Sydney Siege

The siege in a chocolate shop in Sydney’s CBD ended early this morning AEST. Three people died, including one purported to be the gunman Haron Monis.

There will necessarily be intense scrutiny on the forces used to resolve a violent event. However, it is important to remember that they do not happen in isolation.

The factors that lead us to these events are always complex and often have geo-political, sociological and psychological underpinnings.  In this case, the gunman, was a convicted criminal and seems to have latched on to the idea of violent jihad to justify his own failings. 

This is the time for cool heads. It is far more effective and efficient to invest in efforts which counter radicalism before it descends into violence. To that end, we should remember the quiet work of those who enfranchise the disenfranchised and seek to strengthen social cohesion.

It is these people, who make our way of life so great.  

Governments at all levels must lead in these efforts. Politicians must remember, whatever their political colour, that radicalism  is a complex societal issue, not a sound bite. Else we descend into barbarism.

As a society, we must remember that the work of all members of the civil society needs to be focussed on countering radicalism.

This event received so much coverage precisely because it is uncommon in Australia

Just remember that the reason this event received so much coverage in the media is precisely because it is so rare. And of course, it was across the road from the HQ of one of the big Australian TV channels.

Yet, at the same time across the world, six people died, one was wounded, and the gunman escaped in a shooting in Philadelphia. In that case, it seems that the gunman is a mentally disturbed ex soldier.

Yet, although it was reported, multiple shootings are depressingly common in the US. They are even more common in parts of Africa, and often the reports don’t even make it beyond the local news.

It all comes back to risk and societal resilience, because when citizens are allowed to panic, governments start using extreme measures in our names. Professionalism in risk and security is about understanding the difference between perception and reality and taking an evidence based approach to dealing with the issues.

More information

http://www.abc.net.au/news/2014-12-15/sydney-siege-hostages-cafe-martin-place-police-operation/5967232

http://www.nbcphiladelphia.com/news/local/Lansdale-Shooting-285800521.html

http://www.nytimes.com/2014/12/15/us/politics/cheney-senate-report-on-torture.html?_r=0

http://link.springer.com/search?facet-author=%22Roy+Gardner%22

The trusted insider

The trusted insider.

Helping organisations protect themselves against trusted insiders

I attended the Security in Government (SIG) conference in Canberra earlier this month. I am somewhat biased, but I think that SIG is probably the best annual security related gathering in Australia.

If you compare it to a lot of international gatherings SIG certainly holds its own. Although, the US and German conferences in particular have glitz and size, the quality of the discussion and the more intimate nature is refreshing. SIG, as you may have guessed is primarily targeted at government, but there are good lessons for all organisations to be had there. Ok, enough of the fanboy …

The 2014 SIG theme was the ‘trusted insider’. Whilst the discussions were often very good, I wondered whether there are additional approaches to reducing the problem of the trusted insider. These approaches focus more on the relationship between employees and their organisations.

http://pixabay.com/

Who are the trusted insiders?

A trusted insider is somebody who uses their privileged access to cause harm to their employer or their interests. I’ll be a bit controversial here and note that, whether these people are traitors, spies or whistle-blowers depends somewhat on perspective. In any case these people evoke strong almost visceral emotions in many people.

Why are organisations so concerned about the trusted insider?

Despite fears about rogue hackers attacking organisations from the outside, the trusted insider is still considered the biggest threat to an organisation. In Australia and overseas, trusted insiders ‘going rogue’ have caused the significant damage to national security, government agencies and private organisations. The harm done can be from loss of secrets, money or even life.

Secrets: The most glaring examples in the information security space have probably come out of the USA in recent times. People like Edward Snowden and Chelsea (Bradley) Manning spring to mind in the national security sphere. However, some Swiss banks have also been stung by Bradley Birkenfield whom some in those establishments might call a trusted insider and the US tax agency would call a whistle-blower!

http://pixabay.com/

Money: Fraud is probably the most significant threat to private organisations from trusted insiders, particularly those in the finance and insurance industry. Sometimes the size of an event can be enormous, such as when $2billion was lost in 2011 through ‘unauthorised transactions’ in a Swiss bank.

http://pixabay.com/

Life and property: Whilst we often focus on loss of information confidentiality, trusted insiders were also responsible for assassinating the Indian Prime Minister Indira Gandhi in the 1980s and shooting fellow soldiers in the USA and Afghanistan in the last decade. There have also been a number of cases of ‘issue motivated’ insiders harming organisations by damaging plant and equipment.

http://pixabay.com/

What motivates the trusted insider?  C.R.I.M.E.S.

The motivations of trusted insiders are varied, however they broadly fit under the standard drivers of criminal behaviour as described by the mnemonic ‘crimes’.

Coercion – being forced, blackmailed or intimated

Revenge – for a real or perceived wrong, it could be about disaffection and or a grudge

Ideology – radicalisation or advancement of an ideology /religious objective

Money – for cash, profit, dosh, moolah – whatever you call it, and/or

Exhilaration or Ego– for the excitement or because they think that they are in someway cleverer than their compatriots –  Christopher Cook seemed driven by the excitement..
The USA’s “worst intelligence disaster” was Robert Hanssen, who might be described as an egomaniac.

Sex and personal relationships. The combination of sex and coercion is a lethal one.

Of course, some are also mentally fragile and may not have a motivation that is exactly clear to others.

End of part 1

In the coming part, we talk about some approaches to the trusted insider problem.