cover story
16
egov / www.egovonline.net / April 2011
cover story
Safe
State?
Technology has to be fused with people, intelligence and processes to create security architecture. A layered architecture will add more value in enhancing security measures By Prachi Shirur e-Gov Bureau
S
ecurity of life, infrastructure and territory is the primary concern of any nation. The nature and scope of potential threats to physical security is changing and scaling, faster than ever. Much more alarming is the increasing number of terror attacks and loss of lives, world wide. Besides, largescale natural disasters and pandemics pose additional threats to public security and safety. And it is not just the physical security which is at stake, as against the man-made and natural disasters but also the digital and information infrastructure of the nation states. With the changing nature of threats, prevention and response mechanisms need regular revision. Technology, especially, the information and communication technologies, is a big enabler here. The governments need to be equally equipped and conversant with technology in order to counter criminals, terrorists or those who try to undermine stability and peace in the country. Agencies responsible for public safety need to respond quickly to incidents. However, often the public security sector suffers from resource crunch and inadequate information and intelligence. To overcome such limitations, the governments in developed countries are turning to technology and are using latest surveillance systems, situational modeling and visualisation software, chemical/biological detection monitors to counter security threats. Though, India is among the countries most affected by terrorist and insurgent activities, it was the 26/11 terrorists’ attack in Mumbai, that forced the Indian government to seriously consider improving the country’s homeland security apparatus. Rothin Bhattacharyya, CEO, HCL Security Ltd., opines that the perception of security threats
faced by India has changed drastically over the years. “In the year 2008, India was world’s third most afflicted country by terrorism incidents. To cope up with these increased number of attacks, there was a need to enable robust security across the cities. Hence, several ICT projects were undertaken by the government and latest security technologies have been deployed in various areas of the country to combat terrorism.” In an emerging economy like India, with a billion plus population, maintaining the GDP growth rate of eight to nine percent is one of the prime concern of the government. It is therefore, an important focus of the government to strengthen the homeland security with the help of technological interventions, as also leveraging the private sector expertise in ICT, for providing advanced and intelligent solutions to the security forces. Given this scenario, Government of India intends to spend April 2011 / www.egovonline.net / egov
17
cover story
B Bhamathi Additional Secretary Ministry of Home, Govt of India
“No software or technology solution can be panacea for all issues surrounding the functioning of police. CCTNS can act as a catalyst for initiating a change in Police functioning.” $10 billion on India’s homeland security in the coming two to three years. The top security agencies in India are leveraging the benefits of ICT for securing India. Today, technologies such as CCTVs and surveillance cameras are equipped to monitor terrorists activities and other such threats. However, India has still lots to do to ensure public safety and security. The government, now also realises the importance of protecting digital infrastructure – digital government data, since the government websites, networks and computers are at the receiving end of information hackers. The situation is grim, given the fact that the terrorists today are extremely tech-savvy. Coupled with this, India has a poor state of policing and intelligence, ill-equipped security agencies and weak criminal justice system making it extremely difficult for any security agency to respond to the newer threats and challenges. While India has made enough progress in ensuring safety, the challenges to public safety will continue to grow. India should thus ensure a robust safety and security system.
18
egov / www.egovonline.net / April 2011
Technology Comes Handy Information and Communications Technology (ICT) has a paramount role in securing homeland as well as disaster prediction and management. ICT systems are able to collect, analyse, assess and disseminate information quickly and completely. The fast and effective communication of relevant details to security agencies, and enhanced awareness of potential threats improves decision making and helps anticipate threats and risks better while also making efficient use of critical resources to prevent and eliminate potential threats to public security. At the same time, technology enables better management of natural disasters with focus on overlapping phases of mitigation, preparedness, response, and recovery. Technology driven knowledge-based information infrastructure helps provide balanced support to each phase of these activities in the disaster management cycle. ICT plays a major part in interpreting geo-spatial data. Image processing, predictive analysis, like Tsunami Early Warning Systems, data modeling, GIS and Advanced Meteorology are some of the key applications that have been deployed worldwide. Standards have evolved like the Common Alerting Protocol (CAP) – an information interchange standard that can be used collect all types of hazard warnings and reports locally, regionally and nationally, for input into a wide range of information management and
warning dissemination systems. Systems using CAP have shown that a single authoritative and secure alert message can quickly launch Internet messages, news feeds, television text captions, highway sign messages, and synthesised voice-over automated telephone calls or radio broadcasts. As Abhay Bhargav, CTO, we45 Solutions India Pvt. Ltd., puts it, “With reference to homeland security, IT could be used extensively in storage, processing and transmission of intelligence information, defense information and so on. Using integrated application, law enforcement and defense agencies can gain relevant and comprehensive information about threats to homeland security.” With reference to Disaster Preparedness and Management, Abhay informs, “IT systems can be invaluable in terms of prevention and detection of disaster situations. For instance, through applications and communication networks, the nation can issue advisories against people visiting certain sections of the country affected by a natural calamity. With effective monitoring, using IT applications and communication networks, the government can issue evacuation orders for people in the area, thus preventing loss of life in case of a disaster”. Major General Ramesh Chandra Padhi, MOGSGS, Military Survey, Indian Army, also hails the role of ICT in security domain. According to him, “ICT has brought the capabilities in depiction, integration, visualisation
cyber threats: Top Five Exploits l My Doom’s Mass Infection: Estimated damage $38 billion This fast-moving worm first struck in 2004 and tops our list in terms of monetary damage. The worm was designed to infect computers and send spam emails. l A“I LOVE YOU” Worm’s False Affection: Estimated damage $15 Billion The “I love you” worm (named after the subject line of the email it came in) proved irresistible in 2000 as millions of users
opened the spam message and downloaded the attached “love letter” file. Unfortunately, instead of sweet nothings, they got a bitter virus. l ‘WConficker’s Stealthy Destruction: Estimated damage $9.1 Billion This 2007 worm infected millions of computers. Conficker was designed to download and install malware from sites controlled by the virus writers. The malware included a keystroke logger
and other PC-control software that gave cybercrooks users’ personal information as well as access to their machines. l Stuxnet Worm—Targeted and Dangerous: Damage unknown This recent worm targets critical infrastructure, such as utility companies and control systems, by taking advantage of several vulnerabilities in Windows. Stuxnet has reportedly damaged government facilities in India, the U.S. and Indonesia, as well as nuclear facilities in Iran.
Source: ‘A Good Decade for Cybercrime’, McAfee’s Look Back at Ten Years of Cybercrime, 2010
cover story
and analysis of geo spatial data. Improved bandwidth, high speed data processor and data storage capacity has enabled fusion of military and intelligence inputs so that a common operational picture is made available to all security managers, commanders and officers at different levels”. However, he suggests that maps need to be properly geo-referenced, because worldwide there are many reference-frameworks that most people get confused. So there is a need of a common reference framework. It is with this concern that the National Map Policy has been designed in India, on a global reference framework. However, as Dr Rajvir P Sharma, IGP (Planning and Police Modernisation), Office of DGP & IGP, Karnataka State Police quips, “Monitoring of micro-information from gleaning to processing to collating and dissemination is yet to be achieved leading to loss of microinformation and consequent information loss.” Micro information management technology therefore, needs to be optimised. Loknath Behera cautions against mindless use of technology without proper standardisation, which causes more problems than it sorts out. Thus, technology has to be fused with people, intelligence and process to create security architecture. A layered architecture will add more value in enhancing security measures. “Technology should not only be deployed but should be integrated with devices/ equipments in such a way that they compliment with each other and offer actionable intelligence” suggests Rothin Bhattacharyya.
Major general Ramesh Chandra Padhi MOGSGS, Military Survey, Indian Army
“Improved bandwidth, high speed data processor and data storage capacity has enabled fusion of military and intelligence inputs”
Worldwide market for security is about $100 billion and growing at the rate of 12 percent, as per industry sources. Frost & Sullivan pegs the market for security and surveillance equipment in India at `1,800 crore and the video surveillance market at `866 crore, both of which have a compounded annual growth rate of 25-30 percent. Some of the leading players in this market are SAP, EADS, Smiths Detection, Palantir, Tyco, Bosch, Adaptive Imaging, Vigilant Systems, Fluor Corp, Northrop Grumman,
Mathew Thomas Vice President, Strategic Industries, SAP India Subcontinent
The Great Security Spender! The global security climate has caused an aggravation of existing security concerns and necessitated the development of holistic physical security solutions. Nations are realising that in order to effectively protect people, property and critical assets, they need physical security and safety programmes, designed to address not only traditional crime, but also sophisticated terrorist attacks, and natural disasters. The government remains the biggest spender on physical security or surveillance solutions. Growth can be seen coming from various sectors such as urban security, public transport, hospitality sector, airport security, BFSI and education. Governments are now looking towards adopting a more holistic and integrated approach to physical security.
“ Security agencies need an IT infrastructure that’s fully integrated and capable of real-time updates among government, industry, and non-profit stakeholders during all coordination phases”
Siemens, Lockheed Martin, Accenture and many more.
Security Apparatus Overhaul After the 26/11 terror incident in Mumbai, structured efforts have been made to bring about a streamlining in the operations of government public safety bodies in India through the modernisation of operations. The areas where ICT is playing a role in modernising security apparatus includes access control and perimeter security systems, investigation management, crime analytics, monitoring and surveillance systems for Internet and electronic media, telecommunications, procurement of specialised vehicles for bomb disposal and riots, personal body armor etc. With the operationalisation of the MultiAgency Centre (MAC), through an Executive Order issued on December 31, 2008, every piece of relevant information or intelligence gathered by one of the participating agencies is brought to the table. At the same time, a network is being created of all the databases that contain vital information and intelligence. Since, each database stands alone, and does not talk to another database, crucial information that rests in one database is not available to another agency. In order to tackle this issue, the Central Government decided to set up National Intelligence Grid (NATGRID). Under NATGRID, 21 sets of databases will be networked to achieve quick, seamless and secure access to desired information for intelligence/enforcement agencies. With the objective of having an integrated approach towards policing, the Ministry of Home Affairs has come up with a `2000 crores project – Crime and Criminal Tracking Network and Systems (CCTNS) that is scheduled April 2011 / www.egovonline.net / egov
19
cover story
Rothin Bhattacharyya CEO, HCL Security Ltd
“Technology should not only be deployed but be integrated with devices/equipments in a way that they compliment with each other and offer actionable intelligence” to be in place by 2011-12. CCTNS aims to facilitate storage, collation, analysis and transmission/sharing of crime and criminals related information at the police station, district, state and central levels. National Crime Records Bureau, on behalf of the Ministry of Home Affairs, is the nodal agency for overseeing the implementation of this project. Commenting on the role of CCTNS project, B Bhamathi, Additional Secretary, Ministry of Home, says “No Software or technology solution alone can be panacea for all issues surrounding the functioning of police. However CCTNS can act as a catalyst and technology enabled agent for initiating a change in Police functioning.” To address issues pertaining to natural and man-made disasters, the Disaster Management Act of 2005 was passed leading to the formation of the National Disaster Management Authority (NDMA). It is mandated by the Government of India to create the policy framework, transform disaster management plans and establish guidelines for effective response to disasters. The enforcement of its policies and implementation of its guidelines, disaster mitigation provisioning and disaster prevention also form the broad charter of this apex body. However, the pace at which the envisaged reforms and modernisation initiatives are being adopted are not the same as that on an international level. As Mathew Thomas, Vice President – Strategic Industries, SAP India Subcontinent notes, “The multi-tiered security agency framework, slow collaborative outcomes, information silos, lack of a centralised, quick-response, ICT-enabled command and control system – coupled with issues like corruption and procedural wrangles have led to slow realisation of the set objectives.”
20
egov / www.egovonline.net / April 2011
Partners in Security Agenda Public-private partnerships can help fill gaps in homeland security that neither government, nor business can fill alone. Increasingly, they are assuming a vital role in our nation’s homeland security strategy. Mathew Thomas feels that there is a huge potential for partnership in the areas of safe practices, disaster mitigation, disaster preparedness and response, reconnaissance and recovery. Abhay Bhargav of we45 Solutions says, “The private sector is replete with experts who will RK Vij IGP, Durg Chhattisgarh
“An ICT project’s success or failure will depend heavily on the organisational capacity to manage and respond to the information transmitted by the technology”
be able to leverage the ever-increasing power of the web, networks and IT deployments and will be able to optimise the way homeland security and disaster management is approached in the country.” For instance, private IT security companies will be able to help the government secure its IT deployments and networks against the advanced persistent threat of state-sponsored cyber terrorism by providing cutting edge security and testing services.” Ramandeep Singh Walia, Head-System Engineering Group, Check Point Software Technologies, suggests that it is important for government to collaborate with private sector to ensure the awareness of the security risk attributes. “The source of revenue from cyber terrorism or cyber attacks have far exceeded the revenue generated due to drug trafficking. For this, processes, policies and awareness programmes have to equally compliment the security controls. Private sector can play a major role in this regard.”
Road to Secure Nation For seamless response to security threats, security agencies need an IT infrastructure that is fully integrated and capable of real-time updates among government, industry, and nonprofit stakeholders during all coordination phases. This necessitates putting in place such security systems that fully integrate resources – financial, human, and technological with operational and back-office information assets, to maximise visibility across the entire security framework. To foster and augment the process of information sharing, ICT should be used at all levels in the security sector. In this regard, a standards-based policy needs to be evolved that evaluates available technologies based on their readiness, usage and effectiveness, while shortening the solution availability cycle. The road to a secure nation lies in creation of a framework that covers the governance of their physical infrastructure, IT infrastructure, networks and so on, encapsulating preventive, detective and corrective mechanisms to protect the security of all government agencies and departments. Apart from physical security, information security is the need of the hour. Government agencies and departments contain a wealth of information that is invaluable to attackers. Therefore, it is quintessential that the government takes information security as seriously as physical security.