Australian Security Magazine Dec/Jan 2014 by MySecurity Marketplace

Print Post Approved PP255003/10110

THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au Dec/Jan 2014

Rebels with a clause The crackdown on outlaw motorcycle gangs

Patrick Suckling Australia’s Ambassador to India

FEATURE

INTERVIEW

Humans becoming superhumans all because of CCTV

The business case for safety and security

THE CHALLENGES OF SECURING AUSTRALIA PLUS $8.95 INC. GST

Interviews with INTEL | CISCO | TREND MICRO SCHNEIDER ELECTRIC

TechTime Mini-Mag Inside The latest in news and products

Help keep the internet safe. With the crucial need to keep up with the ever evolving knowledge of hackers, cyber security is a rapidly growing industry that offers excellent career opportunities. Curtin is one of only a few universities in Australia to offer a Graduate Diploma in Cyber Security. As a graduate, you’ll learn how to develop and maintain a secure computing infrastructure, handle and address cyber security threats and manage data access in a distributed network. This means you’ll help keep the digital environment safe, be in high demand and make tomorrow better. To find out more, visit curtin.edu.au/postgradcyber

CRICOS Provider Code 00301J MF CUSE000019 Curtin University is a trademark of Curtin University of Technology

Memories. iFly Singapore, the world’s largest indoor skydiving simulator,

uses Milestone XProtect® Enterprise surveillance software to monitor park grounds and give visitors a lasting memory. Flying at speeds of up to 186 miles per hour, the software records each skydiver’s flight and information using Radio Frequency Identification (RFID). After their flight, a video souvenir helps visitors relive all of the adrenaline-fueled moments. Proving again that XProtect is more than security.

Milestone XProtect® is the world’s leading IP video surveillance management software and is reliable, future proof and easy to use. It supports the widest choice in cameras and seamlessly integrates with business and security solutions such as RFID. Which means your possibilities are unlimited and you can keep your security options open. See our new products and the new ways to use XProtect at: www.milestonesys.com

Milestone Systems Australia Теl: +61 3 9016 7877

Contents

Executive Editor / Director Chris Cubbage Director / Co-founder David Matrai Senior Editor Loreta Cilfone Art Director Stefan Babij Correspondents Sarosh Bana Sergei DeSilva-Ranasinghe Kema Rajandran Adeline Teoh

Editor's Desk 3 Quick Q & A 4 Movers & Shakers 6 Special Interview with Colin Knox 8 Feature Interview Patrick Suckling – Future of Australia-India Relations 10

National Rebels with a clause Australian Workplace Violence 2013 Benchmark Survey results The business case for security and safety Time to take the Australian privacy changes seriously Space to the subsea – emergence of agnostic integrated systems

14 17 18 20

Page 14

International The changing drivers of US military spending 25 To spend, or not to spend 26 China’s own rebalancing act 28 More police a necessity for Papua New Guinea 30

Women in Security The key to success: Just fall 32

Contributors

Cyber Security

Berenice Baker

The challenges of building a cyber security infrastructure 36 On the couch with... 38 The Bolt-on Challenge: Closing security gaps through an integrated security architecture 39

Brett Biddington Bruce Blythe Anthony Caputo

Page 20

Ammar Hindi

CCTV

Sean Jacobs Mark Jarratt

Analytical technologies for a superhuman command and control Solutions for a safer city

Rob McMillan

Frontline

Professor Anthony Minnaar Dr Gavriel Schneider Jose KL Sousa Santos Wai King Wong

Improving whole of Government protective security

44 47 56

TechTime - The latest news and products Bookshelf

Correspondents

40 42

Page 40

Contributors

All Material appearing

Sarosh Bana

Serge DeSilvaRanasinghe

Brett Biddington Bruce Blythe AM

Kema Rajandran

Adeline Teoh

Sean Jacobs

Mark Jarratt CPP Rob McMillan

Dr Gavriel Schneider

Jose KL Sousa Santos

in Australian Security

Anthony Caputo

Ammar Hindi

Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.

2 | Australian Security Magazine

Wai King Wong

Prof Anthony Minnaar

Editor's Desk “There is no greater responsibility for a Prime Minister than ensuring the safety of Australian citizens and securing our borders.” - Australian Prime Minister Tony Abbott, Australian Parliament, November 19, 2013.

t will be worthwhile reading the quote above again before reading further. Is it wasteful political rhetoric or is it a quote of substance and to be taken with the utmost seriousness? Anyone who regularly reads this desk, or knows me professionally, will be aware of my advocacy to have the Australian security industry appropriately recognised and regulated by Australian Governments. There is currently no consistent national legislation for security providers and security operators in Australia. Legislative reform is not on the COAG agenda within the National Security and Community Safety charter. Surprisingly, cyber security is not even nominated under this agenda. Nor does security, community safety or crime prevention get any mention within COAG’s National Objective and Criteria for Future Strategic Planning of Capital Cities. Where on the agenda is the security of Australians? Of greatest concern is the exclusion of the security industry from the National Occupations Legislation scheme. Plumbers, electricians and real estate agents breathe easy. The exclusion is reportedly at the request of State based industry regulators. The Security Industry Regulator’s Forum (SIRF), made up of representatives from each of the State regulators, be they police or Fair Trading officers, appears to be the group who controls the industry through inconsistent State regulation, each with different cost structures, penalties and enforcement. The last time COAG looked at the security industry was in 2008. Even at that time, COAG’s work was acknowledged as inadequate and the latest updates on COAG’s progress during the past five years have been deemed a failure. Coincidently, since 2008, there has been a surge of organised crime in Australia. Organised Crime now costs $15 billion a year, rising by 50 percent, increasing at an estimated average of $1 billion per year during the past five years. Alongside this increase, since 2007, OMCG member numbers have also surged, increasing by 53 percent to about 4,500 individuals, in 44 active gangs. It is one of the drivers for recent action on the issue at a national level. “Organised crime activity invariably exploits Australia’s communities, from vulnerable sectors such as the users

of illicit drugs to individuals who purchase counterfeit goods. However, all people can be adversely impacted by the activities and products of organised crime, including violence, theft, fraud, intimidation and fear.” National Organised Crime Response Plan Over View 2010–13 Even COAG has recognised that by working with industry and communities, that Governments can succeed in building and maintaining a national environment that is hostile and resilient to the activities of organised crime. One of the key strategies has been to reduce barriers and improve the conduct of multi-jurisdictional investigations and adopt a more strategic national approach to cyber crime. Despite these being the words of COAG strategies, neither of these are occurring with any support or reform for the Australian security industry. So where does the responsibility for securing Australians lay? The Commonwealth and the States and Territories agree they ‘share’ responsibility for the internal security of Australia. Therefore, there is no clear ‘accountability’ for community safety and security – hence why we seem to have the same debates about street crime, organised crime, drug abuse, alcohol related violence and more, around Australia, year after year. Examine any local Government in any Australian Capital City and you will find Community Safety and Crime Prevention will be within the top three priorities for the local community. It is why Campbell Newman, can suddenly introduce frightening legislation against OMCGs with a majority of public support. Yet Queensland remains behind other States in introducing COAG’s recommendations. There is an existing business case making it worthwhile to add the Reform of the Australian Security Industry to the National Security and Community Safety agenda. The Federal Government has committed to inject $50 million funding to local Governments, across Australia, to install public CCTV surveillance systems to fight crime. The CCTV Industry incorporates security consultants, security suppliers, security integrators and installers, security maintenance technicians, as well as input from police and local Government authorities. Although the funds will be dispersed

nationally, security providers cannot function nationally due to the limitations of the State based legislation model. The CCTV funding is certainly a welcome boost to the sector, but the benefit to industry is minimised as it creates a surge of work in pockets, rather than facilitating a national boost. Consider the near future also, with most City CCTV systems looking to use the ‘National’ Broadband Network as a backbone – there is a great deal of up skilling needed within the security industry and yet no capacity or framework to share NBN learning outcomes between the States. By reforming the industry to a national framework, there will be increased opportunities for security related businesses and improved standards and professionalism through increased competition. All in line with the new Government’s national economy and productivity agendas. The industry has a lot more breadth than just security guards, crowd controllers, body guards and investigators. Security impacts all sectors of society and includes some of the world’s largest companies, like our profile in this issue of Lockheed Martin International, a $47 billion global security company. If legislators and regulators understood the business of modern security better, I’m sure we would not need to be managing 21 or more different security licence classes in seven different jurisdictions. Instead, we would have the option of operating, consulting, advising and investigating under a Federal framework that integrates and complements the State based systems. The situation, nationally, requires the highest attention and recognition, including that of the Australian Prime Minister. If indeed, he does not have greater responsibility. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.

Yours sincerely,

Chris Cubbage

CPP, RSecP, GAICD

Executive Editor

Australian Security Magazine | 3

....with Justin Busuttil

Protective Security Manager, Lockheed Martin Australia

As a Registered Security Professional of Australasia, Justin Busuttil previously spent 11 years as a police officer with the NSW Police Force, two years as an Operational Safety Trainer (OST) with Australian Federal Police (AFP) and has managed security operations and protective security for the past five years. In his current role with Lockheed Martin Australia, he is responsible for the management of personnel, information and physical security across a number of Lockheed Martin business lines and programs in Australia. How did you get into the security industry? After leaving law enforcement it seemed like the logical progression. Pursuing a career in protective security management appealed to me and allowed me to use the skills I had developed over an 11-year career in law enforcement. Where I am now seems such a long way from being a beat cop in south west Sydney. The hard part was not being seen as just another ex-cop. The first major step was to obtain civilian recognition for my police training and experience and continue with additional training and development. Since leaving the police I have obtained a number of qualifications which I think are essential to protective security management in both Government and industry. These include Diplomaâ&#x20AC;&#x2122;s in Management, Government (Security), Government (Investigation), Security & Risk Management. I am currently studying to receive my Diploma of Work Health and Safety, and plan after that is complete, to look at some studies in Emergency Management. How did your current position come about? I was working as the Agency Security Adviser (ASA) for the Office of the Fair Work Ombudsman in Canberra, when I saw an advertisement for a Security Manager with Lockheed Martin. I knew very little about the company at that point, other than they built military aircraft. I checked out the company website and was impressed with what I saw, which was more than just building planes. The type of work conducted by Lockheed Martin really interested me and I thought it would be a great opportunity to take my security management career to the next level.

4 | Australian Security Magazine

What are some of the challenges you think the industry is faced with? There has been so much development and advancement in the technological side of security but the manpower side of the fence is still in the dark ages. This concerns me because the weakest link in any security control or process is the human component and the trusted insider threat still remains the greatest threat to Government and industry. Security guards/officers remain poorly paid, poorly trained, and they are often the first and last person you see when you interact with an organisation or facility. There is so much focus and investment in cyber security which is valid based on the threat but the traditional threats have not gone away. We need to ensure there is a balance between cyber security and physical security and that they are complementary to each other. It is pointless spending hundreds of thousands of dollars on cyber security when you donâ&#x20AC;&#x2122;t conduct background checks on your personnel. It is pointless spending thousands of

dollars on Electronic Access Control Systems (EACS) if you donâ&#x20AC;&#x2122;t provide adequate and ongoing security awareness training where personnel are educated about access control, visitor management, and situational awareness. Where do you see the industry heading? Unfortunately, I think the separation between protective security (personnel, physical and information security) and cyber security will continue to grow and we will go full circle and see a return of traditional security threats because all of our focus is on the cyber threat. It does not take a rocket scientist to know that you target the weakest link in the chain. I see the continued and progressive integration of protective security management with emergency/crisis management, and see the security manpower (guards/officers) continuing to be the most neglected sector in the security industry.

www.cctvbuyersguide.com

For all the latest in CCTV products and news. www.cctvbuyersguide.com

addition, she also worked as a security consultant in the private sector for nearly seven years, across privacy, security compliance, secure product design, security architectures and PKI. These roles strengthen Gartner’s security expertise across the Asia Pacific region.

Iain Deuchars

Roger Hook

Craig Lawson and Anne Robins Gartner in Australia has two new additions joining the security research team. Craig Lawson is a research director based in Brisbane, covering network security. His research areas focus on firewalls, Web security, IPS, IDS, SIEM, log management, vulnerability management, advanced threats (APT), vulnerability research, network forensics, virtualisation, cloud and mobile security. He brings more than 22 years’ experience in the IT industry to Gartner, having worked in IT security related pre-sales, engineering and solution architecture roles at HP, IBM and Dimension Data during the past 15 years. These roles covered a variety of vertical markets using on-premise, managed services, IaaS and SaaS delivery models, such as health, commercial, Government, natural resources and telco. Anne Robins is a Sydney-based research director covering security, risk management, identity and privacy strategies. She has more than 20 years’ information security experience in both Government and private sectors. Before joining Gartner, Anne worked in biometrics and identity management with Daon in Australia and New Zealand. She also spent nearly 10 years in a variety of roles at the Defence Signals Directorate (DSD), including cryptographic engineering, security product evaluation and accreditation, as well as InfoSec policy and capability development. In

6 | Australian Security Magazine

Security and crowd management specialist Integrated Security Consultants Ltd (ISC), has been awarded the contract to secure Singapore’s multi-venue flagship, the Singapore Sports Hub, due to open in April 2014. The Hub, with its motto ‘where Singapore comes to play’, includes the republic’s new 55,000-capacity National Stadium, the existing 13,000-capacity Singapore Indoor Stadium, plus two multipurpose Sports Halls, an Aquatic Centre, 41,000 square metre Retail and Waterfront area, Water Sports, Sports promenade, Singapore Sports Hub Library, Singapore Sports Museum and Sports & Lifestyle Facilities. In a five-year exclusive deal with global property services provider DTZ, one of the Hub’s consortium partners, ISC Ltd has incorporated a new Singapore-based company, Integrated Security Consultants (S) Pte Ltd, as it launches this international expansion. ISC (S) Pte Ltd will source, recruit and train a local crowd management workforce to supply the various venues at the Sports Hub, bringing UK expertise in event staffing operations and safety stewarding to this facility. Roger Hooker, previously Venue Management Cluster Manager for London 2012 and Venue General Manager at Games Time for the Organising Committee across the Wembley Olympic site, has been appointed Senior Project Director for ISC. He will mobilise the business and lead the team to deliver these services in Singapore.

ComNet Europe Ltd of Leeds in the United Kingdom, a division of ComNet Communication Networks, a USA-based manufacturer of fiber optic, wireless and copper transmission and networking equipment, has announced the appointment of Iain Deuchars as Business Development Manager. Iain will be responsible for securing new business opportunities and strategic partnerships throughout Europe, the Middle East, Africa and Asia. Iain Deuchars comes to ComNet from KBC Networks where he served as Managing Director for the past eight years. Prior to KBC, he was the Managing Director of IFS Europe. “I’m very pleased to be joining ComNet,” comments Iain, on his new role. “ComNet has been very aggressive since entering the market, their product development pace has been very impressive and the fact that many of the products they offer are made in the USA give us, as I am now proud to say, a very distinct advantage.”

Bill Gately ISCON Imaging, Inc, a subsidiary of DVTEL and a manufacturer of patented infrared (IR) imaging systems for the global security market, has appointed seasoned executive leader Bill Gately as its new Chief Executive Officer. Gately brings to ISCON a proven track record of helping to drive growth and launch new technology developments into emerging, fast growth markets. He has more than 25 years of multinational executive leadership, strategic product development and operational expertise at world-class organisations. “Bill is a proven executive leader with extensive experience in the fields of electronics, semiconductors, homeland defense and security,” says Yoav Stern, President and CEO, DVTEL, the parent company of ISCON. If you have an entry for Movers & Shakers please email details and photo to editor@australiansecuritymagazine.com.au

LEADING INDEPENDENT SECURITY CONSULTANTS

Security, Risk & Resilience Independent, Specialist, Professional

T | + 61 8 6162 9920 E | info@amlechouse.com W | www.amlechouse.com

PTY LTD

security & risk management specialists Australian Security Magazine | 7

....with Colin Knox

RIMS Australasia Chapter President what both drives RIMS and sets it far apart from other associations and institutes. With significant initiatives such as the Spencer Foundation, which offers funded internships and other educational assistance for students, RIMS is able to deliver services and opportunities to members that simply have not been available in this region and which would take years to establish in isolation. RIMS network stretches across over 11,000 members around the world and with that broad base of skills and knowledge comes deeper and broader learning opportunities as well as a sound base from which to continue to grow. Risk Management has been an accepted discipline for 20 years – what are the impediments for the Asian region in adopting the ISO 31000 standard?

arly December 2013, RIMS successfully hosted its first ‘Risk Forum’ in Melbourne, Australia. The Australian Security Magazine interviewed the new RIMS Australasia Chapter President, Colin Knox, about the expansion into the region. What is your motivation in taking up the Australasian Presidency for RIMS and what qualities do you bring to the role? My main aim is to establish a member based professional risk management organisation that will assist risk managers working in public and private organisations to have access to global networks of risk managers, strong technical support for their roles and internationally recognised risk management professional development and educational pathways and qualifications. The presidency role is something that I see as an opportunity to drive the

8 | Australian Security Magazine

establishment of RIMS in this region, and with long experience in risk management dating back to the 1980s when I completed the RIMS Associate in Risk Management qualification, and experience in various senior risk management roles in Australia, Papua New Guinea and the Americas, I have seen the benefits of being associated with a strong international body, such as RIMS. What is the driving force behind RIMS and how will it be different to other associations or institutes operating in the broad risk management charter? RIMS has established strong professional networks, education and professional development programs and technical resources that can be of immediate value to members and are unmatched by other associations. The depth of these resources and the long experience that RIMS has in delivering them through established systems is

I don’t see any impediments to Asia adopting ISO 31000, moreover I see one of the great strengths of Asia as being its ability to evolve quickly into being leaders in the global economy and great adopters of fundamental processes and international standards that are helping to drive this evolution. The growth of education and professional development across much of Asia in recent years has been astounding and despite coming from ‘third-world’ levels of risk management, there is strong interest in business and Government in adopting sound risk management practices. I believe that as Asia continues to grow as an economic powerhouse, so too does its want and need to improve the management of risk through the adoption of internationally recognised processes and standards. RIMS is well positioned to assist in delivering services to assist the growing risk management community in Asia in the understanding and adoption of these processes and standards. What are the key challenges ahead for RIMS as it expands? I believe the only real challenge for RIMS is that many companies and Government bodies are operating under financial constraints that restrict their membership of professional bodies. I think it is incumbent therefore on RIMS to demonstrate and continuously improve its ability to add value to its membership and to business and Government through the delivery of RIMS services that improve knowledge, skills and technical resources to help drive better business and Government outcomes through sound risk management practices.

Feature Interview

Future of AustraliaIndia Relations In today’s context, Australia-India relations have reached a new and unprecedented milestone. Australia’s Ambassador to India, Patrick Suckling, provided an exclusive insight to Sergei DeSilvaRanasinghe about the development and scale of modern bilateral relations, challenges in the relationship, cooperation in combating people smuggling, development of a strategic partnership, the implications of Australia’s role in the UN Security Council for South Asia, Australia’s growing interest in the Indian Ocean, the importance of regional multilateral organisations and what the future holds for the bilateral relationship.

would like to start by getting a sense of how Australia views the relationship with India today?

Serge DeSilva-Ranasinghe Correspondent

10 | Australian Security Magazine

As you know the Government recently released three significant documents: The White Paper on the Asian Century, The National Security Strategy, and the Defence White Paper. Those documents give you a very good sense of where Australia views India now. India’s influence in commerce has definitely grown in recent years off the back of its economic growth, but its strategic reach has also been important and its interest in East Asia and the Indian Ocean. These documents recognise that India is at the forefront of our relationships in the region, alongside China, Indonesia, Japan, South Korea and the United States. The relationship with India is growing strongly. The white papers are a reflection of the Australian Government’s commitment to strengthening and diversifying our relationship – not only in terms of economic cooperation, but also on strategic security cooperation. The scale of the relationship, especially over the last ten years, has become very significant. This is why both countries agreed to elevate the relationship to a strategic partnership

in 2009. That was built on quite significantly during former Prime Minister Gillard’s visit to India in October last year [2012], including an agreement that the Prime Ministers would meet annually. The economic relationship is based on a genuinely strategic element, which is resource security. India sees Australia as a secure, long-term supplier of its energy needs, which is the way Northeast Asian economies have viewed Australia for decades. Whether it’s coal, LNG, copper or gold, there’s a significant trade in those sorts of resources. India is currently our tenth largest trading partner and fifth largest destination for Australian exports in goods and services. However, India is now looking at Australia in a way that it didn’t in the past; in terms of providing significant input into its continued development and prosperity. All of our major banks are now in India, we have major construction companies working with India and we have all sorts of providers from agribusiness to education, legal services to architecture and urban planning and design services operating there. We have got a very good set of bilateral forums where we can discuss a whole range of issues. For example, coming out of the Prime Minister’s visit to India last year [2012], there

Feature Interview

was an agreement for an annual PM to PM meeting. Now that will sit on the top of all the other frameworks where ministerial dialogues will now feed up into an annual PM to PM level agenda. It will drive the whole relationship, with a range of bilateral mechanisms – such as Foreign Minister meetings, annual Trade Minister meetings and regular Defence Minister meetings. We have ministerial dialogues on energy, security, education and skills. We have a CEO forum where top CEOs from India and Australia get together and discuss matters of mutual interest where they can drive the relationship further. So if you put all of those things together, we have a very significant suite of arrangements where ministers can, on an annual basis, talk about things that are of most importance to us and then feed them up to a Prime Minister-led process. In terms of where we’re looking down the road, what we’d like to see is, in the context of the PM to PM meetings, how far and fast we can drive the relationship through these ministerial level-led dialogues. Bilateral trade and investment is around 20 billion. Last year alone India put 10 billion dollars into Australia. Twoway trade last year was about 17.4 billion dollars. About 15 billion of that was Australia into India and the remainder was India into Australia. We expect those figures to continue to grow. If you look at India’s coal requirements over the next few years, the projections are that their import requirements will go from 100 billion tons to around 200 billion. If you look at LNG they’re going to go from 15 million tons to 30 million tons in the next few years and then 50 million tonnes by 2025. There is also increasing interest from India into Australia. For example, last year over 10 billion dollars was invested by Indian companies into our resources sector. All of India’s major IT firms are active in Australia, with upwards of 2,000 employees each. They’re looking at niche manufacturing areas such as aircraft, fertilizers and chemicals. We’re trying to negotiate further and more comprehensive economic partnership arrangements so that we can continue to diversify and strengthen the relationship. If you also look at people-to-people links, they’ve been growing fairly strongly over the last 15 years. We now have about 450,000 people of Indian origin living in Australia. Two-way flow for tourists are higher than they’ve ever been. There were over 180,000 Australians who went to India last year [2012] and over 150,000 Indians who went to Australia last year [2012], with that number projected to go up to 300,000 in the next few years. Since August 29 this year [2013], India has commenced direct flights to Australia, which is significant. For the first time there will be direct flights between India and Australia. Indians are currently the strongest growing migrant group in Australia and Indian international students are the second-largest group of foreign students in Australia. We’re pursuing, with India, stability and security for both the Indian Ocean region and the Asia Pacific. On the strategic and security side of things, I think India and Australia see eye-to-eye currently in a way that we didn’t in the past. For example, the recent Indian Defence Minister’s trip to Australia was a first ever visit by an Indian Defence Minister. There were very significant and detailed strategic discussions during that visit, but also with substantive outcomes – particularly an agreement on navy-to-navy

“Bilateral trade and investment is around 20 billion. Last year alone India put 10 billion dollars into Australia. Two-way trade last year was about 17.4 billion dollars. About 15 billion of that was Australia into India and the remainder was India into Australia.” exercises commencing in 2015. We’re working together in terms of our shared interest in a continued democratic Afghanistan. We’re working together on counter terrorism. We have shared strategic interests in the Indian Ocean. What would you say are the major challenges in the relationship? There are no major impediments, irritants or significant problems in the relationship. Having said that, there will always be challenges. The student issue was a significant challenge. But in terms of the relationship, the issue is well and truly behind us now. The Government in Australia took some fairly swift and strong action to nip that problem in the bud. Having said that, as I travel around India I am regularly asked by people whether Indian students can safely go to Australia because of the media attention at that time. So I do think that we still have a public diplomacy agenda or some work in public diplomacy to do to showcase just how safe and tolerant Australia is as a place for international students to go and study. On the Uranium issue, India recognises that Australia has changed its policy, which had previously been a bit of a drag on the relationship. We’re actively negotiating that agreement as we speak. We’ve had two highly productive and positive exchanges so far. From my perspective I think that the major challenge of the relationship with India and Australia is just the enormity and diversity of it. We need to make sure that we can as two Governments, peoples and business communities make the most of the sorts of opportunities that are currently being presented to each other through India’s extraordinary growth, Australia’s strong economy, and the positions that we both have adopted in terms of the Asia Pacific and the Indian Ocean. What about the issue of people smuggling? To what extent has there been cooperation between the Indian authorities and the Australian authorities on mitigating this problem? There’s been significant cooperation between Australia and India on people smuggling. The Indian authorities have disrupted 19 boats. We’ve worked with them very closely in terms of sharing information. We’re currently working closely with the Indian Government on the Australian Government’s recent changes to the system and the processing and rehabilitation that will occur in Papua New Guinea. We’re working with the Indian Governments both at the centre and in the south of India, to make sure there’s a very clear sense of Australia’s latest policy. There still are from time to time, boats that are looking to leave from India and that the Government

Australian Security Magazine | 11

Feature Interview

“....we’re working with India very closely on that agenda for example. India, like Australia, recognises that there’s been significant progress in Afghanistan over ten years. There’s been a lot of hard work done by the international community to not only build up the security forces of Afghanistan, but also in terms of development, growth and education.” therefore feels it has to maintain continued vigilance and activity and effort in this area, but I wouldn’t say the problem is out of control. Tell us how things have developed at the strategic partnership level since 2009. The elevation of the relationship to a strategic partnership in 2009, was a recognition that we do have a lot more to talk about and do together on a strategic and security level. We’re doing that in a much stronger way than we ever did in the past. One example, in terms of that foreign policy dialogue that is significant, is the East Asia Summit. Both countries recognise that a leader level institution has significant potential to build cooperation around East Asia. Therefore, India and Australia are both committed to, as are a range of other countries, to strengthening the East Asia Summit as a significant piece of multilateral architecture with a view to it contributing in a significant way to continued stability, security and prosperity of one of the world’s fastest growing regions. The other area which I mentioned before is Afghanistan; and another area is the Indian Ocean. Both countries recognise that the Indian Ocean will become more strategically important over time - particularly as resources flow across the top of the Indian Ocean and then down into the Malacca Straits and up into North Asia. We feel there’ll be a lot more scope to work together in the Indian Ocean other than counter-piracy, and we also both have a major commitment to strengthening Indian Ocean Region Association (IORA) as a regional institution again to build cooperation in the Indian Ocean. On the security level both India and Australia have both been victims of terrorist attacks. India has had multiple terrorist attacks over many decades and it’s therefore deeply aware of the threat that it presents to its national security, as are we. Therefore, in Afghanistan we both have a shared objective of Afghanistan not becoming again a haven for terrorists. Where we can work together on terrorist networks of mutual concern, and there are a number of those. We’re increasingly doing that with India. Touching upon some of the regional aspects of the relationship with India, and broadly speaking South Asia as well, how will Australia’s role on the Security Council shape its relationship with the South Asia region? We have some priorities in terms of being on the Security Council, whether it’s Afghanistan, or peace keeping, or the

12 | Australian Security Magazine

arms trade treaty and we’re pursuing those with countries in South Asia. They will continue to be our priorities for years to come. In terms of the UN Security Council, in regard to India, and in particular Afghanistan, there’s obviously going to be a major transition as you know in Afghanistan. Troops will be withdrawn and there will be an increasing focus on governance and supporting its democracy. So we’re working with India very closely on that agenda for example. India, like Australia, recognises that there’s been significant progress in Afghanistan over ten years. There’s been a lot of hard work done by the international community to not only build up the security forces of Afghanistan, but also in terms of development, growth and education. India is as committed as Australia and the international community are, in supporting that continued progress in Afghanistan What specifically are Australia’s national interests in the Indian Ocean? Well stability and security are one. I think piracy, as an example, is significant to the enormous amounts of shipping and trade and of resources that go through the Indian Ocean. Particularly in terms of resources out of the Middle East and into the Pacific and into East Asia. From our perspective, the security and stability of the Indian Ocean is obviously very important and that’s why we, along with others, have been so proactive in trying to address the piracy problem and building a separate community and cooperation among countries in the Indian Ocean region. Be it fisheries, be it maritime security, people smuggling, climate change. Those are all shared challenges in the Indian Ocean which we think need close attention. We think an organisation like IOR-ARC can be helpful in building common approaches and addressing those sorts of challenges. I’d like to explore the issue of militarisation in the Indian Ocean region. In 2012, Jane’s Defence Weekly released figures on the military expenditure showing that India’s defence spending equated to 2.2 percent of GDP and China at 1.5 percent GDP. India is also the world’s leading arms importer. Given this state of affairs, does Australia see a need to discuss with India the need for transparency in its military program, like it does, say in relation to China? Commensurate with their growing influence, India and China are both expanding their defence forces. We have a range of extensive and detailed discussions with India in terms of what it’s doing. India in any case is pretty transparent

Feature Interview

about what it’s doing in terms of its defence forces. Those discussions are positive and constructive and we don’t have a problem with India expanding its military commensurate with its growing influence. From our perspective, it’s got evident security interests as any country does; it’s a significant Indian Ocean player. Military expenditure is commensurate with its growing economy and strategic influence. It aims to provide regional security and stability, and we welcome that in terms of India’s efforts to, for example, counter-piracy in the Indian Ocean. The Australian Government’s position on India in terms of our strategic thinking, is very clear in the 2013 Defence White Paper. I think there’s not a sense of anything to be hidden here; we’re fairly upfront about what we think about India. Could you give me a sense of what lies ahead with the Indian Ocean Region Association (IORA), a key regional body where India has considerable influence? We think that there’s a great opportunity between our three countries to work on strengthening the IORA agenda. However, I think we have to be realistic about IORA. It’s not been around for a long time. It covers a vast territory with a lot of different countries, so therefore, I think part of what India’s been focussing on this year [2013] is making sure that IORA focuses on a few areas where we can build cooperation. For example, talking about disaster relief, humanitarian responses and how regional capabilities can be structured so that we can all pull together if required. Another area which is critical to a number of countries in the Indian Ocean region is stronger and better fisheries management. Another area is adaptation to climate change. If there are going to be serious problems thrown up by rising sea levels, then we need to look at the useful work IORA do, as other regional institutions are in the South Pacific, to build resilience and adaptability, to make sure that countries are prepared. Those are the sorts of things we think working with India and Indonesia and other countries in IORA to achieve. Counter-piracy is obviously other example where IORA has been strongly supportive. Given their importance to India and the region, what is the nature of Australia’s involvement with the two key regional bodies; the South Asia Association for Regional Cooperation (SAARC) and the Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC)? SAARC is another way in which the countries of South

“...the investments India is making into our resources sector are fuelling India’s prosperity. Bringing hundreds of millions of people out of poverty is India’s number one priority”

Asia can talk about common challenges, common interests, shared opportunities and work together on those issues. We support that process and we think SAARC is a useful way in which the countries of South Asia, like other regional organisations such as APEC do, to identify some areas where they want to make progress in. For example, they’re running a fairly interesting economic agenda at the moment, in terms of liberalisation and greater access to each other’s markets. Which, like all regional organisations, we think is only a net benefit for the countries of the region. So we support SAARC. As for BIMSTEC, that’s a whole area that traditionally has been very underdeveloped. India sees Myanmar’s increasing liberalisation and opening up to the world as presenting some good opportunities. India is actively working with other countries like Bangladesh and China to improve the connectivity and the economic prospects of that whole region and that includes road building, bridge building and connecting the north east with Myanmar, Bangladesh and India. Australia is not heavily involved. Early in 2013, a parliamentary inquiry deliberated its finding on Australia’s ties with the Indian Ocean region. Will the report’s recommendation be implemented by the Australian Government, and how will they impact upon ties with India? The Government has made India a priority among six countries. India is in our first tier of relationships and the recommendations of the parliamentary inquiry will be looked at carefully. But the big point is that India, for us, is one of our key relationships – one of our most significant and important relationships and the Government is committed to continuing to strengthen that. We don’t have any significant bilateral problems at the moment, which means that both countries are very receptive and willing to do more together. We’re seeing eye-to-eye in a way we never have in terms of strategic and security issues, which means that we’re actively exploring how we can cooperate, including in terms of defence. Again, 15 years ago we didn’t even really discuss, let alone even sit down, and work out how we would do things together. And then we have this significant economic relationship, which is genuinely strategic and it’s a win-win relationship. And if you just look at the resource security issue alone – those resources that we’re providing to India or the investments India is making into our resources sector are fuelling India’s prosperity. Bringing hundreds of millions of people out of poverty is India’s number one priority and Australia is playing a major role in terms of providing significant inputs into India’s development and growth efforts. By India buying those resources from Australia, by India investing in Australia and our resources sector, India is fuelling Australia’s prosperity. We think that there’s very significant complementary dynamic at work in our economic relationship. From the Government’s perspective, the relationship with India is not only in very good order but it’s also highly prospective and we’re committed to maintaining its priority as one of the countries that we want to go from strength to strength with. Many thanks for your time.

Australian Security Magazine | 13

National

Rebels with a clause National efforts to reduce the public impact of outlaw motorcycle gangs have stepped up with new laws that target this specific type of organised crime. What can we expect from the coordinated efforts between the Commonwealth and the States?

T By Adeline Teoh Correspondent

wo men walk into a bar. This is not the start of a joke, but the beginning of an incident that led to a public national crackdown on outlaw motorcycle gangs (OMCGs) in late September 2013. More than a dozen members of the Bandidos, an OMCG, followed the two men into the Aura Tapas and Loungebar. The ensuing brawl outside the Gold Coast restaurant saw several terrified diners flee the scene and some 60 men involved in total. About half have since been arrested. The incident did two things; it allowed Queensland Premier, Campbell Newman, and his Attorney-General, Jarrod Bleijie, to pass tougher laws designed to prevent members of OMCGs from associating with one another, and it gave oxygen to a national effort developed to counter the borderless nature of organised crime.

The new Queensland legislation includes: • Vicious Lawless Association Disestablishment Bill 2013 • Tattoo Parlours Bill 2013 • Criminal Law (Criminal Organisations Disruption) Amendment Bill 2013.

14 | Australian Security Magazine

Among other things, it allows the Queensland Government to regulate tattoo parlours, prevent gatherings of more than three gang members, arrest any members who wear club insignias, and conduct closer surveillance and financial scrutiny of businesses that may be owned or frequented by gangs.

Teething problems Although the public seems to support the laws in principle, there has already been a backlash from the legal community and civil libertarians after some prominent gaffes, the first of which was the speed at which the laws were passed without public consultation and the usual parliamentary committee process. This led to a mistake stating that a gang member who commits grievous bodily harm or assaults a police officer ‘must be imprisoned for one year’ instead of instilling a minimum mandatory sentence of one year. Other detractors believe the laws are too vague. In addition to OMCGs, the laws could potentially cover activist groups, trade unions or other organisations the Government begins to dislike, according to the Australian Lawyers for Human Rights. Queensland Convenor,

National

•

• •

Due to the Queensland Government’s stance on OMCGs, Crimestoppers in Queensland received more than 300 pieces of information from the community in October, representing an increase of more than 50 percent on the monthly average of reports. Source: Col Blanch, Australian Crime Commission. $15 billion is the estimated annual cost of organised crime (including OMCG activity) to Australia. Source: Australian Crime Commission. In 2012, there were 44 active OMCGs comprising of 4,483 individuals in Australia. Source: Australian Crime Commission

Benedict Coyne, was concerned that the laws undermine human rights principles on arbitrary detention, equality before the law, and the freedoms of association and expression, the Brisbane Times reported. The law against insignias became a farce when police questioned a man wearing a t-shirt with a fictional gang symbol from TV show Sons of Anarchy. There is also concern that without insignias, gang members could be harder to identify. Business disruption is also a point of contention. Bleijie says, in addition to tattoo parlours, he will also look at second-hand car dealerships, gyms and security firms, as he believes these sectors contain businesses owned and/or operated by gangs for the purposes of money laundering and other illegal activities such as distributing drugs. Because of his high profile stance, the Attorney-General has already become the target of an OMCG threat.

National coverage The public nature of both OMCG violence and Government response is an interesting twist to the usual mode of operation

for organised criminals; the high profile of OMCGs makes the gangs attractive to disillusioned men as well as visible targets for police action. Col Blanch, National Manager Investigations at the Australian Crime Commission (ACC), says since 2007 member numbers have increased by 53 percent to about 4,500 individuals in 44 active gangs, one of the drivers for recent action on the issue at a national level. In addition to violence, OMCGs are also responsible for offences ranging from drug manufacture and distribution to tax avoidance worth millions of dollars. As strange as it may seem to target businesses, Bleijie may be on the right track. OMCGs are so resilient, says Blanch, “They will infiltrate any number of legitimate sectors.” There have always been laws against organised crime, but the Gold Coast incident boosted the national response to the issue, Blanch reports. The ACC will lead the $7 million Australian Gangs Intelligence Coordination Centre, in charge of anti-gang squad measures supplying key information to State-based strike force teams. Other federal organisations involved include the Australian Federal Police and the Australian Tax Office. The proactive nature of the joint coordination will go a

Australian Security Magazine | 15

National

long way to forming an adequate response to OMCG impact, says Blanch. “With limited resources you’re quite reactive as a police force so if something happens you respond to it and you do your best to dismantle it. [Now] every tool we can think of will be used to fight.” This is not the first time there has been national coordination in this area. In 2012, Taskforce Attero focused on the Rebels OMCG, which had a large membership across Australia. The coordinated approach saw searches performed on 300 premises and succeeded in netting more than 700 arrests. Blanch believes coordination between the Commonwealth and the States and Territories will improve the response. “One of the strengths of OMCGs is that borders aren’t relevant to them. They are in every State, so national coordination is critical to respond to this threat,” he notes. “In the past, successful operations have been through joint work, that’s why I think this will be successful. We think it’s the best strategy to break the business model of serious and organised crime.”

Behind closed doors It is also the gang operations out of the public eye that will present a challenge to law enforcement authorities. Blanch sees OMCGs as an evolving target. “They are more agile, entrepreneurial and diverse, which is why we need that coordinated response,” he says. “Over time they become better at what they do because of the way our court systems work. We have to tell them how we caught them to prosecute them. They learn from that. [We need] to find out what they’ve learnt and make sure we are one step ahead.” The first step will be getting the jurisdictions to communicate across borders, says Blanch, then they will measure success by arrests, charges and prosecutions, seizures of illicit substances, firearms and unlawfully created wealth, as well as a reduction in membership caused by making OMCGs less attractive for individuals to join. “The best thing to see would be OMCGs not being an attractive proposition for impressionable young men to join and that is through them having no wealth acquired from unlawful means.” Broadcaster Michael Smith, of Sydney’s 2UE, put it best when he noted how gang members made much of their bravado and reputed fear of nothing. “The fear of nothing might be about to be realised because that’s what each person involved in the targeted outlaw gangs will end up with. Nothing. Nothing by way of assets, nothing in the bank, nothing left in the hidey holes, and nothing that remotely resembles a future in an OMCG.”

16 | Australian Security Magazine

National

Australian Workplace Violence 2013 Benchmark Survey Results Following a workplace violence (WPV) survey of major employers in the US, a similar survey was conducted in Australia through the assistance of the Australian Security Magazine and the Asia Pacific Security

Magazine. Below is a summary of the Australian workplace violence benchmarking survey and a comparison with US survey findings.

Bruce Blythe

orkingsafe.com.au (2012) has reported that Australia does not currently have a national mechanism for systematically collecting data on workplace violence. However, a recent survey of 600 Australian health professionals, teachers and police indicated: • 57 percent of respondents reported experiencing verbal abuse from community members in the past 12 months • 31 percent reported bullying and harassment from colleagues • 21 percent indicated physical violence from community members; and • 20 percent reported property damage (eg, deliberate damage to cars, housing or office). In July 2008, WHS (Work, Health, Safety) laws were established for all States and Territories to: • Acquire and maintain up-to-date knowledge on WHS matters • Obtain an understanding of the risks and hazards associated with a workplace • Ensure the workplace has resources and processes in place to enable health and safety risks to be eliminated or minimised • Ensure the workplace has processes for receiving information about risks, hazards and incidents, and responding in a timely manner; and • Ensure the workplace has processes to comply with duties and obligations under the legislation.

Survey results The Australian survey was conducted by US based Crisis Management International (CMI) in September 2013. The benchmarking results indicated: • 60 percent of Australian companies reportedly have some form of a workplace violence program in place; • However, less than 20 percent have: • A threat notification system designed to notify the organisation of threats • Protocol for managing potential hostility during layoffs or terminations • Violence-related emergency and crisis response systems • Only 5 percent have a program for dealing with domestic violence threats that come into the workplace • 60 percent have no established relationships with external professionals that specialise in workplace violence.

US comparison In comparison, 45 percent (versus 5 percent Australia) of US companies are addressing domestic violence in the workplace and more than 80 percent (versus 40 percent Australia) have established relationships with external professionals in this field. In further comparison to Australia, the US benchmark survey revealed: • More than 80 percent (versus 60 percent) of responding companies have a workplace violence program; • Less than 20 percent of responding Australian organisations have the following, when compared to the US survey: • More than 50 percent of US organisations have a threat notification system • 47 percent have a protocol for managing potential hostility • 57 percent have emergency and crisis response systems in place.

Actions The Australian National Health and Medical Research Council suggest there are three phases for managing workplace violence. These include: 1. Before; a program to prevent, reduce, or eliminate the risk of workplace violence 2. During; immediate response to a violent incident which may involve, for example, minimising the risk of harm to the employee, reporting a violent incident, referring an incident to other agencies or services (eg, police), and defusing violent situations until emergency services can provide support 3. After; recovery and review, which may involve providing staff with counselling and support services, dealing with legal matters and workers compensation claims, and reviewing processes and procedures.

Final thought Approximately twenty years ago, the US Postal Service experienced more than a decade of multiple employee mass workplace violence shootings. As a result, they implemented a comprehensive workplace violence program. Following implementation of the program and with approximately 750,000 at the time, the US Postal Service experienced no employee shootings for more than eight years. Through this experience and the effectiveness of other programs, there is mounting evidence that comprehensive WPV programs can effectively minimise the full range of violent behaviour in the workplace, including verbal threats, bullying, physical assaults of people and property, and more severe forms of workplace violence, such as assaults with deadly weapons. About the Writer Bruce Blythe is an internationally acclaimed crisis management expert and is widely regarded as a thought leader in the crisis management and business continuity industries. He is the owner and chairman of three companies that provide employers with a continuum of crisis preparedness, crisis response and employee return-to-work services.

Australian Security Magazine | 17

National

The business case for safety and security As many experienced security and safety managers know, it is a particularly difficult and onerous task to; first obtain the necessary funding; secondly getting such funds formally budgeted; and thirdly allocated to your functions. Such allocations for safety and security functions are usually the last priority for senior level business managers and budgetary allocation boards.

Dr Gavriel Schneider and Professor Anthony Minnaar

18 | Australian Security Magazine

n terms of the evolution of the role of security and safety managers – for the purposes of this article we will refer to SSHE professionals (Safety, Security, Health and Emergency management) – whether we like it or not, the reality is that the very idea of needing security and safety measures is largely unpalatable to most senior managers and corporate executives, particularly the Financial Manager. One of the primary reasons for this is that it shows an uncomfortable reality – the reality that things may go wrong. This leads to a mental predisposition whereby it is easier to ignore the problems (ie, not allocate a budget to safety and security issues and measures) than face them and admit to the realities of actual risk exposure. Unfortunately, the one time when money is thrown at SSHE activities is usually reactively when an incident has already occurred. This leads to what may be referred to as the ‘Reactive SSHE Spending Model’ (RSSM). The RSSM is illustrated the the left: Despite the glaring inherent weakness with the SSHE model, it still seems to prevail as the primary manner in which most organisations allocate budget and resources to SSHE activities. There are numerous reasons for the prevalence of this model. These include: • Organisation having no internal security risk structures; • Persons managing the security functions having little or no experience • Experienced SSHE professionals responsible may have little business experience • There may have not been a strategic risk based approach to SSHE • SSHE is not integrated into the business operation; • SSHE does not contribute to larger scale goals and objectives of the organisation • The organisation is in denial regarding risk exposure or incidents that have occurred

•

Duty-of-care and compliance requirements have not been identified nor have management methodologies been developed to meet the required duty-of-care responsibilities • External industry is not consulted or utilised to benchmark and measure organisational application of SSHE requirements. By addressing the points above in an integrated and strategic manner it may be possible to show an actual return on investment on SSHE expenditure. Below are two simple examples: Example 1 Stock Risk Control: A mining site in a remote location has been operating for a year. Basic onsite security consists of a security guard who doubles as an emergency response office. In order to ensure that site vehicles could function without disruption, open access to fuel tanks was established early on in the operations. When the site commenced operations there was not much traffic but additional projects in the area have led to an influx of people to the surrounding area. There has been a continuing and marked increase in the usage of fuel but this has been attributed to a busier operation. On investigation it is found that more than $80 000 worth of fuel a month has been going missing over and above what was forecasted as the required operational delivery amount. By spending $30, 000 per month, this monthly loss may be reduced to almost zero – and this achieved merely by using systematic controls and implementing additional basic security measures. Therefore, the SSHE function in reality has delivered a real return on investment of $50, 000 per month. Example 2 Staff member injured in an accident: A senior executive travels to a remote site in a third world country and is seriously injured in a car accident. Whilst it was recommended that secure transport and a security driver service be utilised, this was not implemented. The employee is unable to return to work for at least 30 days and there is a significant insurance claim and premium increase. The employee seeks compensation from the business and takes legal action based on a breach of duty-of-care since it has been identified that a secured protective driver service should

National

have been used. The employee also goes to the media to gain exposure for his case. The costs of this incident may be summarised as follows: • Medical expenses may be up to $100,000 (insurance may cover this but there could be a stiff premium increase) • Stand-in for employee whilst he is unable to work = $20,000 • Legal fees = $50,000 • Negative publicity (hidden costs) = $100,0000+ • Loss of employee confidence in the business – $? This could all have been avoided for company expenditure of approximately $10,000 on proper risk and journey planning and using effective service providers on the ground. As can be seen from the two above examples, implementing a proactive approach to SSHE expenditure may have significant risk reduction and financial savings for organisations that accept properly identified risk levels and are, as a consequence serious about managing them effectively. Most organisations, if they come to such, even belated, recognition and acceptance of the benefits of doing regular risk analysis on all organisational activities in particular safety and security issues, and thereafter invest in and implement formal risk management procedures, will, in the long run harvest long-term financial and other benefits – the latter are not necessarily only on the level of quantifiable monetary amounts.

About the Writers Dr Gavriel Schneider: Gavriel is a Group Director and founding partner of the Dynamic Alternatives Group which is an international specialised security, safety and risk solutions provider; as well as a Director of the BLP Group which is an Australian leader in the security and safety training and consulting fields. He has more than 15 years of specialised security and risk experience and has operated in 15 countries. He was the first recipient of a Doctorate in Criminology and a Master of Technology Degree specialising in Security Risk Management (UNISA). He has numerous business and marketing qualifications as well as Advanced Diplomas in Occupational Health and Safety and integrated Risk Management. Professor Anthony Minnaar: Since January 2009, Professor Dr Anthony Minnaar, has been the Programme Head: Security Management for the merged Department of Criminology & Security Science in the School of Criminal Justice of the College of Law, at the University of South Africa. He was appointed a full Professor in July 2003. In January 2013, he was appointed as a Research Professor at UNISA. In 2012, he received a re-rating as a National Research Foundation (NRF) Researcher of C1, is a recipient in October 2006, of the University of South Africa (UNISA) Chancellor’s Prize for Research: School of Criminal of Justice. He has published widely and presented at numerous international conferences on a wide variety of topics and issues in criminal justice and security management.

Smart Surveillance: Global PerSPectiveS 4-6 February 2014

Papers are being sought for the FP7 SMART Conference, which will examine Smart Surveillance issues. Held over three days and hosted by ECU, the conference will explore how automated recognition of individuals and/or pre-determined traits or risk factors/criteria lie at the basis of smart surveillance systems. Yet new EU regulations and specifically those on information sharing between police and security forces explicitly prohibit automated decision-taking regarding individuals unless “authorised by a law which also lays down measures to safeguard the data subject’s legitimate interests” (Art 7, CFD 2008/977/ JHA). These issues manifest in a world-wide context. Globally, which laws are applicable in this context? What measures are envisioned? What else should the law contain? Can the laws be technology-neutral but sector specific, thus permitting a measured approach to the appropriateness of smart surveillance technologies in key security applications? Can they be extended to all security applications of smart surveillance, even those not covered by existing legislation? Venue

Contact Details

Key Dates

Edith Cowan University 270 Joondalup Drive, Joondalup WA 6027 Tel: +61 8 6304 2160

Conference Coordinator – Lisa Pearson Tel: +61 8 6304 2160 E: fp7.messagestick@ecu-sri.org W: http://fp7.ecu-sri.org/

Paper Submission Deadline – 30 December 2013 Acceptance Notification – 10 January 2014 Camera Ready Papers – 14 January 2014

reachyourpotential.com.au reachyourpotential.com.au 303LOWE ECU10559 CRICOS IPC 00279B

Tel:Tel: +61134 8 6304 ECU 2160 (134 328) E: fp7.messagestick@ecu-sri.org E: futurestudy@ecu.edu.au

★★★★★ ★★★★★ TEACHING TEACHING QUALITY QUALITY ★★★★★ ★★★★★ GRADUATE GRADUATE SATISFACTION SATISFACTION the the Good Good universities universities Guide Guide 20142014

ECUSRI Edith Cowan University Security Research Institute

National

Time to take the Australian privacy changes seriously The Australian privacy landscape will go through significant change from March 2014, following the Australian Government passing the Privacy Amendment (Enhancing Privacy Protection) Act 2012, at the end of 2012.

Rob McMillan

he Act contains new, and at times vague, security requirements which may put organisations at heightened regulatory risk for some time.

The most significant changes to be aware of are: • A new set of Australian Privacy Principles (APPs) comes into force • The Australian Information Commissioner has enhanced powers • Credit reporting laws have been changed. Although the majority of the Act comes into force in 2014, some provisions relating to credit reporting have been in force since December 2012. The Privacy Act continues to bind the same set of organisations as before, which generally includes most Government and many private-sector organisations. The big issue for many businesses, however, is that historically privacy is not something that has necessarily been high on the radar as the Act has not carried significant penalties. The new changes to the Privacy Act represent an escalation in privacyrelated risk and are likely to influence a shift in spending. This doesn’t necessarily mean that organisations are going to go spend a lot of money preparing for changes to the Act per se; however, some funds might be reallocated or privacy might be a topic that gets greater boardroom focus. In the lead up to the recent Gartner Security & Risk Management Summit in Sydney, Gartner carried out market research that indicated that businesses are starting to take notice, rating privacy as a higher priority that it has ever been before – it was in the top three focus areas. While promising, we also know that many are still very under

20 | Australian Security Magazine

prepared for the changes to the Privacy Act. In the event of a significant complaint, an organisation that is unable to quickly demonstrate a program for compliance to the Act may experience a painful investigation and penalty. To help matters, the Office of the Australian Information Commissioner (OAIC) is developing comprehensive guidance on many new aspects of the Act. Although some of it is still in draft form, this guidance provides greater clarity for businesses to understand the requirements needed to comply. What is obvious though, is that complying with these new and complex privacy concepts creates an added burden for companies, and risk-averse organisations should start preparations as soon as possible.

Avoiding complexity The new definitions and other provisions in the Privacy Act are necessary to maintain its relevance to recent technologies and public expectations. However, they do add further complexity. Some of these new elements are significant, such as a new APP that restricts the use of personal information with respect to direct marketing, whereas others are more subtle, but may in time carry side effects that are not yet obvious, such as an updated definition of ‘personal information’. These changes, coupled with privacy reforms in other countries, are generating a global regulatory environment that is changing quickly. These complexities, and their interplay with disruptive technologies such as cloud computing, mean that a specialist role that can understand the legislative, commercial and technical implications, as well as solve associated problems, is almost essential in large organisations.

National

Assigning an unskilled person to be a privacy officer, merely for the purpose of deflecting customer complaints, for example, is unlikely to adequately serve the future needs of the organisation. It is also important to ensure that all staff members are aware of the implication of the Act and adjust their practices accordingly. This may require a training program to reiterate safe practices. For example, the combination of Principles 5 and 8 place a high degree of onus on organisations regarding migration of information. A breach of this principle might occur if a mobile phone or unprotected USB storage device containing another person’s sensitive information was lost while on an overseas trip, thus exposing the information to an unauthorised person in another country.

Overseas third parties Another notable aspect of the Act offering significant change is the cross-border disclosure of personal information encapsulated in Principle 8. It requires that organisations sharing information with a third party located overseas ensure that the privacy principles are not breached, otherwise they may be held responsible for that third party under some circumstances. This means that a strong vendor management program is required to ensure that overseas partners are not placing Australian organisations at risk. Cross-border disclosure of personal information is consistently a concern for Gartner’s clients, particularly those wishing to utilise public cloud computing services, or those who are online service providers of some kind. This principle does not prevent information from being transferred across international borders; rather, it requires controls around the disclosure of it to an overseas person. This is an area of confusion for many of our clients.

Security of personal information It is also worth mentioning Principle 11, concerning the security of personal information, which lacks detail on the requirements for protection of information and, therefore, continues a longstanding uncertainty about what is required. Fortunately the OIAC has published draft guidance relating to the security requirements. It utilises the ‘reasonable steps’ approach already well-established as the lynchpin in civil cases. In the absence of prescriptive guidance, the Commissioner is likely to determine what constitutes ‘steps that are reasonable in the circumstances’ on the basis of both industry standards and notable case law, particularly since the escalation path allows for the referral of matters to the court by the Commissioner.

Avoiding painful investigation and penalty Legislation requiring mandatory disclosure of privacy breaches was introduced to the last Parliament but failed to pass before the Federal election in September 2013. This means that Australia still has a voluntary disclosure regime in place. Regardless of the current legislation, the Commissioner’s powers have been expanded significantly and are wideranging. These powers apply to not just the imposition of

‘...businesses are starting to take notice, rating privacy as a higher priority that it has ever been before – it was in the top three focus areas.’ penalties, but also the powers of investigation. In an extreme situation, these powers could result in a prolonged and painful investigation. An ability to demonstrate prudent practices in the normal course of business is likely to result in less pain associated with investigation and any consequent penalties, than for an organisation that has proven to be disorganised, careless or reckless. An attempt to avoid liability by taking an ‘arm’s length’ approach via outsourcing would be unwise. In some circumstances organisations may also be held responsible for business partners and service providers to which business processes or technology infrastructure has been outsourced. This means that agreements such as contracts and SLAs should similarly provide for regular reviews and the furnishing of evidence to attest to prudent privacy practices.

Identify and address your key risks As the date for the new changes to the Act draws closer, what we will see is that organisations will generally fall into one of three categories: • • •

Those who are on top of it as part of their ethos to do privacy and security well; Others who will at least be getting on top of it now in preparation so they won’t have any issues; and The laggards who will suddenly wake up when the new provisions to the Act become enforceable in 2014 and wonder what they are going to have to do about it.

Inevitably this third group may have real problems if they do not respond quickly and effectively. The bottom line, as always, is to know what your key risks are and then to address them. If one of those risks is the possibility of a significant fine from the Privacy Commissioner, or loss of customer confidence arising from a loss of personal information, then this is an issue worthy of a response. About the Writer Rob McMillan is a Research Director at Gartner, covering information and IT security topics such as strategic planning, security policy and governance, data loss prevention, security incident response, threat intelligence services, risk management, cloud security issues and security metrics. He brings firsthand experience with nine years in the financial services industry at executive level within one of the largest banks in the world. Prior to this, he spent a decade with specialist security incident response teams.

Australian Security Magazine | 21

National

Space to the subsea - emergence of agnostic integrated systems

During September 2013, Executive Editor, Chris Cubbage, visited global security giant Lockheed Martin’s facilities across the USA for briefings on its business activities in the space, aerospace, maritime, cyber intelligence and defence domains. Special thanks to Trevor Thomas and Lockheed Martin International for the privilege. Here is Part 1: An insight into the business of Lockheed Martin International.

Chris Cubbage Executive Editor

22 | Australian Security Magazine

Business overview

ockheed Martin International (LMI) is a leading, global security solutions company with a vast security and defence portfolio. At the forefront of a defence powerhouse and the largest contractor to the United States Military, with 2012 revenues at USD$47 billion, Rick Kirkland, Vice President (VP), Business Development for LMI in Washington DC, outlined the key driver for the business has been the significant shift in global defence spending, with a clear migration to a security solutions focus. Spending is down in the US and Europe, remains stable in the Asia Pacific and is trending upwards in Africa and the Middle East. Not surprisingly, China and Russia are not on the client list but LMI is active

with immediate US allies, in Canada, Australia, Singapore, Philippines, Japan and Korea. LMI’s relationships and businesses are broad, topped by the multi-billion dollar rollout plan for the F-35 Joint Strike Fighter, preparing to launch the latest GPS III Satellite in 2014, signing a USD$223 million deal in April 2013, with South Korea for high-end imagery sensors, and opening its fourth Security Intelligence Centre in Canberra, Australia, in early October 2013. The ‘international’ focus of the business didn’t occur until July 2013, but was a natural, if not surprisingly, late transition. With 350 supplier and contractor partnerships around the world, they’re working on more than 3,000 programs, collectively worth more than US$30 billion. The key take away is that LMI is not just an aerospace manufacturer. It is also the largest IT provider to the US

National

Lockheed Martin F-35A

Lockheed Martin F-35A Performs First Night Flight

High Altitude Long Endurance – Demonstrator (HALE-D)

Juno Assembly in High Bay Clean Room

F-35B first test flight

Government and writes more lines of code per day than Microsoft. With 27 offices world-wide, 116,000 employees, 60,000 scientists, 500+ facilities in 70 countries, the company has an education program from kindergarten through to Doctorates. Just a few weeks prior to the US Government shut down on October 1 2013, Greg Walters, VP Legislative Affairs, provided insight into the US Congressional Engagement Process. With 94 percent of LMI’s business with the US Government and only five percent with Foreign Governments, LMI has 24 lobbyists working with 88 select US Congress committees and will generally be called to appear before all of them at some point during budget deliberations. The process is heavily bureaucratic and involves budget resolution, with sequestration a critical budgetary

issue. Any budget resolution is followed by an Authorisation Process and then an Appropriations Committee. At the time, congressional priorities LMI faced were with difficulties around undecided defence plan rationality, lack of investment commitments and resulting issues for recruitment, project planning and delivery projections. Sequestration in the US came into effect in May 2013, and requires defence, along with all sectors of Government to cut spending by ten percent per annum for the next ten years. With a US$500 billion defence budget, that’s US$50 billion to cut. By the time the 2014-2015 financial year rolls around, it will most definitely start to have an impact on LMI and other major defence contractors. Ultimately, it will result in program and personnel cuts. Programs could be cut between 10-15 percent and the worst case is an impact on

Australian Security Magazine | 23

National

UK F35 Delivery Ceremony Communications satellite delivery to Cape Canaveral Air Force

the F35 related programs. There reportedly remains strong Congressional support for the F35 project with Senators Dr Ash Carter and Frank Kendall, suggesting the F35 will be protected, however, some committees are raising concerns around the software block delivery. LMI staff numbers have already been reduced from 147,000 down to 116,000. On the radar for the company’s leaders is the progressing Iranian nuclear program, Middle Eastern and North Africa conflicts, more than 30 active campaigns attacking its cyber networks and the ongoing, ominous threat of sequestration and securing a minimum funding arrangement. Trouble for LMI is that if sequestration continues, then it may take until the next administration to solve – and that’s three years away. As it happened, LMI warned earlier this year (2013) that automatic spending cuts, included in the sequester, would cost the firm about $825 million. But Chief Financial Officer Bruce Tanner, informed media in October 2013, post the Government shutdown, that the impact was about half that. The Government shutdown, which was not included in the company’s earnings report, cost LMI between $15 million to $20 million per week.

Space Systems Company In mid-September 2013, fresh from having returned to Santa Clara, California, from the World Satellite Business Conference in Paris, Linda Reiners, President of Commercial Ventures for LMI’s Space Systems Company, proudly provided an overview of some of the most exciting and challenging technology in use today. Special developments are being made in nano technologies, optics and electrooptics, telecommunications, modelling and simulation, phenomenology, precision pointing and control and materials development (3D printing). Nano technology (carbon nano tubes used for circuits) provides plastics to replace metal and applying 3D imaging

24 | Australian Security Magazine

using laser technology. With all that technology in mind, LMI’s Space System’s business units are categorised into Civil Space, Military Space, Subsidiaries, Commercial Ventures, Advanced Technology and Special Programs. Whilst in Paris, Reiners announced technical updates to the A2100 Satellite addressing design architecture and manufacturing processes, offering satellite operators catalogue-to-order solutions that leverage common parts, sub-systems and components to meet specific customer and mission needs. Standard interfaces across LMI’s satellite programs now streamline spacecraft integration and minimise non-recurring engineering costs. There are already 45 A2100 spacecraft in orbit, including 39 commercial satellites and six satellites performing US Government missions. The fleet is equipped with more than 1,500 transponders transmitting data, video and audio for satellite operators world-wide. The satellite platform meets a wide variety of telecommunications needs, including Ka-band broadband and broadcast services, fixed satellite services in C-band, Ku-band and X-band, high-power direct broadcast services using Kuband mobile and satellite services using EHF, UHF, L-band, and S-band payloads. Major mission areas include remote sensing, communications, wind energy and new ventures. The oldest satellite is 17 years in orbit and the 7th generation 3-axis A2100 satellite will have a 1.1million optic camera – capable of seeing 1,000 kilometres with resolution to 0.5 metres. The International Space Station is under 400 kilometres from earth. That’s a capability to read this magazine on the ground from an outer low earth orbit. LMI is clearly out to make space equipment, travel and related research cheaper, easier to access and gain benefit from. When asked if Moore’s Law applies in this field, Reiners replied, “It applies more to capabilities. Instead, when improvements in technology occurs, it tends to be revolutionary.” One example is changing from tin to copper in satellites, where pure tin products developed tin whiskers causing reliability problems in electronics. The Galaxy IV telecommunications satellite was disabled and lost in 1998, due to related short circuits. Using copper revolutionised satellite technologies making them inherently more reliable and safer. There are also ‘so-called’ HAG (Hairy Audacious Goals) concepts, where special projects and researchers do truly reach for the stars. But LMI remains a commercial enterprise, with some project plans out to ten and 20 years and a revised, post GFC business focus of driving costs down, seeking commonality and scalability, whilst also introducing efficiency and affordability. Major developments into the future, with the odd HAG included industrial 3D printing of parts and ultimately sending ships into space with 3D printing capabilities to produce spare parts and indeed, other space vessels. Having been involved in every mission to Mars to-date and amassing 1,000 years of orbit experience, LMI is a key commercial leader in space exploration and the future is almost foreseeable. Part 2 will provide briefings on LMI’s Strategic and Missile Defence, Solar Science, Information Systems and Global Solutions and Unmanned Aerial Systems, and will be published in the Feb/Mar 2014 issue of Australian Security Magazine.

International

The changing drivers of US military spending Despite looming threats of fiscal austerity and budget cuts, the US military expenditure is not expected to decline rapidly. Although the country reduced its Overseas Contingency Operations (OCO) expenditure post decade long wars in Iraq and Afghanistan, its base defence budget increased due to continuous investment in development and acquisition of advanced equipment. By

Berenice Baker

sia’s rising military power and turbulence in Middle East to drive American military expenditure in next five years

The growing military might of China and strained relationship with North Korea have stimulated the US Government to shift its strategic focus towards the AsiaPacific region. The ongoing civil war in Syria along with the turmoil in Egypt and other Middle Eastern and African nations are also being closely watched by the US. In 2013, the country allocated an average of 3.5 percent of its Gross Domestic Product (GDP) towards military expenditure. Maintaining superiority of strike power and technology to drive military investments during the next decade Increasing threats from Russia and China’s aggressive development of defence equipment, such as fifth generation fighter planes, are driving the US’s expenditure on military aircraft. China has developed the Chengdu J-20 multi role aircraft that is similar in stealth features and design to the Russian MiG 1.42. In order to retain the supremacy of its air force, the US is investing in the Joint Strike Fighter ( JSF) program, with a plan to procure close to 2,500 multirole aircraft through 2037. Significance of Information Technology (IT) in the defence sector is growing, as the US armed forces rely on technological superiority while executing various missions. As the world’s largest defence

spender, the US is also expected to make significant investments in information management up to 2023. In addition, an increasing number of cyber-attacks, the focus towards the networking of armed forces units, the WikiLeaks incident, the recent digital infiltration of the RQ170 Sentinel drone by Iran, and the ongoing rivalry with Russia and China have resulted in a strong demand for cyber defence in the US. The US, world’s largest arms exporter, imports defence equipment to build strategic relations The country is the world’s top defence exporter with a share of more than 30 percent of total arms transfers during the period 2008-2012. Although, the defence industry is well established in the US, it imports arms from other countries to build and maintain strategic relations and technical collaboration. European nations such as the UK, Germany, Norway, Switzerland, Italy, France, and Spain have contributed for more than two thirds of the country’s defence imports during this period. Although the US Government encourages foreign direct investment in the defence sector, arms trade is heavily regulated. Acquiring domestic defence companies, joint arms development programs, and partnerships with domestic companies are the preferred entry routes for a foreign arms supplier. About the Writer Berenice Baker is Head Defence Editor at Strategic Defence Intelligence. Strategic Defence Intelligence is a real-time business information platform delivering continuously updated customer and competitor intelligence, as well as detailed industry insight and forecast reports on the global defence industry.

Australian Security Magazine | 25

International

To spend, or not to spend India’s defence budget is predicted to triple in the next decade from the US$50 billion already spent in the past decade, but does the Indian Government really have its finger on its military pulse?

I By Sarosh Bana Correspondent

26 | Australian Security Magazine

ndia, with the world’s second largest standing army, of 1.13 million, after China’s 1.48 million, has for some years been the world’s biggest purchaser of arms. The country has purchased arms worth US$50 billion in the past decade and is projected to spend triple this amount during the next decade. The average 40 to 45 percent of the defence budget – that was Rs2.04 trillion (US$33 billion) for 2013-1r – earmarked for capital acquisition and modernisation is largely expended on imports. Imports have been the mainstay of India’s defences, as the generous outlays have been incapable of fostering a credible Defence Industrial Base (DIB), or military industry. Defence production has largely been the purview of State-controlled enterprise that has fallen grossly short of meeting the needs of the armed forces. More than 70 percent of India’s military hardware is of foreign origin. During the last few years, the United States, as also Israel and France, have evolved as major armament suppliers to India, which until then had relied almost entirely on the erstwhile Soviet Union with which it had abiding ties bolstered by a convenient rupee-rouble trade link. It has been a vicious cycle. Over-dependence on imports has restrained development of a substantive DIB, while the shortcomings of the Defence Public Sector Undertakings (DPSUs) in indigenising warfare systems have ensured that India remains a purchaser rather than a builder in this field. Such drawbacks have led to failures, and prohibitive cost and time overruns, in the country’s ambitious programme for the indigenous design and production of military hardware. This has ranged from the construction of an aircraft carrier, a nuclear-powered submarine, combat and trainer aircraft, helicopter gunships, battlefield tanks and propulsion equipment. One of the big ticket defence deals signed by India in recent years has been the US$12 billion one last year with

France’s Dassault Aviation for 126 Rafale multi-role fighter aircraft, though the contract has been held up by a cost review. France also signed another deal in 2005, costing US$3.5 billion, for supplying six Scorpène class submarines. Other deals include the US$1.1 billion one with Israel in 2004, for three Phalcon AEW&C (airborne early warning and control) radar systems, a US$1.2 billion purchase, signed in 2008, from the US’s Lockheed Martin of six C-130J Super Hercules tactical airlifters, an expected follow on order of like number and cost, a US$2.1 billion deal in 2009 for the purchase of eight Boeing P-8I long-range maritime reconnaissance (LRMR) aircraft, and one more with Boeing for 10 C-17 Globemaster-III strategic airlift aircraft, topping US$5.8 billion if the ultimate deal is for 16. Washington itself has stopped purchase of these aircraft on costs – US$200 million each, without spares and training – but the deal with India saves 5,000 American jobs. While Indian industry is keen on participating in the defence field, it looks to foreign partnerships at this juncture to marshal the necessary capital, high-end technologies, quality production and management skills. But though India presents a lucrative market to military vendors, they have all along preferred outright sale over joint production on account of a deterrent FDI (foreign direct investment) policy. The Government recently raised the FDI limits in a dozen sectors, but Defence minister AK Antony, countered the Commerce ministry’s proposal to hike the FDI cap in defence from the current 26 percent to 49 percent, arguing that the sector was highly sensitive and strategic. Antony informed the Commerce ministry, “Allowing foreign companies to set up manufacturing assembly facilities here will be retrograde as it will stymie the growth of indigenous design and development, and perpetuate our dependence on foreign countries and OEMs [Original Equipment Manufacturers] for modern weapons.”

International

He specified, however, that any FDI proposal beyond 26 percent will be considered on a ‘case by case’ basis by the Cabinet Committee on Security depending on the technologies on offer. Many derided his stance on grounds that this ‘case by case’ review has for long been his ministry’s stated position without actually being implemented. Indeed, the Ministry of Defence (MoD) itself estimates that just Rs243.6 million (US$3.94 million) of FDI has flowed into the Defence sector in the 13 years between 2000 and 2013. It has no data regarding investments made by private Indian firms in the Defence sector, which was opened up 100 percent for India’s private sector in May 2001. Embarrassed by some high profile scandals that have bedevilled their ministry, Antony, his deputy minister, Jitendra Singh, and Defence secretary, RK Mathur, have been withholding public comments and did not respond to questions put to them for this article. Amber Dubey, Partner and Head of Aerospace and Defence, KPMG in India, finds security concerns on FDI in defence unjustified, because instead of importing complete equipment, it is always safer to manufacture parts of them in India through joint ventures ( JVs). He feels that though Indian companies are allowed 100 percent participation in defence programmes, they lack the capability to design, develop or manufacture advanced defence equipment within the stipulated timeframe. Relaxing the FDI limit will help forge strategic technology partnerships with global OEMs, he avers, adding that, technically speaking, in terms of corporate control, 49 percent is the same as 26 percent. “No foreign OEM that has developed technologies over decades of work and billions of dollars will just transfer them to Indian companies for a measly 26 percent stake,” he says. “It may either decide to stay out of bidding, which may lead to Indian forces working with weaponry that is not first rate, or the technology that it passes on to Indian entities will always have hidden complexities that ensure technical dependence on the OEM.” KPMG deems a 74 percent stake attractive enough for foreign OEMs, while safeguarding Indian security concerns. The business consultancy suggests stipulation of 80 percent of the management and staff at the JV to be Indian, going up to 100 percent over five to eight years. “India’s automotive and telecom sectors are the best examples how liberalised FDI can transform the country’s capabilities,” says Dubey. “The arrival of foreign brands does not wipe out Indian companies, but actually strengthens them, and their employees move to Indian companies, carrying all their knowledge, experience and relationships to them and enhancing their competitiveness further.” Indicating that self-reliance cannot be equated with Indian ownership, he points out that even in ‘the Mecca of defence production’ – the United States – not all leading defence companies are owned by US citizens. According to Dubey, while the FDI cap is a hindrance, there is also need to remove the tax imbalances, cumbersome procurement procedures, and the concepts of NC-NC (No Cost, No Commitment) and competitive bidding. Besides, the MoD should communicate more with industry and create training facilities for education and skill development. Ganesh Raj, Partner and National Leader of Ernst & Young’s Policy Advisory Group, justifies 100 percent FDI

in Defence, though with certain caveats to ensure against compromising national security and foreign policy. “This will permit OEMs to manufacture in India, which, by any measure, is better than direct imports,” he notes. “The price of the platforms will, of course, go up, but then India will be benefited by trained manpower and world class infrastructure.” Raj believes that the opening up of India’s defence sector for private sector participation only in 2001, much after other sectors, and the country having had to live under prolonged technology denial from the global superpowers more or less stifled indigenisation. Some 180 Industrial Licences (ILs) with a combined proposed investment of Rs120 billion (US$1.94 billion) have been issued by the MoD since 2001. Referring to this and the fact that 63 of them were issued last year alone, Raj says they were taken more out of compulsion. OEMs hesitate to subcontract work to Indian Offset Partners (IOPs) who do not possess these licences. “Hence, all IOPs applied for ILs and some managed to get them,” he mentions. “Most, if not all, of the ILs are for components and subsystems.” Referring to the Government’s intent to enhance indigenisation through its Defence Production Policy (DPP) and Technology Perspective and Capability Roadmap (TPCR) 2013, Raj terms them ‘vision statements’ that are bereft of details, methodologies, processes, etc. “Whereas the MoD has always had the vision to make the nation self-reliant in meeting its defence needs, the DPP and the TPCR are not the documents which can make it happen,” he avers. “What is required is an overhaul of the mechanism responsible for implementing this vision.” Many a JV has failed to materialise to the final stage either due to the companies losing out in the tenders or Government delays in finalising the requirements of some of the programmes. A recent example is BAE Systems’ pulling out its 26 percent stake in its JV with Mahindra Defence Land Systems India that was formed to bid for the Future Infantry Combat Vehicle and other artillery projects. Some of the more successful ventures have been the Hyderabad-located Tata Lockheed Martin Aerostructures Ltd that manufactures C-130J empennage products and centre wing box spares for exports. Phil Shaw, Chief Executive of Lockheed Martin India who sits in New Delhi, says, “So far as the FDI policy is concerned, we are factoring in the Government’s offer to consider investment proposals beyond 26 percent on a case-by-case basis.” Commenting on Lockheed Martin’s US$1 billion contract for the supply of six C-130J aircraft for the Indian Air Force and a likely follow-on order soon for six more at a similar cost, Shaw says his company, as other overseas vendors, has been in a continuing dialogue on the offsets issue with the Government ever since the deal was signed in 2008. “India’s 30 percent offset obligation is promising, but also a sensitive issue,” he remarks. “We have made some proposals in this regard and await the Government’s response, but things take a while to start in India, though I must acknowledge that the Indian Government has been most responsive and adapting over time, even modifying its offset policy to address mutual concerns and requirements.”

“The price of the platforms will, of course, go up, but then India will be benefited by trained manpower and world class infrastructure.”

Australian Security Magazine | 27

International

China’s own rebalancing act The US is not the only global power rebalancing. China, the object of much discussion in relation to the US pivot, not least whether the ‘rebalancing’ of the Asia Pacific, is in fact, a latter day attempt by Washington at Chinese containment, has also been actively balancing the rest of the globe in its favour. By Jose KL Sousa Santos

28 | Australian Security Magazine

hina has long used the term ‘rebalancing’ largely referring to (although not exclusively) economic reforms. There lies the significance and global reach of China’s own rebalancing act as China’s economic and commercial interests square away Beijing’s influence in strategically important corners of Africa, Asia and the Pacific. Chinese moves in the region to secure sea lanes, oil blocks, potential mineral beds and maritime territories through proxies bring to mind a quasi-pincer movement which indirectly contains not only regional powers but has the potential to isolate and diminish the regional influence of traditional United States allies such as Australia, New Zealand and strategic partnerships with evolving friends such as Indonesia and Singapore from the US pivot. The Chinese approach is multi-pronged with diplomatic, economic and increasingly maritime fronts which may prove to divide and contain the Asia Pacific despite US late efforts towards rebalancing China’s balance of power in the region. In the 21st century, China’s global engagement has primarily been concerned with securing economic power and influence sans ideological overtones. Beijing’s approach is defined by the so-called ‘peaceful rise and peaceful development’ thesis as laid out in China’s 2005 White Paper in which foreign policy is driven by economic interests and the ‘pressure valve’ concept. Arguably, Beijing has achieved few actual foreign policy gains as a consequence but the language has considerable currency with the domestic polity. It also increasingly feeds into the politically manipulated ‘Chinese Dream’ notion where political reform was cleverly replaced with a progressively aspirational nationalism. Tensions in the South China Sea over the Spratley

Islands, for example, are founded on energy security concerns and the imperative to safeguard critical sea lines of communication (SLOC). Linked to this are military reforms and the expansive 2013 Defence White Paper which stated that its military is ‘commensurate with China’s international standing and [to] meet the needs of its security and development interests,’ and outlines the role the People’s Liberation Army will take in shaping a favourable security environment. Other sources of tension include along the Sino-Indian border (‘Line of Actual Control’ (LAC)), and the ‘nine-dashed line’ in the South China Sea which extends Chinese maritime claims well within the EEZ’s of Brunei and Malaysia. The exceptions are, of course, rooted in historical claims, the promulgation of nationalism, and labelled Beijing’s ‘core interests’: Taiwan and Tibet, and the Senkaku/Daioyu Islands dispute with Japan in the East China Sea. Beyond the region, China’s continual investment in Africa’s oil sector reflects a minimalist interest in good governance (hence the appeal of the Chinese deal) as long as domestic politics within African states do not interfere with China’s economic objectives. China is also securing new ports along the ‘String of Pearls’, a geopolitical term referring to a network of Chinese military and commercial facilities and relationships along its SLOC from the Chinese Mainland to Port Sudan. The securing of bases in Gwadar, Pakistan, Yemen, Somalia, Sri Lanka and through Southeast Asia has enabled China to expanding its influence and reach into the Indian Ocean. China’s ‘rebalancing’ of the globe to shore up and increase its economic sphere of influence is significant for two reasons. First, it has both direct and indirect consequences of

International

enclosing key regional players – namely the US and Australia – in a relationship that is both symbiotic and competitive and where Beijing and Chinese companies benefit from the peace dividend achieved by largely Western stabilisation efforts. In Afghanistan, Chinese companies are engaged in the development of immense natural resource wealth and similarly, in Timor Leste, Chinese investment arrived in the wake of the successes of the Australian-led International Stabilisation Force. Moreover, Chinese mediation of talks between the Myanmar Government and the Kachin Independence Organisation in February 2013, were notable because it marked the first time China contravened its foreign policy of non-interference and actively intervened in the internal affairs of another sovereign State. The motivations were less than altruistic but no less different from other interventions of late. Chinese intervention was driven by concern that the Kachin conflict was spilling over its border and impacting on ‘the security and profitability of Chinese investments’ and a desire to counter growing US influence in Burmese politics. Supporting – and underpinning – Chinese economic and commercial interests is Beijing’s swift and seductive engagement with regional militaries – often the smaller and weaker, the better. In the Asia Pacific, Chinese maritime overtures include seeking to build naval ports in the Gulf of Aden, Sri Lanka, and potentially Timor Leste, following the recent strengthening of naval ties between Dili and Beijing. China’s ongoing Pacific partnerships with the Fijian military regime and through the Defence Cooperation Agreement with Vanuatu are likely to be mirrored across the region. But aside from the obvious strategic benefits of deep water ports and friends in small places, it is questionable what benefit these partnerships have for China, how sustainable the bilateral relationship will be beyond geo-strategic priorities, and what impact this will have on the weaker partner. Further, Beijing’s economic push is being challenged by non-state owned Chinese companies that are increasingly contesting the right to engage with foreign countries independent of Beijing’s foreign policy agenda. China’s semi-encirclement of Asia and the Pacific is a quasi-pincer manoeuvre. This notion has its roots in Aaron L. Friedberg’s argument which stated in 2003, that China may seek to execute the ‘diplomatic equivalent of a pincer movement’, applying pressure from the north (the Korean Peninsula) and the south (the South China Sea) in order to gain its primary objectives at the centre; reunification with Taiwan and the neutralisation of Japan. More recently, in 2013, US Navy Captain and Deputy Chief of Staff for Intelligence and Information Operations for US Pacific Fleet, James Fanell, suggested that China’s Marine Surveillance was engaged in harassing ‘other nations into submitting to China’s expansive claims’ stating that; ‘If you map out their harassments you will see that they form a curved front that has over time expanded out against the coast of China’s neighbours, becoming the infamous nine-dashed line, plus the entire East China Sea’. Freidman and Fanell are viewing China’s expansionist maritime activities in the context of the South China Sea and Senkaku/Daiyu islands disputes. However, to even begin to understand China’s end game, one must take into account

“It is a tough industry and I feel it can be seen as more of a challenge for females who want to enter the industry as some may feel they have to align with male traits to be accepted and promoted.” historical and modern mercantilism and what this reveals about of Beijing’s strategic objectives. Beijing’s quasi pincer movement relies on a combination of soft power, public diplomacy, commercial ties and military/maritime engagement. During the next 20 to 50 years, China will increasingly demand a greater share in energy security, food security, and access to territorial safety valves to ease demographic pressures. How the Chinese State meets these demands remains to be unseen. Securing commercial and strategic out-posts across the globe, including in the Asia Pacific, demonstrate a rebalancing of Chinese interests and influence. When Chinese mariner Zheng He, was navigating the seas during the 15th century, he was returning to the Ming Court not with territories but with tributes befitting the Middle Kingdom. China in the 21st century is doing much the same through securing economic deals for the benefit of its population. Now the Zheng He, the aptly named Chinese PLAN training vessel, pursues a public diplomacy – or soft power – agenda by conducting exercises with foreign navies with the objective of creating and cementing ties with nations China deems of geo strategic importance. Overseas port visits have included friendly nations, those on the fence, and those with outright disputes such as Vietnam, Brunei, India. In contrast, the Zheng He visited the Australian port of Cairns for R & R. China hawks have long insisted that China’s pursuit of an increase in its immediate sphere of influence – its expanding ‘curved line’ – reflects an increasingly aggressive foreign policy despite its claims of public diplomacy and soft power. By contrast, how China projects its military image and the response of regional forces will be on display when China joins RIMPAC for the first time in 2014, after the US snub in 2012, which saw the inclusion of regional competitors Russia and India. Indeed, as historian Niall Ferguson argued, ‘the bloody 20th century’ witnessed ‘the descent of the West’ and ‘a reorientation of the world’ toward the East. China is wellpositioned to take advantage of the pivot but ignore Beijing’s rebalancing at your peril. About the Writer Jose KL Sousa Santos is a former senior analyst with the United Nations Integrated Mission in Timor Leste and advisor to the Prime Minister and President of Timor Leste. He is currently based in Wellington, New Zealand, for postgraduate studies in international relations.

Australian Security Magazine | 29

International

More police a necessity for Papua New Guinea A series of horrific murders in Papua New Guinea (PNG) have catapulted the nation of seven million into newspapers across the world. Separate incidents involving the hacking to death of porters on PNG’s Kokoda Track, and reports from earlier this year of burnings and decapitations of women suspected of sorcery, have fanned the country’s international reputation as a resource-potent but largely unsettled chokepoint between South East Asia and the Pacific Islands. By Sean Jacobs

30 | Australian Security Magazine

eneath these stories is the inadequate size of PNG’s police force – the Royal Papua New Guinea Constabulary (RPNGC) – whose remit is stopping this kind of violence and putting its perpetrators before trial. PNG has roughly seven million people, but only 5,000 police officers to ‘secure a safer community’. As a national average, PNG maintains one police officer for roughly 1,400 people (1:1400). However, the standard set by the United Nations to maintain a reasonable level of law and order is 1:400. In some areas, such as PNG’s Northern Province, the ratio has expanded to as wide as 1:2700. Responding to horrific violence and other crimes in PNG is clearly difficult with such a small police force. While PNG’s population has near-doubled since it was granted independence from Australia in 1975, the size of the RPNGC has remained largely unchanged. There are two broad explanations for this. Firstly, political volatility has dominated PNG’s political

landscape since 1975. Cabinet reshuffles, weak party discipline and ever-shifting political loyalties within the national parliament have not only resulted in corruption and excessive self-interest but also jeopardised consensus on the endurance of national goals. Enlarging the size and quality of the RPNGC may have been identified in PNG Government strategic planning documents for some time, but it is now merely one priority among a growing list of education, health and infrastructure challenges. Secondly, a strong police force is seen in some quarters as undermining the prestige of politicians and the Government. As the Australian journalist Don Woolford, observed of PNG’s military as far back as the 1970s, “Civic action patrols, in which soldiers went into villages to build bridges, schools, and other needed facilities, were… considered a danger because they would give the military a higher status in village eyes than Government officers.” The PNG Defence Force has thus been kept small and never been properly resourced.

International

Similar political motivations exist for the RPNGC. A capable and decent RPNGC, by tackling local crime, responding to citizens’ crime concerns and exposing corruption, could garner more public credibility than politicians as champions of local needs. But as many international examples point out, for PNG to increase the size of its police force, keen political investment is critical. In South Africa, for example, a nation which shares an equally fierce reputation for criminal violence as PNG, thousands of police were recruited into the South African Police Service for the 2010 Football World Cup. The South African Government ensured enough police were available, resourced and visible for this landmark global event. Out of necessity, it seems, vested political interests quickly evaporated. To take a broader perspective, in New York City in the mid-1990s, then-Mayor Rudolph Giuliani’s mandate in cleaning up city streets and reducing crime has now become legendary. A relentless pursuit of criminals, a commitment to crime statistics and the repair of public spaces saw a dramatic uptick in public safety in New York City. But recruiting more police officers was also critical to the effort. As put by William Bratton – the New York Police Department Commissioner behind the crime reduction strategies – “The public wanted to feel more protected, they wanted to see more cops on the beat.” But based on previous failed efforts at strengthening and enlarging the RPNGC, some have questioned the pursuit of improving a State-led police force in a society like PNG, where individuals generally reserve loyalty for the kinship or family group over the State. In PNG this is referred to as the ‘Wantok’ system, which means in the Pidgin dialect ‘someone who speaks my language’. While this cultural tradition is not unique to PNG, it seriously hampers efforts to build up State law enforcement. There is also a long way to go in building a decent public image of the RPNGC, whose legitimacy has steadily corroded in recent years through reports of corruption, brutality, disciplinary problems and other issues of police violence. But recent trends, such as strengthening the criminal code and reinstating the death penalty, imply that PNG’s citizens and political leaders are steadily expecting more from the Government in taking tougher sanctions on crime. Enlarging the size of the police force will no doubt feature highly in these expectations. Amid countless setbacks there is some cause for optimism. In early 2013, RPNGC officers in Mount Hagen in the PNG Highlands were able to save two elderly women accused of sorcery from being burned alive. Twenty arrests were made. The more police officers PNG has at its disposal, the more chances there are for stories like these to emerge, rather than the chilling alternatives the world has seen from PNG in 2013.

“Civic action patrols, in which soldiers went into villages to build bridges, schools, and other needed facilities, were… considered a danger because they would give the military a higher status in village eyes than Government officers.”

About the Writer Sean Jacobs is the co-founder of PNG Commerce – a website committed to economic growth, good governance and next generation leadership in the Indo-Pacific. He has worked with all levels of the PNG Government.

Australian Security Magazine | 31

Women in Security

The key to success: Just fall Ever wondered what it would be like to work for a large organisation that is leading the way in aerospace, defence, transport and security? Or what path you should take to get there? With world-class technologies and the combined expertise of 67,000 employees in 56 locally based country operations, it is no doubt that Thales is a key player in assuring the security of citizens, infrastructure and nations. Kema Rajandran talked to four women from Thales Australia to find out more about how they came to work in this incredible empire.

Diane Smith

Jeannette Jackson

H By Kema Rajandran Correspondent

32 | Australian Security Magazine

Chantelle Miruzzi

aving previously worked for defence engineering companies in numerous roles, many would think that it was natural that Jeanette Jackson followed a path to security, but she says it was completely by chance that she fell into a security role. “In my previous role at Thales as Commercial Manager, I volunteered to take on the duties of Assistant Security Officer [ASO] for my business unit. As the ASO, I was exposed to a side of the business that I had not been involved in before.” As time went on, Jeannette learned more in her role, her interest in security started to build and she began seeking more challenges. As one of the largest defence companies in Australia, Jeannette says the diverse range of projects Thales offers was very appealing to her. “A permanent corporate security role became available and I was lucky enough to get it.” Jeannette wasn’t the only one that fell into security. Marie-Antoinette Houssard, Thales Maritime and Aerospace Security Officer says she too fell into security purely by chance.

Marie-Antoinette Houssard

“I was raised in New Caledonia as the fourth generation of hotel owners, so my training was in hotel and restaurant management,” says Marie-Antoinette. “All changed when I moved to Australia. I owned the Adelaide Wine Cellar in George Street, Sydney, for four years, which I then sold. I worked for American Express for ten years, and when I left did catering from home and temp work for Drake before applying to ADI. “The rest is history!” Chantelle Miruzzi, based at the Department of Defence establishment in New South Wales, liaising between Thales Defence units and base security says her move, like Jeannette’s and Marie-Antoinette’s was purely by chance too. “I have always enjoyed roles that let me interact with people, especially focusing on customer service and problem solving,” says Chantelle. “When I was looking at changing jobs, I wanted something that was in my local area, but also a bit different to my previous roles. “I was looking for a new and challenging role. Thales is a large company, which had room for my growth, development

Women in Security

and career movement. I was also aware that Thales is very encouraging in supporting the training and development of its staff.” So far, three out for four women have simply just fallen into security. So how do you think final interviewee Diane Smith, in Business Operations at Thales, came into her role? A career planned out from high school to university and so on? No, she too, fell into it. “I didn’t leave my previous role with any intention of working in the security field. I definitely fell into security, but I’m very glad I did,” says Diane. “I previously worked for Thales in a different field and enjoyed the experience. The new position here sounded really interesting and ticked all the boxes for me, so I thought I’d give it a try.” By now you might be thinking that it’s easy to weave your way into a large organisation and into a great role by simply waiting around to ‘fall into it’ like these four women. But you should note that while these women say they ‘fell into it’ they also brought with them experience and skills that were valuable to their current positions. Diane previously worked as a project manager for Boeing on defence contracts. “That gave me a good grounding with security both at the corporate and defence levels.” And it wasn’t all luck for Jeannette as she had said earlier. She brought with her experience in contract management and negotiation and strong organisational and communication skills that have proved invaluable to her current position as Security Operation Manager. Marie-Antoinette gives credit to her experience in the hotel industry saying meeting a cross-section of people was helpful to her in changing her career along with continuous study. “My development in human skills and management has been of great assistance, and obtaining my Diploma in Security and Risk Management was also an asset to my position.” Being a person who has been quite strategic with my career opportunities, I usually pursue roles according to the skills I will learn and the path it would potentially lay out for me as well as the enjoyment of the duties listed so I was curious to know what happens when you simply do leave it to chance and fall into something you hadn’t planned or considered before. The response I got was a resounding, I love what I do. “I love working in a corporate role as it gives me the chance to work across all business units within the company – I get to meet people who work in all aspects of our business across all our sites,” says Jeannette. Apart from enjoying working with a fun, highly skilled team, Jeannette thoroughly enjoys the enormous variety and challenges that her work offers. “We cover everything from armaments and protected vehicles to air traffic management and communication systems, plus many other aspects of defence contracting such as sonar and ship maintenance. “I have the opportunity to work on projects that are of major importance to the security and wellbeing of our country, and in particular for our armed forces. It is very

“I get to work with people all the time and know that I am helping to keep them safe, as well as the company. And I’m part of a project that is directly responsible for keeping our soldiers alive on operations – it doesn’t get much more satisfying than that.” rewarding knowing the work we do saves lives. “Employee development and training has come a long way since I first started working, and this is one area that Thales excels at.” She explains that Thales has an extensive in-house training organisation that offers employees numerous courses to up-skill, develop, and grow in their role. “Thales also has a set cycle of personal development activity discussions throughout the year, which encourages managers and employees to evaluate, reflect on and set an employee’s objectives and goals. “This gives employees the opportunity to develop their career path. In fact, I actively used this process to inform management about my growing interest in the security space, which ultimately led to my current role.” Career in security rewarding? Tick. “It’s definitely a feel-good job,” comments Diane. “I’ve only been in this job with Thales since March 2013, so I don’t have a lot of memories to share yet from my security role. The one thing I will remember about my role here is that I feel like I’ve been part of something important. “I get to work with people all the time and know that I am helping to keep them safe, as well as the company. And I’m part of a project that is directly responsible for keeping our soldiers alive on operations – it doesn’t get much more satisfying than that.” Career in security gives a sense of value? Tick. “In all honesty, I love my job,” adds Chantelle. “I get to meet different people each day, and there is generally always something happening on base. “I enjoy working closely with Defence, building relationships and being able to assist the individual units on site with security and access control issues. “I also get to travel to our depots throughout Australia, being able to meet the people and see the different facilities that are a part of Thales. “I have been involved in the security of a number of projects on base. There are always funny moments, such as listening to the project manager telling the team [Kangaroo Musters] saying they are not cows and don’t respond well to people clapping at them.” Career in security gives enjoyment? Tick. “The industry has evolved over the years, which makes the work much more interesting and challenging,” says Marie-Antoinette. “No day is alike. I also love dealing with the variety of people and cultures, which is rewarding. ““Defence has improved the Security Officer training and

Australian Security Magazine | 33

Women in Security

“Women bring a different perspective and energy to the industry, and personally I’ve always found this industry keen and supportive of hiring and promoting women.” developed better trainers, and overall Defence requirements are nowadays more stringent. “We now have to work on cyber security, which did not really exist when I first started 16 years ago. “Working for Thales has been a positive and enriching experience. I am happy to see through ASIS that more women are joining the security industry.” Career in security has variety? Tick. So what are you thinking at this point? Were these four women in the same room feeding off each other for responses or do Thales employ people who will be great advocates for the organisation? No, they were not in the same room copying each other’s answers. And while they have come out of the interviews being great advocates for Thales, the enjoyment these women have gotten from their roles have made them great advocates for the organisation, but I don’t think Thales was able to scope that out during the hiring process. The passion they have built in their roles are what brought out the advocacy for the organisation. If you aren’t passionate and enjoy what you do, I don’t think you could speak so highly about where you work. These were the very raw and honest responses from each woman – who are based in different offices in different areas of Thales and in very different roles. It is apparent that not only is this organisation a great place to be but falling into a role can be just as good or perhaps even better than going down a direct paved out career path. But that’s not to say we should leave it all up to chance. Having a mentor is something these women pay credit to as well. “I worked with a really good mentor for a number of years,” says Chantelle. “She was the kind of person that wasn’t afraid to tell you where you needed to improve and how to go about it. “I definitely responded well to that kind of honesty and guidance. We became good friends, and I still use her as a sounding board every now and then.” Jeannette says she has been lucky enough to have mentors through all stages of her career. “When I first joined Thales, the senior Commercial Manager was always on hand to provide guidance and advice. “At the moment, Jason Brown, our National Security Director, is providing me with a wealth of information. I feel very privileged to be able to tap into his experience and learn more about the industry.” Jeannette recommends that everyone has a mentor to gain more experience from and for a strong way to grow in a job. “My first mentor earlier in my career was a great support,” says Marie-Antoinette. “I also have another valuable mentor now, who goes the extra step to ensure you have understood all issues.”

34 | Australian Security Magazine

Diane gives special mention to the Senior Security Officer in the Protected Vehicles business. “He has been very supportive and is always there to help me when I need him.” So ladies, (and men too), are you taking notes for your next career move? This is what you should have so far: Going for opportunities that you hadn’t considered or were slightly off the course you planned; bringing skills and experience that you can adapt to the new role and continuing to up skill through study; and gaining more experience and having a mentor to offer support and guidance through the endless opportunities that are available. While these women and many others are breaking down the stereotype of security being a male dominated industry, some women may still find it intimidating to pursue opportunities. So what advice do these women have for the challenging roles in security? Diane believes that for any security role you need to care about what you do. “I do not see Thales as a company that leans towards men over women. I think it is, as it should be, a case of the right person for the job,” she says. “This is not a job that you can do well if you don’t believe in it. “Being a good communicator, developing strong relationships, demonstrating honesty and building trust are all important elements,” says Chantelle. “You need to have the confidence to ask questions and, more importantly, listen to the answers. “It is a male dominated industry, but I believe that is changing with more females moving into management roles within Thales. “I would encourage females into the industry if they find this kind of work interesting and want a challenge.” Jeannette says while the defence/engineering industry is male dominated; there are still fabulous opportunities for women. “Women bring a different perspective and energy to the industry, and personally I’ve always found this industry keen and supportive of hiring and promoting women.” Marie-Antoinette says it’s all changing and that people need to be prepared for the unexpected. “It is male dominated, but changing. I certainly would encourage women to have a go as it’s a different but rewarding field. “In this role you need to be a people person. You need to be prepared for the multitude of changes in the industry, have an open mind, and get your Diploma in Security and Risk Management.” I believe that last one may have been an order! Now to the age-old question, what about work-life balance? Because of course, the world of security is 24/7 and with the surge of social media during the last few years the online world is changing the way security is shaped. More people have more responsibility and those in security must continue to improve and stay ahead of the game. Do these women spend all their time working and studying and monitoring social media sites?

Women in Security

Chantelle is married and a mother of two children. She says her family are very supportive of her and her job and she couldn’t do parts without them. By the sounds of it, it works both ways; she also manages her son’s soccer team. Her son does Tae Kwon Do (perhaps a defence career in the making) and her daughter dances, so she spends a great deal of time with her family and sharing in their interests. Diane is also married and a mother of two. Her husband is in engineering and previously worked for Thales and ADI. Her youngest daughter lives in Jillaroo and works on a cattle farm and her oldest daughter recently joined Thales having left the military – perhaps the model family for Thales. Jeannette is also married, has three kids and says that Thales promotes a work-life balance for families. Marie-Antoinette says she spends all her spare time with family and friends. A lover of the outdoors she is a keen traveller and with a daughter and grandson living in the south of France, whom she regularly visits, I would imagine that it wouldn’t be hard to duck across to other countries. So after all that, if you have wanted to work for a large organisation, or you are a woman who is interested in getting into the security industry, or you simply like to read and know more about the people in this industry, then I hope the stories these women have shared have been useful to you. I always like to know the journey people have taken to get to where they are. It’s the people that work hard and always strive to be better – not those that are handed

“I do not see Thales as a company that leans towards men over women. I think it is, as it should be, a case of the right person for the job,” everything on a silver platter – that are the backbone of this country and have contributed to the flourishing and wellestablished society we live in today. As a way of learning and sharing information, I usually explore the journey from school to tertiary education, to further training and climbing the ladder – the path a majority of people take – and find out all the avenues people have taken to reach success in this industry. I was pleasantly surprised to hear not one, but four stories of successful and educated women in security all under one organisation, having ‘fallen’ into their current roles. I for one, am considering a career switch with all the exciting things these women have highlighted in their days at Thales. Are you a woman working in management in the security industry? Or do you know of a remarkable woman with a career in security? Please email us at

editor@australiansecuritymagazine.com.au

Training for a better future in...

Security at Brisbane Security Training Centre

Our highly respected industry specialists provide Security Operations training and advice to leading security businesses around the state. Let us help you secure the skills you need to become an effective security operator. Call Wide Bay Institute of TAFE’s Brisbane Security Training Centre on 3806 9633 for further information.

• • • •

Defensive Tactics Edged Weapons Introduction to Terrorism Private Investigator - Certificate III in Investigative Services (CPP30607) • Certificate IV in Security and Risk Management (CPP40707) • RPL available

1300 656 188

www.widebay.tafe.qld.gov.au 40 - 44 Johnson Road, Browns Plains, Queensland 4118

Australian Security Magazine | 35

Cyber Security

The challenges of building a cyber security infrastructure in Australia Cyber security is a hot topic. Government, the banks, large corporates all confess to being under sustained attack from State-sponsored and private entities. Many smaller organisations, including not-for profits are also under sustained attack. These systems are typically less well-defended, making them vulnerable to capture and use for the remote release of malicious code on individuals and organisations alike. By Brett Biddington

he identities of some attackers are known, although rarely announced, whilst others are masked. All, however, are involved in illegal activity and the time has come to remove the term ‘hacker’ from the lexicon and to instead use words like ‘intruder’, ‘thief ’ and ‘vandal’. The point is that, with few exceptions, the behaviour is conducted with criminal intent. We need to bring this point front and centre in the way in which we discuss such behaviours. We need to strip away any suggestions that hackers are responsible people whose actions should be admired and whose ingenuity should be acknowledged. Criminal activity is criminal activity. Beyond changing the language and therefore the focus of the narrative, a question that is rapidly emerging is; what else should Australia be doing for the assaults on our networks that, almost certainly are going to increase in intensity and sophistication in the years ahead?

The changing cyber environment Cyberspace is an environment, just as is the sea, the land, the air and space. Cyberspace transcends national borders and has features, as does the physical world, that constrain action and permit navigation. Like space, the high seas and possibly Antarctica, cyberspace transcends national borders,

36 | Australian Security Magazine

which means that regulation is difficult if not impossible at a global level. Cyberspace is undergoing rapid transformation. Three data points are offered: • To date, most devices on the internet have been linked more or less directly to people. Increasingly machines are talking to machines and making decisions without any human intervention • The explosion in mobile devices and wireless access to the internet most of which are vulnerable to attack and exploitation • The geography of cyberspace is exploding in volume – from 4.2 billion IPv4 addresses that have been available to date to an inconceivably large 3.4 x 1038 IPv6 addresses. The combined impacts of these developments and their consequences for human activity and organisation, present challenges for policy makers, legislators and strategists which we can barely grasp. In summary, we are moving from an internet that was populated mostly by people to an internet that is mostly populated by things. People to people transactions will progressively, and quite rapidly, reduce as a proportion of the sum of all activity in the cyber environment. Smart Grid technology is one example of a system of

Cyber Security

internet-enabled devices that has the capacity to remove humans from decision processes. Building Management Systems are another. Currently available products have major physical, electronic and logical security vulnerabilities. Resilience has not factored as an important design criterion, yet so much depends on the assured and continuous operation of these products. Fundamentally, every major human activity conducted in the physical environments is controlled, regulated, directed, enables by commands and instructions that are conceived, delivered, acknowledged, stored, monitored and measured in the cyber environment.

Implications for Australia Australia’s cyber defences are fragile for two basic reasons: • The community is either unaware or in denial about the vulnerabilities we have embraced uncritically in our rush to connect and our rapid adoption on internet technologies • There is a critical shortage of people who know how to comprehend and manage Australia’s interests and objectives in the cyber environment. Certainly the problem is recognised by Governments at least in declaratory policy documents. The National Security Strategy, for example, which was launched by Prime Minister Gillard in January 2013, listed three national security priorities to be addressed in the next five years – one of which was; ‘Integrated cyber policy and operations to enhance the defence of our digital networks’. There is every indication that our new Government is equally committed to securing the cyber environment in Australia’s interests, noting there are critical international dimensions.

Building a cyber aware community The community has embraced internet technologies at such speed that understanding about what constitutes safe and unsafe behaviour has been left in the dust. There are no silver bullets but there are simple measures that, if taken, go far to protecting systems and identity in cyber space. The Australian Signals Directorate has developed a list of 35 behaviours that, if implemented, will lead to a reasonably safe and secure system. If only the top four behaviours are implemented, most known attacks will be defeated. Unfortunately the list has yet to find its way into the consciousness of the wider community. By no means an original thought, but campaigns such as ‘Slip, Slop, Slap’, anti-smoking, and the point of complying with safe driving laws (wear seat belts, don’t drink and drive, etc) are worth thinking about as exemplars to first only go online with systems that are reasonably safe and second, once on line, to behave responsibly.

Building a national cyber ecosystem A national cyber ecosystem will embrace users, service providers, industry more generally and researchers. ecosystems take time to develop and rest fundamentally on

“Fundamentally, every major human activity conducted in the physical environments is controlled, regulated, directed, enables by commands and instructions that are conceived, delivered, acknowledged, stored, monitored and measured in the cyber environment.” relationships. The most critical shortage at present, is a critical mass of trained cyber researchers who can comprehend the challenges that are coming and who can start to think about the protective mechanisms that we will all need to operate safely and successfully in an increasingly hostile environment. The Defence Science and Technology Organisation (DSTO), as part of a broader industry and academic engagement strategy, is seeking to build much stronger links between the classified and unclassified research domains, including in cyber research. Most importantly, DSTO is seeking to substantially lower the traditionally high transaction costs that have made collaboration difficult in the past. The model emphasises partnership and co-investment rather than fee for service or similar funding arrangements. Some universities, not traditionally involved in cyber security teaching and research, are seeking to enter this area – sensing prospects for new students and for research dollars. Their enterprise is applauded, however, there are three limiting factors to consider: • The availability of top quality staff to lead such organisations • The limited student pool • For some higher level research especially, legislated nationality requirements. As we grow the national cyber security gene pool we need to be very careful to ensure that quality is not sacrificed for quantity. The greater challenge is for the research community, working with industry to develop tools that reduce the complexities of cyber security to sets of warnings that can be understood by ordinary users and to readily applied actions that can be taken in response. There is no way back to the world of manual typewriters, paper records and phones with cords. Our national task is to develop the tools, techniques and capabilities to become safer and more secure in our use of and behaviour in the cyber environment. About the Writer Brett Biddington is the founder of a Canberrabased consulting company which specialises in space and cyber security matters. Between 2002 and 2009, he was a member of Cisco Systems’ global space team and before that he served in the Royal Australian Air Force (RAAF) as an intelligence and security specialist before moving into capability development. He is an Adjunct Professor at the Security Research Institute in the School of Computer and Security Science at Edith Cowan University in Perth, Western Australia.

Australian Security Magazine | 37

Cyber Security CCTV

On the couch with... Australian Security Magazineâ&#x20AC;&#x2122;s Director, David Matrai, conducted exclusive interviews with representatives from the worldâ&#x20AC;&#x2122;s leading IT companies: Schneider Electric, Cisco, Trend Micro and Intel. You can watch these interviews at mysecurity.com.au/tv

Philippe Arsonneau - SCHNEIDER ELECTRIC Senior Vice President, Asia Pacific and Japan IT Business Unit. The energy consumer sector and the relationship to the IT sector...

WATCH HERE

Dave West - CISCO SYSTEMS Chief Technology Officer, Asia Pacific, Japan and China, Systems Engineering and Architectures. How has business to business collaboration changed?...

WATCH HERE

Richard Sheng - TREND MIRCO Senior Director, Enterprize Marketing Asia Pacific. Give us a brief introduction to Trend Micro...

WATCH HERE

Balaji Srinivasan - INTEL Business Development Manager, CISCO Account Manager. How has business to business collaboration changed?...

WATCH HERE

38 | Australian Security Magazine

Cyber Security

The Bolt-on Challenge: Closing security gaps through an integrated security architecture As our IT environments have expanded to include networks, endpoints, mobile devices and virtual assets, so too have our security tools. Most organisations have ended up with a set of disparate technologies across these control points that were never designed to work together. The result; breaches happen. It’s a fact of life. As our protection methods improve and security effectiveness levels reach new heights, the bad guys are digging deeper and using advanced techniques and new attack vectors to circumvent existing protection methods. By Ammar Hindi

he integration done to date, if any, is typically one way – the visibility and analysis isn’t automatically correlated and translated into action so that we can contain and stop damage and prevent future attacks. And the data gathered is usually a snapshot in time, not continuously updated to monitor activity as it unfolds. To complement integrated visibility and analysis, integrated and automated controls and intelligence are needed. Further, we can’t just focus on point in time data; we must remain continuously vigilant to combat today’s more sophisticated attack techniques. What happens in the case of malware that disguises itself as safe to evade detection and exhibits malicious behaviour later? Or when indicators of compromise are imperceptible on their own and only point to an attack when distinct data points are correlated – such as an endpoint trying to access a database that it wouldn’t normally, while a system on the network attempts to communicate back to a known bad (blacklisted) IP address? Integration must address the full attack continuum, not just before an attack but also during and after, so that we can adapt defenses to take action and protect important assets. What’s needed is a tightly integrated enterprise security architecture. An enterprise security architecture can provide continuous security – before, during, and after an attack. With security infrastructure based on the concept of awareness and using a foundation of visibility, organisations can aggregate data and events across the extended network. This evolves security from an exercise at a point in time to one of continual analysis and decision-making. With this real-time insight we can employ intelligent automation to enforce security policies across control points without manual intervention, even after a breach has occurred. After an attack we need to mitigate the impact and prevent future similar attacks. With an infrastructure that

can continuously gather and analyse data to create security intelligence organisations can, through automation, identify and correlate indicators of compromise, detect malware that is sophisticated enough to alter its behaviour to avoid detection and then remediate. Compromises that would have gone undetected for weeks or months can be identified, scoped, contained and cleaned up rapidly. We can also move forward with more effective security by automatically updating protections and implementing integrated rules on the perimeter security gateway, within security appliances protecting internal networks, on endpoints and on mobile devices to detect and block the same attack. As we look to the future, it is clear that IT environments will continue to expand, spawning new attack vectors we have yet to imagine. An integrated security architecture provides a dynamic foundation so that security measures can remain continually effective and relevant in a changing world. Attackers don’t discriminate. They’ll use every weapon at their disposal to accomplish their mission. As defenders we need to as well. With a powerful enterprise security architecture based on awareness and continuous capabilities, we can close security gaps across the ever-extending network – before, during and after an attack. About the Writer Ammar Hindi is Managing Director of Asia Pacific operations for Sourcefire, now a part of Cisco. In this position he is responsible for corporate operations across the region, including sales, business development and strategic marketing activities. Hindi joined the company in June 2009, bringing nearly 20 years of experience in sales and management positions launching Asia Pacific business initiatives.

Australian Security Magazine | 39

CCTV

Analytical technologies for a superhuman command and control Gone are the days of a security officer just sitting and watching a few security monitors. In today’s modern world of CCTV, analytical technologies have made it possible for humans to become superhumans. By

Anthony Caputo

40 | Australian Security Magazine

raditional security command centres included multiple closed circuit television (CCTV) monitors that provided centralised surveillance technology, giving security operators the ability to expand their limited physical area-of-coverage. Thus, instead of patrolling a select location, a security operator can now split their attention to multiple locations, panning back and forth from different areas-of-interest from the comfort of a chair. They can use their keen eye on a wider scale, but at the cost of a more fragmented approach. Active surveillance works better when there’s little activity, but a crowded venue or CCTV monitor creates natural blindness, we are only capturing snapshots in time of the activity. We are only human. Analytical technologies have made it possible to become superhuman. The linear experience made it somewhat less complex and so, all we needed to do was sit back and watch. As an entertainment venue, television delivered information, but there was no interaction. The television changed society by informing the world what was going on around them and world-wide. Just as society became smarter with the information provided by television, security personal became smarter with CCTV.

Monitoring and security professionals are trained to be alert, observant and smart because monitoring security cameras is not linear, but the beginning of our new interactive media world. When a security professional observed or was radioed suspicious activity, they would need to evaluate and respond immediately, based on their experience and training and internal security policies and procedures for risk assessment, criticality and effectiveness. However, there was always an inherent inefficiency in ‘human eye’ surveillance of multiple monitors presenting linear video, because of human nature. We can be easily distracted because we are not wired to absorb every single detail from a linear video presented to us, and studies show that the effectiveness of an operator monitoring two security cameras drops 95 percent in about 22 plus minutes. This is due to a number of issues from environmental ergonomics to behavioral; being bombarded by information overload. Many of the command and control centers I’ve seen (from homeland security to schools, to major corporations and transportation hubs), include multiple video walls, multiple workstations with multiple monitors, multiple televisions playing 24 hour news (still informing us), all

CCTV

running a plethora of applications from video management system software, to incident reporting, 911 Emergency, intrusion detection, fire alarms, elevator alarms, access control, perimeter intrusion, and panic/duress alarms. The world has changed dramatically since the invention of CCTV, which is nothing more than a linear collection of silent moving images. Security operators cannot absorb the necessary information fast enough because everything moves faster and there are too many monitors and not enough trained eyeballs to decipher their meaning. Monitoring operators typically work in four to eight hour shifts, and with hundreds of cameras, an active approach to surveillance becomes cumbersome and costly, and still plagued by the basic fact that human beings will have a difficult time monitoring live video feeds for extended periods of time. Dr Richard Mayer, a psychology professor at the University of California, has done extensive research concerning cognition, instruction, and technology in multimedia learning, and thus proposed a ‘cognitive theory of multimedia learning’. He wanted to replace the behavioral perspective (what classrooms have been like most of the last century) on multimedia instruction with a more cognitive and constructivist approach. The behavioral perspective sees students as passively absorbing new knowledge, using practice activities, and memorisation, while a cognitive and constructivist approach in more ‘like real life experiences’ or ‘interactive’. When an animation about how a bicycle tire pump works was presented concurrently with systematic narration, the students significantly outperformed those who just read a textbook. Additionally, using spatial contiguity (printed text, with related pictures near or integrated) students showed significantly better recall and problem solving skills (faster), than those that just read a textbook. When reading a book, or watching silent video imagery, you’re using a single channel of data consumption. When seeing imagery, listening to narration, and reading words together, as in a graphical user interface, you’ve opened up three channels of data consumption. Theoretically, you can absorb the information three times faster, or in the case of a security operator, you can make a decision three times faster. Designing a centralised, interactive, intelligent command and control centre integrates all security assets, available application technologies, alerts and alarms, and then presents them to the security operator faster, through multiple communication channels to provide them with the information they need to make the right decision, at the right time. The convergence of media, communications and data analytical technologies creates a multimedia command and control centre using analytical intelligence to provide security operators with a brain centre formulated to immediately teach them about active and previous incidents, their level of severity, and give them the information they need to sit up and take rapid notice, and be superhuman. For example, while the security operator in charge of a few select monitors is watching the latest crisis on CNN, or reading a text, a backpack is left behind at a train station. Analytical software continuously analyzes every frame of every video stream being presented and/or recorded. The threshold is two minutes between when the owner and

“...studies show that the effectiveness of an operator monitoring two security cameras drops 95 percent in about 22 plus minutes. “ the backpack separate. If that owner doesn’t return in two minutes, an alert is generated in the software, which initiates a series of events that generates an alarm. That alarm includes a range of multimedia elements including changing the lighting in the command and control centre to red, signifying an alarm has been triggered. An audio alert is activated because the analytical software has identified the backpack owner as having left the station on a train. On the far left video wall, alarm tiles showing video footage is presented. One from two minutes ago, one with live footage, another of a PTZ camera zoomed into the backpack in question, and yet another following the backpack’s owner into the last train leaving the station. An interactive map is presented onto the video wall of all other security cameras, and GPS coordinates of all mobile security vehicles and officers in the general area, along with the trains leaving and entering the station. Meanwhile, facial recognition has identified the backpack owner by cross-referencing the face capture with world-wide databases and presented his identity not only on the video wall, but to each mobile unit in the vicinity (smart phone, tablet, laptop). The security operator has since taken notice, thanks to the multimedia alarming, spoke briefly with his supervisor and clicked the alarm function on his workstation to send a message to the rail dispatch to stop the train the backpack owner is on, and all trains scheduled to enter the station. After quickly reviewing all the data before him, the supervisor approves an evacuation of the station via the two-way audio paging system built into the camera. The bomb squad enters the station shortly thereafter. This superhuman system can also provide automated audit trails, trend analysis, effective risk management in an ever changing environment, statistical data, incident reporting and budgetary risk assessments. By making today’s technology work for you, instead of working around the technology before you, important decisions can be made within minutes, saving lives, property and time, because in an ever faster moving world of video clips and twitter, time becomes even more crucial. About the Writer Anthony Caputo is a Director at Avrio RMS Group (www.avriormsgroup.com), which has the largest number of wireless security camera deployments for municipalities in North America with more than 100 cities. He is the author of the best selling Digital Video Surveillance and Security for Butterworth-Heinemann/Elsevier, with a new edition being released next Spring. You can contact him at www. tonycaputo.com

Australian Security Magazine | 41

Frontline CCTV

Solutions for a safer city Whatâ&#x20AC;&#x2122;s going on in your city right now? Do you know how the local parks and public areas are being used? What about vandalism? Is your city marred with graffiti? Are there areas of your city that could benefit from security and surveillance measures? By Wai King Wong

42 | Australian Security Magazine

y integrating surveillance in parks, squares, streets and public buildings from one central control room, city managers can answer these questions and implement plans for a safe and secure city. An integrated system supports multiple stakeholders, giving the correct person access to information relevant to their purpose. Surveillance implemented this way will benefit both those that are responsible for the safety of cities as well as the citizens living in them. There are of course, challenges for each of these types of installations but there are technology solutions that can counteract these challenges. Full integration through centralised and interconnected network video between city and infrastructure installations is the best way to reap the benefits of a surveillance system. Managing a city and all that it entails, from security to planning, is complex to say the least. From parks and squares to streets and public buildings, there are any number of incidents that could be taking place, from traffic congestion at a particular junction to crime and vandalism against citizens. Each location has its own challenges when it comes to video surveillance. For instance, parks are typically large areas so surveillance equipment needs to offer high-speed coverage

with precise zoom, control of the area being viewed and auto tracking for when following the route of a specific object or person is necessary. Varying light conditions, and restricted visibility due to trees and foliage can also make it difficult to recognise movements. A camera equipped with Lightfinder technology provides detailed video, even in darkness. It is vital that the cameras in use are able to point to a specific place or target. Often it is the case that incidents occur when no one other than the criminal is present. In this instance it is important to have audio detection as well as support from a microphone. The addition of a loudspeaker offers an immediate deterring effect. Squares and parking areas tend to be very wide areas with potentially many occurrences taking place simultaneously. This type of installation requires both an overview as well as the ability to zoom in on details. So it is important to have a camera with precise pan, tilt and zoom (PTZ) from overview to specific details. Even with shadows and light reflection, digital zoom can give both an overview and detail in the entire field of view. And monitoring of wide areas in 16:9 format with HDTV quality images gives detailed feedback of any activity taking place.

CCTV

The heart of any city is its streets and intersections and if they are not flowing properly it could be detrimental, not only to the city’s citizens who may be struggling through congested roads, but also to the life blood of the city – its businesses. The state of the roads and traffic flow is also important when it comes to emergency vehicles and their ability to reach emergency situations as quickly as possible. Being able to receive clear images is key to the flow of the city but also for identification of faces and license plates in regards to specific instances. Having a PTZ camera that delivers clear images even at night or in adverse weather conditions gives the ability to identify vehicles and drivers. And with pre-sets such as wide view and optical zoom, security cameras are able to look into traffic, seeing cars head on at night. Again, it is important in situations such as these to get both an overview and a detailed image with precise pinpointing on an object or person. Whether it is the police or security managers who are monitoring the input from cameras, they need to be able to read license plates from a great distance and to have a quick focus on moving objects to keep track of activity in real time as well as for post incident review. Monitoring public buildings has its own set of challenges. They tend to have large entrances, sometimes with glass doors that can make it difficult for cameras to get clear images due to the reflection off the glass and because of strong backlight. Again for these big spaces, it is necessary to have cameras that can follow an object, moving within the fields of view in corridors and halls. With these types of spaces there are often long corridors and perimeters that need protection by seeing events as they happen. Technology is needed that patrols gates, doors and vulnerable areas pointing in several directions, monitoring traffic that is passing slowly or quickly with precision. As installations of this nature need discreet surveillance, it is likely a solution that provides good colour video, enough for identification, even when the use of white lights is not an option, is necessary. Hotels for example, don’t tend to have bright white lighting in their buildings but still need a surveillance solution that provides clear images and identification. Of course the idea of one centralised, integrated surveillance system, watching over a city and taking care of its citizens, is great in theory. The main challenge with the execution of such a plan comes from the citizens themselves. It is the concern of public privacy versus the surveillance goals of a city, the right to feel safe and secure without feeling as though they are being monitored. However, this need not be an issue. In a city being watched by security cameras they need only be placed and directed at public spaces, not into homes and businesses. And in instances where there are sensitive areas, privacy masks can be used to exclude that area from the monitored field of view. It isn’t necessary to invade the public’s privacy in order to run a city smoothly and safely. A city’s video surveillance system should be seen as a tool that makes for a safer, more secure city. For example, cameras placed in communal places such as parks and public buildings can in effect be an extension of the police force, working non-stop to support their efforts in both evidence collection but also as a real-time investigative tool. With one centralised control room, cameras can provide access to clear images not only to city managers but also to officers, which is particularly

“Often it is the case that incidents occur when no one other than the criminal is present. In this instance it is important to have audio detection as well as support from a microphone. The addition of a loudspeaker offers an immediate deterring effect.” useful when cameras are placed in areas where police would like to be, but can’t. Cameras placed in public spaces allow police to make better use of their resources. For example, if an officer is on patrol they can view the feed coming from a park either on their mobiles or on their patrol car computer system, to check everything is okay or if their presence is needed. It is not necessary that the cameras work with any sort of facial recognition system or pre-existing database. As long as the cameras installed have the ability to zoom in they can identify individuals. If a situation does arise, say there is incidence of violence in the park, police can look through the footage to identify suspects, where they may have gone, how they were travelling and who they may have been with. If installed properly, surveillance cameras are a way to keep cities safe and running smoothly. They are a deterrent for anti-social behaviour as well as a tool for authorities. Making sure the correct surveillance system in place is vital to protecting and managing a city efficiently and with full integration, from video management software to processes, to monitoring and maintenance, it can be done with one single control room. About the Writer Wai King Wong is Sales and Country Manager Australia and New Zealand for Axis Communications. Wong is responsible for the management of all sales and operational activities in ANZ and has held the position since November 2002. He has extensive knowledge and experience in the networking and software deployment and support arenas and holds a bachelor of Business in Business Information Systems from the Royal Melbourne Institute of Technology (RMIT) and a Master in Business and Technology, UNSW.

Australian Security Magazine | 43

Frontline

Improving whole of Government protective security This case study briefly describes protective security improvements introduced across all agencies of the Government of Jamaica (GoJ). The improvements were part of a national civil service modernisation program, delivered as a World Bank international development assistance project. By Mark Jarratt CPP

44 | Australian Security Magazine

amaica is a nation of some three million in the Caribbean Sea, often viewed solely as an exotic tropical resort paradise. Similar to nations such as Australia and New Zealand, Jamaica is an Anglophone Commonwealth Realm sharing Queen Elizabeth II as monarch, with political institutions familiar to Australians, and they are also keen cricketers. Contrary to the carefree image of Jamaica as a land of resorts, reggae and Rastafarians, however, the GoJ confronts continuing security concerns including money laundering, internal and international drug and weapons trafficking, violent crime primarily committed by organised gangs affiliated with the major political parties, and corruption of officials. The central location of Jamaica in the Caribbean makes it an attractive transit point for South American cocaine bound for the USA, and a preferred destination for money laundering by drug cartels. The resorts such as those on the North Coast around Montego Bay, and rural areas, are usually safe and peaceful, as tourism is an important source of foreign exchange, yet the political and business capital Kingston (population about 600,000) suffers high crime rates fuelled by poverty and gang turf wars. These and related factors combine to present Jamaican authorities with significant external and internal security challenges, not least the scope for corruption of officials by money derived from drug and weapon trafficking. The GoJ recognised the need to expand and enhance systems and procedures to protect vital official national assets including personnel, information, and equipment, and their reputation as a trusted nation; the GoJ accordingly required improvements to whole of Government protective security management. The protective security modernisation project was managed from the national headquarters of the GoJ Ministry of National Security (MNS), located in the seven storey NCB

Complex, one of the few high-rise buildings in Kingston. The MNS mission is ‘ … to contribute towards creating a safe and secure Jamaica by the effective enforcement of law and order and maintenance of secure borders’. The MNS has wide responsibilities for administering the National Security Policy of Jamaica and related crime prevention and public order issues, including providing guidance to all other Government agencies on protective security standards. More than 200 MNS officers are stationed at the NCB headquarters. The Minister and senior executives, such as the Permanent Secretary and Chief Technical Director, are also located at the NCB HQ. The MNS portfolio includes the Jamaican Constabulary Force ( JCF) and the Passport, Immigration and Citizenship Agency (PICA). The MNS Protective Security Unit (PSU) processes applications for restricted and banned items permits and entry of non-commercial ships into Jamaica’s territorial waters, and coordinates security vetting for prospective Ministry employees. The PSU assists in formulating and implementing policy on drugs, small arms, human trafficking, border security, ports security, aerodrome and airport security. The PSU also has primary carriage of implementing whole of Government protective security standards, including maintaining an effective network of security advisers in line agencies. A comprehensive protective security risk review and site inspection of the MNS HQ and other official sites was conducted during the project, resulting in recommendations to reduce the likelihood and mitigate the consequences of the most highly rated risk events (security breaches and incidents). The main areas of security exposure identified at the MNS HQ included: • Workplace harassment up to and including violence against the Minister, other VIPs, and MNS personnel, whether from criminal intruders, clients or other staff

Frontline

•

Unauthorised disclosure of, access to and/or tampering with official and classified information held by the Ministry • Theft of official Ministry assets and/or staff personal property • Corruption or coercion of MNS staff • Compromise of Ministry operational effectiveness • Non-compliance with globally accepted professional security standards • Loss of access to classified information produced by other agencies • Breaches of national security • Adverse audits with tabling of security audit reports in the Jamaican Parliament causing damage to the reputation of the Ministry and loss of Government or public confidence. Of these, workplace violence rated highly due to the increased risk profile of MNS premises arising from the success of enforcement efforts against local organised criminal gangs, through ‘Operation Kingfish’. The effectiveness of anti-gang enforcement activity caused heightened hostility against GoJ authority figures in general, with specific threats made against the Minister for National Security. The most significant improvements implemented at the MNS HQ from the security review related to the command, control and communications structure for deterring, detecting and responding to incidents, before escalation causing harm. Standard operating procedures were defined to support integrated security response force functions with clear lines of command and supervision for private security guards, Jamaica Defence Force Military Police, Island Special Constabulary Force, and Minister’s Close Personal Protection Team, all of whom performed various and sometimes overlapping security roles at the site. Recommendations from the MNS HQ security inspection also addressed physical security enhancements over the site perimeter and internal offices, and ensuring controlled access points were constructed to provide doors, frames and locking devices of comparable forcible attack resistance. Consolidated security instructions and guidelines for security staff and line personnel were also produced, covering the range of issues involved in cohesive whole of Government protective security management. The guidelines and instructions were based on updated GoJ procedures, which had to some extent fallen into disuse, public domain international standards (ISO, ASIS), and unclassified Australian, United Kingdom and USA Government protective security concepts. The current GoJ protective security approach is therefore a hybrid of sound practices and approaches modified from various authoritative sources to suit the Jamaican security environment. Intensive training on protective security principles using real life examples and role plays was presented to officers of the MNS, JCF and PICA, as their responsibilities included introducing the strategic protective security improvements, training their colleagues, and monitoring compliance. The other major element of the protective security project was to modernise the GoJ approach to personnel security vetting.

Previously, candidates for GoJ national security clearances were not required to provide signed declarations and supporting documentation as to their identity, background and criminal history. The backgrounds of prospective clearance holders were checked through field inquiries performed by the JCF Special Branch. Candidates were not provided with formal advice that they had passed or failed the background checks or of the security aware conduct expected of them once a clearance was granted, and appeal procedures if the clearance was denied were not established. The personnel security vetting upgrade involved creation of forms to obtain personal information relevant to suitability for access to official and valuable GoJ assets including classified data, explanatory material upon the nature and scope of the vetting process, and procedures defining the actions to be taken by MNS staff at each vetting stage. The main benefit for MNS vetting officers and clearance candidates was that trust in the personnel security process was improved, increasing understanding and cooperation, while allowing persons who did not wish to undergo vetting to withdraw without adverse conclusions on their character. The GoJ personnel vetting approach now requires informed consent by candidates for clearance, including providing declarations that the information provided is true and accurate. This approach means that vetting subjects are fully informed, and the onus to accurately declare issues relevant to suitability for a security clearance resides with them. The new approach explicitly states that providing false or misleading information can be grounds for disciplinary action up to and including dismissal, encouraging candidates to accept responsibility for their own security compliant behaviour. The upgraded personnel security vetting approach also considerably reduces the workload of the JCF in conducting field inquiries, which were often of limited use because persons interviewed about the clearance subject tended to report positively, due to the embedded social and family ties usually associated with a relatively small society such as Jamaica. The protective security management regime introduced as part of the whole of Government civil service modernisation project provides solid foundations supporting the dedicated GoJ officials, military, and law enforcement to better deter, detect and respond to security breaches and incidents. This in turn assists national advancement, maintains and improves the stability and continuity of GoJ services, and contributes to a functioning safe, secure and high trust society for the benefit of all Jamaican citizens. About the Writer Mark Jarratt is Lead Security Consultant in the Canberra Office of consulting engineers Norman Disney & Young. He is a Certified Protection Professional (1999) and Australian Government Security Construction and Equipment Committee (SCEC) endorsed security zone consultant. Mark has 19 years’ experience in Government and corporate protective security. He served as an Australian Customs officer for more than 21 years, including five years as Chief of Security, National Office.

Australian Security Magazine | 45

Special Feature - Cyber Security Available online! See our website for details

1 YEAR SUBSCRIPTION TO THE AUSTRALIAN SECURITY MAGAZINE

6 print issues per year for only $88.00 SUBSCRIBE TODAY... DON’T MISS AN ISSUE Yes! I wish to subscribe to the Australian Security Magazine, 6 issues (1 year). ☐ ☐

AUSTRALIA INTERNATIONAL

A$ A$

88.00

(inc GST)

1 YEAR

158.00

(inc GST)

1 YEAR

Yes! As an additional bonus I wish to receive direct to my inbox the Asia Pacific Security Magazine (emag), 6 issues (1 year).

No business or government organisation survives in a vacuum. Sharing knowledge is fundamental to the development of successful security planning and implementation. That is the role of our magazine: sharing knowledge of developments in security management for public and private sector organisations, both for internal management and for external obligations in public safety and security.

MY DETAILS

PAYMENT

Salutation: __________First Name: __________________________________________

Please find enclosed my cheque/postal order (made payable to MySecurity Media )

Surname:______________________________________________________________

for $ __________________ or debit my:

Job Title: ______________________________________________________________ Company: _____________________________________________________________ Postal Address:__________________________________________________________ Suburb: _____________________State: _________ Postcode: ____________________ Country: ______________________________________________________________ Email: ________________________________________________________________

Card Holders Name: __________________________________________ Signature: _________________________________________________

Interested in our e-news service? Phone: +61 (8) 6465 4732 during business hours AWST (Australia Only)

Expiry Date:________________ Todays Date: ______________________

PRIORITY FAX Credit Card Details Australia +61 (8) 9467 9155

FREE POST My Security Media 286 Alexander Drive, Dianella. W.A. 6059

Email subscriptions@mysecurity.com.au

GST This document will become a TAX INVOICE for GST when payment is made. My Security Media Pty Ltd ABN 54 145 849 056

To have your company news or latest products featured in our TechTime section, please email promoteme@australiansecuritymagazine.com.au

New generation Network Video Recorder See page 52