I had the benefit recently of listening to a well established American IT expert on the challenges for security strategists in these times of a literal tsunami of technological advancements. He brought out how the incredible speed at which technology was developing made it difficult to assess its repercussions for the future in terms of both global competition in business as well as the evolution of the military domain. It confirmed my belief that while a security specialist could do without being a technology expert, a technology advisor would succeed only if he or she had a complete grasp of security parameters and strategies - in this case the presenter, fortunately, was aware of the importance of security orientation of technical advisors.
The tsunami of technology witnessed today can do two things - it can help development and a global advance on a positive note or add to the threat spectrum for vulnerable national entities. It is necessary that we do not see ghosts in new technology, do not look upon the speed of technology advancement as a threat by itself and have the ability to visualise and assess if something was adding up to a danger potential from both national and global angles.
Security is a 'science' in the sense that it rests on concepts, precision and detection of fault lines. It works on clarity - the bedrock of science - that admits of no compromise on this count. A nation and an individual have two basic needs, economic well being and security. For development, technology seeks the 'end' in terms of product creation and product delivery but in the domain of security technology has to provide at best a rolling improvement of 'means' in a situation where the goal post was never static - dependent as it was on the changing scenario set by the adversary. What does not change in security is the basic framework of requirements that held good in all contexts - national security, enterprise security or cybersecurity. All technology experts should have a good understanding of this in today's world.
All advisors - technical or non-technical - who are on the security turf should know what a 'secure perimeter' around the identified subject of protection has to be, varying from a brick and mortar fence to a firewall, what 'intrusion detection' systems needed to be put in place, what would be the nature of 'Access Controls' and 'Inner Access Controls' required in that specific situation and what was to be done for the 'Insider Threat Management'. In cybersecurity, 'hacking' is an intrusion - though it is more like sabotage - that is detected only after it had happened so the prime response of the attacked entity has to be to safeguard what was left undamaged.
'Access Controls' begin with the confirmation of the identity of the person seeking to gain entrance. In the cyber domain, Login and Application layer controls served the purpose. Security of information in transit or storage is maintained through encryption. 'Inner Access Controls' regulate entry into sensitive inner segments like Process areas, Command & Control Centre and the location of sensitive information.
Personnel Security has a limited technology paradigm and the Insider Threat Management that covers it is largely a human effort that used Intelligence tradecraft available with trained security professionals. Studies have shown that a vast majority of security breaches are traceable to conniving members of the protected organisation. Scientists including technology developers are used to transparency but in these days of 'dual use' they have to understand the compulsions of 'Need to Know' - a basic practice in the security domain that ensured that the information sought by the adversary about a protected technology would not be in possession of just any other member of the targeted enterprise. The real challenge for the security professionals lies in detecting signs of 'vulnerability' and establishing grounds for 'suspicion'. An employee showing greed, addiction or disgruntlement is vulnerable to exploitation by the adversary. Signs of suspicion that the member might have been compromised already are unravelled in surprise checks, audits and operations that used special skills of Intelligence tradecraft such as surveillance, secret enquiries and tapping confidentially raised Informers.
Today, technology is used in a huge way in all security measures. In all situations, however, human intervention and deduction are to be constantly associated with technology there. CCTV network cannot do without human monitoring of the feed constantly or at least periodically. Response to a detected intrusion has to be guided by a human mind. A worker at the assembly line alone can notice any process flaw that needed to be rectified for better productivity. Change of Passwords, level of encryption and points of surprise checks are all decided by the concerned leaders. Data Integration and Data Analytics is done in the framework set by human masters.
Technology has achieved a great deal here by doing something that was earlier done only by human analysis producing 'triggers' for action. This is the much talked about turf of Artificial Intelligence that now even handles the preliminary part of 'action' that was needed in response to a 'trigger'. Robots do this precisely as the replacement of humans in certain sectors of 'services'. Defence Technology is making striking contributions to the task of neutralising the 'visible' enemy more effective but in security which deals with the 'unseen' adversary technology tools have to play closely with the human controllers in an ongoing fashion. A technology man has to grasp the essence of security to act successfully as Technology Advisor in that realm.
At the strategic level, the US and India have, apart from defence cooperation, a lot of conversion on the global issues of security - the new threat of global terror where motivation was rooted in notions of faith and indoctrination was strong enough to turn a young man into a suicide bomber, is clearly on top of the chart. The appearance of 'lone wolf' on the terror front is facilitated by the new communication devices, miniaturisation of weapons of attack and explosive devices and use of cyberspace for online radicalisation. Hacking is another challenge to security technology and so is the rise of malware injection into both hardware entities and software programmes. Security cooperation amongst friendly countries is now focused on technology for preventing cyber attacks or neutralising a terrorist on one hand and the up gradation of the war machine on the other.
(The writer is a former Director Intelligence Bureau)
-by DC PATHAK