Newslett er: January 2014

Let’s profe
alize th prof

The ...
tivities i Year gone by and commitm
ments fo New Year!
It might have been noti
iced by our esteemed member...
Natural Ga is the fo
oundation fuel for a c
clean and secure en
nergy futur providin benefits for
the econ...
Robust Open Access Code
There is a need for a robust open access code for the natural gas pipelines as it is expected to

very and bu
ontinuity pla
anning and exercises

One of the major ch
hallenges assoc...
assets and personnel in environments where a high standard of inherent safety is a mandatory
requirement. There are resili...
vulnerabilities, the solutions and update prepared
dness so that secur
rity and in
ntegrity of the
natural gas transmi...
In the pre
esent day world the importan
nce of Bo
order Mana
enhanced manifold b
because of terrorist threats,...
ceasefire agreement in 2013 alone. India and Pakistan both nuclear powered nation already
fought three wars and presently ...

Safe guarding such a long, diffic
cult and
varie border physically is not o
only an
ossible ta
ask but ...
ming E

ICISSM is happy to in
ntroduce “S
Secutech In
ndia Safety & Security Conclave 2
2014” whic is all s...
Upcoming SlideShare
Loading in …5

News letter jan.14


Published on

Monthly newsletter of International Council of Security and Safety Management.
The ICISSM web-site (, the ICISSM Goggle group (!forum/icissm), and the ICISSM LinkedIn Group (

Published in: Education, Business, Technology
  • Be the first to comment

  • Be the first to like this

News letter jan.14

  1. 1. Newslett er: January 2014 N 4 Let’s profe s essiona alize th prof he fession nals… http://s om/icissm The m most esse ential qua lity, which we have but ign h nored, is the power of n obser rvation! Now we see y do not observe. Observation is not jus seeing thing yet O st but un nderstandi ing the im plications of what we see. So effective observatio of w o on what g goes on ar round us is a very imp s portant req quirement f better security sense. for s Secur rity profess sionals pay attention to electro y n onic surve illance yet they pay less t attent tion to the fact that in spite of verity of best video a n v and audio analytics, it is man o the sys on stem who will make final call! It is there efore very essential that upgrading h knowle u his edge and skills is con nsidered in nvestment in profit rat i ther than non-produc n ctive expenditure e e. Security pr S rofession i more ab is bout obser rvation, pro ofiling of range of h r human inte erventions and about draw a wing the ‘big picture’. Thus all the security professionals nee to master the delicate ed subject of human ps s sychology and obser rvation of human behavior for there they can find the r y d keys of loss preventio as well as crime p revention! k s on a Ca S B Ty apt yagi For IC CISS 1
  2. 2. Act tivities i Year gone by and commitm in y c ments fo New Year! or It might have been noti t iced by our esteemed members that ICISS was partner with Pinke w r erton CRM I India and FICCI to launch Ind Risk Su a o dia urvey 2013. It was gran success and its repo are ver revealing and nd orts ry g in nsightful an deal with the strateg nd gies being a adopted by Corporates to mitigate the threats being face by C s ed th hem. IC CISS was E Events Partner with by ‘Global Ene ergy Security Conferen 2013’ h nce held in May at Dubai an in nd November a Abu Dhab The council was als event pa N at bi. so artner with ‘Global Digiital Surveilla ance Forum for m’ ‘N National Co onference o Electroni Security and Surveillance’ held recently a New Delh For the Y on ic d at hi. Year 2014, there are at least four events lined up in which the Council will be the Ev 2 t n e vent Partner r. It gladdens our hearts to note that slowly security pr t s rofessionals are wakin s ng-up to ‘c call-of-duty’ and re eorganizing their policies and pro g ocedures. T Their practic are now finding wo ces w orld’s bench h-marks and are d striving for e s excellence. Thus we hav reasons to rejoice and tomorro certainly hold place of pride for security pr T ve a ow r rofessionals s. 2
  3. 3. 3
  4. 4. Natural Ga is the fo N as oundation fuel for a c f clean and secure en nergy futur providin benefits for re, ng s the econo omy, our environme ent and o our energ security Alongsiide the economic and gy y. e environmen e ntal oppor rtunity natu ural gas of ffers our country, th c here come great re es esponsibilit to ty protect its d p distribution pipeline systems fro cyber-a n s om attacks. Technological adva T ances ove er the last 20 years h have mad de natural gas utilities more cos n s steffective, s e safer, and better able to serve ou custome via web o ur ers bbased pro b ograms and tools s. Unfortunate U ely, the opportunit ty cost of a m c more conne ected, mor re efficient ind e dustry is th we hav hat ve become an attractive target fo b n e or in ncreasingly sophistic y cated cybe er te errorists. We are me W eeting the t threats daily through ou skilled personne ur el, robust cy yber-securi ity system m protections p s, an industr ry commitmen to secu c nt urity, and a successful ongoing c s cyber-security partne ership with governme and wit up-strea and do ent th am ownstream stak s keholders. Our natural gas delivery system is the sa fest, most reliable en O m nergy deliv very system in the wo m orld. This said, all indus T stry opera ators recog yber vulne erabilities with gnize there are inherent cy employing web-base applica e ed ations for industrial control and busine a ess opera ating syste ems. Because o this, gas utilities adhere to m B of s a myriad cyb ber-securit standard and pa ty ds articipate in an n array of go a overnment and industry cyber-s security initiatives. However, th most im he mportant cy ybersecurity me s echanism is the exis sting cyber r-security partnership between the centra governm p p al ment and industr operator This pa a ry rs. artnership f fosters the exchange of vital cy e e yber-secur informa rity ation which helps stakehold w s ders adapt quickly to dynamic cyber-secu t o c urity risks. Risk Facto for Pip R ors peline Ope erators Designing, operating, and main D ntaining a p pipeline fa acility to me essent availab eet tial bility, reliab bility, safety, and security n s d needs as well as pro w ocess cont require trol ements req quires care evalua eful ation and analys of all the risk factors. Atta a sis acks on a cyber- sy ystem may involve only the cy y o yber component and the operatio but tho c ts eir on, ose impac can ex cts xtend into the physi ical, business, human, and environm h d mental syst tems to wh hich they are connect ted. Operating and maint O taining a gas pipelin e involves numerous safety c g s concerns. Cyber security C assessmen is one o the solutions that help to maintain saf a nt of fety param meters - es specially w when handling su explosive and fla h uch ammable g oods such as natural gas. h 4
  5. 5. Robust Open Access Code There is a need for a robust open access code for the natural gas pipelines as it is expected to facilitate access to pipeline infrastructure and benefit market participants. Natural gas producers get benefit from it as open access allows new suppliers to reach consumers Downstream participants like the distribution entities get benefit from direct access to the natural gas producers and a greater choice in gas supply. End users also benefit through increased competition and choice of gas distributors. Guidelines notified by Petroleum & Natural Gas Regulatory Board (PNGRB) allow utilization of capacity in a natural gas pipeline by any entity on a non-discriminatory basis as well as the assignment and trading of capacity in the open market. PNGRB has also come out with an “Access Code” for natural gas pipelines. However, the code needs to be strengthened further in order to achieve the desired outcome. The current code is not designed to deal adequately with multiple owner operators leading to issues of compatibility. PNGRB needs to setup a separate committee to come out with suitable recommendations to strengthen the access code, in line with developed codes of matured markets. This situation increases the vulnerabilities of the distribution network and makes SCADA easy and lucrative target. Securing Supervisory Control Systems Today’s natural gas transmission and distribution systems depend on computer technology and supervisory control and data acquisition (SCADA) systems to operate safely and efficiently. In the India, by 2030 there will be nearly 30,000 KMs of natural gas transmission pipelines. In 2012 India had about 36,284 KMs of various types of on-shore / off-shore crude, product and NG pipelines. The need to provide effective cyber security is similar to challenges faced by bulk electric system and local power distribution providers, except that natural gas systems transport molecules, not electrons, and are equipped with safety devices, which are, in most cases, manually operable as federally required. But all of these groups depend on communications infrastructures, computer technologies, and people to safely and efficiently transport the energy product to the end user. Many utilities have employed a series of measures to protect the critical computer systems and networks that control the flow of energy over geographically dispersed facilities. These measures include the use of technical and administrative controls. Technical controls often used include, but are not limited to:    Firewalls to separate control systems from general corporate networks and the internet Network intrusion-detection systems to alert operators of potential security events Event-logging systems to capture and maintain information regarding the operational status of control networks Administrative controls often used include, but are not limited to:   Overall cyber-security policy and procedures Change-management and change-control practices 5
  6. 6.  Disa aster-recov very and bu usiness-co ontinuity pla anning and exercises d s One of the major ch O e hallenges associated with pro d oviding cyb ber-securit protection for ene ty ergy system SC s CADA and process-c control com mponents is address sing legac equipme cy ent. Corpo orate computer e c equipment such as desktop computers is generally repla t, s, aced every three to five y years. In co y ontrast, na atural gas SCADA co S omponents are often designed a priced to operate for and d e a decade o more. L or Legacy sys stems may not be able to be patched o be able to effecti y a or e ively communica with sy c ate ystems tha use at current enc c cryption tec chniques. Addressing the Vuln A nerabilitie es: The Operations, Sa T afety, Security, and IT d a decision-m makers of Key Infrastructu ures, especially oil & gas, power gen p neration an transm nd mission and nuclea energy a well ad a ar are dvised to pay atten o ntion to following asp pects      More and mor reliability on Locall Area Netw e re y work (LAN Wide A N), Area Netwo (WAN) and ork Broa adband Global Area Network (BGAN) brings inc a k creased th hreats to operations of s orga anizations u using them m. The networks are susce eptible to attacks aimed to dis srupt and destroy th hem. Such an h ck uses, worm or othe forms of cyber-te ms er errorism o oil and gas indu on d ustry attac by viru proc cess contro network and rela ol ks ated system could destabilize energy in ms d e ndustry supply capa abilities and negative impact t nationa economy ely the al y. Need to keep control sy ystems safe and secure, and to help min e o nimize the chance th a hat cybe er-attack could sever rely damag or cripp infrastructures. W need to identify w ge ple We o ways to re educe cybe vulnerabilities in p er process co ontrol and SCADA (S Supervisor Control and ry Data Acquisitio System to iden a on) ms: ntify new types of se ecurity sen nsors for process con ntrol netw works. Anot ther challe enge with protectin energy systems is that, t enhanc operational h ng to ce effic ciencies, m many of th energy SCADA and process-control systems have beco he a ome nected to corporate business systems. Some of these conn nections have create a ed conn path hway for malicious co omputer pr rograms or unauthorized users to potentia disrupt the r ally t trans smission o distribution of natu ral gas, ele or ectricity or water. Ther is real threat to SC re CADA from mischief mongers prowling in the webm f n -world and the d tech h-savvy ter rrorist and Stuxnet is the most lethal com s mbination! It is a Win ndows-spe ecific com mputer worm first disc m covered in June 2010 by Virus 0 sBlokAda, a security firm base in y ed arus. It is t first dis the scovered w worm that spies on and reprog rams industrial syste a ems, Bela the f first to include a PLC Rootkit, and the fir to targe critical in C rst et ndustrial in nfrastructur It re. was specifically written to attack S t SCADA sys stems use to contro and monitor indus ed ol strial cesses. St tuxnet inc cludes the capabilit to repr e ty rogram the Program e mmable Logic proc Controllers (PL LCs) and hide its cha h anges. Robust, Se R ecure, Glo obal Comm municatio n Solution ns This capab T bility calls f seamle for essly conne ecting all oil & gas in o nstallations of an org s ganization and on more h o higher leve of the Nation by providing highly ava el, N ailable, ro bust, secu ure, integra ated communica c ation netwo orks for cri itical opera ational syst tems. A number of c communica ation solut tions are availab which provide ro a ble obust conn nectivity and communication h a helpful for protection of r 6
  7. 7. assets and personnel in environments where a high standard of inherent safety is a mandatory requirement. There are resilient telecommunications networks such as Broadband Global Area Network (BGAN), which allow for simultaneous voice & communication data communications and secure access to applications from almost anywhere in the world. Taking The Risk out of Gas Operations – What to Consider IT threats are mainly addressed by IT solutions. There are IT Solutions provide very effective predictions, diagnosis and prognosis. In many instances, they help assessing and remediating the cyber security vulnerabilities of their gas distribution pipelines and equipment. Their solutions for oil and gas pipelines promote safety, environmental responsibility, and efficient operations. The cyber security vulnerability assessment is designed to examine the three core facets of an organization’s cyber security:    People: What is the cyber security awareness level in the organization? Are staff members following security policies and procedures? Have they been adequately trained to implement the security program? Process: What are the cyber security policies and procedures in place in the organization? Do these policies and procedures meet key requirements? Technology: What cyber security technologies are in use in the organization? How are these technologies configured and deployed? Prognosis: While above are the main strategies for securing the transmission and distribution of natural gas, constant improvement and improvisation is needed to be carried out to make security measures reliable as well as cost effective, as in present phase of economic melt-down no organization will take decision without working out the ROI (Return on investment). EU has set up a task force to explore what its 25 member states are doing to combat cyberthreats against critical infrastructure. As part of the EU’s Critical Information Infrastructure Research Coordination, CI2RCO project, task force aims to identify research groups and programs focused on IT security in critical infrastructures, such as telecommunications networks and power grids. The scope of the cooperation goes beyond the EU; the task force also wants to include USA, Canada, Australia and Russia. India with its strong IT workforce, known world-over for its prowess must join such cooperative and collaborative efforts! Off-shore Security Co-ordination Committee (OSCC) needs to be institutionalized. With the initiative of ONGC, it exists in many states where essentially ONGC operates. All other ONG PSUs having presence in the state are invited to be members. This forum discusses and seeks to address the security threat faced by the sector with the help and co-ordination of state administration and police. Haryana, where there is no presence of ONGC, similar initiative by other ONG PSUs made similar OSCC operational. Now is the time that its umbrella is spread to cover private sector operators and make it a true PPP model! Similarly on the lines of Homeland Security Department in USA, the lead needs to be taken by the IB and Indian Computer Emergency Response Team (CERT In) to address cyber7
  8. 8. vulnerabilities, the solutions and update prepared v e dness so that secur rity and in ntegrity of the natural gas transmiss n s sion and distribution iis effective address ely sed. Dedicated manpower ready to face the d D r disaster wo ould alway be centr conside ys ral eration for any security an disaster response plan. To keep them constantly motivat s nd r e m ted and up pdated is also another prime respon a nsibility of the Manag gement as otherwise even the best plan are doom s e e ns med to fail. Only those will succeed in this sec o y ctor who fo oresee and fore-plan and rehea d arse therea after their securi and emergency re ity esponse pl ans! *** 8
  9. 9. In the pre esent day world the importan e nce of Bo order Mana agement enhanced manifold b e because of terrorist threats, smuggling, criminal o s activities, g a gun running etc. Efficient bo E order man nagement includes monitoring of all pe m eople, anim mals and goods wh hich go fr rom one country to another The se c o r. ecurity ag gencies have to maintain h equilibrium. At one h e hand legitim mate activ vities shoul not ham ld mper and on the othe hand uns o er scrupulous elements must be refrained fr s s r rom their nefarious a n activities. t s ore ant ares land border of b It becomes much mo importa for Indi a as it sha about 1500 K.Ms with seven countrie includin 106 K. a 00 es ng .Ms with Afghanistan in Jamm & Kashmir whiich is illeg A n mu gally occu upied by Pakistan a P and declar red as No orthern Ar reas. Besi ides land The auth has retired as Dire hor ector, borders Ind has a c b dia coast line of 7683 KM In addit o Ms. tion to the Cabinet Secretariat in 2007. He vast coast line, Indian security agencies h v n a have to gua island has atte ard ended seve eral course in es te erritories as they c can also be misuse by ant ed ti-national India a and abroa ad related to collection of intellig n gence, ana alysis fo orces. The Indian border with neighbors include porous border as T e b well as wo w orld’s mos difficult border, w hich make India’s st es border man b nagement as a very daunting a and wearis some job. Not only th India’s border differs from country to country. N his, o The longes border it shares with Bangla desh whic is 4339 T st t ch KMs. Nepa being a v K al very friendly country no passpo or visa ort is required for citizen of both the coun tries to cross Indos ns Nepal bord N der. Both the count tries have very old religious, cultural, eth c hnic and b business ties hence the traffic between c them is ve heavy and is difficult to manage. India has ery boundary d b disputes wi China and Pakista ith a an. The task of efficien management of borders becomes T nt complicated as India’s border is manage not by one Force c d ed o or by one Ministry; it is guard o ded by mi litary, various Para Military Fo M orces as w well as by Police Forces of different y f states. Ne s eedless to say that all these forces report to t e different Ministries an all of th d nd hem have d different work ethos w and prioritie a es. Indo-China border is manned by Spec a d cial Frontier Force (Under Ca abinet Sec cretariat), Indo-Tibe etan Borde Police er (ITBP, repo to Ministry of Ho orts ome Affairs Army (M s), Ministry of Defence), A D Assam Rif fles, which has offic h cers from Army but works unde MHA. w er of reports and prepa s aration of n notes under wh hich curren situation was nt depicted as well as future scen nario is predict ted. Besides this, it is als suggeste in so ed the note what me es easures sh hould be adop pted so tha the situa at ation becomes in favour of the cou s untry. He has handled the inte s ernal security matters at National level t beside a administratio of large w on work team. H had various overs He seas tenures in seve eral coun ntries including Pakistan. g Presently he is working as y Consulta ant in In ndia Strat tegic magazine ( e ndiastrategic Besides working I am also wr a riting n azine. He is also articles in the maga delivering lectures in various Para g intellige & military ence organiza ations. He has special interest in internal secu urity, terrorism terrorist organization in m, o ns India a and abroa ad, Naxalism, Foreign r relations. d Although In A ndia-Pakistan border is by and large manned by r He can be re n eached a at Border Sec B curity Forc (BSF), but Line o Control (LOC) in jai_pushp ce of . J&K sector is controlled by Ind J r dian army. Pakistan Army on behest of ISI regularl violates the cease b ly efire line an had vio nd olated appr roximately 260 times the s 9
  10. 10. ceasefire agreement in 2013 alone. India and Pakistan both nuclear powered nation already fought three wars and presently Pakistan has engaged in a low intensity war against India. Presently ISI is helping Kashmiri terrorists and master minding terrorist activities not only in J&K but in various other parts of India.ISI is instigating misguided Muslim Youths and financing Indian Mujahideen (IM) an Islamist terrorist group based In India. ISI is also smuggling Fake Indian Currency Notes (FICN) in India from different countries including Nepal, Bangladesh and Pakistan. According to an estimate Rs. 169000 crore (Rs.169 trillion) fake Indian currency notes are in circulation in the country. Hence the effective management of India-Pakistan border cannot be over emphasized. Sashastra Seema Bal (SSB) looks after India-Nepal border. SSB, which was previously Special Security Bureau (SSB) was under Cabinet Secretariat, is now reports to MHA. Bhutan border which is relatively peaceful is guarded by BSF and SSB. Indian Army and Assam Rifle safeguard India Myanmar border. The insurgency in Northeast is fuelled, financed and abetted by China and Pakistan. Naga and Mizo terrorists frequently cross India Myanmar border for shelter, training and assistance. These insurgent groups run training camps and have safe houses in Myanmar. Not only this, these terrorist groups are deeply involved in smuggling of drugs and weapons to finance their struggle. As the terrain of the area is very difficult the task of Indian security forces becomes very strenuous. BSF controls Indo-Bangladesh border and there are never-ending fights between BSF and Bangladesh Rifles (BDR). In fact few thousand acres of Indian land is within Bangladesh and lot of Bangladeshi land is in India. 1974 Land Border Agreement tried to resolve this issue but the agreement cannot be implemented as it is a politically sensitive issue and both countries lack the determination to solve the issue. Fortunately the economic growth of India is much higher in comparison to all its neighbours except China hence there is large scale of migration from neighbouring countries. According to an estimate nearly 1.5 million Bangladeshis are living illegally in India. Besides this there are other threats like infiltration and ex-filtration of terrorists, drug & human trafficking, arms smuggling, a close business partnership has emerged between drug and arms smugglers, funds are sent for establishing Madrasas. The list is endless. Principally MHA is responsible for the border management and Para Military Force should guard the borders. Presently more than one Para Military Force looks after the acknowledged border and army looks after LOC in J&K and Line of Actual Control (LAC) on Indo-Tibetan border. Here it is pertinent to note that multifarious agencies are involved in protecting the borders. Needless to say that efficient command and control is the biggest casualty in case of multiple agencies. In fact all the Para- Military Forces must be under the direct control of the army and more and more retired army personnel should join these forces. November 26, 2013 is the fifth anniversary of attack on Mumbai by 10 terrorists from Pakistan. All of them came through sea. Hence after the terror attack a three tier coastal security was implemented. Navy is guarding the outermost area while the Coast Guard is responsible for the intermediate layer and state police is patrolling the shallow waters and the areas abutting the seashore. Here three agencies are made responsible for marine security which is certainly not an ideal situation.  In fact Coast Guard which has the capacity and capability of guarding the coastline should be made fully responsible for the coastal security. 10
  11. 11.  Safe guarding such a long, diffic e g l cult and varie border physically is not o ed y only an impo ossible ta ask but it is als so very expe ensive. Hence Indian security agen ncies must be equip pped with modern elec ctronic gad dgets including ha and-held therm image mal eries, nigh vision d ht devices, grou und sens sors and other various surv veillance d devices. There m ust be vigorous use o satellites, aerial im of magery, helic copters and unmanned aerial v vehicles (UAV More and more motor abl e roads Vs). shou be cons uld structed along the bo orders.  India must try to resolve its differe a e ences with the neigh h hbouring c countries on the basi of o is give and take so that the valuable resources can be utilized else e s ewhere. In the beginning disputes with friendly ne eighbors c can be set ttled and then India can proce eed slowly but y firml towards other neig ly ghbours.  Besi ides this, s security fo orces must try to be friendly with the po t e w opulation residing at the r t bord ders. The s security agencies sho ould win th confide heir ence and g goodwill an they should nd be m made mor trade efficient. S re e Special pro ogrammes especially on health, educat y tion, hous sing, agriculture shou be laun uld nched. The importan of supp e nce port of border popula ation cann be over emphasiz not zed.  Last governm tly ment of Ind should make an annual ass dia a sessment o all its po of olicies towa ards the border ma anagement and mus make regular appr t st raisal of w what has been done and what more can be done. n National Se N ecurity Adv visor Shivs shankar M Menon has rightly sai that “To id oday India does not f face external ex e xistential th hreats. The is little distinction between our intern and ext ere n nal ternal secu urity. Recent dev R velopments in our neighbourh ood, howe ever, show that we s w should ma our bo ake order manageme much m m ent more proac ctive, using technolog and inte g gy elligence a develo and oping influe ence across the borders to manage them in a m a o t more intelligent way.” ” 11
  12. 12. Upcom U ming E Event: ICISSM is happy to in ntroduce “S Secutech In ndia Safety & Security Conclave 2 2014” whic is all set to ch t revolutionize the way safety and security i ndustry conducts bus y d siness in In dia. Keepin in view o ng our constant e endeavor to promote interactions within the Industry, Secutech India 2013 was a gra o s and success w with an imp pressive ex xhibitor and visitor st d tatistics, which left a perceptibl impression. le Encourage by the po ed ositive respo onse and its stupendou success Secutech w s us would like to move further o by widenin the reac of the pl ng ch latform, to ensure it becomes the convergin point fo the Security b ng or Industry in India and the world. The theme of “Secutech India Safety & Se n e S ecurity Conc clave 2014” is ” Security So olutions for Vertical Ma arkets. Date & Tim 6th & 7th March 2014 me: h Venue Bombay Exhibition Centre, Gore e: E C egaon East, Mumbai erson: Susm Das Cho mita owdhury, Co onference Manager M Contact Pe HP: +91773 38219912 W:+91-22-668 4900 . Ex 371 W 81 xtn: F:+91-22- 2 26367676 E-mail: su ICISS at LinkedIn http://www.l S n: groups?gid=44 413505&trk=h b_side_g ICISS a Google Gro at oup: https://gr romgroups#!fo orum/icissm Sugg gestions & feedback may be s k sent to us on e-mail: onlineic s cissm@gm P.S. - If you don't lik to receiv our new P ke ve wsletter, we apologiz for both w ze hering you. Please le us . et know your mail addre and we will move it out from our conta list, tha nk you! k ess m act 12