160 likes | 396 Views
Solving National Security challenges with Information Technology Which way forward?. Presentation at the ITPA 2014 conference organized by Computer Professionals Registration Council of Nigeria (CPN) Tope S. Aladenusi, CISSP, CRISC, CISA, CBCI, CEH, CIA, ISO27001LA
E N D
Solving National Security challenges with Information TechnologyWhich way forward? Presentation at the ITPA 2014 conference organized by Computer Professionals Registration Council of Nigeria (CPN) Tope S. Aladenusi, CISSP, CRISC, CISA, CBCI, CEH, CIA, ISO27001LA Partner, Deloitte Nigeria 18 June 2014
Outline • Introduction • What needs to be protected? • Security Challenges • Technology in National Security • Around the world • Where do we begin? • Concluding thoughts
National security is an appropriate and aggressive blend of political resilience and maturity, human resources, economic structure and capacity, technological competence, industrial base and availability of natural resources and finally the military might. Introduction: National Security Source: National Defence College of India
Introduction: National Security Parameters World Power Equations Techno-military Superiority Regional Cooperation External Threats Border Disputes Industrial Infrastructure Socio-economic Strength Threat Perceptions Combating Terrorism Quality of People InternalSecurity /Stability Law and Order Self Reliance Natural Resources National Sovereignty Source: Stockholm International Peace Research Institute (SIPRI) Research Report No. 20 Technology and Security in the 21ST century
The making, usage and knowledge of information processing, including software, hardware, communications technologies and related services to solve a problem or perform a specific function. Introduction: Information Technology
Poverty and unemployment Insurgences – Boko haram, militants, religious or ethnic wars Insecurity of lives – kidnapping, armed robbery, ritual killings Corruption – Rigging of election, fake licenses, etc. Theft – Oil pipeline, public funds or piracy Information security – defacing government websites, theft of critical data, Denial of Service attacks Insider threats - Moles within security agencies, disgruntled employees Over-reliance on foreign technology Inadequate regulations: e.g. cyber security Some Security Challenges
The use of information technology for national security has many benefits as well as some risks. Most common uses include: Intelligence gathering Secure communication Education and Awareness Military platforms - Smart weapons, stealth aircraft etc. Cyber Attack and Defense Aids Research and Development - Simulation For tackling Natural Disasters Information Technology in National Security
Around the World • U.S. National Security Agency (NSA) surveillance program as exposed by Edward Snowden revealed that the program collected telephone records, online communications from internet firms such as Facebook, Google, Microsoft and Yahoo etc. Surveillance • In Sweden, all Government agencies have been handling invoices electronically since July 2008 Fraud • In April 2011, Germany set up its National Cyber Defense Center involving the military, police, secret service and other security organizations. The center was responsible for detecting, analyzing and disabling cyber threats. Cyber attack • In the 2011 parliamentary elections in Estonia, 24.3% of participating voters gave their vote over the Internet. Election • Israel developed the first military drone (A drone or unmanned aerial vehicle (UAV), is a pilotless plane which can be guided by remote control or automatically based on pre-programmed software) technology after the 1973 Arab-Israeli war. Military
Where do we start? In order to effectively overcome the challenges of national security and begin adopting technology solutions, four key components must be in place. Committed Leadership Shared Vision Sense of Urgency Addressing root causes of challenges
Where do we start? • Vision • A well thought-out, proactive strategy must be in place to counter the current security challenges. • Strategy should clearly define how IT acts as an enabler. • Education • Adequately communicating the vision to citizens • Security awareness and enlightenment programs using internet, e-learning, etc. • Encourage development of local technology solutions in institutions • Safety ad Security • Identification • Robust identity management framework. • Asset inventory (people, infrastructure, national assets, equipment, etc)
Where do we start? • Classification • Assessment of identified assets for categorization into critical and non-critical assets.. • Use of data analysis and data analytics to further classify high-volume data based on their criticality and other relevant criteria (E.g. Analysis of Census, Business, Telecommunication, Internet usage data.) • Regulation • Adequate regulations and roadmaps guiding adoption of technology and surveillance mechanisms for security services need to be developed. • Cyber security bill review and passage. • Safety ad Security • Implementation • Implementation of data analytics mechanisms to establish patterns for suspicious activities. • Implementation of security leading practices such as COBIT5 / ISO27001 to protect critical assets.
Where do we start? • Collaboration • Collaboration amongst government, private sectors such as Financial and Telecommunication institutions and security agencies for access to data required to combat insurgence. • Monitoring • Continuous monitoring of implemented IT Strategies and Frameworks, Regulations and information from surveillance satellites for efficiency and effectiveness. • Safety ad Security • Communication • Prompt and secure communication of the effectiveness of implemented strategies and intelligence to senior government executives in order to guide decision making. • Periodic status updates to citizens and international communities to ensure a level of safety and encourage foreign investments
The inevitable future… Nations are going to depend extensively on cyber connected financial markets, transportation networks, energy grids, taxation, health and safety and security. In other to address both the present and future security challenges, we must have a determined, focused and technology savvy cadre of national security professionals. Concluding thoughts
Thank You Many thanks to Omobolaji Vincent, Cynthia Elodimo and KayodeAyinoluwa for their assistance in putting this presentation together. The views and opinions expressed in this presentation are those of the author and do not in any way represent the views of the author’s employer. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication. The author does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.