Your browser version is outdated. We recommend that you update your browser to the latest version.

Share this page...

DEFSECMEDIA

DEFSEC Media is New Zealand's defence, security and fire B2B/B2G publishing group. Our leading magazines, NZ Security, Fire NZ - and our latest title - Line of Defence, are read by key business, government and military decision makers. This website is the online home of cutting-edge content from each of our titles.


 

Policy, Procedures and Training to Match: Good security counters terrorism threat

From: NZ Security, June 2015

Last December’s Lindt Café attack in Sydney demonstrated that terrorism or terrorism-styled acts can happen where we least expect them to. The event violently thrust small business onto the international terrorism map, and in doing so raises significant implications for the security practices of businesses that may not have previously contemplated the terrorist threat.

Seeking answers to the many questions now being asked by small businesses, we speak with counter terrorism expert and New Zealand Security Association Training Director Stewart O’Reilly. Stewart is a Certified Anti-terrorism Specialist (CAS), and prior to NZSA spent 15 years working in an intelligence role.

NZSM: What type of staff pre- recruitment screening options are available to employers, and how practical are they?

For events such as the Rugby and Cricket World Cups there is an additional level of screening where checks will be run against intelligence agencies’ databases. But this is only for big events, and such checking is not accessible for the general screening of employees at a shopping centre.

Even then it’s not going to be comprehensive because the risks that we’re talking about won’t necessarily show up on those databases. When you think about the teenagers that were recently arrested in Melbourne, there was no depth of involvement with a terrorist organisation. It’s not like you could have background checked and found them. They’re pretty much invisible.

Even Monis, the Lindt Café gunman, who was well known to authorities wasn’t on the watch list. He had been on but had been taken off, and there were plenty of indicators there that this guy was building up to something, not necessarily a terrorist attack.

NZSM: So background checks don’t necessarily achieve anything? 

It’s something that is a relatively simple process worth doing, but it shouldn’t give you the satisfaction that you’ve covered the security bases and that your staff are clean. The likelihood is that if someone was planning a terrorist attack and wanted to get someone into that position, they’d use someone that was very clean who had no history and who would not come to anyone’s attention.

NZSM: So, are there any avenues available to an organisation at the employee recruitment stage?

There are additional checks that you can make as part of the initial employment process, but it would be unrealistic to expect employers to do these because of the cost involved. You’d basically have to be subjecting everybody to a lengthy interview process by someone who knows what they’re doing in terms of the questions they’re asking. You’d be putting them through a wide range of testing,

the kind of psychometric testing done for senior staff in some organisations.

NZSM: Is there anything else that businesses can do in terms of how they’re managing their staff?

They can watch behavioural changes. There will be indicators that people are behaving differently, which might be a trigger that they’re going to do things. If someone starts to act out of the ordinary it should be something that managers look at – not necessarily an indicator that they’re going to blow the place up but that something is happening with that person.

Normal HR practice should be that someone sit down and have a talk with them, and that might reveal stuff. Such a chat in a potential religious extremist example, may elicit comments such as “I’ve found a new religion.” “I’m taking my religion more seriously now.” If you look at international experience many of those susceptible to extremist views are not converts but they’re coming back to their religion and are very serious about it; there’s a major lifestyle change.

NZSM: In the media a clear correlation tends to be made between Islamist extremism and terrorism. Is this accurate?

Islam is clearly a religion of peace and those that practice terrorism contradict this. Certainly Islam is not the only source of terrorism. The most notable terrorist attack in this country was carried out by the French Secret Service. Our most recent case was the threat against milk products. These are not Islamic threats.

Eco-terrorists and animal rights activists are actually more likely to be a source of terrorism in this country than Islam. But we’ve got to recognise that the attacks we’re seeing in the media linked to Islamic extremism are happening worldwide and we’re not immune to them.

NZSM: Should the measures that businesses put in place to combat the threat of an extreme event differ according to the type of event?

Each threat requires a response in accordance with the threat, not with the perpetrator. Who makes the threat doesn’t matter except in terms of evaluating whether or not it’s likely to be real. From a security practitioner’s point of view with a person pointing a gun at you it doesn’t matter why.

We would advocate a risk management approach to this. What is the risk and how do we manage it? We’re operating with limited resources and so we can’t manage every risk. We’re operating under social conditions that won’t let us put big barriers around every shopping centre. So, what do we need to do? If you think about a simple risk matrix, you’ve got to measure likelihood against consequence and so a terrorist attack is really low likelihood but extremely big consequence.

Therefore we’ve got to pay it some attention but we’re not going to pay it the same level of attention in a retail environment as shoplifting, which is a day-to-day occurrence. The problem with an extreme event is that it would have major consequences; it doesn’t matter whether its caused by an earthquake or tornado or a terrorist, we’ve still got to plan for it and have mitigation strategies in place.

NZSM: So is it the case that we can’t really plan to avoid such event but we can plan to mitigate what happens if it happens?

No, you can take some steps to prevent it happening to your place. You can’t prevent what’s happening in the minds of the people who have the incentive to do it. People who want to make these attacks may have the intent and the capability, but we can’t influence those things... the government can but we can’t. All we can take care of is our own vulnerabilities, so we can make it harder for them, and if we make it harder for them to attack the target we’ve been charged with protecting, well maybe they’re going to attack somebody else’s target.

NZSM: So for example, if your shop has particularly good security but the one next door to it doesn’t and is a weak link, what can you do?

You’ve always got to take into account your neighbours in terms of your own security. If the office next to you just happens to be the American Consulate, then the level of risk you’re facing from a terrorist attack is much higher than if you’re running your café from anywhere else in the country. Your operational environment has to be taken into account.

The degree to which you can influence what your neighbours do themselves is pretty limited but you have to take into account that they are a weak link in your security. In the retail mall environment, however, there is a degree of consistency because the mall operator provides security and there’d be certain things tenants would also be required to do.

The more you can reinforce the appearance of security the better off you are. It presents a harder target. That’s a general security principle, because in a retail environment you want the shoplifters to go somewhere else, you want the gangs that hang around selling drugs to teenagers to go somewhere else, so you just make it difficult for them.

NZSM: There is an argument that NZ businesses have a relatively high level of complacency in relation to the threat of terrorism. Do you agree?

Security risk management is about evaluation of the risk, and we do face a lower level of risk in New Zealand. The Australian experience has relevance. We have similar populations, and we’re both involved militarily with the Americans. New Zealand is on the UN Security Council... that’s kind of a biggie in terms of our profile. Regionally and globally, however, they have a bigger footprint so they do attract more attention.

New Zealand is a harder operating environment for a terrorist in terms of distance and the nature of our society: it’s harder to be invisible here, the communities are smaller and they talk to each other. It’s easier to have an overview from an intelligence perspective of the communities here than it would be in Australia because they’re bigger and they’re more spread out.

So we have advantages, but what we’ve got to see is that we’re socially and politically linked to Australia, so what’s a threat to them is a threat to us. The fact is that the Australians have been concerned for years that we’re an easy back door to them. The target may be in Australia but it could be attacked by people resident in New Zealand.

NZSM: Are we presenting ourselves collectively as a rather soft target?

In terms of NZ businesses, there is a degree of complacency. In terms of what’s happening in the world many haven’t made the connection that we’re a part of that world. There’s a degree of ignorance, but the government’s quite keen to not have people panicking about this by saying there’s an extreme threat of terrorism because there isn’t.

Our threat levels have just been raised to ‘very low’ so we’ve just got up off the ground. But the government has stated repeatedly that there are 30 to 40 people on their watch list and I would guess that that’s a conservative figure because you’ve got to look at how many people are those 30 or 40 people talking to. The number is probably much bigger, and if you take that as a percentage of our population it would be a significant figure compared to Australia.

I don’t think there’s a great degree of complacency, but businesses tend to have to see that they are potential targets before they will take action.

NZSM: Are you seeing that businesses in Auckland are taking a greater interest in terrorism-focused security?

You don’t want to be spending you’re whole time on it because there are more day-to-day threats. However, by looking at awareness around terrorism you’re also picking up on other suspicious behaviours that could indicate someone’s planning a crime. If you’re training someone to look for suspicious behaviours, you’re actually covering off both things.

NZSM: Do you envisage seeing bag checks at shopping malls in New Zealand any time soon?

No. It would actually take something to happen before it would become a reality. It’s going to put people off shopping.

In New Zealand, access to firearms is limited, so bag checking is a pretty useless measure to counteract the most likely attack, which might involve knives. In the case of a shopping centre, you don’t even have to bring in a knife in with you; you can just buy once inside the mall.

NZSM: So the incident that occurred at the Lindt Café in Sydney... terrorism or not?

For a security practitioner it doesn’t matter in terms of the why’s behind it, but it fits terrorism in other ways in that the gunman hooked onto politically motivated reasons. In this way it echoed the pattern we see in recent lone wolf cases: it’s not that the perpetrator is part of a terrorist organisation that’s telling them to do something, but rather there are some other issues in their life that have led them to a form of extremist belief.

Nevertheless, I think it’s safe to call that example terrorism. And if you think about why he chose the Lindt Café as a target, he did so because it was in camera view of Channel Seven’s breakfast television program... be aware of your neighbours!

NZSM: From a business perspective, there’s practically nothing that the operators of the Lindt Cafe could have done?

No. You can’t stop your customers coming in. If you put measures in place that would make a venue unattractive to come to, you’re going to lose customers. So until society recognises the heightened risk, you can’t get away with those sorts of measures.

I was living in London when the IRA had a bombing campaign, and it was really fascinating to watch what average people would put up with in terms of the intrusive searching on the tube and at public events. After one attack, the police even conducted door-to-doors. So it intrigued me as to what people tolerated in those conditions, but it was because they recognised that allowing this infringement on their civil liberties would help to protect them.

NZSM: So really the best thing a business can do is to have their training and security protocols in place and to be actively following them.

Policy and procedures and training to match them. And that comes to the defence part where you’re trying to spot things potentially going to happen and the response part where something has happened and you need to be able to respond to it effectively. Either way, it’s all around those three things: policy, procedure and training to them.

Back to Features

Counter terrorism expert Stewart O'Reilly talks training and security protocols.

Follow us...

 

 

 

 

 

 

 

© 2015. Defsec Media Limited. All Rights Reserved.

Defsec on YouTube...