Offensive And Defensive Cyber Security Capabilities Of India

There are many glaring cyber security problems of India and challenges and the chief among them is to protect the critical infrastructure of India that is dependent upon information technology. Cyber security issues in India like cyber warfare, cyber terrorism, cyber espionage, critical infrastructure protection, etc cannot be ignored by Indian government any more.

The cyber security reflections of India have not shown a good picture about India. We have no dedicated cyber security laws in India as well. Indian critical infrastructures are vulnerable to cyber attacks and we must ensure sufficient cyber security for the same. We at Perry4Law Techno Legal Base (PTLB) are managing some very effective techno legal cyber security in initiatives in India.

These include cyber security research and development centre of India (CSRDCI), national cyber security database of India (NCSDI), cyber forensics research centre of India, cyber crime investigation centre of India, cyber security centre of India, etc. These initiatives intend to strengthen the cyber security capabilities of India and resolve the cyber security issues and problems in India.  

Maintaining cyber security at the international level is a tedious task. This is so because cyberspace does not recognizes any boundary and cyber attacks can be launched from any part of the world. While cyber attacks upon various computer systems and computer resources are cause of concern yet cyber attacks upon critical infrastructures is of grave concern.

Meanwhile, India is increasingly facing cyber attacks and cyber threats from foreign nationals. Cyber terrorism against India, cyber warfare against India, cyber espionage against India and cyber attacks against India has already increased a lot. Even the cyber law trends of India 2012 by various sources have also projected an increased rate of cyber crimes in India and cyber attacks against India in the year 2012.

The biggest cyber threat against India is originating in the form of cyber attacks upon Indian critical infrastructures. Critical infrastructure protection in India requires a well formulated policy. Presently we have no critical infrastructure protection policy of India. Further, critical ICT (Information and Communication Technology) infrastructure protection in India  is one area that requires special attention of Indian government.

In the present interconnected world, cyber security capabilities of India must be urgently developed. In fact, Indian critical infrastructure and cyber security challenges and issues have assumed so much significance that Indian government declared the establishment of National Critical Information Protection Centre (NCIPC) of India. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India. 

This is a good beginning and we at PTLB welcome this initiative of Indian government. At the same time we would keep on strengthening the techno legal cyber security capabilities of India from time to time.  

Cyber Security Council Of India Established

This article has reported that a cyber security council of India has been constituted by Indian government. We at Perry4Law Techno Legal Base (PTLB) welcome this move of Indian government as it was a much needed initiative. 

According to the report published by my colleague, the cyber security council of India has been constituted by Indian government. This is a good step in the right direction as such an action was long due on the part of Indian government.

Although this is a modest beginning yet if Indian government is committed this can transform into a major cyber security initiative by Indian government. I am hereby sharing the report of my friend for our readers.

Cyber security of India has finally got the attention of Indian government. Indian government has been announcing many initiatives that could strengthen cyber security of India. Although these initiatives have come late yet this is a good beginning from all counts.

Now it has been reported that the Indian government has launched a new and dedicated wing of the country's National Security Council Secretariat (NSCC). The function of the proposed wing would be to deal with the growing cyber threat especially those from cyber terrorists.

Cyber terrorism against India, cyber warfare against India, cyber espionage against India, etc are on rise and this dedicated wing can be really helpful in this regard. The wing would coordinate with other existing law enforcement agencies. The objective of the wing would be to keep both public and private computer safe from cyber attack and malicious activities.

The proposed wing would work in the direction of ensuring coordination among various government departments of India so that both national and international cyber threats can be countered. Gradually the wind would be extended to make its initiatives and efforts more holistic and wide.

However, India still needs to stress upon cyber security research and development. Till now we have a sole techno legal cyber security research centre of India that is managed by Perry4Law and PTLB.

PTLB is also managing the exclusive techno legal cyber security training and educational centre of India and techno legal centre of excellence for lifelong cyber security learning in India.

Close association and coordination with expert techno legal institutions like PTLB is the need of the hour. Let us hope that Indian government would collaborate and coordinated with institutions like PTLB to make its cyber security initiatives more holistic and effective.

Source: Techno Legal News

Indian National Cyber Security Database

This post talks about the latest techno legal cyber security initiative by Perry4Law Techno Legal Base (PTLB). The initiative is known as National Cyber Security Database of India (NCSDI) and it is a unique techno legal cyber security initiative.

In a much needed development, PTLB has constituted the first ever techno legal national cyber security database of India (NCSDI). This is a significant development that can go a long way on strengthening of cyber security of India.

The NCSDI is a part and parcel of much larger and more specialised initiative of PTLB. It is part of the exclusive techno legal cyber security research centre of India (CSRCI) managed by PTLB.

The NCSDI would consist of techno legal cyber security experts of India who should be enrolled with PTLB in this regard. Those interested in enrolling with NCSDI must read the enrolment criteria for the same.

NCSDI intents to fight against cyber threats and cyber attacks in India including cyber terrorism against India, cyber warfare against India, cyber espionage against India, critical infrastructure protection in India, managing India’s cyber security problems, issues and challenges, etc.

NCSDI would also be an essential part of various cyber security initiatives and projects of Indian government and private cyber security players of India and abroad.

NCSDI is a very ambitious and much needed initiative of PTLB that deserved support and collaboration of Indian government and various cyber security stakeholders. Let us see how NCSDI and CSRDI would strengthen the cyber security environment of India.

Source: Cyber Laws In India

Cyber Security Council For India Formulated

It has been reported that an Indian cyber security council has been constituted. Although it is a belated move yet it is a good step in the right direction. At Perry4Law Techno Legal base (PTLB) we welcome this step of Indian government.

Cyber security cannot be managed till we have governmental will and public support. We cannot have public support till the government actually takes some concrete steps in the direction of strengthening of cyber security. One such step has been taken by Indian government.

According to the report published by my colleague, the cyber security council of India has been constituted by Indian government. This is a good step in the right direction as such an action was long due on the part of Indian government.

Although this is a modest beginning yet if Indian government is committed this can transform into a major cyber security initiative by Indian government. I am hereby sharing the report of my friend for our readers.

Cyber security of India has finally got the attention of Indian government. Indian government has been announcing many initiatives that could strengthen cyber security of India. Although these initiatives have come late yet this is a good beginning from all counts.

Now it has been reported that the Indian government has launched a new and dedicated wing of the country's National Security Council Secretariat (NSCC). The function of the proposed wing would be to deal with the growing cyber threat especially those from cyber terrorists.

Cyber terrorism against India, cyber warfare against India, cyber espionage against India, etc are on rise and this dedicated wing can be really helpful in this regard. The wing would coordinate with other existing law enforcement agencies. The objective of the wing would be to keep both public and private computer safe from cyber attack and malicious activities.

The proposed wing would work in the direction of ensuring coordination among various government departments of India so that both national and international cyber threats can be countered. Gradually the wind would be extended to make its initiatives and efforts more holistic and wide.

However, India still needs to stress upon cyber security research and development. Till now we have a sole techno legal cyber security research centre of India that is managed by Perry4Law and PTLB.

PTLB is also managing the exclusive techno legal cyber security training and educational centre of India and techno legal centre of excellence for lifelong cyber security learning in India.

Close association and coordination with expert techno legal institutions like PTLB is the need of the hour. Let us hope that Indian government would collaborate and coordinated with institutions like PTLB to make its cyber security initiatives more holistic and effective.

Source: Cyber Laws In India

Cyber Security Challenges In India

Cyber security issues in India have added a new variety of challenges for India. Till now cyber security in India and its challenges and problems are well known and India has also realised that urgent attention in this direction is needed. For instance, the cyber security challenges for the smart grids in India were realised during the recent power outrage in India.

This is just the beginning of the cyber security journey of India. Critical infrastructure protection in India is not undertaken in the manner required. Even we have no critical ICT infrastructure protection policy of India  that can provide norms and best practices for critical infrastructure protection in India.

On top of it, stealth and sophisticated malware like Stuxnet, Flame, Shamoon and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to both known and unknown cyber attacks.

There are many concepts that were not even acknowledged by India a few years back. For instance, concepts like cyber warfare against India and its defenses, cyber terrorism against India and its defences and solutions, cyber security in India and its challenges and problems, cyber espionage against India and its challenges, solutions and defences, etc were never considered to be a threat by India.

Now it is well known that these concepts are not just theoretical concepts but actual and potential threats to any nation. India has also realised this bitter truth that also without much loss of crucial information and data.

Of course, strategic computers at Indian defence forces, governmental departments, etc were successfully breached and compromised. In many cases, India was not even aware of such compromise and there may be incidences where such compromise are still present and are undetected.

As on date we have neither a strong cyber law nor effective cyber security capabilities in India. Further, if we analyse the cyber security reflections the trend is really troublesome. The cyber law, cyber crimes and cyber security trends by Perry4Law and Perry4Law Techno Legal Base (PTLB) have shown the loopholes of Indian cyber security capabilities.

We at Perry4Law and PTLB strongly recommend that Indian government must stress really hard upon developing both defensive and offensive cyber security capabilities. The sooner it is done the better it would be for the national security of India in general and cyber security of India in particular.

Cyber Espionage Against India And Its Challenges, Solutions And Defences

If we analyse the Cyber Attacks Trends against India for the past few years it would be apparent that the frequency and sophistication of these Cyber Attacks has increased and developed a lot. The Cyber Attack by the Chinese Crackers at the computers in the Prime Minister's Office (PMO) of India in December 2009 is one such example.

In this incidence, the Crackers targeted India's key National Security Peoples including National Security Advisor M.K. Narayanan, Cabinet Secretary K.M. Chandrashekhar, PM's Special Envoy Shyam Saran and Deputy National Security Advisor Shekhar Dutt. The four and up to 26 others were specifically targeted in the Cracking exercise that was very successful.

The Cyber Espionage attack was very sophisticated and well executed. The E-Mail was routed through multiple proxy servers to defeat the Traceability. The Cracking Spyware was embedded in a PDF document to get it executed once opened. The Trojan Malware was programmed to carry out multiple functions, including downloading malicious files, accessing E-Mails and passwords and also accessing the desktop from a remote location.

In another incidence, it was reported that the Chinese Intelligence Agencies may have planted Malware in Computers and broken into the Headquarters of 33 Corps, the Army formation looking after most of the North-Eastern border with China. The Cyber Intrusion also planted a Trojan Horse to give Chinese Agencies remote access to the computer network at the 33 Corps Headquarters in Sukhna, near Siliguri, West Bengal.

 

In another incidence, many Computers of the Home Ministry were found infected with Malware. Reacting sharply, but wrongly, to these developments, the Union Home Ministry decided to ban the use of Internet by the lower rank staff up to section officers.

This was a “Defective Strategy” as banning use of Internet or Technology rather then developing Cyber Security Capabilities in India can never be a good choice. It is better to “Train” the staff rather than prohibiting them from using Internet.

The Home Ministry was barking the wrong tree as Security through Obscurity and Non-Access in itself and without further steps to develop Cyber Skills and Capabilities is a bad choice. The Government of India must concentrate upon “Capacity Development” of not only its employees but also its core Departments and Offices in order to tackle Cyber Espionage Attacks. Thus, Cyber Security Capabilities of India must be strengthened as soon as possible.

Cyber Espionage may be committed by an Insider or an outsider with the help of Internet and Computer. The problem is that Cyber Espionage is inexpensive and relatively easy to commit and it is also difficult to prove with absolute certainty. This is more so regarding “Authorship Attribution” that can pin point the liability to a Nation/Individual/Organisation.

Authorship Attribution is an important aspect of “Determining the Culpability” of an offender where the means to commit the offence are common and accessible to many people simultaneously. Data Mining and Profiling of the accused to “Attribute Culpability” to him/her alone is an emerging area of Cyber Crime Investigation but it is still far from perfect.

Having an effective Cyber Security Mechanism at place can help in prevention of majority of Cyber Espionage issues, but there is no full proof method of preventing Cyber Espionage. With adequate resources and time, a Cracker can penetrate and exploit the intended target.

The Cyber Security Policy of India must be urgently formulated that must incorporate provisions regarding Cyber Warfare, Cyber Terrorism, Critical Infrastructure Protection, Cyber Espionage, etc. In the ultimate analysis, enhancing Cyber Security of India is the ultimate solution.

Cyber Security In India: Its Challenges And Problems

Cyber Security in India is gaining importance day by day. However, the same is not a result of any Cyber Security Policy of India but due to the problems that India is facing. India has for long ignored Cyber Security aspect and this has caused tremendous loss to it. Now Cyber Security Problems of India have reached a stage where if immediate action is not taken, it may cause irreversible and irreparable loss to India.

The chief problem that India is facing from cyber front pertains to threats emanating form Cyber Warfare field. Cyber Warfare against India and its Defences is one area that requires special attention of our Policy Makers. We need a dedicated work force to take care of this sensitive and crucial field.

Another concern that is repeatedly conveyed to Indian Government is that Critical Infrastructure Protection in India is needed. As on date India is not vulnerable to Cyber Attacks targeting Critical Infrastructure of India. However, this is not because India has advance Critical Infrastructure Protection (CIP) Mechanism at place but because India has outdated and ancient Infrastructure at place. The moment modern and ICT enabled Infrastructure would be used by India to support its Critical Infrastructure, the problems of India would increase manifolds.

For instance, the recent power failure of India has raised concerns not only in India but also World wide. Although the power outrage was claimed to be caused due to Defective Power Infrastructure, yet even in modern Power Infrastructure such a situation can occur. Cyber Security of automated Power Grids of India has not been contemplated by Indian Government so far.

Sophisticated Malware like Stuxnet and Duqu have already proved that Critical Infrastructures around the World like Power Grids, Nuclear Facilities, Satellites, Defense Networks, Governmental Informatics Infrastructures, etc are vulnerable to diverse range of Cyber Attacks. The truth is that Cyber Attacks are affecting Indian Critical Infrastructure and we are not even aware of the same.

Another area that must be on “Priority List” of Indian Government pertains to Cyber Terrorism. Cyber Terrorism against India and its Defences and Solutions has not been developed by India so far. This must be done now to prevent any further loss due to activities of Cyber Terrorists against India.

We must develop Cyber Security Capabilities of India as soon as possible. Further, we must also keep in mind the Importance of Cyber Forensics for India. Keeping this in mind, development of suitable Cyber Forensic Investigation Solutions in India are needed to Prevent and Defend various types of Cyber Attacks.

The list is endless and this article is not intended to cover all the aspects of Cyber security Problems of India. However, the top three Cyber Security Problems of India have been discussed by me. I would discuss more in this regard in my subsequent articles.

Cyber Security In India: Some Reflections

Cyber security in India is one of the areas that have received a low priority attention of Indian government. Early warnings regarding lack of cyber security in India were given from time to time. However, as the issue has little political significance, it always remained a non existing issue for the political community of India. Naturally, there are many missing links existing in the cyber security of India.

Meanwhile, cyber attacks against India kept on increasing. Strategic and military computers of India were targeted and successfully compromised for months till India became aware of such compromise. Cases of cyber espionage, cyber warfare and cyber terrorism also increased against India, some known and some still unknown. There is no second opinion that the cyber security capabilities of India must be strengthened.

The cyber security of Indian satellites and critical infrastructure is also required to be strengthened. An implementable critical ICT infrastructure policy of India is also required to be formulated as soon as possible. Although the establishment of a national critical information infrastructure protection centre (NCIPC) of India has been proposed, till now no such centre has been established.

The cyber laws and cyber security trends of India 2011 by Perry4Law and Perry4Law Techno Legal Base (PTLB) has clearly showed the cyber security vulnerabilities of India. The cyber law trends of India 2012 have also projected an increased rate of cyber crimes in India and cyber attacks against India in the year 2012. These projections have now come true and India has become really vulnerable to cyber crimes and cyber attacks.

While protecting its cyberspace, India must maintain a balance between national security and civil liberty protection requirements. Human rights protection in Indian cyberspace must be ensured. Even United Nations must actively come in support of human rights in cyberspace. Protecting civil liberties in cyberspace must be a top priority for UN and national governments.

With this background note, we welcome all our readers to this platform. We would cover both national and international cyber security issues, developments, policies and news at this platform. As far as possible, we would also try to add supplemental contents pertaining to cyber forensics, ICT policies, e-discovery, open source movement, cyber security trainings, etc. Thanks for showing interest in our platform and visiting this blog.