities to build links between our communities so that our region is equipped with a health workforce well placed to prevent and respond to infectious diseases. For a full list and further information on the ASEANAustralia Summit initiatives and outcomes, visit: https://aseanaustralia.pmc.gov.au/asean-australia-specialsummit-initiatives

Asia Pacific Security Magazine | 45

Cyber Security

Photo credit: Global Space and Technology Conference 2018 Singapore

Cyber Security in space and military operations

C By Jane Lo Singapore Correspondent

omparisons of the Apollo Guidance Computer (AGC) with our modern IT inevitably brings to attention the relatively primitive technology that put man on the moon. That an iPhone is millions of times faster and more powerful than the AGC adds to our appreciation the incredible engineering feat achieved with a 64kByte memory, and the relentless pace of technological development encompassed in Moore's Law. At the Global Space and Technology Convention (GSTC, Sheraton Hotel Singapore 2-3rd February 2018), world’s leading companies in Space technologies, including Airbus and Thales Alenia Space presented the take-up of Artificial intelligence, BlockChain, Machine Learning and Big Data Analytics in the Space Technology sector. Not surprisingly, Cyber Security, was also an important area of focus. Dr Alexander Ling, Principal Investigator, Centre for Quantum Technologies, National University of Singapore, The “Future of Unhackable Data” introduced the role of Micius satellite in shaking up the field of cryptography. But “why should we care?” he asked. Reliability of an encryption approach requires unhackable keys – a problem which Quantum technology is deemed to exacerbate on one hand, but able to solve on the other. Breaking mathematical encryption schemes is extraordinarily difficult today but with powerful computers, reverse-engineering the keys is perceived as a near-term

46 | Asia Pacific Security Magazine

reality and less of a theoretical discussion. Arguably “hackability” can be mitigated with a larger key size, provided that keys are distributed with maximum security. So, how can key negotiation protocols (short of a physical transport) be designed to ensure that only intended parties have them - that is, no eavesdropper has copied the key during its distribution? While quantum computers which are likely to break encryption and reverse-engineer keys are still at the early stages of research, there are already working prototypes of QKD, or Quantum Key Distribution. This technology exploits properties of photons to transmit data for secure sharing of a key between a sender and a receiver. To steal the key would require knowing the photon properties – which due to quantum physics law, is impossible without changing the properties’ behavior and alerting the sender and receiver to the attempted hack. The best optical fibers carry these photons to 200 kilometers before light absorption distort the process. Entanglement, where two particles behave like one regardless of distance apart, enables QKD over long distances. The Micius satellite demonstrates this over 7,600 km by distributing the key from orbit. When the satellite is over the Chinese ground station (at Xinglong, Hebei province), it sends the one-time pad to the ground, encoded in single photons. As the Earth rotates beneath the satellite and as the ground station at Graz in Austria comes into view, Micius sends the same one-time pad to

Global Space and Technology Convention (GSTC, Sheraton Hotel Singapore 2-3rd February 2018) – From Left, Mr Jonathan Hung, President, Singapore Space and Technology Association; Mr. S Iswaran, Minister for Trade and Industry, Guest-of-Honour. Photo Credit: Global Space & Technology Convention 2018 Singapore

Mr. S Iswaran, Minister for Trade and Industry, Guest-of-Honour, Opening Address.

‘To what extent can some control be shared with another entity?” and “If something goes wrong, who’s responsible for the real-world effects?” the receiver there. The two locations then both possess the same key for secure communication over a classic link. Space, Cyber Security and Electromagnetic Systems In “Cyber Security for Space Elements”, Esti Peshin (General Manager, Cyber Division, Israel Aerospace Industries Ltd) said that “most of the space asses are actually ground based” which “have all, and maybe more traditional cyber vulnerabilities of IT and ICS/ OT”. The growing internet and cloud connectivity of ground stations mean that we need to go “back to the basics of cyber security” and “apply end-to-end holistic approach to cyber threats and defense- protect the entire matrix: Ground, Communications and Space”. This holistic view towards protecting and defending against threats arising from the Space and Cyber Space domains, can also be seen in US Army’s approach to “CyberSpace and Electronic Warfare Operations”. It recognizes that “space provides a key global

“Cyber Security for Space Elements, Esti Peshin (General Manager, Cyber Division, Israel Aerospace Industries Ltd”). Photo Credit: Global Space & Technology Convention 2018 Singapore

Dr Alexander Ling, Principal Investigator, Centre for Quantum Technologies, National University of Singapore, The “Future of Unhackable Data?. Photo Credit: Global Space & Technology Convention 2018 Singapore

Asia Pacific Security Magazine | 47

Cyber Security

Ulf Lindqvist (Program Director, Computer Science Laboratory, SRI International), at the IEEE World Forum Internet of Thing ,on “Security and Privacy Regimes” was also a focal area. Photo Credit: SRI International

At the Asia Defence Expo & Conference 2018, Lieutenant Colonel Chris Walls, US Army, ÜS Army doctrinal approach to Cyberspace and electronic warfare operations). Photo Credit: Asia Defence Expo & Conference 2018

connectivity capability for cyberspace operations” and “many cyberspace operations occur in and through the space domain via the EMS (electromagnetic spectrum), resulting in an interdependent relationship between space and cyberspace.” Lieutenant Colonel Chris Walls, US Army, summed up very well at the Asia Defence Expo & Conference 2018 (Marina Bay Sands, Singapore 30-31 January 2018), “US Army doctrinal approach to Cyberspace and electronic warfare operations” that: “Cyberspace pervades the land, air, maritime, and space domains through the EMS and wired networks. Cyberspace enables integration across physical domains by moving data along transmission paths through links and nodes in cyberspace and the EMS.”. Internet-of-Things Indeed, as we become more inter-connected and the Internet of Things permeate our lives, what we commonly

48 | Asia Pacific Security Magazine

refer as Cyber Space will extend from ground-based assets to Space, which raises the question of jurisdiction and ownership, when it comes to building protection and defenses. Ulf Lindqvist (Program Director, Computer Science Laboratory, SRI International, said, at the IEEE World Forum Internet of Things “Security and Privacy Regimes” track (Marina Bay Sands, Singapore 6th -8th February 2018), “when the security of a single system is under consideration, then it’s easy to imagine that a portion of the system is responsible for limiting access and actions. In an IoT setting, it’s possible that some sensors and some actuators won’t be owned by the same organization.” As the boundary of Internet of Things expand, the questions of ‘To what extent can some control be shared with another entity?” and “If something goes wrong, who’s responsible for the real-world effects?” makes holistic approach an increasingly important one, but also cooperation between public and private sectors at national, and inter-national levels.

Cyber Security

Blockchain technology briefing – analyst insights Session Takeaway: Nick Heudecker, Research VP with Gartner, speaking at the Gartner Data & Analytics Summit in Sydney in February. Nick provided a session on the misunderstanding, or the overwhelming hype, of blockchain technologies.

by Chris Cubbage Executive Editor

here is so many different dimensions to blockchain and how it can be applied to existing and new business models that there is going to be a lot of confusion for a very long time. One of the things that is driving that confusion is the potential upside. An estimated $3.1 trillion business impact by 2030 – but there is a long way to go. Nick reports to have yet heard of a single production blockchain use case that has scale beyond four to five nodes that couldn’t easily be done with a centralised database. What is blockchain? It is a distributed ledger. A way to introduce trust in an untrusted network of participants. This provides mechanisms that order transactions and so that double spending can’t occur. Blockchain is not a database per say but a linked list. Every transaction builds on the previous transaction, or block of transactions. Anything that can be digitised, be it a dollar, cryptocurrency or a photograph, the blockchain will record where it came from, who has handled it and who currently has it. Today, you can download the entire Bitcoin blockchain, at about 160GB, which has been in existence since 2009. You will see precisely all the way back to the Genesis block. And no one is identified. Everyone has a wallet identification of 32 characters and there is no personal exposure. But just because you may not be linked to that Wallet ID, doesn’t mean it can’t be determined who you are. Particularly, if you’re posting on web forums, or used the Wallet ID on some other platform. So, despite not readily being identifiable, there is still other identifiable attributes that can be applied. However, for business use, there is a general requirement to know who you’re dealing with, so there is potential for new centralised identity services and privilege management. Another key aspect of the blockchain is that there is active data, where behaviour or logic can be applied. The Blockchain can apply a smart contract, with a programming language, which looks at different pieces of data, called Oracles, which

provides data sources of truth for the smart contract to verify against and act on. The current challenge is that there is no way to ensure the contract data is ‘bug’ proof or even legal. Programmers writing smart contracts need to ensure accuracy and being comprehensive to the smart contract requirements. For business, this will require bridging application development with legal, procurement and other sources of expertise. One good example is referred to the DAO Hack, where a code vulnerability was exploited and $35 million in digital currency was stolen. The four types of blockchain initiatives are blockchain disrupters, digital asset markets, efficiency plays, records management and auditing. Blockchain disrupters are those seeking out new business based on a blockchain foundation, however the business model may not be new. The digital asset market is new markets based on digital assets formed from nondigital ones (physical and virtual). Efficiency plays comes from creating efficiency improvements in transactions, interactions and tracking provenance of assets. Finally, record keeping for trust verification by one entity, for oneself or a community. Data analytics can also be applied, however data in blockchain can’t be manipulated. It is a write only record but it can append information. Integrity concerns still requires enforcement. It is a data tree and key value pair. Blocks also need to be small, so if a MRI Scan is being verified, you would not load the MRI, you would use a hash which appends the MRI. A blockchain is yet another data source to integrate into an analytics program. There remain challenges for blockchain technology. The current platforms are not scalable or complete, an ecosystem of competitors is yet to fully form, agreements on structures and formats of data is still being developed and though a complex and powerful solution, a blockchain can consume huge resources to build. For more information visit www.gartner.com

Asia Pacific Security Magazine | 49

Cyber Security

The potential impact of Artificial Intelligence technology on cyber security.

A By Nick Johnson

50 | Asia Pacific Security Magazine

rtificial Intelligence (AI) is the application of technological solutions to problems which typically require human intelligence â&#x20AC;&#x201C; think of identifying objects in images, recognising and correctly reacting to human speech, and making decisions based on inputs which vary. In itâ&#x20AC;&#x2122;s various guises, AI is increasingly being seen by the commercial world as having the potential to add significant value to the balance sheet. Together with developments in machine learning (computers learning from data without being explicitly programmed what to learn) it is now almost inevitable that AI will become integral to the IT systems of many major companies. Whilst this will undoubtedly produce tangible benefits, increased deployment of AI solutions will create cyber security issues that are not currently being considered by the wider industry. James Clapper, the former Director of US National Intelligence, concurs with the view the growth of AI will introduce new threat vectors. He believes AI will become common in financial, energy and weapons systems to name but a few. He states America would therefore be wise to focus on threats which AI may pose to society as a whole. It is interesting to note Bill Gates and the late Stephen Hawking, men not known for their lack of vision, also agree with the notion that increased use of AI brings with it a new

type of threat component. But is it a realistic proposition that AI becomes a common tool of the commercial world? Tech-industry heavy hitters certainly seem to think so. Microsoft recently used itâ&#x20AC;&#x2122;s huge library of recorded technical support calls to build an AI that recognises conversational speech as accurately as any human. Given that both sides of helpline calls are recorded, and can therefore be comprehensively studied by an AI, it is surely only a matter of time before we see a virtual call centre staffed solely by an AI which reacts verbally, as opposed to using a message box. This would have the tangible benefit of reducing staff and phone line costs, not to mention the prospect of multiple AIs working for multiple companies from the same (now considerably smaller) call centre infrastructure. Although many call centres currently rely on speech recognition to direct calls to human call centre representatives, this is far from the flexibility and accuracy which could be potentially offered by a well trained AI. From a hardware perspective, the current market for AI chips is largely dominated by Nvidia, although only because the graphics chipsets it produces happen to be the most cost-effective tool for the job at present. Google, IBM, Intel and other industry heavyweights are developing processor chips specifically for running AIs. A quick search on Google

'It is not difficult to imagine a corporate environment in which Friday night drinks involve an ‘Our AI is better than your AI’ discussion.'

shows the race for an effective AI includes companies as diverse as AOL, eBay and Oracle. Using the aforementioned example of a fully automated yet competent call centre, it is easy to visualise the potential for profit. Even if only half the call centre’s staff were replaced, savings would be swift and tangible. We may see a situation where a company with the quickest, most effective AI has a distinct competitive advantage over those in second place. To get companies started in this endeavour, Microsoft allows open access to AI software they have developed. Like it or not, AI is coming. So what security threats will AI introduce? Fans of the 1983 movie War Games will remember the problems Matthew Broderick had trying to prevent a US military computer from starting a nuclear war. Although this scenario makes for an exciting movie, I would like to introduce a somewhat more benign possibility – that of the AI itself becoming a high value target. If an AI adds value to a company in a particular market, and can be taught how to operate on the same type of data in a different company, it is fair to infer the AI in question would be valuable to a competitor in the same commercial sector. In this way, we would see the AI itself become the high value target, much as R&D materials and customer data is today. An AI could be stolen through a variety of means

including standard hacking techniques and AI "cloning" (the art of building software to ascertain a target AIs' response to specific questions directed toward it). Furthermore, an unwitting AI could grant an attacker access to the network – an approach which may require a different way of securing networks against intrusion, or may require AIs with cyber security features built in from the outset. These early days of AI development allow developers a chance to avoid the security nightmare that is the Internet of Things. We may also see an AI specifically tasked with cyber security: ‘Who wants to access that system?’; ‘Do they need access?’; ‘Shall I give them only partial access, and what are the consequences if I do so?’. It is not difficult to imagine a corporate environment in which Friday night drinks involve an ‘Our AI is better than your AI’ discussion. Similarly, it is not beyond the realms of possibility that an employee tries to trick an AI into delivering a service the employee is not entitled to, be it with innocent or nefarious intention. Consequently, it may be prudent to equip AIs with the ability to recognise when someone is trying to coerce it. An AI incorrectly allowing access to information brings with it a whole raft of legal ramifications too complex to be explored here, but suffice it to say employment Terms & Conditions agreements may have to encompass this eventuality. In keeping with the abundance of potential AI applications, there exists a corresponding number of related security risks. Some of these are obvious (protect the server the AI is based on), and some are not (put an exploit in an image on a 3rd party website you know the AI checks intermittently). If AI proliferates as the large tech companies think it will, it may be necessary to have one cyber security team looking after the network and one looking after the AI. Who knows – if the AI has an issue dealing with sounds it does not understand, we may have come full circle to playing obscure tones down virtual phone lines in order to access the AIs debug menu. Cap'n Crunch*, it would seem, may not have blown his last whistle after all. * In the mid 1960’s the toy whistle found in boxes of Cap’n Crunch breakfast cereal emitted a tone which could be used to access certain features of the US phone network. “Phone phreaking”, as it became known, was one of the precursors to todays computer hacking. About the Author Nick Johnson (MA, BSc (Hons) ) is an Intelligence Analyst with experience across Australian federal and state agencies. He is experienced in diverse areas including counterterrorism, organised crime and money laundering. A former officer in the Australian military, Nick's experience also covers computer programming and systems administration in the corporate arena. His understanding and use of technology allow him to create bespoke solutions for use within Australian state and federal government agencies.

Asia Pacific Security Magazine | 51

Cyber Security

By 2050 – we will be beyond the cloud and on Mars CISCO LIVE! Melbourne, 2018: The reality will be a multi cloud world: the tools to build cloud services and the networks

C With Chris Cubbage Executive Editor

elebrating 25 years, ‘Your IT’ CiscoLive! Melbourne attracted over 7,000 attendees, plus an additional online-record audience, covering over 300 sessions and viewing 100 sponsors at the World of Solutions expo. With Optus Business as the diamond sponsor, the two have jointly invested $12 million over three years to provide cybersecurity curriculum to Australian TAFEs and Universities. Optus was also the digital initiatives provider for the Gold Coast Commonwealth Games, along with Cisco being the Network hardware supporter. Rowan Trollope, Senior Vice President and General Manager, IoT applications group at Cisco provided the visionary keynote, highlighting the company’s 9,000 research and development engineers and the US$8 billion over the last two years spent on acquisitions. Roadmap of the Future Providing a roadmap of the future, with self-confessed pontification, Rowan Trollope reached out as far as 2050. For business and those with near term requirements, much of this was just entertainment. However, for many, including businesses such as Cisco, that have been around for 30 years, casting out so far, should Rowan be correct, or even half right, shows that the future is going to be a challenge, to say the least. By 2022 we expect to see the first driverless hovering drone taxi, flying above Dubai and by 2025 the smart phone may disappear as quickly as it arrived, as the world takes a ‘magic leap’, with the likes of Rony Abovitz (www.magicleap.com) and augmented reality (AR) glasses. Wearable technologies will create new experience platforms, as well as new science through the use of holograms in the field of vision – like the smart phone and the internet itself, this technology will profoundly affect every industry and in a networking perspective, will require an entirely new network built to support the next generation of devices and the digital resolution. As we draw to the close of 2028, text by thinking, which

52 | Asia Pacific Security Magazine

is already under development, will replace voice to text for significantly enhanced human brain to computer interfaces. By the end of the decade and into the next, 2030 will see new job titles, like vertical farmer, waste data manager and climate change reverse specialist. By 2034, one terabyte (1TB) connections to the home and on the person will be common. Yet, this bandwidth will only enable more computational and network connected opportunity. By 2036, Alzheimer’s is cured as a result of being able to reverse engineer the human brain. Current research in Queensland is using non-invasive ultrasound technology to show how memory can be restored, which could not only cure and restore memory from Alzheimer’s but significantly lengthen human life. By 2040, the 2020s and 2030’s are already looking ‘sleepy’ and obsolete. The average home will have the computing power of a billion human brains. This may be hard to imagine, today. What will be done with that computing power? This is a time when there is limitless processing capability and bandwidth. It will be up to the imagination. The chief futurist for Google, Ray Kurzweil believes that by 2045 we will have achieved, ‘the singularity’. The moment which computers become ‘more’ intelligent than humans. Artificial Intelligence is already making a transformative force in our lives and will continue to do so for many years to come. Ultimately, AI will change the future, and indeed it seems, human kind. By 2050, thanks to people like Elon Musk, there will be a permanent base on Mars. Humans will be an inter-planetary species. At this time, with 9.7 billion people forecast to be on earth, the planet is reaching the carrying capacity for sustainability. More than 10 billion people will require two earth sized planets. Today, we have to rethink substantially more about efficiency of and with resources. Technology will underpin this transformation, as it comes to underpin human life. Maslow’s hierarchy of human needs should now have battery

life and WiFi connectivity as the foundational requirements before breathing, eating and sleeping. Technology infrastructure is yet to be built for an age of intelligence, but over the next three decades, the foundation of this infrastructure will need to be intelligence, automation and security. Cisco’s Five Key Pillars Strategy AI is powering innovation across every part of Cisco’s portfolio. The five key pillars of the Cisco strategy is set out as: Security is Foundational, Reinvent the Network, Embrace a Multi-Cloud World, Unlock the Power of Data and Employee & Customer Experience. Security is Foundational Security can’t be an afterthought to the network. The Internet is not secure because security wasn’t thought of as part of the Internet. The attack surface is increasing and so is the number of devices, and so is of the number bad guys. We are not winning and it is easier than ever to hack into our networks. But security will be the first consideration for new network architecture and Encrypted Traffic Analytics (ETA) embeds security into the network. The Cisco security portfolio has proposed a pipeline of innovations coming for endpoints, networks and the cloud. Reinventing the network The network intuitive is in response to having reached a tipping point, with approximately a million new devices connecting to the network every hour. The network intuitive is the first major redesign of networking Cisco has ever done and intent based networking is very much the future. Deployment of the Digital Network Architecture (DNA) Centre promises agile software releases and decoupling new software and hardware innovation. Embracing a multi-cloud world Eighty-five per cent of Cisco customers are using the cloud but ninety-five per cent are using more than one cloud platform. Application Centric Infrastructure (ACI) in the datacentre is enabling a seamless transition of workloads and App Dynamics is used to monitor and track the performance of those applications. Unlocking the power of data There is a multitude of new opportunities for companies able to create efficiency in power, impact and performance around their data. The Internet of Things is unlocking so much new data and one of the key aspects is to create data efficiencies. Unlocking this data is a key strategic initiative for Cisco. The Cisco IoT networking portfolio along with the IoT software platform, called Kinetic, has been rated by IDC as one of the leading IoT platforms in the world and is designed to ‘connected anything’.

Collaboration With connection comes change to workplaces. Cloud products like Spark and Webx are connecting employees and customers and enabling new ways to engage with customers. The customer care portfolio and new Broadsoft acquisition, added with the DNA network assurance engine Spark assistant, makes Cisco’s pace of change impressive – and one to watch. There is indeed a sense of urgency and undoubtedly, commercial risk. As Rowan Trollope concludes, “It is time to reinvent the network. Time to improve the security posture. Time to transform the workforce experience. This time is now. Cisco is doing some very cool and exciting things!”

Asia Pacific Security Magazine | 53

Cyber Security

App now available on iTunes & Google Play DOWNLOAD NOW!

www.australiancybersecuritymagazine.com.au

54 | Asia Pacific Security Magazine

Asia Pacific Security Magazine | 55

Cyber Security

56 | Asia Pacific Security Magazine

Asia Pacific Security Magazine | 57

Cyber Security

Cyber Risk Meetups Passionate about these two words: Cyber & Risk? The CyberRisk Meetup has event opportunities in Sydney, Melbourne & Singapore and will provide attendees a special experience and additional takeaways, including the Australian Security Magazine.

passionate Cyber Security Advisor and MySecurity Media is a dedicated industry channel across the Asia Pacific for security, cybersecurity and related technologies.

Shamane Tan, organiser of the ever increasingly popular CyberRisk Meetup events in Sydney and Melbourne, has partnered with MySecurity Media for an exclusive media partnership. Shamane Tan is a

Events attract a loyal audience of between 80 â&#x20AC;&#x201C; 150 people and topic ranges include cybersecurity, legal & insurance, blockchain and IoT events, along with promotion of specialised workshops and round-tables.

58 | Asia Pacific Security Magazine

UPCOMING EVENTS Cyber Risk Meetup in Melbourne, 24th May, 6pm to 8pm (in collaboration with the organisers of IoT festival) Internet of Things â&#x20AC;&#x201C; Challenges of Securing the Connected World Join us for an informative evening discussing all things IoT and Drone security with industry experts Matt Tett and Mike Monnik.

Cyber Risk Meetup in Singapore, 3rd July, 7pm to 9pm The big cyber risk Singapore meetup launch! Session 1: Panel Segment discussing the impact of the new legislations and what does it mean for businesses (with an APAC CTO, and potentially someone from CSA/ legal, and the implementer) Session 2: The new Sexy things 2 to 3 speakers (10 mins each) focusing on AI, Machine Learning, IoT, Car Hacking, Drone Security, etc.

Cyber Risk Meetup in Sydney, 18th July, 6pm to 8pm 1st segment: Women in IT feature panel segment 2nd segment: CISO matters Part 2: Where do I put my CISOs?

Join us at an event | Register at www.cyberriskmeetup.com Asia Pacific Security Magazine Support an event | Register at promoteme@mysecuritymedia.com or visit www.mysecuritymedia.com

| 59

TechTime - latest news and products

To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au

Latest News and Products

China Telecom and HGC sign MOU to build industryfirst Hong Kong-Zhuhai-Macau bridge network interconnection system China Telecommunications Corporation (“China Telecom”), mainland China’s largest fixed-line and FDD LTE operator and a global communications service provider with abundant international cable network resources, and HGC Global Communications (HGC), a fixed-line operator with broad Hong Kong and international network coverage, in Hong Kong hosted a signing ceremony for a Memorandum of Understanding (MOU) between the two companies. The MOU puts in place an agreement for the construction of a network interconnection system via the Hong KongZhuhai-Macau Bridge (HZM Bridge). Directly connecting mainland China to the Special Administrative Regions of Hong Kong and Macau, the HZM Bridge will be the longest cross-ocean bridge in the world, at a length of 55km. The Bridge will significantly enhance economic connection across the region and act as a catalyst for collaboration. The new fibre connection along the HZM Bridge will provide capacity for anticipated growth in cross-border network traffic, ensuring low-latency across the Guangdong-Hong Kong-Macau Bay Area (Greater Bay Area), and fueling the growth of China’s Greater Bay Area initiative. Upon completion, the new CTG and HGC link will boost the traffic capacity by at least 100 Gbps, with design capacity of 8Tbps. Deng Xiaofeng, Managing Director, Global Business Department of China Telecom, said, “China Telecom is pleased to establish an interconnection with HGC at the HZM Bridge. With both parties’ diverse network connection routes and our history of close cooperation, the new fibre connection will provide customers of both parties with stable and reliable service, meeting the ever-increasing demand in the Greater Bay Area and neighbouring countries and regions.” China Telecom is the most prominent fixed-line operator in China and the largest

60 | Asia Pacific Security Magazine

FDD LTE operator in the world. It has extensive experience in providing international terrestrial and submarine cable resources as well as global telecommunications solutions. Since 1988, China Telecom has established cross-border links with 10 telecommunications operators in Hong Kong and Macau across 5 ports. The links have made a tremendous contribution to the telecommunications development in mainland China, Hong Kong, Macau and the entire Asia Pacific region. Its contribution has helped to boost total traffic capacity up to 17Tbps, whilst offering diversified services including voice communication, private leased circuit, internet service and more. About China Telecommunications Corporation China Telecommunications Corporation (“China Telecom”) is one of the largest state-owned telecommunication companies in China. At present, the size of China Telecom’s total assets exceeds RMB 800 billion, with annual revenue of more than RMB 410 billion. Ranking 133rd in the 2017 Fortune Global 500, China Telecom was awarded the Most Honoured Company, the Best Managed Company in the Asia Telecom Sector, as well as the Best Managed Company in Asia by esteemed international institutions for consecutive years. With the world’s largest broadband Internet network and a leading-edge mobile network, China Telecom is capable of providing crossregion, fully-integrated information services to global customers through its sound customer service channel system. Its comprehensive service capability has earned China Telecom a large customer base. By the end of 2017, the number of its broadband Internet subscribers exceeded 160 million, mobile subscribers exceeded 260 million, and IPTV subscribers exceeded 100 million.

To drive corporate transformation, China Telecom has rolled out its Transformation 3.0 strategy with a focus on upgrading intelligent network, service ecosystem and smart operation for the digital ecosystem. China Telecom will strive to become a leading comprehensive intelligent information service provider, with the aim of becoming a powerhouse in the Internet and cyber realms, in order to serve society and enhance people’s wellbeing. About HGC Global Communications Limited HGC Global Communications Limited (HGC) is a leading Hong Kong and international fixedline operator. The company owns an extensive network and infrastructure in Hong Kong and overseas and provides various kinds of services. It provides telecom infrastructure service to others operators and serves as a service provider to corporations and households. The company provides full-fledged telecom, data centre services, ICT solutions and broadband services for local, overseas, corporate and mass markets. HGC owns and operates an extensive fibre-optic network, four cross-border telecom routes integrated into tier-one telecom operators in mainland China and connects with hundreds of world-class international telecom operators. HGC is one of Hong Kong’s largest Wi-Fi service providers, running over 29,000 Wi-Fi hotspots in Hong Kong. The company is committed to further investing and enriching its current infrastructure and, in parallel, adding on top the latest technologies and developing its infrastructure services and solutions. HGC is a portfolio company of I Squared Capital, an independent global infrastructure investment manager focusing on energy, utilities and transport in North America, Europe and selected fast-growing economies. For more information, please visit HGC’s website at: www.hgc.com.hk

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

Bosch registers steady growth in Southeast Asia Connectivity is becoming a growth business in the region • Third-party sales in 2017 of SGD 1.28 billion (822 million euros) in Southeast Asia and SGD 162 million (104 million euros) in Singapore • Strong investments in regional manufacturing with the opening of Bosch’s smart factory in Thailand and expansion of facilities in Vietnam and Malaysia • Towards a connected world: upward demand for connected solutions in Southeast Asia • Breakthrough: diesel NOx emissions far lower than legally prescribed limits Bosch ended its 2017 fiscal year with SGD 1.28 billion (822 million euros) in consolidated sales in Southeast Asia – a healthy increase of 6.8 percent compared to the previous year. In Singapore, the company recorded SGD 162 million (104 million euros) in sales revenue in 2017, remaining at a similar level. “2017 was a successful year for Bosch in Southeast Asia as we made great strides towards our goal of being a leading supplier in the domains of urban mobility and the Internet of Things,” said Martin Hayes, President of Bosch in Southeast Asia. “Southeast Asia is an important growth market for Bosch. The region’s strong push towards digitization is something we look forward to supporting through our connected products, solutions and services”. For the current business year, Bosch expects this momentum to continue in the region, especially as the company looks towards expanding its connected solutions in the manufacturing sector. Regional investments grew by close to 17 percent in 2017 to SGD 226 million (145 million euros). The main focus was on the expansion of manufacturing activities in Vietnam, and enhancing automated and connected manufacturing capabilities in Malaysia and Thailand. Accelerating smart connectivity efforts in the region At present, Bosch has already introduced several products and solutions in the region that show its expertise in the broad field of the Internet of Things (IoT). Bosch sees strong interest particularly in commercial building projects. Bosch Software Innovations, the company’s software solutions subsidiary with a development centre in Singapore recently launched the Bosch IoT Suite Portal and Developer Console. These platforms are the backbone in helping developers make

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

buildings connected, easy to maintain and energy efficient. Data such as indoor air quality parameters, elevator or light monitoring can be easily gathered with Bosch sensors. Connectivity also makes relevant system data quick and easy to access. For example, the company’s Thermotechnology division introduced the “MEC Remote” – a new IoT feature that enhances boiler accessibility, allowing users to monitor boiler’s performance at any place, any time and across different devices. “We recognized the potential of connectivity early and have been actively shaping the connected world in Southeast Asia. Our aim in making improvements in people’s everyday lives through our expertise in hardware as well as in software now bears its fruit,” said Hayes. “Connectivity makes life safer, more convenient as well as making buildings and industries more efficient and resource conserving. We are seeing more and more new business models developing outside of traditional sectors, for example in connected manufacturing, agriculture and buildings”. Building up a robust workforce to sustain momentum Talent intake and development were a key priority for the business in 2017. Bosch saw a remarkable increase of 27 percent in manpower for the region to around 9,500 associates of which close to 900 are based in Singapore. Bosch’s associate development efforts were also recognised locally, with the company being ranked as one of the Best Companies to Work for in Asia by HR Asia, for the second year running. With new business developments and robust demand for connected solutions anticipated for the coming years, Bosch gives attracting, retaining and upskilling its workforce across the entire region a top priority – uniting technology expertise in both hardware and software. Positive development across all Bosch business sectors Overall, the business sectors of Bosch developed well and in line with the market situation across the region. The Bosch Mobility Solutions business sector ended the financial year strong with double-digit growth in Southeast Asia, driven by the expansion of production and engineering capacity especially in Malaysia, Vietnam and Thailand as well as the Automotive Aftermarket division´s expansion into the marine and offshore segment. Bosch will continue to work towards harnessing technologies for

safer commutes, with the launch of Southeast Asia’s first emergency eCall service this year. In partnership with Aviva, this service will help distressed drivers seek help immediately when needed, in unforeseen circumstances such as car breakdowns or accidents. For the Energy and Building Technology business sector, 2017 was a remarkable year as the Thermotechnology division secured key projects in the petrochemical, pharmaceutical and food industry. Meanwhile, the Building Technology division equipped key infrastructures and commercial venues across the region with video systems, access control and intrusion alarm as the main drivers of growth. The Industrial Technology business sector experienced double-digit growth driven through positive developments in packaging technologies for food manufacturing and confectionery industries. Apart from placing a strong focus on increasing market penetration, project development, consultancy and support, the Drive and Control Technology division also is ramping up support in the areas of factory automation and advanced manufacturing or Industry 4.0 in Southeast Asia. The Consumer Goods business sector made good progress in 2017 in its strive to focus on growing business opportunities and offerings across its entire product portfolio while continuing to evolve with the digitization of the user ecosystem. Bosch Group: Global strategy and business outlook for 2018 Bosch is aiming for further growth in 2018, despite the difficult economic climate. After achieving record results in 2017, and in light of economic and geopolitical risks, the Bosch Group expects its sales revenue to grow by 2 to 3 percent in 2018. In the first three months, the sales revenue generated by the company matched the high level of the same period of the previous year, and even increased by around 5 percent when adjusted for exchangerate effects. “Our company is unequaled when it comes to combining comprehensive connectivity expertise with broad industry and product know-how. This is the Bosch Group’s unique selling proposition”, said the Bosch CEO Dr. Volkmar Denner, speaking at the annual press conference in Renningen. Denner sees improving the quality of life and contributing to eco- and climate-friendliness at the top of Bosch’s agenda: “Our ‘Invented for life’ ethos is our motivation for developing the best possible technologies for environmental

Asia Pacific Security Magazine | 61

TechTime - latest news and products protection. We want to help keep people mobile, while improving air quality”. To make practically zero-emissions traffic reality, the company is making heavy investments – both in making electromobility a market success and in enhancing the combustion engine. Bosch has now achieved a breakthrough in diesel technology: with their new diesel technology, Bosch engineers have succeeded in getting NOx emissions down to one-tenth of the legally permitted limit. On average, test vehicles equipped with the enhanced technology already emit no more than 13 milligrams of NOx per kilometer, or far less than the 120 milligrams that will be permitted after 2020. “There’s a future for diesel. It will remain integral to tomorrow’s mobility solutions,” the Bosch CEO said. [More detailed information on these technological advances can be found here.]

Ltd, located in Singapore. In fiscal 2017, the company generated SGD 162 million in sales in Singapore. As of 31 December 2017, the regional headquarters employed 897 associates. Bosch has been in Singapore since 1923, with diversified businesses in Automotive Aftermarket, Power Tools, Security Systems, Drive and Control Technology, Packaging Technology, Thermotechnology, as well as Software and Systems Solutions. The Asia Pacific headquarters for its Automotive Aftermarket, Building Technology and Bosch Software Innovations businesses, as well as operations for Corporate Research and Advance Engineering, and Information Technology, are part of Robert Bosch (SEA) Pte Ltd. Additional Information can be accessed at www.bosch.com.sg, www.linkedin.com/ company/bosch-singapore and www.facebook. com/BoschSingapore

Bosch in Southeast Asia and Singapore About Bosch Group Robert Bosch (South East Asia) Pte Ltd is a regional subsidiary of the Bosch Group, representing the Group’s interests in Southeast Asia, where it is present in all ASEAN member countries. Business operations in these countries report to Robert Bosch (SEA) Pte

The Bosch Group is a leading global supplier of technology and services. It employs roughly 402,000 associates worldwide (as of December 31, 2017). The company generated sales of 78.1 billion euros in 2017. Its operations are divided

into four business sectors: Mobility Solutions, Industrial Technology, Consumer Goods, and Energy and Building Technology. As a leading IoT company, Bosch offers innovative solutions for smart homes, smart cities, connected mobility, and connected manufacturing. It uses its expertise in sensor technology, software, and services, as well as its own IoT cloud, to offer its customers connected, cross-domain solutions from a single source. The Bosch Group’s strategic objective is to deliver innovations for a connected life. Bosch improves quality of life worldwide with products and services that are innovative and spark enthusiasm. In short, Bosch creates technology that is “Invented for life.” The Bosch Group comprises Robert Bosch GmbH and its roughly 440 subsidiary and regional companies in 60 countries. Including sales and service partners, Bosch’s global manufacturing, engineering, and sales network covers nearly every country in the world. The basis for the company’s future growth is its innovative strength. At 125 locations across the globe, Bosch employs some 64,500 associates in research and development. Additional information is available online at www.bosch.com

Ping Identity names Versent “partner of the year” in Asia Pacific Melbourne-Based Solution Provider Recognised for Driving Continued Customer Success and Representing the Ping Values Ping Identity has announced that Versent, a Melbourne-headquartered technology, managed services and PaaS provider, has been named “Partner of the Year” for the Asia Pacific market. Versent received the award based on its commitment to driving new license revenue through customer acquisition, in addition to delivering digital identity innovation among customer organisations. Tommy Butler, director, global channel sales, Ping Identity, said, “We’re pleased to celebrate Versent’s outstanding achievements with this Partner of the Year award. They set a great example of how partners are leveraging Ping Identity solutions in innovative and progressive ways to drive their own growth, while also supporting Australian business requirements for robust digital identity solutions.” “This award recognises our local partner capability for delivering solutions that enable customers to realise exceptional returns on their Ping Identity investment,” added Butler. “We look forward to working closely with our partners in the year ahead, as we continue our

62 | Asia Pacific Security Magazine

focus on establishing high customer satisfaction as a global business standard.” Last year, Ping Identity also recognised Versent with the “Customer Experience Champion” award based on the company’s work with Service New South Wales and Telstra. Thor Essman, CEO and Founder, Versent, said, “We’re both humbled and honoured to receive this accolade from Ping Identity. From day one, Ping has always shared our core values of customer obsession and integrity, and is committed to supporting our efforts to spread awareness on identity and security best practices that work.” The Ping Identity Partner Program provides the software, training, support and services that partners need to achieve outstanding results in their markets and areas of specialisation. As part of the ongoing strategy to collaborate with partners and celebrate their accomplishments, Ping Identity continues to make investments in its program and partner community. In fact, this year’s Identity Excellence Awards program features a “Better Together” category, where customers and partners that are working together can submit a nomination as a team. The winners will

beannounced at Identiverse in June 2018. About Ping Identity | The Identity Security Company Ping Identity envisions a digital world powered by identity. As the identity security company, we simplify how the world’s largest organisations prevent security breaches, increase employee and partner productivity and provide personalised customer experiences. Enterprises choose Ping for our identity expertise, open standards leadership, partnership with companies like Microsoft, Amazon and Google, and collaboration with customers like Boeing, Cisco, GE, Kraft Foods, Walgreens and over half of the Fortune 100. The Ping Identity Platform allows enterprises and their users to securely access cloud, mobile and on-premises applications while managing identity and profile data at scale. Architects and developers have flexible options to enhance and extend their existing applications and environments with multi-factor authentication, single signon, access management, directory and data governance capabilities. Visit www.pingidentity.com

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

VIVOTEK introduces new multi-sensor panoramic camera with superior image quality, the MS9390-HV Following the success of previous 180° panoramic network cameras, VIVOTEK has launched a brand new and even more efficient multi-sensor camera. The MS9390-HV, with its dual 4-megapixel wide-angle lens design, is unlike most traditional multi-sensor panoramic cameras which rely on 4 sensors. This newly released multi-sensor dome camera is also equipped with SNV (Supreme Night Visibility), WDR Pro technology, 180° IR illuminators effective up to 20 meters and delivers full resolution imagery at 30 fps (frames per second), making it the ideal camera to provide excellent panoramic image quality for both day and night surveillance. VIVOTEK introduces the brand new

the internal tilt adjustment of the lenses of the MS9390-HV has been upgraded to 20°, allowing users to achieve the precise angle desired. Furthermore, the multi-sensor camera employs H.265 compression and Smart Stream III technology to create the most efficient system, and resulting in remarkable savings in storage and bandwidth consumption while at the same time providing complete video security. The new MS9390-HV is further armed with a robust IP66 and IK10-rated housing, enabling it to withstand rain and dust, as well as to protect against vandalism or tampering in outdoor surveillance applications. In addition, its wall mounted design ensures simple and quick installation, with an included sunshield to

About VIVOTEK

MS9390-HV under the strategy of its “See More in Smarter Ways” campaign. With its unique dual-sensor design, the camera is equipped with a video alignment feature, providing users both a detailed and yet seamless 180-degree panoramic view and a higher vertical field of view. This enables greater coverage not only on the horizontal, but also on the vertical plane, capturing an even greater field of view below the point of camera installation. Moreover,

eliminate interference caused by direct sunlight. The panoramic camera was given an early test at the 2018 Taiwan Lantern Festival, one of the great events in Taiwan, that attracted over 10 million visitors. The MS9390-HV provided clear and full coverage throughout the day and night to secure the safety of visitors to the festival. For more information about VIVOTEK and its comprehensive product line, please visit www. vivotek.com.

(Dubai), Latin America (Mexico), and Japan (Tokyo) in 2008, 2013, 2014, 2015, 2016, and 2017 respectively. To create a sound industrial ecosystem, VIVOTEK has expanded strategic alliances with leading international software and hardware partners and works with over 183 authorized distributors across 116 countries. For more information, please visit www.vivotek.com.

VIVOTEK Inc. (TAIEX: 3454) was founded in Taiwan in 2000. The Company markets VIVOTEK solutions worldwide, and has become a leading brand in the global IP surveillance industry. Its comprehensive solutions include network cameras, video servers, network video recorders, PoE solutions, and video management software. Through the growing proliferation of IoT, VIVOTEK aspires to become the Eye in IoT by drawing on its expansive technological capabilities in image and audio. The Company has established offices and subsidiaries in the United States (California), Europe (Netherlands), India (Delhi), Middle East

Commercial Property Insurer FM Global Earns Patent for Its Cyber Security Risk Assessment Even with an attack, no business should be caught off guard Exactly how vulnerable is your business to a cyber attack? Every business deserves to know how ready they are. That’s why FM Global, one of the world’s largest commercial and industrial property insurers, is creating the insurance industry’s first comprehensive cyber readiness assessment for clients’ businesses, and has just secured a patent for the innovation. The online, interactive assessment will be launched later this month. Clients’ answers will reveal detailed information about their cyber security risk posture, including the maturity of their governance, IT security, insider threat management, and response-and-recovery capabilities. The cyber risk assessment is one of several key initiatives driven by FM Global’s dedicated cyber hazards team, which has recruited experienced cyber security executives from defense and business. As with natural hazards

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

and fire, a cyber attack can harm a business’s revenue, reputation, market share and ultimate viability. Disruptions, however, are generally preventable, and clients can improve their resilience by working with their insurer. Since 2001, the FM Global Advantage® allrisk policy has covered damage to data whether from a fire or malware, as well as business interruption from a covered cyberattack. In 2016, the company expanded its coverage to include interruption of data services, such as those resulting from cloud computing.

preventable, represent many of the world’s largest organisations, including one of every three Fortune 1000 companies. They work with FM Global to better understand the hazards that can impact their business continuity in order to make cost-effective risk management decisions, combining property loss prevention with insurance protection.

About FM Global Established nearly 200 years ago, FM Global is a mutual insurance company whose capital, scientific research capability and engineering expertise are solely dedicated to property risk management and the resilience of its client-owners. These owners, who share the belief that the majority of property loss is

Asia Pacific Security Magazine | 63

TechTime - latest news and products

Sony introduces new SNC-HMX70 hemisphericview security camera Discrete, easy to fit IP network camera offers full 360-degree surveillance with excellent 12MP image quality at a smooth 30fps (frames per second), total area coverage with multiple views and smart analytics. The new SNC-HMX70 security camera maintains an all-round 360-degree hemispheric view with no blind spots – ensuring full situational awareness in a wide range of indoor surveillance applications. The camera’s fixed lens and high-resolution 12-megapixel CMOS sensor stream crisply detailed, high-resolution video at a smooth 30 fps. This assures that people and objects are seen clearly, even in challenging lighting conditions. Harshly backlit windows, lobbies and entrances are no problem for the SNC-HMX70. Intelligent Auto Exposure analyzes front and backlighting in the scene, fine-tuning exposure for perfect footage in any lighting conditions. The camera’s wide 92dB dynamic range captures crucial image detail, even in high-contrast scenes with extremes of light and shade. Its slim, low-profile styling makes the SNC-HMX70 ideal for discreet round-theclock monitoring in environments ranging from retail stores, banks, casinos and commercial buildings to schools and offices. Mounting is quick and easy with supplied twist/click mounting ring, while Power-over-Ethernet connection simplifies cabling. 24/7 situational awareness Unlike conventional PTZ (Pan, Tilt, Zoom) cameras, the SNC-HMX70 main-tains total situational awareness of the entire coverage area. This means that a full-resolution 360-degree image can always be recorded, even if only a por-tion of the scene is being scrutinized in close-up. To provide an undistorted rectangular view, this hemispheric image can be ‘dewarped’ – using Video Management System software or the camera’s own edge dewarping function that provides three simultaneous views. In addition to full image circle and dewarped views, remote E-PTZ (Electronic Pan, Tilt and Zoom) allows high-resolution monitoring of specific Regions of Interest (ROI). Even greater monitoring flexibility is provided by a choice of Panoramic, Quad and Corridor viewing modes. Smart Coding intelligently distinguishes between noise and crucial picture information, as well as between moving and static parts

64 | Asia Pacific Security Magazine

of the scene. This reduces video bitrate by up to 50 percent, cutting network data demands without compromising picture quality. Through Sony’s technology partnership with Bosch, the new SNC-HMX70 uses powerful on-board video analytics that can accurately track movement through the camera’s entire coverage area. This makes the SNC-HMX70 ideal for applications such as people counting or detection of suspicious activity. In addition, metadata is streamed from the camera to client software for further use in business analysis or search. For greater peace of mind, the SNC-HMX70

hemispheric camera is backed by a three-year warranty. “The new SNC-HMX70 is compact, discreet and unobtrusive – but it’s remarkably powerful for its size” notes Yoshikazu Hirano, General Manager of the B2B Segment Business Division at Sony Imaging Products & Solutions Inc. “Hemispheric monitoring offers a really big advantage over conventional PTZ cameras that sacrifice wide-area situational awareness when they’re zoomed in to see unusual activity in close-up. With the SNC-HMX70, security users can be confident that no detail gets missed when it really matters.”

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

Boon Edam revamps tripod turnstiles, emphasizing smooth and quiet operation Trilock 60 and Trilock 75 tripod turnstiles now offer a quieter rotation experience for all users Boon Edam has announced that its Trilock 60 and Trilock 75 turnstiles have a completely re-engineered internal mechanism that operates more smoothly and with an exceptionally quiet operation during use, when the arms are rotating into the next position. The turnstiles are quieter than before because the interior ratcheting and locking mechanism (which controls rotation of the arms to allow a single authorized passage) now has a redesigned shape while maintaining a secure functionality. In addition, rubber dampeners are used on certain contact surfaces to reduce the noise level of the standard “clicking” noise that turnstiles make. The result of the new design is that the operating noise of the turnstile during passage is reduced from 86 decibels down to 73 decibels, which is very noticeable in a sideby-side comparison. Tripod turnstiles are known for their sturdy construction and ability to withstand the harshest of conditions, both indoors and outdoors. They are used to manage large crowds at stadiums, amusement parks,

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

museums, and universities, for example. However, waist-high turnstiles are also used in high-end, corporate lobbies to deter tailgating, provided supervision is nearby. To blend in to these environments, they can include premium finishes, such as expensive stone on the tops of cabinets and bronze or custom paint on the sides of cabinets. High-end locations will appreciate the quieter action of these newly updated tripod turnstiles. The new interior mechanism also is easier to build, install and service than before, creating efficiencies and cost savings for the customer during and after the purchase. In addition, older Trilock 60 and Trilock 75 turnstiles can be easily retrofitted with the new mechanism with a minimal amount of disruption or need for new parts. “When we began redesigning the mechanism for the Trilocks, we wanted to improve the customer experience and also make the product easier to build and install,” said Tom Schneider, Engineering Manager at Boon Edam Inc. “We’re proud that we’ve created that ‘win/win’ and the benefits will impact thousands of end users around the

globe. It’s yet another reason to invest in products from Boon Edam.” About Royal Boon Edam

With work environments becoming increasingly global and dynamic, the smart, safe entry has become the center of activity in and around many buildings. Royal Boon Edam is a global market leader in reliable entry solutions. Headquartered in the Netherlands, with 140 years of experience in engineering quality, we have gained extensive expertise in managing the transit of people through office buildings, airports, healthcare facilities, hotels and many other types of buildings. We are focused on providing an optimal, sustainable experience for our clients and their clients. By working together with you, our client, we help determine the exact requirements for the entry point in and around your building. Follow Boon Edam Inc. on Facebook, Twitter, LinkedIn and our blog and read the latest news at www. boonedam.us/news.

Asia Pacific Security Magazine | 65

TechTime - latest news and products

Orbital UAV’s N20 launched in Insitu and Boeing’s new ScanEagle3 Key highlights N20 and Insitu UAS Family •

•

New ScanEagle3 Unmanned Aerial System (UAS) features Orbital UAV’s N20 propulsion system $120M Long Term Supply Agreement underpins Orbital UAV & Insitu commercial relationship Orbital UAV maintains full year revenue guidance of ~A$22 million

Orbital is pleased to announce that Insitu, a Boeing Company, is using the Orbital N20 propulsion system on its new ScanEagle3 Unmanned Aerial System (UAS), which has an increased payload capability compared to the smaller ScanEagle. ScanEagle3 was launched by Insitu at the world’s largest unmanned vehicle systems conference, AUVSI XPONENTIAL 2018, in Denver, Colorado from 30 April – 3 May. Orbital attended the conference and met with key industry leaders to discuss the Company’s unique propulsion technology and capabilities. The N20 propulsion system delivers industry-leading reliability, airworthiness, fuel economy, low acoustic interference, and benchmark cost-of-ownership advantages. Its unique light weight design meets the long endurance and high reliability requirements of Insitu’s new UASs.

66 | Asia Pacific Security Magazine

Orbital’s Managing Director and CEO, Mr Todd Alder commented: “We have been working with Insitu since 2013, and the Long Term Supply Agreement signals our strong relationship with one of the world’s leading suppliers of tactical UASs. The AUVSI XPONENTIAL release of the new ScanEagle3 and N20 application demonstrates how Orbital’s propulsion technology can serve a variety of unmanned aircraft, across both the defence and commercial sectors.” During the four day conference, Mr Alder and Chief Technology Officer Geoff Cathcart met with a range of key customers, suppliers and partners. There were more than 8,500 industry leaders in attendance at AUVSI XPONENTIAL with more than 725 cutting edge exhibitors. With a strong order book in the second half of the current financial year, Orbital maintains full year revenue guidance of A$22 million, and as a result expects to deliver a modest full year 2017/18 profit.

Our design thinking and patented technology enable us to meet the long endurance and high reliability requirements of the UAV market. We have offices in Australia and the United States to serve our prestigious client-base. About Insitu Insitu is an industry-leading provider of information for superior decision making. With its headquarters in Bingen, Wash., and offices in the U.S., U.K., and Australia, the company creates and supports unmanned systems and software technology that deliver end-toend solutions for collecting, processing and understanding sensor data. We proudly serve the diverse needs of our global customers in the defense, government and commercial industries. To date, our systems have accumulated more than one million flight hours. Insitu is a wholly-owned subsidiary of The Boeing Company.

About Orbital Orbital provides integrated propulsion systems and flight critical components for tactical UAVs.

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

Fujitsu develops deep learning-based object detection technology capable of training with limited data More than doubles the accuracy of structure detection in medical images Fujitsu Laboratories Ltd. has announced the development of AI technology that uses deep learning to detect objects(1), even in cases when only a small amount of data is available for learning. In recent years, there have been efforts to automate tasks in a variety of fields. In the medical field, for example, there has been a desire to use AI to automate such tasks as detecting objects, including anomalous spots, in the analysis of diagnostic images. It is typical to utilize deep learning in object detection, which involves identifying specific structures in a diagnostic image, but in order to produce accurate results, tens of thousands of images with correct data are necessary. However, since correct data can only be created by doctors with expert knowledge, it has been difficult to obtain the images in such huge volumes. Now, Fujitsu Laboratories has developed a technology (patent pending) that takes the object location estimates produced by the object detection neural network and makes them into a reconstruction of the original image. Then, by assessing the difference between the original input image and the reconstructed image, it can create large volumes of correct data where the position of objects has been accurately estimated. This raises the level of accuracy in object detection. Fujitsu Laboratories has collaborated with the Graduate School of Medicine at Kyoto University and applied the newly developed technology to the detection of bodies called glomeruli (singular glomerulus) in kidney biopsy images. The results of an evaluation showed that in an experiment using 50 images with correct data and 450 images without correct data, compared with existing training methods using only the same number of images with correct data, the accuracy of the new technology had more than doubled, under the stipulation of an oversight rate of less than 10%. Developmental Background Expectations have been increasing for the automation of tasks using AI in a variety of

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

fields in recent years. Fujitsu Laboratories has been conducting a joint research with the Graduate School of Medicine at Kyoto University(2), and one of those initiatives has been research into supporting the diagnosis of kidney disease using AI. In the medical field, there is a diagnostic test that checks the number and status of structures called glomeruli, which handle the filtration of blood. The test uses images taken in a microscope of a slice of a kidney extracted in a procedure called a kidney biopsy. It is widely known, however, that there are large variations in the time required for the task of finding glomeruli while the image is enlarged, and in how the observer evaluates the condition of the bodies, even among experts. This has created a demand for an accurate, automated count of the number of glomeruli and diagnosis. Issues To automatically extract data for possible glomeruli from images, it is necessary to identify the locations of the glomeruli from the images provided, and deep learning is widely known as a method for identifying the locations and types of objects in images. For this training method, it is essential to have large volumes of images along with information on the locations and types of objects in the images (correct data). However, it has previously been difficult to prepare large volumes of correct data, because it must be created by doctors with specialized knowledge. About the Newly Developed Technology Now, Fujitsu Laboratories has developed a partially trained object detection technology that is capable of training a deep neural network to identify objects using a large volume of images without correct data and a small volume of images with correct data. In order to increase images with correct data, one might consider a method that increases the amount of images in the face of large volumes of image data, by having the neural network estimate object locations and supplementing them as correct data. Neural networks that have been trained on

small amounts of correct data, however, have a problem unique to object detection, in that they face difficulty in estimating the location of an object in precisely the same place as it is in reality. Therefore, if the data from this imprecise estimation is used to further train the model, accuracy will be undermined. In response, Fujitsu Laboratories has now developed technology to evaluate the degree to which the output location estimate is correct, by using the estimated results of the detection neural network as a key to reconstruct the original image using a neural network for reconstruction. Because images reconstructed from incorrect location estimates will not match the original image, by comparing the two images, it is possible to evaluate the accuracy of an estimate location. By repeatedly conducting estimations and reconstructions on large volumes of images in this way, Fujitsu Laboratories has made it possible to increase the amount of correct data while also gradually approaching a state in which the model produces correct location estimates, thereby increasing accuracy. Effects In joint research with the Graduate School of Medicine at Kyoto University, this technology was applied to the detection of glomeruli in kidney biopsy images. The research compared an existing object detection neural network trained using only 50 images with the correct data, with this technology, trained using those same images and an additional 450 images without the correct data. The results showed that, stipulating an oversight rate of less than 10%, similar to that of human evaluators, this technology achieved an accuracy of 27%, more than double that of the existing technology. This means that, where a single image might have an average of 22 glomeruli, this technology reduced the candidate locations needed to be searched due to the above stated oversight rate to 77, reducing post-processing costs. By increasing the accuracy of glomerulus detection and reducing the number of candidate locations, it is expected to accelerate the research of kidney diseases and the development of the diagnosis system based on

Asia Pacific Security Magazine | 67

TechTime - latest news and products

glomeruli detection. Future Plans Though its joint research with the Graduate School of Medicine at Kyoto University, Fujitsu will endeavor to realize the quantitative evaluation method of kidney by applying the new detection technology of glomeruli. This technology is not only applicable to specific applications such as kidney biopsy images, but also to object detection more broadly, in fields lacking in images with the correct data. For example, the company envisions the technology to be applied to a broad range of areas beyond healthcare, such as in detecting defective products using images from production lines, identifying anomalous locations from diagnostic images using a variety of sensors in infrastructure facilities, and creating lists of materials to be used from architectural blueprints. Fujitsu Laboratories

aims to deploy this technology during fiscal 2018 as a learning model construction technology supporting Fujitsu’s Zinrai Platform Service, which makes AI technology available through APIs. (1) Deep Learning One of the major artificial intelligence (AI) technologies. Fujitsu has applied for approximately 140 patents related to deep learning, both inside and outside Japan. (2) Joint research with the Gradual School of Medicine at Kyoto University “Kyoto University and Fujitsu Launch Joint Research Project to Advance Medicine through the Use of AI,” About Fujitsu Laboratories Founded in 1968 as a wholly owned subsidiary of Fujitsu Limited, Fujitsu Laboratories Ltd. is one of the premier research centers in the world. With a global network of laboratories in

Japan, China, the United States and Europe, the organization conducts a wide range of basic and applied research in the areas of Next-generation Services, Computer Servers, Networks, Electronic Devices and Advanced Materials. For more information, please see: http://www.fujitsu.com/jp/group/labs/en/. About Fujitsu Ltd Fujitsu is the leading Japanese information and communication technology (ICT) company, offering a full range of technology products, solutions, and services. Approximately 155,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.5 trillion yen (US$40 billion) for the fiscal year ended March 31, 2017. For more information, please see http://www.fujitsu.com.

Youth, kids and digital dangers Our latest research report, State of Play— Youth, Kids, and Digital Dangers examines how young Australians*, aged 8 to 17, deal with online challenges including contact with strangers, negative online experiences and sharing of personal information. These experiences are also compared with those of adults.

*Data was drawn from a national survey of 3,000 young people aged 8 to 17 and 517 adults over 18.

Some key findings from the report tell us that: — Australian adults are experiencing similar online challenges to those encountered by young Australians — One in four young people were contacted by strangers or someone they didn’t know — One in five young people were socially excluded online — 55 percent of young people tell a parent to help deal with an online issue and only 12 percent report it to the website or social media company — 66 percent of those young people who encountered a negative experience online were able to reflect on the experience in a positive way Read the full report here >>

68 | Asia Pacific Security Magazine

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

TechTime - latest news and products

INTRODUCING OUR MEDIA CHANNELS Bringing all of the MSM channels together on one platform for the latest and greatest in security, technology and events from across the Asia Pacific and the world. Now available on Apple and Android platforms.

Technology channel partner ecosystem platform with a natural focus on Big Data, Internet of Things and fast emerging technologies

Dedicated channel for all things about Drones, Robotics, Autonomous systems, Technology, Information and Communications

Your one-stop shop for all things CCTV, surveillance and detection technologies

The regionâ&#x20AC;&#x2122;s newest government and corporate Technology and Security magazine, with a focus on the Southeast Asia region and the 10 ASEAN member nations

Commenced in November 2017, the Cyber Security Weekly Podcast has surpassed 30 interviews and provides regularly updates, news, trends and events. Available via Apple & Android

Information presented in TechTime is provided by the relevant advertiser and are not necessarily the views of My Security Media

E TUN IN ! NOW

Asia Pacific Security Magazine | 69

REPORT REVIEW | by CHRIS CUBBAGE AUSTRALIA’S OFFENSIVE CYBER CAPABILITY

POLICY BRIEF:

POLICY BRIEF: AUSTRALIA’S OFFENSIVE CYBER CAPABILITY Australian Strategic Policy Institute, Fergus Hanson & Tom Uren www.aspi.org.au/report/australiasoffensive-cyber-capability

70 | Asia Pacific Security Magazine

Researchers have identified more than 100 states with military and intelligence cyber units, ranging considerably in capability and compliance with international law. The US Cyber Command’s action arm, the Cyber Mission Force, is building to 6,200 military and civilian personnel, or about 10% of the ADF, and for the 2018 financial year requested a US$647 million budget allocation. China has been accused of stealing enormous quantities of intellectual property, North Korea has used cyber tools to steal money, and Russia is accused of using a range of online methods to influence the 2016 US presidential election. This policy brief seeks to further clarify the nature of Australia’s offensive cyber capability. It recommends improving communications, using innovative staff recruitment and retention options, deepening industry engagement and reviewing classification levels in some areas. The report is structured to the following parts: 1. What’s an offensive cyber operation? 2. Organisation, command and approvals 3. Operations against declared targets 4. Risks 5. Checks, balances and compliance with international law 6. Strengths and weaknesses 7. Future challenges and recommendations. Australia’s Capability On 30 June 2017 Australia became the first country to openly admit that its cyber offensive capabilities would be directed at ‘organised offshore cyber criminals’ and the then Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, announced the formation of an Information Warfare Division within the ADF. Australia has declared that it will use its offensive cyber capabilities to deter and respond to serious cyber incidents against Australian networks; to support military operations, including coalition operations against Daesh in Iraq and Syria; and to counter offshore cybercriminals. Given ASD’s role in intelligence gathering, operations can integrate intelligence with cyber operations—a mission critical element. Offensive cyber operations in support of [ADF] operations are planned and executed by ASD and Joint Operations Command under direction of the Chief of Joint Operations. Targeting for offensive cyber operations occurs in the same manner as for kinetic ADF operations. Any offensive cyber operation in support of the ADF is planned and executed under the direction of the Chief of Joint Operations and, as with any other military capability, is governed by ADF

rules of engagement. Decisions on which cybercriminal networks to target follow a similar process to those for military operations, including that particularly sensitive operations could require additional approvals, although the exact processes haven’t been disclosed. Again, these operations would have to comply with domestic law and be consistent with Australia’s obligations under international law. In contrast to Australia’s model, the UK’s National Offensive Cyber Programme is a partnership between the Ministry of Defence and the Government Communications Headquarters (the latter organisation’s minister is the Secretary of State for Foreign and Commonwealth Affairs). In the US, the offensive cyber military capability is housed within Cyber Command, which will be raised to the status of a unified combatant command for cyberspace operations. Recommendations The Policy Brief, alongside other ASPI publications, is a worthwhile compass point and provides six recommendations, summarised as: 1. The Australian Government should be careful when publicly discussing the offensive capability, particularly to distinguish the military and law enforcement roles. 2. Recruiting and retaining Australia’s top technical talent is a major hurdle. A pool of alumni working as cleared reservists could be used as an additional workforce without the significant investment required in conducting entirely new clearances. 3. There’s a policy question about whether or not Australia’s offensive cyber capability should be used in support of Australian corporate interests. 4. The government should continue to scope the potential benefits from lowering the classification of information associated with offensive cyber operations. 5. Consider conducting a cost–benefit analysis on the relative value of substantial further spending on cyber to provide it with an asymmetric capability against future adversaries. This would need to include a considerable investment in training. 6. There appears to be scope to update the existing policy and legislative framework that governs the employment of offensive cyber in deployed operations to support those kinds of activities. Have you recently published a security related book? Or have you just read a new, great security book? Please email us at editor@australiansecuritymagazine.com.au

RISK MANAGEMENT INSTITUTE OF AUSTRALASIA

RMIA Annual Conference 2018 RISK +

= THE NEW NORMAL Sheraton Grand Mirage Resort Gold Coast 31st October - 2nd November 2018

Keynote Speakers

Major Matina Jewell Paul Chivers Risk Advisor - “I’m a Celebrity... Get (Retired) CSP Me Out of Here!”

Dr. Hilary Lewis Deborah Goldingham

Division Director, Head of Risk Culture - Macquarie Group

Marketing & Communications Strategist

8 Topic Streams Over 60 Speakers Thought Provoking Panels Networking Opportunities 30 Sponsors & Exhibitors @ The Gold Coast

Robb Eadie

Chief Risk Officer - BHP

Chris Gatford

Director & Founder - HackLabs

David Piesse

Global Insurance Lead & Chief Risk Officer - Guardtime

FULL DETAILS @ WWW.RMIACONFERENCE.COM.AU Asia Pacific Security Magazine | 71

Advocacy. Community. Integrity.

National

Join the Australian Institute of Professional Intelligence Officers today

Intelligence can provide exciting career pathways across many different agencies and sectors — but isn’t it good to know you’re part of a bigger national and global community? The Australian Institute of Professional Intelligence Officers (AIPIO) provides this community, together with a wide range of membership benefits. Our membership is drawn from a diverse range of intelligence domains, including:

NATIONAL SECURITY

DEFENCE

LAW ENFORCEMENT

REGULATION

BUSINESS

ACADEMIA

BANKING & FINANCE

INTEGRITY COMMISSIONS

As the peak professional body for intelligence professionals, AIPIO is committed to: Connecting members across intelligence communities and encouraging cross-domain collaboration Sharing cutting edge and emerging global intelligence practices and enabling technologies Supporting and representing intelligence professionals throughout their career lifetime Encouraging cross-domain collaboration on broad intelligence topics such as cyber and big data

Do something positive for yourself and your career – join AIPIO today.

aipio.asn.au 72 | Asia Pacific Security Magazine