"Threats to Australia's Security"
The Australian Industry Group
Melbourne, February 19, 2003
Review by Vernon Stagg
March 20, 2003
In February 2003 the Australian Industry Group ran a conference on the "Threats to Australia's Security" across three states. (This review, and associated web links are available from my website www.infowar.com.au) Ivan James, Chairman of the AiGroup provided the introduction and chaired the conference. He discussed the changing environment that businesses face, and warned not to become desensitised to the risks they face.
Daryl Williams, the Australian Attorney General was unfortunately unable to attend but provided a pre-recorded address to delegates. He discussed the heightened level of alert in Australia since September 11, and the fact we can't ignore terrorism or hope it will just go away. He outlined the Australian Government's commitment to strengthen security along with the public campaign to raise awareness. The support, advice, expertise and resources of businesses and the private sector was recognised, as well as the difficulties involved in cooperation between these various entities with government. Efforts in protection of national economic infrastructure, and the model of critical infrastructure assurance developed from the Business Government Task Force recommendations, and the forthcoming critical infrastructure protection summit in April were detailed. In describing the physical security and response measures provided by State and Territory services, he reinforced the need to be cautious and prepared. In recognition of the threats to IT infrastructure he cited the recent DDOS attack on the Internet root servers. The need to secure data, and provide esecurity will be strengthened with the recent AGD/AusCERT scheme to report on attacks. He closed with a description of the recent Cybercrime act and enhanced electronic investigative powers provided to law enforcement, claiming "protection of national security and critical infrastructure is now important than ever. Protect the future".
Dennis Richardson, Director General of the Australian Security Intelligence Organisation, began with a background on ASIO covering its role and powers. Highlighting the changes that terrorism has caused, he pointed out that pre-Sept 11 there was little public knowledge of Usama Bin Laden or Al Qaeda. He went on to discuss a number of terrorist incidents from the mid-90's to 2001 showing that terrorism is not a new issue. He discussed how post-Sept 11 Australia has become a legitimate terrorist target and that the threat levels to various elements of critical infrastructure and chemical, biological, and nuclear facilities have been raised. In discussing the need to apply appropriate security to each sector he indicated the need to determine whether you are part of the national or critical infrastructure, are your products of a security related concern (e.g. fertiliser), does your company have an overseas presence, and do your business continuity plans consider collateral damage.
Clive Williams, Director of Terrorism Studies at the Australian National University outlined various threats to Australia's security environment. Beginning with internal threats he examined
Bruce Esplin, Chairman of the Victorian State Emergency Management Committee began by outlining the relationship between the States, Territory's, and the Commonwealth, and how State/Territory services would be first responders to an incident. There is a need to recognise the environmental and economic health of the States, and that each State is different and it will be difficult to develop a National strategy. Looking at the developments in counter-terrorism, he noted the improved cooperation and sharing between States, as well as the need to manage both the crisis and the consequences. Crisis will be primarily addressed by police and military, whilst consequences deal with emergency management arrangements, public health systems, national anti-terrorist plans, and an enhanced counter-terrorism capacity. He stressed that while public safety is a core responsibility of government, emergency management is a political activity, noting that communities hold government responsible and that communications with the community are critical in the judgement of success or failure. Following a list of emergency management issues, he listed the balances that need to be maintained, being
Diane Sisely, CEO of Equal Opportunity Commission considered how workplace discrimination had risen since Sept-11, especially in racial and religious reports/incidents. Citing a number of statistics on these rises, she indicated that Arab people were facing a number of verbal and physical assaults and vilification. The notion of Islamophobia was raised, following from a Macquarie University report on widespread antagonism towards Muslims. Considering the risks to business from such discrimination, she highlighted the following issues
Ken Thompson, Project Director of the Critical Infrastructure Review Group (NSW) like many of the other speakers highlighted the change in the environment. He discussed the development of the National Principles Security Notification Model for Critical Infrastructure that is being adopted nationally. Examining the various levels, he outlined the practical measures required for medium to long term plans, including
Geoffrey Ross, Managing Director of Securenet Limited said businesses need to recognise the new risks that have emerged, especially in an online environment. He stated how the number, frequency and targeting of attacks is increasing and how the Internet has changed security needs. With risks being cumulative, systems that are connected to the Internet are at risk. Pointing out that whilst security is expensive, businesses should see security as an enabler and aim at achieving a security return-on-investment. He finished by stating make security a serious issue in your business.
Bruce Gordon, Director of Marsh Pty Ltd provided an insurance perspective on the risks faced. He examined a breakdown of costs from the World Trade Centre collapse, and how Sept-11 has changed perspective on insurance. He explained the need to redefine credible/possible hazards, how the definition of "credible" has changed, and how exposure is no longer capable of specific measurement. Policies now have certain terrorism exclusions on liabilities, and various changes have occurred to the Australian reinsurance pool corporate structure. In regards to certain terrorism exclusions, he identified
Robert McNaught, Director of Control Risks Group finished the conference off with a look at how to protect employees overseas. In considering the heightened risks of political and popular violence, organisations should have effective