Connect with us

Intelligence

How security decisions go wrong?

Avatar photo

Published

on

Photo by Ryan Young on Unsplash

Information warfare is primarily a construct of a ‘war mindset’. However, the development of information operations from it has meant that the concepts have been transferred from military to civilian affairs. The contemporary involvement between the media, the military, and the media in the contemporary world of the ‘War on Terrorism’ has meant the distinction between war and peace is difficult to make. However, below the application of deception in the military context is described but it must be added that the dividing line is blurred.

The correct control of security often depends on decisions under uncertainty. Using quantified information about risk, one may hope to achieve more precise control by making better decisions.

Security is both a normative and descriptive problem. We would like to normatively how to make correct decisions about security, but also descriptively understand follow where security decisions may go wrong. According to Schneider, security risk is both a subjective feeling and an objective reality, and sometimes those two views are different so that we fail acting correctly. Assuming that people act on perceived rather than actual risks, we will sometimes do things we should avoid, and sometimes fail to act like we should. In security, people may both feel secure when they are not, and feel insecure when they are actually secure. With the recent attempts in security that aim to quantifying security properties, also known as security metrics, I am interested in how to achieve correct metrics that can help a decision-maker control security. But would successful quantification be the end of the story?

The aim of this note is to explore the potential difference between correct and actual security decisions when people are supposed to decide and act based on quantified information about risky options. If there is a gap between correct and actual decisions, how can we begin to model and characterize it? How large is it, and where can someone maybe exploit it? What can be done to fix and close it? As a specific example, this note considers the impact of using risk as security metric for decision-making in security. The motivation to use risk is two-fold. First, risk is a well-established concept that has been applied in numerous ways to understand information security and often assumed as a good metric. Second, I believe that it is currently the only well-developed reasonable candidate that aims to involve two necessary aspects when it comes to the control of operational security: asset value and threat uncertainty. Good information security is often seen as risk management, which will depend on methods to assess those risks correctly. However, this work examines potential threats and shortcomings concerning the usability of correctly quantified risk for security decisions.

I consider a system that a decision-maker needs to protect in an environment with uncertain threats. Furthermore, I also assume that the decision-maker wants to maximize some kind of security utility (the utility of security controls available) when making decisions regarding to different security controls. These different parts of the model vary greatly between different scenarios and little can be done to model detailed security decisions in general. Still, we think that this is an appropriate framework to understand the need of security metrics. One way, maybe often the standard way, to view security as a decision problem is that threats arise in the system and environment, and that the decision-maker needs to take care of those threats with available information, using some appropriate cost-benefit tradeoff. However, this common view overlooks threats with faults that are made by the decision-maker. I believe that many security failures should be seen in the light of limits (or potential faults) of the decision-maker when she, with best intentions, attempts to achieve security goals (maximizing security utility) by deciding between different security options.

I loosely think of correct decisions as maximization of utility, in a way to be specified later.

Information security is increasingly seen as not only fulfillment of Confidentiality, Integrity and Availability, but as protecting against a number of threats having by doing correct economic tradeoffs. A growing research into the economics of information security during the last decade aims to understand security problems in terms of economic factors and incentives among agents making decisions about security, typically assumed to aim at maximizing their utility. Such analysis is made by treating economic factors as equally important in explaining security problems as properties inherent in the systems that are to be protected. It is thus natural to view the control of security as a sequence of decisions that have to be made as new information appears about an uncertain threat environment. Seen in the light of this and that obtaining security information usually in it is cost, I think that any usage of security metrics must be related to allowing more rational decisions with respect to security. It is in this way I consider security metrics and decisions in the following.

The basic way to understand any decision-making situation is to consider which kind of information the decision-maker will have available to form the basis of judgments. For people, both the available information, but also potentially the way in which it is framed (presented), may affect how well decisions will be made to ensure goals. One of the common requirements on security metrics is that they should be able to guide decisions and actions to reach security goals. However, it is an open question how to make a security metric usable and ensuring such usage will be correct (with respect to achieving goals) comes with challenges. The idea to use quantified risk as a metric for decisions can be split up into two steps. First do objective risk analysis using both assessment of system vulnerabilities and available threats in order to measure security risk. Second, present these results in a usable way so that the decision-maker can make correct and rational decisions.

While both of these steps present considerable challenges to using good security metrics, I consider why decisions using quantified security risk as a metric may go wrong in the second step. Lacking information about security properties of a system clearly limits the security decisions, but I fear that introducing metrics do not necessarily improve them;this may be due to 1) that information is incorrect or imprecise, or 2) that usage will be incorrect. This work takes the second view and we argue that even with perfect risk assessment, it may not be obvious that security decisions will always improve. I am thus seeking properties in risky decision problems that actually predict the overall goal – maximizing utility – to be, or not to be, fulfilled. More specifically, we need to find properties in quantifications that may put decision-making at risk of going wrong.

The way to understand where security decisions go wrong is by using how people are predicted to act on perceived rather than actual risk. I thus need to use both normative and descriptive models of decision-making under risk. For normative decisions, I use the well-established economic principle of maximizing expected utility. But for the descriptive part, I note that decision faults on risky decisions not only happen in various situations, but have remarkably been shown to happen systematically describe by models from behavioral economics.

I have considered when quantified risk is being used by people making security decisions. An exploration of the parameter space in two simple problems showed that results from behavioral economics may have impact on the usability of quantitative risk methods. The results visualized do not lend themselves to easy and intuitive explanations, but I view my results as a first systematic step towards understanding security problems with quantitative information.

There have been many proposals to quantify risk for information security, mostly in order to allow better security decisions. But a blind belief in quantification itself seems unwise, even if it is made correctly. Behavioral economics shows systematic deviations of weighting when people act on explicit risk. This is likely to threaten security and its goals as security is increasingly seen as the management of economical trade-offs. I think that these findings can be used partially to predict or understand wrong security decisions depending on risk information. Furthermore, this motivates the study how strategic agents may manipulate, or attack, the perception of a risky decision.

Even though any descriptive model of human decision-making is approximate at best, I still believe this work gives a well-articulated argument regarding threats with using explicit risk as security metric. My approach may also be understood in terms of standard system specification and threat models: economic rationality in this case is the specification, and the threat depends on bias for risk information. I also studied a way of correcting the problem with reframing for two simple security decision scenarios, but only got partial predictive support for fixing problems this way. Furthermore, I have not found such numerical examinations in behavioral economics to date.

Further work on this topic needs to empirically confirm or reject these predictions and study to which degree they occur (even though previous work clearly makes the hypothesis clearly plausible at least to some degree) in a security context. Furthermore, I think that similar issues may also arise with several forms of quantified information for security decisions.

These questions may also be extended to consider several self-interested parties. in game-theoretical situations. Another topic is using different utility functions, and where it may be normative to be economically risk-aversive rather than risk-neutral. With respect to the problems outlined, rational decision-making is a natural way to understand and motivate the control of security and requirements on security metrics. But when selecting the format of information, a problem is also partially about usability. Usability faults often turn into security problems, which is also likely for quantified risk. In the end the challenge is to provide users with usable security information, and even more broadly investigate what kind of support is required for decisions. This is clearly a topic for further research since introducing quantified risk is not without problems. Using knowledge from economics and psychology seems necessary to understand the correct control of security.

Continue Reading
Comments

Intelligence

Russia points to evidence exposing Kiev’s intentions to use biological weapons

Avatar photo

Published

on

Documents uncovered in the special military operation in Ukraine corroborate the evidence exposing the Kiev regime’s intentions to use biological weapons, Head of the Russian Defense Ministry’s Research Center for Chemical and Biological Threats Dmitry Poklonsky said in the run-up to the Ninth Review Conference of the Biological Weapons Convention. “In some cases, the study focused on infectious disease agents that had never been registered on Ukrainian soil,” he said – informs TASS.

“We have obtained reports of investigations into a collection of microorganisms that indicate the accumulation of pathogens in unsubstantiated amounts. There are documents confirming the intentions to acquire unmanned delivery vehicles that could be used for employing biological weapons. Considering the non-transparent nature of this work and the absence of any substantiated responses from the United States and Ukraine, we, of course, regard the documents obtained as proof that Article 1.4 of the Convention was violated,” the defense official said.

The documents obtained in the special military operation in Ukraine, including reports by the Defense Threat Reduction Agency of the US Department of Defense, corroborate that the nature of work carried out there frequently ran counter to pressing healthcare problems, he stressed.

“In some cases, the study focused on infectious disease agents that had never been registered on Ukrainian soil,” Poklonsky pointed out.

Neither Washington nor Kiev deny the fact of the existence of biological labs in Ukraine bankrolled by the Pentagon, he pointed out.

“It was confirmed by the 2005 agreement between the US Department of Defense and the Ukrainian Health Ministry. Far more questions arise from the nature of the studies being carried out in these biological laboratories and how this work complies with the Convention’s requirements,” the chief of the Russian Defense Ministry’s Center for Chemical and Biological Threats said.

International Affairs

Continue Reading

Intelligence

Psychological Warfare (PSYOPS)- The Pandora’s Box of Security Issues

Avatar photo

Published

on

The world, functioning in its numerous forms and dimensions, is primarily perceived and misperceived by individuals through the faculty of the human Mind. A factor that creates a significant difference vis-a-vis human beings and other species is the complex cognitive ability possessed by humans. The mind is fundamentally an expression of thoughts circulated and imbibed through various means of communication. Deconstructing it further, thoughts portray the information consumed by an individual. In other words, this complex combination of the human mind, thoughts, and information shapes and reshapes our psychology.

Psychological war, in this context, can be perceived as a strategically orchestrated arrangement of information derived from variables like history, polity, religion, culture, literature, and philosophy broadly to channel propaganda with the prime objective of influencing and manipulating the behavior of the enemy to further one own interest. The term Psychological war is believed to be coined by a British Historian and military analyst, J.F.C Fuller, in 1920. One can observe that psychological war as an instrument of strategic importance is not of recent origin. Instead, the evolution of this tactic can be traced long back in history since the emergence of the State. It is considered one of the fundamental tools of statecraft and quite often has been put into the application as an instrument of state policy. Drawing a logical parallel, it can be advocated that psychological war has a close resemblance with the ancient notion of the allegory of the cave when applied in the present context.

Relevance of Psychological War

Napoleon Bonaparte once said “There are two powers in the world, the sword and the mind. In the long run, the sword is always beaten by the mind.”  With the gradual progress of human intelligentsia, the world is and will be shaped and reshaped through the use of technology. The hyperconnected nature of a modern globalized world broadly portrays the image of a collective human consciousness deeply engrossed in the overwhelming nature of technology that reverberates with every emerging aspect of human life. When viewed from the prism of the State as a governing body in the international forum, technology will be the emerging axis of geopolitics since no state and its citizen can exist in silos devoid of the influence of other states. This is primarily due to the free flow of data. In this context, due to the free flow of data, the power of propaganda as a significant dimension of psychological war would prove to be an effective instrument used by the State to further its national interest.

In this contextual framework, the role of conscious manufacturing of narratives under the larger ambit of the idea of psychological war must be given due consideration. In his famous book,The Ultimate Goal: A Former R&AW Chief Deconstructs  How Nations and Intelligence Agency Construct Narratives, Vikram Sood unfolds the idea of how narratives are created, propagated, sustained, and refined in domestic countries and abroad to further the national interest. He emphasizes not only the power of information but also the power of disinformation to de-track and mislead the collective consciousness of the nation. Therefore, it is of critical significance for a nation to enhance its understanding of psychological war, considering it a major security issue.

The cost and the expense of war are also major concerns for the State. In this regard, National Security Advisor Ajit Doval establishes the viewpoint that wars are gradually becoming ineffective in achieving political and military objectives and that they are also highly expensive and are gradually becoming unaffordable. He further puts forward the idea of the 4th generation warfare where the operational target of the objective would be civil society. A fair understanding of the 4th generation warfare is of critical importance due to the fact that the modus operandi to target civil society would primarily be through the perpetual use of psychological war. The cost of psychological war, when compared with other forms of war, is abysmally low and also highly effective in manipulating the behaviour of the State. The cost-effectiveness helps it be more sustainable, which can be continued for an extended period of time.

Materialisation of Psychological War

China

Psychological war is applied by many States as an instrument of state policy. China, in this regard, can be considered a prominent player that has materialized this idea. In the strategic book on statecraft, The Art Of War, Sun Tzu states that “All warfare is based on deception.” China has consciously tried to bridge the gap between the theory and practice of psychological war. The Dhoklam issue in 2017 substantiates how the Chinese government used psychological war as an instrument of state policy to further its national interest.

Pakistan

The hostile approach of Pakistan towards India is not of recent origin. Instead, it is a phenomenon that can be traced back in history during the early germination of the idea of Pakistan when the Muslin League was formed in 1906. After the materialization of this idea by a painful partition of India in 1947, Kashmir became the bone of contention right after Pakistan’s inception as a nation-state. Pakistan, over the years, has become cognizant of the conventional asymmetry between the two nations. Therefore, it has operationalized the path of psychological war in the Kashmir region with a more pinpointed approach of using Twitter as an operational instrument to create misperceptions at a low cost to achieve its objectives.

Psychological War and the Indian Perspective

Taking a momentary glance at the historical evolution of India as a civilizational State, it can be rightly stated that understanding the nature of the mind has been a perpetual theme in the philosophical construct of India. The use of psychological war is not a new phenomenon. The references to it can be prominently found in Indian mythology. In this regard, the epic story of The Mahabharatha is a prominent example.

In one of the instances, Krishna applied this idea of psychological war by disclosing a fact to Karna, which hitherto was kept secret and hidden from him. Krishna, just before the war, unfolded the fact to Karna that he is the eldest son of Kunti, his father is the Sun God, and the Pandavas his brothers. This very fact and the timing of the disclosure of this fact put Karna in a deep psychological trauma that depletes his mental strength. It was at this moment that Krishna offered Karna to join the battle from the side of Pandavas. A similar instance of psychological war used by India was found during The Bangladesh liberation war.

In the context of psychological war, Arthashstra is also a relevant text. It mentions the art of Kutayuddha. In Sanskrit, the word Kuta implies the application of deception, the creation of misperception, and misleading the enemy state; Yudh means war. Kautilya is a staunch advocate of establishing a network of espionage to initiate intelligence and counterintelligence measures as a major security initiative for a state. Therefore, it can be rightly perceived that India has a history of psychological war, which it has implemented to maintain security and stability.

Conclusion

Taking an analogical perspective, if the mechanism of psychological war is like a gun, then information is the potential bullets that are fired from it to target the enemy. The flow of Information can be considered the most important factor that makes psychological war lethal, precise, and effective. Therefore, there exists an urgent need for the establishment of an ‘Information Operations Command’ to tackle the issue of psychological war that is rapidly maturing and enhancing in its nature and methodology, fusing with the 5th generation warfare. 

Another area of critical importance in this regard is the pressing need for a ‘National Security Doctrine.’ A national security doctrine is primarily a broad vision of a nation in the domain of its security from an inclusive perspective. Strong inter-agency coordination and refined analysis of security issues are needed.

Psychological war, as a rapidly evolving tool of statecraft in the security domain, acts as a linchpin vis-a-vis the 4th and 5th generation warfare where civil society and citizens are targeted with a perfect blend of technology and information. This makes it a war that doesn’t have a start or an end date. It is fought every minute, and progress can be achieved, even though at a minuscule level, but on a daily basis. Therefore, India as a major player in international politics with two hostile neighbors on its eastern and western border, must hold into perspective the scope, significance, and emerging dynamics of psychological war to keep herself abreast with other states at the international level on the security front.

Continue Reading

Intelligence

Growing India Israel Relations: A Threat to Sovereignty of Gulf States

Avatar photo

Published

on

netanyahu modi

India has developed remarkable ties with the Gulf nations, particularly the GCC, over the past few decades. The significant trade between GCC nations and India and Israel are the main cause.  This gradualist approach and efforts on part of India is to include Israel in a broader Middle East policy. Under the Namenda Modi administration, since 2017 Israel is “special and normal” because India has avoided the negative repercussions and no longer have fears opened relations with the Jewish state.  

However, the point of concern is that India and Israel’s growing ties must not result in a coalition against Muslims. Modi and Netanyahu have many good reasons to rejoice over their thawing ties. But the gulf countries must discredit them if they use that proximity to advance a common narrative of extreme nationalism, exclusion, and labeling Muslims as the enemy.

Since October 25th, 2022, news reports have been making the rounds in the media revealing India’s involvement in global terrorism. Eight former Indian Navy officers have recently been detained in Qatar on suspicion of espionage and terrorism supported by the Indian government. These spy-officers were arrested in August 2022 for their involvement in international terrorism, espionage, and spying while working in Qatar for a private company and providing training and other services to the Qatari Emiri Navy.

Purnendu Tiwari, a retired (Naval commander) who received the Pravasi Samman 2019 (Highest Indian Award Abroad), was the brains behind the transfer of data from a major Gulf Muslim nation to Israel and India. It has been reported in the media that these Indian officers had access to sensitive information while working with Qatar’s enemies and the Defense, Security, and other government agencies. This is not the first time; India has been involved in espionage operations that violate foreign governments’ sovereignty, though it continues to deny it. International terrorism perpetrated by India has also frequently targeted Pakistan in the past. One such instance is the Kalbushan Yadav case.

The relationship between India and Israel is frequently described as a result of a natural convergence of ideologies between their respective ruling BJP and Liked parties. The BJP’s Hindutva and right-wing Zionism are two ethno-nationalist political movements that naturally discriminate against other races and religions because they are based on the majority populations they serve. In comparison to earlier, more liberal iterations of Hindutva and Zionism, both parties have become more racist. Therefore, by all means, India’s continued close strategic, economic, and security ties with Israel are more ideological than pragmatic.

India should make an effort to protect itself ideologically from the threat of Hindutva becoming the state’s guiding principle and a vehicle for incitement both domestically and abroad. Its exclusivist and discriminatory belief that India is only the property of Hindus is dangerous, especially at a time when Muslim minorities are increasingly being lynched in the name of cow vigilantism.

Today, the Gulf is an integral part of India’s ‘extended neighborhood’, both by way of geographical proximity and as an area of expanded interests and growing Indian influence. However, as a result of escalating anti-Muslim sentiment and the Hindutva movement’s flawed ideology, the BJP, government is arguably facing its most difficult diplomatic challenge in its nine years in office. A few years ago in 2020, Muslim nations were outraged by Nupur Sharma’s (a BJP official) insulting comments made during a TV debate about the Prophet Muhammad (PBUH). Islamic-majority nations voiced their opposition through tweets, official statements, and by summoning Indian diplomats. The BJP was compelled to take action against the party officials for posting a screenshot of offensive tweet.

Subsequently, Princess Hend al-Qassimi of the UAE then made a rare public statement in response to the rising Islamophobia among Indians, saying in a tweet, “I miss the peaceful India.” She did this after she specifically called out a tweet from an Indian resident of the UAE as being “openly racist and discriminatory,” reminding her followers that the penalty for hate speech could be a fine or even expulsion. These statements come after the Islamic world, including the Organization of Islamic Cooperation, urged India to act quickly to defend the rights of its Muslim minority and expressed concern about how the BJP treats Indian Muslims.

This suggests that the relationships New Delhi has worked so hard to build over the past few years drawing on the efforts of the previous administration is now seriously in jeopardy. India’s diplomatic achievement is starting to fall apart due to domestic developments that target its 200 million Muslims. The flagrant mistreatment of India’s Muslim communities now jeopardizes New Delhi’s carefully crafted Middle Eastern diplomacy, particularly with regard to the Gulf States.

Continue Reading

Publications

Latest

Trending