Technology in general and Information Technology in particular has made the work of the government easier, but it has also enhanced the risk of cyber threats. Moreover, following announcement of the Digital India initiative by Prime Minister Narendra Modi, the threat has acquired even larger proportions.
With a view to highlighting the cyber attack concerns and discuss possible ways to counter the threat, Elets Technomedia Pvt Ltd organised the 6th Annual SecureIT — a national conference on information safety and citizen security, in New Delhi on 13th March 2015. We reproduce the event in a nutshell here, along with the views expressed by the speakers.
Inaugural Session: Changing Times, Securing India
Bansi Dhar Sharma, Director-General, Sashastra Seema Bal, Ministry of Home Affairs, Government of India
SSB is a border guarding force spread along 2,450-km Indo-Bhutan and Indo-Nepal borders. Its sole aim is to ensure Seva, Suraksha and Bandhutva. But, information restricted to one police station would not help in crime prevention and detection.
Earlier, we only had information, but now we also have technology. We got communication but at its own pace. We want our men on the border to be smartly equipped with latest ICT tools so that they can give us the real time account of the situation. Crime has become very sophisticated since some criminals now use the latest technology. The police have also developed the equally sophisticated techniques to track down the criminals and the crimes.
Criminals are one step ahead of the police in terms of ICT tools and designs. So, it becomes necessary for the police to keep pace with the changing technology.
Life today without email, eCommerce, eBanking, eGovernance is unimaginable. Policing required integration of multiple data resources in short time, and ICT systems present an opportunity for police to increase their capabilities.
Some of the major initiatives taken by SSB are connecting units up to border via Wide Area Network (WAN) for video conferencing and maintaining Personnel Information Management System (PIMS), which stores complete information of each employee.
Shambhu Singh, Joint Secretary, Ministry of Home Affairs, Government of India
Over the period of time, it has been witnessed that the government programs and our actions in day to day life can be monitored. The Government has its schemes like Crime and Criminal Tracking Network and Systems (CCTNS), RSYB, DNA profiling, privilege communications and brain mapping and most of it is being implemented through ICT platforms. Increased collection of citizen data has been giving rise to the privacy concern. Further, information is being collected which is mandatory. Data related to health, travel, taxes, religion, education, finance, employment, disability, living situation, citizenship status, marriage status, crime records, etc. is being collected.
The moment you start a transaction, multiple data flows take place and these are all simultaneous. Such data transfers over internet with direct involvement of individuals is exposing individual to more privacy risk and challenging the businesses. The private sector also collects data for building relations and generating revenue.
Government along with civic society should debate on the challenges faced under cyber security threats. There is a need to develop our internal security that deals with such cyber security threats.
Ram Sewak Sharma, Secretary, DeitY, Ministry of Communications & IT, Government of India
Most of the critical infrastructures of our country are connected to each other, like railways are connected to large number of users. The more we get connected through IT, the more vulnerable we become from the cyber threats.
So, it becomes very important to secure cyberspace and applications from cyber threats. Banking is one of the most crucial areas. Everyone, who has an account, is able to do transactions online, which is open to cyber threats and anyone can easily attack the system and the whole thing would break down.
Initially some people were hacking the system to prove that they can do that, but now people have started doing economic crimes, stealing information that have turned into cyber warfare.
Closing down the system is not the solution for this problem; we have to be a step ahead on the curve to see that we have the best security systems available in the world so that we could secure our resources. Moreover, all the systems on open source are much more secure.
Several measures have been taken to guard against cyber threats. As part of the ‘Digital India’ campaign, we are creating National Cyber Coordination Centre (NCCC) and introducing secure emails. We are also putting up Malware and Botnet cleaning system, so that we can run this system in all our critical infrastructures to clean all the security threats.
R Chandrashekhar, President, NASSCOMM
It is very clear that ICT has become pervasive in our life. Be it any sphere of life, such as business, personal or leisure, it has pervaded us making life infinitely easy and better today. However, it has brought along with it a set of new problems also making it a mixed blessing.
The nature of people who were the cause of problems in cyber security has been changing over the years. Nonetheless, today it is a milieu, which includes nations, state players, non-state actors, petty criminals, gangs, youngsters, etc. Thus, today it is escalated to a point where the future of the country depends on how well technology is used. The present Government has made an article of it that technology will be the determinant of our economic progress and equally the biggest concern in that context is security.
India became the second largest base for internet users in the world overtaking the US as well. The industry has faced certain challenges in the past with regard to the security of information emanating from countries, which were getting their work done in India. Hence, the Data Security Council of India was set up in that context to look at some of these issues and the areas of standard, and how a industry could undertake a process compliance essentially in order to provide a level of comfort to the giant companies and the countries from which the data was originating and it was safe and secure. We have an IT industry which has established itself globally and commands 55 per cent share in the global sourcing industry in ICT, and we are not a significant player in the security space.
Session 1: Leveraging Technology, Ensuring Safe Cities: Importance of City Surveillance
Gaurav Dwivedi, CEO, MyGov, DeitY, Ministry of Communications and IT, Government of India
MyGov is a paradigm change in how the government seeks to engage with the citizens and various stakeholders in governance. In 2012, the Government of India had issued couple of guidelines for the citizen engagement framework and the social media guidelines and subsequent to that many government organisations across the country, including the central as well as the state governments have been leveraging social media for various purposes. The Digital India initiative of the Government of India has many different components, and MyGov is one of them with a specific intention of involving citizens directly both in the design and implementation of public policy.
There are 300 and more tasks and discussions that MyGov has performed over the last seven months with about 1 lakh submissions being made in terms of creative ideas. Further, to ensure the cyber security of the MyGov portal, we do have large number of guidelines and instructions in place.
Sajan Paul, Director- Systems Engineering- India and SAARC, Juniper Networks
We play a very important role in the telecom industry in India and across the globe, building a large scale data structure infrastructure. Juniper is not a holistic player providing all the solutions, but we focus on few areas. These include smart connectivity, smart security and smart cloud (since it is a very important piece of resource which actually has the capability to manage the data and provide actionable intelligences on the ground).
Today, mobile has become a part and parcel of our life and cloud is enabling it. In Karnataka, we have number of mobile applications which is very convenient. In Eastern Europe, there are 120,000 people and everybody is a hacker there, as per a report by The New York Times. The challenges are the growing number of attacks. Unless the intelligence is shared, we are unable to take any action. So, we are working on it.
Sunil Sharma, Vice- President, Sales and Operations, India and SAARC, Cyberoam
We have been hearing the concept of Smart Cities and almost everything is coming to a smarter level. This concept is so dynamic, but every other day, we are facing a new challenge. Around 78 Indian government websites were hacked in 2011-13 and around 16,000 incidents of spam took place in the government system alone in 2013.
The Government is taking initiative for dealing with such problems. They have set up National Cyber Coordination Centre for `1000 crore. There are so many solutions to so many problems. Cyberoam provides a single window for government’s IT needs. We have got 20,000 certifications and 600 plus people working out of Ahmedabad as a research and development facility and providing support to our customers and users. Being the only product in India from Gartner’s Headquarter, it has marked its presence in about 125 plus countries. We are one of the first companies to be a part of Gartner’s Magic Quadrant.
Sanjay Sahay, Additional Director General, Karnataka Police
With regard to cyber security, the scenario is not as simple as plain. Currently, a $14 billion request has been made for cyber security in US. Further, there is an executive order, which has already been passed for sharing cyber intelligence between corporations and the government. Inputs from various agencies have been brought down for the same. Today, surveillance has become ubiquitous. Talking about the importance of city surveillance, Homeland Security is a robust counter- terrorism mechanism. At present, we need a technological framework for safe and secure cities. It includes initiatives like Command and Control Centre, Cyber Security Interception System (a requirement-based deliverable system for Indian conditions), citybased video surveillance system (CBVSS), Tetra radio malware, etc.
For ensuring safe cities, we need video footages. It is the most patent way for intelligent gathering and preventive surveillance. In addition to it, video analysis would be done, which is a roadmap for video surveillances. In all, the dream is an intelligent citybased video surveillance national network.
Ranjan Dwivedi, Director General of Police, Home Guards, Uttar Pradesh
There is a limit to changing things. Leveraging technology in a big way is not possible unless it is done in an overall contextual reform and it involves and engages billions of people living in the country. When we come to the security system, we have had successful projects for criminal tracking and so on. Most of our governmental systems were designed keeping personal computers in mind. And now, we find that it is easier to engage people via mobile computing.
The number of smartphones today globally, is about four times the number of computers. In India, it is 30 times. Database sharing is done in a big way. In terms of CCTV security or smart city or camera-based security, we have also introduced a Modern Control Room in Lucknow.
HK Lohia, Inspector General, Jammu & Kashmir Police
There is no well-defined boundary between honesty and dishonesty, said O Henry, the American writer. India is the largest software making country in the world. Talking about the safe and smart cities, the objectives are ensuring safety and security of life and property and an unobtrusive security system. The safe city architecture includes surveillance system, screening system and emphasis on real time surveillance.
However, there are a few challenges related to it. Cyber security is the major one. Others include keeping commercial hubs safe, hassle-free checking at airports railways and security on highways and public places that need to be addressed.
The road ahead comprises the replication of ‘Made in India’ solution abroad, which will result in flourishing economy of the country.
Brijesh Singh, Special Inspector General, Criminal Investigation Department, Maharashtra Police
26/11 was the first time a terrorist organisation used a control room, and these people were monitoring various things. The terrorists are using simple technology, while we as government systems want to create large Godzillas. We want city-wide surveillance, which requires a lot of money and is a waste of time.
Large systems can be defeated by very small hacks. The way a government procurement works, or the way government develops these large systems is probably not suited to the performance we are looking for. For innovation, we require a different environment. We cannot have it in a bureaucratised command and controlled system. We will have to go for individual solutions, and change the system of procurement of government and have in-house innovation.
Session 2: Securing Big Data, Protecting Business
Amit Sharma, Additional Director, Office of Secretary Defence (R&D) and Scientific Advisor of Defence Minister, DRDO, Government of India
Big Data is essentially about the data people contribute. The moment you step on to the internet, you contribute something. Big Data started off with the notion of huge quantities of data, primarily structured and unstructured ones. It started from a technical view point to formation of a distributed file system, and subsequently distributed operating features in terms of computing aspects, and then clubbing both of them so as to provide certain application aspects to it. The primary classification is based on the value or the quantum of data, the velocity in which it is created and the veracity of it and the kind of content that is a part of it. The sources of Big Data are enormous, and it has got its own challenges, which are attributed to it.
Amit Sharma, Special Secretary, Jammu and Kashmir Government
When it comes to Big Data, Government is always a major stakeholder. Social networks are always a challenge. Big Data creation is always possible with lots of things happening like creation of Aadhaar.
As far as data management is concerned, some kinds of bans and restrictions are being imposed. For instance, prepaid mobile numbers of Jammu & Kashmir could not work outside the State and vice-versa. Further, social networks are also a challenge because at the national perspective, these challenges come all of a sudden. And the time we start controlling it, things have already been spread as fire. There is a big challenge of data management and data creation, which is a long due kind of affair. We are looking forward to creation of data centres where data should be stored and DR Centres to be created preferably out of the State. We can create lot of wonderful opportunities for people to get engaged into the IT management to have some kind of exploration of opportunities in a State like ours.
Anubhav Tyagi, Senior Solution Specialist- India and SAARC, SafeNet
Cyber security is a serious business that deserves serious attention at the highest levels of every organisation. 40 per cent growth in data volume every year has been witnessed and it will grow 50 times by 2020, and Cloud will play a major role in it. In the IOT market, $28.1 billion rise is expected by 2020. 90 per cent data in the world today has been created in the last two years alone. Further, new technology also leads to new threats.
Some of the benefits of big data include efficiency, transparency and accountability, which are the most important pillars for any kind of governance. We are sharing the data all around that is a major concern for security. The four pillars of security are data confidentiality, non-repudiation in transactions, and integrity of digitised information.
Additionally, we have IT Act of India, which defines that what kind of data needs to be protected. The security approach must always be data-centric. Apart from that, security should be thought of as enablement.
Dr Srinivas Josyula, Senior General Manager, National Institute for Smart Government (NISG)
As per Gartner’s 2012 definition, Big Data is high volume, high variety information assets that require new forms of processing to enable enhanced decision making, inside discovery and process optimisation. The four Vs for big data are Volume, Velocity, Variety and Veracity.
In India, Big data is at a very nascent stage. It will grow at 83 per cent annually to reach US$ 1 billion by 2050, says NASSCOMM. The Prime Minister is also using big data technique on My- Gov.in to translate popular mood into government action.
Today, for most of the institutions, product is the information and security is the key. But, we need some fundamental answers which we need to get before we collect a lot of data. Further, the question raises-“Who owns the security of this huge data?” There is a need for data sharing policy among the organisations, corporates and individuals. There must be guidelines which must be agreed upon, respected and then used. However, all this is possible via audits only.
Sanjay Jaju, Director, National Highways and Infrastructure Development Corporation Limited (NHIDCL), Ministry of Road Transport and Highways, Government of India
We have created a B2B platform, not very difficult to do in an eCommerce age, where we have enough capacity. On that portal, we opened registration for the cement companies. We told them that it is a portal which is being created and it will be used by the infrastructure providers, contractors, concessionaire, companies, State PWDs, NHIDCL, and any other infrastructure player might access it. So, it is for people to come to this portal and get themselves registered. 50 per cent of the cement companies participated and registered themselves on this portal.
It will be booking orders and based on those orders one can convert them into contracts. The moment we set up this portal, 36 different cement companies with more than 110 plants came on to this portal and offered 100 lakh metric tonnes of cement.
Shrikant Shitole, Senior Director, Business Development, Symantec Big Data Analysis Platform (BDAP)
We are the fourth largest software company in the world and the largest information security firm. Our ownership is much higher when it comes to securing the data and business arising out of the data. We have close to about 240,000 plus sensors spread across 200 countries and around more than 200 million clients who are on gateways.
When you look at the total number of programmes downloaded and the number of websites visited, we use Big Data Analytics Platfrorm (BDAP) to crunch the data and to understand the security vulnerabilities. When we are talking about the security as a company, it is all about the intelligence aspect. We are almost close to 300 rows per second when we talk about the Big Data Analytics in order to secure our clients.
Session 3: ICT for Securing National Assets, Vital Infrastructures and Border Management
, Deputy Director, General, National Informatics Centre (NIC), Government of India
The Ministry of Home Affairs (MHA) has got a framework for intermixing of IT and security. There are almost about 3500 data centres in the country both in the private and government sector. In the major data centres, they have got baggage scanners and they do real thorough checking of your baggage to be brought in to the data centres.
The security plan is to create a ‘feel safe’ security mechanism at all vulnerable points. A good data centre will not have any window, which is opening outside. A major amount of the resources are there to prevent any virus to develop into the systems.
In all data centres, we have got automatic sensors in order to keep away the vehicles that try to force-enter any area. Sometimes, CCTV is also built into the system to track the people walking in the allies, which are exterior to data centres to see that anything is not going under the sea for any mischief.
Raja Babu Singh, Inspector General, Indo-Tibetan Border Police Force
We guard 3488 kms of Tibetan border from Karakoram Pass in the western sector to Jachep La pass in Arunachal Pradesh to interlude in between Nepal and Bhutan, which are with the SSB. 21 years ago, everything was in manual form, but now we are heading towards digital transformation. The general critical infrastructure can be defined as those facilities, systems or functions whose incapacity would cause a negative impact on the national security and governance.
The critical infrastructure and key assets have got growing threats and growing vulnerability of the modern society. These critical sectors that we need to guard include energy, transportation, air, rail and water. Banking and Finance, telecommunication, law enforcement, security and intelligence, sensitive government organisations, etc. These are the areas we need to take care of.
To enhance security, threat detection vulnerability can be very effective measure in this direction. If we follow strict implementation of the cyber security policy, periodic audit of IT resources by domain experts in place; policy of crisis management, frequent cyber attack derails amongst all the stakeholders. Further, the government agencies will definitely improve the cyber security scenario of the country and will provide much needed security for national assets and vital infrastructure.
Rajeev Krishna, Inspector General, Border Security Force (BSF)
BSF is an organisation working for the protection of two international borders i.e. Indo-Pak border and Indo-Bangladesh border. Essentially for border guarding, we require good surveillance equipment. However, since the complexity of the border and the terrain in which they are deployed and operated within the same six or seven technologies available all over the world, the challenging part is to dovetail the particular type of technology and equipment to a particular type of terrain.
BSF is heavily into the Geographic Information System (GIS)- based obligations. These applications may take many forms and we are also in the process of equipping ourselves designing some applications based on GIS. The biggest issue about it is detailed map. Different types of applications based on these maps or other to be plotted or layered on them is another area in which we would like to have more cooperation from the industry. There is huge potential n this area. It is not only the physical or three-dimensional rendering of the equipment, assets etc., but also different types of analyses based on these maps.
Maj Gen Anurag Gupta, Advisor, Operations and Communication, National Disaster Management Authority (NDMA), Government of India
Nothing like ICT has ever been witnessed by human society. In terms of technology itself, its impact is visible on our lives and the pace of change has precipitated. At the core of the ICT revolution is the abstract and intangible commodity and that is information.
Whether it is data, intelligence or knowledge, information is a vital commodity having some rather unique attributes. It can be shared without its value being diminished. It can be stolen, but is not measureable. It can exist at more than one place at a time. Its non-linear impact yet even a small quantity can have a devastating effect.
The three objectives of Critical Information Infrastructure Protection (CIIP) are: to prevent cyber attacks against critical infrastructure, reduce national vulnerabilities to cyber attacks and minimise damage and recovery time from cyber attacks that do occur. However, there are few challenges like high costs and lack of financial investment in securing vital assets and critical infrastructure. The measures to handle these challenges are creation of few programmes like National Critical Information Infrastructure Protection Centre (NCIIPC).
Saurabh Khosla, Senior Consultant, SeMT, Government of NCT of Delhi
Today, cyber crime landscape includes flaws in ancient standards which might enable eavesdropping, spying etc. It is present in two forms: physical and digital, and is raised with the help of manual forces, digital forces and criminal intent. Nevertheless, to prevent these threats, various scientific tests are being conducted in both the physical as well as digital form. The forensics in physical world include finger prints, residual analysis, trace processing, while in digital forensics, we have live analysis, deleted files, network analysis and other processes.
Some other tools to prevent these cyber threats are Email tracers, Login checkers, Mobile checker, Disk checker, Registry analyser and so on and so forth. The implementation process involves identification, preservation, analysis and presentation. The innovation areas for the same are selfpolicing, use of innovative technologies, focus on evidence recognition, enhancement and documentation, strong documentation indicating security risks, a well-defined security policy and incident management team. Additionally, integrated task forces of security experts, prosecutors, administrators, investigators and criminal justice system will also help reduce the cyber threats.
Umakant Lal, Chief Vigilance Officer, Dedicated Freight Corridor Corporation of India Limited, Ministry of Railways, Government of India
We all know that ICT application has become an integral part of our system. So, areas of critical infrastructure like energy, rail transport and defence, etc. is concerned. The role of the ICT is very pre-dominant and we are using it in a huge manner everywhere.
In ICT security, there is a role of top management with the people who are working on the system. For them, there is a need of training in which we generally lack. When the people work in private industry or government organisations, they can always ask for the CERT India in order to get benefitted. We need an international corporation in dealing with the cyber crimes. A number of countries have enacted the law as well. Some of them raised the squads also, who are working in a wonderful manner. Earlier, the figure of cyber threats was very less, but by reaching 2015 it has already crossed many thousands. There are huge number of things we don’t know because there has been a tendency on part of the private people and the government authorities to not report the cases. One has to remove this tendency or we may land in some problem and the security of the vital organisations can be compromised.
Increasing Partnership to Counter Cybercrime in the World of New Age Social Media
Ashok Kumar, Additional Director General, Uttarakhand Police
Today, everything is in the reach of big powers. Whatever we do on computer, it goes through Google and can be tapped by them. They know each and everything we do. Nothing is safe and secure. Thus, security becomes important. In many states, cyber security is at a nascent stage and police needs to have a tap on social media. We need to do cyber patrolling. Cyber world is a virtual world though deeply connected to the real world. Hence, we need cyber patrolling on a regular basis. We need to have cyber intelligence as people are doing nuisance. Thus, it is a must and can be achieved with the help of various corporations.
Rajesh Aggarwal, Joint Secretary, Department of Financial Services, Ministry of Finance, Government of India
We have recently started talking about something called JAM, which includes Jandhan bank account, Adhaar linkage and Mobile banking. Keeping all the three things secure is a priority these days. After the Snowden revelations, privacy and safety of internet is more a matter of destiny and karma. So, godmen and private companies are doing their bit, but some governments also need to put in their efforts to make the things more secure. We all should try to come together to make this JAM system tasty and safe.
ElsaMarie DSilva, Managing Director and Co-Founder, Safecity
There is a global statistic where one in three women across the world experiences sexual violence at least once in their lifetime, and around 80 per cent of them do not report it officially. We tend to overlook the verbal and non-verbal kinds of harassment that occur on a regular basis.
Further, there are cases of stalking, be it online or offline. However, online stalking is increasingly taking place. Two years ago, this country witnessed a horrific rape in Delhi and that is when me and my friends decided to use technology in a way that people can share their experiences of violence. We wondered if we could use technology and data to create safe public spaces which were equally accessible to all. So, that’s how we started a crowd map, launched on 26th December 2012. Since then we have been collecting stories of sexual harassment in public places. We have almost 5000 reports from around 50 cities in India. We are trying to collect the information that people can read and further use it for their safety.