Tag Archives: security

The New Cold War: Cybersecurity

On Tuesday, our class had the pleasure of hearing a lecture on cybersecurity. We talked about what exactly cybersecurity is and what kinds of things threaten our cyber safety. It became immediately apparent that there is a “dark side” to the technology that we have come to thrive off of and depend on. We discussed the concept of hacking and the many different ways that our data can be compromised without our knowledge. One thing that really resonated with me was our discussion of APTs, or Advanced Persistent Threats.

An APT is a set of stealthy and continuous hacking processes orchestrated by a group of people targeting a specific entity. APTs usually target organizations and or nations for business or political motives. There are entire military units devoted to this kind of Internet-enabled espionage. For example, APT1 is a term commonly used to refer to Unit 61398 of the People’s Liberation Army of China. They exist solely for this purpose. One of the first things that comes to mind is, “What are the ramifications?”, especially for a nation like the U.S. that relies so heavily on its data. Is our data safe? Are our networks secure?

In a recent article by Matt Sheehan of the Huffington Post, we can see that this is a growing concern. China has been making massive investments in United States technology, and the investments are only growing. For many, it may seem as though China is a little too close for comfort. We know they have the kind of technology to invade our networks, just as we have the technology to invade theirs. Is this becoming a modern day Cold War? Cybersecurity concerns could easily turn into Cyber Warfare. Traditionally, the United States’ economy welcomes this kind of foreign investment, but in the near future it will become increasingly important to exercise discretion, and to understand the potential consequences of giving our competitors a hand in our technological developments.


Security and ICT Project Development:Investment or Insecure Detection?

Traditionally, when we think about Cyber Security, what comes to mind is national defense and protection from others. In the United States cyber security is a means to protect not only individual money and identity, but is rapidly transforming into a tactic to cohesively bar and protect the nation’s ideas, defense operations, water, energy, and innovations. As United States citizens, our daily lives are both operated on and operated by computer technology. As our last IDEV4100 class exposed, our connection to the cyber landscape is both a benefit and a vulnerability. However, as I ponder security of the cyber world, I cannot help but question what this means for people and nations that are not fully “plugged-in”. What does cyber security look mean to individuals in, say, rural Nepal or even a college campus in Ghana? More so, while as citizens of the United States, we have access to secure and locked hardware and software, most developing nations do not. How is cyber security negotiated when every piece of technology used is imported, unlocked, and potentially insecure?

After pondering my own questions, I realized that cyber security for individuals in developing countries means protecting the small amount of resources that are owned and available to them. For instance, if individuals are transferring small money through their mobile phone, the application that allows them to do so needs to be secure so that their identity and money is safe and not stolen. The ramifications otherwise can be catastrophic to those that are already living in poverty or marginal communities. Further, cyber security means that businesses in developing countries can grow and learn about technology safely and that governments can protect their citizens.

Cyber security also means that development projects do not create another vulnerability for the population they are trying to help. In the article, “Why Information Security Matters in ICT4D”, Jon Camfield explains that there is a necessary space for cyber security in development for project initiatives because, often, project databases contain private information about people, organizations, and vulnerable populations. Given the sensitivity of project data and information, Camfield proposes that every project plan must include a budget and method for information security. Without it, too many people, communities, resources, and ideas are at risk in the cyber landscape. Pulling from an earlier article, Camfield also connects a key principle in the development realm: partner collaboration. Basically, in order to increase information security and utilize affordable and available technological skill-sets, projects should build a collaborative network between the “security community and the ICT4D world” (Camfield). Ultimately, in an effort to transmit, manage, and protect information in the growing digital age, cyber security must be an imperative concern for practitioners of ICT and development.


The NSA and America’s Technological Security Problem

Image

   I know most of you didn’t see my comment last week about encrypting phone application data, but recently I have been interested in the topic of security and its connection to development. Now at first one could say, what does the recent NSA scandal have to do with ICT4D? Well actually the NSA scandal is very important in the ICT4D world for many reasons. First, the recent scandal has shown to the US, and indeed the world, that almost no security, piece of technology or software is immune to being hacked by a powerful governmental organization. Second, most of the ICT’s in the developing world don’t have anywhere near the security we do in the US, so while other governmental organizations are considerably less powerful then the NSA it also requires less effort to break into these applications. Governments and other organizations being able to break into ICT for development and access peoples information could lead to major problems. This issue was recently seen in the discussion of Uganda’s anti-gay laws, because people were talking about an ICT that could help reach those people. If that data was somehow confiscated real people could die, which is one of the many potential consequences of taking a lighthearted approach to security in ICT4D. Many times we use mobile phone applications or some other technology that can possibly carry a lot of data that would be very bad in the hands of the wrong people. Any powerful group or government could use that data and do any number of horrible things with it. As development “people” we should definitely care about securing the data of the people that we are supposed to be helping. Another application of the concept of security in development is what I mentioned in my previous comment, we could encrypt data to protect people we are trying to help. Obviously many governments wouldn’t like this, but it could be used to great effect to help oppressed minorities that we potentially could not have assisted before. To bring this all back to my first point we, as development majors, should be very pro open internet. That is, placing restrictions on security agencies to keep the internet “free” should be something as a community we should absolutely support. If you have any thoughts on this last opinion or on the connections between security and ICT4D’s please comment below.

Jackson Boleky 3/20/14                    


Cyber Security: Fighting Back In Uganda

In this week’s lecture by Ralph Russo and previous discussion about cyber security I was intrigued about the extent of cyber security protocols and standards that are present in Uganda. From my research on ICTs in the business and industry sector in Uganda I was aware that security for both the companies and the consumer was an issue. The above video gives a wonderful overview of the effects of cyber crime on businesses, with losses ranging in the billions of shillings (1 USD to 2,160 USH), and that NITA-U has set up a task force to create safe e-commerce networks.

NITA-U isn’t the only task force on the cyber security scene though. A February All Africa article shares that  the Computer Warehouse Group (CWG)  partnered with Symantec in order to provide security storage and management solutions to one of Africa’s fastest growing telecommunications companies. But its not just the private sector that is standing up against cyber crime. In a 2013 article from IT News Africa the Ugandan government also established a Computer Emergency Response Team (CERT) under the country’s Communications Commission (UCC) in order to more effectively  detect cyber crime. CERT is equipped with state of the art equipment and IT experts that will aid in the continuos and growing battle against cyber crime in conjunction with the International Telecommunication Union (ITU).

With the pace that technology is evolving it seems like an immeasurable feat to keep up with the high rates of cyber crime and as Ralph Russo shared with us it is important to keep connections with those entities attempting to put a stop to cyber crime. As seen in examples above Uganda is creating a firm platform, consisting of both public and private organizations, aimed to stop cyber crime and create a more secure environment for businesses to grow and thrive.


Cloud Computing: The Good and The Bad

Speaker Adam Papendieck discussed cloud computing as one of the latest developments in data and Internet technology. Cloud computing, or “the cloud” as Adam says, is simply the concept of storing and managing data that is accessible anywhere at anytime. While simultaneously changing business models and the way people interact here, it is highly beneficial to developing nations as well, breaking down barriers to entry and helping entrepreneurs, small and large scale businesses, researchers, and governments. These clouds are not white, puffy, and loose. They are powerful, offering IT infrastructure at a reasonable cost. In fact, in India, cloud computing is projected to grow into a 15 billion dollar industry by next year. In India, Africa, and South America cloud computing gives organizations a way to connect through online applications like Google Docs. Developing countries can tap into cloud resources and compete, which provides many possibilities.

The possibilities of the cloud stretch to many different devices.

The possibilities of the cloud stretch to many different devices.

What I found particularly interesting is that the cloud also has its challenges, and furthermore, these challenges are very similar to problems that we have seen with many other ICT initiatives. The lack of connectivity and bandwidth capabilities in many areas of the world is a huge issue. The large data that the cloud can account for requires more bandwidth, making it something that some areas will not be able to utilize. Electricity remains unpredictable in some regions, making information on the cloud vulnerable to loss. And, as we saw with cyber security, cloud users must be aware of backup, privacy, and security issues. Developing countries must keep these things in mind. While cloud computing is a powerful tool for all, challenges for developing countries remain.


ThreatToons

Recently, the blog post Threat Geek introduced a new weekly series of comics poking fun at the various threats seen over the internet.  Threat Geek is a blog run by Fidelis Security Systems, a market leader in network security.  The first posting is of a hacker and a Viking in a bar…

Personally, I don’t really get it.  But I assume it’s making fun of a security analyst as he plays a game like World of Warcraft.

While this cartoon and the ones that are likely to follow do not directly deal with ICT4D, the ideas behind their creation could prove valuable to ICT4D start-ups.  Creating a light humorous atmosphere could encourage those interested in ICT’s to further their careers in the field.  The idea of making a more user-friendly system is also seen in the efforts of iHub in Nairobi, which works to create an enjoyable atmosphere to encourage young Kenyan techies to explore ICTs and development new technologies.  With all the importance that we in class, and those in the ICT4D field have placed on security, innovation, and all aspects of ICT’s, it is important to create an environment conducive to learning and exploration.  Cartoons making fun of the geeks, made by the geeks, that work to make the internet a better and safer place may just be a way to encourage more people to explore all that is available to them.


Cloud Computing for E-Government

The relationship between cloud computing and security is a very interesting one to me. With the growing needs for ICT for development and in general, cloud computing is an obvious solution. It keeps everything linked, easily accessible, and increases storage resources. For example, Tulane University switched to a cloud-based email system about a year ago, giving students 10 GB of email storage as well as a “SkyDrive” which is a cloud-based flash drive. This switch gave students more space than they would ever need–I have thousands of emails and I’m only at just over 1 GB.

But is the cloud a solution for everything and everyone in ICT? An article published recently in March talked about cloud computing in relation to e-government for Barbados, stating that “cloud computing has the potential to significantly lower Barbados government enterprise ICT cost while improving overall ICT operations and support services.” While cloud computing is certainly a new option to improve ICT cost and operations for governments, is is a good idea in a sector that deals with so much private citizen information? Security has always been a concern when dealing with ICTs, so it needs to be an even bigger concern when looking into e-government and e-governance. I believe that it is possible and a viable option, but only after a lengthy consideration of ALL possible security concerns, and a well-outlined security and architecture plan.