The annual opportunity to receive fundamental updates from the organisations shaping today’s security landscape in a program carefully curated by the industry’s peak body.
24 - 26 July 2019
Level 5, ICC Sydney
Combat Security Threats in 2019
Conference Theme: ‘Building Resilience to Combat Changing Security Threats’
The ASIAL Security Conference hosted a compelling program of renowned local and international experts, academics and visionaries addressing how to strengthen capabilities, managing risk, a digital future, emerging technologies and innovations, integration and more.
The first day of the sessions addressed critical industry updates, followed by a choice of streamed executive briefings on the second and third day. The Conference has sold out for the 4th year in a row!
The declaration of a caliphate in the, so called, Islamic State of Iraq and the Levant (ISIL) in 2014, created a fundamental change in how terrorism manifested itself in Western Countries. The specifically directed attacks against such countries as France in 2015, metamorphosed into ‘inspired’ attacks in 2017. Probably for the first time in the history of terrorism, anybody could be a terrorist, using any weapon and against any target. The resurgence of Extreme Right Wing radicalism added even more dimensions to traditional protective security thinking.
The scale, and breadth, of potential origins of attack required a ‘step-change’ in thinking about the traditional role of the police in protecting the public and how that responsibility needs to be shared by the private sector. In this keynote speech, Nick will talk about the impact that the 2017 terrorist attacks in the UK had on protective security thinking and how, in collaboration with others, the UK Counter-Terrorism Police are attempting to galvanise the whole of the private sector in playing an integrated role in keeping people safe. Nick will talk about how ‘Daring to Share’ can brings dividends in empowering private bodies to act and will describe some of the enablers of what is a long-term programme of work. He will look at how integration of security with policing can be good for business as well as for security.
By the end of this session, participants will have an understanding of how UK CT Policing is integrating with the private sector in order to make the UK stronger and more resistant to terrorism.
An insider threat is traditionally defined as an employee, or former employee, who takes proprietary data for personal gain. The deliberate insider typically has an uncanny ability to detect weak spots and vulnerable staff, plotting to exploit for their own purposes. As the exploitation can go well beyond the risks to computer data, this presentation explores the benefit from challenging the traditional definition of insider threat to include the range of behavioural threats employees can pose to an organisation, its reputation and business continuity. Opportunities for detecting insider threats early are presented, as the benefits of creating a physically and psychologically safe workplaces where aggressive and deceptive behaviour are not tolerated.
The discipline of behavioural threat management is presented to examine the issues arising when current and past staff form grievances with their organisation. Fueled by their grievances, patterns of acting out their frustrations are seen, typically in a manner that harms everyone involved. Knowing the threshold, however subtle, of the interactions that should be labelled psychologically unsafe and therefore and insider threat is an area of considerable debate. Terms such as bullying help define some interactions, although definitions often require the behaviour to be repeated to reach the threshold for intervention.
Based on extensive industry consultation having led ASIAL’s strategic workshops over the last few years, Dr Gav Schneider will share some of the key aspects and focus areas that all stakeholders associated with the security industry should take into account in everyday activities to help us all in professionalising and promoting the image of the security industry.
Is your business safe from future Cyber threats? Futurist Shara Evans opens our eyes on how emerging technologies can be leveraged by cybercriminals in new and inventive ways including examples that may seem straight out of a science fiction movie, but are eminently possible with technology available now or in the very near future.
And, it’s not just about security, it’s also important to understand the privacy and ethical issues involved with emerging technologies.
We’re already seeing the increased integration of artificial intelligence-based devices and applications like Amazon Alexa, Google Home, Siri, Cortana and many more on our phones, computers and stand-alone appliances. By collecting big data about individuals and companies, are governments and mega technology corporations putting us at risk? Is your company exposed to massive revenue loss because of data breaches that arise from third-party use of your data?
Technologies like facial recognition, emotion recognition, augmented reality, artificial intelligence, drones, robots and the Internet of Things will radically change our world over the coming decade, but will these same technologies open up new attack vectors for cyber criminals?
The notion of addressing security early in the software development lifecycle has been advocated by security practitioners for many years, but with relatively little success. Now more than ever though the gap between security and software development needs to be addressed. The fast pace of technology development means that we have an increasing attack surface and a growing dependency on a heavily contested cyberspace. In response to this, the move to cloud-based architectures and the emphasis on continuous integration and continuous delivery has given rise to the concept of DevSecOps.
This talk argues that DevSecOps gives security practitioners an opportunity to move from security being seen as a zero-sum game to being win-win. This talk charts a research journey that started with the aim of a UK Government Department to develop, ‘constructive interactions between security and the business in the way that both sides value and that which holistically benefits the business’. A recent report from ENISA referred to the project as, ‘’a pioneer effort that should be replicated’.
A practical analysis of the key steps required to build a security risk management culture (physical and cyber) within your organization. What are some of the considerations that will help shape your planning and implementation for a cultural change. What are some of the obstacles that may arise that can derail your efforts to change and build an effective security risk management culture. Learn how employee and management education on threats your company faces will help overcome perceptions and create security champions, the importance of sharing incidents and near misses and how to avoid “security theatre” that discourages an effective security risk management culture.
Although litigation is a known risk across modern societies, in recent years the parties involved in operational security risk cases has grown and undergone a significant shift. In this presentation Dr Tony Zalewski will explore changing themes within litigation, who can become involved and how these shifts are reflected in an environment of continued growth for security-related litigation.
Developing a culture of safety and security across the healthcare system is a challenge now being grappled with. Security is everybody’s business and everybody’s responsibility. This session will discuss the challenges faced and strategies to address them.
Incidents of occupational violence and aggression (“OVA”) continue to increase across most industry and professional sectors. In this presentation Dr Tony Zalewski will highlight the prevalence and predictive factors for OVA and then explore methods that enhance the safety of operational security and public-facing staff. Security and public facing staff are often poorly inducted and trained, isolated during work with minimal immediate support and therefore at a distinct disadvantage to effectively manage agitation and aggression. This session will discuss how a system of security where the risk of OVA is likely can be shifted from one of reactivity to proactivity through carefully developed operational risk management practices.
Key Learning Outcomes:
(i) Understand the prevalence and predictive factors for incidents of OVA in the context of public facing staff;
(ii) Understand and identify a strategic security risk management framework across an organisational protective security system; and
(iii) Apply best practice methods to minimise risks in the context of OVA within a protective security system.
As organisations strive to move to a level of maturity in security and risk management the goal of creating an embedded approach to managing risk and security is often spoken about but hard to achieve. In this interactive workshop the key aspects of the way people make decisions and behave aligned to the psychology of risk and cultural change will be introduced.
Including some of the following outcomes will be achieved:
An introduction to Risk Convergence, leadership and management
An introduction to the psychology of risk
The fundamentals of a high reliability organisational culture
How to create and drive cultural change
Property owners and managers increasing use video surveillance as a central means for achieving heightened building or site security. Understandably, property owners and managers must ensure they meet their duty of care as it relates to protecting occupants of their property against crime – using video surveillance as a means to demonstrate their efforts. However, these same owners and managers must also ensure they provide occupants a reasonable degree of privacy –– informing when video surveillance is in use. This workshop provides a general overview of the key considerations needed to most aptly strike the balance between the right to privacy and need for video surveillance. Central to this discussion is understanding how striking this balance can serve as a new professional service offering.
Participants in this executive briefing will:
1) gain new insight in respect to balancing the need for video surveillance and right to privacy.
2) identify how striking the balance between surveillance and privacy can become a new professional service for security professionals.
Patients, visitors and healthcare workers are facing an increased threat whilst on-site, in the community and working in home care environments. The increase in threat is largely attributed to an increasing intent, rather than capability of threat actors. The increasing intent is arising out of the disregard for the consequences of their actions, often fueled by drugs, alcohol or mental health issues. We have seen various cases, targeting Doctors, Healthcare workers, Paramedics and recently Police Officers. To overcome this increasing threat, the positioning of security within the healthcare sector needs to be addressed.
To overcome this increasing threat environment, action must be taken by executives within the health care sector. There is a need for increased awareness and identification of security threats to staff, operations, infrastructure and assets by senior leaders in the health care sector. Additionally, there needs to be increased activities at strategic, tactical and operational to help businesses prepare, respond and recovery from security events. This includes changes to the way security is viewed, and how funds are allocated through capital and operational expenditures. There is also a need to understand the environment in which healthcare operations are putting their staff, often with minimal or limited support.
Key Learning Outcomes:
• Threat Intelligence and Assessments – the disregard of consequences
• Enhancements to minimum baseline security standards and allocation of capital and operational expenditure to provide a safe working and living environment
• Emotional toll on staff who are in a constant state of anxiety due to security or safety fears
• Clearly defined accountability for security within an organisation – accountability must rest with an Executive member
• Better use of technology and communication mechanisms
• Assessing higher risk days and times
• Gaining Executive Sponsorship and Accountability
• Maintaining a safe environment throughout a disruptive event
• Ensuring security controls are assessed as a critical enabler and supported through contingency
This executive briefing considers an approach that can be taken and a methodology applied in designing secure buildings, and specifically the security design of tall buildings. These are different in both the needs of security, and, how the design solution is applied, regardless of where they are located in the world today. The impact of such incidents as 9/11, although now over a decade and a half ago, will be with us still for decades to come, and although one cannot protect against that type of attack, one must be able to countenance the impact in both realistic as well as perception terms. The briefing will include consideration of the types of incidents that the world has experienced specifically in the last two years.
The workshop will examine a step by step methodology that explores:
- The range of external threats that now apply to these facilities, including threats to Operational technologyThe operational, and security management to be applied.
- The physical security design considered in both in planning and hardware terms
- The Information Technology and Operational Technology communications solution
- The integration of the project security technology into the physical aspects of the building, and the human machine interface
Each of the above must be complimentary and compatible to, and, with one another across all elements that comprise the complete to solution.
The World Economic Forum Global Risk Report 2019 indicates that the risks associated with cyber attacks and data theft/fraud constitute two of the top five risks in terms of both likelihood and impact, surpassing risks associated with terrorism.
In conjunction with increased regulation such as the Australian Governments Mandatory Breach Notification rules, the European Union’s GDPR, APRA’s CPS-234, among others, it is clear that cyber risk must be evaluated, treated and mitigated, both to manage compliance issues as well as to avoid organisational risks related to damage, harm and reputational loss.
In this presentation, we discuss appropriate approaches to managing cyber risk with a focus on the physical security industry. We consider the challenges that exist in the current cyber security industry and how the physical and cyber security industries can work together to ensure a safer and more secure cyber world.
The presentation will cover a number of areas:
• A relevant and better understanding of what cyber risk looks like for ASIAL members.
• Practical take-aways that ASIAL members can action in order to minimize the risk of cyber breach as well as to mitigate, contain and recover from breaches
• To understand how ASIAL members can capitalize on the area of cybersecurity as a business opportunity given their incumbency in the physical security space, an area that is rapidly converging with the cyber security realm.
The presentation will consider the integration of protective security at all levels of an organisation using strategic and business planning, national and international standards and implementation of a security business plan.
Key Learning Outcomes:
Attendees will have a better practice approach, scalable to their own organisation with supporting references to assist implementation.
In this session, Nick A, former National Coordinator Protect & Prepare, Counter Terrorism Policing National HQ, New Scotland Yard will address the impact that the 2017 terrorist attacks in the UK had on protective security thinking and how, in collaboration with others, the UK Counter-Terrorism Police are attempting to galvanise the whole of the private sector in playing an integrated role in keeping people safe. Nick will discuss about how ‘Daring to Share’ can brings dividends in empowering private bodies to act and will describe some of the enablers of what is a long-term programme of work. He will look at how integration of security with policing can be good for business as well as for security.
Executive Briefing attendees will also hear from local law enforcement agencies and the private security industry on how public and private partnerships can be strengthened.
• Assistant Commissioner Mark Walton, Commander Counter Terrorism & Special Tactics Command, New South Wales Police Force;
• Superintendent Ross McNeill, Counter Terrorism Command, Victoria Police
• Bryan de Caires, CEO, Australian Security Industry Association Limited
Crowd and Event Management over the past 20 years has changed considerably due to the failures and learnings gained from those incidents that have resulted in loss of life.
The realisation that Crowd Management has now become an integral part of , Venues and Crowded Places has resulted in an increase in research and professional development in this area of event management.
The added need for increased security practices for crowded places due to the current security climate around the world and the specific targeting of crowded places throw’s new issues for event management. The needs of Security may contradict current crowd management practices however stakeholder consultation and realistic mitigation can resolve potential issues.
The need for best practice in the area of Crowd management has been driven by countries such as the United Kingdom based around the learning gained from failures such as the “Hillsborough Disaster” and the implementation of such Guidance as the “Purple Guide”. Australia followed these best practices and in its own right has the ability to lead in the future with the current Guidance work in progress from Australian Standards and the Australian Institute for Disaster Resilience (AIDR) for crowd management at crowd places.
Key Learning Outcomes:
Current Guidelines for NSW and the Implications within the security industry and Crowd Management.