3. PREVIEW
METHODOLOGY.
CYBER SPACE : IT’S IMPORTANCE, CHALLENGES AND
CYBER WARFARE.
HOMELAND SECURITY AND CYBER SPACE: CHINA,
PAKISTAN AND NON STATE ACTORS THREATS TO INDIA’S
CYBER DOMAIN.
INDIA'S CAPABILITIES: PREPAREDNESS IN CYBER
SPACE.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD.
4. STATEMENT OF PROBLEM
To Study the present and imminent threat of Cyber warfare and its
implications for India’s Homeland security.
To analyze the threat perception in cyber domain from various State
& Non state actors.
To Examine the vulnerabilities and existent state of cyber space in
India.
To Suggest the policy Aproach and recommendations for cyber
hardening at user end as well as in cyber domain.
5. HYPOTHESIS
Meteoric Boom in E-Commerce and E- Governance over internet. As
our dependence on internet grows in life, We also become more
vulnerable to any disruptions in and through cyber space.
Success of Digital India Initiative depends upon maximum
connectivity with max cyber security.
Dire need to protect critical Infrastructure Banks, Automated power
grids, Satellites Thermal power plants, SCADA systems which are
vulnerable to cyber attacks in India.
Cyber security needs to be amalgamated and synergized in the over
all perspective of Homeland security.
India has a poor track record of cyber security and it is not prepared
to meet the future cyber security threats and challenges within the
present framework and policies.
6. JUSTIFICATION FOR STUDY
In contrast to world wars at one end of spectrum the future conflicts
would be in the fifth dimension of war (A NO CONTACT WAR) or at
maximum in conjunct with kinetic action.
Digital Infrastructure is the backbone of a developing economy like
India and as India progresses, its reliance on internet will increase.
Importance of cyber space in its use as a platform for integration of
information and information critical infrastructure.
Gridisation of the various sectors viz energy, transport, Nuclear
space etc.
Connectivity and convergence of technology to cloud computing and
mobiles has resulted in tools of technology moving from nation
states to individual users.
7. SCOPE
The study takes into account the Importance of Cyber Space, its
Challenges and the emerging concept of Fifth Generation cyber
warfare.
The role played by various State and Non State actors in India’s
Geo political hot spots and the implication of this in the fifth
Dimension of ‘Theatre of war’ is also taken into consideration in the
study.
India’s present state of preparedness is revealed and
recommendations to improve its preparedness in cyber security are
brought out in the study.
8. Primary Sources.
Interview with a hacker : Mr Lou Pravoslav in USA.
Survey : Three Major & Minor Army Units.
: BSNL office in Himachal Pradesh.
: NHPC office in Himachal Pradesh.
RTI’s : Almost 70-80 RTIs in various
Government Departments and PSUs to ascertain
their Cyber Preparedness.
METHODS OF DATA COLLECTION
9. Observation : Tenure in Army Cert .
Visit to USA in the center for homeland security at
Naval post graduation School in Monterey.
Secondary Sources.
Books & Articles :Institute of advance studies.
: HQ ARTRAC Library.
: Panjab University Library.
: Journals & Periodicals
: Newspapers & Internet
METHODS OF DATA COLLECTION
10. CYBER SPACE : IT’S
IMPORTANCE, CHALLENGES
AND CYBER WARFARE
11. Cyber space is a global and dynamic domain characterized by
the ever critical electromagnetic spectrum.
A third of the world’s population uses the Internet and
countless more are touched by it in their daily lives. There are
more than four billion digital wireless devices in the world
today. Scarcely a half-century ago, that number was zero.
Cyber space includes a physical infrastructure and
telecommunication devices that allow for the connection of
technological and communication system network.
Imperative that internet and its tools retain the openness and
inter operability in order for it to empower individuals enrich
societies and build modern Economies.
CYBER SPACE : IT’S IMPORTANCE,
CHALLENGES AND CYBER WARFARE
12. A nations critical infrastructure is composed of public and private
institutions in the Agro, Water, Public Health, Govt ,Defense, Info
& Telecommunications, Energy, Transportation & Banking
sectors.
Cyber space is composed of thousands of inter connected
computers, servers, routers, switches and fiber optic cables that
facilitate these sectors and critical infrastructure to work.
The national strategy to secure cyber space is part of the overall
effort to protect the nation.
Securing cyber space is a difficult strategic challenge that
requires coordinated and focused effort from the entire society,
the government, the private sector and peoples.
CYBER SPACE : IT’S IMPORTANCE,
CHALLENGES AND CYBER WARFARE
13. In the contemporary information era, the Internet has become an
important platform and battle space both for civil and military
purposes.
New operational concepts such as ‘Network Centric Warfare’ in an
‘informationalized battle space’ would be impossible without cyber-
based systems and capabilities.
Cyber Domain is the only domain in which all instruments of national
power – diplomatic, informational, military, and economic – can be
concurrently exercised through the manipulation of data and gateways.
CYBER SPACE : IT’S IMPORTANCE,
CHALLENGES AND CYBER WARFARE
14. EMERGING CHALLENGES IN CYBER SPACE
With ever increasing activities of individuals, organizations, and
nations being conducted in cyberspace, the security of these
activities is an emerging challenge for society.
The Cyber medium has created new potentials for criminal or hostile
actions, “Bad Actors” in cyberspace carry out these hostile actions,
and threats to societal interests as a result of these hostile actions.
Security holes in current computer and telecommunications systems
allow these systems to be subject to a broad spectrum of adverse or
hostile actions.
In cyberspace world, the distinction between “crime” and “warfare”
also blurs the distinction between police responsibilities, to protect
societal interests from criminal acts, and military responsibilities, to
protect societal interests from acts of war in cyberspace.
15. Defense Forces. A large tri-
service exercise, that has been
underway, is In a crucial phase.
There is complete dislocation due to
failure of communication and GPS
systems as also large-scale DDOS
(Distributed Denial of Service)
attacks.
16. Military and National Security. If a cyberspace based attack
were to bring down an essential military command and control system
at a critical moment in a battle, it might lead to the loss of the battle.
Other Societal Organizations and Activities With medical care
becoming increasingly dependant on information systems, many of
them internetted and a perpetrator could make changes to data or
software, possibly resulting in the loss of life.
Telephone NWs Collapse. BSNL exchanges hang and switching
centers of mobile NWs (hardware mostly of Chinese origin) shut down
or behave erratically. Defense NW routers are failing and rebooting.
Close to 1000 million telephones are functioning erratically.
Railway Traffic Control Collapses.The complex Indian Railway
management and traffic system is clogged. Rail traffic on a number of
routes is suspended due to power failure.
POTENTIAL FUTURE INCIDENTS
17. Satellites out of Control Communication. Remote sensing and
surveillance satellites are thrown out of gear. TV and other transmissions
are disrupted, spreading alarm. The Indian GPS system, operationalised
in 2016, malfunctions, affecting traffic and security systems.
SCADA (Supervisory Control and Data Acquisition)Systems Controlling
Power Grids Collapse. The whole of North and Western India and
some other regions suffer a power blackout. This affects all services,
including rail and road traffic.
POTENTIAL FUTURE INCIDENTS
Software vulnerability on
uplink and downlink
SCADA
Vulnerability
18. Collapse of Financial Services.
Dedicated denial of service (DDOS)
attacks paralyze the financial
systems. There is data theft,
destruction and clogging. Millions
of transactions are distorted. Banks
cut off the systems from the
Internet.
ATC Management Collapses. The
international air traffic control (ATC)
system, based on communication NWs
and the Internet, is malfunctioning.
Manual backup systems cannot meet the
requirements. There is chaos at airports
like Delhi and Mumbai which handle 2000
to 3000 flights a day.
19. Cyber War is a warlike conflict in virtual space with means of information and
communication technology (ICT) and networks. As other forms of warfare, cyber war
aims at influencing the will and decision making capability of the enemy’ political
leadership and armed forces in the theater of Computer Network Operations (CNO).
Across the Levels of Conflict From insurgency to conventional warfare, cyber power
has become an indispensable element of modern technology-based military capability.
Cyber Warfare may also be used to describe attacks between corporations, from
terrorist organizations, or simply attacks by individuals called hackers, who are
perceived as being warlike in their intent.”
20. Cyber warfare requires a high degree of interdependence
between digital networks and infrastructure on the part of the
defender, and technological advances on the part of the
attacker.
A successful cyber war depends upon two things: means
and vulnerability. The ‘means’ are the people, tools, and
cyber weapons available to the attacker. The vulnerability is
the extent to which the enemy economy and military use the
Internet and networks in general.
Cyber warfare is symmetric or asymmetric,offensive and
defensive digital network activity by states or state-like
actors, encompassing danger to critical national
infrastructure and military systems.
CYBER WARFARE
21. Computer Network Attack – Operations designed to disrupt, deny,
degrade, or destroy information resident in computers and computer
networks, or the computers or networks themselves.
Computer Network Exploitation - Means retrieving intelligence-grade
data and information from enemy computers by ICT means.
Computer Network Defense - Consists of all measures necessary to
protect own ICT means and infrastructures against hostile Computer
Network Attack and Computer Network Exploitation.
CYBER WARFARE
22. The Elements that make cyber war attractive are:-
Cyber war is cheaper since it does not require large numbers
of troops and weapons.
The entry costs are low: with a computer and Internet access
anyone can engage in cyber warfare.
Cyber war is easy to deliver by stealth via global connectivity
from anywhere.
There is an advantage for the attacker who can profit from the
latest and newest innovations.
There are no technological, financial or legal hurdles to
overcome against that proliferation.
CYBER WARFARE
23. Cyberspace offers the attacker anonymity because it is so
difficult to trace the origin of an attack. Operating behind
false IP addresses, foreign servers and aliases, attackers
can act with almost complete anonymity and relative
impunity.
Cyberspace gives disproportionate power to small and
otherwise relatively insignificant actors.
Cyber war may help to avoid the need to engage in
combat operations and thus saves lives.
Blurred traditional boundaries: Cyber warfare creates its
own ‘fog and friction of war.’
CYBER WARFARE
24. The Objectives National Cyber Security Policy :
To create a secure cyber ecosystem in the country, generate adequate trust and
confidence in IT system and transactions in cyberspace and thereby enhance adoption
of IT in all sectors of the economy.
To create an assurance framework for design of security policies and promotion and
enabling actions for compliance to global security standards and best practices.
To enhance and create National and Sectoral level 24X7 mechanism for obtaining
strategic information regarding threats to ICT infrastructure.
To improve visibility of integrity of ICT products and services by establishing
infrastructure for testing & validation of security of such product.
To create workforce for 5,00,000 professionals skilled in next 5 years through capacity
building skill development and training.
25. Cyber attacks can be carried out from anywhere. There are more than 3 billion
personal computers and 5 billion mobile phones in use in the world today. An
additional 1,000 new mobile phones are added to the mix every minute.
To attribute an attack with any measure of certainty to a specific device, let
alone a specific fact, attribution – determining the source, location, and the
identity of an attacker – is extremely difficult for both technical and
nontechnical reasons.
THE CHALLENGES IN ATTRIBUTION
Tor is free software for
enabling anonymous
communication. The name is an
acronym derived from the
original software project
name The Onion Router. Used to
conceal a user's location and
usage from anyone
conducting network
surveillance or traffic analysis.
26. Cyber deterrence does not work as well as nuclear deterrence,
because the ambiguities of cyber deterrence contrast starkly with the
clarities of nuclear deterrence.
Attempting proactively to deter cyber attacks should become an
essential part of national strategy. However, deterrence is pointless
without attribution. Attribution means knowing who is attacking you,
and being able to respond appropriately against the actual place that
the attack is originating from.
THE PROBLEM OF DETERRENCE
28. Home Land Security: The Concept.
Homeland security is an umbrella term for "the concerted national effort to ensure a homeland that
is safe, secure, and resilient against terrorism and other hazards so that a Nations interests,
aspirations, and ways of life can thrive.
Homeland Security is now one of the most aggressively pursued sectors of the country with both
government and industry investing heavily to provide the best technology to our security agencies –
be it police, paramilitary or army.
Critical Infrastructure Protection. Critical infrastructure of a country includes public and private
assets that are of strategic importance to the economic, political or security interests of the country
and include infrastructure such as airports, industrial installations, national monuments, energy
supply pipelines, nuclear and conventional power plants.
29. To organize the Homeland Security
apparatus of the country, the
Ministry of Home Affairs is to create
a supporting infrastructure for the
long term with an organized and
targeted development of India’s
security forces, creation of a
centralized comprehensive
database called National
Information Grid (NATGRID) by
combining the individual databases
of several government agencies,
setting up of the CCTNS (Crime and
Criminal Tracking Network and
Systems) and several other
measures as:-
Police and Paramilitary Modernization.
Counter Terrorism.
Coastal and Maritime security.
Intelligence and Cyber Crime. Intelligence gathering to pre-empt any
terrorist or related undesirable activity is central to the efforts targeted
towards Homeland Security of the country.
30. The healthy functioning of cyberspace is essential to our economy
and our national security which demands an urgent requirement and
necessity to formulation of a National Strategy to Secure Cyberspace.
The National Strategy to Secure Cyberspace will help reduce our
Nation’s vulnerability to debilitating attacks against our critical
information infrastructures or the physical assets that support them.
The private sector is best equipped and structured to respond to an
evolving cyber threat. There are specific instances, however, where
government response is most appropriate and justified.
Public-private engagements is a key component of India's Strategy to
secure cyberspace since these partnerships can usefully confront
coordination problems by significantly enhancing information
exchange and cooperation.
HOMELAND SECURITY AND CYBER SECURITY
CORRELATION
31. Department of Homeland Security
has a vital and critical role to play in
the cyber space and its security.
The secretary DHS will have the
following responsibilities at hand :-
Developing a comprehensive
national plan for securing the key
resources and critical infrastructure
of India.
Providing crisis management in
response to attacks on critical
information systems.
Providing technical assistance to
the private sector and other
government entities with respect
to emergency recovery plans for
failures of critical information
systems.
32. Increased dependence on information infrastructure
for production and delivery of products and
services, the new responsibility of securing the
critical information infrastructure (CII) against the
rising number of cyber attacks has come within the
ambit of national security. This new responsibility is
not, however, solely that of government; and the
private sector has a major role to play since more
and more of critical information infrastructure is
owned and operated by it.
Deterring an Attacker. The responsibility for
deterring an attacker is shared by the system owner/
individual and the national government. If the owner
has installed effective intrusion-detection software,
an intruder is more likely to concede defeat.
Thwarting Cyber Attacks. The responsibility
rests almost entirely with the individual owner(s),
for he/ she can effectively control what kinds of
locks are on the doors, who has the keys and
whether the doors remain locked.
33. Limit Damage Sustained During an Attack. This is a highly
complex requirement from both the technical and policy points of
view, as managing a cyber attack in real-time is difficult. The
capabilities for mounting adaptive defense can be found in both the
private and public sectors.
Post-attack Reconstitution. This is an area where the system
owner has the central role, for only the owner can establish what is
operating and what has been shut down.
Improving Defensive Performance Through Lessons Learnt.
This would help in the design of future systems. Exploitable flaws
in systems used would need to be identified so that they can be
minimised/ avoided in the future.
National Cyber Security Awareness and Training Programme.
Many cyber vulnerabilities exist because of the lack of cyber
security awareness on the part of computer users, systems
administrators, technology developers & procurement officials.
CRITICAL INFORMATION INFRASTRUCTURE
PROTECTION: PUBLIC PRIVATE PARTNERSHIP
34. Regulatory Provisions. Regulation in cyber security matters will be
equally necessary, because when disasters occur, the public reaction
is usually to ask why the government did not act sooner and more
vigorously.
Compliance to Best Practices. These relate to the management of
security and IT. They include ‘best practices’ for developing, installing,
and operating computers and networks so as to minimise security
vulnerabilities and risks.
CRITICAL INFORMATION INFRASTRUCTURE
PROTECTION: PUBLIC PRIVATE PARTNERSHIP
35. China enters the Information Age, and it is strategically falling back
upon the 2500-year-old teachings of Sun Tzu’s The Art of War.
To gain a hundred victories in a hundred battles is not the highest
excellence; to subjugate the enemy's army without doing battle is the
highest of excellence.
Warfare is the Way of deception. Therefore, if able, appear unable, if
active, appear not active, if near, appear far, if far, appear near.
CHINAS CYBER WARFARE CAPABILITIES: THREAT
TO INDIA’S HOMELAND
36. An important theme in Chinese writings on computer-network
operations (CNO) is the use of computer- network attack (CNA) as the
spear point of deterrence. The public part of cyber warfare in China is
directed by the PLA General Staff, 4th Department (Electronic
Countermeasures and Radar).
Training in CNO occurs across all People's Liberation Army service
branches, from command to company level, and is considered a core
competence of all combat units.
The growing importance of IW to China’s People’s liberation Army
(PLA) is also driving it to develop more comprehensive computer
network exploitation (CNE) techniques to support strategic
intelligence collection.
One of the chief strategies driving the process of informatization in
the PLA is the coordinated use of CNO, electronic warfare (EW), and
kinetic strikes designed to strike an enemy’s networked information
systems, creating “blind spots” that various PLA forces could exploit
at predetermined times or as the tactical situation warranted.
CHINAS CYBER WARFARE CAPABILITIES: THREAT
TO INDIA’S HOMELAND
37. China's top military decision-making body, or the Academy of Military
Sciences (AMS), its leading body for doctrine and strategy development.
Chinese information warfare strategy is closely aligned with the PLA’s
doctrine for fighting Local Wars under Informationised Conditions.
The PLA has come to recognize the importance of controlling space-based
information assets as a means of achieving true information dominance,
calling it the “new strategic high ground.”
The PLA is reaching out across a wide swath of Chinese civilian sector to
meet the intensive personnel requirements necessary to support its IW
capabilities, incorporating people with specialized skills from commercial
industry, academia, and select elements of China’s hacker community.
38. The conceptual framework currently guiding PLA IW strategy is
called “Integrated Network Electronic Warfare” (wangdian yitizhan) a
combined application of computer network operations and electronic
warfare used in a coordinated or simultaneous attack on enemy
C4ISR networks and other key information systems.
INEW consolidates the offensive mission for both computer networks
attack (CNA) and EW under PLA General Staff Department’s (GSD) 4th
Department ,while the computer network defense (CND) and
intelligence gathering responsibilities likely belong to the GSD 3rd
Department.
The INEW strategy relies on EW to jam, deceive, and suppress the
enemy’s information acquisition, processing, and dissemination
capabilities; CNA is intended to sabotage information processing to
“attack the enemy’s perceptions.
INTEGRATED NETWORK ELECTRONIC
WARFARE
39. Deterrence and Computer Network Operations. The Chinese
government has not definitively stated what types of CNA actions it
considers to be an act of war which may reflect nothing more than a desire to
hold this information close to preserve strategic flexibility in a crisis.
Leadership and Technical Support. Nestled in the quaint Xianghongxi
community in the western hills of Beijing‘s Haidian District, the GSD Third
Department manages a vast communications intercept infrastructure and
cyber surveillance system targeting foreign diplomatic communications,
military activity, economic entities, public education institutions, and
individuals of interest.
56th Research Institute. The PLA owns some of the fastest supercomputers
in the world. The 56th Research Institute, also known as the Jiangnan
Computer Technology Research Institute is the PLA‘s oldest and largest
computing R&D organization.
57th Research Institute. The 57th Research Institute appears to be
responsible for the development of communications intercept and signal
processing systems.
58th Research Institute. The 58th Research Institute appears to be focused
on cryptology and information security technology.
INTEGRATED NETWORK ELECTRONIC
WARFARE
40. The Chinese Hacker Community. China’s hackers, active in
thousands of Web-based groups and individually, represent a mature
community of practitioners that has developed a rich knowledge base
similar to their counterparts in countries around the world.
Following the accidental bombing of the PRC embassy in Serbia in
May 1999, Chinese hackers mounted their first large scale attack on
the White House led by the group Javaphile according to one of its
founding members, who uses the “screen name” Cool Swallow.
Government Recruitment from Hacker Groups. Government efforts
to recruit from among the Chinese hacker community and evidence of
consulting relationships between known hackers and security
services indicates some government willingness to draw from this
pool of expertise.
Chinas Threat to India’s Homeland in Cyber space. Marked increase
in the frequency of cyber attacks on Indian assets in 2014, with
government and private infrastructure equally affected.
INTEGRATED NETWORK ELECTRONIC
WARFARE
41. In peacetime The Pakistani Military Establishment, including ISI, can
with ease manipulate perceptions with the help of cyber space and we
can imagine the danger that India faces in times of war. Case in point
is the successful use of Social Media on Internet by ISI to create
perceptions which resulted in mass exodus of people from Bengaluru
due to the threat posed in these messages.
In May 1998, when India conducted its nuclear tests, a group of
Pakistan-based hackers called ‘Milk worm’ broke into the Bhabha
Atomic Research Centre website and posted anti-India and anti-
nuclear messages.
PAKISTAN’S CYBER WARFARE CAPABILITIES AND
THREAT TO INDIA’S HOMELAND
42. Pakistani hacker groups like Death to
India, Kill India, and G-Force Pakistan
openly circulate instructions for
attacking Indian computers.
During the Kargil war, the first Indian
site reported to be hacked was
armyinkashmir.com, established by
the Indian government to provide
factual information about daily events
in the Kashmir Valley. The hackers
posted photographs showing Indian
military forces allegedly killing
Kashmiri militants.
43. NON STATE ACTORS: CYBER WARFARE CAPABILITIES AND
THREAT TO INDIA’S HOMELAND
The special characteristics of cyberspace, such as its asymmetric nature, the lack
of attribution, the low cost of entry, the legal ambiguity, and its role as an efficient
medium for protest, crime, espionage and military aggression, makes it an
attractive domain for nation-states as well as non state actors in cyber conflict.
cyber attacks” on targets in Estonia in the spring of 2007 is an example where
volunteers actively took part in an open cyber conflict , acting as a cyber militia,
by rallying to overload various cyberspace resources, such as Estonian
government and commercial web services.
The attacker gains the initiative and can most often conduct cyber attacks
covertly, offering the advantage of surprise as well as the benefit of plausible
deniability.
The attacker can launch the cyber attack at the exact time, and against the target,
of their own choosing, using appropriate attack methods.
Even if attribution is successful, i.e. the attacker is identified by the defender; the
lack of applicable international laws covering cyber warfare creates a useful
shield of legal ambiguity.
44. As cyberspace, unlike other arenas associated with warfare, provides a
high level of anonymity, attackers can carry out actions in this domain with
little or no risk of attribution. Employment of non-state actors in
cyberspace operations is a very attractive option for nation-states or an
equivalent body, especially when pursuing limited strategic goals.
Non-state actors are increasingly being approached by many
governments globally, who seek to benefit from their experience and
leverage their cyber know-how to attain this sought-after capability.
46. INDIA'S CAPABILITIES: PREPAREDNESS
IN CYBER SPACE
To guarantee and retain information superiority, appropriate defensive
measures and countermeasures are a must. The IT (Amendment) Bill
2008 attributes the designation of a national nodal agency for the
protection of CII and the Indian Computer Emergency Response Team
(CERT-In) to undertake incidence response under the Sections 70A
and 70B, respectively.
Although National Cyber Security Policy of India 2013 has been
declared its integration with the National Security Policy of India is
still missing.
India currently has the fastest growing user base for Face book and
Twitter, the two top social networking sites.
Indian Railways, India’s top e-commerce retailer, saw its online sales
go up from 19 million tickets in 2008 to 44 million in 2009, with a value
of Rs. 3800 crore ($875 million).
47. INDIA'S CAPABILITIES: PREPAREDNESS
IN CYBER SPACE
Indian Agencies Involved in Cyber Defense and
Countermeasures.
MoD mandates Defence Information Assurance and Research Agency
(DIARA) as the nodal cyber security agency for the Tri-Services.
Coordination. It is appreciated that in keeping with current needs,
the Defence forces, DRDO, NTRO, CERT-In, RAW, IB, C-DAC,
Ministries, NIC, NASSCOM, private industry et al. will have to work in
concert.
Proactive Cyber Defense. This comprises actions taken in
anticipation to prevent an attack against computers and NWs. As
opposed to the current practice of passive defense, it provides a via
media between purely offensive and defensive action: interdicting and
disrupting an attack, or an adversary’s preparation to attack, either
pre-emptively or in self-defence.
48. INDIA'S CAPABILITIES: PREPAREDNESS
IN CYBER SPACE
Raising of Cyber Command While cyber warfare is ongoing activity during peacetime, there
is a dire need to develop this capacity for a warlike situation. Such attacks may also precede
the kinetic war. It could also form part of the strategic deception process. This should be the
responsibility of the Armed Forces (HQ IDS) along with the DRDO and other experts.
Army, Navy and Air Force CERTs These would monitor traffic, disseminate information; ensure
remedial measures to ensure ongoing security to NWs and systems. They would also in a manner be
charged with protection of critical infrastructure of each service.
Territorial Army (TA) Battalions for Cyber Warfare There is therefore need to create and maintain a
“surge capacity” for crisis or warlike situations. Young IT professionals constitute a vast resource
base and a large number would be willing to loyally serve the nation when required.
49. INDIA'S CAPABILITIES: PREPAREDNESS
IN CYBER SPACE
Perception Management and Social NWs. In the current age of
“democratization” or “instant availability of information” and growth
of social NWs, there is tremendous scope for perception management
and manipulation of information.
Capacity Building. Capacity building is vital. It must also be
sustainable and of larger benefit. There is a need to create an R&D
base and institutions. Growth forecasts of Internet usage, especially
with e-governance, will create an employment potential for “cyber
doctors” and sleuths.
Testing and Certification. The outsourcing model has affected testing
and certification. Hardware and HR in this regard has to be Indian.
This can then be adapted for proactive defence.
Identification of Technologies . Section 4.2.3 of the Draft NCSP
mentions these. These should also include isolation of NWs within the
country, close monitoring of gateways and backbone, identification of
50. INDIA'S CAPABILITIES: PREPAREDNESS
IN CYBER SPACE
The New Context of PPP in National Security. National security has
traditionally been the sole responsibility of governments, but as the
world has moved into the information age, the new responsibility of
securing the critical information infrastructure (CII) against the rising
number of cyber attacks has come within the ambit of national
security.
Governmental Initiatives. In December 2014, Cabinet Secretary Ajit
Seth held a conference of Chief Information Security Officers of
important ministries in which he emphasized the need for greater
securitization of our cyber space.
In July 2014, the government split CERT-In's responsibilities so that
serious threats were not lost in the deluge of minor issues. CERT-In
now protects cyber assets in non-critical areas while the National
Critical Information Infrastructure Protection Centre (NCIIPC) protects
assets in sensitive sectors such as energy, transport, banking,
telecom, defence and space.
51. INDIA'S CAPABILITIES: PREPAREDNESS
IN CYBER SPACE
Security Inident - Early Warning & Response Creation of National
Cyber Alert System for Rapid identification & response to security
incidents and information exchange to reduce the risk of cyber threat and
resultant effects.
Aviation Sector In January 2012, NTRO officials alerted the Airports
Authority of India (AAI) to serious vulnerabilities in its cargo management
system at Chennai, Coimbatore, Kolkata, Amritsar, Lucknow and
Guwahati airports. Weak passwords and outdated operating systems
were the main problems and a single day's disruption would have sent
853 tonnes of cargo to the wrong destinations.
Telecom Sector India’s telecom network is equally vulnerable. Dhruv
Soi, founder of information security firm Torrid Networks, recalls a recent
assignment to test the networks of one of India's largest telecom
operators. He says his team got complete control of the company's billing
system within a week. Huawei and ZTE are already in telecom security
tangle and India is considering norms for import and testing of telecom
equipment in India.
52. INDIA'S CAPABILITIES: PREPAREDNESS
IN CYBER SPACE
Power Sector. There has been a surge in the spending in the
Power sector in India with an estimated spend of USD 5.8 billion as
part of the National Smart Grid Mission with the key objective of
turning around India’s ailing Power sector. Except for NTPC, which
has a dedicated CMP (Crisis management plan against Cyber
Attacks), none of the PSUs have any dedicated or Integrated Crisis
management plan in the event of a cyber incident. There has been no
Cyber incident on any of the Power plants in India as on date.
Space Sector. Satellite ground stations and communications
links are likely targets for space negation efforts since they are
vulnerable to a range of widely available conventional and electronic
weapons.
Energy Sector. Energy companies are becoming more security
conscious over cyber attacks, but the defence capabilities of the
industry have not kept pace with the sophistication of embedded
cyber technologies nor of the capabilities of sophisticated cyber
attackers.
53. INDIA'S CAPABILITIES: PREPAREDNESS
IN CYBER SPACE
Transportation. Supply chains are increasingly dependent on ICT
(Information and communication Technology). As systems like flow control
for highways and public transport are implemented, the potential damage that
can be caused by cyber attacks rises dramatically, too. More frequent use of
tracking and tracing systems and real-time control applications with web
interfaces also provide new and growing weak points to be attacked by cyber
criminals.
Banking and Finance. The banking sector of India neglects cyber
security in the absence of stern and effective cyber security regulatory
norms. Some basic level guidelines and recommendations have been issued
by Reserve Bank of India (RBI) but they are far from satisfactory and being
effective.
E- Governance. While announcing the Digital India project in his
Independence Day Speech, India’s Prime Minister, Mr Narendra Modi made it
obvious that e-governance is going to be a key area of focus for this
government. The Digital India project will provide people with a “cradle to
grave digital identity” that is “unique, lifelong and online”. Securing data at all
time is going to be a critical requirement that the government has to address
before embarking on this ambitious project.
55. CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
FINDINGS
As we grow more dependent on the Internet for our daily life activities, we also
become more vulnerable to any disruptions caused in and through cyberspace.
The existing laws are inefficient to restrain the cyber crimes and, thus presenting
a need to modify the existing laws through which these activities can be put on a
check.
There is a need of international cooperation of nations to crack down
efficiently on cyber crime, thereby ensuring that the development of the
internet cybercrime is not limited to states of boundaries.
The success of Digital India project would depend upon maximum connectivity
with minimum cyber security risks.
Although the National Cyber Security Policy of India was announced by Indian
Government in 2013 yet its actual implementation is still missing. The National
cyber security policy of India has also failed to take off and even if it is
implemented it is weak on numerous aspects like privacy violation in general
and civil liberties infringement in particular.
56. There is a need of international cooperation of nations to crack down efficiently on cyber crime,
thereby ensuring that the development of the internet cybercrime is not limited to states of
boundaries.
The success of Digital India project would depend upon maximum connectivity with minimum cyber
security risks.
Although the National Cyber Security Policy of India was announced by Indian Government in 2013
yet its actual implementation is still missing. The National cyber security policy of India has also
failed to take off and even if it is implemented it is weak on numerous aspects like privacy violation in
general and civil liberties infringement in particular.
Cyber security breaches are increasing world over and India is also facing this problem. There is a
dire need to protect critical Infrastructure likes banks, automated power grids, satellites , thermal
power plants, SCADA Systems, etc which are vulnerable to cyber attacks from around the world.
57. CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
In order to effectively analyze and prevent future cyber attacks, companies and
individuals must adopt suitable cyber security breach notification to appropriate
cyber authorities of India.
The data protection laws in India and the privacy laws in India are still in an
abysmal state.
India's approach to the exponential growth of cyber crime and warfare is marked
by ignorance and nonchalance. In just the first four months of this year, 6,700
Indian websites were attacked . Nearly 50 lakh PCs in India have been hijacked into
so called "botnet armies"; hackers are able to capture passwords, access files,
conceal their own identity and command these zombie machines to spew spam or
100 %
INCR
58. PARLIAMENTARY STANDING COMMITTEE REPORT :
Establishment of Protection Centre: The Committee noted the
existence of 20 types of cyber crimes, worldwide, With India amongst
the top five countries with respect to cyber crimes. It recommended a
growing need to protect its 11 critical sectors (power, atomic energy,
space, aviation, transportation, etc).
Institutions to Deal with Cyber Crime: The Committee recommended
the installation of a single, centralized body to deal with cyber crime.
The current setup involves overlapping responsibilities of many
departments, agencies and banks. Cyber crime cells should be
constituted in each state, district and block, connected to a centralized
system.
International Standards Organization Certification: The Committee
identified that government organizations should obtain the appropriate
certification for best practices related to information security.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
59. CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
Shortage of Manpower: Pointing out the inadequacy of existing
initiatives, it suggested conducting extensive training programmes
to overcome shortage of security experts and auditors, and skilled
Information Technology (IT) personnel in the country.
Funding for Research and Development: The Committee
highlighted the need for innovative research and development to
enhance security of cyber space. It expressed concern over
budgetary cuts in the sector as large funds are needed for the
development of key, strategic technologies.
External Hosting and New Technology: The Committee
recommended that despite the cost advantages of hosting websites
outside India, internet servers for critical sectors should be hosted
within the country to ensure security. The Committee,
acknowledging the possibility of cyber security breaches in NeGP
(National e-Governance Plan), recommended conducting surveys to
collect data on the matter and reducing such instances.
60. CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
General Recommendations :
Cyber security should be regarded as an integral component of National
Security. Urgent attention should be given to the issues of cyber crime,
cyber terrorism, cyber warfare and CII (Critical Info Infrastructure)
protection.
The NSA, through NIB (National information Board), should be put in
charge of formulating and overseeing the implementation of the country’s
cyber security policy within the ambit of a larger National Security Policy.
This body should be serviced by the NSCS (National Security Cyber
Specialist ) for policy measures and DIT (Department of Info & Technology)
and other departments (e.g. Telecom, space, etc.) for operational
measures.
A Cyber Coordination Centre should be established at the operational
level, staffed by personnel from the relevant operational agencies. This
centre would serve as a clearing-house, assessing information arriving in
real time and assigning responsibilities to the agencies concerned.
61. MHA : Nodal Agency For Handling Cyber Terrorism To handle
cyber terrorism and cyber crime, a slew of measures will be needed,
ranging from monitoring and surveillance, investigation, prosecution,
etc. Cyber terrorism should be regarded as a part of the nation’s
overall counterterrorism capabilities.
Headquarters IDS: Nodal Agency For Preparing The Country For Cyber
Warfare In All Its Dimensions The necessary structures should be
created in a time-bound manner. Since cyberspace is integral there
should be an appropriate interface between defense and civilian
departments.
NSCS (National Security Cyber Specialist ): Nodal Agency For
Coordinating The Efforts To Protect Critical Infrastructure Of The
Country This will require identification of the critical infrastructure
and formulation and implementation of strategies to ensure protection
of each component from cyber attacks.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
62. DIT : Creating the Necessary Cyberspace Situational Awareness,
Strengthening PPP, Promoting International Cooperation, And Other
Residual Measures. DIT will necessarily have other nodal
agencies. The interface between DIT and other agencies should be
smoothed out by the NIB.
Cyber Security Education, R&D And Training Should Be An Integral
Part Of The National Cyber Security Strategy. The government
should set up a well-equipped National Cyber Security R&D Centre to
do cutting edge cyber security R&D. Cyber security research should
also be encouraged in public and private universities and institutions.
DIT could come up with a roadmap for cyber security research in the
country. The country’s strengths in ICT should be leveraged.
DIT’s CERT: Nodal Agency, to Create and Share Cyberspace Situational
Awareness in the Country. DIT should make public aware of
risks, threats and vulnerabilities in cyberspace and how these should
be managed .
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
63. Disaster management and recovery : It must be an integral part of
any national cyber security strategy. The DIT should be the nodal
agency for such efforts and It should coordinate its efforts with NDMA
as also other government departments.
Create a Comprehensive National Security Strategy for Cyberspace.
The Prime Minister and Cabinet Committee on Security should
state that Cyberspace is a vital national asset and they should direct
National Security Council to create comprehensive national security
strategy for Cyberspace. A national strategy to secure cyberspace
should ideally provide a framework which is essential to our economy,
security and way of life. The cornerstone of such a strategy must
essentially be a public-private partnership.
Partner with Private Sector (PPP Model) Cyber Security is an important
task to be performed in order to ensure the security of the computer
networks and systems of both government as well as industries. This
JWG (Joint Working Group) should consist of representatives from
both government and the private sector.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
64. Secure Industrial Control Systems (ICS) & Supervisory Control and Data
Acquisition (SCADA) Systems. The Critical infrastructure organizations
have been using the SCADA system for gathering real time data,
controlling processes and monitoring equipment from remote locations.
The SCADA systems are used to monitor and control the delivery of
critical services such as power, waste treatment, nuclear power
generation, transportation and water supply. With the advancement of the
internet and the need for connectivity, SCADA Systems have turned open
ended (or networked architecture). The process of protecting SCADA
networks starts with the creation of a written security policy. Failure to
have a policy in place exposes the company to attacks, loss of revenue
and legal action.
Identification and Monitoring of Connection to SCADA Networks. To
protect SCADAs, it’s essential to identify each connection to the SCADA
network, evaluating the risk of exposure to attacks and implementing all
necessary countermeasures to mitigate them. Use of “demilitarized zones”
(DMZs) and data warehousing can facilitate the secure transfer of data
from the SCADA network to business networks.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
65. Real-Time Threat Protection Real time protection could be
implemented through a layered approach. Each layer of defense
represents categories of system components that must be hardened .
Perimeter Control - Internet or Corporate Perimeter Defense.
Network Architecture- Firewalls, Routers, Switches, VPNs.
Network Operating Systems- Active Directory, Domain Security.
Host Security- Server and Workstation Operating Systems.
Hardening of the SCADA Environment: Protocol and Services
Every SCADA system is based on commercial or open-source
operating systems that can be attacked exactly in the same way as any
other platform. It’s crucial to assess all the services exposed, and the
protocol adopted by removing and disabling unused services, to
reduce the surface of attack .
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
66. Authentication and Medium Control. Mobile storage mediums
are the main vectors used to infect control systems, despite that host
networks are isolated from the Internet. The administration console for
any network appliance must be protected. Wireless and wired
connections to the SCADA network and remote sites must be properly
defended.
Physical Security. All plants that host SCADA systems and
networks must be assessed. Their protection must be carefully
evaluated. It’s important to evaluate the overall infrastructure to
identify weaknesses, evaluate defense measures to implement, and the
expected benefits. Physical restrictions that could be applied to
improve security to prevent incidents are:
Restricted access to the site.
Restricted number of technicians responsible for maintenance.
No use of mobile support.
Segregated control network, no connection to other networks.
Each computer is locked in a restricted room or cabinet.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
67. PARLIAMENTARY STANDING COMMITTEE REPORT SUMMARY : CYBER
CRIME, CYBER SECURITY AND RIGHT TO PRIVACY
Roles and Responsibility – Management Management has a crucial role in
security. Its primary task is to provide a strong commitment for the implementation
of an efficient cyber strategy. That includes the assignment of cyber security roles,
responsibilities, and authorities for personnel.
Configuration Management Processes and Assessment. Configuration
management is a critical component for the security of the infrastructure, for both
hardware and software configurations. Configuration management begins with
well-tested and documented security baselines for various systems. Robust
performance evaluation processes are needed to provide organizations with
feedback on the effectiveness of cyber security policy and technical
implementation.
System Backups and Disaster Recovery Plans Recovery is the ability to restore a
compromised system to its operational status. Establishing a disaster recovery
plan is fundamental for rapid recovery from any incidents, such as cyber attacks.
Conduct Training for Cyber Education & Workforce Development . The
government should set up a well-equipped National Cyber Security R&D Centre to
do cutting edge cyber security R&D. Cyber security research should also be
encouraged in public and private universities and institutions.
68. PARLIAMENTARY STANDING COMMITTEE REPORT SUMMARY : CYBER
CRIME, CYBER SECURITY AND RIGHT TO PRIVACY
Legal Awareness with regard to the threat to ICT
infrastructure needs to be created and the necessary legal
provisions to ensure cyber safety must be developed. Substantive
laws dealing with illegal access, illegal interception, data
interference, misuse of devices computer-related forgery, child
pornography, etc. must be implemented.
Criminalization of Cyber Offences Cyber crimes usually originate
from states with comparatively lenient laws and enforcement
mechanisms. The key elements of effective cyber deterrence are:-
Attribution (understanding who perpetrated cyber attack).
Location (knowing where the strike came from).
Response (being able to respond, even if attacked first).
Transparency (being the cyber criminal’s knowledge of a state’s
capability and intent to counter cyber attacks with massive force.)
69. PARLIAMENTARY STANDING COMMITTEE REPORT SUMMARY : CYBER
CRIME, CYBER SECURITY AND RIGHT TO PRIVACY
National Security : Issues Relating To Privacy and Freedom of Expression
The paradox is that security measures intended to protect a democracy
can end up actually eroding civil liberties like individual privacy and freedom
of expression that are at the heart of the democratic setup: the right balance
needs to be struck between national security and civil liberties.
Investigation Procedures Due to the peculiar nature of cyber crime,
existing methods adopted by investigative agencies have been largely
unsuccessful. Specific search-and-seizure procedures, disclosure of stored
data, interception of content data and collection of traffic data are some of
the comprehensive regional frameworks which should be put in place to
further cyber crime investigation.
Preventing an Attack. There are two possible ways to prevent an attack:-
One is to deter the attacker by demonstrating the capability to inflict
punishment.
A second way to prevent an attack is to pre-empt the attacker. For the most
part, preventing cyber attacks is the responsibility of sovereign states
through various law enforcement agencies.
70. Thwarting an Attack The detailed knowledge needed to thwart an attack
would rest primarily with the owner of the target to incorporate requirement of
authorization to enter premises, monitoring and recording the use of the
system to detect unauthorized activities, periodic inspection of the integrity of
critical software and establishing and enforcing policies governing systems
security and responses to unexpected events.
Limiting Damage During a Successful Attack The central theme of this
initiative is to limit the damage as a result of an attack. This implies having
established response options at various levels to include preplanned
redundancy and the establishment of a priority structure to dynamically
reconfigure a system .
Reconstituting After an Attack Short-term reconstitution is the first step to
meet the most emergent threats to national security, life and property which
may include assessing damage and implementing a recovery plan. Long-term
reconstitution of facilities and information may also be required, especially
where physical damage has occurred. This will involve the identification and
stockpiling of long lead items.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
71. Improving the Defender’s Performance Information about the defense of the
system should be concealed from potential attackers, and the system
should be designed to give unsuccessful attackers as little information as
possible on which to develop improved attacks.
Post-Attack Reconstitution. This is an area where the system owner has
the central role, for only the owner can establish what is operating and what
has been shut down, what reconstitution alternatives exist and how remedial
measures can be affected operationally.
Improving Defensive Performance Through Lessons Learnt Exploitable
flaws in systems used, should be identified so that they can be
minimized/avoided in the future. Third-party assistance such as a security
organization with experience in a wide range of systems may be more
effective.
Assistance to Small- and Medium-sized Business (SMB) Enterprises
Adequate budgets, coupled with ineffective information security
management at the operational level, should be planned for cyber security of
Small & Medium Businesses in India.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
72. Lessons From Other Countries The experience of more technically and
economically advanced countries that are extensively networked could be
very useful in drawing up a national strategy for the protection of
cyberspace.
Compliance to Best Practices These relate to the management of security
and IT. They include ‘best practices’ for developing, installing, and
operating computers and networks so as to minimize security
vulnerabilities and risks. Best practices have been developed in areas
such as selecting and managing passwords, deploying firewalls,
configuring and upgrading systems, and planning for and responding to
security incidents.
International Cooperation International Cooperation is crucial to handle
cyber crime, cyber terrorism and in managing risks in cyber space. It is
necessary to participate in Multilateral Discussions on Rules of Behavior
in Cyberspace. The government should also consider joining the
European Convention on Cyber crime. A 24x7 nodal point for international
cooperation with cyber authorities of other countries should be set up.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD
73. Intelligence It is essential for India to continually search for information on
States, organizations and individuals who might engage in cyber attacks, and
to devise appropriate response mechanisms.
Capability Development India must determine its national requirements and
seek to establish national programs to detect block and determine the source
of hacking attacks. Cooperation with trusted States or international
organizations could significantly enhance the cost-effectiveness of national
and utility programs.
CONCLUSION: RECOMMENDATIONS AND THE i WAY
AHEAD