Cyber Security Research Centre Of India

We have consolidated our cyber security initiatives and cyber security research centre of India is an important part of the same. Our techno legal initiatives are unique in the sense that we manage both technical and legal aspects of cyber security.

We are hereby posting a media report about our initiative with prior approval. Hope our clients and various cyber security stakeholders would find this report useful.

Cyber crimes and cyber threats have changed the entire cyber security scenario. Previously firewalls and anti viruses were the notion of cyber security. Now cyber security responsibilities have become too tedious to be managed by a single person or institution.

Cyber security research and development is very crucial to strengthen cyber security of any institution and nation. Cyber security is a constant procedure thus we need to learn, adapt and improvise our cyber security initiatives and efforts on regular basis.

The need for cyber security research centre of India was imminent. Thanks to the efforts of private players, Indian cyber security research centre is no more a fiction. The exclusive techno legal cyber security research centre of India has already been functioning in India for long.

The present cyber security environment of India needs effective skills development to deal with growing cyber threats against India. There are numerous vexing cyber security issues in India that requires attention at the highest level. Further, cyber security laws in India and cyber security policy of India must also be formulated.

Cyber security issues and problems of India require techno legal solutions as neither technical nor legal solution in itself is sufficient. Further, participation of private players is also needed to strengthen cyber security of India as managing India’s cyber security problems, issues and challenges cannot be left for the Indian government alone to tackle.

A special attention must be given to critical infrastructure protection of India. Recently Indian government proposed establishment of national critical information infrastructure protection centre (NCIPC) of India that can help in protecting critical infrastructure of India.

In these circumstances the initiatives and efforts of Perry4Law Techno Legal Base (PTLB) are really praiseworthy. PTLB has established the exclusive techno legal cyber security research and development centre of India. This cyber security centre is the first of its kind in India and world wide.

The cyber security centre is a good blend of legal and technical capabilities of PTLB that makes it unique and very effective. Through its skills development and training initiatives, it would ensure offensive and defensive cyber security capabilities for India and other nations. Let us hope that this cyber security centre of PTLB would be an integral part of all cyber security initiatives of Indian government.

Source: Cyber Laws In India

Cyber Espionage Against India And Its Challenges, Solutions And Defences

If we analyse the Cyber Attacks Trends against India for the past few years it would be apparent that the frequency and sophistication of these Cyber Attacks has increased and developed a lot. The Cyber Attack by the Chinese Crackers at the computers in the Prime Minister's Office (PMO) of India in December 2009 is one such example.

In this incidence, the Crackers targeted India's key National Security Peoples including National Security Advisor M.K. Narayanan, Cabinet Secretary K.M. Chandrashekhar, PM's Special Envoy Shyam Saran and Deputy National Security Advisor Shekhar Dutt. The four and up to 26 others were specifically targeted in the Cracking exercise that was very successful.

The Cyber Espionage attack was very sophisticated and well executed. The E-Mail was routed through multiple proxy servers to defeat the Traceability. The Cracking Spyware was embedded in a PDF document to get it executed once opened. The Trojan Malware was programmed to carry out multiple functions, including downloading malicious files, accessing E-Mails and passwords and also accessing the desktop from a remote location.

In another incidence, it was reported that the Chinese Intelligence Agencies may have planted Malware in Computers and broken into the Headquarters of 33 Corps, the Army formation looking after most of the North-Eastern border with China. The Cyber Intrusion also planted a Trojan Horse to give Chinese Agencies remote access to the computer network at the 33 Corps Headquarters in Sukhna, near Siliguri, West Bengal.

 

In another incidence, many Computers of the Home Ministry were found infected with Malware. Reacting sharply, but wrongly, to these developments, the Union Home Ministry decided to ban the use of Internet by the lower rank staff up to section officers.

This was a “Defective Strategy” as banning use of Internet or Technology rather then developing Cyber Security Capabilities in India can never be a good choice. It is better to “Train” the staff rather than prohibiting them from using Internet.

The Home Ministry was barking the wrong tree as Security through Obscurity and Non-Access in itself and without further steps to develop Cyber Skills and Capabilities is a bad choice. The Government of India must concentrate upon “Capacity Development” of not only its employees but also its core Departments and Offices in order to tackle Cyber Espionage Attacks. Thus, Cyber Security Capabilities of India must be strengthened as soon as possible.

Cyber Espionage may be committed by an Insider or an outsider with the help of Internet and Computer. The problem is that Cyber Espionage is inexpensive and relatively easy to commit and it is also difficult to prove with absolute certainty. This is more so regarding “Authorship Attribution” that can pin point the liability to a Nation/Individual/Organisation.

Authorship Attribution is an important aspect of “Determining the Culpability” of an offender where the means to commit the offence are common and accessible to many people simultaneously. Data Mining and Profiling of the accused to “Attribute Culpability” to him/her alone is an emerging area of Cyber Crime Investigation but it is still far from perfect.

Having an effective Cyber Security Mechanism at place can help in prevention of majority of Cyber Espionage issues, but there is no full proof method of preventing Cyber Espionage. With adequate resources and time, a Cracker can penetrate and exploit the intended target.

The Cyber Security Policy of India must be urgently formulated that must incorporate provisions regarding Cyber Warfare, Cyber Terrorism, Critical Infrastructure Protection, Cyber Espionage, etc. In the ultimate analysis, enhancing Cyber Security of India is the ultimate solution.

Cyber Security In India

Cyber security in India has been increasingly seen as prerequisite to protect Indian cyberspace. However, it never remained a priority for Indian government and it always received an indifferent treatment.

Cyber security issues in India cannot be ignored in India any more. Even the Indian government has realised this bitter truth. However, this realisation has still not made much difference towards India’s approach to secure its cyberspace in general and critical infrastructure protection in particular.

The scenario has become more complicated when state actors have also joined the cyber attack scenario. In many cases cyber attacks are launched by state sponsored attackers. Such cyber attacks are more stealth and deadly in nature. At times such attacks also remain undetected for years.

The traditional methodology of securing computers by installing anti virus, firewalls and anti malware tools are also ineffective in such a situation. Although ensuring cyber security in absolute terms is next to impossible yet with patience and adequate cyber security skills development, India can develop cyber security capabilities.

There are many missing links that are hindering in the development of cyber security capabilities in India. Not only India must formulate suitable cyber security policy but India must also actually implement the same.