4. Cloud Computing
Emerging Challenges
Indian Legal mechanism for International cooperation
International efforts
• Convention of Cybercrime
• ISO/IEC 27037
• United Nations
• Other International efforts
Role and responsibilities of Defence Forces
5.
6. Ubiquitous
Connectivity
Virtualization
Broadband
Networking
Web 2.0
Multi Tenancy
Out Sourcing
Utility Service
Computing Oriented
Clustering Architecture
7. “ A model for enabling convenient, on-
demand network access to a shared pool of
configurable computing resources (e.g.
networks, servers, storage, applications, and
services) that can rapidly provisioned and
released with minimal management effort or
service provider interaction”
8.
9.
10.
11. Massive Scale Resilient Computing
Geographic
Homogeneity
Distribution
Virtualization Service Orientation
Low Cost Software Advanced Security
12. Cloud Efficiencies and improvements
Improved
Cost Time Power Unlimited Improved
process
Efficiencies Efficiencies Efficiencies capacity Security
control
Standardized
updated base Top quality
Burst
image security
Capacity Procurement
Near to products
to
generation
production
Centrally
auditable log
server Dynamic
Short top quality
use of
duration security
project capacity professionals
Centralized
authentication utilization
Reduced system
Any place overhead
Cancelled connectivity power top quality
or failed consumption Improved security
mission forensics processes
13.
14. Enormous
processing
power
Original
Cyber Forensic
applications at
challenges
fraction of cost
Command & Complex
Control Jurisdictional
centers issues
Identity
Shoot & Scoot Federation
challenges
15.
16. 1. Short
title, extent, commencement
and application.
Subsection (2) – It shall extend to the whole of India
and, save as otherwise provided in this Act, it applies
also to any offence or contravention thereunder
committed outside India by any person.
17. 75. Act to apply for offence or
contravention committed outside
India. -
(1) Subject to the provision of sub- (2) For the purposes of sub-
section (2), the provisions of this section(1), this act shall apply to
Act shall apply also to any offence an offence or contravention
or contravention committed committed outside India by any
outside India by any person person if the act or conduct
irrespective of his nationality. constituting located in India.
18. Section 66F – Punishment for Cyber terrorism
Section 69 – Power to issue directions for interception or
monitoring or decryption of any information through any
computer resource.
Section 69A - Power to issue directions for blocking for
public access of any information through any computer
resource.
19. Section 69 B – Powers to authorise to monitor and collect traffic data or information
through any computer resource for cyber security.
Section 70 – Protected System
• Explanation: For the purposes of this section, "Critical Information Infrastructure" means the
computer resource, the incapacitation or destruction of which , shall have debilitating impact on
national security, economy, public health or safety.
Section 70 A – National nodal agency
Section 70 B – Indian Computer Emergency Response Team to serve as national
agency for incident response
20. CHAPTER VII – PROCESS TO COMPLE THE PRODUCTION OF THINGS
• Section 105 - Reciprocal arrangements regarding processes
CHAPTER VII-A – RECIPROCAL ARRANGEMENTS FOR ASSISTANCE IN
CERTAIN MATTERS AND PROCEDURE FOR ATTACHMENT AND FORFEITURE
OF PROPERTY.
• Sections 105 A through 105 J
CHAPTER XXIII – EVIDENCE IN ENQUIRIES AND TRIALS
• B. – Commissions for the examination of witnesses
• Sections 284 through 299.
21. Section 45A – Opinion of Examiner of Electronic
Evidence (read with IT Act section 79A)
Section 65 B – Admissibility of electronic records
Section 85 B – Presumption as to electronic
records and electronic signatures
23. First serious attempt to harmonise International laws on cyberspace.
Opened for Signature – 23 Nov 2001
Entry into force – 1 Jul 2004
Ratified/Accession – 32 Countries
Signed but not yet ratified – 15 Countries
Major missing – Russia.
Even USA has recorded reservations
24. IT Security — Security techniques — Guidelines for identification,
collection, acquisition, and preservation of digital evidence
(DRAFT - new title)
provides detailed guidance that describes the process for
recognition and identification, collection and/or acquisition and
preservation of digital data which may contain information of
potential evidential value. This document includes physical and
documentary activities deemed necessary in supporting inter-
jurisdictional recognition of collected and/or acquired potential
digital evidence
25. General Assembly
• Resolution 55/63 of Dec 2000 & Resolution 56/121 of Dec 2001
• International Group of Governmental Experts finalized the resolution in July 2005.
Concurred I 2009 and 2010 but not yet passed. In July 2011 - Russia renewed the
request (Department of Disarmament)
• In Sept 2011 - China, Russia, Tajikstan, and Uzbekistan have sent a letter to UN
Secretary-General Ban Ki-moon, and suggests a code of conduct on the use of
information technologies by countries. It is focused on threats to international
stability, fighting cybercrime and prevent the use of cyberspace for terrorism.
(Secretary-General Secretariat)
United Nations Office on Drugs and Crime (UNODC) has on January 17-21, 20101
organized the first conference for the open-ended intergovernmental expert
group that was recommended in the Salvador Declaration Article 42 at the
United Nations Crime Congress in Salvador, Brazil, April 12-19, 2010.
26. A Global Cybersecurity Agenda (GCA) was launched in May 2007
(WSIS & ITU)
A global High Level Experts Group (HLEG) of almost 100 persons was
established in October 2007 (ITU)
The Global Strategic Report was delivered in November 2008,
including strategies in five work areas: Legal measures, Technical and
procedural measures, Organizational structures, Capacity building,
and International cooperation. (ITU)
27. Helping the European Commission, the Member States and the
business community to address, respond and especially
to prevent Network and Information Security problems.
ENISA is as a body of expertise, set up by the EU to carry out
very specific technical, scientific tasks in the field of Information
Security, working as a "European Community Agency".
Nov 20, 2009 published Cloud Computing Risk Assessment
28. The European Commission presented a proposal for a new cybercrime
legislation.
The East African Communications Organisations (EACO) to establish and
harmonize Internet security policies and Internet laws in the East Africa
region
The Council of the European Union is developing a new concerted strategy
to combat cybercrime
The ASEAN Chiefs of Police in Hanoi, Vietnam, in May 2009 adopted
resolution.
29. CSA is a not-for-profit organization led by a broad coalition of
industry practitioners, corporations, associations and other
key stakeholders.
Mission Statement : To promote the use of best practices for
providing security assurance within Cloud Computing, and
provide education on the uses of Cloud Computing to help
secure all other forms of computing.
Issued Security Guidance for Critical Areas of Focus in Cloud
Computing V2.1 in Dec 2010
30. Created through Indo-US Joint Statement Nov 2001
Established in April 2002
Plenary Sessions in April 2002, Oct 2004 and Jan 2006.
5 Working Groups
Industry deeply involved
Dissolved in 2006
Attempt to resuscitate 2010.
MoU signed in 2011
31.
32. Define surveillance, preparatory and launch of offensive stages of Cyber operations
Allocate area of responsibilities and targets.
Avoid overlaps of surveillance operations within defence forces and also with other
government agencies
Prefer joint Cyber operation centre.
Active participation in Critical Information Infrastructure Protection
Coordinate with Other agencies.
Transparent feed back to National Information Board
Define stage of declaration of Cyber War and get political stamp of approval
Develop Rules of Engagement
33. Learn to Exploit cloud computing technologies in your favour
Expect more severe asymmetric cyber attacks
Protect your civilian supply chains
Training and awareness for all.
Vertically specialized capacity building :
• Risk Analysis
• Log Analysis
• Incident Handling
• Electronic Evidence First Responder
• Malware developers
• Cyber Intrusion specialists
• Anti – Hacking Specialists
• Cyber Warfare Strategists ………………
34. Contact Details
Web : www.xcyss.in
E-mail : cmd@xcyss.com
Tele : +91-11-25128910
Mobile : +91- 9953286928
Hinweis der Redaktion
Opening of Hostilities (Hague III); October 18, 1907Rights and Duties of Neutral Powers and Persons in Case of War on Land (Hague V); October 18, 1907Art. 3.Belligerents are likewise forbidden to:(a) Erect on the territory of a neutral Power a wireless telegraphy station or other apparatus for the purpose of communicating with belligerent forces on land or sea;(b) Use any installation of this kind established by them before the war on the territory of a neutral Power for purely military purposes, and which has not been opened for the service of public messages.
Cloud computing ('cloud') is an evolving term that describes the development of many existing technologies and approaches to computing into something different. Cloud separates application and information resources from the underlying infrastructure, and the mechanisms used to deliver them.
Essential Characteristics of Cloud Computing Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches: • On-demand self-service. A consumer can unilaterally provision computing capabilities such as server time and network storage as needed automatically, without requiring human interaction with a service provider. • Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) as well as other traditional or cloudbased software services. • Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a degree of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resourcesinclude storage, processing, memory, network bandwidth, and virtual machines. Even private clouds tend to pool resources between different parts of the same organization. • Rapid elasticity. Capabilities can be rapidly and elastically provisioned — in some cases automatically — to quickly scale out; and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. • Measured service. Cloud systems automatically control and optimize resource usage by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, or active user accounts). Resource usage can be monitored, controlled, and reported — providing transparency for both the provider and consumer of the service. It is important to recognize that cloud services are often but not always utilized in conjunction with, and enabled by, virtualization technologies. There is no requirement, however, that ties the abstraction of resources to virtualization technologies and in many offerings virtualization by hypervisor or operating system container is not utilized. Further, it should be noted that multi-tenancy is not called out as an essential cloud characteristic by NIST but is often discussed as such. Please refer to the section on multi-tenancy featured after the cloud deployment model description below for further details.
Essential Characteristics of Cloud Computing Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches: • On-demand self-service. A consumer can unilaterally provision computing capabilities such as server time and network storage as needed automatically, without requiring human interaction with a service provider. • Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) as well as other traditional or cloudbased software services. • Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a degree of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resourcesinclude storage, processing, memory, network bandwidth, and virtual machines. Even private clouds tend to pool resources between different parts of the same organization. • Rapid elasticity. Capabilities can be rapidly and elastically provisioned — in some cases automatically — to quickly scale out; and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. • Measured service. Cloud systems automatically control and optimize resource usage by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, or active user accounts). Resource usage can be monitored, controlled, and reported — providing transparency for both the provider and consumer of the service. It is important to recognize that cloud services are often but not always utilized in conjunction with, and enabled by, virtualization technologies. There is no requirement, however, that ties the abstraction of resources to virtualization technologies and in many offerings virtualization by hypervisor or operating system container is not utilized. Further, it should be noted that multi-tenancy is not called out as an essential cloud characteristic by NIST but is often discussed as such. Please refer to the section on multi-tenancy featured after the cloud deployment model description below for further details.