National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities
-
Upload
cybersecurity-education-and-research-centre -
Category
Education
-
view
341 -
download
7
description
Transcript of National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities
![Page 1: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/1.jpg)
1
Role, Charter & Responsibilities
A Presentation by
Muktesh Chander IPS
Centre Director
NCIIPC
NTRO
Government of India
National Critical Information Infrastructure Protection
Centre (NCIIPC)
![Page 2: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/2.jpg)
2
Critical Information Infrastructure (CII) Threats to CII Examples of Cyber attacks to CIIs International Critical Information
Infrastructure Protection Efforts International Information Security Standards Information Security initiatives in India National Critical Information Infrastructure
Protection Centre (NCIIPC)
Outline of Presentation
![Page 3: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/3.jpg)
3
Energy
Transportation ( air, surface, rail & water)
Banking & Finance
Telecommunication
Defence
Space
Law enforcement, security & intelligence
Sensitive Government organisations
Public Health
Water supply
Critical manufacturing
E-Governance
…
![Page 4: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/4.jpg)
4
In general Critical Infrastructure (CI) can be defined as: “those facilities, systems, or functions, whose incapacity or
destruction would cause a debilitating impact on national security, governance, economy and social well-being of a nation”.
Critical Information Infrastructure (CII) are those ICT infrastructure upon which core functionality of Critical Infrastructure is dependent.
As per Section 70 of IT Act 2000, CII is defined as: “the computer resource, the incapacitation or destruction of
which, shall have debilitating impact on national security, economy, public health or safety.”
Critical Information Infrastructure
![Page 5: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/5.jpg)
5
Information Infrastructure
CI CI
CI
CII CII CI CII
Figure: Varying Dependence of CI on Information Infrastructure
Inter-dependence
![Page 6: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/6.jpg)
6
Characteristics of CII
Highly Complex
Distributed
Interconnected
Interdependent
Increasing trend in all of the above
![Page 7: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/7.jpg)
7
Complexity and Inter-dependence of CII
![Page 8: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/8.jpg)
8
Threats to CII are classified as: ◦ Internal Threat
It is defined as “One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm.”
Insider betrayals cause losses due to IT sabotage, Fraud, and Theft of Confidential or proprietary information
This may be intentional or due to ignorance
◦ External Threat
Arise from outside of the organization by individuals, hackers, organizations, terrorists , foreign Government agents, non state actors and pose risk like Crippling CII, Espionage, Cyber/Electronic warfare, Cyber Terrorism etc.
Types of threats to CIIs
![Page 9: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/9.jpg)
9
Malware Attacks ( 19,719,262 distinct malware so far)
Email attachments
Smartphones
Removable media
Web Application Attacks
Client Side Attacks, MITM
Social Engineering Attacks
Social network
Wireless attacks
DoS/DDoS
Botnet
SCADA APTs
Embedded systems
Supply Chain contamination
Threat vectors to CII
![Page 10: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/10.jpg)
10
![Page 11: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/11.jpg)
11
Individuals
Disgruntled or ex employee
Rivals (Industrial Espionage)
Hackers, Script kiddies, Crackers
Cyber criminals (organized as well as unorganized)
Hactivists
Cyber Mercenaries
Terrorist groups (CyberJehadis)
Non state actors
Hostile states
Threat actors
![Page 12: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/12.jpg)
12
• Damage or destruction of CII
• Disruption or degradation of services
• Loss of sensitive and strategic information
• Widespread damage in short time
• Cascading effects on several CII
Effects of Cyber Attacks on CII
![Page 13: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/13.jpg)
13
Example of Cyber Attacks on CII
![Page 14: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/14.jpg)
14
Discovered in June 2010
It is first known targeted worm to attack a particular type of Industrial Control Systems (ICS).
It primarily spreads via portable USB drive
It first exploits zero-day vulnerabilities to infect Windows based workstations then attacks associated Programmable Logical Controller (PLC) based SCADA machines and modifies their configuration and behaviour.
Stuxnet, which affected the Nuclear program of Iran is the most sophisticated APT.
Stuxnet Virus: A New weapon of War
![Page 15: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/15.jpg)
15
Concentration of infections in Iran.
Stuxnet spread and geographical distribution of infected systems
![Page 16: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/16.jpg)
16
Discovered in September 2011.
Affected countries include Iran, France, UK, Hungary, Austria, and Indonesia.
It is a variant of Stuxnet virus.
Unlike Stuxnet Duqu worm does not replicate but is ‘highly targeted’ and uses Trojans to gather sensitive information and passwords and send back to a command and control server.
It does not have a payload like Stuxnet, but instead seems to exist to set up remote access capabilities.
Duqu Virus: A Stuxnet Variant
![Page 17: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/17.jpg)
17
20 MB in size
Cause:
◦ Flame can spread to other systems over LAN or USB stick.
◦ Mine computer to record Skype conversation, screenshots, keyboard activity and network traffic, turns infected computers into Bluetooth becons which attempt to download contact information from nearby Bluetooth-enabled devices.
◦ Collected information is sent back to remote control servers.
Effect:
◦ Initially infected 1000 machines, with victims including governmental organizations, financial organizations etc. in Iran, Egypt, Sudan, Lebanon, Saudi Arabia and Israel.
Flame Malware
![Page 18: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/18.jpg)
18
Targets: ◦ Energy Sector.
◦ Disrupted services of Saudi Aramco and Qatar RasGas.
Effect: ◦ Capable to spread to other offline workstations on
network.
◦ Wipes disks of workstations and overwrites Master Boot Record preventing them from booting.
Motive: ◦ Unlike other Cyber Espionage Malware, Shamoon is a
Cyber Sabotage Weapon.
Shamoon Malware (August 2012)
![Page 19: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/19.jpg)
19
From Cyber Skirmishes to
Cyber Warfare
![Page 20: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/20.jpg)
20
Cause: ◦ Malicious emails when opened dropped Trojan horse .
◦ Trojan horse connects back to Control Server to download and install Gh0st Rat Trojan.
Effect: ◦ Gh0st Rat allows attackers to gain complete, real time
control of computers running Microsoft windows.
◦ Infiltrated high-value political, economic, and media locations in 103 countries.
◦ Compromised computer systems of embassies, foreign ministries and other government offices, Dalai Lama’s centers in India, London and New York city etc.
GhostNet: Cyber Spying Operation
![Page 21: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/21.jpg)
21
Cause: ◦ A malware ecosystem employed by the attackers via
GhostNet etc. ◦ Ecosystem Leveraged multiple redundant cloud
computing systems, social networking platforms, free web hosting services etc to maintain persistent control.
Effect: ◦ Complex cyber espionage network. ◦ Theft of classified and sensitive documents. ◦ Collateral compromise: Visa applications stolen. ◦ Command and control Infrastructure that leverage
cloud based social media services.
Shadow in Cloud: Cyber Espionage
![Page 22: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/22.jpg)
22
On 4th December 2011, Iran captured an American Lockheed Martin RQ-170 Sentinel unmanned aerial vehicle (UAV)
Iranian Government claimed that drone was brought down by its cyber warfare unit stationed near Kashmar.
An Iranian engineer claimed that the drone was captured by jamming both satellite and land-originated control signals to the UAV, followed up by a spoofing attack, feeding the UAV false GPS data to make it land in Iran at what the drone thought was its home base in Afghanistan
Cyber Attack brought down US Drone RQ-170
![Page 23: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/23.jpg)
23
Incident Time Frame ◦ Start 27 April 2007, End 18 May 2007, Duration 3 weeks
Methods ◦ DoS and DDoS; Website defacement; Attacking DNS servers; ◦ Mass e-mail and comment spam.
Targets ◦ Servers of institutions responsible for the Estonian Internet
infrastructure; ◦ Governmental and political
targets (parliament, president, ministries, state agencies, etc);
◦ Services provided by the private sector (ebanking, news organisations etc);
◦ Personal and random targets.
Estonia 2007 Cyber Conflict
![Page 24: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/24.jpg)
24
Incident Time Frame ◦ Start 8 August 2008; End 28 August 2008; Duration 3 weeks
Methods ◦ DoS and DDoS attacks;Distribution of malicious software
together with attack instructions; exploiting SQL vulnerability; ◦ Defacement; Using e-mail addresses for spamming and
targeted attacks.
Targets ◦ Government sites (President, Parliament, ministries; local
government of Abkhazia); News and media sites, online Discussion forums, Financial institutions etc.
Georgia 2008 Cyber Conflict
![Page 25: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/25.jpg)
25
Incident Time Frame ◦ Start 28 June 2008; End 2 July 2008; Duration 4 days.
Methods ◦ Defacement. Pro-Soviet and communist symbols as well as
profane anti-Lithuanian slogans posted on websites. ◦ Some e-mail spam.
Targets ◦ Over 3oo private sector (95%) and governmental (5%)
websites; ◦ Damage largely
avoided to the public sector due to timely warning;
◦ Private sector suffered most.
Lithuanian 2008 Cyber Conflict
![Page 26: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/26.jpg)
26
Cyber attacks on Indian Government Infrastructure
![Page 27: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/27.jpg)
27
As reported by Indian Computer Emergency Response Team (CERT-In) a total no. of 90, 119, 252 and 219 Government websites were defaced by various hacker groups in the year 2008, 2009, 2010 and January – October 2011 respectively
13000 incidents handled by CERT in in 2011
Cyber attacks on Indian Government Websites
![Page 28: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/28.jpg)
28
Loss of confidential information from sensitive organisations
Email Compromises
![Page 29: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/29.jpg)
29
International efforts for Protection Of Critical Information
Infrastructure
![Page 30: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/30.jpg)
30
UN Resolution 58/199
ITU, G8
Agencies for protection of Critical Infrastructure: ◦ Europe: European program for Critical Information
Infrastructure Protection (EPCIP)
◦ United Kingdom: Centre for the Protection of National Infrastructure (CPNI)
◦ United States: Responsibility of Critical Infrastructure protection falls under the jurisdiction of the Department of Homeland Security.
◦ Australia: National Security agency
◦ South Korea: National Intelligence Service
International CIIP initiatives
![Page 31: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/31.jpg)
31
Information Security Management
![Page 32: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/32.jpg)
32
Some Information Security facts
◦ It is a multidisciplinary subject
◦ Security depends on people, process more than technology;
◦ Internal employees are a far bigger threat to information security than any outside threat;
◦ Security is not static entity but a running process; it should flow through the organization.
◦ Moving from technical, managerial, standardization & certification to the Forth wave of Information security
Governance (B. Von Solms )
Information Security Management
![Page 33: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/33.jpg)
33
◦ ISO/IEC 27000 family;
◦ ISO 31000: Risk Management;
◦ ISO 22301: Business continuity Management etc .
Federal Information Processing Standard (FIPS) Control Objective for Information and Related
Technologies (COBIT) Information Technology Infrastructure Library (ITIL) Payment Card Industry Information Security Standard
(PCIDSS) Data Security Council of India Security Framework (DSF)
International Standards
![Page 34: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/34.jpg)
34
Specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within an organisation.
It is usually applicable to all types of organisations, including business enterprises, government agencies, and so on.
It is a normative standard against which certification is obtained.
Adopts Plan-DO-Check-Act (PDCA) model and is applied to structure all ISMS processes.
ISO/IEC 27001
![Page 35: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/35.jpg)
35
Establish the
ISMS
Implement
and operate
the ISMS
Monitor and
Review the
ISMS
Maintain and
Improve the
ISMS
Plan
Do
Check
Act
Information security
Requirements and Expectations
Managed Information Security and Operations
PDCA Model
ISO/IEC 27001 Standard (contd..)
![Page 36: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/36.jpg)
36
ISO/IEC 27001 ISMS Requirements
◦ General requirements
Establishing and managing the ISMS
Establish the ISMS, Implement and operate the ISMS
Monitor and review the ISMS, Maintain and improve the ISMS
◦ Documentation requirements
General, Control of documents, Control of records
◦ Management responsibility Management commitment
Resource management Provision of resources
Training, awareness and competence
◦ Internal ISMS audits
◦ Management review of the ISMS
General, Review input, Review output
◦ ISMS improvement
Continual improvement, Corrective action, Preventive action
ISO/IEC 27001 Standard (contd..)
![Page 37: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/37.jpg)
37
Criminal Offences Subsection
Sending offensive messages, including attachments, through communications service 66A
Dishonestly receiving stolen computer resource or communication device 66B
Identity theft 66C
Cheating by personating 66D
Violation of privacy 66E
Cyber terrorism: defined as causing denial of service, illegal access, introducing a virus in any of
the critical information infrastructure of the country defined u/s 70 with the intent to threaten
the unity, integrity, security or sovereignty of India or strike terror in the people or any section of
the people; or gaining illegal access to data or database that is restricted for reasons of the
security of state or friendly relations with foreign states.
66F
Publishing or transmitting of material containing sexually explicit act in electronic form 67A
Publishing or transmitting of material depicting children in sexually explicit act 67B
Preservation and retention of information by intermediaries as may be specified for such
duration and in such manner and format as the central government may prescribe.
67C
IT Act 2000
![Page 38: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/38.jpg)
38
Section 70 deals with declaration of protected systems as any computer resource which directly or indirectly affects the facility of critical information infrastructure (CII)
Protected Systems
![Page 39: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/39.jpg)
39
Sec 66 F: Punishment for Cyber Terrorism- (1) Whoever,-
(A) with intent to threaten the unity, integrity, security or sovereignty of India or strike error in the people or any section of the people by-
(i) deny or cause the denial of access to any person authorized to access computer resources; or
(ii) attempting to penetrate or access a computer resource without authorization or exceeding authorised access; or
(iii) introducing or causing to introduce any computer contaminant; or and by any means of such conduct causes or is likely to cause death or injuries to person or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70.
Cyber Terrorism
![Page 40: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/40.jpg)
![Page 41: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/41.jpg)
41
Under Section 70A NCIIPC, under NTRO is being declared as the nodal agency for the protection of Critical Information Infrastructure of India.
Gazette notification for NCIIPC under section 70A (1) is underway.
NCIIPC under its mandate from section 70A(2) of IT Act is responsible for all measures including R&D for protection of Critical Information Infrastructure
Rules under section 70A being notified.
National Critical Information Infrastructure Protection Centre (NCIIPC)
![Page 42: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/42.jpg)
42
NCIIPC Vision
“To facilitate safe, secure and
resilient Information Infrastructure
for Critical Sectors of the Nation”
![Page 43: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/43.jpg)
43
“To take all necessary measures to facilitate protection of Critical Information Infrastructure from unauthorized access, modification, use, disclosure, disruption,
incapacitation or destruction through coherent coordination, synergy and
raising information Security awareness among all stakeholders.”
NCIIPC Mission
![Page 44: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/44.jpg)
44
CERT-IN
NCIIPC
Organizational
Security
Department
LEAs
LOW Criticality HIGH
HIGH
Dependency
Dependency and Criticality Matrix for NCIIPC
![Page 45: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/45.jpg)
45
Prevention and early warning
Detection
Mitigation
Response
Recovery
Resilience
![Page 46: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/46.jpg)
46
Identification of Critical Sub-sectors Study of Information Infrastructure of identified
critical sub-sectors Issue of Daily / Monthly cyber alerts / advisories Malware Analysis Tracking zombies and Malware spreading IPs Cyber Forensics activities Research and Development for Smart and Secure
Environment. Facilitate CII owners in adoption of appropriate
policies, standards, best practices for protection of CII.
Annual CISO Conference for Critical Sectors. Awareness and training 24X7 operation and helpdesk
NCIIPC Activities
![Page 47: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/47.jpg)
NTRO has identified 17 sub-sectors initially and has started activities for 7 sub-sectors named below:
•Air Traffic Management (ATM), Civil Aviation (Transportation) •Power grid (Energy) •MTNL •NSEI •BSNL •Railways •SBI
![Page 48: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/48.jpg)
Sl No.
SECTOR as identified in crisis management plan 2010
Sub- sector Dept./Agency Organization
Specific Area Remarks
1. Transportation Civil aviation AAI ATC Work under progress
2. Transportation Railways IRCTC RAILTEL Passenger reservation system, communication
Work under progress
3. Transportation Shipping Port Port management
4. Energy Power Powergrid corporation
POSOCO Work under progress
5. Energy Nuclear BAARC, NPCL
6. Energy Oil & Gas ONGC
7. Finance/Banking Finance NSE, BSE, Central Economic Intelligence Bureau (CEIB)
SIEN network (CEIB) NFS(National Financial Switches)
Work under progress
8. Finance/Banking Banking SBI, RBI INFINET, NEFT, SIEN
Work under progress
9. ICT Communication MTNL, BSNL Work under progress
![Page 49: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/49.jpg)
Sl No.
SECTOR as identified in crisis management plan 2010
Sub- sector Dept./Agency Organization
Specific Area Remarks
10. ICT IT NIC NKN, SWAN
11. Law Enforcement, Security & intelligence
Law Enforcement & Security
ITBP, SSB, CRPF, Assam Rifles, BSF, CISF
12. Law Enforcement, Security & intelligence
Law Enforcement & Security
MHA CCTNS
13. Law Enforcement, Security & intelligence
Intelligence Agencies
R&AW, IB, NTRO, CBI, NIA
NATGRID, FRRO Networks Cobweb
Work under progress
14. Space -- ISRO Spacenet, Remote sensing, spacebased Programme
15. Defence Army, Navy, Air Force, Coast guard, Strategic Forces Command
16. MEA -- -- Passport Database/Visa
OTHERS
17. Sensitive Govt. Organisations PMO, NSCS, Planning Commission, Cabinet Sectt., MHS, Registrar General Doordarshan & AIR
AADHAAR
Network from any of these areas which go through NIC
![Page 50: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/50.jpg)
50
Each Organisation/Ministry in Critical Sector should nominate a Nodal Officer (CISO) for interaction with NCIIPC.
CISO will be the point of contact for NCIIPC.
Nodal Officer/CISO
![Page 51: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/51.jpg)
51
CISO responsibilities include, but not limited to: ◦ Build an Information security culture
◦ Assist senior management in the development, implementation and maintenance of an information security infrastructure.
◦ Develop, communicate and ensure compliance with organizational information security policy, standards and guidelines
◦ Ensure regulatory and Standards compliance
◦ Develop a security awareness and training program
◦ Periodically conduct internal audit to check compliance with organizational security policy, standard and guidelines
◦ Risk Management
◦ Incident Management
◦ Business Continuity Management
◦ Assist senior management in acquisition of products, tools and services related to information & related technology.
CISO Roles & Responsibilities
![Page 52: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/52.jpg)
52
Guidelines for Protecting Critical Information Infrastructure
Under preparation with the help of Academia and Industry
![Page 53: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/53.jpg)
53
We understand several Ministries/Departments have identified organisations under their administrative control as a Sectoral CERT for their respective Ministries/Departments
We would expect these Sectoral CERTS henceforth workout an institutional mechanism to synergistically work with NCIIPC towards providing effective protection to the CII in these Ministries/Departments.
NCIIPC Expectations
![Page 54: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/54.jpg)
54
Take some time to fill questionnaire
Provide details of information security measures being taken in your organisation
Leave above documents when you go for lunch.
Feedback
![Page 55: National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities](https://reader034.fdocuments.in/reader034/viewer/2022042423/5596ef831a28ab35778b46c1/html5/thumbnails/55.jpg)
55
Marching towards building
a culture of cyber security
NCIIPC at your Service
Thank you