Home       Previous newsletters

4 December 2003

1. Editorial
2. Brief News from Engineers Australia
3. Brief News from around the country
4. Report on the Terrorism Risk and Your Corporation Workshops
5. Report on the 2003 Bomb Conference
6. New Built Environment Advisory Group may be formed
7. Strategy to be developed for engineering a secure Asia-Pacific
8. 2004 Engineering and Security Research Forum - Call for presentors
9. New Act to Safeguard Australian Sea Trade and Maritime Industry
10. Correction on AS/NZS 1170.0 Structural design actions
11. Terrorism and Australian Business paper
12. Asia-Pacific Business Continuity Management Benchmarking Survey now out
13. Essay 1: The HSBC Bank Building Bombing: Analysis of Blast Loading
14. Essay 2: Business Continuity Management and the Terrorist Threat
15. Upcoming Events

Editorial
Security education database: I constantly get requests for a list of people who can provide education in areas such as blast protection, ballistic threats, physical security technologies and continuity management. Consequently I would like to build a database of individuals and organisations who may be interested in providing education on their areas of specialities. So if you have skills that you would like to share, send me a brief note and I can include it in our database. Athol Yates

1 Brief news from Engineers Australia

1. A call for presenters has gone out for the 2004 Engineering and Security Research Forum. About 200 intelligence, emergency services, engineers and others in the homeland security arena will attend the event in February 2004. More info
2. Engineers Australia is organising a group visit to the Woomera explosive trial to observe the impact of detonations on building elements. The tour will observe the first detonation on 6 May 2004 and will consist of 5 Tonnes of Hexolite (60/40 RDX/TNT). The visit will also include site tours in Adelaide and possibly Roxby Downs. For information, contact athol.yates@safeguardingaustralia.org.au
3. Athol Yates, Associate Director, Engineers Australia addressed a 28 person Chinese delegation on national information infrastructure security on 29 November at Engineers Australia headquarters in Canberra. The group was supported by the State Administration of Foreign Experts Affairs.
4. Athol Yates addressed the Australian Earthquake Engineering Society 2003 Conference on 28 November in Melbourne. His address was on the roles by which earthquake engineers can contribute to enhancing built environment security.
5. Bruce Howard addressed Distribution 2003 conference in Adelaide on EA Safeguading Australia initiative.
6. Athol Yates and Bruce Howard faciltiated "Terrorism & Corporation' workshops in Sydney & Mebourne. More info
7. A call for papers for the ASEAN Engineering Conference AAEC 2004, Sabah Malaysia. Jointly supported by Engineers Australia and Institute of Engineers Malaysia. Conference will have regional security as major theme. Information at http://www.iem.org.my/ASEAN/index.html

2 Brief news from around the country

1. Security Risk Management Standard: Standards Australia is developing a standard/handbook on Security Risk Management. For information, contact Ken.Kwan@standards.com.au
2. Critical Infrastructure Newsletter: The first edition of the Critical Infrastructure Newsletter is now available. It is published on behalf of the Trusted Information Sharing Network for Critical Infrastructure Protection by the Attorney-General's Department. Articles include:
   • CIAC formed
   • Key Players in CIP
   • TISN Sector Groups established
   • PM&C Science, Engineering & Technology Cell
   • AusCERT and the NII
   • AGD CIP Branch

While the newsletter is not on the AG's website as they are currently "revamping" the site, it can be temporarily downloaded from here.

3. Best practice guideline for creating a security plan: The NSW State Emergency Management Committee and the Critical Infrastructure Review Group is looking towards establishing "best practice guideline" for creating a security plan. The guideline should be available in 3 months. The need for the guideline was identified in a recent SEMC/CIRG seminar/workshop on security practices and standards. It brought together 27 representatives from critical infrastructure owners and the security industry. The event also identified other issues of importance including general security knowledge, licencing, accreditation, and vetting of staff and contractors, and how to hire a security contractor/manager. Information: Matthew Harper, Planning Officer - Essential Services, State Emergency Management Committee tel 02 8247 5916, Matthew.Harper@oes.nsw.gov.au
4. National Information Infrastructure Research Activities: A few months ago, the Australian government put out a request for information inviting parties to register their interest to conduct research that has the potential to help protect the National Information infrastructure e-security environment. The request for information came from the Defence Signals Directorate and the National Office for the Information Economy. The primary interest of these organisations is in e-government security. The Attorney General's Department also has been involved and their primary interest is in the broader NII security. The analysis of the submissions is still ongoing by these 3 parties and the proposals are expected to be prioritied later this month. The aim is to have some projects selected for funding this financial year with more next year. It is believed that DSD has funding of about $300,000 for the following 2 financial years and NOIE about $100,000.
5. Australian Research Council Research Networks Seed Funding: The recommendations by the Australian Research Council (ARC) on what networks to fund has been provided to the Commonwealth Education Minister. The networks are to be in the areas of National Research Priorities and given that one of the 4 priorities is Safeguarding Australia, it is anticipated that one of the networks will be in this area. It is anticipated that the Minister will announce his decision shortly. A number of groups have put in proposals for research networks in critical infrastructure protection and related areas (see past newsletters). One group which was not mentioned was from the University of SA. Its proposed network was entitled "Formation of international network on application of systems approaches to mitigate armed conflict and terrorism". Its aim was to establish an international network for the systemic mitigation of armed conflict and terrorism. The network's projects relate to the three main areas of:
   • understanding of and mitigation of catalysts for armed conflict and terrorism,
   • improving the effectiveness of defence force practices in particular capability development and acquisition issues,
   • improving the robustness of critical infrastructure through risk management analyses and design of fail safe architectures.

Information: Jodi Smith, jodi-anne.smith@unisa.edu.au, tel 08 8302 3019

6. National Transport Security Strategy: A National Transport Security Strategy is taking shape within the Department of Transport and Regional Services. The next version of the Strategy will be discussed at the next Australian Transport Ministers' meeting, and is due out next year.
7. Auslink: The Auslink White Paper (Strategy) on Land Transport is currently with the Commonwealth Cabinet and due out in the near future. It is understood that Auslink does not have a security dimension as this issue is addressed via other avenues.

3 Report on the Terrorism Risk and Your Corporation Workshops
The Terrorism Risk and Your Corporation Workshops were held in Sydney and Melbourne on 26 and 27 November respectively. Bruce Howard, Security Commissioner and Athol Yates, Associate Director, were master of ceremonies at the events.

The morning session's speaker was Clive Williams, Director of Terrorism Studies, Australian National University and he spoke on establishing the terrorism context for risk management. The afternoon speaker was Chandler Comerford, Managing Director, Vulnerability Assessment Group and he spoke on managing terrorism and your business.

One of the most important points to come from the presentations was that the terrorism threat will not diminish for many years and possibly decades to come. This is because the loose group known as Al Qaeda recognises that its aims will not be achieved for decades. Al Qaeda was formed in about 1989 and since then has gained considerable operational and coordination experience through numerous attacks by its members and associated groups.

The capability of the Al Qaeda network is still very significant, according to Clive. This is because the training camps providing people with weapons and explosives skills still exist in Pakistan and the Philippines, and trained is still being provided.

Of great concern is the increasing frequency that Australia is being mentioned in Al Qaeda statements. The current order of mentions is USA, Israel, UK and Australia. Given that Al Qaeda, rather than Jemaah Islamiyah, poses the greatest threat to Australia, there is concern that these mentions may increase the chances of an attack.

Clive suggested that future attacks would most likely be against soft targets, like central business districts, and involve simultaneous attacks, such as a bomb to cause building collapse and fire, and another to destroy the water supply required by fire fighters. However while there have be very few examples to date of attacks on critical infrastructure, this may change as the impacts of infrastructure failures, such as the electricity grid on the east coast of USA, are observed by terrorist planners.

Issues that arose during the session on incorporating terrorism threats into risk management arrangements included:

• "capability and intent" of terrorists is a more useful way of ranking risks than "likelihood and consequences".
• given that intelligence is critical to identifying a target's weak points and planning an attack, asset owners need to be more aware of the public information they provide. This is particularly true of video images. For example, while a TV news story on the commissioning of a new oil platform may generate enthusiasm for the asset, it can also provide all the reconnaissance information required by terrorists.
• in the hours and days after a catastrophic attack, assets owners and engineers will be working in a command and communication vacuum. This is because an attack will overwhelm the coordination capabilities of governments and communication networks will be overwhelmed. Therefore the way organisations will respond will be solely dependent on the initiative of individuals. Given engineers' role in managing resources and their knowledge of systems, it will be the engineers in the first few hours following a catastrophic disaster who can make a significant difference in the impact of an attack.

The workshop will also be held in Perth on 12 December. Given the positive response to the workshops, it may be run in Brisbane in early 2004.

4 Report on the 2003 Bomb Conference
The International Association of Bomb Technicians and Investigators 2003 Conference was held in Canberra on 30 November and 1 December. Athol Yates, Associate Director, attended the conference as a way of identifying trends relevant to the engineering profession. Relevant information from the conference included:

• bombs are the most likely weapon used by terrorists. In 2002, 69% of terrorist attacks involved bombs. The next largest category at 25% was armed attack.
• Australia has a long history of bombing including those associated with the National Crime Authority, Family Law Courts, and consulates.
• threat intelligence is rarely passed onto businesses unless it is highly targeted. And if it is passed on, there is often little knowledge about what is appropriate responses.
• the lack of suggested minimum requirements or benchmarking of security requirements, inhibits the implementation of best practice and appropriate security.
• the information flow from businesses to government is being undermined by the current security-military classification of information. For example, if threat information is obtained by a utility and passed onto the government and this information is classified as secret (for example), then the security-cleared government officers cannot provide this information back to the utility as people in business do not have government security clearances. Consequently if the information is provided back, then it has to be done informally only.
• there are a lack of engineers and architects with experience in certain aspects of security. For example, there are no recognised designers of mailrooms that can efficiently and effectively process mail items, some of which may be contaminated.
• truck bombs in the range of 1,500 to 3,000kg are common. However larger vehicle bombs are possible given the easy availability of explosives and boosters. WBM Engineering and Environmental Consultants provided a simulation of a 5,000kg truck bomb in a hypothetical city to demonstrate the consequences. The model applied compressible fluid dynamics to model the explosive gas expansion and blast wave propagation. The conservative estimates of the damage from such a detonation were 900 dead and 9,500 injured. Editor's note - We hope to include this simulation in the 2004 Engineering and Security Research Forum in February.
• a meeting of professional and industry associations should be organised to identify areas where business, government and the professions can make a greater contribution to homeland security.

5 New Built Environment Advisory Group may be formed
A meeting will be held on 17 December 2003 in Sydney to consider creating a built environment group as part of the Australian Government's Trusted Information Sharing Network for critical infrastructure protection. The purpose of the proposed group would be to further the business-government partnership in the area of buildings and spaces that experience additional security threats because of their iconic nature, the hosting of high profile events or mass gatherings of people. For planning purposes it has the working title of 'Iconic Structures and the Built Environment'.

The group would be comprised of the owners and operators of major shopping centres, tourism attractions, conference venues, major sporting facilities, tollways, bridges and other relevant infrastructure such as the precincts around transport hubs. The group would also include relevant industry associations, government agencies and professional bodies. The purpose of the meeting is to discuss the scope and membership of the advisory group, and to validate the justification for the creation of a new group to discuss these issues on a national basis. Letters have been sent out to various groups inviting them to this meeting. For information contact Ms Maryanne Draney on telephone 02 6250 6239 or email maryanne.draney@ag.gov.au.

Bruce Howard, Security Commissioner will be attending on behalf of Engineers Australia.

6 Strategy to be developed for engineering a secure Asia-Pacific
Engineers Australia is developing a strategy to advance homeland security engineering in the Asia-Pacific region. The strategy is to be released at the Asean ASEAN Australian Engineering Congress in Malaysia in May 2004. The strategy will enable the engineering profession to contribute to enhancing the built environment and critical infrastructure of regional countries.

According to Bruce Howard, Security Commissioner, Engineers Australia, "Engineering can make a significant contribution in all Asia-Pacific countries to building a more secure domestic environment". "By deploying engineering security advances such as new chemical detection technologies and blast resilient structural design, the threats of terrorism can be prevented or mitigated."

"As the security focus to date of governments and industry has been on the tactical issues of guards, guns and gates, the engineering profession has not been fully engaged in the counter-terrorism effort. However this will change as the focus shifts to strategic issues which will deliver significant medium and long-term benefits."

Elements of the strategy will include the need for:

• the engineering profession to move from a culture of compliance to an intuitive culture. codes and standards to be updated to reflect modern security knowledge.
• security competency to become widespread.
• networks across industry and disciplines to be established to disseminate security best practice.

"The most effective way for the engineering profession in the Asia-Pacific to rapidly deliver security advances is for a coordinated regional network to be established", said Commissioner Howard. "The main aims of the network are to facilitate continual professional development in security, share security best practice among practitioners, and disseminate security policy activities among regional association leaders."

7 2004 Engineering and Security Research Forum - Call for presentors
Engineers and scientists wanting to make presentations to a receptive security audience are being sought for the 2nd national forum on case studies & research activities. It will be held at the University of Melbourne on 10 February 2004. The forum will bring together researchers and practitioners in government, tertiary institutions and the private sector who are working on technical solutions to building a safer Australia. The forum will allow the experience gained in mitigating natural hazards to be transferred to an all-hazards approach. Presentations are limited to 15 minutes each to enable participants to hear from the largest possible range of research and case studies. Information: www.safeguardingaustralia.org.au/2004forum.htm

8 New Act to Safeguard Australian Sea Trade and Maritime Industry
A piece of legislation crucial to the protection of Australia's citizens, sea trade and maritime transport infrastructure against the threat of terrorism passed the Senate on 28 November.

The Maritime Transport Security Act 2003 would lead to the establishment of a new regulatory framework by 1 July 2004 to help safeguard our domestic and international sea trade.

Under the new legislation, the Australian Government will regulate the security arrangements of around 70 Australian ports, 300 port facilities and 70 Australian ships. The legislation also establishes a robust compliance checking of foreign ships. Key features of the Act include:

• Establishing an 'outcomes based' regulatory approach to safeguard the maritime industry against unlawful interference and reduce its vulnerability to a possible terrorist attack.
• Building in flexibility for the maritime industry to develop its own security plans and security treatments based on security assessments.
• Including a nationally consistent enforcement regime with penalties that reflect the risk to our trade and the public harm that could result from a security breach.
• Enabling the Department of Transport and Regional Services to regulate, monitor and audit security measures to ensure industry compliance with the new arrangements. The new legislation will give effect to the International Ship and Port Facility Security Code, which was developed by the International Maritime Organization (IMO) to address maritime security around the world. The IMO's international regime is to be fully operational 1 July 2004.

Complementing the Maritime Transport Security Act 2003 is the Aviation Transport Security Bill 2003, also before Parliament this week. The Aviation Transport Security Bill will improve the structure of Australia's aviation security regulatory framework and provide greater flexibility to respond to the changing threat environment. The Bill is available from here.

9 Correction on AS/NZS 1170.0 Structural design actions
Richard Weller, Standards Australia's Team Leader - Structures has pointed out a correction in Engineers Australia's June report, Engineering a Safer Australia. Below is his comment.

I noticed the box on Page 110 numbered 9.6. I must inform you that some of this is incorrect. AS/NZS 1170.0 (published May last year) requires that structures be designed for robustness. It gives loads to ensure a measure of lateral resistance and additional strength at joints. This provides for some measure of alternative load path in the structure.

The Commentary to AS/NZS 1170.0 also specifically notes removal of members. The USA Standard includes somewhat more specific advice, but it is still qualitative the same as that in our Commentary.

Our materials design Standards (AS 3600, AS 4100, etc.) also provide robustness minimums.

Wording from the Commentary (AS/NZS 1170.0 Supp 1) is
The potential damage may be avoided or limited by use of the following:
(a) Avoiding, eliminating or reducing the hazards which the structure may sustain.
(b) Selecting a structural form that has a low sensitivity to the hazards considered.
(c) Selecting a structural form and design that can survive adequately the accidental removal of an individual element or a limited part of the structure or the occurrence of acceptable localized damage.
(d) Avoiding as far as possible structural systems that may collapse without warning. This text was already in the draft Standard before the WTC attack, so was quite innovative.
.
Blast Standard
Although the committee is eager to publish something on blast effects, it is expected that there would be inordinate additional cost in requiring high importance structures to be mandatory designed. Thus regulators would be resistant. Part of the problem of setting minimum levels is "what level of blast is to be designed for". Also, if the level is clearly specified in a Standard, this provides a target bomb size for the attacker to exceed. It is more effective to allow the designer to select at the request of the owner, the blast size to be dealt with and provide tools for converting this to effects on the structure. Thus the committee prefers this type of document. It will be a handbook. So far, we have conceptual contents but not a draft. I am working on putting together a small list of people to look at the contents once a first draft is prepared (probably by myself). To contribute, contact Richard Weller.

Information: Richard Weller, tel 02 8206 6727, richard.WELLER@standards.com.au

10 Terrorism and Australian Business paper
The Commonwealth-funded defence think-tank, the Australian Strategic Policy Institute, has released a paper called Terrorism and Australian Business. The abstract of the paper is:

If terrorists choose to launch an attack in Australia or against our interests overseas, then it is likely that Australian businesses could be targeted. Yet there is much that business can do to become more resilient against the threat of terrorism and to help government defeat terror groups. This paper outlines several steps businesses should take to harden their operations against terrorism. An important part of this process is closer cooperation between government and business. Indeed the best way to defeat terrorism will involve government and business borrowing some of each other's styles of operating: Governments must learn to be more open and flexible, while business must develop greater skills in strategic analysis and war gaming.

The paper can be dowloaded from here.

11 Asia-Pacific Business Continuity Management Benchmarking Survey now out
KPMG has released a survey which provides insight into the BCM trends in the Asia-Pacific region. Called the Asia-Pacific Business Continuity Management Benchmarking Survey, some of the report's findings were that:

• 37% of respondents believe that their level of risk has increased due to terrorism - even though only nine percent of respondents were actually directly or indirectly affected by terrorist activities.
• Operational and technical risks continue to be the primary drivers for change in Business Continuity Management (BCM) processes.
• Fewer than 35% of respondents have organisation-wide continuity plans in place, and almost one third have no working plans in place at all. Of those with organisation-wide Business Continuity Plans (BCPs) in place, the most significant representation by an industry group is Financial Services.
• Only 39% of respondents assess BCM as a due diligence consideration for key suppliers.
• Whilst more than half (56%) of organisations reported no/low tolerable downtime (7 hours or less), 25% of these could not estimate their cost of outage per hour.
• Only 58% of respondents perform regular risk assessments.
• Only 58% of respondents have a structured process for testing their BCPs. One third have no process at all for regular testing.

For a copy of the survey, contact Rebecca Daniels, National Strategy and Business Development Manager, Information Risk Management, The KPMG Centre, tel 02 9335 828, rcdaniels@kpmg.com.au.

12 Essay 1: The HSBC Bank Building Bombing: Analysis of Blast Loading
Dr Alex Remennikov, School of Civil, Mining and Environmental Engineering, University of Wollongong Two truck bombs exploded within minutes of each other outside the British Consulate and the British international bank HSBC in Istanbul, Turkey on November 20, 2003, killing 26 people and wounding 450. The 18-storey Istanbul headquarters of HSBC bank, shown above, were blown apart by bomb that witnesses said was contained in pickup truck driven up to the building. More on blast loading analysis.

13 Essay 2: Business Continuity Management and the Terrorist Threat
by Dr. Mike Clarke, Principal, M.E.T.T.S. Pty. Ltd., Brisbane, metts@zeta.org.au, Infrastructure and Resource Management Engineers. Business Continuity Management (BCM) in Australia has been addressed in the Australian Standards Association's handbook, HB 221:2003.

The handbook looks at threats to business continuity from natural disasters, corporate collapses, war and terrorism. It provides good guidance in terms of risk assessment and the devising of business continuity plans that will lessen the impact of events that threaten a business or organisation. More on analysis of the handbook.