National Security: A Software Architect’s perspective

architects“Our goal isn’t just to be free. It is, on the long run, to be secure, safe and assured that our freedom will outlast our existence.”

A few days ago, I was scouring the internet for some information on “Securing public-facing Information Systems”. I needed to do this to improve the security of a software development project at hand following a lengthy but very useful discussion with a colleague who specialises in Information Systems Security.

I had become convinced that the orientation of Nigeria’s software developers must evolve from one that simply produces solutions that meet business requirements, to one that envisages security threats posed to business entities and proactively mitigate them.

In order to provide the required level of assurance of security on the project, I proceeded to update my knowledge of existing security systems from a software architect’s point of view. During my ensuing research, I studied several software security algorithms; such as the Hash Message Authentication Code (HMAC), Sure Hash Algorithm (SHA), and so on. It proved to be an enlightening experience.

After a few clicks that started from the Google Search page, I traversed the Gibson Research Corporation website, which I will recommend to anyone with the desire to keep abreast of current IT security issues. Finally, I landed on the home page of the NSA – the National Security Agency (of the United States).

After reading NSA/CSS Strategy, coupled with other formative entropy on my mind, I was convinced that to be truly secured as a nation, we must place the necessary amount of premium – and in no small amount – on scientific, economic and IT education. And if we must rank amongst top countries of the world in few years to come, we must integrate our industries to an innovative educational system. As profound as the realisation was to me, it is not the entirety of the basis for this article.

Thereafter, I found myself on some pages reporting on new strategies for warfare and how countries have been ravaged in covert cyber operations (CCAs) that they were unaware of. No alerts were triggered, yet the destruction was full blown. Incognisant of the menace of surveillance and attacks upon them, these nation victims wallowed in digital ignorance waiting at borderlines to counter raids that have been redirected to other spaces of social needs and infrastructures; such as media & communication, health, food & water, cyber to mention but a few. I had to conclude with this awareness that countries protected only and solely by military might and weaponry today are the most vulnerable.

At that point, I picked up my pen and I began to jot down my thoughts that culminated into this article.

Since the year two thousand and three that Iran was found out with a concealed nuclear program, the United Nations, spearheaded by the United States (US) have been relentless; sniffing around anywhere for everything that might be associated with Iran’s concealed nuclear program.

While open table negotiations have been ongoing, there also have been numerous and continuous covert allied operations to unravel “EVERYTHING” behind the temerity of the Middle East powerhouse.
Owing to the menace and non-cessation of terrorists’ operations in Middle East, it makes absolute sense to bring all nuclear programs, anywhere in this universe, under close and global supervision, monitoring and control.

We simply cannot undermine or ignore, totally or partially, the probable danger of letting devastating weapons of mass destruction (WMDs) slip into the hands of raging, irrational and irreconcilable sadists. Beyond sustaining its own global commands therefore, the P5 + 1, a committee of powerful Nations constituting the permanent membership of the United Nations’ Security Council including US, Russia, China, Britain, France and Germany, is within reason to want to curtail Iran’s Uranium Enrichment Program; and any of such by any other country.

To fully comprehend this sentiment, recall 9/11, and associated wars thereafter, and imagine that Osama bin Laden had a nuclear arsenal to match NATO’s Security Forces! On the flip side, one must also appreciate the reasons for Iran’s aspiration to the ownership of WMDs.

Lessons learnt from the threats of Biological Weapon attacks from Iraq in the late 1980s, after Iran had ceased its uranium enrichment in the 1970s, meant the Iranians were unable to defend itself against circumstances that might pitch it against probable future enemies including the United States as it turned out to be during the Iraq-Iran war.

Both sides have germane reasons for their positions, however. Personally, I support the aggregation of nuclear weapons and the control of same in the safest hands.

Drawing from above however, the harrowing effect of not being able to force Iran to its knees, through negotiation and diplomatic measures, have led to covert cyber actions (CCAs). Invisible and bloodless attacks, allegedly sponsored by the United States and Israel, have been ceaselessly launched against Iran and her allies.

Some totally devastating, others unveiled and aborted by Kaspersky Lab – an international software security group headquartered in Moscow, Russia.

CCAs, as expressed by Aaron P. Brecher, are capable of penetrating and disabling vital national infrastructure, causing catastrophic economic harms, and approximating effects of war, all from remote locations and without the use of conventional weapons.

They can be nearly impossible to attribute definitively to their sources and require relatively fewer resources to launch. As succinctly expressed, Iran’s nuclear program was set back, by many years, following the destruction of roughly a fifth of Iran’s nuclear centrifuges by mere malwares.

For those wondering what they are, ‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.

In the same sequence on your keyboard, Iran and a few countries in the Middle East, such as Lebanon, have been reportedly surveyed and attacked by the four amigos: Stuxnet (S), DuQu (D), Flame (F) and Gauss (G). Collectively, these malwares stole everything: Personal Information, bank account details, passwords, desktop screenshots, economic intelligence, textual chat conversations, email contents, security intelligence, nuclear reactors’ architecture, voice conversations, video recordings, soft documents and everything! The booty being socioeconomic, political, technological and military potential of “victims”, which are then delivered to mother ships where they are analysed, stymied, curtailed and/or steered.

Stuxnet, discovered in June 2010, was specifically designed to subvert Siemens Systems running centrifuges in Iran’s nuclear enrichment program. This fact was only uncovered after Security Experts & researchers at Kaspersky Lab had reverse engineered the code of the malware. This is the first worm known to attack SCADA (Supervisory Control and Data Acquisition) Systems.

It would be nice to discuss, however briefly, each member of the amigos and their specificity in terms of purpose and effect. Unfortunately, that falls beyond the scope of concerns that this article address. To maintain focus, let us bring the menace home.

Let us start by discussing what National Security means to us; first individually, then collectively as a Nation-State! What does it mean to you? While I do not doubt that we have broad and general ideas of what this is, I fear that, whatever our notions, concepts or beliefs are in this regard, they exist largely in the minds of individuals; subject to the knowledge and understanding of that person, who holds the statutory position of the Coordinator on National Security.

From all indications, if at all there is any Charter on this subject, it has no currency. As a result, its implementation is bound to be nothing but haphazard, moribund, jejune and reactionary!

Of numerous definitions, I am fascinated by that of Walter Lippman, who defined National Security as:
“The abilities and capacities acquired by a nation wherein it does not have to sacrifice its legitimate interests to avoid wars; and is able, if challenged, to maintain them by war.”

While I agree that this might not be a perfect definition of the concept, it suits the intent and purpose of this article; and perfectly so. For obvious reasons, any nation that cannot defend its values, resources, properties, Information assets and territory against fledging attacks, however covert, flagrant or unassuming, cannot be said to be “truly secured”. Elements such as military, political, economic, environment, food & health security, as well as women empowerment and cyber security, to mention just a few, therefore, cannot be overemphasized. The consciousness, loyalty, dedication and commitment of citizens to national security matters (i.e. human capital security) are as well of great importance that cannot simply be wished away.

While the list of security elements mentioned above is not exhaustive in the strategic considerations for the National Security of a State, very little is heard, seen or done, in our case (Nigeria), by both public and private IT intelligentsia to secure our cyber borders. I am fully aware of the humongous investments made by financial, telecommunication and other technology-driven institutions in Nigeria, measured in millions of US dollars, in the procurement, deployment and daily maintenance of Antivirus, intrusion prevention/detection and other security-oriented software programs, the advent of the amigos as expressed above suggests, with strong convictions, that we are, in fact, not protected against CCAs.

For country that is totally dependent on imported software programs for the automation of its critical business processes – both public and private sectors, the storage of its financial, economic and security information, the rendition, transmission and protection of same, faced with asphyxiating dearth in cyber capacity and capabilities, lack of citizenry trust in State governance & resource management, untoward nonchalant disposition of State to human capacity building, inequitable reward and justice systems, rising debt profile and dwindling revenue and foreign reserves, Nigeria is thus a country at a crossroad, where all of these issues must be included in the National Security Charter (if there is any) for immediate considerations and realistic action plans with foreseeable & realistic timelines.

“Ayodeji Odusote is a Solution Analyst with the Central Bank of Nigeria. He is a blogger and a social commentator, focused majorly on Technology and its Economic Impact; using Nigeria as a Case Study. He can be reached via email: aareago@gmail.com. His social media handles are as follows: twitter: @aareago, facebook: Aare Ago, and aareago.blogspot.com.”

Receive News Alerts on Whatsapp: +2348136370421


No Comments yet

Related