This presentation was made at "Cyber Security India Conference" held at New Delhi on 01-02 Nov 2011

1. 1 & 2 November 2011

4. Cloud Computing
Emerging Challenges
Indian Legal mechanism for International cooperation
International efforts
• Convention of Cybercrime
• ISO/IEC 27037
• United Nations
• Other International efforts
Role and responsibilities of Defence Forces

6. Ubiquitous
Connectivity
Virtualization
Broadband
Networking
Web 2.0
Multi Tenancy
Out Sourcing
Utility Service
Computing Oriented
Clustering Architecture

7. “ A model for enabling convenient, on-
demand network access to a shared pool of
configurable computing resources (e.g.
networks, servers, storage, applications, and
services) that can rapidly provisioned and
released with minimal management effort or
service provider interaction”

11. Massive Scale Resilient Computing
Geographic
Homogeneity
Distribution
Virtualization Service Orientation
Low Cost Software Advanced Security

12. Cloud Efficiencies and improvements
Improved
Cost Time Power Unlimited Improved
process
Efficiencies Efficiencies Efficiencies capacity Security
control
Standardized
updated base Top quality
Burst
image security
Capacity Procurement
Near to products
to
generation
production
Centrally
auditable log
server Dynamic
Short top quality
use of
duration security
project capacity professionals
Centralized
authentication utilization
Reduced system
Any place overhead
Cancelled connectivity power top quality
or failed consumption Improved security
mission forensics processes

14. Enormous
processing
power
Original
Cyber Forensic
applications at
challenges
fraction of cost
Command & Complex
Control Jurisdictional
centers issues
Identity
Shoot & Scoot Federation
challenges

16. 1. Short
title, extent, commencement
and application.
Subsection (2) – It shall extend to the whole of India
and, save as otherwise provided in this Act, it applies
also to any offence or contravention thereunder
committed outside India by any person.

17. 75. Act to apply for offence or
contravention committed outside
India. -
(1) Subject to the provision of sub- (2) For the purposes of sub-
section (2), the provisions of this section(1), this act shall apply to
Act shall apply also to any offence an offence or contravention
or contravention committed committed outside India by any
outside India by any person person if the act or conduct
irrespective of his nationality. constituting located in India.

18. Section 66F – Punishment for Cyber terrorism
Section 69 – Power to issue directions for interception or
monitoring or decryption of any information through any
computer resource.
Section 69A - Power to issue directions for blocking for
public access of any information through any computer
resource.

19. Section 69 B – Powers to authorise to monitor and collect traffic data or information
through any computer resource for cyber security.
Section 70 – Protected System
• Explanation: For the purposes of this section, "Critical Information Infrastructure" means the
computer resource, the incapacitation or destruction of which , shall have debilitating impact on
national security, economy, public health or safety.
Section 70 A – National nodal agency
Section 70 B – Indian Computer Emergency Response Team to serve as national
agency for incident response

20. CHAPTER VII – PROCESS TO COMPLE THE PRODUCTION OF THINGS
• Section 105 - Reciprocal arrangements regarding processes
CHAPTER VII-A – RECIPROCAL ARRANGEMENTS FOR ASSISTANCE IN
CERTAIN MATTERS AND PROCEDURE FOR ATTACHMENT AND FORFEITURE
OF PROPERTY.
• Sections 105 A through 105 J
CHAPTER XXIII – EVIDENCE IN ENQUIRIES AND TRIALS
• B. – Commissions for the examination of witnesses
• Sections 284 through 299.

21. Section 45A – Opinion of Examiner of Electronic
Evidence (read with IT Act section 79A)
Section 65 B – Admissibility of electronic records
Section 85 B – Presumption as to electronic
records and electronic signatures

22. Indo-US Cyber Security Forum

23. First serious attempt to harmonise International laws on cyberspace.
Opened for Signature – 23 Nov 2001
Entry into force – 1 Jul 2004
Ratified/Accession – 32 Countries
Signed but not yet ratified – 15 Countries
Major missing – Russia.
Even USA has recorded reservations

24. IT Security — Security techniques — Guidelines for identification,
collection, acquisition, and preservation of digital evidence
(DRAFT - new title)
provides detailed guidance that describes the process for
recognition and identification, collection and/or acquisition and
preservation of digital data which may contain information of
potential evidential value. This document includes physical and
documentary activities deemed necessary in supporting inter-
jurisdictional recognition of collected and/or acquired potential
digital evidence

25. General Assembly
• Resolution 55/63 of Dec 2000 & Resolution 56/121 of Dec 2001
• International Group of Governmental Experts finalized the resolution in July 2005.
Concurred I 2009 and 2010 but not yet passed. In July 2011 - Russia renewed the
request (Department of Disarmament)
• In Sept 2011 - China, Russia, Tajikstan, and Uzbekistan have sent a letter to UN
Secretary-General Ban Ki-moon, and suggests a code of conduct on the use of
information technologies by countries. It is focused on threats to international
stability, fighting cybercrime and prevent the use of cyberspace for terrorism.
(Secretary-General Secretariat)
United Nations Office on Drugs and Crime (UNODC) has on January 17-21, 20101
organized the first conference for the open-ended intergovernmental expert
group that was recommended in the Salvador Declaration Article 42 at the
United Nations Crime Congress in Salvador, Brazil, April 12-19, 2010.

26. A Global Cybersecurity Agenda (GCA) was launched in May 2007
(WSIS & ITU)
A global High Level Experts Group (HLEG) of almost 100 persons was
established in October 2007 (ITU)
The Global Strategic Report was delivered in November 2008,
including strategies in five work areas: Legal measures, Technical and
procedural measures, Organizational structures, Capacity building,
and International cooperation. (ITU)

27. Helping the European Commission, the Member States and the
business community to address, respond and especially
to prevent Network and Information Security problems.
ENISA is as a body of expertise, set up by the EU to carry out
very specific technical, scientific tasks in the field of Information
Security, working as a "European Community Agency".
Nov 20, 2009 published Cloud Computing Risk Assessment

28. The European Commission presented a proposal for a new cybercrime
legislation.
The East African Communications Organisations (EACO) to establish and
harmonize Internet security policies and Internet laws in the East Africa
region
The Council of the European Union is developing a new concerted strategy
to combat cybercrime
The ASEAN Chiefs of Police in Hanoi, Vietnam, in May 2009 adopted
resolution.

29. CSA is a not-for-profit organization led by a broad coalition of
industry practitioners, corporations, associations and other
key stakeholders.
Mission Statement : To promote the use of best practices for
providing security assurance within Cloud Computing, and
provide education on the uses of Cloud Computing to help
secure all other forms of computing.
Issued Security Guidance for Critical Areas of Focus in Cloud
Computing V2.1 in Dec 2010

30. Created through Indo-US Joint Statement Nov 2001
Established in April 2002
Plenary Sessions in April 2002, Oct 2004 and Jan 2006.
5 Working Groups
Industry deeply involved
Dissolved in 2006
Attempt to resuscitate 2010.
MoU signed in 2011

32. Define surveillance, preparatory and launch of offensive stages of Cyber operations
Allocate area of responsibilities and targets.
Avoid overlaps of surveillance operations within defence forces and also with other
government agencies
Prefer joint Cyber operation centre.
Active participation in Critical Information Infrastructure Protection
Coordinate with Other agencies.
Transparent feed back to National Information Board
Define stage of declaration of Cyber War and get political stamp of approval
Develop Rules of Engagement

33. Learn to Exploit cloud computing technologies in your favour
Expect more severe asymmetric cyber attacks
Protect your civilian supply chains
Training and awareness for all.
Vertically specialized capacity building :
• Risk Analysis
• Log Analysis
• Incident Handling
• Electronic Evidence First Responder
• Malware developers
• Cyber Intrusion specialists
• Anti – Hacking Specialists
• Cyber Warfare Strategists ………………

34. Contact Details
Web : www.xcyss.in
E-mail : cmd@xcyss.com
Tele : +91-11-25128910
Mobile : +91- 9953286928