Features: Magazine | Literary Review | Life | Metro Plus | Open Page | Education Plus | Book Review | Business | SciTech | Friday Review | Young World | Property Plus | Quest | Folio |

Security aspects of IT infrastructure

The requirement is a cyber space ecosystem that is conducive for deployment of IT in a variety of areas

PHOTO: AP

IT SECURITY: Personal digital assistants (PDAs) and mobile phones have become critical storage devicesin information technology.

THE DEVELOPMENT of networking culminating in an international computer network, the Internet, has enabled the geographical spread of information and computation, using communications technology. This has been followed by technology for large-scale information gathering, storage and processing. People now perceive the Internet and its associated technology not merely as a tool but as something affecting their daily life.

Coding and cryptography

When computers came to be used for exchange of information, coding as part of the efforts to protect information started gaining importance. Codes and codification methods had been developed much earlier and were being used primarily in military communication. Such protected communication, often called "crypto'' conversation, was considered an art. Use of mathematical functions to convert the art into a science gave birth to cryptography. This had two parts: a mathematical part defining the "basis'' for a "crypt process'' and a procedural or algorithmic part that explained a step-wise procedure.

Coding was always developed as a two-some: the forward process for hiding information and the reverse process for recovering it. The challenge was to find codes that were hard for a third party to decipher. Ciphering a text became such a mathematical delight that over a period, the word "security'' (especially in the context of information and communication technology) has become synonymous with "encryption and decryption.''

With explosive growth of the Internet, people felt the need for communicating securely in the open, an apparent contradiction. IT security (meaning security associated with IT deployment and IT infrastructure) became the topic of discussion in several forums. The list of stakeholders expanded rapidly with different "perceptions of technology capability,'' "user requirements,'' and "framework.'' In short, IT security came to rely more on science and technology and impacted business, government and other users.

Progressively IT has become an integral part of a nation's critical infrastructure and IT security is no longer confined to research in techniques or development of technology, but the establishment of the complete ecosystem. The present concern is not just the security of an individual nation but the whole world. IT security has become the universal spirit for cooperation and is an emerging imperative.

IT infrastructure refers to hardware that includes computers, operating systems, network elements such as routers, switches and access points, applications and data bases; and more recently mobile devices such as personal digital assistants (PDAs) and cell phones. The list continues and seems never ending. Also, the usage has changed over time from access to shared large computers for program execution to delivery of information collated from different sources to a personal mobile device.

All these have increased multifold the number of pairs of entities that desire to communicate, their own identities, and their ability to store, manipulate, communicate information — a situation ICT based systems have to cope with today.

Heavy investments

Nations around the world have invested heavily in Information Technology to monitor, operate, and control their national infrastructures such as telecom, power generation and distribution, water storage and distribution, transport systems, terrestrial navigation systems along the road network, financial network, e-governance systems, health management and medicare assurance systems, and entertainment networks.

All these together form the critical infrastructure of a country and its protection naturally becomes important. The National Information Infrastructure (NII) and its protection (NIIP) are the emerging imperatives across national boundaries.

Privacy factor

System failures are of several kinds. For example, in a traffic control system, an arbitrary change of green, red and amber can cause chaos on the road during the busy hour. In an electrical distribution network, random switches to "on'' and "off'' positions of electricity supply can paralyse a household or a manufacturing facility.

The world over, securing (meaning privacy) of health information is assuming great importance. But people rebel at the prospect of their personal health related information being "hacked'' into when stored electronically. SOX, BASL II, and HIPAA are some examples of international cooperation for concrete action in regulatory compliance.

The ground reality is that IT, known for its singular property, namely, annihilation of distance and time, has become increasingly fast, reliable, simple, small in size, and inexpensive, over the last few decades.

IT infrastructure which is getting embedded in the national infrastructure, is also becoming increasingly secure thanks to developments in cryptology, cryptosystems, secure protocols, secure networks, secure hardware and software systems, secure policies, and the entire security related ecosystem.

In short, the trust in deployment of IT for critical infrastructure protection is on the ascendant. But there is a need for concerted action by all stakeholders to create a consistent ecosystem — from policy to detailed implementation.

The ease of adaptation and spread made ICT the natural choice for integration of activities and the tool for transcending distance barriers.

Over a decade, operation and management of critical infrastructure has become (increasingly) dependent on information and communication technology.

Interconnections between ICT systems across geographical barriers are crossing the limits of observable and controllable systems. Policy enunciation in the changing economic scene is becoming an art, that too in the hands of a few.

Ownership of telecom infrastructure, power and energy infrastructure, banking and finance infrastructure continues to span nations, continents and the globe.

Managing the information infrastructure spread is becoming an issue. For the first time, the world is confronted with a problem that demands concerted effort, concentration, and positive action from scientists, engineers, technologists, businessmen, media journalists, politicians, legislators, bankers, law makers and the judiciary, to name the major stakeholders. With e-governance poised for nationwide launch, the country's responsibilities have increased multi-fold. Is the nation ready? What is the need of the hour?

In essence, the requirement is for developing a cyber space ecosystem that is conducive for deployment of IT in a variety of areas from personal use to business to critical infrastructure. The establishment of a cyber security ecosystem raises several questions that are worthy of debate. The spectrum of opportunities that open up as a result of this analysis makes the subject matter more interesting for business, governance, research, and development and acts as a catalyst in human welfare and enhanced quality of life.

S. V. RAGHAVAN

Professor of Computer Science and Engineering at the Indian Institute of Technology-Madras

Printer friendly page  
Send this article to Friends by E-Mail