CYBER SECURITY
Sanjay Sahay
The biggest emerging threat!
How big is this
bubble?
Chronology of Computerization
1994: CCIS
2005: G-CARE
2008: e-Beat
2009: KSP WAN
2010: 'Police IT'
2011: KSP DC
2012: CCTNS
2014: DRC
2015: Private Cloud
NetworkData
Center
Training for 75
System Administ-
rators
Creation of Skilled Internal
Resource pool
Training for End-
Users
Police IT ERP
Gover-nance
Structure
Enforce-ment
Stabiliza-tion
Police-IT Ecosystem Development
Police IT ERP Application
MIS417Reports
64Roles
Core Function-alities
• Crime• Law & Order• Traffic
Admin-istration
• Administration• Finance• Stores
Ancillary support
• Armed Reserve• Motor Transport• Training
Technical Modules
• Wireless• Forensic Science • Laboratory
522Screens
11Modules
Architecture Diagram of KSPWAN
DIGITAL INDIA IS
The transformational enablement of
1. Governance
2. Citizen Services and
3. Ease of business using…
…ICT in the creation of
• digital infrastructure (technological and human), competent enough to enable
• dynamic and
• real time decision making
• and service delivery
• with seamless backend processes and
• creation of databases and its integration at differential levels
catering to all requirements of the nation
DEDICATED CLOUD INFRASTRUCTURE
DIGITAL INDIA
PARAMETERS AND MEASUREMENTS
VISION TO WORKABLE DOCUMENTS
THE WHEREWITHAL
SECTOR WISE
PHASE WISEBLUEPRINT
GAPANALYSIS
BRIDGING
LONG LASTING PUBLIC PRIVATE PARTNERSHIPS
VISIONARY DOCUMENTATION
TRUST
SECURITY
DIGITAL INDIA
IN THE LAST FEW MONTHS..,
• Sony & Anthem attacks
• Chinese breach data of 4 million federal workers
• Obama seeks $14 billion to boost U.S. cybersecurity defenses
• Obama Calls on US Firms to Help Fight Cyberattacks
• Obama signed an executive order laying out a framework for companies to share data about cyber threats with each other and the government
• New agency to sniff out threats in cyberspace - Cyber Threat Intelligence Integration Center
Zero-Day Flaw Found in 'Linux Kernel' leaves Millions
Vulnerable
US Intelligence Chief Hacked by the Teen Who Hacked CIA
Director
602 Gbps! This May Have Been the Largest DDoS Attack in
History
Hacking News
After Paris Attacks, Encrypted
Communication Is Back In Spotlight
"the ISIS geek squad is teaching terrorists how
to use encryption and communication
platforms like Silent Circle, Telegram and
WhatsApp."
A HACKER who claims to have broken into the AOL
account of CIA Director John Brennan says he
obtained access by posing as a Verizon worker to trick another employee into revealing the spy chief’s personal information.
The country which built a Digital Iron Dome, Israel had undergone one of the largest serious cyber attack this year.
This time, the name of Israel is being popped up in the current headlines is for the massive cyber attack which triggered against the Nation's Electrical Power Grid.
Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls
Anyone with "Fortimanager_Access" username and a hashed version of the "FGTAbc11*xy+Qqz27" password string, which is hard coded into the firewall, can login into Fortinet's FortiGate firewall networking equipment
Juniper Firewalls with ScreenOS Backdoored Since 2012
Juniper Networks has announced that it has discovered "unauthorized code"in ScreenOS, the operating system for its NetScreen firewalls
Date back to at least 2012
Allows anyone to decrypt VPN traffic
Ridiculous Bug in Trend Micro Antivirus Allows
Hackers to Steal all Your Passwords
Product that allow hackers to execute arbitrary commands
remotely as well as steal your saved password from Password
Manager built into its AntiVirus program
FORTUNE 500 COMPANIES
97% HAS BEEN HACKED!
“If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.”
-Weinberg's Second Law
LinearVs
Exponential
from pace maker to nuclear
power plants
from text documents to the hybrid cloud
Internet of things!
Global Information GridA very vulnerable one!
DATAis at the center of our universe
Resilience
What the System Ought to Provide
Curiosity
Monetary Gain
National Security
Espionage,Political Activism
The sophistication of cyber threats, attackers and motives is rapidly escalating.
Motive
1995 – 20051st Decade of the Commercial Internet
Revenge
Script-kiddies or hackers using tools, web-based “how-to’s”
Insiders, using inside information
Organized Crime, Hackers and Crackers using sophisticated tools
Competitors, Hacktivists
Nation-state Actors; Targeted Attacks / Advanced Persistent Threat
2005 – 20152nd Decade of the Commercial Internet
Adversary
*X-Force Research - 2013
March 10, 2016 26
WORLD AT CROSSROADS…Internal Security
External
Security
Counter
Terrorism
Rogue States
Cyber War
Money
Laundering
Underworld
Underground
Economy
Naxalism
Data Brokers
Hacktivists
WORLD AT CROSSROADS…
And the IT companies themselves!!!
Privacy has no meaning
More data, more money!
Everything for a price
Access Control Policy
Access Control Policy
Ubiquitous Surveillance Military - Internet Complex
“The corrupt fear us. The honest support us. The heroic join us.”
I
S
I
S
V
S
The Malware Story Criminals & Virus writers outinnovating and
outmaneuvering the anti-virus industry
First information
Detection rate
“time – to – detection rate”
“out of their leagues in their own game”
Precision is the key
Outstanding Coding and Testing
Absolute Game Changer
One of its kind
Who will take a call?
Zero Dayat the heart of it all
Asymmetric Warfare – A new form
2009 Iraq-$45 billion drone and satellite surveillance system
Skygrabber-$25.95
The costing
Cloud The most happening place
How secure are we?Sanjay Sahay
CLOUD COMPUTING
Results of IDC survey ranks Security 74.6% as the biggest challenge
WEAKEST LINK
the human factor
Where should you start?These three controls can help you address the top vulnerabilities
and begin to reduce risk.
Build a
risk-aware
culture
Protect the
network &
end-points
Automate security
hygiene & manage
incidents with
intelligence
The Dark Net, The Secret Web, The Digital Underground, The Invisible Internet
The Internet provides a delivery system for the pathological states of mind
Blatant
Is there a desire to control?
Is there a mechanism in place?
Crime Inc.
Crime as a service!Payment mechanism in place!
Information Sharing!
Data Brokers
UNDERGROUND ONLINE MARKETS
What we buy?
What we use?
What we know?
The Issues The hardware The software Networking Data Center Human Resources Standards Uniformity Audit
Cyber Security Public Private Partnership
NSA CIA FBI Homeland Security Booz Allen Hamilton Lockheed Martin Fire Eye, Crowd Source, Mandiant Raytheon And large number of IT companies globally
Asymmetric Warfare – A new form
This is a battle of knowledge, effort, focus and precision
Govt’s glacial age response and MNCs blindfolded commercial focus is not the answer
Foster information security without trying to fight the internet architecture
the way forward
There’s no reason
that the good guys can’t be the same !!!.
The bad guys are smart, well equipped, and determined.
the way forward
A seamlessly connected, data driven and digitally serviced India is also more vulnerable Digital India. If recent history is to go by the cyber security landscape is worsening by the day. Security ought to be a design element and creating a risk aware culture will facilitate in achieving Digital India with confidence. Adoption of technology is directly proportional of the comfort levels it provides with least risks. This is the way forward.
Thank you all for the rapt attention!
Top Related