LOCAL GOVERNMENT SECURITY RISK MANAGEMENT > TOOLKIT AUSTRALIAN LOCAL GOVERNMENT ASSOCIATION

Transcription

1 AUSTRALIAN LOCAL GOVERNMENT ASSOCIATION

2 Australian Local Government Association 2007 ISBN This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Australian Local Government Association. Requests and inquiries concerning reproduction and rights should be addressed to: Australian Local Government Association 8 Geils Court Deakin ACT 2600 Phone (02) Disclaimer The Australian Local Government Association, Emergency Management Australia and the Australian Government make no representations about the suitability of the information contained in this document or any material related to this document for any purpose. The document is provided as is without warranty of any kind to the extent permitted by law. The Australian Local Government Association, Emergency Management Australia and the Australian Government hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for particular purpose, title and non-infringement. In no event shall the Australian Local Government Association, Emergency Management Australia or the Australian Government be liable for any special, indirect or consequential damages or any damages whatsoever resulting from the loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of information available in this document. The document or material related to this document could include technical inaccuracies or typographical errors. PAGE ii

3 Foreword The Local Government Security Risk Management Toolkit is a practical guide to help local government address counter-terrorism considerations, by building from existing emergency/disaster management arrangements. The Toolkit will enable local government to prepare a Security Risk Management Action Plan which will augment existing arrangements with strategies to address significant security risks. Local government can play a key role in managing the consequences of terrorist attacks, as was demonstrated in New York City in the aftermath of the events of September 11, Further, local government is in place before, during and after terrorist acts or other adverse events, and thus has significant responsibility to plan and prepare for such incidents. This national Toolkit has been prepared from the Local government counter-terrorism risk management kit published by the Queensland Government and the Local Government Association of Queensland in Its preparation has been funded by a grant from the Australian Government under the Working Together to Manage Emergencies initiative administered by Emergency Management Australia. The applicability of the Toolkit will vary across jurisdictions; users should consult closely with relevant agencies before and during the planning process to ensure that the process and resultant Action Plans comply with and do not duplicate current jurisdictional requirements. The Toolkit supports sound and effective risk management planning and practice, through a systematic process of identifying requirements for additional security risk management activities in light of existing emergency/disaster and security management arrangements. It will be a valuable tool for local government emergency/disaster and security management decision makers and planners throughout Australia. Effective risk management requires collaboration between local government, state and territory governments, the Australian Government, the private sector and the wider community. I encourage you to work closely with all organisations relevant to your local government area to develop appropriate and effective security risk management arrangements. Australia s ability to prevent, respond to and recover from risks and threats, such as those due to terrorism, is strengthened by a high level of security preparedness and strong cooperative, consultative relationships. Cr. Paul Bell AM President of the Australian Local Government Association PAGE iii

4 PAGE iv

5 Contents Foreword iii Executive Summary vii Glossary ix WORKBOOK Overview of the Workbook Aim Key stakeholders Resources and references Using this Workbook Phase 1 Establish the context Step 1. Describe the community context Step 2. Describe the legislative context Step 3. Establish an emergency/disaster risk profile Step 4. Review existing emergency/disaster and security management arrangements Step 5. Determine evaluation criteria for security risk treatment options Phase 2 Conduct a security risk review Step 6. Develop a security risk profile Step 7. Examine community consequences and local government responsibilities Step 8. Evaluate risk treatment options Phase 3 Plan for action Step 9. Develop the high priority risk treatment options Step 10. Develop a Security Risk Management Action Plan Step 11. Monitor and review the Action Plan Worksheets Emergency/disaster risk profile - Step Comparing emergency/disaster and security management arrangements Step Evaluation criteria for security risk treatment options - Step Security risk profile Step Analysing possible security incidents Step Community consequences and local government responsibilities Step Evaluating risk treatment options Step Summarising risk treatment options Step Developing the high priority risk treatment options - Step Security Risk Management Action Plan Step Monitoring and reviewing implementation of the Security Risk Management Action Plan Step 11 Monitoring and reviewing the currency of the Security Risk Management Action Plan Step 11 TRAINING MATERIAL Training delivery Notes for facilitators PowerPoint presentation PAGE v

6 Bibliography Australian Government New South Wales Northern Territory Queensland South Australia Tasmania Victoria Western Australia Acknowledgements List of Tables Table 1: Likelihood of the event occurring Table 2: Consequences if the event were to occur Table 3: Resultant risk rating Table 4: Risk ratings and recommended action levels Table 5: Emergency/disaster risk profile Green Hills Shire Table 6: Comparing existing emergency/disaster and security management arrangements Green Hills Shire Table 7: A rating scale for cost Table 8: Evaluation criteria for security risk treatment options Green Hills Shire Table 9: Security risk profile Green Hills Shire Table 10: Categories of preparedness Table 11: Analysing possible security incidents Green Hills Shire Table 12: Community consequences and local government responsibilities Green Hills Shire Table 13: Evaluating risk treatment options Green Hills Shire Table 14: Summarising risk treatment options Green Hills Shire Table 15: Developing the high priority risk treatment options Green Hills Shire Table 16: Security Risk Management Action Plan - Green Hills Shire - searching all vehicles entering Port Mary Table 17: Monitoring and reviewing implementation of the Security Risk Management Action Plan - Green Hills Shire Table 18: Monitoring and reviewing the currency of the Security Risk Management Action Plan - Green Hills Shire List of Figures Figure 1: Overview of the process Figure 2: Phase 1 Establish the context Figure 3: Comparing emergency/disaster and security risk management arrangements Figure 4: Phase 2 Conduct a security risk review Figure 5: Phase 3 Plan for action PAGE vi

7 Executive Summary The Local Government Security Risk Management Toolkit has been developed from the Local government counter-terrorism risk management kit published by the Queensland Government and Local Government Association of Queensland in The Toolkit is a practical guide intended for Australia-wide use. 1 It is designed to develop and support local government capacity to undertake counter-terrorism and security risk management assessments, and to build from existing emergency/disaster 2 management arrangements to address counter-terrorism considerations. The Toolkit should be used by local government agencies, with input from key stakeholders including relevant state or territory government bodies, major industries and peak bodies, owners and/or operators 3 of critical infrastructure and mass gathering venues, and major event organisers. The systematic process used in this Toolkit is based on the risk management framework detailed in the Australian/New Zealand Standard AS/NZS 4360:2004, Risk Management. The Toolkit focuses at a strategic overview level and applies the judgments and experience of users with broad local knowledge. Users do not need counter-terrorism expertise to complete the steps in this Toolkit. Information about the current security situation and security management arrangements in Australia is available from a number of the publications and websites listed in the Bibliography. The situation and /or management arrangements may change rapidly and Toolkit users should ensure they use current information. The Toolkit is made up of two principal sections a Workbook and training material. The Workbook is the key section of the Toolkit, and details three analytical phases. The first phase describes analysis of the community context for security risk assessment, and includes consideration of the community and legislative contexts, establishment of an emergency/disaster risk profile, review of existing emergency/disaster and security management arrangements, and establishment of criteria to evaluate security risk treatment options. Much of the information needed in this phase will already be available in many local government areas. Sources of such information include existing emergency/disaster management planning guidelines and similar documents. Details of relevant additional sources of information to guide work in this phase are contained in an extensive Bibliography later in the Toolkit. The second phase of the Workbook focuses on identification of potential security targets and development of a security risk profile for the local government area. It guides assessment of a local council s responsibilities and preparedness to manage the potential community consequences of a security-related incident. Possible treatment options for plausible security incidents are evaluated in this phase. 1 The Toolkit has been developed as a resource for use throughout Australia, and consequently it is general in tone. Users should consult closely with relevant state or territory agencies, to ensure the planning process and resultant Action Plans accord with current jurisdictional legislation, policies, plans and procedures, and do not duplicate current jurisdictional requirements. Victorian users, in particular, are urged to note that state s all hazards approach to emergency risk management, and the consequent inclusion of security risk management in current emergency planning processes. 2 The terms emergency and disaster are used with various closely related meanings in different specialist fields, and in different states and territories, in Australia. A discussion of the distinction between the terms is in Commonwealth of Australia (1998b). In this Toolkit, the two terms are most commonly used conjointly, to encompass all relevant events. 3 The term owners and/or operators is used in this Toolkit to encompass all agencies and authorities which bear some responsibility for such infrastructure. PAGE vii

8 The third phase of the Workbook further analyses the high priority risk treatment options identified for the local government area. This phase then covers development of a Security Risk Management Action Plan that builds from existing emergency/disaster and security management arrangements and is designed to ensure closure of any gaps in existing plans. This phase also includes establishment of arrangements to monitor, review and update the Security Risk Management Action Plan. Worksheets are provided to capture the information generated from the three phases of the Workbook. An extensive Bibliography lists some relevant references. Finally, training material is provided to support introduction of local government officers and key stakeholders to the Toolkit and its application. PAGE viii

9 Glossary This Glossary is derived from a range of Australian Government and other documents relating to emergency/disaster management and response. Jurisdiction-specific definitions should be checked against relevant sources, including those listed in the Bibliography. All hazards approach. The all hazards approach recognises that emergency management arrangements and programs need to be able to deal with the wide variety and scale of hazards that may affect Australian communities, whether these originate from natural, technological, biological or social agents or result from an interaction between agents in any of these fields. (Commonwealth of Australia 2004a) Consequence. The outcome of an event expressed qualitatively or quantitatively, being a loss, injury, disadvantage or gain. There may be a range of possible outcomes associated with an incident. (Standards Australia/Standards New Zealand 2004) Consequence management. Measures to protect public health and safety, restore essential government services, and provide emergency relief and recovery to business and individuals affected by disasters. (Commonwealth of Australia 2005a) Critical infrastructure. Critical infrastructure is defined as those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic well-being of the nation, or affect Australia s ability to conduct national defence and ensure national security. (Trusted Information Sharing Network for Critical Infrastructure Protection 2004) Disaster. A condition or situation of significant destruction, disruption and/or distress to a community. (Commonwealth of Australia 2004a) Emergency. An event, actual or imminent, which endangers or threatens to endanger life, property or the environment, and which requires a significant and coordinated response. (Commonwealth of Australia 2004a) Emergency management. A range of measures to manage risks to communities and the environment. (Commonwealth of Australia 2004a) Emergency risk management. A systematic process that produces a range of measures which contribute to the wellbeing of communities and the environment. (Commonwealth of Australia 2004a) Likelihood. A quantitative or qualitative description of probability or frequency. (Standards Australia/Standards New Zealand 2004) Local government. Any type of legally constituted local authority functioning in any state or territory of Australia. Risk. The chance of something happening that will have an impact on objectives. It is measured in terms of a combination of the consequences of an event and their likelihood. (Standards Australia/Standards New Zealand 2004) Risk analysis. A systematic process to understand the nature of, and to deduce the level of, risk; it provides the basis for risk evaluation and decisions about risk treatment. (Standards Australia/Standards New Zealand 2004) Risk assessment. The overall process of risk identification, risk analysis and risk evaluation. (Standards Australia/Standards New Zealand 2004) PAGE ix

10 Risk evaluation. The process of comparing the level of risk against risk criteria; risk evaluation assists in decisions about risk treatment. (Standards Australia/Standards New Zealand 2004) Risk identification. The process of determining what, where, when, why and how something could happen. (Standards Australia/Standards New Zealand 2004) Risk management. The culture, processes and structures that are directed towards realising potential opportunities whilst managing adverse effects. (Standards Australia/Standards New Zealand 2004) Risk management process. The systemic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk. (Standards Australia/Standards New Zealand 2004) Risk reduction. Actions taken to lessen the likelihood, negative consequences, or both, associated with a risk. (Standards Australia/Standards New Zealand 2004) Risk treatment. The process of selection and implementation of measures to modify risk. (Standards Australia/Standards New Zealand 2004) Terrorist act means an action or threat of action where: (a) the action falls within subsection (2) and does not fall within subsection (2A); and (b) the action is done or the threat is made with the intention of advancing a political, religious or ideological cause; and (c) the action is done or the threat is made with the intention of: (i) coercing, or influencing by intimidation, the government of the Commonwealth or a State, Territory or foreign country, or of part of a State, Territory or foreign country; or (ii) intimidating the public or a section of the public. (2) Action falls within this subsection if it: (a) causes serious harm that is physical harm to a person; or (b) causes serious damage to property; or (ba) causes a person s death; or (c) endangers a person s life; other than the life of the person taking the action; or (d) creates a serious risk to the health or safety of the public or a section of the public; or (e) seriously interferes with, seriously disrupts, or destroys, an electronic system including, but not limited to: (i) an information system; or (ii) a telecommunications system; or (iii) a financial system; or (iv) a system used for the delivery of essential government services; or (v) a system used for, or by, an essential public utility; or (vi) a system used for, or by, a transport system. (2A) Action falls within this subsection if it: (a) is advocacy, protest, dissent or industrial action; and (b) is not intended: (i) to cause serious harm that is physical harm to a person; or (ii) to cause a person s death; or (iii) to endanger the life of a person, other than the person taking the action; or (iv) to create a serious risk to the health or safety of the public or section of the public. (Extract from the Security Legislation Amendment (Terrorism) Act 2002, Part 5.3) PAGE x

11 WORKBOOK LOCAL GOVERNMENT OVERVIEW > WORKBOOK Overview of the Workbook The Workbook is not a prescriptive template, but a guide to help you plan. The Workbook will guide you through three phases: establishing the local context, conducting a security risk review and developing a Security Risk Management Action Plan. Each phase includes several steps. When using the Workbook you may: skip any steps that do not apply to the circumstances in your local government area go directly to the primary output for each step and complete the details without working through the questions/activities. You should consult closely with relevant state or territory agencies during the planning process, to ensure the process and resultant Action Plans accord with current jurisdictional requirements, and do not duplicate or conflict with current jurisdictional requirements. Further, in consultation with those agencies, you need to consider the issue of security of and access to the Action Plan itself. You should note that security classification restrictions may apply to some of the information you have used or developed. You should consult closely with relevant state or territory, and Australian Government, agencies to ensure that security requirements are met at all times. Aim This Workbook outlines a systematic approach to developing a security risk profile and identifying the security risk management arrangements you can use to build from your existing emergency/disaster and security management activities where appropriate. The Workbook and worksheets have been designed so you can use them in a workshop setting, but this is not essential. The Workbook is intended to be used by local government agencies, with input from key stakeholders including relevant state or territory government bodies, major industries and peak bodies, owners and/or operators of critical infrastructure and mass gathering venues, and major event organisers. PAGE 1

12 WORKBOOK OVERVIEW Key stakeholders Consider using the people who are members of your emergency/disaster management team at local government and regional levels, plus representatives of major industries/peak bodies in the area, owners and/or operators of major infrastructure in the area, and representatives of other levels of government and/or neighbouring authorities. It is essential also that you work closely with your local police and emergency service representatives. Their experience, knowledge and responsibilities make them invaluable in applying the Workbook. Resources and references Assemble basic references relevant to emergency/disaster management and security management in your local government area. You will need any relevant documents that relate specifically to your local government area and district, and documents that are relevant at a national, and state or territory, level. At the local level, essential material will include emergency/disaster management plans and maps of the area. You should also be familiar with your state or territory emergency/disaster management legislation. The Bibliography in this Toolkit will help you identify some of the material you will need. Users may also wish to consult the recently published handbook on security risk management (Standards Australia/Standards New Zealand 2006), which provides some guidance on planning at a more detailed level. Using this Workbook This Workbook is designed so the right-hand (odd numbered) pages set out the process you need to follow, while the left-hand (even) pages provide notes to help you understand the process. Where there is no need for comment on the left-hand page, it has been annotated as intentionally blank. Your deliberations should be at a strategic/overview level and be based on the judgment and experience of key stakeholders. You do not need a security expert to complete the steps in the Workbook. You are aiming to design a practical Action Plan that can be readily applied to your local government area. PAGE 2

13 WORKBOOK LOCAL GOVERNMENT OVERVIEW FIGURE 1 Overview of the process PHASE 1 Establish the context STEP OUTPUT > Step 1 Describe community context > Community environmental scan > Step 2 Describe legislative context > List of relevant laws and policies > Step 3 Establish emergency/disaster > Emergency/disaster risk profile risk profile > Step 4 Review emergency/disaster > Assessment of current and security management emergency/disaster and security arrangements management arrangements > Step 5 Determine evaluation criteria for > Evaluation criteria for security security risk treatment options risk treatment options PHASE 2 Conduct a security risk review STEP OUTPUT > Step 6 Develop security risk profile > Security risk profile > Step 7 Examine community consequences > Table of consequences and and local government responsibilities responsibilities > Step 8 Evaluate risk treatment options > Additional risk treatment strategies PHASE 3 Plan for action STEP OUTPUT > Step 9 Develop the high priority risk > Table of overlaps and gaps treatment options > Step 10 Develop a Security Risk > Action Plan Management Action Plan > Step 11 Monitor and review Action Plan > Action Plan PAGE 3

14 WORKBOOK PHASE 1 The first phase is concerned with establishing the context for your local government area, to prepare for later phases. The steps identified will help you document an agreed context for your local council to manage security risks. In many local government areas, much of the information will already be available. For example, some resources may have been generated as a result of developing emergency or disaster management plans and procedures. In such cases, you should gather and review existing material before starting this step. PAGE 4

15 WORKBOOK LOCAL GOVERNMENT PHASE 1 > PHASE 1 Establish the context This phase sets the context for the remaining two phases. It includes five steps (see Figure 2). Each step will produce a specific output, which you will use as you prepare a Security Risk Management Action Plan for your local government area. FIGURE 2 Phase 1 Establish the context PHASE 1 Establish the context STEP OUTPUT > Step 1 Describe community context > Community environmental scan > Step 2 Describe legislative context > List of relevant laws and policies > Step 3 Establish emergency/disaster > Emergency/disaster risk profile risk profile > Step 4 Review emergency/disaster > Assessment of current and security management emergency/disaster and security arrangements management arrangements > Step 5 Determine evaluation criteria for > Evaluation criteria for security risk security risk treatment options treatment options PAGE 5

16 WORKBOOK PHASE 1 An environmental scan is a review of the broad context to determine the major factors, trends, opportunities and threats that may influence your local government area now and in the foreseeable future. The combined experience and local knowledge of key stakeholders should provide a suitable level of information to conduct the scan effectively. You need to use annotated maps as the focal point for the scan. Some of these maps may document and illustrate: topographical features GIS digital terrain elevation models land use local government planning scheme/s population distribution bushfire risk/hazard flood information, including riparian and overland flow storm surge information landslip plans infrastructure types and locations. Hazardous materials If you identify sites where significant quantities of hazardous materials are produced, used, stored and/or processed, or that pose a potential threat to the community or environment for some other reason, or routes through which significant shipments of hazardous materials pass, you should also identify the legislation that relates to managing those materials and shipments. PAGE 6

17 WORKBOOK LOCAL GOVERNMENT PHASE 1 > STEP 1 Describe the community context In this step you will document an environmental scan of the main features of your local government area, to develop a brief condensed overview. Use the combined experience of key stakeholders to obtain all the relevant information about your local government area and, where relevant, about the district. A list of suggested activities to help you obtain the necessary information and materials is below. Activities Obtain maps of your local government and immediately surrounding areas (the word district is used in this Workbook to cover the geographic area around your local government area). Make a note of the features listed below and briefly describe each one. You may find it necessary to produce several map overlays. Geography Confirm the size, boundaries, major geographic features, vegetation cover and general land use patterns of your local government area. Climate and weather Describe the climate and seasonal weather patterns in the district, such as flood and storm surge levels. Population Note the size, distribution, demographics and population movements within your district. Show the relative size of cities and towns. Utilities Identify the main power, water and sewerage, gas and telecommunications facilities and networks within your district. Built infrastructure Mark the ports, airports, rail, roads, pipelines and other major infrastructure in your district. Industry/economics Describe the major primary, secondary, and tertiary industries in your district. Note any significant installations associated with each. Note the major economic activities and/or factors in your district. Government facilities Note the major government facilities (Australian Government, state or territory, and local government). Identify the key emergency services sites and major health facilities. Note foreign missions and diplomatic offices or residences, if applicable. Public buildings and spaces Identify any iconic structures, and major tourist facilities, transport hubs, malls and shopping precincts, major sporting and entertainment venues in your local government area. Educational institutions Identify any major primary, secondary, and tertiary educational institutions and schools in your local government area. Events List any recurring events that attract large numbers of people, such as picnic races, agricultural or music festivals, and trade fairs in your local government area. Hazardous sites/routes Identify any sites where significant quantities of hazardous materials are produced, used, stored and/or processed, or that pose a potential threat to the community or environment for some other reason in your local government area. Identify any routes used to transport significant shipments of such materials through or around your local government area. Historical experience Make note of any history of emergencies and/or disasters in the district, either natural (e.g. floods, bushfires) or man-made (e.g. oil spills, chemical releases). PAGE 7

18 WORKBOOK PHASE 1 On this page make notes about the legislation that relates to: the legal basis of your local council s authority local government s roles and responsibilities in emergencies and/or disasters in your state or territory local government s roles and responsibilities in a security incident or a counterterrorism situation in your state or territory PAGE 8

19 WORKBOOK LOCAL GOVERNMENT PHASE 1 > STEP 2 Describe the legislative context In this step you will document relevant aspects of the legal and regulatory framework for your local council, with a particular focus on those aspects relating to emergency/disaster and security management. The Bibliography lists some relevant material and you should consult with key stakeholders to ensure you identify all relevant information. Legislative framework Identify the Australian Government legislation that is relevant to your local council in this context. Identify the state or territory legislation that is relevant to your local council in this context. Identify any regulations, and any protocols, plans, policies or procedures pursuant to that legislation that are relevant to your local council in this context. PAGE 9

20 WORKBOOK PHASE 1 The risk analysis method you will use in this Workbook is based on that outlined in the Australian/New Zealand Standard AS/NZS 4360:2004, Risk Management, and the associated Risk Management Guidelines Companion to AS/NZS 4360:2004 (Standards Australia/Standards New Zealand 2004). To help you develop a disaster risk profile for your local government area, some examples of likelihood terms and their descriptors are presented in Table 1. Table 2 gives a list of possible consequence terms and descriptors, Table 3 shows a resultant risk rating matrix that maps likelihood against consequences, and Table 4 provides examples of recommended levels of action for each resultant risk rating. You can use the terms and descriptors presented in Tables 1 to 4 for your local government area. Alternatively, you could work with key stakeholders to establish standard sets of likelihood terms, consequence terms, risk ratings and recommended levels of action for specific use in your local government area, with clear descriptors. Either way, you should use the same terms and descriptors to assess each risk. The Risk Management Guidelines contain additional information on developing rating scales. Table 1 Likelihood of the event occurring A Almost certain The event is expected to occur B Likely The event will probably occur C Possible The event should occur at some time D Unlikely The event could occur at some time E Rare The event may occur only in exceptional circumstances Table 2 Consequences if the event were to occur 1 Insignificant Little disruption to the community 2 Minor Minor disruption to community 3 Moderate Some inconvenience to the community 4 Major Noticeable impact on community, some services unavailable 5 Catastrophic Community unable to function without significant support Table 3 Resultant risk rating Likelihood Consequences 1 Insignificant 2 Minor 3 Moderate 4 Major 5 Catastrophic A Almost Certain Medium High High Very high Very high B Likely Medium Medium High High Very high C Possible Low Medium High High High D Unlikely Low Low Medium Medium High E Rare Low Low Low Medium High Table 4 Risk ratings and recommended action levels Ratings Recommended action levels VH Very high risk Immediate action necessary, continuous monitoring and response arrangements must be in place and tested monthly H High risk Monitoring regime and response plan must be in place and tested annually M Medium risk Management responsibility must be specified L Low risk Manage using routine procedures PAGE 10

21 WORKBOOK LOCAL GOVERNMENT PHASE 1 > STEP 3 Establish an emergency/disaster risk profile In this step you will develop an emergency/disaster risk profile for your local government area. It will serve: as a basis for the next step, in which you will explore the existing emergency/disaster arrangements for your local government area as an example of the risk analysis method you will use in Step 7 when you examine the community consequences of plausible security incidents. If you and the key stakeholders share a sound understanding of the existing emergency/disaster arrangements, and are confident in applying the risk analysis method, you may wish to proceed directly to Step 4. Using the combined experience of key stakeholders, conduct a high-level risk assessment for your local government area. Work through the activities below to complete a table similar to Table 5 below. (This step may not be necessary if an emergency/disaster risk profile already exists.) There is a blank copy of the relevant form in the worksheets at the end of the Workbook. The examples in Tables 1 to 4 will help you complete the emergency/disaster risk profile for your local government area, or you may prepare specific rating scales for your local government area. TABLE 5 Emergency/disaster risk profile Green Hills Shire Hazard Likelihood Consequences Resultant Comments risk rating Natural disasters Severe storm A 2 High Bushfire B 3 High Especially around Rusty Ranges River flood C 4 High Landslip B 2 Medium Mt Lookout area only Man-made disasters* Oil spill B 3 High Threat-specific plan exists Major ground C 3 High transport accident Major industrial C 2 Medium accident * Do not include security events at this stage. These will be covered later. Activities List the natural disasters and man-made hazards or incidents that might occur in your local government area in a given year, in order of probability. Rate the likelihood of each hazard or incident, using the scale in Table 1. 4 Consider the consequences of each hazard from a whole-of-community point of view. Use the rating scale in Table 2. 5 Given the likelihood and consequences for each hazard, read the overall risk rating from Table 3. Enter it into your version of Table 5. 4 Alternatively, you may use a similar scale you have developed for your local government area. 5 Alternatively, you may use a similar scale you have developed for your local government area. PAGE 11

22 WORKBOOK PHASE 1 Figure 3 Comparing emergency/disaster and security risk management arrangements Security management arrangements Emergency/disaster management arrangements Aspects unique to security management (additional arrangements needed for security management) Areas of overlap (integrate emergency/disaster and security management) Aspects unique to emergency/ disaster management (arrangements do not apply to security management) Examples Areas of overlap response and evacuation plans Aspects unique to emergency/disaster management hazard-specific plans Aspects unique to security management additional (heightened) security measures reporting chains may be different Note that some of the aspects unique to security management may already be addressed under existing security management arrangements, and some may require additional action. These additional aspects will be included in the Security Risk Management Action Plan you are developing. When considering areas of overlap, you should identify existing arrangements that could apply to, or could be readily adapted to manage, a security incident. These could include: organisational structures plans, policies, procedures response capability other arrangements. When considering arrangements that are unique to existing emergency/disaster management, you should identify current emergency/disaster management arrangements that do not apply to a security incident. These could include: organisational structures plans, policies, procedures response capability other arrangements. When considering arrangements that are unique to managing a security incident, you should identify the additional arrangements you would need to manage a security incident. These could include: organisational structures plans, policies, procedures response capability other arrangements. PAGE 12

23 WORKBOOK LOCAL GOVERNMENT PHASE 1 > STEP 4 Review existing emergency/disaster and security management arrangements In this step you will analyse and compare emergency/disaster and security management arrangements for your local government area, at a strategic or overview level. 6 Figure 3 illustrates the probable relationship between existing emergency/disaster and security management arrangements for your local government area. Use the combined experience of key stakeholders and, in particular, that of relevant state or territory, and Australian Government, officers (such as police) to complete a table similar to the example shown in Table 6 for Green Hills Shire, by working through the questions/activities below. There is a blank copy of the relevant form in the worksheets at the end of the Workbook. The table will identify: areas of overlap security arrangements can be or are integrated with emergency/disaster arrangements aspects unique to emergency/disaster management existing emergency/disaster management arrangements that do not apply to security management aspects unique to security management additional measures that exist or may be needed to address gaps in security management arrangements. TABLE 6 Comparing existing emergency/disaster and security management arrangements Green Hills Shire Type of arrangement Areas of overlap Aspects unique to Aspects unique to emergency/disaster security management management (for flood, as an example) Organisational Role of Council s Council Flood Council structures CEO in Council s Management Counter-Terrorism decision-making Taskforce Response Group structure Plans, policies, Council procedures Council policy: Land Council policy on procedures for evacuation from Use Planning for Flood security risk key commercial hubs Mitigation in Green management Hills Shire Response capability Some Council staff Equipment: portable Senior Council staff trained in roles pumps and flood member identified as under the Australian barriers Counter-Terrorism Incident Management Community Liaison System Officer Other arrangements Emergency Additional garbage Capacity to close airport accommodation disposal facility above and all roads into the arrangements flood plain Shire during a security incident 6 Note that, in some jurisdictions, security management arrangements may fall under emergency/disaster management arrangements and hence the comparison detailed in this step may not apply. In those cases, you should still analyse the existing arrangements using the questions/activities below, in order to prepare for subsequent steps in the action planning process. PAGE 13

24 WORKBOOK PHASE 1 THIS PAGE INTENTIONALLY LEFT BLANK PAGE 14

25 WORKBOOK LOCAL GOVERNMENT PHASE 1 Questions/activities The specific questions/activities below will help you assess the emergency/disaster management arrangements in your local government area. You should develop similar questions/activities to explore the current security management arrangements. They will enable you to complete the necessary table. Three particular areas you need to examine in relation to emergency/disaster management are the: Local Emergency/Disaster Management Group/Committee operations Local Emergency/Disaster Management Plans Emergency/Disaster Response Capability. Local Emergency/Disaster Management Group/Committee Which Group or Committee coordinates your local government area response to an emergency and/or disaster? What is the composition of your Group or Committee? Who is the chairperson of your Group or Committee? Does your Group or Committee meet periodically or only when an incident occurs? When was the last meeting? When is the next scheduled meeting? Local Emergency/Disaster Management Plans (and policies and procedures) Do Local Emergency/Disaster Management Plans exist? Has the senior Emergency/Disaster Management Group/Committee approved the plans? Are the plans available for inspection by the public? Have copies of the plans been forwarded to the next level of coordination (e.g. the district, zone, regional, or state or territory)? Are the plans consistent with higher level (district/regional/state/territory) plans? How extensive/comprehensive are the plans? Which threat-specific plans, if any, have been developed? When were the plans last reviewed? When were the plans last exercised? Emergency/Disaster Response Capability Do you have trained people and equipment earmarked to deploy if an emergency or a disaster occurs? Do you have established and practised procedures for standby and activation? Do you have an operations centre staffed by trained people with a set of agreed procedures for managing an emergency or a disaster? What arrangements are in place for communication with key stakeholders, such as other councils, state or territory government and Australian Government authorities and community-based organisations? PAGE 15

27 WORKBOOK LOCAL GOVERNMENT PHASE 1 What arrangements are in place to ensure your community is aware of ways to mitigate the adverse effects of an incident, and to prepare for, respond to and recover from an emergency or disaster? Do you have a public information strategy or plan to keep the community informed if an emergency or a disaster occurs? Other arrangements Are there other arrangements in place in your local government area which are relevant in this context? Overall assessment Overall, how well developed is your emergency/disaster management capability? How often is your emergency/disaster management capability formally reviewed and tested? When was your emergency/disaster management capability last activated: for a real incident? for an exercise? PAGE 17

28 WORKBOOK PHASE 1 Rating scales for evaluation criteria Rating scales used to evaluate security risk treatment options may be in absolute or relative terms. An example of ratings for cost is in Table 7. Table 7 A rating scale for cost Rating scale type Option 1 Option 2 Option 3 Relative Cheapest Mid-range Most expensive Absolute $ $ $ $ PAGE 18

29 WORKBOOK LOCAL GOVERNMENT PHASE 1 > STEP 5 Determine evaluation criteria for security risk treatment options In this step you will set criteria to evaluate possible security risk treatment options. The criteria can then be used later in the process to identify appropriate treatment options. Using the combined experience of key stakeholders, answer the questions below for your local government area, to help you prepare a table similar to the Green Hills Shire example in Table 8. There is a blank copy of the relevant form in the worksheets at the end of the Workbook. TABLE 8 Evaluation criteria for security risk treatment options Green Hills Shire Criterion Rating Rating measure Rating categories Comments scale type Cost Absolute $ Capital and recurrent Exclude if cost exceeds $0.3m per year Practicality Relative The degree to which Low medium high the treatment options can be (i) implemented using existing resources and (ii) would be accepted by the community Compatibility Relative The degree to which Low medium high with existing measures the treatment options are compatible with existing arrangements Impact on Relative The degree to which Low medium high security risk the treatment options profile alter the security risk profile Local Relative The degree to which Low medium high government the treatment options responsibility fall within existing local government responsibilities Questions What criteria will you use to decide whether or not to adopt a specific risk treatment option in your local government area? What rating scale type, measure and categories will you use for each criterion? PAGE 19

31 WORKBOOK LOCAL GOVERNMENT PHASE 2 > PHASE 2 Conduct a security risk review This phase documents development of a security risk profile, analysis of the community consequences of an incident and of applicable local government responsibilities, and evaluation of potential options to reduce security risk through reduction in either the likelihood or the consequences of an incident. The three steps in this phase, and the associated outputs, are set out in Figure 4. FIGURE 4 Phase 2 Conduct a security risk review PHASE 2 Conduct a security risk review STEP OUTPUT > Step 6 Develop security risk profile > Security risk profile > Step 7 Examine community consequences > Table of consequences and and local government responsibilities responsibilities > Step 8 Evaluate risk treatment options > Additional risk treatment strategies PAGE 21

32 WORKBOOK PHASE 2 In preparing a list of possible targets, you should note that security classification restrictions may apply to some of the information. You should consult closely with relevant state or territory, and Australian Government, agencies to ensure that security requirements are met at all times. Critical infrastructure refers to those physical facilities, supply chains, information technologies and communication networks that, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation or affect Australia s ability to conduct national defence and ensure national security ( The owners and/or operators of critical infrastructure will best understand their businesses, their vulnerabilities and how to protect them, and they have a responsibility to: protect and secure their assets (including having a security plan aligned to the current terrorism alert level) actively plan in accordance with risk management principles (in the counterterrorism environment, this would include risk analysis, emergency/disaster response planning and business continuity planning) exercise and review plans on a regular basis report incidents or suspicious activity to the state or territory police. Further information on the potential roles of local government in the protection of critical infrastructure is contained in the Critical Infrastructure Protection National Strategy (Trusted Information Sharing Network 2004). Mass gathering locations or events are characterised by the concentration of people on a predictable basis, in venues or precincts that are open or enclosed. They may include but are not limited to: sporting venues particularly those that attract national and international media exposure and large numbers of people, due to the nature of events hosted shopping complexes/open air markets particularly large multi-tenanted shopping complexes which attract significant numbers of people business precincts tourism and entertainment venues/attractions including high profile entertainment centres, parks and malls, casinos, theme parks, and major nightclub/licensed venue precincts which attract large numbers of people, including tourists cultural facilities hotels and convention centres public transport hubs and precincts major transport centres which attract significant pedestrian traffic major planned events. They may also include: educational institutions and schools local government precincts major local government precincts which attract large volumes of pedestrian traffic and national/international exposure due to significant tourist interest. Councils should also consider hazardous sites and routes within their local government areas, and facilities and/or installations close to their boundaries, damage to which could pose significant community consequences. PAGE 22

33 WORKBOOK LOCAL GOVERNMENT PHASE 2 > STEP 6 Develop a security risk profile In this step you will identify the potential security targets within your local government area, and the current security arrangements. You will build from the information you documented in Step 1. To aid your analysis, you may categorise possible targets. Suitable categories include but are not limited to: critical infrastructure, mass gathering locations and/or events, and hazardous sites/routes. These are illustrative examples; you may add or delete categories to suit the circumstances in your local government area. Using the combined experience of key stakeholders, conduct a high-level scan to identify possible targets within your local government area. Work through the questions/activities to complete a table similar to the example in Table 9. There is a blank copy of the relevant form in the worksheets at the end of the Workbook. TABLE 9 Security risk profile Green Hills Shire Possible target Owner and/or Security arrangements Comments of terrorist attack operator (plans, policies, procedures, etc.) Critical infrastructure Port Mary Green Hills Shire Daytime access controlled Security guard at night Fire and evacuation plans Ulm Airport Federal Airport Daytime access controlled Corporation Security guard at night Fire and evacuation plans Green Hills Reservoir Green Hills Shire Staffed in daylight hours Wholly owned and Pump Station Water Board Physical perimeter subsidiary of GHS P/L security only Campfire Creek Northern Electricity Physical perimeter Electricity Station security only Mass gathering locations JJ King Stadium JJ King Cooperative Emergency procedures Capacity and evacuation plans Central Shopping Mall Mr Ted Norton Emergency procedures Usage varies widely and evacuation plans over time Events Green Hills Music Stockyard attendees and Folk Festival Promotions National press coverage Hazardous sites/routes Fastnet Fertiliser Fastnet Chemicals Conforms with legislation Plant and guidelines security audit conducted monthly NOTES (i) for major facilities, it may be useful to document key components or vulnerable points (e.g. for Ulm Airport: fuel storage and navigation aids) (ii) local police should be consulted about major event planning and public safety. PAGE 23

35 WORKBOOK LOCAL GOVERNMENT PHASE 2 Questions/activities Assume that a terrorist group is planning an incident in your local government area. What are the potential targets? Note that the environmental scan you conducted in Step 1 will provide the basis for this analysis. List the items of critical infrastructure in (or immediately adjacent to) your local government boundaries. List the mass gathering locations and/or events within your local government area. Identify any hazardous sites, or routes used to transport significant quantities of hazardous materials within your local government area. For each entry above: identify the owner and/or operator note the existing arrangements to manage an emergency, disaster or a security incident identify who holds maps or floor plans for these sites find out if there are any copies off-site find out if local police have been consulted about major event planning and public safety find out if plans allow for security measures to be adjusted if the national counterterrorism alert level changes ask the question How will this business change depending on the level of threat? The following specific questions will help critical infrastructure owners and/or operators determine the potential terrorism threat to their organisations: Have terrorist activities overseas targeted this form of industry or interest? Does this organisation/agency involve any form of critical infrastructure? Does this organisation manufacture or store explosives or chemicals/products that could potentially be used in weapons? Does this business involve event management, or venues that attract large numbers of people (e.g. sporting venues, airports, shopping centres)? Does this organisation have an overseas presence that is easily identified as Australian? Is any part of this organisation located close to a potential high-risk target? PAGE 25

36 WORKBOOK PHASE 2 The term community consequences describes the impact of an incident on community health, safety and welfare. Such impacts may include the community s ability to access basic services (such as potable water) and may extend to non-essential services (such as recreation areas). Local government responsibilities Local government responsibilities vary depending on the jurisdiction. They may include: activating the emergency/disaster response arrangements deploying and coordinating emergency/disaster response capability implementing public information plans organising and licensing mass gatherings maintaining a register of hazardous sites/routes gathering and disseminating information/intelligence on the incident assisting with evacuating and/or relocating the population managing emergency human services managing and/or contributing to community recovery (e.g. community engagement, financial assistance) managing and/or/contributing to infrastructure recovery (e.g. restoration of water and sanitation, clearing roads) managing and/or/contributing to economic recovery (e.g. tourism, land management) Local government preparedness You need to consider your council s preparedness to deal with the security incident, in the context of both community consequences and local government responsibilities. Table 10 shows some categories of preparedness and what they mean for councils. You may use these categories or develop a set of categories specifically for your local government area. Table 10 Categories of preparedness Category Meaning Comment Well prepared Existing plans would cater for the Note minor amendments or that community consequences of this no further action is required type of incident with little or no modification Partially prepared Existing plans cater for some Identify additional measures aspects of the community Determine which ones can be consequences but some integrated with existing additional measures need emergency/disaster management to be implemented arrangements and which cannot Unprepared Existing plans are unsuitable Arrangements must be developed for this type of incident Possible incidents The possible incident types relevant to your local government area could include: hoax violent demonstration sabotage or wilful disruption cyber attack arson kidnap siege or hostage incident assassination or shooting bombing or conventional explosives chemical attack radiological attack biological attack. PAGE 26

37 WORKBOOK LOCAL GOVERNMENT PHASE 2 > STEP 7 Examine community consequences and local government responsibilities In this step you will build from the security risk profile you established in Step 6, by identifying plausible incidents affecting the possible targets, their community consequences, and associated local government responsibilities. To do this, you will first use the risk analysis framework detailed in Step 3. You will estimate the likelihood and consequences of possible incidents, and their resultant risk rating. Using the combined experience of key stakeholders, work through the Activities to complete a table similar to the example in Table 11. There is a blank copy of the relevant form in the worksheets at the end of the Workbook. Activities Referring to the list of possible incidents on the opposite page, list the possible forms of terrorist attack for each potential target you have documented in Step 6. For each possible security incident: estimate the likelihood of a successful terrorist attack estimate the likely community consequences determine the resultant risk rating for the incident using the process you used to analyse emergency/disaster risk in Step 3. TABLE 11 Analysing possible security incidents Green Hills Shire Possible Possible Likelihood Community Resultant Comments target incidents consequences risk rating Port Mary Terrorist Rare Moderate Low Wharf of limited seizure of wharf Sabotage Possible Moderate High wharf facilities Sink a ship Unlikely Moderate Medium Green Hills Sabotage pumps Possible Moderate High Reservoir and Contaminate Pump Station water supply Unlikely Major Medium JJ King Detonate an Unlikely Major Medium Stadium explosive device Release a Unlikely Moderate Medium contaminant or disease agent Fastnet Arson/explosive Unlikely Moderate Medium Fertiliser device Plant long-term strategic value to terrorists Theft of stockpiled Possible Minor Medium materials Contaminate Rare Moderate Low Impact readily raw materials countered NOTE: for ease of illustration, only four of the eight possible targets listed in Table 9 are used in Tables 11 and 12. PAGE 27

38 WORKBOOK PHASE 2 Prioritising risks It is unlikely that your council will be able to treat or manage all security risks which might occur in your local government area. Therefore, you will need to establish some thresholds below which you will not plan to treat particular risks. For example, you could decide: to only treat risks associated with possible incidents you consider plausible i.e. those with a likelihood rating above a pre-specified level (e.g. possible) to only treat risks which could produce community consequences you rate above a certain level (e.g. moderate) to only treat risks for which the resultant risk rating exceeds a certain level (e.g. medium) PAGE 28

39 WORKBOOK LOCAL GOVERNMENT PHASE 2 The first type of threshold has been used in the Green Hills Shire (GHS) example in Table 12. Only incidents with a likelihood of possible, likely or almost certain have been considered plausible and will be considered further in the development of the Shire s Action Plan. Once you have decided which risks you will address in the Action Plan for your local government area, you can proceed with more detailed planning, as follows. Using the information you identified on the legislative context and existing emergency/disaster and security management arrangements in Steps 2 and 4 respectively, you will identify your council s specific responsibilities and assess its level of preparedness to deal with the consequences of the plausible incidents. Work through the activities below to complete a table similar to the example in Table 12. There is a blank copy of the relevant form in the worksheets at the end of the Workbook. TABLE 12 Community consequences and local government responsibilities Green Hills Shire (GHS) Possible target Plausible Community Specific local How well prepared of terrorist incidents* consequences* government is local government attack responsibilities to deal with responsibilities? (see opposite) Critical infrastructure Port Mary Sabotage wharf Moderate Maintenance of Unprepared facilities wharf in good working order Sink a ship Moderate Maintenance of Unprepared wharf in good working order Green Hills Sabotage pumps Moderate Maintenance of Partially Reservoir and reservoir and pump prepared Pump Station station in good working order Contaminate Major No direct GHS Unprepared water supply responsibility for water quality Mass gathering locations JJ King Detonate an Major No direct GHS Unprepared Stadium explosive device responsibility for the stadium Release a Moderate No direct GHS Unprepared contaminant or responsibility for disease agent the stadium Hazardous sites/routes Fastnet Arson/explosive Moderate No direct GHS Unprepared Fertiliser Plant device responsibility for the plant Theft of Minor No direct GHS Unprepared stockpiled responsibility for materials the plant * From Table 11. PAGE 29

40 WORKBOOK PHASE 2 You need to consider each possible risk treatment option using three measures. These are: the national counter-terrorism alert levels the evaluation criteria for security risk treatment options identified in Step 5 the existing emergency/disaster and security management arrangements. The first aspect is considered twice, in Steps 7 and 10. The second and third assessments occur in Steps 8 and 9 respectively. National counter-terrorism alert levels Australia has four levels of national counter-terrorism alert. They are: low terrorist attack is not expected medium terrorist attack could occur high terrorist attack is likely extreme terrorist attack is imminent or has occurred. Further information is available from the Australian National Security web site at PAGE 30

41 WORKBOOK LOCAL GOVERNMENT PHASE 2 Activities For each plausible incident: document the responsibilities of your council rate your council s preparedness to manage its responsibilities, using the categories in Table 10 or a similar set of categories you have developed for your local government area. This should be done even if your council does not own or operate the possible target, because there may still be community consequences of an incident which your council will need to address. Note the gaps in your local council s capability. In addition, using the national counter-terrorism alert levels, note: the base counter-terrorism alert level you adopted when you analysed the possible security incidents how the likelihood, consequences and resultant risk rating may alter for each incident, if the national counter-terrorism alert level or local circumstances changed. PAGE 31

42 WORKBOOK PHASE 2 NOTE that you can evaluate risk treatment options against multiple criteria, including cost, practicality, impact on security profile, etc. However, the end result should be a single overall rating. You will need to decide how you will weight the results from each of the evaluation criteria you use, so that you can develop this single rating. For example, you may decide to weight all criteria equally. Alternatively, you may decide that for some criteria there are ratings boundaries outside which you will not accept a risk treatment option (e.g. if the cost is more than $ per annum, or the practicality is rated as low) and that any risk treatment options which fall outside those boundaries will be rated as do not implement. Your sound knowledge of your local government area, and the knowledge and experience of key stakeholders, will enable you to establish an effective method to evaluate the risk treatment options for your local government area. PAGE 32

43 WORKBOOK LOCAL GOVERNMENT PHASE 2 > STEP 8 Evaluate risk treatment options In this step you will identify and examine possible risk treatment options to lessen your local government area s exposure to security threats (likelihood) and to reduce the severity of the potential impact on your community (consequences). To do this, you will build from the information on possible security targets and plausible incidents, and the potential community consequences of such incidents, that you identified in Steps 6 and 7. You will then evaluate these risk treatment options, using the criteria you established in Step 5. The output from this step will be a set of high priority options that will form the security risk treatment strategies you can implement within your local government area. Using the combined experience of key stakeholders, examine the possible risk treatment options for your local government area, for each possible target and plausible incident identified in Step 7. Work through the questions/activities to complete a table similar to the example in Table 13. There are blank copies of the relevant form in the worksheets at the end of the Workbook. Include all possible risk treatment options in your analysis even those that you think may be covered under existing emergency/disaster or security management arrangements, or those which may not be considered high priority at this stage. This is because: you will need to check that those strategies continue to be implemented in the future, under those other emergency/disaster or security management arrangements the evaluation of those options may change with time, if circumstances alter. The risk treatment options listed will include some to reduce the likelihood and some to reduce the community consequences of an incident. The high priority risk treatment options (the must implement and should implement options) will be identified using the evaluation criteria that were established in Step 5 and doing an analysis like that in Table 13, to develop an overall rating for each risk treatment option. PAGE 33

45 WORKBOOK LOCAL GOVERNMENT PHASE 2 TABLE 13 Evaluating risk treatment options Green Hills Shire Possible Plausible Risk Criteria Rating Comments target incident treatment option Port Mary Sabotage Search all vehicles Cost Year 1: $ Will require construction of wharf entering wharf area Years 2+: $ checkpoint and purchase of facilities per year equipment Practicality High Access control simple Overall rating: Cost acceptable, practicality high should implement Cease all bulk fertiliser Cost High Detailed cost-benefit analysis unloading at the wharf needed for accurate estimation Practicality Low Would require all Fastnet fertiliser to leave the local government area and district by road or rail Would increase costs Overall rating: Detailed cost-benefit analysis could implement needed prior to decision Establish secondary Cost Year 1: $10m Cost exceeds Council resources wharf facilities Years 2 +: $ No funds available from at Port William per year other sources Practicality Low Area not under Council control Overall rating: do not implement Sink a ship Establish 0.5 nautical Cost Year 1: $ Would require installation of marker mile exclusion zone Years 2+: $ buoys and stringent enforcement around wharf, for all per year vessels bar those in transit to or from Practicality Medium Access control simple, but strongly the wharf adverse reaction expected from recreational fishers Overall rating: Would require community could implement acceptance prior to implementation Search all vessels Cost Years 1+: $ Approximately 70 incoming vessels entering the wharf per year per year; search cost per vessel area estimated at $3 000 Practicality Low Would cause significant unloading delays and increased costs Vessels would divert to Port Jones outside the local government area, with a resultant loss of income to Council and to local businesses Overall rating: do High ongoing costs, low practicality not implement Dredge an additional Cost Year 1: $ Sunken ship may not block the channel from Fitzgerald Years 2+: $ channel Bay to the wharf Practicality Medium Likely resistance from conservation and commercial fishing interests Overall rating: do not implement NOTE: for ease of illustration (i) only one of the four possible targets listed in Table 11 (ii) one of the two plausible incidents listed in Table 12 and (iii) two of the five evaluation criteria listed in Table 8 are used in Table 13. PAGE 35

47 WORKBOOK LOCAL GOVERNMENT PHASE 2 You can then summarise the evaluation of the risk treatment options in a table similar to Table 14, for all targets, incidents and risk treatment options you have considered. TABLE 14 Summarising risk treatment options Green Hills Shire Possible Plausible Risk treatment Recommended action target incidents options must should could do not implement the risk treatment option Port Mary Sabotage wharf Search all vehicles should facilities entering wharf area Cease all bulk fertiliser could unloading at the wharf Establish secondary wharf do not facilities at Port William Sink a ship Establish 0.5 nautical mile could exclusion zone around wharf, for all vessels bar those in transit to or from the wharf Search all vessels entering do not the wharf area Dredge an additional channel do not from Fitzgerald Bay to the wharf NOTE: for ease of illustration, only one of the four possible targets listed in Table 11 is used in Table 14. Questions/activities For each possible target and plausible incident identified in Steps 6 and 7, answer the following questions: Specifically, what would you do if you received firm intelligence that this target was going to be attacked in the near future? In six months? In two years? Specifically, what could be done to reduce the likelihood of each type of incident for each potential target? (These are some of the risk treatment options.) What could be done now to lessen the community consequences of an attack? (These are some of the risk treatment options.) Evaluate each risk treatment option above against the evaluation criteria you identified in Step 5. Note that if you do not identify sufficient high priority risk treatment options to address the plausible incidents for each target, you will need to continue your analysis to identify additional risk treatment options, until you identify a set of high priority options or strategies which you consider will reduce the security risk to an acceptable level. For all possible security targets in your local government area, consider the following questions: What could be done to raise the general standard of security across all the targets? Regardless of the target, what could be done (using local resources) to reduce the likely impact of each type of plausible incident? (Consider each form of terrorist attack.) What have you identified as the obvious gaps in your council s capability to manage each type of incident? Are there any untapped resources or sources of expertise in your local government area that could contribute to risk reduction strategies? What else could be done to enhance community resilience in a heightened threat environment? PAGE 37

49 WORKBOOK LOCAL GOVERNMENT PHASE 3 > PHASE 3 Plan for action This phase uses the information prepared in the previous phases to develop a Security Risk Management Action Plan. The Action Plan will close gaps in security risk management arrangements by identifying high priority strategies, and will include monitoring and reviewing progress in security risk management in your local government area. The steps and resultant outputs are shown in Figure 5. FIGURE 5 Phase 3 Plan for action PHASE 3 Plan for action STEP OUTPUT > Step 9 Develop the high priority risk > Table of overlaps and gaps treatment options > Step 10 Develop a Security Risk > Action Plan Management Action Plan > Step 11 Monitor and review Action Plan > Action Plan PAGE 39

51 WORKBOOK LOCAL GOVERNMENT PHASE 3 > STEP 9 Develop the high priority risk treatment options In this step, you will further analyse the high priority risk treatment options you identified in Step 8, by considering those risk treatment options in the context of the existing emergency/disaster and security management arrangements you documented in Step 4. Note that your analysis in Step 4 was at an overview level. In this step, you will work at a more detailed level. You will need to consider each of the high priority risk treatment options separately and identify, from the information you developed in Step 4, the relevant areas for: inter-agency collaboration linkage with existing arrangements development of additional arrangements. You can then ensure that any gaps are addressed and that there is no duplication or conflict. Working with key stakeholders, and using the activities below, prepare a table similar to the example in Table 15 below, for your local government area. TABLE 15 Developing the high priority risk treatment options Green Hills Shire High priority risk Responsibility Inter-agency Linkages with Comments treatment option collaboration existing arrangements* Search all vehicles Director (Engineering Green Hills police Need to develop arrangements entering wharf area Services) Australian Federal Police with local police Search all vessels Director (Maritime Green Hills police Local Immigration and entering wharf Services) Australian Federal Police Customs clearance area procedures * Either emergency/disaster or security management arrangements. Note, as mentioned in Step 4, that security management arrangements may be incorporated into emergency/disaster management arrangements in some jurisdictions. NOTE: for ease of illustration, this table includes only one risk treatment option per incident from those in Tables 13 and 14. Activities For each high priority risk treatment option you listed in Step 8: identify who has principal responsibility for ensuring the risk treatment option is implemented identify the key areas for inter-agency collaboration, to ensure effective implementation of the option identify the key linkages to existing emergency/disaster and security management arrangements identify areas where additional arrangements may be required, to ensure effective implementation of the option note any options which may be difficult to implement perhaps due to potential inter-agency miscommunication, or conflicts with existing arrangements check to ensure that there are no areas of duplication or conflict between the existing emergency/disaster and security management arrangements, and the high priority risk treatment options. PAGE 41

53 WORKBOOK LOCAL GOVERNMENT PHASE 3 > STEP 10 Develop a Security Risk Management Action Plan In this step, you will develop a Security Risk Management Action Plan for your local government area. The Action Plan will enable you to implement the high priority risk management options you identified in Step 8 which are not covered under existing arrangements. In addition, you will need to plan how you will gain approval for the Action Plan, to ensure executive and council support for the work. You will also need to consider the issue of security of and access to the Action Plan itself, in consultation with relevant agencies. You will use the information you developed in Step 9 and your knowledge of your local government area to plan implementation of each of the high priority risk treatment options which are not addressed under existing arrangements. These options become the key strategies you will adopt to manage security risk. These high priority strategies will include (at a minimum) the must implement and should implement risk treatment options or strategies you identified in Step 8 which are not already addressed. They will enable you to take the most appropriate action to: integrate new arrangements for security risk management with the existing arrangements for emergency/disaster and security management, where possible amend existing arrangements as appropriate (e.g. communications) develop additional arrangements necessary for security risk management, as necessary (i.e. address any gaps). There will be several key tasks needed to implement each of these strategies, and you will need to plan each task. Using the combined experience of key stakeholders, prepare a Security Risk Management Action Plan for your local government area. Work through the activities below to complete a table similar to the example in Table 16. There is a blank copy of the relevant form in the worksheets at the end of the Workbook. PAGE 43

55 WORKBOOK LOCAL GOVERNMENT PHASE 3 TABLE 16 Security Risk Management Action Plan - Green Hills Shire - searching all vehicles entering Port Mary Strategy Key tasks Responsibility Timing Resources Comments* Duration Cost Search all Identify materials Director (Engineering By 30 June 2007 Staff time In collaboration with vehicles to be barred from Services) 2 days $2 000 relevant Australian entering wharf area Government and state wharf area or territory agencies Delineate wharf Director (Engineering By 31 July 2007 Staff time, Fence wharf area area Services) 10 days contractor time, boundary materials Do by contract $ Close all but one Director (Engineering By 31 August 2007 Staff time, Block all access vehicle access Services) 10 days contractor time, routes except Marine point materials Parade $5 000 Do by contract Limit opening Director (Engineering By 31 August 2007 No additional hours Services) and Immediate resources or Director (Corporate costs Services) Install necessary Director (Engineering By 31 August 2007 Staff time, Do by contract facilities and Services) 15 days contractor time, obtain equipment materials $ Train staff in use By 14 September Staff time, Do by contract of equipment 2007 contractor time 3 days $ Develop and Media Liaison 1 June to No additional Regular media implement Officer 31 December 2007 costs releases publicity strategy 5 days Public meetings as necessary Regularly test CEO Quarterly in Year 1, No additional Test by deliberate effectiveness of reducing to costs attempts to introduce the search annually thereafter contraband materials methods unless deficiencies into wharf area are identified In collaboration with relevant Australian Government and state or territory agencies * Will include key information documented in Table 15 re collaboration and linkages. NOTE: for ease of illustration, this table documents only one risk treatment option from those in Table 15 and shows some key tasks required for one of the should implement risk treatment options or strategies identified in Table 14 the introduction of searching for all vehicles entering the Port Mary wharf area. Activities Review the must implement and should implement risk treatment options or strategies identified in Step 8. List the tasks that have to be completed for effective implementation of each strategy. For each task, specify: who is responsible for action the timing and duration of the task the anticipated resources required, and the cost any additional information necessary to ensure effective implementation of the task. Note the national counter-terrorism alert level you adopted when you analysed possible security incidents in Step 7. PAGE 45

57 WORKBOOK LOCAL GOVERNMENT PHASE 3 > STEP 11 Monitor and review the Action Plan In this step you will develop: a strategy to ensure that the Security Risk Management Action Plan is being implemented effectively a strategy to ensure that the security situation is monitored, and that your council s Security Risk Management Action Plan is reviewed regularly and updated as necessary so that the current Action Plan matches the current circumstances. The first strategy will address how you intend to monitor implementation of the Action Plan, and will identify who is responsible for, and engaged in, specific monitoring tasks. You can incorporate this strategy into the Security Risk Management Action Plan you developed in Step 10, or you can keep it as a separate document. Using the combined experience of key stakeholders, work through the questions below to complete a table similar to the example in Table 17. There is a blank copy of the relevant form in the worksheets at the end of the Workbook. TABLE 17 Monitoring and reviewing implementation of the Security Risk Management Action Plan - Green Hills Shire Strategy Key tasks Responsibility Timing Resources Comments Duration Cost Review Identify review CEO Years 1+: annual Staff time In collaboration with relevant implementation panel 0.2 day Cost minimal Australian Government and of the Action Plan state or territory agencies Conduct review Director Quarterly in Year 1, Staff time In collaboration with relevant and document (Engineering reducing to annually $ Australian Government and results Services) thereafter unless state or territory agencies deficiencies are Key Council staff: the Director identified (Engineering Services) and the 4 days Director (Corporate Services) Modify Action Director As above Staff time Seek endorsement of Plan as (Engineering 1 day $1 000 updated Action Plan by necessary Services) relevant external agencies Questions What are the key tasks needed to ensure that the review is conducted effectively? Who is responsible for each task and, in particular, for: selecting the review panel? conducting and documenting the review? updating the Action Plan? Who should be involved in the implementation review? How often should reviews be conducted? How long will each review take? How much will each review cost? Should an external group review the updated Action Plan? PAGE 47

59 WORKBOOK LOCAL GOVERNMENT PHASE 3 The second strategy will ensure that you monitor the security situation, and that the Security Risk Management Action Plan is updated regularly to ensure it remains current. As for the first strategy noted above, you can incorporate this strategy into the Security Risk Management Action Plan you developed in Step 10, or you can keep it as a separate document. Using the combined experience of key stakeholders, work through the questions/activities below to complete a table similar to the example in Table 18. There is a blank copy of the relevant form in the worksheets at the end of the Workbook. TABLE 18 Monitoring and reviewing the currency of the Security Risk Management Action Plan - Green Hills Shire Strategy Key tasks Responsibility Timing Resources Comments Duration Cost Review Monitor the security CEO Ongoing Staff time Probable quarterly briefings currency situation in the $2 000 per with key agencies of the Action Shire, state or year Plan territory, and nation Review Steps 1-4 CEO Annual; additional Staff time Key Council staff: the Director (of the Action Plan reviews to be $7 000 (Engineering Services) and the process specified in conducted if the Director (Corporate Services) this Workbook) security situation Review currency of background alters material prepared for the 2 days Action Plan and update as necessary Review Steps 5-10 CEO As above Staff time Key Council staff: Director (of the Action Plan 2 days $7 000 (Engineering Services) and process specified in Director (Corporate Services) this Workbook) Do in a 2 day workshop NOTE: all tasks to be conducted in collaboration with relevant Australian Government and state or territory agencies. Questions/activities Specify how the security situation will be monitored: who is responsible? how will they monitor the situation? who should be involved in the monitoring? how often should monitoring be conducted? how long will monitoring take? how much will monitoring cost? Identify the level of change in the national counter-terrorism alert level situation that would trigger : a full review of the Action Plan a partial review of the Action Plan. Based on the latest security information, now review the Action Plan by working through the following questions/activities. Are you satisfied that you have engaged all key stakeholders? If not, engage relevant additional stakeholders. PAGE 49

61 WORKBOOK LOCAL GOVERNMENT PHASE 3 Work in collaboration with all key stakeholders to review the current Action Plan. Is the background information prepared in Steps 1 4 in the current Action Plan still accurate? Update it as necessary, using the approaches documented for Steps 1 4 in this Workbook. Review the material prepared in Steps 5 9 of the action planning process, with particular regard to the following questions: have the evaluation criteria for security risk treatment options changed? has the security risk profile altered? have the potential community consequences of a security incident changed? have the responsibilities or state of preparedness of your council changed? are there different security risk treatment options available now? does your evaluation of the security risk treatment options produce different results now? have the needs and possibilities for inter-agency collaboration changed? have the existing emergency/disaster management arrangements changed? Prepare an updated Security Risk Management Action Plan, using the approach documented in Step 10 in this Workbook. State how implementation of the updated Security Risk Management Action Plan will be monitored, reviewed and approved. Testing your Action Plan Ideally, your Action Plan should be operationally tested at least annually. The testing should be designed to reveal: any deficiencies in the operational arrangements documented in the Action Plan (i.e. any gaps) any confusion in the operational arrangements (i.e. conflicts or duplications, or lack of clarity regarding roles or tasks). If you are unable to arrange operational testing, you may consider testing the Plan in a desktop exercise. After completion of the exercise, you should review the Action Plan and make any necessary changes, in collaboration with key stakeholders. Information on the operational testing of plans for emergency/disaster management will provide some guidance for testing your Action Plan. Managing Exercises (Commonwealth of Australia 2001) will be of assistance as you plan your exercise. You should note that there are risks and costs associated with testing and you should consider the potential impacts of the testing carefully. Further, you must consult closely with all relevant state/territory and Australian Government agencies prior to conducting such testing. PAGE 51

62 WORKBOOK WORKSHEETS THIS PAGE INTENTIONALLY LEFT BLANK PAGE 52

63 WORKBOOK LOCAL GOVERNMENT WORKSHEETS > WORKSHEETS This section contains worksheets you can use to develop your Action Plan. PAGE 53

64 WORKBOOK WORKSHEETS Emergency/disaster risk profile > STEP 3 Hazard Likelihood Consequences Resultant risk rating Comments Natural disasters Man-made disasters* * Do not include security incidents at this stage. These will be covered later. PAGE 54

65 WORKBOOK LOCAL GOVERNMENT WORKSHEETS Comparing emergency/disaster and security management arrangements > STEP 4 Type of arrangement Areas of overlap Aspects unique to emergency/ Aspects unique to security disaster management management Organisational structures Plans, policies, procedures Response capability Other arrangements PAGE 55

66 WORKBOOK WORKSHEETS Evaluation criteria for security risk treatment options > STEP 5 Criterion Rating scale type Rating measures Rating categories Comments PAGE 56

67 WORKBOOK LOCAL GOVERNMENT WORKSHEETS Security risk profile > STEP 6 Possible target of Owner and/or Security arrangements Comments terrorist attack operator (plans, policies, procedures, etc.) Critical infrastructure Mass gathering locations Events Hazardous sites/routes PAGE 57

68 WORKBOOK WORKSHEETS Analysing possible security incidents > STEP 7 Possible Possible Likelihood Community Resultant risk Comments target incidents consequences rating PAGE 58

69 WORKBOOK LOCAL GOVERNMENT WORKSHEETS Community consequences and local government responsibilities > STEP 7 Possible target of Plausible Community Specific local How well prepared is terrorist attack incidents* consequences* government local government to deal responsibilities with responsibilities? Critical infrastructure Mass gathering locations Hazardous sites/routes PAGE 59

70 WORKBOOK WORKSHEETS Evaluating risk treatment options > STEP 8 Risk treatment option Criteria Rating Comments PAGE 60

71 WORKBOOK LOCAL GOVERNMENT WORKSHEETS Summarising risk treatment options > STEP 8 Possible target Plausible incidents Risk treatment options Recommended action must should could do not implement the risk treatment option PAGE 61

72 WORKBOOK WORKSHEETS Developing the high priority risk treatment options > STEP 9 High priority risk Responsibility Inter-agency Linkages with existing treatment option* collaboration arrangements * The high priority risk treatment options (the must implement and should implement options) were identified using the evaluation criteria that were established in Step 5. PAGE 62

73 WORKBOOK LOCAL GOVERNMENT WORKSHEETS Security Risk Management Action Plan > STEP 10 Strategy Key tasks Responsibility Timing Resources Comments Duration Cost PAGE 63

74 WORKBOOK WORKSHEETS Monitoring and reviewing implementation of the Security Risk Management Action Plan > STEP 11 Strategy Key tasks Responsibility Timing Resources Comments Duration Cost Review implementation of the Action Plan PAGE 64

75 WORKBOOK LOCAL GOVERNMENT WORKSHEETS Monitoring and reviewing the currency of the Security Risk Management Action Plan > STEP 11 Strategy Key tasks Responsibility Timing Resources Comments Duration Cost Review currency of the Action Plan Monitor the security situation in the shire and state or territory Review Steps 1 4 (of the Action Plan process specified in the Workbook) Review Steps 5 10 (of the Action Plan process specified in the Workbook) PAGE 65

76 TRAINING MATERIAL THIS PAGE INTENTIONALLY LEFT BLANK PAGE 66

77 TRAINING MATERIAL LOCAL GOVERNMENT > TRAINING MATERIAL This training material introduces the contents of the Local Government Security Risk Management Toolkit and explains its application in local government areas. It provides an overview of the action planning process described in the Toolkit. You could use the training material as: an introduction to a planning workshop in which you will subsequently prepare a Security Risk Management Action Plan as a stand-alone introduction to the security risk management planning process to be used at some later time to develop an Action Plan. The training material includes: recommendations for training delivery notes for facilitators a PowerPoint presentation to support the training. Training delivery This training material is designed for workshops involving council officers and key external stakeholders. It would be ideal if a facilitator familiar with the relevant legislation and publications on counter-terrorism conducted the workshop but it is not essential. Notes for facilitators Intended outcome When the workshop is completed, participants will be well placed to prepare an effective Security Risk Management Action Plan. Approach This training material will help you introduce and explain the Workbook section of the Local Government Security Risk Management Toolkit, and the action planning process. The Workbook describes a systematic, step-by-step process that broadly follows the risk management process in Australian/New Zealand Standard AS/NZS 4360:2004, Risk Management. You should keep workshop deliberations at a strategic overview level. The initial assessment is based on your knowledge and experience and that of the key stakeholders; detailed knowledge of counter-terrorism operations is not needed. PAGE 67

78 TRAINING MATERIAL Local examples When preparing for the workshop, it is important that you select relevant examples from the areas of: critical infrastructure mass gathering locations and events major hazardous sites/routes. Your selection of local examples will demonstrate the relevance and practical application of the proposed Action Plan to key stakeholders. Participants Participants are expected to include council officers and key external stakeholders including members of the emergency/disaster management teams at local government and regional levels, representatives of major industries/peak bodies in the area, owners and/or operators of major infrastructure in the area, and representatives of other levels of government and/or neighbouring authorities. Resource materials Consult the Bibliography and the information noted in each Step of the Workbook, to identify the basic resource materials you may need for this workshop. You will work with key stakeholders to develop a security risk profile and to identify security risk management arrangements they can incorporate into existing emergency/disaster management arrangements, where appropriate. PAGE 68

79 TRAINING MATERIAL LOCAL GOVERNMENT PowerPoint presentation A PowerPoint presentation, to use as a visual aid for training, is printed on the following pages. An electronic version may also be available on the Australian Local Government Association website. SLIDE 1 SLIDE 2 SLIDE 3 SLIDE 4 SLIDE 5 SLIDE 6 PAGE 69

80 LOCAL GOVERNMENT TRAINING MATERIAL SLIDE 7 SLIDE 8 SLIDE 9 SLIDE 10 SLIDE 11 SLIDE 12 PAGE 70

81 LOCAL GOVERNMENT TRAINING MATERIAL SLIDE 13 SLIDE 14 SLIDE 15 SLIDE 16 SLIDE 17 SLIDE 18 PAGE 71

82 TRAINING MATERIAL SLIDE 19 SLIDE 20 SLIDE 21 PAGE 72

83 TRAINING MATERIAL LOCAL GOVERNMENT Bibliography There is a significant and increasing amount of information relevant to the role of local government in emergency management in Australia. Some key material is identified below. Searches of relevant web sites will provide further information. Australian Government Legislation Airports Act 1996 Anti-terrorism Act 2004 (No. 2) Anti-terrorism Act 2004 (No. 3) Anti-Terrorism Act 2005 (No. 2) Australian Federal Police Act 1979 Australian Federal Police and Other Legislation Amendment Act 2004 Australian Protective Service Amendment Act 2003 Australian Security Intelligence Organisation Act 1979 Australian Security Intelligence Organisation Legislation Amendment Act 1999 Australian Security Intelligence Organisation Legislation Amendment (Terrorism) Act 2003 Aviation Transport Security Act 2004 Border Security Legislation Amendment Act 2002 Crimes (Overseas) Act 1964 Crimes Act 1914 Crimes Amendment Act 2002 Criminal Code Act 1995 Criminal Code Amendment (Anti-Hoax and Other Measures) Act 2002 Criminal Code Amendment (Espionage and Related Matters) Act 2002 Criminal Code Amendment (Offences Against Australians) Act 2002 Criminal Code Amendment (Suppression of Terrorist Bombings) Act 2002 Criminal Code Amendment (Terrorism) Act 2003 Defence Act 1903 National Security Information (Criminal and Civil Proceedings) Act 2004 National Security Information Legislation Amendment Act 2005 Security Legislation Amendment (Terrorism) Act 2002 Suppression of the Financing of Terrorism Act 2002 Surveillance Devices Act 2004 Telecommunications Act 1997 Telecommunications Interception Legislation Amendment Act 2002 PAGE 73

84 TRAINING MATERIAL Publications Key publications Commonwealth of Australia 2004, Protecting Australia Against Terrorism: Australia s National Counter-Terrorism Policy and Arrangements, Department of the Prime Minister and Cabinet, Canberra, available at Commonwealth of Australia 2005a, National Counter-Terrorism Plan, National Counter- Terrorism Committee, Canberra, available at Council of Australian Governments 2005b, Intergovernmental Agreement on Australia s Counter-Terrorism Arrangements. Information about the agreement and consequent arrangements is available at Council of Australian Governments 2005c, Intergovernmental Agreement on Surface Transport Security. Information about the agreement is available at Supporting publications Commonwealth of Australia 1998a, Australian Dangerous Goods Code (6th edition), National Road Transport Commission, Canberra: 7th edition due to be published in mid Commonwealth of Australia 1998b, Australian Emergency Manuals Series Part I, Manual 3, Australian Emergency Management Glossary, Emergency Management Australia, Canberra, available at ACEA0?OpenDocument. Commonwealth of Australia 1999, Australian Emergency Manuals Series Part III, Volume 2, Manual 2, Safe and Healthy Mass Gatherings, Emergency Management Australia, Canberra, available at ACEA0?OpenDocument. Commonwealth of Australia 2001, Australian Emergency Manuals Series Part V, Manual 2, Managing Exercises, Emergency Management Australia, Canberra, available at CC3C)~AEM_ManagingExcercises_Man42_edit pdf/$file/AEM_ManagingExcercise s_man42_edit pdf. Note that this manual was under review as at February Commonwealth of Australia 2002, Australian Emergency Manuals Series Part II, Volume 2, Manual 1, Planning Safer Communities: Land Use Planning for Natural Hazards, Emergency Management Australia, Canberra, available at ACEA0?OpenDocument. Commonwealth of Australia 2002, National Standard for the Control of Major Hazard Facilities, NOHSC 1014, National Occupational Health and Safety Commission, Canberra, available at tandardscodesofpracticeandrelatedguidancenotes.htm. PAGE 74

85 TRAINING MATERIAL LOCAL GOVERNMENT Commonwealth of Australia 2003, Preparing for the Unexpected, Emergency Management Australia, Canberra, available at F078?OpenDocument. Commonwealth of Australia 2004a, Australian Emergency Manuals Series Manual 1, Emergency Management in Australia: Concepts and Principles, Emergency Management Australia, Canberra, available at ACEA0?OpenDocument. Commonwealth of Australia 2004b, Australian Emergency Manuals Series Manual 5, Emergency Risk Management Applications Guide, Emergency Management Australia, Canberra, available at ACEA0?OpenDocument. Commonwealth of Australia 2004c, Australian Emergency Manuals Series Manual 43, Emergency Planning, Emergency Management Australia, Canberra, available at ACEA0?OpenDocument. Commonwealth of Australia 2004d, Critical Infrastructure Emergency Risk Management and Assurance Handbook (2nd edition), Emergency Management Australia, Canberra, available at Commonwealth of Australia 2004e, Land & Water Based Mass Passenger Transport Systems Risk Context Statement, Department of Transport and Regional Services, Canberra, available at Commonwealth of Australia 2004f, National Guidelines for Protecting Critical Infrastructure from Terrorism, Attorney-General s Department, Canberra. Information about the Guidelines is available at 84EAA)~National+Guidelines+Updated pdf/$file/National+Guidelines+Updated pdf. Commonwealth of Australia 2004g, Natural Disasters in Australia: Reforming mitigation, relief and recovery arrangements, Report of the Council of Australian Governments High Level Group on the Review of Natural Disaster Relief and Mitigation Arrangements, Department of Transport and Regional Services, Canberra. Commonwealth of Australia 2006, National Approach for the Protection of Places of Mass Gathering from Terrorism, Attorney-General s Department, Canberra, available at 84EAA)~Mass+Gatherings.pdf/$file/Mass+Gatherings.pdf. Commonwealth of Australia (undated), Guide for Preparing a Surface Transport Security Plan, Department of Transport and Regional Services, Canberra, available at Commonwealth of Australia (undated), Transport Security Assessment Guidance Paper, Department of Transport and Regional Services, Canberra, available at PAGE 75

86 TRAINING MATERIAL Commonwealth of Australia (various dates), Australian Journal of Emergency Management, Emergency Management Australia, Canberra. The journal is published quarterly and can be accessed at Council of Australian Governments 2003, Intergovernmental Agreement for Regulatory and Operational Reform in Road, Rail and Intermodal Transport, available at Council of Australian Governments 2005, Intergovernmental Agreement on Surface Transport Security. Information about the agreement and consequent arrangements is available at Council of Australian Governments (in progress), Review of Hazardous Materials. Information on the review is available at Standards Australia 2002, Emergency control organisation and procedures for buildings, structures, workplaces, AS 3745, Standards Australia, Sydney. Standards Australia/Standards New Zealand 2004, Australian/New Zealand Standard AS/NZS 4360:2004, Risk Management, Standards Australia, Sydney, and Standards New Zealand, Wellington. Standards Australia/Standards New Zealand 2004, HB 436:2004, Risk Management Guidelines Companion to AS/NZS 4360:2004, Standards Australia, Sydney, and Standards New Zealand, Wellington. Standards Australia/Standards New Zealand 2006, HB 167:2006, Security Risk Management, Standards Australia, Sydney, and Standards New Zealand, Wellington. Trusted Information Sharing Network for Critical Infrastructure Protection, Critical Infrastructure Protection National Strategy, available at 84EAA)~National+CIP+Strategy+2.1+final.PDF/$file/National+CIP+Strategy+2.1+final.PDF. Web sites Australian Federal Police: Australian Government National Security site: Australian National Audit Office: Australian Security Intelligence Organisation: Australian Transport Safety Bureau: Department of Transport and Regional Security Natural Disasters: Department of Transport and Regional Security Surface Transport Security: Emergency Management Australia: Engineers Australia on Critical Infrastructure: Trusted Information Sharing Network (TISN) for Critical Infrastructure Protection: PAGE 76

87 TRAINING MATERIAL LOCAL GOVERNMENT New South Wales Principal jurisdictional material The principal jurisdictional legislation that sets out the roles and responsibilities of a local authority in a natural disaster situation: State Emergency and Rescue Management Act 1989, Part 2, Division 3 Emergency Management at Local Level. The principal sources of jurisdictional policy that provide guidance for a local authority which owns/operates critical infrastructure: General information about the roles and responsibilities of state and territory governments with regard to critical infrastructure protection is available at No specific New South Wales information was identified at the time of writing. The principal jurisdictional material that defines responsibilities for storage and handling of hazardous materials: Explosives Act 2003 Explosives Regulation 2005, Part 3 Classification of Explosives, Part 5 Specific Control Measures Occupational Health and Safety Regulation 2001, Chapter 6 Hazardous Substances Radiation Control Act 1990, Part 2 Regulatory Controls Road and Rail Transport (Dangerous Goods) Act 1997 WorkCover NSW 2005, Secure and Safe Handling of Explosives and Security Sensitive Dangerous Substances Guide, 2005, available at The principal source of jurisdictional policy that defines responsibilities for mass gatherings: No specific New South Wales policy was identified at the time of writing. The principal jurisdictional legislation specifically relating to security and counterterrorism: Terrorism (Commonwealth Powers) Act 2002 Terrorism (Police Powers) Act 2002 Security Industry Act 1997 Legislation Essential Services Act 1988 Fire Brigades Act 1989 Firearms Act 1996 Local Government Act 1993 Occupational Health and Safety Act 2000 Police Act 1990 PAGE 77

88 TRAINING MATERIAL Rural Fires Act 1992 State Emergency and Rescue Management Act 1989 State Emergency Service Act 1989 Telecommunications (Interception and Access) (New South Wales) Act 1987 Other New South Wales Government, as amended 2003, State Disaster Plan (DISPLAN), State Emergency Management Committee, Sydney, available at Web sites NSW Department of Community Services: NSW Department of Health: NSW Fire Brigades: NSW Police: NSW Rural Fire Service: Office for Emergency Services: State Emergency Service: WorkCover New South Wales: PAGE 78

89 TRAINING MATERIAL LOCAL GOVERNMENT Northern Territory Principal jurisdictional material The principal jurisdictional legislation that sets out the roles and responsibilities of a local authority in a natural disaster situation: Disasters Act, Part VI Regional, &c., Organization The principal sources of jurisdictional policy that provide guidance for a local authority which owns/operates critical infrastructure: General information regarding the roles and responsibilities of state and territory governments with regard to critical infrastructure protection is available at No specific Northern Territory information was identified at the time of writing. The principal jurisdictional material that defines responsibilities for storage and handling of hazardous materials: Dangerous Goods Act and Regulations Dangerous Goods (Road and Rail Transport) Act and Regulations Radioactive Ores and Concentrates (Packaging and Transport) Act and Regulations The principal source of jurisdictional policy that defines responsibilities for mass gatherings: No specific Northern Territory policy was identified at the time of writing. The principal jurisdictional legislation specifically relating to security and counterterrorism: Terrorism (Emergency Powers) Act Legislation Disasters Act Fire and Emergency Act and Regulations Web sites Northern Territory Emergency Service: Northern Territory Police, Fire and Emergency Services: Counter Terrorism Security Coordination Unit: PAGE 79

90 TRAINING MATERIAL Queensland Principal jurisdictional material The principal jurisdictional legislation that sets out the roles and responsibilities of a local authority in a natural disaster situation: Disaster Management Act 2003, Part 2, Division 3; Part 3, Division 3; Part 5 The principal sources of jurisdictional policy that provide guidance for a local authority which owns/operates critical infrastructure: General information about the roles and responsibilities of state and territory governments with regard to critical infrastructure protection is available at State of Queensland 2003, Securing Queensland s Critical Infrastructure: Guidelines for owners/operators, Department of the Premier and Cabinet, Brisbane, available at The principal jurisdictional material that defines responsibilities for storage and handling of hazardous materials: Dangerous Goods Safety Management Act 2001 and Regulations Explosives Act 1999 State of Queensland 2003, Security Planning and Counter Terrorism Coordination in Queensland: Considerations for owners and operators in the Hazardous Materials Industry, Department of the Premier and Cabinet and Queensland Police Service, Brisbane, available at The principal source of jurisdictional policy that defines responsibilities for mass gatherings: State of Queensland 2003, Security Planning and Counter Terrorism Coordination in Queensland: Considerations for owners and operators of Mass Gatherings Infrastructure, Department of the Premier and Cabinet and Queensland Police Service, Brisbane, available at The principal jurisdictional legislation specifically relating to security and counterterrorism: Terrorism (Commonwealth Powers) Act 2002 Legislation Environmental Protection Act 1994 Fire and Rescue Service Act 1990 Integrated Planning Act 1997 Local Government Act 1993 PAGE 80

91 TRAINING MATERIAL LOCAL GOVERNMENT Local Government (Community Government Areas) Act 2004 Public Safety Preservation Act 1986 Workplace Health and Safety Act 1995 Other Local Government Association of Queensland and the Department of Emergency Services 2005, Queensland Disaster Management Alliance Memorandum of Agreement, details are available at State of Queensland 2001, State Counter Disaster Plan, State Counter Disaster Organisation, Brisbane, available at State of Queensland 2003, Counter-terrorism Risk Framework for Queensland Government Departments, Department of the Premier and Cabinet and Queensland Police Service, Brisbane. State of Queensland 2005, Queensland Government Counter-Terrorism Strategy , Department of the Premier and Cabinet, Brisbane, available at State of Queensland (undated), Queensland Infrastructure Protection and Resilience Framework, Department of the Premier and Cabinet, Brisbane, information available at on_and_resilience_framework. Various authors, District Disaster Management Plans, general information available at Various authors, Local Disaster Management Plans, general information available at Web sites Queensland Department of Emergency Services: Queensland Department of Emergency Services: Chemical Hazards and Emergency Management Services Branch: Queensland Department of Premier and Cabinet Security Information: Queensland Disaster Management Services site: Queensland Government Risk Management site: Queensland Police Service: Queensland Transport: Queensland Transport Transport Security: PAGE 81

92 TRAINING MATERIAL South Australia Principal jurisdictional material The principal jurisdictional legislation that sets out the roles and responsibilities of a local authority in a natural disaster situation: Local Government Act 1999, Section 7 and Section 8(d) The principal sources of jurisdictional policy that provide guidance for a local authority which owns/operates critical infrastructure: General information about the roles and responsibilities of state and territory governments with regard to critical infrastructure protection is available at No specific South Australian information was identified at the time of writing. The principal jurisdictional material that defines responsibilities for storage and handling of hazardous materials: Explosives (Security Sensitive Ammonium Nitrate) Proclamation 2006 Explosives (Security Sensitive Substances) Regulations 2006 The principal source of jurisdictional policy which defines responsibilities for mass gatherings No specific South Australian policy was identified at the time of writing. The principal jurisdictional legislation specifically relating to security and counterterrorism: Terrorism (Commonwealth Powers) Act 2002 Legislation Emergency Management Act 2004 Explosives (Security Sensitive Substances) Regulations 2006 Fire and Emergency Services Act 2005 Local Government Act 1999 Other State Emergency Management Plan (no date), information on the Plan is available at State of South Australia and Local Government Association of South Australia 2004, Safe SA Communities Guide: How to minimise the impact of emergencies on South Australian Communities, available at Web sites South Australia Police: Security and Emergency Management in South Australia: PAGE 82

93 TRAINING MATERIAL LOCAL GOVERNMENT Tasmania Principal jurisdictional material The principal jurisdictional legislation that sets out the roles and responsibilities of a local authority in a natural disaster situation: Emergency Management Act 2006 The principal sources of jurisdictional policy that provide guidance for a local authority which owns/operates critical infrastructure: General information about the roles and responsibilities of state and territory governments with regard to critical infrastructure protection is available at No specific Tasmanian information was identified at the time of writing. The principal jurisdictional material that defines responsibilities for storage and handling of hazardous materials: Dangerous Goods Act 1998 Security-sensitive Dangerous Substances Regulations 2005, Regulation 4 The principal source of jurisdictional policy that defines and sets out responsibilities for mass gatherings: No specific Tasmanian policy was identified at the time of writing. The principal jurisdictional legislation specifically relating to security and counterterrorism: Security-sensitive Dangerous Substances Act 2005 Terrorism (Commonwealth Powers) Act 2002 Terrorism (Preventative Detention) Act 2005 Legislation Building Act 2000 Dangerous Goods Act 1998 Environmental Management and Pollution Control Act 1994 Financial Management and Audit Act 1990 Fire Service Act 1979 Food Act 2003 General Fire Regulations 2000 Land Use Planning and Approvals Act 1993 Local Government Act 1993 Petroleum Products Emergency Act 1994 Police Powers (Public Safety) Act 2005 Public Health Act 1997 Vehicle and Traffic Act 1999 Workplace Health and Safety Act 1995 PAGE 83

94 TRAINING MATERIAL Other District Disaster Management Plans, various authors. Local Disaster Management Plans, various authors. Local Government and Agency Business Continuity Plans, various authors. State of Tasmania 2003, Risk Management Process: Draft Guidance Manual for Infrastructure Operators, Tasmanian Counter Terror Review Team, Hobart, available at State of Tasmania 2005, Tasmania Emergency Management Plan, Issue 5, State Emergency Service, Hobart, available at Web sites Department of Health and Human Services, Emergency Management Branch: State Emergency Service Tasmania: State Security Unit: Tasmania Fire Service: Tasmania Police: PAGE 84

95 TRAINING MATERIAL LOCAL GOVERNMENT Victoria Principal jurisdictional material The principal jurisdictional legislation that sets out the roles and responsibilities of a local authority in a natural disaster situation: Emergency Management Act 1986, Part 4 Responsibilities of Local Councils The principal sources of jurisdictional policy that provide guidance for a local authority which owns/operates critical infrastructure: General information regarding the roles and responsibilities of state and territory governments with regard to critical infrastructure protection is available at No specific Victorian information was identified at the time of writing. The principal jurisdictional material that defines responsibilities for storage and handling of hazardous materials: Dangerous Goods Act 1985 Dangerous Goods (Storage and Handling) Regulations 2000 State of Victoria 2000, Code of Practice for the Storage and Handling of Dangerous Goods, WorkSafe Victoria, Melbourne, available at Forms+and+Publications. The principal source of jurisdictional policy that defines responsibilities for mass gatherings: No specific Victorian policy was identified at the time of writing. The principal jurisdictional legislation specifically relating to security and counterterrorism: Terrorism (Commonwealth Powers) Act 2003 Terrorism (Community Protection) Act 2003 Legislation Country Fire Authority Act 1958 Emergency Services Telecommunications Authority Act 2004 Health Act 1958 Metropolitan Fire Brigades Act 1958 Victoria State Emergency Service Act 2005 Water Act 1989 PAGE 85

96 TRAINING MATERIAL Other State of Victoria , Emergency Management Manual Victoria, Office of the Emergency Services Commissioner, Melbourne, available at (See in particular Part 6: Guidelines for Municipal Emergency Management Planning.) State of Victoria 2003, Performance audit report: Fire prevention and preparedness, Auditor General of Victoria, Melbourne, available at State of Victoria 2003, Report of the Inquiry into the Victorian Bushfires, Department of Premier and Cabinet, Melbourne, available at Web sites Country Fire Authority: Department of Human Services, Emergency Management Branch: Metropolitan Fire and Emergency Services Board: Office of the Emergency Services Commissioner: Victoria Police: Victoria State Emergency Service: PAGE 86

97 TRAINING MATERIAL LOCAL GOVERNMENT Western Australia Principal jurisdictional material The principal jurisdictional legislation that sets out the roles and responsibilities of a local authority in a natural disaster situation: Emergency Management Act 2005, Part 3 Local Arrangements The principal sources of jurisdictional policy that provide guidance for a local authority which owns/operates critical infrastructure: General information regarding the roles and responsibilities of state and territory governments with regard to critical infrastructure protection is available at No specific Western Australian information was identified at the time of writing. The principal jurisdictional material that defines responsibilities for storage and handling of hazardous materials: Dangerous Goods Safety Act 2004 At the time of writing, seven sets of regulations pursuant to the 2004 Act, and associated codes of practice and other supporting materials, were in preparation. Details are available at _and_policy/legislative_reform.html. The principal source of jurisdictional policy that defines and sets out responsibilities for mass gatherings: No specific Western Australian policy was identified at the time of writing. The principal jurisdictional legislation specifically relating to security and counterterrorism: Terrorism (Commonwealth Powers) Act 2002 Terrorism (Extraordinary Powers) Act 2005 Terrorism (Preventative Detention) Act 2006 Legislation Emergency Management Act 2005 Environmental Protection Act 1986 Fire and Emergency Services Authority of Western Australia Act 1998 Health Act 1911 Local Government Act 1995 Planning and Development Act 2005 Radiation Safety Act 1975 PAGE 87

98 TRAINING MATERIAL Other State of Western Australia 2001, Development Control Policy No. 3.7: Fire Planning, Western Australian Planning Commission, Perth, available at State of Western Australia 2001, Planning for Bushfire Protection, Department for Planning and Infrastructure and Fire and Emergency Services Authority, Perth, available at State of Western Australia 2003, A Simple Guide for Engaging the Community in Emergency Management, Fire and Emergency Services Authority of Western Australia, Perth, available at State of Western Australia 2004, Local Community Emergency Management Arrangements Guide for Western Australia, Fire and Emergency Services Authority of Western Australia, Perth, available at LocalComm_EMA_Gd-final.pdf. State of Western Australia 2005, Western Australian Emergency Risk Management Guide, Fire and Emergency Services Authority of Western Australia, Perth, available at State Emergency Management policies (various dates). Further information is available at State Emergency Management plans (WESTPLANs) (various dates). Further information is available at Web sites Department of Health, Disaster Preparedness and Management Unit: Fire and Emergency Services Authority of Western Australia: Western Australia Police: PAGE 88

99 TRAINING MATERIAL LOCAL GOVERNMENT Acknowledgements ALGA acknowledges the contribution of the Queensland Government and the Local Government Association of Queensland, which published the Queensland-focused Local government counter-terrorism risk management kit in The scope of that Kit was modified to produce this national Toolkit, using funding provided under the Australian Government s Working Together to Manage Emergencies initiative managed by Emergency Management Australia. Many organisations and individuals contributed to the development of this Toolkit, including: ACT Department of Territory and Municipal Services Adelaide City Council Adelaide Hills Council Australian Government Attorney-General s Department Beaudesert Shire Council Brisbane City Council Burdekin Shire Council Calliope Shire Council Central Coast Council Council of Capital City Lord Mayors Council of the City of Mitcham Council of the City of Perth Council of the City of Prospect Council of the City of Sydney Council of the City of West Torrens Council of the Shire of Baulkham Hills Counter Disaster and Rescue Services, Queensland Darwin City Council Department of Police and Emergency Management, Tasmania Department of Premier and Cabinet, Tasmania Department of Premier and Cabinet, Victoria Department of the Chief Minister, Northern Territory Department of the Premier and Cabinet, Queensland Department of the Premier and Cabinet, South Australia Department of the Premier and Cabinet, Western Australia Devonport City Council Emergency Management Australia Esk Shire Council Etheridge Shire Council PAGE 89

100 TRAINING MATERIAL Frankston City Council Gannawarra Shire Council Glenorchy City Council Greater Bendigo City Council Hobart City Council Holroyd City Council King Island Council Local Government Association of New South Wales Local Government Association of Queensland Local Government Association of South Australia Local Government Association of the Northern Territory Longreach Shire Council Macedon Ranges Shire Council Melbourne City Council Municipal Association of Victoria Penrith City Council Pine Rivers Shire Council Premier s Department, New South Wales Queensland Police Service Security and Emergency Management Office, South Australia Snowy River Shire Council South Australia Police State Emergency Service, South Australia Urana Shire Council Victorian Police Waratah Wynyard Council Warrumbungle Shire Council Western Australian Local Government Association Whitehorse City Council The text of the document was prepared by: Dr Rosemary James of Evaluation International / Natural Resource Management Consulting Pty Ltd Tony Ralph of the Latihan Group Pty Ltd working from the 2004 Queensland document, with assistance from Noetic Solutions Pty Ltd. PAGE 90

101 TRAINING MATERIAL LOCAL GOVERNMENT > NOTES PAGE 91

102 AUSTRALIAN LOCAL GOVERNMENT ASSOCIATION