Increasing Cyber Security Readiness with Adaptive Threat Management

Muktesh Chander IPS Joint Commissioner of Po ice

Increasing

use

of

computers,

computer

networks

and

communication technology has resulted in huge amount of vital information being exchanged stored and processed on computers. This is not only true for individuals, various organizations and companies but also for governments and their institutions. The confidentiality,

availability and security of this information are crucial for most organizations to effectively run their E- ommerce or E-!overnance model. yber security breaches are resulting in huge losses globally.

There is growing evidence of organized crime and cyber crime are beginning to overlap with activities of drug mafia, pedophiles,

international money laundering people who use Internet to coordinate their activities. "eculiar nature and global reach of cyber crimes has forced the organizations to take steps towards managing Information #ecurity issues in a planned manner with a holistic approach. It has been realized that yber #ecurity is a complex and multidisciplinary sub$ect and

simple, technological product driven, off the shelf solutions are of limited use. India has embraced I T in a big way. "rivate companies, government institutes, organizations and citizens are using computers and computer networks like never before. %e are fast moving towards a digital society and hence we need to secure our cyber space. yber

security is now becoming a vital subset of national security and guarding critical information infrastructures is of paramount importance to a nation like India, which is fighting various forms of terrorism in the last 1

several decades. #everal advanced nations have realized the dangers to their cyber space and have taken steps to protect it. India needs to evolve its own strategy to protect her cyber space. &ecent attack of '#tuxnet( virus on supervisory control and data ac)uisition systems *# +,+- of nuclear power plant of Iran shows that critical infrastructures of a nation such as energy, transport, finance, telecommunication, emergency services etc., which depend heavily on information technology for their operation, need to be protected from cyber threats. yber security is now

becoming an important subset of national security. .on state actors, some times with the tacit support of hostile nation are emerging as a serious threat. yber terrorism is the latest to emerge in cyber challenges.

yber #ecurity stands on a tripod of confidentiality, integrity and availability of data and services commonly known as I+ triad. Today

cyber security can no longer be achieved by simplistic procedure of installing off-the-shelf anti virus products or fire walls alone. yber

security has traveled a long way from being a bunch of technical tools to a holistic management approach towards covering all aspects of an organization. yber #ecurity /anagement yber security has become a

complex and dynamic process which needs to be continuously updated in fast changing demands and threat scenario. yber #ecurity is not a

product or service problem, but rather an engineering and management problem that must be approached with an appropriate process oriented approach. This approach is the underlying basis of cyber security management as defined in International #tandard I#01IE 2344562447.

8. von #holms, the renowned cyber security expert, has advocated 9th wave of information security where he has emphasized that cyber security can be achieved when it is interwoven with corporate governance at every stage. The information assets of dynamic and growing organizations are changing fast. .ow more information is held in electronic form than in hard copies. 2

The cyber threats are continuously growing. Every day new viruses and malware are being discovered. #oftware vulnerabilities are getting exposed continuously and the time to exploit them is decreasing. yber

attack sophistication and speed is increasing. The cyber threat landscape is like changing sand dune. yber threat sources are getting multiplied.

yber criminals are getting organized and motivated for financial gains. The law as usual is lagging behind them. There is no international treaty to effectively deal with this growing global challenge. yber attack on

Estonia in 2443, which almost crippled the entire nation, has amply shown us the dangers of not adapting to the evolving cyber threats. The cyber security readiness and effectiveness is possible when cyber security measures are continuously reviewed, reassessed, modified and updated in view of new and changing threats and vulnerabilities. Instead of a reactive approach cyber defense re)uires a proactive posture in which the anticipation and elimination of future threats is given priority. This is possible only with adaptive threat management. &esearch and development, innovation, new approaches, and creative thinking are re)uired to deal with dynamic nature of cyber threats. Today the malware have advanced to such a level where a computer virus is capable of mutating to new forms by itself and can take measures to conceal itself in the host machines. #uch polymorphic viruses with stealth capabilities are difficult to be detected by virus signature based anti virus product. There is another class of malware which keep their code under strong armor of encryption. :or such

malware, heuristic virus detection methods are the only way but even then there is a considerable time gap between the virus outbreak and its vaccine made available for distribution. Today we need to adopt the same approach which is being used by living organisms to deal with biological infection. +s soon as a computer malware makes attempt to enter any computer network or systems, the adaptive cyber detection mechanisms 3

such as intelligent intruder detection ; prevention systems *I,#1I"#should be able to identify it by signature based methods or by heuristic methods and must try to prevent it. If it is a new virus it must take a sample of infected file and send it to a central virus laboratory computers which act as 'digital petri dish< where it is made to infect decoy systems under controlled conditions. The infected file and decoy system are analyzed and a cure or vaccine is produced. This vaccine is then distributed to all computers in the network including the infected system as well as to other networks globally making them immune to any future attack of the virus. The entire process should be as automated as possible with minimum human intervention. #ince 5==4, researchers have been trying to design a digital immune system which will have the self healing capabilities and will intelligently adapt to various cyber threats almost on real time basis. I8/ has pioneered research in this direction along with other companies such as #ymantec, /icrosoft etc. harles ,arwin<s theory of survival of the fittest is now applicable to the information systems also. Those which adapt themselves to the new threats will have better chance of surviving a cyber attack than others. +daptive cyber defense is the only way to survive in cyber space.