cyber war a threat to indias homeland security 2015

CYBER WARFARE : A THREATTO INDIA’S HOMELAND

SECURITY

2015AJAY SEROHI

YOU HAVE BEEN HACKED

PREVIEW

METHODOLOGY.

CYBER SPACE : IT’S IMPORTANCE, CHALLENGES AND CYBER WARFARE.

HOMELAND SECURITY AND CYBER SPACE: CHINA, PAKISTAN AND NON STATE ACTORS THREATS TO INDIA’S CYBER DOMAIN.

INDIA'S CAPABILITIES: PREPAREDNESS IN CYBER SPACE.

CONCLUSION: RECOMMENDATIONS AND THE i WAY AHEAD.

STATEMENT OF PROBLEM

To Study the present and imminent threat of Cyber warfare and its implications for India’s Homeland security.

To analyze the threat perception in cyber domain from various State & Non state actors.

To Examine the vulnerabilities and existent state of cyber space in India.

To Suggest the policy Aproach and recommendations for cyber hardening at user end as well as in cyber domain.

HYPOTHESIS Meteoric Boom in E-Commerce and E- Governance over internet. As

our dependence on internet grows in life, We also become more vulnerable to any disruptions in and through cyber space.

Success of Digital India Initiative depends upon maximum connectivity with max cyber security.

Dire need to protect critical Infrastructure Banks, Automated power grids, Satellites Thermal power plants, SCADA systems which are vulnerable to cyber attacks in India.

Cyber security needs to be amalgamated and synergized in the over

all perspective of Homeland security.

India has a poor track record of cyber security and it is not prepared to meet the future cyber security threats and challenges within the present framework and policies.

JUSTIFICATION FOR STUDY

In contrast to world wars at one end of spectrum the future conflicts would be in the fifth dimension of war (A NO CONTACT WAR) or at maximum in conjunct with kinetic action.

Digital Infrastructure is the backbone of a developing economy like India and as India progresses, its reliance on internet will increase.

Importance of cyber space in its use as a platform for integration of information and information critical infrastructure.

Gridisation of the various sectors viz energy, transport, Nuclear space etc.

Connectivity and convergence of technology to cloud computing and mobiles has resulted in tools of technology moving from nation states to individual users.

SCOPE

The study takes into account the Importance of Cyber Space, its Challenges and the emerging concept of Fifth Generation cyber warfare.

The role played by various State and Non State actors in India’s Geo political hot spots and the implication of this in the fifth Dimension of ‘Theatre of war’ is also taken into consideration in the study.

India’s present state of preparedness is revealed and recommendations to improve its preparedness in cyber security are brought out in the study.

Primary Sources.

Interview with a hacker : Mr Lou Pravoslav in USA.

Survey : Three Major & Minor Army Units.: BSNL office in Himachal

Pradesh.: NHPC office in Himachal Pradesh.

RTI’s : Almost 70-80 RTIs in various Government Departments and PSUs to ascertain

their Cyber Preparedness.

METHODS OF DATA COLLECTION

Observation : Tenure in Army Cert .

Visit to USA in the center for homeland security at Naval post graduation School in Monterey.

Secondary Sources.

Books & Articles :Institute of advance studies. : HQ ARTRAC Library.

: Panjab University Library. : Journals & Periodicals

: Newspapers & Internet

METHODS OF DATA COLLECTION

CYBER SPACE : IT’S IMPORTANCE, CHALLENGES

AND CYBER WARFARE

Cyber space is a global and dynamic domain characterized by the ever critical electromagnetic spectrum.

A third of the world’s population uses the Internet and countless more are touched by it in their daily lives. There are more than four billion digital wireless devices in the world today. Scarcely a half-century ago, that number was zero.

Cyber space includes a physical infrastructure and telecommunication devices that allow for the connection of technological and communication system network.

Imperative that internet and its tools retain the openness and inter operability in order for it to empower individuals enrich societies and build modern Economies.

CYBER SPACE : IT’S IMPORTANCE, CHALLENGES AND CYBER WARFARE

A nations critical infrastructure is composed of public and private institutions in the Agro, Water, Public Health, Govt ,Defense, Info & Telecommunications, Energy, Transportation & Banking sectors.

Cyber space is composed of thousands of inter connected computers, servers, routers, switches and fiber optic cables that facilitate these sectors and critical infrastructure to work.

The national strategy to secure cyber space is part of the overall effort to protect the nation.

Securing cyber space is a difficult strategic challenge that requires coordinated and focused effort from the entire society, the government, the private sector and peoples.


In the contemporary information era, the Internet has become an important platform and battle space both for civil and military purposes.

New operational concepts such as ‘Network Centric Warfare’ in an ‘informationalized battle space’ would be impossible without cyber-based systems and capabilities.

Cyber Domain is the only domain in which all instruments of national power – diplomatic, informational, military, and economic – can be concurrently exercised through the manipulation of data and gateways.


EMERGING CHALLENGES IN CYBER SPACE

With ever increasing activities of individuals, organizations, and nations being conducted in cyberspace, the security of these activities is an emerging challenge for society.

The Cyber medium has created new potentials for criminal or hostile

actions, “Bad Actors” in cyberspace carry out these hostile actions, and threats to societal interests as a result of these hostile actions.

Security holes in current computer and telecommunications systems allow these systems to be subject to a broad spectrum of adverse or hostile actions.

In cyberspace world, the distinction between “crime” and “warfare” also blurs the distinction between police responsibilities, to protect societal interests from criminal acts, and military responsibilities, to protect societal interests from acts of war in cyberspace.

Defense Forces. A large tri-service exercise, that has been underway, is In a crucial phase. There is complete dislocation due to failure of communication and GPS systems as also large-scale DDOS (Distributed Denial of Service) attacks.

Military and National Security. If a cyberspace based attack were to bring down an essential military command and control system at a critical moment in a battle, it might lead to the loss of the battle.

Other Societal Organizations and Activities With medical care becoming increasingly dependant on information systems, many of them internetted and a perpetrator could make changes to data or software, possibly resulting in the loss of life.

Telephone NWs Collapse. BSNL exchanges hang and switching centers of mobile NWs (hardware mostly of Chinese origin) shut down or behave erratically. Defense NW routers are failing and rebooting. Close to 1000 million telephones are functioning erratically.

Railway Traffic Control Collapses. The complex Indian Railway management and traffic system is clogged. Rail traffic on a number of routes is suspended due to power failure.

POTENTIAL FUTURE INCIDENTS

Satellites out of Control Communication. Remote sensing and surveillance satellites are thrown out of gear. TV and other transmissions are disrupted, spreading alarm. The Indian GPS system, operationalised in 2016, malfunctions, affecting traffic and security systems.

SCADA (Supervisory Control and Data Acquisition)Systems Controlling Power Grids Collapse. The whole of North and Western India and some other regions suffer a power blackout. This affects all services, including rail and road traffic.

POTENTIAL FUTURE INCIDENTS

Software vulnerability on uplink and downlink

SCADA Vulnerability

Collapse of Financial Services. Dedicated denial of service (DDOS) attacks paralyze the financial systems. There is data theft, destruction and clogging. Millions of transactions are distorted. Banks cut off the systems from the Internet.

ATC Management Collapses. The international air traffic control (ATC) system, based on communication NWs and the Internet, is malfunctioning. Manual backup systems cannot meet the requirements. There is chaos at airports like Delhi and Mumbai which handle 2000 to 3000 flights a day.

Cyber War is a warlike conflict in virtual space with means of information and communication technology (ICT) and networks. As other forms of warfare, cyber war aims at influencing the will and decision making capability of the enemy’ political leadership and armed forces in the theater of Computer Network Operations (CNO).

Across the Levels of Conflict From insurgency to conventional warfare, cyber power has become an indispensable element of modern technology-based military capability.

Cyber Warfare may also be used to describe attacks between corporations, from terrorist organizations, or simply attacks by individuals called hackers, who are perceived as being warlike in their intent.”

Cyber warfare requires a high degree of interdependence between digital networks and infrastructure on the part of the defender, and technological advances on the part of the attacker.

A successful cyber war depends upon two things: means and vulnerability. The ‘means’ are the people, tools, and cyber weapons available to the attacker. The vulnerability is the extent to which the enemy economy and military use the Internet and networks in general.

Cyber warfare is symmetric or asymmetric,offensive and defensive digital network activity by states or state-like actors, encompassing danger to critical national infrastructure and military systems.

CYBER WARFARE

Computer Network Attack – Operations designed to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers or networks themselves.

Computer Network Exploitation - Means retrieving intelligence-grade data and information from enemy computers by ICT means.

Computer Network Defense - Consists of all measures necessary to protect own ICT means and infrastructures against hostile Computer Network Attack and Computer Network Exploitation.

CYBER WARFARE

The Elements that make cyber war attractive are:-

Cyber war is cheaper since it does not require large numbers of troops and weapons.

The entry costs are low: with a computer and Internet access anyone can engage in cyber warfare.

Cyber war is easy to deliver by stealth via global connectivity from anywhere.

There is an advantage for the attacker who can profit from the latest and newest innovations.

There are no technological, financial or legal hurdles to overcome against that proliferation.

CYBER WARFARE

Cyberspace offers the attacker anonymity because it is so difficult to trace the origin of an attack. Operating behind false IP addresses, foreign servers and aliases, attackers can act with almost complete anonymity and relative impunity.

Cyberspace gives disproportionate power to small and otherwise relatively insignificant actors.

Cyber war may help to avoid the need to engage in combat operations and thus saves lives.

Blurred traditional boundaries: Cyber warfare creates its own ‘fog and friction of war.’

CYBER WARFARE

The Objectives National Cyber Security Policy :

To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.

To create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices.

To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure.

To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.

To create workforce for 5,00,000 professionals skilled in next 5 years through capacity building skill development and training.

Cyber attacks can be carried out from anywhere. There are more than 3 billion personal computers and 5 billion mobile phones in use in the world today. An additional 1,000 new mobile phones are added to the mix every minute.

To attribute an attack with any measure of certainty to a specific device, let alone a specific fact, attribution – determining the source, location, and the identity of an attacker – is extremely difficult for both technical and nontechnical reasons.

THE CHALLENGES IN ATTRIBUTION

Tor is free software for enabling anonymous communication. The name is an acronym derived from the original software project name The Onion Router. Used to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis.

Cyber deterrence does not work as well as nuclear deterrence, because the ambiguities of cyber deterrence contrast starkly with the clarities of nuclear deterrence.

Attempting proactively to deter cyber attacks should become an essential part of national strategy. However, deterrence is pointless without attribution. Attribution means knowing who is attacking you, and being able to respond appropriately against the actual place that the attack is originating from.

THE PROBLEM OF DETERRENCE

HOMELAND SECURITY AND CYBER SPACE: CHINA,

PAKISTAN AND NON STATE ACTORS: : THREATS TO INDIA’S CYBER DOMAIN

Home Land Security: The Concept. Homeland security is an umbrella term for "the concerted national effort to ensure a homeland that

is safe, secure, and resilient against terrorism and other hazards so that a Nations interests, aspirations, and ways of life can thrive.

Homeland Security is now one of the most aggressively pursued sectors of the country with both government and industry investing heavily to provide the best technology to our security agencies – be it police, paramilitary or army.

Critical Infrastructure Protection. Critical infrastructure of a country includes public and private assets that are of strategic importance to the economic, political or security interests of the country and include infrastructure such as airports, industrial installations, national monuments, energy supply pipelines, nuclear and conventional power plants.

To organize the Homeland Security apparatus of the country, the Ministry of Home Affairs is to create a supporting infrastructure for the long term with an organized and targeted development of India’s security forces, creation of a centralized comprehensive database called National Information Grid (NATGRID) by combining the individual databases of several government agencies, setting up of the CCTNS (Crime and Criminal Tracking Network and Systems) and several other measures as:-

Police and Paramilitary Modernization. Counter Terrorism. Coastal and Maritime security. Intelligence and Cyber Crime. Intelligence gathering to pre-empt any

terrorist or related undesirable activity is central to the efforts targeted towards Homeland Security of the country.

The healthy functioning of cyberspace is essential to our economy and our national security which demands an urgent requirement and necessity to formulation of a National Strategy to Secure Cyberspace.

The National Strategy to Secure Cyberspace will help reduce our Nation’s vulnerability to debilitating attacks against our critical information infrastructures or the physical assets that support them.

The private sector is best equipped and structured to respond to an evolving cyber threat. There are specific instances, however, where government response is most appropriate and justified.

Public-private engagements is a key component of India's Strategy to secure cyberspace since these partnerships can usefully confront coordination problems by significantly enhancing information exchange and cooperation.

HOMELAND SECURITY AND CYBER SECURITY CORRELATION

Department of Homeland Security has a vital and critical role to play in the cyber space and its security. The secretary DHS will have the following responsibilities at hand :-

Developing a comprehensive national plan for securing the key resources and critical infrastructure of India.

Providing crisis management in response to attacks on critical information systems.

Providing technical assistance to the private sector and other government entities with respect to emergency recovery plans for failures of critical information systems.

Increased dependence on information infrastructure for production and delivery of products and services, the new responsibility of securing the critical information infrastructure (CII) against the rising number of cyber attacks has come within the ambit of national security. This new responsibility is not, however, solely that of government; and the private sector has a major role to play since more and more of critical information infrastructure is owned and operated by it.

Deterring an Attacker. The responsibility for deterring an attacker is shared by the system owner/ individual and the national government. If the owner has installed effective intrusion-detection software, an intruder is more likely to concede defeat.

Thwarting Cyber Attacks. The responsibility rests almost entirely with the individual owner(s), for he/ she can effectively control what kinds of locks are on the doors, who has the keys and whether the doors remain locked.

Limit Damage Sustained During an Attack. This is a highly complex requirement from both the technical and policy points of view, as managing a cyber attack in real-time is difficult. The capabilities for mounting adaptive defense can be found in both the private and public sectors.

Post-attack Reconstitution. This is an area where the system owner has the central role, for only the owner can establish what is operating and what has been shut down.

Improving Defensive Performance Through Lessons Learnt.This would help in the design of future systems. Exploitable

flaws in systems used would need to be identified so that they can be minimised/ avoided in the future.

National Cyber Security Awareness and Training Programme.Many cyber vulnerabilities exist because of the lack of cyber

security awareness on the part of computer users, systems administrators, technology developers & procurement officials.

CRITICAL INFORMATION INFRASTRUCTURE PROTECTION: PUBLIC PRIVATE PARTNERSHIP

Regulatory Provisions. Regulation in cyber security matters will be equally necessary, because when disasters occur, the public reaction is usually to ask why the government did not act sooner and more vigorously.

Compliance to Best Practices. These relate to the management of security and IT. They include ‘best practices’ for developing, installing, and operating computers and networks so as to minimise security vulnerabilities and risks.

CRITICAL INFORMATION INFRASTRUCTURE PROTECTION: PUBLIC PRIVATE PARTNERSHIP

China enters the Information Age, and it is strategically falling back upon the 2500-year-old teachings of Sun Tzu’s The Art of War.

To gain a hundred victories in a hundred battles is not the highest excellence; to subjugate the enemy's army without doing battle is the highest of excellence.

Warfare is the Way of deception. Therefore, if able, appear unable, if active, appear not active, if near, appear far, if far, appear near.

CHINAS CYBER WARFARE CAPABILITIES: THREAT TO INDIA’S HOMELAND

An important theme in Chinese writings on computer-network operations (CNO) is the use of computer- network attack (CNA) as the spear point of deterrence. The public part of cyber warfare in China is directed by the PLA General Staff, 4th Department (Electronic Countermeasures and Radar).

Training in CNO occurs across all People's Liberation Army service branches, from command to company level, and is considered a core competence of all combat units.

The growing importance of IW to China’s People’s liberation Army (PLA) is also driving it to develop more comprehensive computer network exploitation (CNE) techniques to support strategic intelligence collection.

One of the chief strategies driving the process of informatization in the PLA is the coordinated use of CNO, electronic warfare (EW), and kinetic strikes designed to strike an enemy’s networked information systems, creating “blind spots” that various PLA forces could exploit at predetermined times or as the tactical situation warranted.

CHINAS CYBER WARFARE CAPABILITIES: THREAT TO INDIA’S HOMELAND

China's top military decision-making body, or the Academy of Military Sciences (AMS), its leading body for doctrine and strategy development. Chinese information warfare strategy is closely aligned with the PLA’s doctrine for fighting Local Wars under Informationised Conditions.

The PLA has come to recognize the importance of controlling space-based information assets as a means of achieving true information dominance, calling it the “new strategic high ground.”

The PLA is reaching out across a wide swath of Chinese civilian sector to meet the intensive personnel requirements necessary to support its IW capabilities, incorporating people with specialized skills from commercial industry, academia, and select elements of China’s hacker community.

The conceptual framework currently guiding PLA IW strategy is called “Integrated Network Electronic Warfare” (wangdian yitizhan) a combined application of computer network operations and electronic warfare used in a coordinated or simultaneous attack on enemy C4ISR networks and other key information systems.

INEW consolidates the offensive mission for both computer networks attack (CNA) and EW under PLA General Staff Department’s (GSD) 4th Department ,while the computer network defense (CND) and intelligence gathering responsibilities likely belong to the GSD 3rd Department.

The INEW strategy relies on EW to jam, deceive, and suppress the enemy’s information acquisition, processing, and dissemination capabilities; CNA is intended to sabotage information processing to “attack the enemy’s perceptions.

INTEGRATED NETWORK ELECTRONIC WARFARE

Deterrence and Computer Network Operations. The Chinese government has not definitively stated what types of CNA actions it considers to be an act of war which may reflect nothing more than a desire to hold this information close to preserve strategic flexibility in a crisis.

Leadership and Technical Support. Nestled in the quaint Xianghongxi community in the western hills of Beijing‘s Haidian District, the GSD Third Department manages a vast communications intercept infrastructure and cyber surveillance system targeting foreign diplomatic communications, military activity, economic entities, public education institutions, and individuals of interest.

56th Research Institute. The PLA owns some of the fastest supercomputers in the world. The 56th Research Institute, also known as the Jiangnan Computer Technology Research Institute is the PLA‘s oldest and largest computing R&D organization.

57th Research Institute. The 57th Research Institute appears to be responsible for the development of communications intercept and signal processing systems.

58th Research Institute. The 58th Research Institute appears to be focused on cryptology and information security technology.


The Chinese Hacker Community. China’s hackers, active in thousands of Web-based groups and individually, represent a mature community of practitioners that has developed a rich knowledge base similar to their counterparts in countries around the world.

Following the accidental bombing of the PRC embassy in Serbia in May 1999, Chinese hackers mounted their first large scale attack on the White House led by the group Javaphile according to one of its founding members, who uses the “screen name” Cool Swallow.

Government Recruitment from Hacker Groups. Government efforts to recruit from among the Chinese hacker community and evidence of consulting relationships between known hackers and security services indicates some government willingness to draw from this pool of expertise.

Chinas Threat to India’s Homeland in Cyber space. Marked increase in the frequency of cyber attacks on Indian assets in 2014, with government and private infrastructure equally affected.


In peacetime The Pakistani Military Establishment, including ISI, can with ease manipulate perceptions with the help of cyber space and we can imagine the danger that India faces in times of war. Case in point is the successful use of Social Media on Internet by ISI to create perceptions which resulted in mass exodus of people from Bengaluru due to the threat posed in these messages.

In May 1998, when India conducted its nuclear tests, a group of Pakistan-based hackers called ‘Milk worm’ broke into the Bhabha Atomic Research Centre website and posted anti-India and anti-nuclear messages.

PAKISTAN’S CYBER WARFARE CAPABILITIES AND THREAT TO INDIA’S HOMELAND

Pakistani hacker groups like Death to India, Kill India, and G-Force Pakistan openly circulate instructions for attacking Indian computers.

During the Kargil war, the first Indian site reported to be hacked was armyinkashmir.com, established by the Indian government to provide factual information about daily events in the Kashmir Valley. The hackers posted photographs showing Indian military forces allegedly killing Kashmiri militants.

NON STATE ACTORS: CYBER WARFARE CAPABILITIES AND THREAT TO INDIA’S HOMELAND

The special characteristics of cyberspace, such as its asymmetric nature, the lack of attribution, the low cost of entry, the legal ambiguity, and its role as an efficient medium for protest, crime, espionage and military aggression, makes it an attractive domain for nation-states as well as non state actors in cyber conflict.

cyber attacks” on targets in Estonia in the spring of 2007 is an example where volunteers actively took part in an open cyber conflict , acting as a cyber militia, by rallying to overload various cyberspace resources, such as Estonian government and commercial web services.

The attacker gains the initiative and can most often conduct cyber attacks covertly, offering the advantage of surprise as well as the benefit of plausible deniability.

The attacker can launch the cyber attack at the exact time, and against the target, of their own choosing, using appropriate attack methods.

Even if attribution is successful, i.e. the attacker is identified by the defender; the lack of applicable international laws covering cyber warfare creates a useful shield of legal ambiguity.

As cyberspace, unlike other arenas associated with warfare, provides a high level of anonymity, attackers can carry out actions in this domain with little or no risk of attribution. Employment of non-state actors in cyberspace operations is a very attractive option for nation-states or an equivalent body, especially when pursuing limited strategic goals.

Non-state actors are increasingly being approached by many governments globally, who seek to benefit from their experience and leverage their cyber know-how to attain this sought-after capability.

INDIA'S CAPABILITIES: PREPAREDNESS IN CYBER SPACE


To guarantee and retain information superiority, appropriate defensive

measures and countermeasures are a must. The IT (Amendment) Bill 2008 attributes the designation of a national nodal agency for the protection of CII and the Indian Computer Emergency Response Team (CERT-In) to undertake incidence response under the Sections 70A and 70B, respectively.

Although National Cyber Security Policy of India 2013 has been declared its integration with the National Security Policy of India is still missing.

India currently has the fastest growing user base for Face book and Twitter, the two top social networking sites.

Indian Railways, India’s top e-commerce retailer, saw its online sales go up from 19 million tickets in 2008 to 44 million in 2009, with a value of Rs. 3800 crore ($875 million).


Indian Agencies Involved in Cyber Defense and Countermeasures.

MoD mandates Defence Information Assurance and Research Agency (DIARA) as the nodal cyber security agency for the Tri-Services.

Coordination. It is appreciated that in keeping with current needs, the Defence forces, DRDO, NTRO, CERT-In, RAW, IB, C-DAC, Ministries, NIC, NASSCOM, private industry et al. will have to work in concert.

Proactive Cyber Defense. This comprises actions taken in anticipation to prevent an attack against computers and NWs. As opposed to the current practice of passive defense, it provides a via media between purely offensive and defensive action: interdicting and disrupting an attack, or an adversary’s preparation to attack, either pre-emptively or in self-defence.

Critical Infrastructure. An infrastructure becomes critical when a disruption to this infrastructure results in irreversible and enormous loss (e.g. loss of life, environment etc.) Critical Infrastructure is always associated with regulatory requirements and key resources who are directly handling the critical infrastructure.


Raising of Cyber Command While cyber warfare is ongoing activity during peacetime, there is a dire need to develop this capacity for a warlike situation. Such attacks may also precede the kinetic war. It could also form part of the strategic deception process. This should be the responsibility of the Armed Forces (HQ IDS) along with the DRDO and other experts.

Army, Navy and Air Force CERTs These would monitor traffic, disseminate information; ensure remedial measures to ensure ongoing security to NWs and systems. They would also in a manner be charged with protection of critical infrastructure of each service.

Territorial Army (TA) Battalions for Cyber Warfare There is therefore need to create and maintain a “surge capacity” for crisis or warlike situations. Young IT professionals constitute a vast resource base and a large number would be willing to loyally serve the nation when required.


Perception Management and Social NWs. In the current age of “democratization” or “instant availability of information” and growth of social NWs, there is tremendous scope for perception management and manipulation of information.

Capacity Building. Capacity building is vital. It must also be sustainable and of larger benefit. There is a need to create an R&D base and institutions. Growth forecasts of Internet usage, especially with e-governance, will create an employment potential for “cyber doctors” and sleuths.

Testing and Certification. The outsourcing model has affected testing and certification. Hardware and HR in this regard has to be Indian. This can then be adapted for proactive defence.

Identification of Technologies . Section 4.2.3 of the Draft NCSP mentions these. These should also include isolation of NWs within the country, close monitoring of gateways and backbone, identification of “zero day” vulnerabilities.


The New Context of PPP in National Security. National security has traditionally been the sole responsibility of governments, but as the world has moved into the information age, the new responsibility of securing the critical information infrastructure (CII) against the rising number of cyber attacks has come within the ambit of national security.

Governmental Initiatives. In December 2014, Cabinet Secretary Ajit Seth held a conference of Chief Information Security Officers of important ministries in which he emphasized the need for greater securitization of our cyber space.

In July 2014, the government split CERT-In's responsibilities so that serious threats were not lost in the deluge of minor issues. CERT-In now protects cyber assets in non-critical areas while the National Critical Information Infrastructure Protection Centre (NCIIPC) protects assets in sensitive sectors such as energy, transport, banking, telecom, defence and space.

Cyber Security Assurance Framework. Cyber Security Assurance Framework is a National framework for "Cyber Security Assurance" to assist National level efforts in protecting critical information infrastructure. It aims to cater to the security assurance needs of government and critical infrastructure organisations through "Enabling and Endorsing" actions.


Security Inident - Early Warning & Response Creation of National Cyber Alert System for Rapid identification & response to security incidents and information exchange to reduce the risk of cyber threat and resultant effects.

Aviation Sector In January 2012, NTRO officials alerted the Airports Authority of India (AAI) to serious vulnerabilities in its cargo management system at Chennai, Coimbatore, Kolkata, Amritsar, Lucknow and Guwahati airports. Weak passwords and outdated operating systems were the main problems and a single day's disruption would have sent 853 tonnes of cargo to the wrong destinations.

Telecom Sector India’s telecom network is equally vulnerable. Dhruv Soi, founder of information security firm Torrid Networks, recalls a recent assignment to test the networks of one of India's largest telecom operators. He says his team got complete control of the company's billing system within a week. Huawei and ZTE are already in telecom security tangle and India is considering norms for import and testing of telecom equipment in India.


Power Sector. There has been a surge in the spending in the Power sector in India with an estimated spend of USD 5.8 billion as part of the National Smart Grid Mission with the key objective of turning around India’s ailing Power sector. Except for NTPC, which has a dedicated CMP (Crisis management plan against Cyber Attacks), none of the PSUs have any dedicated or Integrated Crisis management plan in the event of a cyber incident. There has been no Cyber incident on any of the Power plants in India as on date.

Space Sector. Satellite ground stations and communications links are likely targets for space negation efforts since they are vulnerable to a range of widely available conventional and electronic weapons.

Energy Sector. Energy companies are becoming more security conscious over cyber attacks, but the defence capabilities of the industry have not kept pace with the sophistication of embedded cyber technologies nor of the capabilities of sophisticated cyber attackers.


Transportation. Supply chains are increasingly dependent on ICT (Information and communication Technology). As systems like flow control for highways and public transport are implemented, the potential damage that can be caused by cyber attacks rises dramatically, too. More frequent use of tracking and tracing systems and real-time control applications with web interfaces also provide new and growing weak points to be attacked by cyber criminals.

Banking and Finance. The banking sector of India neglects cyber security in the absence of stern and effective cyber security regulatory norms. Some basic level guidelines and recommendations have been issued by Reserve Bank of India (RBI) but they are far from satisfactory and being effective.

E- Governance. While announcing the Digital India project in his Independence Day Speech, India’s Prime Minister, Mr Narendra Modi made it obvious that e-governance is going to be a key area of focus for this government. The Digital India project will provide people with a “cradle to grave digital identity” that is “unique, lifelong and online”. Securing data at all time is going to be a critical requirement that the government has to address before embarking on this ambitious project.

CONCLUSION: RECOMMENDATIONS

AND THE i WAY AHEAD

CONCLUSION: RECOMMENDATIONS AND THE i WAY AHEAD

FINDINGS

As we grow more dependent on the Internet for our daily life activities, we also become more vulnerable to any disruptions caused in and through cyberspace.

The existing laws are inefficient to restrain the cyber crimes and, thus presenting a need to modify the existing laws through which these activities can be put on a check.

There is a need of international cooperation of nations to crack down efficiently on cyber crime, thereby ensuring that the development of the internet cybercrime is not limited to states of boundaries.

The success of Digital India project would depend upon maximum connectivity with minimum cyber security risks.

Although the National Cyber Security Policy of India was announced by Indian Government in 2013 yet its actual implementation is still missing. The National cyber security policy of India has also failed to take off and even if it is implemented it is weak on numerous aspects like privacy violation in general and civil liberties infringement in particular.

There is a need of international cooperation of nations to crack down efficiently on cyber crime, thereby ensuring that the development of the internet cybercrime is not limited to states of boundaries.

The success of Digital India project would depend upon maximum connectivity with minimum cyber security risks.

Although the National Cyber Security Policy of India was announced by Indian Government in 2013 yet its actual implementation is still missing. The National cyber security policy of India has also failed to take off and even if it is implemented it is weak on numerous aspects like privacy violation in general and civil liberties infringement in particular.

Cyber security breaches are increasing world over and India is also facing this problem. There is a dire need to protect critical Infrastructure likes banks, automated power grids, satellites , thermal power plants, SCADA Systems, etc which are vulnerable to cyber attacks from around the world.


In order to effectively analyze and prevent future cyber attacks, companies and individuals must adopt suitable cyber security breach notification to appropriate cyber authorities of India.

The data protection laws in India and the privacy laws in India are still in an abysmal state.

India's approach to the exponential growth of cyber crime and warfare is marked by ignorance and nonchalance. In just the first four months of this year, 6,700 Indian websites were attacked . Nearly 50 lakh PCs in India have been hijacked into so called "botnet armies"; hackers are able to capture passwords, access files, conceal their own identity and command these zombie machines to spew spam or mount attack on their targets.

100 % INCR

PARLIAMENTARY STANDING COMMITTEE REPORT :

Establishment of Protection Centre: The Committee noted the existence of 20 types of cyber crimes, worldwide, With India amongst the top five countries with respect to cyber crimes. It recommended a growing need to protect its 11 critical sectors (power, atomic energy, space, aviation, transportation, etc).

Institutions to Deal with Cyber Crime: The Committee recommended the installation of a single, centralized body to deal with cyber crime. The current setup involves overlapping responsibilities of many departments, agencies and banks. Cyber crime cells should be constituted in each state, district and block, connected to a centralized system.

International Standards Organization Certification: The Committee identified that government organizations should obtain the appropriate certification for best practices related to information security.



Shortage of Manpower: Pointing out the inadequacy of existing initiatives, it suggested conducting extensive training programmes to overcome shortage of security experts and auditors, and skilled Information Technology (IT) personnel in the country.

Funding for Research and Development: The Committee highlighted the need for innovative research and development to enhance security of cyber space. It expressed concern over budgetary cuts in the sector as large funds are needed for the development of key, strategic technologies.

External Hosting and New Technology: The Committee recommended that despite the cost advantages of hosting websites outside India, internet servers for critical sectors should be hosted within the country to ensure security. The Committee, acknowledging the possibility of cyber security breaches in NeGP (National e-Governance Plan), recommended conducting surveys to collect data on the matter and reducing such instances.


General Recommendations :

Cyber security should be regarded as an integral component of National Security. Urgent attention should be given to the issues of cyber crime, cyber terrorism, cyber warfare and CII (Critical Info Infrastructure) protection.

The NSA, through NIB (National information Board), should be put in charge of formulating and overseeing the implementation of the country’s cyber security policy within the ambit of a larger National Security Policy. This body should be serviced by the NSCS (National Security Cyber Specialist ) for policy measures and DIT (Department of Info & Technology) and other departments (e.g. Telecom, space, etc.) for operational measures.

A Cyber Coordination Centre should be established at the operational level, staffed by personnel from the relevant operational agencies. This centre would serve as a clearing-house, assessing information arriving in real time and assigning responsibilities to the agencies concerned.

MHA : Nodal Agency For Handling Cyber Terrorism To handle cyber terrorism and cyber crime, a slew of measures will be needed, ranging from monitoring and surveillance, investigation, prosecution, etc. Cyber terrorism should be regarded as a part of the nation’s overall counterterrorism capabilities.

Headquarters IDS: Nodal Agency For Preparing The Country For Cyber Warfare In All Its Dimensions The necessary structures should be created in a time-bound manner. Since cyberspace is integral there should be an appropriate interface between defense and civilian departments.

NSCS (National Security Cyber Specialist ): Nodal Agency For Coordinating The Efforts To Protect Critical Infrastructure Of The Country This will require identification of the critical infrastructure and formulation and implementation of strategies to ensure protection of each component from cyber attacks.


DIT : Creating the Necessary Cyberspace Situational Awareness, Strengthening PPP, Promoting International Cooperation, And Other Residual Measures. DIT will necessarily have other nodal agencies. The interface between DIT and other agencies should be smoothed out by the NIB.

Cyber Security Education, R&D And Training Should Be An Integral Part Of The National Cyber Security Strategy. The government should set up a well-equipped National Cyber Security R&D Centre to do cutting edge cyber security R&D. Cyber security research should also be encouraged in public and private universities and institutions. DIT could come up with a roadmap for cyber security research in the country. The country’s strengths in ICT should be leveraged.

DIT’s CERT: Nodal Agency, to Create and Share Cyberspace Situational Awareness in the Country. DIT should make public aware of risks, threats and vulnerabilities in cyberspace and how these should be managed .


Disaster management and recovery : It must be an integral part of any national cyber security strategy. The DIT should be the nodal agency for such efforts and It should coordinate its efforts with NDMA as also other government departments.

Create a Comprehensive National Security Strategy for Cyberspace. The Prime Minister and Cabinet Committee on Security should

state that Cyberspace is a vital national asset and they should direct National Security Council to create comprehensive national security strategy for Cyberspace. A national strategy to secure cyberspace should ideally provide a framework which is essential to our economy, security and way of life. The cornerstone of such a strategy must essentially be a public-private partnership.

Partner with Private Sector (PPP Model) Cyber Security is an important task to be performed in order to ensure the security of the computer networks and systems of both government as well as industries. This JWG (Joint Working Group) should consist of representatives from both government and the private sector.


Secure Industrial Control Systems (ICS) & Supervisory Control and Data Acquisition (SCADA) Systems. The Critical infrastructure organizations have been using the SCADA system for gathering real time data, controlling processes and monitoring equipment from remote locations. The SCADA systems are used to monitor and control the delivery of critical services such as power, waste treatment, nuclear power generation, transportation and water supply. With the advancement of the internet and the need for connectivity, SCADA Systems have turned open ended (or networked architecture). The process of protecting SCADA networks starts with the creation of a written security policy. Failure to have a policy in place exposes the company to attacks, loss of revenue and legal action.

Identification and Monitoring of Connection to SCADA Networks. To protect SCADAs, it’s essential to identify each connection to the SCADA network, evaluating the risk of exposure to attacks and implementing all necessary countermeasures to mitigate them. Use of “demilitarized zones” (DMZs) and data warehousing can facilitate the secure transfer of data from the SCADA network to business networks.


Real-Time Threat Protection Real time protection could be implemented through a layered approach. Each layer of defense represents categories of system components that must be hardened .

Perimeter Control - Internet or Corporate Perimeter Defense.

Network Architecture- Firewalls, Routers, Switches, VPNs.

Network Operating Systems- Active Directory, Domain Security.

Host Security- Server and Workstation Operating Systems.

Hardening of the SCADA Environment: Protocol and Services Every SCADA system is based on commercial or open-source

operating systems that can be attacked exactly in the same way as any other platform. It’s crucial to assess all the services exposed, and the protocol adopted by removing and disabling unused services, to reduce the surface of attack .


Authentication and Medium Control. Mobile storage mediums are the main vectors used to infect control systems, despite that host networks are isolated from the Internet. The administration console for any network appliance must be protected. Wireless and wired connections to the SCADA network and remote sites must be properly defended.

Physical Security. All plants that host SCADA systems and networks must be assessed. Their protection must be carefully evaluated. It’s important to evaluate the overall infrastructure to identify weaknesses, evaluate defense measures to implement, and the expected benefits. Physical restrictions that could be applied to improve security to prevent incidents are:

Restricted access to the site. Restricted number of technicians responsible for maintenance. No use of mobile support. Segregated control network, no connection to other networks. Each computer is locked in a restricted room or cabinet.


PARLIAMENTARY STANDING COMMITTEE REPORT SUMMARY : CYBER CRIME, CYBER SECURITY AND RIGHT TO PRIVACY

Roles and Responsibility – Management Management has a crucial role in security. Its primary task is to provide a strong commitment for the implementation of an efficient cyber strategy. That includes the assignment of cyber security roles, responsibilities, and authorities for personnel.

Configuration Management Processes and Assessment. Configuration management is a critical component for the security of the infrastructure, for both hardware and software configurations. Configuration management begins with well-tested and documented security baselines for various systems. Robust performance evaluation processes are needed to provide organizations with feedback on the effectiveness of cyber security policy and technical implementation.

System Backups and Disaster Recovery Plans Recovery is the ability to restore a compromised system to its operational status. Establishing a disaster recovery plan is fundamental for rapid recovery from any incidents, such as cyber attacks.

Conduct Training for Cyber Education & Workforce Development . The government should set up a well-equipped National Cyber Security R&D Centre to do cutting edge cyber security R&D. Cyber security research should also be encouraged in public and private universities and institutions.


Legal Awareness with regard to the threat to ICT infrastructure needs to be created and the necessary legal provisions to ensure cyber safety must be developed. Substantive laws dealing with illegal access, illegal interception, data interference, misuse of devices computer-related forgery, child pornography, etc. must be implemented.

Criminalization of Cyber Offences Cyber crimes usually originate from states with comparatively lenient laws and enforcement mechanisms. The key elements of effective cyber deterrence are:-

Attribution (understanding who perpetrated cyber attack). Location (knowing where the strike came from). Response (being able to respond, even if attacked first). Transparency (being the cyber criminal’s knowledge of a state’s

capability and intent to counter cyber attacks with massive force.)


National Security : Issues Relating To Privacy and Freedom of Expression The paradox is that security measures intended to protect a

democracy can end up actually eroding civil liberties like individual privacy and freedom of expression that are at the heart of the democratic setup: the right balance needs to be struck between national security and civil liberties.

Investigation Procedures Due to the peculiar nature of cyber crime, existing methods adopted by investigative agencies have been largely unsuccessful. Specific search-and-seizure procedures, disclosure of stored data, interception of content data and collection of traffic data are some of the comprehensive regional frameworks which should be put in place to further cyber crime investigation.

Preventing an Attack. There are two possible ways to prevent an attack:-

One is to deter the attacker by demonstrating the capability to inflict punishment.

A second way to prevent an attack is to pre-empt the attacker. For the most part, preventing cyber attacks is the responsibility of sovereign states through various law enforcement agencies.

Thwarting an Attack The detailed knowledge needed to thwart an attack would rest primarily with the owner of the target to incorporate requirement of authorization to enter premises, monitoring and recording the use of the system to detect unauthorized activities, periodic inspection of the integrity of critical software and establishing and enforcing policies governing systems security and responses to unexpected events.

Limiting Damage During a Successful Attack The central theme of this initiative is to limit the damage as a result of an attack. This implies having established response options at various levels to include preplanned redundancy and the establishment of a priority structure to dynamically reconfigure a system .

Reconstituting After an Attack Short-term reconstitution is the first step to meet the most emergent threats to national security, life and property which may include assessing damage and implementing a recovery plan. Long-term reconstitution of facilities and information may also be required, especially where physical damage has occurred. This will involve the identification and stockpiling of long lead items.


Improving the Defender’s Performance Information about the defense of the system should be concealed from potential attackers, and the system should be designed to give unsuccessful attackers as little information as possible on which to develop improved attacks.

Post-Attack Reconstitution. This is an area where the system owner has the central role, for only the owner can establish what is operating and what has been shut down, what reconstitution alternatives exist and how remedial measures can be affected operationally.

Improving Defensive Performance Through Lessons Learnt Exploitable flaws in systems used, should be identified so that they can be minimized/avoided in the future. Third-party assistance such as a security organization with experience in a wide range of systems may be more effective.

Assistance to Small- and Medium-sized Business (SMB) Enterprises Adequate budgets, coupled with ineffective information security management at the operational level, should be planned for cyber security of Small & Medium Businesses in India.


Lessons From Other Countries The experience of more technically and economically advanced countries that are extensively networked could be very useful in drawing up a national strategy for the protection of cyberspace.

Compliance to Best Practices These relate to the management of security

and IT. They include ‘best practices’ for developing, installing, and operating computers and networks so as to minimize security vulnerabilities and risks. Best practices have been developed in areas such as selecting and managing passwords, deploying firewalls, configuring and upgrading systems, and planning for and responding to security incidents.

International Cooperation International Cooperation is crucial to handle cyber crime, cyber terrorism and in managing risks in cyber space. It is necessary to participate in Multilateral Discussions on Rules of Behavior in Cyberspace. The government should also consider joining the European Convention on Cyber crime. A 24x7 nodal point for international cooperation with cyber authorities of other countries should be set up.


Intelligence It is essential for India to continually search for information on States, organizations and individuals who might engage in cyber attacks, and to devise appropriate response mechanisms.

Capability Development India must determine its national requirements and seek to establish national programs to detect block and determine the source of hacking attacks. Cooperation with trusted States or international organizations could significantly enhance the cost-effectiveness of national and utility programs.


THANK YOU

cyber war a threat to indias homeland security 2015

Education

cyber preparedness

cyber hardening

cyber attacks

importance of cyber

max cyber security

cyber security needs

indias cyber domain

existent state of cyber