Australia: Legal Update: Terror Trial Wake Up Call For Occupational Security

Legal Update: Terror Trial Wake Up Call For Occupational Security

The recent terror trials are a sobering reminder that the threat of terrorist attack in Australia is unfortunately very real. Companies need to proactively manage that risk.

This week decisions have been handed down by a jury in relation to the 12 men accused of 27 individual counts of terrorist organisation related offences. Five of the men were each found guilty of intentionally being a member of a terrorist organisation knowing it was a terrorist organisation. One of the men was convicted of intentionally directing the activities of the terrorist organisation, knowing that it was a terrorist organisation, possessing a compact disc that was connected with preparation for a terrorist act, knowing of that connection in addition to being a member of a terrorist organisation.

The Supreme Court of Victoria heard evidence from a prosecution witness that one of the men talked about plans to carry out a terrorist attack at Melbourne's MCG during the 2005 AFL Grand Final. That AFL Grand Final between the Sydney Swans and West Coast Eagles was attended by almost 92,000 people. It was said that the attack did not take place as a result of raids, security and funding reasons. Potential further targets included a 2006 NAB cup game and the Crown casino during the Grand Prix weekend. Crowd figures released by the Grand Prix for the 2006 Grand Prix weekend were an estimated total of 196,200 people.

Security Risk Management Process

The evidence in the terror trials regarding these plans highlights some of the types of infrastructure, organisations and events that can be targets of terrorist activity. These planned attacks were aiming for maximum impact in circumstances involving large scale damage and significant numbers of people. Legislation is only just starting to emerge in a number of discrete areas which can be classified as "occupational security law".

Occupational security laws are focused on managing security risks surrounding critical infrastructure and critical industries such as rail, energy, water, transport, banking and finance, communications, emergency services, food, health and mass gatherings. However, terrorist attacks are not limited to critical infrastructure. Organisations ought to consider implementing security risk management plans to minimise the security risks posed by the threat of terrorist attacks.

Security risk management plans do not involve simply replicating the standard approach to the management of other risks in an organisation for the simple reason that security risks do not have the same genesis as other risks. Managing risks arising in the occupational health and safety setting, for example, involve identifying foreseeable risks within the organisation. In comparison, security risks involve identifying unpredictable activities which may be committed against the organisation by parties outside the organisation.¹

Organisations need to focus on possible terrorist threats, consequences from a successful attack and the organisation's vulnerability to such an attack. Organisations can do this by implementing security risk management processes which assess and treat the security risks by:

• identifying the threat;

• making an assessment of and prioritising the consequences of a successful terrorist attack;

• making an assessment of the vulnerability of the organisation;

• identifying the controls for the threat;

• implementing the controls;

• assessing the vulnerability after the implementation of the controls; and

• undertaking a review of the threat of attack and the vulnerability of the organisation to those threats at each stage of the process.

Security Risk Management Plans

Organisations looking to minimise the risks arising from possible threats of terrorist attacks should consider implementing security risk management plans. The security risk management processes outlined above form part of a security risk management plan.

The legislative requirements for operators of critical infrastructure in Victoria under the Terrorism (Community Protection) Act 2003 provide a good starting point for organisations considering implementing a security risk management plan.

Under that legislative framework, security risk management plans must include:

• an assessment of the risks to the service of terrorist acts;

• a plan of the measures to be undertaken to prevent or reduce the risk including ensuring the physical security of the key infrastructure;

• a plan for the measures to be taken in the event of a terrorist act including the procedures for response to the terrorist act; the procedures for recovery of the declared essential service from the terrorist act; and the procedures to provide for the continued safe operation of the declared essential service;

• details of the positions of the persons responsible for the operation of the risk management plan in the event of a terrorist act;

• procedures for determining whether or not there should be public notification of a terrorist act and if so, the procedures for that notification;

• procedures for immediate communication with the relevant Minister and with emergency services in the event of a terrorist act;

• details of the measures to be taken to protect the declared essential service in the event of a terrorist act on another essential service on which the declared essential service is dependent;

• details of the co-ordination of the risk management plan with any relevant municipal emergency management plan prepared under the Emergency Management Act 1986 (Vic); and

• details of the training to be provided to staff in relation to the procedures to be followed to prevent or respond to terrorist acts.

Security risk management plans are the best mechanisms for organisations to adopt to protect their business undertakings and their people against the threat of terrorist attack. As the recent terror trials demonstrate, the threat of terrorist attack in Australia is unfortunately very real and the failure to manage those threats has potentially devastating consequences.

¹ For an analysis of security risk management see Michael Tooma, (2008) 'Safety, Security, Health and Environment Law' Federation Press, pp 73-77.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.