Protecting an icon – security at the Sydney Opera House

The role of security professionals gets harder each day. There are more online threats every day, physical risks and compliance challenges thrust upon them each day. But most security pros work within a defined realm. But what if the domain you need to protect has hundreds of thousands of visitors each, hosts global events and is the defining image that the world associates with the country?

That the challenge David Crossley, the Head of Security, Emergency Planning & Response for the Sydney Opera House, faces when he goes to work each day.

"I am responsible for all security activity, emergency response as well as business continuity and crisis management," he says. That covers all physical and logical security.

Crossley is a featured presenter at this year's ASIAL Security Conference and Expo, being held in Melbourne on 20-21 July 2016. His experience in security covers the Sydney Olympic Games, Melbourne Commonwealth games and other major events. He also consults with the Australian Nuclear Science & Technology Organisation (ANSTO) developing and delivering the Business Resilience and Emergency Management Frameworks.

Crossley's focus is on the integration of security.

"It's about how you plan infrastructure, your existing technology and hardware, and how you plan your security around that. We need an effective and efficient system that is practical. I think you can spend far too much money on infrastructure if you don’t have a good needs analysis or gap analysis for what that infrastructure is trying to achieve".

One of the questions Crossley is often asked is whether technology can replace people. But with an average of 20,000 people on site during any given day he says more cameras or technology won’t meet the facility's needs. Also, security personnel are considered to be part of the customer-facing operations of the business so having people visible on the ground is important.

An important element of what Crossley needs to manage is the diversity of events the Opera House hosts. From forecourt concerts, ballet, the Vivid Festival and other events, coupled with the patrons of the bars and restaurants, and people using nearby facilities such as the Man O War steps to access boats on the Sydney Harbour, he has to maintain a flexible posture without sacrificing the safety and well-being of patrons.

"It's a massive balancing act. We take into account demographics in our programming. Every day has its challenges".

A key, says Crossley, is having a robust security risk assessment.

"We have a number of frameworks. We have a Security Risk Framework, an Emergency Management Framework, Fire Operations Framework as well as our business continuity documents. For the risk assessments, we can dig down to threat and vulnerability assessments and then, review them for our business as usual footprint. What we're looking to do is look at what our top, key risks are and then deploy controls in relation to those. That could be manpower, cameras, surveillance, access control and the like. We then put the event footprints over that."

The other side of this is maintaining a welcoming arts environment and tourism venue where people feel safe but don’t feel uncomfortable. This extends to working with his peers in other public spaces to ensure a consistent approach to safety and security.

With the security situation constantly changing, often in response to overseas incidents, Crossley engages in regular scenario testing in order to ensure the frameworks and processes he has developed are appropriate. This involves not only looking at actual incidents but also tracking what happens in hoaxes, using those potential scenarios as inputs for maintaining plans.

The flexibility Crossley needs covers manpower and equipment. But rather than maintaining a large and expensive set of assets and people that may only be needed sporadically, he has supply contracts in place with third parties who will supply people and equipment within specific timeframes. This helps him maintain flexibility while managing costs.

Join the CSO newsletter!

Error: Please check your email address.

Tags VulnerabilitiesCyber risksSydney Opera HouseIT SecurityVivid Sydneysecurity risksIT Managmentcyber security

More about ResilienceSydney Opera HouseTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts