Petrogate: Mocking At Security
It can happen only in India; where lackadaisical and habit-ridden government establishments treat their primitive sense of security as comfort zone. Our terror-centric approach to security has turned us myopic towards subtle threats that lurk around the so-called high security establishments. It is unbelievable, that a bunch of low-level employees and outsiders could freely roam about in the corridors of power and rummage through sensitive files, undetected for years.
Security is a state of mind. A stagnant mind finds solace in the moribund security perception, setup and practice. Our government establishments, no matter how high or low are these placed on the sensitivity index suffer uniformly from this chronic apathy towards their own security.
Motives for such compromise could be many. Though the corporate interests are too evident; but a political game plan cannot be ruled out in this episode. Imagine the union finance minister reading out a budget speech, which has been compromised weeks ago and is available on the streets for a price. It could have been a major embarrassment for the present dispensation. Apparently, this job cannot be of foot soldiers alone; it smacks of high-level connivance. It would be a great mistake and disservice to profession, if the investigators fail to trace out the entire web of operators and its ultimate beneficiaries. Talking of physical security, one may wonder that despite spending so much on raising multitude of organisations and equipping them with fancy gadgetry, why our security gets compromised?
Physical security is a process-driven methodical exercise, if carried out diligently, it serves the purpose. A robust security is meant to deflect threats, but it gets hamstrung if the establishment, whom it protects, pays no attention to its well-being.
Government offices are known for being untidy, overcrowded and staffed by least motivated people. There is no sense of belonging amongst the staff. A great deal of anonymity exists. No one is willing to shoulder additional responsibility. Security is not upper most in their minds or agenda; they want to be protected by the others and would do nothing to secure themselves. Security is a collective responsibility, which follows well defined procedures. Petrogate is a classic example of glaring violations of the security.
Access control and search & frisking set security process of any establishment in motion. Here, three outsiders carrying fake paper identity cards walk in and out of Shastri Bhawan premises regularly that too at night. They use a chauffeur driven car sans any authorisation, except for a cryptic sticker suggesting that the vehicle was hired for government duties in the past. Once the culprits managed to hoodwink the security at the main entrance, it was a cakewalk for them.
In the age of biometric security, individuals and vehicle flaunting fake paper IDs are permitted into a sensitive establishment goes to proves that we neither understand modern security threats nor geared up to deal with these. Shastri Bhawan houses four ministries and is guarded by Central Industrial Security Force (CISF). Respective ministries have their own vigilance and security departments to look after the internal security. A senior police or intelligence officer heads such department. It defeats all logic, when you are told that a person, who quit his temporary job with the Ministry of Petroleum and Natural Gas in 2012 was still masquerading as an employee to gain unauthorised access in the premises through the main entrance.
Was there any system for issue and withdrawal of identity cards in place? Were these cards ever renewed? Were permanent and temporary employees issued similar or different cards? Were the details of the employees who had retired or were terminated shared with CISF? Did anyone care to cross check the details of visitors to ministry from the CISF at the main entrance? Nocturnal visits of the culprits would have come to light.
The idea behind installing surveillance system in the building is to monitor people and their nefarious activities especially after office hours. Seems, no one ever spared some time to review the footage of CCTV. If the footage was watched periodically, regular black outs of the entire surveillance system at night, despite a power back up could have established a pattern and raised some suspicion. Security equipments are enablers; without human interface these are just show pieces.
Just before the office hours, there is a great stampede in the government offices to leave for home. That is not an excuse to leave offices unsealed or not depositing the keys with the caretaker. It is no surprise that culprits had ample opportunity and time to prepare duplicate keys. Establi-shments pay special attention to the aspect of key management, wherein, staff is nominated to receive or deposit keys with a caretaker. It seems that in the ministry locking and sealing of the offices was not in-thing.
It was an insider’s job. A peon-clerk duo with good knowledge of the offices of the ministry was working in tandem to steal information. Did anyone ever notice that why the minister’s peon, who was about to retire from the service was ever willing to stay back after the office hours? Or the peon and the clerk from the central registry opted to stay back together? Central registry is a sensitive desk handling all incoming and outgoing mails. Its handling clerks are rotated regularly. Yet, no one had time to look into the matter. One thing is really baffling; were these semi-educated persons so capable that they could get hold of correct documents that was needed by their handlers or these were left unattended by concerned appointments in their offices on purpose?
All ministries and public sector undertaking offices are subjected to annual security audit by Intelligence Bureau (IB). Were physical security attack and penetration tests ever carried out at Shastri Bhawan? With such shoddy security processes in place, it would be interesting to go through the IB’s audit report. Did the sleuths find anything amiss at the ministry or was it just a broad brush? Notwithstanding the IB’s audit, what steps did ministry’s vigilance and security department take to tone up its set up? Apparently none.
Controlled use of photocopier in the offices could have led us to some conclusions, if the operator had cared to note down its counter number in the log book. It is told that discovery of a document left behind in the photocopier actually led to discovery of the petrogate. This episode also highlights the problem of managing visitors and journalists. Ideally, all visits should be prescheduled. Officers should not meet visitors in their offices. Journalists should receive their briefing from the PRO and not get into the business of cultivating their own sources, which ultimately leads to security compromise.
So far, only physical security lapses have come to light. With security compromised so deeply, it should not be a surprise, if the instances of cyber espionage also surface from the establishment. Amount of data stolen and damage done to national interests in that case would be humongous.
It is not the case of Ministry of Petroleum alone; oil slick from the petrogate is spreading to other ministries and departments as well. Despite all vulnerabilities, security remains our Achilles heel. Will petrogate change our attitude? Or as the dust settles down, it will be business as usual at the ministries. A common citizen who gets frisked many times over in a single day and undergoes rigorous security checks at the workplace will certainly not be amused at the sad state of security prevailing at the government establishments.
By Colonel (Retd.) US Rathore