Cyber terrorism in plain English can be defined as usage of IT for carrying
out unlawful activities. This form of terrorism is a deadly cocktail of
technology and terrorists, used for disruptive activities. Let us start the
story with some facts about usage of technology by terrorists. On July 26th
2008, 21 blasts were carried out in Ahmedabad. Terrorists misused insecure WiFi
networks for their communications for this act. In the recent Mumbai attacks,
terrorists used Google Maps for planning. Also, investigations have revealed
that 9/11 attackers were trained on Microsoft Flight Simulator. These examples
give us a clear picture that like guns, IT can also have devastating effect, if
used by criminals. Reasons for usage of IT by terrorists are not difficult to
find. Technology and information is easily available and widely used, and most
people in modern world are dependent on technology making them vulnerable to
cyber attacks. Costs associated with such terrorism is very low, and one can
cripple modern cities by just carrying out attacks from a machine located
anywhere in world. Another important reason for proliferation of cyber terrorism
is its covertness; criminals can carry out terrorist activities without
revealing their identity.
Countering Cyber Terrorism
In order to efficiently negate threats of cyber terrorists, there is need for
close collaboration between the private and the public sectors. Besides such
collaboration, there is need to be more proactive in approach. But being
proactive also means more interference in privacy. There are technologies
available that can be used by telecom operators to monitor each call routed by
them. Even 24 x 7 monitoring is possible using massive implementation of video
surveillance in attack prone areas or big cities. But both these approaches
would lead to interference in private lives of public. As such an approach is
being used by other countries, government and other stakeholders involved in
this should try to figure out the thin line between privacy and proactive
approach. There are different technologies and approaches that can be effective
against cyber terrorism.
Physical security
When it comes to information security, the trend is that enterprises, government
bodies and law enforcement agencies concentrate quite a lot on virtually
securing their sensitive digital information relative to physically securing
their data centers and computer assets. What is over-looked most of the times,
is the fact that physically breaching the weak security of a data center is far
easier for an attacker with little or no technical know-how. So it is extremely
important to set-up multiple layers of physical security around your data center
to encounter any act of cyber terrorism.
Cyber Crime Facts
|
Recruit well-trained security personnel
The first layer of security of a data center is having a batch of efficient
security personnel deployed at strategic locations. Care must be taken to
recruit well-trained security personnel from a reputed security agency. Though
the current private security guard pool in India is vast, it is still
ill-trained to combat specific security challenges. So rather than relying
completely on the outsourced security staff, organizations should take charge of
the security of data centers themselves and guide these personnel about the
specific security needs of the data center.
“With huge repositories of public and private data, including sensitive data, residing on the servers and on the 'cloud', it is extremely important that our critical information infrastructure is secure from anti-national elements. There is an urgent need to develop capacity within various stakeholders like enterprises, governments, law enforcement agencies, including judiciary, and citizens to understand cyber threats and the responses needed to mitigate such threats.”
Shyamal Ghosh, |
“Government should encourage Ethical Hackers Association to counter cyber terrorism. I strongly advocate ethical hacking under government jurisdiction, or through bodies like NIXI.” - Saugaato Ray, Director and CEO, Satmac |
In the unexplored and ill-trained pool of private security guards, who
receive little in terms of salary and respect, lies a great opportunity for the
private security industry of India. The latter can take up the onus of providing
specialized training to security guards keeping in mind the different needs of
different industries. All this would translate into a reliable private security
guards pool that commands respect for its expertise to combat any kind of threat
to the homeland security.
IT Act and Cyber Terrorism
Strengthening of laws is also important to deter criminals from using IT for |
Access control systems
The entry point of the data center should have the most stringent access control
systems in place to prevent any unauthorized intrusion. There are generally
three types of user authentication mechanisms that the access control systems
employ:
- unique individual passwords like a PIN
- a tangible document that belongs to the user, like an ATM card or an ID
card - Biometric authentication based on measurable, unique, physical
characteristics of an individual, like fingerprint, voice recognition, face
recognition, hand geometry, vascular patterns, retina scan etc.
The access control systems can be based on any one of these three
authentication factors, providing a single-factor authentication. But for
tighter security, there has to be deployment of multiple factor authentications:
a combination of two or three of these mechanisms.
Though biometric authentication technologies are expensive to deploy and
implement, they are considered to be strong access control mechanisms. This is
because the aforementioned biometric information of each individual is unique;
remains almost unchanged throughout his/her life; is non-transferable and is
extremely difficult to forge. But even biometric authentication, individually,
is not completely foolproof due to issues like wrongful duplication of user
fingerprints. So the best way to secure your data center would be by deploying a
two-factor or three-factor authentication based access control system, with
biometric authentication as one of them.
Intelligent IP surveillance
Intelligent IP surveillance can be achieved by either deployment of intelligent
IP cameras that have built-in video analytics software or by integrating Video
Analytics software with your existing network of standard IP cameras across your
data center. Such embedded intelligence can detect suspicious movements,
unauthorized entries, missing objects, camera tampering etc. and can
automatically send out audio alarms, visual alerts and SMSes to the concerned
security personnel, initiating immediate action.
Information Security
Security of data in your data center is critical not only for your business but
also for overall security of individuals. If data regarding customers in a
organization is available to criminals, then this data can be used for identity
theft for camouflage. If compromised information is financial in nature then
this could fund terrorists. One needs multiple approaches to secure information;
at data level one can have email security, encrypted communication, port
blocking etc and at network level one can have firewalls, UTMs and IDS systems.
Besides these approaches, one also needs anti-virus and anti-spam software. All
these approaches would give right results only if there is proper security
policy in place, plus adherence to such a policy is made compulsory.
(The article contains excerpts from the presentation given by Pradeep
Gupta, CMD, CyberMedia.)
Sandeep Koul and Amrita Premrajan