Make this your homepage
Column
Home > Column
Cybersecurity & Counter-Terrorism beyond the Borders
Saumen Sarker
Cybersecurity & Counter-Terrorism beyond the Borders
PHOTO : TIWN Editor speaking at Tripura Conclave on Aug 26, 2016

Tripura’s leading online news media TRIPURA INFOWAY organized this Conclave on August 26 on the key topic of “Terrorism in Bangladesh: Implications for India’s Border States”.

Tripura Conclave’s goal is to function as a platform for greater security and intelligence cooperation not only between Delhi and Dhaka but  among India’s South Asian neighbor countries and the Indian border States.

I have been working on Network Communications, Cyber Security, Crime Tracking with various Private & Govt organizations since 2 decades in India & USA.

Cyberspace is the set of all computer-communications networks. It is a major technology-enabled medium providing means of passage, the locus of objects of value, and parts of the control and management systems for critical processes and infrastructures.

The Internet is the largest single component of cyberspace, with a presence in more than 200 countries and approximately 1 billion users. For the most part, the Internet is built upon national and international telecommunications infrastructures, including the landlines of most public phone systems and wireless, and satellite communications. Beyond the Internet, these telecommunications infrastructures are more generally highly dependent on computing technology. Thus, by our definition, they are part of cyberspace.

Cybersecurity is not now, and never will be, an issue that one state or a country can solve alone in most of the high profile terrorism cases. The solution will require a concerted—and ongoing—collaboration among different law enforcement agencies, technical experts and like-minded political will powers. Treaties and global governance do not contain bad actors, so countries like India, Bangladesh must work with other friendly nations to counter the spread of Terrorism by web based ISIS, Jihadi organizations.

Other critical infrastructures in the United States and India, and increasingly elsewhere in the world, depend on computer-communications systems for direct control and other functions. These include major forms of transportation, banking and finance, energy distribution, emergency preparedness and response, and public health.

Digital control and supervisory control and data acquisition systems (DC/SCADA) are computer-communications networks that are used by many

It is important to mention that, Cybersecurity, Counter-Terrorism in Cyberspace is not the domain of traditional ground security officials but it should be 100% driven and run by top-notch technical experts on Cyber Security, Network Communication Engineering professionals alongwith traditional law enforcement organizations.

CIA, MI5, Mossad / Facial profiling of Terrorists : Israeli Technology can detect terrorists from just looking at a face

Israeli company Faception Technology can spot terrorists by simply analyzing their faces and says it is working with “a leading Homeland Security Agency” to identify potential threats.

The company, founded in 2014, uses “computer vision and machine learning technology” to profile people from just a facial image and says it can reveal a range of personality traits and types.

So far it has built 15 different classifiers, including extrovert, genius, academic researcher, professional poker players, bingo player, brand promoter, white collar offender, paedophile and terrorist. However Faception notes on its website that this is customizable and a relevant classifier could be built if the desired behaviour originates from a person’s DNA.

DNA is the key, according to company CEO Shai Gilboa. “Our personality is determined by our DNA and reflected in our face. It’s a kind of signal,” he told The Washington Post.

The company also relies on ‘social and life science research’ to back up its considerable claim, citing research from Edinburgh University exploring the impact genetics has on personality traits by studying identical and non-identical twins

Homeland security and public safety are the primary focus of Faception, although the technology is also applicable to financial services, marketing and artificial intelligence.

Cybersecurity & Counter-Terrorism Experts in advanced countries like Israel, USA, Russia work in sync with traditional law enforcement professionals to contain terrorism.

It would seem prudent to expect that such attacks will be launched sooner or later. Therefore we should ask ourselves the following: How do we try to deal with terrorists in cyberspace? We start to answer this question by distinguishing between two forms of defense: passive and active defense.

Passive defense is essentially target hardening. It largely consists of the use of various technologies and products (for example, firewalls, cryptography, intrusion detection) and procedures (for example, those governing outside dial-in or reconstitution and recovery) to protect the information technology (IT) assets owned or operated by an individual or organization. Some forms of passive defense may be dynamic, such as stopping an attack in progress, but by definition, passive defense does not impose serious risk or penalty on the attacker.

Active defense by definition imposes serious risk or penalty on the attacker. Risk or penalty may include identification and exposure, investigation and prosecution, or preemptive or counter attacks.

With only passive measures, the attackers are free to continue the assault until they either succeed or get frustrated and look elsewhere. Given the vulnerabilities of most cybersystems, the low cost of most attacks, and the ability of attackers to strike from positions of physical safety, a skilled and determined attacker may be more likely to succeed than to become frustrated.

Some defensive actions, for example stopping an attack in progress, can be pursued using both passive and active means. Passively, the defender might plug a vulnerability hole in real time. Actively, the defender might try to locate and get back to the source of the attack.

For several legal and other reasons, most forms of active defense will necessarily fall to governments.24 The effective pursuit of active forms of defense, with a high probability of correct identification and few false positives, is very challenging technologically.

The first step to effectively conducting a fruitful Cyber Security strategy is to determine a Country’s domestic policy on cybersecurity.

Cyber Security Policy Model

Enable cyber information sharing by removing ambiguities, providing strong protections to sharers, and establishing a public-private partnership to facilitate sharing. 

Entities that share cybersecurity information need certain protections. Effective information sharing requires the government to share fully and in a timely manner with the private sector through a public-private partnership established for this purpose.

Promote the development of a viable cybersecurity liability and insurance system. 

Liability for irresponsible cybersecurity actions should be established through common law development. This process may need some initial incentives from the government, but, ultimately, such a system returns cybersecurity liability to those who are largely responsible for cybersecurity losses. The natural establishment of a cyber insurance community will then assist in the administration of risk assessments and foster improved security methodologies.

Encourage the creation of cyber-supply-chain security ratings. 

Such ratings should be granted by a nonprofit organization that will assess the surety of an organization’s supply chain, similar to how Underwriters Limited assesses the safety of various commercial products. By promoting such ratings, consumers will be able to make risk-based decisions and support better security by tying it to their profit motive.

Clarify boundaries and standards for cyber self-defense. 

The terms of an entity’s right to self-defense must be set within reasonable limits. Such terms would allow entities with the correct capabilities to take active measures to protect themselves without usurping the responsibility or authority of the federal government.

Advocate more private-sector awareness, education, and training for the general population.

Cybersecurity is one of the most critical issues the world faces today. The threats are real and the need is pressing. Despite the best intentions of those involved with previous cyber legislative efforts, a regulatory basis simply will not work. It will not improve security and may actually lower it by providing a false level of comfort and tying the private sector down with outdated regulations. Cyberspace’s dynamic nature must be acknowledged and addressed by policies that are equally dynamic.

Terrorists have always used whatever technology was available to get their message across and recruit new followers. In the past it was audiotapes and photocopiers; now computer technology makes it incredibly easier for all web based terrorist organizations like ISIS to recruit misguided youths in the name of religious duty worldwide.

From India’s terror attacks to massive rise of terrorism in Bangladesh, it is extremely important for all South Asian nations to create a Cyber-Counter-Terrorism platform to share expertise on terror tracking in Cyber space.

Speaker is a New York  based Network Communications & Security Engineering Architect with 20+ yrs experience in Internetworking, Network Security and previously worked at General Electric, Cisco Systems, Bank of New York, Merrill Lynch, NYC Govt, DoITT, NYPD,  NEC, Hewlett Packard  etc.

Add your Comment
comments powered by Disqus
Comments (0)

Special Articles

Saumen Sarker Saumen Sarker
Subir Bhaumik Subir Bhaumik