homeland security

CII protection
The writer is Centre Director of Centre for Cyber Deterrence and Information Assurance in National Technical Research Organisation, Govt of India. He has been DIG of Police, Goa, Additional Commissioner of Police, Crime and Traffic Delhi and Inspector General of Police Daman and Diu. He graduated in Electronics and Telecommunication Engineering from Delhi University in first class with distinction. He holds a law degree from Delhi University. He has completed his Masters Degree in Criminology and is pursuing his PhD in Information Security Management from IIT, Delhi. He has also done Hostage Negotiation course at Louisiana State Police Academy, USA. His current areas of interest are Cyber crime and its detection, cyber terrorism, E-governance, Digital Signatures, Cryptography, E-policing, Information security and Cyber laws, Social media monitoring etc. He has been awarded police medal for meritorious service and President's police medal for distinguished service.
Muktesh Chander, IPS

CYBER SECURITY IN INDIA: THE NCIIPC ROAD MAP

VISION: To facilitate safe, secure and resilient information infrastructure for Critical Sectors of the nation. MISSION: To take all necessary measures to facilitate protection of Critical Information Infrastructure from unauthorised access, modification, use, disclosure, disruption, incapacitation or destruction through coherent coordination, synergy and raising information security awareness among all stakeholders.
eclaring Americas digital infrastructure to be a strategic national asset President Barack Obama called cyberspace the fifth domain, the new frontier and as vital and valuable as land, sea, air and space and as threatened by the enemies of peace and amity, progress and prosperity. Britain also has set up a cyber-security policy outfit and an operations centre based in GCHQ, the British equivalent of the American NSA. Recognising that the nations Critical Infrastructures are vital and indispensable systems and invaluable assets whose incapacitation or decimation would trigger a debilitating impact and repercussions on national security, economy and well being, National Critical Information Infrastructure Protection Centre (NCIIPC) under NTRO organised a National Conference of Chief Information Security Officers of Critical Sectors of Government on 17th December, 2012 at Manekshaw Centre, New Delhi. IT Act Sec 70A envisages an agency for the protection of Critical Information Infrastructure in the country. The Critical Infrastructures (CIs) extend across many sectors including information and telecommunication, energy, transportation, defence, e-governance, industrial manufacturing, agriculture, food, water, public health, emergency services, chemicals and hazardous materials, banking and finance, space, petroleum and natural gas, power, law enforcement and security apparatus etc. The Conference was attended by almost 200 representatives, CISOs of Central and State Governments, Ministries and PSUs who discussed and learned about the Central Governments vision for protecting Critical Information Infrastructure and Cyberspace. The Conference was graced by Shri Ajit Seth, Cabinet Secretary, Govt of India who gave the Keynote Address and Dr R Chidambaram, Principal Scientific Advisor, Govt of India who delivered the Valedictory Address. The Chief Guest Shri Shivshankar Menon, National Security Advisor, Govt of India inaugurated the Conference. Highlighting the vital

importance of Critical Infrastructures and Cyberspace he cautioned that their incapacitation and destruction would have debilitating effect on national security and economy. Expounding his views he said, protecting Critical Information Infrastructures (physical or virtual information system that controls, processes, stores or exchanges electronic information vital to the functioning of critical sectors) will also mean working not just in government but with other stakeholders, particularly the private sector whose networks and assets are integral to our cyber security and whose expertise is essential to this purpose. The NCIIPC is setting up a joint working group under Indian Institute of Science, Associate Director, Shri N Balakrishnan with representatives of industry associations to bring out the guidelines for protection of Critical Information Infrastructures. Concluding his address Shri Menon hoped that the Conference would help formulate legal framework, create necessary expertise and suggest practical measures within a pragmatic time frame to achieve the mandated goal.

Malware is exploding. It is typically used to steal passwords and other data or to open a back door to a computer so that it can be taken over by outsiders. Such zombie machines can be linked to many thousands, even hundreds of thousands of other machines around the world to create a botnet. Estimates for the number of infected machines may go up to millions. Botnets are used to send spam, spread malware or launch distributed denial-of-service (DDoS) attacks which seek to bring down a targeted computer or network by overloading it with countless bogus requests

SHIVSHANK

AR MENON

NTRO team headed by Chairman, Shri P V Kumar ably supported by Senior Advisor Shri Alhad Apte, Advisor Dr M S Vijayaraghavan and other NCIIPC officers skilfully steered the proceedings. The following pamphlets and bulletins were released during the Conference: Release of pamphlet Roles and Responsibilities of Chief Information Security Officers of Critical Sectors in India by Shri Ajit Seth, Cabinet Secretary. Release of the inaugural issue of the bi-monthly bulletin Cyber Suraksha by Shri Shivshankar Menon, National Security Advisor. Release of CD Reading Material on CIIP by Shri P V Kumar, Chairman, NTRO. Release of special issue of Technology Update on Critical Information Infrastructure Protection by Dr R Chidambaram, Principal Scientific Advisor.

Jim Lewis of a leading think tank in Washington DC says cyber espionage is the biggest intelligence disaster since the loss of the nuclear secrets (in the late 1940s). Spying probably presents the most immediate danger to the national security; the loss of high-tech know-how that could erode economic growth of the country or if it ever came to a shooting war, blunt military edge

Developing an apocalyptic cyber-attack scenario in his new book, Richard Clarke a counter-terrorism and cyber-security expert envisages a catastrophic breakdown within 15 minutes. Computer bugs bring down military email system; oil refineries and pipelines explode; air traffic-control systems collapse; freight and metro trains derail; financial data are scrambled; the electrical grid goes down; orbiting satellites spin out of control; society breaks down as food becomes scarce and money runs out. Worst of all the identity of the attacker may remain a mystery

NCIIPC now embarks on a mission of critical national importance. The first goal is to develop a framework of guidelines to ensure protection of Critical Information Infrastructure. NCIIPC also proposes to set up 24x7 helpline to issue alerts, advisories and analyses on cyber-attacks, tracking trends, security measures and organising training and awareness programmes.

22

January 2013 Defence AND security alert

January 2013 Defence AND security alert

23