December 19: Mumbai: Implementing Security Measures Post Terrorist Attack
Subject :Meeting on Implementing Strong security in a rational, mature and well thought out manner
Date :19th December 2008
Venue :IMC
Time :5.30 pm
The wheel has turned a full circle. Just some time ago I used to berate the Indian industry for not spending enough on security, now I am seeing lots of companies in panic, spending lots of money on security where it is not just not needed. Where ever I go I see money being spent like water buying security hardware and software and CEOs believing that money alone can solve our security problems. This has led to a exponential growth of security companies and lots of business for them. I see at least two ads a day in newspapers announcing the birth of new security companies both physical and virtual. I am not suggesting that we do not spend money on security after 26/11, I am saying we must. All that I am saying is that we need to take a step backward and simply and rationally think through what we are doing. We are trying to do the work of the Government and Law Enforcement , which we are not and we cannot do. After 26/11, I saw people worried, concerned , scared and this gave way to an out pouring of anger and frustration against all those that were in power which included politicians and Government. This led to a lot of irrational demands which are too numerous to be mentioned and as very few people came out with actual concrete solutions, companies are now trying to buy their way out of security. This is not the way forward and let me specify actual reasons why.
A kneejerk reaction to 26/11 is to buy lots of cameras or CCTVs forgetting that they do not shoot back. They are good only after the fact. Even here we have issues to think about. When I talk to business partners the world over I use Skype which automatically puts my camera on my laptop on and I get a excellent video footage of whom I am talking to . A very good quality webcam costs about 1,000 Rupees and we can get cameras that cost upwards of 10 lakhs. You cannot buy a mobile phone without a camera. The question is which camera do you buy. If you do buy the most expensive camera we must also understand that it costs money making sure that it does not stolen. We normally use cameras to spy on other cameras so that they do not get stolen. Assuming you have spent a arm and leg, so what. Unless we have people monitoring the output of these cameras and taking action, the cameras are of no use. These people would be alert in the first week or month maximum, viewing the camera output, then fatigue steps in and people become a hindrance not an asset to the security process. This is where the technology world comes in. We have separated the security world into physical security and the rest. We need to use automation and technology and software to make sure that machines and not humans are in charge of our security. We need software to check for security deviations and not humans. This is the message that we want you to spread all over the country. Spend on automating processes. Buying the best camera is not that important. Automate security, period.
We also need security issues to be discussed at the board level and not stop at some Vice President. Why cant we make sure that SEBI insists that when it comes to agendas of board meetings, the first is the Chairman welcoming everyone, the second is the confirmation of minutes and the third item on the agenda being discussed is security issues. This must be hard wired in the DNA of all board meeting in India. This is how we inculcate security amongst our corporations, we start at the top. This is something that is doable yesterday. Security is a very complex issue, multiple dimensions and it must be handled at the top. I hope somebody also modifies Clause 49 so that Independent directors also must understand security issues and we must have a Committee that takes care of security issue at the board level.
Coming to the main point of this e-mail. We have trillions of housing societies, schools, universities , clubs etc, places which are commercial and non-commercial where scores of people either live or meet. These people keep asking me to give them a master plan on how to have the best security practices that the world uses. By now we must have written hundreds of these. Why do we not pool our knowledge and come out with a non paper that tells them what they must do. Ordinary people ask me whether they should buy a DFMD, they know all our buzzwords. For those not in the business it stands for Door Frame Metal Detector. I am sure that the buildings we stay in do not need a DFMD but I would not be surprised that the building I stay would have already bought one. We need to get together to make sure that we do not create a white paper but something that ordinary people can use that also comes with a cost figure. I am sure some buildings may be toying with buying X Ray machines to screen bags. We need to be very clear that this is what is the bare minimum you need and beyond that is a waste of money. A non white paper with numbers and suggestions that are not vague.
To achieve this we are meeting on Friday the 19th of December at the IMC, Churchgate at 17 30 hrs to actually create this document.
We would like you to ask people not to get paranoid about security and think through the entire security ecosystem. I have decided that I would not criticize the Government for what they are doing, not that I think they are doing right. I would offer them and the people at large concrete suggestions that can be implemented. Lets understand that India has changed after 26/11 for the better and lets do things that can actually be implemented. We have spend nearly a month criticizing, which was good but we must now come out with different doable proposals. I would welcome others including NGOs, associations to come out their road map and if there is duplication it really would not matter as the problem is complex and we need complex answers.
Lets spend our money on security in a rational, mature and well thought out manner. Bad security is worse than no security.
Please pass this along to as many people as you know.
Kindly confirm your participation by mail.
Vijay Mukhi
Chairman, IT Committee, IMC
From Assembler to C to C++ to Java to C# to Erlang to F# to _
Concurrency/