Module 1 Cyber Security-2023-24

Download as pdf or txt
Download as pdf or txt
You are on page 1of 54

Module 1

● Basic Cyber Security Concepts,

● layers of security,

● Vulnerability, threat, Harmful acts,

● Internet Governance – Challenges and Constraints,

● Computer Criminals,

● CIA Triad,

● Assets and Threat,

● motive of attackers,

● active attacks,passive attacks,

● Software attacks, hardware attacks,

● Cyber Threats-Cyber Warfare,

● Cyber Crime, Cyber terrorism, Cyber Espionage, etc.,

● Comprehensive Cyber Security Policy


● Introduction to Cyber Security
What is the meaning of word Cyber

What are the problem in Cyber Word

What is the need of cyber Security

How to maintain the cyber Security


Definition
Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and
data from malicious attacks. It's also known as information technology security or electronic information security.
The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common
categories
.
Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic
malware.

·Application security focuses on keeping software and devices free of threats. A compromised application could provide
access to the data its designed to protect. Successful security begins in the design stage, well before a program or device is
deployed.

· Information security protects the integrity and privacy of data, both in storage and in transit.

· Operational security includes the processes and decisions for handling and protecting data assets. The permissions users
have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under
this umbrella.

·Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other
event that causes the loss of operations or data. Disaster recovery policies dictate how the organization restores its operations
and information to return to the same operating capacity as before the event. Business continuity is the plan the organization
falls back on while trying to operate without certain resources.

·End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a
virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email
attachments, not plug in unidentified USB drives, and various other important lessons is vital for the security of any
organization.
Types of cyber threats

Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption.

2. Cyber-attack often involves politically motivated information gathering.

3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.


Types of Cyber Attacks

Cyber-attacks can be classified into the following categories:

1) Web-based attacks

2) System-based attacks
Web-based attacks

● Injection attacks

● DNS Spoofing

● Session Hijacking

● Phishing

● Brute force

● Denial of Service

● Dictionary attacks

● URL Interpretation

● File Inclusion attacks

● Man in the middle attacks


System-based attacks

Virus

Worm

Trojan horse

Backdoors

Bots
The 7 layers of cyber security
1: Mission Critical Assets – This is the data you need to protect

2: Data Security – Data security controls protect the storage and transfer of data.

3: Application Security – Applications security controls protect access to an application, an application’s access to your mission critical assets,
and the internal security of the application.

4: Endpoint Security – Endpoint security controls protect the connection between devices and the network.

5: Network Security – Network security controls protect an organization’s network and prevent unauthorized access of the network.

6: Perimeter Security – Perimeter security controls include both the physical and digital security methodologies that protect the business overall.

7: The Human Layer – Humans are the weakest link in any cyber security posture. Human security controls include phishing simulations and
access management controls that protect mission critical assets from a wide variety of human threats, including cyber criminals, malicious
insiders, and negligent users.
● Threat,Vulnerability, Risk ,
Cyber threats are security incidents or circumstances that can have a negative outcome for your network or other data
management systems.

Examples of common types of security threats include phishing attacks that result in installing malware that infects your
data, failure of a staff member to follow data protection protocols that cause a data breach, or even nature’s forces that takes
down your company’s data headquarters, disrupting access.

Vulnerabilities are the gaps or weaknesses in a system that make threats possible and tempt threat actors to exploit them.

Types of vulnerabilities in network security include but are not limited to SQL injections, server misconfigurations, cross-site
scripting, and transmitting sensitive data in a non-encrypted plain text format.

When threat probability is multiplied by the potential loss that may result, cybersecurity experts refer to this as a risk.

Risk---potential for loss, damage, or destruction of an asset as a result of a threat exploiting a vulnerability
Risk = Threats x Vulnerabilities
Components of a Threat
– Threat agents---criminals, terrorists, subversive or secret groups, state sponsored, disgruntled employees,, hackers,
pressure groups, commercial groups

– Capability---software, technology, facilities, education and training, methods, books and manuals

– Threat inhibitors---fear of capture, fear of failure, level of technical difficulty, cost of participation, sensitivity to public
perception, law enforcement activity, target vulnerability, target profile, public perception, peer perception

– Threat amplifiers---peer pressure, fame, access to information, changing high technology, deskilling through scripting,
skills and education levels, law enforcement activity, target vulnerability, target profile, public perception, peer perception

– Threat catalysts---events, technology changes, personal circumstances

– Threat agent motivators---political, secular, personal gain, religion, power, terrorism, curiosity
Threat Agents
Types
– Natural---fire, floods, power failure, earthquakes, etc.
– Unintentional---insider, outsider---primarily non-hostile
– Intentional---Insider, outsider---hostile or non-hostile (curious)
• Foreign agents, industrial espionage, terrorists,organized crime, hackers and
crackers, insiders, political dissidents, vendors and suppliers
Top ten Database Security Threats
1. Excessive Privilege Abuse---users are granted database access privileges that exceed the requirements of their job function;
e.g., a university administrator whose job requires only the ability to change student contact information may take advantage of
excessive database update privileges to change grades

2. Legitimate Privilege Abuse ---- Users may abuse legitimate database privileges for unauthorized purposes;e.g. a rogue health
worker who is willing to trade patient records for money

3. Privilege Elevation---Attackers may take advantage of database platform software vulnerabilities to convert access privileges
from those of an ordinary user to those of an administrator. Vulnerabilities may be found in stored procedures, built-in functions,
protocol implementations, and even SQL statements

4. Database Platform Vulnerabilities--- Vulnerabilities in underlying operating systems (Windows 2000, UNIX, etc.) and additional
services installed on a database server may lead to unauthorized access, data corruption, or denial of service.

5. SQL Injection--- a perpetrator typically inserts (or “injects”) unauthorized database statements into a vulnerable SQL data
channel. Using SQL injection, attackers may gain unrestricted access to an entire database

6. Weak Audit Trail--- Weak database audit policy represents a serious organizational risk on many levels.--- regulatory risk,
deterrence, and detection and recovery
7. Denial of Service (DoS)--- access to network applications or data is denied to intended users

8. Database Communication Protocol Vulnerabilities--- e.g., Four out of seven security fixes in the two most recent IBM DB2
FixPacks address protocol vulnerabilities; similarly, 11 out of 23 database vulnerabilities fixed in the most recent Oracle quarterly
patch relate to protocols

9. Weak Authentication--- allowing attackers to assume the identity of legitimate database users by stealing or otherwise obtaining
login credentials

10. Backup Data Exposure--- Backup database storage media is often completely unprotected from attack. As a result, several high
profile security breaches have involved theft of database backup tapes and hard disks.
Vulnerabilities
Some weakness of a system that could allow
security to be allowed.”
• Types of vulnerabilities
– Physical vulnerabilities
– Natural vulnerabilities
– Hardware/software vulnerabilities
– Media vulnerabilities (e.g., stolen/damaged
disk/tapes)
– Emanation vulnerabilities---due to radiation
– Communication vulnerabilities
– Human vulnerabilities
How do the vulnerabilities manifest?
The different types of vulnerabilities manifest themselves via several misuses:

– External misuse---visual spying, misrepresenting, physical scavenging

– Hardware misuse---logical scavenging, eavesdropping, interference, physical attack, physical


removal

– Masquerading---impersonation, piggybacking attack, spoofing attacks, network weaving

– Pest programs---Trojan horse attacks, logic bombs, malevolent worms, virus attacks

– Bypasses---Trapdoor attacks, authorization attacks (e.g., password cracking)

– Active misuse---basic active attack, incremental attack, denial of service

– Passive misuse---browsing, interference, aggregation, covert channels


Risk and Risk management
Risk is the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization

• Risk management--- “Process of identifying, controlling and minimizing or eliminating security risks that may affect information systems, for an
acceptable cost.” — assessment of risk and the implementation of procedures and practices designed to control the level of risk

• Risk assessment--- “ assessment of threats to, impact on and vulnerabilities of information and information processing facilities and the likelihood
of their occurrence.”---identification of the risk, analysis of the risk in terms of performance, cost, and other quality factors; risk prioritization in
terms of exposure and leverage
Example:

In a system that allows weak passwords,

– Vulnerability---password is vulnerable for dictionary or exhaustive key

attacks

– Threat---An intruder can exploit the password weakness to break into

the system

– Risk---the resources within the system are prone for illegal

access/modify/damage by the intruder


Internet Governance – Challenges and Constraints,

History: Evolution of Internet governance


1969 – early 1990’s: Building the Internet
– decentralized institutional corporate arrangements
– RFCs for standards, Postel’s IANA for names, numbers

• Early 90’s -‐ 2002: Commercialization accelerates


– Acceptable use policies
– Domain name industry takes off

• 2003 -‐ present : Entry of governments, WSIS,


– Governments take Internet seriously
– WSIS, WGIG, IGF, NaLonal IGFs, Net Mundia
Working Group on Internet Governance
“Internet governance is the development and application by
Governments, the private sector and civil society, in their
respective roles, of shared principles, norms, rules, decision-‐
making procedures, and programmes that shape the evolution
and use of the Internet.”
• Demonstrates inclusivity
• Constructively ambiguous?
• Substantiated by the WSIS process
Definition
Governance is defined as ‘exercise of power and authority.’ As a general concept, term governance can be used to describe set
of rules any organisation is run by, including private, commercial and non-profit entities. Within the security sector, “governance”

is used to describe all formal and informal decisions, processes and actors that may influence the provision of public goods,
such as health, education, or security. Security sector governance (SSG) is defined as ‘exercise of power and authority in the

context of one particular national security sector1 It is an analytical concept that is not based on a commitment to any specific
norms or values.
Seven main principles of good governance have been listed as follows:
Accountability: there are clear expectations from security providers, and independent
authorities oversee whether these expectations are met and impose sanctions if they are not.

• Transparency: information is freely available and accessible to those affected by decisions


and their implementation. • Rule of law: all persons and institutions, including the state, are
subject to laws that are publicly known, enforced impartially and consistent with international
and national human rights norms and standards.

• Participation: all women and men of all backgrounds have the opportunity to participate in
decision-making process and service provision on a free, equitable and inclusive basis, either
directly or through legitimate representative institutions.


Seven main principles of good governance have been listed as follows:
● Responsiveness: institutions are sensitive to different security needs of all parts of the
population and fulfil their mandates in the spirit of culture of service.
● • Effectiveness: institutions fulfil their respective roles, responsibilities and missions up to a
high professional standard.
● • Efficiency: institutions make the best possible use of public resources in fulfilling their
respective roles, responsibilities and missions.
TYPES OF CYBERSECURITY THREATS

● Viruses are designed so that they can be easily transmitted from one computer or system to another. Often sent as
email attachments, viruses corrupt and co-opt data, interfere with your security settings, generate spam, and may
even delete content.

● Computer worms are similar; they spread from one computer to the next by sending themselves to all of the user’s
contacts and subsequently to all contacts’ contacts.

● Trojans. These malicious pieces of software insert themselves into a legitimate program. Often, people voluntarily
let trojans into their systems in email messages from a person or an advertiser they trust. As soon as the
accompanying attachment is open, your system becomes vulnerable to the malware within.

● Bogus security software that tricks users into believing that their system has been infected with a virus. The
accompanying security software that the threat actor provides to fix the problem causes it.

● The adware tracks your browsing habits and causes particular advertisements to pop up. Although this is common
and often something you may even agree to, adware is sometimes imposed upon you without your consent.
TYPES OF CYBERSECURITY THREATS

● Spyware is an intrusion that may steal sensitive data such as passwords and credit card
numbers from your internal systems.
● A denial of service (DOS) attack occurs when hackers deluge a website with traffic,
making it impossible to access its content. A distributed denial of service (DDOS) attack is
more forceful and aggressive since it is initiated from several servers simultaneously. As a
result, a DDOS attack is harder to mount defenses against it.
● Phishing attacks are social engineering infiltrations whose goal is to obtain sensitive data:
passwords and credit card numbers incorrectly. Via emails or links coming from trusted
companies and financial institutions, the hacker causes malware to be downloaded and
installed.
TYPES OF CYBERSECURITY THREATS

● SQL injections are network threats that involve using malicious code to infiltrate cyber
vulnerabilities in data systems. As a result, data can be stolen, changed, or destroyed.
● Man-in-the-middle attacks involve a third party intercepting and exploiting
communications between two entities that should remain private. Eavesdropping occurs, but
information can be changed or misrepresented by the intruder, causing inaccuracy and even
security breaches.

● Rootkit tools gain remote access to systems without permission and can lead to the
installation of malware and the stealing of passwords and other data.
Cyber safety tips - protect yourself against cyberattacks

● Update your software and operating system:This means you benefit from the latest
security patches.
● Use anti-virus software:Security solutions will detect and removes threats. Keep your
software updated for the best level of protection.
● Use strong passwords:Ensure your passwords are not easily guessable.
● Do not open email attachments from unknown senders:These could be infected with
malware.
● Do not click on links in emails from unknown senders or unfamiliar websites:This is a
common way that malware is spread.
● Avoid using unsecure WiFi networks in public places:Unsecure networks leave you
vulnerable to man-in-the-middle attacks.
● CIA Triad,

The CIA Triad is a fundamental cybersecurity model that acts as a foundation in the
development of security policies designed to protect data. The three letters in CIA Triad stand for
Confidentiality, Integrity, and Availability.

1. Confidentiality refers to protecting information such that only those with authorized access
will have it.
2. Integrity relates to the veracity and reliability of data. Data must be authentic, and any
attempts to alter it must be detectable.
3. Availability is a crucial component because data is only useful if it is accessible.
Availability ensures that data can be accessed when needed and will continue to function
when required.
Putting Confidentiality into Practice:
1. Data encryption is one way to ensure confidentiality and that unauthorized users cannot
retrieve data for which they do not have access.
2. Access control is also an integral part of maintaining confidentiality by managing which
users have permissions for accessing data.
3. Life science organizations that utilize patient data must maintain confidentiality or violate
HIPAA.
Putting Integrity into Practice:
1. Event log management within a Security Incident and Event Management system is crucial
for practicing data integrity.
2. Implementing version control and audit trails into your IT program will allow your
organization to guarantee that its data is accurate and authentic.
3. Integrity is an essential component for organizations with compliance requirements. For
example, a condition of the SEC compliance requirements for financial services
organizations requires providing accurate and complete information to federal regulators.

Putting Availability into Practice:
1. Employing a backup system and a disaster recovery plan is essential for maintaining data
availability should a disaster, cyber-attack, or another threat disrupt operations.
2. Utilizing cloud solutions for data storage is one way in which an organization can increase
the availability of data for its users.
3. As the reliance on data analytics expands, the need for data to be available and accessible
grows for sectors like financial services and life sciences.
● Motive of attackers
1. Financial Gain

The primary motivation of a hacker is money, and getting it can be done with a variety of
methods. They could directly gain entry to a bank or investment account; steal a password to your
financial sites and then transfer the assets over to one of their own; swindle an employee into
completing a money transfer through a complicated spear phishing technique, or conduct a
ransomware attack on your entire organization. The possibilities are endless, but most hackers
are out to make a profit.

2. Recognition & Achievement

Some hackers are motivated by the sense of achievement that comes with cracking open a major
system. Some may work in groups or independently, but, on some scale, they would like to be
recognized. This also ties into the fact that cyber criminals are competitive by nature, and they
love the challenge their actions bring. In fact, they often drive one another to complete more
complicated hacks.
● Motive of attackers
3. Insider Threats

Individuals who have access to critical information or systems can easily choose to misuse that access—to the detriment of
their organization. These threats can come from internal employees, vendors, a contractor or a partner—and are viewed as
some of the greatest cyber security threats to organizations. However, not all insider threats are intentional, according to an
Insider Threat Report from Crowd Research Partners. Most (51%) are due to carelessness, negligence, or compromised
credentials, but the potential impact is still present even in an unintentional scenario.

4. Political Motivation – “Hacktivism”

Some cyber criminal groups use their hacking skills to go after large organizations. They are usually motivated by a cause of
some sort, such as highlighting human rights or alerting a large corporation to their system vulnerabilities. Or, they may go up
against groups whose ideologies do not align with their own. These groups can steal information and argue that they are
practicing free speech, but more often than not, these groups will employ a DDoS (Distributed Denial of Service) attack to
overload a website with too much traffic and cause it to crash.
● Motive of attackers
5. State Actors

State-sponsored actors receive funding and assistance from a nation-state. They are specifically engaged in cyber crime to
further their nation’s own interests. Typically, they steal information, including “intellectual property, personally identifying
information, and money to fund or further espionage and exploitation causes.” However, some state-sponsored actors do
conduct damaging cyberattacks and claim that their cyberespionage actions are legitimate activity on behalf of the state.

6. Corporate Espionage

This is a form of cyber attack used to gain an advantage over a competing organization.Conducted for commercial or
financial purposes, corporate espionage involves:

● Acquiring property like processes or techniques, locations, customer data, pricing, sales, research, bids, or strategies
● Theft of trade secrets, bribery, blackmail, or surveillance.
● Active attacks,Passive attacks,
In active attacks, the attacker intercepts the connection and efforts to modify the message's content. It is dangerous for
integrity and availability of the message. Active attacks involve Masquerade, Modification of message, Repudiation, Replay,
and Denial of service. The system resources can be changed due to active attacks. So, the damage done with active attacks
can be harmful to the system and its resources.In active attacks, the victim gets notified about the attack. The implication of
an active attack is typically difficult and requires more effort. Active attacks can be prevented by using some techniques. We
can try the below-listed measures to prevent these attacks -

● Use of one-time password help in the authentication of the transactions between two parties.
● There could be a generation of the random session key that will be valid for a single transaction. It should prevent the
malicious user from retransmitting the actual information once the session ends.
Passive attacks

In passive attacks, the attacker observes the messages, then copy and save them and can use it for malicious purposes. The attacker does not
try to change the information or content he/she gathered. Although passive attacks do not harm the system, they can be a danger for the
confidentiality of the message.In the below image, we can see the process of passive attacks.Unlike active attacks, in passive attacks, victims
do not get informed about the attack. It is difficult to detect as there is no alteration in the message. Passive attacks can be prevented by using
some encryption techniques. We can try the below-listed measures to prevent these attacks -

● We should avoid posting sensitive information or personal information online. Attackers can use this information to hack your
network.
● We should use the encryption method for the messages and make the messages unreadable for any unintended intruder.
Hardware attack
A malicious individual could alter a small component in the overall system for espionage or sabotage. Such attacks can be especially devastating
in security-critical industries, such as the military.

The introduction of hardware Trojans could happen in each phase of the supply chain, depending on the methods adopted by attackers and on the
technology used for hacking.

Common hardware attacks include:

● Manufacturing backdoors, for malware or other penetrative purposes; backdoors aren’t limited to software and hardware, but they also
affect embedded radio-frequency identification (RFID) chips and memory
● Eavesdropping by gaining access to protected memory without opening other hardware
● Inducing faults, causing the interruption of normal behavior
● Hardware modification tampering with invasive operations; hardware or jailbroken software
● Backdoor creation; the presence of hidden methods for bypassing normal computer authentication systems
● Counterfeiting product assets that can produce extraordinary operations, and those made to gain malicious access to systems
Hardware attacks pertain to the following devices:

● Access control systems such as authentication tokens


● Network appliances
● Industrial control systems
● Surveillance systems
● Components of communication infrastructure

Real or alleged case studies


1. Most recently, intelligence agencies have banned Lenovo PCs due to backdoor vulnerabilities.
2. Rakshasa backdoors :“permanent backdoor” that’s hard to detect, and nearly impossible to remove.
3.
Definition of Cyber warfare
Cyber warfare has been defined as "actions by a nation-state to penetrate another nation's computers or
networks for the purposes of causing damage or disruption". Other definitions also include non-state actors,
such as terrorist groups, companies,political or ideological extremist groups, hacktivists, and transnational
criminal organizations. Some governments have made it an integral part of their overall military strategy,
with some having invested heavily in cyber warfare capabilities.

Cyber warfare is essentially a formalized version of penetration testing in which a government entity has
established it as a warfighting capability. This capability uses the same set of penetration testing
methodologies but applies them in a strategical way to

(a) Prevent cyber-attacks against critical infrastructure

(b) Reduce national vulnerability to cyber attacks

(c) Minimize damage and recovery time from cyber attacks

Offensive operations are also part of these national level strategies for officially declared wars as well as non
contact war even when nations are not at war
What Does Cyber Warfare Look Like?

Cyber warfare can take many forms, but all of them involve either the destabilization or
destruction of critical systems. The objective is to weaken the target country by
compromising its core systems.

This means cyber warfare may take several different shapes:

1. Attacks on financial infrastructure


2. Attacks on public infrastructure like dams or electrical systems
3. Attacks on safety infrastructure like traffic signals or early warning systems
4. Attacks against military resources or organizations
What Are the Types of Cyber Warfare?

Espionage
Espionage refers to spying on another country to steal secrets. In cyber warfare, this may
involve using a botnet or spear-fishing attack to gain a foothold in a computer before extracting
sensitive information.
Sabotage
With sensitive information identified, organizations then need to determine the potential threats
presented to this data. This includes third parties that may want to steal the data, competitors
that could gain an advantage by stealing information, and insider threats or malicious insiders
like disgruntled workers or negligent employees
What Are the Types of Cyber Warfare?

Denial-of-Service Attack
A denial-of-service (DoS) attack involves flooding a website with fake requests, forcing the site
to process those requests, thereby making it unavailable for legitimate users. This kind of attack
could be used to cripple a critical website used by citizens, military personnel, safety personnel,
scientists, or others to disrupt critical operations or systems.
Electrical Power Grid
Hacking the electrical power grid could give an attacker the ability to disable critical systems,
crippling infrastructure and causing the deaths of thousands. Further, an attack on the electrical
power grid could disrupt communications, making it impossible to use services like text
messaging or telecommunication.
What Are the Types of Cyber Warfare?

Propaganda
Propaganda attacks involve trying to control the minds or hearts of the people living in or fighting
for the targeted country. Propaganda can be used to expose embarrassing truths or to spread lies
that cause people to lose faith in their country—or even sympathize with the enemy.
Economic Disruption
Most modern economic systems depend on computers to function. Attacking the computer
networks of economic facilities like stock markets, payment systems, or banks can give hackers
access to funds or prevent their targets from getting the money they need to live or engage in
cyber or other warfare.
Surprise Cyber attack
These refer to the kinds of cyberattacks that would have an effect similar to Pearl Harbor or
9/11—massive strikes that catch the enemy off guard, weakening their defenses. They could be
used to weaken the opponent in preparation for a physical attack as a form of hybrid warfare.
Cyber Weapons
Viruses and Worms: It is very commonly heard or noticed term in our day to day computer life.
These are the codes that execute within host program. Whenever anything goes wrong we don't
hesitate to blame viruses for the matter. But something more complex like Worms (programs
executed independently) are also used.

(b) Trojan Horses: These are programs that work in disguise. Trojan Horses are unauthenticated
program contained in a legitimate program which performs functions unknown to the user. Likely
places for Trojan Horses to attack are:- (i) OS. (ii) Software downloaded from internet.

(c) Logic /Knowledge Bombs: These are hidden functions that becomes active when triggered.
Cyber Weapons
(d) Knobots: Also known as Knowledge Robots, they keep the processed data and keep storing
the knowledge.

(e) Adware: Adware is a programme that can be embedded within useful programmes. These
popup while using the computer they are embedded in and have a lot of nuisance value.

(f) Spyware: Spyware is also a programme that is embedded with a useful programme.
However, they are generally programmed to collect information such as user's web surfing habit
/preferences and e-mail. The illegal part of the activity is that all the activity occurs without the
users consent.
Russia-Ukraine Cyber Warfare in 2022

The Russia-Ukraine crisis began in February 2022, and the war is also now happening in the cyber
world. FortiGuard Labs observed new viper malware being used to attack Ukrainian targets and
installed on at least several hundred machines across Ukraine. Several Ukrainian organizations
have also succumbed to attacks that employed the KillDisk and HermeticWiper malware strands,
which appear to destroy data on devices.

Additionally, a copy of Remote Manipulator System (RMS), a utilities software tool that enables
remote control of devices, was being distributed in Ukraine via fake “Evacuation Plan” emails.
CERT and National Cyber Security Policy

● The Department of Information Technology created the Indian Computer Emergency


Response Team (CERT-In) in 2004.
● The government unveiled a National Cyber Security Policy 2013 on 2nd July 2013. The
National Cyber Security Policy is a policy framework by Department of Electronics and
Information Technology.
● The Cyber Security Policy aims at protection of information infrastructure in cyberspace,
reduce vulnerabilities, build capabilities to prevent and respond to cyber threats and
minimize damage from cyber incidents. This is achieved through a combination of
institutional structures, people, process, technology and cooperation. The objective of this
policy is to create a secure cyberspace ecosystem and strengthen the regulatory framework.
● The Computer Emergency Response Team (CERT-In) has been designated to act as a nodal
agency for coordination of crisis management efforts. CERT-In also acts as an umbrella
organization for coordination actions and operationalization of sectoral CERTs
Vision

To build a secure and resilient cyberspace for citizens, businesses and Government

Mission

To protect information and information infrastructure in cyberspace, build capabilities to prevent


and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents
through a combination of institutional structures, people, processes, technology and cooperation.
Objectives

● To create a secure cyber ecosystem in the country, generate adequate trust & confidence in
IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors
of the economy.
● To create an assurance framework for design of security policies and for promotion and
enabling actions for compliance to global security standards and best practices by way of
conformity assessment (product, process, technology & people).
● To strengthen the Regulatory framework for ensuring a Secure Cyberspace ecosystem.

● To enhance and create National and Sectoral level 24 x 7 mechanisms for obtaining strategic
information regarding threats to ICT infrastructure, creating scenarios for response,
resolution and crisis management through effective predictive, preventive, protective,
response and recovery actions.
Objectives
● To enhance the protection and resilience of Nation’s critical information infrastructure by
operating a 24x7 National Critical Information Infrastructure Protection Centre (NCIIPC)
and mandating security practices related to the design, acquisition, development, use and
operation of information resources.
● To develop suitable indigenous security technologies through frontier technology research,
solution oriented research, proof of concept, pilot development, transition, diffusion and
commercialisation leading to widespread deployment of secure ICT products / processes in
general and specifically for addressing National Security requirements.
● To improve visibility of the integrity of ICT products and services by establishing
infrastructure for testing & validation of security of such products.
● To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years
through capacity building, skill development and training.
● To provide fiscal benefits to businesses for adoption of standard security practices and
processes.
● To enable protection of information while in process, handling, storage & transit so as to
safeguard privacy of citizen's data and for reducing economic losses due to cyber crime or
data theft.
● To enable effective prevention, investigation and prosecution of cyber crime and
enhancement of law enforcement capabilities through appropriate legislative intervention.
● To create a culture of cyber security and privacy enabling responsible user behaviour &
actions through an effective communication and promotion strategy.
● To develop effective public private partnerships and collaborative engagements through
technical and operational cooperation and contribution for enhancing the security of
cyberspace.
● To enhance global cooperation by promoting shared understanding and leveraging
relationships for furthering the cause of security of cyberspace.
Strategies
● Creating a secured Ecosystem.
● Creating an assurance framework.
● Encouraging Open Standards.
● Strengthening The regulatory Framework.
● Creating a mechanism for Security Threats Early Warning, Vulnerability management, and response to security threats.
● Securing E-Governance services.
● Protection and resilience of Critical Information Infrastructure.
● Promotion of Research and Development in cyber security.
● Reducing supply chain risks
● Human Resource Development (fostering education and training programs both in formal and informal sectors to
Support the Nation's cyber security needs and build capacity.
● Creating cyber security awareness.
● Developing effective Public-Private partnerships.
● To develop bilateral and multilateral relationships in the area of cyber security with another country. (Information
sharing and cooperation)
● a Prioritized approach for implementation.
Activity
Watch the documentary "Zero Days" at https://topdocumentaryfilms.com/zero-days

You might also like