Abstract

Afghanistan, the country and its people are almost unknown to Germans or Europeans in general, although the media have reported a lot on Afghanistan in the recent past.

The university course "Software Development for Developing Countries" held by Dr. Nazir Peroz at the Technical University of Berlin aims to involve the students into mapping out a strategy for Afghanistan’s future. Dr. Peroz fills the lack of knowledge with several student projects and strives for the development of his homeland. The students work independently, developing knowledge data bases, software systems and strategies. The side effect of getting to know Afghanistan better is certainly welcomed.

Probably similarly to many others, our first involvement with Afghanistan occurred with the above mentioned university course. During our studies and even during our spare time, IT security and cryptography occupy most of our time. Our project "IT Strategy in Afghanistan" in the end led us to the conclusion that IT security is unfortunately almost ignored in the process of rebuilding Afghanistan. The objective of this thesis is to find out why, and to make suggestions for change. Being Germans, we naturally examined how this country had approached the matter in the past. Germany failed in establishing a universally valid, strong and manageable set of regulations, while developing its IT infrastructure. Later, the government realized this particular issue and founded a federal office for security in the information technology. 1 An expert group of its employees developed the "IT Baseline Protection Manual" (IT BPM) which became very popular and is now used by many other countries as a template for their own regulations. Although the IT BPM includes configuration advisories for computer and software systems, it is mainly addressed at management.

The structure of the "IT Baseline Protection Manual" is definitely one of the main reasons why it became so popular. The book consists of two separate parts. On the one hand it describes the potential security threats, while on the other hand suggesting solutions. The great advantage to other books of the same kind is that every specific identified security threat is directly related to a collection of proposed solutions.

Our idea was to adapt the "IT Baseline Protection Manual" to the conditions of Afghanistan. Soon our research made it very clear to us that Afghanistan is currently in such an early state of development that implementing the IT BPM would make little sense. Furthermore, the form and structure of the IT BPM with its extensibility, regular revisions and the expected high infrastructural standards would make an adoption of it inappropriate. From our view, the superior approach would be to await the development of Afghanistan to a point where the full "IT Baseline Protection Manual" can then be applied.

To decide, on which direction would best suit Afghanistan, the first important step for us would be to understand and know the needs and wishes of the Afghan people.

The first chapter "About Afghanistan" introduces the country and the people of Afghanistan. It offers a historical overview with climatic and geographic classification and explains its people's culture.

With this regard, an extensive and comprehensive description of the different ethnic groups is given, followed by an outline of their respective culture. The implications for management to deploy security regulations and specifications are also pictured.

It is impossible to suggest a proper IT security development plan for Afghanistan without figuring out the preconditions of the "IT Baseline Protection Manual". Therefore, the approach was to emphasize the relevant differences between Afghanistan and Germany and show how they matter for this comparison. The idea is that a country is based on several foundation pillars (infrastructure, politics, education, economy, judiciary, and society). Their conditions influence the current and future situation of a country significantly.

The chapter "Current Situation in Afghanistan" is the result of our efforts to gather reliable data for each of the foundation pillars. The focus of our research was to first gather data on the IT infrastructure and secondly, to collect information and data of those areas which influence the development of IT infrastructure and businesses.

As our current situation analysis was motivated by the need to contrast between the current situations of Afghanistan and Germany in order to outline the differences. These can be seen as the preconditions of the IT BPM, so we decided to gather the same data for Germany.

The analysis will reveal that Afghanistan is a unique country in many respects. Chapter "General Recommendations for Afghanistan" will give some advice for the selection of software products. In addition, bearing in mind Afghanistan’s special climatic conditions, where hardware components design (including commodity PCs) must be suited to that environment, therefore this chapter presents some hardware solutions to resist such extreme climatic conditions.

In addition, "Current Situation in Afghanistan" also reveals a huge lack in the education system. At the moment, IT vocational training solely exists in theory. Obviously, well-trained technicians are needed in order to secure sustainable development. As a consequence, the last chapter designs and implements an educational concept for a new IT vocational training in Afghanistan.

The German vocational training system has a good reputation throughout the world. Therefore we used it as a base to develop a vocational training program for IT all-rounder in Afghanistan. Every German vocational training program focusing on IT is analyzed in "Vocational Training" (chapter 5.5). Based on that, a concise vocational training program to best fit the needs of Afghanistan has been developed, and is outlined in "The Concept: Assistant of Applied Information Technology" (chapter 5.6).