ICT and InformationLibrary Science

Security and risk management issues for libraries to face challenges and prevent cyber threats


While speculating on my research, my mind hovers over the destruction caused to libraries in different parts of the world in ancient and medieval periods to the end of nineteenth century. A bird’s view over the destruction of libraries, for religious, political, social, cultural and academic reasons. Some one has very wisely said that if you want to destroy a nation or society, the best course is to destroy the sources of their inspiration, and these sources in the olden age were in written books and manuscripts kept in the libraries. The libraries were housed in building where the security concern was limited merely to protect the theft of materials. The buildings were incapable of withstanding inferno, repel attack by intruders and destructive forces for want of proper security arrangement to meet these threats. Apart from this many factors such as, paying little attention or ignoring the upkeep of the libraries after the death of founder members by their successors.

From primitive days of mankind, wisdom, skill, knowledge, experience, data, facts, observations, related information to develop and improve the quality of life have been important components. But in today’s modern society, the economical, political, social, business, technological, cultural and revolutionary changes and many such areas play an important role in the Library.

From ancient times, not only harm has been done by natural disasters, the ruler destroyed religious, educational old books & manuscripts, so that the people are deprived of access and on the other hand the ruler also destroyed the work done by specific religious thinkers, philosophers & revolutionist.

Historically the rise and fall of great empires immensely associated with the collection of resources and information. Security of the information and knowledge resources was always great concern. In ancient and medieval time security concern was limited only to physical security and theft prevention in libraries because attacks destroy information resources physically. About two thousand years ago there lived a Chinese Emperor, His Hwang Ti. He ordered that all books be destroyed. When the University of Nalanda was at the height of its glory in the seventh century is burned down three sections of the large library of the university. The great library in the ancient city of Alexandria that contained manuscripts collected from several countries was deliberately burnt down in the seventh century. So, many a time libraries have been turned into inferno, but many books believed to have been lost or destroyed have reappeared either in their old form or in a new form, contrary to this the information stroed in a computer, if loss can not be accessed if the backup is not avialable. In the recent past, the biggest library & museum in Iraq was looted by militants. In Pakistan, religious extremist and conservatives demolished school & libraries, which prevent children to be updated with the modern education. Due to climatic changes in Europe & China there was heavy snowfall because of which libraries were forced to be closed down for some period, while Japan, Malaysia, Thailand, etc., has to face tsunami disaster & earth quakel Italy and Thailand faces sever heavy rain fall. Many libraries suffered natural calamities.

Library is the backbone of any institution, organisation, Government and private sector carrying out various types of activities. Library is a place where not only information regarding books is available but also a place where process such as purchasing books, e-tendering process are carried out, in addition to the storage of user’s personal information.

Access to library can neither be denied to the authorised person or nor it can be allowed to be used beyond the limit of security norms of the library. The danger starts simmering the moment the person is allowed unchecked while crossing the security limit. It means strict surveillance or precaution on all the activities of information flow from in and out side is imperative. We must be very alert to see and sense that material is download is from genuine source by user or staff member. We must verify every information and person approaching our network. At the initial stage, the person working on the PC or laptop keyboard need to be alert at the slow flow of data, he should immediately take steps to find out the reasons for this hurdle. If he is unable to detect it, he should report the matter to the responsible authority because it can be a case of hacking, virus attack, key logger or Trojan horse malware. In the current scenario, The security of library information from cyber attack or unauthorized access is essential. No security system in the world today is invunlnerable from hacking attack. These kinds of attacks not only modify the information, but can breach the privacy of library users. All databases are vulnerable to being breached by unauthorized users or hackers looking for a challenge. With more databases than ever, experts expect the number of database attacks to continue to rise.

In recent times, we are witness to growth of crimes not merely in quantity but more so in quality. The threats posed by present-day dimensions of crimes and particularly their sophistication, to personal and public security are matters of serious concern. In the above developments, crimes are ignoring or overcoming the borders. However, the borders have established themselves as the bane of law enforcement. The criminals, thus, operate as if they are in a borderless world while the law-enforcers are confined to operate in a bordered world.

This research is a silent alarm for the librarian, because libraries are small fish in a big ocean and are soft targets for hacking. library computer network security, vulnerabilities and cyber threats, some of the challenges which need to be mitigated are privacy of users, pornography, unauthorized access, identity theft etc., These unlawful activities can be encountered by risk management, disaster plan”, security audit plan & develop a security policy.

The WikiLeaks website came in to existence in 2006, and published sensitive information pertaining to different countries, companies, organisations and religious outfit. The website is unique in the sense that it took care not to disclose the names of person or source that helped them making available the information. Until 2009, the world did not take it very seriously but in 2011, this website displayed more than 20,00,000 secret messages connected to different US embassies world over. This was an attack carried out with out any weapon ranging from small fire arms to missile or atom bomb. But the panic it created was more complex than a weapon of mass destruction use in biological or atomic warfare. The website continue to publish sensitive political material of leading players of the inter-national politics. And India is no exception. It is learned that website is likely to publish the information about the secrete account maintained in foreign banks by politicians, businessmen and money launderers.

The Information Technology revolution has added a whole new and complex dimension to the conduct of human affairs. It is fast-expanding, and its highly sophisticated criminal activity, almost always transcends national barriers. Police and enforcement agencies all over the world are straining every resource available to them to cope up with this new kind of many facet challenge, and are changing their strategies to meet the challenge of the cyber criminal.

Library Security:

Close your eyes for a minute. Now think of a library — any library. What comes to mind? Naturally, different people will imagine different things, but in general, you probably think the library is a quiet place — a safe haven from the dangers and troubles of the world outside where you can spend quiet hours in study and contemplation. When the average citizen considers using a library, what should never come to mind are any of the following: homicide, rape, sexual assault, simply assault (against staff members of other patrons), robbery, larceny, burglary, grand theft, personal property theft, harassment of staff, obscene phone calls, nuisance calls, indecent exposure, pickpockets, elevator crime, or crimes committed by staff members. Understandably, as with all public places, the library has its risks. Demonstrably, library materials are constantly at risk, as are those who visit or work in library buildings. The sooner we admit this fact, the sooner we can begin to consider ways to minimize and reduce that risk. (Bruce Shuman, Library Security and Safety Handbook)

Though a list of important libraries destroyed world over is available at http://en.wikipedia.org/wiki/Destruction_of Libraries, website. The attack on libraries were carried out in person to destroy the knowledge enshrined in books and other materials. This act deprived the world of valuable knowledge for ever. Now, considering the attack carried out by terrorist, naxalites, the attackers are physically involved with their fire power ranging from small fire arms to weapons of mass destruction, even the terrorist used the civilian planes as a weapon of destruction of men and materials. The attacks carried out by terrorist and naxalites have psychological impact of greater magnitude.

While giving final shape to my research work my mind slips back in to the decade old 9/11 attack on U.S. soil. I compare it with the present threat posed by interne hackers, spammers etc. 9/11 attack on U.S. symbolizes psychological tsunami with it epicentre at Twin Tower New York City. The whole world flabbergasted over the incidents but in practical sense,. it exhibited the capacity of terrorist29 will to carry out destruction any where in the world at their will.

The fallout of Second world war is merely is great loss of man kind and materials. Which is limited to few country involved in it. It means the second world war has it’s boundaries but the cyber threats knows no boundaries. It can paralyzed a nation or a group of nations with in the flickering of the eyes. The damage which will be caused can be directionally proportional to the cost of the installation services, infrastructure atmosphere and water pollution all together.

The naxal movement started from naxalbari district of Assam four decade ago. Now it has covered whole area of West Bengal, Jharkhand, Bihar, Odisha, Chattisgarh, Andhra Pradesh and adjoining area of other two states which border these to naxal effected states. The impression one came have is all these areas are highly mineral rich area such as coal & iron. And apart from this Vishakapaatnam is sea port and naval base. This reflect the nefarious design of this country who is supporting this movement by money and arms power and training to person. Nine pro-Naxal web sites, with names like “Naxal Revolution,” “Peoples’ March,” and “Red Diary”.”These Web sites are being used to recruit youngsters by the Naxalites,” The government official said evidence has been gathered that indicates the Maoists are trying to sends emails to potential recruits to ask for their qualifications and how they would like to lend support to the Naxalite movement. To execute movement, the military and scientific institute website are hacked, and material information is extracted for exploding IED to below out vehicles in a targeted and precise manner. They have developed an organised network to track the movement of the force and number of the personal in a precise location. They ambush the patrolling party in the dense forest surreptitiously or they explodes the vehicle of the force with their IED killing the personal in double digit number.

Present Scenario of Cyber Attack

The cyber attacks have been mostly trans-national and network based (Deibert and Stein, 2003, Arquilla and Rofeldt 1999, 2001). Adversaries can be termed as network actors consisting of relatively independent nodes of individuals, groups, organizations or even states capable of quickly assembling and dispersing, even long before an attack has been discovered. These actors operating in loosely organized networks and using such means can resort to asymmetric warfare (Applegate, 2001, Arquilla and Ronfeldt, 2001, Goodman 2001, Herd 2000, Erbschloe, 2001). These war-fares may not be conventional military conflicts, but are capable of wreaking serious damages by attacking and exploiting the vulnerabilities of information system by resorting to cyber attacks (Arquilla and Ronfeldt, 1999, 2001, Cordes man, 2002).

The conventional understanding of sovereign state system is premised on boundary making and spatial distancing. With the prospect of cyber attacks and information security the boundaries fencing off states against the other, demarcating the international sphere from the domestic sphere, the public from the private, peace from war and the military from the civil are dissolved. One of the major implications of the cyber threats is that the security of the information system on which the entire network of organization, individuals, groups and even states hinges is challenged. Besides, the very. impregnability and invincibility of sovereign state system is challenged (Everard 2000, Fountain 2001, Giacomeflo 2005).

The wideners in contrast to the traditionalists claim that the concept of security should be widened to include within its ambit the new challenges, threats even emanating not only from other states, but from the political, societal, economic and environmental sectors (Buzan, 1991, Deibert 1997, Muller, 2002, Stern 1999).

The latest example of the cyber attack conducted on the world famous and safe library is on “Library of Congress”, deeply hurtled my conscience as I am also working as a librarian in Police Head Quarters. The attack on the “Library of Congress” thus prompted me to took the challenge to work on the complex subject to sort out problems and their possible solution. The desperate act that took place in America made me think that a mischievous element, disgruntled employee, Publisher, book seller, unauthorized user want to damage or modify the library’s information he can entered through the interne and will be successful to do so. What can be done if by any means an unauthorized person sneaks in to the library network security and modify or delete information It is a burning question across the world regarding security measures in library network.

Being an employee of police department, it become my moral duty, devise ways and means to counter attack any effort to sneak into the police working, including library community. My effort in collecting relevant data, information, which reflect the day to day danger in computer network, may prove a little contributions to repel attack on library and information centers. In this perspective, I feel like suggesting a new security and safety measure for libraries to face challenges and prevent cyber threats.

  • Electronic Security ( Computer Information & Internet):

Survey done by develop country on physical and book security revealed that the security situation of public libraries were very critical. The survey further pointed out that due to technical changes, computer has brought a great revolution in the world, but still the world is not thinking about security measures in the library and information centers. Many libraries used electronic security system, to control entry and exit of the users and site surveillance.

  • Burglary Protection:

A burglar protection system includes sensors as follows;

➢ Door and Window Contacts

➢ Glass Break Protection

➢ Vibration Detectors

➢ Audio Discriminators

➢ Alarmed Window Screens

➢ Motion Detectors

➢ Ultrasonic and Microwave Motion Detectors

➢ Photoelectric Motion Detectors

➢ Passive Infrared Motion Detectors

➢ Other Motion Detectors

➢ Sounders

  • Collection Security:

There are several methods of ensuring that no materials leave the library without being checked out legally. These systems always contain a security device that is placed on the materials. Radio frequency identification (RFID) are magnetic strips32, if they are not scanned, the alarm at the door will make a huge sound to alert the staff, that something is being taken illegally by the person at the door.

  • Video Surveillance:
    Video surveillance and closed-circuit television (CCTV) systems serve as a way to monitor and record security, detect crime, and ensure safety.

Library Security Core Issue !

The unprecedented increase in the spread of computer use during the last few years has brought a whole new set of problems with security implications, many of which we are only now beginning fully to appreciate. In this context, we shall examine some aspects of computer security and consider how the security manager might reasonably be expected to contribute to combat the threat posed by the information security.44 There are many threats to the security of a library’s computers and networks. These range from data stealing and diddling to the accidental loss of data.

Development of global economy, and increasing flow of creation of the Internet are all factors in creating the modern global village. The global environment has played a major role in modern information technology. The undesirable elements, military and scientific use of information technology, financial institutions and sensory assault are likely to cause harm to the information collected. The offender under the jurisdiction of its goal without physically entering the information system to disrupt. In addition, many information systems and the dual-use military and civilian targets infrastructures put a dent in the peace which can upset the balance. Information technology is playing an important role in all sectors of society, Security, information technology has become an essential component.

Ensuring the national security in information exchange, struggle against electronic crimes; Taking into account the national interests, creating conditions to ensure rights of citizens and organisations to safely obtain and use of electronic information; creating an environment providing citizens’ information security. Library to create a security-conscious environment, and to establish a disciplined approach is required. the information received must be protected form undesirable elements. Undesirable elements destroy the infrastructure of information and may be bent on destroying the system, Security awareness training is essential to library staff and user should also be guided to use the library network in the legal way. The risk factor should include assessing and controlling the natural calamity & hazard .

Reference Article:

  • Farid, B. (2012). Developing security measures and risk management policies for libraries to face challenges and prevent cyber threats.

Md. Ashikuzzaman

Work at North South University Library, Bangladesh.

Leave a Reply

Your email address will not be published. Required fields are marked *