US News Organisations Under Cyber Attack

Media reports have announced that news organisations like Washington Post, Wall Street Journal, New York Times, etc are under cyber attacks. The Washington Post believes that it has been attacked by Chinese hackers. As per the allegations the attackers gained compromised their computer systems as early as 2008 or 2009, but the cyber breach was only discovered in 2011.

The computer systems of these newspapers were infected by a malware that was communicating with its command-and-control server associated with a Chinese hacking group.

It has also been reported that these new organisations have now removed the malware and have made their computer systems malware free once again. It seems the passwords of these computers were compromised that gave the crackers access to the computers of these news organisations.

Meanwhile, the Chinese Defense Ministry released a statement that claims that the “Chinese military has never supported any hack attacks. Cyber attacks have transnational and anonymous characteristics. It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence.”

Eric Schmidt, Google’s executive chairman, has described China as the most “sophisticated and prolific” hacker of foreign companies in his forthcoming book co-authored by Jared Cohen. According Schmidt Chinese state backed cyber crime is the biggest online threat in the world.

Crisis Management Plan For Preventing Cyber Attacks On The Power Utilities In India

Cyber security for power energy and utilities in India is a major cause of concern these days. As cyber attacks are increasing against India, power utilities are also vulnerable to these cyber attacks. To effectively tackle the menace of cyber attacks against India, a crisis management plan of India for cyber attacks and cyber terrorism is absolutely required. A crisis management plan (CMP) is essentially part of the anti cyber attack plan of India that is presently missing.

CMP pertaining to information and communication technology (ICT) is also an essential part of national ICT policy of India. The other parts of national ICT policy of India are cyber security policy of India, critical infrastructure protection policy of India, critical national infrastructure protection policy of India from cyber attacks, national security policy of India, etc.

The position of cyber security in India is not very good. There us a lack of cyber security awareness in India. Techno legal expertise to manage cyber security issues of India is also missing. The critical infrastructure protection in India is not satisfactory and we still miss an implementable critical ICT infrastructure protection policy of India. The critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to known and unknown malware.

Cyber security challenges for smart grids and utilities in India are well known in India. Realising the cyber security risks of power utilities and sector of India, the Power Ministry of India has directed all state governments to ensure that power utilities are ready with crisis management plans for restoring normalcy in the “shortest possible time” in case of disruptions in generation, transmission or distribution of electricity. Indian government has also recently announced that cyber security awareness brochures would be mandatory for hardware sales in India.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we welcome this move of Indian government and we believe that this is a good step in the right direction. This direction must include cyber security preparedness on the part of power utilities of India as well, if the same has not already been prescribed. As on date, the state government regulated power utilities are grossly deficient in ensuring cyber security for their respective grids.

The proposed CMP for power utilities of India should also have details about “hierarchical set up at various levels” to ensure effective handling of crisis situations. Such plans would be applicable for both public and private sector entities. The Central Electricity Authority (CEA) has already written to all state governments asking them to prepare crisis management plans with regard to power utilities of their respective states.

India must develop both offensive and defensive cyber security capabilities that must be robust enough to detect and nullify cyber warfare against India, cyber terrorism against India, cyber attacks against India, cyber espionage against India, etc. Cyber security of banks in India is still deficient. The business community must also keep in mind the cyber law due diligence requirements in India. Cyber due diligence for Indian companies is now a statutory obligation and failure to observe cyber due diligence can bring serious legal ramifications.

Power grids and utilities cyber security in India and their challenges are not easy to manage. They require a systematic, dedicated and security oriented approach on the part of Indian government. In fact, smart meters are becoming headache for power companies world wide.

With the advent of sophisticated and specially customised malware like Stuxnet, Duqu, Flame, etc critical infrastructures like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

Perry4Law and PTLB strongly recommend that Indian government must ensure cyber security of energy and utilities in India as soon as possible. SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

Cyber Security Awareness Brochures In India Mandatory For Hardware Sale

Cyber security awareness in India is still low among various stakeholders including software and hardware manufacturers, vendors, sellers, redistributors, etc. In a far reaching move, Indian government has decided to make it mandatory on the part of hardware sellers to provide cyber security awareness brochures while sale of such hardware.

Cyber security in India is of basic level. Sophisticated and complicated cyber security issues have yet to be managed by India. In particular, issues pertaining to cyber warfare against India and its defenses, cyber terrorism against India and its defences and solutions, cyber espionage against India and its challenges, solutions and defences, data security laws in India, critical infrastructure protection in India, cyber security laws in India, etc must be handled by India on an urgent and priority basis.

Reacting to various cyber threats, Indian government has prescribed the condition for hardware sellers to provide cyber security awareness brochures along with the hardware. Once implemented, every desktop computer, mobile phone, modem or USB stick will have to come pre-packaged with the cyber security awareness brochures.

The proposal is believed to have come from the a joint working group set up at the behest of the National Security Council Secretariat, which is looking at ways of increasing public-private partnership to strengthen India's cyber security preparedness.

However, hardware industry of India is not at all enthusiastic about this proposal of Indian government. They have their own fears and apprehensions in this regard especially those pertaining to logistical and supply chain management.

There is no doubt that the proposal given by Indian government is a good one and practical difficulties must be sorted out to make it an implementable one as well.

Cyber Security Awareness In India

Cyber security in India has been receiving the attention of various stakeholders. Whether it is private organisations and companies, individuals or government departments, all have realised the importance of effective and robust cyber security for their personal, public and professional needs.

Cyber security awareness in India is still at the infancy stage. There are very few cyber security research and development centers in India. At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we have been spreading public awareness about cyber security in India for long. The cyber security initiatives in India by PTLB are also unique in the sense that they are essentially techno legal in nature where both technical and legal aspects of cyber security are managed by us.

There are many crucial and critical cyber security issues that require attention of top policy makers of India. These include cyber warfare against India and its defenses, cyber terrorism against India and its defences and solutions, cyber espionage against India and its challenges, solutions and defences, data security laws in India, critical infrastructure protection in India, cyber security laws in India, etc.

PTLB is managing the exclusive techno legal cyber security research centre of India, national cyber security database of India (NCSDI), cyber crimes investigation centre of India, cyber forensics research and development centre of India, etc. These initiatives would not only strengthen the offensive and defensive cyber security capabilities of India but would also develop cyber forensics and cyber crimes investigation skills in India.

We hope these techno legal initiatives of Perry4Law and PTLB would prove useful to all concerned. If you are interested in online techno legal education, trainings, courses, skills development, etc of PTLB you may find the resources of institute for lifelong learning in India, e-learning in India by PTLB, virtual legal education campus in India, etc useful.

We hope our techno legal skills development, education and training courses would be beneficial for all the stakeholders. If you are interested in the techno legal courses of PTLB, you can fill the application form that can be downloaded from here. Additional information in this regard can be found here.

Cyber Security Initiatives In India By PTLB

In this annual report 2012 we are summarising the techno legal initiatives and projects that have been freshly undertaken and continued by us. These include awareness projects, research and development projects, trainings and education projects and initiatives, skills development initiatives and projects, etc.

Let us start with some background information before we go into the details of our cyber security projects and initiatives and other techno legal initiatives for the year 2102. Perry4Law is the exclusive techno legal ICT, IP and corporate law firm of India and one of the few in the world. Perry4Law is the umbrella organisation and other techno legal segments are supporting it.

Perry4Law’s Techno Legal Base (PTLB) is the leading techno legal segment of Perry4Law and Perry4Law’s Techno Legal ICT Training Centre (PTLITC) is the highly specialised and domain specific techno legal training provider of Perry4Law.

Both PTLB and PTLITC are managing the techno legal lifelong learning centre of India established by Perry4Law. PTLB is also managing the exclusive portal for techno legal e-learning in India and virtual legal education campus in India and techno legal e-learning centre of India.

Besides education and trainings, PTLB is also engaged in techno legal skills development in India and world wide, online dispute resolution (ODR) in India, e-courts research and consultancy in India, etc. PTLB is managing the techno legal and cyber security aspects of skills development, ODR, e-courts, etc as well.

We at Perry4Law, PTLB and PTLITC have been spreading techno legal cyber security awareness in India for long. We are managing the exclusive techno legal national cyber security database of India (NCSDI). We are also managing the exclusive techno legal cyber security research and development centre of India (CSRDCI). To supplement these cyber security initiatives in India, we are also managing cyber forensics research and development centre of India and exclusive techno legal cyber crimes investigation centre of India (CCICI).

Further, dedicated blogs on computer security in India, computer forensics in India, e-discovery in India, international ICT policies and strategies, etc have also been launched by us.

Our cyber security initiatives and projects in general and techno legal initiatives in particular are moving towards global level. If you think that your organisation or you in your individual capacity can be a valuable addition to our projects and initiatives, you may find the segment of MOU and tie up with PTLB useful. Send us your professional proposals and we may revert back to you for a suitable business collaboration opportunity.

Cyber Security Training In India Is Needed

Cyber security in India is crucial for national defence and none can doubt about it. This realisation has come at a time when there are many glaring cyber security problems of India.  Cyber security challenges of India have become so vexing that even the highest level of Indian government has starting talking about it.

However, mere talking is not enough as it is high time for India to act. While acting India must not commit the conventional and classic blunder of procuring hardware and software and assume that its cyber security requirements have been duly met.

There is an urgent need to protect the critical infrastructure of India that is increasingly dependent upon information and communication technology (ICT) these days. Cyber security issues in India like cyber warfare, cyber terrorism, cyber espionage, critical infrastructure protection, etc cannot be ignored by us any more.  

The cyber security reflections of India in the year 2012 showed a poor state of affairs in India. We have no dedicated cyber security laws in India as on date. Indian critical infrastructures are vulnerable to cyber attacks and we must ensure sufficient cyber security for the same. We at Perry4Law’s Techno Legal Base (PTLB) are managing some very effective techno legal cyber security in initiatives in India.

These include cyber security research and development centre of India (CSRDCI), national cyber security database of India (NCSDI), cyber forensics research centre of India, cyber crime investigation centre of India, cyber security research centre of India, etc. These initiatives intend to strengthen the cyber security capabilities of India and resolve the cyber security issues and problems in India.  

In the present interconnected world, cyber security capabilities of India must be urgently developed. In fact, Indian critical infrastructure and cyber security challenges and issues have assumed so much significance that Indian government declared the establishment of National Critical Information Protection Centre (NCIPC) of India. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India. 

In these circumstances, nothing is more important than having offensive and defensive cyber security capabilities of India.  The same cannot be acquired till we have techno legal expertise and skills development in India in this regard. At PTLB we are managing the exclusive techno legal cyber security skills development, training and education institution and centre of India. We are also providing lifelong cyber security training and education in India and world wide.

We hope our techno legal skills development, education and training courses would be beneficial for all the stakeholders. If you are interested in the techno legal courses of PTLB, you can fill the application form that can be downloaded from here. Additional information in this regard can be found here.

Offensive And Defensive Cyber Security Capabilities Of India

There are many glaring cyber security problems of India and challenges and the chief among them is to protect the critical infrastructure of India that is dependent upon information technology. Cyber security issues in India like cyber warfare, cyber terrorism, cyber espionage, critical infrastructure protection, etc cannot be ignored by Indian government any more.

The cyber security reflections of India have not shown a good picture about India. We have no dedicated cyber security laws in India as well. Indian critical infrastructures are vulnerable to cyber attacks and we must ensure sufficient cyber security for the same. We at Perry4Law Techno Legal Base (PTLB) are managing some very effective techno legal cyber security in initiatives in India.

These include cyber security research and development centre of India (CSRDCI), national cyber security database of India (NCSDI), cyber forensics research centre of India, cyber crime investigation centre of India, cyber security centre of India, etc. These initiatives intend to strengthen the cyber security capabilities of India and resolve the cyber security issues and problems in India.  

Maintaining cyber security at the international level is a tedious task. This is so because cyberspace does not recognizes any boundary and cyber attacks can be launched from any part of the world. While cyber attacks upon various computer systems and computer resources are cause of concern yet cyber attacks upon critical infrastructures is of grave concern.

Meanwhile, India is increasingly facing cyber attacks and cyber threats from foreign nationals. Cyber terrorism against India, cyber warfare against India, cyber espionage against India and cyber attacks against India has already increased a lot. Even the cyber law trends of India 2012 by various sources have also projected an increased rate of cyber crimes in India and cyber attacks against India in the year 2012.

The biggest cyber threat against India is originating in the form of cyber attacks upon Indian critical infrastructures. Critical infrastructure protection in India requires a well formulated policy. Presently we have no critical infrastructure protection policy of India. Further, critical ICT (Information and Communication Technology) infrastructure protection in India  is one area that requires special attention of Indian government.

In the present interconnected world, cyber security capabilities of India must be urgently developed. In fact, Indian critical infrastructure and cyber security challenges and issues have assumed so much significance that Indian government declared the establishment of National Critical Information Protection Centre (NCIPC) of India. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India. 

This is a good beginning and we at PTLB welcome this initiative of Indian government. At the same time we would keep on strengthening the techno legal cyber security capabilities of India from time to time.  

Why Indian Critical Infrastructure Are Vulnerable To Cyber Attacks?

In the present interconnected world, cyber security capabilities of India must be urgently developed. In fact, Indian critical infrastructure and cyber security challenges and issues have assumed so much significance that Indian government declared the establishment of National Critical Information Protection Centre (NCIPC) of India.

The best way to ensure critical infrastructure protection in India is to make it a part of national cyber security policy of India. Various cyber security issues of India must also be part of such cyber security policy of India. Further, besides energy, defense, transportation and telecommunication, the financial sector which includes banks and stock exchanges must be suitably protected in India. Unfortunately, till now cyber security challenges of India remain unredressed.

The reliance of consumers and businesses on the cyberspace and interconnected networks would continue to increase. Critical industries like electric, water, oil and natural gas, transportation, automotive, and aerospace are increasingly dependent upon Industrial Control Systems like Supervisory Control And Data Acquisition (SCADA).

In fact, SCADA has become the new cyber attacks battlefield against India. An attack upon SCADA is essentially an attack upon the critical infrastructure of a nation. The SCADA systems may involve a human machine interface (HMI), a supervisory system managing the processes, remote terminal units (RTUs) interacting with the supervisory systems, programmable logic controller (PLCs) usable as field devices, etc.

Initially, running on proprietary control these have evolved with the availability of low-cost Internet Protocol (IP) devices, thus increasing the possibility of cyber security vulnerabilities and incidents.

The arrival of technology and augmented accessibility of broadband connectivity together with smart phones have eased the way in which consumer interacts and transacts online. Moreover, with the mass use of e-governance applications under the mission mode projects (MMPs) where citizen services are being provided online, human rights protection in cyberspace of digital citizens (netizens) must be ensured. This has resulted in the emergence of some very unique “Digital Issues” that were not available before the traditional governmental functioning.

Businesses are trying to cater this digital citizen by providing a whole host of applications operating at various platforms through various channels. Cyber security of these platforms, channels and applications are utmost important for the government and industry to ensure trust in the customer.

We must focus on the national cyber security elements- Framework, Machinery, Responsibility and Operations for all the critical information sectors like power, energy and finance. Suitable deliberations must take place with cyber security stakeholders of India on operating technologies like smart grid and industrial control system; the security and privacy imperatives of e-commerce, m-commerce and e-governance application and platforms. The cyber security ramifications at the global level must also be analysed. If Indian government is willing to protect t its critical infrastructures all these issues must be kept in mind.

The Glaring Cyber Security Problems Of India

It is very difficult to predict the future cyber security issues in India or in other nations. Even it is very difficult to analyse all the cyber security issues, challenges and problems of India and other jurisdictions.

However, one thing is for sure. Cyber security challenges in India are going to increase with the advent of sophisticated malware like Stuxnet, Duqu, Flame, Shamoon, etc. These customised malware are targeting the critical infrastructures around the world. To tackle these malware, cyber security capabilities in India must be strengthened.

If we analyse the cyber security reflections of India the position is really worrisome. The cyber law, cyber crimes and cyber security trends by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have marked many shortcomings of Indian cyber security capabilities.

Critical infrastructure protection in India is not in a very good shape. We have no critical ICT infrastructure protection policy of India as well. The critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to known and unknown malware.

According to cyber security experts cyber attacks are affecting Indian critical infrastructure and we are not even aware of the same. Critical infrastructure protection in India is needed as soon as possible.

India must develop both offensive and defensive cyber security capabilities that must be robust enough to detect and nullify cyber warfare against India, cyber terrorism against India, cyber attacks against India, cyber espionage against India, etc.

The national imperatives of securing operational technologies like smart grids, oil and gas, public utilities, etc are too essential to be ignored by Indian government. Today protecting key economic assets like securing financial backbone and stock exchange, payment infrastructures and financial switches is need of the hour. This includes architecting security for new age banking to make them cyber secure. Cyber security of banks in India is still deficient.

The business community must also keep in mind the cyber law due diligence requirements in India. Cyber due diligence for Indian companies is now a statutory obligation and failure to observe cyber due diligence can bring serious legal ramifications. Ensuring business models, technology transformations and channel revolutions in the midst of organised, focused, advanced and persistent cyber threats is not an easy task.

With the growth of enterprise mobility, mobile applications and cloud enablement data driven businesses, techno legal issues have become more prominent. Social networking platforms have further complicated the scenario.

The Internet is truly global in nature and regional and national regulations and efforts cannot bring the desired results. Cyber law and cyber security issues are global in nature. Indian response to international cyber law treaty is not pro active. International cyber law treaty is required to be formulated as soon as possible.

Similarly, cyber security framework must ensure both national responsibility and global accountability. Any cyber diplomacy must congregate both national and international interests to be effective and enforceable. Thus, an international cyber security treaty is required to be formulated as well.

With a growing focus upon electronic delivery (e-delivery) of services in India additional responsibilities of securing technology transformation of governance must be ensured. The e-governance projects of India would bring cyber security challenges for which we need readymade solutions.

           

Similarly, cyber security enablement of growing electronic and mobile commerce would also be required. With the projected increase in volume and growth of commerce and e-commerce in India, cyber security as enabler must be ensured.

Further, civil liberties issues like human rights protection in cyberspace, balancing of national security and civil liberties, balancing of national security and right to information, etc must be kept in mind by India.

The management of consumer rights and business responsibilities in the information age is not an easy task. For instance, the present telemarketing policy of India is anti consumer. Similarly, the telecom dispute resolution process in India is also anti consumer.

The future of cyber security in India is tough to manage. The sooner we start working in this direction on ground level and actual basis the better it would be for the larger interest of India.

Indian Cyber Security Problems, Issues and Challenges Management

Cyber security initiatives of India have started gaining momentum. However, cyber security initiatives in India in India are still deficient on many aspects. After all, managing India’s cyber security problems, issues and challenges is not an easy task. In these circumstances establishment of the national cyber security database of India (NCSDI) assumes great cyber security significance. The cyber security research and development centre of India (CSRDCI) is also a timely initiative.

Undoubtedly, there are many cyber security issues of India that have still been left unattended. The cyber security issues and challenges in India require urgent attention of Indian government as we have already delayed this process.

India is facing cyber threats from cyber terrorism, cyber warfare, cyber espionage, etc and we must develop both offensive and defensive cyber security capabilities in India. India is also facing continuous and serious cyber threats that have been endangering the critical infrastructures of India. In these circumstances, there is an urgent need to strengthen critical infrastructure protection in India. We cannot achieve this task without ensuring cyber security skills development in India.

Concerns regarding insufficient cyber security in India have been raised for long but the Indian government remained indifferent to cyber security of India for long. However, some committed and dedicated private players have been playing a pro active role in strengthening the cyber security of India.

We at Perry4Law, Perry4Law Techno Legal Base (PTLB) and Perry4Law Techno Legal ICT Training Centre (PTLITC) have launched exclusive techno legal Cyber Forensics Research Centre Of India, Cyber Security Research Centre Of India And Cyber Crimes Investigation Centre Of India (CCICI) To Strengthen Indian Cyber Security And Cyber Forensics Capabilities.

Another major lacuna in the cyber security field is absence of implementable cyber security policy of India. Till various cyber security declarations and promises are actually implemented, they are of no use. As on date we have no implementable national cyber security policy of India.

Even basic level techno legal frameworks are missing in India. For instance, we have no dedicated cyber security laws in India. We also do not have dedicated encryption laws and regulations in India. Even Legal Framework For Mandatory E-Governance In India And Legal Framework For Cloud Computing In India are missing. The Mandatory E-Delivery Of Services In India is also missing.

India has to cover a long road in order to make its cyber security effective. It is high time to move beyond declarations and promises as they would not serve any purpose in the present times.