Skip to content

Incident Management Intelligence Brief
November 2018 edition

  • CURRENT THREAT ENVIRONMENT
  • RECENT EVENTS
  • CASE STUDY
  • STANDARDS & LEGISLATION
  • REFERENCES

Thunderstorm Asthma Warnings – November 2018

In early November 2018, an alert was issued for areas of New South Wales (NSW) of an incumbent storm front which could trigger serious breathing problems for a large number of people due to the phenomena of Thunderstorm Asthma.

A major Thunderstorm Asthma event occurred in Melbourne in November 2016 which saw more than 8,500 people attend emergency departments with respiratory issues and nine related deaths.
To date, Thunderstorm Asthma events have occurred in some areas of NSW including Wagga Wagga, however, the Sydney Metropolitan Region has not been impacted significantly. Nevertheless, the NSW Health department are encouraging people to remain vigilant and put precautions in place when a Thunderstorm Asthma event is predicted to occur.

What is Thunderstorm Asthma?

Thunderstorm Asthma Warning

Accordingly to NSW Health, Thunderstorm Asthma refers to episodes of asthma symptoms which occur when high pollen levels are combined with a thunderstorm.

Thunderstorm Asthma requires very specific weather conditions to occur and only rarely do thunderstorms that occur in times of high pollen levels have a health impact.

If the conditions necessary for Thunderstorm Asthma occur near a highly populated area, it is possible for many people to be affected very suddenly and simultaneously.

Anyone can be affected by a Thunderstorm Asthma event, even without having previously experienced respiratory issues. Those at increased risk are individuals with a history of asthma, hay fever, or an allergy to grass pollen.

Preparing for Thunderstorm Asthma Events in the Workplace

SafeWork NSW has issued guidance for preparing for Thunderstorm Asthma events which includes knowing which staff members are asthmatic and therefore may be at higher risk of being affected.
If an emergency alert has been issued predicting a potential Thunderstorm Asthma event, all staff members should be notified and precautions such as working indoors and closing windows put in place.
Pollen and weather forecasts should be checked to identify any potential events and first aiders within the organisation should be warned of the symptoms to look out for:

  • wheezing
  • breathlessness
  • coughing
  • chest tightness

For more information, refer to the NSW Health Thunderstorm Asthma Fact Sheet and the SafeWork NSW Thunderstorm Asthma guidance.

US Mail Bomb Threat

US Mail Bomb ThreatPhoto from ABC News

In late October 2018, 14 packages containing potentially destructive pipe bombs were discovered addressed to many prominent Democratic critics of US President Donald Trump.

All packages were intercepted successfully and were not detonated. Two of the packages, addressed to Barak Obama and Hilary Clinton, were identified during a routine mail screening process implemented. Other recipients discovered the package in their mailboxes and alerted authorities.

A package received at CNN offices led to a precautionary evacuation of the building.

Handling Suspicious Mail and Packages

Organisations should remain proactive handling and processing incoming mail and packages. Staff handling mail should remain vigilant and cautious at all times, and also be aware of the emergency procedures for responding to and reporting a suspicious item.

The sorting and processing of mail and packages should be conducted in an area that is separate from the main organisation and can be easily contained.

The following table presents physical indicators of suspicious mail which should be investigated:

Indicators of suspicious packages:
  • Mailed from an unusual or unexpected location
  • Postmark from a city unrelated to the return address
  • No return address
  • Misspelled words
  • Address to title only
  • Incorrect titles
  • Badly-typed or poorly-written addresses
  • Restrictive markings such as ‘Confidential’ or ‘Urgent’
  • Excessive postage
  • Mailed from a foreign country
  • Rigid or bulky envelope
  • Excessive weight
  • Excessive security material such as tape or string
  • Protruding wires or cables
  • Lopsided or uneven packages
  • Strange odours such as almond or machine oil
  • Oily stains, discoloration
  • Crystals or powder

If a suspicious package or mail item is received, the following steps should be considered:

Unopened suspicious Package
  • Place item in multiple layers of plastic bags and seal it.
  • Prevent others from entering the area and becoming contaminated.
  • Keep hands away from face to avoid contamination. If possible, wash hands.
  • If possible, shut down building ventilation system and fans.
  • Call 000 and wait for help to arrive.
Opened suspicious Package
  • Do not disturb the package any further.
  • Do not attempt to clean up spilt materials or brush it off clothing.
  • If possible, place an object over the package without disturbing it ie. a large waste bin.
  • Prevent others from entering the area, closing all doors and windows.
  • If possible, shut down building ventilation system and fans.
  • Call 000 and wait for help to arrive.
Potentially explosive device
  • Follow normal emergency procedures.
  • Evacuate the area.
  • Ring 000 to report the package, ensuring distance between the package and mobile device. Include information:
    – exact location of incident
    – number of people potentially exposed
    – actions taken eg. area evacuated.

Adapted from NSW Government

Data Breach Fatigue: Remaining Vigilant to Prevent Data Breaches

An article published on the Australian Broadcasting Cooperation’s (ABC’s) Science page online on 6 July 2018 stated that due to the rise of data breaches in the news and a significant number of high profile breaches occurring to large organisations, data breach incidents are now becoming considered ‘a normal part of online life’.

Sentiment-analysis of responses to a high profile breach associated with the US Office of Personnel Management in 2015 also showed that people quickly lose interest in data breach cases and do not follow guidance to protect themselves, such as frequently changing passwords.

As a result, there are concerns that society is becoming less vigilant with online security, which could lead to even more data breaches occurring, or breaches remaining undiscovered for significant periods of time.

Data Breaches in 2018

The Office of the Australian Information Commissioner (OAIC) received 245 data breach notifications between July and September 2018, with 245 reported the previous quarter. The main causes of breaches were discovered to be malicious or criminal attacks at 57%.

The following table presents some examples of data breaches which have occurred in 2018 affecting Australians.

OrganisationDateDetails
GoGetJanuary 18GoGet announced that an individual had accessed GoGet’s fleet booking system in June 2017, in an attempt to use the company’s vehicles without permission or payment. It was discovered that the individual had also accessed information of other GoGet users including names, addresses, email addresses, phone numbers, dates of birth and drivers licence details.
PageUp PeopleMay 18PageUp People, an HR software used by Coles, Target, NAB, etc., reported that it had noticed unusual activity in its IT infrastructure and suspected that an individual had gained access to personal information of job applicants including contact and employment information.
TicketmasterJune 18Australian Ticketmaster contacted customers who may have been affected by a data breach caused by malicious software on a customer support product. The personal information of 30,000 customers in the United Kingdom including names, addresses, email addresses, phone numbers, payment details and login details were potentially compromised by the breach.
HealthEngineJune 18HealthEngine, an online booking tool for medical practices, revealed that 59,600 pieces of patient feedback may have been improperly accessed due to a website error.
Tasmanian Electoral Commission (TEC)June 18The TEC were informed that an unknown third party had accessed servers and downloaded information including the names, dates of birth, email and enrolment addresses of an estimated 4,000 electors.

Remaining Vigilant

It is imperative that individuals remain vigilant and follow advice to protect themselves online, whether at work or at home. The OAIC identified that 37% of data breaches reported between July and September 2018 were caused by human error.

Simple recommendations include using a password manager, making all passwords unique and turning on two-factor authentication, where available. Individuals should always be careful sharing personal information online and should maintain awareness regarding unusual email activity e.g. phishing attempts.

The OAIC recognises that organisations and agencies need the appropriate cyber security in place, but they also need to ensure work policies and processes support staff to protect personal information every day.

Any staff responsible for handling personal information should receive regular training, including an understanding of how data breaches may occur. Awareness campaigns can also be implemented to remind staff of their responsibilities for data and IT security e.g. not sharing information online, regularly changing passwords, or not using unauthorised USB devices.

Individuals affected by a data breach should be encouraged to follow the steps outlined below:

Data breach processesFigure created from information on The Conversation

Reporting Data Breaches

The ABC article mentioned above states that the general public have become less focused on the fact that data breaches are occurring, with more judgement placed on how companies have dealt with and responded to breaches. Ultimately, unsatisfactory management of a data breach can impact a company’s reputation.

Delay in notifying staff, customers or other affected individuals is one aspect which can significantly impact public opinion following a data breach. For example, GoGet announced its data breach seven months after it had occurred, leading to accusations of a lack of consideration for those potentially affected by the breach.

The Notifiable Data Breach (NDB) scheme requires entities to notify affected individuals and the Office of Australian Information Commissioner (OAIC) about eligible data breaches. The notification must also include recommendations about the steps individuals should take in response to the breach.
For more information on NDB scheme refer to the Office of the Australian Information Commissioner website.

Active Armed Offender Guidelines for Crowded Places

In Australia, the use of firearms in a terrorist attack is considered feasible even though these weapons are well regulated. Active armed offender attacks continue to be one of the most common tactics adopted by terrorists and other criminals around the world.

  • Assess the threat – Communicated threats can disrupt normal business activity without actually risking life or damage to property. The accurate capturing of information using a bomb threat checklist is important.
  • Protect life – IED events which occur without warning inflict the greatest number of casualties. Actions which can be taken to minimise casualties include the following:

The Active Armed Offender Guidelines for Crowded Places were developed by Crowded Places Advisory Group (CPAG) for the Australia-New Zealand Counter-Terrorism Committee (ANZCTC).
The guidelines aim to increase the awareness of owners and operators of crowded places regarding the threat of terrorism and provide guidance on issues and options to mitigate risks and complete contingency planning such as crisis management and incident management.

Definitions

  • Active Armed Offender: An armed offender is an individual who is actively engaged in killing or attempting to kill people, and who demonstrated their intention to continue to do so while having access to additional potential victims.
  • Crowded Places: Crowded places are locations or environments which are easily accessible by large numbers of people on a predictable basis. Crowded place can include sports stadia, transport hubs, shopping centres, pubs, clubs, places of worship, tourist attractions, movie theatres, civic spaces and open spaces such as parks and pedestrian malls.

Overview of Guidelines

The Active Armed Offender Guidelines are based on the following two principles:

  • Prevention and preparedness arrangements should be underpinned by an intelligence-led, risk management approach.
  • Effective security outcomes in complex crowded place environments require cooperation and coordination among stakeholders.

Four key areas covered in the guidelines include:

PreventionActivities which reduce the severity or impact of an emergency event e.g. threat assessments, addressing vulnerabilities, developing security procedures and installing physical security.
PreparednessActivities focused on developing plans for known or expected incidents, threats or events e.g. contingency plans enabling a situational approach to drive response actions.
ResponseActivities to prioritise saving and protection life e.g. developing evacuation / lockdown plans and supporting emergency services response actions.
RecoveryActivities undertaken to return to recover from the event e.g. internal and external communication, rehabilitation of affected facilities and renewing staff & community confidence.

The Guidelines also include advice to individuals who may encounter an active armed offender:

Encountering an active offenderDiagrams adapted from the Active Armed Offender Guidelines

Improvised Explosive Device Guidelines for Crowded Places

Recent counter-terrorism arrests and prosecutions in Australia demonstrate the ongoing appeal of Improvised Explosive Devices (IED) to Australia-based violent extremists.

Organisations who own or operate crowded places are responsible for providing a safe and secure environment for the general public by applying well-informed risk and emergency management arrangements.

The IED Guidelines for Crowded Places were developed by the Australia-New Zealand Counter-Terrorism Committee (ANZCTC) to raise awareness of the threat posed by IEDs and provide guidance on the issues and options to consider during risk mitigation and contingency planning activities.
These guidelines supplement Australia’s Strategy for Protecting Crowded Places from Terrorism (2017).

Definitions

  • Improvised Explosive Device (IED): A device made or placed in an improvised way that incorporates destructive, lethal, noxious, pyrotechnic or incendiary chemicals and is designed to destroy, incapacitate, harass or distract.
  • IEDs are physically diverse. They can be a range of shapes and sizes, can employ a number of different methods to initiate the explosion, and may be concealed in a number of different ways.

Overview of Guidelines

These guidelines provide advice for prevention, preparedness, response and recovery from terrorist events for owners and organisers and operators of public space with a focus on IEDs;

PreventionPreparedness
  • Implement robust security policies and procedures.
  • Review physical design of buildings to implement Crime Prevention Through Environmental Design.
  • Identify & assess suspicious objects, activity or vehicles.
  • Implement inspection procedures by occupants or supervisors i.e. white level inspections.
ResponseRecovery
  • Consider potential for activating partial or total site evacuation if an IED is suspected or identified.
  • Ensure a smooth transition from facility management / security to Emergency Services for response actions.
  • Communicate with stakeholders, ensure the scene is preserved and support investigation activities.
  • Conduct Business Continuity arrangements to return to business-as-usual quickly following an event.

The guidelines states the primary objectives when responding to IED attacks should be to:

  • Assess the threat – Communicated threats can disrupt normal business activity without actually risking life or damage to property. The accurate capturing of information using a bomb threat checklist is important.
  • Protect life – IED events which occur without warning inflict the greatest number of casualties.

Actions which can be taken to minimise casualties include the following:

Actions to protect lifeTable and figure adapted from the IED Guidelines for Crowded Places

Categorized: intelligence-brief