Additional Knowledge Material

(Faculty E-notes)

 COURSE BBAN 5th SEMESTER

 UNIVERSITY MAHARSHI DAYANAND UNIVERSITY
 SUBJECT Cyber Security
 SUBJECT CODE BBAN-506
 UNIT NO & NAME UNIT 1 &Cyber Security
 NAME OF FACULTY MS.SHWETA TUTEJA

1
 INDEX
S.NO. TOPIC Page No.

1. Cyber Security 3-6

2. Information Society 6-8

3. Knowledge society 8-11

4. Cyber Space 11-12

5 Digital economy 13-14

6. Critical Infrastructure 14-16

7. Critical Information Infrastructure 16-18

8. Internet as global information 18-20

Infrastructure

2
Cyber security:

Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information technology
security or electronic information security. The term applies in a variety of contexts, from
business to mobile computing, and can be divided into a few common categories.

 Network security is the practice of securing a computer network from intruders, whether
targeted attackers or opportunistic malware.
 Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
 Information security protects the integrity and privacy of data, both in storage and in
transit.
 Operational security includes the processes and decisions for handling and protecting
data assets. The permissions users have when accessing a network and the procedures
that determine how and where data may be stored or shared all fall under this umbrella.
 Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
 End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to
follow good security practices. Teaching users to delete suspicious email attachments, not
plug in unidentified USB drives, and various other important lessons is vital for the
security of any organization.

3
Types of Cybersecurity:

Cyber security is a wide field covering several disciplines. It can be divided into seven main
pillars:

1. Network Security: Most attacks occur over the network, and network security solutions are
designed to identify and block these attacks. These solutions include data and access controls
such as Data Loss Prevention (DLP), IAM (Identity Access Management), NAC (Network
Access Control), and NGFW (Next-Generation Firewall) application controls to enforce safe
web use policies. Advanced and multi-layered network threat prevention technologies include
IPS (Intrusion Prevention System), NGAV (Next-Gen Antivirus), Sandboxing, and CDR
(Content Disarm and Reconstruction). Also important are network analytics, threat hunting, and
automated SOAR (Security Orchestration and Response) technologies.

2. Cloud Security: As organizations increasingly adopt cloud computing, securing the cloud
becomes a major priority. A cloud security strategy includes cyber security solutions, controls,
policies, and services that help to protect an organization’s entire cloud deployment
(applications, data, infrastructure, etc.) against attack. While many cloud providers offer security
solutions, these are often inadequate to the task of achieving enterprise-grade security in the
cloud. Supplementary third-party solutions are necessary to protect against data breaches and
targeted attacks in cloud environments.

3. Endpoint Security: The zero-trust security model prescribes creating micro-segments around
data wherever it may be. One way to do that with a mobile workforce is using endpoint security.
With endpoint security, companies can secure end-user devices such as desktops and laptops
with data and network security controls, advanced threat prevention such as anti-phishing and
anti-ransomware, and technologies that provide forensics such as endpoint detection and
response (EDR) solutions.

4. Mobile Security: Often overlooked, mobile devices such as tablets and smartphones have
access to corporate data, exposing businesses to threats from malicious apps, zero-day, phishing,
and IM (Instant Messaging) attacks. Mobile security prevents these attacks and secures the
operating systems and devices from rooting and jailbreaking. When included with an MDM

4
(Mobile Device Management) solution, this enables enterprises to ensure only compliant mobile
devices have access to corporate assets.

5. IoT Security: While using Internet of Things (IoT) devices certainly delivers productivity
benefits, it also exposes organizations to new cyber threats. Threat actors seek out vulnerable
devices inadvertently connected to the Internet for nefarious uses such as a pathway into a
corporate network or for another bot in a global bot network. IoT security protects these devices
with discovery and classification of the connected devices, auto-segmentation to control network
activities, and using IPS as a virtual patch to prevent exploits against vulnerable IoT devices. In
some cases, the firmware of the device can also be augmented with small agents to prevent
exploits and runtime attacks.

6. Application Security: Web applications, like anything else directly connected to the Internet,
are targets for threat actors. Since 2007, OWASP has tracked the top 10 threats to critical web
application security flaws such as injection, broken authentication, misconfiguration, and cross-
site scripting to name a few. With application security, the OWASP Top 10 attacks can be
stopped. Application security also prevents bot attacks and stops any malicious interaction with
applications and APIs. With continuous learning, apps will remain protected even as DevOps
releases new content.

7. Zero Trust: The traditional security model is perimeter-focused, building walls around an
organization’s valuable assets like a castle. However, this approach has several issues, such as
the potential for insider threats and the rapid dissolution of the network perimeter. As corporate
assets move off-premises as part of cloud adoption and remote work, a new approach to security
is needed. Zero trust takes a more granular approach to security, protecting individual resources
through a combination of micro-segmentation, monitoring, and enforcement of role-based access
controls.

Importance of cyber security:

 Cyber-attacks can be extremely expensive for businesses to endure.
 In addition to financial damage suffered by the business, a data breach can also inflict
untold reputational damage.

5
  Cyber-attacks these days are becoming progressively destructive. Cybercriminals are
using more sophisticated ways to initiate cyber-attacks.
 Regulations such as GDPR are forcing organizations into taking better care of the
personal data they hold.

Cyber security Fundamentals:

1. Confidentiality: Confidentiality is about preventing the disclosure of data to unauthorized

parties. It also means trying to keep the identity of authorized parties involved in sharing and
holding data private and anonymous. Often confidentiality is compromised by cracking
poorly encrypted data, Man-in-the-middle (MITM) attacks, disclosing sensitive data.
Standard measures to establish confidentiality include:

 Data encryption
 Two-factor authentication
 Biometric verification
 Security tokens
2. Integrity: Integrity refers to protecting information from being modified by unauthorized
parties. Standard measures to guarantee integrity include:

 Cryptographic checksums
 Using file permissions
 Uninterrupted power supplies
3. Availability: Availability is making sure that authorized parties are able to access the
information when needed. Standard measures to guarantee availability include:

• Backing up data to external drives

• Implementing firewalls
• Having backup power supplies
• Data redundancy

Information Society:
An information society is a society where the usage and knowledge of information and
computer technology is at a high level. Facts and data collected together for reference or

6
 analysis is data. Information is gained data through reading, study, communication and
research. The community of people living in a particular country or region, associated to one
another and having shared customs, laws and organization. Information is critical and vital in
every society. It has become a critical resource needed for the survival of any given society.
The world is fast moving from a stage where steel and miles of' railways were important. to a
stage where the size and complexity of information and communication systems will be the
barometer of a country's development No country or individual can continue to afford to
remain in isolation and ignore rapid developments in the field of information and
communications technology. This so called Information Society has its genesis in the post
industrial area. Several thinkers have from times immemorial expressed the view that
knowledge is power and the key to successful development. It is an important input or basic
resource and link between a variety of' activities, intellectual and material, in the society.
Access to the right information at the right time in a convenient form can trigger new
directions in research, development and managerial actions. A widely accepted fact today is
that input in modern production systems is no longer confined to land, labor and capital only.
It is also including information. Information and Communication" are without doubt two key
words and any activity or human relationship involves a process of Communication. The
scientific study of the communication and information are intrinsic to the practice of' science.
Research, stimulated often by new information, is sustained by the continuing flow of
information and, when completed again yields new information. Scientists not only collect
store, retrieve and use information. But also create it through research. But this applies now
to all successful enterprises including business, trade and commerce.

Benefits of information society:

There are many benefits of an information society, including the following:
 Greater efficiency and productivity in businesses and organizations.
 Increased opportunities for education and lifelong learning.
 Improved healthcare through telemedicine and other applications.
 Greater social inclusion of marginalized groups.
 Enhanced cultural exchange and understanding.
 A more sustainable planet through increased use of ICTs in environmental monitoring and
management.

Measures of an information society:

There are several ways to measure an information society. We will examine three now.

1. Penetration of ICTs: One common method is simply to look at the penetration of ICTs
throughout society. This can be done by measuring the following:
 the number of main telephone lines per 100 inhabitants.
 the number of mobile telephone subscriptions per 100 inhabitants.
 the number of personal computers per 100 inhabitants.
 internet users per 100 inhabitants or households with access to the internet.

7
2. The digital divide: Another way to measure an information society is to look at the digital
divide that is, the gap between those who have access to ICTs and those who do not. This can be
done by measuring the following:
 percentage of households with a computer.
 percentage of households with internet access.
 percentage of individuals who have used the internet in the last 12 months.

3. Global Knowledge Index: A third way to measure an information society is to look at

the Global Knowledge Index (GKI), which has been measuring the extent to which a country's
economy relies on knowledge-intensive activities since 2017. The GKI replaced the World Bank
Institutes knowledge economy index (KEI), which was discontinued in 2012. The GKI tracks the
knowledge performance of countries in the following seven areas:
 pre-university education
 technical and vocational education and training
 higher education research
 development and innovation
 information and communications technology and
 economy and the general enabling environment.

Challenges of information society:

There are several challenges associated with an information society, such as the following:
 the risk of exclusion for those without access to ICTs.
 the need for increased security and privacy protections.
 the challenge of managing ever-increasing amounts of data.
 the need for improved literacy in using and understanding ICTs.
 potential negative impacts on health from too much screen time and
 the need for careful regulation of ICTs to ensure they're used ethically.

Knowledge Society:

The term knowledge society refers to a society in which the creation, dissemination, and
utilization of information and knowledge has become the most important factor of production. In
such a society, knowledge assets (also called intellectual capital) are the most powerful producer
of wealth, sidelining the importance of land, the volume of labor, and physical or financial
capital.

The term knowledge society has several meanings. First, it is used by social scientists to describe
and analyze the transformation toward so-called postindustrial society. Second, it is used to refer
to a normative vision that nations or companies should aspire to fulfill. Third, it is used as a
metaphor, rather than a clear-cut concept, under which various topics are examined. In many
cases, the distinction among these three usages is blurred, and it is not clear whether the author

8
using the term is putting forward an analysis of current trends, is forecasting changes, or is
proposing a strategy that should be followed.

Characteristics of knowledge society:

 the mass and polycentric production, transmission, and application of knowledge is
dominant
 the price of most commodities is determined by the knowledge needed for their
development and sale rather than by the raw material and physical labor that is needed to
produce them
 a large portion of the population attains higher education
 a vast majority of the population have access to information and communication
technologies and to the Internet
 a large portion of the labor force are knowledge workers who need a high degree of
education and experience to perform their job well
 both individuals and the state invest heavily in education and research and development
and
 organizations are forced to innovate continually.
 Members of a knowledge society have attained a higher average standard of education in
comparison to other societies and a growing propagation of its labor forces are employed
as knowledge workers.
 Its industry produces products with integrated artificial intelligence such as voice-
recognition software and technology which is used increasingly in smart cars.
 The price of most products is determined by the knowledge needed for their development
and sale rather than by the raw material and physical labor that is needed to produce
them.
 Its organizations have transformed into intelligent organizations by applying creativity
and innovation in a continuous manner.
 There is increased organized knowledge in the form of digitalized expertise, stored in
data banks, expert systems, organizational plan, and other media.
 There are multiple centers of expertise and a poly-centric production of
knowledge utilization.
 A large portion of the population of a knowledge society attains higher education.
 A vast majority of the population have access to information and communication
technology and the internet.
 A large portion of the labor forces is knowledge workers, who need a higher degree of
education and experience to perform their job well.
 Both individuals and the state invest heavily in education and research and development.
 Members of knowledge society are more creative and innovative in comparison to other
societies.
 Organizations in a knowledge society are forced to innovate continually.

The Four Pillars of the Knowledge Society

9
A knowledge society is a society that places high value on education, research, innovation, and
information technologies. It relies on producing, processing, and distributing knowledge and
information as the primary source of economic and social development. UNESCO, the United
Nations Educational, Scientific and Cultural Organization, has identified the Four Pillars of the
Knowledge Society as critical components necessary for developing a knowledge society. These
pillars are freedom of expression, universal access to information and knowledge, respect for
cultural and linguistic diversity, and quality education.

 Freedom of expression is the first pillar of the Knowledge Society. It recognizes that the
right to freedom of expression is fundamental to human dignity, and the ability to express
oneself freely is necessary for creating and disseminating knowledge. In a knowledge
society, individuals can express their opinions and ideas and participate in public discourse.
This is essential for the advancement of knowledge and democratic governance.
 The second pillar of the Knowledge Society is universal access to information and
knowledge. This pillar emphasizes the importance of ensuring all individuals have access
to information and knowledge, regardless of their socioeconomic status, geographic
location, or cultural background. Universal access to information and knowledge is
necessary to promote social and economic development and empower individuals to
participate fully in society. In a knowledge society, access to information and knowledge
is a fundamental human right.
 The third pillar of the Knowledge Society is respect for cultural and linguistic diversity.
This pillar recognizes the importance of cultural and linguistic diversity as a source of
creativity, innovation, and human enrichment. Respect for cultural and linguistic diversity
promotes mutual understanding and respect and facilitates the exchange of knowledge and
ideas across different cultures and languages. In a knowledge society, cultural diversity is
recognized as a valuable asset that enriches the community and contributes to creating and
disseminating knowledge.
 The fourth and final pillar of the Knowledge Society is quality education for all. This pillar
emphasizes the importance of providing quality education to all individuals, regardless of
their background or circumstances. Quality education enables individuals to acquire the
skills and knowledge necessary to participate fully in a knowledge-based economy and
contribute to their community’s and society’s social and economic development. In a
knowledge society, education is seen as a lifelong process accessible to all.

Together, these four pillars of the Knowledge Society create the conditions necessary for the
development of a knowledge society that is inclusive, equitable, and sustainable. They are
interdependent and mutually reinforcing. Freedom of expression, universal access to information
and knowledge, respect for cultural and linguistic diversity, and quality education for all are the
building blocks of a knowledge society that is capable of harnessing the power of knowledge to
address global challenges and promote human well-being.

10
Knowledge society differ from industrial society:

A knowledge society differs significantly from an industrial society in various aspects. While an
industrial society relies on mass production, manufacturing, and physical labor as the main drivers
of economic growth, a knowledge society thrives on generating, disseminating, and applying
knowledge. In an industrial society, tangible resources like raw materials and machinery are
paramount, whereas, in a knowledge society, intangible assets such as information, expertise, and
innovation take precedence. In an industrial society, hierarchical structures and top-down decision-
making are common, while a knowledge society encourages collaboration, networking, and
decentralized decision-making. Additionally, in an industrial society, education primarily focuses
on imparting specific skills for employment. In contrast, in a knowledge society, education
emphasizes critical thinking, lifelong learning, and adaptability to keep up with rapidly evolving
knowledge and technology. Overall, a knowledge society places greater value on intellectual
capital, innovation, and the efficient use of information and technology to drive progress.

Benefits of knowledge society:

Living in a knowledge society offers a multitude of benefits that positively impact individuals,
communities, and societies as a whole. Firstly, access to information and knowledge becomes
more widespread and readily available, empowering individuals to make informed decisions,
expand their intellectual horizons, and participate actively in social, economic, and political
spheres. The emphasis on education and lifelong learning in a knowledge society fosters personal
growth, professional development and enhances employability. Moreover, a knowledge society
promotes innovation, creativity, and problem-solving, leading to technological advancements,
scientific breakthroughs, and improved quality of life. Collaboration and networking are
encouraged, facilitating the exchange of ideas, interdisciplinary research, and the development of
diverse perspectives. Economic growth and competitiveness are stimulated as knowledge-based
industries and services flourish, attracting investments and creating high-skilled job opportunities.
Lastly, a knowledge society tends to value cultural diversity, tolerance, and inclusivity, promoting
social cohesion and fostering a sense of global interconnectedness.

Impact of Knowledge Society on Economic Growth and Development:

A knowledge society has a profound impact on economic growth and development. It fuels
innovation and productivity gains across various sectors by emphasizing the generation,
dissemination, and application of knowledge. In a knowledge society, investments in research and
development, education, and technology are prioritized, leading to advancements in science,
technology, and innovation. This, in turn, drives economic competitiveness as companies and
industries leverage knowledge-based strategies to create new products, services, and business
models. Moreover, a knowledge society fosters a highly skilled and adaptable workforce capable
of responding to changing market demands and leveraging emerging opportunities. It promotes
entrepreneurship and encourages the formation of knowledge-intensive startups that contribute to
job creation, economic diversification, and wealth generation. Additionally, efficient information
and communication technologies in a knowledge society enhance productivity, facilitates global

11
collaboration and trade, and enable the rapid dissemination of ideas and knowledge. Overall, a
knowledge society becomes a catalyst for sustained economic growth, increased productivity, and
improved living standards.

Cyber Space:

Cyberspace mainly refers to the computer which is a virtual network and is a medium
electronically designed to help online communications to occur. This facilitates easy and
accessible communications to occur across the world. The whole Cyberspace is composed of large
computer networks which have many sub-networks. These follow the TCP or IP protocol.
The TCP (Transmission Control Protocol) is a standard for communications that allows the
application programs and other computing devices to exchange data and messages over a Cyber
network. These are designed to send data across the internet which then makes sure that the sent
data are successfully delivered over the networks. It is the standards that are mostly used to define
the rules of the internet and are defined by the Internet Engineering Task Force or IETF. It is a
very commonly used protocol and it ensures that there is an end-to-end delivery of data.

On the other hand, Internet Protocol or IP is the protocol or method that involves sending data
from one device to another using the internet. Each and every device has an IP address that is
unique to it and this gives it its identity. The IP address enables communication and exchange of
data to other devices across the internet. It defines how devices and their applications will exchange
packages of data with each other and connected networks. All the transfer occurs through either
of the Internet Protocol Suite or protocols i.e. either TCP or IP.
Cyberspace is that space in which users share information, interact with each other; engage in
discussions or social media platforms, and many other activities. This concept was introduced by
William Gibson in his book ‘Necromancer’ which was done in 1894. Thus, this term is still widely
used among everyone as it is rapidly growing and used for various purposes by an individual.

Cyberspace History:

The word Cyberspace first made its appearance in William Gibson’s Science fiction book
Necromancer. The book described an online world filled with computers and associated societal
elements. In that book, the author described Cyberspace as a 3D virtual landscape created by a
network of computers. Although it looks like a physical space, it is generated by a computer,
representing abstract data.
After the publication of the book, the word Cyberspace became a mainstay in many English
dictionaries. The New Oxford Dictionary of English provides Cyberspace definition as the notional
environment used by the people to communicate over networks of the computer.
As per the Cyberspace meaning, Cyberspace is a virtual space with no mass, gravity or boundaries.
It is the interconnected space between networks of computer systems.
Bits and Bytes- Zeroes and ones are used to define Cyberspace. It is a dynamic environment where
these values change continuously. It can also be defined as the imaginary location where two
parties can converse.

12
If we look into the Cyberspace meaning, it is not a physical space but a digital medium. The
differences between a physical world and Cyberspace are as follows:

Cyberspace and Physical World:

Cyberspace Physical World

Dynamic, exponential and undefined Well-defined, static and

incremental

No fixed shape, rather as vast as human Fixed Contours

imagination

Cyberspace can be compared to a human brain where the network of computers represents the
innumerable neurons and the connections between them. Therefore, it can be considered as a link
between the physical and the infinite world.

Digital Economy:

Digital economy is one collective term for all economic transactions that occur on the internet. It is
also known as the Web Economy or the Internet Economy. With the advent of technology and the
process of globalization, the digital and traditional economies are merging into one. Let us learn
more about this concept of digital economy. Digital economy is defined as an economy that focuses
on digital technologies, i.e. it is based on digital and computing technologies. It essentially covers
all business, economic, social, cultural etc. activities that are supported by the web and other digital
communication technologies. The term was first coined in a book “The Digital Economy: Promise
and Peril in the Age of Networked Intelligence” by author Don Tap Scott in 1995.
There are three main components of this economy, namely,
 e-business
 e-business infrastructure
 e-commerce

In the last 15 years, we have seen the tremendous growth of digital platforms and their influence on
our lives. Now consumers are influenced by things they see on social media (Facebook, Twitter,
Instagram) and other such popular websites (YouTube etc.). So this economy is a way to exploit this
opportunity. Now it is integrated into every aspect of the user’s life healthcare, education, banking,
entertainment etc.

Merits of Digital Economy:

13
Digital economy has given rise to many new trends and start-up ideas. Almost all of the biggest
companies in the world (Google, Apple, Microsoft, Amazon) are from the digital world. Let us look
at some important merits of the digital economy.
1. Promotes Use of the Internet: If you think about it, most of your daily work can today be done
on the internet. The massive growth of technology and the internet that began in the USA is now a
worldwide network. So there is a dramatic rise in the investment on all things related – hardware,
technological research, software, services, digital communication etc. And so this economy has
ensured that the internet is here to stay and so are web-based businesses.
2. Rise in E-Commerce: The businesses that adapted and adopted the internet and embraced
online business in the last decade have flourished. The digital economy has pushed the e-commerce
sector into overdrive. Not just direct selling but buying, distribution, marketing, creating, selling
have all become easier due to the digital economy.
3. Digital Goods and Services: Gone are the days of Movie DVD and Music CD’s or records. Now,
these goods are available to us digitally. There is no need for any tangible products anymore. Same is
true for services like banking, insurance etc. There is no need to visit your bank if you can do every
transaction online. So certain goods and services have been completely digitized in this digital
economy.
4. Transparency: Most transactions and their payment in the digital economy happen online. Cash
transactions are becoming rare. This helps reduce the black money and corruption in the market and
make the economy more transparent. In fact, during the demonetization, the government made a push
for online transactions to promote the web economy.

Demerits of Digital Economy:

1 Loss in Employment: The more we depend on technology, the less we depend on human
resources. The advancement of the digital economy may lead to the loss of many jobs. As the processes
get more automated, the requirement for human resources reduces. Take the example of online
banking itself.
2 Lack of Experts: Digital economy requires complex processes and technologies. To build the
platforms and their upkeep require experts and trained professionals. These are not readily available,
especially in rural and semi-rural areas.
3 Heavy Investment: Digital economy requires a strong infrastructure, high functioning Internet,
strong mobile networks and telecommunication. All of this is a time consuming and investment heavy
process. In a developing country like ours, development of the infrastructure and network is a very
slow, tedious and costly process.

Features of the digital economy:

The main characteristics of a digital economy include:
 Internet-powered: The internet has become the driver of the digital economy, making it
possible for organizations to connect with new markets and target a better fit of
customers.

14
  World-encompassing: Location no longer limits businesses in a digital economy. The
ease of global interconnection enables businesses to reach new markets and better
maintain the customers they have.
 Always-on: The technology, mobile apps and digital products offered by E-Commerce
has allowed businesses to offer goods and services twenty-four hours a day, seven days a
week.
 Fast-paced: Due to the almost constant flood of new technologies, and the innovation
that brings with it, the digital economy moves at a far quicker pace, making it even more
important for companies to keep up.
 Data-driven: Data is at the heart of the digital economy. Using data and analytics,
businesses are able to make more informed decisions about the product they offer, and
formulate marketing strategies targeted perfectly at specific consumers.
 Competitive: In a web economy, networked intelligence has enabled companies to ramp
up the competition by being more aware of what consumers want, allowing them more
choices, and forcing them to vie for their attention.

Critical Infrastructure:

Critical Infrastructure are those assets, systems, and networks that provide functions necessary
for our way of life. There are 16 critical infrastructure sectors that are part of a complex,
interconnected ecosystem and any threat to these sectors could have potentially debilitating
national security, economic, and public health or safety consequences.
CISA provides guidance to support state, local, and industry partners in identifying the critical
infrastructure sectors and the essential workers needed to maintain the services and functions
Americans depend on daily.
There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical
or virtual, are considered so vital to the United States that their incapacitation or destruction
would have a debilitating effect on security, national economic security, national public health or
safety, or any combination thereof. Presidential Policy Directive 21 (PPD-21): Critical
Infrastructure Security and Resilience advances a national policy to strengthen and maintain
secure, functioning, and resilient critical infrastructure.
There are 16 critical infrastructures:
 Chemical sector: DHS was identified as the Chemical Sector Risk Management Agency
(SRMA) in Presidential Policy Directive (PPD) 21. CISA performs the Chemical Sector
SRMA responsibilities on behalf of DHS. CISA leads the Chemical Sector’s public-
private partnership and works with companies to develop tools and resources that
enhance the sector’s security and resilience.
 Commercial Facilities sector: The Commercial Facilities Sector protects spaces open to
the general public against coordinated attacks. CISA offers strategic direction across
eight subsectors to improve security and resilience in these locations.
 Communication sector: The communications sector has evolved into a complex
industry of terrestrial, satellite, and wireless systems with many interdependencies. CISA

15
 works with private sector stakeholders to implement the risk management framework to
protect all aspects of the communication sector.
 Critical Manufacturing Sector: The communications sector has evolved into a complex
industry of terrestrial, satellite, and wireless systems with many interdependencies. CISA
works with private sector stakeholders to implement the risk management framework to
protect all aspects of the communication sector.
 Dams Sector: With more than 90,000 dams in the U.S., the Dams Sector delivers critical
water retention and control services. CISA works with sector partners to protect assets
from natural disasters, as well as human-caused and technological events.
 Defense Industrial Base Sector: With more than 90,000 dams in the U.S., the Dams
Sector delivers critical water retention and control services. CISA works with sector
partners to protect assets from natural disasters, as well as human-caused and
technological events.
 Emergency Services Sector: Supporting millions of skilled personnel with physical and
cyber resources, the Emergency Services Sector helps save lives, protect property and the
environment, and assist in recovery efforts after emergencies and disasters.
 Energy Sector: The energy sector protects a multifaceted web of electricity, oil, and
natural gas resources and assets to maintain steady energy supplies and ensure the overall
health and wellness of the nation.
 Financial services Sector: By protecting financial institutions of all sizes from large-
scale power outages, natural disasters, and cyber-attacks, the Financial Services Sector
protects your financial assets as well as your ability to access and utilize those assets.
 Food Agriculture Sector: The food and agriculture sector, including farms, restaurants,
and food manufacturing, processing, and storage facilities, is almost entirely privately-
owned. CISA provides guidance, resources, and collaboration with interdependent sectors
to protect against a range of risks.
 Government Facilities Sector: Federal, state, local and tribunal government buildings
and spaces have differing accessibility restrictions and purposes. The Government
Facilities Sector helps these facilities identify their unique risk factors and protect against
potential attacks or issues.
 Healthcare and Public Health Sector: The Healthcare and Public Health Sector focuses
on population health and provides the response and recovery actions needed after large-
scale hazards such as terrorism, infection disease, and natural disasters.
 Information Technology Sector: The nation’s growing dependency on information
technology has made the Information Technology Sector mission – to identify and protect
against cyber threats and vulnerabilities more complex and important in the 21st century.
 Nuclear sector, Material and Waste Sector: From the power reactors that provide
electricity to millions of Americans, to the medical isotopes used to treat cancer patients,
America has an extensive civilian nuclear infrastructure.
 Transportation Systems Sector: Moving millions of people and goods across the
country every day, the transportation systems sector is exposed to a limitless number of
threats and risks. CISA works to protect these systems and ensure a continuity of
operations.

16
  Water and wastewater system: Access to clean, healthy water is a requirement for all
human activity. Protecting the systems that provide water is of vital importance to the
stability and health of the nation and is the mission of the Water and Wastewater Systems
Sector.

Critical information Infrastructure:

Recently, the Union Ministry of Electronics and IT (MeitY) has declared IT (Information
Technology) resources of ICICI Bank, HDFC Bank and NPCI(National Payments
Corporation of India) as ‘critical information infrastructure’. The Information Technology Act
of 2000 defines Critical Information Infrastructure as a computer resource, the incapacitation
or destruction of which shall have debilitating impact on national security, economy, public
health or safety. The government, under the IT Act of 2000, has the power to declare any
data, database, IT network or communications infrastructure as CII to protect that digital
asset. Any person who secures access or attempts to secure access to a protected system in
violation of the law can be punished with a jail term of up to 10 years.

Why is CII Classification and Protection Necessary?

 Global Practice: World over governments have been moving with alacrity to protect their
critical information infrastructure.

17
 Backbone of Countless Critical Operations: IT resources form the backbone of countless
critical operations in a country’s infrastructure, and given their interconnectedness,
disruptions can have a cascading effect across sectors.
 IT Failure leads to Crippling Other Sectors: An information technology failure at a
power grid can lead to prolonged outages crippling other sectors like healthcare, banking
services etc.
o Example: Wave of Denial-of-Service Attacks in Estonia: In 2007, a wave of
denial-of-service attacks, allegedly from Russian IP addresses, hit major Estonian
banks, government bodies – ministries and parliament, and media outlets. It was cyber
aggression of the kind that the world had not seen before. The attacks played havoc in
one of the most networked countries in the world for almost three weeks.
o A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or
network, making it inaccessible to its intended users. DoS attacks accomplish this by
flooding the target with traffic, or sending it information that triggers a crash.

Case of India:
o In October, 2020 as India battled the pandemic, the electric grid supply to Mumbai
suddenly snapped hitting the mega city’s hospitals, trains and businesses.
o Later, a study by a US firm claimed that this power outage could have been a cyber-
attack, allegedly from a China-linked group, aimed at critical infrastructure. The
government, however, was quick to deny any cyber-attack in Mumbai.
o But the incident underlined the possibility of hostile state and non-state actors probing
internet-dependent critical systems in other countries, and the necessity to fortify such
assets.

How are CIIs protected in India?

o NCIIPC as Nodal Agency: Created in January 2014, the National Critical
Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for taking
all measures to protect the nation’s critical information infrastructure.
o Mandate of NCIIPC: It is mandated to guard CIIs from unauthorized access,
modification, use, disclosure, disruption, incapacitation or distraction. It will monitor
and forecast national-level threats to CII for policy guidance, expertise sharing and
situational awareness for early warning or alerts. In the event of any threat to critical
information infrastructure the NCIIPC may call for information and give directions to
the critical sectors or persons serving or having a critical impact on Critical
Information Infrastructure.
o Basic Responsibility: The basic responsibility for protecting the CII system shall lie
with the agency running that CII.

18
Critical Information Infrastructure Needs in India:
 Backbone of country’s infrastructure: IT resources form the backbone of countless
critical operations in a country’s infrastructure, and disruptions can have a cascading
effect across sectors, considering the interconnectedness between various sectors.
 Critical sector protection: Information technology failure at a power grid can cause
power outages crippling critical sectors like healthcare and banking services.
 Fortifying assets: There are chances of hostile state and non-state actors attacking
internet-dependent critical systems in a country, and hence there is a need to fortify
such assets.

Internet as global information Infrastructure:

The Internet is a networking infrastructure; it connects millions of computers together
globally, forming a network in which any computer can communicate with any other
computer connected to the network.
It is an ever-growing wide area network of millions of computers and computer networks
across the globe, which can exchange information through standard rules or protocols. The
Internet is a vast hardware and software infrastructure that enables computer interconnectivity.
The Global Information Infrastructures is the developing communications framework which is
intended to eventually connect all the telecommunications and computer networks worldwide.
The GII will make all the electronically stored or transmitted information accessible from
anywhere in the world.
The Internet is termed as the Global Information Infrastructures because it is providing all
types of information in various formats in the shortest possible time and at the lowest cost.
Currently, the Internet is the default Global Information Infrastructure.
Today the Internet is:

 A widespread information infrastructure.

 A means for access to information worldwide.
 A network of networks worldwide.
 A network of all the telecommunications worldwide.
The Internet has evolved over time and nowadays it supports a larger volume and variety of
users, capabilities, and services. Information access is among the primary purposes for
constructing a Global Information Infrastructure. The Internet offers a new Global
Information Infrastructure that is challenging the way people interact.
The Internet and the telecommunication infrastructure collectively from the Global
Information Infrastructure. But the Internet plays a major role in realizing the concept of
Global Information Infrastructures.
It acts as an enabling environment for the proper development and implementation of
the Global Information Infrastructure.
It handles the storage, transmission, and management of information, and thus it is a critical
component of GII.

19
Global information infrastructure issues:
1. Market and product competition Open international competition among countries and
among providers of information products and services is a pre-requisite for the rapid
development and diffusion of new technologies and applications. This requires
governments to review and, if necessary, to modify existing policy in order not to
hinder entry of domestic and foreign firms; to eliminate restrictions on cross-sector
services; and to maintain transparency in regulation. The aim is to develop efficient
markets in all segments of information and communications industries, ranging from
content to hardware, through competing technologies, services and networks.

2. Electronic commerce and digital payments Advanced information and

communications tools support the development of electronic commerce practices to
increase the efficiency and effectiveness of all types of relationships among business
partners, households and governments, and the emergence of new types of markets.
Electronic commerce facilitates established business-to-business commercial relations,
sales by companies to consumers, as well as transactions between consumers. It, thus,
potentially affects the business environment at national, regional and global levels, and
generates major opportunities for market growth and development of jobs, industries
and services. Increasingly, there is a need for internationally agreed upon and reliable
mechanisms for making payments electronically for goods and services which are
electronically traded.

3. Interconnection, open access, interoperability and standards There is general

agreement that interoperability and common standards are desirable, even essential,
for the GII and the GIS. The question, however, is whether they should be left to
industry or mandated. Experience suggests that most standards should be voluntary
and set by industry, in a competitive environment, with safeguards against abuse of
dominant power on the part of companies and countries, and with mandatory and
publicly set standards kept to a minimum. Interoperability and standards can enhance
global-level innovation, the spread of technology and can lower the price of services.

4. Universal service It is generally agreed that an objective of public support of an

information society is to avoid a society of “information-rich” and “information-poor”.
Some countries are reluctant to broaden the scope of “universal service”, since the
financial contributions expected from operators would raise the threshold for
newcomers to enter the market. However, a number of governments have called for an
expansion of the concept of “universal service” in view of the new and multiple
technologies, networks, services, etc., that are now available and in order to prevent
risks of unequal access to information.

20