Category: Latest

The Private Security Sector (PSS), which employs the second largest manpower in India after the agriculture sector, is a moderately motivated sector of the country. The sector engages approximately seven million people today and is growing at an annual rate of 25 per cent. But unfortunately, majority of job-seekers and already employed members of the sector are found unwilling to adopt security profession and resort to it as their last option. The employment normally comprises youth who lack in education and training, and hail from the weaker sections of the society. They are either school dropouts, or are unable to afford the huge cost of education and training which can enable them to meet their inherent desire of living a respectable life. The unwillingness is attributed to the presumed less respect to the role, as well as the miserable salary drawn which is fixed at bare minimum wage for unskilled/ semi-skilled labor. Education and training not only elevate respect and livelihood, but also enhance the efficiency of the sector. Self-respecting and confident personnel are highly focused and more competent, and with their world class executions they could be able to get recognitions all around the globe. This also opens the global scope for employment. The current government has also taken upskilling of the security persons seriously and designed several pertinent policies and institutions including Skill India, NSDN, SSSDC, PMKVY and so on. Employee problems appear in various shapes and sizes such as complaints of sexual harassment, money missing from employee lockers, workplace accidents, employee sabotage, and so on. Workplace disputes often have personal importance to the employees involved, as well as they also impact their livelihood adversely. This makes the employees sometimes tending to tell lies and hide facts. From these differing accounts employers must arrange to thoroughly investigate the issue and determine what really has happened. Any workplace investigation requires judgmental calls about what issues to investigate, who to include in the internal investigation, and ultimately who to believe on. The goal should be to conduct the investigation in the fairest way possible. But do the employers have an efficiently educated and trained team to successfully resolve such issues; or they need to arrange training? There is surely a gap. Security education and training is a serious concern and need of the time, with a wide scope, of course. Proactive call by Lancers Network Limited Lancers Network Limited, under the leadership of Kunwar Vikram Singh, a security veteran, has proactively taken up the challenge and been engaged in facilitating security trainings for several years. Lancers Network Limited is South Asia’s leading Risk Consulting firm, operating in the high-on-risk countries of the region. Established in 1980, the firm continues to pursue its founding principles of integrity, confidentiality and value addition, and thus has created a strong client base across the globe. Equipped with a highly experienced operational team of over 120 professionals drawn from the financial sector, armed forces, police, security services and industry professionals; the company has developed a reputation for providing quality driven, customer focused, and highly successful actionable intelligence and security solutions. They have achieved unmatched client retention levels across Automotive, Chemicals, FMCG, Banking, Insurance, and IT Industries. Lancers impart security training in partnership with the following international organizations: ARC Training International Academy for Security Management Arc Training is the UK based leading international providers of security management training courses. They work with security professionals from all over the world, providing fully-accredited qualifications in subjects that are current, interesting and internationally relevant. Tavcom Training Part of the renowned Linx International Group, Tavcom Training is also the UK based world’s leading provider of accredited security systems training courses. They provide award winning BTEC certificated courses to installers, operators, managers, and designers of CCTV, Network IP, Intruder alarm, Access control, Fire alarm and all other types of electronic security systems. Perpetuity Academy Another UK based Perpetuity Academy is specialized in the fields of security, crime and risk management worldwide, offering accredited training courses designed for managers, supervisors, and practitioners. Strongly supported by universities and professional bodies, their courses provide the latest thinking and best practices, combined with academic knowledge that is required for today’s security professional. Courses Lancers, in collaboration with their partners, offer various levels of courses to cater to different categories of on-job as well as off-job aspirants. They provide both BTEC (Business and Technology Education Council) level, as well IQ level courses. Some of their offerings are as follows: Corporate Intelligence Management (3 Day Programme) The effective analysis and communication of commercial intelligence is a rapidly developing area of responsibility for security managers. This course provides a critical introduction to the key ideas, techniques and issues that make up the effective use of intelligence within a corporate environment. The course is of immediate benefit to security managers, security supervisors or multi-tasked managers, and those who are seeking to make a career in security management. Risk, Crisis & Disaster Management (BTEC Level 4: 3 Day Programme) Acting confidently in a crisis is vital in protecting the business. This short course prepares staff at all levels in how to effectively manage a crisis, and to help prevent unexpected incidents. It aims to equip security professionals with a broad spectrum of knowledge relating to risk, crisis and disaster management within their organizations. It also deals with all aspects of crisis and disaster management including the composition and operation of the crisis management team. The course immediately benefits those who are working as security managers, or those seeking to make a career in security management with an inclination to crisis management. Managing Security Surveying (BTEC Level 4: 3 Day Programme) Conducting a security survey is an essential skill for security managers. This course provides a step-by-step guide to the process of conducting an effective survey, and supplies a template for conducting one’s own security surveys. The course shows how to identify the particular threats to the business, premises and staff, and how one can protect against them. The course…

With the evolution of Internet of Things (IoT) the security challenges for industrial security are increasing exponentially. The 25 billion globally connected devices in 2015 are expected to double by 2020. On an average, each individual is expected to be connected to six things online in terms of sensors, smart objects and device clustered systems. Under this scenario, and given the fact that the weakest link will continue to define the robustness of any organizations security architecture, security vulnerabilities are poised to increase manifold, in terms of the scale, intensity and complexity of the attacks. The effects of these attacks, however, will not be restricted to the cyber domain alone. They will also impact the physical security of the people and infrastructure, in spite of having the best ‘physical security’ controls in terms of people, processes and technology to mitigate these threats. Holistic approach to address the security threat landscape This calls for a multidimensional integrated security concept, holistically encompassing physical security, cyber security, information security, business continuity, risk management, compliance and privacy protection, and emergency & crisis management. The convergence between logical and traditional physical security will entail a cascading effect on these seemingly different dimensions, with the impact multiplying at every stage. For instance a cyber-breach can impact safety, which in turn would impact compliance, as also may cause physical damage by aggregating the compound effect impacting business continuity, thereby directly impinging on the bottom-line. A combination attack using multiple threat vectors can adversely impact the market sentiments in no time. This will lead to long term brand erosion, as well as economic loss to the business, which in turn will have an adverse impact on the industry and the nation at large, especially if critical infrastructure is targeted. This has necessitated that we create synergy across the threat landscape to deal with a combination of physical and cyber-based threat vectors. In order to achieve this objective it is important to act in a concerted manner. As a result, chief security officers need to take care of the physical as well as the digital aspects of security and simultaneously address the increasingly complex area of compliance. Convergence not only helps in providing enhanced level of security but also results in cost saving by integrating disparate systems and optimizing resources; both in terms of personnel, processes and technology platforms. Case studies Hackers targeted Sony Pictures and wiped out half of their global network. They erased everything stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. At the same time, they ensured that nothing could be recovered by using a special deleting algorithm that overwrote the data seven different ways. Subsequently the code targeted each computer’s start up software and rendered the machines brain-dead. A group of cybercriminals successfully targeted 100 banks in 30 countries globally including US, Russia, Ukraine and China after phishing its targets with infected email attachments. The criminals used their computer exploits to dispense cash from ATMs or transfer cash digitally to accounts they controlled. The USD 1 billion haul was unprecedented in its scope, which Kaspersky reported as under investigation. LinkedIn confirmed in 2016 that the impact of a 2012 breach in which 6.5 million users’ passwords were compromised, is now likely to be closer to 167 million users, 117 million of whom had both their e-mails and passwords exposed. The 1768 km long Azerbaijan – Georgia – Turkey (Baku-Tbilisi-Ceyhan) crude oil pipeline connecting the oilfields in the Caspian Sea to the Mediterranean Sea was blown up by hackers. They exploited the vulnerabilities of the IP cameras communication software, to gain entry and move deep into the internal network, to blow the pipeline by over pressurizing it. This resulted in a loss of USD 1 billion in export revenue for Azerbaijan and the pipeline was out of action for 20 days. The stuxnet virus that was used for spinning several centrifuges out of control at an Iranian nuclear facility was believed to have been transmitted using a thumb drive that was physically inserted into a computer within the facility. Critical infrastructure is the most vulnerable with high impact Thus, in future, critical infrastructure in particular is likely to be targeted by both terrorists and state sponsored actors, as it provides an easy option to them. Future wars will be asymmetric in nature. Economically weaker nations will inflict heavy economic loss on their adversaries to include both life and property, by using meagre resources, as compared to achieving the same using conventional means at a huge monetary cost and loss of lives. All it takes to target critical infrastructure is a bunch of highly trained cyber hackers who require hardware, software and a high-speed internet connection, and all of this cost not more than a few hundred thousand dollars, and will to execute. The best part is that it can be done sitting anywhere in the world and one need not be physically present at the target location. The victim organization/ country cannot be very sure of the identity of the perpetrator group/ individual/ country and retaliate immediately, thereby they can virtually go scot free in terms of facing any consequences, and enjoying virtual immunity against any adverse action due to lack of stringent laws dealing with sharing of data and lack of collaboration at the global level. Need for public private partnership and restructuring of the traditional security organization There is a need for public private partnership to effectively deal with such scenarios, wherein we pool in the resources of the government and the private sector to address these security challenges to our critical infrastructure and the industry at large. At the same time, there is a requirement to create a CXO level appointment within the organization who should be responsible for addressing the security challenges to include both physical security as well as cyber security. The CXO should also be integrated with the Government agencies both at the national and international level, for exchange of relevant information,…

Recently there have been several policies, simulations, active designing and implementation of smart city concepts in several locations around the world including India. Today, the world is talking about connecting everything to the internet. The fourth industrial revolution (Industry 4.0), a term used to draw together cyber-physical systems, the Internet Services and Internet of Things (IoT), has started to revolutionize projects such as smart grids and smart cities. There is no universally accepted definition of a smart city, with different schools of thoughts describing this concept in terms of annotations depending on their geographical scope, location and socio economic settings. Faced with rapid urbanization, city planners are turning to technology to solve a wide range of problems associated with modern cities.  To provide for the aspirations and needs of the citizens, urban planners ideally aim at developing the entire urban eco-system, which is represented by the four pillars of comprehensive development – institutional, physical, social and economic infrastructure. This can be a long-term goal and cities can work towards developing such comprehensive infrastructure incrementally, adding on layers of ‘smartness.’ Ideally the planning of a smart city originates from the end user. The needs of the end user are assimilated in a systematic manner and are then distributed into several smart layers such as transportation, energy, utilities, finance, social, and logistics, amongst others. A true smart city is networked in such a manner that there is a balance between sustainable socio economic growth and urbanization. There are several examples of successful smart cities in the world such as San Diego in southern California and Glasgow in Scotland. The above illustrations show a few aspects of steps required to convert a city into a smart city. There are also several aspects of smart cities that are directly related to critical information systems and critical infrastructure. These components directly connect an end user to the service provider in terms of information display and service availability. For example, an end user can directly monitor the usage of piped gas from a mobile application; at the same time sensors in a house detect motion and usage, and the service can be cut off in case no one occupies the premise. This close networked platform is usually achieved through machine to machine communication (M2M) or an IoT platform. So how do we define these critical infrastructure platforms? Critical infrastructures are usually divided into physical and socio-economic infrastructure systems. Physical critical infrastructure encompasses all basic services such as electricity and water supply, waste (water) management, transport or information and telecommunication technologies. Socio-economic infrastructures instead include facilities such as banks, hospitals and schools but also public administration. Critical infrastructure is also a term used by governments to describe assets that are essential to the functioning of the society and economy. Future cities will challenge existing safety and security engineering models e.g., the United States electricity blackout in 2003 showed that in interdependent networks a very small failure in one network might lead to catastrophic consequences. New and complex cascading failure modes will arise out of unforeseen or emergent system characteristics as they are developed in an incremental and ad hoc fashion, especially where more sophisticated technologies are added to an already ageing physical infrastructure. A common concept between smart cities and critical infrastructure is cyber physical systems with city as the platform or (CPS). There are a number of definitions of CPS. Common features effectively describe control systems, networked and/ or distributed, incorporating a degree of intelligence (adaptive or predictive), and work in real time to influence outcomes in the real world. These definitions point to the diverse nature of CPS found in transportation, utilities, buildings, infrastructure, manufacturing, and health care. Although CPS have similarities with traditional data processing systems e.g., their networked or distributed nature and a degree of automation, the real-time nature of their interactions with the physical world is a significant difference. Interactions are sensors detecting and measuring physical parameters with actuators to control physical processes. Feedback loops allow data about the environment and the physical processes to be collected and computed. Actuation may be automatic or by an alert to a human operator. Critical infrastructure systems are CPS, whose failure would have economic or social impact. Society expects systems will operate in a safe, secure and consistent manner. In response to environmental, demographic and societal pressures, cities may no longer conduct business as usual. Traditional city models are no longer appropriate, as transport and utility infrastructures become unsustainable and require significant investment. Some cities have embraced the concept of the ‘city as a platform,’ a hyperconnected urban environment that harnesses the network effects, openness, and agility of the real-time web. The focus has been on access to data, leading to development of smartphone apps and portals allowing citizens to ‘connect’ with city services and institutions. To address cyber security requirements, we need to understand the proliferation of functions in this hyper-connected world. Where functions in individual CPS interact, they will create new functions that will proliferate over time. To protect these complex systems, we need to understand their network of functions, relationships and interdependencies. A study of critical infrastructure interdependencies led to the identification of six dimensions, which can be used to examine CPS and supporting infrastructures: Type of interdependency e.g., cyber, physical, logical or geographic. Environment e.g., business, economic, public policy, legal, regulatory, security, technical, health/ safety, or social/ political. Coupling and response behavior e.g., adaptive, inflexible, loose/tight or linear/ complex. Infrastructure characteristics e.g., spatial, operational, organizational or temporal. Type of failure e.g., common cause, escalating or cascading. State of operation e.g., normal, stressed/ disrupted, restoration or repair.   Identifying critical city infrastructure in every smart city project is of prime importance. Whilst there are a number of definitions for critical national infrastructure, from a city perspective the concept of critical infrastructure is not well defined. The UK’s definition of critical national infrastructure (CNI) is: “Those facilities, systems, sites and networks necessary for the functioning of the country and the delivery of…