2. Till the 1980s, they focused more on targeting human beings. Targeting of capabilities----which may or may not cause human fatalities---- came into vogue in the 1980s, when the Irish Republican Army (IRA) carried out explosions in London's financial district.

3. Targeting of capabilities does not create the same kind of public revulsion against the terrorists as the targeting of human beings does. Whereas the after-effects of the targeting of human beings remain localised in the area where they were targeted, the impact of the targeting of capabilities has a ripple effect far beyond the area where the act of terrorism was carried out.

4. A successful terrorist strike in Bali has an impact on the tourist economy of not only Indonesia, but also of neighbouring countries. The effect of a successful terrorist strike on the oil installations of Saudi Arabia or on commercial shipping in the Malacca Strait would be felt right across the world with varying degrees of intensity. The impact of a successful terrorist strike on the information technology (IT) industries of Bangalore would be felt not only in Bangalore, but also in the stock markets of different cities, where the shares of the IT companies are traded. Because of networking, the repercussions of a successful terrorist operation against the critical information infrastructure in one city can spread the resulting damage right across the world.

5. Terrorists calculate that repeated and sustained successful terrorist strikes against capabilities would make the States more amenable to pressure and intimidation from them than successful terrorist strikes against human beings. Their calculations are not far wrong. In the case of terrorism against capabilities, even fears or rumours of a possible terrorist strike against them can have a negative effect on the economy.

6. Protection of capabilities against terrorist strikes has, therefore, become an important component of counter-terrorism. Protection of the capabilities of the State is the exclusive responsibility of the State for which it has a preventive intelligence capability and specially trained physical security agencies or forces.

7. Protection of the capabilities in the private sector is basically the responsibility of the physical security set-ups of the companies concerned, but the State too has an important responsibility for guiding them and helping them to improve their physical security set-ups through appropriate advice. There may be occasions and sensitive industries in the private sector, where the State's role extends beyond guidance and advice to actually buttressing the physical security set-up of the company through its (the Government's) own trained and armed personnel.

8. Effective physical security rests on a strong information base. The security set-ups of private companies and other establishments suffer from a major handicap in this regard. Their ability to collect intelligence is confined to the interior of the company or establishment. They will have no means of collecting intelligence about threats, which could arise from outside the company or establishment.

9. For this awareness of likely external threats they are dependent on the media, the police and the governmental intelligence agencies. The media reporting often tends to be sensational and over-dramatised. The reliability of their reports is not infrequently questionable. While open source information from the media is important for increasing awareness of likely threats, the ability to have it verified, analysed and assessed is equally important. Otherwise, physical security set-ups will be groping in the dark.

10. Such verification, analysis and assessment have to come from the Police and the intelligence agencies and the results of this process have to be shared promptly with the companies or establishments, which are likely to face a threat, with appropriate suggestions for follow-up action. It should not be left to the security set-ups of private companies to take the initiative to contact the police and other counter-terrorism agencies to find out if there are any external threats to them---particularly after reading media reports in this regard.

11. The police and other counter-terrorism agencies should play a proactive role in creating and strengthening credible information awareness among the heads of the security set-ups of vulnerable private companies and their CEOs. This has to be constantly achieved through periodic interactions organised by the police in the form of brain-storming sessions, round-table discussions etc. Such interactions at the initiative of the governmental agencies seem to be more sporadic than regular----often triggered only by an actual crisis than by the anticipation of a possible crisis.

12. Heads of the security set-ups of private companies should have easy access, when warranted, to senior officers of the police and other counter-terrorism agencies. One gets an impression that such access is often restricted to officers at the middle or lower levels, who do not have the required degree of professionalism and self-confidence to be able to interact meaningfully and satisfactorily with senior officers of the private sector.

13. The effective physical security of any establishment---sensitive or non-sensitive, private or public--- depends on effective access control. Poor access control has been responsible for many successful terrorist strikes the assassination of Rajiv Gandhi by the LTTE was a glaring example. The Bangalore incident of December 28, 2005, is similarly attributed to poor access control.

14. Access control has four aspects. First, control of access to the establishment to the members of its staff. Second, control of access to outsiders who come to the establishment on legitimate work. Third, control of access to the venues of conferences, seminars etc held inside the campus of the establishment. Four, control of access to motor vehicles and restrictions on their parking.

15. Access control is ensured through means such as renewable identity cards for the permanent members of the staff; temporary identity cards to outsiders coming on legitimate work; numbered invitation cards to those invited to conferences, meetings etc; restrictions on the entry of vehicles of outsiders into the campus; restricting the number of entry points and exits to the minimum unavoidable; identity checking at doors; checking for weapons and explosives through door-frame detectors; checking of vehicles for explosives; installation of closed circuit TV at the points of entry and exit and at sensitive points in the establishment; a central control room to monitor all happenings at the entry points and exits and inside the premises through the CCTV etc.

16. Better access control by the security staff is facilitated through the advance sharing of information with them about the outsiders, who are expected to visit the premises for meetings, conferences, seminars etc.

17. These are the minimum measures considered necessary for any company or establishment, which is considered vulnerable to terrorist strikes. It is important for the Police to prepare and revise periodically lists of vulnerable companies/establishments in their jurisdiction and share their conclusions with the security set-ups concerned.

18. Similarly, it is important for each vulnerable company or establishment to prepare and revise periodically a list of vulnerable points/occasions, which would need the special attention of the security staff and brief the security staff on the follow-up action to be taken. It would also be necessary to discuss this list with the Police and seek their advice on the adequacy of the security measures, which the security set-up of the company or establishment proposes to take. The Police should not consider such consultations as unnecessary intrusions on their time. They should welcome such consultations or interactions as a necessary component of their counter-terrorism strategy.

19. IT companies and other establishments in South India have been facing frequent work interruptions since March last year due to hoax telephone calls and E-mail and Fax messages regarding possible terrorist strikes. A basic principle in physical security is, "treat every information, hoax call etc as possibly correct unless and until it is proved to be false and take the necessary follow-up action. Never start on the presumption that the information is probably false or the message a hoax. This would be extremely inadvisable and even dangerous.

20. Every day, before our Parliament meets, its security staff make a thorough check-up of the premises for any hidden explosives. Only after they have sanitised the premises, are the members of Parliament allowed to enter and start the session. Recently, after the sanitisation had been done and the day's session had started, there was a hoax message warning of a likely explosion. Even though the security staff knew that they had thoroughly sanitised the place, they still did not want to take a chance. They asked all MPs and other staff to vacate and made another thorough check to satisfy themselves that the message was false. That is the way a good physical security set-up should function.

21.Even the best of intelligence cannot prevent a terrorist strike, if the physical security set-up is weak or inefficient. A competent physical security set-up can prevent a terrorist strike even in the absence of preventive intelligence.

22. Sometimes, despite the best of physical security, terrorists might succeed in staging an incident. That is where the role of the crisis management drill comes in to limit the damage. A well-prepared and frequently rehearsed crisis management drill is a very important part of the counter-terrorism strategy in any establishment---private or public.

23. Effective physical security is the outcome of constant enhancements in the security personnel of professionalism, self-confidence, information awareness, threat and vulnerability perceptions and protective capability. Achieving these enhancements is primarily the responsibility of the security set-up of the establishment, but the Police has an important role in facilitating this. This is a responsibility, which they should not evade. Well-structured police---security set-up interactions to enhance security is the need of the hour.

24. The CEO of each company has also an important role to play in the enhancement of the various aspects of physical security. It is not just the business of the physical security set-up. It is equally the business of the CEOs. 

(The writer is Additional Secretary (retd), Cabinet Secretariat, Govt. of India , and Director, Institute For Topical Studies, Chennai)