Commander Mukesh Saini - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

Commander Mukesh Saini

Description:

Source : DIT Annual Report 2005. Why cyber crimes may increase. Cyberspace is increasing in India ... Source : DIT Annual Report 2005. NSCS. E-Travel Bookings ... – PowerPoint PPT presentation

Number of Views:409
Avg rating:5.0/5.0
Slides: 29
Provided by: nscs6
Category:
Tags: commander | dit | mukesh | saini

less

Transcript and Presenter's Notes

Title: Commander Mukesh Saini


1
National Perspective of Cybersecurity
  • Commander Mukesh Saini
  • Information Security Specilist
  • Head National Information Security
    Coordination Cell
  • National Security Council Secretariat

For Rail-CERT meeting on 24 Oct 2005
2
In 2004 the top ten most re-defaced second/third
level .in ccTLD was railnet.gov.in. It was
re-defaced 16 times. Some of the site affected
were er.railnet.gov.in, ircot.railnet.gov.in, irp
mu.railnet.gov.in, nfr.railnet.gov.in
Source CERT-In White Paper 2004-01
3
Defacement of Indian Railways Websites
Source CERT-In White Paper 2004-01
4
Defacement of Indian Railways Websites
5
Why cyber crimes may increase
because
Cyberspace is increasing in India
Source DIT Annual Report 2005
6
(No Transcript)
7
(No Transcript)
8
Indian Cyberspace
9
IT sector underpins Indian economy
  • One of the fastest growing sectors of Indian
    industry.
  • A growth of 34 in rupee as well as dollar terms
    in exports during 2004-05.
  • Achieved CAGR of 30 in turnover and 37 in
    exports during last 5 years.

Source DIT Annual Report 2005
10
Growth of IT sector
  • Grew from 1.2 of GDP in 1997-98 to 4.1 in
    2004-05
  • BPOs grew at rate of 54 in 2003-04 directly
    employing about 2.5 lakhs personnel.
  • 4.1 crore cellphones. More mobiles than fixed
    line phones.

Source DIT Annual Report 2005
11
e-governance
  • State wide area networks (SWANs) up to block
    level.
  • 25 mission mode projects
  • Income Tax
  • Passport Visa
  • Land records
  • Police
  • E-Court etc.
  • Information Security is not the concern.

Source DIT Annual Report 2005
12
E-Travel Bookings in India(in Crores of Rs)
Source eStatsIndia B2C E-Commerce, Market Size
and Forecast Study, 2005
13
AND
Indias Broadband Policy Oct 2004
This represents a huge Always On haven for
Criminals
Source DoT Annual Report 2005
14
In the rapid growth of IT sector in India
Information Security has not been seriously
factored in.
15
Unfortunately, the true extent of cybercrime in
India not known due to lack of reporting,
coordinated monitoring and collation
16
Major Criminal Activities-2
  • Denial-of-Service
  • Spam
  • Cyber Squatting
  • Cyber stalking
  • Child Pornography

17
Major Criminal Activities-3
  • Malicious code Proliferation
  • e-Extortion Protection Rackets
  • Cyber Frauds
  • Cyberterrorism

Money not notoriety is the driving force
Cyber Crime has become organized Business.
18
Cybersecurity
19
Top Concerns
  • Lack of publicly stated National Information
    Security Policy.
  • Lack of trained qualified manpower.
  • Non existent or weak institutions.
  • Non-exploitation of provision of IT Act 2000.
  • Lack of Assurance framework (standardization,
    Accreditation and Certification)
  • Lack of awareness culture of cybersecurity

?
?
?
?
20
Other Areas of Concern-1
  • Rules and regulation under the IT Act to contain
    crime not framed and proposed amendments
    recommends diluting power of police.
  • No e-mail account policy especially for defence,
    police and agency personnel.
  • No cybercrisis management plan.

?
?
21
Concerns about Railways Network
  • Failure of ticketing reservation system can
    cause social turmoil.
  • Failure of signaling system have physical
    security hazard
  • Failure of e - ticketing can cause financial
    losses.
  • Failure of other applications such as tracking of
    bogies can cause financial losses.
  • Compromise of train movements can provide
    necessary intelligence to adversaries
  • Compromise of financial transactions can motivate
    for frauds

22
National Information Security Structure
23
Action Initiated for Information Security
  • National Information Board (NIB)
  • National Information Security Policy (NISP)
  • Information Security Task Force (ISTF)
  • Indo US Cyber Security Forum (IUSCSF)
  • Various Inter-ministerial working groups (IMWGs)

24
Action Initiated for Information Security
  • Information Infrastructure Protection Centre
    (IIPC)
  • National Internet Exchange of India (NIXI)
  • Computer Emergency Response Team India (Cert-in)
  • Group of Sectoral Cybersecurity Offices (SCOs)
  • Information Security Technology Development
    Council (ISTDC)
  • Empanelment of VA teams by CERT-IN.

25
CERT-In relationship with in India
26
(No Transcript)
27
Recommendations
  • Widely publicise creation of CERT-Rail.
  • Create railways wide Information Security Policy.
    (based on ISO 177992005 standards and National
    Information Security Policy)
  • Close coordination between CERT-Rail CERT-In.
  • Undertake Vulnerability Analysis of all networks.
  • Prepare 5 year roadmap for Cybersecurity
    activities
  • Host Railways websites on secure servers
  • Define e-mail account policy
  • Enforce best management practices information
    security
  • Launch Railways wide awareness campaign

28
THANK YOU
Write a Comment
User Comments (0)
About PowerShow.com