Slide1 l.jpg
Advertisement
This presentation is the property of its rightful owner.
1 / 28

NSCS National Perspective of Cybersecurity PowerPoint PPT Presentation

Defacement of Indian Railways. Websites. dop.rajasthan.gov.in. TXFER FAST ... Defacement of Indian Railways. Websites. NSCS. Source : DIT Annual Report 2005 ...

Download Presentation

NSCS National Perspective of Cybersecurity

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Slide1 l.jpg

National Perspective

of

Cybersecurity

Commander Mukesh Saini

Information Security Specilist

Head – National Information Security Coordination Cell

National Security Council Secretariat

For Rail-CERT meeting on 24 Oct 2005


Slide2 l.jpg

In 2004

the top ten most

re-defaced second/third level

.in ccTLD was railnet.gov.in.

It was re-defaced 16 times.

Some of the site affected were

er.railnet.gov.in,

ircot.railnet.gov.in,

irpmu.railnet.gov.in,

nfr.railnet.gov.in

Source : CERT-In White Paper 2004-01


Slide3 l.jpg

Defacement of Indian Railways

Websites

Source : CERT-In White Paper 2004-01


Slide4 l.jpg

Defacement of Indian Railways

Websites


Slide5 l.jpg

Why cyber crimes may increase

because

Cyberspace is increasing in India

Source : DIT Annual Report 2005


Indian cyberspace l.jpg

Indian Cyberspace


Slide9 l.jpg

IT sector underpins

Indian economy …

  • One of the fastest growing sectors of Indian industry.

  • A growth of 34% in rupee as well as dollar terms in exports during 2004-05.

  • Achieved CAGR of 30% in turnover and 37% in exports during last 5 years.

Source : DIT Annual Report 2005


Slide10 l.jpg

Growth of IT sector

  • Grew from 1.2% of GDP in 1997-98 to 4.1 % in 2004-05

  • BPOs grew at rate of 54% in 2003-04 directly employing about 2.5 lakhs personnel.

  • 4.1 crore cellphones. More mobiles than fixed line phones.

Source : DIT Annual Report 2005


E governance l.jpg

e-governance…

  • State wide area networks (SWANs) up to block level.

  • 25 mission mode projects

    • Income Tax

    • Passport & Visa

    • Land records

    • Police

    • E-Court etc.

  • Information Security is not the concern.

Source : DIT Annual Report 2005


E travel bookings in india in crores of rs l.jpg

E-Travel Bookings in India(in Crores of Rs)

Source : eStatsIndia B2C E-Commerce, Market Size and Forecast Study, 2005


Slide13 l.jpg

Projection Broadband Users Internet Users

End 2005 3 million 6 million

2007 9 million 18 million

2010 20 million 40 million

AND

India’s Broadband Policy: Oct 2004

This represents a huge ‘Always On’ haven for Criminals…

Source : DoT Annual Report 2005


Slide14 l.jpg

In the rapid growth of IT sector

in India Information Security

has not been seriously

factored in.


Slide15 l.jpg

Unfortunately, the true extent of cybercrime in India not known due to lack of reporting, coordinated monitoring and collation


Slide16 l.jpg

Major Criminal Activities-2

  • Denial-of-Service

  • Spam

  • Cyber Squatting

  • Cyber stalking

  • Child Pornography


Slide17 l.jpg

Major Criminal Activities-3

  • Malicious code Proliferation

  • e-Extortion & Protection Rackets

  • Cyber Frauds

  • Cyberterrorism

Money not notoriety is the driving force

&

Cyber Crime has become organized Business.


Cybersecurity l.jpg

Cybersecurity


Top concerns l.jpg

Top Concerns

  • Lack of publicly stated National Information Security Policy.

  • Lack of trained & qualified manpower.

  • Non existent or weak institutions.

  • Non-exploitation of provision of IT Act 2000.

  • Lack of Assurance framework (standardization, Accreditation and Certification)

  • Lack of awareness & culture of cybersecurity


Other areas of concern 1 l.jpg

Other Areas of Concern-1

  • Rules and regulation under the IT Act to contain crime not framed and proposed amendments recommends diluting power of police.

  • No e-mail account policy especially for defence, police and agency personnel.

  • No cybercrisis management plan.


Concerns about railways network l.jpg

Concerns about Railways Network

  • Failure of ticketing & reservation system can cause social turmoil.

  • Failure of signaling system have physical security hazard

  • Failure of e - ticketing can cause financial losses.

  • Failure of other applications such as tracking of bogies can cause financial losses.

  • Compromise of train movements can provide necessary intelligence to adversaries

  • Compromise of financial transactions can motivate for frauds


Slide22 l.jpg

NSCS

National Coordinator for Information Security

National Information Board

NTRO

Defensive & Operational

Cyberwarfare

Computer Emergency Response Team - India

Information Infrastructure Protection Centre

MC&IT

Development & Promotional Role

Various Ministries

Coordinators of Special Functions

Sector Cybersecurity Officers

cyber police stations

Organisational level CERTs

Information Security Technology Development Council

DIWA

RMA

Defence Procurement Board

SCADA Protection

Assurance Framework

International Cooperation

Cryptography

Cyber Laws

Network Surveillance

Economic Intelligence

Cyber

Forensic

Awareness &Training

PKI

National Information Security Structure


Action initiated for information security l.jpg

Action Initiated for Information Security

  • National Information Board (NIB)

  • National Information Security Policy (NISP)

  • Information Security Task Force (ISTF)

  • Indo US Cyber Security Forum (IUSCSF)

  • Various Inter-ministerial working groups (IMWGs)


Action initiated for information security24 l.jpg

Action Initiated for Information Security

  • Information Infrastructure Protection Centre (IIPC)

  • National Internet Exchange of India (NIXI)

  • Computer Emergency Response Team –India (Cert-in)

  • Group of Sectoral Cybersecurity Offices (SCOs)

  • Information Security Technology Development Council (ISTDC)

  • Empanelment of VA teams by CERT-IN.


Cert in relationship with in india l.jpg

CERT-Rail

??? CERT

CERT-IN

FINCERT

CERT ???

Naval CERT

Army CERT

Air-CERT

CERT-In relationship with in India


Recommendations l.jpg

Recommendations

  • Widely publicise creation of CERT-Rail.

  • Create railways wide Information Security Policy. (based on ISO 17799:2005 standards and National Information Security Policy)

  • Close coordination between CERT-Rail & CERT-In.

  • Undertake Vulnerability Analysis of all networks.

  • Prepare 5 year roadmap for Cybersecurity activities

  • Host Railways websites on secure servers

  • Define e-mail account policy

  • Enforce best management practices information security

  • Launch Railways wide awareness campaign


Thank you l.jpg

THANK YOU


  • Login