ue Sask

upgrading hexpenditure

Security prabout drawsubject of keys of loss

Let’s

The mobserbut unwhat gSecurattentman o

his knowlee.

rofession iwing the ‘b

human pss preventio

N

s profe

most esservation! Nonderstandigoes on arrity professtion to the on the sysedge and s

is more abig picture’

sychology on as well a

Newslett

essionahttp://s

ential quaw we see ying the imround us issionals payfact that in

stem who kills is con

bout obser. Thus all and obseras crime p

er: Janu

alize thbtyagi.wix.co

lity, whichyet do not plications

s a very impy attentionn spite of vwill make

nsidered in

rvation, prothe securi

rvation of revention!

ary 2014

he profom/icissm

h we havobserve. Oof what w

portant reqn to electroverity of bfinal call!

nvestment i

ofiling of rty professhuman be

4

fession

e but ignObservationwe see. So quirement fonic surveest video aIt is there

in profit rat

range of hionals neehavior for

nals…

nored, is n is not juseffective o

for better sillance yetand audio efore very ther than n

human inteed to mastr there they

Ca

the powest seeing tobservatiosecurity set they pay analytics, essential

non-produc

erventions er the deliy can find

apt S B TyFor IC

1

r of hing

on of nse. less it is that

ctive

and cate

d the

yagi CISS

Itainth ICN‘N2 Itres T

Act

t might havand FICCI tonsightful anhem.

CISS was ENovember aNational Co2014, there

t gladdens eorganizing

striving for e

Thus we hav

tivities i

e been notio launch Ind

nd deal with

Events Partat Abu Dhabonference oare at least

our heartsg their policexcellence.

ve reasons

in Year

iced by our dia Risk Su the strateg

ner with by bi. The couon Electronit four event

s to note ties and pro

to rejoice a

gone by

esteemed urvey 2013. gies being a

‘Global Enencil was alsic Security s lined up in

hat slowly ocedures. T

and tomorro

y and c

members tIt was gran

adopted by C

ergy Securso event paand Survein which the

security prTheir practic

ow certainly

commitm

hat ICISS wnd success Corporates

ity Conferenartner with ‘llance’ held

e Council wi

rofessionalsces are now

hold place

ments fo

was partnerand its repoto mitigate

nce 2013’ hGlobal Digi

d recently all be the Ev

s are wakinw finding wo

of pride for

or New

r with Pinkeorts are ver the threats

held in May ital Surveillaat New Delhvent Partner

ng-up to ‘corld’s bench

r security pr

Year!

erton CRM Iry revealings being face

at Dubai anance Forumhi. For the Yr.

call-of-duty’ h-marks and

rofessionals

2

India g and ed by

nd in m’ for Year

and d are

s.

3

Ntep

TtnetobUcebinte

Wtrpcss

OTeBasaw R Dsach Oah

Natural Gahe econo

environmenprotect its d

Technologihe last 2

natural gaseffective, so serve ou

based proUnfortunatecost of a mefficient indbecome anncreasinglyerrorists.

We are mehrough ouobust cy

protectionscommitmensuccessful stream stak

Our naturaThis said, employing Because oarray of gosecurity meand industrwhich helps

Risk Facto

Designing, safety, andand analyscomponenthuman, and

Operating assessmenhandling su

as is the foomy, our ntal oppordistribution

cal adva0 years hs utilities

safer, and ur customeograms ely, the

more connedustry is thn attractivey sophistic

eeting the tur skilled yber-securis, an nt to secuongoing c

keholders.

l gas delivall indusweb-base

of this, gasovernment echanism ry operators stakehold

ors for Pip

operatingd security nsis of all tts and thed environm

and maintnt is one ouch explos

oundation fenvironme

rtunity natun pipeline s

ances ovehave madmore cosbetter ab

ers via weband toolsopportunit

ected, morhat we have target focated cybe

threats daipersonne

ity systemindustr

urity, and cyber-secu

ery systemstry operaed applicas utilities aand indusis the exisrs. This paders adapt

peline Ope

, and mainneeds as whe risk fa

eir operatiomental syst

taining a gof the soluive and fla

fuel for a cent and oural gas ofsystems fro

er de st-le b-s. ty re ve or er

ly el, m ry a rity partne

m is the saators recogations for adhere to mtry cyber-s

sting cyberartnership ft quickly to

erators

ntaining a pwell as proctors. Attaon, but thotems to wh

gas pipelintions that

ammable g

clean and our energffers our com cyber-a

ership with

fest, most gnize theindustrial

myriad cybsecurity inir-security pfosters the

o dynamic c

pipeline faocess contacks on a ose impac

hich they a

e involveshelp to moods such

secure engy securitycountry, thattacks.

governme

reliable enre are incontrol a

ber-securittiatives. Hpartnershipe exchangecyber-secu

acility to metrol requirecyber- sy

cts can exre connect

s numerouaintain saf

h as natura

nergy futury. Alongsihere come

ent and wit

nergy delivherent cy

and businety standardowever, thp between e of vital cyurity risks.

eet essentements reqystem mayxtend into ted.

s safety cfety paraml gas.

re, providinide the e

es great re

th up-strea

very systemyber vulneess operads and pahe most im the centrayber-secur

tial availabquires carey involve o

the physi

concerns. Cmeters - es

ng benefitseconomic esponsibilit

am and do

m in the woerabilities ating systearticipate inmportant cy

al governmrity informa

bility, reliabeful evaluaonly the cyical, busin

Cyber secspecially w

4

s for and

ty to

own-

orld. with

ems. n an yber-ment ation

bility, ation yber ess,

urity when

5

Robust Open Access Code There is a need for a robust open access code for the natural gas pipelines as it is expected to facilitate access to pipeline infrastructure and benefit market participants. Natural gas producers get benefit from it as open access allows new suppliers to reach consumers Downstream participants like the distribution entities get benefit from direct access to the natural gas producers and a greater choice in gas supply. End users also benefit through increased competition and choice of gas distributors. Guidelines notified by Petroleum & Natural Gas Regulatory Board (PNGRB) allow utilization of capacity in a natural gas pipeline by any entity on a non-discriminatory basis as well as the assignment and trading of capacity in the open market. PNGRB has also come out with an “Access Code” for natural gas pipelines. However, the code needs to be strengthened further in order to achieve the desired outcome. The current code is not designed to deal adequately with multiple owner operators leading to issues of compatibility. PNGRB needs to setup a separate committee to come out with suitable recommendations to strengthen the access code, in line with developed codes of matured markets. This situation increases the vulnerabilities of the distribution network and makes SCADA easy and lucrative target. Securing Supervisory Control Systems

Today’s natural gas transmission and distribution systems depend on computer technology and supervisory control and data acquisition (SCADA) systems to operate safely and efficiently. In the India, by 2030 there will be nearly 30,000 KMs of natural gas transmission pipelines. In 2012 India had about 36,284 KMs of various types of on-shore / off-shore crude, product and NG pipelines.

The need to provide effective cyber security is similar to challenges faced by bulk electric system and local power distribution providers, except that natural gas systems transport molecules, not electrons, and are equipped with safety devices, which are, in most cases, manually operable as federally required. But all of these groups depend on communications infrastructures, computer technologies, and people to safely and efficiently transport the energy product to the end user.

Many utilities have employed a series of measures to protect the critical computer systems and networks that control the flow of energy over geographically dispersed facilities. These measures include the use of technical and administrative controls.

Technical controls often used include, but are not limited to:

Firewalls to separate control systems from general corporate networks and the internet Network intrusion-detection systems to alert operators of potential security events Event-logging systems to capture and maintain information regarding the operational

status of control networks

Administrative controls often used include, but are not limited to:

Overall cyber-security policy and procedures Change-management and change-control practices

Oscyacc

A

TaIpato

R

Toca

Disa

One of thesystem SCcomputer eyears. In coa decade ocommunicacurrent enc

Addressin

The Opeand IT dnfrastructu

power genand nucleao pay atten

MoreBroaorga

The attacproccapa

Neecybeto reDatanetw

Anotefficconnpathtrans

ThertechcomBelathe fwas procCon

Robust, Se

This capabon more hcommunicaare availab

aster-recov

e major chCADA and equipmentontrast, naor more. Late with sycryption tec

g the Vuln

rations, Sadecision-mures, espeneration anar energy antion to fol

e and moradband Ganizations u

networks ck by virucess controabilities and to keep er-attack ceduce cybea Acquisitioworks. ther challe

ciencies, mnected to hway for msmission ore is real t

h-savvy termputer wormarus. It is tfirst to inclspecifical

cesses. Sttrollers (PL

ecure, Glo

bility calls fhigher leveation netwoble which

very and bu

hallenges process-c

t, such asatural gas SLegacy sysystems thachniques.

nerabilitie

afety, Semakers of

cially oil &nd transmare well adlowing asp

re reliabilitylobal Areausing themare susce

uses, wormol networkd negativecontrol syould severer vulneraon) System

enge withmany of thcorporate alicious co

or distributihreat to SC

rrorist and m first discthe first disude a PLCly written ttuxnet incLCs) and h

obal Comm

for seamleel, of the Norks for criprovide ro

usiness-co

associatedcontrol com desktop

SCADA costems mayat use

es:

curity, Key

& gas, mission dvised pects -

y on Locala Networkm. eptible to ms or otheks and relaely impact tystems saferely damagbilities in pms: to iden

h protectinhe energy

businessomputer pron of natuCADA fromStuxnet is

covered in scovered wC Rootkit, to attack Scludes thehide its cha

municatio

essly conneNation by itical operaobust conn

ontinuity pla

d with promponents computers

omponents y not be a

l Area Netwk (BGAN)

attacks aier forms

ated systemthe nationae and secge or crippprocess contify new t

ng energy SCADA asystems.

rograms orral gas, elem mischiefs the mostJune 2010

worm that and the fir

SCADA syse capabilitanges.

n Solution

ecting all oproviding

ational systnectivity a

anning and

oviding cybis address

s, is geneare often

able to be

work (LANbrings inc

med to disof cyber-tems could dal economyure, and tople infrastrontrol and ypes of se

systems and proceSome of tr unauthoriectricity or f mongers lethal com

0 by Virusspies on arst to targestems usety to repr

ns

oil & gas inhighly ava

tems. A nand comm

d exercises

ber-securitsing legacrally repladesigned apatched o

N), Wide Acreased th

srupt and errorism odestabilizey. o help minuctures. WSCADA (S

ecurity sen

is that, tss-control hese connzed users water. prowling in

mbination! sBlokAda, and reproget critical ined to controrogram the

nstallationsailable, roumber of cunication h

s

ty protecticy equipmeaced everyand pricedor be able

Area Netwohreats to

destroy thon oil ande energy in

nimize the We need toSupervisor

nsors for p

to enhancsystems

nections hto potentia

n the web-It is a Win a securityrams indu

ndustrial inol and moe Program

s of an orgbust, secucommunicahelpful for

on for eneent. Corpoy three to d to operatee to effecti

ork (WAN) operations

hem. Suchd gas indundustry su

chance tho identify wry Control rocess con

ce operatihave becoave createally disrupt

-world andndows-spey firm basestrial syste

nfrastructurnitor indus

mmable L

ganization ure, integraation solutr protectio

6

ergy orate

five e for ively

and s of

h an ustry pply

hat a ways

and ntrol

onal ome ed a t the

d the ecific ed in ems, re. It strial ogic

and ated tions n of

7

assets and personnel in environments where a high standard of inherent safety is a mandatory requirement. There are resilient telecommunications networks such as Broadband Global Area Network (BGAN), which allow for simultaneous voice & communication data communications and secure access to applications from almost anywhere in the world. Taking The Risk out of Gas Operations – What to Consider IT threats are mainly addressed by IT solutions. There are IT Solutions provide very effective predictions, diagnosis and prognosis. In many instances, they help assessing and remediating the cyber security vulnerabilities of their gas distribution pipelines and equipment. Their solutions for oil and gas pipelines promote safety, environmental responsibility, and efficient operations. The cyber security vulnerability assessment is designed to examine the three core facets of an organization’s cyber security:

People: What is the cyber security awareness level in the organization? Are staff members following security policies and procedures? Have they been adequately trained to implement the security program?

Process: What are the cyber security policies and procedures in place in the organization? Do these policies and procedures meet key requirements?

Technology: What cyber security technologies are in use in the organization? How are these technologies configured and deployed?

Prognosis: While above are the main strategies for securing the transmission and distribution of natural gas, constant improvement and improvisation is needed to be carried out to make security measures reliable as well as cost effective, as in present phase of economic melt-down no organization will take decision without working out the ROI (Return on investment). EU has set up a task force to explore what its 25 member states are doing to combat cyber-threats against critical infrastructure. As part of the EU’s Critical Information Infrastructure Research Coordination, CI2RCO project, task force aims to identify research groups and programs focused on IT security in critical infrastructures, such as telecommunications networks and power grids. The scope of the cooperation goes beyond the EU; the task force also wants to include USA, Canada, Australia and Russia. India with its strong IT workforce, known world-over for its prowess must join such cooperative and collaborative efforts! Off-shore Security Co-ordination Committee (OSCC) needs to be institutionalized. With the initiative of ONGC, it exists in many states where essentially ONGC operates. All other ONG PSUs having presence in the state are invited to be members. This forum discusses and seeks to address the security threat faced by the sector with the help and co-ordination of state administration and police. Haryana, where there is no presence of ONGC, similar initiative by other ONG PSUs made similar OSCC operational. Now is the time that its umbrella is spread to cover private sector operators and make it a true PPP model! Similarly on the lines of Homeland Security Department in USA, the lead needs to be taken by the IB and Indian Computer Emergency Response Team (CERT In) to address cyber-

vn Dsatot

vulnerabilitnatural gas

Dedicated security ananother prio fail. Onlyheir securi

ies, the ss transmiss

manpowernd disasterme respony those wility and em

olutions asion and di

r ready to r responsensibility of l succeed ergency re

nd updatestribution i

face the de plan. To the Managin this sec

esponse pl

e preparedis effective

disaster wokeep them

gement asctor who foans!

***

dness so ely address

ould alwaym constans otherwiseoresee and

that secursed.

ys be centrtly motivat

e even thed fore-plan

rity and in

ral consideted and up

e best planand rehea

ntegrity of

eration for pdated is

ns are doomarse therea

8

the

any also med after

Ieamceon ItaAPbvtefo TwbNTKisNctbTcoMsda I((Dw ABJb

n the preenhanced activities, gmonitoring country toequilibriumon the othenefarious a

t becomesabout 1500AfghanistanPakistan aborders Indvast coast erritories orces.

The Indianwell as woborder manNot only thThe longesKMs. Nepas required Nepal bordcultural, ethhem is ve

boundary dThe task complicatedor by one Military Fostates. Nedifferent Mand prioritie

ndo-ChinaUnder CaITBP, repo

Defence), Aworks unde

Although InBorder SecJ&K sectorbehest of I

esent day manifold bgun runniof all pe

o another. At one h

er hand unsactivities.

s much mo00 K.Ms n in Jammand declardia has a cline, Indianas they c

border world’s mosnagement his, India’sst border ital being a v for citizender. Both hnic and bery heavy disputes wiof efficiend as IndiaMinistry;

orces as weedless toinistries anes.

a border iabinet Secorts to MinAssam Rifer MHA.

ndia-Pakiscurity Forcr is controSI regularl

world thebecause ong etc. E

eople, animr. The sehand legitimscrupulous

ore importawith sevemu & Kared as Nocoast line on security acan also

ith neighbst difficult

as a very border dit shares wvery friendns of boththe count

business tand is d

ith China ant manag’s border iit is guardwell as by say thatnd all of th

s mannedcretariat), istry of Hofles, which

tan borderce (BSF), lled by Indly violates

e importanof terrorist Efficient bomals and ecurity agmate activs elements

ant for Indin countrieshmir whiorthern Arof 7683 KMagencies hbe misuse

ors includeborder, wdaunting affers from ith Banglaly country the coun

tries have ies hence ifficult to

and Pakistaement of s manage

ded by miy Police t all these

hem have d

d by SpecIndo-Tibe

ome Affairsh has offic

r is by andbut Line odian army.the cease

nce of Bo

threats, sorder man

goods whgencies h

vities shouls must be r

a as it shaes includinich is illegreas. Besi

Ms. In addithave to guaed by ant

e porous bhich makeand weariscountry todesh whicno passpotries to crvery old the traffic

manage. an.

borders ed not by olitary, variForces ofe forces different w

cial Frontetan Bordes), Army (Mcers from

d large mof Control . Pakistan

efire line an

order Manasmuggling, nagement hich go frhave to ld not hamrefrained fr

ares land bng 106 K.gally occuides land tion to the ard island ti-national

border as es India’s some job.o country. ch is 4339 ort or visa oss Indo-religious,

c between India has

becomes one Force ous Para

f different report to

work ethos

ier Force er Police Ministry of Army but

anned by (LOC) in Army on

nd had vio

agement criminal includes

rom one maintain

mper and rom their

border of .Ms with upied by

olated appr

The authCabinet has atteIndia acollectionof reportsunder whdepicted is predict Besides the notebe adopbecomesHe hassecurity beside ateam. Htenures including PresentlyConsultamagazineBesides articles indeliveringmilitary organizainterest terrorismIndia aForeign r He canjai_pushp

roximately

hor has retiSecretaria

ended seveand abroan of intelligs and prepahich curren as well as ted.

this, it is alses what mepted so thas in favour s handledmatters at

administratioHe had va

in seveg Pakistan.

y he is ant in Ine (www.inworking I a

n the magag lectures

& ations. He

in intem, terrorist oand abroarelations.

n be repa@hotma

260 times

red as Diret in 2007.

eral coursead relatedgence, anaaration of nnt situation

future scen

so suggesteeasures shat the situaof the cou the intet National on of large wrious overseral coun

working ndia Stratndiastrategicam also wr

azine. He is in various

intelligehas sp

rnal secuorganizationad, Naxa

eached ail.com

9

s the

ector, He

es in to

alysis notes

was nario

ed in hould ation

untry. ernal level work seas

ntries

as tegic c.in). riting also

Para ence ecial urity, ns in lism,

at -

10

ceasefire agreement in 2013 alone. India and Pakistan both nuclear powered nation already fought three wars and presently Pakistan has engaged in a low intensity war against India. Presently ISI is helping Kashmiri terrorists and master minding terrorist activities not only in J&K but in various other parts of India.ISI is instigating misguided Muslim Youths and financing Indian Mujahideen (IM) an Islamist terrorist group based In India. ISI is also smuggling Fake Indian Currency Notes (FICN) in India from different countries including Nepal, Bangladesh and Pakistan. According to an estimate Rs. 169000 crore (Rs.169 trillion) fake Indian currency notes are in circulation in the country. Hence the effective management of India-Pakistan border cannot be over emphasized. Sashastra Seema Bal (SSB) looks after India-Nepal border. SSB, which was previously Special Security Bureau (SSB) was under Cabinet Secretariat, is now reports to MHA. Bhutan border which is relatively peaceful is guarded by BSF and SSB. Indian Army and Assam Rifle safeguard India Myanmar border. The insurgency in Northeast is fuelled, financed and abetted by China and Pakistan. Naga and Mizo terrorists frequently cross India Myanmar border for shelter, training and assistance. These insurgent groups run training camps and have safe houses in Myanmar. Not only this, these terrorist groups are deeply involved in smuggling of drugs and weapons to finance their struggle. As the terrain of the area is very difficult the task of Indian security forces becomes very strenuous. BSF controls Indo-Bangladesh border and there are never-ending fights between BSF and Bangladesh Rifles (BDR). In fact few thousand acres of Indian land is within Bangladesh and lot of Bangladeshi land is in India. 1974 Land Border Agreement tried to resolve this issue but the agreement cannot be implemented as it is a politically sensitive issue and both countries lack the determination to solve the issue. Fortunately the economic growth of India is much higher in comparison to all its neighbours except China hence there is large scale of migration from neighbouring countries. According to an estimate nearly 1.5 million Bangladeshis are living illegally in India. Besides this there are other threats like infiltration and ex-filtration of terrorists, drug & human trafficking, arms smuggling, a close business partnership has emerged between drug and arms smugglers, funds are sent for establishing Madrasas. The list is endless. Principally MHA is responsible for the border management and Para Military Force should guard the borders. Presently more than one Para Military Force looks after the acknowledged border and army looks after LOC in J&K and Line of Actual Control (LAC) on Indo-Tibetan border. Here it is pertinent to note that multifarious agencies are involved in protecting the borders. Needless to say that efficient command and control is the biggest casualty in case of multiple agencies. In fact all the Para- Military Forces must be under the direct control of the army and more and more retired army personnel should join these forces. November 26, 2013 is the fifth anniversary of attack on Mumbai by 10 terrorists from Pakistan. All of them came through sea. Hence after the terror attack a three tier coastal security was implemented. Navy is guarding the outermost area while the Coast Guard is responsible for the intermediate layer and state police is patrolling the shallow waters and the areas abutting the seashore. Here three agencies are made responsible for marine security which is certainly not an ideal situation.

In fact Coast Guard which has the capacity and capability of guarding the coastline should be made fully responsible for the coastal security.

NeRma

Safevarieimpoexpeagenelecthermgrousurvvigohelic(UAVshou

Indiagive dispfirml

Besibordbe mhouscann

Lastthe wha

National Seexternal exRecent devmanagemeacross the

e guardinged border ossible taensive. ncies mus

ctronic gadmal image

und sensveillance drous use o

copters anVs). More uld be cons

a must try and take utes with ly towards

ides this, sders. The smade morsing, agricnot be ove

tly governmborder mat more can

ecurity Advxistential thvelopmentent much mborders to

g such a lphysically

ask but Hence t be equipdgets inceries, nighsors and devices. of satellited unmannand more structed al

to resolveso that thefriendly neother neig

security fosecurity agre trade eulture shour emphasiz

ment of Indanagementn be done.

visor Shivshreats. Thes in our n

more proaco manage t

long, difficy is not oit is alsIndian

pped with luding ha

ht vision dother

There ms, aerial imed aerial vmotor ablong the bo

e its differee valuable eighbors cghbours.

orces mustencies sho

efficient. Suld be launzed.

dia should t and mus

shankar Mere is little eighbourh

ctive, usingthem in a m

cult and only an

so very security modern

and-held devices, various ust be magery, vehicles e roads

orders.

ences withresources

can be set

t try to beould win th

Special pronched. The

make an ast make re

Menon has distinction

ood, howeg technologmore intelli

h the neighs can be uttled and t

e friendly wheir confideogrammes e importan

annual assgular appr

rightly sain between ever, showgy and integent way.”

hbouring ctilized elsehen India

with the poence and g

especiallynce of supp

sessment oraisal of w

id that “Toour intern

w that we selligence a”

countries oewhere. In can proce

opulation rgoodwill any on healport of bor

of all its powhat has b

oday India nal and extshould maand develo

on the basithe begin

eed slowly

residing atnd they shth, educatder popula

olicies towaeen done

does not fternal secuake our booping influe

11

is of ning

y but

t the ould tion, ation

ards and

face urity. order ence

U

Pk

Upcom

ICISSM is revolutioniconstant esuccess wEncourageby wideninIndustry inSecurity So Date & Tim Contact PeHP: +91773F:+91-22- 2

Sugg

P.S. - If yoknow your

ming E

happy to inze the way

endeavor towith an imped by the pong the reacn India and olutions for

me: 6th & 7th

erson: Susm38219912 26367676

ICISSICISS a

gestions &

u don't likmail addre

Event:

ntroduce “Sy safety ando promote pressive exositive respoch of the pl

the world. Vertical Ma

h March 201

mita Das Cho W

S at LinkedInat Google Gro

& feedback

ke to receivess and we

Secutech Ind security iinteractions

xhibitor andonse and itslatform, to The theme

arkets.

4 Venue

owdhury, CoW:+91-22-668

E-mail: su

n: http://www.loup: https://gr

k may be s

ve our new will move

ndia Safety ndustry cos within thd visitor sts stupendouensure it b

e of “Secut

e: Bombay E

onference M81 4900 . Exsmita.d@ab

inkedin.com/groups.google.

sent to us

wsletter, wit out from

& Security nducts buse Industry, tatistics, wus success becomes thech India S

Exhibition C

Manager xtn: 371 ec.asia

groups?gid=44com/forum/?fr

s on e-mai

we apologizm our conta

Conclave 2siness in In

Secutech hich left a Secutech we convergin

Safety & Se

Centre, Gore

413505&trk=hromgroups#!fo

l: onlineic

ze for bothact list, tha

2014” whicdia. KeepinIndia 2013

a perceptiblwould like tong point foecurity Conc

egaon East,

b_side_g orum/icissm

cissm@gm

hering you.nk you!

ch is all setng in view o

was a grale impressio move furt

or the Secuclave 2014”

Mumbai

mail.com

. Please le

12

t to our and on. her rity ” is

et us