u e S a s k upgrading h expenditure Security pr about draw subject of keys of loss Let’s The m obser but un what g Secur attent man o his knowle e. rofession i wing the ‘b human ps s preventio N s profe most esse rvation! No nderstandi goes on ar rity profess tion to the on the sys edge and s is more ab ig picture’ sychology on as well a Newslett essiona http://s ential qua w we see y ing the im round us is sionals pay fact that in stem who kills is con bout obser . Thus all and obser as crime p er: Janu alize th btyagi.wix.co lity, which yet do not plications s a very imp y attention n spite of v will make nsidered in rvation, pro the securi rvation of revention! ary 2014 he prof om/icissm h we hav observe. O of what w portant req n to electro verity of b final call! nvestment i ofiling of r ty profess human be 4 fession e but ign Observation we see. So quirement f onic surve est video a It is there in profit rat range of h ionals nee havior for nals… nored, is n is not jus effective o for better s illance yet and audio efore very ther than n human inte ed to mast there they Ca the powe st seeing t observatio security se t they pay analytics, essential non-produc erventions er the deli y can find apt S B Ty For IC 1 r of hing on of nse. less it is that ctive and cate d the yagi CISS
Monthly newsletter of International Council of Security and Safety Management. The ICISSM web-site (http://sbtyagi.wix.com/icissm), the ICISSM Goggle group (https://groups.google.com/forum/?fromgroups#!forum/icissm), and the ICISSM LinkedIn Group (http://www.linkedin.com/groups?home=&gid=4413505&trk=anet_ug_hm)
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ue Sask
upgrading hexpenditure
Security prabout drawsubject of keys of loss
Let’s
The mobserbut unwhat gSecurattentman o
his knowlee.
rofession iwing the ‘b
human pss preventio
N
s profe
most esservation! Nonderstandigoes on arrity professtion to the on the sysedge and s
is more abig picture’
sychology on as well a
Newslett
essionahttp://s
ential quaw we see ying the imround us issionals payfact that in
stem who kills is con
bout obser. Thus all and obseras crime p
er: Janu
alize thbtyagi.wix.co
lity, whichyet do not plications
s a very impy attentionn spite of vwill make
nsidered in
rvation, prothe securi
rvation of revention!
ary 2014
he profom/icissm
h we havobserve. Oof what w
portant reqn to electroverity of bfinal call!
nvestment i
ofiling of rty professhuman be
4
fession
e but ignObservationwe see. So quirement fonic surveest video aIt is there
in profit rat
range of hionals neehavior for
nals…
nored, is n is not juseffective o
for better sillance yetand audio efore very ther than n
human inteed to mastr there they
Ca
the powest seeing tobservatiosecurity set they pay analytics, essential
non-produc
erventions er the deliy can find
apt S B TyFor IC
1
r of hing
on of nse. less it is that
ctive
and cate
d the
yagi CISS
Itainth ICN‘N2 Itres T
Act
t might havand FICCI tonsightful anhem.
CISS was ENovember aNational Co2014, there
t gladdens eorganizing
striving for e
Thus we hav
tivities i
e been notio launch Ind
nd deal with
Events Partat Abu Dhabonference oare at least
our heartsg their policexcellence.
ve reasons
in Year
iced by our dia Risk Su the strateg
ner with by bi. The couon Electronit four event
s to note ties and pro
to rejoice a
gone by
esteemed urvey 2013. gies being a
‘Global Enencil was alsic Security s lined up in
hat slowly ocedures. T
and tomorro
y and c
members tIt was gran
adopted by C
ergy Securso event paand Survein which the
security prTheir practic
ow certainly
commitm
hat ICISS wnd success Corporates
ity Conferenartner with ‘llance’ held
e Council wi
rofessionalsces are now
hold place
ments fo
was partnerand its repoto mitigate
nce 2013’ hGlobal Digi
d recently all be the Ev
s are wakinw finding wo
of pride for
or New
r with Pinkeorts are ver the threats
held in May ital Surveillaat New Delhvent Partner
ng-up to ‘corld’s bench
r security pr
Year!
erton CRM Iry revealings being face
at Dubai anance Forumhi. For the Yr.
call-of-duty’ h-marks and
rofessionals
2
India g and ed by
nd in m’ for Year
and d are
s.
3
Ntep
TtnetobUcebinte
Wtrpcss
OTeBasaw R Dsach Oah
Natural Gahe econo
environmenprotect its d
Technologihe last 2
natural gaseffective, so serve ou
based proUnfortunatecost of a mefficient indbecome anncreasinglyerrorists.
We are mehrough ouobust cy
protectionscommitmensuccessful stream stak
Our naturaThis said, employing Because oarray of gosecurity meand industrwhich helps
Risk Facto
Designing, safety, andand analyscomponenthuman, and
Operating assessmenhandling su
as is the foomy, our ntal oppordistribution
cal adva0 years hs utilities
safer, and ur customeograms ely, the
more connedustry is thn attractivey sophistic
eeting the tur skilled yber-securis, an nt to secuongoing c
keholders.
l gas delivall indusweb-base
of this, gasovernment echanism ry operators stakehold
ors for Pip
operatingd security nsis of all tts and thed environm
and maintnt is one ouch explos
oundation fenvironme
rtunity natun pipeline s
ances ovehave madmore cosbetter ab
ers via weband toolsopportunit
ected, morhat we have target focated cybe
threats daipersonne
ity systemindustr
urity, and cyber-secu
ery systemstry operaed applicas utilities aand indusis the exisrs. This paders adapt
peline Ope
, and mainneeds as whe risk fa
eir operatiomental syst
taining a gof the soluive and fla
fuel for a cent and oural gas ofsystems fro
er de st-le b-s. ty re ve or er
ly el, m ry a rity partne
m is the saators recogations for adhere to mtry cyber-s
sting cyberartnership ft quickly to
erators
ntaining a pwell as proctors. Attaon, but thotems to wh
and businety standardowever, thp between e of vital cyurity risks.
eet essentements reqystem mayxtend into ted.
s safety cfety paraml gas.
re, providinide the e
es great re
th up-strea
very systemyber vulneess operads and pahe most im the centrayber-secur
tial availabquires carey involve o
the physi
concerns. Cmeters - es
ng benefitseconomic esponsibilit
am and do
m in the woerabilities ating systearticipate inmportant cy
al governmrity informa
bility, reliabeful evaluaonly the cyical, busin
Cyber secspecially w
4
s for and
ty to
own-
orld. with
ems. n an yber-ment ation
bility, ation yber ess,
urity when
5
Robust Open Access Code There is a need for a robust open access code for the natural gas pipelines as it is expected to facilitate access to pipeline infrastructure and benefit market participants. Natural gas producers get benefit from it as open access allows new suppliers to reach consumers Downstream participants like the distribution entities get benefit from direct access to the natural gas producers and a greater choice in gas supply. End users also benefit through increased competition and choice of gas distributors. Guidelines notified by Petroleum & Natural Gas Regulatory Board (PNGRB) allow utilization of capacity in a natural gas pipeline by any entity on a non-discriminatory basis as well as the assignment and trading of capacity in the open market. PNGRB has also come out with an “Access Code” for natural gas pipelines. However, the code needs to be strengthened further in order to achieve the desired outcome. The current code is not designed to deal adequately with multiple owner operators leading to issues of compatibility. PNGRB needs to setup a separate committee to come out with suitable recommendations to strengthen the access code, in line with developed codes of matured markets. This situation increases the vulnerabilities of the distribution network and makes SCADA easy and lucrative target. Securing Supervisory Control Systems
Today’s natural gas transmission and distribution systems depend on computer technology and supervisory control and data acquisition (SCADA) systems to operate safely and efficiently. In the India, by 2030 there will be nearly 30,000 KMs of natural gas transmission pipelines. In 2012 India had about 36,284 KMs of various types of on-shore / off-shore crude, product and NG pipelines.
The need to provide effective cyber security is similar to challenges faced by bulk electric system and local power distribution providers, except that natural gas systems transport molecules, not electrons, and are equipped with safety devices, which are, in most cases, manually operable as federally required. But all of these groups depend on communications infrastructures, computer technologies, and people to safely and efficiently transport the energy product to the end user.
Many utilities have employed a series of measures to protect the critical computer systems and networks that control the flow of energy over geographically dispersed facilities. These measures include the use of technical and administrative controls.
Technical controls often used include, but are not limited to:
Firewalls to separate control systems from general corporate networks and the internet Network intrusion-detection systems to alert operators of potential security events Event-logging systems to capture and maintain information regarding the operational
status of control networks
Administrative controls often used include, but are not limited to:
Overall cyber-security policy and procedures Change-management and change-control practices
Oscyacc
A
TaIpato
R
Toca
Disa
One of thesystem SCcomputer eyears. In coa decade ocommunicacurrent enc
Addressin
The Opeand IT dnfrastructu
power genand nucleao pay atten
MoreBroaorga
The attacproccapa
Neecybeto reDatanetw
Anotefficconnpathtrans
ThertechcomBelathe fwas procCon
Robust, Se
This capabon more hcommunicaare availab
aster-recov
e major chCADA and equipmentontrast, naor more. Late with sycryption tec
g the Vuln
rations, Sadecision-mures, espeneration anar energy antion to fol
e and moradband Ganizations u
networks ck by virucess controabilities and to keep er-attack ceduce cybea Acquisitioworks. ther challe
ciencies, mnected to hway for msmission ore is real t
h-savvy termputer wormarus. It is tfirst to inclspecifical
cesses. Sttrollers (PL
ecure, Glo
bility calls fhigher leveation netwoble which
very and bu
hallenges process-c
t, such asatural gas SLegacy sysystems thachniques.
nerabilitie
afety, Semakers of
cially oil &nd transmare well adlowing asp
re reliabilitylobal Areausing themare susce
uses, wormol networkd negativecontrol syould severer vulneraon) System
enge withmany of thcorporate alicious co
or distributihreat to SC
rrorist and m first discthe first disude a PLCly written ttuxnet incLCs) and h
obal Comm
for seamleel, of the Norks for criprovide ro
usiness-co
associatedcontrol com desktop
SCADA costems mayat use
es:
curity, Key
& gas, mission dvised pects -
y on Locala Networkm. eptible to ms or otheks and relaely impact tystems saferely damagbilities in pms: to iden
h protectinhe energy
businessomputer pron of natuCADA fromStuxnet is
covered in scovered wC Rootkit, to attack Scludes thehide its cha
municatio
essly conneNation by itical operaobust conn
ontinuity pla
d with promponents computers
omponents y not be a
l Area Netwk (BGAN)
attacks aier forms
ated systemthe nationae and secge or crippprocess contify new t
ng energy SCADA asystems.
rograms orral gas, elem mischiefs the mostJune 2010
worm that and the fir
SCADA syse capabilitanges.
n Solution
ecting all oproviding
ational systnectivity a
anning and
oviding cybis address
s, is geneare often
able to be
work (LANbrings inc
med to disof cyber-tems could dal economyure, and tople infrastrontrol and ypes of se
systems and proceSome of tr unauthoriectricity or f mongers lethal com
0 by Virusspies on arst to targestems usety to repr
ns
oil & gas inhighly ava
tems. A nand comm
d exercises
ber-securitsing legacrally repladesigned apatched o
N), Wide Acreased th
srupt and errorism odestabilizey. o help minuctures. WSCADA (S
ecurity sen
is that, tss-control hese connzed users water. prowling in
mbination! sBlokAda, and reproget critical ined to controrogram the
nstallationsailable, roumber of cunication h
s
ty protecticy equipmeaced everyand pricedor be able
Area Netwohreats to
destroy thon oil ande energy in
nimize the We need toSupervisor
nsors for p
to enhancsystems
nections hto potentia
n the web-It is a Win a securityrams indu
ndustrial inol and moe Program
s of an orgbust, secucommunicahelpful for
on for eneent. Corpoy three to d to operatee to effecti
ork (WAN) operations
hem. Suchd gas indundustry su
chance tho identify wry Control rocess con
ce operatihave becoave createally disrupt
-world andndows-spey firm basestrial syste
nfrastructurnitor indus
mmable L
ganization ure, integraation solutr protectio
6
ergy orate
five e for ively
and s of
h an ustry pply
hat a ways
and ntrol
onal ome ed a t the
d the ecific ed in ems, re. It strial ogic
and ated tions n of
7
assets and personnel in environments where a high standard of inherent safety is a mandatory requirement. There are resilient telecommunications networks such as Broadband Global Area Network (BGAN), which allow for simultaneous voice & communication data communications and secure access to applications from almost anywhere in the world. Taking The Risk out of Gas Operations – What to Consider IT threats are mainly addressed by IT solutions. There are IT Solutions provide very effective predictions, diagnosis and prognosis. In many instances, they help assessing and remediating the cyber security vulnerabilities of their gas distribution pipelines and equipment. Their solutions for oil and gas pipelines promote safety, environmental responsibility, and efficient operations. The cyber security vulnerability assessment is designed to examine the three core facets of an organization’s cyber security:
People: What is the cyber security awareness level in the organization? Are staff members following security policies and procedures? Have they been adequately trained to implement the security program?
Process: What are the cyber security policies and procedures in place in the organization? Do these policies and procedures meet key requirements?
Technology: What cyber security technologies are in use in the organization? How are these technologies configured and deployed?
Prognosis: While above are the main strategies for securing the transmission and distribution of natural gas, constant improvement and improvisation is needed to be carried out to make security measures reliable as well as cost effective, as in present phase of economic melt-down no organization will take decision without working out the ROI (Return on investment). EU has set up a task force to explore what its 25 member states are doing to combat cyber-threats against critical infrastructure. As part of the EU’s Critical Information Infrastructure Research Coordination, CI2RCO project, task force aims to identify research groups and programs focused on IT security in critical infrastructures, such as telecommunications networks and power grids. The scope of the cooperation goes beyond the EU; the task force also wants to include USA, Canada, Australia and Russia. India with its strong IT workforce, known world-over for its prowess must join such cooperative and collaborative efforts! Off-shore Security Co-ordination Committee (OSCC) needs to be institutionalized. With the initiative of ONGC, it exists in many states where essentially ONGC operates. All other ONG PSUs having presence in the state are invited to be members. This forum discusses and seeks to address the security threat faced by the sector with the help and co-ordination of state administration and police. Haryana, where there is no presence of ONGC, similar initiative by other ONG PSUs made similar OSCC operational. Now is the time that its umbrella is spread to cover private sector operators and make it a true PPP model! Similarly on the lines of Homeland Security Department in USA, the lead needs to be taken by the IB and Indian Computer Emergency Response Team (CERT In) to address cyber-
n the preenhanced activities, gmonitoring country toequilibriumon the othenefarious a
t becomesabout 1500AfghanistanPakistan aborders Indvast coast erritories orces.
The Indianwell as woborder manNot only thThe longesKMs. Nepas required Nepal bordcultural, ethhem is ve
boundary dThe task complicatedor by one Military Fostates. Nedifferent Mand prioritie
ndo-ChinaUnder CaITBP, repo
Defence), Aworks unde
Although InBorder SecJ&K sectorbehest of I
esent day manifold bgun runniof all pe
o another. At one h
er hand unsactivities.
s much mo00 K.Ms n in Jammand declardia has a cline, Indianas they c
border world’s mosnagement his, India’sst border ital being a v for citizender. Both hnic and bery heavy disputes wiof efficiend as IndiaMinistry;
orces as weedless toinistries anes.
a border iabinet Secorts to MinAssam Rifer MHA.
ndia-Pakiscurity Forcr is controSI regularl
world thebecause ong etc. E
eople, animr. The sehand legitimscrupulous
ore importawith sevemu & Kared as Nocoast line on security acan also
ith neighbst difficult
as a very border dit shares wvery friendns of boththe count
business tand is d
ith China ant manag’s border iit is guardwell as by say thatnd all of th
s mannedcretariat), istry of Hofles, which
tan borderce (BSF), lled by Indly violates
e importanof terrorist Efficient bomals and ecurity agmate activs elements
ant for Indin countrieshmir whiorthern Arof 7683 KMagencies hbe misuse
ors includeborder, wdaunting affers from ith Banglaly country the coun
tries have ies hence ifficult to
and Pakistaement of s manage
ded by miy Police t all these
hem have d
d by SpecIndo-Tibe
ome Affairsh has offic
r is by andbut Line odian army.the cease
nce of Bo
threats, sorder man
goods whgencies h
vities shouls must be r
a as it shaes includinich is illegreas. Besi
Ms. In addithave to guaed by ant
e porous bhich makeand weariscountry todesh whicno passpotries to crvery old the traffic
manage. an.
borders ed not by olitary, variForces ofe forces different w
cial Frontetan Bordes), Army (Mcers from
d large mof Control . Pakistan
efire line an
order Manasmuggling, nagement hich go frhave to ld not hamrefrained fr
ares land bng 106 K.gally occuides land tion to the ard island ti-national
border as es India’s some job.o country. ch is 4339 ort or visa oss Indo-religious,
c between India has
becomes one Force ous Para
f different report to
work ethos
ier Force er Police Ministry of Army but
anned by (LOC) in Army on
nd had vio
agement criminal includes
rom one maintain
mper and rom their
border of .Ms with upied by
olated appr
The authCabinet has atteIndia acollectionof reportsunder whdepicted is predict Besides the notebe adopbecomesHe hassecurity beside ateam. Htenures including PresentlyConsultamagazineBesides articles indeliveringmilitary organizainterest terrorismIndia aForeign r He canjai_pushp
roximately
hor has retiSecretaria
ended seveand abroan of intelligs and prepahich curren as well as ted.
this, it is alses what mepted so thas in favour s handledmatters at
administratioHe had va
in seveg Pakistan.
y he is ant in Ine (www.inworking I a
n the magag lectures
& ations. He
in intem, terrorist oand abroarelations.
n be repa@hotma
260 times
red as Diret in 2007.
eral coursead relatedgence, anaaration of nnt situation
future scen
so suggesteeasures shat the situaof the cou the intet National on of large wrious overseral coun
working ndia Stratndiastrategicam also wr
azine. He is in various
intelligehas sp
rnal secuorganizationad, Naxa
eached ail.com
9
s the
ector, He
es in to
alysis notes
was nario
ed in hould ation
untry. ernal level work seas
ntries
as tegic c.in). riting also
Para ence ecial urity, ns in lism,
at -
10
ceasefire agreement in 2013 alone. India and Pakistan both nuclear powered nation already fought three wars and presently Pakistan has engaged in a low intensity war against India. Presently ISI is helping Kashmiri terrorists and master minding terrorist activities not only in J&K but in various other parts of India.ISI is instigating misguided Muslim Youths and financing Indian Mujahideen (IM) an Islamist terrorist group based In India. ISI is also smuggling Fake Indian Currency Notes (FICN) in India from different countries including Nepal, Bangladesh and Pakistan. According to an estimate Rs. 169000 crore (Rs.169 trillion) fake Indian currency notes are in circulation in the country. Hence the effective management of India-Pakistan border cannot be over emphasized. Sashastra Seema Bal (SSB) looks after India-Nepal border. SSB, which was previously Special Security Bureau (SSB) was under Cabinet Secretariat, is now reports to MHA. Bhutan border which is relatively peaceful is guarded by BSF and SSB. Indian Army and Assam Rifle safeguard India Myanmar border. The insurgency in Northeast is fuelled, financed and abetted by China and Pakistan. Naga and Mizo terrorists frequently cross India Myanmar border for shelter, training and assistance. These insurgent groups run training camps and have safe houses in Myanmar. Not only this, these terrorist groups are deeply involved in smuggling of drugs and weapons to finance their struggle. As the terrain of the area is very difficult the task of Indian security forces becomes very strenuous. BSF controls Indo-Bangladesh border and there are never-ending fights between BSF and Bangladesh Rifles (BDR). In fact few thousand acres of Indian land is within Bangladesh and lot of Bangladeshi land is in India. 1974 Land Border Agreement tried to resolve this issue but the agreement cannot be implemented as it is a politically sensitive issue and both countries lack the determination to solve the issue. Fortunately the economic growth of India is much higher in comparison to all its neighbours except China hence there is large scale of migration from neighbouring countries. According to an estimate nearly 1.5 million Bangladeshis are living illegally in India. Besides this there are other threats like infiltration and ex-filtration of terrorists, drug & human trafficking, arms smuggling, a close business partnership has emerged between drug and arms smugglers, funds are sent for establishing Madrasas. The list is endless. Principally MHA is responsible for the border management and Para Military Force should guard the borders. Presently more than one Para Military Force looks after the acknowledged border and army looks after LOC in J&K and Line of Actual Control (LAC) on Indo-Tibetan border. Here it is pertinent to note that multifarious agencies are involved in protecting the borders. Needless to say that efficient command and control is the biggest casualty in case of multiple agencies. In fact all the Para- Military Forces must be under the direct control of the army and more and more retired army personnel should join these forces. November 26, 2013 is the fifth anniversary of attack on Mumbai by 10 terrorists from Pakistan. All of them came through sea. Hence after the terror attack a three tier coastal security was implemented. Navy is guarding the outermost area while the Coast Guard is responsible for the intermediate layer and state police is patrolling the shallow waters and the areas abutting the seashore. Here three agencies are made responsible for marine security which is certainly not an ideal situation.
In fact Coast Guard which has the capacity and capability of guarding the coastline should be made fully responsible for the coastal security.