The digital growth has not been restricted to one particular industry or sector; a brief look at the business sector indicates the extensive use of Information Technology and its impact on how companies do business. Today, the stock markets are running on Super Computers with a nano-second precision, conducting billions of dollars worth of transactions every day; online banking, online shopping, online open universities and many more are now standard norms.
Above all, the most important developments have been happening on the military front, with most of the modern militaries relying massively on modern technology. Now even militarised robots are entering the weapon race. Many modern militaries are decreasing in size and are instead investing in technology—building robot armies.
Social Media has become an important part of civil life and there has been a substantial increase in the number of people who are using social media for various purposes, such as news, communication, politics and marketing, to name a few.
The remarkable growth in information technology has brought with it the need for a system to manage and secure important aspects of digital communication. Developed countries such as the United Sates and the United Kingdom have been working on such systems for decades. Many other countries are just realising the need for managing information technology and have started planning and investing in this sector.
What is Cyber Defence?
Cyber defence means protection of all electronic data, transactions, online communication and networks. With advances in technology, a new front is opening – “Information Warfare”. Cyber Defence also means organising and prioritising a framework to secure a cyberspace against attacks.
Why is Cyber Defence important?
To provide a measure of how important cyber security is, we will go through a few examples where cyber security was breached and the consequences.
- In July 2013, six people were arrested and charged with hacking into a credit card company and stealing up to $300 million.
- A computer programmer was arrested in Greece last year after it was alleged that he had stolen the personal information and National ID card data of more than 83% of the Greek population.
- A computer worm (virus) disabled Iran’s nuclear network and there are rumours that the same virus also might have infected Russian nuclear facilities. The virus can cripple machinery and also transfer & compromise sensitive data.
- Edward Snowden, an American computer specialist and whistle-blower, revealed the extensive level of NSA snooping on individuals and world governments, which included a revelation about NSA hacking into German Chancellor Angela Merkel’s phone, which subsequently caused a diplomatic row between the two countries.
After analysing the above points we can see that a compromise in cyber transactions can have detrimental financial, personal and political consequences. On a personal level, loss of personal data can have financial consequences. For example, criminals can clone peoples’ personal identities and therefore, misuse their IDs. In addition, some information can be so sensitive that they can be used for blackmail or intimidation. There are numerous examples of politicians losing their careers to breaches of their personal data. It has prompted some Public Relation (PR) advisors to suggest that politicians should avoid online activities as much as possible.
Corporates have been warning governments about industrial espionage and a new term “Economical Security” has been used to define the required protection for businesses.
Despite the risks, the dependency on Information Technology continues to grow; governments and organisations are seeking new and smarter ways to protect their data, online networks, and other online exposures.
The extensive use of information technology now means that an enormous amount of data is being collected, which brings with it the challenge of storage, processing, analysing, sharing, and visualisation. Governments and private companies, such as eBay and Amazon, are allocating specialist teams and budgets to protect and process all their data. Senior analysts have been warning financial institutes to take significant steps in protecting their cyber data and online networks. This comes at a time when there are rumours that a cyber breach might have caused Airbus winning a substantial contract from Boeing due to a vulnerability (hacking) to its networks. If proven, this can be deemed as criminal activity, but at the moment the lines are quite blurry, due to the involvement of governments and spy agencies in those activities.
As part of Cyber Defence initiatives, the UK government announced last month that it is employing computer hackers in order to improve its cyber security. This could include people who have been previously convicted for cyber crimes. The aim here is to maximise on protection and allow talented individuals the opportunity to become a key part of cyber protection. Furthermore, some governments have been taking drastic measures due to the Snowden revelations – Russia, for example, has decided to remove all computers from the Kremlin and replace them with typewriters to avoid compromising any sensitive data to hackers and the outside world.
What are the main components?
A typical network consists of a server (host), a connection (cable/wireless) and a receiver, also known as a client. A server may get its data either from its internal drives or it can be linked to other data sources such as databases, web services, or resource files. There are two types of linked communications:
The internet is a network of networks, accessible to the public at large. In contrast, the intranet is a more private and protected type of network. Which means it is not accessible from outside and is normally protected by a firewall (a security program).
On the Internet, from the time a user submits a request, there are multiple stages that the request will go through. For example when a user sends out an email, his/her email is passed through their Internet Service Provider (ISP) to the relevant service provider, such Google, Yahoo or any other email service. The message or the data packet will arrive at its destination after going through a number of network nodes and hubs. The potential risk with Internet is that those data transaction can be intercepted at any given hub/point.
What steps Afghanistan should be taking in terms of Cyber Defence?
Now that we have a broader picture of what cyber security is, we will discuss what the Afghan government should be doing to protect essential government data and provide as much protection to its citizens as possible.
The Afghan government has taken some initiatives to bring awareness to the topic of cyber security. In 2012 several seminars were held to discuss the so call e-government. The consultation in collaboration with the private sector is a good start for drawing a roadmap and studying the feasibility of a fully secured cyber defence.
First of all, inter-governmental digital communication must be done via the Intranet. As discussed above, nothing sensitive can be considered secured when online, no matter what methods or techniques are used. There are some encryption tools and methods that can provide a small level of protection for individuals, but on a higher level the hackers have decrypted even strong encryptions. Moreover, currently, internet network cables connecting Afghanistan pass through Pakistan – therefore, every online communication/transaction is channelled through Pakistan, which in itself is enough of a reason to avoid communication of sensitive data over the internet.
To give another example, the main internet cables that currently connect Brazil to the rest of the world go through the United States. Given the Snowden’s revelation and the suspicion that the US has been monitoring online communication, Brazil has indicated that it may lay its own underwater network cables. Since Afghanistan’s economy is not in a position to invest in laying down new cables within its territories, the least it can do is to take measures to limit or prevent the obvious breaches, and to secure the most important data through available and accessible tools.
Government Secure Intranet (GSi)
A new intranet network is needed to connect all major government offices and departments. The new Government Secure intranet (GSi) should not be confused with the “Halal Internet”, which some countries are adopting to replace the internet and restrict its citizens from accessing online materials. GSi should be purely built for the purpose of governmental use and to protect important national data. The main model will rely on Wide Area Network (WAN) where main transactions such as file-sharing, emails and other electronic data transactions are processed on a Peer-to-Peer (P2P) basis. There are three major parts involved in building a GSi:
- Data Centres
- End Users
The foundation of a GSi consists of a wired network across a metropolitan region. The network has many hubs through which communications are channelled. This new network must be kept away and separate from internet cables. The most cost effective way of linking those new cables would be to deploy them when the internet cables are being laid to avoid duplicity. However, the most important point to note here is that the vendors from which the network equipments are purchased must be from a reliable international source as there is a risk that they may have already been infected with malware. Other countries have dealt with this by purchasing their equipment from well-known companies, such as IBM or other corporate names, and have them bound to a contract that explicitly states that espionage and malware in their equipment will lead to a hefty fine and compensation. Signing a contract with the vendors ensures that the supplier will guarantee that they pose no risk.
In terms of implementation, all necessary security checks must be conducted on companies and contractors who deploy the network. Routine checks must be part of the implementation to ensure no breaches occur while the project is under construction.
Data Centres are another important pillar in GSi – it is where the main data are kept and accessed from.
There are some articles that mention the Afghan National Data Centre, but it seems that the data centre is linked to the internet using the normal network, and therefor does not meet the requirements of the GSi.
Normally multiple physical sites are selected for data storage and the data is backed up rotationally, so that if there is a failure in one site, the other site will still have the data and can be used while the offline site is being fixed.
Implementing a broad national project, as big as GSi, would require hiring professionals to undertake the job. It is essential that any professional hired is screened in terms of security. It is likely that some professional workers will be employed from outside the country, and careful consideration should be given to the national backgrounds of these. Furthermore, Afghan nationals should accompany such professionals and log any activity they perform whilst on the project. Once the project is complete, additional attention should be given to training Afghan nationals to continue the job.
The security of the data centres is another vital factor, both at the network level and at the physical level. The locations of the data centres must be kept undisclosed, and considering the attention it can attract heavy security must be implemented to secure the sites from any attacks or breaches. The data centres must also be physically protected from natural disasters such as flooding, earthquakes, fire, extreme heat and any other environmental threat.
In the event where a breach is suspected, there must be a routine protocol/procedure to follow an overall review of the system and apply fixes where needed.
Once the right network is implemented and the data centres are all linked and secured, the next critical aspect of this equation is the End Users. We cannot have any compromises at the user level, which may make the whole system look like the famous Afghan saying “the grave of Mulla-Nasruddin”.
Strict rules must be applied on who is granted access to the system and what functions those users can perform on the system. Every user must be made aware of their personal liability and responsibility in keeping the system secured. Users must also be signed into a contract to ensure that they are complying with the rules. A log of all users’ activities must also be kept on the system so that when a review is conducted, steps can be traced and breaches can be easily identified.
Planning, performing and maintaining such an important system will require establishing a dedicated organisation within the government whose sole job would be to look after the system and be accountable for their work. The Ministry of Information and Communication Technology (MCIT) does have a department for the National Data Centre but this team does not have control over the entire network. Their job is limited to the operation of the data centre.
Users must not be allowed to plug in personal devices, such as USBs, hard drives, smart-phones, and CDs or DVDs into the network or machines as they may contain viruses/bugs which can affect the system.
The inevitable advances in technology have and will continue to reshape modern society. Thus, it is important that Afghanistan and its people adopt the new changes in order to benefit from them and use them to protect itself from potential threats.
The significance of Cyber Defence has been emphasised by many technology pundits, it is very important to have a constructive plan of how to approach this challenge. The process of setting up a reliable network with Cyber Defence at its core should be treated as a national strategic plan and should be implemented in stages to ensure its integrity.
It is immensely important for Afghanistan to take the issue seriously and start planning ahead to avoid complication. In the short run there will be some costs and planning involved in setting up a robust system; however, all those investments will have a positive return in the long run. Having a secured communication channel and a reliable network system will help to fight corruption, reduce bureaucracy, bring accountability, and provide much needed confidence to the investors and the ordinary citizens.
If no constructive forward planning is put into place, there will be serious economical and security consequences. In terms of security, the government will have no reliable data to use for its planning and the level of corruption and falsification of government documents will increase. This will result in people losing confidence in government decisions and will eventually result in the entrapment of Afghanistan in the 20thcentury.
Corner-cutting such as implementing temporary solutions or relying on external entities for doing the work should be avoided. Setting up a single data centre and connecting it via the internet to different governmental offices would be a serious security breach. It would cause major failures, requiring continuous fixing and budget pouring. In the end, the only way for complete rectification would be to start from scratch.
What we have recommended above is only a blueprint and an overview to open a gateway for a much more detailed analysis. There needs to be a detailed evaluation of the system and its requirements before it can be successfully implemented.