Print Post Approved PP100003227
THE COUNTRY’S LEADING GOVERNMENT AND CORPORATE SECURITY MAGAZINE | www.australiansecuritymagazine.com.au Aug/Sep 2018
Importance of soft skills in security
Review of PMC’s cabinet paper’s report
Australian Government – state of cyber
Is your VMS a digital fortress
Internet of things impacting facilities management
$8.95 INC. GST
Insider threats – operational, tactical & strategic insights
PLUS WIN A COPY OF 'THE FIVE ANCHORS OF CYBER RESILIENCE'
AUSTRALIAN SECURITY READERS SWITCH TODAY AND SAVE 20%* ON YOUR LIFE INSURANCE
NDING VA STA L UT
2016
CT IO N
EC DIR
T
UE
O
No advisers fees No surprises at claim time Canstar award-winning insurance Customer satisfaction score of 95.8% # Tailored offer for Australian Security readers
E IN COME PROT
Call NobleOak for a quote:
1300 108 490 and mention ‘AUSTRALIAN SECURITY’ or search NobleOak Professionals to switch and save.
nobleoak.com.au/professionals *Important information. Please contact NobleOak to verify your actual premium and to apply for cover on 1300 108 490 which will take into account your age, occupation, sum insured, health and pastimes. The savings quoted are the average savings when comparing NobleOak’s premiums for its Term Life cover under NobleOak’s Premium Life Direct to the average cost of Term Life insurance products offered by other Life Insurance companies, including products available directly from the insurer (24 products from 12 insurers included in this comparison) and those available for purchase through a financial adviser or broker (10 products from 10 insurers included in this comparison). The premiums are based on a non-smoking Australian resident with a Life Insurance sum insured of $500,000 at 5 year age bands from age 30 to 65 for advised products and 30 to 50 for direct products. In many cases the saving for an individual is higher than the 20% average saving quoted. Life Insurance rates for insurers, including NobleOak, may change in the future and this could change the outcome. The premium comparison was undertaken in March 2018 based on published premium rates. Legal statements. Premium Life Direct is issued by NobleOak Life Limited ABN 85 087 648 708 AFSL No. 247302. Address: 66 Clarence Street, Sydney NSW 2000. Phone: 1300 108 490. Email: sales@nobleoak.com.au. Cover is available to Australian residents and is subject to acceptance of the application and the terms and conditions set out in the Premium Life Direct Product Disclosure Statement (PDS). This information is of a general nature only and does not take into consideration your individual objectives, financial situation or needs. Before you purchase an insurance product you should carefully consider the PDS to decide if it is right for you. The PDS is available by calling NobleOak on 1300 108 490 or from www.nobleoak.com.au. Clients should not cancel any existing Life insurance policy until they have been informed in writing that their replacement cover is in place. NobleOak cannot provide you with personal advice but our staff may provide general information about NobleOak Life insurance. By supplying your contact details, you are consenting to be contacted by NobleOak, in accordance with NobleOak’s Privacy Policy. #2018 client survey by Pureprofile.
2018 #SecurityAwards Call for Nominations g By
Anna Ho, Marketing and Communications Officer, Australian Security Industry Association Limited (ASIAL)
T
he vital role performed by Australia’s private security industry will be recognised later this year at a special awards ceremony in Sydney organised by ASIAL. The 2018 Australian Security Industry Awards for Excellence and Outstanding Security Performance Awards will recognise excellence in the security industry. Nominations are open to all and provide an opportunity to recognise individuals, including frontline security personnel who have gone beyond what could reasonably expected of them in providing a level of service that exceeds client’s expectations. Likewise, organisations and teams who have demonstrated leadership and innovation will also be recognised. Judging of the awards will be undertaken by an independent panel of judges, that includes Damian McMeekin, Managing Director of CT Intelligence & Insight; John Adams, Editor, Security Electronics and Networks Magazine; John Curtis, Director, IPP Consulting Pty Ltd; Michael Walker, Senior Manager, Security Services, Facilities Management, Reserve Bank of Australia; Rachell DeLuca, Senior Security Consultant, ARUP and Vlado
Damjanovski, CCTV Expert Specialist and MD, ViDi Labs. Nominations open 1 July and close 31 August. Winners will be presented at a special awards ceremony to be held at Sydney’s Doltone House Hyde Park on Thursday 18 October 2018.
2018 AWARD CATEGORIES INCLUDE: • Individual Achievement – General • Individual Achievement – Technical • Gender Diversity • Indigenous Employment • Special Security Event or Project – Under $500,000 – Over $500,000 • Integrated Security Solution – Under $500,000 – Over $500,000 • Product of the Year – Alarm – Access Control – CCTV – Camera – CCTV – IP System/Solution – Communication /Transmission System
– Physical security (bollard, gate, barrier, lock)
AWARD CATEGORIES INCLUDE: • Outstanding In-house Security Manager/ Director • Outstanding Contract Security Manager/ Director • Outstanding Security Team • Outstanding Security Training Initiative • Outstanding Security Partnership • Outstanding Security Officer • Outstanding Female Security Professional • Outstanding Guarding Company • Outstanding Security Consultant • Outstanding Security Installer • Outstanding Information Security Company For more detailed information on the award nomination criteria and process visit www.asial.com.au/ securityawards2018
RECOGNISING EXCELLENCE
#securityawards Organised by:
2018
AUSTRALIAN
Security Industry The Australian Security Awards Ceremony & Dinner The night is an opportunity to celebrate excellence and innovation in the security industry, and network with likeminded security professionals. www.asial.com.au/securityawards2018 Date: Thursday 18 October 2018 | Venue: Sydney’s Doltone House Hyde Park Entertainment Sponsor:
2018
Lead Dinner Sponsor:
Contents
7 8 12 14
Editor ASM Chris Cubbage
Editor ACSM Tony Campbell
The security implications of an aging population
18 20
Director & Executive Editor Chris Cubbage
24
Director David Matrai 7
Art Director Stefan Babij
8
MARKETING AND ADVERTISING
Reinventing the SOC
12 16
T | +61 8 6465 4732 promoteme@australiancybersecuritymagazine.com.au
18 21
SUBSCRIPTIONS FOR AUSTRALIAN SECURITY MAGAZINE
22
T | +61 8 6465 4732 subscriptions@australiansecuritymagazine.com.au Copyright © 2017 - My Security Media Pty Ltd 286 Alexander Drive, Dianella, WA 6059, Australia T | +61 8 6465 4732 E | myteam@mysecuritymedia.com www.mysecuritymedia.com
24 42 Bad things come in small packages
30 33
All Material appearing in Australian Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.
Print Post
www.a ALS |
ustrali
ancyb
SSION
ITY PROFE
ZINE FOR
ALIAN
AUSTR
N SECUR
MATIO
INFOR
THE MAGA
see it, Now you don't now you
rityma
gazine
.com.a
Issue 5,
THE COUN
TRY’S
2018
G GOVER
NMEN
T AND
CORPO
RATE SECUR
ITY MAGA
ZINE
| www.a
ustrali
ansecu
rityma
gazine
.com.a
Aug/Sep
Austral state ofian Governmen cyber t–
2018
Is you digital r VMS a fortress
Insider threats – tacticaloperational, & strateg ic insight s
nting Reinve – the SOCalertcuring fatigue
$8.95 INC.
u
Review of PMC’s paper’scabinet report
Interne impacti t of things manageng facilities ment
gs Bad thin ll sma come in kages pac
www.facebook.com/apsmagazine
PP100003227
LEADIN
Importa in securitnce of soft skills y
R!
Cognitive bias in Security
Approved
u
Mag
yberSec
@AustC
m cyber Quantu making y securit levant es irre breach
Stuff GDP ve Cogniti bias in y securit
CONNECT WITH US
ersecu
GST
PLUS OF COPY WIN A OF ANCHORS 'THE FIVE RESILIENCE' CYBER $8.95 INC.
GST
PLUS
n Cyber
Security
WIN A 'THE FIVE COPY ANCHORS OF CYBER OF RESILI ENCE'
Magazine
56 | Australia
@AustCyberSecMag www.linkedin.com/groups/Asia-PacificSecurity-Magazine-3378566/about www.youtube.com/user/MySecurityAustralia Applications of advanced data analytics
Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.
Correspondents* & Contributors www.asiapacificsecuritymagazine.com
www.aseantechsec.com
Jane Lo*
Danielle Traino
www.chiefit.me
Milica D. Djekic Vikram Sharma Nigel Hedges James Jordan
|
www.youtube.com/user/ MySecurityAustralia
Elliot Dellys Also with
www.drasticnews.com
|
Lionel Snell
www.cctvbuyersguide.com
Jason Hilling 6 | Australian Security Magazine
Guillaume Noé
Federica Bisio
Kieth Suter
Shannon Sedgwick
Australian Security Magazine |
“This is dangerous territory. When politicians resort to using race in advancing their agendas, they inevitably excite racial anxiety and stir up social division. They end up damaging our racial tolerance and multicultural harmony.” - Departing race discrimination commissioner Tim Soutphommasane in his speech, delivered at the University of Western Sydney’s Whitlam Institute, Monday 6 August
W
e had the opportunity to facilitate a security consultant’s roundtable at the Security Expo 25 July in Melbourne, courtesy of HID Global. Amongst the discussion on smart buildings and mobility, the group also focused on the trends being seen when it comes to physical access control and the priorities for adding value to end-users, in the realm of physical access. Underlying the importance of physical access control, some recent research data highlights that the workplace is not just subject to nuisance or targeted crime, but also the phenomenon of domestic violence. In 2014–15, on average, almost 8 women and 2 men were hospitalised each day after being assaulted by their spouse or partner. Between 1 July 2010 and 30 June 2014 there were 152 intimate partner homicides in Australia. Almost half of the males who killed a former female partner killed that partner within three months of the relationship ending, almost a quarter were named as respondents in Domestic Violence Orders, half were using alcohol at the time of the homicide and over a third stalked the victim either during the relationship or after it had ended. And this is where the workplace comes in. Stalking behaviours can include the abuser following the victim, loitering near the victim’s home or work, and breaking into the victim’s house. Stalking also includes acts of technology facilitated abuse such as persistent text messaging; maintaining surveillance over the victim’s phone or email; covertly recording the victim’s activities; and engaging with the victim on social media/dating sites under a false identity. Of the 121 male offenders, 13 per cent of homicides occurred in public/open places and two male homicide offenders killed their female intimate partners at a workplace. The importance of workplace access control is underlined by wider societal behavious. Security systems are there not to just protect business assets but also personnel and visitors. The risk of domestic violence occurring in a workplace is a lot more so than any terrorist attack or violence caused by a Sudanese African gang. Worthy of note also is the release of Handbook 15 - Safe and Healthy Crowded Places as part of the Australian Disaster Resilience Handbook Collection. Unlike the previous
silo focus on terrorism in crowded places, this handbook can be more widely used to prepare plans before an incident or emergency in a crowded place arises, and to maximise the efficiency and effectiveness of any responsive and recovery action. It appropriately incorporates principles and guidelines for developing crowded place and site plans against a range of potential hazards that may have an impact on attendees, not solely a terrorist incident. We have to get out the silo approach often enforced on us by agenda driven government agencies and politicians. With this in mind, we continue to cover all aspects of the security domain. Interestingly, Dr. Keith Suter has raised the issue of aging and societal security implications. With increased life expectancy, increased health expectancy and the growth in human enhancement technology, society is heading for some major challenges which few policymakers are brave enough to address – much like Sudanese gangs are a convenient distraction to the more prevalent issue of domestic violence, so is race based immigration a distraction to that of an aging population and lack of action being taken. Shannon Sedgwick argues that a lack of budget allocation may be to blame for the slow progress of increasing cyber security maturity, with $230 million earmarked for Australia’s
Editor's Desk
Cyber Security Strategy over four years. The US Government budget for cyber security is approximately A$26 billion, and the UK Government has alotted A$800 million to their cyber security efforts. When you consider the likelihood of cyber attacks and the possible damage caused by breaches to critical infrastructure and national security, one could argue that spending on cyber is a long way from being sufficient. Finally, Nigel Hedges, a 20-year veteran provides an excellent and always timely article on the importance of ‘soft skills’ in the security domain, and this applies to both physical and cyber security. “Some security professionals feel that they have lost a fight when the business will not agree to a security recommendation,” writes Nigel Hedges, but “ultimately, the business gets to decide and own any risk that they accept.” I suppose we can push this out to the general public to determine how much risk they are willing to accept from their preferred politicians. As we have seen in Australia in recent times, the quality of the political class could be perceived as a national security threat in themselves. My view is we should expect and get better! Our security may well depend on it. And on that note, as always, we provide plenty of thought provoking material and there is so much more to touch on. Stay tuned with us as we continue to explore, educate, entertain and most importantly, engage.
Sincerely, Chris Cubbage CPP, CISA, RSecP, GAICD Executive Editor
Advocacy. Community. Integrity. Join the Australian Institute of Professional Intelligence Officers today
Intelligence can provide exciting career pathways across many different agencies and sectors — but isn’t it good to know you’re part of a bigger national and global community? The Australian Institute of Professional Intelligence Officers (AIPIO) provides this community, together with a wide range of membership benefits. Our membership is drawn from a diverse range of intelligence domains, including:
NATIONAL SECURITY
DEFENCE
BUSINESS
ACADEMIA
LAW ENFORCEMENT
REGULATION
BANKING & FINANCE
INTEGRITY COMMISSIONS
As the peak professional body for intelligence professionals, AIPIO is committed to: Connecting members across intelligence communities and encouraging cross-domain collaboration
Supporting and representing intelligence professionals throughout their career lifetime
Sharing cutting edge and emerging global intelligence practices and enabling technologies
Encouraging cross-domain collaboration on broad intelligence topics such as cyber and big data
Do something positive for yourself and your career – join AIPIO today.
aipio.asn.au
Australian Security Magazine | 7
Cyber Security
The importance of soft skills in security? By Nigel Hedges
A
s information technology professionals the majority of us have experienced or at least heard of the stereotypes of IT people. You need only watch a few episodes of The IT Crowd to get a sense of this. Even in current times, there is a continued perception of poor communication skills and business alignment. I’m sure we’ve all heard terms linked to information security personnel, such as “road blocker”, “corporate fun police” or “project inhibitors”. However, the information security industry as a whole has been quite proactive in wanting to change this view. Gartner’s Security and Risk summits has highlighted repetitively for years now the drive towards Information Security as a business aligned ‘enabler’.
and genuine part of gaining success and opportunity in your information security career. Ignore it no longer! Even experienced professionals can do with regular soft skills refreshers to shake off acquired bad habits. The good news is, that soft skills is not only the domain of people born with a natural gift or for regular presenters at Australian information security conference circuits. There are many things that can help you develop soft skills, but here are 7 introductory things you can do to start improving your own soft skills as you interact in the information security industry.
Why it is important?
It’s easy to be noble about being imperfect. It’s another thing to actually do something about it. Often, when we are provided constructive feedback about our flaws there is a possibility of taking this personally. Very few actively enter the uncomfortable personal zone of trying to change our negative behaviours. For such a long time, it was possible for technical people to succeed simply based on technical
No matter how much subject matter expertise or knowledge we gather, if we do not spend time on improving our ability to communicate, our value can be diminished. The ability to create a difference for yourself, team and organisation may be limited. Soft skills are going to be an important
8 | Australian Security Magazine
1. Be humble and aware of your personal flaws and strengths
Cyber Security
However, critical thinking is an often over utilized skill. Being ‘negative nelly’ to other suggestions and input can stifle creativity, innovation and openness. skills, this no longer the case. Getting constructive feedback (a.k.a. ‘areas for improvement) should not be seen as a personal failure. If you find yourself talking about blame or denying feedback, you will have to ask yourself – if I need someone to blame, am I ever truly in control of my situation? This ability to be self-aware is a critical and fundamental step to many other soft skills advancements. All feedbacks (even those that are delivered poorly) should be viewed as a platform to extract personal learnings, and if you develop an appreciation and gratitude for any and all feedback you get – it’ll make it easier to take.
2. Accept that you don’t have to be a carbon copy of someone in the industry There are great role models out there showcasing fantastic soft skills. They’re blogging, showing up on TV interviews, and seated at conference keynote discussion panels. These folks are to be commended for their contributions. You do not need to emulate their interests in order to be successful. Instead you should embrace your own passionate areas of cybersecurity, topics you are interested in. You will find that people will be drawn in and interested in something you can speak passionately about.
3. Don’t forget what you’re here to do Information Security is now recognized as such a vital and important part of the success of the organisation. However, and I hope this doesn’t come as a surprise, it is not the most important thing – the business is. This is not the time to get complacent. Stay focused on being business aligned and seek collaboration opportunities with the business when you can. We should be humble in the face of the growing importance for our expertise by not forgetting the adjacent importance of being business centric.
4. Be open to thinking differently Critical thinking has served us since our ancestors were dwelling in caves and avoiding being eaten by large, clever animals. However, critical thinking is an often over utilized skill. Being ‘negative nelly’ to other suggestions and input can stifle creativity, innovation and openness. A well-known educator Edward De Bono called this ‘black hat’ thinking. In his book Six Thinking Hats he describes a mental framework (using 6 different coloured hats) for processing information
in different ways. This includes optimism, gut-feel reactions, listing facts, creativity and of course critical thinking. It is an example of something that can teach us to not always interpret information in a one-dimensional way.
5. You can’t do this alone. Work better with other people Stephen Covey in his book 7 Habits of Highly Effective People wrote that humans follow a path of maturity: - Dependence (infancy) - Independence (adolescence and early adulthood) - Inter-dependence. Relying on peers and work colleagues is a great way to get complex things done.
6. Things aren’t always going to go according to plan Not all communication exchanges go the way we want them to. You’ll aim to make more positive exchanges than negative ones and learn from the ones that didn’t go so well. Ask yourself, do you contribute to constructive, positive meetings? Do you get worked up when your ideas get shot down? Do you feel your recommendation to use a particular technology was shot down by the team? It’s important to become self-aware of these things, as a first step to doing something about it. Some security professionals feel that they have lost a fight when the business will not agree to a security recommendation. Ultimately, the business gets to decide and own any risk that they accept. It is important that no one leaves a meeting where ownership for a decision is in doubt. If you leave a meeting without ownership, it means there has been a lack of accountability on all parts. It can be frustrating when your plans do not get accepted by peers. It’s important to note that conflict is a natural part of our work environment and is healthy, so long as messages are sent and received in an assertive manner. Complaining to sympathetic peers to blow off steam in the background, is passive aggressive and not too helpful. Blowing up in a meeting and storming out is aggressive. When decisions do not go our preferred way, there is nothing wrong with letting people know – provided it’s done respectfully.
7. Let Management / Promotion / Opportunity come to you An incentive for developing soft skills is that it leads to career progression and opportunity. Be careful not to adopt a ‘fake front’, such as putting on an act. This is ultimately not going to work. It’s also very draining when you’re spending energy to put on a personal front. By setting out to make small, incremental improvements in soft skills, those opportunities will naturally come when you’re ready. Some people get complacent once they get promoted to managerial positions in information security, and this can be very risky. Personal Leadership is about knowing when to lead, and when to follow. You should continue to
Australian Security Magazine | 9
Cyber Security
learn from anyone you come in contact with. Managers today are leading less and less through hierarchical power positions, and more as colleagues. Being willing to follow your peers regardless of their position is a strong reflection of leadership.
Where to next? Attending information security conferences and watching panels and presentations is a good way to see how people apply soft skills. These are people in our industry who have already set themselves a personal challenge to improve their ability to communicate their ideas and opinions. It also gives an opportunity to network and meet people outside our work place. Make a pact with yourself to say hello to at least one new person and engage in conversation about why they are there, what they do, and what they intend to get out of the conference. One other advantage is conferences give you lots of interesting material to go back and share with your immediate peers and other colleagues. Another suggestion can be to see if your information security management will encourage meeting with peer organisations and meeting other people in similar roles. It often provides a great way to compare notes in a nonthreatening way, while practicing your communication skills. Here’s a list of skills you can research on google, and if you are really keen you can drop the article an author a line
for a list of amazon kindle books that are worth looking into. List of Skills to research: - Emotional Intelligence Skills - Cultural Awareness Skills - Customer Service Skills - Lateral Thinking - Interpersonal Skills (MBTI, DISC) - Teamwork Skills - Meeting Skills - Communication Skills - Presentation Skills - Negotiation Skills - Conflict Management Skills - Personal Leadership About the Author Nigel Hedges is a 20-year veteran in the information security industry. He has spent a number of years on both sides of vendors and end-user organisations. In most recent years he serves as the Senior Security Architect at a large national retailer. He has a number of industry certifications including CISA, CISM, CISSP, CGEIT, CRISC, CCSK, ISO27001 Lead Auditor & Lead Implementer, SABSA Foundations. Nigel also holds a Master of Business Administration from La Trobe University, and is midway through a Masters of Cybersecurity. He can be reached at: nigel.hedges@reece.com.au
Driving growth in Australia’s cyber security sector From ideation to export, and everything in between, AustCyber works with: • Startups
• Venture capital funds
• Scale-ups
• Government agencies
• Corporates
• Research organisations • Educational institutions.
AustCyber acts as a connector and a multiplier, assisting Australian cyber security organisations to successfully access: Funding across all stages of the commercialisation cycle Profitable global supply chains and growth markets.
The first step is to connect with us: www.austcyber.com
10 | Australian Security Magazine
info@austcyber.com
+612 9239 3250
@AustCyber
New South Wales, Australia Chapter
harbour cruise
“Do you have 20/20 Security Vision”? ASIS National Conference 17th & 18th October 2018
DANIEL LEWKOVITZ
RACHELL DELUCA
David Harding Prof. Martin Gill Dr Kira Harris 17th & 18th October 2018 Sheraton On The Park
161 Elizabeth Street, Sydney NSW 2000 www.ASISNSW.ORG.AU
CHRIS CUBBAGE
CODEE LUDBEY
Early Bird = $750 for Members Early Bird = $900 for Non-Members Ticket Includes: • 2 Day conference ticket • Morning and afternoon tea for both days • Buffet lunch in Feast restaurant both days • Networking Cruise on Sydney Harbour
REGISTER NOW
http://www.asisnsw.org.au/NSW/NSW_Events.html
Cyber Security
Australian Government The state of cyber “Australia and Australians are targets for malicious actors—including serious and organised criminal syndicates and foreign adversaries—who are all using cyberspace to further their aims and attack our interests.” (MP, n.d.)
A By Shannon Sedgwick
12 | Australian Security Magazine
mongst the never-ending acronyms of Canberra’s public service are government agencies and departments, who guide the direction and implementation of the Australian Government’s cyber security strategy. Agencies and departments such as the Australian Signals Directorate (ASD) and their subsidiary the Australian Cyber Security Centre (ACSC), the Attorney General’s Office, the Department of the Prime Minister and Cabinet (PM&C), the Department of Home Affairs, CERT Australia, and the Department of Defence (DoD). The collective aim of these agencies and departments is to improve the resilience and cyber security posture of the Australian Government, private industry, and its citizens. They are the first line of defence for Australia in the protection against cyber criminals, espionage, and insider threats. There are unique challenges faced by these organisations, and I will shed some light on these challenges and the progress of our government’s cyber security strategy since it’s introduction in 2016 (The Department of Prime Minister and Cabinet, 2016). The 2016 Australian Cyber Security Strategy addressed five key goals; 1 – Governments, business and the research community together advance Australia’s cyber security through a national cyber partnership,
2 – Australia’s networks and systems are hard to compromise and resilient to cyber attacks, 3 – Australia promotes an open, free and secure cyberspace by taking global responsibility and exercising international influence, 4 – Australian businesses grow and prosper through cyber security innovation, and 5 – Australians have the cyber security skills and knowledge to thrive in the digital age. These five goals are laudable fundamentals for which to strive. One of the main issues in achieving these goals is that the Cyber Security Strategy did not address exactly how it was going to implement these plans or quantitatively measure its progress. The Strategy breaks down the five goals into 33 separate action points, which may prove unwieldy. A better approach would be to identify the essential action points and prioritise them according to their severity of risk to the overall five goals. Australian National Audit Office (ANAO) audit reports of various federal agencies make it clear that the government has more work to do in the implementation of its Strategy Action Plan. The ANAO found that the majority of the agencies it audited did not meet the mandatory standards set by the ASD in April 2013, the Top 4 Mitigation Strategies. The Top 4 are a subset of the ASD Essential Eight, which will
Cyber Security
soon replace the Top 4 as the minimum standard with which Australian Government agencies must meet. The Essential eight are: 1. Application Whitelisting 2. Restrict administrative privileges 3. Patch Application 4. Patch Operating Systems 5. Disable untrusted Microsoft Office macro 6. Multi-factor authentication 7. User application hardening 8. Daily backup of important data The only agency in the ANAO’s purview considered “Top 4 compliant” and “resilient” was the Department of Human Services (DHS). The Australian Taxation Office (ATO) has since achieved Top 4 compliance too. Whether compliance with the ASD’s Top 4 or any other government regulation signifies an organisation is cyber-resilient is arguable. When too great a focus is on compliance, it can create a “tick the box” culture instead of addressing the principal risks and threats to an organisation’s assets. The ANAO hit the nail on its proverbial head in their recent Performance Audit Report describing what makes an organisation “cyber-resilient”: “cyberresilient organisations demonstrate a leadership culture and behaviours that prioritise cybersecurity and focus on it. They do more than comply with mandatory requirements; they demonstrate an effective security culture.” (Australian National Audit Office, 2018) One could be forgiven for not fully understanding which government advice to follow. There is a plethora of different advice and regulations to which industry and government alike can subscribe and align themselves. ASD Top 4, ASD Essential 8, ASD Top 35, Australian Information Security Manual (ISM), Australian Defence Security Manual (DSM), ISO27001, National Institute of Standards and Technology (NIST) Cyber Security Framework, PCI-DSS, Notifiable Data Breach (NDB) Scheme, and the list goes on. Therein lies another problem. An overabundance of security advice can lead to confusion and cause organisations to either do nothing, over-compensate or attempt to comply with an ineffective mix of national and international standards. A lack of budget allocation may also be to blame for the slow progress of increasing cyber security maturity, with $230 million earmarked for Australia’s Cyber Security Strategy over four years. The US Government budget for cyber security is approximately A$26 billion, and the UK Government has alotted A$800 million to their cyber security efforts. When you consider the likelihood of cyber attacks and the possible damage caused by breaches to critical infrastructure and national security, one could argue that spending on cyber is a long way from being sufficient. It is certainly not all bad news though. The government has opened four Joint Cyber Security Centres (JCSC) throughout Australia which allows the sharing of threat intelligence and collaboration between government, academia, and industry. An additional $30 million in funding has been granted to an industry-led Australian Cyber Security Growth Network that “brings together businesses and researchers to provide a foundation for
the development of next-generation products and services required to live and work securely in our increasingly connected world.” (Aust Cyber, 2018) The Department of Home Affairs has developed initiatives such as the Cyber Security Challenge which promotes the cyber security industry to graduates, with a particular focus on women in cyber. The reforms of the Protective Security Policy Framework (to be released October 1st 2018) to a “principles-based” approach is a welcome change to the previous unwieldy and overly prescriptive version. The revision seeks to simplify the framework by separating guidance material and mandatory requirements. Alastair Macgibbon, the National Cyber Security Adviser & Head of Australian Cyber Security Centre, has also dramatically increased the ACSC’s staff numbers in a relatively short amount of time. This increase in resources will assist to develop collaboration between industry and government further and improve Australia’s cyber resilience and standing on the global cyber stage. Advanced information and communication technologies (ICT) are necessary for the success of the industry, consumer, and government activities and ICT security should be of the highest priority. Australia is taking steps to address the threats from advancing technology. However, we are lagging behind the pace of other Western countries. (Austin, 2016) A robust and effective cyber security strategy is critical to the protection of Australia and its citizens and for a profitable technology-led industry. Effective strategy implementation across government, a cyber-aware and resilient culture, continued collaborative engagement between government and industry, a unified and simplified approach to regulations and standards, and adequate funding is required for Australia to thrive in the digital age and successfully respond to cyber incidents, deter cyber attacks, and protect against threats from both cyber criminals and foreign interference. About the Author Shannon is a Senior Manager in Deloitte’s Cyber Risk Advisory in Canberra and has had extensive experience providing consulting and cyber risk services to a range of both private and public clients from ASX 100 corporations to Defence. With a unique background in international risk management in non-permissive environments, Shannon is regarded as an industry SME in “holistic security”. Shannon regularly appears on national and international news programs, expert panels, industry publications, conferences, and radio networks discussing national security, cyber security, counter-terrorism, and breaking news events.
Australian Security Magazine | 13
Cover Feature
The security implications of an aging population A By Dr. Keith Suter
ging is the new frontier. The components are: increased life expectancy, increased health expectancy and the growth in human enhancement technology. The bottom line is that society is heading for some major challenges which few policymakers are brave enough to address because they are far too focussed on short-term issues. This article will examine the “new frontier” and then examine three security implications: the cost of paying for older people, the tensions arising from pension/ superannuation adequacy, and labour shortages. This article is encouragement to think about the unthinkable.
The Three Components of the New Frontier First: there has been an increase in life expectancy. We have gained as much life expectancy in the last century as in the previous 5,000 years; this an increase of about 25 years. About 5,100 years ago, people lived on average for 25 years. In 1900 the figure had crept up to 50. Therefore giving people in western countries an old age pension was not a big burden on government because most people
14 | Australian Security Magazine
never lived long enough to collect it. Now life expectancy is around at least 75 years and there are concerns about the sustainability of pension schemes. This change can be seen in the various phases of aging. Traditionally a person had three stages: young, middle aged and then getting to ready to die. Now there are four stages: (i) childhood (ii) maturity (iii) well aged (the new “third age” with perhaps one third of a life spent in retirement) and (iv) the compression of morbidity (whereby a person’s body declines quickly). Never before has any society had so many older people; there are no precedents to guide us. The first Australian to live to 120 is already alive and she is probably currently in her 60s (unfortunately we do not know who she is and so we cannot warn her). Second: there is increased health expectancy. Growing older does not necessarily mean feeling older (“60 is the new 50”). Average incapacity-free life expectancy is rising faster than average life expectancy overall, and so people are not only living longer but they are also living more healthily. Many people are taking better care of their health and so reducing lifestyle risks (such as smoking). There is also
Cover Feature
About 5,100 years ago, people lived on average for 25 years. In 1900 the figure had crept up to 50. Therefore giving people in western countries an old age pension was not a big burden on government because most people never lived long enough to collect it. Now life expectancy is around at least 75 years and there are concerns about the sustainability of pension schemes. far attracted too little attention. “National security” is too often perceived to be a military matter. This article argues that “the social security of aging” is also a national security matter. Here are three challenges.
The Economics of Aging
the rise of the “counter-aging society”: older people refuse to act as though they are “old”. This means that today’s older people are much “younger” than their parents were when their parents were at their age (assuming the parents managed to live that long). There is a growing market for information on how to remain young. Finally: there is the growth in human enhancement technology. Human enhancement technology as such is not completely new, for example the invention of spectacles and hearing aids. Now far more technological progress is underway either (i) restore an impaired function (such as eyesight) or (ii) to raise the function to a level considered to be “beyond the norm” for humans. Examples include the use of cognitive enhancing drugs to improve memory and concentration; use of hearing aids and retinal implants to improve sensory perception, and the use of bionic limbs to restore mobility. These developments will, among other things, enable older workers and people with disabilities to stay in the workforce for longer and broaden their potential opportunities for work. To sum up so far, these are signs of a successful society. But they present major challenges that have so
Can we afford the elderly? This question is asked in two contexts. First, there is the increased cost of caring for an aging population: hospital/ aged care facilities. Aged care centres are a comparatively new idea. Traditionally old people stayed in the family home and helped out, such as looking after the grandchildren. Only some military veterans received the sovereign’s special attention of having their own aged care facility, such as London’s Chelsea Pensioners, which began in 1682. In Australia the move began in the 1920s and 1930s when churches converted spare land into facilities to take care of older Australians. The Menzies Government in the 1950s introduced commonwealth government funding to the not-for-providers of aged care. This has now become a multi-billion dollar industry and it is a major financial burden on government budgets (and a major media nightmare when scandals take place). As people live longer so there will be additional costs on aged and healthcare budgets. The second context is the “global pension time bomb”, as it is called by the Switzerland-based World Economic Forum (WEF). In 2017 WEF reported that the world’s six largest pension saving schemes (US, UK, Japan, Netherlands, Canada and Australia) are expected to reach a US$224 trillion gap by 2050. WEF calls this the “financial equivalent of climate change”. The situation becomes even more dire when China and India are also included in the calculations. Australia is seen as being at the least risk (thanks to superannuation reform beginning two decades ago). The US is at the most risk. The US state of Illinois is already teetering towards bankruptcy with pension benefit growth overwhelming the state’s economy. The bottom line of both contexts is that there will be an extra burden on government budgets. There may be some offsets (such as the reduced expenditure for child care
Australian Security Magazine | 15
Cover Feature
and schooling). But the long-term view is that of increased pressure on government budgets, and so less available funding for other matters, such as defence.
Erosion of Social Cohesion “My doctor says I can live for another 30 years but my accountant says that I can only afford to live for another 20 years”. Another set of challenges is at the level of individual psychological impact and the damage to national morale. A current example is the research by Princeton University’s Angus Deaton and Anne Case. Almost all Americans are living longer, including Afro-Americans and Hispanics. But Deaton and Case have found an anomaly: middle aged white male and female Americans in economically depressed areas (captured by Trump in the 2016 presidential election). These Americans are dying prematurely through depression and opioid addiction. Will this type of crisis become more widespread? Social cohesion is based on a society getting richer and happier (however that is measured). Economic growth and psychological well-being are the glue that hold a society together. Some of the stereotypical Trump voters have shown how prolonged unemployment (such as in the West Virginia’s coal mining areas) can have a social cost. Here are two warning signs of threats to social cohesion. First, some pension schemes (such as Australia’s national superannuation one) are based on personal investment in the market (rather than a guaranteed regular payment from the state). This investment is a volatile source of income. Stock markets are currently doing well. But “corrections” take place every few years. A person can be unfortunate to retire at the time of a market downturn and so lose some of the investment. Looking to the longer-term, superannuation projections can only be based on the “known knowns” of today’s economy. However some commentators have raised concerns about the “known unknowns” which represent a threat to the continuation of today’s wealth. These “known unknowns” include climate change, resource scarcity, large numbers of asylum seekers and “climate refugees”, growing gap between rich and poor, and block chain technology (which could undermine banks, which represent over 30 per cent of the total value of the Australian Stock Exchange). In short there will be increasing anxiety over the adequacy of superannuation arrangements. Second, the children and grandchildren of the aging “baby boomers” (people born between 1946 and 1966) are suffering from “inheritance impatience”. These young people see their older relatives living in large homes with generous superannuation arrangements. They would like access to that wealth. A new branch of law has been developed to deal with this problem: elder abuse. Elder abuse has occurred throughout history but now it is becoming far more common. About five per cent of Australia’s older people experience abuse. Financial abuse is the most common form of elder abuse. Most of this abuse comes from adult
16 | Australian Security Magazine
children anxious to get the wealth of their parents. To sum up, the prevailing view in most of western societies is that life will continue to get better. But that may not be the case. In the future, older people may have little incentive to continue the daily struggle of staying alive.
Labour Shortages Finally, an aging population will mean shortages of labour. This is a byproduct of the demographic transformation: falling fertility and rising longevity. This is already being seen in trades and professions which particularly recruit young people, such as nursing, teaching and military service. There are two potential solutions – both politically controversial. First, more immigration should be permitted. Africa has a rapidly growing population. Perhaps more African workers should be allowed into western developed countries which are running out of young workers. There is also a surplus of young people in many Islamic societies, such as the Middle East and North Africa (MENA) and Indonesia. However, given the rising anti-immigration political movements, this may not be possible. Second, more should be done by government to encourage people to have children. The kindergarten (“garden for children”) movement began in Germany and other parts of western Europe over a century ago to encourage both parents to go to work. This saw a reversal of the then stagnant population growth (in an era when governments decided there was a need for larger populations to provide large armies). Making day care available is no longer enough. South Korea, for example, which has one of the world’s lowest fertility rates, is trying to find ways of guaranteeing women that have careers that they will be able to resume their careers after their babies are born. Unfortunately, the South Korean attempts have generated public anger, with women resenting being treated as breeding farm animals. It also means that a workaholic South Korean business community will need to develop more family-friendly business practices. Thus, we have some major social challenges in all western societies: changing the attitude of employers to retain older employees and not pension them off, and to reassure women that their careers will be safe once their children are born. To conclude, global society is now where it has never been before: grappling with the challenges of an aging population. Unfortunately, not enough attention is being given to these challenges.
App now available on iTunes & Google Play DOWNLOAD NOW!
www.australiancybersecuritymagazine.com.au
Catching drug traffickers and illegal aliens with Artificial Intelligence and Machine Learning The innovative approach that helped US Border Patrol seize two million pounds of cannabis and apprehend one million illegal aliens
A Assistant Chief Patrick Stewart – United States Border Patrol, US
ustralia’s federal, state and local law enforcement and border patrol agencies are facing unprecedented challenges in their fight to secure the nation’s borders and stay a step ahead of criminals. Advancement in technology – such as biometrics, automation and Artificial Intelligence – offer opportunities to improve capabilities – however, as the technology used by national security agencies becomes more sophisticated, so too does the approach of the criminals they are working to apprehend. So how can we effectively plan, prepare and respond to outpace the would-be perpetrators? Washington-based Assistant Chief Patrick Stewart – Branch Chief of the Geospatial Information Systems (GIS) program for the United States Border Patrol and the program lead for U.S Customs and Border Protection – believes the answer lies with geospatial technology. Assistant Chief Stewart and his team have set global benchmarks in developing innovative Geographic Information System (GIS) technology solutions that support risk-informed, intelligencedriven operations. This has enabled the US Border Patrol (USBP) to significantly strengthen its operations, including apprehending nearly a million illegal aliens and seizing more than two million pounds of cannabis since 2016.
The Role of GIS Technology Our enterprise geospatial solution is called ‘eGIS’ – a portal that consolidates all our data and enforcement information on apprehensions, seizures, significant incidents, intelligence reports and realtime detection activity. The system is built on the ArcGIS platform and allows us to visualise critical information and insights on a map as it unfolds, so we can make decisions based off the most complete view of a situation possible. It has been a game changer for border protection and is a solution we 18 | Australian Security Magazine
continue to invest in and evolve with. It underpins most of our operations at USBP and we’re increasingly opening access to the solution to other government departments and agencies – to share data and insights that may be valuable to their operations or jointmissions. We use GIS technology in almost every aspect of our border security – and I can confidently say our operations are faster and better all-around with GIS. One of the most important things we can do with the technology is look at a problem area and understand our challenges and deficiencies in border protection. GIS has allowed us to better assess the areas in which people are getting away from us, and scrutinise the ‘why’ so we can plan a better response in future. With GIS, we begin to understand the total flow of traffic getting into the US – and see how or why some suspects may be evading enforcement. Previously, without GIS technology we were limited to tracking suspects based on wide areas using landmarks. For example, we may have recorded that we saw three people at a particular area on our border – and we would go back over our records and see that collectively we’ve had 20 people who had escaped via this window. Because it was so large – let’s just say an area with a one-mile radius – suspects could have got away from us from anywhere in this window. Now with GIS technology, we can provide and record the exact coordination of the location where people got away from us. We can very clearly identify traffic patterns of where suspects are coming from or going. We can fuse that information up with the location of known established trails, stash houses and the highway system, to get an accurate understanding of where suspects are likely heading. Essentially, we can create a real-time map of each movement they have made. With this insight, we can effectively track these people down. We know they’re going two miles up the interstate highway to a stash house, and we can find them and catch them. As a result, we have significantly less people getting away from us now –
and for those who do get away, we can deduce where they’re likely going and record that too. To give you some perspective, we went from having nearly 600,000 suspects evading us in 2006, down to around 180,000 a year, thanks in-part to the insights provided from our GIS technology. As GIS continues to complement our use of new technology and enable a growing work force, we believe we will continue to see this number decrease. GIS technology is pivotal in helping us catch smugglers, drug traffickers, criminal organisations or illegal aliens before they enter the country. Our regional command centres store and share data on where we’ve seen signs of foot traffic, or other evidence of people crossing, like abandoned vehicles, trash and left behind clothing and supplies. This data is visually represented on a map so command can do a quick eyeball analysis in real-time, to provide directions to agents in the field. The system is also then accessed by our analysts who can compare reported sightings with known local activity – allowing us to filter out tourist traffic areas and narrow down our search. Pictured below Officers using geospatial mobile devices to add real-time data to their shared mapping interface.
We also use our GIS to analyse imagery-based maps to track drug mules. Using ground based imagery to identify large bundles and oversize backpacks, we track and monitor their activity from the first sign of their presence, such as footprints, until we apprehend them and make the seizure. GIS is a major contributor to our ability to track them so quickly and effectively. This becomes critically important when we’re dealing with suspects in dire conditions. In the United States we find many of the areas they’re trying to cross are barren, hot and treacherous – a lot of people are in danger and putting themselves in harms’ way by trying to cross. We want to ensure we can apprehend these people quickly to ensure the security of the border, but also to show compassion and ensure their safety. We get lots of calls for rescue tracking – last seen foot sign, known trails, or evidence of people crossing are critical in ensuring a timely response. We have started thinking of GIS as the “Science of Where” and through this use of GIS, we have caused a paradigm shift in how we view enforcement – and that has been humbling. Starting this process, I didn’t expect it would be so profound. The difference is that the agency now understands that no matter where you are, you are “somewhere”. Our suspects are “somewhere”. Thinking of this as the “Science
of Where” is understanding that location is what ties everything together. It seems simple, but by embracing that, we’ve been able to create a more efficient operational environment.
The value of IoT IoT (Internet of things) is something that within the USBP, we’ve been doing for years but no one has called it that until just recently. An example of how we are using IoT is the National Intrusion Sensor Infrastructure (NiSI). This program leverages thousands of IoT devices to detect seismic, magnetic and infrared activity as it occurs, allowing us to detect and track the locations of suspects, agents, and dangerous wildlife. Some IoT feeds are associated with producing photos or video clips; but some are as simple as weather data – providing us with windspeed and temperature – which is critical as it helps us understand the potential speed of travel when people are on foot. Obviously if it is really hot, someone will travel at a slower speed than if it’s cold. We use that to determine where we should intercept them to help ensure our agents and the suspects themselves are safe. In the cases of a drug mule trekking through the dessert, we want to apprehend them quickly and efficiently to ensure public safety. In the case of human trafficking suspects and immigrant family units, we also want to locate and apprehend them quickly to minimise their risk of suffering in treacherous conditions. By using GIS to optimise the data collected through IoT devices, we’ve been able to improve our agent dispatch, blueforce tracking and situational awareness processes.
New Technology Trends Artificial intelligence (AI) and machine learning (ML) have seen great advancements recently and are the newest areas we have started to push forward in throughout all aspects of border patrol. For example, in terms of AI, we have started using GIS to map and analyse IoT sensor information to determine travel patterns, smuggling patterns and examples of narcotic traffic. From there, we can better position these IoT devices to feed an AI computer vision system. This system automatically detects whether people have weapons, are hauling oversized backpacks or drug bundles, if children are present, or even if there are dangerous animals or endangered species in the area. With this machine learning and AI capability, we have been able to transform a previously labourintensive task that required us to inspect every visual, into a situation where we can now assess thousands of images a day. This means we can quickly identify threats and trafficking activity and intercept large narcotics loads. To access the key material including Assistant Chief Patrick Stewart’s keynote presentation slides from the recent Australian Security Summit visit: esriaustralia.com.au/acpstew Australian Security Magazine | 19
TechTime - Movers & Shakers The Internet of Things is turning Facilities Management on its head A
ustralia’s army of tradespeople who monitor, maintain and fix the billions of dollars of
equipment that keeps offices, factories and shops open have become the new frontline in the advance of the Internet of Things (IoT). As the internet and smartphones become primary necessities over paper and landlines, trade services must embrace the next phase of business evolution in order to remain relevant in the market and to appear dependable, effective and cutting-edge for the modern customer. Though not a brand new concept, IoT has become the herald of this new chapter, facilitating unique connections with the latest job management and service technology and forever changing the way trade service facilities and professionals operate. The Internet of Things (IoT) IoT, has been defined as the concept of connecting any electronic device to the internet and to other connected devices. It works an application or service that uses information collected from sensors – or the “things” – and then analyses the data from the sensor to perform a specific function. Through IoT a giant online network is created which allows previously unrelated technology to speak to each other and combine forces to create new functions that generate new levels of convenience for the user. Many tech experts have used smart TVs or fitness watches that generate a tailored exercise plan as examples of IoT.
could take vibration readings, log them to your
business productivity and efficiency in real time, giving
database, and alert you when the vibrations fall out of
businesses the potential to grow, meet and exceed
a range.
their goals.
“Or, you have sensors in the fire detection or
New Zealand, and the United Kingdom, simPRO
reporting back the current state of the equipment they
provides global leadership for trade and specialty
are tasked to keep an eye on.
contractors worldwide.
“Then, when an event occurs that falls outside
growth capital as part of an aggressive product
notification is raised, a job is created to investigate, or
innovation and expansion strategy that has seen the
an alert is sent to your customer.
company enter the United States and the United
“How could this impact your SLAs, or your costs, for that matter? What will your customers think potential defects before they even can tell something is
from small contracting operations through to corporate
wrong, and in between maintenance cycles?”
enterprises with thousands of staff.
Thomson’s insight into the future of the trade service industry is why companies like simPRO are determined to add IoT to their repertoire. In June this year, simPRO introduced its new IoT solution which will be available to its 100,000 + users in Australia, New Zealand, the United States and the UK across 2018. simPRO IoT takes hardware, software and data from businesses in the trade and field service industries and integrates them into one platform, allowing previously separate programs and machines
and manufacturers. For these companies, however, it’s not about programming driverless cars or automatic toasters and coffee machines for the break room. Trade service companies are eager to get in on the IoT action because when their systems are all connected and talking to each other, they have the potential to improve their service delivery, considerably cut costs, and deliver an improved customer experience. “Think about the IoT in terms of field service applications,” Thomson said. “Say, for example, you have an accelerometer fitted to the cooling tower on top of a building that
20 | Australian Cyber Security Magazine
Hills appoints new Head of Security, Surveillance, IT and ATV business
to talk to each other and provide automated solutions ordinarily requiring extensive manual effort. simPRO’s IoT solution also includes machine learning, proactive action triggering and automation of field service activities, which significantly reduces the complexity of administrative tasks like selection, installation, integration and management, and can trigger field service activities for businesses in near real time. The company has already begun working with airport lounge operator Swissport and facilities (building plant and equipment) management group Thermacell to keep guests at Luton Airport in the UK warm in winter and cool in summer. IoT represents significant opportunity in the trade services market, with the number of connected IoT devices worldwide expected to jump 12 percent on average annually, from nearly 31 billion in 2018 to 125 billion in 2030, according to analysis from IHS
interact with one another goes far beyond allowing the
being actively rolled out by leading service companies
At the end of 2017, simPRO had more than 4,000 clients and 100,000 users globally, with clients ranging
According to Curtis Thomson, simPRO director, one
the initial trials and high-end proof of concepts and are
Kingdom over the last two years.
about this – your ability to log, report and respond to
Markit (Nasdaq: INFO).
companies, IoT projects have now moved well beyond
In 2016, simPRO secured AUD$40 million in
of a tolerable range for that piece of equipment, a
Why should trade services care?
of the world’s leading job management software
With customers in the United States, Australia,
sprinkler systems all constantly monitoring and
The ability for machines and data to connect and human race to live like the Jetsons. The trade service industry’s IoT-laden future signals effectiveness, efficiency, profitability and all-around satisfaction for everyone involved.
About simPRO simPRO provides business management cloud solutions for the trade and specialty contracting industries; including security professionals, plumbers, electricians, HVAC, solar, data networking, and others. simPRO eliminates the hassle of field service management, reduces paperwork, refines office processes, streamlines field operations, increases profit, maximises your workforce, and enables more business growth. As it is cloud-based, it can be used anywhere, anytime to help improve streamlined
H
ills has announced the appointment of Roger Edgar as Head of Sales, Security, Surveillance, IT
and ATV across Australia and New Zealand (ANZ). Based in Sydney, Edgar will be responsible for leading Hills’ security, surveillance, IT, antenna and communication sales teams, and delivering on sales priorities across the region. He is also tasked with improving the customer experience across Hills’ network of branches, with a focus on end to end service delivery. Edgar brings over 30 years of sales and management experience to the role, having held senior positions in the wholesale electrical distribution sector in Australia, New Zealand and USA. He joins Hills after three and a half years as General Manager
for CNW Electrical NSW/VIC/TAS and prior to that, his
iCetana is a successful global organisation with
180-degree panoramic view and a higher vertical field
distribution expertise was developed through senior
office locations across 3 regions including EMEA,
of view. This enables greater coverage not only on the
management roles with Rexel in New Zealand the
The Americas and APAC. iCetana has developed an
horizontal, but also on the vertical plane, capturing an
USA and Australia.
advanced AI-computer vision and machine learning
even greater field of view below the point of camera
solution for security and beyond security, to see
installation. Moreover, the internal tilt adjustment of the
that Edgar’s appointment was key to Hills’ strategy to
through the chaos and highlight abnormal events when
lenses of the MS9390-HV has been upgraded to 20°,
increase growth in its SMB business across ANZ.
they happen. iCetana’s software learns daily, allowing
allowing users to achieve the precise angle desired.
it to constantly adapt to new environmental and
Furthermore, the multi-sensor camera employs H.265
behavioural conditions.
compression and Smart Stream III technology to create
CEO and Managing Director, David Lenz, said
“Roger will be play a key role as we look to increase the accessibility of Hills’ offering across the region and continue to accelerate our sales momentum with our key brands,” Lenz said. “The consolidation of the antenna business under
“iCetana is exceptionally fortunate to welcome
the most efficient system, and resulting in remarkable
Mark Potts onto the Board. His vast experience and
savings in storage and bandwidth consumption while
knowledge within enterprise corporate strategy will
at the same time providing complete video security.
Roger’s leadership acknowledges his considerable
be a valuable asset as iCetana continues to solidify
experience in the electrical distribution space and aligns
its position as world leaders in AI-assisted video
robust IP66 and IK10-rated housing, enabling it to
will Hills’ strategy to offer integrated technology solutions.
monitoring software” – iCetana CEO, Chris Farquhar.
withstand rain and dust, as well as to protect against
“He brings extensive industry expertise and proven leadership abilities to Hills and will be invaluable as we build our sales team across ANZ,” Lenz added. Edgar said he was excited to join Hills as it continues its evolution. “I want to build a team that can operate in an agile way and think ‘customer first’. Delivering ongoing benefits to the customer and seeing the differences you make is highly rewarding and motivating for everyone.”
Former HP fellow, CTO & VP corporate strategy joins the iCetana board i Cetana has announced that Mark Potts, former HP Fellow, CTO & VP Corporate Strategy at Hewlett
Packard Enterprises (HPE), has joined the iCetana Board.
During his time at HPE, a multi-billion-dollar global leader in technology solutions, Mark successfully drove the technology and business strategy. Mark holds a Bachelor of Science degree in Computer Science from Brookes University in Oxford, UK. Prior to HPE, Mark founded several successful, venture backed start-ups that have driven technology disruption and business innovation across numerous industries. One such venture was his successful web services management company, Talking Blocks, which was acquired by HPE. Mark Potts said that “The application of AI and machine learning to video analysis and event recognition is going to change the way we proactively manage security, health and safety, production processes and transportation. The business value iCetana have already proven with customers worldwide, across diverse industries, and the technology and innovation underpinning the offerings, made the opportunity to join and help grow the company to an industry leader, exciting and too compelling to miss”.
The new MS9390-HV is further armed with a
vandalism or tampering in outdoor surveillance
VIVOTEK introduces new multi-sensor panoramic camera with superior image quality, the MS9390-HV
applications. In addition, its wall mounted design
Following the success of previous 180° panoramic
global IP surveillance industry. Its comprehensive
.
network cameras, VIVOTEK has launched a brand new and even more efficient multi-sensor camera. The MS9390-HV, with its dual 4-megapixel wide-angle lens design, is unlike most traditional multi-sensor panoramic cameras which rely on 4 sensors. This newly released multi-sensor dome camera is also equipped with SNV (Supreme Night Visibility), WDR Pro technology, 180° IR illuminators effective up to 20 meters and delivers full resolution imagery at 30 fps (frames per second), making it the ideal camera to provide excellent panoramic image quality for both day and night surveillance. VIVOTEK introduces the brand new MS9390-HV under the strategy of its “See More in Smarter Ways” campaign. With its unique dual-sensor design, the camera is equipped with a video alignment feature, providing users both a detailed and yet seamless
ensures simple and quick installation, with an included sunshield to eliminate interference caused by direct sunlight. The panoramic camera was given an early test at the 2018 Taiwan Lantern Festival, one of the great events in Taiwan, that attracted over 10 million visitors. The MS9390-HV provided clear and full coverage throughout the day and night to secure the safety of visitors to the festival. For more information about VIVOTEK and its comprehensive product line, please visit www.vivotek.com.
About VIVOTEK VIVOTEK Inc. (TAIEX: 3454) was founded in Taiwan in 2000. The Company markets VIVOTEK solutions worldwide, and has become a leading brand in the solutions include network cameras, video servers, network video recorders, PoE solutions, and video management software. Through the growing proliferation of IoT, VIVOTEK aspires to become the Eye in IoT by drawing on its expansive technological capabilities in image and audio. The Company has established offices and subsidiaries in the United States (California), Europe (Netherlands), India (Delhi), Middle East (Dubai), Latin America (Mexico), and Japan (Tokyo) in 2008, 2013, 2014, 2015, 2016, and 2017 respectively. To create a sound industrial ecosystem, VIVOTEK has expanded strategic alliances with leading international software and hardware partners and works with over 183 authorized distributors across 116 countries. For more information, please visit www. vivotek.com
DroneZone D O W N U&N Unmanned D E R A N D D RSystems ASTICNEWS . COM
DRONE ZON E
CONFERENCE & SEMINAR PROGRAM FRIDAY 1 – SUNDAY 3 MARCH Friday 1 March
DroneZone RPAS Conference
0900 - 1100 1100 - 1400 1430 - 1630
Drones for Industry (Mining, Resources & Construction) Drones in Agriculture (Heavy Lift Drones & Precision Farming) Drones for Local Government (Parks, Property & Maintenance Inspection)
0930 - 1130
Drones in Search & Rescue (Oceans, Mountains & Beaches)
Room 4
Friday 1 March
Responsive Drones & Robotics Conference
Room 6
0930 - 1130 1200 - 1300 1330 - 1500
Robotics 2025 and Beyond (What’s the future) Responsive Drones (For a secure workplace & society) Robotics, Artificial Intelligence & Human Convergence (+ VR- AR)
Saturday 2 March DroneZone RPAS Conference
Room 5
Room 5
0900 - 1100 1100 - 1400 1430 - 1630
Drones for Film & Photography (Flying the Lens - Masterclass) Drones in Agriculture (Field Mapping & Harvest yield) Drone Pilot Training (CASA Licensing & Registration)
0930 - 1130
MRO for Drones (Safety & Repairs)
Room 4
1200 - 1300
Starting your Drone Business (Tips for entering the industry)
Room 4
The Responsive Drones & Robotics Conference is a joint initiative of Room 6 DRASTICnews.com and the DroneZone DownUnder Showcase.
Saturday 2 March Robotics & Robots at Home & School 1000 - 1100 1130 - 1230 This is 1300 - 1400
Buying a Robot (What and where to buy) Study Robotics (TAFE & Universities) opportunity to be part of a special exhibition Play with Robots (Science & Games clubs)
an and distribution of a cobranded print and digital edition for primary online websites and media centres RPAS Conference Room 5 Sunday 3 March DroneZone across the Avalon International Airshow 2019 0930 - 1130 1200 - 1400 1430 - 1630
Drones for Film & Photography (Flying the Lens - Masterclass) Drone Pilot Training (CASA Licensing & Registration) TheDrones Responsive Drones & Robotics Conference and&DRASTICnews.com for Sport & Recreation (Drone Racing Sports Entertainment) will receive additional promotional and marketing exposure via Sunday 3 March Robotics & Robots at Home & School Seminars 1000 - 1100 1130 - 1230 1300 - 1400
Room 6
www.airshow.com.au Buying a Robot (What and where to buy) Study Robotics (Secondary, TAFE & Universities) www.dronezonedownunder.com.au Play with Robots (Science & Game clubs)
& channels of www.mysecuritymedia.com
For more information visit our website: www.dronezonedownunder.com.au or contact Rodd Craig - M: 0457 848 104 E: rcraig@amda.com.au
www.airshow.com.au
019 is organised by Aerospace Australia Limited (ABN 63 091 147 787). A not-for-profit corporation limited by guarantee and registered as a charity, its mission is to aviation and the development of Australia's industrial, manufacturing and information/communications technology resources in aviation, aerospace and defence. 22 | Australian Cyber Security Magazine
D R ON E ZON E
DOW N UND ER
AND
D RASTICNEWS . COM
Trade promotions, started with Farnborough UK Airshow followed by: Aviation AIA Conference, 30 -31 July D & I Conference & Dinner, 1 -3 August Land Forces Expo & Conference, 4- 6 September IAC, 1- 5 October AUSA, 8- 10 October Euronaval, 22-26 October UK Security Expo, 28-29 November
Nelson New Zealand Canberra Adelaide Bremen, Germany Washington USA Paris London
Receive exposure across 160,000+ visitors to the show and the 10,000+ visitors through the DroneZone including industry, federal and state governments and international buyers.
Australian Cyber Security Magazine | 23
REPORT REVIEW | by James Jordan
Review of the Department of the Prime Minister and Cabinet’s Security Procedures, Practices and Culture
March 2018
REVIEW OF THE DEPARTMENT OF THE PRIME MINISTER AND CABINET'S SECURITY PROCEDURES, PRACTICES AND CULTURE www.pmc.gov.au/resource-centre/pmc/reviewdepartment-prime-minister-and-cabinetssecurity-procedures-practices-and-culture
The missed opportunity that is the report into PM&C security procedures, practices, and culture
A
s many of you are aware the long-awaited report into the circumstances behind the loss of many Security Containers that were subsequently found at an auction site and when opened were found to contain a range of sensitive and classified material. If you are not aware of the full story the report handily provides a summary in the first chapter, which in my opinion reads like a ‘Fawlty Towers’ episode. While I am sure there is more to this report that has not been released and has led to the sanctioning of members of the APS there are a significant number of lessons that can be taken from this report. As someone who has spent the better part of 20 years working in Government Security I see this report as a mixed bag of both good, bad, and stupid and as a result see it as a missed opportunity. The biggest concern that I see from the report is in the recommendations which in many cases
24 | Australian Cyber Security Magazine
BSc (Security); DipGov (Security); MEmergMgt | Protective Security and Resilience Consultant Integrity2Resilience Services Pty Ltd
seem to make great motherhood statements, that all make very good common sense, which makes you wonder why they were not in place to begin with. Interestingly there are a number that contradict elements elsewhere in the report that indicates everything was found to be in order. Such as the very first recommendation regarding PM&C needing to consider its ‘complex operation environment’ (the way they are not all that unique, nearly every other department is in multiple buildings and has lots of structural changes) and the related vulnerabilities within its risk management. Interesting that in Chapter 2 it goes on to say that there was an external audit of PSPF compliance was undertaken and found that they were compliant with all but 5 elements of which they were partially compliant. The foundation of the PSPF is based around an effective risk management process to drive the performance standards which shows that the audit was compliance and not performance based. This critical issue seems to have been missed across the report, even though it’s in plain sight, in that recommendation after recommendation indicates that while policy and procedures were in place there had been no performance measuring to confirm that risk mitigation were achieving the levels of reduction that you expected. How can you base a Protective Security environment on risk if you don’t know if your controls are effective? The next area of concern is the use of the term 'culture'. This buzzword gets thrown around in government circles, especially when it comes to Protective Security, and to be honest I don’t think the majority have any idea what it means. My favourite in this case is the term ‘Security Champion’, what is meant by this term is a left up to the imagination of the reader as it’s not explained in the report. From experience I have a fair idea what will occur during implementation, each area will find some poor EL1 or 2 whom will get the tag either because they were too slow to run or because they have some belief that they know what security is and will put up a bunch of signs and it all make everyone uncomfortable for a short period before it all gets all but forgotten. I would also like to point out that you will NOT achieve an effective culture based upon fear, which is exactly what you will get from a focus on ‘breaches’ as a performance metric coupled with a policy that tells everyone that every time you get one you will have to front Senior Leadership and may lose your job. What you do get is a culture of avoidance where no one will own up to anything, incidents that hidden till they fester and explode. There is a great emphasis in the report on the need to do training and quite few recommendations about how more was needed and how the methodology of delivery needs to change but nothing regarding what that ‘training’ was meant to achieve. You do not just get effective training, regardless of the method, if you don’t have a goal that you want to achieve and then measure performance against that goal. In this they at least got the former aspect right.
As a final comment I would like to point out a couple of gems that I found in Chapter 5 which talked about what the whole of the APS could take from the report. The comment around Attorney Generals Department (AGD) providing benchmarking against compliance reports to share ‘best practice’. Which is great but to do this the self-reporting that agency perform every year needs to stop going into the ‘black hole’ into the PSPF policy area within AGD. In all the years that the PSPF has been in existence I have never seen any feedback or comment on a departments submission. I suspect that’s because as was noted at the last Security in Government conference by a representative from AGD that they could not compile anything from the reports as most provided no value due to a lack of consistency in the responses. I would also note that self-reporting only works if there is a process by which the confidence in the value of information can be confirmed. In the immortal words of Ronald Reagan in December 1987 after the signing of the INF Treaty with Mikhail Gorbachev ‘Trust but verify’. AGD has lots of trust in in departments because they have never verified. My concern is that this report missed linking the fundamental problem within Protective Security, even though it talked about it in the recommendations in the final chapter. The level of capability development in those responsible for the development of effective risk analysis, policies and procedures does not exist and has only been lessened since the closure of the PSTC. While what it provided was useful in the development of the effective controls it was never encouraged to do more. The current PSPF only recommends a Diploma level qualification for an ASA, name one other EL position in department with the same level of responsibility that is currently placed on an ASA that is only expected to have a vocational level qualification. One last thought for everyone out there, why did the report never discuss whether the Security unit of PM&C had sufficient manpower resources to achieve all the tasks that it was asked to undertake? James is a recognised leader in the Protective Security Profession as a deliverer of governance and practical solutions and as a leading educator and mentor. His experience has been gained over 13 years specifically providing effective and deliverable solutions in the governance aspects of protective security guidance to all levels of government. James has specialises in managing the relationships in developing resilience and its relationship with emergency/crisis and business continuity management. James has a Masters of Emergency Management, Bachelor of Science (Security); Diploma of Government (Security); Certificate IV in Training and Assessment and a Certificate IV in Government (Personnel Security) and is a research associate with the Australian Security Research Centre.
> Australia | Sydney
Free
qualifi ed end-u ser pa availa sses ble
THE FUTURE OF DATA CENTER, CLOUD AND EDGE IN AUSTRALIA August 23-24 2018 // International Convention Centre For more information visit www.DCD.events #DCDAustralia 26 | Australian Cyber Security Magazine
THE MAGAZINE FOR AUSTRALIAN INFORMATION SECURITY PROFESSIONALS | www.australiancybersecuritymagazine.com.au @AustCyberSecMag Issue 5, 2018
Now you see it, now you don't
Cognitive bias in security
Quantum cyber security making breaches irrelevant
Stuff GDPR!
he ine t g in z d a a g e a r m n i y g t i e b ur o c t e Reinventing Bad things S K C r I be CL the SOC – come in small y C n a curing alertpackages i l a r t fatigue Aus
$8.95 INC. GST
56 | Australian Cyber Security Magazine
PLUS WIN A COPY OF 'THE FIVE ANCHORS OF CYBER RESILIENCE'