Millennium Post

Insider threat management

Collaboration between enterprises and the country’s security apparatus can aid in identifying vulnerabilities, averting any serious lapses to national security

Intelligence agencies are reported to have stepped up vigilance on the ground level personnel of sensitive establishments like our airports to strengthen national security. Employees of airlines, lounges, duty-free shops and ground handling companies at airports that are vulnerable to terrorist threats and machinations of enemy agents, are sought to be brought under the watch of our national security set-up as a preventive measure for safeguarding airports and air travel. Prioritising this has come not a day too soon. Verification of character and antecedents of those posted at critical points at the airport by our Intelligence agencies, restriction of access to employees in sensitive segments of the establishment and surprise security audits are some of the measures that suggest themselves.

While this kind of vigilance or lookout was always a part of the Intelligence charter, it is appropriate that today a new level of importance is being attached to what is called the 'Insider Threat Management' in security parlance. Some years ago, an FBI study had revealed that nearly 40 per cent of security breaches emanated from 'insiders' – bringing out the need for special measures that would be required to scan members of a sensitive organisation suspected to be on the radar of the enemy, from time to time. A whole set of tradecraft in Intelligence is now devoted to reading signs of 'vulnerability' in an employee and detecting indicators of 'suspicion' for further operational action and mitigation that might become necessary.

In these times of 'proxy wars' and foreign-aided 'insurgencies' – India is at the receiving end of both – it is easily understood that the adversary is banking on 'agents' and collaborators raised by it in the targeted territory or institution. An 'insider' collaborating with the enemy would have been 'planted' by the latter or 'turned in' by the adversary after first working out an 'approach plan' for the targeted individual and then using friendly obligation, lure of money or even a honey trap for blackmail, to convert the latter into an 'agent'. In Indian experience, the adversary – a rogue neighbour to be specific – had worked on junior personnel or even part-time associates of the targeted entity to raise a 'source' of information. Because of the renewed threat of hijacking or terror bombing, India's security agencies have now given priority to the 'Intelligence coverage' of airports as reported in the media. But, principles of 'insider threat management' would have to be applied to all sectors of strategic importance in the country.

The 'post-370' situation in Kashmir illustrates the challenge of detecting and neutralising Pak agents there who had flourished in the regimes of the Valley-based political parties. A collusion of these parties with the pro-Pak separatists for the sake of power made it possible for the Pak agents to spread their network without fear of law. While the terrorists sent in by Pakistan to launch Jihad in Kashmir engaged in subjugating the population and influencing some local youth to take up guns, the ISI agents hibernating in the state administration and outside masterminded organised stone-pelting on security forces and precipitated civic disturbances to create an environment of destabilisation and raise the bogey of total 'alienation' of the Kashmiris against India.

When a clampdown was enforced following the abrogation of Articles 370 and 35A to prevent the separatists and Pak agents from indulging in disruptive activities, a lot of cleaning up was still required by way of detection and immobilisation of these elements. This has been a cumulative problem in the Valley for years and Mehbooba Mufti's government, if anything, proved to be the worst ever regime at Srinagar from the point of view of national security as it gave a free hand to pro-Pak elements and militants joining up with Lashkar-e-Taiba of Pakistan. To prevent the return to normalcy, Pak agents have started burning down the apple orchards in South Kashmir. There is no reason why local authorities cannot identify the ringmasters behind this activity and put them away. The difficulty in Kashmir is attributable to the total absence of 'insider threat management' by the state administration and the police so far – this is the result of the collusive political leadership that had ruled the state in long spells in an unwritten alliance with the pro-Pak separatists.

'Insider Threat Management' would not be successful unless the leadership administering strategic segments of the government and sensitive establishments – including senior bureaucrats – are given an orientation on the national security scenario, the threat spectrum and the framework of policy responses India had adopted to deal with the same. Security for all requires a contribution from all. The head of a sensitive establishment must regard himself or herself as the top security authority as well since security measures – preventive or post-event – would become enforceable only in his or her name.

Security of an enterprise is now deemed to be a mainstream function and not a 'cost' to begrudgingly put up with. Close collaboration and working coordination of the security of the institution with the country's security set-up and agencies is a requirement of our times – this will work for both sides to the nation's advantage. The Ministry of Home Affairs under the new Home Minister must step up efforts to carry out the security audit of all sensitive establishments of strategic importance in both Civil and Defence sectors and evolve a programme of security orientation for their top management in a short time frame. The country has a large pool of experienced professionals to help it out in this project.

(The writer is a former Director Intelligence Bureau. The views expressed are strictly personal)

Next Story
Share it