The International Anti
Terrorism Forces have once again been shaken up from their complacency after the
Bali terrorists attack. We in India which has been a witness to Akshardham
attack recently can see that there is a pattern to the two attacks which
could lead to some thoughts that are relevant to Cyber Space Security.
Both the Bali Club and
Akshardham were "Soft Targets" for the terrorists. Both targets were far
removed from any policies affecting the Terrorist's professed cause unlike a BSF
picket in Srinagar or the White House. The victims were also not in anyway
concerned with the issues for which the terrorist outfits are fighting. But
still, the attacks succeeded in creating a panic amongst public and it will take
several years for public to get out of the fear psychosis they have been driven
to.
There is no doubt that Bali will
perhaps be erased from the tourist map of many countries and Indonesia needs to
rework their tourist economics. Similarly, temples in India need to look at
"Frisking" and "Installing Metal Detectors" to screen the devotees. Imagine the
aberration when the pilgrims chanting "Govinda, Govinda" in Tirupati are
stopped and subjected to frisking. Many will consider this a loss of sanctity of
the temple and reduce their visits. Sociologists need to study the possible
impact of such change of perceptions and whether this will add fuel to fire.
In fact ,it is difficult to say
if the same effect could have been achieved if an army barrack had been
attacked. We must therefore admit that the terrorists have succeeded in their
objective of "Dividing the Society" through these attacks.
Despite recognizing the
disastrous impact of such attacks, the tragedy is that the Government or the law
enforcement Authorities cannot ensure that such acts would not be repeated. The
world is so big that, there will be many more soft targets available to a
determined terrorist particularly if he is from a suicide squad.
In finding a solution to
terrorism, we therefore need to look at such steps that make the attacks
difficult and less productive for the terrorist so that in course of time the
motivation for such attacks die down.
These principles are universal
principles that apply even to Cyber Space Security. In Cyber Space, the
terrorist attacks take the shape of " Un authorised Access" to Information Space
and theft, manipulation or destruction of information. Just as in the case
of Meta Society terrorism, attacks on soft targets are more effective than the
attacks on defense establishments, Cyber terrorists will consider it a better
strategy to attack soft targets and create a feeling that Cyber Space Activity
is unsafe and unfit for commerce.
This can be done by an
intelligent attack on bazee.com or nse-india.com rather than on the Ministry of
Defense website. Attacks on Infy.com or wiprotechnologies.com, or
cherrysoft.co.in
may unnerve the vibrant IT industry to the extent that the confidence on these
companies enjoy with their customers will be eroded.
The first step to find a defense
against Cyber Terrorism is therefore to reduce the presence of soft targets and
make it difficult and less productive for terrorists to conduct successful soft
target attacks.
This should start with
instilling a minimum security awareness amongst the people concerned.
It must be noted that after the
Akshardham attack, many temples and hospitals who consider themselves to be soft
targets for terrorist attacks have shown an inclination to go for insurance
cover for their customers in some form. If these non commercial organizations
can think of such insurance coverage, there is no reason why Corporate networks
do not cover themselves and the users through an insurance programme that
provides some protection against terrorist attacks.
If such insurance programmes
have to succeed, then there has to be some process by which the security
measures taken by a Company are certified. Also, in order to indemnify the
insurance companies, the security measures should also be "Cyber Law Compliant".
A "Techno Legal Security
Compliance Audit is therefore a pre-requisite to development of an Insurance
Plan".
Such an audit should help the
companies develop a "Cyber Space Security Policy" which eventually should
aggregate to cover the 20 million Netizens supporting over Rs 7500 crores
of E-Business per year.
To make such an effort
effective, IT Companies who have a large stake in Information Assets of the
Country have to come together along with like minded individuals to form a
consortium that can pool all available resources and provide leadership for an
effective anti-cyber terrorism action plan.
naavi.org invites the
suggestions of public in this regard and wants to identify people who can assist
in the process.
Naavi
October 15, 2002
Related Article:
National Security Policy for US-A report (PDF Document)
