Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

News letter May 11

C
captsbtyagi

• Holds Masters’ degrees in Philosophy, Sociology, Defense Studies & Political Science beside B.Sc. and LLB. He is also holding master’s degree in Business Administration and post graduate diplomas in Business Administration, Personnel Management & Industrial Relations and Safety & Security Management. • Twenty eight years experience (including Army) in the field. Presently working in GAIL (India) Limited as Chief of Security at its Corporate Office. • Have been regular faculty in Management Institutes. Various articles are published in related magazines and internet sites. • Writer of best selling book on Industrial Security - “Industrial Security: Management & Strategies”. • Made presentations in more then 18 international seminars on the subjects of homeland security and industrial security. • The Honorable Lt. Governor of Delhi bestowed the most coveted ‘Best Security Manger’ award to Capt S B Tyagi on 30th August 2007 instituted by Security Today, a leading niche magazine for the protection industry. The award is testimony of untiring efforts, constant application of noble approaches in security management, innovation and leadership in the profession which have been distinctly displayed by Capt S B Tyagi. He has been recognized in past too for the similar qualities when he was awarded ‘Best Security Manager’ in 2002 and ‘Best Security Operation Manager’ in 2004 by IISSM (International Institute of Security and Safety Management). • Given ‘Certification of Recognition’ and awarded as ‘Best Security Practitioner’ in GAIL in year 2009. • Recipient of “Award of Fellowship (FISM)” and is “Certified Security & Safety Consultant (CSC)” by the “International Institute of Security & Safety Management”. • Co-founder of “International Council of Industrial Security and Safety”. • My mail id: sbtyagi1958@gmail.com ; sbtyagi@gail.co.in • Blog: http://captsbtyagi.blogspot.com • My web-site: http://www.wix.com/sbtyagi/iciss

1 of 10
Newsletter: May 2011 Let’s professionalize the professionals…  http://www.wix.com/sbtyagi/iciss Security and safety are important parts of life and cannot be ignored. Without a sense of security, one cannot hope to lead a stress free and happy life. If you regularly feel threatened or exposed to certain negative influences of situations, you can never have a relaxed or calm state of mind. You will always be on edge and before long may even be headed for a possible nervous breakdown if you are not careful enough. Thus it is very important not to take these factors lightly. Even for a child to prosper and showcase proper psychological growth and development, it is extremely important that he/she feels nurtured and secure. You cannot concentrate on any other area in life if you feel vulnerable or defenseless in your everyday life. So, you need to set some time to think about your safety in daily situations and come up with suitable action plans to mitigate the threat levels that may arise at any moment. It is important not to be lackadaisical about these issues. Remaining secure whenever possible can also help in bringing down the possibility of falling prey to unwanted accidents or unfortunate circumstances considerably. Even if you take a few simple, easy steps to ensure your safety, you can end up saving your own life as well as that of other people who may be around you. Life is the best gift that we have and it is very important to guard it and to keep ourselves safe from disasters that can be avoided. Self preservation is one of the most important biological goals for humans and this can be brought about only if you take steps to keep yourself secure enough. If we get too lazy when it comes to our security and do not give it much thought or attention, we can end up unnecessarily hurting or injuring ourselves. If we give high importance to security, we can significantly lower the adverse effects of a disaster even though we may not be able to prevent it. All it requires to remain secure is the investment of a little time. You should consider all kinds of scenarios that may affect you at the different places that you visit habitually. All the threats arising at these places should be thoroughly examined and a possible reaction should be determined if such incidents do take place in the future. Being prepared for any eventuality is enough to help you remain secure. Putting a little thought into developing the suitable ways to behave in case of accidents or adverse situations is enough to guarantee your safety. Today’s society is full of anti social elements that can disrupt your lives if you do not remain alert enough. The increasing rate of crime across most cities of the world also makes it necessary to beef up on your security. Apart from this, it is a well known fact that natural disasters can also occur at any time without warning and if you are prepared for them, you are more likely to remain secure. Capt S B Tyagi For ICISS C:S B TyagiICISSNews Letter May 11.doc
This article was created by a professional writer and edited by experienced copy editors, both qualified members of the Demand Media Studios community. All articles go through an editorial process that includes subject matter guidelines, plagiarism review, fact-checking, and other steps in effort to provide reliable information. A data security officer maintains an information systems structure or operations. The position of data security officer is a challenging occupation. According to the Occupational Outlook Handbook, 2011 Edition, the job outlook for a data security officer is expected to grow by 17 percent over the 2008-2018 decade. An individual considering a career as a data security officer must have technical expertise with the ability to rapidly solve problems that arise in an information processing environment. System Security o Data security officers are responsible for the physical security of system assets for a business or organization, including access to controlled areas that process data and information. Oversight includes the physical security of computer systems, software, and hardware components and media devices. The data security officer also creates and implements security policies concerning these resources for personnel to follow. C:S B TyagiICISSNews Letter May 11.doc
The data security officer creates the information system disaster recovery plan for the care of system assets during and after a disaster to the data facility. Approves Software Changes o When there is a major software change or release, the data security officer communicates changes to management and personnel through memorandum, release meetings or verification by letter to other departments and branches. The data officer has the responsibility to review the changes and state the impact of those changes on certain programs on the system. Version numbers which update software processes are implemented by the data officer. Establish Security Profiles o Every business or organization using an information system to process data should have security controls for software access at all levels of system processing, which supports separation of duties. Separation of duties is the concept of a single individual having control over a transaction from "start to finish." The data officer's responsibility is to create policies and profiles that control user access to the applications by establishing user ID and passwords. The officer also creates layers of security within the information systems environment as a check and balance system against user ID and passwords. Security layers that are created limit risk of faulty processing and security breaches. Audits System Tables and Catalogs o System tables and catalogs contain database records and program routines that maintain the integrity of database structures, tables and records. The data security officer is responsible for the integrity of all data structures that exist in an information system. Period audits are performed by the data security officer to examine record structures and apply correction if there are any errors. In a systems programming environment, the data officer checks the system catalog of programs and files to ensure software development programs are separated from live programs that are running on the same system. Educational Requirements and Salary o Obtaining a bachelor's degree in information systems management with a depth in computer science can help an individual seeking a career in data management. The occupation is a technical career field and programming courses will help candidates understand data structures. The salary for a data security officer with five to nine years of experience ranges from $58,474 to $82,025 in European countries. C:S B TyagiICISSNews Letter May 11.doc
What are the Key Infrastructures? Transport, communication and Energy sectors have great role in nation building and economical prosperity. Energy security draws attention of planners and saboteurs world over. Focus is on Energy Security which is core of Key Infrastructures and also very vulnerable. US has defined the Key Infrastructures as - “Systems and assets, whether physical or virtual, so vital to the country that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” - US Patriot Act There is no definition of this term but broadly it is defined as “Key infrastructures are those, damage to which will adversely affect Nation’s Defense preparedness and Economy. “ Key infrastructures are those, damage to which will adversely affect Nations defense preparedness and economy. Following are the areas falling in the category of ‘Key or Critical Infrastructure – Energy infrastructures – nuclear, hydro, coal and gas Information & communication infrastructures Water resources Financial institutions Transport infrastructures Space – development and research C:S B TyagiICISSNews Letter May 11.doc
Food – supply chain Health infrastructures Because of the private ownership of major elements of critical infrastructure any security and control measures will (almost by definition) require the involvement of both private and public interests. However the national authorities will often have sole competence in the area. India’s Economic Rise & Infrastructure Best consideration for Indian economical development will require following steps: Development of infrastructures to cope with the growing demand; Policy for sustainable growth and up-gradation of existing assets. Ensuring availability of resources through domestic efforts or through long term supply agreements or through buying assets abroad; An elaborate network for easy availability for domestic stakeholders; Above all, institutional and policy mechanisms to ensure an equitable usages both in terms of reaching underdeveloped regions and in terms of the economically backward sections of the Indian society. Major Areas of Security Concerns The creation of any key-infrastructure is a major logistical operation from locating and investigating new sites to the movement of personnel and establishment of facilities. It takes an enormous amount of resources to establish such sites and all the operators have to rely on a sound cloak of security to prevent theft of equipment, extortion, sabotage and kidnapping of work force. There are following major areas of security concerns – • Security of survey parties and their equipments (even explosives!) • Land acquisition and establishing camp sites: Pre-camp: armed / static security • Security during movement of essential equipments and key personnel • Travel protection of executive and employees • Transportation of heavy machinery and raw material - rail, air & sea • Commencement of construction activities – labor unrest, law-and-order • Establishing early oil / gas collection centers and security thereof • Security of off-shore platforms, receiving terminals, dispatch terminals, compressor stations etc. • Security of larger installations such as refineries, LPG plants and petrochemical complexes • Security of supply chain – storage / warehouse, rail / road transportation • Intelligence gathering and disaster planning • Constitution of Emergency Response Teams C:S B TyagiICISSNews Letter May 11.doc
For the Key Infrastructures such as power, oil and gas, security is always a major concern as this sector world over has high probability and vulnerability from terrorist attacks and sabotage. Their operations also have high criticality. Strategies for Reliable Security of Key Infrastructures Following are the specifics of the security management of this sector - Optimizing Assets through Centralized Command & Control Integrated command and control systems must be positioned to provide an integrated solution, which captures and validates data that can be used throughout the organization during normal operation, whilst providing relevant, useful information in difficult and emergency situations. This approach will enable operators of critical national infrastructure to optimize their assets whilst maintaining their investment in legacy systems. New developments in technology can improve the security of personnel and assets and provide enhanced operational capabilities. Biometric Integrated Safe System of Work Integrated Safe System of Work (ISSoW) is a key tool in ensuring the safe operation of Oil and Gas installations. However, such systems can only be truly effective if user identities can be quickly validated and definitively authenticated. For this to be implemented in practice in providing advanced authentication and identity management, the biometrics based access control solutions are found to be very reliable. There are many solutions available solution where worker identities can be positively and accurately registered, identified and managed securely throughout their lifecycle. High Accuracy Real Time Personnel & Asset Location There is need to have a system that improves the safety of workers in hazardous environments and helps to improve the effectiveness of emergency response measures. There are systems available which can locate an individual, or asset, to within 1 meter in 3D (e.g. in a multi-storey/multi-level facility) and it can do this up to 1km from a base station. The system provides a position update every second and, for example, could be used to track a lone worker or road tanker's progress through a plant or ensure that personnel are moving towards the correct muster points in an emergency. Such system do not require large amount of infrastructure or extensive cabling and is therefore easily installed in an existing plant at minimal cost. Situational Awareness - Securely Integrating Site Data This aspect deals with the need to simply and securely integrate data from a wide variety of systems to show site leaders and managers the overall condition of their site - and what is happening on it. This capability brings together data from operational, security and work C:S B TyagiICISSNews Letter May 11.doc
management systems and merges this private data with public information from the internet to provide a complete picture. By using underlying open data architecture together with security protection system, it can bring these data sources together and share them securely among multiple disparate user groups, and at different locations, whilst ensuring data validity, security, and privacy. As well as the complete picture, it can also provide custom views for users such as maintenance teams, emergency services and even the media and general public in the event of a major incident. Air traffic Rogue aircraft can endanger the security of any flights in its vicinity of the flight path! Due to loose security controls at the take-off points unscreened passengers can board it with unimaginable explosives and ammunition! Even this is not needed as aircraft in collision path itself is big danger to other aircraft. Security of Aircraft in the future environment therefore must begin with the aim of improving security on commercial aircraft. It must address classic hijacking situations, September 11-type scenarios and futuristic scenarios involving electronic jamming and hacking of computer systems. Additionally it must address technical issues such as onboard-threat detection, threat assessment and response management plus flight protection. Security of Offshore Platforms Off-shore platforms are highly vulnerable, high risk installations having high probability of attacks of terrorist which may be equipped with some of the best technical capabilities. Somalian sea-pirates have well demonstrated that now-a-days any one can get any thing provided they have sufficient funds! It is therefore very important that beside sturdy infrastructure security and the security risk management mechanism including airborne, maritime and ground surveillance, these platforms have very reliable and impregnable communication and cyber security measures. Tracking and positioning of manpower and material is equally important. To devise an action plan to combat attacks on its offshore installations, potential terrorist- related crisis situations should be incorporated in the CMP (Crisis Management Plan) along with the response mechanisms/capacity building required to handle such situations. The Maritime Sector The International Ship and Port Facility Security, ISPS code, was introduced in July 2004. It requires ports and vessels to show that they have put adequate security systems in place - and vessels to show that they have been calling only at certified ports. The purpose of the code is to provide a standardized, consistent framework for evaluating risk. Vessel Automatic Tracking and Monitoring System for the security of large oil infrastructures in high sea areas assume greater importance to rule out attack capabilities of Somalian like out- fits which might draw their attention to the vulnerabilities of these assets. C:S B TyagiICISSNews Letter May 11.doc
Cyberspace The EU has set up a task force to explore what its 25 member states are doing to combat cyber-threats against critical infrastructure. As part of the EU's Critical Information Infrastructure Research Coordination, CI2RCO project, the task force aims to identify research groups and programs focused on IT security in critical infrastructures, such as telecommunications networks and power grids. The scope of the cooperation goes beyond the EU; the task force also wants to include USA, Canada, Australia and Russia. India with its strong IT workforce, known world-over for its prowess must join such cooperative and collaborative efforts! Robust, Secure, Global Communication Solutions This capability calls for seamlessly connecting all oil & gas installations of an organization and on more higher level , of the Nation by providing highly available, robust, secure, integrated communication networks for critical operational systems. A number of communication solutions are available which provide robust connectivity and communication helpful for protection of assets and personnel in environments where a high standard of inherent safety is a mandatory requirement. There are resilient telecommunications networks such as Broadband Global Area Network (BGAN), which allow for simultaneous voice & data communications and secure access to applications from almost anywhere in the world. Securing Supervisory Control Systems Supervisory Control and Data Acquisition (SCADA) systems and other similar control systems are widely used by utilities and industries that are considered critical to the functioning of countries around the world. The Operations, Safety, Security, and IT decision-makers of Key Infrastructures, especially oil & gas, power generation and transmission and nuclear energy are well advised to pay attention to following aspects – More and more reliability on Local Area Network (LAN), Wide Area Network (WAN) and Broadband Global Area Network (BGAN) brings increased threats to operations of organizations using them. Threats to SCADA are Malware, Insider, Hacker and Terrorists. The networks are susceptible to attacks aimed to disrupt and destroy them. Such an attack by viruses, worms or other forms of cyber-terrorism on nuclear, oil and gas industry process control networks and related systems could destabilize the national economy and defense preparedness. C:S B TyagiICISSNews Letter May 11.doc
We need to keep control systems safe and secure, and to help minimize the chance that a cyber attack could severely damage or cripple infrastructures. We need to identify ways to reduce cyber vulnerabilities in process control and SCADA (Supervisory Control and Data Acquisition) Systems: to identify new types of security sensors for process control networks. There is real threat to SCADA from mischief mongers prowling in the web-world and the tech-savvy terrorist and Stuxnet is the most lethal combination! Conclusion While above are the main strategies for securing the assets of key infrastructure, constant improvement and improvisation need to be carried out to make security measures reliable as well as cost effective, as in present phase of economic melt-down no organization will take decision with out working out the ROI (Return on investment). Dedicated manpower ready to face the disaster would always be central consideration for any security and disaster response plan. To keep them constantly motivated and updated is also another prime responsibility of the Management as otherwise even the best plans are doomed to fail. Only those will succeed in this sector who foresee and fore-plan and rehearse thereafter their security and emergency response plans! During a bank heist the Chief told the Sgt. to cover all exits so the robbers could not get away. Later the Sgt. reports to the chief. “Sorry sir but they got away.” C:S B TyagiICISSNews Letter May 11.doc
The chief very disappointed says, “I told you to cover all Exits.” "I did” replied the Sgt. “…but they got away through the Entrance" 'One of the tests of leadership is the ability to recognise a problem before it becomes an emergency' "Have you ever observed that we pay much more attention to a wise passage when it is quoted than when we read it in the original author?" Suggestions & feedback may be sent to us on e-mail: sbtyagi1958@gmail.com P.S. - If you don't like to receive our newsletter, we apologize for bothering you. Please let us know your mail address and we will move it out from our contact list, thank you! Digitally signed by Capt S B Tyagi, Capt S B Tyagi, COAS' CC*, FISM, CSC, CSP DN: CN = Capt S B Tyagi, COAS' COAS' CC*, CC*, FISM, CSC, CSP, C = IN, O = GAIL (India) Limited, OU = Deputy FISM, CSC, CSP General Manager 15:18:10 +05'30' Date: 2011.05.06 (Security) C:S B TyagiICISSNews Letter May 11.doc

More Related Content

News letter May 11

  • 1. Newsletter: May 2011 Let’s professionalize the professionals…  http://www.wix.com/sbtyagi/iciss Security and safety are important parts of life and cannot be ignored. Without a sense of security, one cannot hope to lead a stress free and happy life. If you regularly feel threatened or exposed to certain negative influences of situations, you can never have a relaxed or calm state of mind. You will always be on edge and before long may even be headed for a possible nervous breakdown if you are not careful enough. Thus it is very important not to take these factors lightly. Even for a child to prosper and showcase proper psychological growth and development, it is extremely important that he/she feels nurtured and secure. You cannot concentrate on any other area in life if you feel vulnerable or defenseless in your everyday life. So, you need to set some time to think about your safety in daily situations and come up with suitable action plans to mitigate the threat levels that may arise at any moment. It is important not to be lackadaisical about these issues. Remaining secure whenever possible can also help in bringing down the possibility of falling prey to unwanted accidents or unfortunate circumstances considerably. Even if you take a few simple, easy steps to ensure your safety, you can end up saving your own life as well as that of other people who may be around you. Life is the best gift that we have and it is very important to guard it and to keep ourselves safe from disasters that can be avoided. Self preservation is one of the most important biological goals for humans and this can be brought about only if you take steps to keep yourself secure enough. If we get too lazy when it comes to our security and do not give it much thought or attention, we can end up unnecessarily hurting or injuring ourselves. If we give high importance to security, we can significantly lower the adverse effects of a disaster even though we may not be able to prevent it. All it requires to remain secure is the investment of a little time. You should consider all kinds of scenarios that may affect you at the different places that you visit habitually. All the threats arising at these places should be thoroughly examined and a possible reaction should be determined if such incidents do take place in the future. Being prepared for any eventuality is enough to help you remain secure. Putting a little thought into developing the suitable ways to behave in case of accidents or adverse situations is enough to guarantee your safety. Today’s society is full of anti social elements that can disrupt your lives if you do not remain alert enough. The increasing rate of crime across most cities of the world also makes it necessary to beef up on your security. Apart from this, it is a well known fact that natural disasters can also occur at any time without warning and if you are prepared for them, you are more likely to remain secure. Capt S B Tyagi For ICISS C:S B TyagiICISSNews Letter May 11.doc
  • 2. This article was created by a professional writer and edited by experienced copy editors, both qualified members of the Demand Media Studios community. All articles go through an editorial process that includes subject matter guidelines, plagiarism review, fact-checking, and other steps in effort to provide reliable information. A data security officer maintains an information systems structure or operations. The position of data security officer is a challenging occupation. According to the Occupational Outlook Handbook, 2011 Edition, the job outlook for a data security officer is expected to grow by 17 percent over the 2008-2018 decade. An individual considering a career as a data security officer must have technical expertise with the ability to rapidly solve problems that arise in an information processing environment. System Security o Data security officers are responsible for the physical security of system assets for a business or organization, including access to controlled areas that process data and information. Oversight includes the physical security of computer systems, software, and hardware components and media devices. The data security officer also creates and implements security policies concerning these resources for personnel to follow. C:S B TyagiICISSNews Letter May 11.doc
  • 3. The data security officer creates the information system disaster recovery plan for the care of system assets during and after a disaster to the data facility. Approves Software Changes o When there is a major software change or release, the data security officer communicates changes to management and personnel through memorandum, release meetings or verification by letter to other departments and branches. The data officer has the responsibility to review the changes and state the impact of those changes on certain programs on the system. Version numbers which update software processes are implemented by the data officer. Establish Security Profiles o Every business or organization using an information system to process data should have security controls for software access at all levels of system processing, which supports separation of duties. Separation of duties is the concept of a single individual having control over a transaction from "start to finish." The data officer's responsibility is to create policies and profiles that control user access to the applications by establishing user ID and passwords. The officer also creates layers of security within the information systems environment as a check and balance system against user ID and passwords. Security layers that are created limit risk of faulty processing and security breaches. Audits System Tables and Catalogs o System tables and catalogs contain database records and program routines that maintain the integrity of database structures, tables and records. The data security officer is responsible for the integrity of all data structures that exist in an information system. Period audits are performed by the data security officer to examine record structures and apply correction if there are any errors. In a systems programming environment, the data officer checks the system catalog of programs and files to ensure software development programs are separated from live programs that are running on the same system. Educational Requirements and Salary o Obtaining a bachelor's degree in information systems management with a depth in computer science can help an individual seeking a career in data management. The occupation is a technical career field and programming courses will help candidates understand data structures. The salary for a data security officer with five to nine years of experience ranges from $58,474 to $82,025 in European countries. C:S B TyagiICISSNews Letter May 11.doc
  • 4. What are the Key Infrastructures? Transport, communication and Energy sectors have great role in nation building and economical prosperity. Energy security draws attention of planners and saboteurs world over. Focus is on Energy Security which is core of Key Infrastructures and also very vulnerable. US has defined the Key Infrastructures as - “Systems and assets, whether physical or virtual, so vital to the country that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” - US Patriot Act There is no definition of this term but broadly it is defined as “Key infrastructures are those, damage to which will adversely affect Nation’s Defense preparedness and Economy. “ Key infrastructures are those, damage to which will adversely affect Nations defense preparedness and economy. Following are the areas falling in the category of ‘Key or Critical Infrastructure – Energy infrastructures – nuclear, hydro, coal and gas Information & communication infrastructures Water resources Financial institutions Transport infrastructures Space – development and research C:S B TyagiICISSNews Letter May 11.doc
  • 5. Food – supply chain Health infrastructures Because of the private ownership of major elements of critical infrastructure any security and control measures will (almost by definition) require the involvement of both private and public interests. However the national authorities will often have sole competence in the area. India’s Economic Rise & Infrastructure Best consideration for Indian economical development will require following steps: Development of infrastructures to cope with the growing demand; Policy for sustainable growth and up-gradation of existing assets. Ensuring availability of resources through domestic efforts or through long term supply agreements or through buying assets abroad; An elaborate network for easy availability for domestic stakeholders; Above all, institutional and policy mechanisms to ensure an equitable usages both in terms of reaching underdeveloped regions and in terms of the economically backward sections of the Indian society. Major Areas of Security Concerns The creation of any key-infrastructure is a major logistical operation from locating and investigating new sites to the movement of personnel and establishment of facilities. It takes an enormous amount of resources to establish such sites and all the operators have to rely on a sound cloak of security to prevent theft of equipment, extortion, sabotage and kidnapping of work force. There are following major areas of security concerns – • Security of survey parties and their equipments (even explosives!) • Land acquisition and establishing camp sites: Pre-camp: armed / static security • Security during movement of essential equipments and key personnel • Travel protection of executive and employees • Transportation of heavy machinery and raw material - rail, air & sea • Commencement of construction activities – labor unrest, law-and-order • Establishing early oil / gas collection centers and security thereof • Security of off-shore platforms, receiving terminals, dispatch terminals, compressor stations etc. • Security of larger installations such as refineries, LPG plants and petrochemical complexes • Security of supply chain – storage / warehouse, rail / road transportation • Intelligence gathering and disaster planning • Constitution of Emergency Response Teams C:S B TyagiICISSNews Letter May 11.doc
  • 6. For the Key Infrastructures such as power, oil and gas, security is always a major concern as this sector world over has high probability and vulnerability from terrorist attacks and sabotage. Their operations also have high criticality. Strategies for Reliable Security of Key Infrastructures Following are the specifics of the security management of this sector - Optimizing Assets through Centralized Command & Control Integrated command and control systems must be positioned to provide an integrated solution, which captures and validates data that can be used throughout the organization during normal operation, whilst providing relevant, useful information in difficult and emergency situations. This approach will enable operators of critical national infrastructure to optimize their assets whilst maintaining their investment in legacy systems. New developments in technology can improve the security of personnel and assets and provide enhanced operational capabilities. Biometric Integrated Safe System of Work Integrated Safe System of Work (ISSoW) is a key tool in ensuring the safe operation of Oil and Gas installations. However, such systems can only be truly effective if user identities can be quickly validated and definitively authenticated. For this to be implemented in practice in providing advanced authentication and identity management, the biometrics based access control solutions are found to be very reliable. There are many solutions available solution where worker identities can be positively and accurately registered, identified and managed securely throughout their lifecycle. High Accuracy Real Time Personnel & Asset Location There is need to have a system that improves the safety of workers in hazardous environments and helps to improve the effectiveness of emergency response measures. There are systems available which can locate an individual, or asset, to within 1 meter in 3D (e.g. in a multi-storey/multi-level facility) and it can do this up to 1km from a base station. The system provides a position update every second and, for example, could be used to track a lone worker or road tanker's progress through a plant or ensure that personnel are moving towards the correct muster points in an emergency. Such system do not require large amount of infrastructure or extensive cabling and is therefore easily installed in an existing plant at minimal cost. Situational Awareness - Securely Integrating Site Data This aspect deals with the need to simply and securely integrate data from a wide variety of systems to show site leaders and managers the overall condition of their site - and what is happening on it. This capability brings together data from operational, security and work C:S B TyagiICISSNews Letter May 11.doc
  • 7. management systems and merges this private data with public information from the internet to provide a complete picture. By using underlying open data architecture together with security protection system, it can bring these data sources together and share them securely among multiple disparate user groups, and at different locations, whilst ensuring data validity, security, and privacy. As well as the complete picture, it can also provide custom views for users such as maintenance teams, emergency services and even the media and general public in the event of a major incident. Air traffic Rogue aircraft can endanger the security of any flights in its vicinity of the flight path! Due to loose security controls at the take-off points unscreened passengers can board it with unimaginable explosives and ammunition! Even this is not needed as aircraft in collision path itself is big danger to other aircraft. Security of Aircraft in the future environment therefore must begin with the aim of improving security on commercial aircraft. It must address classic hijacking situations, September 11-type scenarios and futuristic scenarios involving electronic jamming and hacking of computer systems. Additionally it must address technical issues such as onboard-threat detection, threat assessment and response management plus flight protection. Security of Offshore Platforms Off-shore platforms are highly vulnerable, high risk installations having high probability of attacks of terrorist which may be equipped with some of the best technical capabilities. Somalian sea-pirates have well demonstrated that now-a-days any one can get any thing provided they have sufficient funds! It is therefore very important that beside sturdy infrastructure security and the security risk management mechanism including airborne, maritime and ground surveillance, these platforms have very reliable and impregnable communication and cyber security measures. Tracking and positioning of manpower and material is equally important. To devise an action plan to combat attacks on its offshore installations, potential terrorist- related crisis situations should be incorporated in the CMP (Crisis Management Plan) along with the response mechanisms/capacity building required to handle such situations. The Maritime Sector The International Ship and Port Facility Security, ISPS code, was introduced in July 2004. It requires ports and vessels to show that they have put adequate security systems in place - and vessels to show that they have been calling only at certified ports. The purpose of the code is to provide a standardized, consistent framework for evaluating risk. Vessel Automatic Tracking and Monitoring System for the security of large oil infrastructures in high sea areas assume greater importance to rule out attack capabilities of Somalian like out- fits which might draw their attention to the vulnerabilities of these assets. C:S B TyagiICISSNews Letter May 11.doc
  • 8. Cyberspace The EU has set up a task force to explore what its 25 member states are doing to combat cyber-threats against critical infrastructure. As part of the EU's Critical Information Infrastructure Research Coordination, CI2RCO project, the task force aims to identify research groups and programs focused on IT security in critical infrastructures, such as telecommunications networks and power grids. The scope of the cooperation goes beyond the EU; the task force also wants to include USA, Canada, Australia and Russia. India with its strong IT workforce, known world-over for its prowess must join such cooperative and collaborative efforts! Robust, Secure, Global Communication Solutions This capability calls for seamlessly connecting all oil & gas installations of an organization and on more higher level , of the Nation by providing highly available, robust, secure, integrated communication networks for critical operational systems. A number of communication solutions are available which provide robust connectivity and communication helpful for protection of assets and personnel in environments where a high standard of inherent safety is a mandatory requirement. There are resilient telecommunications networks such as Broadband Global Area Network (BGAN), which allow for simultaneous voice & data communications and secure access to applications from almost anywhere in the world. Securing Supervisory Control Systems Supervisory Control and Data Acquisition (SCADA) systems and other similar control systems are widely used by utilities and industries that are considered critical to the functioning of countries around the world. The Operations, Safety, Security, and IT decision-makers of Key Infrastructures, especially oil & gas, power generation and transmission and nuclear energy are well advised to pay attention to following aspects – More and more reliability on Local Area Network (LAN), Wide Area Network (WAN) and Broadband Global Area Network (BGAN) brings increased threats to operations of organizations using them. Threats to SCADA are Malware, Insider, Hacker and Terrorists. The networks are susceptible to attacks aimed to disrupt and destroy them. Such an attack by viruses, worms or other forms of cyber-terrorism on nuclear, oil and gas industry process control networks and related systems could destabilize the national economy and defense preparedness. C:S B TyagiICISSNews Letter May 11.doc
  • 9. We need to keep control systems safe and secure, and to help minimize the chance that a cyber attack could severely damage or cripple infrastructures. We need to identify ways to reduce cyber vulnerabilities in process control and SCADA (Supervisory Control and Data Acquisition) Systems: to identify new types of security sensors for process control networks. There is real threat to SCADA from mischief mongers prowling in the web-world and the tech-savvy terrorist and Stuxnet is the most lethal combination! Conclusion While above are the main strategies for securing the assets of key infrastructure, constant improvement and improvisation need to be carried out to make security measures reliable as well as cost effective, as in present phase of economic melt-down no organization will take decision with out working out the ROI (Return on investment). Dedicated manpower ready to face the disaster would always be central consideration for any security and disaster response plan. To keep them constantly motivated and updated is also another prime responsibility of the Management as otherwise even the best plans are doomed to fail. Only those will succeed in this sector who foresee and fore-plan and rehearse thereafter their security and emergency response plans! During a bank heist the Chief told the Sgt. to cover all exits so the robbers could not get away. Later the Sgt. reports to the chief. “Sorry sir but they got away.” C:S B TyagiICISSNews Letter May 11.doc
  • 10. The chief very disappointed says, “I told you to cover all Exits.” "I did” replied the Sgt. “…but they got away through the Entrance" 'One of the tests of leadership is the ability to recognise a problem before it becomes an emergency' "Have you ever observed that we pay much more attention to a wise passage when it is quoted than when we read it in the original author?" Suggestions & feedback may be sent to us on e-mail: sbtyagi1958@gmail.com P.S. - If you don't like to receive our newsletter, we apologize for bothering you. Please let us know your mail address and we will move it out from our contact list, thank you! Digitally signed by Capt S B Tyagi, Capt S B Tyagi, COAS' CC*, FISM, CSC, CSP DN: CN = Capt S B Tyagi, COAS' COAS' CC*, CC*, FISM, CSC, CSP, C = IN, O = GAIL (India) Limited, OU = Deputy FISM, CSC, CSP General Manager 15:18:10 +05'30' Date: 2011.05.06 (Security) C:S B TyagiICISSNews Letter May 11.doc