‘Cyber Security & Cybercrimes in the wake of faster

Cyber Security Ecosystem

Digitalisation of Economy’

Rahul Sharma
Founder, The Perspective

1st May, 2018

 Digital Wave in India Technology Trends
Digital Transformation
Digital Payments
Internet users 470 million +
Sep’17

Telecom users 1200 million +

March’17
Artificial
707 million;

e-Governance
e-Payments Intelligence
105 lakh crore value
Mobile wallet 375% increase IoT
transaction March’16 - March’17

Cryptocurrencies
Aadhaar
100 crores
authenticated
Industry 4.0

In 2016
transactions Cloud
200 million +
IoT Devices
Draft IoT Policy, 2015
Smart cities

Establishing Cyber Security Baseline

Mobility
2

Urban Transformation Infrastructure Digitization
Components
• Traffic Control
• Street Lighting
• Energy & Water Supply
• Public Transportation
• Security and Surveillance
System
• City Management Solutions
• Smart Parking
• Sensors, M2M and IoT
• Waste Management
• Healthcare & Education
• Smart Apps
Secure Smart Cities
Facilities Modernization
Security Challenges
• Porting to new technology platforms
without adequate testing
• Security still add-on; not built by
design in products and applications
• Complex supply chain and increasing
attack surface
• Poor encryption and authentication
• Unsecured wireless communication
• Legacy Systems; Patch deployment,
updates and upgrades difficult
• City level capability and governance-
CERT & City SOC required
• Shortage of skilled workforce
• Untested Response Plan/ Crisis
Management plan
3
Interconnected Components
Attack Scenarios
• Potential target by adversaries
- Cyber terrorism
• Disruption of city operations
• Manipulating traffic controls to
cause accidents
• Controlling speed of public
transports
• Controlling sensors - faking data
to create panic
• Hazardous repercussions -
nuclear/ power/ energy misuse
• Privacy breach - smart meters,
smart sensors and healthcare
devices
 Cyber Security Imperatives of Digital World
Transition to Digital World
Transition of ‘Data Poor’ nation to
‘Data Rich’ nation
Cyber, a mean for personal, social, financial
& sensitive transactions
Increasing ‘Digital Footprint’ of
Citizens & Entities
‘Increasing Innovation’ around collecting,
processing & sharing information
‘Open/flexible Architectures’, brining new
players & devices in transaction processing
‘Digitization Wave’ transforming critical
sector organizations
Attacks & Threats National Response
Attracting attention of Preparedness to withstand/
criminals and adversaries counter attacks
Risk of information theft Institutional arrangement &
and misuse strength to respond to challenges
Policy & regulatory response to
Possibilities of profiling
drive sectors & entities
& targeting users
Protection of rights & interests of
Illegitimate use & users in the cyber world
processing of data
Coordination & collaborations for
Expanded surface collective defence & quick response
for attacks
Responding to wider, audacious &
high impact cyber attacks
High impact attacks on
Critical Infrastructure Capability of LEAs to bring cyber
criminals to justice
4
 Cyber Security-Cyber Crime: Issues and Challenges
Offence dominant; Security and Privacy Inadequate laws Lack of Cooperation & Targeted breach,
attacks easy, defence protection treated as and regulations on Collaboration amongst leaks, hacking and
very costly a Cost Centre privacy & security global stakeholders frauds

Attacks on Critical Lack of Security and Coordination, info- Diminishing Trust in ICT Lack of skilled
Information Privacy in Design of sharing amongst supply chain due to workforce
Infrastructure Products and Systems stakeholders mass surveillance and resources

Rising complexity of Compliance driven Reporting issues Tracking cyber criminals Poor awareness and
attacks -Ransomware approach and of cyberattacks/ and their extradition for cyber literacy
and APTs practices for security breaches cyber crimes
Social media trolling,
Cyber Espionage on Vulnerabilities out in Mordernization of Lack of acceptable fake news, ideology
critical and sensitive the open for anyone LEAs and Capacity Norms and Rules of propagation
information to exploit Building engagement
Obscenity and child
Piracy, Trademark, No focus on Illegal transactions Dark Net – Drug and abuse (pornography)
Copyright and IP upgradation of in non trackable Gun Market; Money
violation legacy systems Cryptocurrencies Laundering Cyber stalking and
cyber bullying
Cyber Security Rising Hacktivism Cyber Warfare: state &
practices of SMBs in cyberspace non state actors
across sectors
 Existing Cyber Security Initiatives-India
National Cyber Security Framework Data Protection Institutional Mechanism
Amendment to Information Technology Act, 2008 IT (Amendment) Act
comprehensive provisions for cyber crimes ➢ NCSC (NSCS-NSA); NCIIPC (NTRO)
Privacy clauses
National Policies on IT, Telecom and Electronics 2011 ➢ CERTs (CERT-In; Fin-CERT and
Notification of privacy rules
Power Sector CERT announced)
Joint Working Group for PPP on Cyber Security under Sec 43A of ITAA 2008
➢ Joint Working Group (PPP)
Recognition of country as ‘authorizing nation’ 2012
A P Shah Expert Group on
under CCRA product certification scheme ➢ Sector Skill Council (Skills)
Privacy; DoPT draft law
National Cyber Security Policy 2013
➢ IB-CART (Information Sharing)
NCIIPC- Critical Infrastructure Protection ➢ ISEA (Capacity Building and
2014
National Information Security Policy Awareness)
and Guidelines (NISPG) ➢ Cyber Forensic Lab (Capacity
National Cyber Security Coordinator 2015
Building)
Security Framework for Smart Cities
➢ LITD 17 Committee of BIS
RBI Cyber Security Framework Aadhaar Law and
(Standards)
2016 Regulations focusing on
SEBI Cyber Security Guidelines
Privacy ➢ Industry – Setting up focused
State Cyber Security Policies – Telangana, AP entity, DSCI (Policy, Assurance,
IRDAI Cyber Security Framework New Data protection Capacity Building and Awareness)
2017
law in making
 Based on info. in public domain & for listing purposes only;
Indian Cyber Security Ecosystem doesn’t represent hierarchy of any sort

Government Departments and Agencies

NSA NSCS NTRO MHA MeitY MoC MEA MoD MoC Regulators

ICERT
DoT
NCSC NCIIPC LEA – State CIRT Navy RBI
NIC
Police,
C-DoT
Central CERT Army TRAI
STQC
Police, CBI,
Additional TEC CERT Air
CCA SEBI
IB-CART Force
Fin-CERT Intelligence
DIARA IRDA
- IB, RAW,
NIA
CSG-DDP
7
 Thank You
[email protected]
Thank You
[email protected]; 9711156157