return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

Indian pipedream: "Our campuses are physically secure… The entire perimeter is guarded which we believe enable us to be fully secure"

  #

Shock waves still reverberate through the Indian high-tech community following the December 28 attack against one of the "temples" of Indian's "knowledge society," the Indian Institute of Science (IISc) in Bangalore. "The IISc is one of the country’s more prestigious educational and research institutions. It does research and development work for a number of multinational and local technology companies, and some of its alumnus occupy key positions in the country’s outsourcing industry." IISc' presence in Bangalore is "a key reason that the city became India's technology powerhouse. That's why the psychological impact of the attack is immense—analogous to the impact that an attack on MIT would have in the United States."

Political attacks have turned economic in India.

Shock waves should be reverberating though US outsourcing assets in the Indian subcontinent, but they remain inert in the face of a "twofer" attack that "damages the Indian state and its ability for economic gain directly, and damages US and European firms indirectly -- where an attack on US soil would be prohibitive in terms of placing surveillance and strike teams on the ground."

For those following the attack progression of the Pakistani Lashkar-e-Toiba or LeT, the outcome was clear. In June, 2005, I wrote in Commercial blindness: a "twofer" attack on the Indian state and US and European outsourcing assets:

One must wonder how inattentive major US outsourcers can be, and how 'missing in action' that major consultancies such as Forrester can be, so as to not recognize the physical threat to core outsourcing facilities in India. Perhaps it is the mere continuation of the lesser lapse of failing to factor intellectual property (IP) theft risk in supposedly low cost areas. (See Intellectual property theft: the unspoken unknown of offshoring.) Even more curious is the effective absence of concern by Europeans who would normally have an attentive ear to the near and middle east…

The threat to IT and outsourcing assets in Bangalore and Hyderabad should be taken seriously despite the bland denials from Indian authorities who are understandably anxious to protect what amounts to the core of Indian economic revival…

Who can blame the Indians for keeping mum, but where are the US and European firms that should have a fiduciary responsibility to their stakeholders and to their clients who data and business continuity are in the possession of their Indian entities and outsourcing partners?...

The only thing that the Indians have going for them is that the great unwashed commercial consumers in the West do not know who Lashkar-e-Toiba, Army of the Pure, really is.

The threat was seeping into consular channels as an October 2005 warden message noted:

[T]terrorists may be planning attacks on U.S. interests in India in the near future… information suggests that an attack could be aimed at U.S. interests in the Indian cities of Hyderabad, New Delhi, Mumbai and Calcutta. Facilities associated with the United States or locations where U.S. citizens and other foreigners congregate or visit could be targeted.

Yet the 28 December attack against IISc was a bolt to the Indian IT and BPO outsourcing community. Worse, more attacks are feared despite drastic manhunts:

Indian intelligence is concerned that Mangalore and other Andhra Pradesh cities are becoming Lashkar e-Tayyaba centers and are concerned that 'sleeper cells' of the Pakistani-based militant outfit will carry out further attacks.

Indian intelligence believes that Mangalore and other cities in Andhra Pradesh are being radicalized by Lashkar e-Tayyaba. The Press Trust of India reported that Indian security officials in Bangalore attack have arrested three individuals connected with the attack, believed to have links with Lashker e-Tayyaba and the al Hadees Muslim sect.

While one must always use caution in taking Indian public statements regarding Pakistani actors at face value, it is true that Indian intelligence has made a sustained effort to penetrate and disrupt LeT and other Muslim jihadist groups, even on Pakistani soil. Despite this remarkable effort, jihadists are shifting assets south and east of the Line of Control, the de facto border dividing the disputed zones of Indian and Pakistani controlled Jammu and Kashmir, towards targets that offer a force multiplier against the Indian state.

Damage control is underway following the IISc attack to placate US and European outsourcing clients. Nandan Nilekani, CEO of a major Indian outsourcer, Infosys Technologies Limited, was quick to attempt to play down risk to US firms:

"Our campuses are physically secure. We have all kinds of checks that we do. The entire perimeter is guarded which we believe enable us to be fully secure."

The interviewer went on to quote Nilekani as saying, "Even after American companies factor in additional security costs, doing business in India is still far cheaper than staying home."

Today, perhaps. Tomorrow, no. Extending the "twofer" concept in October 2005, we had forecast this attack progression:

  1. Personnel and symbolic targets
  2. Expat data and business process outsourcing (BPO) centers
  3. Manufacturing and development centers

The latter two target groups can cause supply chain disruptions. It is overlooked, for example, that great numbers of US banks have Indian data centers, attacks against which have a multiplier effect in that the bank and all its customers are affected.

Targeting data, BPO and manufacturing facilities leverages the operations and business continuity of US and European firms that would otherwise be difficult to attack directly, while embarrassing the Indian government in demonstrating that it cannot protect its offshoring endeavors, thereby driving potential investors to areas presumed to offer less risk. Unfortunately, relocating from India elsewhere in Asia merely exchanges direct attack risks to more intellectual property loss risks.

Bangalore's Indian Institute of Science (IISc) is a premier symbolic target. Expect others to follow from both jihadist and Naxalite Maoist (also here and here) attackers. The Indian Institutes of Technology (IITs) (Delhi, Kanpur, Mumbai, et al), and the Indian Institutes of Management (IIMs) (Ahmedabad, Bangalore, Calcutta, et al) are equally vulnerable as are virtually every expat outsourcing facility and personnel compound.

The key for expat firms that have no viable options for relocation is to conduct a rigorous vulnerability assessment, then implement the appropriate risk mediation interventions for personnel, facilities and data.

The Threat to India's High-Tech Sector
By Fred Burton
Stratfor
January 11, 2006

Bangalore IT security
Miranda Kennedy
Marketplace, NPR
January 6, 2006

Indian security concerned recent attack prelude to more
By John C.K. Daly Jan 6, 2006, 8:38 GMT
United Press International

India's Knowledge Society Attacked
By John Ribeiro - IDG News Service (Bangalore Bureau)
Jan 04, 2006

Reported terror plots raise fears in south India
By Saritha Rai
International Herald Tribune
TUESDAY, JANUARY 3, 2006

Arrest in Bangalore attack case
BBC News
Last Updated: Tuesday, 3 January 2006, 13:57 GMT

Intelligence agencies fear more IISc-type attacks
Rediff India Abroad
January 01, 2006 22:04 IST
Last Updated: January 01, 2006 22:10 IST

Bangalore unnerved by shooting
By Saritha Rai
International Herald Tribune
DECEMBER 30, 2005

Fresh security alert in Bangalore
BBC News
Last Updated: Friday, 30 December 2005, 14:53 GMT

Massive hunt for India attacker
BBC News
Last Updated: Thursday, 29 December 2005, 10:15 GMT

Is Outsourcing the Next Terror Target?
By ARAVIND ADIGA
Time
Dec. 29, 2005

Hyderabad put on alert following B'lore attack
Press Trust of India
Hyderabad, December 28, 2005

THE NAXALITE CHALLENGE
VENKITESH RAMAKRISHNAN in New Delhi
Frontline
India's National Magazine
Volume 22 - Issue 21, Oct. 08 - 21, 2005

Warden Message: Possible Threat to U.S. Interests in India
Consular Affairs Bulletins
South / Central Asia - India
10 Oct 2005

The Naxalite-affected States
HindustanTimes.com
May 9, 2005

Gordon Housworth



InfoT Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  
 
In order to post a message, you must be logged in
Login
message date / author


There are no comments available.

In order to post a message, you must be logged in
Login