information security

Information Security and Threats

The myriad measures we have taken for the security of our personal data may be making our daily life a bit more difficult. However, it should not be forgotten that everyday a new information stealing and intelligence method is being developed against every measure taken.

While we are spending so much time and effort in the simplest terms on our personal data, what can be the level  for institutions, communities and moreover for countries to ensure information security?

Protecting the information and against it, the intelligence activities carried out in order to acquire information bring to mind military and political issues firstly. When we have a look to NATO’s security structure for the sake of generalization, Information Security is at the top level under Basic Security heading, along with Physical Security, Personnel Security, Procedure Security and Document Security. In a subdivision, Information Security (InfoSec) contains Computer Security (CompuSec) and Communication Security (ComSec) components. Afterwards, the different security sub-units created for different threats, branching out as we go over the details …

So what are the threats that require so much precautions?

It is impossible to tell all the threats so long here, but I can clearly say that as we are discussing these issues now, some new intelligence methods are being developped somewhere… But in general, we can summarize the issue as seizing the information from involuntary emanations (passive intelligence) and attacting to information secured against unauthorized access (active intelligence).

Today, while corporations and organizations are struggling to prevent unauthorized access to data in computers primarily, thinking that they are safe by using firewalls and antiviruses, in fact, information is spreading around as emanations. For the unauthorized persons who are in passive listening mode, they only accumulate the information free in the environment with their technical capabilities. An old technology, “listenning to what is spoken in the environment by remote laser signals, by means of transducing the vibration generated on the glass into significant voice and texts (optical intelligence)” can still be utopian for somebody today. In the same way, using TEMPEST technology (obtaining information from electromagnetic emanations) to get the information from IT devices such as computer screens, hard drives, printers, scanners, etc., remotely from a distance of tens of meters, is still attractive, however it is first used in the 1960s.

“Emotional” analysis with wireless data signals: EQ-Radio …

You must have read the news that a group of scientists at MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) have conducted studies on analyzing emotions by sending wireless data signals and have 87% successful results. With the wireless signals sent, they can detect the excited, sad or irritated moods of the people. There is no doubt that this technology, called EQ-Radio, will be actively used to get more detailed information in the close future. The fact that wireless modems are widespread in every environment we are entering, will force you to embrace “what information can be gathered with the signals sent from the modems”. While we continue to feel safe with the antiviruses and firewalls we set, honestly, we live in an era when we can not guarantee that the information in our mind is not captured.

This article was published in periodical “Science and Technology to Everybody (Herkese Bilim Teknoloji)”, November 18, 2016

Bilgi Güvenliği ve Tehditler

Information Security and Turkey

I have shared in my previous article that the dizzying development in Information Technology has led to a number of complications that make our life more difficult for “Information Security”. Personal, sectoral, commercial, national and, in fact, a global sense of information security requirements renew themselves every day.

What is happening in Turkey while something new is being done every minute for information security all over the world?

In fact, the answer to this question is rather complicated not only for our country, but for all countries and even for communities like the EU and NATO. First of all, it is worth mentioning that we can see Cyber Security as the flagship of information security. In particular, the precautions to be taken in communication security are the first ring of the chain. The ministry responsible for this issue in Turkey is the Ministry of Transport, Maritime Affairs and Communications. With the amendment made in 2008 also received the new name the chief actor of the process is Information Technologies and Communications Authority (BTK). It is working on information technologies at regional, national and international level. Monitoring the communication made up of all the communication channels including internet until the 15th of July was carried out by the Telecommunication Communication Presidency (TİB), a sub-unit of the Institution (BTK), after which the authorities of the abandoned unit were gathered in the BTK.

Have a central Information Security structure been established with BTK?

Clearly no! In fact, the idea and work of establishing a National Information Security Organization, which has a comprehensive and authoritarian nature, has existed for many years in different periods. The team, which I had been working for on behalf of TUBITAK-UEKAE and which is hosted by the General Secretariat of the National Security Council, consist of Prime Ministry, the Ministry of National Defense and other relevant ministries, the Undersecretariat of National Intelligence Agency, the General Staff and the General Directorate of Power Commands worked for long days of shift for the establishment of this organization and the related laws. The current state of the draft of the proposed law, which is being developed every year, is a partly became reality as the decision of Council of Ministers’ on the “Implementation, Management and Coordination of the Workshops on National Cyber Security. As a concrete organization, we can give the National Cybercrime Intervention Center (USOM) as the example, which has undertaken the task of detecting and threatening the cyber threats that our country might be exposed to, conducting activities and informing relevant places.

Despite a central restructuring effort on National Information Security, our country has a balance formed by the support from the ministries, the General Staff and the Force Commands, the General Directorate of Security, TUBITAK and some other Public Institutions and even the banks.

Electronic signature and electronic certificate usage is spreading rapidly in our country as it is in developed countries in order to use internet in the public works more securely, which is the most important instrument of the age.

It is very clear that measures to take, planned measures, laws, drafts of laws, agencies, committees will be in an ever-changing regeneration process every passing day. However, the fact that personal information of nearly 50 million citizens has been stolen and published on the internet in the very recent past is the most concrete indication that we should take more serious steps in this dynamic process …

This article was published in periodical “Science and Technology to Everybody (Herkese Bilim Teknoloji)”, October 7, 2016

Türkiye bilgi güvenliği

Living with Information Security

Inspite we live in the era of information technology, it provides unlimited facilities to access information. It is not so far the days that we had to search the right library and then find the right source among thousands of books for obtaining the information we were looking for, but today, with a popular expression, information is just as close as hitting a key.

It is very natural that keeping confidential information is very hard in such an environment as it is so easy to access every information.

Information security, in general terms, is the whole of the work carried out against acquiring the information required to be protected, harm, the use, modification and recording of this information by unauthorized persons.

Although the concept of information security today is almost synonymous with cyber security, the work done to protect information is very old. We know that special messages from Julius Caesar, the great leader of the Roman Empire who lived in the 1st century BC, were tried to be kept safe with the technique we call Caesar Encryption today. The example of a more recent past is the struggle of intelligence and intelligence counterattack in the Second World War. Germany’s legendary crypto device Enigma, today when it is called cryptology, is the first thing that comes to mind even for people who are not interested in this science.

Is information security important just to ensure the confidential information and communication security of states?

Without any doubt, No..!

Information security is an essential aspect of commercial secrecy and even personal privacy. The steps that commercial companies take before their competitors, the policies and strategies they pursue, the R & D work they do, the financial actions and many other issues have a very delicate balance based on the provision of information security. We are using our mobile phones by dialing the pin code, personal privacy has a priority of everything…

The most interesting statistic on this subject comes up when judicial cases related to cyber security are examined. The new trend of information security violation is seizing digital game accounts… Yes, even though every day we hear an internet fraud news, the case of unloading the bank account, the digital game account theft is surprisingly the same size illegal revenue gate.

While talking about communication security, computer security, cryptographic security, RF security, optical security etc. coming across with information security in a much simpler phase of our life leads us to watch a thief-police struggle that develops with technology … And as a part of this struggle, we have to learn living by keeping in mind dozens of passwords to be used at every step we take in the virtual world today. How satisfied or dissatisfied we are in this situation, no commment…

This article was published in periodical “Science and Technology to Everybody (Herkese Bilim Teknoloji)”, September 16, 2016

 

bilgi_guvenligi_ile_yasamak