Terrorism & The Business World


"Effective physical security is the outcome of constant enhancements in the security personnel of professionalism, self-confidence, information awareness, threat and vulnerability perceptions and protective capability."

by B.Raman

(December 12, Chennai, Sri Lanka Guardian) Terrorists target human beings---combatants and non-combatants (civilians)--- as well as capabilities---economic and strategic.

Till the 1980s, they focused more on targeting human beings. Targeting of capabilities----which may or may not cause human fatalities---- came into vogue in the 1980s, when the Irish Republican Army (IRA) carried out explosions in London's financial district.

Targeting of capabilities does not create the same kind of public revulsion against the terrorists as the targeting of human beings does. Whereas the after-effects of the targeting of human beings remain localised in the area where they were targeted, the impact of the targeting of capabilities has a ripple effect far beyond the area where the act of terrorism was carried out.

The 9/11 terrorist strikes in the US homeland had a ripple effect right across the world because of the increase in insurance premia for various business transactions and dislocation of international flights.The successful terrorist strikes in Bali had an impact on the tourist economy of not only Indonesia, but also of neighbouring countries. The effect of a successful terrorist strike on the oil installations of Saudi Arabia or on commercial shipping in the Malacca Strait would be felt right across the world with varying degrees of intensity. The impact of a successful terrorist strike on the information technology (IT) industries of Bangalore would be felt not only in Bangalore, but also in the stock markets of different cities, where the shares of the IT companies are traded. Because of networking, the repercussions of a successful terrorist operation against the critical information infrastructure in one city can spread the resulting damage right across the world.

Globalisation and decentralisation are the defining characteristics of the business world of today. Very often many of the core tasks of multinational companies are performed not by their headquarters in their country of origin, but by their field offices spread across the world. Western multinationals delegate many of their core tasks to their offices in India because of the availability in India of highly-qualified managerial experts, who are prepared to work for emoluments, which are high by Indian standards, but not so high by the standards of the country of origin of the multinational. If an act of terrorism disrupts the workling of their Indian offices it would affect not only their business operations in India, but also their operations right across the world.

________________

"The best of intelligence cannot prevent a terrorist strike, if the physical security set-up is weak or inefficient. A competent physical security set-up can prevent a terrorist strike even in the absence of preventive intelligence. "

_________________

Many studies of terrorist operations across the world since 9/11 have brought out how the international terrorist organisations of various hues have successfully adapted for their operations the same concepts and techniques of globalisation and decentralisation, which they have borrowed from the business world. They are globalised in their thinking and outlook and decentralised and autonomous in their operations In the field.

The terrorist strike in Mumbai from the night of November 26,2008 to the morning of November 29,2008, has sent a shiver right across the world not just because it was spectacular, but because there was a fearsome brain, which had conceptualised the entire operation, planned it to the minutest details and had it carried out through remote control from Pakistan with the help of not more than 10 terrorists. There might have been----I apprehend there would have been--- many, many more terrorists involved in various peripheral roles such as intelligence collection, reconnoitring, logistics etc, but the core group, which carried out the strike was not more than 10 in number, but it managed to have an important corner of Mumbai, India's financial capital, under its control for more than 48 hours. A force of nearly 600 men of the Mumbai Police and the National Security Guards was required to eliminate this small group of 10. This was asymmetric urban warfare of a kind not seen in the world ever since terrorism assumed its major dimensions in the post-1967 world after the Arab-Israeli war of that year.

We saw in Mumbai a mix of attacks on human beings and capabilities, a mix of attacks on Indians and foreigners and a mix of various strategies. A strategy to disrupt the peace process between India and Pakistan was mixed with a strategy for reprisal against the expanding strategic co-operation of India with Israel and the Western world. A strategy for discrediting India's political leadership and professional national security managers in the eyes of the Indian public was combined with a strategy for discrediting them in the eyes of the international community and the international business world. These strategies focussed on a mix of targets----the man in the street and the elite. The man in the street was attacked in places like a railway station, a hospital and other public places. The elite was attacked in the Taj Mahal Hotel and the Oberoi-Trident Hotels.

These hotels are not just the favourite spots of tourists who travel on shoe-string budgets. These are the favourite spots of the cream of the international business world, who come to Mumbai not for pleasure, but for their business. Imagine what impressions the business managers of the world, who escaped being killed by the terrorists, would have carried back to their corporate headquarters--- about the security of life and property in India, about the efficiency of India's national security managers, about the quality of our political and professional leadership.

In an article on the terrorist strike in Mumbai, the "Guardian" of the UK wrote: " Analysts are worried that the constant reminder of the attacks will heighten investors' concerns at a time when the Indian economy is slowing and foreign capital is being repatriated. 'This is the last thing India needs,' said businessman Sir Gulam Noon. The British-based multimillionaire, who made his fortune in ready meals, escaped unhurt from the Taj Mahal after spending a frightening night holed up in his suite on the third floor. 'The attacks will temporarily have an impact. It's clearly not good for the economy at a time when the world is in a financial crisis.' That the Taj Mahal and Oberoi play host to the cream of the international business elite is clear given the high-profile executives caught up in the tragedy. Along with Noon, Unilever chief executive Patrick Cescau and his successor, Paul Polman, escaped the Taj Mahal. 'The security landscape has changed overnight,' said Jake Stratton of investment risk consultancy Control Risks. 'This will have a serious effect on how foreign companies perceive India as a business destination.'

The success of the terrorists in Mumbai was due to various factors---- inaction or inadequate action on available intelligence about the plans of the Lashkar-e-Toiba (LET) to target Mumbai with a sea-borne operation,the rusting of our rapid response capability, our failure to draw the rigt lessons about crisis management from the unsatisfactory manner in which the hijacking of an Indian Airlines aircraft to Kandahar in 1999 was handled,and the lack of a joint action capability in our counter-terrorism community consisting of the intelligence agencies, the police, the armed forces, the NSG, the Ministry of Home Affairs, the National Security Council Secretariat (NSCS) and the Joint Intelligence Committee.

The intelligence about the plans for a sea-borne strike in Mumbai had reportedly started flowing in from September when the attention of our policy-makers and senior national security managers was turned towards Vienna where the Nuclear Suppliers Group (NSG) was meeting to consider the question of a waiver for India. In their preoccupation with the Vienna meeting of the NSG, the task of co-ordinating the follow-up action on the flow of intelligence appears to have been relegated to junior officials. whose decisions and directions did not have the same impact on the various dramatis personae involved in joint action. Moreover, during the months preceding the attack the Joint Intelligence Committee, whose task it would have been to analyse and assess the intelligence and decide on follow-up action, was without a head just as it was during the months when the Pakistan Army was getting ready to launch its intrusions into the Kargil area in 1998-99. One of the important lessons of the Kargil conflict was the danger of leaving important posts in our national security apparatus remain unfilled, but we seem to have repeated that mistake once again.

Terrorist attacks directed against economic and business targets have a tactical as well as a strategic impact, an economic as well as a psychological impact. The tactical impact is in respect of replaceable damages . The strategic impact has a long-term effect on the profitability of their business operations due to factors such as an increase in insurance premia for business transactions, an increase in their expenditure on physical security, and an increase in their tax liability due to a surge in Govt. spending on counter-terrorism for which the money has to come from the tax-payers. It has been estimated that the 9/11 terrorist strikes have resulted in a one-third increase in the expenditure on counter-terrorism in the US Defence Department alone. This does not include the expenditure of the Department of Homeland Security.The total US expenditure on counter-terrorism now amounts to US $ 500 billion per annum, which is 20 per cent of the total federal budget. This money has to come from the tax-payers.

The psychological impact arises from the nervousness of the business community. A businessman, who ventures abroad, looks for two things----profitability and security of life and property. If we are not able to assure the security of life and property, no amount of profitability will induce him to take the risk of operating from India.

It is important to hold a thorough, time-bound enquiry into what went wrong in Mumbai and to share its findings with the Parliament and the public. The 9/11 terrorist strikes in the US led to an enquiry by a National Commission constituted jointly by the President and the two Houses of the Congress. Its report was released to the public and discussed in the Congress. A bipartisan resolution to implement its recommendations was passed in 2004. The London blasts of July 2005, were followed by a detailed enquiry by the joint Intelligence and Security Committee. Its report was discussed in the Parliament and its recommendations implemented. So too in Spain after the Madrid blasts of March,2004.In Singapore, there was a detailed enquiry into the escape from jail of a member of the pro-Al Qaeda Jemmah Islamiyah some months ago. Its report was placed before the Parliament and discussed. Since 9/11, there have been many acts of mass casualty terrorism in India---- seven since November,2007, alone. We have not had a thorough enquiry into any of them. How can we identify the weaknesses in our counter-terrorism machinery unless we enquire into the terrorist strikes?

The National Commission in the US, which went into the 9/11 terrorist strikes, pointed out that there was no culture of joint action in the US counter-terrorism community. We have no culture of joint action either. The basic principle underlying the concept of joint action is that every organisation in the counter-terrorism community is individually and jointly responsible for preventing an act of terrorism. Had we developed this culture of joint action, we would not be seeing the unedifying spectacle of the intelligence agencies, the Navy and the Mumbai Police blaming each other for not preventing the Mumbai strike.

Terrorists calculate that repeated and sustained successful terrorist strikes against capabilities would make the States more amenable to pressure and intimidation from them than successful terrorist strikes against human beings. Their calculations are not far wrong. In the case of terrorism against capabilities, even fears or rumours of a possible terrorist strike against them can have a negative effect on the economy.

Protection of capabilities against terrorist strikes has, therefore, become an important component of counter-terrorism. Protection of the capabilities of the State is the exclusive responsibility of the State for which it has a preventive intelligence capability and specially trained physical security agencies or forces.

Protection of the capabilities in the private sector is basically the responsibility of the physical security set-ups of the companies concerned, but the State too has an important responsibility for guiding them and helping them to improve their physical security set-ups through appropriate advice. There may be sensitive industries in the private sector, where the State's role extends beyond guidance and advice to actually buttressing the physical security set-up of the company through its (the Government's) own trained and armed personnel.

Effective physical security rests on a strong information base. The security set-ups of private companies and other establishments suffer from a major handicap in this regard. Their ability to collect intelligence is confined to the interior of the company or establishment. They will have no means of collecting intelligence about threats, which could arise from outside the company or establishment.

For this awareness of likely external threats they are dependent on the media, the police and the governmental intelligence agencies. The media reporting often tends to be sensational and over-dramatised. The reliability of their reports is often questionable. While open source information from the media is important for increasing awareness of likely threats, the ability to have it verified, analysed and assessed is equally important. Otherwise, physical security set-ups will be groping in the dark.

Such verification, analysis and assessment have to come from the Police and the intelligence agencies and the results of this process have to be shared promptly with the companies or establishments, which are likely to face a threat, with appropriate suggestions for follow-up action. It should not be left to the security set-ups of private companies to take the initiative to contact the police and other counter-terrorism agencies to find out if there are any external threats to them---particularly after reading media reports in this regard.

The police and other counter-terrorism agencies should play a proactive role in creating and strengthening credible information awareness among the heads of the security set-ups of vulnerable private companies and their CEOs. This has to be constantly achieved through periodic interactions organised by the police in the form of brain-storming sessions, round-table discussions etc. Such interactions at the initiative of the governmental agencies seem to be more sporadic than regular----often triggered only by an actual crisis than by the anticipation of a possible crisis.

Heads of the security set-ups of private companies should have easy access, when warranted, to senior officers of the police and other counter-terrorism agencies. One gets an impression that such access is often restricted to officers at the middle or lower levels, who do not have the required degree of professionalism and self-confidence to be able to interact meaningfully and satisfactorily with senior officers of the private sector.

The effective physical security of any establishment---sensitive or non-sensitive, private or public--- depends on effective access control. Access control is ensured through means such as renewable identity cards for the permanent members of the staff; temporary identity cards to outsiders coming on legitimate work; numbered invitation cards to those invited to conferences, meetings etc; restrictions on the entry of vehicles of outsiders into the campus; restricting the number of entry points and exits to the minimum unavoidable; identity checking at doors; checking for weapons and explosives through door-frame detectors; checking of vehicles for explosives; installation of closed circuit TV at the points of entry and exit and at sensitive points in the establishment; a central control room to monitor all happenings at the entry points and exits and inside the premises through the CCTV etc.Better access control by the security staff is facilitated through the advance sharing of information with them about the outsiders, who are expected to visit the premises for meetings, conferences, seminars etc.

These are the minimum measures considered necessary for any company or establishment, which is considered vulnerable to terrorist strikes. It is important for the Police to prepare and revise periodically lists of vulnerable companies/establishments in their jurisdiction and share their conclusions with the security set-ups concerned.

Similarly, it is important for each vulnerable company or establishment to prepare and revise periodically a list of vulnerable points/occasions, which would need the special attention of the security staff and brief the security staff on the follow-up action to be taken. It would also be necessary to discuss this list with the Police and seek their advice on the adequacy of the security measures, which the security set-up of the company or establishment proposes to take. The Police should not consider such consultations as unnecessary intrusions on their time. They should welcome such consultations or interactions as a necessary component of their counter-terrorism strategy.

IT companies and other establishments in South India often face work interruptions due to hoax telephone calls and E-mail and Fax messages regarding possible terrorist strikes. A basic principle in physical security is, "treat every information, hoax call etc as possibly correct unless and until it is proved to be false and take the necessary follow-up action. Never start on the presumption that the information is probably false or the message a hoax. This would be extremely inadvisable and even dangerous.

Even the best of intelligence cannot prevent a terrorist strike, if the physical security set-up is weak or inefficient. A competent physical security set-up can prevent a terrorist strike even in the absence of preventive intelligence.

Sometimes, despite the best of physical security, terrorists might succeed in staging an incident. That is where the role of the crisis management drill comes in to limit the damage. A well-prepared and frequently rehearsed crisis management drill is a very important part of the counter-terrorism strategy in any establishment---private or public.

Effective physical security is the outcome of constant enhancements in the security personnel of professionalism, self-confidence, information awareness, threat and vulnerability perceptions and protective capability. Achieving these enhancements is primarily the responsibility of the security set-up of the establishment, but the Police has an important role in facilitating this. This is a responsibility, which they should not evade. Well-structured police---security set-up interactions to enhance security in the private sector is the need of the hour.

Business resilience and business continuity management in terrorism-affected situations are two concepts increasingly figuring in discourses in the Western countries. They have also formed the subject of many studies by the business community and the counter-terrorism community----separately of each other as well as jointly. It is said that the best contribution that the business community can make to counter-terrorism is by staying in business despite terrorist strikes. They may not be able to do it alone. The Government has to help them by playing a proactive role.

New ideas and new institutions have come up in the West to promote partnership between the Government and the business community for ensuring their security and for keeping their resilence undamaged. One example is the Overseas Security Assistance Council established in 1985 by the U.S. State Department to facilitate the exchange of security related information between the U.S. Government and the American private sector operating abroad. Another example is the creation of posts of Counter-Terrorism Security Advisers in important police stations in the UK after the London blasts of July,2005. One of their tasks is to keep in touch with the business establishments in their jurisdiction and advise them on security-related matters. 243 posts of Counter-Terrorism Security Advisers have been created since July 2005 and it has been reported that each important Police Station in London has at least two advisers attached to it. The London Police have established a programme called "London First" in which the Police and the private sector co-operate closely to ensure better security in London. The principle underlying it is that it is the joint responsibility of everyone in London to ensure its security from terrorist attacks. Let us have our own Delhi First,Mumbai First, Chennai First, Kolkata First, Bangalore First and Hyderabad First partnerships to ensure that November 26 will not be repeated again

(The writer is Additional Secretary (retd), Cabinet Secretariat, Govt. of India, New Delhi, and, presently, Director, Institute For Topical Studies, Chennai. E-mail: seventyone2@gmail.com )
- Sri Lanka Guardian