Machines are taking over me – II – cybersecurity
Blog: End to End BPM
During last week I’ve been working in Nigeria with an Oil & Gas Company on defining an IT Strategy program to move to the cloud. One of the key topics of designing the IT strategy is related with the countries societal impact, that needs to fight with terror, insurgency, wash away corruption and institutionalized informal economy. For those that are not familiar with the country environment, it is commonly accepted under such an inequality standard, you can take loot or steal other’s assets, because the others, cannot live so large and leave so little to the rest of population. Hence, I am helping the organization I am working with to either establish or reengineer security command centres to consolidate their security programs, detect insurgency, theft, improve their risk management and loss of primary containment. Accomplishing these goals requires that the security commend centre perform these key IT functions: have access to massive information sources, ingesting and processing such data in real time making sense of it; summarizing and presenting key data in a meaningful way that supports quick and effective responses to events as they happen in real time. To implement these functions, the organization must not only have subject matter expertise in security and a deep partnership with security forces (local law does not allow a company to have private security), but it must also have a technology foundation to support decision management, workflow orchestration, communication and collaboration, and data management and protection―all anchored on a secured hybrid cloud architecture.
The field threat environment continues to grow more dangerous like for example attacking pipelines, stealing crude oil or refined products, creating a twofold challenge for Oil & Gas companies and the Nigerian government. Not only must these organizations continually strengthen their protection of the data and systems they manage, but they also do not face stricter requirements to demonstrate that they have done so in accordance with the appropriate laws, regulations because simply they do not exist or are not properly designed, once the new government that took power on May 2015 is “putting the house in order” dealing with more important matters for the population, like end the fuel scarcity – currently in Nigeria, you need to wait on average 2 to 3 hours to fill up your car’s tank in what is the biggest African oil producer.
Anyway, from an architecture design perspective you need to define the particulars and complements the about data protection and security, among others, setting-up specific rules concerning the processing of personal data in the electronic communication sector – in the context of spotting insurgency, one of the data sources is text messages that the population can send, informing the oil & gas company and the military that there are signals that indicate a possible or the perpetration of an attack, as other approaches like live video surveillance feed is not available. As a result, by default, listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users without the consent of the citizen concerned, except when legally authorized, is prohibited. The requirement for prior consent is extended to cover the information stored in users’ terminal, given that users have very sensitive information in their computers, smartphones and similar devices. Nevertheless,
How do you deal with the trade-off of enforcing data privacy and putting the population to abdicate from it for the benefit of the Oil & Gas company?
And from a change management perspective,
How do you convince the population to help you fight asset attacks, in a country where everyone is desperate to make its cut on a non-structured economy?
This is because, contrary of designing an advanced IoT business model, in let’s assume, a supply chain, in which truck drivers are rewarded – with airlines miles or discounts in retail shops- by contributing to fuel consumption decrease and safe driving, such kind of gamification strategy must be adapted to social programs to eradicate poverty, providing social services like education and health car of building basic infrastructures. Such gamification strategy, should part of the illusionary, misguided and wrong doing social responsibility corporate programs, meaning that in the end, it is the Oil & Gas company that must share a part of the profits for the IT Strategy work and be effective.
Enter into cybersecurity
This leads to the development and implementation a new IT capability, context-awareness, by the realization of a Context Awareness System, a sophisticated surveillance technology solution that aggregates and analyses public safety data in real time, providing security investigators and analysts with a comprehensive view of potential threats and criminal activity. Such a system protects population sensitive information by designing a series of internal security recommended practices and proprietary and advanced security tooling and technologies for monitoring and detecting advanced asset attacks and related intelligence.
This leaves me as an architect with a challenge in my consciousness, and as such, I would like to invoke one of the most magnificent quote from William Shakespeare’s – Macbeth
“Oh, full of scorpions is my mind, dear wife!”
For that explanation I need to borrow this quote from Frances Stonor Saunders at a London Review of Books talk.
“On the evening of 3rd of October of 2013 a boat carrying more than 500 Eritreans and Somalis founded out the tiny island of Lampedusa, in the darkness, locals mistook the desperate cries for help from the sounds of seagulls, the boat sunk within minutes, survivors were in the water for five hours, some of them close the bodies of the dead companions at float. Many of 368 people who drowned never made off the capsizing boat and were drowned to the sea floor still on board. Among of the 108 people trapped inside the bow was an Eritrean woman thought to have 20 years old were, as she given birth as she drowned, her waters have been broken in the water, rescue drivers found the dead infant still attached by the umbilical cord.”
We are facing a dilemma on how cybersecurity should be used for. On one hand these systems are used to fight and eliminate terror, protecting innocent lives to be taken, to protect company assets from being atacked and looted by contemporary pirates, but one the other hand, like in play, when Macbeth is explaining to his wife about the need to taking life to Banquo, and his son, Fleance, we cannot make a so selfish decision about abandon and condemning thousands of refugees to death, because the same kind of Context Awareness System cannot be used in preventing people to die. The political discussion about where the refugees should be steered to Europe of send back to their failed state countries, it not an argument about the responsibility of protecting human life only in the case where terror is being perpetrated, except when people are escaping and running away from the same terror source.
This something worth thinking about.
Filed under: Complex Adaptive Systems, Cybernetics, cybersecurity, Enterprise Architecture, IoT Tagged: Complex Adaptive Systems, Cybernetics, cybersecurity, Enterprise Architecture, IoT 
Comments (1)
Leave a Comment
You must be logged in to post a comment.
Very interesting read here and I am pretty much in the same boat as you. I am a Supply Chain Management professional but increasingly I find myself working as a Cyber Security CSI working on potential fraud threat’s, Ransomware intrusions and many other cases. I find now that this will keep me busy for many years to come even though I have retired from active SCM nine to five work.