Australia leading the charge on protective security standards
14 Mar 2018|

This week in Sydney, Standards Australia, the peak national standards development body, will host over 100 leading security experts from 45 countries. The security and resilience conference aims to make progress on standards to reduce the threat from malicious actors. It’s the biggest event ever of its kind in Australia.

The gathering couldn’t be timelier. The range of threats that businesses and governments face continues to evolve. From cyberattacks on major companies and critical national infrastructure to the threat of terrorist attacks in crowded places, the need for effective identification and management of security risks has never been more important.

The Sydney meeting of security experts comes hard on the heels of the creation of the Department of Home Affairs. The new department underlines the need for a comprehensive and cohesive Australian national security strategy that can’t afford to be ‘siloed’. Security is now increasingly interlinked, with responsibility falling across government and business.

In this environment we need an international, standardised approach to protective security. Understanding what it means to manage risk when trying to protect against malicious acts is very different to managing risk from a broader ‘all hazards’ approach such as natural disasters or a pandemic. Malicious acts—driven as they are by the intentions and capabilities of humans to do harm—are more difficult to predict.

When it comes to terrorism, protective security management seeks to prevent the attack. That requires an understanding of the target, an organisation’s areas of vulnerability and the risk factors associated with any collateral damage.

Both government and business have an interest in creating security solutions through international standards that enhance their adaptive capacity. But there will be challenges. To give any new standard meaning, it will need to be applied universally across large, medium and small companies in a range of operating environments. If the standard is too complicated, the rate of adoption by businesses may be low.

But the development and implementation of a best practice protective security standard will improve collaboration between businesses and government by providing a common objectives, as well as a common language, in managing important security information, assets and people.

An international protective security standard will also provide a unified approach to organisations collaborating on intelligence and security in the region. It will help smooth over any cultural differences that create a barrier to successful security collaboration.

States and organisations that have high levels of security may be reluctant to share information with states that are known to have weaker processes. A protective security standard will encourage collaboration between states and business by providing a higher level of transparency, which enhances the reliability of information management.

An enhanced protective security standard can provide a level of assurance for businesses, which leads to more confident decision-making. Stronger security standards will provide customers with a higher level of confidence in the quality of the company and its ability to protect them and their information.

Standards Australia’s conference this week underscores the trend for national security to be a team sport when private companies influence national security outcomes, primarily by providing services. Key sectors include infrastructure, telecommunications, finance and banking and transport.

Security now needs to be looked at from a 360-degree approach, bringing together experts from government and businesses in counterterrorism, protective security, cybersecurity, data management and emergency services.

Standards Australia, for example, is now reaching out to countries across the region to tackle the increasing threat of cyberattacks on specific businesses. It’s using a regional program that analyses each nation’s cybersecurity needs, identifies gaps and encourages the adoption of national cybersecurity standards.

This week’s Sydney meeting is a great opportunity to create and extend more cooperative frameworks for preventing and responding to security incidents.

The importance of sharing information to protect assets, systems and people will only increase. That makes this week’s efforts on establishing better international standards for protective security important.

But in some ways, what’s being discussed isn’t as relevant as the fact that more meetings like this are taking place to tackle security and resilience across an inter-connected web of issues.

It’s all part of the bigger story of a more joined-up national security strategy that’s now emerging in Australia.