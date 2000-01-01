The new global terror operating on faith-based motivation, across geographical boundaries, is now the instrument of multiple ‘proxy wars’ in several continents. India is a major victim of this constant threat emanating from Pakistan - a country acknowledged by the international community as the provider of safe havens to numerous terror outfits across the Islamic spectrum. Pak army - ISI combine has been creating ‘sleeper cells’ in India to carry out attacks on strategic assets and communally sensitive targets and the spread of radicalisation that accounts for the ‘lone wolf’ phenomenon in Europe and the US is now adding to the terror threat to India as well.

Recent attacks by terrorists on Army camps in J&K and Intelligence warnings about threat to strategic infrastructure of Oil & Gas, Railways and Airports, call for reinforcing the security of all economically crucial establishments as well as industrial installations of strategic value in the country. This is the responsibility not only of the State, but equally of the individual entity facing such a threat. The leadership of vital installations on the ground -whether under the government or in private sector - must bring to bear a professional approach to their safety and security and consciously plan for sparing necessary funds for a lasting security regime.

They should do this with an understanding of the 10- point matrix that ensures the functioning of a viable security infrastructure and set of protocols.

First of all, it is to be understood that security is for protection against an enemy who attacked ‘clandestinely’ and who possibly could have a member of the targeted establishment as a collaborator. Safety is a safeguard against damage that could result from a systemic flaw like an imperfect electric wiring or a human error on the part of some personnel because of neglect or inadequate training. Security and safety, however, are handled together in most establishments.

Second, the doings of an ‘invisible’ adversary can be detected only by securing information about them by using special tradecraft techniques that are learnt through training on Intelligence gathering. Professional analysis of material available in public domain also yields useful insights into the threat scenario facing the establishment. All global level enterprises today spend significantly on collation and analysis of information as part of risk assessment.

Third, Security is always about protection against the three threats that targeted physical assets, human resource and protected information and were respectively called sabotage, subversion and espionage. Espionage, originally the term used for ‘unauthorised access’ to secret information of the State, now covers all attempts to gain such access for stealing or damaging confidential information or data of any targeted organisation. Correspondingly the measures to deal with these three threats are described as Physical Security, Personnel Security and Information Security protocols.

Fourthly, security by definition is ‘preventive’ in nature and for preventing a ‘covert’ attack a basic security infrastructure and operational system has to be put in place. This basic system has five components - secure perimeter, access control, inner access control for identified sensitive parts of the enterprise, intrusion detection and a Command & Control Centre (CCC) to monitor the functioning of the system and respond to a contingency. Details may differ from one establishment to the other depending upon the nature of activity there.

Fifthly, security is no more a standalone function relegated to some guards, watchtowers and physical checks at the entrance. It has to be integrated with the mainstream of the enterprise since it has to cover all parts, processes and assets of the organisation and has to bank on the support of all its members who should believe that each one of them was contributing to the total security of their establishment. Interactive orientation programmes for the management on security, are now conducted by the installation’s chief security officer in most sensitive enterprises.

Sixthly, a new conceptual understanding of security now mandates that this function has to be performed on the authority of the top man of the enterprise. In large organisations one of the deputies of the CMD takes the responsibility of oversight in regard to the security domain as this takes care of the issues of funding, authorisations and decision-making in an emergency.

Seventh, there is a new-found importance of Personnel Security considering the finding of the FBI that nearly 40 per cent of all security breaches were attributable to a subverted insider. For personnel security a system of background vetting had to be in place to which the security set up would make a significant contribution. But even more important is the insider threat management, which has now emerged as one of the most crucial tasks of the chief security officer of the enterprise. This is a specialised segment of the security domain requiring skills of conducting a sensitive internal scrutiny to detect signs of vulnerability in a member and following it up to check out if the ‘adversary’ outside had not already trapped such an insider.

Eighth, security today is dependent on both human resource and technology whether it is in the area of Intelligence collection techniques, analysis or response. Securing the perimeter, detecting intrusion, communication monitoring, electronic surveillance, data analytics, running the Command Centre and establishing quick response teams are the major aspects of security taken care of by technology. All security systems need heavy investment in technology and trained personnel to utilise it. Top managements in enterprises, whether in public or private sector, must realise that security does not come cheap.

Ninth, security has the new challenge of handling threats that have arisen in the cyber domain. Establishments in the strategic sector including public services are run on IP systems that are on the radar of the enemy and in the new ‘warfare’ that the world faces today cyber attacks to disrupt them act as a major weapon. Cyber security is a comprehensive arena that by itself requires a combination of physical, personnel and information security. This has made the job of the chief security officer everywhere extremely onerous.

And lastly, security is an exercise in continuity - not a one-time event. The threat scenario changes and calls for corrective reinforcement or systemic modification. This apart, it is mandatory to have a process of periodical security audit to keep up the level of efficiency of the systems in place.

National security today demands that not only the ruling dispensation but those managing individual industrial, business and economic entities take charge of the security of their establishments and keep their systems attuned to new developments. This calls for a new level of security orientation for all senior managers of our enterprises in the strategic sectors.

(The writer is former director of Intelligence Bureau)