I got this mail from my son who is a software engineer and felt I had to share with one and all who are following my blog. To be honest I do not understand too much of the technicality of what he is conveying to me. However I understand the points he is trying to make since he has put across issues in a way I can understand. I am sure you can too and hope some one in the NSAB, IDS, MOD and Service HQs takes note of it and starts something constructive. Sitting in IIT Madras I am prepared to do anything it takes to thwart such attacks. All it needs is an approach from any concerned agency or person to work out a plan and execute it. As we enter Digital India age, we are also opening up to a greater degree of Cyber Attacks which is all part of Multi Domain Operations which I have highlighted in my previous articles.
I read this article this morning about how N.Kor. launched a hack against two facilities in India – one was a Nuclear Plant in South TN; and the other an undisclosed location which seems to prompt officials to call this “an act of war”. https://arstechnica.com/information-technology/2019/10/indian-nuclear-power-company-confirms-north-korean-malware-attack/
Hacks like these are the reasons why we need Software Engineering Research in the Army. And I am not talking about Software Engineering, or IT infrastructure. I am specifically talking about investments in cutting edge Software Engineering Research that looks at areas such as Software Runtime Analysis, Operating Systems, Compiler technology, Parallel Programming, Virtual Machines, Software Visualization, Software Testing, Paradigms of Programming Languages.
That list might read like a curriculum out of a Masters program in Software Engineering or Computer Science anywhere in the World. But elements from all those areas of study and research help in thwarting and defending against such attacks, and eventually developing capabilities in deploying such tactics in offensive postures.
For instance, knowing how to analyze code that is currently running in your operating system is the bedrock of all malware detection. It needs the combined understanding of operating systems fundamentals, code compiler technology and software runtime analysis.
In fact, when you break down Software Security research to its first principles, you comes to that list of subjects that I listed. All of security research is nothing more than specialized application of software engineering – with the purpose of exploiting (or defending against) vulnerabilities in someone else’s software systems. A vulnerability for a security researcher is nothing more than a software bug for a regular software engineer.
I could write for ages about this. But this stuff needs to start taking center stage if any meaningful attempts at cyber warfare are to be attempted.
Leave a Reply