INFORMATION SECURITY IN GEORGIA: ICT DEVELOPMENT AND A NEW AGENDA?
Robert L. LARSSON
Robert L. Larsson, Visiting researcher, Georgian Foundation for Strategic and International Studies (Tbilisi, Georgia)
Gela Kvashilava, Junior Fellow, Georgian Foundation for Strategic and International Studies (Tbilisi, Georgia)
Georgia has during 2003 been in the drafting stage of a new national security concept. The intention has been to have it presented to the Parliament in the nearest future. Considering the political conceptions of security in Georgia, it is clear that issues of foreign intervention, territorial integrity, ethnic tension, and smuggling will receive most attention. Nonetheless, information-related aspects also deserve to be at a focus.
By all means, the 21st century is an era of rapid Information and Communication Technology (ICT) development and its impact on Georgia has been, and is, substantial. It affects all spheres of society—social, economic, military, cultural and political. The importance of Information Security (IS), which comes along with ICT development, has naturally also increased in such a way that knowledge, whether possessed by individuals or organizations, has become an essential resource that needs to be protected. Increasing quantities of intellectual property residing on networked systems also leads to an opportunity to disrupt military effectiveness and public safety by surprise and anonymity. Challenges involving the rise of information warfare, intelligent weapons in addition to command, control, communication, computing and information issues (C4I) have been parts of security approaches in many states, but Georgia as most Newly Independent States has just started to acknowledge this important information dimension of security.
Canvassing problems of ICT development and general trends of information security is a wide scope of inquiry and this article will thus cover only a small fraction of it. However, the intention is to highlight an aspect that has so far been neglected in most security analyses. Consequently, the aim of this article is two-fold. First and foremost it will be argued that Georgia must include informational security as a part of the national security agenda. Secondly, this article intends to illustrate why this is of importance. After a brief outline of general trends, the way of doing this is by addressing and seeking to answer two intertwined questions, namely: What is the current status of Georgian ICT development, and, what are the main issues and problems for Georgian information security?
Globalization and ICT Development Affecting Georgia
First of all, an over-arching dimension that recently has gained attention derives from post-modern theory in the notion of Manuell Castell and his view on the information age and networks that in this case serves the purpose of highlighting the global trends against which Georgia’s development can be seen. According to Castell, networks wage wars, and weak actors as terrorists, criminal groups and hackers can now outsmart huge opponents by using asymmetrical strategies.1 While eschewing a theoretical argument it can be said that it is not the end of the national state but instead a return to overlapping authorities. Clearly, most state authorities have not acknowledged their functions under the conditions of a rapidly changing domestic and international environment. This is no less true of Georgia. This is partly why the 4,000 NGOs have taken over so many of the public responsibilities in Georgia. There are reasons to believe that over a majority of issues in the society are handled in this way. By this, NGOs fill a vacuum in the society that normally should fall under the responsibility of the government, such as cultural heritage protection, health improvements, ecology in addition to conflict resolution efforts. This becomes problematic when individuals create NGOs for their own benefits or as leverage on politics.
Secondly, ICT is the foundation of a “new and global information-based economy.” Naturally, advanced telecommunications networks, computers, and related systems increasingly permeate every economic sector and help businesses of all kinds to enhance their organizational efficiency and competitiveness while providing better goods and services at lower prices to customers. Throughout economic activity, created intangible assets are replacing natural tangible assets as the main source of wealth creation in industrial and developing societies. This is demonstrated by the rising importance of services, relative to that of goods, in the gross national output of most countries. The firm has always been the main unit of production in a market-based economy. Inside firms, hierarchical structures tend to become flattened and information flows travel more among functional units. This is true, but not in Georgia—yet.
Additionally, the broader significance of ICT lies in its pervasive impact beyond the industry’s boundaries. States in the Western Hemisphere have just started to understand this. However, in Georgia, these ideas have had little impact. In addition, the lags from the Soviet Union have created a situation where enterprises continuously are operating while making losses without going out of business—a phenomenon called “necroeconomics.”2 This underscores the transitional setting of Georgia’s political and economic climate in which ICT and IS are developing.
Finally, within the military sphere, IS has been key idea since beginning of time. The fall of the bipolar system may have been a revolution, but from a military point of view, the Revolution in Military Affairs (RMA) is what occupies R&D departments of western military institutions. The foundation of RMA is that traditional warfare by deploying large quantities of units along a front line and having hierarchical communication structures is outdated. Instead, small mobile units with extensive horizontal communication capacity are utilized. At this point, Georgia’s military doctrine is a dead document and a security and defense concept is missing. In short, Georgia does not have a clear vision concerning the future military force, but a reform toward greater mobility is underway and emphasis is put on quality instead of quantity.3 The network society is taking shape also in a military sense. For the first time in history are von Clausewitz and Tukhachevskiy wrong.
The technology required for network-based Armed Forces is, naturally, enormously expensive and few states can afford even a small piece of it. The more expensive and exclusive it becomes the greater asymmetry in warfare, and who controls the information will control the war. IS problems thus exist at every level. It affects R&D, planning and implementation of military operations. For instance, modern Main Battle Tanks, as the latest German Leopard 2, are equipped with GPS and computerized command and control systems where commanders have electronic maps where the positions of his units are updated in real time and orders are sent without the use of radio. At the same time, as rich states buy this, Georgia buys 12 second-hand T-55 tanks from the Czech Republic.4 At best they function as armed tractors.
ICT has not only had an impact on the technology of war, but also on media. States have started to understand the impact of media coverage. Who controls media—controls opinion.5 Russia learned this the hard way during the first war in Chechnia. During the second war, information control was strict, but the Chechens are still winning the war on Internet. Several pro-Chechen sites are loaded with information and frequently quoted by foreign media and scholars. The Georgian conflict over Abkhazia has also had elements of this, but to a lesser extent.
What is more, when the importance of information rises and technology development leads to increased accessibility, the risks of deception escalate. A new tool for “maskirovka” has been created. Just to mention one example, the Russian newspaper Nezavisimaia gazeta had an article in May 2003 claiming the U.S. has been planning a military campaign against Iran and that it had been negotiating with Azerbaijan and Georgia about utilizing their air force bases.6 The impact was enormous and Iran even delivered a formal protest note to Baku.7 Although to this day, there has been little evidence of this being true, it serves as an example of the importance of information in relation to Georgia, which is further addressed below.
ICT Development Peculiarities in Georgia
As “globalization” and “the new economy,” the “new security” runs the risk of becoming a buzzword that everyone use, but no one can define or operationalize. A definition of information security encompasses information spheres that both relate to persons and to society where formation and further developments of information resources are provided in relation to the interests of the state, and society and its citizens.8 Occasionally, Georgian politicians or officials utter the phrase, but fail to give it meaning. There is only one focus in Georgia and that is traditional security related to the political-military sector aimed at protecting Georgia’s territorial integrity. It is no wonder, as regions with tension and external interference are more urgent security threats than abstract ideas of IS. It is true, IS has little impact today due to the poor ICT situation. However, as soon as development and growth escalate, IS issues will undoubtedly follow.
In Georgia, IS is mainly understood as protection of information systems, information structures and telecommunications. Thus the Georgian government tries to take appropriate measures to manage the risks only in this direction. However, the IS concept is much wider than the technical security of ICT and it is also required that three things are fulfilled, namely that confidentiality, integrity and availability of information are ensured in the country.9 For Georgia, this is applied on three levels, namely the individual; companies and organizations; central and local authorities levels.
As an indication of the level of usage of ICT by individuals in Georgia recent polls can be studied. They show that 41% of the Georgian elite has a computer in their home, while 65% have used Internet and that up to 35% use Internet every day. While 100% of the Georgian elite claim to have TV-sets at home, 90% of them also report possession of mobile phone. 75% has VCRs and 25% DVD.10
It must be remembered that at the individual level, ICT development does not only affect people’s daily life by bringing along a variety of Internet cafés or home technology—it also has a deeper dimension of democracy. When society and states to an increased extent transfer information files on individuals to computerized systems, naturally accessibility to information is facilitated; it is the whole point of it. This has happened a long time ago in the West, but in Georgia, the process is just in the making. Suddenly the issue of informational privacy and integrity reaches a new stage. It has both advantages and disadvantages. As an example, what kind of information about civil citizens should be open for others? Georgia’s policy on the issue is still non-existent, which leads to a situation where the personal integrity is threatened.
Speaking about information security for individuals, the issue of transparency also affects the principle of right to information. Furthermore, the rights to know, the rights to collect information, the rights to acquire information, the rights to withhold information, the rights to control the release of information, the rights to profit from information, the rights to protect information, the rights to destroy or expunge information, the rights to correct or alter information, and the rights to publish or disseminate information are all intertwined and Georgia does not have a plan to deal with this very problem.
Information ethics (or Infoethics) has been discussed at different forums, but legally binding mechanisms have yet to be formulated, adopted and implemented in Georgia. Georgia has seen great misuse of personal information by politicians and journalists and so far no one has been punished. As the regulations are missing and there is no debate on Infoethics. Maybe there was no misuse? Who has the authority to define the problem? This individual level is in many aspects the most important one for the public. The experiences of the newly created Anticorruption Bureau of Georgia show that most of the requests on transparency and information concerns individual cases rather than constitutional issues.11 It must, yet, be remembered that these over-arching constitutional principles are what regulates access to and security of information in a society. Subsequently this invites to a closer look on the general ICT situation in the Georgian society.
Companies and Organizations
For assessing a general socioeconomic situation, the United Nations’ human development index employs three indicators: longevity, education and standard of living. In 2001, Georgia was at 76th place. According to World Bank Group human potential development index, especially GNI per capita gave Georgia a 149th place among 207 nations. If new technologies offer particular benefits for the developing countries, such as Georgia, they also pose greater risks. Technology-related problems are often the result of poor government policies, inadequate regulation and lack of transparency in Georgia. Many people fear that these technologies might actually widen the already existing inequalities in the country.12
If the dimension of ICT education is considered, several things can be said. Currently, Georgian schools operate largely in isolation from the rest of the world and only 2% of them have access to the Internet.13 The situation is better in institutions of higher education, but computerization of educational institutions is limited. University or secondary school curricula in Georgia do not include ICT education. What is more, most courses do not require students to be proficient in ICT. Teachers do not use ICT in preparing their courses and, therefore, cannot provide recent information or recent results in their subject. On the one hand, everyone knows that education is necessary for a society while, on the other hand, everyone feels that without ICT, the educational system is incompetent when it comes to providing the sort of education that is required by the market. This bears importance, as ICT education constitutes the foundation for knowledge concerning information security in the coming generations. As showed, Georgia’s need for an information security agenda is thus vital at this moment, especially since if an agenda will not be formed, the political and judicial development will fall behind technological development more than they have to.
As far as media is concerned, many independent TV stations, radio channels and newspapers were established during the last decade and any attempt to limit media has often been thwarted as a result of strong local support. Today there are 45 TV stations, 17 radio stations and 124 newspapers operating locally. Advertising in Radio and TV amounts to USD $7 million and is growing nearly 4% per year. Creating and developing public opinion play an important role in the establishment of a democratic state. As a consequence, any kind of important decision made by governmental bodies that is not accepted by the population becomes the subject of discussion through free media, and may subsequently be changed and adapted to the public opinion. This underscores that information security is found at several levels and relates to all kinds of actors even if the democratic features of Georgia are debatable.
In addition to what has been said so far, in 2000 Harvard University issued a guide that provided a framework for diagnosis and evaluation of the level of ICT present in a community. The rationale was to facilitate estimation of human resources conditions in different countries.14 Another report by the same center was issued in 2002, which focused not on components, but on the interaction among systems of components, that is the emerging patterns of the use of ICT, which create economic bonds, social bonds, generational bonds, educational bonds and cultural bonds.15 These emerging bonds are the substance of how ICT affect development. At this time, it is almost impossible to use the tools available as the network readiness index, because of the lack of statistical data. This means that an assessment of these issues in Georgia is a tedious task and that political measures must be taken and resources given for handling ICT and information security. Seen in the light of political aspirations for NATO and EU membership, one could expect a pragmatic politician to devote some attention to these issues.
Central and Local Authorities
In Georgia at the state level, IS is neglected and almost non-existent as a concept. This has several reasons and implications. Firstly, there is a language problem. Much of the terminology is, naturally, English and the development of the Georgian language has been slow. Many words are borrowed directly or translated from the Russian. This is not a problem in itself, but has proven to be a factor of inertia in IS and ICT development for the older generations.
Secondly, there is an extreme lack of knowledge of these issues within the higher political echelons. By and large, neither the Government nor the Georgian Parliament devotes resources for improvement, although an emerging awareness of the need for an ICT strategy can be seen.16 As far as the Ministry for State Security is concerned, this is rather related to improving the public image of the old KGB-structure than to the issues of democracy and security.17 The results may yet be positive in the end.
Thirdly, the general official approach to national security is, indeed, comprehensive but very blurred. Georgia has previously included military, political, cultural, economic and environmental aspects in its unwritten national security idea.18 However, in contrast to the Russian concept, IS has been excluded and the International Security Advisory Board has no intention to recommend the Georgian government to include information aspects in the new concept.
It must also be noted that the situation concerning traditional security is similar. Traditional issues do get attention, but all governmental bodies work on different assumptions, especially in relation to budgetary issues and the reform of the civil security structures. This illustrates how poor the situation is and it has even been called a “conceptual cacophony.” “How can one carry out system reform without system thinking?” analysts ask.19 There is no knowledge of contents, risks or opportunities related to IS and therefore it is impossible to form a clear agenda, let alone an action-plan for its implementation. Indeed, some governmental bodies, as the Ministry for State Security, have information security as one responsibility at their Private Security Department, but little energy is devoted to it and as indicated, only technology and information warfare are at a focus.20 It was not until July 2003 that the Ministry launched a web site, which shows the slow progress but is at the same time something that illustrates the progressiveness of the reform-minded Minister.21
What is more, Georgia has enormous problems concerning overlapping responsibilities of the power ministries that infringe on their ability to handle all kinds of security risks properly. This is no lesser true for IS. As an example, if a “cyber-attack” were carried out against the security structures by a foreign organization, it could be seen as a crime, terrorism or an act of war, which means that the Ministry for State Security, the Ministry of Defense, the Ministry of the Interior along with the Police Force have the responsibility to act upon it.22 As incidents like the article in Nezavisimaia gazeta frequently occur, especially between Russia and Georgia, it is of great importance to have a clear and coherent information policy both within state structures and within media. This is crucial if trust and democratic support are to be guiding stars. If tension increases, elements of information warfare can be expected, which is something that Georgia must acknowledge.
Finally, Georgia’s limited ICT infrastructure has not enforced the regime to handle these issues. The civil society has started to develop by usage of ICT, but this has taken place on an ad hoc basis. The political establishment has not been involved in its creation and it thus falls behind. Usage of technology as a part of the political process or as a tool for communication with the citizens is not evident. Just to mention one example, even if the web site of President of Georgia shows photos of the President’s car—there is not much new information for the electorate.23
Conclusions and Final Remarks
Drawing on the aforementioned issues it can be concluded that the need for including information security in Georgia’s security agenda is urgent, as this relates to both external risks and factors of globalization and internal factors of ICT development. Together they encompass aspects of security and democracy, and largely the risks are found at three levels. The first level, which is an over-arching one, can be labeled ICT
challenges. This includes general trends of technological development and risks derived from exogenous factors, not easily affected by single actors. Especially within and between developing countries, the information disparities have an impact on the security situation, as the resources for handling it are limited. The ICT infrastructure and endogenous factors, occasionally managed by humans, are also a key issue. The second level, here called ICT
threats, are threats derived from single actors as individuals, groups or even states that by one reason or another wish to affect Georgia by utilizing ICT. Unlike the ICT challenges, the threats have a foundation that encompasses a purpose and a goal for which ICT is merely a tool. Hence it constitutes a dimension of informational criminality. Within this level, the discrepancy between an information threat and risk can be made. As indicated, a threat is the problem in itself and a risk is rather a function of the seriousness of the threat and the probability for it to occur. In short, an extensive assessment is necessary for tackling this problem efficiently.
Consequently, what Georgia needs are two things. First, a national security concept that encompasses the ICT challenges and threats mentioned above, second, an information doctrine (and related laws and regulations) that serves as a road map, in the same way as a military doctrine does. In sum, the situation of information security in Georgia today is blurry, which makes general policy on ICT development intertwined with traditional security and thus IS is awarded only a subsidiary role. Many international reports witness the need to address these aspects, but at an initial stage it would be an overwhelming task for Georgia to focus on all of these.
Therefore, drawing on the most urgent issues outlined in this paper, a doctrine and related regulations should at the individual level among other features address aspects of access to public information and protection of individual integrity and culture. For improving ICT development protection of intellectual information property should also be at a focus. At the state level the issues in a democratic respect are transparency and security of public information infrastructure and content. This requires a coherent agenda and policy for handling information security at all levels of society and divisions of responsibilities concerning information security within the state by law enforcement structures in addition to judicial aspects on information criminality and warfare. The latter is at least something that would appeal to officials and politicians that adhere to a classic security agenda. In order to function well at the international level, Georgia should take measures on ICT integration and standardization with international structures and work toward a policy on ICT trade and linkage with global economy. That would facilitate developments of policy and regulations on information security-related issues.
As mentioned in previous segments of this article, Georgia is still in the drafting phase of a national security concept. If the concept, and further on, a doctrine, will incorporate information security, Georgia would take one important step toward a coherent approach to ICT development and information security, but that is yet to be seen.
1 See: M. Castell, The Information Age. Economy, Society and Culture, Vol. I, Malden, Oxford, 1998, p. 469.
2 V. Papava, Splendors and Miseries of the IMF in Post-Communist Georgia, We-publish, Laredo, 2003.
3 Interview with Shota Sandukhadze, Chairman of the Subcommittee on Parliamentary Control of Activities carried out by the Defense and Security Bodies under the Committee on Defense and Security at the Parliament of Georgia, Tbilisi, 27 June, 2003.
4 See: I. Aladashvili, “Foreign Assistance to the Georgian Army,” Army and Society in Georgia, Center for Civil-Military Relations and Security Studies; Caucasian Institute for Peace, Democracy and Development, January-February 2001.
5 See: F. Halliday, “Media Coverage of the Gulf War,” The Media of Conflict: War Reporting and Representations of Ethnic Violence, ed. by Allen & Seaton, Zed Books, New York, 1999, pp. 127-147.
6 See: D. Suslov, A. Useynov, “Bush skolotil antiiranskuiu koalitsiiu: dlia udarov po Tegeranu on nameren ispolzovat’ territorii Azerbaidzhana i Gruzii,” Nezavisimaia gazeta, 29 May, 2003.
7 See: “Russian Media Tries to Stir Up the Caucasus,” The Georgian Messenger, 3 June, 2003, p. 2.
8 See: G. Kvashilava, Informatization of the Society and Information Safety Problems of the Country, Tbilisi State University, Tbilisi, 2002.
10 Chkhenkeli. American Center for Information Resources, Public Affairs Section, US Embassy, Tbilisi, 2003. Asked elite representatives include: government officials at different levels, military leaders, political party leaders, directors of state and private enterprises, heads of NGOs, media representatives, intellectuals in education, science, art and culture.
11 Interview with Andro Gotsiridze, expert on power and law enforcement policy at the Anticorruption Bureau of Georgia, Tbilisi, 3 July, 2003.
12 See: National Human Development Report
Georgia 2001/2002, UNDP Georgia. Also: L. Tavartsiladze, “Poverty Reduction by ICT,” Navigator, No. 8, 27 May [http://navigator.web.ge/snews_interview/archives/00000016.shtml] (in Georgian).
13 See: Extended Session of the Government of Georgia, “Digital Modernization of Georgia”, 9 September, 2002. For a detailed overview of Internet ICT usage in Georgia, see: S. Karumidze, “Development of Internet in Georgia,” Information Technology Prospects in the Caucasus, Proceedings from the 1st ISN Executive Conference, Tbilisi, 13-15 June, 2001.
14 See: Readiness for the Networked World: A Guide for Developing Countries, ed. by G. Kirkman et al., Center for International Development at Harvard University, Cambridge, 2000.
15 See: The Global Information Technology Report, ed. by G. Kirkman et al., Center for International Development at Harvard University, Cambridge, 2002.
16 Interview with Shota Sandukhadze.
17 Interview with Valerian Khaburdzhania, Minister of State Security in Georgia, Tbilisi, 30 June, 2003.
18 See: D. Darchiashvili, “Trends of Strategic Thinking in Georgia: Achievements, Problems and Prospects,” Crossroads and Conflict: Security and Foreign Policy in the Caucasus and Central Asia, ed. by Gary K. Bertsch et al., Routledge, New York, 2000, p. 67ff.
19 See: N. Melikadze, “Strengthening Policy-Making Capacities—National Security and Development Challenge for Georgia,” Presentation at the Forth Annual Conference of American-Georgian Business Council on Development Strategies for Georgia, Washington D.C., December 2001.
20 Interview with Gela Suladze, head of Department of Inspection and Personnel Security of the Georgian Ministry for State Security, Tbilisi, 30 June, 2003.
21 See [http://www.sus.ge].
22 Interview with Gela Suladze.
23 See [http://www.presidpress.gov.ge].