7 persons remanded for 15 days in Rameswaram for ‘attack’ on Sri Lankan businessman Thirukumaran Nadesan

Posted on

transcrant10 January 2012, 9:14 pm by D.B.S. Jeyaraj
Rameshwaram Police has cracked down on the Tamil Nadu political activist mob that attacked Sri Lankan Tamil businessman Thirukumaran Nadesan

Agitators laying seige to ahouse where Thirukumaran Nadesan had performed a puja in Rameswaram on Tuesday-pic courtesy of: The Hindu
Agitators laying seige to ahouse where Thirukumaran Nadesan had performed a puja in Rameswaram on Tuesday-pic courtesy of: The Hindu

Police arrested Seven persons including “Karate”Palanisamy of Marumalarchi Dravida Munnetra Kazhagham&Kan.Illango of Naam Thamizhar Iyakkam. The arrested persons were produced in courts and remanded to judicial custody for fifteen days by the Rameshwaram Judicial magistrate. Police have filed charges against the arrested “activists” under Sections 506(1), 294(b), 427, 448 and 355 of the Indian Penal Code(IPC) The relevant charges under these IPC provisions relate to criminal intimidation,uttering obscene words,mischief,house trespass&assault. Rameshwaram Police have filed these charges against the activists on the basis of a complaint lodged by Ananda Dikshidhar a Brahmin Priest It was at Ananda Dikshidhar’s house on Nadutheru in Rameshwaram town that a special pooja was held with Thirukumaran Nadesan participating

The pooja was part of a Hindu ritual for propitiating ancestors of Thirukumaran Nadesan who was on a two -day pilgrimage to Rameshwaram Activists from the Vaiko led Marumalarchi Dravida Munnetra Kazhagham(MDMK)&Seeman led Naam Thamizhar Iyakkam (NTI)demonstrated on the street When Nadesan came out of the house some journalists asked him about his political views to which the businessman replied he had no opinion Over 20 persons led by “Karate”Palanisamy of MDMK & Kan. Illango of NTI surrounded& “attacked” Nadesan with flagpoles & threw footwear at him.

The Brahmin priests then pulled back Nadesan into the house&shut the door. The mob then threw stones & tried to enter the house forcibly The priest blocked the rowdy mob from entering in a bid to protect Nadesan. Ananda Dikshidhar sustained minor injuries in the fracas Rameshwaram Police then came to the spot & rescued Nadesan afterdispersing the mob &arresting 7 ring leaders including Palanisamy & Ilango Nadesan was escorted back to his hotel in Rameshwaram town by the Police who got him to vacate it for security reasons& took him to Trichy Ramanathapuram range Police DIG Sandeep Mittal described the incident as a “minor scuffle”& promised stern action against those involved.

Police take out flag march in Karur, Pudukottai

Posted on Updated on

hindu logoKARUR, MAY 7. 2004.

The police took out a flag march here on Thursday to instil confidence in the people on the eve of the Lok Sabha elections.

Over 500 local policemen, personnel from the Armed Reserve, Tamil Nadu Special Police and Central Industrial Security Force and recruit police constables, led by the Superintendent of Police, Sandeep Mittal, marched through busy localities of the town.

Police personnel taking out a flag march in Karur on Thursday.
Police personnel taking out a flag march in Karur on Thursday.

Beats and patrols have been intensified as a precautionary measure to ensure free and fair polls. Adequate police force has been mobilised for providing bandobust during the election.

A total of nine bootleggers and 1,454 persons, including 382 women prohibition offenders, have been detained and 115 non-bailable warrants were executed since the announcement of elections.

Twenty-two trouble mongers were identified and booked under preventive sections, says press release.The police so far registered 81 cases for the violation of model code of conduct. Mr. Mittal warned of stringent action against those indulging in anti-social activities and in poll offences.

Major shuffle of IPS officers

Posted on Updated on

hindu logoCHENNAI, April 5, 2013

In a major shuffle in the Police Department, the State government on Thursday promoted and transferred several IPS officers across Tamil Nadu.

Karan Singha, Additional Director-General of Police, Armed Police, was transferred and posted to head the Crime Branch CID (CBCID), Chennai. Sanjay Arora, Inspector-General of Police/Additional Commissioner of Police (Headquarters), Chennai Police, was promoted and posted as ADGP, Operations, in the place of N. Tamilselvan, posted as ADGP, Armed Police. Sunil Kumar, IGP/Member Secretary, Uniformed Services Recruitment Board, was promoted and posted as ADGP/Special Officer, Tamil Nadu Police Transport Corporation. He will also head the Tamil Nadu Police Academy in the place of K.P. Maghendran holding additional charge. Sunil Kumar Singh, IGP/Commissioner of Police, Tirunelveli, has been promoted and posted as ADGP/Member, TNUSRB.

S. Davidson Devasirvatham, Deputy Inspector-General of Police, Intelligence, was promoted and posted as IGP, West Zone, Coimbatore. Sandeep Mittal, DIG on deputation with the Government of India, was promoted as IGP without prejudice to his deputation. B. Balanagadevi, DIG, Madurai Range, was promoted and posted as IGP, TNUSRB. V.A. Ravikumar, Joint Commissioner of Police, East, Chennai Police, has been promoted and posted as Additional Commissioner of Police, Headquarters, Chennai Police. R.S. Nallasivam, JCP, Heaquarters, Chennai Police, was promoted and posted as IGP, Central Crime Branch, Chennai Police. S.N. Seshasai, JCP, Central Crime Branch, Chennai Police, was promoted and posted as IGP, Enforcement. M. Ramasubramani, DIG, Ramanathapuram Range, was promoted and posted as IGP, Central Zone, Tiruchi.

Anand Kumar Somani, Superintendent of Police, on deputation with the Government of India, was promoted as DIG without prejudice to his deputation. N. Rajasekaran, SP on leave, was promoted and posted as DIG, Armed Police, Chennai. P. Nagarajan SP, Tamil Nadu Police Academy, was promoted and posted as DIG, Headquarters, Chennai, in the place of A. Arun transferred and posted as Joint Commissioner of Police, North Traffic, Chennai Police. R. Samuthirapandi, Deputy Commissioner of Police, Control Room, Chennai, was promoted and posted as DIG, Vigilance and Anti-Corruption.

V.H. Mohammed Hanifa, SP, Coastal Security Group, was promoted and posted as DIG, Thanjavur Range, in the place of H.M. Jayaram transferred and posted as DIG Tamil Nadu Police Academy, Oonamancheri, in the newly created post. S. Baskaran, DCP, Traffic North, was promoted and posted as DIG, Ramanathapuram Range. J. Baskaran, Commandant, XIth Battalion, Manimuthar, was promoted and posted as DIG, Railways, Chennai. K. Vanniaperumal, IGP, State Crime Records Bureau, Chennai, was transferred and posted as IGP, Training. M.T. Ganesamoorthy, DIG, Vellore, was posted as DIG, Coimbatore.

C. Sridhar, DIG, Crime Branch CID, was transferred and posted as JCP, North, Chennai Police, in the place of K. Shankar posted as JCP, East, Chennai Police.

A Strategic Roadmap for Prevention of Drug Trafficking through Internet

Posted on Updated on

ijccThe Indian Journal of Criminology and Criminalistics( ISSN 09704345),

July- Dec., 2012,Volume XXXIII, NO.2, pp: 86- 95.   

Sandeep Mittal, I.P.S.



The ‘World Wide Web (WWW)’ or popularly known as the ‘Internet’ has become an essential part of our professional and personal lives. It has revolutionized communication and trade beyond the control of National and International borders. Therefore, the prevention of trafficking of drugs through World Wide Web is the emerging evil and remains a global challenge for Law Enforcement Agencies. The problem of understanding ‘Trafficking of Drugs through Internet’ has been compared with the problem of elephant and the five blind men.

A Typical modus operandi of drug trafficking through internet and operation of Internet Pharmacies has been identified on the basis of Indian case -studies. Based on the Indian experience, a Strategic Roadmap for prevention of drug trafficking through Internet has been prepared. The obstacles to the implementation of Strategic Roadmap have been identified and solutions proposed within the existing system of Criminal Justice Administration. Finally, the process of evaluation of the proposed Strategic Plan has been proposed by author.

The ‘World Wide Web’ (WWW) or popularly known as the ‘Internet’ has become an essential part of our professional and personal lives. It has revolutionized communication and trade beyond the control of national and international borders. The unscrupulous criminals are using Internet to their advantage to commit numerous crimes viz.,
pornography, gambling, lottery, financial frauds and not the least drug trafficking as it is difficult to regulate and expensive to monitor. The drug traffickers use the Internet to establish and maintain their global criminal networks and sell the narcotic and psychotropic substances to general public all over the world. The ‘Internet- Pharmacies’ are threatening the continued existence of the current system of global prohibition.1, 2, 3In an international sting operation in June, 2013 spread over 99 countries USFDA shut sownat least 1,677 internet pharmacies many of which appeared to be part of an organized criminal network.4

A few popular examples of such narcotic and psychotropic substances are phentermine, alprazolam, clonazepam, triazolam, diazepam, lorazepam etc. They not only have high potential of abuse but are extremely addictive in nature. The online sales of such narcotic and psychotropic substances is a criminal offence under the Indian Law viz., under section 12 and 24 of The N.D.P.S. Act91985,
a) import/ export, transit, trans-shipment of scheduled drugs and psychotropic substances is prohibited.
b) no import / export of drugs and psychotropic substances through post or bankare permitted.
c) no person shall engage in or control any trade whereby a narcotic drug or psychotropic
substance is obtained outside India and supplied to any person outside India save with the previous permission of the Central Government and subject to conditions.The contraventions of the provisions of Act are punishable with imprisonment for not less than 10 years, extendable to 20 years, and fine of not less than Rs.1, 00,000. Therefore, the trafficking of drugs through World Wide Web is the global emerging evil and remains a challenge for Law Enforcement Agencies.12


A number of cases of trafficking of drugs through the Internet have come to the notice of Indian Law Enforcement Agencies., e.g., in Gujarat, Uttar Pradesh., West Bengal, New Delhi and Tamilnadu.

Figure 1
Figure 1

The understanding of the mechanism of trafficking of drugs through internet could be compared to the problem of “The Elephant and the Five Blind Men”15pictured in figure-1 above. In most of the cases the investigation agencies had no clue as to modus-operandi of such cases until the land-mark case of ‘Xponse Technologies’ was detected by Indian Law Enforcement Agencies in 2007.6,7It would be interesting to read the following Judgment in this case of Honb’ le Supreme Court of India, wherein the accused has even claimed the benefit of Section 79 of the I. T. Act,  1980.8

CRIMINAL APPEAL NO. 1659 OF 2007 (@SLP (Crl.) No. 3892 of 2007)
Harjit Singh Bedi, J. – Special Leave granted
The appellant Sanjay Kumar Kedia, a highly qualified individual, set up two companies M/s. Xponse Technologies Limited (XTL) and M/s. Xponse IT Services Pvt. Ltd. (XIT) on 22.4.2002 and 8.9.2004 respectively which were duly incorporated under the Indian Companies Act, 1956. On 1.2.2007 officers of the Narcotics Control Bureau (NCB) conducted a search at the residence and office premises of the appellant but found nothing incriminating. He was also called upon to appear before the NCB on a number of occasions pursuant to a notice issued to him under Section 67 of the Narcotic Drugs and Psychotropic Substances Act, 1985 (hereinafter referred to as the “Act”) and was ultimately arrested and the bank accounts and premises of the two companies were also seized or sealed. On 13.3.2007 the appellant filed an application for bail in the High Court which was dismissed on the ground that a prima facie case under Sections 24 and 29 of the Act had been made out and that the investigation was yet not complete.
The appellant thereafter moved a second bail application before the High Court on 16.4.2007 which too was dismissed with the observations that the enquiry was at a critical stage and that the department should be afforded sufficient time to conduct its enquiry and to bring it to its logical conclusion as the alleged offences had widespread ramifications for society. It appears that a bail application was thereafter filed by the appellant before the Special Judge which too was rejected on 28.5.2007 with the observations that the investigation was still in progress. Aggrieved thereby, the appellant preferred yet another application for bail before the High Court on 4.6.2007 which too was dismissed on 7.6.2007. The present appeal has been filed against this order.
  1. Notice was issued on the Special Leave Petition on 30.7.2007 by a Division Bench noticing a contention raised by Mr. Tulsi that service providers such as the two companies which were intermediaries were protected from prosecution by Section 79 of the Information Technology Act, 2000. An affidavit in reply has also been filed on behalf of the respondent NCB and a rejoinder affidavit in reply thereto by the appellant.
  2. We have heard learned counsel for the parties at length.
  3. Mr. Tulsi has first and foremost argued that the allegations against the appellant were that he had used the network facilities provided by his companies for arranging the supply of banned psychotropic substances on line but there was no evidence to suggest that the appellant had been involved in dealing with psychotropic substances or engaged in or controlled any trade whereby such a substance obtained outside India had been supplied to persons outside India and as such no case under section 24 of the Act had been made out against the appellant. Elaborating this argument, he has submitted that the two
    drugs which the appellant had allegedly arranged for supply were phentermine and butalbital and as these drugs were not included in Schedule-I of the Narcotic Drugs or Psychotropic Substances Rules 1987 in terms of the notification dated 21.2.2003 and were also recognized by the Control Substances Act, a law applicable in the United States, as having low potential for misuse and it was possible to obtain these drugs either on written or oral prescription of a doctor, the supply of these drugs did not fall within the mischief of Section 24. He has further argued that in the circumstance, the companies were mere network service providers they were protected under Section 79 of the Technology Act from any prosecution.
  4. Mr. Vikas Singh, the learned Additional Solicitor General for the respondents has however pointed out that the aforesaid drugs figured in the Schedule appended to the Act pertaining to the list of psychotropic substances (at Srl. Nos. 70 and 93) and as such it was clear that the two drugs were psychotropic substances and therefore subject to the Act. It has also been pointed out that the appellant had been charged for offences under Sections 24 and 29 of the Act which visualized that a person could be guilty without personally handling a psychotropic substance and the evidence so far collected showed that the appellant was in fact a facilitator between buyers and certain pharmacies either owned or controlled by him or associated with the two companies and that Section 79 of the Technology Act could not by any stretch of imagination guarantee immunity from prosecution under the provisions of the Act.
  5. It is clear from the Schedule to the Act that the two drugs phentermine and butalbital are psychotropic substances and therefore fall within the prohibition contained in Section 8 thereof. The appellant has been charged for offences punishable under Sections 24 and 29 of the Act. These Sections are re-produced below:
    24. “ Punishment for external dealings in narcotic drugs and psychotropic substances in contravention of section 12.- Whoever engages in or controls any trade whereby a narcotic drug or a psychotropic substance is obtained outside India and supplied to any person outside India without the previous authorization of the Central Government or otherwise than in accordance with the conditions (if any) of such authorization granted under section 12, shall be punishable with rigorous imprisonment for a term which shall not be less than ten years but which may extend to twenty years and shall also be liable to fine which shall not be less than one lakh rupees but may extend to two lakh rupees: Provided that the court may, for reasons to be recorded in the judgment, impose a fine exceeding two lakh rupees”.
    29. Punishment for abetment and criminal conspiracy. – (1)Whoever abets, or is a party to a criminal conspiracy to commit an offence punishable under this Chapter, shall, whether such offence be or be not committed in consequence of such abetment or in pursuance of such criminal conspiracy, and notwithstanding anything  contained in section 116 of the Indian Penal Code (45 of 1860), be punishable with the punishment provided for the offence.
    (2) A person abets, or is a party to a criminal conspiracy to commit, an offence, within the meaning of this section, who, in India abets or is a party to the criminal conspiracy to the commission of any act in a place without and beyond India which (a) would constitute an offence if committed within India; or (b) under the laws of such place, is an offence relating to narcotic drugs or psychotropic substances having all the legal conditions required to constitute it such an offence the same as or analogous to the legal conditions required to constitute it an offence punishable under this Chapter, if committed within India.
    8. A perusal of Section 24 would show that it deals with the engagement or control of a trade in Narcotic Drugs and Psychotropic Substances controlled and supplied outside India and Section 29 provides for the penalty arising out of an abetment or criminal conspiracy to commit an offence under Chapter IV which includes Section 24. We have accordingly examined the facts of the case in the light of the argument of Mr. Tulsi that the companies only provided third party data and information without any knowledge as to the commission of an offence under the Act. We have gone through the affidavit of Shri A.P. Siddiqui Deputy Director, NCB and reproduce the conclusions drawn on the investigation, in his words.
    “(i) The accused and its associates are not intermediary as defined under section 79 of the said Act as their acts and deeds was not simply restricted to provision of third party data or information without having knowledge as to commission of offence under the NDPS Act. The company (Xponse Technologies Ltd. And Xponse IT Services Pvt. Ltd. Headed by Sanjay Kedia) has designed, developed, hosted the pharmaceutical websites and was using these websites, huge quantity of psychotropic substances (Phentermine and Butalbital) have been distributed in USA with the help of his associates. Following are the online pharmacy websites which are owned by Xponse or Sanjay Kedia.
    (1) Brother Pharmacy.com and LessRx.com: Brothers pharmacy.com, online pharmacy was identified as a arketing website (front end) for pharmaceutical drugs. LessRx.com has been identified as a “back end” site which was being utilized to process orders for pharmaceutical drugs through Brotherspharmacy.com. LessRx.com’s registrant and administrative contact was listed True Value Pharmacy located at 29B, Rabindra Sarani, Kolkata, India-700073. Telephone No.033-2335-7621 which is the address of Sanjay Kedia. LessRx.com’s IP address is The following websites were also utilizing this IP address:
    address: were NS.PALCOMONLINE.com and NS2PALCOMLINE.com.
    The LessRx.com’s website hosting company was identified as Palcom Web Pvt Ltd, C-56/14,1st Floor, Institutional Area, Sector 62, Noida-201301. Sanjay Kedia entrusted the hosting work to Palcom at VSNL, Delhi. These servers have been seized. Voluntary statement of Shri Ashish Chaudhary, Prop. Of Palcom Web Pvt Ltd.indicates that He maintained the websites on behalf of Xponse.
    According to the bank records, funds have been wired from Brothers pharmacy, Inc’s Washington Mutual Bank Account #0971709674 to Xponse IT services Pvt Ltd, ABN AMRO bank account No.1029985, Kolkata.
    (2) Deliveredmedicine.com : A review of the Xponse’s website-XPONSEIT.com was conducted and observed and advertisement for XPONSERX. That XPONSERX was described as a software platform developed for the purpose of powering online pharmacies. Xponserx was designed to process internet pharmacy orders by allowing customers to order drugs. Drug Enforcement Administration (DEA), USA conducted a “whois” reverse lookup on domain name XPONSERX.COM was at domaintools.Com and it revealed that XPONSERX.COM was registered to Xponse IT Services Pvt Ltd, Sanjay kedia, 29B, Rabindra Sarani, 12E, 3rd floor, Kolkata, WB 70073. Telephone no. +91-9830252828 was also provided for Xponse. Two websites were featured on the XPONSEIT.COM websites as featured clients. And these were DELIVEREDMEDICINE.COM AND TRUEVALUEPRESCRIPTIONS.COM. Review indicated that these two websites were internet pharmacies.
    Consequently a “whois” reverse look-up* on domain name DELIVEREDMEDICINE.COM at domainstools.com conducted by DEA revealed that it was registered to Xponse Inc.,2760 Park Ave.,Santa Clara, CA, USA which is the address of Sanjay Kedia.
    (3) Truevalueprescriptions.com: Review of this website indicated that this website was an internet pharmacy. In addition TRUEVALUEPRESCRIPTIONS listed Phentermine as a drug available for sale. It appeared that orders for drugs could be made without a prescription from the TRUEVALUE website, it was noted that orders for drugs could be placed without seeing a doctor. According to the website, a customer can complete an online questionnaire when placing the order for a drug in lieu of a physical exam in a physician’s office. Toll free telephone number 800-590-5942 was provided on the TRUEVALUE website for customer Service.
    DEA, conducted a “whois” reverse look-up on domain name TRUEVALUEPRESCRIPTIONS.COM at
    domaintools.com and revealed that IP address was and the server that hosts the website
    was located at Palcom, Delhi which also belongs to Xponse. From the above facts it is clear that the Xponse Technologies Ltd and Xponse IT Services Pvt Ltd were not acting merely as a network service provider but were actually running internet pharmacy and dealing with prescription drugs like Phentermine and Butalbital.”
    9. We thus find that the appellant and his associates were not innocent intermediaries or network service roviders as defined under section 79 of the Technology Act but the said business was only a facade and camouflage for more sinister activity. In this situation, Section 79 will not grant immunity to an accused who has violated the provisions of the Act as this provision gives immunity from prosecution for an offence only under Technology Act itself.
    10. We are therefore of the opinion that in the face of overwhelming inculpatory evidence it is not possible to give the finding envisaged under Section 37 of the Act for the grant of bail that there were reasonable grounds for believing that the appellant was not guilty of the offence alleged, or that he would not resume his activities should bail be granted.
    11. For the reasons recorded above, we find no merit in this appeal, which is accordingly dismissed. We however qualify that the observations made above are in the context of the arguments raised by the learned counsel on the bail matter which obligated us to deal with them, and will not influence the proceedings or decision in the trial in any manner.”

It was a great learning experience for investigators and would be the basis of developing a strategic plan for preventing trafficking of drugs through internet. Let us understand various stages of a typical modus-operandi of the entire sequence of trafficking of drugs through internet. It is depicted in figure-2.

fig 3Figure 3

  1. A customer located anywhere in the world and who needs narcotics and psychotropic substances, accesses a website hosted for this purpose. This website is known as “front end website” and may (invariably) be co-hosted with a number of other similar websites on the same or different I.P. address. The “Front End Websites” are generally hosted on a server located abroad to dodge the local law enforcers and make their task difficult.
  2. The data collected by the “Front- end Websites” is routed to the “Back- end Websites” at a domestic location in another State away from the location of drug trafficker.
  3. The data received by “Back- end Websites” is extracted by the traffickers to their location generally through File Transfer Protocol.
  4. Now, the staff of the B.P.O takes order from clients over highly encrypted internet telephone or Skype and receives payment online, many times in small amounts and mostly through ‘high-risk-payment-gateways’.
  5. Once, the payment is received, a label and prescription is generated with fake signatures of doctor and the drug is dispatched to the customer through Courier Services or Postal Services. It would be evident from the above narration that the entire system is designed to dodge the domestic as well as foreign Law Enforcement  Agencies.


Figure 3

By now we understand clearly that any strategy to prevent trafficking of drugs through internet and choke such Internet Pharmacies has to be multi-pronged, comprehensive, consistent, and dynamic. However, it can never be a short term one-time event. It would need continuous development depending upon developments in the Internet-Technology. Piecing together the bits and pieces of the puzzle of elephant16,a strategic roadmap to combat trafficking of drugs through the Internet is depicted in Figure – 3, and outlined in the following lines. It is a multi-pronged strategy to choke and neutralize every stage/step of the typical modus-operandi of drug traffickers.

  1. Formation of specialized unit to cyber-patrol the World Wide Web to detect websites that are selling narcotic and psychotropic drugs online. Once these websites are identified, the IP Address and the physical location of the server would be ascertained. The reverse -IP would be performed to find other related websites.
  2. Internet Service Providers to provide mirror image of servers to conduct forensic examination of transactions.
  3. Special Teams would be formed to investigate such cases.
  4. Requisition to CERT-IN to block all the identified websites.
  5. ‘Surveillance Teams’ to regularly visit the ‘Foreign Post Offices’ and Courier-Hubs to detect consignments of narcotic and psychotropic drugs.13
  6. Real time sharing of intelligence and information with Narcotics Control Bureau (NCB) and National Crime Bureau (in C.B.I) for Interpol’s assistance.The International Criminal Police Organization (ICPO/INTERPOL) has a Drugs Sub-division at General Secretariat and monitors and responds to incoming communications on drug enforcement matters, conducts intelligence analysis of information & produces tactical, statistical and strategic, intelligence reports5,14.
  7. Tracking the routes and channels for transferring money from foreign countries with the assistance of Financial Intelligence Unit, India(F.I.U- India).
  8. Arrest of the accused and freezing his financial assets under the Indian Law. The financial assets would be frozen under chapter 5A (u/s 68 (F) (1)) of N.D.P.S Act.9 The confirmation would be obtained from the Competent Authority (SAFEMA / NDPS) under the Ministry of Finance, Government of India.11
  9. The fit cases would be detained under PITNDPS Act.( 10)


  1. Lack of skills and knowledge on the part of the Investigators.
    A capsule course on various aspects of trafficking of drugs through Internet should be designed and imparted to the specialized unit staff with active co-operation from NIBCID units of states and NCB-India.
    2. Lack of Tools / Software / Hardware for monitoring and forensic analysis.
  2. The funds should be sought from NCB-India under existing scheme of funding for the state police forces. However NCB itself is ill-equipped to handle such cases.
  3. Lack of co-operation on the part of Internet Service Providers (ISPs) during investigation.
    Regular short- duration educational and sensitization Programmes should be organized to overcome this obstacle.
  4. Lack of awareness among the postal and courier staff regarding the criminal nature of these transactions.
    Regular sensitization Programmesshould be organized for their nodal officers.
  5. Lack of awareness among the financial institutions, credit card companies, banks etc. They should be sensitized about their duty to send Suspicious Transaction Reports (STRs) and Cash Transaction Reports (CTRs) to F.I.U-India without fail. The data provided by F.I.U- India should be analyzed by Intelligence Analysts in the investigation agency.
  6. Lack of awareness among the citizens regarding the criminal nature of this business as many may think it to be a legal pharmaceutical trade. Regular campaignsshould be organized to educate public to overcome this obstacle.


Any process of evaluation of such multipronged strategic plan cannot be simple. However, the assessment would be based on
E = f ( it + iv + t + c )
The Evaluation ( E ) would be a function ( f ) of,

Intelligence Factor ( it ): Human intelligence, technical intelligence and analysis of cyber-patrol logs of identified websites would account for this factor.

Investigation Factor ( iv ): Detection of quality cases registered, websites blocked, accused arrested and the financial assets frozen would account for this factor.

Training Factor ( t ): Number of quality training programs conducted for Investigators, Financial Institutions, Judicial Officers & educational campaigns etc.

Coordination Factor ( c ): Generalized and need based coordination exercises with CERT-IN, NCB, Interpol (NCB-CBI), FIU-India and International Drug Liasion Officers ( D.L.O.s ).
It is firmly believed that this strategic plan would go a long way in preventing trafficking of drugs through internet.
Note: The views expressed in this paper are of the author and do not reflect the views of the organizations where he worked in the past or is working presently.


  1. National Institute of Justice, U.S. Department of Justice:NIJ Special Report on Investigations Involving
    the Internet and Computer Networks (2007). http://www.ojp.usdoj.gov/nij
  2. United Nations Office on Drugs and Crime, Vienna & UN Counter – Terrorism Task Force:Report
    on the Use of the Internet for Terrorist Purposes (2012).
  3. WALSH C. (2011). ‘Drugs, the Internet and Changes’ Jan-Mar; 43(1): 55-63.doi: 10.1080/02791072.
    2011 566501 Journal of Psychoactive Drugs.
  4. 4ANNA Edney (2013). ‘Crackdown on Online Pharmacies Nets $41 Million in Drugs’: June 27, 2013 in Bloomberg.
  5. LEAMY WJ. (1983). ‘International co-operation through the Interpol System to counter illicit drug trafficking’: Bull. Narc. 1983 Oct-Dec.35 (4); 55-60.
  6. American addicts, fed from Calcutta. The Telegraph, Calcutta, India, February 14, 2007.
  7. An IIT brain, selling illicit drugs online. The Times of India February 14, 2007.
  8. SANJAY Kumar Kedia Vs NCB and another. Supreme Court of India Judgment Dated 3rd Dec. 2007 in Appeal (Crl.) 1659 of 2007 (@ SLP (Crl.) No.3892 of 2007).
  9. The Narcotic Drugs and Psychotropic Substances Act, 1985 (Act No.61 of 1985 dated 16 September,
    1985 as amended from time to time).
  10. The Prevention of Illicit Traffic in Drugs & Psychotropic Substances Act, 1988 (Act No.46 of 1988 dated 4th July, 1988)
  11. The Prevention of Money Laundering Act, 2002 (PMLA) (as amended in 2005 & 2009).
  12. International Narcotics Control Board (2009), United Nations, New York. Guidelines for Governments on Preventing the illegal Sale of Internationally Controlled Substances through the Internet.
  13. DARIN D. Fredrickson, Raymond P. Siljander. Street Drug Investigation: A Practical Guide for Plainclothes Uniformed Personnel. Charles C Thomas Publisher Ltd. Springfield, Illinois USA.
  14. ‘Connecting Police for a Safer World’. http://www.interpol.int/interpol.
  15. ‘Clear Thinking, Persuasively communicated JackMalcolm’s Blog’: http

Bridging the Divide- The Karur Experience in Policing

Posted on

Bridging the Divide- The Karur Experience in Policing the Community
Tamil Nadu Police Department

UN_logo    Sandeep Mittal, I.P.S.




The Problem

During my field visits to Karur District of Tamilnadu, I found through news papers and my interaction with local villagers that the Young Superintendent of Police of Karur District Mr Sandeep Mittal, IPS is implementing his innovative ideas to make the police people- friendly and responsive to their needs. In my opinion this innovative idea need unqualified support and I strongly recommend this nomination for UNPSA- 2007.

Solution and Key Benefits

 What is the initiative about? (the solution)

Actors and Stakeholders

 Who proposed the solution, who implemented it and who were the stakeholders?
May, 2003 to July, 2004

 (a) Strategies

 Describe how and when the initiative was implemented by answering these questions
 a.      What were the strategies used to implement the initiative? In no more than 500 words, provide a summary of the main objectives and strategies of the initiative, how they were established and by whom.
Situation before the initiative began:

The Karur District of Tamil Nadu is located between the rivers Cauvery and Amaravathy of South India. The Karur District is known for its textile exports all over the world and the major population of the district is rural in nature and settled in far-off villages. The district has the problem of wide spread trade in illicit liquor mainly affecting the village youths. Moreover a gap existed between the police and public making it difficult for the Public to come forward and present their grievances to the senior police officers as most of them are staying in villages in far-flung areas. A strong barrier in communication between the villagers and police existed.

(b) Implementation

 b.      What were the key development and implementation steps and the chronology? No more than 500 words
Keeping in view the prevailing law and order, crime and socio-economic conditions in Karur District,’ ‘the Karur model of policing the community through the community policing way’ was designed in consultation with the Police Sub-divisional officers, Station House Officers, and representative of the people like village Panchayat Presidents etc.,. The following goals were set:(i) To improve the image of Police and reach out to the common men.
(ii) To prevent and reduce the crimes in the district.
(iii) To improve the prohibition enforcement in the district.

A number of meetings were conducted with the village Panchayat Presidents, subordinate Police Officers and various section of the society like Karur Chamber of Commerce and various organized groups and the above goals were established.

(c) Overcoming Obstacles

 c.      What were the main obstacles encountered? How were they overcome? No more than 500 words
A Police leader is a public servant who is a keeper of the public trust. The general tendency among the police officers is to react to police related problems in a community as and when problem arises. This is not effective leadership. The police leaders must play a pro-active role forcefully and decisively in conducting the leadership role in the community to develop support and resources and offer alternative solutions to police related problems. But he must have basic awareness of the problems and prepare strategy which provide better results.So it was decided to organize Police-Public interface camps in different parts of the district to achieve the above objective. As part of the strategy it was decided that the Superintendent of Police will visit the villages for which wide publicity would be given regarding the date, time and place through tom-tom and distribution of pamphlets. Nobody would be allowed to act as a mediator between Police and Public. The Police officers would sit on the ground with the villagers to break the barrier in communication between the Police and Public and also drive home the point that ‘ the Police is for them, with them – always’. The officers would receive the petitions from the members of public and try to solve their problems on the spot if possible. As a goodwill gesture various sports like Kabadi match between the local police and village youths and musical chair for the village women would be organized. This would not only remove hesitation from the minds of people, but a boy who has played Kabadi with police would never throw a stone over police during law and order problem. The above simple strategy was designed to achieve the objectives listed above.

It was also decided that subordinate police officers like sub-divisional Police Officers and station house officers should take the lead during such interface programmes for establishing a direct rapport with villagers.

(d) Use of Resources

 d.      What resources were used for the initiative and what were its key benefits? In no more than 500 words, specify what were the financial, technical and human resources costs associated with this initiative. Describe how resources were mobilized.
(i) Qualitative assessment:
It will be pertinent to go through the media reports on Karur model of policing which will give an insight in to the qualitative impact of the Karur model of policing in the district.
– The National daily The Hindu on September 15 , 2003 reported “…. the recent initiative by the Superintendent of Police Mr. Sandeep Mittal, in reaching out to the villagers has been a new experience in achieving a better Police-Public relationship. Mr. Mittal who has been going after the boot-leggers in the district since he took over a couple of months back with relentless raids being the order of the day believes that the carrot and stick policy in containing illicit liquor trade would yield the desired results in due course of time…. . …. Mr. Mittal stressed the need for a better Public-Police interaction and told the people how it was important for them to give up drinking as well as selling illicit liquor. Making it clear that prohibition raids would continue to haunt the boot-leggers in the district the SP sought the cooperation of the villagers in the venture observing that there were other means to lead a better and less precarious life…. . …. the villagers promised to do their bit in preventing crimes and prohibition related offences in their area. They were pleased that the Superintendent of Police himself heard their grievances while voicing that more such meetings would encourage them to assist the police….”.
– As a result of information flowing in from Public a major seizure of illegal lottery tickets worth Rs.54.14 lakh was effected by Karur Police on December 13, 2003.- As a result of intelligence input from public many illegal gambling dens were choked after a mass raid was conducted on December 9, 2003.- The National daily The Hindu on February 7, 2004 reported “…. led by the
Superintendent of Police officers go out to the villages and sit with the people to receive petitions and solve their problems wherever possible. Such meetings have been held at Esanatham, Marudhur and Thottakurichy and some more are in the pipeline. These efforts have left a lasting impression in the minds of the Public that the Police are willing to help them…. . …. men in uniform are trying to bridge the divide between them and the public whom they are supposed to serve….”.

(2) Quantitative assessment:
Let us have a look at the general crime trends in Karur District.
(i) The grave crimes reported in the District show a down-trend as compared during the last 2 years. As compared to 2002 the grave crimes (Murder, Murder for gain, robbery, Dacoity, attempt to murder etc.,) have been reduced by about 32% in the year 2003.
(ii) As compared to 2002 the violent crimes have come down by about 16 % during the year 2003.
(iii) Due to influx of intelligence from the public regarding the illicit liquor trade in the district after the beginning of community policing, the prohibition enforcement improved considerably in the district. 30 notorious boot-leggers were detained under law during, this period and the number of quality cases registered against prohibition offenders increased considerably.

Sustainability and Transferability

  Is the initiative sustainable and transferable?

As the Karur model of policing does not involve any additional expenditure and widely welcomed by the members of the public it is easily sustainable over a Period of time including the replicability with ease in other geographic locations.


This initiative has been used by myself in Tuticorin, Kanniyakumari and Karur Districts at different levels and for achieving different area-specific objectives of policing. Because of its simplicity, it is easily replicable and transferable to situations where interaction with masses is of prime importance. However, I am a firm believer that any model of policing should be flexible enough to give liberty to its adapter, so that it can be adopted with certain modifications to achieve specific objectives through innovative and imaginative use of one’s own ideas.

The Karur model of policing is based on ‘The Tuticorin Experiment’ conducted at the sub-divisional level in Tuticorin district during the year 1998-1999 to handle communally sensitive situations. Now the same concept was utilized at the district level without many changes. (The Tuticorin experiment was recommended by Bureau of Police Research and Development, Govt. of India, New Delhi to all other states in India to be adopted by them. This shows the inclusion of this concept in the National Policy. The S.V.P. National Police Academy, Hyderabad, has included this concept in the compendium on Good Practices in Police, 2004 and Golden Jubilee edition of The Indian Police Journal.

Lessons Learned

 What are the impact of your initiative and the lessons learned?

a. One of the major challenges before the police today is try to improve its image and reach out to the people. It is only through these methods that one is able to get timely intelligence and cooperation from the public to deal with situation leading to major law and order problems and even grave crimes.

b. The people to whom we serve are our masters and if we are able get their goodwill and gratefulness, it will go a long way in maintaining peace and tranquility in the society.

Risks and Opportunities provided by Cyber Domain and Policy-needs to address the Cyber Defense

Posted on Updated on

cisco  Posted by Sandeep Mittal, IPS on March 17, 2015

The term ‘Cyber Domain’ has been used widely by various experts, sometimes interchangeably with ‘Cyber Space’, to imply – “the global domain within the information environment that encompasses the interdependent networks of information technology infrastructures, including the internet and telecommunication networks” (Camillo & Miranda, 2011). Today it has become “the fifth domain of warfare after land, sea, air and space and its a challenge to have a common definition of cyber Domain” but for the purpose of this essay the definition given above would suffice. Any entity, whether it is a Nation State or an Enterprise, who operates in cyber domain need to maintain confidentiality, integrity and availability of its deployed resources. The dynamics of cyber domain is complex and complicated in time and space. The humans, machines, things and their interaction is evolving continuously to pose risks and opportunities in the cyber domain. The risk to someone becomes opportunity for the other. In this essay, the ‘risks presented by’ and ‘opportunities available in’ the cyber Domain would be identified, discussed and analyzed to consider key strategic policy elements to defend the cyber domain.

Risks and Opportunities in Cyber Domain

The ‘very low cost efforts’ giving asymmetric results coupled with anonymity in space and time makes the cyber domain attractive (Cyber Security Strategy of UK, 2009) for use by various actors for malicious objectives. This faceless and boundary less domain is highly dynamic and throwing surprises with rapidity and having the potential of causing damages (real and virtual) which are disproportionate to the resources deployed. Let us have a look at various realms in terms of risks associated with them.

  • a) The information system platforms and the equipment supporting the cyber ecosystem is susceptible to conventional physical attacks. The electronic equipment can be subjected to destruction by generating High Energy Radio Frequencies and Electromagnetic Pulses.
  • b) The services in the cyber- space may be disrupted by direct attack e.g. DoS, DDoS etc. This is the most common attack and has the potential to paralyze the lines of communication, bring down banking services and sabotage military operations. It has been deployed over the years not only by novice script kiddies but also sophisticated state sponsored agencies successfully. Botnets working round the clock have become a serious challenge.
  • c) The sensitive data (in storage and on the move) may be accessed, stolen or manipulated to have the desired effect immediately or at a subsequent date. The technology and deployment methodology is evolving with time and simple malware tools have been replaced with complex, intelligent and well-crafted attacks generally known as Advanced Persistent Threats (APTs). The stealth, patience and dedicated consistency of APTs has the capability to bypass the best firewalls (including New Generation Firewalls) and Intrusion Detection and Prevention Systems to exploit the Zero- Day- Vulnerabilities (Fire Eye White Paper, 2014).

The risks associated with various realms as discussed above may manifest themselves in various dimensions of the society like Civic Infrastructural Breakdown (e.g., failure of electric power grids, disruption of fuel pipelines, disruption of water supply chain etc.), Economy Disruption (e.g., disruption of banking services, business continuity and maintenance related costs), Social Behavioral Effects on Society (e.g., gambling, spamming, pornography, drugs supply, propagation of extremist ideology) and last but not the least hacking and intrusion into privacy, compromising the Nations Morale through use of social media leading to civic unrest and hampering diplomatic relations (e.g. Wiki Leaks ) and thus finally setting the stage for Cyber Warfare. Eventually, the Cyber Domain becomes a ‘means’ of most serious ‘end’, that is, the Cyber Warfare (Cornish et al, 2009). The ‘research-tool of yester- years’ has evolved into a strong medium of mass communication. In the Chatham Report titled ‘Cyberspace and the National Security of the United Kingdom, 2009, the concept of Cyber Threat Domains is introduced.

Let us have a look at the challenges and opportunities in Cyber security in terms of four ‘Cyber- Threat- Domains” (Cornish et al, 2009).

  • a) ‘State-sponsored Cyber-attacks: The complete dependence of a Nation’s economy and critical infrastructure presents an opportunity to the ‘Nation States’ to deploy cyber- tools to gain information-dominance in cyber-domain to transmit information and denial/ restriction of such information to enemy state, as also the collection of tactical information. Going further, crippling a nation by paralyzing its critical infrastructure through deployment of stealthy and well-crafted tools to exploit ‘Zero-day-vulnerability’ is a matter of hours, and not even days. The use of Cyber attacks in raising the temperatures of furnaces in nuclear power plants and increasing the flow-speed of liquids in fuel pipelines may be used as weapons of mass- destruction.
    The concepts of war-maneuvering have been compared with cyber-maneuver (Applegate 2012), where it is realized that blatantly hostile acts in cyber space are characterized by rapidity, anonymity and difficulty in attribution and are dispersed in space and time. Even the territory of enemy or one of his allies can be used to achieve desired asymmetric results.
  • b) Cyber-Terrorism /Extremism –There is no other medium which is more powerful and anonymous than cyberspace, where asymmetric results can be achieved by deploying minimal resources with ease. The internet is an anarchic play ground or an ungoverned space, which can be exploited by extremists for communication and information sharing, designing strategies, conducting training for its members, procurement of resources, infiltrating State’s assets and forming alliances with organization having common objectives but different motivations. The use of social media by political extremists to propagate their ideology and take on the government machinery may spearhead insurgency by exploiting public sentiment.
  • c) Serious and Organized Criminal Groups are exploiting the cyber space not only to maintain their criminal networks but also for money laundering, drug-trafficking, extortion, credit card frauds, industrial espionage etc. “In the cyber space, physical strength is insignificant […….] , strength is in software , not in numbers of individuals“ (Brenner, 2002). It poses a great challenge to the Law Enforcement Agencies to tackle Cyber- criminality. The need of operational level coordination with international LEAs can not be under stated as the existing mechanisms of MLAT etc have not given desired results. The thrust LEAs is on acquisition of hardware and software and the training of human resources is lacking.
  • d) Lower –level Individual Attacks: are acts of individuals and may give results disproportionate to the skills deployed. These attacks may not be technologically advanced but have the capabilities to create panic and day to day disruptions. Sometimes fools pose great questions. Free availability of a number of hacking and penetration testing tools on internet assist the script kiddies to venture in the world of hacking.

Thus it is amply clear form the foregoing that the cyber domain presents unimaginable opportunities spread over space and time with rapidity, anonymity and almost no investments.

Policies to Address Cyber Defense

Any policy for cyber- defense has to be multipronged, tiered and dynamic. There are many approaches to decide upon the strategic policies. One is the systematic approach while the other is to keep the national security as the central theme and then weave other defenses around it. What should be the strategy for a secure Information Society? For the purpose of this essay we may define it as “the ability of a network or an information system to resist, at a given level of confidence, accidental events or malicious actions that compromise the availability authenticity, integrity and confidentiality of stored or transmitted data and the related services offered by or accessible via these networks and systems” (Commission of the European Communities, 2006). Though this is a network- system- centric definition, it is felt by author that, if this approach is taken care of, by the strategic policy, the other considerations would fall in line. The approach should not be like the example of the “elephant and the five blind men’ rather it should be an integrative approach to address various risks, issues and opportunities in the cyber domain. We would try to build up the key elements of the strategy which a strategic policy should address to defend the cyber domain. “The integrated application of cyberspace capabilities and processes to synchronize in real- time, ability to detect, analyze and mitigate threats and vulnerabilities, and outmaneuver adversaries, in order to defend designated networks is part of cyber defense strategy and includes proactive network operations, defensive counter cyber operations and defensive countermeasures” ( U.S Department of Defense, 2010 ). As policy should be general and broad, it would be beyond the scope of this essay to discuss procedures, details of technologies and processes associated with them and mechanisms to deploy them. We would be focusing rather on the key elements; a security policy should incorporate to achieve the objective of defending the cyber domain. It should incorporate the ground realities present in the scenario where policy would be applied.

The author has perused the summaries of the National Cyber Security Strategies of nineteen countries (Luijf, Besseling & Graaf, 2013) and based on them, tried to identify the key elements of the strategic policy to defend the cyber domain.

  • a) Legislation/Legal Framework:
    The cyber domain has no boundary. The various stakeholders and players may be spread all round the globe irrespective of national jurisdictions. Hence, a law which is progressive and aligned with international conventions on cyber-crime and Laws of the other nation states would be a basic requirement to defend the cyber domain. Additionally, the judiciary needs to be sensitized on various aspects of cyber law for better appreciation while dealing with such cases.
  • b) Mandating the Security Standards:
    Mandating the minimal security standards in information security is like preparing the ground before the seeds are sown. Security assurance measures for products ( ISO/IEC 15408), security assurance measures for development process (ISO /IEC 21827) , measures for Security Management (ISO/IEC 27001) etc should be implemented with Zero tolerance for non-compliance. Personnel expertise and knowledge should be mandated through professional certifications.
  • c) Secure protocols, Soft wares and Products:
    At present there is no system in place for ‘cyber-supply-chain-security-ratings’. This is a big loophole as these hardware and software , have to be frequently changed and have the potential of getting compromised thus putting the cyber- security at stake. These software and hardware become the gateway to attacks in the cyber domain.
  • d) Active-Dynamic Security Measures for Prevention, Detection and Response Capabilities:
    The technology of the malware and the methodology of its deployment in cyber-domain has radically evolved over the years. “The attacks are advanced, targeted, stealthy and persistent and cut across multiple threat vectors [web, email, file shares, and mobile devices ] and unfold in multiple stages, with calculated steps to get in , signal back out of the compromised network, and get the valuables out (Fire Eye White Paper, 2013). While firewalls, new generation firewalls , Intrusion Prevention Systems etc. are important security defenses, they can not stop dynamic attacks that exploit zero-day vulnerabilities. Hence integrated platforms having the capability to identify and block these sophisticated attacks, and thus safeguard their critical and sensitive assets. Attack Attribution Analysis should be deployed to identify the attackers (Lewis, 2014) . Zero Trust Model of Information Security also helps in reducing the attacks from digitally- signed-malware (IBM Forrester Research Paper, 2013).
  • e) Threat and vulnerability Analysis: A detailed threat and vulnerability analysis of the resources should be maintained and updated periodically as per minimum At least a broad 3×3 matrix as per NIST FIPS 199 Standards is suggested. A risk- profile- dashboard should be kept ready. The assets which are critical need to be identified clearly and SOPs for their protection be put in place.
  • f) Continuity and contingency Plans should be prepared and kept ready. Many nations are deploying in house “Government- off- the- shelf“ (GOTS) technology for sensitive defense and critical infrastructure systems. The attacks are inevitable but if the services are maintained, the confidence and trust of the stakeholders is vindicated. The Governments should also work towards a mechanism of Cyber Liability and Cyber Insurance which at present is generally lacking.
  • g) Information Sharing: In most of the countries there is a mechanism to share information on security breaches and related developments by establishing Computer Emergency Response Teams (CERTs). These national CERTs also interact with each other at international level. However , the author’s personal experience shows that many of the enterprises don’t share information on breaches in order to protect corporate image. Sometimes the security breaches may not be even known for months. There is an urgent need for devising a mechanism where reporting of security breaches should be made mandatory with penalties for non-compliance.
  • h) Awareness, education and training: Practice makes a man perfect. Continuous awareness and educational campaigns for various stakeholders on dos and don’ts have to be run repeatedly. The training workshops for the workforce should be organized. We should always remember that the human behavior is the greatest risk to security and this risk can only be minimized by education and training only.
  • i) Reforms in school and Collegiate Education: If cyber security as a subject is included in the school and college curricula, a ready cyber work force would be available to be deployed across various sectors. The online training courses in cyber security should be designed and incentives offered to workers, if they attend and successfully complete these courses.

International Collaboration:The cyber domain has no boundaries. The attacker sitting in one country using the system and resources of a second country may compromise a sensitive database in a third country. If there is no international collaboration, what ever strategy we may design, it is bound to fail. Although, there is a Regional Convention on Cyber Crime but unfortunately there is no such convention on cyber security [The Council of Europe (Budapest) convention on Cyber Crime, 2004]. There is a necessity for comprehensive international cooperation to sort-out issues regarding Jurisdiction, Mutual Assistance, Extradition , 24 / 7 Network etc ( Clough, 2013). However , personal experience of the author is that there is need to galvanize international cooperation, which is presently almost ineffective at operational level.

However, to achieve the desired objectives, the strategies need to be implemented through acquirement and effective allocation of sufficient resources through accountable responsibilities ( Ward & Peppard, 2002). But even if all this is done, the things will not turn out as desired ( Johnson & Scholes, 2002 ). Therefore a strategic management process that can adapt to changing scenarios during the implementation of original strategy is not a substitute for the original strategy but it’s a way of making it work.


The Cyber Domain by virtue of its unique characteristics of anonymity, availability and maneuverability in space and time, having no international borders , and capacity to give asymmetric results hugely disproportionate to the resources deployed, offers tremendous risks and opportunities for various stakeholders. It is rapidly expanding its scope from internet of human beings and machines to internet of things. It has the potential of disrupting a Nations economy, polity, civic and military infrastructure and last not the least, may lead to the cyber-warfare. Any policy and strategy to defend the Cyber Domain should be dynamic enough to adjust to the rapidly changing nature of attacks and technology. The futuristic scenarios like “Botnet of Things” have the potential of disrupting the normal life of humans. The strategic policy explained in this essay, if implemented, should take care of various aspects of defending the cyber domain. However, as the attacks, technologies and attackers evolve, the policy should also evolve with the same rapidity. The ‘unknown- unknown’ of the cyber domain is yet to be seen by the world.


Applegate,S. 2012, “ The Principle of Maneuver in Cyber Operations

http://www.academia.edu/1436096/The_Principle_of_Maneuvar_in_Cyber_… accessed on 14/03/2014.

Brenner, S.W. 2002, “Organized Cybercrime? How Cyberspace May Affect theStructure of Criminal Relationships (Vol. 4, Issue 1, Fall 2002), p. 24.”, Journal of Law & Technology, North Carolina, vol. 4, no. 1, pp. 24.

Clough , J. 2013, “The Budapest Convention on Cyber Crime: Is Harmonisation Achievable in a Digital World.

Accessed on 13/03/2014.”, 2nd International Serious and Organised Crime Conference, ed. Presentation, Monash University, Brisbane, 29-30 July 2013.

Cornish, P., Livingstone, D., Clemente, D. & and Yorke, C. 2009, Cyber Security and the UK’s Critical National Infrastructure. http://www.chathamhouse.org/sites/default/files/public/Research/Int… Accessed on 13/03/2014, A Chatham House Report, United Kingdom.

Cornish, P., Hughes, R. & and Livingstone, D. 2009, Cyber space and the National Security of the UnitedKingdom : Threats and Responses. http://www.chathamhouse.org/sites/default/files/public/Research/Int… Accessed on 14/03/2014, A Chatham House Report, United Kingdom.

Cornish, P., Livingstone, D., Clemente, D. & and Yorke, C. 2010, On Cyber Warfare https://www.chathamhouse.org/sites/default/files/public/Research/In… on: 11/03/2014, A Chatham House Report, United Kingdom.

Federica Di Camillo and Vale’rie Miranda 2011, Ambiguous Definitions in Cyber Domains: Costs, Risks and the Way Forward., Istituto Affari Internazionali, Roma.

FireEye White Paper 2014, Advanced Attacks Require Federal Agencies to Reimagine IT Security, online publisher, http://docs.media.bitpipe.com/io_11x/io_114094/item_844153/advanced… Accessed 11/03/2014.

FireEye White Paper 2013, Thinking Locally, Targetted Globally- New Security Challenges for State and Local Governments

http://docs.media.bitpipe.com/io_11x/io_114094/item_844153/fireeye-… accessed on 11/03/2014,

IBM 2013, Supporting the Zero Tr ust Model of Information Security:The Important Role of Today’ s Intrusion Prevention Systems http://public.dhe.ibm.com/common/ssi/ecm/en/wgl03038usen/WGL03038US… on 13/03/2014, IBM Forresster Research Paper, Online.

Luiijf, E., Besseling, K. & and de Graaf, P. 2013, “Nineteen national cyber security strategies’, , Vol. 9, Nos. 1/2, pp.3–31.”, Int. J. Critical Infrastructures, vol. 9, no. 1/2, pp. 3–31.

NIST 800- 39, Managing Information Security Risk: Organization Mission and Information System View. , NIST Special Publication., USA.

NIST “Guide for Applying Risk Management Framework to Federal Information Systems. NIST Special Publication 800- 37. “, NIST, vol. 800- 37.

NIST Recommended Security Controls for Federal Information Systems and Organizations. NIST Special Publication 800- 53., 800- 53 edn, NIST, USA.

NIST FIPS Standards for Security Categorization of Federal Information and Information Systems., NIST FIPS, USA.

NIST FIPS Standards for Security Categorization of Federal Information and Information Systems. NIST FIPS Publication 199 , 199th edn, NIST FIPS, USA.

Purser, S. 2004, A practical guide to managing information security, Artech House, Boston, Mass. ; London.

Stevens, T. 2010, , ‘US Cyber Command achieves “full operational capability,” international cyberbullies be warned’, 5 November 2010,
Accessed 11/03/2014, November edn,

The Joint Chiefs of the Staff 2010, http://www.nsci-va.org/CyberReferenceLib/2010-11-joint%20Terminolog…, Memorendum for Chief of Military Services edn, US Department of Defense, Washington D.C.

UK Cabinet Office 2010, Securing Britain in an Age of Uncertainty: The Strategic Defence and Security Review , p. 47.
Accessed 11/03/2014, Cm7948 edn, The Stationary Office, London.

UK Cabinet Office 2009, Cyber Security Strategy of the United Kingdom: Safety, Security and Resilience in Cyber Space, p. 12., Cm7642 edn, The Stationery

The Issues in Cyber-Defence and Cyber-Forensics of the SCADA Systems

Posted on Updated on

Jan.- March, 2015, vol. LXII.1,
Jan.- March, 2015, vol. LXII.1, PP. 29- 41.

Sandeep Mittal, I.P.S.


As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to  understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.


The peace, prosperity and economic development of any Nation depends upon its critical infrastructure and how well-protected it is. These critical infrastructures are distributed physically and virtually in space and time. The Supervisory Control and Data Acquisition (SCADA) systems are an important component of the process to control and monitor industrial and infrastructure process 24/7. Initially, these SCADA systems were designed to run in an isolated environment. However, with sudden improvements in information and communication technology, SCADA systems have evolved and adopted latest technologies like wireline IP communication and communicate over public IP network on one hand making the SCADA system vulnerable to attacks (Bailey & Wright, 2003) and malware infections from the much wider networks. The discovery of ‘ stuxnet’, ‘flame’ and ‘duqu’ in the recent post has opened a ‘can of worms’ which was unimaginable till recently. While ‘stuxnet’ could be termed as ‘an essentially a precision military-grade, cyber –missile’ which, once deployed, would not require any human intervention thus heralding the beginning of digital attacks on physical targets by hunting them globally (Chen and Abu-Nimes 2011 ), the other two are more improved malware to gather intelligence about critical infrastructure worldwide. The developers, critical infrastructure stakeholders are realizing this increasing threats and started taking measures to address these ( Brandle & Naedele, 2008; Ahmed et.al, 2012). As these SCADA system are deployed in infrastructures which are critical to the survival of a nation, it has emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.

The Components of SCADA System

A typical architecture of a SCADA system controlling a typical critical infrastructure would mostly comprise of a ‘control-centre’ and ‘field- sites’. The ‘field-sites’ are equipped with devices like ‘Programmable Logic Controllers’ (PLCs ) Remote Terminal Units ( RTUs) which send information by different communication media (e.g. satellite, wide area networks or radio/cellular/microwave networks) about the state of Filed-equipment to Control-centre. The major components of a control centre are Human Machine interface (HMI), data base management system (Historian) and Server or Master Terminal Unit (MTU) Components. All the communications with the field sites are initiated by MTU and it receives back the data from field-devices, pre-processing this data, if necessary, and sending to historian for archiving. The HMI provides the interface to the human operator. The typical architecture is shown in the following figure (Ahmed et.al, 2012.)


The Defence Issues in the SCADA System

The discovery of complex, complicated and deceptive worms e.g. ‘stuxnet’, ‘flame’ ‘duqu’ and ‘careto or mask’ in recent past points to the fact that the SCADA System are rapidly becoming the targets of ‘nation-states’ who are ever-eager to deploy such cyber weapons to strike at will in the enemy territory. Therefore, the defence approach for securing SCADA systems has to be comprehensive and multi-pronged. These strategies can be broadly divided in to 3 broad categories (after Nazario, 2004)

a) Host based defence measures provide a deeper entrenchment of the defence for any single system. Therefore, multiple defences at host level make things difficult for the malware attack to exploit the system. However, these defences may fail due to misconfiguration and may be bypassed. This strategy has the following components,

(i) Host based static or the dynamic firewalls are used as a complement to the network firewalls. However, the limitations to this strategy are that the host based firewalls are ineffective in stopping the worms following the already established link paths that are allowed via policy. Moreover, the worm itself may subvert these firewalls if sufficient right are obtained by the malicious executable. A worm on launch may issue a command to unload the firewall’s rule set, completely neutralising the installed security monitor.

(ii) Server side commercial antivirus software can be implemented. However, it requires regular and timely updates to the definitions as they rely on signature based definition, failing which defence becomes ineffective.

(iii) Partitioned privileges – The service running on well-known ports (between 1 and 1024) have elevated rights and handle authentication and thus having super-user level access to system databases. However these access rights are not required through the life time of a program. Any system that does not need repealed can discard the elevated privileges, it began with, once the restricted operations are performed.

(iv) Privileges Separation – In this method, two instances of the application run, one with few privileges (only sufficient to handle user request) and second with system level privileges (required to handle services such as authentication) and the two process communicate via inter-process communication, with the child requesting the results of any operations that require any privileged access. Thus a small process run with system level access that has minimal exposure to external risks. Compromise, if any, occurs in the unprivileged process space (Provos, 2002).

(v) The other strategies include disabling the unneeded service and features, aggressively patching known holes, implementing the behaviour limits on hosts. The last of these is a promising area for computer security and can be applied to different level of networks. The behaviour of the host in normal circumstances is enforced in this method. However this method may prove useful at the network level rather them at the host level.

However, this approach may not scale well to large SCADA networks, in addition to difficulties in maintaining and enforcements. But they would continue to be used in SCADA defence as malware spreads by attacking the host only.

b) Firewalls and Network Defences

Firewalls are used to enforce a network security policy which includes authorisation to establish communication between two end points, controlled by the port, applications and protocols in place. The firewalls evaluate the connection requests against its rule base and apply a decision to requested action (Ranum & Avolio, 1994; Wack, Cutler & Pole, 2001; Nazario, 2004). Network architects and administrators managing SCADA systems should deploy firewall technology to achieve several key objectives( Wack and Cranahan, 1994);

i) Protection from malicious applications by controlling their entry and exit from a network.

ii) Control the destinations and sources of network communications.

iii) Concentrated security and enhanced privacy

iv) availability of logging statistics for internet activities.

Most of the firewalling devices are of two basic types. The first is a packet filter which performs policy enforcement at packet level and could be stateful or stateless. A stateful filter understands the context of a communication and can conditionally pass or reject packets that are part of the communication (or at least appear to be so), while, in contrast, the stateless firewall, only monitors single packet irrespective of the context of surrounding traffic. Here, filtering rules are applied on a packet level basis as opposed to a connection level basis (Chapman, 1992). Placing a firewall at the network perimeter, usually the place where two different policies exist at the end of a network. At the ‘outside’, polices are generally more liberal than on the ‘inside’ of the network, thus giving rise to the ‘trusted internal network and ‘untrusted external network’. This creates a protected network and exposed network. These exposed networks have services such as web servers and access given to the world at large. Each network is then protected with different policies to meet the differing security requirements. However, the perimeter firewalls presume that one security policy can adequately meet the requirements of entire network which is simply impossible and therefore inadequate. Therefore, a set of firewalls on each submit of the network are deployed and tailored to meet the usage patterns of the different use of groups, and are an effective natural way to defend against an active worms who spread and mutate rapidly. Another strategy is to deploy reactive Intrusion Detection System (IDS). Typically, an IDS sensor passively listens to the traffic on the network and only sends an alert when it has observed suspicious traffic, but still allowing the communication to proceed. In contrast, reactive IDS can be configured to close the connection via forged packets. A second type of network firewall is the proxy server which provides their services by being an intermediate system for a network connection. Typically a listening agent on the proxy server receives a request for a network action, and fulfils the action on behalf of the client. At no point of time the client and the final destination make a direct contact. However, as the proxy act as an active peer in the communication, it may held the data temporarily before transfer to the client system. This allows compromise of the content including the details of malicious activity being removed (Ptacek & Newsham, 1998). However, as using the proxies induces communication stream latency resulting in time lag in communication of critical instructions, its use in SCADA systems is limited.

The most important thing to be kept in mind is that SCADA systems control the critical infrastructure which requires data transmission and decision implementation in real time failing which the critical networks may collapse. Therefore, any defense strategy to be used for SCADA system should have a judicious blend of security and usability in real time.

The Forensic issues in the SCADA Systems

The reliability of a SCADA system depends not only on safety, but also on security (Brandle & Naedele, 2008). A comprehensive guide on Industrial Control Systems (ICT) Security has been published by NIST (Stouffer et.al, 2011) and is very useful in implementing the security controls in SCADA systems deployed in critical infrastructure. A SCADA system is different than a conventional IT System i.e. criticality of timeliness and availability of its capability all the time, having terminal devices with limited computing capability and memory resources and last but not the least the direct impact of logical execution in the physical world. Additionally, the SCADA systems usually have a static topology, a presumably regular network traffic pattern and use simple protocols (Zhu & Sastry, 2010).

The Forensic examination of SCADA systems is important post-incident to understand the design, attack vector of malware and attribute responsibility if possible, to assist law enforcement in investigation.

From the perspective of digital forensics , a SCADA system can be viewed in different layers, as demonstrated in following figure (Ahmad et.al, 2012), based on the connectivity of the various SCADA components and their network connectivity with other networks such as Internet (Bailey & Wright, 2003).


The upper layers shown in above figure correspond to the enterprise IT networks environment wherein, the routine corporate desktops, servers dealing with enterprise business operate. However it is the first 3 lower layers (layers 0, 1 & 2) where most of the forensic analysis in SCADA systems has to be performed as these layers contain the special SCADA components and are crucial for controlling the underlying industrial processes. However, the analysis may extend to further up the higher-layers if necessitated (Ahmed et.al; 2012). As 24/7 availability is a critical requirement of a SCADA system, a forensic investigator cannot turn it off for data acquisition and analysis, necessitating use of live forensics for data acquisition and subsequent offline analysis of the acquired data (Adelstein, 2006). However, live forensics data acquisition has a few challenges in capturing data viz;

a) if the data is not acquired immediately, the volatile data would be lost.

b) maintaining the integrity of volatile data and its admissibility in courts of law.

c) inconsistent data image.

The SCADA systems typically have a primary system and a backup system. The investigator may put the SCADA system on the backup and conduct data acquisition on the primary- affected system. But it is most likely that the malware which has infected the primary system would have affected the backup system also thus making the life difficult for a forensic investigator (Stouffer & Scarfone, 2011). Forensic investigators have to deal with the problems arising from the unique features of SCADA system which limits application of contemporary forensic tools and techniques to SCADA Systems (Ahmad et.al, 2012; Fabro and Cornelius, 2008),

a) predefined rules in network traffic of SCADA system may allow communication between various components of SCADA system, but may not allow communication between forensic tool and SCADA components during data acquisition.

b) customised operating system kernel of the SCADA components may not be compatible with the data acquisition tool.

c) resource(e.g. memory, processing etc.)- constrained nature of SCADA components (e.g., RTUs & PLCs etc.) may limit data acquisition tools.

d) log- records of SCADA systems are inadequate due to limited logging capability of SCADA systems.

e) large amount of data generated by individual field-components (e.g. large number of sensors).

f) vendor-dependency during analysis as the SCADA components ( modern as well as legacy proprietry technology ) are provided by multiple vendors some of the components being forensically compatible and some not as shown in following table. (after Fabro & Cornelius, 2008),

Table 2. Modern/Proprietary Technology and Forensics Compatibility

(after Fabro & Cornelius, 2008)

Modern/Proprietary Technology Effective Audit /Logging Forensics Complaint Reference Materials Available
Engineering Workstations, Databases, Historian Unknown Unknown No
HMI, Data Acquisition, Application Server Possibly Yes Possibly Yes Most Likely No No
Field Devices (PLC, RTU, IED), Modern/Remote Comms Probably No No No

Table 3. Legacy/Proprietary Technology and Forensics Compatibility (after Fabro & Cornelius, 2008)

Legacy/Proprietary Technology Effective Logging Forensics Complaint Reference Materials Available
Engineering Workstations, Databases, Historian No No No
HMI, Data Acquisition, Application Server Most likely No No No
Field Devices (PLC, RTU, IED), Modern/Remote Comms No No No

At present the complex SCADA environment presents a number of challenges to forensic investigator, thus preventing him from applying contemporary forensic tools and techniques. The challenges are detailed in the following lines (Wu et.al, 2013)

  • Live Forensics and Data Integrity – The live forensics is a dynamic environment and the live data acquisition would not be forensically sound as volatile memory cannot be verified and traditional hash algorithms, e.g., MDS cannot be used. However, baseline hashing algorithms of the ladder logic of field devices can be taken and stored as read-only-access in a secure unit. In case of an incident a comparison of existing logic inside the field device would provide comparison to the baseline hash. The baseline hash of the ladder logic should be updated at regular interval to ensure device integrity.
  • Lack of compatible forensic tools for field devices- The incidents like ‘stuxnet- attack’ on Iranian Nuclear Facilities clearly demonstrate that field components of SCADA (like PLCs in this case) can be compromised. These embedded devices have low memory and processing power, thereby limiting the data retention. However, the data on RAM and flash memory would be useful for forensic investigation.
  • Lack of Forensically sound storage – OPC clients and Historians are typically the available devices for storage on SCADA systems. The data stored in these devices is for specific purposes, accessible from external environments and therefore forensically unsound.
  • Identification of Data Sources on a SCADA system is very difficult. The several layers of connectivity, as discussed earlier, having complex architecture makes the task inherently difficult.

Another important issue is a sound “SCADA Forensic Process Model” for preservation, identification, extraction and documentation of digital evidence so that it is admissible in courts of law from procedural proprietary of process, law and science. SCADA Forensics Models have been proposed by researchers recently (Radvanovsky & Brodsky, 2013; Wu et.al; 2013).


However, it has to be borne in mind that due to complexity of SCADA components, architecture, and networking and also the sophistication of attacks now a day, one has to be careful in carrying out the various steps of the SCADA forensic model.


The complexity of SCADA systems in terms of technology, process and architecture throw a number of challenges to be experts securing the SCADA as also in collecting forensic evidence, one an incident is reported. The embedded technology, short memory, little processing power poses limitation in live forensics. Any defence strategy to be used for SCADA system should have a judicious blend of security and usability in real time. Any process of live forensic should meet the test of nonrepudiation on procedural aspect of process, technology, science and integrity of the data has to be assured, so that it is admissible in court of Law. The attacks on SCADA systems in future are not only going to increase but would be highly sophisticated, more particularly when SCADA systems would provide a potential terrain of war for the nation states. Only a judicious use of technology and common sense would help to keep the SCADA systems secure. More research is required in designing live forensic platforms that could be applicable to SCADA environment.

Note: The views expressed in this paper are of the author and do not necessarily reflect the views of the organizations where he worked in the past or is working presently. The author convey his thanks to Chevening TCS Cyber Policy Scholarship of UK Foreign and Commonwealth Office, who sponsored part of this study.


  • Adelstein, F. 2006, “Live forensics: diagnosing your system without killing it first. Accessed online on 10/05/2014 at: http://frank.notfrank.com/Papers/CACM06.pdf“, Communications of the ACM, vol. 49, no. 2, pp. 63-66.
  • Ahmed, I., Obermeier, S., Naedele, M. & Richard III, G.G. 2012, “SCADA systems: Challenges for forensic investigators. Accessed online on 11/05/2014 at: http://cs.uno.edu/~irfan/Publications/ieee_computer_2012.pdf“, Computer, vol. 45, no. 12, pp. 44-51.
  • Ancillotti, E., Bruno, R. & Conti, M. 2013, “The role of communication systems in smart grids: Architectures, technical solutions and research challenges”, Computer Communications, vol. 36, no. 17–18, pp. 1665-1697.
  • Bailey, D. & Wright, E. 2003, Practical SCADA for industry. Accessed online on 05/05/2014 at:
    http://books.google.co.in/books?hl=en&lr=&id=jLthOQfK-UAC&oi=fnd&pg=PR5&dq=Bailey+wright+scada&ots=Qmcsp2z0Ci&sig=S6GPM2XAUEZHXzag6Mo3dAuuny4#v=onepage&q=Bailey%20wright%20scada&f=false, Newnes.Brewer, R. 2012, “Protecting critical control systems”, Network Security, vol. 2012, no. 3, pp. 7-10.
  • Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M. & Shenoi, S. 2007, “Security strategies for SCADA networks” in Critical Infrastructure Protection Springer, , pp. 117-131.
  • Chapman, D.B. 1992, “Network (in) security through IP packet filtering. Acced on 05/05/2014 online https://www.usenix.org/legacy/publications/library/proceedings/sec92/full_papers/chapman.pdf“, Proceedings of the Third UNIX Security Symposium.
  • Choo, K.R. 2011, “The cyber threat landscape: Challenges and future research directions”, Computers & Security, vol. 30, no. 8, pp. 719-731.
  • Endicott-Popovsky, B., Frincke, D.A. & Taylor, C.A. 2007, “A theoretical framework for organizational network forensic readiness”, Journal of Computers, vol. 2, no. 3, pp. 1-11.
  • Fabro, M. & Cornelius, E. 2008, “Recommended practice: Creating cyber forensics plans for control systems. Accessed online on 10/05/2014 at : http://www.inl.gov/technicalpublications/documents/4113665.pdf“,Department of Homeland Security.
  • Genge, B. & Siaterlis, C. 2014, “Physical process resilience-aware network design for SCADA systems”, Computers & Electrical Engineering, vol. 40, no. 1, pp. 142-157.
  • Hildick-Smith, A. 2005, “Security for critical infrastructure scada systems”, SANS Reading Room, GSEC Practical Assignment, Version, vol. 1.Igure, V.M., Laughter, S.A. & Williams, R.D. 2006, “Security issues in SCADA networks”, Computers & Security, vol. 25, no. 7, pp. 498-506.
  • Malin, C.H., Casey, E. & Aquilina, J.M. 2012, “Introduction to Malware Forensics” in Malware Forensic Field Guide for Windows Systems, eds. C.H. Malin, E. Casey & J.M. Aquilina, Syngress, Boston, pp. xxiii-xxxviii.
  • Nai Fovino, I., Carcano, A., Masera, M. & Trombetta, A. 2009, “An experimental investigation of malware attacks on SCADA systems”, International Journal of Critical Infrastructure Protection, vol. 2, no. 4, pp. 139-145.
  • Nai Fovino, I., Carcano, A., Masera, M. & Trombetta, A. 2009, “An experimental investigation of malware attacks on SCADA systems”, International Journal of Critical Infrastructure Protection, vol. 2, no. 4, pp. 139-145.
  • Nazario, J. 2004, Defense and detection strategies against Internet worms, Artech House.Provos, N., Friedl, M. & Honeyman, P. 2003, “Preventing privilege escalation”, Proceedings of the 12th USENIX Security SymposiumWashington DC, USA, , pp. 231.
  • Ptacek, T.H. & Newsham, T.N. 1998, “Insertion, Evasion, and Denial of Service: Eluding network intrusion detection. Accessed on 05/05/2014 online
    http://www.dtic.mil/get-tr-doc/pdf?Location=U2&doc=GetTRDoc.pdf&AD=ADA391565“, .
  • Radvanovsky, R. & Brodsky, J. 2013, Handbook of SCADA/control systems security. Accessed online on 10/05/2014 at: http://books.google.co.in/books?hl=en&lr=&id=FMDTSr63co4C&oi=fnd&pg=PP1&dq=radvanovsky+SCADA+&ots=y7hUdArFpH&sig=_sKHqPrfbwA9mb8gvYDJOA2qn60#v=onepage&q=radvanovsky%20SCADA&f=false, CRC Press.
  • Ranum, M.J. & Avolio, F.M. 1994, “A Toolkit and Methods for Internet Firewalls. Available at https://www.usenix.org/legacy/publications/library/proceedings/bos94/full_papers/ranum.a“, USENIX Summer, pp. 37.
  • Rrushi, J.L. 2011, “An exploration of defensive deception in industrial communication networks”, International Journal of Critical Infrastructure Protection, vol. 4, no. 2, pp. 66-75.
  • Slay, J. & Sitnikova, E. 2009, The Development of a Generic Framework for the Forensic Analysis of SCADA and Process Control Systems, Springer.
  • Stouffer, K., Falco, J. & Scarfone, K. 2011, “Guide to industrial control systems (ICS) security. Accessed online on 05/05/2014
    http://citeseerx.ist.psu.edu/viewdoc/download?doi=“, NIST Special Publication, , pp. 800-882.
  • Taylor, C., Endicott-Popovsky, B. & Frincke, D.A. 2007, “Specifying digital forensics: A forensics policy approach”, Digital Investigation, vol. 4, Supplement, no. 0, pp. 101-104.
  • Wack, J.P., Carnahan, L.J. & Leibowitz, A. 1994, “Keeping Your Site Confortably Secure: An introduction to Internet Firewall. Accessed online on 05/05/2014.http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=948AE719480319D3CE64A25B491BF80D?doi=“, .
  • Wack, J., Cutler, K. & Pole, J. 2002″, Guidelines on firewalls and firewall policy. Accessed on 10/05/2014 at, “http://www.dtic.mil/get-tr-doc/pdf?Location=U2&doc=GetTRDoc.pdf&AD=ADA399879
  • Wright, C. 2013, “Forensics Management”, Handbook of SCADA/Control Systems Security, , pp. 173.
  • Wu, T., Disso, J.F.P., Jones, K. & Campos, A. 2013, “Towards a SCADA Forensics Architecture. Accessed online on 10/05/2014 at: http://ewic.bcs.org/upload/pdf/ewic_icscsr13_paper2.pdf“, Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research, pp. 12.
  • Zhu, B. & Sastry, S. 2010, “SCADA-specific intrusion detection/prevention systems: a survey and taxonomy. Accessed online on 05/05/2014 at
    http://www.cse.psu.edu/~smclaugh/cse598e-f11/papers/zhu.pdf“, Proceedings of the 1st Workshop on Secure Control Systems (SCS).

Chief Guest – Sri Aurobindomira School

Video Posted on Updated on

aurvindo        Published on Jan 30, 2014


Sri Sandeep Mittal IPS – Chief Guest – Sri Aurobindomira School 15th Annual Day

Policing the community, the community policing way

Video Posted on Updated on

tnpolicePublished on Mar 7, 2015

Sandeep Mittal’s Innovative Experiments in people friendly policing in India.
The Karur Experience