E-Governance and Security

MINI SEMINAR

30TH JUNE2013

AVCC,NOIDA

India has taken significant steps in the area of e-

governance, with almost all states across the country

launching e-services in some form or the other.

* Source: india.gov.in/e-governance‎

We all know about the bright

future

The other

of the

side

story

Any ICT infrastructure

must be Secure

because Citizen & Business

transactions contain

Significant Confidential Information

But who decides the Security QR’s…….

Sadly….till date the approach has been mostly reactive since we have been traditional in

configuring SECURITY!!!!!!!

While anti-virus and firewalls are seen more as a

Reactive security mechanism,IDP solutions are more

Proactive and get activated as soon as any abnormal

behavior is detected.

With the information Technology(IT) Act 2000 coming into effect from October 18,2000,transactions on the internet have got legal validity in India

And ever since……..

INDUSTRY APPLICATION AVERAGE COST PER HOUR OF DOWN

TIME(US$)

Financial Brokerage Operations $15,840,000/-

Financial Credit Card Sales $7,000,000/-

Retail Home Shopping TV $750,000/-

Transportation Air Line reservations $350,000/-

Entertainment Tele-ticket sales $300,000/-

Shipping Package Shipping $250,000/-

Financial ATM $200,000/-

Lets try to

get familiar

with the

threat

vectors!!!

Domains of

security

Impersonati

on Failure

False

Identity

Revoked Rights

Unauth

Disclosure

Theft of Access

Tokens

DoS

Breach of

Anonymity

Unknown

Outsider Attack

User Fraud

Insider Attack

Access

Threats

Probe is a class

of attacks where

an attacker scans

a network to

gather information

or find known

vulnerabilities

MALWARE : Malicious software Microsoft b70

Internet Infrastructure attacks

These rare but serious attacks involve key components of the

Internet infrastructure rather than specific systems on the Internet.

Denial of Service Attacks

Remote to local attack

User to Root Attack

So

What Should we not support E-Governance?

Apex Body on Standards

in DIT

State Wide Area Network

(S.W.A.N.)

National E- Government Intranet

And all this along with these two

Current Giants make

a great Attack Surface

Stringent

Security

Policies

Monitoring

tools

Analysis

tools

Firewalls/UT

Ms

Cryptography