Translate

Tuesday, April 30, 2013


Jeremiah Johnson, the movie

       I was once sailing through the South China sea on the way to rescue Americans in Nom Penh, Cambodia. Our launch point was going to be from the Gulf of Siam. My unit was going to set in at the north end of the runway at the local airport.

            We used to joke we were boring holes in the Gulf of Siam.

            The State Department pulled us back by the way. Somebody else did it later.

            Well, I watched the movie Jeremiah Johnson the night before, and I was more than ready to die for my country  after seeing this flick.

            At the beginning, I was so "junior" I had to sit in the back of the wardroom, but by the end of the flick, most had gone to hit the rack, and I could then see it all. And I was homesick. And the popcorn was pretty much gone.

            Like I said, it was a good movie, motivating to me.

Computer security 

From Wikipedia, the free encyclopedia 

Computer security is information security as applied to computers and networks.

The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters.

Security by design

One way to think of computer security is to reflect security as one of the main features

Some of the techniques in this approach include:

  • The principle of least privilege, where each part of the system has only the privileges that are needed for its function. That way even if an attacker gains access to that part, they have only limited access to the whole system.
  • Automated theorem proving to prove the correctness of crucial software subsystems.
  • Code reviews and unit testing are approaches to make modules more secure where formal correctness proofs are not possible.
  • Defense in depth, where the design is such that more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds.
  • Default secure settings, and design to "fail secure" rather than "fail insecure" (see fail-safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
  • Audit trails tracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks.
  • Full disclosure to ensure that when bugs are found the "window of vulnerability" is kept as short as possible.

Security architecture

Security Architecture can be defined as the design artifacts that describe how the security controls (security countermeasures) are positioned, and how they relate to the overall information technology architecture. These controls serve to maintain the system's quality attributes: confidentiality, integrity, availability, accountability and assurance services.[1]

Hardware mechanisms that protect computers and data

While hardware may be a source of insecurity,[2] hardware based or assisted computer security offers an alternative to software-only computer security. Devices such as dongles, case intrusion detection, drive locks, or disabling USB ports, or CD ROM Drives may be considered more secure due to the physical access required in order to be compromised[original research?]. This is important to know for data conservation.

Secure operating systems

One use of the term computer security refers to technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bell-LaPadula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.

Systems designed with such methodology represent the state of the art[clarification needed] of computer security although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets, and the data of international financial institutions. These are very powerful security tools and very few secure operating systems have been certified at the highest level (Orange Book A-1) to operate over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security functionality and assurance level (such as EAL levels), and these are specified in a Protection Profile for requirements and a Security Target for product descriptions. None of these ultra-high assurance secure general purpose operating systems have been produced for decades or certified under Common Criteria.

In USA parlance, the term High Assurance usually suggests the system has the right security functions that are implemented robustly enough to protect DoD and DoE classified information. Medium assurance suggests it can protect less valuable information, such as income tax information. Secure operating systems designed to meet medium robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Medium robust systems may provide the same security functions as high assurance secure operating systems but do so at a lower assurance level (such as Common Criteria levels EAL4 or EAL5). Lower levels mean we can be less certain that the security functions are implemented flawlessly, and therefore less dependable. These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.

Secure coding

If the operating environment is based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a 'low security' category because they rely on features not supported by secure operating systems (like portability, and others). In low security operating environments, applications must be relied on to participate in their own protection. There are 'best effort' secure coding practices that can be followed to make an application more resistant to malicious subversion.

In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. These defects can be used to cause the target system to execute putative data. However, the "data" contain executable instructions, allowing the attacker to gain control of the processor.

Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.

Recently another bad coding practice has come under scrutiny; dangling pointers. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable.[3]

Unfortunately, there is no theoretical model of "secure coding" practices, nor is one practically achievable, insofar as the code (ideally, read-only) and data (generally read/write) generally tends to have some form of defect.

Capabilities and access control lists

Within computer systems, two security models capable of enforcing privilege separation are access control lists (ACLs) and capability-based security. The semantics of ACLs have been proven to be insecure in many situations, for example, the confused deputy problem. It has also been shown that the promise of ACLs of giving access to an object to only one person can never be guaranteed in practice. Both of these problems are resolved by capabilities. This does not mean practical flaws exist in all ACL-based systems, but only that the designers of certain utilities must take responsibility to ensure that they do not introduce flaws.[citation needed]

Capabilities have been mostly restricted to research operating systems and commercial OSs still use ACLs. Capabilities can, however, also be implemented at the language level, leading to a style of programming that is essentially a refinement of standard object-oriented design. An open source project in the area is the E language.

The most secure computers are those not connected to the Internet and shielded from any interference. In the real world, the most secure systems are operating systems where security is not an add-on.

Applications

Computer security is critical in almost any technology-driven industry which operates on computer systems. The issues of computer based systems and addressing their countless vulnerabilities are an integral part of maintaining an operational industry.[4]

Cloud computing security

Security in the cloud is challenging[citation needed], due to varied degrees of security features and management schemes within the cloud entities. In this connection one logical protocol base need to evolve so that the entire gamut of components operates synchronously and securely[original research?].

Aviation

The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.[5]

The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.

A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide.[6] One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.[citation needed] Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.

Lightning, power fluctuations, surges, brownouts, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.[citation needed]

Notable system accidents

In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.[7]

Cybersecurity breach stories

One true story that shows what mainstream generative technology leads to in terms of online security breaches is the story of the Internet's first worm.

In 1988, 60,000 computers were connected to the Internet, but not all of them were PCs. Most were mainframes, minicomputers and professional workstations. On November 2, 1988, the computers acted strangely. They started to slow down, because they were running a malicious code that demanded processor time and that spread itself to other computers. The purpose of such software was to transmit a copy to the machines and run in parallel with existing software and repeat all over again. It exploited a flaw in a common e-mail transmission program running on a computer by rewriting it to facilitate its entrance or it guessed users' password, because, at that time, passwords were simple (e.g. username 'harry' with a password '...harry') or were obviously related to a list of 432 common passwords tested at each computer.[8]

The software was traced back to 23 year old Cornell University graduate student Robert Tappan Morris, Jr.. When questioned about the motive for his actions, Morris said 'he wanted to count how many machines were connected to the Internet'.[8] His explanation was verified with his code, but it turned out to be buggy, nevertheless.

Computer security policy

United States

Cybersecurity Act of 2010

On April 1, 2009, Senator Jay Rockefeller (D-WV) introduced the "Cybersecurity Act of 2009 - S. 773" (full text) in the Senate; the bill, co-written with Senators Evan Bayh (D-IN), Barbara Mikulski (D-MD), Bill Nelson (D-FL), and Olympia Snowe (R-ME), was referred to the Committee on Commerce, Science, and Transportation, which approved a revised version of the same bill (the "Cybersecurity Act of 2010") on March 24, 2010.[9] The bill seeks to increase collaboration between the public and the private sector on cybersecurity issues, especially those private entities that own infrastructures that are critical to national security interests (the bill quotes John Brennan, the Assistant to the President for Homeland Security and Counterterrorism: "our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately owned and globally operated" and talks about the country's response to a "cyber-Katrina".[10]), increase public awareness on cybersecurity issues, and foster and fund cybersecurity research. Some of the most controversial parts of the bill include Paragraph 315, which grants the President the right to "order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network."[10] The Electronic Frontier Foundation, an international non-profit digital rights advocacy and legal organization based in the United States, characterized the bill as promoting a "potentially dangerous approach that favors the dramatic over the sober response".[11]

International Cybercrime Reporting and Cooperation Act

On March 25, 2010, Representative Yvette Clarke (D-NY) introduced the "International Cybercrime Reporting and Cooperation Act - H.R.4962" (full text) in the House of Representatives; the bill, co-sponsored by seven other representatives (among whom only one Republican), was referred to three House committees.[12] The bill seeks to make sure that the administration keeps Congress informed on information infrastructure, cybercrime, and end-user protection worldwide. It also "directs the President to give priority for assistance to improve legal, judicial, and enforcement capabilities with respect to cybercrime to countries with low information and communications technology levels of development or utilization in their critical infrastructure, telecommunications systems, and financial industries"[12] as well as to develop an action plan and an annual compliance assessment for countries of "cyber concern".[12]

Protecting Cyberspace as a National Asset Act of 2010

On June 19, 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010 - S.3480" (full text in pdf), which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the President emergency powers over the Internet. However, all three co-authors of the bill issued a statement claiming that instead, the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks".[13]

White House proposes cybersecurity legislation

On May 12, 2011, the White House sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities.[14]

Executive order 13636 Improving Critical Infrastructure Cybersecurity was signed February 12, 2013.

Germany

Berlin starts National Cyber Defense Initiative

On June 16, 2011, the German Minister for Home Affairs, officially opened the new German NCAZ (National Center for Cyber Defense) de:Nationales Cyber-Abwehrzentrum, which is located in Bonn. The NCAZ closely cooperates with BSI (Federal Office for Information Security) de:Bundesamt für Sicherheit in der Informationstechnik, BKA (Federal Police Organisation) de:Bundeskriminalamt (Deutschland), BND (Federal Intelligence Service) de:Bundesnachrichtendienst, MAD (Military Intelligence Service) de:Amt für den Militärischen Abschirmdienst and other national organisations in Germany taking care of national security aspects. According to the Minister the primary task of the new organisation founded on Feb. 23, 2011, is to detect and prevent attacks against the national infrastructure and mentioned incidents like Stuxnet de:Stuxnet

Hacking Back

There has been a significant debate regarding the legality of hacking back against digital attackers (who attempt to or successfully breach an individual's, entity's, or nation's computer). The arguments for such counter-attacks are based on notions of equity, active defense, vigilantism, and the minutiae of the Computer Fraud and Abuse Act (CFAA). The arguments against it are majorly based on the legal definition of intrusion and unauthorized access, as defined by the CFAA. The debate is ongoing.[15]

The entire wiki article can be found at:  http://en.wikipedia.org/wiki/Cyber_security

National security 

From Wikipedia, the free encyclopedia

National security is the requirement to maintain the survival of the state through the use of economic power, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II. Initially focusing on military might, it now encompasses a broad range of facets, all of which impinge on the non military or economic security of the nation and the values espoused by the national society. Accordingly, in order to possess national security, a nation needs to possess economic security, energy security, environmental security, etc. Security threats involve not only conventional foes such as other nation-states but also non-state actors such as violent non-state actors, narcotic cartels, multinational corporations and non-governmental organisations; some authorities include natural disasters and events causing severe environmental damage in this category.

Measures taken to ensure national security include:


Definitions

There is no single universally accepted definition of "National Security" since there are some differences on describing National as State and everything consist in a nation. The variety of definitions provide an overview of the many usages of this concept. The concept still remains ambiguous, having originated from simpler definitions which initially emphasised the freedom from military threat and political coercion to later increase in sophistication and include other forms of non-military security as suited the circumstances of the time.[1]:1-6[2]:52-54

A typical dictionary definition, in this case from the Macmillan Dictionary (online version), defines the term as "the protection or the safety of a country’s secrets and its citizens" emphasising the overall security of a nation and a nation state.[3] Walter Lippmann, in 1943, defined it in terms of war saying that "a nation has security when it does not have to sacrifice its legitimate ínterests to avoid war, and is able, if challenged, to maintain them by war".[1]:5 A later definition by Harold Lasswell, a political scientist, in 1950, looks at national security from almost the same aspect, that of external coercion:[1]:79

"The distinctive meaning of national security means freedom from foreign dictation."

Arnold Wolfers (1960), while recognising the need to segregate the subjectivity of the conceptual idea from the objectivity, talks of threats to acquired values:[4]

"An ambiguous symbol meaning different things to different people. National security objectively means the absence of threats to acquired values and subjectively, the absence of fear that such values will be attacked."

The 1996 definition propagated by the National Defence College of India accretes the elements of national power:[5]

"National security is an appropriate and aggressive blend of political resilience and maturity, human resources, economic structure and capacity, technological competence, industrial base and availability of natural resources and finally the military might."

Harold Brown, U.S. Secretary of Defense from 1977 to 1981 in the Carter administration, enlarged the definition of national security by including elements such as economic and environmental security:[6]:5

"National security then is the ability to preserve the nation's physical integrity and territory; to maintain its economic relations with the rest of the world on reasonable terms; to preserve its nature, institution, and governance from disruption from outside; and to control its borders."

In Harvard history professor Charles Maier's definition of 1990, national security is defined through the lens of national power:[7]

"National security... is best described as a capacity to control those domestic and foreign conditions that the public opinion of a given community believes necessary to enjoy its own self-determination or autonomy, prosperity and wellbeing."

According to Prabhakaran Paleri,author of National Security,Imperatives and Challenges,national security may be defined as:[2]:52-54

"The measurable state of the capability of a nation to overcome the multi-dimensional threats to the apparent well-being of its people and its survival as a nation-state at any given time, by balancing all instruments of state policy through governance,that can be indexed by computation, empirically or otherwise,and is extendable to global security by variables external to it."

History of the national security concept

The origin of the modern concept of "national security" as a philosophy of maintaining a stable nation state can be traced to the Peace of Westphalia, wherein the concept of a sovereign state, ruled by a sovereign, became the basis of a new international order of nation states.[8]:19 It was Thomas Hobbes in his 1651 work "Leviathan" who stated that citizens yield to a powerful sovereign who in turn promises an end to civil and religious war, and to bring forth a lasting peace, and give him the right to conduct policy, including wage war or negotiate for peace for the good of the "commonwealth", i.e. a mandate for national security.[9] The Clausewitzian view of diplomacy and war being the instruments of furthering national cause, added to the view of national security being sought by nations by exercising self-interest at all times.[9] This view came to be known as "classical realism" in international relations.

Immanuel Kant, in his 1795 essay, "Perpetual Peace: A Philosophical Sketch" (Zum ewigen Frieden. Ein philosophischer Entwurf. (German)), proposed a system where nation-states and dominating national interests were replaced by an enlightened world order, a community of mankind where nation-states subsumed the national interests under the rule of the international law because of rational insight, common good and moral commitment. National security was achieved by this voluntary accession by the leadership to a higher order than the nation-state, viz. "international security". Thus was born the "idealism" school of international relations.[9]

As an academic concept, national security can be seen as a recent phenomenon which was first introduced in the United States after World War II,[1]:2-4 and has to some degree replaced other concepts that describe the struggle of states to overcome various external and internal threats. The earliest mention of the term national security, however, was made in Yale University in 1790 wherein reference was made to its relation with domestic industries.[2]:52

National Security Act of 1947


The concept of national security became an official guiding principle of foreign policy in the United States when the National Security Act of 1947 was signed on July 26, 1947 by U.S. President Harry S. Truman.[1]:3 As amended in 1949, this Act:

·        created important components of American national security, such as the precursor to the Department of Defense);

·        subordinated the military branches to the new cabinet level position of Secretary of Defense;

·        established the National Security Council and the Central Intelligence Agency;[10]

Notably, the Act did not define national security, which was conceivably advantageous, as its ambiguity made it a powerful phrase to invoke whenever issues threatened by other interests of the state, such as domestic concerns, came up for discussion and decision.[1]:3-5

The notion that national security encompasses more than just military security was present, though understated, from the beginning. The Act established the National Security Council so as to "advise the President on the integration of domestic, military and foreign policies relating to national security".[2]:52

While not defining the "interests" of national security, the Act does establish, within the National Security Council, the "Committee on Foreign Intelligence", whose duty is to conduct an annual review "identifying the intelligence required to address the national security interests of the United States as specified by the President" (emphasis added).[11]

Gen. Maxwell Taylor's essay of 1974 titled "The Legitimate Claims of National Security" has this to say:[12]

The national valuables in this broad sense include current assets and national interests, as well as the sources of strength upon which our future as a nation depends. Some valuables are tangible and earthy; others are spiritual or intellectual. They range widely from political assets such as the Bill of Rights, our political institutions and international friendships, to many economic assets which radiate worldwide from a highly productive domestic economy supported by rich natural resources. It is the urgent need to protect valuables such as these which legitimizes and makes essential the role of national security.

Current American views

The United States Armed Forces defines national security (of the United States) in the following manner :[13]

national security — A collective term encompassing both national defense and foreign relations of the United States. Specifically, the condition provided by: a. a military or defense advantage over any foreign nation or group of nations; b. a favorable foreign relations position; or c. a defense posture capable of successfully resisting hostile or destructive action from within or without, overt or covert.

In 2010, the White House included an all-encompassing world-view in a national security strategy which identified "Security" as one of the country's "four enduring national interests" that were "inexorably intertwined":[14]

"To achieve the world we seek, the United States must apply our strategic approach in pursuit of four enduring national interests:

·        Security:  The security of the United States, its citizens, and U.S. allies and partners.

·        Prosperity:  A strong, innovative, and growing U.S. economy in an open international economic system that promotes opportunity and prosperity.

·        Values: Respect for universal values at home and around the world.

·        International Order:  An international order advanced by U.S. leadership that promotes peace, security, and opportunity through stronger cooperation to meet global challenges.

Each of these interests is inextricably linked to the others: no single interest can be pursued in isolation, but at the same time, positive action in one area will help advance all four."

National Security Strategy, Executive Office of the President of the United States (May 2010)

 

Elements of national security

As in the case of national power, the military aspect of security is an important, but not the sole, component of national security. To be truly secure, a nation needs other forms of security. Authorities differ in their choice of nation security elements. Besides the military aspect of security, the aspects of diplomacy or politics; society; environment; energy and natural resources; and economics are commonly listed. The elements of national security corelate closely to the concept of the elements of national power. Romm (1993) lists security from narcotic cartels, economic security, environmental security and energy security as the non-military elements of national security.[1]:v, 1-8

Military security

This is traditionally, the earliest recognized form of national security.[2]:67 Military security implies the capability of a nation to defend itself, and/or deter military aggression. Alternatively, military security implies the capability of a nation to enforce its policy choices by use of military force. The term "military security" is considered synonymous with "security" in much of its usage. One of the definitions of security given in the Dictionary of Military and Associated Terms, may be considered a definition of "military security":[15]

A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.

—Dictionary of Military and Associated Terms

Political security

The political aspect of security has been offered by Barry Buzan, Ole Wæver, Jaap de Wilde as an important component of national security, Political security is about the stability of the social order. Closely allied to military security and societal security, other components proposed in a framework for national security in their book "Security: a new framework for analysis", it specifically addresses threats to sovereignty.[16] System referent objects are defined, such as nation-states, nations, transnational groups of political importance including tribes, minorities, some religious organisations, systems of states such as the European Union and the United Nations, besides others. Diplomacy, negotiation and other interactions form the means of interaction between the objects,

Economic security

Historically, conquest of nations have made conquerors rich through plunder, access to new resources and enlarged trade through controlling of the conquered nations' economy. In today's complex system of international trade, characterised by multi-national agreements, mutual inter-dependence and availability of natural resources etc., the freedom to follow choice of policies to develop a nation's economy in the manner desired, forms the essence of economic security. Economic security today forms, arguably, as important a part of national security as military security.

Environmental security

Environmental security deals with environmental issues which threaten the national security of a nation in any manner. The scope and nature of environmental threats to national security and strategies to engage them are a subject of debate.[1]:29-33 While all environmental events are not considered significant of being categorised as threats, many transnational issues, both global and regional would affect national security. Romm (1993) classifies these as :[1]:15

  • Transnational environmental problems that threaten a nation's security, in its broad defined sense. These include global environmental problems such as climate change due to global warming, deforestation and loss of biodiversity, etc.[1]:15
  • Environmental or resource problems that threaten a nation's security, traditionally defined. These would be problems whose outcomes would result in conventional threats to national security as first or higher order outcomes. Such disputes could range from heightened tension or outright conflict due to disputes over water scarcity in the Middle East, to illegal immigration into the United States caused by the failure of agriculture in Mexico[1]:15. The genocide in Rwanda,indirectly or partly caused by rise in population and dwindling availability of farmland, is an example of the extremity of outcome arising from problems of environmental security.[17]
  • Environmentally threatening outcomes of warfare, e.g. Romans destroyed the fields of Carthage by pouring salt over them; Saddam Hussein's burning of oil wells in the Gulf War;[1]:15-16 the use of Agent Orange by the USA in the Vietnam War for defoilating forests for military purposes.

Security of energy and natural resources

A resource has been defined as:[2]:179

"...a support inventory... biotic or abiotic, renewable or expendable,... for sustaining life at a heightened level of well-being."

—Prabhakaran Paleri (2008)

Resources include water, sources of energy, land and minerals. Availability of adequate natural resources is important for a nation to develop its industry and economic power. Lack of resources is a serious challenge for Japan to overcome to increase its national power. In the Gulf War of 1991, fought over economic issues, Iraq captured Kuwait in order to capture its oil wells, among other reasons. Water resources are subject to disputes between many nations, including the two nuclear powers, India and Pakistan. Nations attempt to attain energy and natural resource security by acquiring the needed resources by force, negotiation and commerce.

National security and rights & freedoms

The measures adopted to maintain national security in the face of threats to society has led to ongoing dialectic, particularly in liberal democracies, on the appropriate scale and role of authority in matters of civil and human rights.

Tension exists between the preservation of the state (by maintaining self-determination and sovereignty) and the rights and freedoms of individuals.

Although national security measures are imposed to protect society as a whole, many such measures will restrict the rights and freedoms of all individuals in society. The concern is that where the exercise of national security laws and powers is not subject to good governance, the rule of law, and strict checks and balances, there is a risk that "national security" may simply serve as a pretext for suppressing unfavorable political and social views. Taken to its logical conclusion, this view contends that measures which may ostensibly serve a national security purpose (such as mass surveillance, and censorship of mass media), could ultimately lead to an Orwellian dystopia.

In the United States, the politically controversial USA Patriot Act and other government action has brought some of these issues to the citizen's attention, raising two main questions - to what extent, for the sake of national security, should individual rights and freedoms be restricted and can the restriction of civil rights for the sake of national security be justified?

Technical aspects

Because of the highly competitive nature of nation states, national security for countries with significant resources and value is based largely on technical measures and operational processes. This ranges from information protection related to state secrets to weaponry for militaries to negotiations strategies with other nation states. The national security apparatus depends largely on combinations of management practices, technical capabilities, the projection of images both internally and externally, and the capacity to gain enough of the will of the people to gather taxes and spend them on useful efforts. While some nation states use power to gain more power for their leadership, others provide quality of life improvements to their people, thus creating larger geopolitical conflicts between types of governments. These all have foundations in internal education and communications systems that serve to build the nation states on strategic and tactical bases and create the conditions for success and failure of the nation state. Increasingly the world is replacing transportation with communication and thus the ability to communicate effectively and convey messages in the information environment is critical to national security for the Western nations. Issues like global warming and research priorities increasingly dominate the reality of competition between nation states. All of these lead to the need to have a clear understanding of the technical issues underlying national security in order to create and sustain the institutions that ultimately feed the future of the nation state.

The entire wiki article can be found at:  http://en.wikipedia.org/wiki/National_security