Ads

Ads
Center Of Excellence (CoE) For Internet Of Things (IoT) In India

Sunday, February 3, 2013

Cyber Security Policy Of India

Cyber Security is an issue that tries to protect and preserve the Information Technology Infrastructure (ITI) of a Nation. Since Cyberspace is boundary less it is possible to attack the ITI of any Nation from any place.

We are still dealing with the Cyber Security issues in India. Although India has formulated the Cyber Security Strategy but it is more on the side of prescribed guidelines alone. The practical and actual implementation of the same is still missing.

Policies and Strategies issues are best implemented practically and effectively if they are made part of the National Policies. Till now we have not formulated a National Cyber Security Policy of India that is implantable at National level.

The Cyber Security Policy of India must cover areas like Cyber Laws, Cyber Crimes, Transnational Technological Crimes, Cyber Attacks, Cyber Warfare, Cyber Terrorism, Cyber Espionage, Human Rights Protection in Cyberspace, Critical Infrastructure Protection Plan, Critical ICT Infrastructure Protection, Crisis Management Plan, etc.

Till now there is no National Cyber Security Policy of India that covers these issues and is implementing the same. Our websites are frequently defaced, strategic computers are often compromised, sensitive defence documents are occasionally stolen and cyber espionage against India is frequently committed.

I also understand that it is not possible to have an absolute Cyber Security. The notion of having an absolute Cyber Security is a “Myth” as we cannot ensure absolute Cyber security anywhere. There are exploits and vulnerabilities, both hardware and software based, that cannot be anticipated and tackled in advance. In fact, “Zero Days Exploits” are the most difficult one to anticipate and handle. In these types of exploits all Cyber Security Measures proves ineffective and futile.

Further, human beings are usually the weakest link in the Cyber Security infrastructure and Social Engineering is the easiest way to break into a Computer System. Besides being easy, Social Engineering can be incredibly cheap. Social Engineering is the hardest form of attack to defend against because an individual or organisation cannot protect itself with hardware or software alone.

Both Government Departments and Private Companies must have good employee’s awareness activities and information dealing policies in place and the employees must strictly follow these policies. The employees must be willing to ask relevant questions while dealing with a request to provide sensitive information.

Indian Government must also focus upon Techno Legal Cyber Security Skill Development for its employees and departments. Suitable Techno Legal Cyber Security Courses must be made available to Government departments and employees. All these issues must be made part of the Cyber Security Policy of India that should be formulated and implemented as soon as possible.

Source: ICTPS Blog.
Posted by at No comments:

Cyber Security Of Indian Satellites And Critical Infrastructure

We are living in a technology era where technology is both a friend and foe. It is up to us to work in this direction and ensure on which side technology should be. If technology is used for delivery of public services, we have the benefits of concepts like e-governance and e-commerce. On the other hand if the technology is used for causing wrong or harm to others we face concepts like cyber crimes, cyber attacks, cyber warfare and cyber terrorism.

Cyber warfare, in its basic form as well, is now a well accepted cyber threat. Cyber warfare against India is also well known and we must formulate a cyber warfare policy for India to counter such threats. Indian defense and security against cyber warfare needs to be upgraded and strengthened.

Similarly, terrorism and cyber terrorism are also posing big security problems for India. Indian counter terrorism capabilities are not sufficient and there is an urgent need to strengthen the same. Similarly, cyber espionage and cyber terrorism against India is also well known.

To start with we must have a robust and effective cyber security in India. We must also have an implementable cyber security policy of India. The cyber security policy must keep in mind both the preventive as well as offensive cyber attacks and cyber defense capabilities.

Critical infrastructure protection in India needs to be undertaken on a priority basis. We must have a critical infrastructure protection policy of India that must be strenuously followed by all governmental departments, organisations and even by private service providers.

For instance, supervisory control and data acquisition (SCADA) systems are a favourite target for cyber criminals and cyber terrorists. By targeting SCADA these cyber miscreants can damage the critical infrastructure of India. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

Malware like Stuxnet and Duqu have already shown how critical infrastructures and SCADA systems are vulnerable to cyber attacks. Indian critical infrastructures have also been targeted by these Malware. It is believed that Stuxnet was responsible for shutting down an Indian communication satellite. Similarly, these Malware have also been targeting Indian nuclear systems and facilities.

Even the government computers have been comprised successfully in India in the past. Recently Indian National Informatics Centre’s (NIC) server were compromised and used to attack computers of other nations. Even satellites of various nations have been compromised and taken control of by terrorists and enemy nations.

These developments are serious enough and they must be sufficient for Indian government to formulate an implementable cyberspace crisis management plan of India. Of course, national security policy of India, cyber security policy of India, critical infrastructure protection policy of India, cyber warfare policy of India, etc must be integral part of the same. The sooner these steps are taken the better it would be for the larger interest of India.

Source: ICTPS Blog.
Posted by at No comments:

DARPA Would Develop Offensive And Preventive Cyber Capabilities

The Defense Advanced Projects Research Agency (DARPA) has been working hard to develop its cyber capabilities. It includes both offensive and defensive cyber capabilities. The seriousness of United States in this regard is also apparent from the fact that the US government’s advanced research unit has decided to increase its funding for cyber research by 50 percent over the next 5 years. This has been decided in response to the increased threat of cyber terrorism and cyber warfare that US is facing.

The DARPA, held it’s first-ever symposium to discuss how the U.S. military can better protect itself from foreign-backed hackers. DARPA’s director, Regina Dugan, told conference members the agency will work to develop offensive cyber capabilities as well as maintaining defensive lines.

Recent cyber attacks on multinational firms and institutions, ranging from Google, Citigroup, U.S. Senate's website to the International Monetary Fund, have raised fears that governments and the private sector are ill-prepared to beat off hackers. To tackle these sophisticated cyber criminals there is an urgent need to beef up offensive cyber capabilities.

DARPA’s conference would follow several months of discussion among security experts and military personnel as to how the U.S. should balance its offensive and defensive cyber weapons.

In a typical cyber attack by an enemy State, the critical infrastructure is the first choice. Estonia witnessed this truth in the past. Further, in cases of cyber warfare and cyber terrorism also critical infrastructure is the chief target of cyber attack. An international cyber security treaty can be a good solution for dealing with this problem at the international level.

Source: ICTPS Blog.
Posted by at No comments:

National Counter Terrorism Centre Of India: The Problems And Solutions

This is the research analysis of Perry4Law and Perry4Law Techno Legal Base (PTLB) regarding the legality, constitutionality, requirements, etc of establishment of national counter terrorism centre of India. Perry4Law and PTLB have outlined all the legal constitutional and administrative issues at a single place so that parliament of India, home ministry and Indian government can consider the same. Perry4Law and PTLB hope that this analysis would be useful for all concerned.

National counter terrorism centre (NCTC) of India has been facing many ups and downs. This is despite the fact that national counter terrorism centre (NCTC) of India is required to meet the growing national security requirements of India.

However, there are many constitutional, legal and administrative challenges that NCTC is facing. In the past the NCTC of India was downsized in its nature, scope and functions. Now NCTC of India is facing stiff oppositions from various States that consider establishment of NCTC as an encroachment upon their law and enforcement powers and federalism features of Indian constitution.

However, these objections and oppositions are mostly politically motivated and are not truly striking at the real problem from which NCTC has been suffering. The real issue that must be demanded by political parties is that parliamentary oversight of intelligence agencies of India is needed. Till now there is no parliamentary scrutiny of the intelligence agencies in India.

Indian Government is too reluctant to ensure parliamentary oversight for intelligence agencies and law enforcement agencies of India. If this is not enough, Indian government has been launching new projects having serious “constitutional ramifications” and “civil liberties violation” effects.

For instance, the national counter terrorism centre (NCTC) project of India, national intelligence grid (Natgrid) project of India, Aadhar project of India, crime and criminal tracking network and system (CCTNS), etc are not governed by any legal framework and parliamentary oversight. Indian government is not willing to understand and accept that intelligence work is not an excuse for non accountability.

For some strange reasons intelligence infrastructure of India has become synonymous for non accountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of intelligence agencies of India.

Even a basic level effort to enact a legal framework for intelligence agencies of India is missing in India. The first and foremost challenge to such parliamentary oversight mechanism comes from the intelligence agencies themselves that do not wish to be governed by any rules and norms at all. Then we have “bureaucratic hurdles” in India that do not allow such a legal framework to be proceeded with. Finally, the parliament of India itself is not interested in bringing these intelligence agencies within the fold of parliamentary oversight.

Take the example of the recent private bill titled intelligence services (powers and regulation) bill, 2011. It was shelved out by none other than the Indian Prime Minister Dr. Manmohan Singh who announced that law on intelligence agencies would be formulated soon. However, it proved nothing but a “time gaining tactics” and so far intelligence agencies of India are not governed by any legal framework and parliamentary oversight. Interestingly, even the central bureau of investigation (CBI) is riding the same boat. The draft central bureau of investigation act, 2010 is another example where the Indian government is just interested in making “declaration” with no actual “intention” to implement the same.

In these circumstances, can the States trust the Centre regarding the establishment of National Counter Terrorism Centre (NCTC) of India? The answer is definitely negative even if States keep their “political interests” aside. Of course, there are “practical difficulties” and “internal turf war” among various agencies and ministries of Central government a well. It seems the obvious but unsolvable terrorism dilemma in India would continue as national interest of India and fighting terrorism is not a “national priority”.

Till now the constitutionality of the national investigation agency act 2008 (NIAA 2008) has not been accepted by States and now NCTC has been launched through an “executive order”. The practice of clubbing new projects, agencies and institutions with existing laws is a bad approach. So NCTC without a legal framework is definitely unconstitutional and even tagging it with the Unlawful Activities (Prevention) Act, 1967 would not save it from the patent and apparent unconstitutionality with which it is suffering.

The NCTC project of India is also “very significant” for the national security of India. Terrorist attacks against India are on increase and we need a “specilaised institution” like NCTC to provide and analyse valuable intelligence inputs and leads.

The real problem seems to be “lack of coordination and harmonisation” between the Centre and States. The Constitution of India has made a clear demarcation between the legislative, executive and judicial powers of Centre and State. The NIAA 2008 and NCTC are sitting at the “border line” of the legislative and executive powers of Centre that can be challenged by various States.

The intentions of Home Minister of India are good but the concerns of States are also of equal force. Further, the turf war between multiple intelligence agencies operating under different government ministries is also causing problem for the successful establishment of NCTC. Even there is a lack of proper planning and management on the part of Union Home Ministry that is causing delayed implementation of projects like Natgrid, NCTC, CCTNS, etc.

If the Home Minister really wants his projects to become successful, he has to think well beyond the present “parameters and objectives” set by Indian government in general his own ministry in particular. A good starting point can be formulation of a “constitutionally sound legal framework” that can confer legitimacy and constitutionality to projects like NATGRID, NCTC, CCTNS, etc. Obviously, States must be taken into confidence before starting any such legislative exercise.

This must be supplemented by sound planning and management. The projects of Home Ministry are neither simple nor easy to execute. They required dedicated efforts from all directions. Experts from diverse fields must be on panel of Home Ministry so that these Projects can be successfully implemented. We are sure Home Minister would have already considered these aspects and we wish all the best to him in this regard.

Source: ICTPS Blog.
Posted by at No comments:

Saturday, February 2, 2013

National Critical Information Infrastructure Protection Centre (NCIPC) Of India

In the recent times, there is an increasing stress upon cyber security at the international level. This is so because cyber attacks are happening at the international level and all the countries are facing this threat.

Countries are trying to coordinate cyber security initiatives at national and international levels. However, cyber security in India is still not up to the mark. India is increasingly facing cyber attacks and cyber threats from foreign nationals.

The cyber laws and cyber security trends of India 2011 by Perry4Law and Perry4Law Techno Legal Base (PTLB) has clearly showed the cyber security vulnerabilities of India. The cyber law trends of India 2012 have also projected an increased rate of cyber crimes in India and cyber attacks against India in the year 2012.

For instance, cyber terrorism against India, cyber warfare against India, cyber espionage against India and cyber attacks against India have increased a lot. Presently, we do not have a strong cyber law to deter cyber attacks and cyber crimes. Further, we have no cyber security laws in India as well.

Cyber security is also crucial to protect critical infrastructure protection of India. Critical infrastructure protection in India requires a well formulated policy. Presently we have no critical infrastructure protection policy of India. Even critical ICT infrastructure protection in India is required.

A national critical information infrastructure protection centre (NCIPC) of India has been proposed. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India.

There are few prerequisites that can make the NCIPC of India successful. Firstly, there must be a centralised ICT command centre of India that can coordinate various cyber security issues. Secondly, specialised agencies and authorities must be constituted for critical infrastructure areas like power, telecom, defense, etc. These agencies and authorities must coordinate with the centralised command centre for cyber security related issues.

Ministry of communication and information technology (MCIT) has already taken certain initiatives in this regard. For instance, a central monitoring system (CMS) project of India has been launched by MCIT to monitor and intercept electronic communications, messages and information. Further, a national telecom network security coordination board (NTNSCB) of India has also been proposed to strengthen the national telecom security of India.

However, there is a big problem in the successful implementation of all the abovementioned projects and initiatives as well as the NCIPC of India. Indian government has been avoiding parliamentary oversight of these projects. This is a bad precedent that needs to be urgently taken care of. We need urgent parliamentary oversight for e-surveillance in India, Internet censorship in India, intelligence gathering in India, intelligence authorities of India, central bureau of Investigation, law enforcement agencies of India, Aadhar project of India, etc.

Even privacy laws in India, data security laws in India, data protection laws in India, etc are urgently required to be formulated. The cyber law of India must be suitably amended, perhaps repealed, to make a more robust and stringent cyber law of India. We need dedicated cyber security legal framework in India and cyber forensics laws in India.

For too long Indian parliament has been ignoring its crucial legislative business and it is high time for Indian parliament to do the needful in this regard. Contemporary techno legal issues cannot be left at the mercy and indifference of Indian parliament and Indian government as that may have serious adverse effects upon Indian economy and national security of India.

Source: ICTPS Blog
Posted by at No comments:

National Cyber Coordination Centre (NCCC) Of India

Cyber law issues, cyber security and national security are on agenda of Indian government these days. However, till now cyber security in India is not upto the mark and cyber law of India requires an urgent repeal. This is because the entire approach and attitude of India government is defective.

Indian government has failed to understand that e-surveillance is not a substitute for cyber security capabilities. Instead of developing cyber security capabilities of India, the Indian government is stressing upon growing use of e-surveillance in India and Internet censorship in India.

All these exercises of India government have been done without any legal framework supporting these initiatives of Indian government. Phones are tapped in India without a constitutionally valid phone tapping laws in India. The central monitoring system project of India (CMS Project of India) is also not supported by any legal framework. Surveillance of Internet traffic in India is also another area that requires a sound legal framework. Various authorities with far reaching powers have been created without any legal backing.

Now the government has proposed setting up of National Cyber Coordination Centre (NCCC) of India. The NCCC would provide actionable alerts to government departments in cases of perceived security threats. It is hoped that this would help in fighting terrorists and other cyber criminals.

The NCCC will scan whole cyber traffic flowing at the point of entry and exit at India’s international Internet gateways. The web scanning centre will provide actionable alerts for proactive actions to be taken by government departments. All government departments will now talk to the Internet Service Providers (ISPs) through NCCC for real time information and data on threats. Presently, the monitoring of web traffic is done by Centre for Development of Telematics (C-DoT) which has installed its equipments at the premises of ISPs and gateways.

All tweets, messages, emails, status updates and even email drafts will now pass through the new scanning centre. The centre may probe further into any email or social media account if it finds a perceived threat.

India’s National Security Council Secretariat (NCSC) has asked various departments to assess their needs for officials, who will coordinate with the scanning agency. The National Security Council handles the political, nuclear, energy and strategic security concerns of the country.

This can be another agency without a legal framework. Creating agencies without legal framework is counter productive as it violates civil liberties and human rights. The Indian government must keep this in mind while creating NCCC.

Source: ICTPS Blog
Posted by at No comments:

Cyber Security Of Banks In India And RBI

Reserve Bank of India (RBI) has in the past constituted a Working Group on Information Security. The Working Group submitted its initial report a few months back. RBI invited public comments upon that report and after analysing these comments, it issued a “Notification” asking the banks of India to comply with its recommendations.

Multiple deadlines were demarcated by RBI for implementation of its recommendation by banks of India. While not all these recommendations are mandatory some of them are and banks of India must comply with the same till October 31, 2011. These mandatory recommendations pertain to policies and procedures which do not require extensive investment.

For instance, RBI has directed that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest. This is a policy decision that may be required by RBI to be implemented till October 31, 2011.

However, it seems the recommendations of the RBI have still not been implemented. Till now there are no signs that cyber security of banks has been streamlines. ATM frauds, credit card frauds, phishing frauds, Internet banking frauds, etc are increasing in India. In fact, RBI ombudsman office is flooded with ATM frauds related complaints.

Recently RBI imposed penalty upon 19 banks for non compliance of prescribed standards. Similarly, RBI has also directed that any strictures passed against directors of a bank by any financial sector regulators must be reported to it. Non compliance of the recommendations of RBI Working group may attract both penalty and strictures.

Banks need to adopt techno legal measures to prevent ATM and other similar frauds. Further, cyber due diligence trainings for bank employees can also be beneficial in this regard. Banks must also appoint steering committees and CIOs as soon as possible.

Source: ICTPS Blog.
Posted by at No comments:

Managing India’s Cyber Security Problems, Issues and Challenges

One area where lot of stress and importance is given these days is cyber security of India. India remained indifferent towards cyber security for long hence it has to work really hard to make its cyber security infrastructure proper, effective and robust. There are many cyber security issues of India that have still been left unattended. The cyber security issues and challenges in India require urgent attention of Indian government as we have already delayed this process.

India is facing cyber threats from cyber terrorism, cyber warfare, cyber espionage, etc and we must develop both offensive and defensive cyber security capabilities in India. India is also facing continuous and serious cyber threats that have been endangering the critical infrastructures of India. In these circumstances, there is an urgent need to strengthen critical infrastructure protection in India. We cannot achieve this task without ensuring cyber security skills development in India.

Concerns regarding insufficient cyber security in India have been raised for long but the Indian government remained indifferent to cyber security of India for long. However, some committed and dedicated private players have been playing a pro active role in strengthening the cyber security of India.


Another major lacuna in the cyber security field is absence of implementable cyber security policy of India. Till various cyber security declarations and promises are actually implemented, they are of no use. As on date we have no implementable national cyber security policy of India.

Even basic level techno legal frameworks are missing in India. For instance, we have no dedicated cyber security laws in India. We also do not have dedicated encryption laws and regulations in India. Even Legal Framework For Mandatory E-Governance In India And Legal Framework For Cloud Computing In India are missing. The Mandatory E-Delivery Of Services In India is also missing.

India has to cover a long road in order to make its cyber security effective. It is high time to move beyond declarations and promises as they would not serve any purpose in the present times.

Source: CSRDCI.
Posted by at No comments:

International Cyber Security Treaty Is Required

The threats of Cyber Crimes and Cyber Security attacks are alarming these days. As more and more Critical Infrastructure is connected to Information and Communication Technology (ICT), a need has been felt to protect Critical ICT Infrastructures all over the World.

In a typical Cyber Attack by an Enemy State, the Critical Infrastructure is the first choice. Estonia witnessed this truth in the past. Further, in cases of Cyber Warfare and Cyber Terrorism also Critical Infrastructure is the chief target of Cyber Attack.

It is surprising that despite the seriousness of the issue we have no International Cyber Law Treaty and International Cyber Security Treaty. International Organisations and Institutions have still not taken Cyber Crimes and Cyber Security very seriously. Even Human Rights Protection in Cyberspace has not been taken by seriously by all concerned.

Organisations like United Nations, North Atlantic Treaty Organisation (NATO), etc have also not shown much interest in this regard in the past. Now these Organisations have taken notice of the nuisances of Cyberspace and they are gradually shifting their attentions to Cyber Crimes and Cyber Attacks.

International Organisations dealing with Human Rights, Cyber Law and Cyber Security must start thinking in this direction as issues like Cyber Warfare, Cyber Terrorism, Cyber Espionage, Cyber Crimes, E-Surveillance, Unlawful Interceptions, etc are “Transnational” in nature.

If different Countries would have different laws for these issues, it would be very difficult to truly enforce protective provisions against these menaces at National and International levels. It is high time for UN to seriously consider issues like International Cyber Law Treaty, International Cyber Security Treaty and Protection of Human Rights in Cyberspace.

Source: ICTPS Blog.
Posted by at No comments:

US International Strategy For Cyberspace

Cyberspace issues have assumed great importance for countries around the world. This is the reason why issues like Cyber Law and Cyber Security have become an essential part of national as well as international ICT policies and strategies.

Although cyberspace is a boundary less place yet there is no internationally acceptable cyberspace treaty till now. Even the basic International Cyber Law Treaty, which can be uniformly accepted by all countries of the world, is missing. Till now India is not a part of this cyber law treaty.

United States (US) has recently revealed its international strategy for cyberspace to promote an open and secure information and communications infrastructure. US will work internationally to promote an open, interoperable, secure, and reliable information and communications infrastructure that supports international trade and commerce, strengthens international security, and fosters free expression and innovation, said US Secretary of State Hillary Clinton in remarks during the release of strategy at the State Department.

To achieve that goal, we will build and sustain an environment in which norms of responsible behavior guides states actions, sustains partnerships, and support the rule of law in cyberspace, she added.

What they are able to do in cyberspace, whether they can exchange ideas and opinions openly, freely explore the subjects of their choosing, stay safe from cyber criminals, and engage in professional and personal activities online, confident that doing so will remain private and secure, depends a great deal on the policies that we will adopt together, she added.

Of late, Civil Liberties of netizens are openly violated in the name of national security. We have already voiced our concerns in India in this regard. We have also dedicated an initiative titled Human Rights Protection in Cyberspace that has been providing Techno Legal ICT Policies and Strategies for protecting Civil Liberties in Cyberspace.

While US initiative is praiseworthy, it cannot succeed till it collaborates at international level. We may secure some aspects of cyberspace at national level but at international level it is an altogether different issue. But at least a good step has been taken by US and we welcome the same.

Source: ICTPS Blog.
Posted by at No comments:

NATO Requests Cyber Security Cooperation From India

In the absence of international cyber crimes treaty and international cyber security treaty, the next best thing is to have mutual cooperation between various countries. However, nothing can benefit more than an international cyber security cooperation that is urgently required.

In the absence of international harmonisation, the concept like cyber warfare still haunts the international community. This is also the main reason for blame game for various cyber attacks. However, mere suspicion or blame without actual authorship attribution for cyber attacks can produce only insignificantly beneficial results.

Recently India and US had signed a cyber security cooperation agreement. Now North Atlantic Treaty Organisation (NATO) has sought stronger cooperation with India to counter growing cyber threats, particularly emanating from China. Top NATO officials listed cyber security very high on the list of possible areas of cooperation, which included counter-terrorism, missile defence and anti-piracy operations.

"The cyber world does not recognise alignments. It only understands switches," said a top NATO official during a briefing to visiting Indian journalists, while making a strong pitch for joint efforts to combat cyber threats.

The NATO official made this remark in context of India's sensitivity against military alliances and its commitment to non-alignment. He suggested this could be a functional alignment in which both sides could give and take.

"India has an advanced cyber and IT industry and is very strong in cyber issues", he said, hinting that India and NATO can cooperate in this field. Democracies face challenges that are common. As democracies we can have a dialogue, as we deal with issues differently... We need to work together, because individually we cannot. It is better to deal with such issues commonly than deal with them individually."

He added that even though the threats were different, the nature of our responses could be similar, while seeing India as a strong partner with NATO on various issues. Though he did not mention any of India's neighbours from where the cyber attack challenge came, he hinted at China from where such threats had come in the recent past.

Seeking a partnership on matters relating to cyber security, the official pointed out that India and NATO had already reached at a tactical level understanding in dealing with piracy and shared a strategic level understanding in countering terrorism. Incidentally, in July this year some anonymous hackers had targeted NATO in a cyber attack and it decided recently to create a special task force to detect and respond to such attacks by beefing up its cyber defence network. While the United States has already signed a cyber security collaboration with India this July, the 28-nation political and military alliance is of the view that it can collaborate with it in protecting its cyber systems. NATO's 2010 Summit in Lisbon also recognised the growing threat of cyber attacks and sought to ally with partner nations to step its cyber security.

Source: ICTPS Blog.
Posted by at No comments:

US News Organisations Under Cyber Attack

Media reports have announced that news organisations like Washington Post, Wall Street Journal, New York Times, etc are under cyber attacks. The Washington Post believes that it has been attacked by Chinese hackers. As per the allegations the attackers gained compromised their computer systems as early as 2008 or 2009, but the cyber breach was only discovered in 2011.

The computer systems of these newspapers were infected by a malware that was communicating with its command-and-control server associated with a Chinese hacking group.

It has also been reported that these new organisations have now removed the malware and have made their computer systems malware free once again. It seems the passwords of these computers were compromised that gave the crackers access to the computers of these news organisations.

Meanwhile, the Chinese Defense Ministry released a statement that claims that the “Chinese military has never supported any hack attacks. Cyber attacks have transnational and anonymous characteristics. It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence.”

Eric Schmidt, Google’s executive chairman, has described China as the most “sophisticated and prolific” hacker of foreign companies in his forthcoming book co-authored by Jared Cohen. According Schmidt Chinese state backed cyber crime is the biggest online threat in the world.
Posted by at No comments:

Friday, January 25, 2013

Crisis Management Plan For Preventing Cyber Attacks On The Power Utilities In India

Cyber security for power energy and utilities in India is a major cause of concern these days. As cyber attacks are increasing against India, power utilities are also vulnerable to these cyber attacks. To effectively tackle the menace of cyber attacks against India, a crisis management plan of India for cyber attacks and cyber terrorism is absolutely required. A crisis management plan (CMP) is essentially part of the anti cyber attack plan of India that is presently missing.

CMP pertaining to information and communication technology (ICT) is also an essential part of national ICT policy of India. The other parts of national ICT policy of India are cyber security policy of India, critical infrastructure protection policy of India, critical national infrastructure protection policy of India from cyber attacks, national security policy of India, etc.

The position of cyber security in India is not very good. There us a lack of cyber security awareness in India. Techno legal expertise to manage cyber security issues of India is also missing. The critical infrastructure protection in India is not satisfactory and we still miss an implementable critical ICT infrastructure protection policy of India. The critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to known and unknown malware.

Cyber security challenges for smart grids and utilities in India are well known in India. Realising the cyber security risks of power utilities and sector of India, the Power Ministry of India has directed all state governments to ensure that power utilities are ready with crisis management plans for restoring normalcy in the “shortest possible time” in case of disruptions in generation, transmission or distribution of electricity. Indian government has also recently announced that cyber security awareness brochures would be mandatory for hardware sales in India.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we welcome this move of Indian government and we believe that this is a good step in the right direction. This direction must include cyber security preparedness on the part of power utilities of India as well, if the same has not already been prescribed. As on date, the state government regulated power utilities are grossly deficient in ensuring cyber security for their respective grids.

The proposed CMP for power utilities of India should also have details about “hierarchical set up at various levels” to ensure effective handling of crisis situations. Such plans would be applicable for both public and private sector entities. The Central Electricity Authority (CEA) has already written to all state governments asking them to prepare crisis management plans with regard to power utilities of their respective states.

India must develop both offensive and defensive cyber security capabilities that must be robust enough to detect and nullify cyber warfare against India, cyber terrorism against India, cyber attacks against India, cyber espionage against India, etc. Cyber security of banks in India is still deficient. The business community must also keep in mind the cyber law due diligence requirements in India. Cyber due diligence for Indian companies is now a statutory obligation and failure to observe cyber due diligence can bring serious legal ramifications.

Power grids and utilities cyber security in India and their challenges are not easy to manage. They require a systematic, dedicated and security oriented approach on the part of Indian government. In fact, smart meters are becoming headache for power companies world wide.

With the advent of sophisticated and specially customised malware like Stuxnet, Duqu, Flame, etc critical infrastructures like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

Perry4Law and PTLB strongly recommend that Indian government must ensure cyber security of energy and utilities in India as soon as possible. SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.
Posted by at No comments:

Saturday, January 12, 2013

Cyber Security Awareness Brochures In India Mandatory For Hardware Sale

Cyber security awareness in India is still low among various stakeholders including software and hardware manufacturers, vendors, sellers, redistributors, etc. In a far reaching move, Indian government has decided to make it mandatory on the part of hardware sellers to provide cyber security awareness brochures while sale of such hardware.

Cyber security in India is of basic level. Sophisticated and complicated cyber security issues have yet to be managed by India. In particular, issues pertaining to cyber warfare against India and its defenses, cyber terrorism against India and its defences and solutions, cyber espionage against India and its challenges, solutions and defences, data security laws in India, critical infrastructure protection in India, cyber security laws in India, etc must be handled by India on an urgent and priority basis.

Reacting to various cyber threats, Indian government has prescribed the condition for hardware sellers to provide cyber security awareness brochures along with the hardware. Once implemented, every desktop computer, mobile phone, modem or USB stick will have to come pre-packaged with the cyber security awareness brochures.

The proposal is believed to have come from the a joint working group set up at the behest of the National Security Council Secretariat, which is looking at ways of increasing public-private partnership to strengthen India's cyber security preparedness.

However, hardware industry of India is not at all enthusiastic about this proposal of Indian government. They have their own fears and apprehensions in this regard especially those pertaining to logistical and supply chain management.

There is no doubt that the proposal given by Indian government is a good one and practical difficulties must be sorted out to make it an implementable one as well.
Posted by at No comments:

Friday, January 11, 2013

Cyber Security Awareness In India

Cyber security in India has been receiving the attention of various stakeholders. Whether it is private organisations and companies, individuals or government departments, all have realised the importance of effective and robust cyber security for their personal, public and professional needs.

Cyber security awareness in India is still at the infancy stage. There are very few cyber security research and development centers in India. At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we have been spreading public awareness about cyber security in India for long. The cyber security initiatives in India by PTLB are also unique in the sense that they are essentially techno legal in nature where both technical and legal aspects of cyber security are managed by us.



We hope these techno legal initiatives of Perry4Law and PTLB would prove useful to all concerned. If you are interested in online techno legal education, trainings, courses, skills development, etc of PTLB you may find the resources of institute for lifelong learning in India, e-learning in India by PTLB, virtual legal education campus in India, etc useful.

We hope our techno legal skills development, education and training courses would be beneficial for all the stakeholders. If you are interested in the techno legal courses of PTLB, you can fill the application form that can be downloaded from here. Additional information in this regard can be found here.
Posted by at No comments:

Friday, January 4, 2013

Cyber Security Initiatives In India By PTLB

In this annual report 2012 we are summarising the techno legal initiatives and projects that have been freshly undertaken and continued by us. These include awareness projects, research and development projects, trainings and education projects and initiatives, skills development initiatives and projects, etc.

Let us start with some background information before we go into the details of our cyber security projects and initiatives and other techno legal initiatives for the year 2102. Perry4Law is the exclusive techno legal ICT, IP and corporate law firm of India and one of the few in the world. Perry4Law is the umbrella organisation and other techno legal segments are supporting it.

Perry4Law’s Techno Legal Base (PTLB) is the leading techno legal segment of Perry4Law and Perry4Law’s Techno Legal ICT Training Centre (PTLITC) is the highly specialised and domain specific techno legal training provider of Perry4Law.

Both PTLB and PTLITC are managing the techno legal lifelong learning centre of India established by Perry4Law. PTLB is also managing the exclusive portal for techno legal e-learning in India and virtual legal education campus in India and techno legal e-learning centre of India.

Besides education and trainings, PTLB is also engaged in techno legal skills development in India and world wide, online dispute resolution (ODR) in India, e-courts research and consultancy in India, etc. PTLB is managing the techno legal and cyber security aspects of skills development, ODR, e-courts, etc as well.

We at Perry4Law, PTLB and PTLITC have been spreading techno legal cyber security awareness in India for long. We are managing the exclusive techno legal national cyber security database of India (NCSDI). We are also managing the exclusive techno legal cyber security research and development centre of India (CSRDCI). To supplement these cyber security initiatives in India, we are also managing cyber forensics research and development centre of India and exclusive techno legal cyber crimes investigation centre of India (CCICI).


Our cyber security initiatives and projects in general and techno legal initiatives in particular are moving towards global level. If you think that your organisation or you in your individual capacity can be a valuable addition to our projects and initiatives, you may find the segment of MOU and tie up with PTLB useful. Send us your professional proposals and we may revert back to you for a suitable business collaboration opportunity.
Posted by at No comments:

Cyber Security Training In India Is Needed

Cyber security in India is crucial for national defence and none can doubt about it. This realisation has come at a time when there are many glaring cyber security problems of India.  Cyber security challenges of India have become so vexing that even the highest level of Indian government has starting talking about it.

However, mere talking is not enough as it is high time for India to act. While acting India must not commit the conventional and classic blunder of procuring hardware and software and assume that its cyber security requirements have been duly met.

There is an urgent need to protect the critical infrastructure of India that is increasingly dependent upon information and communication technology (ICT) these days. Cyber security issues in India like cyber warfare, cyber terrorism, cyber espionage, critical infrastructure protection, etc cannot be ignored by us any more.  

The cyber security reflections of India in the year 2012 showed a poor state of affairs in India. We have no dedicated cyber security laws in India as on date. Indian critical infrastructures are vulnerable to cyber attacks and we must ensure sufficient cyber security for the same. We at Perry4Law’s Techno Legal Base (PTLB) are managing some very effective techno legal cyber security in initiatives in India.


In the present interconnected world, cyber security capabilities of India must be urgently developed. In fact, Indian critical infrastructure and cyber security challenges and issues have assumed so much significance that Indian government declared the establishment of National Critical Information Protection Centre (NCIPC) of India. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India. 

In these circumstances, nothing is more important than having offensive and defensive cyber security capabilities of India.  The same cannot be acquired till we have techno legal expertise and skills development in India in this regard. At PTLB we are managing the exclusive techno legal cyber security skills development, training and education institution and centre of India. We are also providing lifelong cyber security training and education in India and world wide.

We hope our techno legal skills development, education and training courses would be beneficial for all the stakeholders. If you are interested in the techno legal courses of PTLB, you can fill the application form that can be downloaded from here. Additional information in this regard can be found here.
Posted by at No comments:
Subscribe to: Posts (Atom)

Advertisement Space- Bid Now

Advertisement Space- Bid Now