1 / 28

NSCS National Perspective of Cybersecurity

Defacement of Indian Railways. Websites. dop.rajasthan.gov.in. TXFER FAST ... Defacement of Indian Railways. Websites. NSCS. Source : DIT Annual Report 2005 ...

Marta
Télécharger la présentation

NSCS National Perspective of Cybersecurity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National Perspective of Cybersecurity Commander Mukesh Saini Information Security Specilist Head – National Information Security Coordination Cell National Security Council Secretariat For Rail-CERT meeting on 24 Oct 2005

  2. In 2004 the top ten most re-defaced second/third level .in ccTLD was railnet.gov.in. It was re-defaced 16 times. Some of the site affected were er.railnet.gov.in, ircot.railnet.gov.in, irpmu.railnet.gov.in, nfr.railnet.gov.in Source : CERT-In White Paper 2004-01

  3. Defacement of Indian Railways Websites Source : CERT-In White Paper 2004-01

  4. Defacement of Indian Railways Websites

  5. Why cyber crimes may increase because Cyberspace is increasing in India Source : DIT Annual Report 2005

  6. Indian Cyberspace

  7. IT sector underpins Indian economy … • One of the fastest growing sectors of Indian industry. • A growth of 34% in rupee as well as dollar terms in exports during 2004-05. • Achieved CAGR of 30% in turnover and 37% in exports during last 5 years. Source : DIT Annual Report 2005

  8. Growth of IT sector • Grew from 1.2% of GDP in 1997-98 to 4.1 % in 2004-05 • BPOs grew at rate of 54% in 2003-04 directly employing about 2.5 lakhs personnel. • 4.1 crore cellphones. More mobiles than fixed line phones. Source : DIT Annual Report 2005

  9. e-governance… • State wide area networks (SWANs) up to block level. • 25 mission mode projects • Income Tax • Passport & Visa • Land records • Police • E-Court etc. • Information Security is not the concern. Source : DIT Annual Report 2005

  10. E-Travel Bookings in India(in Crores of Rs) Source : eStatsIndia B2C E-Commerce, Market Size and Forecast Study, 2005

  11. Projection Broadband Users Internet Users End 2005 3 million 6 million 2007 9 million 18 million 2010 20 million 40 million AND India’s Broadband Policy: Oct 2004 This represents a huge ‘Always On’ haven for Criminals… Source : DoT Annual Report 2005

  12. In the rapid growth of IT sector in India Information Security has not been seriously factored in.

  13. Unfortunately, the true extent of cybercrime in India not known due to lack of reporting, coordinated monitoring and collation

  14. Major Criminal Activities-2 • Denial-of-Service • Spam • Cyber Squatting • Cyber stalking • Child Pornography

  15. Major Criminal Activities-3 • Malicious code Proliferation • e-Extortion & Protection Rackets • Cyber Frauds • Cyberterrorism Money not notoriety is the driving force & Cyber Crime has become organized Business.

  16. Cybersecurity

  17. Top Concerns  • Lack of publicly stated National Information Security Policy. • Lack of trained & qualified manpower. • Non existent or weak institutions. • Non-exploitation of provision of IT Act 2000. • Lack of Assurance framework (standardization, Accreditation and Certification) • Lack of awareness & culture of cybersecurity   

  18. Other Areas of Concern-1 • Rules and regulation under the IT Act to contain crime not framed and proposed amendments recommends diluting power of police. • No e-mail account policy especially for defence, police and agency personnel. • No cybercrisis management plan.  

  19. Concerns about Railways Network • Failure of ticketing & reservation system can cause social turmoil. • Failure of signaling system have physical security hazard • Failure of e - ticketing can cause financial losses. • Failure of other applications such as tracking of bogies can cause financial losses. • Compromise of train movements can provide necessary intelligence to adversaries • Compromise of financial transactions can motivate for frauds

  20. NSCS National Coordinator for Information Security National Information Board NTRO Defensive & Operational Cyberwarfare Computer Emergency Response Team - India Information Infrastructure Protection Centre MC&IT Development & Promotional Role Various Ministries Coordinators of Special Functions Sector Cybersecurity Officers cyber police stations Organisational level CERTs Information Security Technology Development Council DIWA RMA Defence Procurement Board SCADA Protection Assurance Framework International Cooperation Cryptography Cyber Laws Network Surveillance Economic Intelligence Cyber Forensic Awareness &Training PKI National Information Security Structure

  21. Action Initiated for Information Security • National Information Board (NIB) • National Information Security Policy (NISP) • Information Security Task Force (ISTF) • Indo US Cyber Security Forum (IUSCSF) • Various Inter-ministerial working groups (IMWGs)

  22. Action Initiated for Information Security • Information Infrastructure Protection Centre (IIPC) • National Internet Exchange of India (NIXI) • Computer Emergency Response Team –India (Cert-in) • Group of Sectoral Cybersecurity Offices (SCOs) • Information Security Technology Development Council (ISTDC) • Empanelment of VA teams by CERT-IN.

  23. CERT-Rail ??? CERT CERT-IN FINCERT CERT ??? Naval CERT Army CERT Air-CERT CERT-In relationship with in India

  24. Recommendations • Widely publicise creation of CERT-Rail. • Create railways wide Information Security Policy. (based on ISO 17799:2005 standards and National Information Security Policy) • Close coordination between CERT-Rail & CERT-In. • Undertake Vulnerability Analysis of all networks. • Prepare 5 year roadmap for Cybersecurity activities • Host Railways websites on secure servers • Define e-mail account policy • Enforce best management practices information security • Launch Railways wide awareness campaign

  25. THANK YOU

More Related