The role of security professionals gets harder each day. There are more online threats every day, physical risks and compliance challenges thrust upon them each day. But most security pros work within a defined realm. But what if the domain you need to protect has hundreds of thousands of visitors each, hosts global events and is the defining image that the world associates with the country?
That the challenge David Crossley, the Head of Security, Emergency Planning & Response for the Sydney Opera House, faces when he goes to work each day.
"I am responsible for all security activity, emergency response as well as business continuity and crisis management," he says. That covers all physical and logical security.
Crossley is a featured presenter at this year's ASIAL Security Conference and Expo, being held in Melbourne on 20-21 July 2016. His experience in security covers the Sydney Olympic Games, Melbourne Commonwealth games and other major events. He also consults with the Australian Nuclear Science & Technology Organisation (ANSTO) developing and delivering the Business Resilience and Emergency Management Frameworks.
Crossley's focus is on the integration of security.
"It's about how you plan infrastructure, your existing technology and hardware, and how you plan your security around that. We need an effective and efficient system that is practical. I think you can spend far too much money on infrastructure if you don’t have a good needs analysis or gap analysis for what that infrastructure is trying to achieve".
One of the questions Crossley is often asked is whether technology can replace people. But with an average of 20,000 people on site during any given day he says more cameras or technology won’t meet the facility's needs. Also, security personnel are considered to be part of the customer-facing operations of the business so having people visible on the ground is important.
An important element of what Crossley needs to manage is the diversity of events the Opera House hosts. From forecourt concerts, ballet, the Vivid Festival and other events, coupled with the patrons of the bars and restaurants, and people using nearby facilities such as the Man O War steps to access boats on the Sydney Harbour, he has to maintain a flexible posture without sacrificing the safety and well-being of patrons.
"It's a massive balancing act. We take into account demographics in our programming. Every day has its challenges".
A key, says Crossley, is having a robust security risk assessment.
"We have a number of frameworks. We have a Security Risk Framework, an Emergency Management Framework, Fire Operations Framework as well as our business continuity documents. For the risk assessments, we can dig down to threat and vulnerability assessments and then, review them for our business as usual footprint. What we're looking to do is look at what our top, key risks are and then deploy controls in relation to those. That could be manpower, cameras, surveillance, access control and the like. We then put the event footprints over that."
The other side of this is maintaining a welcoming arts environment and tourism venue where people feel safe but don’t feel uncomfortable. This extends to working with his peers in other public spaces to ensure a consistent approach to safety and security.
With the security situation constantly changing, often in response to overseas incidents, Crossley engages in regular scenario testing in order to ensure the frameworks and processes he has developed are appropriate. This involves not only looking at actual incidents but also tracking what happens in hoaxes, using those potential scenarios as inputs for maintaining plans.
The flexibility Crossley needs covers manpower and equipment. But rather than maintaining a large and expensive set of assets and people that may only be needed sporadically, he has supply contracts in place with third parties who will supply people and equipment within specific timeframes. This helps him maintain flexibility while managing costs.
- The week in security: CSO Australia launches cyberskills marketplace; Crims go Pokémon mad
- In the Clouds of ANZ’s Changing Innovation Horizon
- Security high on agenda as Australian Internet of Things makers get organised
- Application security testing growing in Australia but skills gap limits its scope