Fundamentals of security management that stood the test of time

The concept of security whether it concerns the nation, an establishment of strategic importance or even a business corporation, revolves around some basic principles that brooked no compromise.

We live in an insecure world where the issues of security are knocking at everyone’s doors - the State has to protect its own integrity amidst threats, external or domestic, but it is also supremely responsible for the security of its citizens as well.

In a democratic dispensation, this cannot happen unless people themselves show an awareness about security which makes them a conscious contributor to national security at large. This more than anything else, validates the first principle of security in our times about the ‘mainstreaming’ of this function.

Security of an enterprise is no more a matter of outsourcing it to a set of guards and their supervisors - it has to be built into the policy framework of the organisation, be based on planning and budgeting and above all, has to be in a position to act on the authority of the top man of the enterprise.

The head of the organisation is deemed to be the ultimate repository of the security function though he or she would normally assign this responsibility to one of the Deputies. This stands to reason for in the event of a senior member being suspected of violating mandatory security regulations, there would be a reluctance to bell the cat if the security set-up did not have confidence that it had the attention of the person at the very top.

The point is that security is a comprehensive call that cannot be fulfilled without the notional involvement of the organisational leadership. Security clearly is a ‘mainstream’ task that embraces the length and breadth of the organisation.

The second fundamental principle of security is that it is an INTEGRAL concept. The establishment is either secure or insecure - there is nothing like a house being half-secure or half of it being secure.

Security basically is protection against ‘covert’ attacks of the enemy - an open or visible offensive against the nation will have to be countered by the defence forces of the country and if the target is an organisation, by the state law and order machinery responding to that attack.

In sensitive organisations, subversion basically meant changing the loyalty of a member away from the organisation to serve the cause of the ‘new master’, which can obviously be used for sabotage and espionage too.

In these days of ‘knowledge-based’ decision-making, this function has acquired a newfound importance. The impact of climate change is another area of study now for security - across the spectrum of local to global concerns.

Incidentally, it is rightly said that ‘you have to buy security’ and that ‘security does not come cheap’. A fundamental thing about security is that it is not a ‘one-time event’. The scale and pattern of security are determined by the threat scenario and the latter was prone to changes - this is true of geopolitical developments, the environment in the neighbourhood and changes on the domestic front.

In the era of globalisation and knowledge economy, a rival can spring up from anywhere in the world and a smaller player could take an established business by surprise through ‘smarter’ ways of working.

Technology makes a human process ‘smart’ and now we have Artificial Intelligence (AI) that smartens up Information Technology itself. In the digital world, a lot is happening to upgrade life but for security, newer challenges are also emerging - ranging from Cyber Warfare to misuse of social media as ‘an instrument of combat’.

Proxy wars have expanded to include ‘information warfare’ and influencing the narrative to pull down a target country or enterprise. AI is opening up new frontiers of data analytics, robotics and identity emulation and pushing product development and business applications to new heights but it has multiplied security concerns as well.

It is feared that the security risks accruing from automation - of military offensives in particular - could outweigh the likely positives produced by AI for human advancement. Change is the only constant now and the entire challenge of security has assumed unforeseen proportions.

As it is, a Cyberattack is detected only after it materialised making the mitigation effort so much more difficult. AI, however, would theoretically make it possible to consider ‘preventive’ measures for security on the basis of study of the modus operandi of the adversary carried out through its power of analysis.

Security definitely was running into new challenges in a situation rightly described by VUCA (volatile, uncertain, complex and ambiguous) which made knowledge-based decision-making so much more difficult. A new threat scenario marked by the rise of covert warfare in newer forms because of the use of cyber or digital space is opening up a new vista of challenge for security. Man-made disasters are another developing area of security concern in this context.

Finally, it is the security domain that is putting leadership to new tests. In matters of security, the top man of the organisation will have to be decisive and capable of making decisions not out of notions of personal ‘charisma’ or of being ‘born’ a leader but on the strength of knowledge of what was happening externally and within the organisation.

The leader has to seek facts that make a difference between a decision and a guess and consequently has to make arrangements that ensure the flow of relevant information to him or her.

In the realm of security, the leader has to have the ability to communicate the organisational advice down the line with clarity, precision and unambiguity. The ethical code of the organisation should also be framed in a manner that covers the requirements of security.

For employees handling confidential information of a sensitive nature, there had to be an arrangement of internal vigilance that occasionally checked out the conduct of a member outside of the workplace. There is so much exposure of society to unscrupulous acts of the hidden enemy on social media, websites and other digital distractions that the classical mandate for ensuring ‘personnel security’ in all its nuances has to be understood well by the leadership. Security set-up of a large corporate body would now have to have enough knowledge of the environment around and this would enable it to contribute to even advising the leadership on how to take the business forward.

A smart leader of the organisation would find ways of garnering that knowledge for corporate progress. Security in fact is an important instrument of grooming for the potential leader of the enterprise - this is the biggest proof that security was in all situations a ‘mainstream’ function today.

(The writer is a former Director of the Intelligence Bureau. Views expressed are personal)