Monthly Archives: October 2016

  • 0

How end-user can be the greatest enemy of cryptogrpahy

Category : Uncategorized

Modern cryptographic algorithms, for example RSA cannot be broken, in theory, within a reasonable amount of time using a brute force method. To know why, please peruse – Pure mathematics and poetry. 

Then, how is a security breached which is practically   unbreakable ?

Human strengths and human weakness combined and they cannot be separated. These are signature tone of being human.

Human intuition – an innate aspect of a conscious being has access to a realm which computational complexity or algorithmic approach cannot reach, so is the verdict of many leading scientists.

Human carelessness.

Human capacity to anticipate behaviour of another human being or a group of human beings. 


Suppose you open a computer / system and it says

DO YOU HAVE THE PASSWORD ?

Typed text at the password box : NO

or you type : YES

How will the system respond ?

Think…. think again.

[ This event was imagined by Umberto Eco in his novel : Foucault’s Pendulum]

 


Source: wordsmithofbengal.wordpress.com


  • 0

Information Security : The Missing Link

Category : Uncategorized

Why do some people try to breach security of information infrastructure ? Extremely talented, sometimes their works (when nabbed) show signs of genius but most of the time, their core objective all too mundane : money, fame, revenge or simply the ego of any criminal – “I cannot be caught.”

We must understand that machines (at least as of now) do not have these feelings. These feelings can only come to Human beings.

Now, just consider that your stakeholders are human beings. There is a Bengali saying : “সর্ষের মধ্যে ভূত” – there is a legend that mustard seeds are protective against evil spirits (like in Slavic legend, onion is supposed to be protection against vampires ). But what happens if the spirit enters into the very mustard or the very onion.

The ultimate vulnerability is when the very protection which we trust becomes personified threat. 

There is no technology here. It is plain human vulnerability.

Sherlock Holmes to Watson, while describing the essence of his greatest rival and almost impenetrably malevolent foe, Dr. Moriarty – “… there are some trees that grow healthy but after sometime, they show eccentricities.

Your trusted employee, your trusted shareholder, your most trusted gatekeeper can show those eccentricities sometime…. It has happened and will always happen.

A New York Judge convicts a man of Indian origin of sterling reputation till his 65th year (Mr. Rajat Gupta, ex-Mckinsey Chief) and tells :”… History of this this and the world show that good man do bad things.”

Is there any way to know when this terrible shift may happen with a person ?

Yes, there is….

Infocon 2016 will discuss this theme that is almost never questioned.

But we must. How painful and tough the question may be, we must. This silence is a weakness.

The strongest part  of a security system, any system is its weakest link.

 


Source: wordsmithofbengal.wordpress.com


  • 0

Cybercrime : Clear and Present danger

Category : Uncategorized

I woke up a week back in Calcutta and the newspaper screamed that a gentleman found his bank account withdrawn some INR 80,000 (USD 1375) – from an ATM in China ! To be shocked is understatement.

The cybercrime cell of the local police got reports from many such incidents. I went to the ATM with little trepidation and found a line longer than usual in the neighbourhood ATM. Most of the customers came to check their account and when my turn came, I found the ATM regretting having no cash. The users have exercised the best option : withdrawing all or most of the money.

I was thinking that a massive, concerted and organized attack on this simple theme “ATM card used in XXXX country when the user is perhaps sleeping in YYYY country” may become a riot in the street when people find their money vanished and ATMs empty of cash. A slight spark in the form of rumour, fear mongering, suspicion will cause serious law and order situation. This is not only possible, but there are people and organizations who have the means to do so.

This clear and present danger is the danger we have now, all of us – citizens of the digital nation – security of our information.

I discussed with my friend Sushobhan, a system vulnerability and security expert and his opinion was that the greatest protection against such a threat is user awareness. In the evening, he attended a panel in ABP Ananda (a leading Bengali TV channel in Calcutta) along with a fraud victim and cyberlaw expert.

img_20161023_192136.jpg

Legend and Translation from Bengali – “Businessman becomes victim of cyber-fraud in Deganga(a suburb of Calcutta)”. Sushobhan is the third from left with the victim and the cyberlaw expert.

While I followed other stories in other media, I found that there is less talk about actionable steps that one common user might take to protect himself. Or in other words, how to lessen vulnerabilities. I found to my delight that the panel has touched this issue and here is a simple, easy to do, non-technical steps an user might take and enforce this discipline so that the vulnerability becomes lesser. Here is the list, excerpted from the blog :

 

  • Change ATM/Debit/Credit card pins in regular intervals.
  • Link cards with mobile number, email address if not already done.
  • Immediately go for chip based card, grid card and enable with two factor authentication (OTP sms/mail etc.).
  • That’s not all. Avoid creating pin/password with names, surnames, date of births, anniversaries (yours/parents/spouse/children) combinations as these can be predicted very easily through your social spread. Try implementing alfa numeric passwords stitched with special character.
  • Using benchmarked standard antivirus (better Total Protection) in both desktop/laptop/mobile/tablet are essential. Free or cracked software is to be avoided. Saving INR 2000 yearly may lead to some major problem.
  • Any banking/ecommerce site should be used through secure site (ssl) i.e instead of “http://”, it should reflect “https://” .
  • Saving online banking, ecommerce site, mail password etc to be avoided for convenience.
  • Password is not be kept anywhere is writing in any form (not word, excel, cloud, printed paper, handwritten paper)
  • Any non-standard games / application are to be avoided as lot of applications are being framed to sniff data.
  • Latest smartphone/tablets are having application control mechanism. Please block unwanted access of all application (like contacts, sms, camera etc whichever is not relevant for that application).
  • Any information related to password, pin are not to be floated through mail, WhatsApp etc. so that there are chances to have repository.
  • International transactions which does to imply two factor authentication (i.e only CVV applies), we should avoid transacting there except renowned players (here government should also force Master/VISA to relook at policies and enforce two factors as well).

[ Reproduced with permission from Skill vs. Attitude]

 

Conclusion

The threat of cyber-crime is a clear and present danger. End user awareness is the first and last line of defense as well as offence. It is like a germ – it is always there and it can catch us only when we are vulnerable or unaware or simply ignorant.

We must discuss this clear and present danger. Experts must share their insight and in a way a common person / user can take some concrete steps and these steps must be easy and affordable. There will be many best practices and these must be shared.

Triggered by this, we have decided to start an awareness building initiative and here are two concrete steps we have taken

  1. Infoconglobal 2016 Kolkata Conference (Enterprise and End user) : A conference on 18th November on Information Security in CII – Suresh Neotia Centre of Excellence.
  2. Free webinar (End User specific) on 4th November 2016  – All are welcome


Source: wordsmithofbengal.wordpress.com


  • 0

Bombay House Mystery – Sherlock Holmes report

Category : Uncategorized

[Red herring disclosure to my readers – manifest, absentee, not manifested yet ]

  • I was a Tata employee from 2002-2004.
  • I do not hold any Tata stock.
  • The Sherlock Holmes report means that I have read most of the major mainstream and alternative media reports on the issue in a way Mr. Holmes used to read the official coroner’s report, official detective forces’s report and then pronounced his judgement.
  • The report does not address “what has happened”, “why this has happened”, “how great or momentous it is for the Group and the others, India, world market,Milky way galaxy etc”, “Whose fault it is”, “Current versus ex?”
  • The report does address the question : “Why the event has happened the way it has happened instead of taking other way ?”

My dear Watson,

I have perused all the reports of Bloomberg, Time of India, The Guardian, Economic Standard, The Hindu, NDTV, CNBC, Wall Street Journal, Livemint, Mumbai mirror and although they have done good legwork and brain-work in describing the event, they do not enlighten you at all as to why this has happened in the way it has happened. 

Now, you must understand very clearly that an Indian Parsi is not a Hindoo bania or a Hindoo. Even though they do not have much physical differences, their weltanschauung is completely different. I cannot express this in English and only the German language comes closer to the being of what I am trying to convey – some kind of blood, world, life, death, afterlife mixed up.

This distinction is hardwired and crucial. You must also understand that there is some process call assimilation that happens as silently as a murderer leaves some trace or other at the crime scene. It is those subtle signs that  Art of Deduction  uses to unravel any mystery. I shall, perforce, use the same method  which you have so clumsily popularized in your journals. Looking at those journals, sometimes, as an objective reasoner I feel the same disgust as I feel for these media reports that the writer and editor found a jolly good thing to have  inserted a story of elopement in the fifth proposition of Euclid to make their reports more spicy for the readers and perhaps for themselves as well.

Parsis are a microscopic minority in terms of population but in terms of contribution in all walks of life, including business, they have very huge and disproportionate  contribution.

Let me come to some of the official reports I have mentioned at the first paragraph. These reports, which were produced in India may easily mislead you. These reports are written, approved and released by a class of people who never commanded any empire, never had any colony – business or political, and it is only for last twenty five years or so, they were able to own companies out of their country. This gives a naturally heady feeling. You may consult my monograph on the same heady feeling I have described when Venetian fleet was trading across the whole Mediterranean.

You may remind yourself when you please that just like a pressurized cork suddenly opened, gushes forth and spills valuable wine inside, these people were naturally inclined to cross the limits of prudence and judgement. Oh, yes, I forget, there is an incentive of these official report producers, from the scribe to the owners, to encourage somewhat rasher acts as they also wanted to reap the benefit of the new found freedom to earn money, glamour and halo of foreign recognition of prowess. In plainer English, they have had profitable business relationship with these pioneers and the relationship means being sponsors and advertisers of what they produce.

As a married man, you must have felt the impact of time on marriage as a process. In these twenty five years or so, what was novelty for the pioneers was routine for the second wave of leaders. This is at the root of all conflict between generations which are just adjacent – like father and son. The pioneer generation, thanks to the retention of human memory looks more to the past (as this is longer now than the future) and magnifies this and the younger generation looks more to the future (which is longer) and the conflict is very natural and somewhat healthy.

I would now direct your attention to the assimilation process, to be precise, between the Parsi and the predominant Hindoo bania , and you must understand this process in a very delicate manner. It will not be easy for you from your cultural vantage point but it is imperative that you must try with all objectivity because if you understand this, then we shall go a long way to solve our original problem : why it has happened the way it has happened.There lies the capital evidence.

When you were assisting Her Majesty’s troops in Afghanistan as a military surgeon, it was the same time, this Group was conceived. After some seventy years you came back to London, injured, broke and broken, the same thing happened to our colonial government in India too. They also returned back. The new rulers of India continued with the assimilation process which was not an easy thing – it was balancing many opposites.

One of such balancing acts in terms of worldview was how to grow and at the same time keep the “bloodline” weaved through. As you well understand how the doctrine of primogeniture has ruined many old families of England where the lawmakers have fingered destinies from their grave. Something similar has happened with the Hindus too. As their businesses grew, this doctrine of “family heir ship”  was becoming increasingly difficult to accommodate. One of the traits of these people is that they cannot operate without establishing a relationship with anything. So the business they run get personalized or becomes the relic of a person. The deepest insight you must be guided by is that many times, this attachment to the relic is done for any strategic purpose but because the conditioning or the very presence of the cultural and genetic make.

Parsis were a monotheistic people in their world-view but the assimilation has injected many components of the polytheism into their worldview through centuries of cohabitation.

You may observe with the data available with our Indian office that Tata Group has been most aggressive in last twenty five years in terms of owning foreign companies. There were Hindu-owned companies in India with comparable sizes and clout but they did not venture with that intensity. This cannot be explained because of their lack of vigour or hunger for foreign empire but they have pre-empted themselves or rather their cultural conditioning prevented them to stake large stakes in such adventures. They reasoned that the price of expansion will put extreme strain on the “bloodline weaving” and this had prevented them behaving the way Tata behaved. The pioneer was behaving as an exact anti-thesis of the Hindu constraint of balancing business empire’s stretch and the risk of non-blood line coverage.

Now, after twenty five years, the younger leader, relatively more assimilated due to the impact of time, finds  guided less by the zeal of the pioneer and in terms of world-view, leans more toward the assimilated world-view. He supports this world-view by using something which is least valued in the country while pitied against age and tradition-rationality and objective reason. This is something completely human as Schopenhauer said so eloquently – We do not reason to desire something, we rationalize our desires.

Thus, you can see that this whole episode was bound to happen the way it happened. As regards to the timing of the incident, this is minor question but I shall have a long shot on this.

The Group has voluntarily attached itself to the global business fortune and as the global business fortune has its highs and lows and currently it is undergoing one of its lows and the conflict has come to surface. There is no mystery in it. As an internal cause, earlier average lifespan was lower and providence intervened as a solution. However, with the improvement in health care and with the fortune they command to access, more and more patriarchs will be touching third generation while being completely active – physically and mentally, unless and until there is providential intervention or some foul play. Our friends in India must take this into their reflection about their businesses, large or small.

Now, my dear friend, it is a fine early afternoon here, in the Wordsmith Castle, where my friend had invited me for a change, we shall go together for a stroll and let’s see what charms life can offer and no mystery, either in Bombay or Calcutta – petite or great, should bother us then.


Source: wordsmithofbengal.wordpress.com


  • 0

Cyber Attack Prevention Strategy

Category : Uncategorized

Entire India is into turbulence with the latest banking fraud. All print media, news channels, internet are discussing on the same topic and some kind of panic situations are spreading across. Security breaches are very common; but this time something ‘Worst’ has happened. Yes, this biggest financial data breach has affected 32 lakh debit cards. As a result of this, banks have blocked their ATM cards, without any advance notice. But these kind of attacks are not new or unusual.  With the increasing trend of Internet connectivity, online shopping (e-commerce), mobile wallet usage, IoT (Internet of Things), these kind of threats are bound to increase due to casual approach to the situations. We tend to be highly technical, keep on spending money on high end appliances, softwares and intent to forget basics without applying common sense.

The approach to the situations are always reactive. The moment some attack place, the entire echo system works towards protection of the same forgetting in the near future the hacker will come back with a new strategy instead of repeating the same method. The success of the story lies in continuation, blending between people-process-tools (technology), synchronized approach of different hardware/softwares instead of running in silos. The core problems lies in outsourcing in multiple layers and several layers who always declines to own responsibility. In the whole chain the accountability, ownership completely missing. Think of Indian banking threats, Bangladesh cyber-attacks where the incidents were suppressed by the authorities for months so that the ripples in the community floats lesser. Imagine if the compromise of data, the impact of the loss could be known to the common man beforehand, they could have more cautious and more impacts could be avoided.

First and foremost important factor is framing policy, law and enforcement of the same by government so that Banks (their downstream providers), BFSI organizations,  3rd party payment gateways,  money wallets are to be bound strictly by compliance, governance and penalty clauses in case of defaulters. The debit card or credit card protections strategies are already internationally benchmarked by PCI-DSS framework with below subsets:

  • Security Information and Event Management (SIEM)
  • Vulnerability Assessment
  • Data Leakage Protection (DLP)
  • File Integrity Monitoring (FIP)
  • Host Intrusion Prevention (HIPS)
  • Web Content Filtering
  • End point Encryption
  • Web Application Firewall (WAF)
  • Endpoint Security
  • Penetration Testing (PT)
  • Privilege Account Management (PAM)
  • Identity Management (IDM)

Information Security is covered under ISO 27001:2013, IT Service is covered under ISO 20000, Business Continuity under ISO 22301:2012, Risk management by ISO 31000, Software industries are covered by CMMI compliances. Hence following the standards and enforcements by the authorities will enhance the situations.

Moreover periodic monitoring of infrastructure, security infra, co-relation and reporting, vulnerability assessment, penetration testing, proactive measures before a threat occurrence will minimize the chances of failures.

Now what can be simple strategies by poor common man? Here are few very simple, but powerful strategies driven by common senses:

  • Change ATM/Debit/Credit card pins in regular intervals.
  • Link cards with mobile number, email address if not already done.
  • Immediately go for chip based card, grid card and enable with two factor authentication (OTP sms/mail etc.).
  • That’s not all. Avoid creating pin/password with names, surnames, date of births, anniversaries (yours/parents/spouse/children) combinations as these can be predicted very easily through your social spread. Try implementing alfa numeric passwords stitched with special character.
  • Using benchmarked standard antivirus (better Total Protection) in both desktop/laptop/mobile/tablet are essential. Free or cracked software is to be avoided. Saving INR 2000 yearly may lead to some major problem.
  • Any banking/ecommerce site should be used through secure site (ssl) i.e instead of “http://”, it should reflect “https://” .
  • Saving online banking, ecommerce site, mail password etc to be avoided for convenience.
  • Password is not be kept anywhere is writing in any form (not word, excel, cloud, printed paper, handwritten paper)
  • Any non-standard games / application are to be avoided as lot of applications are being framed to sniff data.
  • Latest smartphone/tablets are having application control mechanism. Please block unwanted access of all application (like contacts, sms, camera etc whichever is not relevant for that application).
  • Any information related to password, pin are not to be floated through mail, WhatsApp etc. so that there are chances to have repository.
  • International transactions which does to imply two factor authentication (i.e only CVV applies), we should avoid transacting there except renowned players (here government should also force Master/VISA to relook at policies and enforce two factors as well).

These are not all. There are lot more in these arena. I was discussing on this subject in few television channels last few days and thought of writing few basic tips for common man as lot of people requested me.

high-tv2 img_20161023_192136

We will be discussing and brainstorming in depth in our upcoming Conference Infocon and we will be coming a Printed Magazine on same context as one of it’s first kind.

We will be discussing for technology oriented knowledge sharing on targeted attacks like ransomware, APT (advance persistent attack), cyber forensics etc.

Stay tuned for more excitement on 18th November, 2016 at CII Suresh Neotia Centre of Excellence, Saltlake.


Source: sushobhanm.wordpress.com


  • 0

[Book Review] Carving a sky by Samarpan

Category : Uncategorized

This is our second review of a book by the same author. The first review is here for the book entitled JUNGLEZEN SHERU and we strongly request our readers to read as our basic methodology of book review is presented there.

This book is titled CARVING A SKY – A Perspective on Life.

The book is about a train journey and the perspective becomes immediately clear when we find that a dialogue is going on to keep us engaged as soon as the train starts or our reading starts. The dialogue is between a monk and a young man and they both board a train from Kolkata. Destination : you shall forget after few pages or you will not care.

The journey now expands in space (geography spread in time) and time (historical time) as the author deploys the autonomy of the Art of Narration  and we slowly get out of the local space-time. This very process appeared to me providing a foretaste, a satori as Zen monks call a hint of ecstasy, of what the title says – Carving a Sky.

The young man (or the disciple as he slowly becomes ) is the narrator of the journey and the narration runs in three layers : the local time inside the train, the time outside the train where the young man was happy/successful/hopeful and the time when he will be confused/estranged, the Time outside of all times. The greatest virtue of the book is not to become uni-dimensional nor biased in treating these separate mode of times. The book treats the relish of eating a biriyani and that of explaining tanmatras and other very deep and profound aspects of existence with the same level of kindness and care. Without this narrative care, the book would have been simply a “spiritual manual read to pass time in a train journey”

As a reader, I found a distinction which was hammered, chiseled and brought to life is the difference between life and philosophy of life. It is tempting and not unjustified to consider the monk a symbol of timeless India and the young man a symbol of contemporary India, but the greatest virtue of the book is keeping the reader in a willing suspension of disbelief. Not only we find that the monk shares contemporary time but the young man also has his share in other times.

front page.jpg

back page.jpg

Many spiritual books on Hindu scripture project a “world-weariness” and “rejection” of the only tangible, although fragile and ephemeral – our own life with its tangible and sensory connections. This projection may be the matured fruit of an engagement with the same thing that it tries to transcend, i.e. the life we live. However, if we start the book of life from its final pages to a person who has just entered life, the project will not find much takers. I think many spiritual traditions of our country and of other climes and times became disconnected with those who are at the entry point of life. Not because those traditions did not have anything to offer but they started teaching higher mathematical truths to kindergarten students exposed to arithmetic alone.

 

 

Carving a Sky avoided this pitfall at the cost of voluntarily losing some of the authority that scriptural texts generally command, at least, still in India. There is a demonstration of this aspect when some Maoist insurgents meet our monk and the young man in the train as they journey through the Chotanagpur plateau.

But we love the monk of the book for this. He has voluntarily and consciously left his garb of authority and that made the dialogue free and open-ended – subjected to doubts, questions and anxieties.

We find this dramatic device in one of the most authoritative manuals of Life, ever attempted by Man or God – The Bhagavad-Gita.  The recorder and speaker of the Gita’s supreme and enduring genius lies in masking the Omnipotence of Lord Sri Krishna till the very last. The first and second chapter of the Gita would have lost its tremendous poetic and human impact had the viswaraup-darshan happened at the early stages when the dialogue was friendly in tone.

Temperamentally, I am that type of reader who is not only interested what is said but equally interested as how it is said, I mean the literary quality. The book has charmed me. The authors prose style is what I envy. To write in small sentences and yet keeping the narration coherent.

Postscript : The author is doing a significant work and presumably his approach to communicate scriptures through books of such design might invite criticism from some more conservative and orthodox quarters – within and without.

However, we may rejoice at a more exciting phenomenon happening through the book – the ancient scriptures seems to be relevant for our Lives. To take liberty with a famous uttering : “The greatest incomprehensibility of scriptures is their applicability in vastly different ages.”

Carving a Sky, Harper Elements, by Samparpan, INR 199

 


Source: wordsmithofbengal.wordpress.com


  • 0

Infocon : 4 fundamental types of security risks

Category : Uncategorized

There are four fundamental types of risk in the order of our vulnerability

I. Known Known – We know what are the risks and how we are placed relative to that risk. (For example – exposure to cold air in early November air in Kolkata, the time of change of seasons.  This is the time, we thought is also the best time from another angle to hold Infocon Conference on Information Security – because this is also the time when we get the maiden winter sweets of Kolkata)

II. Known Unknown : We know that we do not fully know fully the risks. (Downloading a free software from an arbitrary website)

III. Known Unknown ++ : We know that we do not know anything at all about the risk involved. (Providing sensitive banking information over phone to a caller who says he is a bank employee)

IV. Unknown Unknown : The most dangerous risk. We do not know that we do not know. This is the risk zone that causes greatest harm and damage. It is in this area that all kinds of risks germinate, mutate and manifest. We just see the consequences and then comes a re-action. 

The last class of risk with relation to Information Security cannot be mitigated by any hardware box, AI+ software because by definition we do not know that this exists.

Awareness and reporting in a trusted ecosystem can only fish out the “unknown unknown beast” as soon as it manifests so that the damage is minimum.

There is no 100% and permanent information security. There is no permanent bandobost  or Permanent Settlement as one British Governor General Conrnwallis started in Kolkata/Bengal in eighteenth century for harvested land of Bengal.

The settlement neither proved a settlement, not permanent.

Information harvesting needs another model of security.

 


Source: wordsmithofbengal.wordpress.com


  • 0

Bringing Information Security to book – Infocon initiative

Category : Uncategorized

How much information security is enough security ?

Infocon is an initiative by Prime Infoserv, Kolkata and Wordsmith has been a collaborator in the initiative. Any contemporary CXO who is not concerned with the theme and confusion called Information Security is either non-existent or soon will face bankruptcy judge.

Billions are lost by private and public institutions worldwide through loopholes in securing information. Information is literally money. If you are a financial institution and if your customer database is compromised, then the fall-out can be seriously embarrassing to catastrophic.

The Problem of Mr. K, a CIO of the castle called Kolkata 

Mr. K is a  CIO of a large healthcare company in Kolkata. His 60% life was spent without internet and when his career is at the matured peak, he finds that he needs to reckon with information security. His CEO has instructed him to “do something”. What he should do ?

In case of an enterprise, any “doing” needs management time, money and attention (follow-up). More important, no vendor appears to be able to answer the question : “How much information security is good security ? “How much I should spend, considering the solutions are correct ?” 

Mr. K, found to his great confusion that he is not able to get these “figures”.

In a autumn morning in Kolkata, post-Durga Puja last year,  I and Sushobhan, CEO of Prime met Mr. K in his East Calcutta office, overlooking the wetlands of Calcutta that appear to be merging with the Sunderbans.  Mr. K narrated his predicament, especially the most important one – “How much money and resource he should ask for approval ? ” from his top management to implement the solution selected. The problem with the solution was its very nature : the solution is directly connected to the threat – real, perceived, imagined or enmeshed in the business interest of the information security vendor.

The Mathematical Model

In other words, we need an analytic framework backed up by the cold, austere and objective mathematical perspective other than paranoia, vendor interest, disaster porn, technical jargon, hardware and software vendor with their exotic offerings lined up in the form of priests of some esoteric cult.

There is a mathematical model called Gordon-Leob model that does exactly that. It uses mathematical tools like probability, confidence interval, distribution to produce a mathematically verifiable statement

After the coffee, I and Sushobhan told Mr. K that he should spend no more than 37% of the amount X, where X is calculated by

X = Cost * Maximum probable vulnerability * Impact Constant * Quantified Risk 

Mr. K was delighted. He is now at least dealing with arithmetic, not anxiety-metric.

In due course, we did find out X for his organization by using a 4 step method which is basically a combination of police work + detective work. In the first step, we did a vulnerability analysis and logged all known risks, in the 2nd step, we had assigned some metric to those risks in consultation with the company. In the 3rd step, we calculated the probabilities of such events, in the final step, we tabulated the impact and then estimated X.

Since then, we have been working in this area with clients in India, Bangladesh, UK and everywhere we found one common aspect : lack of awareness. Then the idea of Infocon was born.

Infocon 2016 is happening on 18th November – a platform for sharing our confusion, triumph, fear, best practices and combining our torches in a same direction to create a path in the literal jungle of information which not only has exotic fruits, flowers and scenes but ferocious enemies.

 

 

 


Source: wordsmithofbengal.wordpress.com


  • 0

Geopolitics 101 : Underlying reasons of certain world events

Category : Uncategorized

All empires instinctively felt, studied,  built strategy around geopolitical realities and grew. They also fell when imperial ambitions overshot the limits imposed by geopolitical reality. I start with empires because all our democracies are relatively recent phenomenon of history. It is also becoming clearer that from the collapse of the Soviet Union (1991) to the Credit Crisis (2008), this period of 17 years witnessed something interesting and intriguing.

From 2008 to 2016 – what we observe is not some definitive march towards open countries and free people but something very strange and contrary. In the middle East, a new state is emerging that draws its existential fire from 7th century, a powerful China shows tendencies which are like small tremors of a dragon wagging its long tail before a jump, many democracies are showing clear polarization in far left or far right ( European democracies), a faded Russia that bemoans its Soviet imperial past, not with apology but with a sense of nostalgia. Great Britain’s people think completely opposite to what the Premier thought they were thinking in terms of regional integration as Brexit demonstrated. India – showing a clear inclination to electoral right in the last election goes for a “surgical strike” while the status quo so far was “strategic restraint.”

For all the matured democracies of the world, it is imperative to keep this geopolitical reality in mind because geography is a continuous and dense rock-like presence whereas ideologies are like layers of slime in underwater rocks that move with the undercurrents.

The post at the end will discuss the recent “surgical strike” by India in Kashmir in the light of the geopolitical aspect.

First some axioms which are self-evident and we can easily verify them without becoming an expert.

I. Geopolitics is not some theory. It is an existential baggage of a nation. Simply put, geography is, in a sense – destiny.

II. “A nation does not have any permanent friend or permanent enemy – only permanent interests” – this was from a British Prime Minister at the just peaking period of British empire.

III. There are certain geographical locations which may be valueless in themselves – a barren desert, an icy mountain area, a shallow marshland but has tremendous geopolitical and geo-strategic value with relation to its position vis-a-vis the current order of military, political, trade, transport connected realities. Their “geopolitical value” attracts powers at all stages (matured, decaying, emergent, established) and all these locations will be conflict zones. There is no exception to this observation. The conflict may manifest in various forms but the underlying causes reinforce them because of the principle of least resistance. 

IV. It is quite possible that a nation – weaker and vulnerable in comparison to a more powerful enemy will survive and even overcome if it remains aligned to its geopolitical wisdom but it is certain that it cannot but perish if it goes against its innate geopolitical wisdom.

V. Quo bono – the first question of Roman criminal jurisprudence. Who benefits ? World events do no happen by complete co-incidence. Someone benefits in whatever happens. It is like a trade – you can go long or go short and both ways there will be benefit for someone, somewhere.


Russia  : Napoleon and Hitler – both experienced their worst defeat near Moscow. If you see the map of Russia, you shall find that from the West, there is no geographical barrier. It is a vast steppe and plain lands. This vulnerability remains in Russian psyche and as a counterbalance, Russia has always sought sphere of influence or buffer zone in the East. Russian government has  always left the seat of government in Moscow when an enemy stands at the Gates and is saved by her weather. When Soviet Russia collapsed in 1991, first the buffer zones melted away and this perhaps makes current Russian President Putin say that the break-up of the Soviet Union is a catastrophic geopolitical event of last century. This statement is very important when we see the timing and the speaker.


China : One of the clear handicaps of China is her having no direct access to Arabian sea and Indian ocean because of being land-locked in the south. How China can have access to Arabian sea or Indian ocean ? It can either take a route from South China sea via Hongkong, connect to Burma and reach northern reach of Bay of Bengal. Then it drops south, touches  Sri Lanka and takes westward route  and connects to Arabian sea. Or it can drop overland and connect to Arabian sea at some port in North West of India or in Pakistan.

Q1: Why is China investing so much in Burma ?

Q2: Why is China building a port in Pakistan ?

Q3: Why is China building highways through Karakorum range all the way to Kashghar from the port at Pakistan ?

Q4: Does this highway cross through a zone called “Kashmir” ?

Q5. Who benefits if that zone is not under complete control of another regional player ?


Afghanistan  Since the time of Alexander, the overland access to India has been through Afghanistan and it still remains so. if the so called Aryans came to India from North West and they must have crossed Afghanistan and this area is one of the most scenic places in the whole planet. Why didn’t they settle there ?  There can be only two conclusions : a) Aryans did not come this way  b) They came this way but there previous settlement was very different from the mountain valleys of Afghanistan. In other words, the Gangatic valley of North India suited their taste. This river might have saved  Eastern India from becoming Hellenic. Alexander’s army never saw anything in the dimension of the Ganges in their whole journey from Macedon to Patna.  The holiest river of the Aryans stood in front of the mightiest Hellenic warrior to save Eastern India and after 2500 years, a son of the greatest city of the East of India, Calcutta – Swami Vivekananda declared that ..”in the domain of ideas, ancient Hindu and ancient Greece are meeting.”


Bosnia-Herzegovina and Nagarno – Karabach : These are small regions in Caucasus. Why there has been continuous conflict in these areas ? Hint : Caucasus oil (especially of Azerbaijans Baku oil fields) and these are the points where most strategic oil-pipeline can have their choke points.


British Empire : British empire was the last empire before the age of airplanes. Military application of airplanes drastically changed the geopolitical equation as there is no ocean in the sky ! In its height, British empire dominated all trade routes and controlled all “choke points” – Suez Canal, Panama Canal, Afghanistan as a counter-balance to Russian expansion in the East), India (entire sub-continent), Hongkong, Singapore. This maritime umbrella made sure an island continent like Australia supplied Britain with soldiers although Australia has no interest in those conflicts. Why ? It is to keep the master of the global trade routes pleased, otherwise Australia will be doomed. Air-power changed everything. British empire’s floating army – Royal Navy was too costly and inefficient to police the world.

Fifty years after the 2nd world war, we can easily see why nations have no permanent friend or foe, only permanent interest. America’s entry into war did save the world from becoming a Nazi empire but it did not save British empire. Actually, the global dominance was inherited from British to America. We now find Australia dutifully supplies soldiers to die in Iraq although we do not see any logic what strategic interest of Australia can lie in a conflict in Iraq. Answer : geopolitics.


Geopolitical Studies in India 

Unfortunately for India, there has not been first-rate geopolitical thinkers.  During British rule, their was no need as British imperialism’s broad shoulder bore the burden, for good or for worse.

Post-independence, economics was considered to the branch of knowledge and still today this veneration continues.  This unduly and blind veneration for economists among Bengalis always irks me and I have once quipped once in a polite company just after Dr. Amartaya Sen was awarded the Nobel prize : ” the more a community studies economics as a branch of study, the overall economic health of the community goes down.”

Two Bengali thinkers (not intellectuals as understood in India), with the risk of being labeled as prejudiced towards fellow Bengalis, I must declare that these two  thought about the issue with great foresight and originality. Bankim Chnadra Chatterjee (in Bengali essays) and Nirad C Chaudhuri in his works in English analysed the geopolitical realities and the policy implications. As early as 1952 (two years after India became a Republic), Nirad C Chaudhuri was talking of the need of a military aristocracy and he was citing the example of Roman republics. He also cautioned us of a military jingoism and how such mis-adventures can bring untold harm to a young republic and gains to third parties who may channelize their interest through “proxies”. He was perhaps a lone Indian, admittedly and bitterly, who like Putin, considered the collapse of British Empire as one of the pivotal historical event for India and the world and again, in a nostalgic sense.

The young republic of India in 1950 has matured. The military, administrative and political elite must concede to the fact that we need to have a culture of geopolitical studies among our young men and women for whom geopolitical realities will be starker and nearer.

As an Indian of 40+ years, I entreat the young men and women who are in their 20+ to consider the fact that the world order where globalization, private enterprise, free flow of capital and innovation, rising middle class income, the “3BHK, Wagon R, 2 private school, 2 credit cards”, economics and investment uber alles  model of urban elevation may not continue as geopolitical re-configuration are due. It is easy to deny this as healthy men deny death, rich deny poverty, stable people deny disturbance.

You may expect to be an entrepreneur in the common sense of the world but this sense of a world itself is a political construct. You may not be interested in politics but changing politics is interested in you.

“We may not be interested in geopolitical cataclysm but geopolitics is interested in us.”


Source: wordsmithofbengal.wordpress.com


  • 0

Writer in a democracy

Category : Uncategorized

In my last vacation, I was working on a project of translation. I was translating selected parts into English from the writings from at least 70+ man and woman of letters of Bengali language.  A friend of mine, a successful man by today’s standard asked : “Who shall read these old writings ?”. He is right. He has brought to words what always remains a part and parcel of democratic environment.

One of the  writers in the pantheon was Promotho Chowdhury. Very few of Internet generation in Bengal even know his name. One of the finest craftsman of Bengali prose. More important – the only artist in Bengal whose prose reflects the clarity that only one language has most-plentifully : French. He was a master of that language and French did not remain foreign to him.

As I worked to translate, I found it is impossible to convey the “craft” into another language from Bengali. He was talking of Democracy and the role of writer-artist in such an age :

“..The noblest teachers of democracy wanted everyone to grow to the same level, but their disciples comprehended the opposite and each one aspires to be a man above all. “

“..The eternal stamp of aristocracy that Art has in her soul is something democratic milieu cannot comprehend and perhaps envies. It happened in ancient Greece that the society was democratic but Art was aristocratic. Because of this, Greek art is so immensely valuable that we cannot even separate its soul from the body through logic. I have a hope or rather false hope that Bengal will grow to play the same role in India where there will be a democratic society but aristocratic Art.” 

The last sentence appears to be a direct translation of the soul of Democracy in America by Alex de Toqueville (published in 1833) and I am sure Monsieur Choudhury was a lone man of his time who had the capacity to read this in original and to appreciate the craftsmanship of the work. His 36 words in Bengali  is something every writer in democracy keep in front of his desk all the time :

“...The writer in a democratic age has a grave responsibility and must draw people’s attention to the higher aspects of his being through Art because in a democratic age, the common mind naturally gravitates towards crass materialism.”

 

 


Source: wordsmithofbengal.wordpress.com