solving national security challenges with information technology by

advertisement
Solving National Security
challenges with Information
Technology
Which way forward?
Presentation at the ITPA 2014 conference organized by
Computer Professionals Registration Council of Nigeria (CPN)
Tope S. Aladenusi, CISSP, CRISC, CISA, CBCI, CEH, CIA, ISO27001LA
Partner, Deloitte Nigeria
18 June 2014
Outline
→ Introduction
→ What needs to be protected?
→ Security Challenges
→ Technology in National Security
→ Around the world
→ Where do we begin?
→ Concluding thoughts
Introduction: National Security
National security is an appropriate and
aggressive blend of political resilience
and maturity, human resources,
economic structure and capacity,
technological competence, industrial
base and availability of natural
resources and finally the military
might.
Source: National Defence College of India
-3-
Introduction: National Security Parameters
World Power
Equations
Regional Cooperation
Socio-economic
Strength
External Threats
Border Disputes
Industrial
Infrastructure
Threat
Perceptions
Combating Terrorism
Quality of People
Natural Resources
Techno-military
Superiority
Internal Security
/Stability
Law and Order
Self Reliance
National Sovereignty
Source: Stockholm International Peace Research Institute
(SIPRI) Research Report No. 20 Technology and Security in
the 21ST century
-4-
Introduction: Information Technology
The making, usage and knowledge of
information processing, including
software, hardware, communications
technologies and related services to
solve a problem or perform a specific
function.
-5-
What needs to be protected?
Social
Infrastructure
Lands and
properties
Communication
equipment
Human Lives
Public
Institutions
Technology
Infrastructure
Transportation
Systems
-6-
Some Security Challenges
• Poverty and unemployment
• Insurgences – Boko haram, militants, religious or ethnic
•
•
•
•
•
•
•
wars
Insecurity of lives – kidnapping, armed robbery, ritual
killings
Corruption – Rigging of election, fake licenses, etc.
Theft – Oil pipeline, public funds or piracy
Information security – defacing government websites, theft
of critical data, Denial of Service attacks
Insider threats - Moles within security agencies, disgruntled
employees
Over-reliance on foreign technology
Inadequate regulations: e.g. cyber security
-7-
Information Technology in National Security
The use of information technology for national
security has many benefits as well as some risks.
Most common uses include:
• Intelligence gathering
• Secure communication
• Education and Awareness
• Military platforms - Smart weapons, stealth
aircraft etc.
• Cyber Attack and Defense
• Aids Research and Development - Simulation
• For tackling Natural Disasters
-8-
Around the World
Surveillance
Fraud
Cyber attack
Election
Military
• U.S. National Security Agency (NSA) surveillance program as
exposed by Edward Snowden revealed that the program collected
telephone records, online communications from internet firms
such as Facebook, Google, Microsoft and Yahoo etc.
• In Sweden, all Government agencies have been handling invoices
electronically since July 2008
• In April 2011, Germany set up its National Cyber Defense Center
involving the military, police, secret service and other security
organizations. The center was responsible for detecting, analyzing
and disabling cyber threats.
• In the 2011 parliamentary elections in Estonia, 24.3% of
participating voters gave their vote over the Internet.
• Israel developed the first military drone (A drone or unmanned
aerial vehicle (UAV), is a pilotless plane which can be guided by
remote control or automatically based on pre-programmed
software) technology after the 1973 Arab-Israeli war.
-9-
Where do we start?
Where do we start?
In order to effectively overcome the challenges of national security and begin
adopting technology solutions, four key components must be in place.
Committed
Leadership
Shared Vision
Sense of
Urgency
Addressing
root causes
of challenges
- 11 -
Where do we start?
Vision
• A well thought-out, proactive strategy must
be in place to counter the current security
challenges.
• Strategy should clearly define how IT acts as
an enabler.
Education
• Adequately communicating the vision to
citizens
• Security awareness and enlightenment
programs using internet, e-learning, etc.
• Encourage
development of local technology
Safety
ad Security
solutions in institutions
Identification
• Robust identity management framework.
• Asset inventory (people, infrastructure,
national assets, equipment, etc)
- 12 -
Where do we start?
Classification
• Assessment of identified assets for categorization
into critical and non-critical assets..
• Use of data analysis and data analytics to further
classify high-volume data based on their criticality
and other relevant criteria (E.g. Analysis of Census,
Business, Telecommunication, Internet usage data.)
Regulation
• Adequate regulations and roadmaps guiding
adoption of technology and surveillance
mechanisms for security services need to be
developed.
Safety
ad Security
• Cyber
security bill review and passage.
Implementation
• Implementation of data analytics mechanisms
to establish patterns for suspicious activities.
• Implementation of security leading practices
such as COBIT5 / ISO27001 to protect critical
assets.
- 13 -
Where do we start?
Collaboration
Monitoring
Communication
• Collaboration amongst government, private
sectors such as Financial and
Telecommunication institutions and security
agencies for access to data required to combat
insurgence.
• Continuous monitoring of implemented IT
Strategies and Frameworks, Regulations and
information from surveillance satellites for
Safety
ad Security
efficiency
and effectiveness.
• Prompt and secure communication of the
effectiveness of implemented strategies and
intelligence to senior government executives in order
to guide decision making.
• Periodic status updates to citizens and international
communities to ensure a level of safety and encourage
foreign investments
- 14 -
Concluding thoughts
The inevitable future…
Nations are going to depend extensively on cyber
connected financial markets, transportation
networks, energy grids, taxation, health and
safety and security.
In other to address both the present and future
security challenges, we must have a determined,
focused and technology savvy cadre of national
security professionals.
- 15 -
Thank You
Many thanks to Omobolaji Vincent, Cynthia Elodimo and Kayode Ayinoluwa for their assistance in putting this presentation together.
The views and opinions expressed in this presentation are those of the author and do not in any way represent the views of the author’s
employer. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation
or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication. The author does not
accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance
on the information contained in this publication or for any decision based on it.
Download