Home       Previous newsletters

27 January 2004

1. Editorial
2. Brief News from Engineers Australia
3. Brief News from around the country
4. A Who's Who of Research in Homeland Security, 10 February 2004
5. Built environment focus by the TISN
6. Moves for NSW Critical Infrastructure Team
7. Investigation into the need for a CRC for critical infrastructure protection
8. Panel announced for the National Centre for Security Standards
9. Suicide Attack and Mitigation Workshop
10. Guidelines published to help enhance building terrorism resistance
11. New Safeguarding Australia National Research Priority Goal
12. Book Review: Questioning the Risk Management Orthodoxy
13. Essay: Santos again highlights the vulnerability of our infrastructure
14. Articles: Trust in information sharing & predictive risk

1 Editorial
We are delighted to announce that the Sinclair Knight Merz Group has become the 2004 sponsor of this free e-newsletter. SKM's support allows us to expand the topics covered in this newsletter to make it even more comprehensive. SKM is a leading global professional services consulting firm working with public and private sector clients across several chosen market areas including engineering, scientific studies, logistics, project management and defence. A recent addition to SKM's Defence group is Sheldon Krahe, an ex-RAAF specialist in the blast protection of structures. Athol Yates

2 Brief news from Engineers Australia

1. Bruce Howard has been appointed to the Panel of the Panel of Standards Australia's new National Centre for Security Standards.

3 Brief news from around the country

1. The next meeting of the Critical Infrastructure Advisory Council (CIAC) will meet in mid March.
2. The next meeting of the Telecommunications Infrastructure Assurance Advisory Groups (IAAG) will be in March 2003.
3. In April, Australia will host bilateral discussions with USA on CIP.
4. In late May, around the time of the AusCERT conference, Australia will undertake informal multi-lateral discussions on national information infrastructure issues.
5. The CIAC has agreed to form two Expert Groups. They are
   • IT Infrastructure Security Expert Group: The first meeting of this Group will be in mid February.
   • Futures Expert Group: this group will consider threat and other issues 5 to 10 years out. Its membership has not been decided upon and its first meeting will probably be well after the next meeting of the CIAC.
6. IAAGs agreed at the December 2003 CIAC meeting that they would develop criteria for a definition of critical infrastructure for their sectors, based upon the ASIO Risk Methodology, including the identification of what is most vulnerable by early 2004.

4 A Who's Who of Research in Homeland Security, 10 February 2004
The 2nd Engineering Security Networking Forum & Showcase on 10 February in Melbourne is shaping up to be an exciting event bringing together those both researchers, practitioners and end-users of security together.

We have got over 35 researchers and practitioners talking about their work in homeland security areas over the day and expect an audience of 150 defence & security professionals, and critical infrastructure and property owners. There are still a few places yet in our 3 streams for presenters. Call Athol Yates on 0402 419 583 if you are interested.

Attending the event is a great way to meet those involved in homeland security research across Australia.

Highlights of the day included:

• address by Mike Rothery, Attorney-General's Department on science & technology support of critical infrastructure protection
• briefing on the Research Network for Engineering a Secure Australia
• three Engineering Security Workshops, 11 February 2004
  • Developing research programs on protective technology, risk & networks
  • Standards & codes
  • How can we get a security dividend & make security sustainable? The program, flyer and booking form is at http://www.safeguardingaustralia.org.au/2004forum.htm

5 Built environment focus by the TISN
On 17 December 2003, a meeting was held in Sydney by the Attorney-General's Department on expanding the Trusted Information Sharing Network for Critical Infrastructure (TISN) to cover the built environment. As a result, the Attorney-General's Department has proposed establishing two groups to advance the protection of the built environment. The establishment of the groups needs to be ratified by the CIAC before they come into existance. They are the:

• Community Assets Infrastructure Assurance Advisory Group
• Built Environment Expert Advisory Group

Community Assets Infrastructure Assurance Advisory Group
The role of the proposed Community Assets Infrastructure Assurance Advisory Group (IAAG) will be to share information on issues relating to generic threats to, and vulnerabilities in the Community Assets sector and appropriate measures and strategies to mitigate risk. The focus will be on preventive measures, the development of standards and best practice in the design and operation of community assets. And also extends to the discussion and sharing of information relating to dependence on, and interdependence with, other sectors. The sharing of such information can assist in the improvement of security.

The Community Assets sectoral group will not generally be used as the forum for the discussion or communication of nationally classified threat assessment information or levels of threat.

The Community Assets IAAG will report to and provide recommendation to the Critical Infrastructure Advisory Council (CIAC) which will advise the Attorney-General and the National Counter-Terrorism Committee as appropriate on matters of nationally significant critical infrastructure protection.

It is proposed that the membership of the Community Assets IAAG be limited to the owners and operators of:

• Major buildings
• Cultural venues
• Sporting venues and
• Tourism venues.

Built Environment Expert Advisory Group
The role of the proposed Built Environment Expert Advisory Group (EAG) will be to provide advice to the Critical Infrastructure Advisory Council (CIAC) and to all the Infrastructure Assurance Advisory Groups (IAAGs) on issues relating to the design, construction and maintenance of built infrastructure, including standards, building codes and guidelines. The EAG will also investigate how security inter-relates with other priorities, such as OH&S and urban planning.

The Built Environment EAG will provide expert advice on solutions to problems identified by the sectorial groups relating to securing the built environment. The EAG will also be expected to give CIAC a projection of emerging trends that have the potential to impact on all industry sectors. It is envisaged that most of the Group's work would be performed in close collaboration with one or more of the IAAGs. The EAG will need to look at broad cross-sectoral issues which affect CIP.

It is expected that the Built Environment EAG would be established in accordance with the general structure, functions and procedures proposed for all EAGs, which includes a maximum of 10 members with temporary members able to be added on an ad hoc basis to deal with a specific issue.

It is proposed that membership of the Built Environment EAG consist of representatives of the following: ·

• Engineers
• Architects
• Urban planners
• Standard and code setters
• Planning bodies
• Property owners
• Insurance bodies and
• Regulatory bodies.

It is understood that a recommendation to forum the groups will be made to the Critical Infrastructure Advisory Council (CIAC) for an out of session decision in late January 2004. The first meeting of the Community Assets IAAG will probably be held in Sydney on 19 February 2004.

6 Moves for NSW Critical Infrastructure Team
The NSW Critical Infrastructure Team has taken one step closer to its long term position with the appointment of Michael Christ (pron Cr-ist) to the position of Planning Officer - Critical Infrastructure with the NSW State Emergency Management Committee. Michael fills the role previously held by Ken Thompson, who has returned to the NSW Fire Brigades after an 18 month secondment.

The transition has been made smoother by moving the CI team under the same roof as the State Emergency Management Committee which allows a greater level of support and assistance to be given to the team. This assistance includes the ongoing support of Matthew Harper and Brendan Becket who will continue to provide specialist assistance.

New Contact Details:
Michael Christ 02 8247 5914 michael.christ@oes.nsw.gov.au
Brendan Beckett 02 8247 5913 brendan.beckett@oes.nsw.gov.au
Matthew Harper 02 8247 5916 matthew.harper@oes.nsw.gov.au
Switchboard 0282475900
Fax 02 9252 9168 Street
Mailing Address State Emergency Management Committee Level 12 52 Philip Street Sydney 2000

7 Investigation into the need for a CRC for critical infrastructure protection
Over the last 4 weeks, Engineers Australia has been exploring industry's interest in creating a CRC for Critical Infrastructure Protection (CRC for CIP). A CRC is a Cooperative Research Centre is a joint industry-government research organisation funded for 7 years with an annual budget of typically $10 million to work on problems of national significance. The protection of critical infrastructure is one such designated area.

Consultation identified the following major priority areas from an industry perspective:

1. Defining critical infrastructure and undertaking network analysis to identify vulnerability & mitigation
2. Improving domestic security policy that engages all governments and functions
3. Raising awareness of the commercial benefits of integrating protection into business and policy decisions. Includes business continuity planning
4. Enhancing risk management including threat identification and consequences
5. Risk treatment options to enhance PPRR (prevention, preparation, response and recovery)
6. Technical education of business, emergency services, technical and political leaders
7. Enhancing co-ordination of emergency procedures and their rehearsals at a city-block and city-wide level

Given the divergent needs, concerns about the confidentiality of security information, lack of identification of critical infrastructure, immaturity of the CIP area amongst other reasons, Engineers Australia has determined that a CRC for CIP is not currently appropriate to address the problems.

Instead Engineers Australia will be supporting other more targeted initiatives such as standards development, and the Research Network for Engineering A Safer Australia.

8 Panel announced for the National Centre for Security Standards
The initial membership of the Panel of Standards Australia's new National Centre for Security Standards (NCSS) has been announced. They are:

• Mr David Sadleir AO (Chair) - Ex Director General of ASIO
• Dr Carl Gibson - Security specialist on many Standards Committees also Victorian WorkCover
• Mr Mike Rothery - Attorney Generals
• Mr Bruce Howard - Engineers Australia
• Mr Will Jamieson - Australian Federal Police

The Panel may be slightly enlarged but only by an additional one or two members. The new National Centre for Security Standards (NCSS) will facilitate development of Standards and other documents that form a valuable component of critical infrastructure protection. These Standards will significantly reduce costs by increasing efficiencies in the application of appropriate measures.

The first meeting of the Panel meets in late February and possible agenda items are:

• Methods of engagement with others
• Possible new Members and Standards Australia Committees
• Detailed terms of reference for Panel
• Process for updating standards
• Overview of the new security risk management handbook (draft)
• Overview of existing standards that deal with security
• Stakeholder needs for standards and guidance material
• Standards to be reviewed and updated

Information: Mark Bezzina, Director - National Centre for Security Standards, Standards Australia tel 02 8206 6730, mark.bezzina@standards.org.au

9 Suicide Attack and Mitigation Workshop
A restricted workshop is being prepared for those involved in mitigating possible suicide bombing attacks. The workshop will be run by Clive Williams from the Centre of Terrorism Studies at the Australian National University. It is designed for those responsible for security at potential targets and those involved in designing protective security systems. It will run on 31 March 2004.

10 Guidelines published to help enhance building terrorism resistance
The US Department of Homeland Security has announces the release of four new publications in the Multi-Hazard Risk Management Series developed by the Federal Emergency Management Agency (FEMA). The publications contain guidance on designing, constructing, and engineering high occupancy buildings that are more resistant to damage resulting from terrorist attack.

The purpose of the publications is to make communities aware of science and technology that can be applied to protect people and critical infrastructure from the affects of terrorist attacks on high occupancy buildings. The documents now available are:

• FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Building
• FEMA 427, Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks
• FEMA 428, Primer to Design Safe School Projects in Case of Terrorist Attacks
• FEMA 429, Insurance, Finance, and Regulation Primer for Risk Management in Buildings

These guidelines can be effectively used along side FEMA 386-7, Integrating Human-Caused Hazards Into Mitigation Planning, already available since September 2002. The publications are free and available on FEMA's website at http://www.fema.gov/fima/rmsp.shtm

11 New Safeguarding Australia National Research Priority Goal
In November 2003, the Commonwealth added an additional goal to the four national research priorities for Commonwealth funded research. One of the priorities is Safeguarding Australia. One new goal was added to this priority which now consists of the following goals:

1. Critical infrastructure
2. Understanding our region and the world
3. Protecting Australia from invasive diseases and pests
4. Protecting Australia from terrorism and crime
5. Transformational defence technologies

Enhancement of Australia's capacity to interpret and engage with its regional and global environment through a greater understanding of languages, societies, politics and cultures. Social, cultural and religious issues are of growing significance due to the insecurities of globalisation and the increasing role of non-state players in the security environment. Australia's capacity to interpret and engage with its regional and global environment will be substantially improved by enhancing its research base in apposite languages, societies and cultures. An approach that enhances Australia's capacity to interpret itself to the rest of the world is also needed. http://www.dest.gov.au/priorities/

12 Book Review: Questioning the Risk Management Orthodoxy
Review by Athol Yates, Associate Director Public Policy, Engineers Australia

In a world of trite management tracts, it is delightful to come across a book that actually offers something more than just glib parables. Instead Alan McLucas's book develops a convincing case for questioning the judgement of most managers when they deal with complex problems.

McLucas bases his analysis on systems dynamics, cognitive psychology and decision-making theories, plus two case studies to demonstrate how routine risk management fails. The case studies are the 1996 Black Hawk helicopter crash in which 11 army personnel died and the 1997 Canberra Hospital Implosion which claimed one life. He demonstrates that when you make a decision about a system that has multiple causes-and-effects, and where the causes and effects are separated in space and time, your intuition and experience can lead you seriously astray.

Factors that contribute to poor decisions include the desire to seek the 'golden bullet' which delivers the quick fix, and a belief that everyone else shares your views of why a system behaves the way it does.

This general discussion provides the background for the book's real contribution. This is that risk management has a significant weakness in that many managers do not have sufficient understanding of the environment (context in risk management speak) to make effective decisions. As a result, many decision-makers use simple and inappropriate rules to mentally model a system. These rules typically include that:

• one cause produces one effect
• a problem does not exist if it can't be measured
• relationships are liner, non-delayed and continuous
• there are no critical thresholds
• feedback is accurate and timely
• systems can be managed through first-order negative-feedback.

To overcome the prevalent superficial decision making process, McLucas advocates heightened situational awareness and systems-thinking skills. Specifically he emphasises the use of cognitive maps as a way to understand how systems work and to identify points of leverage where effort can be made to deliver real change.

A book for all decision makers who seriously want to improve their decision making, and for those concerned about the unquestioning faith many have in the risk management orthodoxy.

Decision Making: Risk Management, Systems Thinking and Situation Awareness by Alan McLucas, 238 pages, $77, Canberra, www.argospress.com

13 Santos again highlights the vulnerability of our infrastructure
Reduced production of fertiliser, steel, aluminium, cars and cardboard boxes are just some of the consequences of the recent Moomba gas plant explosion.

Unfortunately business shutdowns are normally a direct result of the destruction of a critical piece of infrastructure. For example, the 1998 Esso Longford explosion closed off Victoria's gas supplies for 2 weeks shutting down restaurants, brick plants and thousands of other businesses, and costing the State about $1.3 billion. The 1998 failure of power cables in Auckland NZ resulted in all businesses in the central business district being closed for two months. More >>

14 Articles: Trust in information sharing & predictive risk
ScottCromwell Pty Ltd has provided two articles which will be of interest to readers. ScottCromwell were the contract partner for the Australian Defence Department for Project Bentwood. Project Bentwood is an initiative of the Defence Intelligence Organisation with the purpose of defining an Information Sharing architecture to better enable Defence to carry out its role of 'Protector of Last Resort'. Dr Larry Cromwell will be speaking on the topic of 'Critical Infrastructure Protection - Putting a Lid on Pandora's a Box' at the 10 February Engineering -Security Research Forum.

• Critical Infrastructure Protection - A Matter of Trust (pdf, 66kb)
• Predictive Risk: Frequently asked questions (pdf, 57kb)