Sec Intel Proceedings 2008

Proceedings of
The 1st Australian

Security and Intelligence
Conference

1
st
December 2008.

Edith Cowan University
Mount Lawley Campus
Perth Western Australia

Published By:
SECAU - Security Research Centre
Mount Lawley Campus
Perth Western Australia

Edited By:
Associate Professor Craig Valli and Dr David Brooks
SECAU Security Research Centre
Perth, Western Australia

Copyright 2008. All Rights Reserved
ISBN 978-0-7298-0664-0 Proceedings of the 1
st
Security & Intelligence Conference
ISBN 979-0-7298-0663-3 Proceedings of the 2008 SECAU Security Congress

CRICOS Institution Provider Code 00279B

2

Conference Foreword

Dear Delegate,

The 1
st
Australian Security and Intelligence Conference has a number of high quality paper
submissions from authors who represent a cross-section of international and Australian
national perspectives in terms of security and intelligence. These papers reflect the emerging
themes of CCTV, Critical Infrastructure Protection, Ethics and Intelligence analysis, and
Psychometrics. All published papers were double blind peer-reviewed before acceptance into
the conference for publication. There were a total of 28 papers submitted for review from
which only 13 were accepted and presented.

The 1
st
Australian Security and Intelligence Conference is one of four conferences that form
the 2008 SECAU Security Congress. The congress reflects an overarching commitment to
bringing together a broad spectrum of security topics under a single assembly in order to
promote and develop a cross disciplinary approach to a continuum of security research.

Conferences such as the 1
st
Australian Security and Intelligence Conference take a great deal
of co-ordination, time and effort in order to bring together the right people in a common
forum in order to advance the wider security understanding and to progress the various
research directions. To that end, I express my thanks to the conference committee for their
hard work and dedication to the conference cause. In particular, I would like to commend the
various reviewers, editors and proposal submitters for their devotion and perseverance in the
face of countless other duties and engagements. In concert with this gratitude is another vote
of thanks to the administrative staff within the School of Computer and Information Science,
as well the SECAU Security Research Centre, for their patience, good-humour, and
professional approach to ensuring the successful running of the conference.

Sincerely,

David Cook
2008 SECAU Congress Co-ordinator

Conference Committee
Dr David Brooks (Chair and Editor) Committee
Associate Professor Craig Valli (Editor) Committee
Dr Geoff Swan Committee
Bill Bailey Committee
Jeff Corkill Committee
Roslyn Dinkgreve Committee
David Cook Committee

Sponsors:
Best Paper Award Presented by the Secure Systems Limited

3

Table of Contents

1. Organisational security: A propositional study to map expert knowledge p4
2. Psychometric risk perception: Why do some individuals elect not to act on
risks? p12
3. Professional Intelligence Judgement Artistry.. p17
4. Vigilance and the implications of using threat image projection (TIP) for
CCTV surveillance operators p26
5. Critical infrastructure protection Oil refining industry.. p37
6. Aviation Infrastructure Protection: Threats, Contingency Plans and the
Importance of Networks .. p44
7. Modern Society as Risk Society: Implications of Modernity on Private
Security . p56
8. Piracy in S/E Asia a possible new definition . p61
9. The use of red teaming in the corporate environment: A study of security
management, vulnerabilities and defence .. p77
10. Terrorists or Freedom Fighters? .... p84
11. Cerberus: The game of security analysis . p93
12. Covert Operative Management in 2020 Nodal Delivery and a Collegiate Governance
Model ... p102
13. Nuclear Radiation: Properties, Characteristics and Radiological Dispersal
Devicesp111

4

Organisational security: A propositional study to map expert knowledge

Adel Alruwaii
adel.ruwaii@aramco.com
Saudi Aramco
Affiliated aalruwai@student.ecu.edu.au

David J Brooks
d.brooks@ecu.edu.au
Security Research Centre
Abstract

Organisational security, as a profession, is at an early stage in terms of consensus by researchers on
categorical concepts that sum its body of knowledge. In addition, scrutinising and mapping similarities of the
security expert knowledge structure has not been undertaken by researchers on any significant scale.
Nevertheless, a recent study (Brooks, 2006a) has investigated and critiqued 104 academic university level
security courses and extracted common security concepts, resulting in a tabulated sum of 14 knowledge
categories that represent the organisational security expert knowledge structure. Controversy in the security
industry mandates specific knowledge structure research to help achieve a consensual agreement on the
security body of knowledge. This paper aims to outline a research proposition to conduct similarity analysis on
security knowledge categories through a multidimensional scaling (MDS) technique. The proposed research
will validate the foresaid 14 knowledge categories representing the security expert knowledge structure by
reviewing similar research conducted and adding knowledge categories if found necessary. The proposed
research will provide a better understanding and relationships of security knowledge categories, and aid
educational organisations in developing more concise and industry focused security curriculum. Furthermore,
the proposed research will support education institutions in developing security professionals with proper
knowledge and skills necessary to face challenges in the security industry.

Keywords
Organisational security, security expert, categories, security education, body of knowledge

INTRODUCTION

Although private or organisational security has a clear function of protecting personnel, information and assets
from harm, it is stated by Fischer and Green (2004, p. 37) that the private security definition has no universal
agreement and cogent arguments have been made for substituting the term loss prevention for security.
Furthermore, vigilant observation of organisational security education revealed that not much has been done to
sum what constitutes the knowledge of organisational security (Nalla, 2001). As a result, second career law
enforcement or military personnel - who may lack the business background - were always given priority when
appointing organisational security managers, which lead to marginalising and alienating the security function
(Gill, 2007). The dispersal of a consensual organisational security definition has mandated research to sum the
knowledge categories that represent the organisational security expert knowledge. Security professional
expertise has never been more needed as a true profession and consolidation of the term organisational
security is crucial to the international community (Wakefield, 2007). It should be noted that the term security
throughout this article referrers to the term organisational security, which will be used interchangeably in the
content of this article.

BACKGROUND

The security industry is one of Australias fastest growing sectors, generating revenues of approximately $4.5
billion per year and employing over 150,000 security personnel (Australian Security Industry Association,
2008). In addition, the security industry in the United States is a business worth some $100 billion a year and
still growing (ASIS International, 2005). In contrast to other disciplines, such as medicine and engineering,
organisational security still lacks a concise definition and an agreement on knowledge categories representing
what constitutes its body of knowledge.
5

In a study (Nalla, 2001) to explore the core components of an introductory course in organisational security,
nine (9) security topics were ranked important (Table 1). Nallas (2001) study drew data from benchmarking
security textbooks, security professionals interviews and proceedings of the ASIS first academic/practitioner
symposium. The study emphasised, to a lesser degree, the consensus on the conceptual and methodological
components of security education such as fire safety, workplace violence and workplace drug use.

Analysis by Brooks (2006a) has investigated and critiqued 104 undergraduate security courses and extracted 14
security categories, representing an organisational security expert knowledge structure and body of knowledge
(Table 2). In addition, the study reverse-engineered the represented knowledge categories with other related
body of knowledge studies (American Society for Industrial Security, 2002; Bazzina, 2006), which included
proposed industrial security standards.

It could be proposed that these 14 knowledge categories effectively represent organisational security more than
other studies. For the purpose of this study these 14 knowledge categories will be the centreline of analysis, with
other similar work used to review and validate the knowledge categories to determine if other categories should
be added.

Kooi and Hinduja (2008) provided a more recent article in which they summarised their experience of teaching
security to criminal justice undergraduates. The article considered the wider understanding of the art and
science of security, resulting in the recommendation of nineteen (19) topics (Table 3).

Table 1
_________________________________________________________________
Components of an Introductory Survey Course in Organisational Security
_________________________________________________________________

Components description
Physical security and asset protection Access control management
Emergency and incident management Risk assessment and management
Personnel security Investigations
Legal issues Information security
Computer security
___________________________________

(Nalla, 2001, p. 49)

Table 2
___________________________________________________________________
Security Knowledge Categories
_________________________________________________________________
Security categories description
Criminology Emergency/contingency Fire science
planning
Facility management Industrial security Information and computer
Investigations Physical security Principles
Risk management Safety Security law
Security management
_____________________
Security technology
___________________________

(Brooks, 2006a, p. 176)
Table 2
6

Table 3

Experimental Security Course Components in the Context of a Criminal Justice Undergraduate Degree

Security Course Components
The origins and development of
security
Security education, training,
certification, and regulation
The role of security

Proprietary vs. Contract security Risk analysis and security survey Perimeter and exterior security

Interior Security and Access
Control
Transportation / Cargo Security Computer and Information Security

Security and the Law Internal and External Fraud Personnel Policies and Human
Relations

Workplace Violence Retail Security Casino Security

Olympic Security
Continuity of Operations
Nuclear Security Museum Security

(Kooi & Hinduja, 2008, p. 299)

It could be argued that many of these topics, for example retail, casino, Olympic, nuclear and museum security,
may be considered practising areas of security, not security knowledge categories. Brooks (2008) described such
topic areas, proposing that practising areas should be classified within a knowledge category of Industrial
Security. Industrial security would encompass industry specific aspects related to security, for example within
aviation security, the International Civil Aviation Organisation (ICAO) legislation would be incorporated within
the knowledge content. Security education, from the perspective of criminal justice and social science
academics, can be beneficial in further validating security categories and body of knowledge. However, such
studies may also increase confusion as to what may constitute organisational security and, reduce the ability of
achieving consensus in the near to medium term.

SIGNIFICANCE

One of the most important things we have learned in the last 20 years of study into the practice of security is
how little we actually know, namely that the discipline of security has not yet matured (Giever, 2007). The
challenge for the future is for security research to find a way of improving security practice (Gill, 2007). To
invoke true professional status in the security industry, scientific decision-making must be practiced by the
majority of practitioners (Calder, 2007, p. 3).

To gain such a harmony among organisational security practitioners requires consensus in a body of knowledge.
However, there has been limited research in presenting an organisational security body of knowledge, with
publications primarily by ASIS International (2003) and others (Brooks, 2006a; Hesse & Smith, 2001; The
Interim Security Professionals Taskforce, 2008; Talbot & Jakeman, 2008). These limited publications are
perhaps due to the diverse nature of security, which makes research activity diffuse and security research
difficult (Sarre, 2005). Nevertheless, a single security body of knowledge has not been explicitly presented,
although there is supporting literature to develop such a body in many of the security domains.

7

PURPOSE

The purpose of this study is to outline a research proposition to conduct similarity analysis on security
knowledge categories through a psychometric multidimensional scaling (MDS) knowledge mapping technique.
The proposed research will validate the 14 knowledge categories representing the security expert knowledge
structure (Table 2) by reviewing similar conducted research and adding knowledge categories if found
necessary. In addition, the research will present the psychometric MDS knowledge structure of organisational
security, according to practicing subject matter experts.

UNDERLINE THEORY

The underline theory of the study encompasses interpretative analysis, where past security body of knowledge
studies are considered and expanded. In addition, psychometric multidimensional scaling knowledge mapping is
incorporated, to present a spatial representation of the corporate security knowledge structure.

Organisational Security Body of Knowledge

The need for competent organisational security practitioners has mandated the development of an industry
acceptable body of knowledge. This body of knowledge is possible by inviting interdisciplinary research to
define their contribution and aid the definition of the elements of the organisational security knowledge
categories (Calder, 2007). The term organisational security body of knowledge refers to a set of categories that
inclusively sum the profession of organisational security. A consensual body of knowledge is important in
defining security standards, competencies, qualifications, education, licensing and accreditation of
organisational security practitioners (The Interim Security Professionals Taskforce, 2008).

Knowledge may commence with object and pattern recognition, nevertheless this does not provide an
appropriate explanation to define knowledge. It is stated by Clancey (1997, p. 285) that knowledge is more
than written scientific facts and theories. Knowledge may be defined as facts or experiences known by a
person or group of people ... specific information about a subject (Angus & Roberston, 1992, p. 557).
Knowledge is constructed and, built on previous experience by, using and expanding existing ideas (Novak &
Gowin, 1984). Therefore, it can be stated that; as new knowledge is gained, change in understanding the existing
theories may be achieved. Knowledge is integral to memory structure, which is concerned with how the memory
may organise, store and retrieve knowledge. As a person is exposed to information in his or her everyday life,
concurrent knowledge has to be economised and abstracted into categories. These categories are developed and
maintained within long-term memory; however, there is a cognitive balance between the number and
effectiveness of such categories. Categories need to be informative, based to a degree on the natural world,
economic and cohesive (Eysenck & Keane, 2002) and organised (Kellog, 2003). Similar objects are grouped
together within a conceptual category and these groupings are generally a product of the learners environment.

In addition, expert performance is considered different to that of novice or lay persons. Expertise may be
defined as consistent performance on a domain specific representative task (Ericsson & Charness, 1997),
although expertise cannot be so easily defined (LaFrance, 1997). Experts require a number of abilities that
includes problem solving skills, conceptual understanding, domain knowledge and experience. A novice will, in
general, group problems together based on similar surface features or schema. Whereas experts classify
problems based on deeper knowledge structure and with hierarchical categories (Kellog, 2003). The proposed
study will use the 14 knowledge categories presented by Brooks (2006a) as a schema baseline, conduct a
literature review to validate these categories and spatially map expert understanding of these categories.

Multidimensional Scaling (MDS)

Multidimensional scaling (MDS) is a method that represents the pattern of proximities among pairs of objects
(Borg & Groenen, 2005, p. 3). The psychometric MDS knowledge structure technique, as demonstrated by
Brooks (2006b), will provide a visual representation of similarities and dissimilarities among the organisational
security knowledge categories. The organisational security knowledge categories will be graphically displayed
through MDS to enable a visual representation of expert knowledge structure.

MDS analysis would result in a spatial representation of knowledge concept clusters (Trochim, Cook, & Setze,
1994) and allow an analysis of judgements between variables to define dimensionality between such variables
8

(Cohen, Manion, & Morrison, 2002), within the proposed study, these variables will be knowledge categories.
MDS is a statistical technique within the area of multivariate data analysis, attracting worldwide interest
(Cohen, et al, 2002, p. 369) and has been used in many other similar studies (Cox & Cox, 2000). Such studies
have included knowledge structure in the form of concept mapping (Brooks, 2006b; Cheng, 2004; Martinez-
Torres, Garcia, Marin & Vazquez, 2005; Trochim, 2006; Turner, 2002).

MDS reduces complex dimensional data and provides a spatial representation, allowing hidden data structure
formation. MDS commences with a set of objects, which are paired and their dissimilarities measured.
Configurations of points are sought in dimensional space, with each point representing an object. MDS
calculates a dimensional space configuration where the points match, as close as possible, the paired
dissimilarities. Dimensional representation demonstrates object proximity, with proximity being how similar or
dissimilar objects actually are or perceived to be (Cox & Cox, 2000; Kruskal & Wish, 1978). The variation in
matching defines the different algorithms of MDS (Cox & Cox, 2000), with the study using ALSCAL
(Alternative Least squares SCALing).

STUDY EXPECTATIONS

This article reports on the studys proposition, where the expected outcomes of the study are still not clear or
able to be validated. However, the study is expected to provide at least three significant outcomes. First, the
study will further validate the 14 organisational security knowledge categories representing the security expert
knowledge structure tabulated by Brooks (2006a), subtracting or adding to these knowledge categories. Second,
the study will present a psychometric multidimensional scaling (MDS) similarity analysis map of the
participating experts organisational security knowledge structure. Third, the study results could lead to cluster
formation within the psychometric MDS map, indicating organisational security expert knowledge groupings.

In the studys proposition, it has been put forward that organisational security and security management could
be the focal point of the centre cluster and that the study may validate this assumed spatial locality. In addition
and based on such expected close spatial similarity, security and security management could perhaps be found to
be an interchangeable category. Furthermore, it could be suggested that investigations and fire science may be
closely related to criminology and facility management respectively, representing two (2) separate category
clusters. Finally, risk management and business continuity management (BCM) could be similar enough and
cluster together.

Talbot and Jakeman (2008) stated that the knowledge category Information and computer should be divided
into two discrete categories, namely information security and information communications technology
(ICT). The study is expected to test the significance, according to the participating experts, on such a division of
categories. For illustration purposes, Figure 1 provides a speculative view of the proposed organisational
security knowledge categories spatial structure. It should be noted that the security principles category was
omitted from Figure 1 and further psychometric measurements as it was believed that this category may be
embedded throughout the other categories, depending on the considered theory, principle or model. To include
such a diverse category would reduce the reliability and validity of the final psychometric knowledge map.

The proposed research will provide a better understanding of organisational or private security knowledge
categorys relationships, aiding educational organisations in developing more concise and industry focused
security curriculum. Cluster formation, if achieved, could result in providing separate educational paths, for
example two or three fields of study or majors within the organisational security domain. Organisational
security is a multidiscipline field and the identification of education paths could help specialisation that raises
the profession. In turn, this would aid the development of practising organisational security professionals,
equipped with proper knowledge and skills necessary to face challenges in the security industry.

9

CONCLUSIONS

This paper highlighted a propositional study to map expert knowledge categories representing organisational
security expert knowledge structure and body of knowledge. The proposition suggested utilising the 14
knowledge categories tabulated by Brooks (2006a) as a baseline for the study and validating these categories
through a literature review. For example, it was expected that information and computer could be divided into
two discrete categories of ICT and information security, and that the study might validate this category division.
The outcome of the literature review representing the organizational security knowledge categories could then
be analysed, based on industry subject matter experts and presented as a psychometric multidimensional scaling
map.

The importance of the proposed study considers the need to present a practical and industry focused
organisational security consensual body of knowledge. It could be proposed that the study outcomes would
improve organisational security categories comprehension; aiding educational institutions to better offer and
deliver organisational security curriculum and support the advancement of the security profession. Nevertheless,
the diversity of organisational security mandates interdisciplinary studies to sum competencies under each
knowledge category.

REFERENCES

American Society for Industrial Security. (2002). Proceedings of the 2002 academic/practitioner symposium.

The University of Cincinnati, Ohio: ASIS International.

Angus & Roberston. (1992). Dictionary and thesaurus. Sydney: Harper Collins Publishers.

ASIS International. (2003). Proceedings of the 2003 academic/practitioner symposium. The University of
Maryland, Maryland: ASIS International.

ASIS International. (2005). Career opportunities in security. ASIS International.

Australian Security Industry Association. (2008). Security industry overview. Retrieved September 2, 2008,
from Australian Security Industry Association:
http://www.asial.com.au/default.asp?page=%2Fconsumer+information%2Fsecurity+industry+overview

Bazzina, M. (2006). Security standards and support systems report: A collaborative project between the
Commonwealth Attorney-General's Department and Standards Australia. Sydney: Standards Australia
International Ltd.

Borg, I., & Groenen, P. J. (2005). Modern multidimensional scaling: Theory and applications (2nd ed.).
Springer.

Brooks, D. J. (2006a). A study to develop a consensual map of security expert knowledge structure. Proceeding
of the 2006 40th International Carnahan Conference in Security Technology (pp. 173-179). Lexington,
Kentucky: IEEE.

Brooks, D.J. (2008). Defining the science of security through knowledge categorisation. Acta Criminologica,
CRIMSA Conference Special Edition 2008, 1, 12-23.

Brooks, D. J. (2006b). Mapping the consensual knowledge of security risk management experts. Proceedings of
the 7th Australian Information and Warfare Security Conference, (pp. 9-17.).

Calder, J. D. (2007). Been there but going where?: Assessing old and new agendas in security research and
study. Security Journal, 20, 3-8.

Cheng, C. C. (2004). Statistical approaches on discriminating spatial variation of species diversity. Botanical
Bulletin of Academia Sinica, 45, 339-346.

Clancey, W. J. (1997). The conceptual nature of knowledge, situations and activity. In P. J. Feltovich, K. M.
10

Ford, & R. R. Hoffman, Expertise in context: Human and machine (pp. 247-291). Menlo Park, CA: The
MIT Press.

Cohen, L., Manion, L., & Morrison, K. (2002). Research methods in education. London: Routledge Falmer.

Cox, T. F., & Cox, M. A. (2000). Multidimensional scaling: Monographs on statistics and applied probability.
Coca Raton: Chapman & Hall/CRC.

Ericsson, K. A., & Charness, N. (1997). Cognitive and developmental factors in expert performance. In P. J.

Feltovich, K. M. Ford, & R. R. Hoffman, Expertise in context: Human and machine (pp. 4-41). Menlo
Park: The MIT Press.

Eysenck, M. W., & Keane, M. T. (2002). Cognitive psychology: a student's handbook. New York: Psychology
Press Ltd.

Fischer, R. J., & Green, G. (2004). Introduction to security (7th ed.). Boston: Butterworth Heinemann.

Giever, D. (2007). Security education - Past, present and the future. Security Journal, 20, 23-25.

Gill, M. (2007). The challenges for the security sector: Thinking about security research. Security Journal, 20,
27-29.

Hesse, L., & Smith, C. L. (2001). Core curriculum in security science. Proceedings of the 5th Australian
Security Research Symposium (pp. 87-104). Perth, Western Australia: Edith Cowan University.

Kellog, R. T. (2003). Cognitive psychology. Thousand Oaks: Sage Publications.

Kooi, B., & Hinduja, S. (2008). Teaching security courses experientially. Journal of Criminal Justice
Education, 19(2), 290-307.

Kruskal, J. B., & Wish, M. (1978). Multidimensional scaling. London: Sage Publications.

LaFrance, M. (1997). Metaphors for expertise: How knowledge engineers picture human expertise. In P. J.

Feltovich, K. M. Ford, & R. R. Hoffman, Expertise in context: Human and machine (pp. 163-180).
Menlo Park: The MIT Press.

Martinez-Torres, M. R., Garcia, F. J., Marin, S. L., & Vazquez, S. G. (2005). A digital signal processing
teaching methodology using concept-mapping techniques. IEEE Transactions on Education, 48(3),
422-429.

Nalla, M. K. (2001). Designing an introductory survey course in private security. Journal of Criminal Justice
Education, 12(1), 35-52.

Novak, J. D., & Gowin, D. B. (1984). Learning how to learn. Cambridge: Cambridge University Press.
Sarre, R. (2005). Researching private policing: Challenges and agendas for researchers. Security Journal,
18(3), 57-70.

Talbot, J., & Jakeman, M. (2008). Security risk management body of knowledge. Melbourne, Australia: Risk
Management Institution of Australasia.

The Interim Security Professionals Taskforce. (2008). Advancing security professionals: A discussion paper to
identify the key actions required to advance security. Melbourne: The Australian Government Attorney-
General.

Trochim, W. M. (2006). Concept mapping. Retrieved September 13, 2008, from Research Methods Knowledge
Base: http://www.socialresearchmethods.net/kb/conmap.htm

Trochim, W. M., Cook, J. A., & Setze, R. J. (1994). Using concept mapping to develop a conceptual framework
11

of staff's views of a supported employment program for individuals with severe mental illness. Journal
of Consulting and Clinical Psychology, 62(4), 766-775.

Turner, P. (2002). Multidimensional scaling analysis of techniques used by physiotherapists in Southeast
Australia: A cross-national replication. Australian Journal of Physiotherapy , 48, 123-130.

Wakefield, A. (2007). The study and practice of security: Today and tomorrow. Security Journal, 20, 13-14.

COPYRIGHT

Adel Alruwaii & David J Brooks 2008. The author/s assign Edith Cowan University a non-exclusive license to
use this document for personal use provided that the article is used in full and this copyright statement is
reproduced. Such documents may be published on the World Wide Web, CD-ROM, in printed form, and on
mirror sites on the World Wide Web. The authors also grant a non-exclusive license to ECU to publish this
document in full in the Conference Proceedings. Any other usage is prohibited without the express permission
of the authors.

12

Psychometric risk perception: why some individuals elect not to act on risks?

Jaber Alsuhaimi
School of Engineering

David Brooks

Abstract

Each year natural disasters cause significant economic loss around the globe, despite the efforts exerted by
local governments to reduce the impact of such disasters. One major factor in these efforts is the interaction of
local residents to take precautionary action in order to mitigate negative implications. Some studies have
indicated that with the help of local people, financial damages can be reduced by up to 80%. However, many
people located in areas of natural disasters choose not to take any actions despite warnings from their local
governments. The purpose of this paper was to investigate why people make certain decisions and provide an
explanation of the phenomenon. The concept of psychometric risk perception has been used for the past 30
years to consider, in part, why people may make decisions based on the perceived risk. Within the paper,
psychometric risk perception was used to explain how people interpret warning messages and how this may
affect their decisions - whether to take precautionary actions or not. Studies conducted in Taiwan, Germany and
New Zealand were also utilised to support the studys outcomes. Results considered the differences between
expert and lay persons, cultural and social factors, visceral level of risk and the importance of trust. Finally,
that for risk communication to lead to precautionary action requires a heuristics approach; however, further
research is still required in order to gain a better understanding as psychometric risk cannot provide an
appropriate explanation.

Keywords

Risk perception, psychometric risk, risk management, risk communication, natural disasters

INTRODUCTION
We are surrounded with risks in everyday life. Our activities and even decisions we take, can invite potential
risks and threats. However, people tend to have different perceptions of risk and therefore their decisions differ
accordingly. What is perceived as being risky to someone might be acceptable to other individuals. This
difference between risk perceptions among individuals also applies to different cultures around the world
(Breakwell, 2007). Moreover, people seem to accept risks associated with voluntary acts as opposed to risks
resulting from activities or technologies imposed on them by others, such as their employers or governments
(Starr cited in Sjberg, 1999). In contemporary risk management, risk depends on two aspects, namely
probability and consequence. Risk level is directly proportional to the probability of negative events and the
severity of consequences (Sjberg, 1999). It seems logical that disastrous outcomes would immediately grab the
attention of potential victims to take the necessary actions in order to deal with risks. However, people
sometimes neglect acting on risks even if the consequences are significant. A good example in this case would
be the kind of reactions people take in response to risks posed by natural disasters. Apparently, one would
expect that people facing the risk of natural disasters such as floods or volcanoes would immediately act to
avoid negative impacts. Nevertheless, the reality is that many victims choose to take only minimal precautions
or sometimes no precautions at all. Natural disasters occur in different places around the globe each year, with
some causing devastating consequences. Governments have been trying to reduce the impact of such disasters
by promoting the preparedness of local residents to take precautionary actions. As per the International
Commission for the Protection of the Rhine, long-term precautions taken by local people and organisations can
reduce financial damages by up to 80% (Grothmann & Reusswig, 2006). Although this figure can be seen as
very optimistic, it still provides a good indication that private efforts can have a significant impact on risk
mitigation. However, many people located in areas of natural disasters choose not to take any actions, despite
warnings from their local governments. For instance, in spite of earthquake hazards warning to 97% of the
population of Wellington, New Zealand, only 11% had emergency plans and 9% purchased first aid kits (Paton
et al., 2000). This approach does not appear to make sense, as you would expect people living and working in
such natural disaster areas would take preventive measures to ensure the safety of their lives and belongings.
13

The purpose of this paper was to investigate why people make certain decisions and provide an explanation of
the phenomenon, posing the following research question; why do some individuals elect not to act on natural
disasters risks?. Within the paper, psychometric risk perception was used to try to explain how people interpret
warning messages and how this may affect their decisions on taking precautionary measures. Risk reactions of
local residents in areas prone to natural disasters in Germany, Taiwan and New Zealand were used to support
the studys outcomes.

PSYCHOMETRIC RISK

Although the word risk is commonly used, the definition of risk is not trivial as it differs from one perspective to
another. Risk is not a definite term and can have different meanings to different people. This variance depends
on how people perceive the risk based on various factors. The term risk perception can be defined as the
subjective assessment of the probability of a specified type of accident happening and how concerned we are
with the consequences (Sjberg et al., 2004), indicating that the level of perceived risk may affect our actions.
A number of techniques have been widely researched to explain risk perception. For the purpose of this paper
the psychometric risk approach was used, as it provides more quantitative tools to understand risk perception.
The concept of psychometric risk has been used for the past 30 years to consider why people may make
decisions based on the perceived risk. The concept also explains, to some degree, why lay people perceive
hazards in different ways to experts (Siegrist et al., 2005) and that emotions play a role in the decision-making
process (Slovic & Weber, 2002). The psychometric risk paradigm uses techniques such as multidimensional
scaling to quantify risk perception of activities. A two-dimensional representation was developed by Slovic to
spatially map perception of various risks. The first axis, labelled dread risk, indicated the level of fear from the
subject risk and the second axis, labelled unknown risk, represented how familiar or unfamiliar the risk was to
individuals (Slovic & Weber, 2002). Using this map, different risks can be spatially represented in a
twodimensional map.

Risk perception research, using the psychometric paradigm, focused on the difference between experts and the
general public in perceiving certain risks in activities or technologies. It has been found that this variance is
mainly due to the mismatch in assessing the impact of risk among the two groups (Slovic, 1987). Experts tend to
base their judgments on numbers and physical measures. On the other hand, lay people tend to relate risk impact
to different factors such as past experience, emotions, and vulnerability. Nevertheless, it has been found that the
general public subjective estimation of risk fatalities were comparable to that of statistics, demonstrating that the
public are reasonable good at self estimation of such risks. However, there are degrees of distortion within such
public risk estimations (Breakwell, 2007). Therefore, why is there restricted alignment between what the experts
attempt to communicate in regard to risks associated with natural disasters to the precautionary actions taken by
the public?

NATURAL DISASTERS PREPAREDNESS

To try to understand this misalignment between warning messages and private preventive measures, studies
from Germany, Taiwan and New Zealand are presented, along with their outcomes. All three studies focused on
the research question of why some people do not make necessary actions to be prepared for natural disasters.

Floods in Germany

A study has been conducted by Grothmann and Reusswig (2006) to evaluate precautions taken by residents in
the potential flood areas of Cologne, Germany. The last major flood hit the city, located on the Rhine River, in
1995 when water levels reached 10 metres. The study included 157 households prone to flooding risk along the
Rhine River. A questionnaire was designed to assess factors including past flood experience, perceived threat,
precautionary actions and dependence on government protective actions. In the questionnaire, 39% of
respondents owned the residence they lived in and 41% had past experience with floods (Grothmann &
Reusswig, 2006). The study showed that 48% of the interviewed individuals had carried out self education about
private protective measures. However, only 31% and 38% had bought protective equipment and installed
structural barriers respectively. Providing a straight forward explanation of the research problem was not
possible as people make decisions based on many varying factors. Previous flood experience, risk of future
floods, reliability of government protection measures, cost of personal measures, perceived ability to perform
precautionary measures, and wishful thinking were found to be factors affecting decisions of the potential
victims (Grothmann & Reusswig, 2006). The study concluded that risk perception might not be enough to
encourage people to take precautionary measures. It was also proposed that more thought needs to be given to
14

risk messages communicated to the public. Risk communication should include not only the flood risk but also
how effective private measures can be to risk mitigation. Factors negatively affecting precautionary actions such
as denial and wishful thinking should also be taken into account when addressing the public (Grothmann &
Reusswig, 2006).

Taiwan Floods and Landslides
In Taiwan, floods and landslides cause many casualties and significant financial losses each year during the
rainy season between May and November. In 2004, two typhoons accompanied with heavy rain caused
devastating landslides and floods in the period between the months of July and September. One month later, the
National Science and Technology Centre for Disaster Reduction conducted a National Risk Perception Survey
of Flood and Landslide. The survey included two separate questionnaires for floods and landslides victims. A
total of 1340 participants including 250 victims were interviewed for the flood questionnaire. The landslide
questionnaire was conducted on 1574 participants including 501 victims. Survey participants were chosen from
five towns that suffered from landslides and seven towns impacted with floods during the same period (Lin et
al., 2008). Based on this survey, a study was initiated to understand the relation between risk perception and risk
mitigation adoption. Moreover, the study tried to understand why the general public were more willing to take
precautionary measures than the victims of floods and landslides. By analysing the 2004 survey data, this study
found out that victims of floods and landslides were more concerned with hazard warnings than the public;
however, they were more hesitant to apply protective measures. Most victims appreciated the threat, but claimed
to lack resources to deal with it. On the other hand, it had been noted that physiological factors such as risk
perception were stronger predictors than education and income (Lin et al., 2008).

The study used the following measures in order to map the participants responses: impact, control, powerless,
helpless and trust. It was concluded that risk perception measures being impact and control are predictors for
positive action. Powerless and helpless measures were found to be negative predictors. Although victims had
high perception of the impact of floods and landslides, they also had high sense of powerlessness compared to
the general public. Given that the powerless factor is stronger than the impact factor, the victims did not take
enough precautionary measures (Lin et al., 2008).

Preparedness to Volcanic Hazards in New Zealand

In September 1995, the volcano of Ruapehu in New Zealand erupted causing ash fall on nearby areas.
Approximately six months earlier, a survey was carried out to evaluate population knowledge and perception of
volcanic risk in Hastings and Whakatane, which both suffered from volcanic eruptions in the past. In November
1995, the survey was repeated in order to study the change in risk perception and preparedness to volcanic
hazards. Hastings is a small city approximately 110 km southeast of the volcano and Whakatane is a smaller
town situated 190 northeast of Ruapehu. During the 1995 eruption, Hastings suffered from ash fall due to the
eruption, but Whakatane did not. The results from both surveys were compared to understand the effect of 1995
Ruapehu eruption on risk perception and preparedness of the population (Johnston et al., 1999). The study
concluded that Hastings experienced an increased perception of volcanic hazards as a result of the eruption.
However, this increase was accompanied by a decrease in public preparedness, which may be explained by the
mild impact of the volcanic eruption on the population. It was also found that despite past experience of
volcanic hazards, limited actions had been taken by local people to mitigate the associated impact. This
approach may, in partial, be due to the perception of low vulnerability and high level of control than average
(Paton et al., 2000).

DISCUSSION

The psychometric risk model aims to explain the difference in risk perception between experts and the public.
This model might be used to explain why people do not act when they are told they are facing higher natural
risks. If the warning message is coming from an expert and the audience are mostly lay people, then the message
has to be tailored to address the difference in risk perception. However, the diversity and interwoven aspect of
risk perception, risk decision-making and some form of action led to what may constitute a need to consider this
not only with psychometrics, but within heuristics. A number of points, underpinned with psychometric risk,
have been put forward in the following discussion in an attempt to address the posed question. The process of
measuring risk perception is not quite straight forward. Knowledge, beliefs and past experience are all factors
affecting risk perception. The ways in which knowledge and beliefs were gained including direct experience,
media, government agencies publications, can also affect our perception of various risks (Paton et al. 2000).
When trying to predict how people react to natural disaster, it is important to understand the risk perception and
15

past experience of the public to such risks. According to the psychometric paradigm, it can be assumed that risk
perception of natural hazards victims may be, in general, represented with higher familiarity and mid to higher
dread levels. A higher level of familiarity or known risk could contribute to the missing action to mitigate these
risks. Paton et al. (2000) finding support this discussion as they proposed that direct experience tends to increase
awareness, but not necessarily preparedness.

The visceral level of risk exposure can lead to either risk amplification or attenuation, demonstrated with such
models as the Social Amplification of Risk Framework (SARF). The extent, type and consequence of media
communication may alter a person view on such events (Kasperson et al. cited in Slovic & Weber, 2002). Some
people may believe that if they are exposed to the risk at one point in time that it is less likely that they will be
exposed again. If a persons experience with a natural disaster is low, it is likely that his or her perception of the
risk becomes lower and that they do not take further action. Some people might not act because they do not have
past experience with the threat and therefore, they tend to under estimate the magnitude of impact. The opposite
may also be true; people without past experience can over estimate the impact and therefore act even if the risk
does not require any action. Considering the issue from another perspective, people get affected by the general
risk perception in the society where they live. Natural disaster risks might be socially accepted risks,
contributing to decision-making. Outside the domain of psychometric risk, additional cultural issues may
reinforce such risk views. Johnston et al. (1999) stated that we need to consider risk assessment within a wider
societal context to more objectively assess prevailing attitudes to natural hazards. The problem of not acting
upon risks might not be an individual problem, rather a problem that is common among most of the societys
members. People might not act because they believe that measures put forward by local authorities can do little
to mitigate potential natural disaster risks. This belief highlights the importance of trust in promoting public
precautionary actions. If the local people do not trust the intent of their local government and the content of
warning messages, then it is more likely that they will not act. Therefore, it could be argued that it is important
to develop trust and understand how individuals estimate their own options along with efficiency and cost of
these options. This issue becomes beneficial in understanding how people would react in response to threats
(Grothmann & Reusswig, 2006).

There are problems with risk communication and such research has been extensive, although risk messages will
depend on other elements within broader social risk (Breakwell, 2007). Risk communication should highlight
not only the need to take protective measures, moreover the effectiveness of these measures and the risk
warning messages (Grothmann & Reusswig, 2006). However such simplistic advice, without trust, may be
difficult to achieve within the broader domain of social risk. In some cases, public awareness programs about
natural hazards may reduce perceived risk and therefore, reduce level of preparedness. This approach can result
in their overestimating their perceived preparedness and/or underestimating the risk (Paton et al., 2000). There
may be restricted causal linkage between risk perception, making a decision and acting on such a decision in
regard to such natural disasters. As Breakwell stated, there is a very real need for studies that follow the
decision-making process from risk estimation ... to risk-taking (2007, p. 269). In addition, the many aspects
that make up our views of risks have to be considered, perhaps resulting in the need to consider such problems
within the broader heuristics risk approach.

CONCLUSION

Extensive research has been conducted to understand the relation between risk perception and the decisions
taken. Nevertheless, it appears difficult to understand why some people elect not to take precautions against risk.
The studies presented earlier were chosen from different parts of the world. Results from each study varied
depending on the nature of risks, research methods, analysis and participants. However, all three studies
presented in this paper provided a consensus that there was a problem of not taking risk warning seriously by
potential victims. For the purpose of this paper, psychometric risk was used in an attempt to consider the factors
causing of such decisions. However, it was clear that the research question could not be explained using the
psychometric paradigm alone, as other factors contributed to the problem such as cultural and social factors.
These factors are mainly due to the complex relation between risk perception and decision-making. The process
of predicting risk response is very complex, as risk perception varies from one culture to another. Within the
same cultural group, risks are often perceived by different people in varying ways. Moreover, the same person
can have different perception of the same risk at different times depending on the situation. An important factor
in promoting protective actions by local people is improving risk communication messages. In addition to the
main purpose for these messages to highlight potential risks, it is also important to highlight what needs to be
done by the public and how effective protective measures can be in mitigating negative impacts. It is also
important to improve trust between people and their local governments in order to provide more positive
interaction to risk communication messages.
16

REFERENCES

Breakwell, G. M. (2007). The psychology of risk. Cambridge: Cambridge University Press.

Grothmann, T., & Reusswig, F. (2006, May). People at risk of flooding: Why some residents take precautionary
action while others do not. Natural Hazards, 38(1-2), pp. 101-120.

Johnston, D., Bebbington, S., Lai, C., Houghton, B., & Paton, D. (1999). Volcanic hazard perceptions:
comparative shifts in knowledge and risk. Disaster Prevention and Management, 8(2), pp. 118-126.

Lin, S., Shaw, D., & Ho, M. (2008, February). Why are flood and landslide victims less willing to take
mitigation measures than the public? Natural Hazards, 44(2), pp. 305-314.

Paton, D., Smith, L., & Johnston, D. (2000, December). Volcanic hazards: Risk perception and preparedness.
New Zealand Journal of Psychology, 29(2), pp. 86-91.

Siegrist, M., Keller, C., & Kiers, H. (2005). A new look at the psychometric paradigm of perception of hazards.
Risk Analysis, 25(1), pp. 211-222.

Sjberg, L. (1999). Consequences of perceived risk: Demand for mitigation. Journal of Risk Research, 2(2), pp.
129 - 149.

Sjberg, L., Moen, B., & Rundmo, T. (2004). Explaining risk perception. An evaluation of the psychometric
paradigm in risk perception research. Rotunde Publications.

Slovic, P. (1987). Perception of risk. Science, 236, pp. 280-285.

Slovic, P., & Weber, E. (2002). Perception of risk posed by extreme events. Paper presented at the Risk
Management Strategies in an Uncertain World. New York.
COPYRIGHT
Jaber Alsuhaimi and David Brooks 2008. The author/s assign SECAU & Edith Cowan University a non-
exclusive license to use this document for personal use provided that the article is used in full and this copyright
statement is reproduced. The authors also grant a non-exclusive license to SECAU & ECU to publish this
document in full in the Conference Proceedings. Such documents may be published on the World Wide Web,
CD-ROM, in printed form, and on mirror sites on the World Wide Web. Any other usage is prohibited without
the express permission of the authors.

17

Professional Intelligence Judgement Artistry
Jeff Corkill
SECAU
j.corkill@ecu.edu.au

Abstract
The intelligence analyst plays a critical role in the decision processes effecting national security and law
enforcement. The purpose of this research proposal is to provide sufficient evidence to support the undertaking
of a study into the hypothetical construct of Professional Intelligence Judgement Artistry (PIJA). PIJA has been
proposed as a possible model through which the various internal and external influences on intelligence analyst
decision making may be mapped and understood. The complexity of real world intelligence operations is such
that a positivist approach to this problem is unlikely to generate useful outcomes it is therefore proposed to
utilise a hermeneutic methodology in line with the interpretative requirement of the research problem.
Keywords
Intelligence, judgement artistry, security, law enforcement, ethics, decision making, research
INTRODUCTION
Intelligence by its very nature has been a secret business, arcane and steeped in mystery, a profession long
hidden away and rarely credited for policy or military success yet often blamed when poor policy or operational
decisions result in public humiliation. The American response to Pearl Harbour during the 2
nd
World War is a
case in point. More recently the controversy over the invasion of Iraq and the missing weapons of mass
destruction is an example. The politicisation of intelligence gives rise to a debate on the ethics of intelligence in
terms of collection, analysis and the subsequent application of intelligence products. The use of intelligence is
not limited to national security and defence domains. Intelligence plays a significant role in the compliance and
enforcement structures of governments. Intelligence is recognised as a key function of modern law enforcement
as it enhances law enforcement effort. The perceived value of intelligence in law enforcement is demonstrated
in the common use of the term intelligence led policing in various parts of the world (Ratcliffe, 2004 p.5;
Grieve, 2004 p.25; Cope, 2004).
In the last 30 years the intelligence community and profession has been opened up to academic scrutiny (Gill &
Phythian, 2006). The previously opaque barriers to understanding have become if not transparent then, at least,
translucent. Subsequently, the domain has become a legitimate subject for scholarly study. A rich body of
knowledge has emerged as scholars from within and external to the profession have sought to define what
intelligence is and what it is that intelligence analysts do (George, 2004; Heuer, 1999; Lefebvre, 2004; Cooper,
2005; Marrin & Clemente, 2005; Russell, 2004).
Whilst the popular media characterizes intelligence as consisting of such things as spies and secret collection
technology, the critical element of successful intelligence production is, and remains the intelligence analyst.
Demonstrated by the fact that it is the analyst who initiates collection of information, and who processes,
integrates and interprets that information. It is the analyst who creates and disseminates intelligence products,
generates context and provides insights all necessary for optimal decision making (Cooper, 2005; Lefebvre,
2004; Rieber, 2004). Therefore it may be argued that in order to improve intelligence it is necessary to
understand what it is that intelligence analysts actually do.
Paterson (2003) developed the construct of Professional Practice Judgment Artistry as means of understanding
the complexity of judgement and practice as it pertains to the domain of occupational therapy.
Judgement artistry refers to the capacity of professional artist practitioners to make highly skilled
micro-, macro-, and meta- judgements that are optimal for the given circumstances of the client and
the context. It utilizes the unique knowledge base, frame of reference and reasoning capacity of
individual practitioners in the task of processing and unravelling highly complex problems which arise
18

in professional practice including: demanding, moral and ethical issues; questions of value, belief, and
assumptions; the intricacies of health issues as they impact on peoples lives. (Paterson, 2003. p. V)
The issue is wether intelligence analysts practice judgment artistry. Professional intelligence analysts are
required to make complex judgments at the micro, macro and meta-levels that optimise decision making on the
part of the client (decision maker) for particular circumstances and within a specific context in a similar way to
Patersons occupational therapists. In a similar manner, intelligence analysts process complex problems
including moral and ethical issues, which may question values, beliefs and assumptions; the outcomes of which
may impact on the individual through to national security levels.
RESEARCH STRATEGY
A relatively rich body of literature has evolved as the intelligence community sought to understand why
intelligence fails, what constitutes good analysis, the relationship between analysts, agencies and decision
makers and what represents analytical best practice (Swenson, 2003; Cooper, 2005; Lefebvre, 2004; Marin &
Clemente, 2005; Moore, Kirzan & Moore, 2005). For the most part though, this literature is focused on national
security with limited analysis of the law enforcement intelligence domain. This paper represents the start of a
research study that will build on that knowledge base and extend into an examination of ethical analytical
decision-making by analysts within a law enforcement environment.
The construct Professional Intelligence Judgment Artistry (PIJA) - an adaptation of the construct Professional
Practice Judgment Artistry as identified by Patterson will be used in order to create understanding of the
complex judgement exercised by intelligence analysts in the dynamic and uncertain environment in which they
operate.
The purpose of this research is to examine the (professional practice) decision-making of intelligence analysts
using the framework of Professional Intelligence Judgement Artistry. How is PIJA demonstrated? What
frameworks do they use to make decisions? What role does ethics play in this decision making process? In the
first instance this study of intelligence analysis will be limited to the domain of law enforcement intelligence in
order to create a coherent context for the examination of analytical decision-making.
It is proposed that a qualitative research strategy will be utilised to conduct this research. Hermeneutics has
been proposed as an appropriate qualitative research methodology that is both credible and rigorous and suited
to the analysis of the professional environment (Paterson & Higgs, 2005; Kosmala, 2006; Ehigie & Ehigie,
2005).
The desired result of this research will be an analysis of the PIJA decision-making framework used by
intelligence analysts. Professional Intelligence Judgement Artistry will be examined in a different context to
that in which Patterson developed her construct of Professional Practice Judgment Artistry not only will this
contribute to a better understanding of analytical decision-making in general, it will contribute to the ongoing
development of the intelligence profession. Through definition and understanding of PIJA, the intelligence
profession will more clearly articulate its status as a profession. Furthermore, an increased understanding of
intelligence decision-making will create opportunities to develop enhanced training regimes and methodologies
for intelligence analysts.
Do intelligence analysts operating within the law enforcement context exercise Professional Intelligence
Judgement Artistry (PIJA) with regard to analytical decision making? How is PIJA demonstrated?
- What is PIJA in this context?
- How is PIJA developed in individual intelligence analysts?
- What is the value of PIJA in this context?
- Does PIJA contribute to ethical analysis?
19

REVIEW OF THE LITERATURE
A substantive body of knowledge in relation to intelligence and intelligence analysis has emerged over the last
twenty years more so in the aftermath of the events of 9 September 2001. From that body of knowledge a
number of key themes have emerged:
Intelligence is a fundamental process with application in the national security, foreign policy, law enforcement,
business domains and the broader governance and compliance areas. It is a critical element in effective decision
making. It is generally agreed that intelligence is both a product and a process. Gill & Phythian (2006, p2)
define intelligence as follows:
Intelligence is the umbrella term referring to the range of activities from planning and information
collection to analysis and dissemination conducted in secret, and aimed at maintaining or enhancing
relative security by providing forewarning of threats or potential threats in a manner that allows for
the timely implementation of a preventative policy or strategy, including, where desirable, covert
activities.
This contrasts somewhat with the definition of the Australian Army which is:
The product resulting from the processing of information concerning foreign nations, hostile or
potentially hostile forces, areas of actual or potential operations. The term is also applied to the
activity which results in the product and to the organizations engaged in such activity. (Australian
Army Manual of Land Warfare Part Two, Corps Doctrine, Vol 1 pamphlet 1 Intelligence, 1996.)
Grieve (2004, p25) suggests that within the law enforcement context intelligence may be described as
information designed for action. These first two definitions limit us to considering intelligence in what may
be described as an essentially national security role. However, the use and conduct of intelligence extend far
beyond that domain. In the contemporary world intelligence units or functions are found in organisations as
diverse as the Australian Tax Office, State Fisheries Departments, Environmental Departments and all of the
Australian law enforcement agencies. Furthermore dedicated intelligence functions can also be found in many
corporations providing both business intelligence and security intelligence functions.
At the RAND workshop Toward a Theory of Intelligence (Treverton, Jones, Boraz & Lipscy, 2006, p2)
Warner argued that there were two common usage definitions for intelligence one being information for
decision makers the other being secret state activity designed to understand or influence foreign entities.
Warner argued that three key themes emerge from this second definition:
- A working definition of intelligence for states must include a consideration of secrecy.
- Intelligence for states can mean life or death.
- Intelligence includes clandestine activity as well as information.
It may be argued however that the realm of criminal intelligence is also defined by Warners (2006) key themes.
There is a need to keep information relating to criminals secret, as failure to do so could result in the death of
persons. Finally clandestine activity may be undertaken in order to disrupt or prevent criminal activity.
Lefebvre (2004) describes the process of intelligence analysis as being one of evaluation and transformation of
data into a product for the use of policy consumers who may more broadly be defined as being decision makers.
Critically it involves assessing the reliability and credibility of the data, and comparing it with the knowledge
base available to the analyst, to separate fact from error and uncover deception (Lefebvre, 2004 p.236). Gill
and Phythian (2006) suggest that analysis is a process of seeking knowledge and assigning certainty sufficient to
allow decision makers to act on the intelligence provided. More generally analysis is recognised as being an
intellectual process focused on identifying truths, making appropriate judgements and explaining the evidentiary
basis of such (Herbert, 2006; Heuer, 1999; Atran, 2006; George, 2004). Moore, et al (2005) suggest that in
order to understand intelligence analysis though the analysts themselves need to be understood. If it is broadly
accepted that analysis in its simplest form focuses on acquiring certainty from complex and uncertain
information in order that effective decisions may be made, then it is critical that how analysts evaluate the
information they acquire and are exposed to is understood.
20

Sandow-Quirk (2002) in her analysis of why intelligence fails identified a variety of factors including failures of
evaluation, failures of source selection, and failures of target identification. Atran (2006) would add to that
failure of imagination. It may be argued though, that it is the failure of evaluation that is most damaging to the
production of intelligence as poorly evaluated information given undue certainty has a multiplier effect through
to dissemination and action.
The universe of information available to analysts is rapidly increasing both in terms of volume and in
complexity whilst the multiplicity of sources that may be utilised to access that information is also increasing.
This volume of information is uncertain, ambiguous and often contradictory. Analysts are overwhelmed and
unable to adequately assess the volumes and complexity therefore they are required to reduce and simplify the
information that they work with (Rodgers, 2006). One method of doing so which has been identified is the
creation of mental models and subsequent evaluating and processing new information through those models
(Heuer, 1999; Rodgers, 2006; George, 2004). The trouble with mental models is they have potential to sustain
bias, the potential to encourage rejection of information at variance to the norm and also have the potential to
reinforce current perceptions.
It is clear from the literature that analysis is a difficult task and that the human mind, whilst adapted to cope with
complexity and volume, is not necessarily well adapted to identifying deception, reliability or determining
certainty. The natural mechanism by which the mind copes with this complexity and quantity is to reduce
volume by exclusion, to simplify the complex, and evaluate the new via existing mental models. This process
will likely ensure that analysts will continue to be surprised by the actions of adversaries as they successfully
gather and integrate evidence whilst failing to make sense of it.
The teaching of analysis varies significantly, more so than that of evaluation; it tends to be more situational and
agency specific. Experienced analysts tend to be in agreement that good analysts posses certain qualities
regardless of the domain they operate in (Heur, 1999; Gazit, 1980; various personal communications with senior
analysts). Those qualities include demonstrated intellectual capacity, curiosity, a degree of scepticism, and
attention to detail. Information systems literacy has developed into a core skill for analysts and along with it the
concept of the analyst as a technologist. This has led to, in some environments, the term analyst, referring to
someone whom is simply competent with particular software tools (Personal communications with senior
analysts).
Intelligence will be used by decision makers in many cases to make significant decisions that will affect
peoples lives and futures of nations. Yet it is most likely this intelligence will be derived from uncertain
evidence. The dilemma for the analyst then, becomes how to speak the truth, without compromise due to that
inherent uncertainty. Weiss (2008) quite rightly argues that this dilemma is not unique to the intelligence
profession but is very much the same as that which faces the medical profession and for that matter, scientists.
It may be argued that it is this mix of uncertainty, truth, action and outcome and the impact of such, that it
requires the issue of ethics to be addressed in relation to intelligence analysis. It may also be argued that
intelligence analysis has much in common with social research and therefore a useful starting point from which
to consider the role of ethics in intelligence analysis my be as it understood in the social sciences (Ratcliffe,
2006). Whilst much of the ethical debate in relation to social research is perceived as being that relating to the
protection of rights it is also very much focused on methodology and practice. Ethical research or analysis does
not preclude action that may have a harmful impact on an individual if it may be argued that the social or
community benefit outweighs the potential harm. It may be argued that this concept of beneficence is in fact the
ethical principle most likely to be abused within the intelligence domain. Anything is fine as long as it is in the
interest of public security/protection. Whilst much of the ethical discussion on social research is focused on the
protection of subjects (Blaxter, Hughes & Tight, 2006; Habibis, 2006) Sarantakos (1993) identifies a number of
issues which whilst focused on the realm of the social researcher it may also be argued are valuable as a means
by which ethical analysis may be determined. Those issues are:
- Ethical collection and processing require a commitment to accuracy on the part of the analyst.
- Analytical methodology should be selected for its relevance and suitability to the analytical
objective.
21

- Interpretation of data should be done in full and in accordance with methodological standards.
- Reporting should be accurate and known errors, distortions and bias clearly stated.
- Fabrication of data is not ethical.
- Falsification of data is not ethical.
Those simple objectives identified by Sarantakos (1993) may in the first instance constitute a good ethical
model on which to assess the analytical judgments of the intelligence community.
A FRAMEWORK FOR INVESTIGATION
This research will utilise a qualitative research framework to both define and refine the construct PIJA. This
approach allows the research to be conducted in the real world, examining the construct of PIJA in its full
context (Krausse, 2005; Bowen, 2005; Ehigie & Ehigie, 2005). In the case of the PIJA construct, it is argued
that its complexity necessitates the extraction of meaning for the purpose of understanding rather than proving.
Moreover this research will fit the naturalistic ontology as described by Bowen (2005) in that it will be
conducted in the natural setting, utilise qualitative methods, purposive sampling and inductive analysis. This
approach is considered appropriate in the case of this research as it is exploratory research into the phenomenon
of PIJA about which there is very little known and the need for detailed and in-depth understanding is required.
Paterson and Higgs (2003) first proposed a construct of professional practice judgement artistry as a means to
explore the complexity of professional practice decision making in the domain of occupational therapy.
Utilising a Hermeneutic research strategy Paterson (2003) subsequently developed a model of professional
practice judgement artistry. Hermeneutics in this work was identified as an appropriate qualitative research
methodology that was both credible and rigorous and suited to the analysis of the professional practice
environment (Paterson & Higgs, 2005). Kosmala (2006) has also used a hermeneutic research paradigm in
order to generate understanding of structural power in professional service firms. In this case the professionals
under analysis are auditing accountants. Kosmala (2006) has utilised a hermeneutic research paradigm to
consider how structure and professional best practice may limit autonomous judgement. It is proposed that this
approach will also serve as an appropriate methodology to determine if PIJA is an appropriate construct through
which to assess professionalism of intelligence analysts and identify and assess the various inputs which
influence their decision making.
There are significant differences between domains examined in previous research, Occupational Therapists are
tertiary trained and recognised as professionals whom it may be argued have a common foundation in terms of
understanding professional outcomes within their field. Furthermore they are regulated by governing bodies,
require certification and represented by professional bodies. A similar case it may be argued exists in the
accounting domain. Intelligence analysts however do not have to undertake formal education to prepare them
for employment, there is significant variation in the employment of intelligence analysts and whilst there is
some common foundation in terms of professional capability or understanding, there are quite significant
variations across the profession. However it has been argued by Rodgers (2006) and Marrin and Clemente
(2005) that there are striking similarities between the profession of intelligence and that of medical and mental
health practitioners in terms of the approach to diagnosis and analytical prediction. On this basis the adoption of
the Paterson and Higgs (2003) construct of professional practice judgement artistry is likely an appropriate
start point from which to construct an initial concept of Professional Intelligence Judgement Artistry.
Paterson & Higgs (2005) identified three critical philosophical assumptions that shape the research strategy and
contribute to creation of a hermeneutic spiral.
- The achievement of shared understanding by all participants is achieved via language. That is different
interpretations of the phenomenon are fused through dialogue to create shared understanding.
- Knowledge is constructed through dialogue and meaning emerges via hermeneutic conversation
between the text and the inquirer.
- Movement between the parts and whole of the construct is circular with the researcher becoming an
integral part of the circle.
22

Integration of the three metaphors creates the hermeneutic spiral and the hermeneutic spiral maps the research
path (Paterson & Higgs, 2005; Kosmala, 2006).
Paterson & Higgs (2005) state that in order to enter your hermeneutic spiral pre judgements of the phenomenon
being considered for analysis need to be clarified. In this case that phenomenon is PIJA. The review of the
literature is then undertaken in order to elucidate what PIJA may mean and how it may be experienced. It is
achieved through seeking understanding of how authors interpret those key concepts that have been identified as
relating to PIJA and is broadly consistent with Bowen (2005) who argues that extensive reading is essential.
Reading of the literature and interpreting key concepts should enable key questions to emerge that can become
the means by which the various horizons between the text voices and those of the researcher may be fused
(Paterson & Higgs, 2005; Bowen, 2005). Concepts identified are tested on the reference group for validity and
subsequent inclusion in the texts.
The research is to be completed in four phases:
- Phase 1 review of and immersion in the literature
- Phase 2 engagement with focus groups
- Phase 3 in depth interviews
- Phase 4 write up the study
The first phase of the study will involve a broader and deeper review of the literature beyond that specific to
intelligence analysis and methodological aspects of the research. The literature review will include the
following concepts; ethics, decision making, judgement, situation awareness, training, aptitude, intelligence,
information use, organisational structure, and motivation. In accordance with interpretative nature of
hermeneutic research the literature will be returned to and expanded as concepts are clarified throughout the life
of the project. Initial texts will be referred to the focus groups for validation and interpretation.
The second phase of the study will require engagement with the focus groups. Focus groups will be drawn from
the Australian law enforcement intelligence community at both junior and senior levels together with
intelligence academics/educators. The value of focus groups is that they provide access to a abroad range of
information rich participants. Furthermore the dynamics of group interaction provides an opportunity to explore
knowledge and experience that may not be forthcoming in an individual interview scenario (Paterson, 2003;
Kitzinger, 1995; Kidd & Parshall, 2000). Recruitment of participants will be facilitated by the investigators
personal links to the wider intelligence community and key intelligence managers in the various state police
services. In order to broaden the recruitment process the author will utilise the Australian Institute of
Professional Intelligence Officers (AIPIO) forum to reach those areas where there is no current personal access.
The third phase of the study will involve in depth interviews with law enforcement intelligence analysts and
intelligence academics who will be identified for selection during focus group sessions. Paterson (2003) used
the focus groups to identify those potential participants whom might provide greater depth and insight into the
phenomena being investigated. Participant recruitment will as in phase 2 make us eof the investigators
personal and professional links to the target intelligence community. Whilst there are no specific rules as to
sample size in naturalistic inquiry there is inherent assumption data saturation is the final determinant. There is
however no apparent agreement on just how to determine how many participants are needed to achieve this. It
may be argued that data saturation is achieved when no new data emerges from any singe participant (DePoy &
Gitlin, 2005; Guest, Bunce & Johnson, 2006). For the purpose of this study the interview sample will consist of
no less than ten and no more than 20 participants.
Attention to quality and credibility in qualitative research has been identified as an essential element of any
research undertaken. Bowen (2005) argues that the interpretative paradigm requires greater emphasis on the
concept of trustworthiness rather than the positivistic criteria of reliability and objectivity. Demonstrating
intellectual rigour in any research is vital even more so when utilising interpretative methodologies. The means
by which this may be achieved includes:
23

- Demonstrating the authenticity of ideas, and authenticity of understanding of the research
subjects ideas
- Demonstrating the fit of data with the subsequent outcomes of research
- Demonstrating the actual trustworthiness or otherwise of the research
- Demonstrating that ethical issues have been considered and addressed at all stages of the
research
All of the above may be achieved and demonstrated effectively by ensuring transparency of research is
maintained, a sufficient breadth of literature is reviewed and appropriate research subjects are chosen (Paterson
& Higgs, 2005; Bowen, 2005; Kosmala, 2006). Paterson & Higgs (2005) also cite the use of a research journal
as an aid to both providing transparency and as a means to capturing external contextual data.
Process and procedure that will enhance the intellectual rigour of the project will include:
- Prolonged engagement
- Triangulation
- Peer debriefing and support
- Member checking
- Negative case analysis
- Auditing (Padgett, 1998 in Bowen, 2005)
These various strategies will all be integrated into this research. Bowen (2005) placed emphasis on triangulation
which will also be utilised as a primary means of demonstrating rigour in this project.
Throughout the study a reflective journal will be maintained by the researcher which will in essence provide an
audit trail. Rolfe (2006) and Paterson (2003) both argue that the audit trail provided by an appropriate reflective
journal contributes significantly to the validity of a qualitative research project an argument also supported by
Whitehead (2004).
CONCLUSION
According to DePoy and Gitlin (2005) the nature of naturalistic inquiry means that the analytical process may
vary quite considerably, will be selected according to the nature of the inquiry and may change or be different at
various stages during the inquiry process. For the purpose of this study analysis will commence at the initial
immersion into the literature as assumptions are tested and concepts initially categorised for testing in later
focus groups.
Throughout the study as information is collected it will be integrated into research notes from which from which
categories of information will emerge. Categories of information will be coded for ease of management, to
identify key themes and from this primary concepts will emerge. These primary concepts will be reintegrated
with the initial texts and form the basis of subsequent questions for reflection of participants during in depth
interviews. Transcripts from the in depth interviews will be read and reflected on for the purpose of extracting
both meaning and categories of information which again will be integrated with the initial texts. This process of
extraction of meaning, reflection and reintegration of information will continue until no new concepts or
categories of information emerge (Sandberg, 2000; Paterson, 2003; Willis, 2006).
This research has significant potential to advance our understanding of how intelligence analysts undertake the
process of analysis and just what influences their analytical decision making processes. It will determine if
professional artistry is relevant to the intelligence profession and if so how Professional Intelligence Judgement
Artistry can be developed in individual intelligence analysts. Furthermore it should provide an insight into what
intelligence analysts perceive to be ethical analysis and if Professional Intelligence Judgement Artistry
contributes to ethical behaviour of intelligence analysts. Most importantly though this study may lead to the
development of a more professional and capable body of law enforcement intelligence analysts.
24

REFERENCES:
Blaxter, L.; Hughes, C. & Tight, M. (2006). How to Research, 3
rd
ed. Berkshire: Open University Press
Bowen, G (2005) Preparing a qualitative research-based dissertation: lessons learned. The Qualitative Report,
10/2, pp. 208-222. Retrieved 31 Aug 06, from http://www.nova.edu.ssss/QR/QR10-2/bowen.pdf
Cooper, J. R. (2005). Curing Analytical Pathologies: Pathways to Improved Intelligence Analysis.
Washington, USA: Central Intelligence Agency, Center for the Study of Intelligence.
DePoy, E & Gitlin, L (2005) Introduction to Research understanding and Aplying Multiple Strategies, ed3.
Philadelphia: Elsevier Mosby
Doyle, T. & Hammond, J. (2006). Net cred: evaluating the internet as a research source. Reference Services
Review, 34:1, 56-70
Ehigie, B & Ehigie, R (2005) Applying qualitative methods in organisations: a note for industrial/organisational
psychologists. The Qualitative Report, 10/3, pp. 621-638. Retrieved 31 Aug 06, from
http://www.nova.edu.ssss/QR/QR10-3/ehigie.pdf
Gazit, S. (1980). Estimates and Fortune-Telling in Intelligence Work. International Security, 4:4, 36-56
George, R. (2004). Fixing the Problem of Analytical Mind-Sets: Alternative Analysis. International Journal of
Intelligence and Counterintelligence, 17: 385404, 2004
Gill, P. & Phythian, M. (2006). Intelligence in an Insecure World. Cambridge: Polity Press
Grieve, J (2006). Developments in UK Criminal Intelligence, in Ratcliffe, J (ed) Strategic Thinking in Criminal
Analysis. Sydney: The Federation Press
Guest, G; Bunce, A & Johnson, L (2006) How many interviews are enough?: An experiment with data
saturation and variability. Field Methods, 18:1, pp. 59-82
Harris, G. (1989). Evaluating Intelligence Evidence. In R. Garst (Ed.), A Handbook of Intelligence Analysis
(2
nd
ed., pp. 33-47). Washington: The Defense Intelligence College.
Heath, C, Luff, P & Svensson, M (2002) Overseeing organizations: configuring action and its environment.
British Journal of Sociology, 53/2, pp. 181-201.
Herbert, M. (2006). The Intelligence Analyst as Epistemologist. International Journal of Intelligence and
Counterintelligence, 19:4, 666 684
Heuer, R. (1999). Psychology of Intelligence Analysis. Washington, USA: Central Intelligence Agency, Center
for the Study of Intelligence.
Hulnick, A. (2006). What's wrong with the Intelligence Cycle. Intelligence & National Security, 21:6, 959
979
Kidd, P & Parshall, M (2000) Getting the focus and the group: Enhancing analytical rigor in focus group
research. Qualitative Health research, 10:3, pp. 293-308
Kitzinger, J (1995) Introducing focus groups. BMJ, 311, pp. 299-302
Kosmala, K (2006) Insights from Ricoeurs hermeneutics on best practice in professional service firms: on
perpetual myth creation? Qualitative Sociology Review, 1/1, pp. 31-50.
Krauss, S (2005) Research paradigms and meaning making: a primer. The Qualitative Report, 10/4, pp. 758-
770. Retrieved 31 Aug 06, from http://www.nova.edu.ssss/QR/QR10-4/krauss.pdf
Lefebvre, S. (2004). A Look at Intelligence Analysis. International Journal of Intelligence and
Counterintelligence, 17:2, 231 264
Manual of Land Warfare. (1996). Part 2, Corps Doctrine, Volume 1, Pamphlet 1, Intelligence. Canberra:
AGPS.
25

Marrin, S. & Clemente, J. (2005). Improving Intelligence Analysis by Looking to the Medical Profession.
International Journal of Intelligence and Counterintelligence, 18:4, 707 729
Moore, D. Krizan, L. & Moore, E. (2005). Evaluating Intelligence: A Competency-Based Model.
International Journal of Intelligence and Counterintelligence, 18:2, 204 220
Morrissey, G & Higgs, J (2006) Phenomenological research and adolescent female sexuality: discoveries and
applications. The Qualitative Report, 11/1, pp. 161-181. Retrieved 31 Aug 06, from
http://www.nova.edu.ssss/QR/QR11-1/morrissey.pdf
Paterson, M (2003) Professional Practice Judgement Artistry in Occupational Therapy. Thesis submitted in
fulfilment of the requirements for the degree of Doctor of Philosophy, University of Sydney.
Paterson, M & Higgs, J (2005) Using hermeneutics as a qualitative research approach in professional practice.
The Qualitative Report, 10/2, pp. 339-357. Retrieved 31 Aug 06, from
http://www.nova.edu.ssss/QR/QR10-2/paterson.pdf
Ratcliffe, J (2006). Intelligence Research, in Ratcliffe, J (ed) Strategic Thinking in Criminal Analysis. Sydney:
The Federation Press
Richardson, J (1999) The concepts and methods of phenomenographic research. Review of Educational
Research, 69/1, pp. 53-82
Rolfe, G (2006). Validity, trustworthiness and rigour: quality and the idea of qualitative research. Journal of
Advanced Nursing, 53 (3), 304 - 310
Price, P. & Stone, E. (2004). Intuitive Evaluation of Likelihood Judgment Producers: Evidence for a
Confidence Heuristic. Journal of Behavioral Decision Making, 17, 39-57.
Rodgers, S. (2006). Improving Analysis: Dealing with Information Processing Errors. International Journal of
Intelligence and Counterintelligence, 19:4, 622 641
Sandow-Quirk, M. (2002). A Failure of Intelligence. Prometheus, 20:2, 131 142
Sandberg, J (2000) Understanding human competence at work: An interpretive approach. The Academy of
Management Journal, 43:1, pp. 9-25
Sarantakos, S. (1993). Social Research. Melbourne: MacMillan Education.
Warner, M. (2006) in Treverton, G. Jones, S. Boraz, S. & Lipscy, P. (Eds) Toward a Theory of Intelligence
Workshop Report, Santa Monica, RAND National Security Research Division.
Walter, M. (ed). (2006). Social research methods an Australian perspective. Melbourne: Oxford university
Press.
Weiss, C (2008). Communicating Uncertainty in Intelligence and Other Professions. International Journal of
Intelligence and Counterintelligence, 21, 57-85
Whitehead, L (2004). Enhancing the quality of hermeneutic research: decision trail. Journal of Advanced
Nursing, 45 (5), 512-518
Willis, K (2006) Analysing qualitative data, in Walter, M (ed) Social Research Methods an Australian
Perspective, South Melbourne: Oxford University Press
COPYRIGHT
Jeff Corkill 2008. The author/s assign Edith Cowan University a non-exclusive license to use this document
for personal use provided that the article is used in full and this copyright statement is reproduced. Such
documents may be published on the World Wide Web, CD-ROM, in printed form, and on mirror sites on the
World Wide Web. The authors also grant a non-exclusive license to ECU to publish this document in full in the
Conference Proceedings. Any other usage is prohibited without the express permission of the authors.

26

Vigilance and the implications of using threat image projection (TIP) for CCTV
surveillance operators.

Fiona M. Donald
University of the Witwatersrand, Johannesburg, South Africa.
Email: fiona.donald@wits.ac.za

Craig Donald
Leaderware cc
Email: sales@leaderware.com

Abstract

Closed circuit television (CCTV) surveillance operators are responsible for protecting people and property in a
range of settings, including critical infrastructure (e.g., airports, ports and government buildings) and public
spaces (e.g., shopping malls, streets). The effectiveness of CCTV surveillance is related to operator
performance. Several authors have indicated that CCTV surveillance operator (hereafter referred to merely as
operator) performance is sub-optimal. CCTV surveillance is vigilance intensive and vigilance tasks in
themselves are demanding. Further, a vigilance decrement may occur over time. Therefore an intervention to
enhance operator performance is recommended. Threat image projection (TIP) has been used successfully with
X-ray baggage screeners in aviation and involves the electronic insertion of a threat image into the X-ray image,
to which screeners are required to respond. TIP, or IGOs, could be applied to CCTV to heighten vigilance and
enhance the detection of potential threats and security incidents. Given the differences between X-ray screening
and CCTV, however, careful consideration needs to be given to the nature of TIP images or IGOs so that they
do not distract operators from real incidents. This paper discusses how TIP could improve vigilance
performance, how it could be used to assist operators in visually engaging with the displays they monitor, and
design considerations for TIP images.

Keywords
closed circuit television, CCTV, threat image projection, TIP, critical infrastructure protection, vigilance, IGO,
detection performance, operators.

INTRODUCTION
Closed circuit television (CCTV) surveillance operators are responsible for protecting people and property in a
range of settings, including critical infrastructure (e.g., airports, ports and government buildings) and public
spaces (e.g., shopping malls, streets). Despite large investments in the technological systems involved in CCTV
and a more recent focus on automated analysis, its effectiveness has been questioned (Gill & Spriggs, 2005;
Smith, 2004). Most research into CCTV has focused on technological effectiveness (such as image quality) and
social aspects such as the impact of CCTV surveillance systems on crime rates and public perceptions of
security systems. The human side of CCTV systems has largely been ignored (Keval & Sasse 2006; Neil,
Thomas, & Baker, 2007). Research that has been done on operator performance tends to focus on aspects such
as pay and management issues (for example, Gill & Spriggs, 2005). Limitations in the development of
technological solutions focused on improving operator performance can lead to a major shortfall in the
realisation of the potential for CCTV system service delivery. At the same time, aligning human performance
and the technological potential of CCTV systems represents a major design and implementation challenge
(Keval, 2006).

27

The operational effectiveness of CCTV operators is influenced by a number of factors relating to the
ergonomics of the working environment, social issues, management effectiveness and viewing strategies, and
the selection, training, and performance management of operators. A key environmental factor related to
operator performance is the design of the operators job, such as how many monitors and cameras they monitor
(Neil et al., 2007), shift lengths, breaks, and other tasks that remove attention from the displays (Donald, 2008).
Many of these factors are already being addressed by organisations, such as ensuring that there are sufficient
breaks and rotating operators to other tasks in order to improve performance. The social environment in control
rooms also impacts on performance as it may distract operators from their monitoring task, but at the same time
may reduce monotony (Smith, 2004). Organisational policies and procedures regarding selection, training and
performance management, and supervisory skills, are likely to influence performance. In addition, broader
industry and socio-economic factors and legislation regarding the use of CCTV,individualprivacyandtheuse of
CCTV are likely to impact on performance.

Many of the social, organisational, and technical environmental conditions come together to impact on the level
of vigilance, and consequently, detection capabilities of the operators. Vigilance is therefore a key factor in the
performance of CCTV surveillance operators (referred to as operators) who are required to sustain attention
for long periods of time and maintain high levels of concentration, in order to detect incident conditions or
deviations from standards. Vigilance is defined in a number of ways, but for the purposes of this research is
defined as a capacity for sustained effective attention when monitoring a situation or display for critical signals,
conditions or events to which the observer must respond. Incorporated into this perspective on vigilance is the
ability to identify, recognise and interpret the information that is being monitored (Donald, 2001, p 36).
Detection rates of operators who are required to be vigilant over long periods of time are frequently less than
optimal (Donald & Andrew, 2003; Edkins & Pollock, 1997; Keval & Sasse, 2006; Wells, Allard, & Wilson,
2006).

Despite extensive research into vigilance over many decades, the development of vigilance theories and the
identification of numerous factors related to performance, relatively few methods of enhancing vigilance have
been proposed (Mackie, 1987). More recently, however, an intervention called threat image projection (TIP)
has been developed and applied to X-ray baggage screeners (referred to as screeners) in the aviation industry
(Berrick, 2004; Catchpole, Fletcher, McClumpha, Miles & Zar, 2001; Neiderman & Fobes, 2005). The use of
TIP in X-ray screening provides a valuable foundation for the use of similar concepts in CCTV viewing and
there is potential for a similar system to be developed and applied to CCTV. This paper discusses some of the
issues involved. Only two other studies on TIP for CCTV have been found. These are Andrew, Landgrebe and
Donald (2003) and Neil, Thomas and Baker (2007). Both indicated that the technology has potential, but major
adjustments are required for the system to be effective. The current study places a greater emphasis on how TIP
needs to be adapted for the CCTV context and the implications for the design of the images.

TIP images for screeners and CCTV may share certain similarities, but would also differ in many respects. TIP
images are realistic representations of threat objects or contraband (Catchpole et al., 2001; Neiderman &
Fobes, 2005). Conversely, the type of objects displayed as TIP type CCTV stimuli may vary between synthetic
shapes (such as circles or squares), images of real objects or people (some of which may have threat
characteristics), representations of behaviours associated with incident conditions, or inserts of video showing
actual behavior or suspect targets. In addition the stimuli used for CCTV can vary widely, such as still,
animated, moving objects or simulated or real video inserts (Andrew et al., 2003; Donald et al., 2007). Given
the range and formats of stimuli that could be used for CCTV, the term inserted graphic object (IGO) is used
instead of the narrower term, TIP. The term incident refers to events that operators are required to detect.
While TIP for X-ray screening and CCTV surveillance would share some similarities, they would differ in some
crucial respects. Therefore careful consideration is needed regarding how TIP for CCTV would be implemented,
including the types of images used.

The aim of this paper is to discuss key issues in the design of TIP images for CCTV. In the next section, factors
28

related to operator performance are discussed. Thereafter, TIP is explained in more detail, followed by a
comparison of X-ray and CCTV detection tasks and the implications for an intervention for CCTV. Possible
objectives of TIP for CCTV are then covered, emphasising the importance of IGOs facilitating incident
detection, rather than being an end in themselves. The focus then moves to a discussion of attentional processes
and how these underpin detection. This leads into the need to align IGOs (or TIP images) with real incidents or
targets, and suggestions regarding how this could be done, based on attention and visual search research. Next,
the potential for IGOs to distract operators from their primary task of detecting real incidents and ways of
dealing with this are covered. The paper concludes with a summary of key considerations and recommendations.

There are two aspects of vigilance that have major implications for CCTV viewing. Parasuraman (1984) has
described these as the overall level of vigilance and the vigilance decrement. Operators bring an overall level of
vigilance to the task and some individuals may have a higher overall vigilance level than others. On the other
hand, the vigilance decrement occurs when performance deteriorates over time (Koelega, 1996). Vigilance tasks
typically impose high attentional, information processing and working memory demands on people
(Parasuraman, 1979). Further, the mere requirement of continually observing a display seems to be demanding
in itself and appears to cause a vigilance decrement (Dember & Warm, 1979). The conditions mentioned above
are likely to apply to CCTV surveillance operators who observe multiple visually complex monitors for lengthy
periods (Donald, 2001; Donald, 2008). One available empirical study that measured CCTV operator incident
detection over time reported that there was in fact a vigilance decrement (Donald, Andrew & Landgrebe, 2007).

Vigilance performance is affected by numerous factors related to the task, individual characteristics and the
environment (Mackie, 1987). Task related factors include incident characteristics such as foreknowledge,
frequency, complexity, regularity, conspicuity, spatial and temporal uncertainty, redundant versus orthogonal
discrimination and whether the background is static or dynamic (Balakrishnan, 1998; Koelega, 1996; Mackie,
1987; See, Howe, Warm, & Dember, 1995). With CCTV, characteristics of incidents are seldom known before
they occur, incidents often occur infrequently, irregularly, in locations and at times that are not specified
beforehand, and against a dynamic background. Incidents vary in the degree to which they are difficult to detect.
For example, a brawl outside a pub is easier to detect than a small object being removed from a desk. However,
regardless of the difficulty level, the degree of visual complexity is almost always high. Situation awareness is
often required to detect incidents as this provides clues as to what to look for and how to interpret actions seen
on displays (Donald, 2008). All these aspects affect the demands the task makes on operators.

Individual factors affecting vigilance performance include motivation, mood, morale, health, drug use and
smoking, work/rest patterns, circadian rhythms, search strategy (Mackie, 1987; See et.al., 1995), stress and
fatigue (Sawin & Scerbo, 1995; Szalma, Warm, Matthews, Dember, Weiler, Meier, & Eggemeier, 2004),
personality characteristics such as boredom proneness (Sawin &Scerbo, 1995) and observational skills (Donald,
2001). It is important to select people who are most suited to the role and to develop relevant skills, mental
models and expectancies. These factors are likely to apply to operators.

Attentional processes are an additional individual factor that affects performance. Where surveillance is
conducted in real time, the success of the CCTV system depends, to a large extent, on the assumption that
operators are actively observing the displays. However, operators tend to cope with the monotony of their jobs
by embarking on activities that remove their gaze and attention from the displays, such as making tea, thinking
about other matters, talking to colleagues, reading newspapers and taking toilet breaks (Smith, 2004). Therefore
an intervention that assists operators in attending to the displays is needed. About fifteen years ago Craig (1984)
noted that few interventions aimed at improving vigilance performance have attempted to address attentional
processes, and a review of literature in the area suggests that this comment still applies today.

29

Given the large number of factors that affect vigilance performance, it is unlikely that any single intervention
will solve all performance issues. However, TIP systems address the frequency of targets requiring a response
and therefore operator expectancies regarding incident frequency. This in turn is likely to affect operators
response criterion, or tendency to decide that an incident or target has occurred or not (MacMillan & Creelman,
1991). If implemented appropriately, TIP could increase operator awareness of incident characteristics, as
elaborated upon later.

TIP and its objectives

TIP refers to the electronic projection of images of objects that pose a threat, such as weapons and explosives,
into real time X-ray images of actual bags and requires screeners to detect them (Neiderman & Forbes, 2005).
TIP is based on research conducted in the 1960s referred to as artificial signal injection (ASI) (for example,
Baker, 1960; Wilkinson, 1964). ASI was mostly used for inspection in manufacturing. Faulty items were
placed amongst other items for inspection in order to measure how many faults were noticed, how many were
missed and how many false positives or false alarms occurred. Inspectors had to respond to both artificial and
real faults, and could not distinguish between them. Early ASI studies obtained mixed results but found
improved detection rates for sonar signals when combined with feedback (Mackie, Wylie & Smith, 1994). Thus
feedback is an important component in the effectiveness of ASI systems. ASI and TIP manipulate signal or
target frequency and related expectancies both important factors in vigilance performance (Balakrishnan,
1998; Koelega, 1996; Mackie, 1987; See et al., 1995).

Expectancies regarding the frequency of events which require a response will impact on observation and
vigilance performance (Loeb & Alluisi, 1984). In signal detection theory terms, alterations in expectancies lead
to a change in the observers response criterion. The response criterion refers to observers tendencies to bias
their decisions regarding the presence of targets or signals based on their expectations (MacMillan & Creelman,
1991). An alternative explanation is that operators who expect incidents or IGOs to appear more often, are more
likely to direct their gaze and attention at the displays and in turn, to detect more incidents and IGOs. IGOs
inserted into displays towards the end of shifts may assist in reducing monotony and fatigue, provided that they
do not impose too large a mental workload. This is in line with learning and neurological theories of vigilance
(Loeb & Alluisi, 1984; Parasuraman, 1984).

IGOs may be used to evaluate and manage performance, provide feedback, and maintain motivation and
alertness (Andrew et al., 2003). Such targets are thought to increase vigilance by manipulating the frequency of
signals to which operators should respond (Baker, 1960). This is based on arousal, expectancy, learning and
neurological theories of vigilance (Loeb & Alluisi, 1984) and signal detection theory (MacMillan & Creelman,
1991). Arousal theories explain performance improvements through the maintenance of appropriate arousal
levels during the watch (Matthews & Davies, 1998).

A less obvious objective is to use IGOs to not only heighten vigilance, but to enhance the process of recognising
and detecting potential threats and security incidents (Andrew et al., 2003). Using IGOs to enhance incident
detection is a significant departure from traditional ASI and TIP studies and practice and goes beyond
manipulating signal frequency and expectancies. This objective uses IGOs to assist operators in visually
engaging with the displays and deploying attentional resources to them. To achieve these objectives, a
relationship between the detection of IGOs and incidents should be established. Without this relationship,
operators may become skilled at detecting IGOs without detecting real incidents, especially if IGOs are very
30

different from incidents and performance reviews are based solely on IGO detection. Where a relationship
exists, IGO detection rates can be used to measure and predict performance regarding incident detection.

The nature of the detection task differs for operators and X-ray screeners although similar visual analysis
processes seem to underpin both jobs. Both positions require job incumbents to form mental pictures of what is
happening and to draw upon situation awareness in the process. However, operators do this in a dynamic
context where detection occurs in real time. Although some incidents take a while for perpetrators to set up and
implement, others occur in a split second. Operators who apply accurate mental models and situational
awareness to recognise the behaviours involved in either of these situations are likely to be more successful in
detecting incidents (Donald, 2008). An understanding of behaviours assists in anticipating events and
recognising them as they unfold (Donald, 2004). Therefore operators need to observe objects, behaviours and
patterns, while screeners focus only on objects. The range of behaviours and events that suggest an incident is
taking place implies that IGOs could take on a variety of forms to reflect these behaviours and events. IGOs
need not only reflect objects, as with TIP for screeners.

The context of X-rays provides a clear indication of the type of images used as TIP objects, such as weapons or
parts of weapons. For CCTV, the type of systems most appropriate for IGOs is less clear. In view of the
complexity of CCTV displays and the vast array of scenes recorded, a wide range of images could potentially be
used. Given the differences between X-ray screening and CCTV surveillance there are likely to be different
types of TIP images or IGOs for the two contexts. It would be difficult to achieve equivalent degrees of realism
for TIP images and CCTV IGOs. TIP images blend into the display and characteristics, such as colour, size
and visual angle can be used in a realistic manner. This high degree of realism and the inability to distinguish
visually between TIP images and real threat objects would be difficult to replicate in CCTV due to the dynamic
properties of CCTV displays, depth of field, the operators ability to control cameras, changing viewing
conditions, the use of multiple displays and the time taken for incidents to unfold. In addition, IGOs should not
be located in places where they obscure incidents (Andrew et al., 2003).

A range of objects could be used for CCTV, from simple shapes, to items related to incidents (such as valuable
objects or weapons), to symbols and humourous items. However, the decision regarding the nature of the
images used should be based on the objective of the IGO system. IGOs consisting of real or enacted footage is
most likely to blend into displays in a realistic manner, especially if placed in displays depicting the context
usually covered in that display. However, such footage is likely to suffer certain drawbacks. It may be large
and could obscure certain camera views, preventing operators from detecting any actual incidents that may
occur in that space while the inserted footage is displayed. Alternatively it would need to be inserted in a
section of the display where the context is appropriate and aspects such as perspective, size and colours would
need to be suited to the particular display where it is inserted.

Where real footage is used, operators are likely to know about incidents that have occurred, (even if they did not
detect the incidents themselves) because incidents may be discussed amongst surveillance staff and are
sometimes used in training sessions. This would make the detection of these IGOs very easy, especially if used
repeatedly. Therefore a large pool of such footage would need to be developed. Further, operators need to be
aware of other types of incidents that could occur, and reinforcing mental models for a (presumably) small set of
incidents may narrow the range of incidents they expect and therefore detect.

CCTV IGOs could also be used to influence operators expectations regarding incident frequency and have the
potential to assist in maintaining stable performance over time and reducing the vigilance decrement. This is
particularly relevant to CCTV where real incidents occur very infrequently in some situations as much as
31

days, months or years apart (Donald, 2001). Given the complexity of CCTV displays, the question is raised as
to how IGOs should be designed and implemented for CCTV.

This increase in image monitoring that comes with TIP will impact on operators mental workload, attention
resource allocation, situation awareness and search strategy and scanpaths (Donald, 2008). Monitoring multiple
displays is likely to influence the detection of both incidents and IGOs (Neil et al., 2007). Therefore designers
of IGO systems for CCTV clearly need to consider the number of monitors and cameras monitored per operator.
In addition, consideration needs to be given to where IGOs are placed which camera views or displays and
their locations within these. It is proposed that the extent to which TIP achieves it objectives will therefore
depend significantly on the design of IGOs and an appropriate implementation strategy. This is explored
initially below in terms of theories of attention and how these provide pointers to how such a strategy could be
achieved.

Attention processes and IGO characteristics.

Operators are required to pay attention to displays, therefore it is not surprising that attentional processes can
guide the design of IGOs in a CCTV environment. Attention is no longer viewed as a unitary process, but is
made up of multiple processes (Parasuraman, 1998). Five types of attention are acknowledged in the resarch
focused, selective, divided, switched and sustained (Wickens & McCarley, 2008). All these types of attention
are relevant to operators. Thus operators select specific objects or areas of displays on which to focus. At other
times they divide attention between objects, camera views or displays. Similarly, they may switch attention
from one area or object to another and back again. This is sustained over a period of time.

Two key processes are involved in influencing which objects or events are selected for attention (Serences,
Shomstein, Leber, Golay, Egeth, & Yantis, 2005). These are referred to as goal directed or endogenous
processing, and stimulus-driven or exogenous processing. Goal-directed processing occurs when goals, mental
models, expectations, attentional sets, beliefs and task goals influence the deployment of attention to visual
stimuli (Yantis, 1993). It is voluntary, intentional and controlled by the observer. Thus operators decide where
to direct their gaze and which regions and stimuli deserve scrutiny. By contrast, stimulus-driven processing
takes place when properties of a stimulus grab or draw attention involuntarily, even though the stimulus is not
related to the observers goals (Leblanc & Jolicoeur, 2005). Thus operators may find that they notice a large
bright object even though they were not searching for one.

Both processes are involved in incident detection. Operators have mental models regarding incidents which
assist goal-directed attentional control. For example, operators have expectations regarding what form an
incident may take, areas where incidents are likely to occur and types of people who may be involved. These
aspects form part of their attentional set or mental model of incidents and influence where they look and how
carefully they examine various display regions. Operators attention may also be drawn by certain objects or
events such as a new person entering a scene, which may attract attention.

It seems prudent to use the same mental model for incident and IGO characteristics where possible. If the
nature of the IGOs is such that they require a different mental model from incidents, it is argued that IGOs could
slow or even prevent the detection of incidents. This has not been tested empirically, but visual search literature
on singletons supports the reasoning involved.

32

Singletons are visual stimuli that differ on one dimension from surrounding stimuli. They are detected
extremely efficiently, regardless of the number of surrounding stimuli or distractors (Duncan, 1984). This
contrasts with conjunctions (stimuli defined by two features that share a feature with distractors). This was
attributed to singleton detection mode, whereby observers adopted an attentional set for singletons (ibid.). Thus
observers applied their attention set for singletons and searched specifically for singletons, disregarding
surrounding stimuli. This implies that separate attention sets were used for singletons and surrounding stimuli.

A similar process could develop with IGOs, where operators develop and apply an attention set for IGOs and
ignore other objects and events that form incidents. It is proposed that this situation be prevented by aligning
the mental sets required for IGOs and real incidents. To do this, IGOs should reflect characteristics found in
incidents. It may not be practical for IGOs and real incidents to be identical and therefore to share all aspects of
mental models and search processes. However, at the minimum, the attentional set for IGOs should reinforce
that for actual incidents.

It is argued that IGOs depicting content that is completely unrelated to incidents should be avoided as their
detection will involve a different attention set from incidents. Although IGOs that are unrelated to incidents
may be easy to detect, their detection is not likely to be related to incident detection. Therefore they may not be
effective in performance management and feedback. Further, unrelated IGOs are not likely to enhance incident
detection and may even cause a deterioration in incident detection if the mental model for incidents is not
invoked. Without a shared mental model, search may favour either incidents or IGOs, depending on a number
of factors such expectancies, rewards and pay-offs. In situations where incidents occur very seldom, operators
may focus on IGOs rather than incidents.

Stimulus characteristics play an important role in detection performance. Key characteristics include novelty,
visual salience or conspicuity (Brockmole & Henderson, 2005; Itti & Koch, 2000; Irwin Colcombe, Kramer, &
Hahn, 2000) and certain types of motion (Franconeri & Simons, 2003). Stimuli with these properties tend to
draw attention quickly. Therefore IGOs reflecting these characteristics are likely to be noticed easily and
quickly, without searching the display carefully. Therefore they have the potential to distract operators from
other areas of the display which may contain potential incidents.

IGOs that attract attention on a largely stimulus-driven basis may function in a similar way to singleton
detection mode. If this occurs, operators would search specifically for them and ignore other aspects of the
display that may contain incidents. In order to reduce the likelihood of singleton detection mode and distraction,
it is proposed that IGOs that draw attention be aligned with attention sets for incidents. Given their presumed
ease of detection, these IGOs may be useful in maintaining alertness rather than facilitating visual engagement
this deserves research in the future. However, they should probably be used with caution and possibly in
conjunction with other IGOs that are more difficult to detect. Thus the mix of IGOs needs to be considered as
part of an implementation strategy. The types of mental models and attention sets that operators develop for
IGOs that function on a largely stimulus-driven basis is also recommended as an area for future research. In
view of the potential of stimuli with these properties to distract operators, they should be used with caution.

Goal-directed and stimulus-driven attention processes have been separated for the purpose of discussion, but do
not function in isolation. They interact and are both present in all instances of perception (Hitch, 2005; Serences
et al., 2005). Observers exercise a degree of control over which stimuli receive attention and only a few stimuli
attract attention on a purely involuntary basis (Serences, et al., 2005). With the majority of stimuli, the
attentional set modulates stimulus-driven capture and vice versa (Folk, Remington & Johnston, 1992, 1993).
Other factors involved in modulating these attentional processes include the similarity between the target and
other stimuli (Proulx & Egeth, 2006), the nature of the task (Bravo & Nakayama, 1992), availability of attention
33

resources (Boot, Brockmole & Simons, 2005), representations of similar tasks in long-term memory (Wickens
& McCarley, 2008) and various perceptual processes such as grouping and working memory representations
(Yantis, 2000). Thus the allocation of attention to different types of IGOs and incidents involves numerous
factors and complex processes.

When there is foreknowledge of the target characteristics, goal-driven attention processes tend to be dominant
(Wickens & McCarley, 2008). Conversely, when the target is not specified, stimulus-driven processes tend to
be given more weight (ibid.). With CCTV surveillance, incident characteristics are generally not known before
they occur and stimulus driven characteristics may therefore be given substantial weight in deploying attentional
resources. Operators have expectancies and mental models regarding incidents, but presumably these need to be
well developed if they are to guide attention appropriately. This highlights the importance of training to
generate situational awareness and a knowledge of incident characteristics and behaviours.

CONCLUSION

Numerous factors affect vigilance performance and detection rates achieved by operators. Therefore no single
intervention is likely to address all problems regarding operator performance. However, IGOs seem have the
potential to increase performance based on the increased frequency of events and altered expectancies.
Aligning the attentional sets required for detecting IGOs and incidents is seen as a key factor in designing IGOs
that assist operators in visually engaging with displays and enhancing incident detection. IGOs reflecting the
defining properties of incidents are likely to have the advantage of reinforcing the mental models required for
incidents by serving as reminders of what to search for in incidents. IGOs depicting content that is not related
to incidents may be detrimental to performance as they may distract operators from other areas of the display.
More importantly, when the pool of IGOs consists only of highly salient images, operators may search only for
them and ignore incidents.

Goal-directed and stimulus-driven attentional processes are both relevant to IGO and incident detection. Goal-
directed processes assist in guiding attention, while stimulus-driven processes alert operators to new and
different stimuli. Both types of process should be considered when designing IGOs. However, the mental
models used in guiding attention need to be accurate and developed through training. Stimulus-driven processes
have the potential to distract operators, but may be useful in maintaining alertness. An implementation strategy
needs to consider a mix of IGOs using goal-directed and stimulus-driven processes.

IGO systems for CCTV could be designed in many different ways. However, empirical research is needed to
establish which IGOs are most effective and how they should be implemented. This implementation will vary
with the objectives of the system. Therefore it is important that organisations consider the objectives of the
system before implementing IGOs. This paper proposes that inserted targets be adjusted to the nature of the
environment and infrastructure being implemented. For example, the implementation of TPP for Government
institutions may focus on terrorist TIP images to increase the sensitivity to those kinds of events. Key point
protection around gas and oil installations will incorporate elements in the risk profile for the CCTV TIP for
those industries to ensure that attentional sets of operators are in line with those kinds of risk. A city council is
likely to have a very different set of CCTV TIP images to facilitate the recognition and detection of crime type
activities.

The authors are currently conducting research into the characteristics of IGOs. It is recommended that future
research also be conducted on the types of mental models used for IGO and incident detection, whether highly
salient IGOs assist in maintaining alertness and reducing a vigilance decrement, the distraction effects of various
34

types of IGOs, and the implications of IGOs for mental workloads. In conclusion, IGOs are likely to be useful
for CCTV, but given the huge number of forms IGOs could take, the way in which they are designed will be
crucial to their success.

REFERENCES

Andrew, C., Landgrebe, T., & Donald, C. (2003). Enhanced surveillance platform validation testing:
methodology report. De Beers technical report.

Baker, C. H. (1960). Maintaining the level of vigilance by means of artificial signals, Journal of Applied
Psychology, 44, 336-338.

Balakrishnan, J. D. (1998). Measures and interpretations of vigilance performance Evidence against the
detection criterion, Human Factors, 40(4), 601-623.

Berrick, C. A. (2004). Aviation security - Challenges Exist in Stabilizing and Enhancing Passenger and
Baggage Screening Operations. United States General Accounting Office. Testimony before the
Subcommittee on Aviation, Committee on Transportation and Infrastructure, House of Representatives.
United States.

Brockmole, J. R., & Henderson, J. M. (2005). Prioritization of new objects in real-world scenes: Evidence
from eye movements. Journal of Experimental Psychology: Human Perception and Performance, 31(5),
857-868.

Boot, W. R., Brockmole J. R., & Simons, D. J. (2005). Attention capture is modulated in dual-task situations.
Psychonomic Bulletin & Review, 12(4), 662-668.

Bravo, M., & Nakayama, K. (1992). The role of attention in different visual search tasks, Perception and
Psychophysics, 51, 465-472.

Catchpole, K., Fletcher, J., McClumpha, A., Miles, A., & Zar, A. (2001). Threat image projection: Applied
signal detection for aviation security. In D. Harris (Ed.). Engineering psychology and cognitive
ergonomics, Volume Six, Industrial Ergonomics, HCI, and Applied Cognitive Psychology. Aldershot,
UK: Ashgate.

Craig, A. (1984). Human engineering: The control of vigilance. In J. S. Warm (Ed.), Sustained attention in
human performance (pp. 247-291). Chichester, England: Wiley.

Dember, W. N.. & Warm, J.S. (1979). Psychology of Perceptions (2
nd
ed.). New York. Hold Rinehart and
Winston.

Donald, C. (2001). Vigilance. In J. Noyes, & M. Bransby (Eds), People in control: Human factors in control
room design. London: The Institution of Electrical Engineers.

Donald, C. (2004). Where does it hurt key areas of CCTV security. Presented at the conference of the
International Security Education Council (ISEC), 6 July, Guys Hospital, London, UK.

Donald, C., & Andrew, C. (2003). Technology Enhancement of CCTV Operator Effectiveness. CCTV User
Conference, Bolton, 9 April, 2003.

Donald C., Andrew C., & Landgrebe T. (2007). The Impact of CCTV TIP Implementation. Human Factors
Transport Security Academic Forum, Trinity College, Oxford, 24
-
25 September 2007.

Donald, F. (2008). The classification of vigilance tasks in the real world. Ergonomics, in press.

Duncan, J. (1984). Selective attention and the organization of visual information. Journal of Experimental
Psychology: General, 113, 501-517.
35

Edkins, G. D., & Pollock, C. M. (1997). The influence of sustained attention on railway accidents, Accident
Analysis and Prevention, 29(4), 533-539.

Folk, C. L., Remington, R., & Johnston, J. C. (1992). Involuntary covert orienting is contingent upon
attentional control settings, Journal of Experimental Psychology: Human Perception and Performance,
18, 1030-1044.

Folk, C. L., Remington, R., & Johnston, J. C. (1993). Contingent attentional capture: A reply to Yantis (1993).
Journal of Experimental Psychology: Human Perception and Performance, 19, 682-685.

Franconeri, S. L., & Simons, D. J. (2003). Moving and looming stimuli capture attention. Perception and
Psychophysics, 65, 999-1010.

Gill, M., & Spriggs, A. (2005) Assessing the impact of CCTV. Home Office Research Study 292.

Hitch, G. J. (2005). Working memory. In N. Braisbay and A. Gellatly (Eds), Cognitive Psychology, (Chapter
9, pp. 307-341). Oxford: Oxford University Press.

Irwin, D. E., Colcombe, A. M., Kramer, A. F. & Hahn, S. (2000). Attentional and oculomotor capture by onset
luminance and color singletons, Vision Research, 40(10-12), 1443-1458.

Itti, L., & Koch, C. (2000). A saliency-based search mechanism for overt and covert shifts of visual attention.
Vision Research, 40, 1489-1506.

Keval, H. (2006). CCTV Control Room Collaboration and Communication: Does it Work? Proceedings of
Human Centred Technology Workshop, 11-12 September, Brighton, UK.

Keval, H. & Sasse, M. A. (2006), Man or Gorilla? Performance Issues with CCTV Technology in Security
Control Rooms, presented at the 16th World Congress on Ergonomics Conference, International
Ergonomics Association, 10-14 July, Maastricht, Netherlands.

Koelega, H. S. (1996). Sustained attention. In O. Neumann, & A. F. Sanders, (Eds.). Handbook of perception
and action, Vol. 3: Attention, (pp. 277- 331). London: Academic Press.

Leblanc, E., & Jolicoeur, P. (2005). The time course of the contingent spatial blink. Canadian Journal of
Experimental Psychology, 59(2), 124-131.

Loeb, M., & Alluisi, E. A. (1984). Theories of vigilance. In J. S. Warm (Ed.), Sustained attention in human
performance (pp. 247-291). Chichester, England: Wiley.

Mackie, R. R. (1987). Vigilance research Are we ready for countermeasures?, Human Factors, 29(6), 707-
723.

Mackie, R. R., Wylie, C. D., & Smith, M. J. (1994). Countering loss of vigilance in sonar watchstanding using
signal injection and performance feedback, Ergonomics, 37(7), 1157-1184.

MacMillan, N. A., & Creelman, C. D. (1991). Detection theory: A users guide, Cambridge, Cambridge
University Press.
Maguire, R. L., McClumpha, A. J., & Tatlock, K. B. (2002). Using Cognitive Theory to Enhance Aviation
Security X-Ray Screening. Human Factors and Ergonomics Society Annual Meeting Proceedings,
Cognitive Engineering and Decision Making , pp. 387-391.

Matthews, G., & Davies, D. R. (1998). Arousal and vigilance: Still vital at fifty. Proceedings of the Human
Factors and Ergonomics Society Annual Meeting, 1, 772-777.

Neil, D., Thomas, N. & Baker, B. (2007). Threat Image Projection in CCTV. In C. Lewis (ed.). Proceedings of
SPIE Optics and Photonics for Counterterrorism and Crime Fighting III, Vol. 6741, 674102.

36

Neiderman, E. C., & Fobes, J. L. (2005). Threat image projection system. United States Patent 6899540.
www.freepatentsonline.com .

Parasuraman, R. (1979). Memory load and event rate control sensitivity decrements in sustained attention,
Science, 205, 924-927. From Noyes and Bransby.

Parasuraman, R. (1984). Sustained attention, in Parasuraman, R., & Davies, D. R. (Eds.), Varieties of attention,
Orlando: Academic Press, Inc.

Parasuraman, R. (1998). The attentive brain: Issues and prospects. In R. Parasuraman (Ed.)., The attentive
brain, (pp. 3-15). Cambridge, MA: The MIT Press.

Proulx, M. J., & Egeth, H. E. (2006). Target-nontarget similarity modulates stimulus-driven control in visual
search. Psychonomic Bulletin and Review, 13(3), 524-530.

Sawin, D. A., & Scerbo, M. W. (1995). Effects of instruction type and boredom proneness in vigilance:
implications for boredom and workload, Human Factors, 37(4), 752-765.

See, J. E., Howe, S. R., Warm, J.S., & Dember, W. N. (1995). Meta-analysis of the sensitivity decrement in
vigilance, Psychological Bulletin, 117, 230-249.

Serences, J. T., Shomstein, S., Leber, A. B., Golay, X., Egeth, H. E., & Yantis, S. (2005). Coordination of
voluntary and stimulus-driven attentional control in human cortex. Psychological Science, 16(2), 114-
122.

Smith, G. J. D. (2004). Behind the screens: Examining constructions of deviance and informal practices among
CCTV control room operators in the UK. Surveillance and Society, 2(2/3), 376-395.

Szalma, J. L., Warm, J. S., Matthews, G., Dember, W. N., Weiler, E. M., Meier, A., & Eggemeier, F. T. (2004).
Effects of sensory modality and task duration on performance, workload, and stress in sustained
attention, Human Factors, 46(2), 219-233.

Wells, H., Allard, T., & Wilson, P. (2006). Crime and CCTV in Australia:
Understanding the Relationship. Faculty of Humanities and Social Sciences, Bond University, Australia.

Wickens, C. D., & McCarley, J. D. (2008). Applied attention theory. London: CRC Press.

Wilkinson, R. T. (1964). Artificial signals as an aid to an inspection task. Ergonomics, 7, 63-72.

Yantis, S. (1993). Stimulus driven attentional capture and attentional control settings, Journal of Experimental
Psychology: Human Perception and Performance, 19, 676-681.

Yantis, S. (2000). Goal directed and stimulus driven determinants of attentional control. In S. Monsell & J.
Driver (Eds.), Attention and Performance (Vol 18). Cambridge: MIT Press.

COPYRIGHT
Fiona Donald and Craig Donald 2008. The author/s assign Edith Cowan University a non-exclusive license to
of the authors.

37

Australias Oil Refining Industry- Importance, Threats, and Emergency Response
Amanda East
Security Science

Bill Bailey

Abstract
Australias Oil Refining Industry- Importance, Threats, and Emergency Response.
Australia is heavily reliant on down-stream, or refined oil products for daily life and industrial purposes. The
industry faces a range of threats and risk factors all of which have the capability to inflict significant damage. A
major disruption to Australias oil refining industry would have major consequences not only for the industry
but on society and the economy as a whole. By assessing Australias reliance on oil products, as well as
considering the impact of major disruption to oil refining capabilities internationally, this paper seeks to assess
the impact that such an event would have on Australian society, public and private industry and the economy. In
the Australian context the industry is not adequately prepared to respond to, or recover from major disaster or
disruption. There are a range of international strategies and policies which will be assessed in order to further
prepare the Australian industry for a range of potential disasters. This paper uses the Kwinana oil refinery in
Western Australia as a case study for considering potential threats, consequences and recovery strategies
related to a major oil refinery disruption or disaster.

AUSTRALIAS OIL REFINING INDUSTRY-IMPORTANCE, THREATS AND
EMERGENCY RESPONSE
The Australian oil refining industry is very important to the social and industrial stability of the nation. In terms
of size and production the Australian refining industry is relatively small. This being said the local oil refining
industry is critical in supplying and maintaining national social and industrial activities. The majority of refinery
output is used to supply the transport sector, however the agricultural industry, heavy industries, and general
household activities are also reliant on locally produced oil products. If an Australian oil refinery were rendered
unavailable for an extended period of time it would have significant consequences for the regional, and perhaps
even national social and economic stability. Subsequently the industry needs to be prepared for the range of
human and natural threats that it faces. Terrorists, insiders, criminals and natural disasters are all sources of
threats which have the capacity to severely disrupt any, or all of the Australian oil refining facilities. There are a
number of governmental and industrial measures in place to prevent and respond to any possible threats and
risks. Thus far the Australian industry has avoided any major disaster, however must remain vigilant in securing
against every form of threat.

AUSTRALIAS OIL REFINING INDUSTRY
The Australian oil refining industry is made of seven privately owned refineries. Located in five states and
owned by four major companies, these refineries provide Australia with 796 000 barrels of refined oil product
each day (EIA, 2005). Two refineries, Kwinana (WA) and Bulwer (QLD) are owned by BP; Lytton (QLD) and
Kurnell (NSW) are owned by Caltex; Shell runs two refineries, Geelong (VIC) and Clyde (NSW), while the
Altona refinery in Melbourne (VIC) is owned by Mobil (AIP, 2005, p.5). The Kwinana refinery is the biggest
with an output capacity of 138 000 barrel per day (bpd) (EIA, 2005). The Liquid Fuel Emergency Act (LFE Act,
1984) identifies the following as refined liquid petroleum products (S3.1):
38

Petroleum products make up 46% of Australian refinery output, diesel 29%, and jet fuel 14% (AIP, p.6).
Seventy five percent of Australian demand for petroleum products is supplied by local refineries, any disruption
within the Australian industry would have significant social, and economic consequences. Only 30% of refinery
feedstock is local crude oil (AIP, 2008, p.2), Australian crude oil is unsuitable for conversion into the primary
refined product, petrol. Subsequently the majority of crude oil used in Australian refineries is imported from the
Asian and the Middle Eastern refineries (AIP, 2008, p.2). As previously stated Australia is heavily reliant on
the local oil refining industry, a range of social and industrial services rely on the stability and supply of the
Australian oil refining sector.

AUSTRALIAN RELIANCE ON OIL PRODUCTS
Australian society relies heavily on oil products to provide and supply a range of essential social and industrial
services. Oil is relied on for transportation, agricultural as well as industrial, and household purposes. The
Australian Institute of Petroleum states that petroleum products are responsible for 52% of final energy
consumed in Australia (n.d., p.1). Based on this data it can be assumed that the consequence of a major
disruption to the refining industry would be significant. Without oil a significant number of vital social
requirements, and industries would not be able to function at full capacity, or at all
Transport is the sector of Australian society which is most reliant on petroleum products. The oil refining
industry is geared toward petroleum production to supply the nations transport requirements. All forms of
transport, passenger cars, trucks, cargo transport- truck and rail, as well as air transport are reliant on petroleum
products to fuel them. Of these, passenger cars or personal transport is responsible for the highest level of
consumption. In Australia road transport accounts for nearly 80% of liquid petroleum use (Robinson, Fleay &
Mayo, n.d., p.1; Taylor, n.d., p.10), two thirds of which can be attributed to passenger vehicles (Taylor, p.10).
Considering that there are 13.2 million registered motor vehicles (passenger cars, commercial vehicles and
trucks)in Australia (Robinson etal, p.1; ABARE, 2004, p.47) each averaging 15 300 kilometers (Robinson etal,
p.1) per year it is understandable that Australia consumes 38 billion litres of fuel annually for road and off road
vehicles (Green Car Congress, 2008). These numbers indicate that Australia has a very strong, but probably
unrealised, reliance on the oil refining industry. Transport is relied on not only to transport people, but for the
transportation of food, goods and services. If the oil refining industry were to suffer a serious disruption the
social, and eventually economic consequences would be enormous.
The agricultural industry also has a strong direct, as well as indirect reliance on oil products. In Western
Australia livestock and crop farmers, predominantly wheat, are responsible for 80% of petroleum product
purchases by broadacre agriculture (Kingswell, p.2). The majority of the fuel and oil purchases are used in
establishing and harvesting a range of grain crops (Kingswell, p.2). The dairy industry has a strong, but indirect
reliance on oil products for the transportation of dairy products from farms to processing plants. As previously
stated transportation is the sector most reliant on oil products, and agriculture relies on the transportation
industry to maintain and ensure the success of their operations. Expenditure of grain and sheep dominant
agricultural sectors on transport is 55.6 and 35.5 percent respectively (Kingwell, p.3), while expenditure on
petroleum products by the grain dominant sector is 37.0 %, and 20.5 % for the sheep dominant sector (Kingwell,
p.3). The export earnings for Australian agricultural commodities made up approximately 2.9% of annual GDP
(ABS, 2005). Taking into account drought and other conditions the Australian agricultural industry has not been
as successful recently as in previous years, even so the sector is very important to Australian society and
economy, and would be significantly effected in the event of a major disruption to local oil supply.
The industrial sector, including mining and quarrying, iron and steel and construction accounts for 21% of
Australian oil use (IEA, 2000, p.44). Within this sector, the mining industry is major consumer of diesel fuel
(IEA, 2000, p.44). About 35 percent of energy needs within the mining sectors are met by electricity followed
by fuel oil which accounts for 32 percent. Energy requirements in exploration and site preparation are reliant on
transportation and drilling, which both require fuel oil (ITP, p.18). As the world's largest exporter of coal iron
39

ore, lead, diamonds, rutile, zinc and zirconium, and the second largest exporter of gold and uranium the mining
industry contributes a significant amount to Australians GDP. Since the mid 1980s the mining industry has
contributed $ 43 Billion to the Australian economy, that is 5% of annual GDP (ABS, 2005). Although the
sector is not entirely reliant on oil products it could not function effectively without it, resulting in consequences
for Australian exports and the economy.

Petroleum fuels (liquefied petroleum gas (LPG) and heating oil) accounted for 4.6% of household energy
consumption in 1995. It is possible that this number has been reduced since due to the connection to natural gas,
and upgrades in heating and cooling technology (G.Wilkenfeld, 1998, p.5). Of the petroleum fuels used in
general household activities approximately 83.7% was used for heating, 13.3% for water heating and 3.0% for
cooking (G.Wilkenfeld, 1998, p.9). Household consumption of oil is not particularly significant, however plays
an important role in providing the services and luxuries that we have come to expect.

THREAT SOURCES
The oil industry has always faced a wide range of threats from a number of sources. In the current international
security environment terrorism is the main security concern, however every industry must remain vigilant in
defending against other sources, and types of threats. As Pavel Baev, a senior researcher at the International
Peace Research Institute states,

it was Katrina not Al-Qaeda that devastated the platforms and refineries along the U.S. Gulf coast in August
2005; it was a short circuit not a well-placed bomb that caused the massive blackout in Moscow in May 2005;
and it was not a shoot-out but a labor strike that stopped the pipeline construction in Azerbaijan in November
2005 (Baev, 2006, p.33).

As well as terrorism, the threat from environmental terrorism, insiders, cyber attacks, and natural disasters must
be considered in protecting and defending all forms of major infrastructure.

The major threat to the oil and gas infrastructure is from highly motivated terrorists (Bajpai & Gupta, 2004,
p.176). In 2006 there were 344 significant attacks against oil and gas targets compared with 265 in 2005 (Oil
and Gas Industry-Terrorism Monitor(OGI-TM), 2007). These attacks resulted in significant loss of life and tens
of billions of dollars in lost production as well as physical and reputational damage to many companies (OGI-
TM, 2007). The oil and gas industry is not a new target for terrorism, however in recent years Al-Qaeda has
vowed more strongly to cut the economic lifelines of industrialised societies (Peck & Lord, p.4), the economic
lifelines being oil infrastructure. In light of this and the fact that a number of significant terrorist organisations
exist in the region surrounding Australia all forms of oil infrastructure, including refineries need to be prepared
for and consider the consequences of a possible terrorist attack.

Agricultural, forest, mineral, petroleum and ecosystem sites and water resources have been identified as being
particularly vulnerable targets for environmental terrorism (OLear, 2003, p.140). Although not the most
significant threat to oil refineries activists are capable of causing disruption and disturbance to oil refinery staff
and operations. During times of peace, aspects of the environment, including human manipulated landscapes,
could be targets of intentional acts of destruction intended to communicate a particular message (OLear, 2003,
p.140). Environmental terrorists are not of major concern to the Australian oil refining sector. However oil
refineries do have the potential to cause significant environmental damage, and petroleum sites are targets for
environmental terrorism. The Australian sector must be wary of the threat that environmental terrorists and
activists pose.

40

Insiders, employees of a particular company or organisation, are also a major threat to the security and
productivity of their company. The threat they pose may be maliciously motivated, or purely accidental. As has
been previously stated terrorism is a major threat to the oil industry. It is possible that in some cases terrorists
may be working in collusion with internal disgruntled employees (Bajpai & Gupta, 2007, p.176) to achieve their
objective. That being said disgruntled employees can cause serious disruption of their own accord through
fraudulent activity, sale of corporate information, or cyber attacks (Stoneburner, Goguer & Feringa, 2002, p.14).
However the major threat posed by employees working in oil refineries is accidents. Around the world, plant
and refinery employees are injured or killed on the job almost every day, many of the accidents take place as a
result of the negligence of other employees, employers, or third parties (Nelson, 2007). In facilities that process
hazardous materials, and performs such a vital social function, there must be a significant emphasis placed on
preventing malicious or accidental incidents from within.

The increased reliance computers and networks to control and maintain oil refineries and their functions has led
to the development of another, major threat source. The Supervisory Control and Data Acquisition (SCADA)
and Distributed Control Systems (DCS) provide the critical service of monitoring and controlling the functions
and delivery of the essential services of most critical infrastructure. These systems are used within refineries and
to control pipelines, however they were developed purely for functional purposes with no security concerns
considered, as a result they are vulnerable to cyber threats. These vulnerabilities leave oil companies, and their
facilities susceptible to exploitation, attack and theft of proprietary information (Sevounts, 2006, p.79). Oil
facilities have always been targets of malicious attack, and now that many of them are reliant on systems that
are vulnerable to cyber threats there is an increased priority placed on securing systems, and defending against
the cyber threat (Sevounts, 2006, p.79).
Natural disasters are a major cause of damage and disruption to oil refinery operations. Of all the threats listed,
the threat from natural sources is potentially the most damaging. Measures can be implemented to reduce the
effects of natural disaster, however they can still cause extensive damage and nothing can be done to prevent
their occurrence. Australia is susceptible to a range of natural disasters, all of which can create significant
damage and disruption.

PREPAREDNESS

The government has developed a range of strategies and initiatives by which to further enhance the security of
critical infrastructure. The majority of government strategies are targeted at critical infrastructure as a whole,
rather than each individual sector. This being said the security of oil refineries is covered by a range of energy
sector legislation, and critical infrastructure initiatives.

The Liquid Fuel Emergency Act is the legislation developed in order control the production and release of fuel
in times of a national fuel crisis. Unless there is a national crisis oil companies are responsible for their own
activities and security issues. The Act enables the government to control the output and use of oil products in
periods of major emergency. The Act states that, The Minister may... direct a relevant fuel industry
corporation:
(a) to maintain at all times after a specified day, at specified places in Australia, specified quantities of reserve
supplies of a specified kind of liquid fuel; or
(b) to accumulate, by a specified day, specified quantities of reserve supplies of a specified kind of liquid fuel
and to maintain, at all times after that day, such quantities of reserve supplies of liquid fuel of that kind at
specified places in Australia (S12:1a, b).
The legislation can only be considered in extreme situations where rationing across multiple jurisdictions would
be necessary for an extended period and be beyond the capability of the industry to manage on its own (AIP,
2008, p.14). Enacted in 1984 the legislation has never been required to be introduced. Although the Act is not
directly related to oil refineries it is the only legislation which Australia can introduce in a time of severe
disruption to any part of the oil industry.
41

The Australian government has implemented a number of initiatives and measures to assist in development and
enhancement Australias critical infrastructure security. These measures are relevant to, and aimed at all
industries classified as critical infrastructure. The government strategies intend to increase communication
between the government and private sectors on matters of security threats and improvements.
The Business Liaison Unit (BLU), a part of the Australian Security Intelligence Organisation (ASIO), was
developed in order to provide a forum by which Australian businesses could interface with the Australian
intelligence community (ASIO). The BLU aims to ensure that owners and operators of critical infrastructure
can access ASIO information on security issues which affects their assets, operations and personnel (ASIO).

The Trusted Information Sharing Network (TISN) is another government program aimed at increasing the
security of critical infrastructure through increased communication.
The TISN brings business and government together with the purpose of sharing ideas and expertise to develop
solutions to common, as well as complex, security concerns and problems.
The Computer Network Vulnerability Assessment (CNVA) Program is part of the TISN. It is a government
grants scheme developed to help secure critical infrastructure. Through the program funding is provided to help
owners and operators of critical infrastructure identify the vulnerabilities of their information and
communication systems (CNVA, 2008). It also allows for the examination of security implications of IT
infrastructure changes, and assesses potential and existing physical and personnel security issues (CNVA,
2008).

The Australian industry has a number of strategies it can implement in times of supply emergency. In times of
extreme emergency they can be introduced in combination with government strategies. The mechanisms which
the industry uses to adjust supply include purchase and ship product from a refinery in another state which may
take several days to arrive, or from Singapore the shortest time frame is about three weeks (AIP, n.d., p.7). In
times of long term disruption product can be purchased and shipped from other overseas sources, delivery of
which is likely to take several weeks (AIP, p.7). When there is a significant disruption or reduction to supply
and production companies may restrain or limit supplies to industrial and local consumers (AIP, p.7).

RECOVERY STRATEGIES

In terms of maintaining supply of refined oil products the only existing options are to import from other national
refineries, increase the capacity of existing refineries, or import products from overseas. The best recovery
strategy for the Australian oil refining industry is found in the physical layout of the industry. Australian
refineries are not located in close proximity, or owned by the same companies, subsequently it is highly unlikely
that the entire industry can be affected by a single disaster or disruption. No natural disaster has the capability to
disrupt every refinery, unlike in America where over 40% of national refining capacity is found in two states
which are vulnerable to severe weather conditions (Parformak, 2007, p.4). The Australian refineries are owned
by different companies, with no communication or cyber connection, making it impossible to shut down the
entire system via a single cyber attack. Perhaps the only event that has the capability to impact the nation by
disrupting oil refinery production is a highly organised and coordinated terrorist group with the ability to
infiltrate the physical and personnel security procedures of the Australian refineries.
The production capacity of the Australian refineries is equal, no refinery is far superior in terms of production. If
one or two refineries where to be disrupted it is probable that other refineries could supply the effected region
for a short period of time without being severely effected themselves. This being the case the most useful and
immediately available measures for recovering, or dealing with an oil related emergency are market-driven,
voluntary and compulsory demand restraint (IEA, 2000, p.39). In the Australian context the implementation of
measures to reduce industrial and general consumption of oil products is the most effective means by which to
recover from a major disruption, while still maintaining social and economic stability.

42

In terms of size and production the Australian oil refining industry is relatively small, however extremely
important in supplying the country with oil products. The majority of locally refined oil products are used
domestically, meaning that Australian society and industries are reliant on the local oil refining sector.
Australian refineries produce a full range of oil products, the majority of which are used to supply the
transportation industry, as well as the agricultural and mining sector. Thus far the industry has been free of
malicious, or extremely damaging events, however it does face a range of potentially disastrous threats.
Terrorists, insiders, cyber criminals, activists and natural disasters are all sources that threaten the security of the
oil refining industry. The consequences of a major disruption would be significant. There are a range of
governmental strategies in place to develop and enhance the security of Australias critical infrastructure, and
the industry itself has plans by which it intends to continue in spite of a major disruption. Although the
Australian industry has not yet faced any serious disasters it must continue to develop measures to secure, and
ensure the continuity of the industry in the event of a major disaster, otherwise there will be major consequences
to Australian society, industry and economy.

REFERENCES
Australian Bureau of Agricultural and Resource Economics. (2004). Energy in Australia. Retrieved from
Australian Government:
http://www.environment.gov.au/soe/2006/publications/drs/pubs/562/set/hs31energy-in-australia-
2004.pdf

ASIO. (n.d.). Business Liaison Unit. Retrieved from Australian Government: http://blu.asio.gov.au/
Australian Bureau of Statistics. (2005). Year Book Australia 2005: 100 years of change in Australian industry.
Retrieved from
http://www.abs.gov.au/Ausstats/abs@.nsf/Previousproducts/1301.0Feature%20Article212005?opendocu
ment&tabname=Summary&prodno=1301.0&issue=2005&num=&view=
Australian Institute of Petroleum. (n.d.). Supply Security. Retrieved from http://www.aip.com.au/pdf/supply.pdf

Australian Institute of Petroleum. (2005). Downstream Petroleum. Retrieved from
http://www.aip.com.au/pdf/Downstream_Petroleum_2005_Report.pdf

Australian Institute of Petroleum. (2008, April). Maintaining Supply Reliabililty in Australia.
Australian Institute of Petroleum.
www.aip.com.au/pdf/AIP%20Paper%20-%20Maintaining%20Supply%20Reliability.pdf

Baev, P. (2006). Re-evaluating the Risks of Terrorist Attacks Against Energy Infrastructure in Eurasia. China
and Eurasia Forum Quarterly , 4:2, p.33-38.

Bajpai, S. & Gupta, J. (2007). Securing oil and gas infrastructure. Journal of Petroleum Science and
Engineering , 55, 174-186.

Bajpai, S. & Gupta, J. (2004). Site Security for Process Plants. Journal of Loss Prevention in the Process
Industries , 18:4-6, 301-309.

CNVA. (2008). Fact Sheet. Retrieved from
http://ag.gov.au/agd/WWW/rwpattach.nsf/VAP/(930C12A9101F61D43493D44C70E84EAA)~CNVA+F
act+Sheet+June+2008.PDF/$file/CNVA+Fact+Sheet+June+2008.PDF

Energy Information Administration. (2005). Output of Refined Petroleum Products: All Countries, Year 2004
for the International Energy Annual 2005. Retrieved from
http://www.eia.doe.gov/emeu/international/oilproduction.html

43

G Wilkenfeld and Associates. (1998). Household Energy Use in Australia: End Uses, Greenhouse Gas
Emissions and Energy Efficiency Program Coverage. Retrieved from
http://www.energyrating.gov.au/library/pubs/hhenergy1998.pdf

Green Car Congress. (2008). Jamieson Report Calls for Fastracking Development of Electric Vehicles in
Australia. Retrieved from http://www.greencarcongress.com/2008/07/jamison-report.html

International Energy Agency. (2000). Oil Supply Security: The Emergency Response Potential of IEA Countries
2000. Retrieved from International Energy Agency: http://www.iea.org/dbtw-
wpd/textbase/nppdf/free/2000/oilsecu2001.pdf

ITP Mining. (n.d.). Energy and Environmental Profile of the US Mining Industry. Retrieved from
www1.eere.energy.gov/industry/mining/pdfs/overview.pdf

Kingwell, R. (n.d.). Oil and Agriculture: Now and in the Future. Retrieved From:
www.aspo-australia.org.au/References/Kingwell-Oil-in-Agriculture-2003.pdf

Liquid Fuel Emergency Act. (1984). Retrieved from
http://www.austlii.edu.au/au/legis/cth/consol_act/lfea1984213/s3.html

Nelson, S. (2007). Plant/Refinery Accidents. Retrieved from Law Office of Scott. A. Nelson:
http://www.oceanlawusa.com/html/plant-refinery.html

Oil and Gas Industry- Terrorism Monitor (OGI- TM). (2007). Retrieved from http://www.ogi-
tm.com/ogi_latest_threats.php

O'Lear, S. (2003). Environmental Terrorism: A Critique. Geopolitics. 8:3, 127-150

Parfomak, P. (2007). CRS Report for Congress: Vulnerability of Concentrated Critical Infrastructure:
Background and Policy Options.

Peck, B. & Lord, A. (n.d.). The US Strategic Petroleum Reserve: Needed Changes to Counter Today's Threats
to Energy Security. Retrieved from Strategic Studies Institute:
http://www.strategicstudiesinstitute.army.mil/pdffiles/ksil456.pdf

Robinson, B., Fleay, B., & Mayo, S. (n.d.). The Impact of Oil Depletion on Australia. Retrieved from
http://www.aspo-australia.org.au/References/Abstract_Lisbon_Robinson.pdf

Sevounts, G. (2006). Addressing Cyber Security in the Oil and Gas Industry. Pipeline and Gas Journal , 233:3,
79-80.

Stoneburner, G., Goguer, A., Feringa, A. (2002). Risk Management Guide for Information Technology Systems.
Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

Taylor, M. (2004). Australia's approach to managing an oil emergency. Retrieved from International Energy
Agency: http://www.iea.org/Textbase/work/2004/cambodia/bj_session4.3-Australian%20paper.pdf

William Bailey and Amanda East, Edith Cowan University 2008. The author/s assign Edith
CowanUniversity a non-exclusive license to use this document for personal use provided that the
article is used in full and this copyright statement is reproduced. Such documents may be published on
the World Wide Web, CD-ROM, in printed form, and on mirror sites on the World Wide Web. The
authors also grant a non-exclusive license to ECU to publish this document in full in the Conference
Proceedings. Any other usage is prohibited without the express permission of the authors.

44

Aviation Infrastructure Protection:
Threats, Contingency Plans and the Importance of Networks

Mel Griffiths
melvyng@student.ecu.edu.au

Abstract
Much literature has been published on the vastly disproportionate repercussions that disruptions to critical
infrastructure have the potential to create. The security of critical infrastructure requires careful planning as
well as rapid response and recovery strategies. The protection of Australias airports as sites of critical
infrastructure raises many issues common to infrastructure protection. There are legal, cultural and procedural
barriers to the sharing of information, as well as a lack of integration within security networks and between the
government and owner/operators of infrastructure. These issues must be taken into account to enable effective
crisis management at airports. This paper examines the process of planning, incident, and recovery for airports
taking into consideration the difficulties associated with critical infrastructure protection. The concepts are
illustrated using threat assessment, business continuity, crisis management, and business recovery strategies
based on the AS/NZS4360 model for risk management as well as an incident scenario based on credible
scenario development. The effective protection of airports must take into account the problems associated with
security networks and the interdependent nature of critical infrastructure, as failure to do so invites the
potential of a cascading collapse of Australias critical aviation infrastructure.
INTRODUCTION
The protection of critical infrastructure poses some of the most significant challenges to nation-states today
(Dupont, 2004, p. 78). Although the complexities of protection impact all types of critical infrastructure, it is the
example of airports that best illustrates the issues (Rothery, 2005). Australia's aviation infrastructure forms a
complex web of interconnectedness and interdependence that is fundamental to the functioning of air services.
Australia's large landmass, distance between capital cities and limited viable transport alternatives means that
aviation infrastructure is all the more critical. In addition, transport infrastructure is likely to continue to be a
favoured target of terrorism. Such areas are easily penetrated relative to other critical infrastructure, have a high
density of people, and are constantly beset by problems of security versus functionality (Fleckner, 2005).

This fundamental interdependence that allows aviation infrastructure to function may also be an additional
source of risk. Variations in security standards and practice between airports, airlines and other associated
industries, creates variations in the expected risk exposure within the infrastructure network. For example, lack
of passenger screening at a regional airport creates an increased risk for all associated airports. Security issues
associated with infrastructure interdependence may also be complicated by difficulties with government and
private sector collaboration. The effectiveness of information-sharing and security consultancy networks
composed of government and private sector participants can be compromised as many problems are magnified
at the public/private nexus (Rothery, 2005, p. 6). This creates a range of security considerations that are largely
unique to critical infrastructure and specifically transport infrastructure.

CRITICAL INFRASTRUCTURE AND BUSINESS CONTINUITY MANAGEMENT
Since 2003, the Terrorism (Community Protection) Act 2003 and its amendments have legislated the risk
management responsibilities of 'essential services infrastructure' owners and operators, a move referred to as
'responsibilisation'. This legislation stipulates that infrastructure operators must comply with any prescribed
standard (Terrorism (Community Protection) Act 2006 (Cth) s.11 (12)(1)) in developing their risk management
program. The standard currently prescribed by the Australian Government is the AS/NZS4360:2004 Risk
Management Standard which provides a robust framework for managing risk (Terrorism (Community
Protection) (Prescribed Standards) Regulations 2007 (Cth) s.3(a)). Given the interdependent nature of
infrastructure networks, it follows that the consequences of risks that threaten infrastructure continuity must be
given serious consideration, as disruption is not simply a matter of economics. Business Continuity
45

Management guarantees the availability of processes and resources in order to ensure the continued
achievement of critical objectives (Standards Australia, 2004, p. 2), which clearly is a necessary requirement
for all forms of critical infrastructure. This involves the specification of roles and responsibilities (Rosenthal and
Pijnenburg, 1991), the allocation of resources (t Hart, 1997), and the testing of established plans (Boin, Kofman
and Overdijk, 2004).

According to the Australian Government, the current security environment makes business continuity planning
important (Attorney Generals Department, 2008). Managing business continuity provides practical strategies
to follow in a crisis, eg fire, flood, storm, explosion, adverse market or financial circumstances, computer
viruses or power outages (Attorney Generals Department, 2008). However, the current security environment
reinforces the need for up to date business continuity and recovery plans in order to face the heightened threat of
malicious actions. For example, because of meticulous planning for business continuity and disaster recovery,
Scotlands Glasgow airport was able to resume operations and reopen a damaged terminal 23 hours and 59
minutes after an attempted car bomb attack on June 30, 2007 (Crichton, 2007, p. 19). Business Continuity
Management forms an integral part of the risk management process and identifies the organisation's critical
objectives, potential disruptions, and mitigation strategies. Business continuity is essentially the process of
ensuring the uninterrupted availability of the primary business resources that are required in order to sustain
crucial business activities.

Confusion can arise regarding the relationship between business continuity and risk management. Essentially
business continuity management is the use of risk management to mitigate a particular type of risk, that of
disruption to business continuity. Ensuring an airport meets its legislative risk management obligations and
establishes strategies for continuance during disruption requires that appropriate tools be provided by
Government. Given the significance of risk and business continuity management to ensuring the continuity of
essential public services, consideration must be given to how the larger challenges specific to infrastructure
network interdependence and public/private integration may affect the development of effective business
continuity and recovery strategies in Australian Airports.

INFRASTRUCTURE NETWORKS AND OWNERSHIP
Despite playing a vital role in the running of the state (Dupont, 2004, p. 78), around 90 per cent of Australias
critical infrastructure is privately owned (Trusted Information Sharing Network, 2004). As a result the
protection of critical infrastructure has become a shared responsibility of business and the Australian
Government (Attorney Generals Department, 2005, p. 3.6). However, according to the Independent Review
of Airport Security and Policing conducted for the Australian Government in 2005 (Wheeler, 2005), the task of
enabling the private sector at sites of critical infrastructure, such as airports, is (and remains) a considerable
challenge.

Difficulties associated with information sharing, communication, coordination, and dynamics within networks
are common to all organisations, but are magnified as the site of intervention moves from state-owned to
privately-owned entities (Rothery, 2005, p. 6). In the event of a disruption to infrastructure, government and
business will have differing priorities. According to Yates (2003), an infrastructure owner's first priority is its
commercial survival which may or may not encompass the government's priority of minimising the social,
economic and political impact by returning the infrastructure to service as soon as possible(p. 3). Although the
priorities of business and government may not be in full agreement, ultimately both parties are primarily
interested in the continuity of the infrastructure, which provides a common starting point for the establishment
of security networks.

SECURITY NETWORKS
Ideally, security networks facilitate the coordination of government and industry and are intended to
coordinate... activities and share responsibilities, resources, information and/or knowledge... more efficiently
and effectively than vertical or hierarchical structures (Whelan & Palmer. 2006, p. 4). There is an increasing
46

awareness that the privatised nature of much of Australias critical infrastructure calls for a broader and more
robust integration of public and private elements in security networks. In November 2002, the Commonwealth
Government announced the creation of the Trusted Information Sharing Network for Critical Infrastructure
Protection (TISN). This network of advisory groups was created in response to the need for critical
infrastructure owners and operators to have access to informational resources. According to Yates (2003), these
resources include information on:
business continuity, consequence management, information system attacks and vulnerabilities, e-
crime, protection of key sites from attack or sabotage, chemical, biological and radiological
threats to water and food supplies, and the identification and protection of offshore and maritime
assets (p. 43).
This overarching security network is an essential tool in securing critical infrastructure, however the size of the
network and the complexity of the task mean that coordination, trust, and partnership can be difficult to foster.
Security networks can operate on local levels involving local organisations, as well as on the regional or
national levels as illustrated by the Trusted Information Sharing Network. The challenge of coordination, trust,
and partnership is more difficult to foster in larger security networks. Therefore, aspects of continuity and
recovery that are more reliant on trust and partnership, such as consultation, mock exercises, and coordination
with local authorities, are best served by local security networks.

Regardless of the specific elements of a security network, there are some common key elements to successfully
achieving the stated objectives. Interdepartmental cooperation, clear responsibilities, and trust are essential
factors for success. Smaller, more local security networks which focus on specific elements of an infrastructure
sector may effectively mitigate issues of trust, information sharing, communication, coordination, and dynamics
at the local level of infrastructure protection. For example, fostering trust and cooperation with local emergency
services and police can aid an airports business continuity process immeasurably. However, effectively
integrating public and private agencies into security networks of any size still faces considerable
organisational, cultural, and legal barriers (Whelan & Palmer, 2006, p. 1).

Examples of barriers to integration include legal issues associated with the sharing of classified information,
organisational cultures perpetuating a lack of interdepartmental trust and cooperation, and issues of conflicting
responsibility and jurisdiction. These issues may lead one to conclude that the private sector has a limited
interest in participating in and maintaining security networks. However, it is not uncommon for the private
sector to actively seek out a greater participation in security networks (Whelan & Palmer, 2006, p. 9). This
involvement gives the private sector the benefit of enhanced information and greater planning roles in securing
infrastructure, although these benefits can be somewhat offset by the private sector seeking to limit their
financial burdens associated with security.

UNIQUE BARRIERS
The private sector/government nexus in infrastructure protection poses some unique challenges in terms of
economics and interdependence. Essentially this interdependence means that the risks faced by any individual,
firm, region or country depends not only on its own choices but also on those of others (Heal, Kearns,
Kleindorfer, & Kunreuther, 2008, p. 258). This represents a meeting of the politics and economics of risk
management (Whelan & Palmer, 2006, p. 9). For example, decisions regarding an airports security may take
into consideration the security flaws in another airport when determining how effective a particular
countermeasure will be, and how security resources are subsequently allocated. To what extent then can one
airport be expected to invest in security when it is connected to and dependent on others whose failures may
compromise its own operations? (Heal, et al., 2008, p. 259).

With interdependence, each part of the aviation network has less incentive to invest in protective measures if
the others have not taken similar action (Heal, et al., 2008, p. 259). It is worth noting however, that a small
group within a network may also be able to tip the entire industry from a starting equilibrium in which no one
invests in security, to a new equilibrium that improves security and increases expected profits (Kearns & Ortiz,
2004). Agreement and cooperation on security measures among a small part of the infrastructure network can
change the tide of opinion and the general security outlook among aviation infrastructure owners and operators.
47

This further reinforces the importance and utility of security networks that promote cooperation and consistency
across the infrastructure network.

RESPONSIBILISATION
Effective security networks provide much of the toolkit that enables the private sector to be responsible for
legislative standards. This responsibilisation, whereby government strategies are used encourage the private
sector to be responsible for their own risk management, is heavily reliant on the effectiveness of networks
(O'Malley & Palmer 1996). The importance of security networks to the risk management of critical
infrastructure was recognized early by Australian water supply authorities who, shortly after the 2001 World
Trade Center attacks, created the Australian Water Industry Critical Infrastructure Protection Group (Yates,
2003, p. 83). Recognising the implications to critical infrastructure protection that the new security paradigm
presented, the group's objectives included improving industry understanding of the threat as well as information
and strategy exchange. A key element of these objectives is the identification of best practices in business
continuity and emergency response planning, which according to Yates (2003), has been critical following a
number of threats and chemical thefts since September 11 2001 (p. 83).

The speed with which private industry recognised the needs of critical infrastructure sectors so early after the
establishment of what has become known as 'the new security environment', reaffirms that private industry can
and does take the risk management initiative. However, ensuring infrastructure security networks are established
and working well cannot be left to industry alone, and is a responsibility that according to Whelan and Palmer
(2006), rests firmly with the government; it is not simply enough to make the private sector responsible for
owning and managing risk; the government must give them the appropriate tools to do so (p. 4). According to
the US Department of Homeland Security's National Infrastructure Protection Plan, by taking an active role in
cooperating with the private sector, governments can add value to industrys ability to assess its own risk and
refine its business continuity and security plans (Department of Homeland Security, 2006, p. 10).

CONTINUITY AND RECOVERY STRATEGIES
The question of how the afore-mentioned larger issues of critical infrastructure interdependence and networks
may influence the planning and development of airport continuity and recovery plans is one that deserves
consideration. For example, an airport operator may ask whether any of their security measures are affected by
other operators in the infrastructure network, and if so, how? Do aspects of security need to be modified? Do
new measures need to be introduced as a result? They may also ask if their planning is based on relevant and
timely information gained through well established, cooperative, and trustworthy channels. This process falls
under the method described by the Australian Standards Business Continuity Management handbook as risk and
vulnerability analysis, where the vulnerability of business processes and interdependencies (Standards
Australia, 2004, p. 15) is considered. Intelligent consideration of problems of interdependence reveal that if the
Australian Government can encourage industry to go beyond efforts already justified by their corporate
business needs (Department of Homeland Security, 2006, p. 9) in regards to business continuity and recovery
planning, infrastructure sectors may tip from a starting equilibrium in which no one invests in security, to a
new equilibrium that improves security and increases expected profits (Kearns & Ortiz, 2004).

THREATS AND THE OPERATIONAL ENVIRONMENT
An examination of the stages of continuity and recovery planning reveals the way infrastructure
interdependence and poor security networks can adversely impact the process. Understanding an airports
operational environment and determining the threats that could cause major disruption to operations is the first
stage of business continuity and recovery planning. Should interdependence issues and security network
efficiency not be considered at this stage, the net result is an increase in risk to the individual airport, and
therefore aviation infrastructure as a whole. Airport owners need to consider not only how their security is
affected by deficiencies in other areas of the infrastructure network, but also how their security impacts the
overall protection of the infrastructure. This daunting task can be simplified by considering these issues as
interdependence risk. Should this stage of establishing the context in business continuity management in the
48

aviation industry fail to consider the unique issues of infrastructure protection, there is the potential for
misallocation of resources, skewed threat assessments, and gaps in airport security. The importance of a
comprehensive approach to continuity and recovery planning cannot be stressed enough given the social,
economic and political consequences of infrastructure failure, and the consistent tendency of terrorism to shift
its focus to overlooked vulnerabilities.

In order to determine and assess the nature, source, and extent of threats to the airports physical infrastructure
and operations, a threat assessment is employed. This process has particular significance to security networks
and the issues of information sharing. Having an established, trusted, and relatively local security network that
functions in tandem with bodies such as the Trusted Information Sharing Network, greatly benefits this process
by ensuring the use of relevant information from a variety of trusted sources. This part of business continuity
management is very much akin to the initial stages of the Australian Government prescribed AS/NZS4360:2004
Australian Standard for Risk Management, and similarly relies heavily on communication and consultation. A
broad-based threat assessment that, in addition to natural and technical risks, assesses the intentions of people
who could pose a hazard to a resource or function, how they might cause harm and their ability to carry out their
intentions (Yates, 2003, p. 146) must be appropriately informed to be effective.

CRITICALITY
The second stage of the continuity and recovery planning process involves the identification of operations that
are critical for both short and long term operational capability. This kind of forethought can be seen in the case
of the attempted car bombing at Glasgow airport in 2007, where the airports integrated continuity and
emergency plans initiated such critical continuity mechanisms as calling in off-duty support staff, establishing a
business recovery team within two hours of the incident, and establishing a separate check-in area after the
short-term loss of terminal 2 (Crichton, 2007, p. 20). Establishing what is critical to operations must be
informed by the policy and procedures of all other airports in the infrastructure network. This aspect of
interdependence must be considered if continuity and recovery plans are to gel with the contingency plans of
surrounding airports, should flights need to be diverted and other support deemed necessary.

Unlike other forms of critical infrastructure where public access is not a fundamental security issue, the aviation
industry is one that deals with the public in a very physical sense with a need for efficiency and relative
openness of movement. Singling out the purposeful agents acting out of complex motivations to do harm
(Heal, et al., 2008, p. 273) that may be present among the millions of people that pass through Australias
airports every year is a fundamental security issue. This vulnerability combined with the heightened risks of the
new security environment means that an emphasis on the risk of malicious actions is reasonable within an all-
hazards approach.

CONSEQUENCE AND RESOURCE ASSESSMENTS
Assessing the impact of the identified threats on an airports critical functions, as well as identifying the
required resources to ensure continuity and rapid recovery, form the third stage of the continuity planning
process (Standards Australia, 2004, p. 6). To assess the impact of a threat, the likelihood must also be
determined to give an overall level of risk which must be appropriately informed by relevant information from
sources such as the Trusted Information Sharing Network and Aviation Risk Context Statements. The USs
National Infrastructure Protection Plan (Department of Homeland Security, 2006) states that the challenges of
the new security environment requires new approaches focused on intelligence-driven analysis, information
sharing, and the private sector (p. 10). Security networks provide the resources to realise this new approach.
In addition to threat assessment, business continuity and recovery plans also need resources to function. A key
role of business continuity is to ensure preparedness for disruption, which requires that the responsibilities and
resource aspects of the plans are in place. The critical nature of infrastructure means that the consequences may
well be entirely disproportionate to an actual attack, should the harm imagined by purposeful agents
successfully disrupt critical infrastructure.
49

Cyber Attack
Malicious disruption need not be a physical attack as demonstrated by a hacker who disabled an airport control
tower computer system in Worcester, UK in 1997 (Chantler & Broadhurst, 2006, p. 7). However, the term
cyber attack tends to conjure visions of Dr Whos Cyber-men, which makes the concept feel fanciful and far-
fetched. Unfortunately a cyber attack on an airports information systems is not a fanciful scenario but an
increasingly apparent reality. Due to the complex and interdependent nature of critical infrastructure and their IT
systems, cyber terrorism may achieve its political goals by being used to discredit governments by negatively
impacting on critical infrastructure through incapacitation, exploitation or attempts at destroying or disruption of
essential services (Cyber Security Journal, 2006).

The prevention of cyber attacks on critical infrastructure is an intimate requirement in critical information
infrastructure protection (Chantler & Broadhurst, 2006, p. 27) and the threat should not be disregarded. This
kind of threat to airport security has the potential to be directly affected by the lack of incentive to invest that is
often generated by the industry's security equilibrium and the infrastructure's interdependence. If the trend in the
industry is not to invest in IT security, then risk management decisions based on return of investment will tend
to reflect this. However, if the risk management decisions are based on ensuring business continuity (whether
for reasons of economics or politics) the potential is for the industry equilibrium to eventually tip in favour of
more robust critical infrastructure security trends.
Explosives
A threat that is taken very seriously in the protection of airports is screening for explosives. Since 2004, the
Australian Government has established Checked Baggage Screening (CBS) with explosive trace detection
capable x-ray equipment in each of Australia's international and, more recently, domestic airports; further plans
to include all regional airports were announced in the May 2007 budget (Department of Infrastructure,
Transport, Regional Development and Local Government, 2008). These measures are designed to prevent
explosives from getting on board a passenger aircraft, or on the airside of the facility. This also closes come of
the security gaps relating to different screening procedures between regional and other airports. However, threat
scenarios that examine these types of vulnerablilities, such a bomb planted by an insider (such as a baggage
handler) or a cargo bomb planted on an aircraft, must also be considered as they may relate to infrastructure
interdependence and the differing security strategies between airports.

Unfortunately there are many other scenarios that are quite credible in which other vulnerabilities are exploited.
Stevens et al., (2006) lists several possible bombing scenarios for an airport environment, including; a luggage
bomb of around 50 pounds which could cause mass casualties in a screening line; a curbside car bomb of up to
500 pounds detonated at gathering areas; and a tower/utility plant or large truck bomb in excess of 1000 pounds
of explosive (p. iix-ix). These forms of attack are somewhat more 'conventional' with numerous examples
available, from the US embassy bombings in East Africa in 1998 to the more recent 2008 bombing of the
Marriot hotel in Islamabad. The devastating consequences and limited number of mitigation strategies for these
types of attacks makes effective security network consultation and cooperation essential. More imaginative
attacks must also be anticipated, as a series of failed mortar attacks by the IRA on Heathrow Airport in 1994
illustrates (Stevens et al., 2006, p. iix-ix). But this must be carefully balanced with the credibility and likelihood
of the threat. The new security environment has added to the list of explosive threats and it is now generally
accepted that hydrogen peroxide based liquid explosives (HPOM) pose a terrorist threat to civil aviation (De
Ruiter & Lemmens, 2008, p. 205). Decisions of where and how much to invest in protection from these types of
threats can be influenced by the security investment trend across the infrastructure network. Therefore
communication and consultation with larger security networks (such as the Trusted Information Sharing
Network), the airport's local security network, and regional networks involving many airports should be
undertaken to ensure all aspects of each identified threat have been considered in the critical infrastructure
context.
Firearms
Stevens et al. (2006) also propose several scenarios involving firearms which may be used to conduct a public
area attack. According to Stevens, et al. (2006), between 3 and ten terrorists with body armor and automatic
weapons could kill a large number of people before being stopped (p. ix). Although a less likely scenario given
Australia's strict automatic weapons laws, careful consideration that is appropriately informed by security
networks support can dramatically limit the damage caused by such situations. Practical exercises coordinated
50

with local law enforcement and emergency services will not only fine tune the response and recovery strategies,
but also foster a good working relationship within the security network. These principles apply to any severe
disruption that stretches continuity and recovery plans, and were shown to be very effective in the response to
the Glasgow airport attack in 2007 (Crichton, 2007, p. 20).
CBR Threats
The new security environment has also brought with it fears of terrorists using biological, chemical and
radiological weapons against critical infrastructure targets. Smith and Runyon (2003) assert that bio-terrorism is
a credible threat, especially given that numerous biological agents can be used as weapons (p. 5). According
to Audi, Belson, Patel, Osterloh, and Schier (2005) in their comprehensive review of the biologic toxin ricin,
threats of ricin release and procurement of ricin as a terrorist weapon highlight the need to be vigilant for
illness suggestive of ricin exposure (p. 2342). Ricin is one of the most easily produced and lethal biologic
toxins known, particularly when inhaled. Strategies for dealing with an outbreak of biological agents are reliant
on many factors including training, policy, monitoring, response capacity, laboratories, and secure information
and communications systems (Smith & Runyon, 2003, p. 2).

Fostering a cooperative relationship of trust with the local emergency services and healthcare facilities through
joint exercises is essential to ensuring that such an incident is handled effectively. Security networks can be used
to coordinate such exercises regularly, and to promote cooperation and trust within these areas of infrastructure
protection. Chemical weapons including nerve, blister and choking agents (Smith & Runyon, 2003, p. 8) as well
as radiological devices, or dirty bombs utilising conventional explosives to disperse radioactive material
require similar considerations in terms of medical assistance and mock exercises. Less likely than more
conventional attacks due to the difficulties in procurement, storage, transport and handling, these types of
attacks are also largely without precedent and views range widely as to their impact. For example, Smith and
Runyon (2003) state that:
a radiological attack would involve low-level radioactive material... the number of people who
would be sickened by such an attack and the amount of territory that could be contaminated would
depend upon the type of material and the amount of conventional explosive used to spread it. (p.
9).
With so many variables affecting the impact of a biological, chemical or radiological attack, it is difficult to
know if mitigation and continuity strategies are going to be effective. Security networks help critical
infrastructure owners to understand the realities and relevance of threats and therefore develop more credible
and accurate scenarios.

THE BUSINESS CONTINUITY PLAN AND SPECIFIC ACTIONS
The fourth stage of the continuity planning process is essentially one of documentation of the identified
infrastructure and resources that are necessary to ensure operational continuity. Within this documentation,
specific actions are set forth that deal with various contingencies or scenarios. The relevance and accuracy of
these scenarios directly affects the relevance and effectiveness of the documented response actions. According
to Schwartz (2003), the formulation of credible scenarios is essential to explain and test the interdependencies of
critical infrastructure. According to Elias (2008), this may be done through specific actions set forth in a series
of supporting plans for operational security, surveillance and intelligence, threat response, system recovery, and
coordination (p. i).

Specific actions set forth in the continuity and recovery plans that are based on inaccurate or fanciful scenarios
may severely impact the effectiveness of those plans. Protecting critical infrastructure from incidents that could
potentially bring the nation-states essential functions to a halt should be given due attention and as much detail
as is practically necessary. Boin and McConnell (2007) argue that many worst-case scenarios fail to convince
and invite ridicule on the part of practitioners (p. 57). Credible and realistic scenarios are necessary if the
question of how to best allocate resources for the protection of sites of critical infrastructure is to be adequately
addressed (Jenkins, 2002).
51

Working Smart
Throwing the most resources at the worst case scenarios imaginable does not necessarily provide the best
protection for critical infrastructure. In a review of security at Los Angeles International Airport, Stevens, et al
(2006) found that security solutions tended to fall into one of four categories:
1. Low-cost options that greatly reduced the risk of terrorism;
2. High-cost options that greatly reduced the risk of terrorism;
3. Low-cost options that modestly reduced the risk of terrorism, and;
4. Expensive solutions to modest problems. (p. iix-ix).
The study also found that dramatic improvements could be made by implementing just two of the category 1
options (Stevens, et al, 2008, p. xiii). This type of approach satisfies the cost/benefit analysis of business as well
as the Government's need to maintain service continuity. This partially bridges the public/private divide and
indicates that the protection of critical infrastructure can be achieved in effective and cost effective ways.

TRAINING AND EXERCISES
The fifth stage of continuity management involves promoting awareness and training in the Business Continuity
Plan and associated emergency responses. This stage is intricately linked with local and regional security
networks, and according to Waugh (2004), investment in planning and exercising [are essential] to assure that
those security networks are adequate (p. 312). Elements of infrastructure interdependence that were considered
earlier in the continuity planning process will directly impact how training and exercising is conducted, the level
of investment in training, and eventually the level of coordination and cooperation during a disruption. Airport
operators may ask if another airports contingency plans take into account a particular disruption of their
network node (airport). If not, what adjustments need to be made to continuity plans to compensate? Of course,
the ideal situation would involve a resounding yes to the first question from all areas of the infrastructure
network. If security networks can be effective on every level, this will help the industry tip toward a more
cooperative and integrated security culture, creating a greater incentive to invest in security. Eventually this may
lead to a resounding yes emanating from a unified infrastructure network.

RECOVERY AND ASSESSMENT
The final stage of the continuity planning process is to ensure that the applied processes remain up to date and
appropriate to the security environment. This is a continual process of review and improvement. The review
process is integrally linked to the recovery phase of a disruption, and is essential in order to establish potential
areas of improvement. The recovery stage of emergency crisis management involves the re-establishment of
critical airport functions in the least time possible. Enoma and Allen (2007) identify key aspects of recovery as:
- Availability of backup or alternative for the facility;
- The ease of repair or replacement;
- The experience and expertise available;
- The strength of the workforce;
- The speed at which the security authority takes control of the situation;
- The way and manner the airport officials handle the situation;
- The early arrival of help from ambulances and medical crew;
- Creation of support and canceling areas for those involved;
- Clear communication to everybody on the situation at hand through the public address system;
- Clear signage to the nearest assembly point; and
- An unobstructed route to the nearest assembly point. (p. 311).

52

Recovery also involves assessing the performance of the planning, preparation and response. The process of
assessment can be problematical given the difficulty in determining where and how improvement has occurred,
and where it is needed. Here, the importance of regional security networks that involve many airports becomes
apparent, as details of recovery assessment for different airports may be compared in order to aid evaluation.
Enoma and Allen (2007, p. 296) state that the use of key performance indicators for airport safety and security
may provide a frame of reference for post incident assessment. They argue that key performance indicators can
aid comparison like for like so it will be possible to compare the operations of different airports (p. 301).
Rigorous benchmarks, key performance indicators as well as measurement and performance targets are tools
that can assist the speed of recovery and limit the loss of lives, assets and money (Enoma & Allen, 2007, p.
313).

However, no amount of planning and preparedness is adequate to prevent all extreme risks from eventuating
(Wildavsky, 1988). Much literature has been published on both the requirement and the impossibility of
knowing the sources and dynamics of threats well enough to avoid them all (Turner, 1978; Reason 1990, 1997;
Pauchant & Mitroff, 1992; Anheier, 1999; Gauld & Goldfinch, 2006). But given the critical nature of
infrastructure, it is the responsibility of the private sector to ensure all available tools are utilised to ensure
continuity and that due consideration is given to the risks and benefits of the fundamental interdependence of
infrastructure. It follows that the Government must take responsibility for providing the appropriate tools for the
private sector to apply, and to provide essential support through its departments and the Trusted Information
Sharing Network.

CONCLUSION
The protection of critical infrastructure poses some of the most significant challenges to nation-states today.
This paper examined the process of planning, incident, and recovery for Australian airports taking into
consideration the problems associated with security networks and the interdependent nature of critical
infrastructure. It was found that the fundamental interdependence that allows aviation infrastructure to function
may be an additional source of risk which creates variations in the expected risk exposure within the
infrastructure network. Mitigation strategies at one airport may be rendered ineffective or redundant by the
security arrangements of another airport within the network. There is also an increasing awareness that the
privatised nature of much of Australias critical infrastructure calls for a broader and more robust integration of
public and private elements in security networks.

However, the aviation infrastructures fundamental interdependence may also yield great benefits in creating an
integrated security solution. Agreement and cooperation on security measures among a small part of the
infrastructure network can change the tide of opinion and the general security outlook among aviation
infrastructure owners and operators. Measures employed to increase the integration of public and private
elements in security networks will assist these networks to be effective on every level. This has the potential to
help the industry tip toward a more cooperative and integrated security culture, creating a more robust security
environment for Australias critical aviation infrastructure.

REFERENCES

Anheier, H.K. (Ed.). (1999). When things go wrong: organizational failures and breakdowns. Sage: Thousand
Oaks, CA.

Attorney Generals Department. (2005). National Counter-Terrorism Plan (2
nd
ed.). Canberra: Commonwealth
of Australia.

53

Attorney Generals Department. (2008). Information for business: Business continuity planning. Retrieved
August 20, 2008, from
http://www.ag.gov.au/agd/www/nationalsecurity.nsf/Page/Information_For_BusinessBusiness_Continuit
y

Audi, J., Belson, M., Patel, M., Osterloh, J., & Schier, J. (2005). Ricin poisoning: a comprehensive review.
Journal of the American Medical Association, 294(18), 2342-2351.

Boin, A., & McConnell, A. (2007). Preparing for critical infrastructure breakdowns: the limits of crisis
management and the need for resilience. Journal of Contingencies and Crisis Management, 15(1), 50-59.

Boin, R.A., Kofman-Bos, C., & Overdijk, W.I.E. (2004). Crisis simulations: exploring tomorrows
vulnerabilities and threats. Simulation and Gaming: An International Journal of Theory, Practice and
Research,35(3), 378-393.

Chantler, A.N., & Broadhurst, R. (2006). Critical information infrastructure protection. Technical report for the
Australian Institute of Criminology. Retrieved August 10, 2008, from http://eprints.qut.edu.au

Crichton, G. (2007). The Glasgow airport attack from a business continuity and crisis management point of
view. Business and Continuity Journal, 2(3), 18-24.

Cyber Security Journal. (2006). Cyber threats to the critical infrastructure of the nation. Retrieved August 14,
2008, from http://www.cybersecurityjournal.com/category/cyber-crime/

Department of Homeland Security. (2006). National Infrastructure Protection Plan. Washington. DHS.

Department of Infrastructure, Transport, Regional Development and Local Government. (2008). Aviation
Security Measures for Carry-on Baggage at International Airports. Retrieved August 4, 2008, from
http://www.infrastructure.gov.au/transport/security/aviation/LAG/index.aspx

De Ruiter, C.J., & Lemmens, O.M.E.J. (2008). Liquid explosives the threat to civil aviation and the European
response. In H. Schubert and A. Kuznetsov (Eds.), Detection of liquid explosives and flammable agents
in connection with terrorism. Springer Science.

Dupont, B. (2004). Security in the age of networks. Policing & Society, 14(1), 76-91.

Elias, B. (2008). National aviation security policy, strategy, and mode-specific plans: background and
considerations for congress. Congressional Research Service. Retrieved August 15, 2008, from
http://www.fas.org

Enoma, A., & Allen, S. (2007). Developing key performance indicators for airport safety and security.
Facilities, 25(7/8), 296 -315.

Fleckner, A. (2005). Developing a comprehensive approach by transport operators to the terrorist threat.
Proceedings of the Australian Urban Transit Security Conference. Melbourne: AHSRC.

54

Gauld, R., & Goldfinch, S. (2006) Dangerous enthusiasms: E-government, computer failure and information
system development. Otago University Press: Otago.

Heal, G., Kearns, M., Kleindorfer, P., & Kunreuther, H. (2008). Interdependent security in interconnected
networks. Proceedings of the International Public-Private Preparedness Summit, 2008. Florence. NYU.

Jenkins, B.M. (2002). Get used to it: our airports are vulnerable to terrorism. Retrieved August 12, 2008, from
http://www.rand.org/commentary/2002/07/25/LAT.html

Kearns, M., & Ortiz, L.E. (2004). Algorithms for interdependent security games.University of Pennsylvania.
Retrieved August 20, 2008, from
http://books.nips.cc/papers/files/nips16/preproc/NIPS2003_AA71.pdf

O'Malley, P. & Palmer, D. (1996). Post-Keynesian policing. Economy and Society, 25(2), 137-155.

Pauchant, T.C., & Mitroff, I.I. (1992). Transforming the crisis-prone organization: preventing individual,
organizational and environmental tragedies. Jossey-Bass: San Francisco.

Reason, J. (1990). Human Error. Cambridge University Press: Cambridge.

Reason, J. (1997). Managing the Risks of Organizational Accidents. Ashgate: Aldershot.

Rosenthal, U. & Pijnenberg, B. (Eds) (1991). Crisis management and decision making: simulation oriented
scenarios. Kluwer: Dordrecht.

Rothery, M. (2005) Critical infrastructure protection and the role of emergency services. The Australian Journal
of Emergency Management, 20(2), 45-50.

Schwartz, P. (2003). Inevitable surprises: Thinking ahead in a time of turbulence. Gotham Books: New York.

Smith, J.A.D., & Runyon, L.C. (2003). Terrorism preparedness and response. Washington: National
Conference of State Legislatures.

Standards Australia. (2004). HB 221 Business Continuity Management. Sydney: Standards Australia.

Stevens, D., et al. (2006). Implementing security improvement options at Los Angeles international airport.
Congressional Research Service. Retrieved August 15, 2008, from http://www.fas.org

t Hart, P. (1997). Preparing policy makers for crisis management: the role of simulations. Journal of
Contingencies and Crisis Management, 5(4), 207-215

Trusted Information Sharing Network. (2004). Critical Infrastructure Protection National Strategy. Version 2.1.
Canberra. Commonwealth of Australia.

55

Turner, B.A. (1978) Man-made Disasters. Wykeham: London.

Waugh, W.L. Jr. (2004). Securing mass transit: a challenge for homeland security. TheReview of Policy
Research, 21(3), 307-317.

Wheeler, J. (2005). An Independent Review of Airport Security and Policing for the Government of Australia.
Canberra: Commonwealth of Australia.

Whelan, C., & Palmer, D. (2006). Responding to terrorism through networks at sites of critical infrastructure: a
case study of Australian airport security networks. Proceedings Social Change in the 21st Century
Conference 2006 (pp. 1-13).Brisbane. QUT Carseldine.

Wildavsky, A. (1988), Searching for Safety. Transaction: New Brunswick.

Yates, A. (2003). Engineering a safer Australia: Securing critical infrastructure and the built environment.
Australia: Institution of Engineers.

COPYRIGHT
Melvyn Griffiths and William. J. Bailey, Edith Cowan University 2008. The author/s assign Edith Cowan
University a non-exclusive license to use this document for personal use provided that the article is used in full
and this copyright statement is reproduced. Such documents may be published on the World Wide Web, CD-
ROM, in printed form, and on mirror sites on the World Wide Web. The authors also grant a non-exclusive
license to ECU to publish this document in full in the Conference Proceedings. Any other usage is prohibited
without the express permission of the authors.

56

Modern Society as Risk Society: Implications of Modernity on Private Security

David Jurcic
djurcic@student.ecu.edu.au

Abstract
German sociologist Ulrich Beck has devised an exclusive theory of risk and reflexive modernisation, impacting
considerably on contemporary sociological thinking (Elliott, 2002). One of the core tenants of Becks argument
is that modernisation is dissolving industrial society and in its place, leaving behind a new modernity
(Shearing & Stenning, 1981). Beck refers to this new modernity as risk society, a type of society where the
notion of risk becomes the new lens through which individual and institutional thinking is guided in
contemporary societies (Hall, 2002). Drawing on the work of Beck and other scholars, this paper examines the
growing concerns with security/protection, by placing the analysis within the context of the late modern or risk
society. The paper attempts to demonstrate how security is likely to be impacted by present societys growing
focus towards the control and management of uncertainty and risk.

Keywords
Ulrich Beck; modernity; risk society; reflexive modernisation; risk management; ontological security; risk
society thesis; protection.

INTRODUCTION
Simple Modernity to Post Industrial Era
According to Ferguson (1997), simple modernity ran from a period between the 1920s to the 1970s. Western
societies during this particular period have been described as pre-modern societies, as it was a period during
which the concept of uncertainty was understood as danger or hazard over which people had little or no control
(Hall, 2002). It has been suggested that the idea that people could in some way control uncertainty, was not part
of the lexis at that time and in the event of some misfortune, outcomes were attributed to fate, chance or even
Gods will (Hall, 2002). Hence threats were viewed as a given, but an outcome over which people or even
society had little or no control (Hall, 2002). According to Shrivastava (1995), the logic of wealth production
dominated the logic of risk production: risks [in this era] were [viewed] as minor, and they could be treated as
a latent side effects or externalities of production (p.120).
The move from classical industrial society (simple modernity) to the post industrial (modernity) era has resulted
in a shift in the way society and individuals think about threats and hazards. Hall (2002) says that modernity has
brought on a condition in which the logic of risk has emerged as a dominant preoccupation, whereby Instead of
viewing most threats as givens, people increasingly understand risk as products of human activities, and as a
phenomena over which humans exercise control and responsibility (p.175). Hence, thinking in terms of risk
has become central to the way in which human agents and modern institutions organise the social worldrisk
managing and risk monitoring increasingly influence both the constitution and calculation of social action
(Elliott, 2002, p. 299).

Risk A New Way of Thinking
Risk based ways of thinking may be observed in business, government and professional practice where
individuals and institutions are persistently ordering reality into a calculable form. Furedi (2005) describes risk
based thinking as the application of rational management principles that is symptomatic of contemporary
cultural attitudes towards threatening and dangerous phenomena. It seems apparent that human agents in the
57

modern world are attempting to control an unpredictable future through mechanisms that aim to control risk
(Elliott, 2002; Loader, 1999).
Today, it is common practice for human agents within developed democracies to proactively manage risk and
uncertainty, by anticipating undesirable outcomes before as apposed to retrospectively dealing with the effects
as they arise (Shearing, 2001). Classical risk oriented approaches to decision making involves a temporal shift to
pro-actively anticipate and forestall events that have yet to occur, but paradoxically may not actually ever occur,
by changing the language of misfortune or uncertainty into a calculable probability (Hollway & Jefferson, 1997;
Zedner, 2007). Through the use of methodologies and practices that attempt to order the future into calculable
constructs, human agents have discovered the rationale behind the improvements and gains that are achievable
during decision making, especially when risky judgements and decision need to be made. According to Beck
(1992) present-day awareness of hazards or threats has become future orientated; The centre of risk
consciousness lies not in the present, but in the futureWe become active today in order to prevent, alleviate or
take precautions against the problems and crises of tomorrow and the day after tomorrow (p.34). There is a
growing tendency by human agents to understand what the outcomes (consequences) are likely to be, before
engaging in activities that might be considered as risky (Furedi, 2005). This is supported by Los (2002) in which
she states that within the new order, people have begun to assess potentially hazardous situations and choose
how to approach them (p.171).

Reflexive Modernization - Responding to Dangers
Risk society commentators like Beck, Giddens and others support the view that present day preoccupations with
risk management, security (protection/loss prevention) and safety is linked to societies heightened fears of
threats and hazards brought on by a climate of insecurity (Hughes, 2003). This insecurity may be due to the
process of reflexive modernization which, according to Beck is at the core of risk society (Ferguson, 1997).
Reiterating, since around the 1970s, western societies have entered a new social order, an era of modernity or
risk society. Within such an era, there appears to have been significant changes to the way people and the
greater society perceive and then responded to hazards and dangers. Many authors discuss the new risk
consciousness that exists, which essentially concerned with undesirable risk events and its management.
Following on from the argument above concerning the climate of insecurity, such insecurity is then said to be
linked to reflexive modernization.
Insecurity may increase because of the reflex or responsive behaviours that people may have towards
information about hazards and dangers. Essentially, people react and organise their behaviours and activities in
manner that reflects an increased awareness of the potential harms that are out there somewhere in the world of
which they form apart. People thus have a conscious recognition that potential downsides to risk do exist and
that the outcome of a risk can be harmful. However, there is also an awareness of the gaps in knowledge about
the possibility of future events that cannot be predicted with absolute certainty (Ferguson, 1997). Reflexive
modernity may mean that individuals and institutions perceive and respond to control the possibility of
unfortunate events, even with the awareness of the existence of inadvertent or unknown consequences
(Ferguson, 1997). It is possible to observe links between societies concern with threats and hazards, brought on
by insecurity and the corresponding reflexive application of precautionary techniques to better manage the
negative consequences that have been brought on by modernisation (Hutchinson & O'Connor, 2005; O'Reilly &
Ellison, 2005). For example, according to Loader (1999), The purchase of policing services or security
hardware enablespeople to feel they have acted responsibly in the face of crime, reducing their levels of risk
and bringing themselves some peace of mind (p.382).
There are likely to be more complex structural linkages that explain the desire for modern agents to take pre-
emptive action to secure themselves. Many authors suggests that modern societies desire for certainty over
uncertainty, precipitated by conditions of anxiety, is likely to play a substantial part in attracting human agents
to courses of action that offers the ability to provide order and control to an otherwise uncertain or unpredictable
future (Hollway & Jefferson, 1997). Hutchinson & O'Connor (2005) suggest that the growth of protection
systems is part of the surge towards risk based thinking, which paradoxically, has become central to the practice
of asset protection.

The Search For Certainty
Giddens as cited by Rasmussen (2002) mentions the term ontological security, a condition that is desired by at
risk societies. The term implies the firm knowledge of what one might expect (p.331). Modern society is
an actuarial society, where many aspects of social life are transformed from a state of unknowability, invisibility
or even uncertainty, to a social that is informed, visible, knowable and manageable (Ferguson, 1997;
58

Hutchinson & O'Connor, 2005). Societys desire for ontological security requires knowledge. The insatiable
demand for knowledge is increasingly a function [that] is linked to the generic task of providing information
for risk analysis (Johnston, 1999, p.189). Ontological security flows from the knowledge provided by the
systematic generation of information gained during the analysis of risks (Hall, 2002). There is evidence to
suggest that the contemporary security discourse has adapted an actuarial frame of reference that presumes
that security risk events are predictable and therefore calculable and manageable (Ferguson, 1997). According to
Fisher & Green (1998) Security implies a stable, relatively predictable environment in which an individual or
group may pursue its ends without disruption or harm and without [the] fear of disturbance or injury (p.3).
Security as defined here implies the creation of conditions of stability and predictability against harm and injury,
which not surprisingly, is symptomatic of an at risk society. The definition seems to imply that security risk
events are visible, knowable and therefore predictable.
The Insatiable Demand For Protection
According to Ericson, Barry, & Doyle (2000), security is at the core of modernity. Many authors support the
view that there is an insatiable demand for security due to heightened perceptions of risk (Abrahamsen &
Williams, 2006). Accordingly, human agents will be attracted to security as it provides a veneer of control over
the fear of threats or for some, a means to control their susceptibility to victimisation (Loader, 1999). Giddens as
cited by Loader (1999) describes how it is now common to see individuals, businesses and communities
building protective cocoons around themselves. This apparent shift in consciousness to anticipate and forestall
undesirable outcomes is exemplified by the modern approach to the provision of security, where risk based
(predictive, actuarial and event based) methodologies have for many years, been a principle characteristic
(O'Reilly & Ellison, 2005).
Lustgarten as cited by O'Reilly & Ellison (2005) suggests that security institutions have long been in the
business of providing risk management solutions, even before the onset of modernity. It is important, at least in
this context, to highlight the difference between preventive methodologies in a generic sense and risk based
solutions in particular. To suggest, as Lustgarten does that security intuitions have long used risk based modes
of operation, would not be entirely accurate. Early security programs were not pre-emptive in a true sense as
would be understood by contemporary risk discourses. Applications of preventive security measures prior to the
1970s were driven by an enforcement mentality that required adherence to rules and the application of physical
hardware that were implemented after a security breach had been realised. Hence, security measures were
implemented to counter a security breach after the fact, to prevent reoccurrence, which is a reactive approach.
Real applications of risk management methodologies require forward planning and proactiveness to anticipate
events before they manifest into tangible loss and disruption. Such forward thinking within a security context is
a modern realisation. This is supported by Shearing (2001) where he mentions that risk focused modes of
governing is emerging within security. Shearings commentary also contradicts Johnstons (1999) argument that
the principles of risk management have been central to commercial security for more than a century.

Shifting Crime Discourse
According to Loader (1999), taking precautions against crime risk within modern society is becoming the
norm rather than the exception for individuals and organisations. Coleman & Sim (1998) make note of the
official discourse on crime that is increasing being viewed as a risk to be managed, rather then an issue that
needs to be explained. According to Shearing (2001), traditional or pre-modern modes of thought that centred
on justice are being eroded by a new morality, one that is based on the logic of risk. This risk logic or new
penology as Coleman & Sim (1998) point out is focused upon an instrumentalist approach that is central to risk
based thinking. It is possible to observe how traditional notions of crime control are changing due to modernity.
Order maintenance, upholding social norms and making criminals accountable for past wrongs, traditionally
central to criminal justice systems is according to Shearing (2001) slowly fading. The move towards modernity
has changed the way society views crimes and criminals. Crime is now less attributed to economic and social
conditions or demography and instead seen as a given, a normal condition of modernisation that needs to be
examined in the context of probability and consequences, and measures implemented to reduce loss or prevent
disruption (Zedner, 2003). Criminality is no longer presented as a deviation from the norm but rather as
continuous with normal social interaction and motivated by the same urge to utility maximisation (Zedner,
2003, p.158). Reflexive societies have begun to deviate away from correcting past wrongs and tyring to
rehabilitate offenders, to a mode of thinking that is emphasizing a conscious shift towards understanding the
costs of wrongs or crimes and what can be done to prevent the likelihood of future reoccurrence. Accordingly,
risk management is managerial, not corrective or punitive. It does not focus on problems or causes,
wrongdoing or the morality of erring individuals, but on reducing risks and avoiding harm (Heng, 2002, p.
234).
59

Risk Society and Security A Harmonious Existence
Risk societies, though it would seem, appear to be obsessed with the search for security (Johnston, 1999).
Security can survive strongly within a cultural sphere that is dominated by risk based thought and action
(Johnston, 1999). As society changes, security has also transformed to accommodate and feed the growing
expectations of a risk society. As society exhibits a growing tendency towards risk based ways of thinking, the
working practices of security have adapted to ensure that its principle mode of functioning caters for the
challenges presented by contemporary risk society. Modern security has adapted the philosophy of risk
management which is now firmly embedded within contemporary discourses. The working practices of security
emphasise a rational, pragmatic approach to decision making. The aim is to reduce or prevent loss and therefore
protect the interests of populations that are at risk of future security violations (Lippert & O'Connor, 2006).
Security achieves its objectives by identifying, assessing, evaluating and quantifying risks and then providing
cost effective options to reduce the probability and or consequences. This contemporary discourse ensures that
security accentuates a temporal shift in its own consciousness that will motivate thought and action towards
anticipation, forward planning and proactiveness. As modernity has brought with it a consciousness of risk,
which according to Heng (2002) is bound up with attempts to control and colonize the future (p.232)
Present day security discourses have moved towards controlling and anticipating the future via proactive,
calculated, risk based actions.

CONCLUSION
This paper introduces the risk society thesis developed by Ulrich Beck. The discussions have attempted to show
how the growing concerns with risk and its management is driven by Western societys heightened perceptions
of hazards and dangers that are driven by a process of reflexive modernization. Growing concerns with threats
and hazards, brought on by insecurity, causes a corresponding reflexive application of precautionary techniques.
As individual and institutional thinking is being continuously guided and framed by a risk logic, we thus
observe an actuarial society at work where most aspects of social life are transformed from a state of
unknowability, invisibility or even uncertainty, to a society that is informed, visible, knowable, calculable and
manageable. It was also shown that as society has entered a post industrial state, the working practices of
security have adapted the philosophy of risk management to ensure that its principle mode of functioning caters
for the challenges presented by contemporary risk society.
It would appear that there is an insatiable demand for security due to heightened perceptions of risk in the post
industrial era. Human agents will be attracted to security as it provides control over the fear of threats or in some
instances, will be the sole means by which these agents can reduce their levels of victimisation. Hence security
enables people to feel they have some control over the wrongs or dangers that seem to be prevalent within the
consciousness of the post industrial era, bringing stability and predictability.
The paper also discusses how reflexive societies have begun to deviate away from correcting past wrongs and
tyring to rehabilitate criminals, to a mode of thinking that is beginning to emphasize an understanding of the
costs of crimes and what can be done to prevent the likelihood of future reoccurrence, consistent with a risk
logic. The move towards modernity has changed the way society views crimes and criminals; crime is now less
attributed to economic and social conditions and instead seen as a given, a normal condition of the late modern
era that needs to be dealt with by a risk frame of reference.
It appears that security will continue to be in strong demand by a risk society. As long as insecurity prevails, and
there is strong desire by human agents to pre-empt undesirable outcomes, and to bring a sense of stability and
predictability to an otherwise dangerous and unpredictable world. Security will continue to exist to provide the
type of protection that is tailored and which reflects the consciousness of risk society.

REFERENCES

Abrahamsen, R., & Williams, M. C. (2006). Security sector reform: bringing the private in. Conflict, Security &
Development, 6(1), 1-23.
Coleman, R., & Sim, J. (1998). From the Dockyards to the Disney Store: Surveillance, Risk and Security in
Liverpool City Centre. International Review of Law, Computers & Technology, 12(1), 27-45.
Elliott, A. (2002). Beck's Sociology of Risk: A Critical Assessment. Sociology, 36, 293-315.
60

Ericson, R., Barry, D., & Doyle, A. (2000). The moral hazards of neo-liberalism: lessons from the private
insurance industry. Economy and Society, 29(4), 532-558.
Ferguson, H. (1997). Protecting children in new times: child protection and the risk society. Child and Family
Work 2, 221-234.
Fisher, R. J., & Green, G. (1998). Introduction to Security (Sixth ed.). Woburn, WA: Butterworth-Heinemann.
Furedi, F. (2005). Culture of Fear: risk taking and the morality of low expectation (Revised ed.). London. New
York: Continuum.
Hall, D. R. (2002). Risk Society and The Second Demographic Transition. Canadian Studies in Population,
29(2), 173-193.
Heng, Y. K. (2002). Unravelling the war on terrorism: A Risk-Management Exercise in War Clothing? Security
Dialogue, 33, 227-242.
Hughes, G. (2003). Understanding crime prevention; Social control, risk and late modernity. Maidenhead:
McGraw-Hill House.
Hutchinson, S., & O'Connor, D. (2005). Policing the New Commons: Corporate Security Governance on a Mass
Private Property in Canada. Policing and Society, 15(2), 125-144.
Jefferson, W. H. T. (1997). The Risk Society in an Age of Anxiety: Situating Fear of Crime. The British Journal
of Sociology, 48(2), 255-266.
Johnston, L. (1999). Private Policing in Context. European Journal on Criminal Policy and Research, 7, 175-
196.
Lippert, R., & O'Connor, D. (2006). Security Intelligence Networks and the Transformation of Contract Private
Security. Policing and Society: An International Journal of Research and Policy, 16(1), 50-66.
Loader, I. (1999). Consumer Culture and the Commodification of Policing and Security. Sociology, 33, 373-
392.
Los, M. (2002). Post-communist fear of crime and the commercialization of security. Theoretical Criminology,
6, 165-188.
O'Reilly, C., & Ellison, G. (2005). Eye Spy Private High. British Journal of Criminology, 46, 641-660.
Rasmussen, M. V. (2002). 'A Parallel Globalization of Terror': 9-11, Security and Globalization. Cooperation
and Conflict, 37, 323-349.
Shearing, C. (2001). Punishment and the Changing Face of the Governance. Punishment & Society, 3, 203-220.
Shearing, C. D., & Stenning, P. C. (1981). Modern Private Security: Its Growth and Implications. Crime and
Justice, 3, 193-245.
Shrivastava, P. (1995). Ecocentric Management for a Risk Society. The Academy of Management Review, 20(1),
118-137.
Zedner, L. (2003). Too much security? International Journal of the Sociology of Law, 31, 155-184.
Zedner, L. (2007). Pre-crime and post-criminology? Theoretical Criminology, 11(2), 261-281.

COPYRIGHT
David Jurcic2007. The author/s assign Edith Cowan University a non-exclusive license to use this document

61

A new definition of Piracy in South East Asia required?

P. Kevans
Security Science

Bill Bailey
Abstract
Many experts consider that Piracy is a serious problem in South East Asia region and that this impacts on both
world trade and the economy generally. However, there is another school of thought that indicates because of
the way piracy is defined it includes what are in fact incidents that should be classified as crimes by another
name. The issue appears to be the definition of what is piracy? Furthermore, the reluctance of some countries
to take part in international initiatives or allow external powers to be involved in the process is also in question.
They consider it to be an infringement of their national sovereignty; therefore they deem it to have greater
geopolitical ends rather than a way to control the problem of piracy. These waters also have serious social and
economical constraints that limit their involvement to effectively mitigate the issue.\ The response to reducing
piracy incidents is neither insular nor simple; the social constructs need to be considered in providing a greater
understanding of what piracy actually means in the wider context. This will allow the actual problem of real
piracy to be dealt with effectively and not to waste resources on what could be classified as petty crime. This
paper recommends that a new definition of piracy is required in order to establish a new direction for
combating piracy.

Keywords
Piracy, Government, Legislation, Root Causes, Geopolitical, Aid, SLOC, ASEAN, UNCLOS, ReCAAP.

INTRODUCTION
The subject of Piracy is one that has become very prominent on the news today with a substantial increase in the
number of incidents this year. Although Somalia is currently the area of interest this paper will focus on the
issue of Piracy in S.E. Asia, principally the regions of Malacca, Indonesia, Singapore Straits and the littoral
states that border them. The paper will review what measures have been used to try and reduce the problem as
well as the barriers associated to agreement of some of the proposed regional and international initiatives that
are being proposed.
The process will review the definitions of piracy in a legal context, to ascertain if the legal designations
realistically reflect it broadly enough to allow effective application in perceived mitigating mechanisms.
Conversely consider whether the definitions themselves are acting as a barrier to ratification of security
initiatives and protocols.

The overall premise of research should allow for a more effective understanding of the crime threat while
considering the influential nodes that may alter the threat level. This in turn should assist the Security function,
both State and private shipping operators in the application of security policies and strategies that could prevent
or mitigate crimes at sea?
Objectives and Aims
The principal aim of the paper is to identify the level of piracy threat to the Sea Lanes of Communication
(SLOC) and Shippers in South East Asia (S.E.Asia). Establish some of the root causes of piracy on a local and
regional level including social economical aspects of the crime and identify any risk transfer nodes that may be
established when these influences are established. Based upon these aspects a redefinition of Piracy will be
suggested as a method to focus resources at the actual problem and not petty crime side issues.
62

Overall the premise is to emphasise that the issue of piracy is not a simple issue that can be adequately
prevented just by heightened frequency of marine patrols. It is offered that the threat of piracy remains where an
ineffective policing strategy is assigned. Especially if it fails to consider the inductive functions of the crime
nodes and mechanisms, as well as the barriers to achieve or maintain an accepted mitigating construct.
Significance
The principal purpose of this paper is to identify whether Piracy in South East Asia (S.E.Asia) is resulting in a
significant impact to global shipping as some regional and international governments perceive it be and why
they are pressuring coastal states to effectively address the problem. This pressure is centred on the assignment
of enforcing agencies and ratification of both regional and international protocols.

It can be offered that the international focus is based on the protection of shipping routes or Sea Lanes of
Communication (SLOC) which carry critical infrastructure commodities which are of global economic
significance. On this basis a high monetary significance could be assigned. The annual Asia global marine
market is estimated to be worth US$ 254 Bn (Parsons, Westwood, Rowley, 2002) as figure 1 below indicates,
with some 45% (Barrios 2004, P1) of the worlds shipping passing through the S.E.Asia region as such many
countries relying on the trade links then any significant threat requires mitigating for.

Figure1. Geographic Segmentation of the US$747Bn. Westwood Associates UK (2002) Global Ocean Markets

Although as stated by Maritime International Secretariat Services (MARISEC) website (The Round Table of
International Shipping Associations, 2004, P.1) it is difficult to quantify the value of world seaborne trade in
monetary terms. Douglas Westwood associates from the UK in a later paper (2005, p.24) give reference to the
United Nations Conference on Trade and Development (UNCTAD) who hazard an estimate, that the operation
of merchant ships contributes about US$380 billion in freight rates within the global economy, equivalent to
about 5% of total world trade. On this basis and that the segmentation provided in figure 1 remains applicable
this indicates that Asia merchant shipping is valued at an approximate 129bn USD.

Also in considering critical infrastructure commodities, Zubir M (2005, p.6) suggests that oil and gas shipments
passing through the Malacca straits alone are estimated to be somewhere in the region of 11 million barrels a
day, in example this route services some 80% of Japans Oil import requirements. This being the case and on
recent barrel values reaching $USD 130 (BBC News, 2008) then any threat to the safe transit of this highly
sensitive priced commodity could potentially result in a global economy downturn, stifling Asia growth and
possibly resulting in a return to the economic levels of 1998 Asia market crash.

63

Currently there continues to be healthy expansion in the shipping industry as indicated in figure 2, which
identifies nearly a doubling in growth in dry weight tonnage (dwt) over 300 gross tonnes.

Figure2. Total world merchant fleet by national and foreign registries as of January 1st, 1995 2007 (dwt index
1995 = 100) Heideloff, (2007)

This growth is further compounded by a reduction in the number of vessels being scrapped; figure 3, which
potentially indicates that the SLOC are in the short term likely becoming more congested as older vessels
remain in service, thus posing a safety risk, while also offering more opportunity to pirates.

Figure 3. World tonnage additions and reductions 1994-2006 dwt, Heideloff, (2007)

Due to these global economic values then why are countries being assigned a responsibility to act by the
International community, not ratifying regional agreements or United Nations International codes?
Firstly the premise of this paper is to identify;
What are the legal definitions of piracy and
Identify whether piracy in S.E. Asia actually poses a serious threat to regional and even
international global trade as may be suggested by experts and authors.

While doing so:
Ascertain if piracy in international waters or armed robbery, in states territorial waters, International
Maritime Bureau [IMB definition] should be re classified to correctly define the crimes that are being
committed.

It is proposed that these influences must be considered as both barriers and risk reduction concepts that will
subsequently enable international, regional power nations with a vested interest in the region as well as the
64

Shippers themselves to better consider strategies, while reducing the threat and the influences of marine based
crime.

Research Premise
The fundamental research premise is based on the general threat of piracy in the region and in such the principal
focus will be made towards the regional and geopolitical responses by governments and industry alike. To
achieve this effectively it is necessary to identify and provide examples of the threats and response in relation to
comment, theory or definition as that may be proffered by a research paper author, book or assigned legislative
function or marine standards as well as industry and government issued piracy data. Where interviews are
undertaken the research function is based on that as suggested by Cohen, Manion (2000, p.27), Research
Methods in Education.
Background
The focus of many papers points to Indonesia waters as some of the most active and dangerous waters in the
world, Beckman, 2002, p.317. Beckman further highlights that from 1999 to 2000 resulted in a 56% increase in
incidents and this was a fourfold increase compared to 1991. The author however does not indicate any potential
external influences to this increase in his example.
Asia suffered financial crises in 1998, which started after a devaluation of the Thai Baht in 1997, and this
resulted in massive regional unemployment and overall economic downturn bringing some countries to the
virtual brink of collapse. Emmer, 2007, in a working paper on piracy offers that;

The rise in Piracy has resulted from social economic difficulties face after the 1997 [not felt until 1998] Asia
crash. Poverty and unemployment resulted in piracy, an attractive income for coastal communities.
(Emmers 2007, p.9)

Southeast Asia specifically Indonesia, Malaysia and Singapore noted the following step changes in reported
piracy incidents:
Indonesian Waters 1998, 60 incidents to 2000 119 incidents
Singapore Waters (Straits) 1998, 1 to 14 in 2000
Malaysia 1998, 10 to 21 in 2000
Malacca Straits running between Malaysia, Indonesia and at its south, sitting Singapore went
from 1 in 1998 to 75 in 2000

Figure 4 provides a trend of piracy and armed attack incidents collated from IMB reports 1991 to first quarterly
reports 2008. This provides a clear indication of incident uplift 1994 to 2000 and subsequent decline thereafter
to 2008.
65

Total Attempted & Actual Piracy Incidents
(IMB Reports 2001 - 2007 - S.E.A, India, Far East, India, Sub-Continent)
0
20
40
60
80
100
120
140
160
180
200
220
240
260
280
300
320
340
360
380
1
9
9
1
1
9
9
2
1
9
9
3
1
9
9
4
1
9
9
5
1
9
9
6
1
9
9
7
1
9
9
8
1
9
9
9
2
0
0
0
2
0
0
1
2
0
0
2
2
0
0
3
2
0
0
4
2
0
0
5
2
0
0
6
2
0
0
7
2
0
0
8

(
M
a
r
c
h
)
Year
N
u
m
b
e
r
S.E.A Malaysia,
Indonesia, Singapore
Indian & Sub-continent
S.E.A & India Sub-
continent

Figure 4. International Marine Bureau (IMB), 2001 - 2007 Piracy Reports,

Although since 2000 there has been a steady overall decline in piracy incidents in S.E. Asia although there was
an upward turn in 2003, the trend has dropped by some 69% from 2000 to 2007 with incidents reported in the
region running on par with 1991 piracy reports of 102 and 109 in 2007, this is also comparable to the incident
levels pre-Asian Crash. However positive, this suggests that even in good times piracy remains and this may be
attributed to a function of community acceptance as well as a marginalization of coastal communities.

This is not to assign all the improvements in incident frequency to one facet as other constructs need to be
discussed and addressed. Although on initial data trending the link between economic stability is potentially a
principal influential factor. The downward trend in statistics has been attributed to the littoral states enforcement
initiatives (IMB, 2005 p.22) however this has been sporadic at best since being introduced between Singapore
and Indonesian navies through the Indonesian Singapore Coordinated Patrols (ISCP) patrols which commenced
in 1992, see figure 5 below:

66

Total Attempted & Actual Piracy Incidents - Key Events
(IMB Reports 2001 - 2007 - S.E.A - Malaysia, Indonesia, Singapore)
0
20
40
60
80
100
120
140
160
180
200
220
240
1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008
(March)
Year
N
u
m
b
e
r
Asia Financial Crash / USD
dollar tumbles
Tsunami
& Aceh
Ceasf ire
Thai Bhat Depreciated
Aceh peace agreement /
Indoensia elections
Indonesia: 20 Million Unemployed
79.4 Min Poverty
SARS af f ects
Toursim
Malacca Littoral States increase
Patrols. TNI/ Malay Navies praised
f or apprehending pirates by IMB
(EIS)
Insurance War Rating
start/ stop
Indonesia: 20 Million Unemployed 140
Million in Poverty / President Suharto
Loses election
Littoral State
'coordinated' patrols
Littoral State 'joint'
patrols
US Threatens to send
Troops to Malacca region
US puts pressure on
Indonesia - elections &
maintains arms embargo
IMOintroduced
Alarms on
Vessels >500 gt
Oil $45 /b
Oil Prices drop to a 12 year low at
$10/ barrel OPECf ails to cut
d ti
Oil Price increases
by 17%
9/11 Terrorist
attacks USA
Oil $30 /b
Oil $50 /b
Oil Facts & figures: http://www.atimes.com/atimes/Global_Economy/GE26Dj02.html / Asia Crises Information http://www.asiasociety.org/publications/update_crisis_ching.html / Shipping Info: http://www.imo.org/Newsroom/mainframe.asp?topic_id=476&doc_id=1339 /
http://www.mindef.gov.sg/cyberpioneer/backissuesoctnews.htm
Indonesia reduces poverty
through Industrial Employment
60% in 1970 to 14% in 1994, Sai
S.W. Latt (2007. P.62)
Allie War
on Iraq
US/ UK Af tganistan
Bombings
On 1/12/98 mandatory ship
reporting system& AIS Malacca &
Singapore Straits & new TSS
US Indonesian
military
restrictions lif ted
First The Indo-Sin
Coordinated
Patrols (ISCP)
Anti-corruption
Initiative Indonesia
Indonesia 26% rise
in Fuel, 30% Rise in
Basic Foods
Oil $130/b. Riots in
Countries, Protests
Indonesia. Fuel
Subsidies being
reduced Malay &
Indo

Figure 5: Plotted Key Events against IMB Piracy Reports 1991 2008 (1
st
Quarterly Report), Appendices 7,
and p.134

Through further review of these nodes it is proposed that the investigation process may allow for the redefinition
of either piracy or armed robbery as assigned under legal function. This is especially apt were it is established
that some of the nodes are acting as a barrier to the effective application of security functions.

Piracy what is it and what are the definitions?

What is Piracy?
Hitts (2000, p.6) suggests that Piracy in S.E.Asia was re-ignited in the 70s and 80s when S.E.Asia fishermen
grew desperate from economic problems as their once stable livelihoods became entwined with the boom-
bust global economy and also when there was an influx of Vietnamese boat people escaping from the Vietnam
conflict who became easy pickings while stories emerged of horrific vessel boardings involving robbing, raping
and killings.

Internationally it was recognised as an issue in 1958 when the Geneva Convention of the High Seas was adopted
by the international community. This was followed in 1982 when through the U.Ns International Marine
Organisation (IMO) the U.N Convention of Law at Sea (UNCLOS, 1998) and the issue of piracy was
established under article 101.

Piracy is defined in the 1982 United Nations Convention on the Law of the Sea, UNCLOS, Article 101 as
follows;

Piracy consists of any of the following acts:
(a) Any illegal acts of violence or detention, or any act of depredation, committed for private ends by the crew
or the passengers of a private ship or a private aircraft, and directed:
67

(i) On the high seas, against another ship or aircraft, or against persons or property on board such ship or
aircraft;
(ii) Against a ship, aircraft, persons or property in a place outside the jurisdiction of any State;
(b) Any act of voluntary participation in the operation of a ship or of an aircraft with knowledge of facts making
it a pirate ship or aircraft;
(c) Any act inciting or of intentionally facilitating an act described in sub-paragraph (a) or (b).

2 Armed robbery against ships is defined in the Code of Practice for the Investigation of the Crimes of Piracy
and Armed Robbery against Ships (resolution A.922 [22], Annex, paragraph 2.2), as follows:
Armed robbery against ships means any unlawful act of violence or detention or any act of depredation, or
threat thereof, other than an act of piracy, directed against a ship or against persons or property on board such
ship, within a States jurisdiction over such offences.
IMO (2008 p.2), Piracy Acts November Report, issued 11
th
January 2008

This definition does have an impact on how incidents are reported, and is especially relevant when considering
acts of boarding, violence and attack in international waters or Exclusive Economic Zones (EEZ) which are
categorised as piracy while incidents in states territorial waters such as Indonesia and Malaysia are categorised
as armed robbery.

Under Article 101 of the UN Convention of Law at Sea [UNCLOS] piracy is defined as an international crime.
The problem with the definition is that certain littoral states are reluctant to agree to the application of
international law in their sovereign waters and the inclusion of Armed Robbery which groups all marine crime.
(Beckman, 2002 p.320), in short it is their waters, therefore their problem, under their law.

It can be said that the law definition of armed robbery itself fails to adequately define incidents that occur in
territorial waters of a country and in turn this may be acting as a barrier to user and regional state initiatives. In
fact in considering that the types of incidents occurring in the main are not as IMO defined armed robbery in
its full context and this is a principal barrier to agreement. Dillon (2005, p.1) suggests that current definitions
also overlook corruption among port authorities and classify maritime terrorism together with reports of
dockworkers stealing cans of paint.

A more recent protocol offered, is the Suppression of Unlawful Acts against the Safety of Maritime Navigation
(SUA) 2005 this further clouds the issue of definition between terrorism and unlawful acts which in turn
amplifies the concerns of non-ratifying states. Beckman (2002 p.330) suggests the ratification by all countries
and application of the SUA Convention could be an;
important tool for combating major criminal hijacks in Southeast Asia. If all the states in Southeast Asia
were parties to the convention, and many are not, those persons who undertake actions in international waters
would be categorized as international criminals.

This may be true however both Indonesia and Malaysia have ratified UNCLOS they have not ratified the SUA
Convention 1998 or its update of 2005.

As Barrios (2004. p.1) highlights pursuit of pirates is requirement of all ratifying states under UNCLOS
however once the pirates enter a third parties or their own waters they then fall outside the jurisdiction of the
pursing party and the pursuit has to stop this is why joint initiatives are being pressed for in allowing agreement
to continue to pursue in to neighbouring waters. This function though is potentially superseded by the 2005
SUA convention, in effect removing sovereignty rights and allowing entry under the premise of terrorist
prevention (Hughes, 2004 p.8).

68

In reality the UNCLOS convention stills remains un-ratified by 37 of the world countries including the USA.
Also there are gaps in the law which would benefit from further qualification such as terrorism, kidnapping
and other broadly termed unlawful acts under SUA as well as that assigned to marine armed robbery itself.

In confirmation of codes and protocols narrowness of armed robbery definition, in 2005, IMB director Pottengal
Mukundan stated that the vast majority of attacks on ships in waterways [state] were opportunist, low-level
crimes (MIMA News Flash, p.11). Are these really armed robbery under the definition of the IMB? If an act of
violence occurs it could be termed armed robbery however most perpetrators are carrying tools for the purpose
of breaking and entry into the ships store or for cutting away a ships equipment such as a life raft.

Are these types of thefts were the perpetrator is armed with tools such as a crow bar or knife for the purpose of
breaking and entry or burglary not the same? Why doesnt the UK Home office report such incidents
separately, it can be assumed that their classification is termed as theft if not petty theft under the terms of
UK law. In this respect and if the same premise is assigned by non-ratifying states a similar opinion can be
drawn in that most of the incidents reported are petty in nature and therefore the definition overall is ineffective
in considering all the functions of crime that are played out.

Figure 6 provides an indication of the some of the barriers associated to full state ratification by S.E.ASIA states
of international law.State Barrier Treatment Outcome

Figure 6: Barriers to the ratification of SUA 1998 / 2005

So what are the real threats to Shipping?
S
U
A
R
a
t
i
f
i
c
a
t
i
o
n
R
a
t
i
f
i
c
a
t
i
o
n
S
t
a
t
e
SovereigntyIssuesin
cross border pursuits
OnlyencompassesPiracydoesnot
coverothermoredamagingmarine
i h ill l fi hi
MostincidencesofPiracy
[armedrobbery]arelowlevel
pilferingincidentscarriedout
Detentionofvesselsand
revertedcostrisktostateand
accusationofstatepiracy
JointStateInitiatives
BroadenIMO/SUA
Definitiontoinclude
th i i
BroadenIMO/SUA
Definitiontorecognise
thelowlevelcrime
BroadenIMO/SUA
Definitiontoinclude
othermarinecrimes&
terms of detention
SUA2005inessenceallowsa
ratifyingstatetoboarda
vesselsuspectedofunlawful
actspotentiallyinotherstate
waters(doesnotapplytonon
Unlikelytoberatifiedasthe
definitionofterroristor
unlawfulactisnotwell
defined.Inessenceallows
countriessuchastheUSA
unimpededaccesstoother
Stateswaters.Furthermore
h USA h if
SUA2005Protocol
Ratification
69

In comparing the volume of marine traffic using the Malacca straits and the number of incidents this establishes
a less worrying representation than one might expect, the attack rate is less than one percent. That is for every
62,000, approximate vessels sailing through the Malacca straits the vessel would have 0.01% of being attacked
even if this was equated to the high number of incidents noted in late 1990s it is still less than 1%. If we also
consider that the rate of traffic is predicted to increase and if the rates of attack remain the same the risk reduces
even further. A general representation of risk value based upon IMB Piracy reports over 17 years is provided in
figure 9 below:

Percentage Piracy Incidents based on 62000 Vessels Traversing Malacca Straits
0
0
.
0
1
1
%
0
.
0
1
8
%
0
.
0
1
9
%
0
.
0
6
1
%
0
.
0
4
5
%
0
.
1
2
1
%
0
.
0
5
2
%
0
.
0
2
6
%
0
.
0
2
7
%
0
.
0
0
3
%
0
.
0
0
2
%
0
.
0
0
0
%
0
.
0
0
5
%
0
.
0
0
3
%
0
.
0
0
5
%
0
.
0
0
8
%
0
.
0
1
1
%
0.000%
0.020%
0.040%
0.060%
0.080%
0.100%
0.120%
0.140%
1
9
9
1
1
9
9
2
1
9
9
3
1
9
9
4
1
9
9
5
1
9
9
6
1
9
9
7
1
9
9
8
1
9
9
9
2
0
0
0
2
0
0
1
2
0
0
2
2
0
0
3
2
0
0
4
2
0
0
5
2
0
0
6
2
0
0
7
2
0
0
8

(
M
a
r
c
h
)
%

Figure 9: Malacca traits actual and attempted Piracy attacks IMB Piracy Reports 1991 2008 (Quarter 1
report)

.

In considering that a high volume of incidents, 70%, were carried out when the vessel was not steaming and the
value assigned to most of the incidents could be termed as small, highlighted later, then to a large extent the
majority could be termed opportune pilfering incidents.

Out of the 245 attacks reported between January 1st 2005 and March 31
st
2008 in the Singapore, Malaysia and
Indonesia regions 193 incidents when actual boardings. 57% [110] of the reports indicated perpetrators were
armed, ninety nine of these reports actually detailed the types of arms used the majority of cases, knives were
the prominent weapon.
Piracy Research Definition
On basis of research and identification of interrelated nodes a general definition of Piracy and Armed Robbery is
offered in specific regard to South East Asia, and consideration of the barriers to acceptance in its present form:

- Piracy:
Piracy is defined in the 1982 United Nations Convention on the Law of the Sea (UNCLOS) (article 101) is in
the main adequate and should remain.

(a) Any illegal acts of violence or detention, or any act of depredation, committed for private ends by the crew
or the passengers or ship or a private aircraft, and directed:
70

(i) On the high seas, against another ship or aircraft, or against persons or property on board such ship or
aircraft;
(ii) Against a ship, aircraft, persons or property in a place outside the jurisdiction of any State;

(b) Any act of voluntary participation in the operation of a ship or of an aircraft with knowledge of facts making
it a pirate ship or aircraft;
(c) Any act inciting or of intentionally facilitating an act described in sub-paragraph (a) or (b).

The premise of pursuit by state into other countries territorial waters should continue to be made by previous
formal memorandum of understanding or ratification of agreement between the two states or groups. In doing so
this maintains the sovereign rights of the states in which its jurisdiction is held.

Armed Robbery is influenced by a number of nodes and therefore the IMO and IMB definition needs to be
expanded.

- Armed Robbery
Armed Robbery undertaken in a States waters whether the vessel is steaming, moored or berthed remains the
responsibility of the State in which its jurisdiction falls and should be prosecuted as per laws of that state in
which the unlawful acts occur. On this premise the following terms are provided as guidance to the states in
which the attack occurs. In any case in the event the vessel leaves states waters and enters international waters
the terms of Piracy are engaged and in doing so it is elevated to an International Crime.

- Serious Crime; The perpetrator(s) who may be a member of the crew or passenger, or other persons
who have externally boarded the vessel unless otherwise indicated.

a) Vessel Hijack is the taking control of a vessel and moves the said vessel through either
operation by the perpetrator(s) or by a crew or member of the public or state officer by means of threat of, or
actual violence whether the perpetrator is armed, or not in the pursuit of stored or transited goods, equipment,
monies or other financial gain including the theft of the vessel itself.

b) Armed Robbery against ships means any unlawful act of violence or actual threat of violence
against a member of the crew, public or state officer in the pursuit of stored or transited goods, equipment or
monies or other financial gain on a vessel which is berthed, steaming or moored in a states territorial waters by
the perpetrator(s). In the event of physical assault then the indictments should therefore be viewed in respect of
these additional events.

c) Kidnap against persons on ships whether they is berthed, steaming or moored in a states
territorial waters by the perpetrator(s). The perpetrator(s) may be a member of the crew or passenger, or other
persons who have externally boarded the vessel. Definition is provided in reference to Archbold 19-331 to 19-
348, under the UK Crown Prosecution Service, the general premise is provided in example only;

There are two elements to the offence:
removal of person(s) by another by force or threat of force
without the consent of the person so taken or carried away; lawful excuse.

71

The law further indicates that kidnapping will include or be followed by the commission of assault sexual or
aggravated or murder or attempted murder and the indictments should therefore be taken in review of these
additional events.
(CPS UK, Archbold 19-331 to 19-348)

d) Unlawful or False Imprisonment against persons on ships by the perpetrator(s). Definition is
provided in reference to Archbold 19-331 to 19-348, under the UK Crown Prosecution Service, the general
premise is provided in example only;-

False imprisonment . involving the unlawful and intentional or reckless detention of the victim. An act of
false imprisonment may amount in itself to an assault. If the detention was for the purpose of committing
another indictable offence, and such an offence was committed, a count for the substantive offence will usually
be enough
(CPS UK)

o Lesser Crime: The perpetrator(s) who may be a member of the crew or passenger, or other persons who
have externally boarded the vessel unless otherwise indicated.

a. Breaking and Entry by unlawful means by perpetrator(s) in the pursuit and actual
retention of stored or transited goods, equipment or monies or other financial gain without threat of violence or
actual harm to persons on a vessel which is berthed, steaming or moored in a states territorial waters

b. Trespass with intent by unlawful means by perpetrator(s) who are persons who have
externally boarded a vessel which is berthed, steaming or moored in states territorial waters, in the pursuit and
attempted retention of stored or transited goods, equipment or monies or other financial gain without actual
threat of violence or harm to persons on.

These definitions would allow more constructive assessment of crime types in regard to a States law compared
to those presently being assigned by both the IMO and IMB. This in turn may improve the reporting of
serious incidents by shippers and states, which currently deems the function of armed robbery as too broad in
that it encompasses all facets of the crimes being carried out. Further to this the basis of redefinition and
expansion of armed robbery will better support security functions as defined under ISPS in quantification of the
threat level and in doing so assign more effective mitigating controls.

In regard to the 2005 SUA convention in which the premise of entry to states waters on the basis of preventing a
terrorist act or were the vessel or persons on board is believed to be involved in such activities. Ratification
remains unlikely as it supersedes the UNCLOS statement of pursuit approval into territorial waters undermining
the states jurisdiction. The definition of terrorism or unlawful acts is not provided and this is cause for concern
as the premise of boarding or stopping a vessel is essentially made by the pursuing party.

Additional functions should also be applied in consideration of other marine crimes such as smuggling of states
goods, natural resources including fish, as well as people. To emphasize some of the disparity of the laws
attributed to piracy, the UK abolished corporal punishment was abolished through the ratification of the
European Unions Human Rights Convention. [hanging] in 1965, (Wildash, 2008 p.1) however it wasnt until
1998 that hanging for pirates
At present no regulation or suggestion on criminal penalties is provided under UNCLOS for piracy or armed
robbery, however UNCLOS does deter custodial sentence for illegal fishing and therefore any deterrence is
limited. This provides further clarification that the law of piracy and armed robbery should be adequately
defined but so should, smuggling, Illegal, Unregulated, Unreported fishing (IUU) and people trafficking under
the international community protocols which would clearly benefit from an overhaul. This would address some
72

of the barriers to ratification while provide recognition of the problems faced by some of the less developed
countries face. In turn terrorism the de rigeur word of recent age, must be defined without a clear definition it
has far reaching security, political and social consequences that could do more harm than good.
The ship in the water on the basis of statistics review is at much less risk of serious incident to what it has been
over the last eight years. In regards to low level incidents underreporting has been brought about by the actions
of the Lloyds war rating and the focus of external functions such as ASEAN, ReCAAP and IMB. Although on
the surface they can be seen as positive mitigating mechanism the focus and application has likely further
distanced Indonesia and Malaysia from open reporting in what are in the main low cost incidents that do not
warrant a grouping under a piracy premise. Countries like the UK do not differentiate between onshore and
offshore crime, yet littoral states are expected to. This is perceived by Littoral States to be an unfair application
of law that that does warrant the international interest that it receives.
A positive move would be the development of a more encompassing maritime crime protocol which recognises
other facets of marine crime, which are impacting on SLOC bordering States. If the perceptions of non-user
SLOC states in regard to marine crime are not considered in future protocols and codes then any proposal is
unlikely to receive effective ratification.
In conclusion, the concept of piracy under UNCLOS is the most useful in terms of legality however there are
clear weaknesses in regard both the modes and severity of attack required in providing assignment as an
international crime and even grouped under a terrorist banner as SUA does especially for state based water
incidents. When the majority can be termed petty at best, even breaking and entry and in some cases only
trespass with intent to steal. Therefore it is necessary to provide a more encompassing definition of marine
crime, which may remove barriers of ratification, however before this can be accomplished additional influences
and a clearer understanding of the threats need to be reviewed. This paper has suggested on area that could be
reformed with little difficulty.

REFERENCES
Alam N (2006) Chittsagong port dubbed most dangerous CPA Blasts IMB report for falsereport. The daily
news paper, New Age, retrieved 2/3/08 from
http://209.85.175.104/search?q=cache:ACbVTojA0yoJ:www.newagebd.com/2006/nov/02/front.html+C
Hittsagong+Bangladesh+Port+criticise+IMB+Piracy&hl=en&ct=clnk&cd=1

Anatara (2007) RI suffers $3 Billion losses due to illegal fishing-2007, retrieved 14/4/08 from
http://www.antara.co.id/en/arc/2007/5/30/ri-suffers-us-3-billion-loss-due-to-illegal-fishing/
Asian Business (2005) A whiff on New Money, The McGraw-Hill Companies Inc retrieved 15/5/08 from
http://www.businessweek.com/magazine/content/05_27/b3941061.htm
Australian Government Indonesia Fact Sheet (2007), Australian Government Department of Foreign Affairs and
Trade, Australia retrieved from 2/3/08 ww.dfat.gov.au/geo/indonesia/indonesia_brief.html
Bakorkamla (2006), Indonesian Maritime Security Coordinating Board (MSCB), retrieved 17/4/08 from
http://www.bakorkamla.go.id/tugasfungsi_eng.php)
Barker J (2003), No Nonsense Guide to Terrorism, New Internationalist Publications Ltd

Barrios (2004), Casting the Wider Net: Addressing the Maritime Piracy Problem in South East Asia. retrieved
2/2/08 http://www.bc.edu/schools/law/lawreviews/meta-elements/journals/bciclr/28_1/03_FMS.htm

Beckman (2002) Combating Piracy and Armed Robbery Against Ships
in Southeast Asia: The Way Forward, National University of Singapore,
www.southchinasea.org/docs/Beckman,%20Combatting%20Piracy%20and%20Armed%20Robbery.pdf

Cohen L, Manion L (2000) Research Methods in Education, 4
th
Edition, Publisher Rutledge, Section 13, P.27.

Ching (1999) Social Impact of the Regional Financial Crisis, Asia Society retrieved 1/6/08 from
http://www.asiasociety.org/publications/update_crisis_ching.html

73

ClassNK (2004) Guidance to the Provisions of Chapter XI-2 of the Annex of the Safety of Life at Sea as
Amended, ISPS Code Part B/Final/SOLAS/CONF_5/34, Nippon Kaiji Kyokai ship classification society
Japan retrieved 26/6/08 from
http://www.classnk.or.jp/hp/SMD/isps/pdf/Part_B_Final_CONF5_34_Eng.pdf

CPS UK (2008), Kidnap & False Imprisonment U.K Law, Archbold 19-331 to 19-348, Crime Prosecution
Service U.K retrieved 28/6/08 from
http://www.cps.gov.uk/legal/section5/chapter_c.html

CSCAP (2007), Council for Security Cooperation in the Asia Pacific, meeting of CSCAP in Jakarta retrieved
19/1/08 from www.cscap.ca/Malacca&SingaporeStrts_SG.html

Chua (1998) Marine Pollution Management in the Malacca/ Singapore Straits: Lessons Learned, U.N Regional
Programme for the Prevention and Management of Marine Pollution in the East Asian Seas, retrieved
15/4/2008 from d130148.u37.wsiph2.com/publications/icm/61MarPollMgt-Malacca-Singapore-
Straits.pdf

Dillon (2005) Maritime Piracy: Defining the Problem, senior policy analyst for Southeast Asia in the Asian
Studies Center at the Heritage Foundation. Retrieved 15/2/08 from
www.heritage.org/about/staff/DanaDillon.cfm

Douglas Westwood Associates (2005) UK, Global Oceans Market, retrieved 20/4/08 from
www.wtsh.de/wtsh/en/teaser/maritime_potenzialanalyse_engl.pdf

Douglas, Parsons, Rowley, Westwood (2002) Global Marine Market Westwood Associates, retrieved 2/3/08
from
www.tos.org/oceanography/issues/issue_archive/issue_pdfs/14_3/14.3_westwood_et_al.pdf

Eklf (2005) Piracy in Southeast Asia: Status, Issues, and Responses. Singapore: International Institute of Asian
Studies retrieved 15/1/08 from www.iias.nl/nl/40/IIAS_NL40_29.pdf

Emmers, (2007) Comprehensive Security and Reslience in Southeast Asia: ASEANs Approach to Terrorism and
Sea Piracy. S.Rajaratnam School of International Studies Singapore retrieved 20/5/08 from
www.idss.edu.sg/publications/WorkingPapers/WP132.pdf

Fadli, (2008) Pollution in Batam Keeps Fishermen inshore Jan 2008, Jakarta Post retrieved 10/4/08 from
http://cempaka-marine.blogspot.com/2008/01/pollution-in-batam-keeps-fishermen-on.html

Frecon (2006) Pirates Set the Straits on Fire, Covering Maritime Piracy in S.E. Asia, Konrad Adenauer
Foundation Singapore, Kuala Lumper 13-15 July 2006, retrieved 15/5/08
www.kas.de/wf/doc/kas_10478-544-2-30.pdf

Gatsiounis (2004) Malacca Strait: Target for terror, Asia Times. Retrieved 17.5.08 from
http://www.atimes.com/atimes/Southeast_Asia/FH11Ae02.html

Guerin (2003) Indonesia-Singapore Gap More Than Just Number, Asia Times, retrieved 10.4.2008 from
http://www.atimes.com/atimes/Southeast_Asia/EF27Ae03.html

Greenless (2007) Indonesia and Singapore sign two landmark treaties International Herald Tribune,, retrieved
14.4.08 from http://www.iht.com/articles/2007/04/27/asia/indo.php

Gwinn (2007) Dark Passage The Strait of Malacca. Pirates haunt it. Sailors fear it, Global trade depends on it.
National Geographic Magazine, retrieved 10/4/08 from
http://ngm.nationalgeographic.com/2007/10/malacca-strait-pirates/pirates-text

74

Hand (2004) Six Tub boat Crew Taken Hostage in Malacca Attack, Lloyds List Singapore retrieved 21/6/08
from http://209.85.175.104/search?q=cache:7-
jgZM4HVokJ:www.seasia.com.sg/base/newsletter/seawatch_novdec2004.pdf+Japan+stops+piracy+fund
ing+to+Indonesia+ReCAAP&hl=en&ct=clnk&cd=8

Heideloff (2007) Institute of shipping economics and Logistics, retrieved 16.5.08 from
http://www.isl.org/products_services/publications/pdf/COMM_1-2-2007-short.pdf

Hitts (2000) Bandits in the Global Shipping Lanes, New York Times retrieved from 1/6/08
http://query.nytimes.com/gst/fullpage.html?res=9B05E3DE1E3FF933A1575BC0A9669C8B63

Hotland (April 2008), China relations almost in honeymoon state: Sudrajat, Jakarta Post Indonesia retrieved
14/4/08 purchased newspaper

Hughes (2008) Controversy over Amending Vital Anti-Terror Treaty, Seasia Network News Letter, Singapore,
retrieved 22/6/08 from
http://209.85.175.104/search?q=cache:7-
jgZM4HVokJ:www.seasia.com.sg/base/newsletter/seawatch_novdec2004.pdf+Japan+stops+piracy+fund
ing+to+Indonesia+ReCAAP&hl=en&ct=clnk&cd=8

Informa Asia (2004) International conspiracy to talk up terror threat, Mima Malaysia, retrieved 18/4/08 from
http://www.mima.gov.my/mima/htmls/mimarc/news/newsflash_files/news-cut/july04.htm

IMB Piracy Reports 2000 2008, retrieved in correspondence of IMB through the ICC, retrieved 24/4/08 from
http://www.icc-ccs.org/prc/piracyreport.php

IMO (2008) Reports on Acts of Piracy and Armed Robbery Against Ships, International Maritime Organisation,
Issued monthly Acts reported during November 2007, issued 11/1/08 retrieved 15/5/08 from
www.imo.org/includes/blastData.asp/doc_id=8915/112.pdf

ISPS (2004) International Ship and Port Facility Security, FindLaw Australia, retrieved 27/6/08
http://www.findlaw.com.au/articles/default.asp?id=8924&site=CN&task=read

Jakarta Post (2007), Batam Authority to Cooperate with BNI [Bank] on port transactions. Retrieved 15/4/08
from old.thejakartapost.com/yesterdaydetail.asp?fileid=20070205.G03

Jones (2007) LMA: Marine Piracy Threat Likely Under-Reported, AMBest, retrieved 28/3/08 from
http://www.zibb.com/301.aspx?a=1690034&h=LMA%3a+Marine+Piracy+Threat+Likely+Under-
Reported

Kydo (2005) Japanese Crew Kidnapped during Piracy Attack, Kydo News International, retrieved 19/4/08 from
www.findarticles.com/p/articles/mi_m0WDQ/is_2005_march_21/ai_n123458273

Law Group (2005) Ship Boarding: An Effective Measure Against Terrorism and WMD Proliferation, A
summary of the discussion of International Law Group Chatham House UK. Retrieved 22/6/08 from
http://www.chathamhouse.org.uk/publications/papers/download/-/id/318/file/3288_ilp241105.doc

LTIFR (2008), Lost Time Incident Frequency Rate, Department of Consumer and Employment Protection,
Australia retrieved 22/6/08 from
http://www.docep.wa.gov.au/worksafe/Content/Services/Facts_and_figures/Frequently_asked_questions.
html#5.%20How%20do%20I%20calculate

75

Liss (2006) The Privatisation of Maritime Security: Maritime Security in Southeast Asia: Between a rock and a
hard place. BISA Conference retrieved 15/4/08 from http://japanfocus.org/products/details/2444

Liss (2005) Private Security Companies in the Fight Against Piracy in Asia, Murdoch University Australia
retrieved 26/6/08 from http://wwwarc.murdoch.edu.au/wp/wp120.pdf

Marisec (2004) Value of Volume of World Trade by Sea, The Round Table of International Shipping
Associations, retrieved 22/5/08 from http://www.marisec.org/shippingfacts/worldtrade/volume-world-
trade-sea.php

MEH (2006), Marine Electronic Highway Gets Green Light, Seatradeasia, retrieved 13.4.08 from
http://seatradeasia-online.com/news/338

Morada (2006) Regional Maritime Security Initiatives in the Asia Pacific: Problems and Prospects for Maritime
Security, 1
st
Berlin Conference on Asia Security. Retrieved 20/5/08 from http://swp-
berlin.org/common/get_document.php?asset_id=3562

Model National Law (2005) The Model National Law on Acts of Piracy and Maritime Violence [draft], Comit
Maritime International (CMI), 1st Redraft 19-1-06[1].doc. Retrieved 14/ 12/2007 from
http://72.14.205.104/search?q=cache:fTNQm_XZlZAJ:www.mlaus.org/archives/library/997.doc+model
+law+piracy&hl=en&ct=clnk&cd=16&gl=sg

Osnin (2006) Private Maritime Security Company (PMSC) In The Strait of Malacca: Options for Malaysia,
Centre for Ocean Law and Policy

Maritime Institute of Malaysia, retrieved 17/5/08 from
http://www.mima.gov.my/mima/htmls/papers/pdf/apandi/pmsc%20in%20som%20-%20wmu%20jma.pdf

Piracy Incidents Vs Key Events, information and statistics retrieved 1/6/08 & 3/6/08 respectively from:
1) Oil Facts & figures: http://www.atimes.com/atimes/Global_Economy/GE26Dj02.html
2) Asia Crises Information http://www.asiasociety.org/publications/update_crisis_ching.html Shipping
Info: http://www.imo.org/Newsroom/mainframe.asp?topic_id=476&doc_id=1339

ReCAAP (2006), COMBATING PIRACY AND ARMED ROBBERY AGAINST SHIPS IN ASIA
- RECAAP, retrieved 1/3/08 from
http://app.mot.gov.sg/data/ReCAAP%20factsheet%20_Nov06_%20%5BFINAL%5Das%20of%2028110
6.pdf

Sahni (2002) South East Asia Cargo Theft: Better Organized, More Lethal published in Pinkerton Global
Intelligence Services, August 30, 2002. Retrieved 15.4.08 from
http://www.satp.org/satporgtp/ajaisahni/Pink300802.htm

Sato (2007) Southeast Asian Receptiveness to Japanese Maritime Security Cooperation, Asia-Pacific Center for
Security Studies http://www.apcss.org/Publications/Maritime%20security%20cooperation%20Japan-
SE%20Asia%20Sato.pdf

Sjaastad (2005) Southeast Asian SLOC and Security Options, IDSS-NUPI
Public Seminar on Maritime Security in Southeast Asia Institute of Defence and Strategic Studies,
Singapore. Retrieved 29/2/08 from
http://www.ntu.edu.sg/rsis/publications/conference_reports/NUPI%20PubSeminar.pdf

Secure Marine, (2003), Primer: Piracy in Asia, U.S. Pacific Command's Strategic Planning and Policy
Directorate USA, retrieved 1/6/08 from http://www.secure-marine.com/piracy_update.pdf
76

Sipalan (2008) Fuel Subsidy: Govt studying options, New Straits Time, retrieved 1/6/08
http://www.nst.com.my/Current_News/NST/Wednesday/Frontpage/2251991/Article/index_html

SOLAS Convention (2003), Australia Joint Committee on introduction of SOLAS & ISPS code. Retrieved
25/6/08 from http://www.aph.gov.au/house/committee/jsct/SOLAS/report/chapter2.pdf

The Mariner Group (2004) Oil Spill History, Mariner Group Norway, retrieved 1/6/08 from
http://www.marinergroup.com/oil-spill-history.htm

Tkacik (2006), Hedging Against China Heritage Foundation Backgrounder, retrieved 5/5/08 from
ww.heritage.org/Research/AsiaandthePacific/upload/96070_1.pdf.

UNCLOS (1998) United Nations Convention on the Law of the Sea, 1998, retrieved 2/2/08 from
www.un.org/Depts/los/convention_agreements/texts/unclos/unclos_e.pdf

Vaughn (2007) U.S. Strategic and Defense Relationships in the Asia-Pacific Region, Analyst in Southeast and
South Asian Affairs, Congressional Report Service USA, retrieved 1/3/08 from
http://www.fas.org/sgp/crs/row/RL33821.pdf

Waizenegger (2007) Armed Separatism and the 2004 Tsunami in Aceh, Asia Pacific Foundation of Canada,
retrieved 25/5/08 from http://www.asiapacific.ca/analysis/pubs/pdfs/commentary/cac43.pdf

Wildash (2008) Remarks by British High Commissioner on the death penalty, British High Commissioner
Lilongwe, retrieved 8/7/08 from
http://www.britishhighcommission.gov.uk/servlet/Front?pagename=OpenMarket/Xcelerate/ShowPage&
c=Page&cid=1145899677157&aid=1203956055983

COPYRIGHT
Bill Bailey and P. Kevans 2008. The author/s assign Edith Cowan University a non-exclusive license to use
this document for personal use provided that the article is used in full and this copyright statement is
of the authors.

77

The use of red teaming in the corporate environment: A study of security management,
vulnerabilities and defence

Greg Lane
GHD Pty Ltd

David Brooks

Abstract
This study explored the use of red teaming within the Western Australian mining sector. Red teaming is the
formation of a team of experts with the goal of attacking a companys infrastructure, with permission to find
flaws and weaknesses in their security. A series of interviews were conducted with security professionals within
the mining sector to gauge the level of red teaming knowledge and to investigate the current security red
teaming practices. The study interviews demonstrated a lack of security testing within the mining industry.
However, the interviews indicated that companies would find value in using red teaming exercises to evaluate
the level of security in their current systems, in particular, security vulnerabilities. Furthermore, the intention of
this study was to provide foundation information regarding red teaming. This approach allowed the
development of a proposition to focus on the introduction and use of the red teaming methodologies within the
corporate security environment. Such a proposition allows an interpretive inquiry to develop, test and measure
a corporate red teaming model.

Keywords
Red teaming, vulnerability assessment, security audit, war gaming

INTRODUCTION
The Western Australian resource sector is currently booming, with millions of dollars invested into the sector
for new exploration projects and mine sites to capitalise on the valuable minerals beneath the surface. It is vital
for the security considerations of both new and existing sites to be taken seriously, not only to protect the
valuable assets but also to ensure the safety of the personnel onsite. Red teaming methodologies provide a way
to assess the effectiveness of the current security measures and identify potential weak points that expose
possible avenues of attack.

The concept of red teaming is far from new. It has been used (under that name or others) in government,
military, and civilian circles in a variety of contexts and in the business world, red teaming usually means a
peer review of a concept or proposal. In government circles it is normally
associated with assessing vulnerabilities of systems or structures, especially within the informationwarfare
arena (Malone, & Schaupp, 2002). As Malone and Schaupp describe, the use of red teaming has a long history
in the military and ultra high security government applications. A view supported by White and Conklin, who
stated that emergency service organisations and the military frequently use exercises to test how their personnel
will react to specific situations (2004). Red teaming is also used in the military, as the US Department of
Defence (DoD) typically use red teams in force on force exercises, in which attackers (red team) go toe-to-toe
with defenders (blue team) (White & Conklin, 2004). However, there is a growing trend for companies to use
red teaming as a part of an extensive risk management process.

Many authors believe that red teaming, which is the practice of attacking systems to better understand how to
defend them is a necessary practice (Ray, Vemuri & Kantubhukta, 2005). Red teams allows a company to gain
a greater understanding of exposure to vulnerabilities and how critical known threats may assessed. This
approach to risk mitigation allows internal processes to be developed to deal with such security incidents. The
American Defence Science Board Task Force stated that Red Teaming deepens understanding of options
available to adaptive adversaries and both complements and informs intelligence collection and analysis
(Defence Science Board Task Force, 2003).

78

BACKGROUND OF THE STUDY

In 2005-06 the value of Western Australias Mineral and Petroleum industry reached $43.2 billion. In this
period the Department of Industry and Resources reported that Western Australia hosted 560 commercial
mineral projects, which had a total of 1222 operating mine sites (Department of Industryand Resources, 2006).
Due to the remote nature of the mining operations, the security within this sector can sometimes be overlooked.
This study investigated the use and knowledge of red teaming methodologies, and if they have a place in the
security planning and auditing process within the Western Australian resource sector. Structured interviews of
practising mining or allied industry security managers were used to respond to prescribed research questions.
Interviews allowed richer data to be gathered, gaining a greater insight into the use and understanding of red
teaming.

RED TEAMING
Red teaming is not a new concept; it has been used in many forms over the years, typically in high security
applications such as the military. By definition and purpose, the Red Team takes an attacker like approach to
testing security (Peake, 2003). The United States military has been using red teaming for security testing and
auditing for some time. Military testing has used red teaming methodologies to evaluate the security for various
high security installations, such as nuclear power plants and other key infrastructure sites. Generally red teaming
exercises include a red team who play the attackers, and a blue team who take the role of the defenders. These
teams will participate in an exercise which attempts to simulate an actual attack (White & Conklin, 2004).
However in the business world, red teaming usually refers to a peer review of a concept or proposal, and in
government circles it is generally associated with the investigation of vulnerabilities of systems of structures,
especially in the IT arena. (Malone & Schaupp, 2002, p. 2). In some larger international corporations with
critical national infrastructure, red teams are used to emulate the methods and procedures of enemy hostile
intelligence or rival competitive intelligence services. These teams utilise a mock program to test their
companies internal security systems (Helms, Ettkin, & Morris, 2000, p. 129).

The Seattle Police Department has bee utilising red teaming exercises in both small and large scenarios for a
number of years, including exercises such as the 2003 TOPOFF2, 2005 Marine Terrorism Response Exercise
and the 2005 TOPOFF3 full scale exercise in Connecticut. They have stated that employing red team
techniques is a major initiative in the intelligence and warning mission area (Meehan, 2007). Meehan separates
red teaming activities into two major categories, analytical red teaming (passive) and physical red teaming
(active).

The following eleven steps combine to form the basic structure of the red teaming process:
Determine the objectives of desired results
Communicate with government and private partners
Determine the scale and type of exercise, the type of scenario, the method of evaluation, and
the documentation plan
Develop the scenario
Identify and train the appropriate participants
Conduct and evaluate the exercise
Prepare thorough documentation
Evaluate the performance
Develop the improvement plan
Make the required and desired improvements
Exercise again
(Meehan, 2007)
79

However, in recent years the information technology sector has been increasingly employing the use of red
teaming methodologies to test the security of IT systems, computer servers and their Internet presence. Often
called penetration testing, a company can use internal staff or employ an external entity to attempt to break into
their systems. The importance of penetration testing in a networked environment is explained further by
Budiarto, et al, the best way of ensuring that the system is secure is to attempt penetration testing. This would
be the most effective way to find exploits and to proof whether a system is vulnerable (Budiarto, Ramadass,
Samsudin, & Noor, 2004, p. 563).This vulnerability evaluation helps expose flaws and oversights, in an effort to
increase the overall system security.
Risk and risk management have always been an important consideration in a companys planning process, both
in terms of normal operations and security. Moreover, there has been a growing trend in the use of professional
risk management planning and tools with standards, such as the risk management standard AS/NZS4360:2004.
This standard defines a risk management process and considers, in depth, how it can be employed in the
companys own internal risk processes. The risk management process assists the company to identify the risks
that it may be exposed too and attempts to define a process that can mitigate these risks, usually through security
measures to protect the company and its interests. Duncan suggests that "The risk management audit is a
primary method used to review the effectiveness of the companys risk management functions. (Duncan, 1991,
p.48). Red teaming offers a process that can be used to audit a companys security process and in addition,
report on the effectiveness of the risk management procedures that are currently in place. The use of red teaming
within the corporate environment has been difficult to gauge due to the very limited literature on the subject.
However there is now appears to be a growing trend for companies to use red teaming as a part of an extensive
risk management process. This study set out to discover if red teaming was currently being used within the
Western Australian resource sector and investigates the level of knowledge that security professionals have on
this topic.
FINDINGS
When the research topic was first proposed, several research questions were put forward in regard to red
teaming within the Western Australian mining sector. These research questions considered the level of red
teaming knowledge within the sample group, the application and acceptance of red teaming within the West
Australian mining sector and whether the industry could benefit from such a security approach. Through the use
of structured interviews with security professionals, the research questions were addressed, standardised semi-
structured interviews determine the exact wording and sequence of the questions in advanced and all
interviewees are asked the same basic questions (Cohen et al., 2007, p. 353). The results of these interviews
show a wide variance in the level of knowledge relating to red teaming methodologies and vulnerability
assessments. Additionally the research showed a general lack of post installation security testing within the
industry in general. This is further supported by Furnell and Papadaki, who state that Testing readiness is a
standard practice in other contexts (e.g. fire safety drills, military defence exercises), as it is recognised that one
cannot wait for an incident to occur in order to determine the level of preparedness. (Furnell & Papadaki, 2008,
p. 11).
Understanding red teaming
The level of knowledge of red teaming that the security professionals in the resource sector had was generally
very limited. While most had some academic knowledge of red teaming, this had rarely been applied and their
knowledge appears to have a close similarity to prominent articles available in popular journals. Their
knowledge tended to be generally focused on red teaming in terms of defence and penetration testing in an
information technology environment. Due to the academic levels of the people interviewed, it may be possible
that the red teaming knowledge was gained through academic pursuits and therefore would be limited by the
available literature. The literature on red teaming is generally lacking and tended to be focused on activities by
the United States Defence Force in testing security to key high security government assets. While these articles
do contain important information on the structure of a red teaming exercise, have the benefit of being refined
over decades of use and studied by the people who are directly involved with their execution, they do not
directly relate to the use of red teaming in a corporate environment. Only one of the people interviewed had any
direct knowledge of red teaming within a corporate environment and specifically within the resource sector.

80

While this knowledge related directly to one of the research questions, its value was somewhat diminished as no
particular model was used. When questioned further regarding this, it was discovered that for each exercise a
plan was developed according to the scope of the project being undertaken. While this may prove beneficial,
when a security professional is performing the exercise who has a good depth of experience upon which they
can draw to develop a red teaming methodology to suit there is a potential for introduced flaws that may cause
a bias in the results and generally reduce the quality of the exercise. These biases may take the form of the
security professionals opinions, previous experiences in similar situations or their own unique evaluation of the
issues being dealt with. The support of upper management was expressed as a key concern in all interviews. It
was discussed that the red teaming exercise needs their support so that security staff and managers who may
have implemented security measures in the past do not affect the results. Eckert has investigated the reluctance
of upper management to perform these tests and stated businesses are reluctant to discuss security gaps they
discover in their systems, fearing it may expose them to liability (Eckert, 2002).

The concern was raised that a red teaming exercise may show dramatic weaknesses in the security currently in
use. If staff who are responsible for this security are directly involved, they may attempt to control the red team
process especially in the case of dramatic failures in security. This concern is also raised by Lodal and Shinn,
they recognise that this can sometimes be a difficult process. They suggest that The real challenge for the Red
Team is not architecture or technology, however. It is getting political leadership to break the bureaucratic rules
and move fast in order to plug the security threat (2002, p. 6). Several of the interviews with security
professionals who had academic knowledge of red teaming, described it as a structured methodology with a
combination of management planning, design and technology, as well as a specialised technical form of brain
storming. From these descriptions it is apparent that they consider red teaming primarily as a desktop activity
focusing on a study of facilities or assets, and proposing possible angles of attack with a physical exercise either
excluded completely or forming only a small component of the project. While this may be a valid methodology
in assessing the security of a facility or asset, it appears to be very similar to a typical vulnerability or risk
assessment with the possible inclusion of a small demonstration upon the conclusion of the project. It lacks the
ability to test the actual implementation of the security hardware, policies and procedures, as well as testing the
response to a possible breach.
Application of red teaming
The use of red teaming within the Western Australian mining sector appears to be minimal to nonexistent, with
only one of the interviewees having any knowledge of red teaming ever being used. The security professional
interviewed that did have knowledge of red teaming being used in the sector, advised that its use was minimal
and typically was only being used on assets with very high monetary values. It was also noted that the use of red
teaming was highly dependent on the attitudes of management and the experience of the security professional.
Exploring this further, it appeared that even when red teaming was employed, it took the form of a desktop
study with some practical demonstrations upon completion to allow the client to visualise the weaknesses.
While this may be effective, it does tend to have more in common with a typical vulnerability assessment then a
strict red teaming exercise. To explore the level that vulnerability assessments are used and to help gauge the
level of security testing that is currently in place, the security professionals interviewed were queried on their
experiences performing vulnerability assessments within the mining sector. Vulnerability assessments were
considered of high importance by all security professionals interviewed, with an emphasis placed on the
physical and procedural aspects of security as the key areas in which they are used. Other areas that were
considered important included personnel and, health and safety, as they were considered closely linked with the
security function. All of the security professionals expressed the opinion that testing of security in place was, in
general, rare in typical operations and was only brought about as part of an audit process. If an incident occurred
or there was a redevelopment that could directly effect the level of security or the security functions in place.
This view did divert from the topic of red teaming to some extent, nevertheless, it was important to note the
general lack of security testing within the industry. While the comments of the security professionals may be
affected by self marketing, it does express the importance of testing a security solution once it had been
implemented.
81

Acceptance of red teaming
The next phase of the research was to attempt to ascertain the level of acceptance that a company operating
within this mining sector would have to the inclusion of red teaming as part of their security process. As part of
this process, each interviewee was shown a copy of the Sandia National Laboratories Information Design
Assurance Red Team (IDART) methodology for red teaming. They were asked their opinion on both the
functionality of the IDART model and if they believed that it could be employed within the industry. It was
noted that the model has similarities to the intelligence cycle known to most intelligence professionals and that it
broke down the discovery of vulnerabilities into logical steps. While it did have some weaknesses and
omissions, the consensus was that it did have a place within the industry, however perhaps not in its current
form. This view was due to some reservations on the flexibility of the model to adapt to some situations and it
appeared to focus on security within the information technology industry. It was suggested that it may have
some issues adapting to the testing of a physical security solution. These opinions appeared to be held by the
security professionals with a high level of experience in actually performing testing within the industry. Some of
the security professionals interviewed with less general experience or less direct experience within the industry
tended to be more receptive to the Sandia model and held a greater regard for its usefulness. While there were
some reservations, it was generally believed that the industry would be receptive to a red teaming model to test
security initially for high monetary value assets. It appeared that with the appropriate model, marketing and
pricing structure, it could be expanded to include assets of a high value that may not necessarily have a high
monetary cost. This approach would allow smaller operations to have the benefit of testing the quality of their
security without the high costs normally associated with doing so.
Benefits of red teaming
The final question posed was if security professionals could benefit from a red teaming approach. It was
accepted by all of the professionals interviewed that red teaming could be of great value to the industry if it was
presented correctly and within the right context. It was noted by all participants that security was generally not
tested once implemented, with the possible exception of a walkthrough test on an electronic intruder detection
system. In addition, that the true level of security afforded by the system is based solely on the experience and
assessment of the security specialist implementing it. This approach presented some danger to the company
implementing the solution, who in general relied on outside contractors and security specialists to recommend
security solutions based on known threats. Any weaknesses left in the companys security by these security
specialists will likely not be discovered until they are defeated or possibly where other security specialists are
brought in and identify them. It is important to note that other than the Sandia model no other red teaming
methodologies were presented to the security consultants and their responses regarding the proposed model
were only based on a short reading during the interview. However, there was a clear opinion by all security
professionals that value would be found in further exploring the red teaming model and refining it to provide a
baseline methodology that could apply to the Western Australian resources sector.
PROPOSITION
The study has raised the need for further research to consider the use of red teaming within a corporate security
environment. The industry security professionals interviewed during this study expressed an interest to further
develop a corporate red teaming model. The proposed study seeks to further investigate the prevalence of red
teaming within the corporate environment and will endeavour, with the assistance of industry professionals, to
develop a peer reviewed red teaming model specifically designed for the corporate environment. Case studies
will then be performed to test such a model in real world situations. These case studies will be analysed and
reviewed, with the assistance of industry security professionals, to measure the effectiveness of the proposed
model. From where the model will be further developed and refined for general use by corporate security
managers and staff.
CONCLUSION
The study has shown a low level knowledge and use of red teaming amongst the security professionals
interviewed. Nevertheless, there appeared to be a high level of interest in the possibilities that red teaming
represents. This lack of knowledge appears to have come about due to a general lack of security testing within
82

the industry, illustrating a potentially vulnerability. Such vulnerability is an important consideration, as
organisations are relying on security solutions implemented by their security professionals. While the security
professionals are relying on their experience and perhaps past incident reports in recommending and
implementing security solutions, there remains the possibility that previously unknown vulnerabilities may be
exposed, negating other security measures. In using a red teaming exercise it was agreed that security solutions
could be analysed in greater depth, allowing for a better understanding of the security implemented, the
processes involved and the multiple levels of security employed. This in turn would allow for the vulnerabilities
to be brainstormed and tested as per the red teaming processes. While it was found that red teaming is not
currently used within the mining sector to a great extent, it was agreed that red teaming has a place, given
correct marketing to ensure that it is properly understood. While there is some concern over the perceived high
costs involved in performing a red teaming exercise, the repetition within the same environment over several
years could dramatically reduce such costs. One of the primary concerns in the development of a red teaming
methodology is that it needs to be broad enough to be able to adapt to different situations, while still providing a
process that can be used by the project manager to clearly define the stages of the red teaming exercise. With
this in mind, it is important to note that one of the key challenges of red teaming may not be the process itself,
but convincing upper management of the value in using this technique to test their risk mitigation strategies.

REFERENCES
AS/NZS 4360:2004. Risk management. Sydney: Standards Australia.
Budiarto, R., Ramadass, S., Samsudin, A., & Noor, S. (2004). Development of penetration testing
model for increasing network security. Paper presented at the International Conference on
Information and Communication: From Theory to Applications, Syria.
Cohen, L., Manion, L., & Morrison, K. (2007). Research Methods in Education. New York:
Routledge. Defence Science Board Task Force. (2003). The role and status of DoD red teaming
activities. Washington: DSB.
Department of Industry and Resources. (2006). Western Australian mineral and petroleum statistics
digest. Perth: AGPS.
Duncan, C. (1991). Risk Management Audits set Directors Minds at Ease. Risk Management, 38(8),
48-51.
Eckert, T. (2002). U.S. red teams think like terrorists to test security. Copley News Service,
Retrieved October 14, 2007 from
http://www.signonsandiego.com/news/nation/terror/20020820- 9999_1n20redteam.html
Furnell, S., Papadaki, M. (2008). Testing our defences of defending our tests: the obstacles to
performing security assessment references. Computer Fraud & Security, 2008, (5), 8-12.
Helms, M., Ettkin, L., & Morris, D. (2000). Shielding your company against information compromise.
Information Management & Computer Security, 8(3), 117-130.
Lodal, J., & Shinn, J. (2002). Red-teaming the data gap. Council on Foreign Relations. Retrieved
October 14, 2007 from
http://www.cfr.org/publication/8668/redteaming_the_data_gap_a_cfr_paper.html
Malone, T., & Schaupp, R. (2002). The Red Team forging a well conceived contingency plan.
Aerospace Power Journal, 16(2), 22-33.
83

Meehan, M. (2007). Red teaming for law enforcement. The Police Chief, 74(2).
Peake, C. (2003). Red teaming: The art of ethical hacking. SANS Institute. Retrieved October 14, 2007
from http://www.sans.org/reading_room/whitepapers/auditing/1272.php
Ray, H., Vemuri, R., & Kantubhukta, H. (2005). Towards an automated attack model for red teams.
IEEE Security & Privacy, 3(4), 18-25.
White, G., & Conklin, A. (2004). The appropriate use of force-on-force cyberexercises. IEEE Security
& Privacy, 2(4), 33-37.
COPYRIGHT

Greg Lane and David Brooks 2008. The author/s assign Edith Cowan University a non-exclusive license to
of the authors.

84

Title: Freedom Fighters or Terrorists by another name?
William Bailey

Adam McGill
Security Science
Abstract
The term terrorism has been over-used in recent history. This has led to the term losing some of value as its
meaning has been altered. This essay will refute the statement that freedom fighters are but terrorists of a
different name. It will be argued that there are certain actions and practices that separate the two. Performing
these behaviors will cause a group to fall under either one heading or the other. Defining Terrorism has been a
challenge in recent history. Early usage of word stems from the writings of Russian Revolutionaries, modern
day definitions have changed somewhat from these early beginnings. The term freedom fighters first emerged in
British controlled Palestine with creation of the group Freedom Fighters for Israel. Differentiating between
freedom fighters and terrorists involves the identification of a number of issues including; who has the right to
label activist groups, the requirement of popular support, freedom as a primary goal, their targets and areas of
operation. Included within this paper will be an examination of the IRA which aims to isolate and identify
changes in behaviours that lead to a group shifting its focus from freedom fighting to terrorism. It is certainly
possible to evaluate a group by its actions and goals and categorize it as either a terrorist group or freedom
fighters.

The term terrorism has been over-used in recent history. Its definition has been stretched, moulded and shaped
by the political context. This has led to the term losing its value and meaning. In effect it has become a catch-
all word used for purposes beyond a descriptor for a particular type of behaviour. This paper will refute the
statement that freedom-fighters are but terrorists of a different name, and will also argue that there are certain
actions and practices that separate the two and will cause a group to fall under either one or the other heading.
To construct this argument a clear definition of terrorism must be identified along with a clear definition of a
freedom-fighter. Factors which influence whether a group is labelled as a terrorist or freedom fighter will be
explored. Finally a case study and its participants will be examined and, through a discussion of their actions, be
categorized as either terrorists or freedom fighters.

DEFINITIONS
Terrorism
Defining terrorism has been a challenge in recent history. Early usage of word stems from the writings of
Russian Revolutionaries and Anarchists at the end of the 19th century. Bakunin includes terrorism, along with
Revolution and banditry as methods of challenging the superiority of the state. In fact Bakunin states that in the
course of revolution, opponents will cast them as terrorists in order to denigrate their cause (Bakunin, 1869).
Morozov, another Russian writer, would describe the tactics of the day as a new form of revolution namely
Terroristic Revolution Morozov included acts of violence against the state, including political assassination, as
terrorism. (Morozov, 1880). What is considered terrorism in the modern day has changed somewhat from these
early beginnings. Recent writings have described terrorism as;

85

serious, violent, criminal act[s] intended to cause death or serious bodily injury that occur outside an armed
conflict for a political, ideological, religious, or ethnic purpose and that are intended to create extreme fear with
the goal of intimidating a population or unduly compelling a government (Saul, 2006, p. xxxiii)

Wilkinson (cited in Barnaby 2007, pp. 207-208) describes terrorism as coercive intimidation. It is the
systematic use of murder and destruction, and the threat of murder and destruction, in order to terrorize
individuals, groups, communities or governments into conceding to the terrorists political demands. Current
Australian legislation describes terrorism as; an action or threat of action made with the intention of advancing a
political, religious, or ideological cause and, the action or threat of action is done with the intention of coercing,
or influencing by intimidation, the government of the Commonwealth including state and territories or foreign
country or, intimidating the public or section of the public. Included in the definition of an action are such things
as causing serious harm, injury, death, endangerment, serious risk to healthy and safety, disruption of electronic
and financial systems, damage to property (Australia, 2002). This becomes a catch all definition that may well
prove to be too general for it to achieve the desired aim; successful application in the courtroom.
There are subtle differences between the above definitions. The inclusion of the statement in Sauls definition
regarding outside of armed conflict is notable as this would be outside an open declaration of war. According
to this definition one could immediately discount insurgencies during times of war and occupation as non-
terrorist activities. Likewise the inclusion of destruction of property in Government legislation is also
interesting as this adheres to the general principals of a developed society where property is the driving force
behind the economy. Failure to protect this negates the concept of ownership upon which wealth can be
developed. The Wilkinson definition fails to mention damage to property, stating only serious, violent criminal
acts. The word terror has been defined as; an intense, overpowering fear (FARLEX, 2008). This brings us to
the difference between fear and terror. It is possible to argue that controlled demolition of an adversarys
facilities, without loss, or risk to, human life does not create the intense overpowering fear that possible loss of
life or serious injury does.
The better definitions include the compelling or coercion of government as a goal of terrorist groups. While this
is legitimate, a true definition of terrorism must include the goal of intimidating a population in order to force or
coerce the government into some form of action. Violent actions directed solely at a government and not at the
civilian population is one of the areas where this essay will differentiate between terrorists and freedom-fighters.
The definition of terrorism which will be taken for the purpose of this essay is Extreme political or
ideologically motivated violence with the intention of causing overwhelming fear in the civilian population, in
order to coerce the existing powers into a pre-determined course of action.

Freedom Fighters
The term freedom fighters first emerged with creation of the group Lohamei Herut Israel Or Freedom
Fighters for Israel; this group operated in British controlled Palestine and later became known as the Stern
Gang (Westrate, 1997). The international acceptance of the idea that they were freedom-fighters lies very
much with the general guilt felt by many at the abject failure to prevent the holocaust committed by the Nazi
regime. The term freedom fighter was also used to describe members of groups such as the Front de liberation
national (FLN), who fought to liberate Algeria from French occupation.
While no clear academic definition for freedom- fighter was identified, several dictionary based definitions were
discovered. The best of these was; Freedom fighter - noun - a person involved in armed conflict against an
oppressive government etc; an insurgent, rebel or insurrectionist (Allwords, 2008). The key point identified in
this definition is not that they are in involved in armed conflict, but in armed conflict against an oppressive
government. This is the definition which will be taken for the purposes of this essay.
86

LABELING AND LEGITIMACY
In terms of differentiating between freedom-fighters and terrorists an issue which must be addressed is who has
the right to label the different groups. A common statement concludes that "one man's terrorist is another man's
freedom-fighter." This is not necessarily the case. Who has the right to suggest that one group is either one or
the other? What may be viewed as a legitimate act by one group may not be viewed in the same light by another.
Correctly identifying the difference must be based on the history of a group as it is possible for one person to
say that an act was terrorism and another to say that it was a legitimate act of war (Newman, 2002). Another
complicating factor is the way in which terrorists construe abhorrent acts of violence as admirable acts of
courage (Jackson, 2004). Given these factors it is impossible for a burgeoning activist group to legitimately
label itself as freedom-fighters. That label can only be given based on examination of established behaviours
and actions.
It is also common for a political power to label a group as terrorists for solely political purposes. Sceptics argue
that some criminal acts become terrorist activities in order to secure political mileage (Barnaby, 2007, pp. 207-
208). Any label given to a group by a state or nation it is in conflict with must therefore be viewed with
suspicion.
Arguably, none of the directly involved groups may issue any legitimate labels due to the various biases and
agendas they may have. The decision of whether a group are freedom fighters or terrorists must come from
outside of the conflict, namely, the international community.
POPULAR SUPPORT
The definition of freedom fighter states that they are involved in conflict with an oppressive government.
Therefore in order to be classed as freedom-fighters they must not be involved in actions against a
democratically elected and supported government. Wilkinson argues that in a true democracy there can be no
group that does not have representation (Wilkinson, 1977, p. 257). Therefore it is possible to say that any
internal group that initiates violent actions against a democratic state cannot be labelled as freedom fighters. In a
democracy, citizens have the right to protest against government decisions, and many aim to cause political
change through non-violent means (marches, petitions, demonstrations, rallies).
FREEDOM AS A PRIMARY GOAL
United Nations Article 1514 (XV) makes the statement that all peoples have an inalienable right to complete
freedom, the exercise of their sovereignty and integrity of their national territory. Also included in the Article is
the following statement; All peoples have the right to self-determination; by virtue of that right they freely
determine their political status and freely pursue their economic, social and cultural development. (UN, 1960).
In the eyes of the international community groups acting against governments which deny these rights to their
people may be classed as freedom-fighters, as the internationally recognized rights of freedom are what they are
fighting for. In order to support this classification they must retain the support of majority of their population.
Losing popular support may mean they are in fact acting against the peoples right to self determination.
The emergence of the term freedom fighter can be traced back to a period of history during
which global society was experiencing a wave of anti-colonial terrorism as described by
Rapport (2002), Complications arise in securing this definition of political action because a
freedom-fighter, as defined above, refers to those who struggle against oppression. This is seen in some corners
as an acceptable form of action as it is directed towards a legitimate cause. Even the United Nations has stated
that people under foreign occupation have a right to resistance and that any definition or terrorist or terrorism
should not include them (High Panel Report, 2004). What differs between the two is not the ultimate goal or
even the initial causes, but the method of operation. Freedom-fighters do not target civilians and non-
87

combatants. They do engage in violence, but this violence should be against government or military bodies and
is often referred to as guerrilla warfare, which is the deliberate use of violence against military and security
personnel (Ganor, 2002). Inevitably some civilians do get caught in the crossfire but they are not the principle
targets. A terrorist act, on the other hand, does deliberately target an area that is frequented by civilians, such as
train station, hotel or office building in order to inflict as much physical and psychological damage on the
population as a whole as possible. The objective for terrorist violence is to inflict terror!

TARGETS
One of the best ways to differentiate between freedom fighters and terrorists lies in the targets at which they
strike. Freedom-fighters aim to make their primary targets military or state based. While civilian casualties may
occur, they are not the intended target (Goldie, 1987). Freedom-fighters will make every effort possible to avoid
and reduce civilian casualties in order to retain their public support. In contrast, terrorists intend to harm non-
combatants in order to coerce a third party (Goldie, 1987). In many cases of terrorism the perpetrators are
heedless of the fact that the victims are complete strangers with no individual strategic value. They are treated as
a symbolic target for the separate purpose of instilling overwhelming fear in the hearts of the target population
(Goldie, 1987).

AREA OF OPERATIONS
Given the restrictions on popular support discussed in regards to freedom being the primary goal, freedom
fighters operations are restricted to within their own areas. Against an oppressive government or illegal
occupying force their actions have a degree of legitimacy, however, once the group begins to strike at targets
beyond its area of popular support, perception of the group will change. Striking at targets outside the area of
conflict , for example at foreign nationals in neighbouring countries, is viewed as a direct attempt at coercing
public opinion and falls under Wilkinsons definition of terrorism (Wilkinson, 1977, p. 376)

IRA: Terrorists or freedom fighters?
88

SUPPORT
An example of how a political group may exist as both freedom fighters and terrorists is that of the IRA and
Provisional IRA operating in Northern Ireland in the early 1970s through to the late 1990s. For republicans in
some areas of Northern Ireland this conflict was merely a manifestation of rebellion dating back centuries
(Harnden, 2000, p. 95). In certain areas, for example urban ghettos and smaller towns such as Crossmaglen in
South Armagh (Coogan, 2000, p. 377), the Provisional IRA enjoyed considerable public support albeit often in a
passive sense (bed for the night, hospitals not reporting treatment for gun-shot wounds, etc. )(Coogan, 2000, p.
376).
FREEDOM
It has been said that at its broadest the IRA struggle in Northern Ireland came under the heading of a means of
national self determination (Cowell, 2005). This brand of struggle was accepted and legitimized by the United
Nations Article 1514 (xv) as discussed previously.
TARGETS
In the early 1970s the main IRA tactics consisted of blockades, stone throwing and petrol bombings, along with
some political aspirations. However later years saw the rise of a concentrated campaign of economic warfare. It
was in fact IRA policy that a Protestant was never to be targeted on account of his religion. In fact the only time
civilians were deliberately targeted was during the campaign on the British mainland (Coogan, 2000, p. 380).
The IRA also issued statements advising that warnings were issued to authorities before detonations of
explosives in order to prevent unnecessary casualties (the same statements also add that the warnings were
deliberately held back by the British as counter-tactic in order to maximize negative publicity for the IRA)
(PIRA, 1973). These actions, along with targeting RUC and British Army forces, and along with activism and
hunger-strikes may all be considered the actions of freedom fighters. The annual cost of holding the North for
the British was 1 billion annually during the 1970s (Coogan, 2000, p. 376). The strategy of economic warfare
was inflicting a heavy economic as opposed to civilian toll.
AREA OF OPERATIONS
Later events would alter the perception of the international community towards the IRA. In the early 1980s a
number of bombs were detonated on the British mainland, the purpose being to export the terror and
destruction of the Northern conflict. The reasoning behind this was simply that targeting soldiers in Northern
Ireland was not getting enough attention and that bombing England would keep the issue on the political agenda
(Harnden, 2000, p. 318). It had now become a terror campaign. By moving the area of operations to a sector
with no strategic value beyond causing casualties among non-combatants and sowing terror, the IRA lost their
legitimacy as freedom-fighters. The change in tactics led to a shift in public and international perception of the
group.
MANDELA; TERRORIST OR FREEDOM FIGHTER?
One figure in global politics provides an insight in the difference between freedom fighter and terrorist. Nelson
Mandela is seen by global opinion as larger than life. He is a figure who embodies struggle, his own struggle
for change lasting fifty years (Newswire, 2008). What is not often discussed however are his links to the
organization known as Umkhonto we Sizwe (MK) or Spear of the nation.
MK was the military wing of the African National Congress (ANC). It was formed in 1961 with the intention of
using it to pursue an agenda of change through the use of violence. Immediately after its conception MK
commenced a sabotage campaign against strategic facilities in South Africa. There were strict rules in their
mandate with Tambo, the leader of the ANC, telling the Guardian newspaper The strict rule was that sabotage
should involve no injury to life (Ngculu, 2003).
89

From a military perspective these attacks were amateurish but effective. Homemade explosives were the weapon
of choice with much of the expertise coming in the form of World War II veterans within the ranks of MK.
Sabotage operations continued for over a year after the creation of MK. Targets were chosen strictly and in
accordance to the demands of the given definition of freedom fighters. Targets selected included pass offices,
power pylons, and police stations and military facilities. Most MK personnel lacked real training with the result
that these attacks did not always go according to plan. Large numbers of saboteurs were imprisoned as a result
(Williams, 2006).
As activities continued the MK organisation sent selected senior commanders out of the country in order to
prepare external infrastructure and receive advanced military training. Nelson Mandela was one such officer.
He featured prominently in these efforts and received training in both Algeria and Ethiopia (Williams, 2006).
On his return to South Africa Mandela again became involved in the struggle and, after a period of evasion, was
captured and tried for sabotage. At his trial he was quoted as saying;
I did not plan it [sabotage] in a spirit of recklessness, nor because I have any love of violence. I planned it as a
result of a calm and sober assessment of the political situation that had arisen from many years of tyranny,
exploitation and oppression of my people by the whites. (Ngculu, 2003)
In 1969 the charter for MK was formally recognized and a modern approach to the theory of political and
military liberation struggle was adopted. The Morogoro Conference of 1969 lead to the creation of the Strategy
and Tactics Document which outlined the objective factors for guerrilla operations and being dependant on;
The existence of political leadership capable of gaining the organized support and allegiance of the people, or in
terms of this paper, popular support.
Readiness to respond to the strategy of armed struggle with all the enormous sacrifices which this involves
Extending and consolidating the machinery of the underground operations. Military struggle is only part of, and
is guided by, broad political strategy
MK recognizes the primacy of the political leadership as unchallenged and all revolutionary formations, armed
or otherwise, are subordinate to it (Ngculu, 2003).
Operations by MK continued throughout the decades of Mandelas imprisonment with limited success. 1983
saw a shift in tactics. In May of that year a car bomb was exploded outside the South African Air Force and
Military Intelligence Headquarters in Pretoria. Extensive structural damage was caused to both buildings, a
number of military personnel were killed but the attack also claimed the lives of a number of civilians. This
operation demonstrated that MK was willing to operate both deep inside urban areas and also in a fashion not
restricted by symbolically military targets. Further to this the ANC released a statement announcing that it
could no longer guarantee the safety of civilians in the this struggle (Williams, 2006). This was a calculated
statement designed to increase the pressure for change by increasing the element of fear experienced by a
population. The MK, and ANC by extension, had begun to use terror as a political tool.
Mandelas release and the eventual demise of Apartheid led to the inclusion of the MK into the South African
armed forces thereby giving the group a legitimate standing in the armed forces. Mandela himself became the
first black president of South Africa. However under the current definition of terrorism accepted by Australia,
Mandela is still a member of a terrorist organization. Civilians were targeted and fear was used as a political
weapon. Mandela was in fact the essence of a freedom fighter; he knew and accepted the necessity of armed
struggle against oppression but abided by the conventions to prevent this violence from descending into
terrorism. Mandelas vision for Africa continued throughout his presidency eventually establishing the Nelson
Mandela Children's Fund to strive to change the way society treats its children (Newswire, 2008). At no time
has Mandela ever renounced the use of violence as a method of achieving political change against an oppressive
government and as such it is only in recent history that the United States has finally removed Nelson Mandela
and the African National Congress from a three decade old immigration watch list for possible terrorists
(ABCNews, 2008).
90

CONCLUSION
This essay has discussed what attributes categorize an activist group as either a terrorist or freedom fighter. It
has cast doubt on involved parties abilities to label themselves and has shown that there are certain actions that,
when taken, will shift a group between the two headings. It has been shown that the main differences between
terrorists and freedom fighters are; public support, goals, and the targets they choose, as well as the areas in
which they operate. While both groups may be formed with the same intentions, how they go about achieving
them determines which heading they fall under. It is certainly possible to evaluate a group by its actions and
goals and categorize it as either a terrorist group or freedom fighters.
In all the examples discussed above, the terrorism has been committed against what were considered as
oppressive systems of government. This type of terrorism is referred to as anti-colonial terrorism, which ended
in the 1960s (with a few exceptions). The form of terrorism that the world is facing today has been coined as
the religious wave (Rapport, 2002). The religious wave has brought new groups into the fold and has given
rise to new justifications for terrorist acts (Rapport, 2002). Specifically, Islam has played a major role in this
form of terrorism although this is definitely not to say that all people of the Islamic faith are terrorists, or even
support the idea of it. In fact, the majority of Muslims have condemned the actions of al-Qaeda and the like
outright (Stempel, 2005). However, it is thought that Islamic societies have become less capable of dealing with
the modern world, and increased frustration, hatred for the West and all it stands for has turned into Islamic
radicalism, resulting in a growing number of movements (Stempel, 2005). This religious wave was also the first
to use a human body as the preferred delivery method for an explosive attack (Rapport, 2002). It would be hard
to argue that killing those who do not adhere to your faith is in some way and act of freedom. Therefore
religious terrorists cannot claim under any definition that they are freedom fighters for their brand of idealism
any more than the Baader- Meinhof gang( 1966- 1977) could claim they were liberating the working classes
when they murdered for their revolutionary socialist cause
One mans terrorist is another mans freedom fighter in title only. Freedom fighters want political power in their
own country. They want to take part in the decision making process of their own country and they want the
dominating authority to leave them in peace. The IRA, FLN and the ANC, despite many claims to the contrary,
all qualify as terrorist organizations because they have killed civilians even though they began by targeting only
the symbols of colonialism, occupation or suppression. The terrorists of today have even less of a claim to
freedom fighters as attacks on civilians increase in number and severity, and there is no doubt that more
attacks will occur in the future.
The term one mans freedom fighter is another mans terrorist is not only inaccurate but intentionally
misleading. It pollutes the issue and makes things (such as definitions of terrorism) impossible to decide or
define. Terror is a word that has a definition and a meaning. If one supports terrorism then, in order to
communicate effectively, it would be better to say that one supports this particular form of terror. If the misuse
of this phrase does not stop, then the counter-terrorism efforts of the international community will neither
achieve their goals nor gain wide acceptance. The need is to stop the sponsorship of terrorism and terrorism
itself in all its guises. The use of terror to achieve political goals is morally wrong, but what is at stake for many
is freedom itself. The dilemma will always be what is acceptable in the pursuit of freedom? Furthermore, does
violence ever become tolerable if it can be shown to be in pursuit of a so called noble cause and therefore
becomes what t can be classified as a legitimate ?

91

REFERENCES
ABCNews. (2008, 2nd July 2008). US drops Mandela from terrorist list. Retrieved 20th November, 2008, from
http://www.abc.net.au/news/stories/2008/07/02/2291630.htm
Allwords. (2008). Dictionary definitions for "freedom fighter". Retrieved 29th March, 2008, from
http://www.allwords.com/word-freedom+fighter.html
Australia. (2002). TERRORISM (COMMONWEALTH POWERS) ACT 2002. Retrieved. from.
Bakunin, M. (1869). Neskolko slov k molodym bratyam v Rosii (Revolution, Terrorism, Banditry). Geneva.
Bin Hassan, M.H. (2007). Imam Samudra's Justification for Bali Bombing. Studies in Conflict and Terrorism,
30(12), 1033-1056.
Barnaby, F. (2007). The Future of Terror. London: Granta Books.
Coogan, T. P. (2000). The I.R.A. London: Harper-Collins.
Cowell, A. (2005). Two Faces of Terrorism: Is One More Evil Than the Other? New York Times, 44.
FARLEX. (2008). Definition of terror. Retrieved 28th March, 2008, from
http://www.thefreedictionary.com/terror
Ganor, B. (2002). Defining terrorism: Is one mans terrorist another mans freedom fighter? Police Practice and
Research 3(4), 287-304
Goldie, L. F. E. (1987). Profile Of A Terrorist: Distinguishing Freedom Fighters From Terrorists. Syracuse
Journal of International Law and Commerce, 14(2), 125.
Harnden, T. (2000). Bandit Country: The IRA & South Armagh. London: Coronet Lir.
Jackson, L. (2004). Understanding Terrorism: Psychosocial Roots, Consequences, and Interventions. Canadian
Psychology, 45(3), 245.
LoBaido, A.C. (2001). Behind The Third Boer War. Retrieved March 24th 2008, from
http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=22477
Morozov, N. (1880). Terroristicheskaya Borba (The Terrorist Struggle). Geneva.
Newman, B. (2002). Terrorism is in eye of beholder. Denver Post, A.05.
Newswire. (2008). Nelson Mandela's 90th Birthday Celebration. PR Newswire.
Ngculu, J. (2003). The role of Umkhonto we Sizwe in the creation of a democratic civil-military relations
tradition. Retrieved 20th November, 2008, from
http://www.iss.co.za/dynamic/administration/file_manager/file_links/OURSELVESNGCULU2.PDF?lin
k_id=32&slink_id=1760&link_type=12&slink_type=13&tmpl_id=3
PIRA. (1973). Freedom Struggle by the Provisional IRA. pres. Dublin.
Rapoport, D.C. (2002). The four waves of rebel terror and September 11. Anthropoetics The Journal of
Generative Anthropolgy, (8)1.
Saul, B. (2006). Defining Terrorism in International Law. Oxford, New York: Oxford University Press.
Stempel, D. (2005). The impact of religion on intelligence. International Journal of Intelligence and
Counterintelligence (18)2, 280-295.
92

Terrorist Watch. (n.d.). Retrieved March 14th, 2008, from http://www.netcomuk.uk/sringbk/enemy.htm
UN. (1960). Article 1514 (XV). Retrieved 30th March, 2008, from
http://www.un.org/documents/ga/res/15/ares15.htm
United Nations High Level Panel. (2004). Report to the General Assembly on the Threats, Challenges and
Change. Retrieved March 2nd 2008, from http://www.un.org/News/dh/infocus/terrorism/sg%high-
level%20panel%20report-terrorism.htm
Westrate, B. (1997). The Stern Gang: Ideology, Politics and Terror, 1940-1949. The American Historical
Review, 102(3), 1.
Williams, R. (2006). The Impact of Guerrilla Armies on the Creation of South Africa's Armed Forces. Institute
for Security Studies, 127.
Wilkinson, P. (1977). Terrorism and the liberal state. London: Macmillan Press.

COPYRIGHT

Bill Bailey and Adam McGill 2008. The author/s assign Edith Cowan University a non-exclusive license to
of the authors.

93

CERBERUS: THE GAME OF SECURITY ANALYSIS

Stuart Porter
Department of Computing
Curtin University of Technology
Stuart.R.Porter@student.curtin.edu.au

Tele Tan
Department of Computing
Curtin University of Technology
T.Tan@curtin.edu.au

Kok Wai Wong
School of Information Technology
Murdoch University
K.Wong@murdoch.edu.au

Abstract
Physical security assessment for critical infrastructure is an integral part of security system design and
maintenance. It is designed to sieve out security gaps and loopholes that if left unattended may result in
disastrous consequences. The dynamic nature of modern day security threats as well as the ever-changing
situations in the secure environment remains a challenge to security managers since conventional security
audits are inadequate in such circumstances. We propose here a computational security dynamic system which
is aim to provide security managers with the ability to detect and respond to emerging threats and changing
environmental conditions. We will address the requirements and design considerations for this simulation
system using serious games concepts as well as a progressive development plan to achieve the objective. It is
planned that the proposed system will also provide useful opportunities for research and development in the
fields of security and behavioural modelling.

Keywords
Static Security Analysis, Dynamic Security Analysis, Intelligent Agent, Simulation, Serious Game, Cerberus
INTRODUCTION
Physical security involves measures undertaken to protect personnel, equipment and property against threats of
all forms. It includes both passive and active measures. Passive measures include the effective use of
architecture, landscaping and lighting to achieve improved security by deterring, disrupting or mitigating
potential threats. Active measures include the use of proven systems and technologies designed to deter, detect,
disseminate and respond against threats.

Another emerging trend of improving the security is by analyzing different possible threats using computer
simulation. The modern computer, whose ancestors were originally developed to simulate shell trajectories in
WW2 and crack un-crackable codes by simulating the encoding machine, have evolved to allow us to simulate
the world we live in. Computers are now being used to simulate and train people for various disasters, from
mine cave-ins to toxic spills (Straw 2007). There are even projects looking to integrate many varied simulators
of specialised design to allow for the simulation of larger disasters, such as earthquakes (Takeuchi, Kakumoto &
Goto 2003).

The power of these simulations comes from the computers ability to quickly analyse data given to it and create
an output based on complex formulas. The speed and suitability for computers to perform these sorts of
calculations allows for simulations to be interactive, to alter the environment that is being simulated in real time
and receive real-time representation of the ramifications of that change. This power grants a two-fold benefit,
removing the need for costly human calculation of variables and allowing for the modeling of difficult or
impossible to simulate real world events. It is the goal of this project to exploit these capabilities in the field of
physical security.

94

This paper gives details on the requirements specification and design background of the Cerberus system which
is an active simulation software system targeting the physical security industry. The concept was to allow for a
user to run virtual Red Team activities against personnel, assets and infrastructure, to gauge the overall
facilitys resistance to varied attack scenarios and the dollar cost of those attacks. Operationally, Cerberus can
be used as a system in a loop deployment, in between regular security assessments, to provide up-to-date
security threat assessment and timely responses to these threats.

The Cerberus software is based upon the Serious Games software development principles. The concept of a
Serious Game is to use video game technology and/or design methodologies to produce software with a focus
on simulation, training or evaluation (Gallego et al. 2006). While we hope to explore numerous concepts
through the development of Cerberus, it is being developed with the aim of producing software that could
quickly be taken up by security experts and put to use.

It is intended that the completed Cerberus system would allow for a fast and accessible way for users to assess
the security of a facility. For example, after inputting a facility (3.1), a user can use Cerberus to generate a visual
security guide to their facility (3.2) allowing them to visually assess the security of their assets. The user will
then be able to make changes, such as adding or moving security elements and then assess the impact these
changes have had on their overall security.

BACKGROUND
Many modern facilities need to undergo regular security audits, from airports to banks to mine sites. With
Security Consultants costing upwards of $300 an hour, human inspection quickly becomes prohibitively
expensive. Due to this cost, security audits are only performed at intervals, which can result in security problems
when the approved security plan changes.
An example case involved a terror suspect who escaped from a Singapore detention centre in 2008 (Mydans
2008). The suspect took advantage of a window left unprotected due to ongoing renovations. Being a prison, we
assume the facility would have at least undergone an audit before the renovations. But, due to a dispute between
the contractor and prison, the accepted security plan was altered and the impact of this alteration was not
detected. It is for this problem area we have designed Cerberus.
Terrorism/Security
In this modern world, it is not uncommon to use fear mongering to help push an agenda. It is not our goal to
feed on this fear, but rather to try and reduce it. The Cerberus system is intended to allow a user to assess their
security and confirm it achieves a level of security they are comfortable with. The system is intended to allow a
user to perform objective assessment of their security and to allow them to make necessary alterations.
We believe, based on data available (Figure 1), that there is room for and perhaps even a need for new security
simulation software. It should be noted that this data has been abstracted for the reasons of illustration.
Terrorism goes through dips and rises but the data available suggests it is on an upward trend.

Figure 1 - Terrorism Incidents 1976 - 2006 (Based on data from (LaFree & Dugan 2007, p. 181))
95

Serious Games
Serious games are becoming a well recognized and funded answer to problems ranging from AI Research
(Gallego et al. 2006) to Disaster control and training. At least one such project, Hazmat: Hotzone, which began
as a research project at Carnegie-Mellon Universitys Entertainment Technology Center has spawned a spin off
company, dedicated to the productions and extension of the system.

CERBERUS GOALS
The goals of Cerberus are to, firstly, allow the simple input and setup of a facility (3.1). Secondly, a user should
be able to perform an analysis of the security at a facility under given circumstances (3.2). Thirdly, it is of
interest to allow a user to run virtual Red Team events against a facility by use of Intelligent Agents (3.3), a
exercise supported by the final goal of Distributed Computing (3.4).
Facility Input
It is envisioned that facility input process will accept either a CAD representation of a building or possibly even
simple blueprints of the building. The input step is of particular importance because from an end user point of
view, if the software is difficult or frustrating to use, uptake and use will be reduced. It is envisioned that the
software will be laid out to assist in facility input. So, in the case of input from a flat floor plan, a user may be
required to help clarify which lines represent walls. Once a user has selected a wall, the software will attempt to
intelligently apply this knowledge and present the user with a click and drag style interface of making
corrections.
As part of facility input, it will be necessary for a user to define the security elements (5.1). This will involve a
streamlined interface to allow a user to select items such as walls and define their security characteristics. It is
envisioned that a user will simply be able to click and drag elements such as security personnel and security
devices into place with default settings, and once placed they may view and alter the settings of the elements to
suit their scenario.
Static Security Analysis
Once a facility has been input a user may perform static security analysis. It is most likely that a user will be
required to set several variables before they perform their analysis, such as weather conditions which can impact
the performance of sensors and responders and also the time to help simulate the typical state change between
security during the day and security at night. The system is then expected to produce a heat map(5.4),
allowing a user to see visually the security levels of the facility. See Figure 2 for mock up.
Based on this information a user can then assess the risk to their assets and any changes that need to be made.
As a part of Cerberus we will also explore Computer Aided Security Design, where the Cerberus System itself
will be able to suggest optimisations to the system. CASD will remain a lower priority unless Cerberus can be
demonstrated to be capable of acting as an expert system to the satisfaction of security personnel.

Figure 2 - Static Analysis Heatmap Mockup

96

Dynamic Security Analysis
It is felt that Dynamic Analysis through Simulation could prove to be one of the more valuable elements of
Cerberus, allowing for the low cost simulation of varied attacks and evacuations procedures on a large scale,
such as an Olympic stadium. Indeed, several other research projects already seek to simulate security procedures
(Koch 2007; Guru & Savory 2004), facilities (Tarr 1992; Tarr 1994; Tarr & Peaty 1995) and even model
behaviour in a large scale emergency (Takeuchi, Kakumoto & Goto 2003). It is felt that the Dynamic System we
propose, detailed below, is novel enough to validate our research. However, given the cost and effort required
with building and proving behavioural models, this goal is currently considered secondary to the more easily
applied Static Analysis.
The intention of simulation within Cerberus is to allow a user to input all personnel within a system as Agents
(5.2) and to attempt to simulate their movements within a facility and their reactions to stimuli. We classify
stimuli in this instance as events such as alarms or points of interest such as computer terminals and other
agents. As part of the simulation, a user could add Attacker Agents who will attempt to bypass the other agents
and facility security to gain access to assets.
A concept we would like to explore is branch points for simulations. The concept runs that with a single
Attacker Agent the world state could be saved each time the Attacker makes a choice. These branch points could
then be processed separately, allowing the exploration of all possible attacks and the collection of statistics.
For instance, after all branch points have been simulated to success or failure for the attacker the system could
offer a summary such as;
In 30% of simulations the attacker escaped with assets. 90% of these simulations branch from an entry
through window 4 on the second floor.
Using this information the user could add extra alarms or sensors to the second floor and run the simulations
again, perhaps specifying a second floor entrance for expedience. This ability to simulate various scenarios and
test solutions could obviously prove useful. However, once you start to try and simulate multiple attackers or a
large facility, the processing demands increase quickly. To solve this problem, we propose to use distributed
computing.
Distributed Computing
During design of the Cerberus system, a goal of computational distribution has been kept in mind. This has
influenced the selection of tools (Section 4) and required that a design goal of modularity be considered. A
proposed client/server infrastructure will be illustrated later (Section 5.3). It is planned that a cross-platform
client would be produced, allowing users to potentially farm their simulations or complex static analysis out to
multiple Windows desktops and/or a dedicated Linux cluster.
An average workplace computer runs with a great deal of its processing power unused. It is planned that
Cerberus could take advantage of this untapped computing power, as many existing compilers and graphics
rendering systems do, to allow a user to quickly process a large job with minimal impact on their co-workers.
However, due to the development environment selected which will be discussed in Section 4.2 an interesting
possibility is opened up. It is proposed that the Cerberus system could farm processing out to Xbox 360s.
Game Consoles are sold typically on the razorblade model. This system of marketing entails selling one
component, the console, at a loss with the intention of making money later on other components, software and
peripherals. This far into its life cycle it is most likely the Xbox 360 console is no longer sold at a loss, but
game consoles still represent an exploitable resource for cheap, dedicated hardware.
A single Xbox 360 console contains 3, 3.2Ghz Power PC Processors and 512MB of GDDR3 RAM clocked at
700Mhz. This gives the console a vector processing power of 9 million dot product operations per second and
an overall processing power of 1 Teraflop of Floating Point calculations per second. With a 20GB HDD
included, a second hand Xbox 360 will cost you roughly $320 with the added benefit of grabbing student
attention.

TOOLS
As part of the design and research of Cerberus, several different tool sets were examined. Initially, a high
importance was placed on a cross platform development environment (4.1). As the project has progressed
however, our criteria have changed somewhat, resulting in our current selection (4.2), detailed below.
97

Delta 3D
Delta 3D is a fully funded, open source cross platform development tool set for serious games. It has an active
community, full time development team and many desirable features such as built in network and physics
systems. Its designed to encapsulate existing open source systems and to build tools to link them together,
creating an easy to use development environment.
However, working on the Delta 3D environment was less than positive. Attempts to install the system under OS
X were met with various fatal problems. Messages to the Delta 3D forum asking for help often sat for days or
went completely unanswered. While a large portion of the problems resulted from OS X being a lesser used
development platform for Delta 3D, it was still disappointing and resulted in further exploration of other tool
set.
XNA
XNA is in many ways the opposite of Delta 3D. It is not a cross platform development environment or open
source. It is a toolset released and supported by Microsoft to encourage development of games on their Xbox
360 system and on the Windows Operating System. Due to this, it is actually very simple to cross compile,
opening up the possibility of using Xbox 360 as a processing client. XNA is built upon the successful Visual
Studio system with 2.0 running under Visual Studio 2005.
It is felt that with most businesses using Windows for their desktops, the transition to a Windows centric
development should cause minimal harm to the end product. There are also cross-platform tools available for
compiling C# code, Mono, which with the current client/server design is sufficient. The limited experience so
far with XNA has also been excellent, with strong, active community support, numerous pages offering coding
tips and samples and the official Microsoft site providing various games with complete source.

DESIGN
It has been our focus in creating the preliminary design to make the system as modular and adaptable as
possible. We believe our preliminary design, detailed here, will prove applicable to the Cerberus problem area
but accept that there is an imperative in research to adapt. The following sections should prove a good overview
of the design.
Security Elements
We have proposed a system for Security Elements based on inheritance and Object Oriented design (See Figure
3). The intention with the system is to make it as easy as possible for a user to add or customise an element. So,
for instance, a user wanting to create a reinforced concrete wall could create a concrete wall, then go into the
Material properties and alter them appropriately, saving the new material for use later. It is envisioned that a
simple drag and drop interface will present elements to the user for placement with elements such as drop down
boxes allowing for the selection of items.

Figure 3 - Proposed Security Element Model

98

Intelligent Agents
The agents we have designed for use in the Dynamic Security Analysis present a problem. There is a desire to
create realistic, intelligent behaviour but also to allow for up scaling to potentially tens of thousands of agents.
The system we propose separates agents into three types based on behaviour, similar to at least one other known
design (Smith et al. 1999). Beyond that we also specify complexity based on the importance of the agent to the
simulation, as detailed below.
The most simple agent, referred to as the Bystander Agent, would also be the most common. Intended to model
civilians and non-security staff, a Bystander Agent would perform a simple coin toss or dice roll decision
upon encountering various elements within the environment, including other agents. It is proposed that typically
choices will be made between a high probability option and a low probability option. For example, on
perceiving another Bystander Agent there is a high probability that the Bystander will do nothing with a low
probability that they will engage the other Bystander in conversation.
Building upon this, we have planned a Point of Interest concept, which tracks stimuli and ranks them based on
priority. So, if a Bystander Agent has heard a fire alarm, evacuating will have a higher priority than talking to
another Bystander Agent, providing context limited action choices. We believe this system could provide an
efficient simulation of behaviour in a work place and help represent various real world scenarios such as a agent
not detecting an attacker because they are engaged in a conversation.
The second agent type we wish to model is the Defender Agent. The Defender Agent will incorporate and
extend the behaviours of the Bystander Agent and is intended to model security personnel. To simulate the
training and skills of the field, the Defender Agent will have a higher level of perception as well as type specific
behaviours such as patrolling a specified route. Defender Agents will be fewer in number than Bystander Agents
in most scenarios and it is intended that they would use a somewhat more complex decision process, more akin
to fuzzy logic than a coin flip.
Our agent design includes a framework for modeling complex communication. For instance, should a Bystander
Agent hear a noise and become suspicious, they will seek to contact a Defender Agent and report the location.
This information would then be added to the Defender Agents Point Of Interest list and acted upon
appropriately. We intend to incorporate the capacity for false alarms into this behaviour as well as the potential
for loss of accuracy from word of mouth. This brings us to the third and final agent type, Attacker Agents.
Due to the nature of a simulated Red Team, the attacker agents will require the most work. They will need and
justify a more complex intelligence model and higher processing, an attacker needing to respond accurately to
an environment to make the simulation worth while. While some base behaviours such as search or wander may
be useful to an Attacker Agent, for the most part their behaviours will be unique. It is planned that given the
small number of attackers likely to be operating in comparison to Bystanders and Defenders, it is justifiable for
the Attackers to use considerably more resources in the pursuit of realism.

Figure 4 - Proposed Agent Modelling System

Client/Server
The client/server design (See Figure 5) is relatively simple and will be covered here briefly. A single system
may run a simulation or analysis, but with larger simulations such as the earlier stadium example, it would
quickly become an arduous process. The proposed system is that a server system would maintain the Facility
Model or World Model. Each connected client would be assigned Agents as needed, with a weighting based on
the type of agents. So, for instance, one machine may run 10 Bystanders or 3 Defenders or a single Attacker.
99

For each agent, the client looks at the environment, updates the Agents Point of Interest listing and calculates an
appropriate action and updates its Agents appropriately. It communicates movements to the server, similar to a
network game, which updates the World State and then updates all clients. We believe this model would allow
for excellent scalability.

Figure 5 - Proposed Client/Server Model

Security
For the purpose of determining security we break a facility down into a collection of zones. A zone is an
arbitrary area with some common bounding condition. The most common example would be a room, where the
walls, windows and doors act to bound the zone. Zones act as the basic blocks for security analysis. For the
purpose of determining a zones security, we look at its effort distance from the outer zone.

The outer zone acts as a security free container, representing the uncontrolled public domain beyond a facility.
Zones then link to each other from this outer zone in a logical manner. This makes determining the security of a
zone a graph domain problem similar to those encountered in computer communications. We use Dijkstras
algorithm (Cormen et al. 2002, p. 595) to find the least effort distance required to reach a zone (node) and use
this effort distance (edge) as our security metric, on the basis that an attacker will logically seek the least secure
zone or path for attack.

The wall between them determines the effort distance or graph edge between two zones. A wall may act as a
container for doors and walls all with their own material types and security ratings. The security of a wall will
be determined primarily by the weakest part, so for a concrete wall with a steel door and a glass window, the
walls security will be equivalent to the window. This seems appropriate for many cases but probably over
simple and we will investigate weighting a walls security and more complex security determinants as Cerberus
evolves.

As part of the calculation of Dijkstras algorithm, we also generate and store information on which zone would
most likely be used to access a given zone. This will allow compelling visual information to be displayed to
users on why a zone has the security rating it does, enabling users to make informed decisions on how best to
tweak their security. Being able to visually trace multiple attack paths to a single weak zone will help users to
experiment with adding security to that zone or those before it, increasing the overall security of their facility.

DISCUSSION
In the preceding sections we have provided an overview of the design for the Cerberus System. The next stage
will be to incorporate our data model, based upon the work by Zachary J. Alach (Alach 2007), and begin testing.
The testing will involve static analysis of an example facility with consultation from security industry
professionals. We shall seek feedback on both the prototype interface and the analysis performed by the
software.
It is hoped that Cerberus may also provide the basis for future research opportunities. One concept proposed for
future work is a form of hybrid reality security. In this concept, models of people could be used in conjunction
with security elements to predict and track movement through a facility. This sort of system could prove
invaluable in helping staff to locate and evacuate everyone during, for instance, a fire alarm. The security
benefits of being able to flag unusual behaviour are also interesting to consider.
Cerberus also offers interesting training possibilities. An altered version of the system might allow training
consultants to test their assessment skills against a proven system, Cerberus acting as a type of expert system.
An interesting concept is to extend the system, taking on more game components to allow security personnel to
take on the role of an Attacker or Defender Agent and use the simulated environment for training. You could
100

even make a sort of Splinter Cell-esque multiplayer, where one player must setup the security elements and try
to detect and capture a friend before they escape with assets.
A fully realized Cerberus System opens up many interesting possibilities for security testing, training and
research. We hope that some of these possibilities may be explored in future projects.

CONCLUSION
We hope to achieve many things through the use of the Cerberus System. It is hoped that we could produce a
commercially viable product, which would help fund research into expansions, such as Agent Modelling and the
Hybrid system. We also believe that the process of researching and building the system may well lead to
valuable community knowledge and discussions including exploration of intelligent, non-invasive security
systems.
We believe that the knowledge gained through the development of the system will also prove valuable and hope
it will result in the release of useful source code and knowledge related to the area of security and the
development environment of XNA. We further believe the knowledge and artifacts created as a part of the
Cerberus system could easily be applied to other projects within the wider research community to help boost
productivity through the use of modeling and simulation technologies.
Acknowledgements
The authors would like to thank Professor G. West for his feedback and assistance towards this project. We
would also like to thank Mr Z. Alach, whose work has formed the basis of our own.

REFERENCES

Alach, Z. 2007 Mapping the elements of physical security towards the creation of a holistic physical security
model, Masters Thesis, Edith Cowan University, Perth, Western Australia

Cormen, T. Leiseson, C. Rivest, R. & Stein, C. 2002 Introduction to Algorithms, 2
nd
Ed. USA: MIT Press, pp
595 601

Gallego, F. Bernabeu, A. Reverte, J. Rosana, S. & Llorens, F. 2006, A Computer-Games-Based AI research
environment in Proceedings of the Fifth Mexican International Conference on Artificial Intelligence

Guru, A. & Savory, P. 2004, A Template-Based Conceptual Modeling Infrastructure For Simulation Of
Physical Security Systems in Proceedings of the 2004 Winter Simulation Conference, pp 866 873

Koch, D. B. 2007, Portsim A Port Security Simulation and Visualization Tool in Proceedings of the 41
st

Annual IEEE Carnahan Conference, pp109-116

LaFree, G. & Dugan, L. 2007, Introducing the Global Terrorism Database, Terrorism and Political Violence,
pp 181 204

Mydans, S. 2008, Terror Suspect Fled Prison Through Window, Singapore Says, New York Times 22 April

Smith, J. Peters, B. Jordan, S. & Snell, M. 1999 Distributed Real-time Simulation for Intruder Detection
System Analysis in Proceedings of the 31
st
conference on Winter Simulation: simulation a bridge to
the future Volume 2, pp 1168 1173

Straw, J. 2007, "Games Aid Emergency Management, Security Management December

Takeuchi, I. Kakumoto, S. & Goto, Y. 2003, Towards an Integrated Earthquake Disaster Simulation System
in Proceedings of the First International Workshop on Synthetic Simulation and Robotics to Mitigate
Earthquake Disasters

101

Tarr, C. 1992 Clasp: A Computerised Aid To Cost Effective Perimeter Security in Proceedings of the 1992
International Carnahan Conference, pp 164 168

Tarr, C. 1994 Cost Effective Perimeter Security in Proceedings of the 28
th
Annual 1994 International
Carnahan Conference, pp 60 65

Tarr, C. & Peaty, S. 1995 Using CLASP To Assess Perimeter Security in Proceedings of the 29
th
Annual 1995
International Carnahan Conference, pp 311 316

COPYRIGHT
Stuart Porter, Tele Tan and Kok Wai Wong 2008. The author/s assign Edith Cowan University a non-
exclusive license to use this document for personal use provided that the article is used in full and this copyright
statement is reproduced. Such documents may be published on the World Wide Web, CD-ROM, in printed
form, and on mirror sites on the World Wide Web. The authors also grant a non-exclusive license to ECU to
publish this document in full in the Conference Proceedings. Any other usage is prohibited without the express
permission of the authors.

102

Covert Operative Management in 2020 Nodal Delivery and a Collegiate Governance
Model

Wayne Snell
Australian Federal Police College

Abstract
The management of covert operatives is an essential part of the operational capacity of a number of agencies in
Australia. This paper will explore a model where a new organisation is created to manage all of the functions
which are currently undertaken by each of the agencies in Australia who maintain a covert operative capability
. The model will draw upon the current literature, the management theory of managerialism and collegialism
and risk management theory. This issue has been identified because of the ongoing difficulties with the
recruitment, training, retention, well being and security of personnel engaged in this type of deployment in the
current operating environment. The paper will focus on a national leadership approach for the formation of an
independent organization whose primary task will be the servicing of covert human resources to law
enforcement and related agencies. An overview of the predicted operating environment will be undertaken and a
rationale to support such a move formulated.

Keywords
Covert, Governance, Risk management.
The management of covert operatives is an essential part of the operational capacity of a number of agencies in
Australia. This paper will explore a model where a new organisation is created to manage all of the functions
which are currently undertaken by each of the agencies in Australia who maintain a covert operative capability.
The model will draw upon the current literature, the management theory of managerialism and collegialism and
risk management theory.
This issue has been identified because of the ongoing difficulties with the recruitment, training, retention, well
being and security of personnel engaged in this type of deployment in the current operating environment. The
paper will focus on a national leadership approach for the formation of an independent organization whose
primary task will be the servicing of covert human resources to law enforcement and related agencies. An
overview of the predicted operating environment will be undertaken and a rationale to support such a move
formulated.
The organisation and governance of covert operatives is challenging for organisations whose primary function
and mission is not the management of covert operatives. This is due to the nature of the work to be undertaken,
the risks to the individuals being deployed, risks to the organisation and the significant resource implications in
maintaining the capability. The management of this asset has been identified as a high risk area in a number of
studies and in some international police jurisdictions has been regarded as too difficult and dangerous and the
practice has been discontinued
1
.
In Australia, individual agencies are required to recruit, train and develop, deploy, maintain, debrief and
reintegrate their own operatives. Whilst cooperation exists across a number of agencies, it is difficult to utilise a
covert operative asset in another agency due to the legislative and authority constraints as well as the inherent
cultural and operational attributes which are developed in organisational isolation.

103

Although there is a limited academic and industry body of knowledge regarding this very compelling area of
operations, a number of authors have espoused models of management which have contributed to the discourse
on this issue. Burton and OConnor support the separatist approach of individual agencies whilst Mawby
supports a wider vision.
The development and management of a covert operative capability in the individual agencies is a manifestation
of the Managerialism theory in which public organisations are best managed when the power is exercised
hierarchically by managers who are distinct from the service providers. The managers are however able to
dispose of the organisations resources as they see fit. As a result the organisational power (and individual
power) is based in the allotted position within the hierarchy and the ability to control its activities through
resource allocation. As a result decision making processes are based around the narrow power base of the
individual managers and the departments within which they operate. This facilitates and perpetuates the
isolationist style of development and management of current covert operative management model.
This also exposes the individual operative, discreet operations and department responsible for the management
of covert operatives to the individual decisions of managers higher in the hierarchical structure who are
dislocated from the actual provision of the service. The already high risk activity of the management of covert
operatives is then exposed to the flowing tide of organisational priorities and individual nuances. Whilst this
issue is consistent for all organisational units, the management of covert operatives due to its unique risk
environment becomes more vulnerable.
The proposal for the development of a specific agency or node to manage covert operatives is based on a move
from organisational focus to a whole of government service. The application of this strategy is consistent with
the management theory of Collegialism where the service is provided through an organisational structure and
vision which is based on cooperative agreement across the organisation or in this case across government.
Collegialism is particularly associated with the professions and is therefore consistent with the strategic policy
direction of professionalising policing (the main user of this type of operational strategy).
The development of a quasi commercial model of a node of delivery of covert operative services is in line with
the commercialisation policy being implemented across all sectors of government. The creation of this type of
agency would see a service delivery model based on partial cost recovery for actual operational deployment
with the redundant capability and capacity requirements being met in a single centrally funded governance
model.
The management of the risks in this instant is informed by Australian Standard 4360 which provides the key
guiding principles for managing risk in Australia and has been adopted by the Commonwealth. Risk can be
defined as the threat of a negative outcome or harmful event as a result of an activity. Generally, risk is
measured in terms of consequence, being the extent of the harm and probability being the likelihood of the
negative outcome. Risk is generally managed by undertaking actions which avoid the risk; reduce the risk;
spread the risk; transfer the risk; accept the risk; or a combination of these strategies. In the single entity model
for covert operative management the risk management strategy is the transfer some of the risk from the
individual agencies to the new one, reduce the risk to the individual agencies, spread the risk by setting
Commonwealth standards and accepting that some of the risk is residual within the agencies who will continue
to require the operational capability being delivered by the service provider.

Meta Operational Theatre
In order to develop a strategy for the provision of covert operative services in 2020, it is essential to form a
picture of the operational theatre which may exist at that time, based on the analysis of current trends,
104

forecasting by futurists and formation of cogent picture which will assist in formulating the ontological issues to
be considered
2
.
The first issue is the national security and policing environment. The predicted position is that the move
towards a higher level of sophistication in criminal enterprise facilitated by a more highly educated population
in generation X, Y and Z. As a result the response from government in dealing with these entities and
individuals will require a more coordinated structure as vulnerability exploitation is likely to be key strategy of
criminals. The current economic down turn being experienced across the globe will continue which engender
the development of fraud and other offences involving a breach of trust. The separation of enforcement in the
community or street crime environments and organised national and international threats will continue
facilitating a expansion of the role in the commonwealth in dealing with these issues in the national interest.
The global economic position and the institutionalised economic rationalist vision in the commonwealth
government will see a continuation of the reduction in real terms of the funds available to policing and national
security organisations in Australia. This will be achieved through efficiency dividends, selective appropriations
and a continuation of the burgeoning welfare crisis precipitated by the global economic position. As a result
specialist activities are likely to be restricted in order to facilitate essential services and specific government
initiatives.
The government will also attempt to relieve some of the burden on facilitating publically funded services by
continuation of the commercialisation or quasi commercialisation of government services. This will include the
need for government agencies to pay for services provided by other agencies to minimise waste and focus on
actual service requirements rather than projections.
Geopolitical tensions are likely to continue to increase, particularly in the resource rich - population poor pacific
and Australian/New Zealand Region. This will fuel organised crime and perhaps state sponsored insurgency in
an effort to secure the highly valued resource, environmental, water and economic commodities which will have
elevated value in an evolving black market. Environmental changes will also start to increase the amount of
population migration to counties which are developed in order to support traditional and economic refugee
displacement. This will increase boarder security issues including people smuggling, criminal slavery and
criminal operative insertion.
There will also likely continue to be a decline in the influence and regard for the United States as its economy
and internal morality are identified as significant contributors to the state of global health and prosperity. As a
result other developed nations will be required to fill the void left by soured relationships with the United States.
This will include the continued development of government infrastructure and crime fighting capability.
Australia will need to take a lead role in our region in this endeavour.

Ontological Issues to be Considered
The management of the provision of covert operatives across agencies by a single agency will seek to address
the managerial risk and superior service provision to the community.
There is an incompatibility of general police recruitment requirements and the identification and recruitment of
potential covert operatives. This is due to the nature of the activity in deception, misrepresentation, lying and
manipulation. These abilities are incompatible with general recruitment standards across all Australian police
jurisdictions and make the redeployment of covert operatives more challenging after an extended period of time
deployed in covert environments. This challenge is faced by the individual operative as well as the agency. The
introduction of the separate agency for covert operatives removes the requirements to recruit against patrol
constable police standards and allows specialist criteria to be developed to recruit operatives who possess
superior skills for the covert environment as well as resilience to the risks of such environments. This should

105

provide a higher level of skills, knowledge and abilities for utilisation by the various agencies. A dedicated
agency would have more scope to recruit and retain operatives from community identifiable cultural groups as
these operatives are being recruited to perform specific specialist functions not general law enforcement with its
inherent entry requirements. This strategy also removes the need to redeploy the operative to general policing
operations.
3

The dedicated agency would be able to develop a whole of operational life management strategy which would
include a three stream recruitment strategy of operations, specialist and technical and management. This
strategy would include developing the specific recruitment requirements, screening and assessment, induction
and orientation, initial training and doctrine, tradecraft development, specialist training, pre deployment
orientation, deployment monitoring, post deployment reflection, reinvigoration and development, (back to
redeployment for length of service), deoperationalisation process, separation or management development
programme
4
.
There are significant ongoing security implications for the maintenance of a capability in this field considering
the increased sophistication of counter intelligence, insurgency and surveillance of organized crime groups. As
a result a dedicated agency could develop highly specialised management strategies to manage this risk again
without the security implications of redeployment and without the internal security issues of infiltration by
corrupt elements and previous relationships/associations with colleagues
5
. This strategy also removes the
nepotism issues related to promotion and development opportunities from so called, elite squads.
The significant risk management issues associated with actual deployments and the impacts of those
deployments on operatives would be able to be researched and new strategies developed. This would be
facilitated by the dedicated nature of the agency and the vision and mission such an agency would engender. As
a result a body of knowledge built on reliable research would be available to other international agencies and
also be able to be extrapolated to other high risk activities in the sector such as human source a management.
6

investigations staff of specialists. This strategy is to provide partitions during the investigation phase to
eliminate a number of negative connotations and inferences such as group think, narrow focus, corruption
opportunity and undue influence on specialists. The creation of a separate agency would significantly reduce
these risks by providing the opportunity to formulate a well founded and highly focused integrity regime which
is consistent and cognisant of the types of deployment environments.
The development of specialist managerial and leadership capability for this specialty would be significantly
enhanced by the creation of a dedicated agency. This outcome would be achieved by the reduction in the
rotation of managers through key positions with limited knowledge or experience in covert operations, remove
the need to train managers for the role based on that rotation and provide development opportunities which are
designed to facilitate professional covert operations managers. This would also provide the individual managers
with the professional and personal opportunity to develop exceptional skills, knowledge and abilities.
As a dedicated agency the new agency would be better able to cope with government efficiency requirements
which limit the ability of individual agencies to effectively maintain a capability in this specialty. This is
achieved because the primary mission of the agency would be developing and providing the covert operative
capability. As a result the internal competition for resources would continue to be dedicated towards that
mission rather than to achieving other organisational objectives. As a result decisions which effect resourcing
can be viewed holistically across the covert operation spectre without having to take into account other
organisational imperatives which may increase the risk in the covert environment.

106

The strategy of a whole of government response is consistent with the increased multi agency presence in
serious and organized crime investigations. The respective agencies develop and maintain a general and
specialist capability which creates redundancy and duplication. There is a need for consistency in training and
deployment capability, specialised knowledge development and transfer, infrastructure and support services,
management policy and protocols and fiscal responsibilities. The creation of a dedicated agency would remove
the need for duplication and provide a much more focused efficient service to government without significant
impact on budgetary requirements. This is the model with significant support in comparable jurisdictions such
as the United Kingdom where the Home Office has sought to develop agencies which eliminate duplication and
support a clearer mission and mandate. Interestingly this has included significant amalgamations of functions.
There have been increased demands to maintain covert operative intelligence and counter intelligence
capabilities where evidentiary investigations capability only has been the norm. This is particularly relevant in
the counter terrorism sector. As a result duplication in the development of doctrine, training and operational
deployment controls has occurred. The development of a dedicated agency would allow sub discipline
specialists to be developed with a resource capacity which would be cable to meeting surge capacity
requirements and specialised deployment requirements such as language, culture or crime type/issue type
knowledge. This would provide operational agility to all of the client agencies. The opportunity to develop and
deliver highly specialized training and development opportunities as a core function without having to compete
with priorities or other areas of organizations and indeed other organizations.
Efficiencies in the administration would be realised from the centralization of a management and support
structure from a number of agencies into one. This strategy would remove the need to continually redevelop
operational exigencies based on internal organisational influence and systems development or adoption. The
development of national standards and policy in relation to covert operations and deployments would be
facilitated by the body of knowledge held centrally rather than fragmented through agencies who may or may
not wish to contribute to the development of such policy. The new agency would also be able to identify and
service its own administrative needs based on its mission and vision.
The launch of the new agency would also facilitate the development of legislation to enhance the management
of covert operations across jurisdictional boundaries and other enabling measures thus removing some of the
current encumbrances. This would provide a central point for expert political and policy advice for government
and agencies. It would provide the depth of knowledge required to coordinate influence and furnish information
when lobbying for change. The agency, through its research capability would be able to prepare and present
argument which did not contain sensitive operational material whilst drawing on a wide range of operational
scenarios and case studies. The ability to review capability, deployment patterns, operational outcomes and
monitor emerging risks would be enhanced by having a central repository of post activity assessment. This
information would be available for managers and researchers to assist in decision making.

Implication Analysis
Clearly there are a number of implications to be considered in the establishment of the new covert operations
agency. The principle issues surround how the agency would be established; interact with the recipient
organisations, how the agency would be funded, how the transition would be managed and the implications of
change management including intellectual property management and the quantification of projected service
requirements in the future.
The establishment of the organisation as a government enterprise which was operating in a covert environment
with the ability to generate income from its service delivery and also by block operating grant from Treasury.
The establishment of this type of organisation would require legislation to ensure appropriate government and
community scrutiny of its mission and objectives and also to provide the mandate for cost recovery processes
from client organisations. The establishment legislation could also contain the governance, structural model,
accountability framework and enabling provisions as the core guidance for the successful operation of the
107

agency. This legislation may also be the appropriate vehicle to provide critical authorities and powers which
would transcend the jurisdictional challenges faced when deploying personnel across state boarders, into
specialised agencies and in seeking authorise to engage in covert operations. This legislation could also provide
consistent indemnity provisions for operatives in controlled operations and criminality engagement.
A risk management strategy will need to be developed to assist in combating the opportunity for the
development of a meritocracy within law enforcement by the development of this type of highly specialised
agency which may be seen as elite. As a result the governance structure should include a Board of Management
and an oversight mechanism such as the Inspector General of Intelligence.
A comprehensive change management strategy as outlined by Hayes which entails a plan which identifies the
risks, graduated strategies, responsible officers and communications strategies needs to be developed to
facilitate the movement of the function and any personnel. As part of this process a conflict resolution strategy
needs to be developed in line with Tillet which will provide the tools for the resolution of interagency or
individual conflict should they arise. As the agencies involved are likely to be engaged in an on going
relationship the collaborative approach espoused appears to be the appropriate. As part of the change strategy a
significant component should be a marketing strategy which highlights the altruistic nature of supporting the
establishment of the organisation for the effected agencies and individuals. This process should also highlight
their respective contributions and their future engagement in the development of the capability.
The development of a comprehensive implementation strategy which includes a well communicated time line
and provides contingency arrangements for the time lag from establishment to commissioning and
commissioning to fully operational capability will be critical to implementation plan and to ensure that that a
relatively disruption free change over occurs..
As this organisation is a human services organisation and one of the key drivers for undertaking this strategy is
to more effectively mange the human resources engaged in covert policing operations, a comprehensive human
resources strategy needs to be developed prior to the employment of any operational staff. The development of
this strategy should set the benchmark for human resources engaged in this and similar types of operational
roles.
A robust costing model which identifies the operational or deployments and may form the basis for service level
agreements with the client agencies will need to be developed. A significant aspect of this model should be to
highlight the cost savings for the agency in moving towards this centralised agency and the opportunity for them
to actually facilitate more covert operations by redirecting the infrastructure savings to operations.

CONCLUSION
The development of a centralised service provider whose role is dedicated to the provision of covert operatives
to police and similar agencies is a responsible management strategy designed to facilitate the meeting of
community expectations in the areas of policing, law enforcement and national security. The development of
such an agency would alleviate the difficulties with financial constraints, legislative and jurisdictional
impediments to operational deployments, human resource management and risk management. This strategy
would also provide a central node of delivery which would demonstrate best practice through leading edge
research into the area of covert operations. The development of this agency would also meet government
objectives in relation to efficiencies and reduction of duplication. The agency would also be able to provide a
more diverse range of operatives, skill sets and covert solutions at a reduced cost.

108

REFERENCES
Aldag, R.J. & Stears, A. (1992) Managing organizational change. In Management (pp.386-410). Cincinnati:
South-Western.

Amir, M. (2003) Criminal Undercover Agents or Bad People Doing Good Things. In: Substance Use &
Misuse, Volume 38, Issue 10 January 2003 , pages 1425 1431.

Ansley, B. (1995) Stoned on duty. Hodder Headline Group: Auckland.
Arter, M.L. (2007) Supervising the Undercover Function. In Ruiz, J., Ruiz, D. & Hummer, D.C. (eds)
Handbook of Police Administration (Ch 17). CRC Press: Washington.
Australian Federal Police (2008) Guide to the sworn recruitment process.

Australasian policing directions Police Ministers Conference, 2007.

Avery, J. (1981). Police - Force or Service? Butterworths: Sydney.

Barlow, H. (1993) Introduction to criminology (6th Ed) Harper Collins College Publishers: New York.

Bayley, D.H. (1989). Community Policing in Australia: an Appraisal. In Chappell, D & Wilson, P (Eds).,
Australian policing Contemporary Issues (1
st
Edition) (pp.63-82). Sydney: Butterworths. ISBN 0 409
49489 5

Brandl, S.G. (2008) Criminal Investigation. Pearson: New Jersey.

Brown, K., Ryan, N. & Parker, R. (2000) New modes of service delivery in the public sector. In The
international journal of public sector management. Vol.13. No.3.

Burton, T.M. (1995) Undercover Officer Safety. In Proceedings of the National Executive Institutes Associates,
Major City chiefs Association and Major Counties Sheriffs Association, October, USA, 2005.

Corkill, J. & Snell, W. (2006). Intelligence migration a place in time commentary. Proceedings of the
Conference of the Australian Institute of Professional Intelligence Officers, Brisbane, 2006.

DeGraff, J. & Lawrence, K. (2002) Creativity at work. Bossey Bass: Danvers.

Dunford, R.W. (1992). Organisational behaviour: An organisational analysis perspective. (pp.297-327) Sydney:
Addison-Wesley Publishing Company. ISBN 0 201 50041 8

Edwards, C. (2005) Changing police theories. Federation: Sydney.
Gill, P. & Phythion, M. (2006) Intelligence in an insecure world. Polity: Cambridge.

Edwards, C.J.. (1999). Drugs The Cause of Street Crime, or a Health and Social Issue . Unpublished paper
given at the Australian Crime Prevention Council Biennial Conference, Melbourne, October 1999.

Edwards, C.J. (2005). Changing Police theories for 21st century Societies Sydney: Federation Press.

Evans, D.R. & MacMillan, C.S. (2003). Ethical Reasoning in Policing, Corrections and Security.
Edmond Montgomery: Toronto.

Freckelton, I. & Selby, I. (Eds). (1998) Police in Our Society. Sydney, Butterworths

Gauvin, R.. (2005). Ethics, A Practical Framework for Decision-Making. Unpublished paper given at OPC
Train the Trainer Conference, Ontario, October 2005.

Gilbert, J.N. (2007) Criminal Investigations. Pearson: New Jersey.

Gill, P. & Phythian, M. (2006). Intelligence in an insecure world. Polity: Cambridge.

109

Grieve, J. (2004) Developments in UK criminal intelligence. In Strategic thinking in criminal intelligence.
Federation Press: Annandale NSW.

Gross, H. (1934) Criminal Investigation. Sweet and Maxwell: London.

Hayes, J. (2006) The theory and practice of change management. Palgrave: New York.

Home Office United Kingdom (2001) Policing for the 21st century. A speech by the Home Secretary to the
Police Superintendents Conference 11th September, 2001.

Hoogenboom, J., Meiboom, D., Schoneveld, H. & Stoop (Eds) (1997) Policing the Future. Amsterdam: Kluwer

Hunt,D. (1995). Strategic Management in Policing including the Future Role of Police. In Etter, B & Palmer, M
(eds) Police Leadership in Australasia (pp. 40 -74). Sydney: Federation Press.

Landy, F.J. (1989). Psychology of Work Behaviour. Pacific Grove, California: Brooks-Cole.

Mawby, R.I. (1998) Policing across the world. Issues for the 21
st
century. Routelage: New York.

McCulloch, L. (2001) The street. Confessions of and undercover cop. Floradale Productions and Sly Ink:
Sydney.

Merriam-Websters (2003) Merriam-Websters Collegiate Dictionary (11
th
Ed). Merriam-Websters: U.S.A.

Michigan Department of State Police (1990-1) The ultimate role conflict: Managing the undercover officer. Part
I & II.

Nancoo, S.E. (Ed)(2004). Contemporary Issues in Canadian Policing. Canadian Educators Press: Ontario

New South Wales Police (2008) Recruitment Process. Accessed on 14/10/08.
http://www.police.nsw.gov.au/recruitment/related_information/application_process.

OConnor, T. (n.d.) Police undercover work. Lecture Notes Missouri State University.

Pogrebin, M.R. & Poole, E.D. (1993) Vice isnt nice. A look at the effects of working undercover. In Journal of
criminal justice. Vol 21 pages 383-394.

Prenzler, T. & Ransley, J. (Eds) (2002) Police Reform Building Integrity. Federation Press: Sydney.

Pritchett, P. (n.d.) The Ethics of Excellence. Pritchett Associates:Dallas, Texas.

Royal Commission into whether has been corrupt or criminal conduct by any Western Australian Police Officer.
(2004) Final Report - Royal Commission into whether has been corrupt or criminal conduct by any
Western Australian Police Officer.

Scrivener, E. (2001) Hiring in the spirit of service. Innovations in police recruitment and hiring. United States
Department of Justice.

Standards Australia (2006) Australian Standard 4360 Risk Management.

Sykes, J.B. (1983) The Concise Oxford Dictionary of Current English. University Press: Oxford.

Tillett, G. (2001) Resolving conflict. A practical approach. Oxford University Press.

Tony, T. & Morris, I (Eds) (1992). Modern Policing. Chicago: University of Chicago

Vilgoen, J. & Dann, S. (2000) Strategic management. Pearson: Sydney.

White, M.D. (2007) Current Issues and Controversies in Policing. Pearson: New Jersey.

110

Whitehead, A. (1954) Dialogues.

Wing, I. (2004) Maintaining security and justice: The intelligence versus evidence dilemma. The Journal of the
Australian Institute of Professional Intelligence Officers. 13:1 ISSN 10391525
COPYRIGHT
Wayne Snell 2008. The author/s assign Edith Cowan University a non-exclusive license to use this document

111

Nuclear Radiation: Properties, Characteristics and Radiological Dispersal Devices
Geoff I Swan
Security Research Centre
Abstract
Highly radioactive sources are widespread with numerous applications in medicine and industry. There is a risk
that terrorists might succeed in acquiring radioactive material for a radiological dispersal device. In this paper,
the general properties and characteristics of nuclear radiation are summarised and the radioactive isotopes of
most concern reviewed.
Keywords
Decay Modes, Dispersal, Exposure, Radioactivity.
INTRODUCTION
Nuclear radiation has been enormously beneficial to humankind with numerous applications in medicine and
industry in Australia and around the world (ANSTO, 2008; NEI, 2007; UIC, 2008; UIC, 2006). Sources that
contain the radioactive isotopes that produce this nuclear radiation are widely distributed and subjected to
regulation for safety and security reasons. Since the attacks on the world trade center and the pentagon on the
11
th
September, 2001, there has been heightened concern about the possibility of nuclear terrorism and
safeguards to prevent it. With nuclear weapons (nuclear fission explosives) extremely difficult to produce or
acquire, some attention has been drawn towards the easier task of producing a dirty bomb where chemical
explosives are used to disperse radioactive material. This is an example of a Radiological Dispersal Device
(RDD).
This paper consists of two parts. In the first part, the science of nuclear radiation is reviewed and summarised
with the focus of giving security professionals a general understanding of the properties and characteristics of
nuclear radiation. In the second part the radioactive isotopes of most concern for an RDD are identified and
characterised. Aspects of dispersion, response to radiological incidents, and security of sources are also
discussed.
Nuclear radiation
The science of nuclear radiation at an intermediate level can be found in most general university physics
textbooks (Halliday, Resnick and Walker, 2008; Serway and Jewett, 2008). A simpler and non-mathematical
treatment can be found in Hewitt (2006). A more advanced treatment (which includes an atomic mass table with
decay modes and half lives for isotopes in appendix 8) can be found in Thornton and Rex (2006). The critical
properties and characteristics pertinent to radioactivity are summarised and presented here.
Atoms and isotopes
Matter is made up of microscopic particles called atoms, which consist of a tiny dense nucleus surrounded by
negatively charged electrons. The nucleus consists of positively charged protons and uncharged neutrons. Atoms
have the same number of protons and electrons and are therefore electrically neutral.
It is the number of protons in the nucleus, known as the atomic number (Z), which uniquely determines the type
of atom and hence the element. For example, atoms with atomic numbers of 1, 8 and 92 are known as hydrogen,
oxygen and uranium respectively. The periodic table lists all the known elements in groups according to similar
chemical properties. It should be noted that although uranium has the highest atomic number of any naturally
112

occurring substance on Earth, other elements with higher atomic numbers can be created using particle
accelerators or nuclear reactors.
Although the number of protons (and electrons) is fixed for an atom of any particular element, the number of
neutrons can vary. Typically atoms have similar numbers of protons and neutrons, but for heavier atoms the
number of neutrons is always more than the number of protons. Atoms with the same atomic number but
different numbers of neutrons are called isotopes. The number of nucleons (protons plus neutrons) is known as
the mass number (A).
Some isotopes are radioactive. In radioactive isotopes, the nucleus is unstable and emits radiation in the form of
a particle or a photon to increase stability. This is known as radioactive decay and this paper will focus on
explaining the different types of radioactive decay and the properties and characteristics of the emitted radiation
before turning attention towards the applications of these isotopes in the modern world and nuclear terrorism.
Decay modes
There are three modes of radioactive decay: alpha, beta and gamma. Each decay mode will be explained and an
example nuclear reaction given. In these examples please note that the each isotope can be represented by a
symbol that gives the element, and its mass number. For example, 76% of naturally occurring chlorine on earth
is Cl-35 (or
35
Cl). As chlorine by definition has 17 protons, this isotope must have 18 neutrons if the mass
number is 35. In all reactions given, both the mass number and net charge do not change and are said to be
conserved.
In alpha decay, an unstable nucleus emits an alpha (
4
o) particle. An alpha particle is consists of two protons plus
two neutrons and is also sometimes referred to as a He-4 (
4
He) nucleus. In the example below, radium-226 alpha
decays to radon-222
Alpha Decay: o
4 222 226
+ Rn Ra

Note that in alpha decay the daughter nucleus (radon) always has 2 less protons and 2 less neutrons than parent
nucleus (radium). The alpha particle (
4
o) is a charged particle and emitted with high kinetic energy. Alpha
particles are not very penetrating and a few sheets of paper is usually sufficient to stop them.
In beta decay, an unstable nucleus emits a beta (|) particle. A beta particle can be an electron (|
-
) or a positron
(|
+
). A positron is basically the same as an electron except it is positively charged. In the example below,
nitrogen-12 beta decays to carbon-12.
Beta Decay: v | + +
+
C N
12 12

The end symbol refers to a neutrino which interacts very weakly with matter and for our purposes can be
ignored. Note that although the daughter nucleus (carbon) has the same mass number as the parent nucleus
(nitrogen), the atomic number always changes by one. Like alpha particles, beta particles (|
-
and |
+
) are charged
and emitted with high kinetic energy. They are more penetrating than alpha particles but still only able to pass
through a few mm of Aluminium on average.
113

After alpha or beta decay, the daughter nucleus is often in an excited state (*). In gamma decay, an excited
nucleus releases this excess energy through the emission of a photon (). This is demonstrated in the example
below, where boron-12 beta decays to carbon-12 which then gamma decays.
v | + + +

C C C B
12 * 12 * 12 12
by followed (Gamma Decay)

Note that in gamma decay the mass number and atomic number of the parent nucleus does not change. Gamma
rays are high energy photons and are not charged. They are more penetrating than beta and alpha particles and
are able to penetrate a few cm of lead on average.
Half life and activity
Radioactive decay is a spontaneous process and it is not possible to know exactly when a given radioactive
isotope will decay. However, it is possible to know the probability that a given radioactive isotope will decay in
a given time and this is represented by the decay constant (). A sample with a large number of a particular
isotope, say N, decays with time (t) a predictably exponential fashion at a rate (R) according to the first equation
below.
Decay

693 . 0 2 ln
t : Life Half : Rate
2
1 0
= = = =
t
e N N R
The half life (t
) of a radioactive isotope is the time taken for half of a given number of radioactive nuclei to
decay, and is related to the decay constant () by the second equation above. After two half lives, the number of
radioactive nuclei remaining is half times half or one quarter of the original number.
The decay rate (R) is also known as the activity. The standard unit is the becquerel (Bq), but the curie (Ci),
which is based on the activity of 1 gram of radium, is a commonly used unit. Both units are defined below.
Activity: 1 becquerel = 1 decay per second , 1 curie = 3.7x10
10
Bq
The curie is a large unit and activities are often measured in millicuries and microcuries. For example, the
activity of Am-241 found in household smoke detectors is typically about one microcurie.
Absorbed dose and dose equivalent
Exposure to alpha, beta, and gamma radiation will ionise matter and cause damage to cells. Radiation can leave
a trail of altered and broken molecules, produce new chemicals and create free radicals within living tissue.
Although for small doses cells can often repair the damage, other cells die and may or may not be replaced.
Damage to DNA produces cell mutation and if this occurs in the gonads then mutations can become hereditary.
The amount of damage done to living tissue depends on the dosage received.
The absorbed dose measures the energy absorbed per kilogram of material. Although the standard unit is the
Gray (Gy), an older unit known as the rad is also in use. Both these units are defined below
Absorbed Dose: 1 Gray = 1 Joule per kilogram = 100 rad
The Roentgen is another older absorbed dose unit. Also note that energy is sometimes measured in mega
electronvolts (MeV).
114

The damage done to biological tissue depends not only on the energy absorbed, but also on the type of radiation
responsible. Each type of radiation has an RBE (Relative Biological Effectiveness) value which when multiplied
by the absorbed dose gives the dose equivalent. This is a much better measure of the damage done to
biological tissue. The RBE for alpha particles, beta particles and gamma rays are 10-20, 1.0-1.7 and 1.0
respectively. The standard unit for absorbed dose is the Sievert (Sv), and the older unit is known as the rem.
Both units are defined below.
Dose Equivalent: 1 Sievert = RBE x Absorbed Dose in Grays = 100 rem
Exposure to other ionising particles and photons, that may or may not be nuclear in origin, also contribute to the
dose received. The RBE for X-rays, thermal neutrons, fast neutrons and protons, and heavy ions are 1.0, 4-5, 10,
and 20 respectively. It should also be noted that a third unit known as effective dose is sometimes used where
the dose equivalent is weighted according to the type of tissue (ARPANSA, 2008). The sievert is a large unit
and dosages are usually expressed in millisieverts (mSv).
Radiation exposure
Radioactivity is a natural part of our environment. Indeed the thermal energy that heats the interior of the earth,
which has a different chemical composition to that of the crust, comes from the decay of radioisotopes. Human
exposure to radiation is represented in Figure 1. Natural background radiation, food and water account for 83%
of exposure. Although the medical and diagnostics exposure is mostly due to X-rays, the increasing use of
nuclear medicine is likely to increase average exposures.
Most rocks have traces of radioactive isotopes which can end up in building materials. For example, every ton
of granite contains about 20 grams of thorium and 9 grams of uranium. Radon-222, which is part of the
uranium-238 decay series, is responsible for much external radiation exposure for humans. It is a heavy gas that
can accumulate in buildings which are not well ventilated. Human bodies are themselves radioactive with
potassium-40 and carbon-14 isotopes contributing approximately 5000 and 3000 beta decays respectively
between every heartbeat (Hewitt, 2006).

Figure 1. Origins of radiation exposure for an average individual in the United States (Hewitt, 2006)
115

In Australia, the average dose equivalent is about 2 millisieverts (mSv) per year from natural background
radiation (ARPANSA, 2008). Exposure in medical procedures and some occupations may be significantly
greater than this and it has been recommended that individuals should not receive a dose equivalent of more
than about 5 mSv in any one year. The effects of humans as the dosage increases depends on a range of factors
so, with qualifications, some generalisations are made here for dosages received over a short period of time. For
low doses (0 to 100 mSv), it is generally assumed that the probability of radiation induced cancer during ones
lifetime increases linearly with a risk of 1 in 10,000 per mSv. Very high doses (1 to 10 Sv) result in acute health
effects with death likely within weeks from extreme doses (above 10 Sv).
Radioactive isotopes are artificially produced in nuclear reactors, cyclotrons and accelerators for use in
medicine, industry and research. Australian facilities at Lucas Heights (near Sydney) are operated by the
Australian Nuclear Science and Technology Organisation (ANSTO) and detailed information on these facilities,
the radioactive isotopes produced, and their uses in medicine, industry and research in an Australian context can
be found through the ANSTO website (ANSTO, 2008).
Radioactive isotopes are used in all sorts of beneficial ways. In table 1, Peterson, et al. (2007) present some
examples of commonly used radioactive isotopes (radionuclides) in medicine, industry, and scientific research.

Table 1. Examples of commonly used radioactive isotopes from Peterson, et al. (2007).
Radiological Dispersal Devices

Radiological Dispersal Devices and Dirty Bombs

Since the attacks on the world trade centre and the pentagon on 11
th
September, 2001, there have been increased
fears of a nuclear terrorist attack using a Radiological Dispersal Device (RDD). Peterson, et al. (2007) defines
an RDD as any method used to deliberately disperse radioactive material to create terror or harm. Although
this would include methods like spraying or spreading by hand, a bigger concern is the use of chemical
116

explosives (like dynamite) to disperse highly radioactive materials. This type of RDD is known as a dirty
bomb
Dirty bombs have been described as Weapons of Mass Disruption rather than Weapons of Mass Destruction
(NRC, 2003; Peterson, 2007). Deaths at the blast scene are much more likely to be from the conventional bomb
blast (and any associated panic) rather than any acute radiation poisoning. However the economic and
psychological damage could be substantial. In addition, small radioactive particles that might be produced from
an RDD could be inhaled or ingested. A large number of people could therefore eventually receive a high
dosage due to internal exposure over a long period of time. The probability of cancers and other radiation related
ailments over the longer term would be considerably increased. Zimmerman and Loeb (2004) proposed that
planning for an RDD attack be based on this longer term scenario.
High Risk Radioisotopes
While many radioactive isotopes would be effective ingredients in an RDD, only a small number have been
identified as being high risk. The risk depends on a number of factors. The energy and type of radiation
(including radioactive daughter nuclei) will determine the penetration and damage done to cells. The half life
and amount will affect the magnitude of the activity and time taken for decontamination. The availability,
portability, concentration, chemical form (eg solid powder) and shielding of containers are also factors in
efficiency and effectiveness in acquiring, transporting and dispersing a radioactive isotope using an RDD.
A Department of Energy (DOE) and Nuclear Regulatory Commission (NRC) interagency working group on
radiological dispersal devices (DOE/NRC, 2003), as one of its briefs and with input from Sandia National
Laboratories, identified radioactive materials of greatest concern. The Nuclear Threat Initiative (n.d.) and
Peterson, et al. (2007) have also identified high risk radioactive isotopes for RDDs. With minor differences, the
identified high risk isotopes are the same, and the individual properties of these isotopes are given in table 2
(Peterson et al., 2007). Note that the specific activity listed in this table (in curies per gram) allows us to quickly
compare the activities of the same amount of different isotopes.

Table 2. High risk radioactive isotopes (radionuclides) for RDDs from Peterson, et al. (2007).
117

To give a better insight into how some factors influence the effectiveness of an RDD, consider the effect of half
life. Notice that the half lives of the high risk radioactive isotopes (table 2) are intermediate in value. A life time
which is too short would not give time for a terrorist to acquire and transport the source, make the RDD and
then set it off in a location before the radioactive isotopes have mostly decayed. In addition, natural
decontamination of the site would occur quickly as the remaining isotopes decay. At the other extreme, consider
that the alpha particle emitter uranium-238 (U-238), of which Australia has plenty, has an extremely long half
life of 4.5 billion years and a correspondingly low specific activity of 0.00000034. Much U-238 would be
required to pose a moderate health risk in an RDD.
Now lets consider the high risk isotopes in table 2 by type of decay. The main risk from the alpha emitters:
Am-241, Cf-252, Pu-238, Po-210 and Ra-226, is if they are ingested or inhaled due to the very low penetration
ability of alpha particles. Americium, californium and plutonium are probably the easiest to disperse as they can
exist as oxides in powder form. Am-241 can also be combined with beryllium to produce a neutron source
which also poses an external threat due to the greater penetration of neutrons. Note that the small amounts of
Am-241 found in domestic smoke detector sources and Ra-226 mixed with phosphorus on some old watches
and gauges (to glow in the dark) are not considered high risk sources.
The high energy gamma emitters: Cs-137, Co-60 and Ir-192 are particularly dangerous due to the high
penetration of the gamma radiation and the very high activities (of up to 10,000 curies) found in commercial
sources. The high level of this radiation can be used to kill cancerous cells, sterilise food and equipment, and
non-invasively check critical welds. The mobile nature of some industrial equipment is a cause for concern.
Also, Cs-137 is often found in a caesium chloride powder which can dissolve and be dispersed in water.
Strontium-90 emits beta particles and is most dangerous if ingested or inhaled. They are high activity sources
that were most widespread in the former USSR as the energy source for portable radioisotope thermoelectric
generators (RTGs) in remote locations. RTGs powered by Sr-90 or Pu-238 are also used in interplanetary
spacecraft. Further details on these high risk radioactive isotopes can be found in several sources (DOE/NRC,
2003; Nuclear Threat Initiative, 2007; Peterson, et al., 2007).
Security and Response
In the current environment it has been recognised that improving security of these high risk radioactive isotopes
is desirable. The DOE/NRC Interagency Working Group on Radiological Dispersal Devices (2003) investigated
the relative hazards of radioactive materials, national tracking systems for sources, tagging and monitoring of
sources, and how to deal with unsecured, excess and unwanted sources. They believed that achieving a higher
level of assurance for the control and security of radioactive materials would be beneficial. The International
Atomic Energy Agency (IAEA) has also outlined a comprehensive programme to combat the threat of nuclear
terrorism (IAEA, 2007).
An illuminating example of damage that can be done with unsecured radioactive material is provided by the
Goiania incident in Brazil which occurred over a few months in 1987 and 1988. It started when scrap metal
scavengers broke into an abandoned radiotherapy clinic and removed a 1375 Curie cesium-137 source from its
protective housing. Five days later, the source was punctured (allowing the powder to leak out) and a series of
events saw the cesium-137 being widely distributed. The human (and economic) toll was enormous with 5
people dead, 249 found to be contaminated by cesium-137, and 112,000 people monitored for radiation
exposure and sickness. Zimmerman and Loeb (2004) give a detailed account of this incident in the context of
the aftermath of an RDD attack. Natural disasters can also generate unsecured radioactive material and safely
recovering radioactive sources was one of the many areas of concern following the devastating earthquake in
Sichuan Province, China earlier this year (Swan, 2008).

118

Responses to an RDD attack have also been investigated and Peterson, et al. (2007) suggested that a response
would involve three phases. The first phase would be immediate treatment of victims and evacuation of areas
base on radiation levels. To reduce exposure from radioactive airborne dust individuals would need to move at
least several blocks away, and if facilities were available, remove (and bag) clothes and have a shower (NRC,
2003). Some radioisotopes can be purged from the body with appropriate medication. Evaluation of the extent
of the contamination and steps to limit further contamination or human exposure would constitute the second
phase. This could be difficult to accomplish given the desire to treat and evacuate victims from the areas
quickly. The final stage would involve cleaning up the contaminated area. It is worth noting that there is no
existing Australian guidance on criteria for the implementation of clean-up or remediation of an area affected by
radiological or nuclear emergencies, although there is developing international guidance (Radiation Health
Committee, 2007). The need for the remediation would depend on the likely dose for a person in the area. As
some guidance, it has been recommended that above 100 mSv per year would almost always justify remediation
whereas less than 1 mSv would rarely be necessary.
CONCLUSION
In this paper, the science of nuclear radiation and its uses in the modern world have been summarised. The
nature of radioactive isotopes that are considered high risk for a radiological dispersal device (RDD) have been
identified and discussed. An RDD attack could be a Weapon of Mass Disruption with few or no deaths from
radiation exposure and little clean-up required. However a different scenario could be well organised terrorists
with knowledge and resources able to create an RDD with high dispersion of highly radioactive material to large
numbers of people. In either case we need to be prepared, and there is scope and need for further research in this
field.
REFERENCES
ANSTO (2008). Australian Nuclear Science and Technology Organisation (ANSTO). Retrieved August, 2008
from: www.ansto.gov.au
ARPANSA (2008). Units for Measuring Radiation. Retrieved August, 2008 from:
http://www.arpansa.gov.au/radiationprotection/basics/units.cfm

DOE/NRC Interagency Working Group on Radiological Dispersal Devices. (2003). Radiological Dispersal
Devices: An initial study to identify radioactive materials of greatest concern and approaches to their
tracking, tagging and disposition. Report to the Nuclear Regulatory Commission and the Secretary of
Energy. Retrieved April, 2007 from: http://www.energy.gov/media/RDDRPTF14MAYa.pdf
Halliday, D., Resnick, R., & Walker, J. (2008). Fundamentals of physics extended (8th ed.). New York: John
Wiley & Sons.
Hewitt, P.G. (2006). Conceptual Physics. (10th ed.). San Francisco: Pearson Addison Wesley.
IAEA (2007). Promoting Nuclear Security: What the IAEA is doing. Retrieved August, 2008 from
http://www.iaea.org/Publications/Factsheets/English/nuclsecurity.pdf
National Threat Initiative. (n.d.). Radiological Terrorism Tutorial. Retrieved August, 2008 from:
http://www.nti.org/h_learnmore/radtutorial/
NEI (2007). Beneficial uses and production of radioisotopes. Nuclear Energy Institute. Retrieved August, 2008
from:
http://www.nei.org/filefolder/beneficial_uses_of_radiation_01-07.pdf

119

NRC (2003). Dirty bombs fact sheet. United States Nuclear Regulatory Commission. Retrieved August, 2008
from: http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/dirty-bombs.pdf

Peterson, J., MacDonell, M., Haroun, L., Monnete, F., Hilderbrand, R. D., & Taboas, A. (2007). Radiological
and Chemical Fact Sheets to Support Health Risk Analyses for Contaminated Areas. Argonne National
Laboratory Environmental Science Division and U.S. Department of Energy. Retrieved August, 2008
from: http://www.ead.anl.gov/pub/doc/ANL_ContaminantFactSheets_All_070418.pdf
Note: The fact sheets within this document that are relevant to this paper are all dated 2005 apart from a
fact sheet on Strontium which is dated 2006.
Radiation Health Committee. (2007). Statement of Clean-up Criteria following a Radiological Incident.
Retrieved August, 2008 from: http://www.arpansa.gov.au/pubs/rhc/cleanup_stat.pdf
Serway, R.A., & Jewett, J.W. (2008). Physics for scientists and engineers with modern physics (7th ed.).
Belmont USA: Brooks/Cole-Thomson Learning.
Swan, G.I. (2008). Nuclear security case study: earthquake in Sichuan Province, China. Australian Security
Magazine, September/October 2008, Sydney: Yaffa Publishing Group.
Thornton, S.T., & Rex, A. (2006). Modern physics for scientists and engineers. (3rd ed.). Belmont USA:
Brooks/Cole-Thompson Learning.
UIC (2008). Radioisotopes in Medicine. Uranium Information Centre (UIC). Retrieved August, 2008 from:
http://www.uic.com.au/nip26.htm
UIC (2006). Radioisotopes in Industry. Uranium Information Centre (UIC). Retrieved August, 2008 from:
http://www.uic.com.au/nip27.htm
Zimmerman, P. D. & Loeb, C. (2004). Dirty Bombs: The Threat Revisited. Center for Technology and National
Security Policy, National Defense University. Retrieved August, 2008 from:
http://www.ndu.edu/CTNSP/defense_horizons/DH38.pdf
COPYRIGHT
Geoff Swan 2008. The author/s assign Edith Cowan University a non-exclusive license to use this document

Sec Intel Proceedings 2008

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Sec Intel Proceedings 2008

Încărcat de

Drepturi de autor:

Formate disponibile

Proceedings of

The 1st Australian

Australian Institute of Petroleum. (n.d.). Supply Security. Retrieved from http://www.aip.com.au/pdf/supply.pdf

Radiological Dispersal Devices

S-ar putea să vă placă și