Slide1 l.jpg
This presentation is the property of its rightful owner.
1 / 28

NSCS National Perspective of Cybersecurity PowerPoint PPT Presentation

Defacement of Indian Railways. Websites. TXFER FAST ... Defacement of Indian Railways. Websites. NSCS. Source : DIT Annual Report 2005 ...

Download Presentation

NSCS National Perspective of Cybersecurity

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Slide1 l.jpg

National Perspective



Commander Mukesh Saini

Information Security Specilist

Head – National Information Security Coordination Cell

National Security Council Secretariat

For Rail-CERT meeting on 24 Oct 2005

Slide2 l.jpg

In 2004

the top ten most

re-defaced second/third level

.in ccTLD was

It was re-defaced 16 times.

Some of the site affected were,,,

Source : CERT-In White Paper 2004-01

Slide3 l.jpg

Defacement of Indian Railways


Source : CERT-In White Paper 2004-01

Slide4 l.jpg

Defacement of Indian Railways


Slide5 l.jpg

Why cyber crimes may increase


Cyberspace is increasing in India

Source : DIT Annual Report 2005

Indian cyberspace l.jpg

Indian Cyberspace

Slide9 l.jpg

IT sector underpins

Indian economy …

  • One of the fastest growing sectors of Indian industry.

  • A growth of 34% in rupee as well as dollar terms in exports during 2004-05.

  • Achieved CAGR of 30% in turnover and 37% in exports during last 5 years.

Source : DIT Annual Report 2005

Slide10 l.jpg

Growth of IT sector

  • Grew from 1.2% of GDP in 1997-98 to 4.1 % in 2004-05

  • BPOs grew at rate of 54% in 2003-04 directly employing about 2.5 lakhs personnel.

  • 4.1 crore cellphones. More mobiles than fixed line phones.

Source : DIT Annual Report 2005

E governance l.jpg


  • State wide area networks (SWANs) up to block level.

  • 25 mission mode projects

    • Income Tax

    • Passport & Visa

    • Land records

    • Police

    • E-Court etc.

  • Information Security is not the concern.

Source : DIT Annual Report 2005

E travel bookings in india in crores of rs l.jpg

E-Travel Bookings in India(in Crores of Rs)

Source : eStatsIndia B2C E-Commerce, Market Size and Forecast Study, 2005

Slide13 l.jpg

Projection Broadband Users Internet Users

End 2005 3 million 6 million

2007 9 million 18 million

2010 20 million 40 million


India’s Broadband Policy: Oct 2004

This represents a huge ‘Always On’ haven for Criminals…

Source : DoT Annual Report 2005

Slide14 l.jpg

In the rapid growth of IT sector

in India Information Security

has not been seriously

factored in.

Slide15 l.jpg

Unfortunately, the true extent of cybercrime in India not known due to lack of reporting, coordinated monitoring and collation

Slide16 l.jpg

Major Criminal Activities-2

  • Denial-of-Service

  • Spam

  • Cyber Squatting

  • Cyber stalking

  • Child Pornography

Slide17 l.jpg

Major Criminal Activities-3

  • Malicious code Proliferation

  • e-Extortion & Protection Rackets

  • Cyber Frauds

  • Cyberterrorism

Money not notoriety is the driving force


Cyber Crime has become organized Business.

Cybersecurity l.jpg


Top concerns l.jpg

Top Concerns

  • Lack of publicly stated National Information Security Policy.

  • Lack of trained & qualified manpower.

  • Non existent or weak institutions.

  • Non-exploitation of provision of IT Act 2000.

  • Lack of Assurance framework (standardization, Accreditation and Certification)

  • Lack of awareness & culture of cybersecurity

Other areas of concern 1 l.jpg

Other Areas of Concern-1

  • Rules and regulation under the IT Act to contain crime not framed and proposed amendments recommends diluting power of police.

  • No e-mail account policy especially for defence, police and agency personnel.

  • No cybercrisis management plan.

Concerns about railways network l.jpg

Concerns about Railways Network

  • Failure of ticketing & reservation system can cause social turmoil.

  • Failure of signaling system have physical security hazard

  • Failure of e - ticketing can cause financial losses.

  • Failure of other applications such as tracking of bogies can cause financial losses.

  • Compromise of train movements can provide necessary intelligence to adversaries

  • Compromise of financial transactions can motivate for frauds

Slide22 l.jpg


National Coordinator for Information Security

National Information Board


Defensive & Operational


Computer Emergency Response Team - India

Information Infrastructure Protection Centre


Development & Promotional Role

Various Ministries

Coordinators of Special Functions

Sector Cybersecurity Officers

cyber police stations

Organisational level CERTs

Information Security Technology Development Council



Defence Procurement Board

SCADA Protection

Assurance Framework

International Cooperation


Cyber Laws

Network Surveillance

Economic Intelligence



Awareness &Training


National Information Security Structure

Action initiated for information security l.jpg

Action Initiated for Information Security

  • National Information Board (NIB)

  • National Information Security Policy (NISP)

  • Information Security Task Force (ISTF)

  • Indo US Cyber Security Forum (IUSCSF)

  • Various Inter-ministerial working groups (IMWGs)

Action initiated for information security24 l.jpg

Action Initiated for Information Security

  • Information Infrastructure Protection Centre (IIPC)

  • National Internet Exchange of India (NIXI)

  • Computer Emergency Response Team –India (Cert-in)

  • Group of Sectoral Cybersecurity Offices (SCOs)

  • Information Security Technology Development Council (ISTDC)

  • Empanelment of VA teams by CERT-IN.

Cert in relationship with in india l.jpg


??? CERT



CERT ???

Naval CERT



CERT-In relationship with in India

Recommendations l.jpg


  • Widely publicise creation of CERT-Rail.

  • Create railways wide Information Security Policy. (based on ISO 17799:2005 standards and National Information Security Policy)

  • Close coordination between CERT-Rail & CERT-In.

  • Undertake Vulnerability Analysis of all networks.

  • Prepare 5 year roadmap for Cybersecurity activities

  • Host Railways websites on secure servers

  • Define e-mail account policy

  • Enforce best management practices information security

  • Launch Railways wide awareness campaign

Thank you l.jpg


  • Login