AS ICT is pervasively used to manage all sectors in the country, it is key that security of information stored in the ICT systems and networks be harnessed in a cohesive and comprehensive manner to ensure national security and protect Malaysia from various adversaries.
MALAYSIA needs to look at forming a private-public sector partnership (PPP) to handle information and communications technology (ICT) security issues which are on the rise both in the country and other parts of the world.
As ICT is pervasively used to manage all sectors in the country, it is key that security of information stored in the respective ICT systems and networks be harnessed in a cohesive and comprehensive manner to ensure national security and protect Malaysia from various adversaries.
According to Scan Associates Bhd's technical director Professor Datuk Dr Norbik Bashah Idris, the PPP concept stems from a famous fundamental maxim in security where "security is like a chain which is made up of links" and that "its strength is equivalent to the strength of the weakest link in the chain".
"In today's world, many governments have declared a number of sectors considered critical for their economy and well-being of their people. These include defence, agriculture and food, IT and telecommunications, energy, banking and finance, transportation, water supply, public health, emergency services, and the Government itself.
"ICT is the nervous system of all these sectors. The critical national infrastructures (CNIs) are not secure if their ICT infrastructures are vulnerable. The disruption of any of the critical sectors affect all other sectors! Eventually, the entire economy and well-being of the country is at risk!" he said.
Norbik, who is also a professor of computer science at Universiti Teknologi Malaysia's CityCampus in Kuala Lumpur, pointed out that the national security issue has traditionally been the responsibility of the Government (public sector) with the Government taking on the roles of regulator and authority.
However, with intertwining and merging of technologies, managing security has become borderless and is no longer just the purview of Government.
"While the Government acts as regulator and authority, many of the CNIs are actually run by private sectors, although some of them are Government- linked companies (GLCs). These are two of the major components of the PPP," said Norbik.
"However, to complete the architecture, another component is usually added, which is the academia. At least, this is the way things are done in the United States. In the context of Malaysia, the academia can come from public or private institutes of higher learning. The intention, however, is for the academia to come in as subject matter experts, independent and open in their views and advice," he elaborated.
Issues. On issues surrounding the implementation of PPP, Norbik said among them are: * Standardisation. "Definition, nomenclature and metrics are new and need to be standardised or at least commonly understood. Without common understanding, it is inconceivable how we can effectively collaborate to manage the problem. What is secure to one party may not be so to others. Ambiguities must be resolved to correctly design and implement effective security.
* Roles. "Who will be providing security against the threats (and some of them are shared threats) and at what levels will the security be maintained? Who will bear responsibility if security fails? "Overlaps must be identified and managed. Also, no-man's land cannot exist and left unoccupied. In Malaysia, there are also State Governments and local authorities. There can be multi-jurisdiction, there can be conflicts."
* Policies needed. "Managing interdependency will demand multi- policies which will draw expertise from various fields; for example, engineering, legal, ICT, psychology, etc. This is not easy because the nature and dynamics of each sector is complex. Private sector will now be a player in the national plan on security in all aspects like alerts, monitoring and response.
"Although there may be already a setup like this, the paradigm must be shifted due to pervasiveness of ICT. A good model to study is the US' Information Sharing and Analysis Centres (ISAC)."
* Information shared. "What type of information should be shared? Private sectors may not be willing to share all things related to their strategic plan. Our risk may not be as high as the US or its western allies due to their foreign policies, so we must not be overly paranoid. How can we make all partners in the architecture be willing to share? Legislative? (which may not work in managing security)."
What next? Bearing all the above and the urgency of the matter in mind, Norbik said there is a need to establish a platform to discuss these issues in detail.
"Participants must come from the public, private, local Governments and authorities, enforcement authorities, academia and experts. Due to the scope of the sectors involved, the mandate needs to come from the highest authority in the country. For example, in the US, many things on managing security happen via Presidential decree," he said.
However, he said one unfortunate scenario with the various players of security is that they usually find it difficult to collaborate and tackle security problem in synergy.
"Actually, we have no choice! It's just like security within our housing area. Unless everybody cares and co-operates, you wouldn't get true security. My neighbours maybe very concerned about security, but if I (or my children) don't care so much and refuse to co-operate/collaborate on things like managing our common backyard, rubbish burnings, Aedes mosquitoes breeding places, everybody will not be secure," Norbik explained.
"It would be disappointing and frustrating if we fail to do this. Actually, such scenario also exists in other countries, but somehow, either by turn of events (for example, the Sept 11 incident) or by realisation of its importance, they have managed to synergise the various entities. We can fast-track the process by learning from those who are already ahead of us," he said.
He urged people who are in the know to create awareness, build support and cultivate commitment.
"The handful of experts in the country must quickly organise themselves, be they from the public or private sectors."
2011/7/8
BY:
Rozana Sani
Source:
http://findarticles.com/p/news-articles/new-straits-times/mi_8016/is_20050926/managing-national-ict-security-issues/ai_n44301540/
No comments:
Post a Comment