Solving National Security challenges with Information Technology Which way forward? Presentation at the ITPA 2014 conference organized by Computer Professionals Registration Council of Nigeria (CPN) Tope S. Aladenusi, CISSP, CRISC, CISA, CBCI, CEH, CIA, ISO27001LA Partner, Deloitte Nigeria 18 June 2014 Outline → Introduction → What needs to be protected? → Security Challenges → Technology in National Security → Around the world → Where do we begin? → Concluding thoughts Introduction: National Security National security is an appropriate and aggressive blend of political resilience and maturity, human resources, economic structure and capacity, technological competence, industrial base and availability of natural resources and finally the military might. Source: National Defence College of India -3- Introduction: National Security Parameters World Power Equations Regional Cooperation Socio-economic Strength External Threats Border Disputes Industrial Infrastructure Threat Perceptions Combating Terrorism Quality of People Natural Resources Techno-military Superiority Internal Security /Stability Law and Order Self Reliance National Sovereignty Source: Stockholm International Peace Research Institute (SIPRI) Research Report No. 20 Technology and Security in the 21ST century -4- Introduction: Information Technology The making, usage and knowledge of information processing, including software, hardware, communications technologies and related services to solve a problem or perform a specific function. -5- What needs to be protected? Social Infrastructure Lands and properties Communication equipment Human Lives Public Institutions Technology Infrastructure Transportation Systems -6- Some Security Challenges • Poverty and unemployment • Insurgences – Boko haram, militants, religious or ethnic • • • • • • • wars Insecurity of lives – kidnapping, armed robbery, ritual killings Corruption – Rigging of election, fake licenses, etc. Theft – Oil pipeline, public funds or piracy Information security – defacing government websites, theft of critical data, Denial of Service attacks Insider threats - Moles within security agencies, disgruntled employees Over-reliance on foreign technology Inadequate regulations: e.g. cyber security -7- Information Technology in National Security The use of information technology for national security has many benefits as well as some risks. Most common uses include: • Intelligence gathering • Secure communication • Education and Awareness • Military platforms - Smart weapons, stealth aircraft etc. • Cyber Attack and Defense • Aids Research and Development - Simulation • For tackling Natural Disasters -8- Around the World Surveillance Fraud Cyber attack Election Military • U.S. National Security Agency (NSA) surveillance program as exposed by Edward Snowden revealed that the program collected telephone records, online communications from internet firms such as Facebook, Google, Microsoft and Yahoo etc. • In Sweden, all Government agencies have been handling invoices electronically since July 2008 • In April 2011, Germany set up its National Cyber Defense Center involving the military, police, secret service and other security organizations. The center was responsible for detecting, analyzing and disabling cyber threats. • In the 2011 parliamentary elections in Estonia, 24.3% of participating voters gave their vote over the Internet. • Israel developed the first military drone (A drone or unmanned aerial vehicle (UAV), is a pilotless plane which can be guided by remote control or automatically based on pre-programmed software) technology after the 1973 Arab-Israeli war. -9- Where do we start? Where do we start? In order to effectively overcome the challenges of national security and begin adopting technology solutions, four key components must be in place. Committed Leadership Shared Vision Sense of Urgency Addressing root causes of challenges - 11 - Where do we start? Vision • A well thought-out, proactive strategy must be in place to counter the current security challenges. • Strategy should clearly define how IT acts as an enabler. Education • Adequately communicating the vision to citizens • Security awareness and enlightenment programs using internet, e-learning, etc. • Encourage development of local technology Safety ad Security solutions in institutions Identification • Robust identity management framework. • Asset inventory (people, infrastructure, national assets, equipment, etc) - 12 - Where do we start? Classification • Assessment of identified assets for categorization into critical and non-critical assets.. • Use of data analysis and data analytics to further classify high-volume data based on their criticality and other relevant criteria (E.g. Analysis of Census, Business, Telecommunication, Internet usage data.) Regulation • Adequate regulations and roadmaps guiding adoption of technology and surveillance mechanisms for security services need to be developed. Safety ad Security • Cyber security bill review and passage. Implementation • Implementation of data analytics mechanisms to establish patterns for suspicious activities. • Implementation of security leading practices such as COBIT5 / ISO27001 to protect critical assets. - 13 - Where do we start? Collaboration Monitoring Communication • Collaboration amongst government, private sectors such as Financial and Telecommunication institutions and security agencies for access to data required to combat insurgence. • Continuous monitoring of implemented IT Strategies and Frameworks, Regulations and information from surveillance satellites for Safety ad Security efficiency and effectiveness. • Prompt and secure communication of the effectiveness of implemented strategies and intelligence to senior government executives in order to guide decision making. • Periodic status updates to citizens and international communities to ensure a level of safety and encourage foreign investments - 14 - Concluding thoughts The inevitable future… Nations are going to depend extensively on cyber connected financial markets, transportation networks, energy grids, taxation, health and safety and security. In other to address both the present and future security challenges, we must have a determined, focused and technology savvy cadre of national security professionals. - 15 - Thank You Many thanks to Omobolaji Vincent, Cynthia Elodimo and Kayode Ayinoluwa for their assistance in putting this presentation together. The views and opinions expressed in this presentation are those of the author and do not in any way represent the views of the author’s employer. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication. The author does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.