Category: Feature

Col Kanwal Kishore (Retd.)Head FM at L&T Realty forPan India Projects Introduction The security challenges facing organizations today are unlike anything seen before. Digital and physical environments have become inseparably linked, meaning a disruption in one often cascades into the other. Attacks that once targeted only IT systems can now cripple supply chains, stall manufacturing, or compromise employee safety. At the same time, regulatory expectations, customer trust, and brand reputation hinge on how quickly and effectively an organization can respond. The Integrated Operations Centre (IOC) has emerged as the next stage of enterprise resilience. Building upon the traditional Security Operations Centre (SOC), which primarily focused on cybersecurity, the IOC brings together multiple domains such as cybersecurity, physical security, safety, environment, facilities, medical response, and even customer- facing operations under a single umbrella. The result is not merely a control room but a nerve centre of organizational continuity. A recent Gartner study predicts that by 2026, nearly 60 percent of large enterprises will consolidate their security and resilience functions into integrated command centres. This shift signals a clear trend – ‘the IOC is not just an innovation but a necessity.’ What is an IOC? An Integrated Operations Centre can be thought of as the central command hub of an enterprise. It continuously monitors risks, correlates events across multiple functions, and orchestrates responses in real time. While SOCs traditionally looked at IT and cyber incidents, the IOC expands this scope to ensure that disruptions in one domain do not spill over unchecked into others. Consider the example of a data centre under attack. A SOC might detect malicious network traffic, but an IOC goes further – it also correlates building management alerts on cooling failures, physical access anomalies at server rooms, and even employee safety protocols. This integrated lens enables an organization to respond not piecemeal but holistically. The evolution of security centres a. First stage (1970s-1990s) Security centres began modestly largely focused on detecting basic computer viruses or unauthorized logins. Their role was limited, reactive, and operational only during business hours. b. Expansion phase (2000s) The explosion of digital commerce and rising cybercrime pushed large organizations, particularly banks and telecom firms, to build round-the-clock SOCs. Compliance requirements added pressure, as regulators demanded evidence of security monitoring. c. Transformation phase (2010s) Persistent and sophisticated cyberattacks changed the stakes. SOCs adopted Security Information and Event Management (SIEM) platforms, threat intelligence feeds, and automation tools. They became more capable of handling thousands of alerts and mounting advanced investigations. d. Integration era (2014 to Present) The interdependence of digital and physical risks gave rise to the IOC. Cyber breaches could disrupt operational technology, while physical intrusions could expose data. Organizations began consolidating diverse command functions – security, safety, IT, and crisis response – into integrated centres. Why organizations need IOCs a. Complex threats Modern threats rarely remain confined to one channel. A ransomware attack, for example, can paralyze IT systems, lock down physical access controls, and stall production lines. An IOC provides integrated visibility and coordinates across functions, preventing isolated teams from missing the bigger picture. This was evident in a global financial services firm where analysts noticed unusual employee login attempts at the same time access control logs flagged suspicious badge activity. Because the IOC correlated cyber and physical data, it escalated the issue within minutes. The ransomware attack was contained before encryption spread, saving the company millions in downtime and penalties. b. Regulatory demands Industries such as healthcare, finance, and energy are tightly regulated. Regulations like GDPR in Europe or the Digital Personal Data Protection (DPDP) Act in India demand evidence of comprehensive monitoring and governance. An IOC, with its centralized reporting and audit trails, enables organizations to demonstrate compliance with confidence. c. Business continuity Every minute of downtime has a financial and reputational cost. According to IBM’s 2024 Cost of a Data Breach Report, the average cost of an outage now exceeds USD4.5 million. IOCs minimize such risks by orchestrating recovery across IT, safety, and operations, ensuring business continuity. A case in point comes from an energy major that runs one of Asia’s largest oil refineries. Sensors flagged unusual pressure in a critical pipeline. The IOC correlated this with historical maintenance records and environmental monitoring data, identifying a potential fault before it escalated. The refinery rerouted production and carried out predictive maintenance, avoiding a shutdown worth tens of millions in losses while ensuring worker safety. d. Resource efficiency Running separate control centres for IT, security, and facilities is inefficient. An IOC consolidates these silos, streamlining manpower, tools, and processes. This results in both cost savings and improved effectiveness. Core building blocks of an IOC a. People An IOC thrives on skilled personnel. Analysts handle everything from triaging basic alerts to conducting advanced forensics. Specialists cover IT, health, safety, and continuity, while risk analysts monitor geopolitical developments. Leadership roles ensure accountability, and training officers instil a culture of readiness through drills and awareness programs. b. Process Well-defined processes provide structure. Incident response playbooks outline how alerts are escalated and resolved. Governance frameworks ensure compliance with regulations, while post-incident reviews and tabletop exercises feed into a cycle of continuous improvement. c. Technology Technology is the backbone. Cyber tools such as SIEM and SOAR integrate with IoT-enabled fire and safety systems, medical response platforms, and geospatial intelligence mapping. APIs and middleware unify disparate systems, while AI analytics detect anomalies and predict risks. Resilience features like backup power and redundant connectivity keep the IOC operational during crises. Designing and setting up an IOC a. Operations floor The main monitoring zone operates around the clock, with analysts working on dashboards, large video walls, and integrated consoles. Ergonomic design and redundant workstations ensure efficiency and resilience. b. Support area Technical staff, based here maintains and troubleshoot systems, ensuring smooth operations without disrupting the analysts on the main floor. c. Situation room Reserved for crises and high-severity events, the situation room hosts leadership briefings with secure communications and collaboration tools. d. Forensics lab This controlled environment allows safe…

Siddharth Dahiya, CEO, Peregrine Guarding The conversation around technology and the workforce often falls into a familiar narrative – machines replacing humans. In the security industry, this debate is most visible when discussing artificial intelligence (AI) and the future of guarding. Will AI-driven surveillance, analytics, and autonomous systems make the human guard obsolete? The reality is quite the opposite. The future of guarding is not human versus AI but human plus AI. Security is, at its heart, a people-centric service. Guards represent not only the physical presence of protection but also trust, intuition, and judgment – qualities that machines cannot replicate. At the same time, AI-powered tools are rapidly enhancing the detection, analysis, and response to threats. The combination of these strengths offers a more effective, adaptive, and resilient model of security for the future. If we imagine a purely human-driven model of guarding, challenges become evident. Guards are limited by their physical stamina, reaction times, and the ability to continuously monitor large or complex environments. A guard cannot, for instance, watch dozens of CCTV feeds simultaneously or analyze large volumes of data to predict risks. On the other hand, a purely AI-driven model also has limitations. Machines may identify anomalies but lack the contextual understanding to interpret them correctly. An unattended bag at an airport could be a threat or simply a misplaced item. Without human judgment, decision-making risks becoming either overly rigid or dangerously lenient. This is why the most effective security strategies do not view humans and AI as substitutes but as complementary partners. AI is transforming the role of guards rather than replacing them. Here are a few ways this partnership is already reshaping the industry: Enhanced surveillance AI-powered cameras can detect unusual behavior patterns, unauthorized access, or crowd surges in real time. Guards receive alerts instantly, enabling faster responses. Predictive insights Machine learning can analyze historical data to predict potential security risks, helping guards focus on proactive prevention rather than reactive response. Reduced fatigue  Automation of repetitive tasks – such as monitoring video feeds – frees guards to focus on higher-value functions like situational assessment and direct engagement. Remote capabilities Integration with command centers allows guards on the ground to be supported by remote teams who have access to AI-enhanced data, improving coordination and efficiency. Rather than rendering guards redundant, AI is giving them sharper tools to be more effective at their jobs. While AI provides speed, scale, and precision, humans bring qualities that remain irreplaceable. Judgment and context Guards can interpret nuances of human behavior, cultural signals, and situational context that machines cannot. Empathy and reassurance In high-stress environments, the presence of a human guard provides comfort, authority, and emotional intelligence – something no machine can replicate. Ethical Decision-Making Decisions around the use of force, intervention, or de-escalation require moral reasoning that AI cannot deliver. Adaptability Humans can think creatively, improvise, and adapt to unforeseen scenarios, whereas AI operates within defined parameters. These strengths highlight why security will always require a human face, even as it becomes increasingly technology-enabled. To fully realize the potential of human-AI collaboration, the industry must rethink how it designs and delivers guarding services. A few guiding principles stand out: This hybrid model ensures that technology amplifies human strengths rather than competing with them. The security industry stands at a pivotal moment. With threats becoming more complex – ranging from sophisticated breaches to evolving physical risks – the demand for smarter, faster, and more adaptive solutions is clear. AI offers the tools to process information at scale and detect anomalies with unmatched precision. Humans bring the intuition, ethics, and adaptability that no machine can replicate. The real breakthrough lies in combining these strengths. Guards empowered by AI are not diminished by technology; they are elevated. Together, they can deliver security outcomes that are more reliable, proactive, and resilient than ever before. The future of guarding, therefore, is not about choosing between people or technology. It is about creating a partnership where each enhances the other. In a world of increasing uncertainty, the strongest line of defense will be built not by humans or AI alone, but by their collaboration.

Dr Banusri VelpandianSenior Law Specialist Salil Kumar TripathyCo–author, Legal Consultant Introduction: A New Era of Threats National security has evolved in recent times due to significant transformations in the concepts of state sovereignty, power dynamics, and economic development. New threats extend beyond traditional notions of national security, which were primarily focused on territorial integrity and military aggression. Today, national security encompasses a broader range of issues, including cybersecurity, economic security, food security, energy security, and environmental security. In response to these challenges, several European nations including Germany, France, Poland, Italy, and the UK, are increasing their defense spending.2 This investment aims to enhance comprehensive and collaborative projects that bolster military readiness to counter both visible and less imminent but equally dangerous threats that could jeopardize national security. There must be a diverse array of mitigation strategies adopted to address modern-day risks, which can include cyber and digital threats, information and psychological threats, economic threats, and biological threats. This article will address the present and probable future of India’s legal framework in the given domain along with selected global best practices. The Invisible Frontline: Defending Against Digital Warfare Cyber threats have become increasingly prominent with the rise of technology. Cyber criminals can operate from remote locations while targeting critical infrastructure that holds sensitive information. These attacks can pose significant concerns, especially when they have agendas aimed at disrupting peace and causing societal upheaval. Cyber-crimes can also involve extortion for financial gain through ransomware attacks3. These malicious programs are designed to completely block access to a system and encrypt sensitive data, which can be detrimental to state operations and the functioning of various agencies. India ranks as one of the leading countries affected by ransomware, currently holding the 9th position globally. A notable incident involved Fullerton India Credit Ltd., a non-banking financial company, which was attacked by LockBit 3.0, resulting in the breach of 600GB of sensitive data.4 The situation becomes even more serious when these cyber-attacks are used as a weapon by enemy countries. They can disrupt critical systems and damage essential infrastructure, resulting in significant material losses and potentially causing loss of life for the nation as a whole. Hence, this can be referred as cyberwarfare5. Cyber warfare can serve as a tool for espionage, enabling the unethical monitoring and theft of data from other countries. This often involves phishing attacks to infiltrate systems and gain access to sensitive information.6 If cybersecurity measures and safeguards are inadequate, breaches of classified information can jeopardize government schemes and initiatives, potentially harming the country by manipulating vital data. Such sabotage can disrupt essential services like electricity supply, as cybercriminals may target power grids, disabling critical systems and interfering with infrastructure and communication services. With the rise of AI systems, cyber attackers now manipulate public opinion on a large scale. The risk is particularly pronounced in defense, as AI is increasingly used in autonomous drones and missiles where attacks executed without human intervention can lead to extensive damage to infrastructure and disrupt machinery in undetectable ways without thorough investigation7. Advanced nations formulate strategies that emphasize the importance of safeguarding emerging technologies, addressing not only cyber security issues but also regulating them while promoting democracy and freedom. Accordingly, in India, where risk mitigation is centralized, there ought to be specialized mechanisms for cyber security and prioritizing national interests. The ongoing institutional exercises may enhance cyber preparedness and evaluating appropriate responses in the event of a cyber incident but substantial high-end infra requirements are to be met to meet the ends of effective countering of all threats with robust strategies. Furthermore, the mix of strategies should also include stakeholder engagement, to proactively identify and neutralize any cyber threats that could damage national infrastructure and critical networks. The comparative legal frameworks in the domain are placed below for ready reference; Country Legal Framework Key Provisions Relevance to Cyber Warfare India Information Technology Act 2000 (Amended 2008) Sec 66F: Cyber terrorism (life imprisonment); Sec 70: Protected systems; Sec 69: Interception powers Cyber terrorism, critical infrastructure National Cyber Security Strategy 2020 21 focus areas including CII protection, supply chain security, advanced tech integration National cyber strategy coordination United States Cybersecurity Information Sharing Act (CISA) 2015 6 USC S.1502-1505: Threat info sharing, monitoring authorization, liability protections Public-private threat intelligence sharing Federal Information Security Modernization Act (FISMA) 2014 44 USC S.3551: Federal cybersecurity programs, incident reporting, DHS oversight Federal agency cybersecurity compliance Computer Fraud and Abuse Act (CFAA) 1986 18 USC S.1030: Unauthorized access, damage to protected computers (up to 20 years) Computer crime prosecution National Defense Authorization Act (NDAA) – Annual Annual cyber provisions: AI security centers, spyware protection, supply chain security Military cyber operations, defense United Kingdom Computer Misuse Act 1990 (Amended 2015) Sec 3ZA: Serious damage offenses (life imprisonment); Sec 1-3: Unauthorized access/modification Computer misuse, infrastructure attacks Investigatory Powers Act 2016 Parts 1-9: Interception warrants, equipment interference, bulk data collection Intelligence surveillance powers National Cyber Security Strategy 2022 3 pillars: Strengthen ecosystem, deter actors, develop capabilities; National Cyber Force National cyber force, offensive ops Australia Cybercrime Act 2001 Div 477: Serious computer offenses (life imprisonment); Div 478: Other computer offenses Commonwealth computer crimes Security of Critical Infrastructure Act (SOCI) 2018 Parts 2-6A: 11 critical sectors, risk management, government intervention powers Critical infrastructure protection Cyber Security Act 2024 Ransomware reporting, IoT security standards, National Cyber Security Coordinator Ransomware response, IoT security Privacy Act 1988 – Data Breach Notification Mandatory breach notification for eligible data breaches Data breach incident response To maintain national security and mitigate threats, India has developed significant defense systems, enhanced supply chain security and infrastructure, and invested in research and development to improve data management systems and is establishing robust defense mechanisms. To bolster resilience against advanced cyber threats, India can adopt best practices from countries like the U.S., U.K., and Australia for establishing formal public-private threat intelligence sharing, sector-specific regulatory approach for Critical Information Infrastructure (CII), mandatory incident reporting for ransomware and IoT security standards. The Weaponizaxtion of Words: Countering Disinformation and Radicalization The…

The private security industry in India has witnessed substantial growth over the past few decades, primarily driven by rising security concerns and an expanding economy. However, one pressing issue undermining its profitability, growth, and quality of service delivery is the ‘Petty Contractor Syndrome.’ This phenomenon manifests through fragmented operations, low-quality standards, and a lack of professional management, ultimately impacting the industry’s overall effectiveness and reputation. Characteristics of Petty Contractor Syndrome: 1. Fragmentation of Services The industry is often characterized by a multitude of small and medium but fragmented security agencies. These petty contractors typically lack the resources and infrastructure required to operate on a larger scale, leading to inconsistencies in service delivery. Even owners/ directors of medium and large agencies risen to their present level, still suffer for the Syndrome as they love to count their smaller coins and top line. 2. Cost-Cutting Measures In a bid to remain competitive, many contractors engage in aggressive cost-cutting, often at the expense of quality. This includes underpaying security personnel, inadequate training, and minimizing operational expenditures, which directly affects the reliability and effectiveness of security services. Unfortunately some of the big agencies have resorted to lowering service charges not to the percentage but few hundred rupees per guard. This is a strange development which is damaging the reputation of these agencies and loosing respect among smaller players and security professionals. 3. Regulatory Challenges The absence of stringent MHA regulatory frameworks and oversight facilitates the proliferation of Unlicensed players in the market. This creates an environment where quality assurance is difficult to achieve and maintain. Impacts on Profitability and Growth 1. Reduced Profit Margins As competition intensifies, the focus on reducing costs instead of enhancing value leads to narrower profit margins for all players in the industry. This creates a vicious cycle wherein service quality continues to decline along with profitability. 2. Negative Reputation The prevalence of petty contractors has resulted in a tarnished image of the private security industry. Clients often associate poor service with the entire sector, dissuading potential clients from investing in security solutions. 3. Inhibited Expansion The inability to uphold quality standards limits the scalability of security firms. Many businesses may find it challenging to grow or expand their operations due to the lack of trust and credibility instilled in the market. 4. Stagnation in Innovation With a primary focus on cost reduction, there is little incentive for these companies to invest in innovative technologies or practices that could enhance service delivery, leaving the industry stagnation. The ‘Petty Contractor Syndrome’ poses significant challenges to the private security industry in India, hindering its potential for profitability, growth, and quality standards delivery. Addressing this issue requires comprehensive industry reforms, including the establishment of stricter regulatory frameworks, better training programs, and the promotion of professionalism within the sector. By fostering an environment that encourages quality over cost-cutting, the industry can enhance its credibility and ensure sustainable growth in the years to come. Large and middle level companies have a much significant role to play in bringing sustainable growth in the sector. They must shun the Petty Contractor Syndrome as they are the leaders of the PSI. Numbers must not be the business model for them. CAPSI is seriously working on following plan to pull members out of the sinking sand. To address the issues related to low service charges and the resulting ‘Petty Contractor Syndrome’ in the security industry requires a multi-faceted approach as an association. Here are some strategies the CAPSI has decided to develop with set timelines; 1. Establish Fair Pricing Guidelines Develop a set of industry-standard pricing guidelines based on the actual costs of delivering quality security services. Ensure these guidelines are widely shared and promoted among all member agencies. 2. Advocacy for Ethical Practices Encourage your members to adopt CAPSI Code of Ethics that emphasizes integrity, transparency, and fairness in pricing. Promote the importance of resisting the pressure to lower rates unsustainably. 3. Educational Programs Organize workshops and training sessions to educate members about the long-term benefits of sustainable pricing models. Highlight how competitive yet fair pricing can lead to better service quality, client satisfaction, and long-term contracts. 4. Resource Sharing Create platforms for member agencies to share resources, such as training materials and best practices. This collaboration can help smaller agencies improve their service offerings without undercutting their pricing. 5. Promote Value Over Cost Encourage members to focus on the value they deliver rather than simply competing on price. This can involve showcasing case studies or testimonials that highlight the positive outcomes from using quality security services. 6. Engagement with Procurement Managers Work to establish a dialogue with procurement professionals and industry clients to educate them on the risks associated with selecting security services based solely on cost. Emphasize the value of quality and reliability over the lowest bid. 7. Certification and Accreditation Launch STAR RATING Scheme Developed by QCI & CAPSI , a certification program that recognizes agencies meeting high standards of service, ethical practices, and fair pricing. This can help consumers identify reputable agencies while encouraging members to adhere to better practices. 8. Establish a Reporting Mechanism Create a safe and anonymous reporting system for unethical practices within the industry, allowing members to report instances of malpractice or corruption. 9. Incentivize Good Practices Consider implementing rewards or recognition programs for members who maintain high standards and resist the temptation to compromise on pricing and quality. 10. Collaboration with Regulatory Bodies artner with relevant regulatory or industry bodies to advocate for policies that discourage unethical bidding practices and promote fair competition in the security industry. By taking these steps, our association shall help elevate the entire industry, reduce the prevalence of the Petty Contractor Syndrome, and foster a more sustainable and professional competitive environment. Time for Leaders of the industry to seriously evaluate their preferences and attitudes towards structured business growth and practices. This is the time to stand firm and shine and not to bend down to pick up thrown pennies Read more

Major Sadhna SinghConsultant When the lock is no longer yours Picture this: you wake up one morning, log into your email, and find that your credentials no longer belong to you. Not because you forgot them, but because they’re now circulating on the dark web ready for anyone with malicious intent to exploit. For millions worldwide, this is no longer a hypothetical. The recent exposure of over 16 billion stolen login credentials is not just another cyber incident; it is the largest breach of its kind in the history of the internet. What makes this leak particularly dangerous is its composition, freshly stolen data from active devices, harvested quietly over years through infostealer malware. Unlike headline-grabbing hacks that crash systems or trigger instant shutdowns, this breach unfolded silently, siphoning credentials without detection. The anatomy of a breach Infostealer malware doesn’t announce itself with ransom demands or a dramatic system lockout. It operates in the background, harvesting usernames, passwords, session cookies, authentication tokens, and stored files from infected devices. Investigators report that the leaked database is an amalgamation of at least 30 different sources. While some of it is recycled from older leaks, a large portion is recent, well-structured, and tied to identifiable individuals. Compromised services span global tech giants like Apple, Google, and Facebook, developer tools like GitHub, secure communication platforms like Telegram, VPN services, and even government portals. This isn’t simply about stolen passwords, it’s about the systems, data, and critical infrastructure those passwords unlock. And for a nation with India’s scale of digital adoption, the implications are severe. Why India should be worried Given India’s rapid digital adoption, large user base, and reliance on Digital Public Infrastructure (DPI), the impact of this breach could be disproportionately severe if unaddressed. Economic Security Risks Governance Vulnerabilities National Security Concerns Social Impact & Public Trust The cybercrime economy connection A breach of this scale is a goldmine for the dark web economy. Stolen credentials, sometimes bundled with device fingerprints, are traded for as little as $5–$10 per set, depending on the platform compromised. These are then used for: Every credential set is a potential stepping stone to a much larger compromise. India’s response gap While the Digital Personal Data Protection Act (DPDPA) 2023 introduces some protections, its enforcement mechanisms and breach notification timelines are still maturing. Many organisations in India lack: In short, our laws exist, but our readiness to operationalise them in real time remains weak. What needs to happen now This breach is a wake-up call for every citizen, policymaker, and business leader. The response must be both urgent and systemic. Immediate Actions Mid- to Long-Term Measures Implementation Roadmap Timeline Action Lead Agency Supporting Agencies 0–3 Months National breach monitoring cell operational CERT-In NCIIPC, RBI, MeitY 0–3 Months MFA mandate across key sectors RBI, MeitY TRAI, NIC 0–3 Months Credential hygiene drive MeitY State IT Depts, Industry bodies 3–12 Months Cyber Hygiene Code notified MeitY BIS, CII, NASSCOM 3–12 Months DPI resilience audits MeitY NIC, Private audit firms 12–36 Months Legal amendments enacted MeitY, MoL&J Parliamentary committees 12–36 Months Digital Trust Campaign rollout MeitY, MIB Industry partners The Bigger Picture The 16 billion credential leak is not a one-off incident, it is a stress test for India’s digital resilience. If addressed decisively, it can serve as the trigger for a national shift towards proactive cybersecurity, integrating policy, technology, and citizen behaviour. If ignored, it risks undermining economic stability, national security, and public trust in the digital state. If you haven’t changed your passwords yet, do it today. If you lead an organisation, ask yourself if your systems could survive being part of the next 16 billion. Because in cyberspace, it’s not if, it’s when. 📌 Major Sadhna Singh, Consultant Read More

Dr Banusri VelpandianSenior Law Specialist J E Jaya DeviLegal Consultant Co-author In Indian criminal jurisprudence, offences against life, limb and liberty form the cornerstone. It embodies the State’s fundamental duty to safeguard life, bodily integrity, physical autonomy, and personal liberty. These offences spanning across spectrum of the gravest to heinous nature strike at the very heart of human dignity and social order, demanding a robust legal framework to ensure justice, deterrence, and rehabilitation. The total FIRs (First Information Reports) registered in the year 2022 was 58,24,946 for crimes under Indian Penal Code (IPC) and Special & Local Laws (SLL); and among them 32.5% are for offences affecting the human body as per the report of National Crimes Records Bureau (NCRB). Urban areas continue to have higher crime rates when compared to rural areas. The constitutional foundation for protection of life, limb and liberty lies in Article 21 of the Constitution of India, which guarantees the right to life and personal liberty – a right, judicially expanded to include dignity, bodily security, and freedom from physical harm. Articles 14, 15, and 20 further complement this protection by ensuring equality before law, non-discrimination, and safeguards against arbitrary punishment. Criminal law operationalises these guarantees through substantive, procedural, and evidentiary provisions that criminalise acts infringing life, limb, and liberty. The legal response to such crimes has undergone a profound transformation from the fragmented pre-colonial justice systems to the codified Indian Penal Code (IPC), 1860, and now to the transformative Bhartiya Nyaya Sanhita (BNS), 2023. “The soul of our criminal justice system must reflect the spirit of our Republic, not the shadows of colonial governance” – Extract from the Parliamentary Debate in 2023 on amending the Indian Penal Code. This article presents a structured commentary on the transition from the IPC to the BNS and relevant legal principles. STATUTORY FRAMEWORK For over 160 years, the IPC’s Chapter XVI, ‘Offences Affecting the Human Body,’ defined how the State would respond when life, limb, and liberty were violated or harmed. Since 2023, Bhartiya Nyaya Sanhita, (BNS, 2023) ushers a modernised statutory framework that preserves the substantive core of the IPC while refining its drafting, structure, and penalties based on contemporary realities. It adopts a graded punishment structure based on severity and culpability, thereby upholding public order, human dignity and evidentiary rules remain responsive to evolving forms of violence, advances in technology, and the expectations of victims. Historical background and evolution of the IPC Historically, India’s criminal justice system was a fragmented amalgamation of religious, customary, and colonial laws and marked by inconsistency and bias. This includes justice delivery in terms of Manusmriti, Yajnavalkya Smriti, Arthashastra or Sharia. Among tribal communities, justice was administered through unwritten customs, community mediation, and compensation in the form of livestock, land, or goods. The arrival of the British East India Company in the seventeenth century introduced partial codification, most notably through the Cornwallis Code of 1793 in Bengal, which sought uniformity but retained the elements of religious law for personal matters. Punishments for similar offences varied drastically between regions, undermining fairness and public trust. This patchwork system created inconsistency and administrative inefficiency. The consolidation of British rule promoted the need for a uniform penal law to ensure consistency, fairness, and effective governance drawing from English common law, the Napoleonic Code, and utilitarian principles. In 1834, the First Law Commission under Lord Thomas Babington Macaulay drafted the IPC, which was passed on 6 October 1860 and came into force on 1 January 1862. Comprising 511 sections in 23 chapters, IPC became the comprehensive criminal law framework for British India. Since then, IPC has undergone numerous amendments and few cardinal ones are as given hereunder; Year & Amendment Key Changes Purpose / Context 1870 Amendment Clarified provisions for abetment (Sections 107–120); clarified joint liability (Sections 34, 149) Strengthened accountability for group crimes such as gang-related murders or assaults. 1983 & 1986 Amendments Introduced Section 304B (dowry death) Addressed dowry-related violence and rising incidents of bride-burning, influenced by feminist activism and public outrage. 2013 Amendment (Post-Nirbhaya) Added Sections 326A & 326B (acid attacks); expanded definitions of sexual offences Response to 2012 Delhi gang-rape; aimed at stronger protection for women and deterrence against sexual violence. 2018 Amendment Strengthened laws on sexual offences against minors; alignment with POCSO Act, 2012 Tackled child abuse and exploitation; enhanced penalties and protections. There are several landmark decisions that also shaped up the evolution of IPC. Four such case laws are picturised below; Transition from IPC to BNS, 2023 The Indian Penal Code (IPC), drafted under colonial era in archaic language had significant gaps in addressing modern crimes including cyber offences, victim protection etc. Its punitive focus overlooked rehabilitation, and limited victim rights clashed with contemporary justice principles. The focus was also to deliver justice rather than to penalise i.e., from ‘dand’ to ‘nyay.’ In 2023, the Bharatiya Nyaya Sanhita (BNS), 20231 , was enacted as part of a legal reform trio alongside the Bharatiya Nagarik Suraksha Sanhita, 20232 and the Bharatiya Sakshya Adhiniyam,20233 replacing the IPC, CrPC, and Evidence Act respectively. Effective from 1 July 2024, the BNS reduces 511 sections of the erstwhile IPC to 358, uses plain and culturally resonant language, and incorporates gender-neutral and victim-centric provisions. It introduces community service for minor offences, clearer definitions, and new categories such as mob lynching (Section – 103(2)), organized crime (Section – 111), petty organized crime (Section – 112), and enhanced penalties for acid attacks (Section – 124). By modernising certain terminology, recognising emerging crimes, and embedding restorative justice, the BNS seeks to decolonise India’s criminal law and align it with constitutional ideals and global human rights standards. Significant Legal Principles and Maxims ● Cognizable and non-cognizable: ‘cognizable offence’ means an offence for which, and ‘cognizable case’ means a case in which, a police officer may, in accordance with the First Schedule or under any other law for the time being in force, arrest without warrant (BNSS section 2 (1) d). ● ‘Non-cognizable offence’ means an offence for which,…

Sreekumar NarayananChief Growth Officer,BNB Security & Automation solutions The inflection point that no one can ignore For two decades, India’s Global Capability Centers (GCCs) and IT MNC campuses have been built on a familiar blueprint – design the ELV and MEP systems to code, tender them out as capital projects, commission, hand over fat as-built folders – and move on. Meanwhile, resilience was ‘someone else’s problem,’ usually a business continuity or facilities footnote. That mental model is collapsing. Chronic flooding in tech corridors, rolling cyber-physical attacks and a regulatory landscape that now demands evidence (not promises) are forcing enterprises to rethink the way buildings, people and technology are protected. The era of the point-in-time compliance audit is giving way to a continuous, sensor-driven assurance fabric; and at the center of that transformation stand MEP/ ELV Specifiers – if they choose to step up. This article lays out a practical, standards-aligned roadmap for Specifiers to evolve from traditional ‘BoQ writers’ into architects of resilience-as-a-service. It shows how to embed Sensor-as-a-Service (SaaS²) commercial models and how to design Key Risk Indicators (KRIs) that naturally roll up into business-facing Key Performance Indicators (KPIs) at the Operations Command Center – or the now-converged GSOC. From hardware lists to metric Bills of Materials Specifiers have historically been judged on the elegance and completeness of drawings, schematics and hardware schedules. Tomorrow’s value will be judged on how well you define what to measure, why to measure it and how fast that insight reaches decision-makers. Enter the metric Bill of Materials (mBOM) Instead of only listing ‘300 smoke detectors, addressable, UL listed,’ the specification now states the metric it supports (e.g., Life Safety Loop Integrity KRI), the sampling frequency, acceptable downtime percentage, calibration windows and the API payload through which that metric will surface at the GSOC. Think of it as a parallel BoM that makes the system talk in the language of resilience. Key shift Sensors are no longer just hardware – they are sources of regulated evidence. If the detector fails silently, you haven’t just lost a device; you have lost a compliance control. The business model pivot: Sensor-as-aService (SaaS²) GCCs want predictable OPEX, faster refresh cycles and guaranteed outcomes. Specifiers can enable this by insisting that bidders price two parallel tracks: SaaS² aligns incentives. Vendors are paid to keep the metric healthy, not just to install hardware. Specifiers should specify: By codifying these in the specification and RFP, one opens the door for integrators to offer true lifecycle value while keeping clients off the CapEx treadmill. KRIs, KPIs and the GSOC as the Single Scoreboard Resilience as a concept fails when it lives in slide decks. It succeeds when it’s visible, trended and tied to incentives. That’s why the GSOC (or any Command Center) must display a balanced set of metrics: Each phase outputs measurable KRIs that reinforce or recalibrate KPIs. Anchor everything in standards (so audit teams nod, not frown) A metric-first, service-based design must still feel familiar to auditors and regulators. Use standards as your scaffolding: Including a cross-reference matrix in the spec that links each metric to a clause turns dashboards into audit evidence factories. Rewriting the RFP: Structure for outcomes, not just outputs A reimagined RFP should lead with intent and outcomes, not boxes and ducts. Below is a high-level outline you can adapt: Section 1: Intent & Outcomes State resilience and continuous compliance as strategic outcomes. List the KPIs/ KRIs expected on the GSOC wall. Section 2: Technical Scope (Metric BoM) For each system/ space, capture sensor type, accuracy, sample rate, protocol, data tag list, threshold, owner. Section 3: Commercial Models Demand both CapEx and SaaS² quotes. Include templates for – setup fee, monthly fee, refresh % per year, SLAs, service credits. Section 4: Data Governance & Security DPDP roles (controller/ processor), retention policies, anonymization/ pseudonymization options, API authentication (OAuth2), encryption. Section 5: Playbooks & Integrations Ask for at least three SOAR playbooks mapped to your risk register (e.g., flood event, fire pre-alarm, OT network anomaly). Require integration approach with existing SOC, BMS, CAFM, ERP, HRMS. Section 6: Evaluation Matrix Build a scorecard with heavy weightage on KPI/ KRI coverage, openness of protocols, scalability of the SaaS² model and proven performance metrics (MTTD, MTTR, Uptime). By scripting the RFP this way, you are signalling to bidders – “Don’t just drop a BoQ – show me how you will keep my resilience metrics green for five years.” Contracting: From lump-sum EPC to master service agreements “For two decades, India’s Global Capability Centers (GCCs) and IT MNC campuses have been built on a familiar blueprint – design the ELV and MEP systems to code, tender them out as capital projects, commission, hand over fat as-built folders – and move on. Meanwhile, resilience was ‘someone else’s problem,’ usually a business continuity or facilities footnote” 1. Master Service Agreement (MSA) 5–7 Years Bundle technical schedules (Sensor lists, APIs), commercial schedules (fee tables, indexation), compliance mapping and service credit mechanisms. 2. Performance Clauses & Service Credits If breached, apply fee abatements or demand remedial action plans. This ensures that resilience is enforceable, not aspirational. 3. Tech Refresh & Exit Clauses 4. Data & Privacy Addendum Clearly state data ownership, processing rights, breach notification timelines (e.g., 72 hours), and log/audit export rights. DPDP compliance must be explicit, not implied. Delivery methodology: Design → Build → Operate → Optimise (DBOO) Classic EPC handovers trap value in PDFs. A DBOO approach creates a living system: Data Governance: The new drawing register If drawings and schedules were the holy-grail of old projects, JSON payload schemas and API docs are the new scripture. Specifiers should insist on: By setting these expectations, you ensure the integrator is contractually obliged to deliver not just functioning systems, but structured data you can trust and prove. Toolkits specifiers should carry “Specifiers have historically been judged on the elegance and completeness of drawings, schematics and hardware schedules. Tomorrow’s value will be judged on how well you define what to measure, why to measure…

Deepak GuptaDirector, EverestIMS Technologies In today’s sprawling enterprise technology landscapes, what you don’t know can cost you – literally trillions. As organizations navigate an increasingly complex maze of on-prem­ises systems, hybrid clouds, edge devic­es, and shadow IT, a critical visibility crisis has emerged. The world’s enterprises are hemor­rhaging value through inefficient asset utilization, security vulnerabilities, and operational inefficiencies, all stemming from a fundamental problem: incom­plete understanding of their technology ecosystems. Enter Infraon Assets, whose unified asset discovery approach is reim­agining how organizations map, manage, and monetize their IT investments. The Astronomical Cost of Not Knowing The numbers are staggering. Ac­cording to recent analyses from McKinsey & Company and Gartner, global enterprises collectively waste over a trillion dollars annually due to poor visibility into their technology as­sets – a figure that continues to grow as IT environments become more distrib­uted and complex. Most organizations can only ac­count for about 45% of their technology assets with any real confidence. The remaining 55% exists in a gray zone of uncertainty, creating enormous finan­cial leakage and significant security exposure. With Infraon Assets, we’re directly addressing this trillion-dollar visibility gap that’s plaguing enterprise IT. This visibility crisis manifests in numerous ways – unused software licenses costing enterprises billions an­nually, over-provisioned cloud resourc­es sitting idle, hardware assets that go untracked until they fail, and security teams unable to protect what they don’t know exists. The Asset Discovery Challenge The root of this massive problem lies in how enterprise technology environments have evolved – growing organically over decades, accelerated by cloud adoption, IoT proliferation, and the blurring lines between corpo­rate and personal technology. Traditional approaches to asset management have failed to keep pace with this evolution. Manual invento­ries quickly become outdated. Siloed discovery tools provide only partial visibility. And the dynamic nature of modern IT means that any static snapshot of the environment is obsolete almost immediately. The legacy approach to asset discovery is fundamentally broken. Organizations typically employ 6-10 different tools that each provide fragmented views of the environment -network scanning tools, endpoint man­agement solutions, cloud management platforms, and more. None provides the comprehensive picture needed for truly effective management. Infraon Assets takes a radically differ­ent approach, implementing what the company calls ‘unified discovery’ that combines multiple detection method­ologies: The key innovation is how we synthesize these different discovery methods into a single, coherent view of the entire technology ecosystem. We’re not just collecting data – we’re creating relationships, mapping dependencies, and building a dynamic model that evolves as the environment changes. From Inventory to Intelligence What truly sets Infraon Assets apart is its transformation of raw asset data into actionable intelligence through what the company calls its ‘Golden Database’ of IT infrastructure insights. Most asset management systems are glorified inventory lists. They tell you what you have, but not what it means. Our approach converts that inventory into intelligence that drives business decisions. This intelligence manifests across several dimensions: The Economics of Asset Visibility The financial implications of com­prehensive asset visibility extend far beyond direct cost savings. Organ­izations leveraging Infraon Assets’ unified discovery approach report sig­nificant improvements across multiple business dimensions: When we look at the cumulative impact across all these dimensions, the ROI is extraordinary. We’re seeing pay­ back periods of less than six months for most implementa­tions, with ongoing benefits that compound over time. Technology Ecosystem Mapping: The New Frontier As Infraon Assets continues to evolve its platform, the company is pioneering what it calls ‘technology ecosystem mapping’ – a holistic approach that goes beyond traditional asset management to create a comprehensive visualization of the entire technology landscape. We’re moving beyond just tracking individual assets to understanding the complex web of relationships between technology components, business services, user experienc­es, and organizational outcomes. This ecosystem mapping capability enables organizations to: It’s about connecting the dots across the entire tech­nology footprint. When you can see not just what exists, but how everything interrelates, you unlock entirely new possibilities for optimization and innovation. The Human Element: Beyond Technology While technology is at the core of Infraon Assets’ offering, the company recognizes that effective asset management is ultimately about people and processes. The platform includes robust capabilities for managing the human aspects of technology ecosystems: Technology doesn’t exist in a vacuum – it’s acquired, configured, used, and eventually retired by people. Our approach acknowledges this reality by incorporating the human element into every aspect of asset management. This human-centric approach extends to the platform’s user experience, which emphasizes intuitive visualization and contextual information rather than overwhelming users with technical details. We’ve designed the system to provide the right infor­mation to the right people at the right time. A CIO needs different insights than a security analyst or a service desk technician, and the platform adapts accordingly. Looking Forward: The Future of Asset Intelligence As organizations continue their digital transformation journeys, comprehensive visibility into technology assets will become even more critical. Infraon Assets is already working on next-generation capabilities that will further expand the boundaries of what’s possible: The future of asset management isn’t just about know­ing what you have – it’s about leveraging that knowledge to drive better business outcomes. As technology environ­ments continue to grow in complexity, the value of com­prehensive visibility will only increase. Organizations that achieve this visibility will have a significant competitive advantage in terms of agility, efficiency, and innovation capacity. In a world where technology is increasingly the prima­ry driver of business value, Infraon Assets is on a mission to ensure that organizations can see, understand, and optimize every aspect of their technology investments – closing the trillion-dollar visibility gap and transforming IT asset management from a necessary administrative function into a strategic business enabler. Read More

Introduction Cloud-based access control is revolutionizing the way businesses manage security. Traditional on-premises solutions often involve complex infrastructure and high operational costs. Cloud-based systems, however, provide a modern alternative that enhances scalability, flexibility, and efficiency. This paper highlights why cloudbased access control is the ideal choice for businesses looking to optimize security while reducing costs and administrative overhead. Benefits Scalability: Cloud solutions allow businesses to easily scale their security systems to match growth. Whether you need to add new access points or integrate multiple locations, cloud-based systems can grow with your needs without the need for expensive hardware upgrades. Remote Management: With cloud-based access control, security systems can be managed from anywhere, offering flexibility for businesses with remote or distributed teams. This allows for real-time updates, quick changes to access permissions, and on-demand monitoring from any device with internet connectivity. Cost-effectiveness: Cloud-based systems have lower upfront costs as there is no need for expensive on-site servers or IT infrastructure. The subscription-based model allows businesses to pay only for what they use, reducing the total cost of ownership. Data Security: Cloud providers implement advanced security protocols, including data encryption and multi-factor authentication, to protect sensitive information. This ensures that access credentials and user data are kept safe from cyber threats. Concerns Internet Dependency: Cloud-based systems require a stable internet connection for optimal performance. If the connection is interrupted, access control may be temporarily impacted, potentially leading to security risks. Data Privacy: Although cloud providers implement strict security measures, some businesses may have concerns about storing sensitive data off-site. It is crucial to choose a provider that complies with privacy regulations such as GDPR to mitigate these concerns. Integration with Legacy Systems: Some business­es may have existing on-premises systems that need to be integrated with new cloud solutions. This can sometimes be complex and may require additional customization or third-party software. Real World Applications Cloud-based access control is ideal for businesses with multiple locations, growing teams, or those looking to reduce IT infrastructure costs. Retail chains, educational institutions, and multi-building organizations have benefited from the flexibility and scalability of cloud-based systems. For instance, a global company with offices in various countries can easily manage and monitor all their facilities through a centralized cloud system, making real-time changes to access permissions across all locations without needing to deploy physical infrastructure at each site. Conclusion Cloud-based access control offers an efficient, scalable, and cost-effective solution for businesses seeking to modernize their security infrastructure. By eliminating the need for on-premises hardware and enabling remote manage­ment, cloud solutions empower businesses to manage access control systems with greater ease and flexibility. With proper security protocols in place, the benefits of cloud-based access control far outweigh the concerns, making it the right move for businesses looking to streamline operations and fu­ture-proof their security systems. Read more

In a world where safety and security have become paramount concerns, the role of private security guards has grown tremendously. With approximately 10 million individuals dedicated to ensur­ing the safety of others, these guards form an integral yet often overlooked backbone of our society. However, beneath their uniforms lies a narrative of hardship, exploitation, and systemic neglect. The Daily Reality: Underpaid and Overworked Private security guards are frequently subjected to egregiously low wages, often falling below the legal minimums. Many are not entitled to essential benefits such as Employee State Insurance (ESI), Provident Fund, or other welfare schemes designed to protect workers. Instead, they are forced to scrape by on meager salaries that do not reflect the importance of their work or the risks they face daily. Their plight is compounded by a lack of job security and precarious employment conditions, with many guards receiving no housing assistance, sick leave, or gratuity benefits. This is most prevalent in Housing Colonies where RWAs hire untrained security workers from unli­censed security agencies due to financial challenges being faced by them. Resi­dents are reluctant to contribute towards the Security Services. A Culture of Disrespect The unfortunate reality is that these guardians of our safety are often met with contempt by the very people they are trying to protect. Reports of guards being insulted, shouted at, or even phys­ically assaulted are not uncommon. In residential colonies, it is a common prac­tice for security guards to be tasked with collecting monthly contributions from residents for security services, a respon­sibility that exposes them to potential conflicts and hostility. For many, the act of performing their duty to ensure public safety is met with aggression rather than gratitude. The Psychological Toll The undue stress and lack of respect faced by private security guards take a significant toll on their mental health and overall wellbeing. The constant cycle of criticism and abuse, combined with job instability, fosters an environment of insecurity and despair. These individuals, who dedicate their lives to safeguarding the community, often find themselves in the most insecure positions, both profes­sionally and personally. The Need for Change The plight of private security guards necessitates an urgent call to action. It is crucial to set up a dedicated com­mission to study the living and working conditions of these workers comprehen­sively. Such a study could highlight the systemic issues they face and pave the way for effective reforms. Additionally, corporate entities that rely on the service of private security must take responsibility for uplifting the living conditions of those who protect their assets and employees. By advo­cating for fair wages, providing essen­tial benefits, and fostering a culture of respect, businesses can contribute to a significant change in the lives of security guards. The life of a private security guard is a testament to the resilience of the human spirit in the face of adversity. However, as a society, we must do better. Acknowl­edging the struggles of these individuals and advocating for their rights is not merely an act of charity; it is a moral imperative. By addressing their challeng­es, we can ensure that those who protect us are afforded the dignity, respect, and support they rightfully deserve. It is time for action – not just for the sake of the guards, but for the integrity of our socie­ty as a whole. Read More