06 Sep 2006 Cyber security Cyber Security for Protection of Critical Information Infrastructure B J Srinath Director & Scientist ‘ F ’, CERT-In Department.

Slides:

Advertisements

Similar presentations

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

Advertisements

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

Philippine Cybercrime Efforts

Steps towards E-Government in Syria

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Course: e-Governance Project Lifecycle Day 1

E-Security Background IT Infrastructure in Sikkim Current Status of Cyber Security& Cyber Crime in SIkkimCurrent Status of Cyber Security& Cyber Crime.

DHS, National Cyber Security Division Overview

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001" Presented to the ICGFM Annual Conference.

Security Controls – What Works

An Overview to Information Security and Security Initiatives in India Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In)

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

(Geneva, Switzerland, September 2014)

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

June 2003 © S.Hashem Empowering E-Business in Egypt: Facing the Challenges! Dr. Sherif Hashem Director, Information Society Development Office Ministry.

Preparedness for cybersecurity threats domestic aspects of cyber security Jaan Priisalu.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Opportunities of ICT sector The Ministry of Information Technologies & Communications Ms. Dona ŞCOLA, Deputy Minister.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

ICT policy and development trends and challenges in Bulgaria

Building Inclusive Knowledge Societies Session organized by the UNCT in India and other UN entities.

SEC835 Database and Web application security Information Security Architecture.

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Evolving IT Framework Standards (Compliance and IT)

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

1 National Electronic Commerce Strategies The Malaysian Experience Ho Siew Ching Ministry of International Trade and Industry Malaysia Expert Meeting on.

Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)

T R U S T A N D C O N F I D E N C E I N C Y B E R S P A C E I N D U S T R Y C A N A D A P C C - I Q u i t o, E c u a d o r, M a r c h 1 6 – 1 9,

Cybersecurity Governance in Ethiopia

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.

2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.

10/19/2015 / 1 Electronic Commerce Branch UNCTAD - United Nations Conference on Trade and Development Dr. Susanne Teltscher United.

EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

The Partnership Training Institute Network of the APEC Food Safety Cooperation Forum Julia Doherty Office of the U.S. Trade Representative January 27,

2010 Ministry of Economic Development of Georgia Communications and IT Department Overview of the Georgian ICT Sphere and its Future Development Irakli.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Hurdles in implementation of cyber security in India.

How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.

David A. Olive General Manager, Fujitsu Limited WITSA Public Policy Chairman WITSA Public Policy Meeting Athens, Greece May 15, 2005 Global Public Policy.

Highlights on the New ICT Strategy After the 25 th January Revolution Dr. Mohamed Salem Minister of Communications and Information Technology October 2011.

Raya for Information Technology. About US  Raya IT, established in 1998, operates in the field of systems integration and IT business solutions.  A.

PRESENTATION DURING NEW STAFF INDUCTION ON THE INFORMATION TECHNOLOGY (IT) DEPARTMENT BY: MICHAEL K. KATUNDU, Director, Information Technology (IT)

IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.

Cyber Security : Indian perspective. 22 Internet Infrastructure in INDIA.

ISACA Ireland Cyber Security Policy 9 February 2016.

Presented by Solomon Ingba David Afoenyi Afure Iloka Niteabai Domininc.

1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

CARIBBEAN WORKSHOP ON E-GOVERNMENT BEST PRACTICES Port of Spain, Trinidad & Tobago, July 26-28, 2005.

VISION Information and Communication Technologies are the driver of economic growth, through productivity enhancement, improved government service and.

Cybersecurity - What’s Next? June 2017

National Workshop on Cyber Crimes and Cyber Laws

About the NIS directive

Securing Information Systems

8 Building Blocks of National Cyber Strategies

AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele

Presentation transcript:

06 Sep 2006 Cyber security Cyber Security for Protection of Critical Information Infrastructure B J Srinath Director & Scientist ‘ F ’, CERT-In Department of Information Technology Ministry of Communications and Information Technology Government of India Tel: ,

06 Sep 2006 Cyber security India: Economy & Demographics  A large and growing working population  Increasing urbanisation and rising expenditure capacity  4 th largest Economy in the world with sustained GDP growth of over 8%  Fast growing Forex reserves - US$ 160billion (2006); Fairly stable currency ~ Rs 45 per US $  Growth rate of exports of 32% in dollar terms  Accelerated consumer demand in million Cars, 12 million TVs, 38 million mobiles, 3.5 million credit cards, 1 million new houses…Over 150 Million middle class population,  20 – 30 million people joining India’s middle class every year  Telephones140 million  Broadband Connection 0.8 million  Internet users 40 million Source: NASSCOM & MAIT

06 Sep 2006 Cyber security Indian IT Industry – Year 2005 : An Overview ♦ Industry Turnover US $ 38+ Billion ♦ Hardware US $ 7 Billion ♦ Hardware Exports US $ 1.8 Billion ♦ Software & Services US $ 24 Billion ♦ Software Exports US $ 17 Billion ♦ ITES & BPO US $ 7 Billion ♦ ITES & BPO US $ 6 Billion IT Industry ♦ PC Shipment: 6 Million Units p.a ♦ PC Penetration: 20 per 1000 ♦ Mobile Penetration: 100 per 1000 ♦ TV Penetration: 140 per 1000 ICT Industry ♦ Broadband: 8 per 1000 ♦ Internet Penetration: 40 per 1000 ACCESS

06 Sep 2006 Cyber security The Four Tigers of IT growth 2004 Worldwide:160 Million India-Volume: 4 Million India Share: 2.5% India Growth: 32% 2007 :234 Million : 9 Million : 4% : 30% 2004 Worldwide:650 Million India-Volume: 58 Million India Share: 4% India Growth: 58% 2007 :1040 Million : 90 Million : 9% : 24% 2004 Worldwide:136 Million India-Volume: 1 Million India Share: 0.4% 2007 :261 Million : 10 Million : 4% 2004 Worldwide:51 Million India-Volume: 1 Million India Share: 2% 2007 :80 Million : 5 Million : 6%

06 Sep 2006 Cyber security ISPs in India Total 150 ISPs Major ISPs NICNET ERNET BSNL MTNL VSNL Bharti Reliance Tata STPI

06 Sep 2006 Cyber security Information Security Survey - Highlights

06 Sep 2006 Cyber security Security – importance & strategy

06 Sep 2006 Cyber security Security – importance & strategy

06 Sep 2006 Cyber security Security breaches

06 Sep 2006 Cyber security Security breaches

06 Sep 2006 Cyber security Security breaches

06 Sep 2006 Cyber security Security breaches

06 Sep 2006 Cyber security Security breaches

06 Sep 2006 Cyber security CERT-In: Established in January, 2004 Mandate ‘Ensure security of cyber space in the country’ by ‘Enhancing the security of communications and Information infrastructure’ through ‘Proactive action and effective collaboration aimed at security incident prevention & response and security assurance’

06 Sep 2006 Cyber security CERT-In Constituency Indian Cyber Community Emphasis on : Critical Information Infrastructure Organizations –Defence –Finance –Energy –Transportation –Telecom (Dept. of Telecom) CERT-In – Mother CERT Sectoral CERTs being established –NTRO –Army/Navy/Air Force CERTs –IDRBT –Power Sector-CERT –Civil Aviation-CERT – Railways-CERT –Telcom-CERT

06 Sep 2006 Cyber security Activities of CERT-In Activities (till August) messages received Incidents handled Security Alerts/ Incident Notes Advisories Vulnerability Notes Security Guidelines942- White papers-361 Trainings1764 Indian Website Defacement Open Proxy Servers

06 Sep 2006 Cyber security Information Sharing: Stakeholders ISPs, Key Networks CERTs CSIRTs Vendors Media Law Enforcement Agencies Home Users CERT-In --- Government Sector -Critical Information Infrastructure - Corporate Sector International CERTs

06 Sep 2006 Cyber security Web Defacements: Sector wise Phishing40% Virus/Malicious Code38% Network Scanning/Probing 16% System Misuse2% Spoofing2% Others2% Type of hackers Incidents handled

06 Sep 2006 Cyber security Nature of Cyber Security Breaches Web defacements of Information based websites Spread of malicious codes SPAM – Open Proxy Servers Phishing – Largely gets to foreign Banks and Financial Institutions Denial of Service attacks (DoS)

06 Sep 2006 Cyber security Challenges and Concerns Outreach Security Investment Information sharing and exchange Cyber Forensics and Quality of Evidence Global Cooperation

06 Sep 2006 Cyber security Action at Government Level National Information Security Policy Legal Framework to address Data and Privacy concerns Critical Information Infrastructure Protection Plan Cyber Security Assurance Framework Cyber Security Research & Development

06 Sep 2006 Cyber security Legal Framework Information Technology Act 2000 (IT Act, 2000) –Legal recognition to Electronic Transaction/Record –Acceptance of Contracts expressed by electronic means –Framework for Digital Signatures –Computer crimes

06 Sep 2006 Cyber security Legal Framework Amendments proposed in the IT Act 2000 to include: Technology-neutral concept of e-Signature Delivery of e-Governance services through Public-Private Partnership Data Security and Privacy Identity Theft and Phishing Video Voyeurism

06 Sep 2006 Cyber security Critical Infrastructure Protection Government has initiated measures to protect Critical Information Infrastructure in public and private sector. The focus is on Identification of core sectors and points of contact Implementation of Best Practices comprising: Disaster Recovery & Business Continuity Planning Compliance with laws and regulations Managing risk Auditing, reporting and monitoring Education and awareness training (Capacity Building)

06 Sep 2006 Cyber security “National Information Security Assurance Program (NISAP)” for Government and Critical Infrastructure Organizations

06 Sep 2006 Cyber security It has four elements Mandatory compliance requirement – in the form of a legal/regulatory framework Mandatory compliance efforts – to ISMS standards like ISO/IEC 27001/BS 7799 etc Mandatory compliance verification – of security technical, managerial as well as operational controls including ISMS assessments, penetration testing, vulnerability assessment, application security testing etc Mandatory compliance reporting – to CERT-In as a notified entity on a periodic basis Security Assurance Framework – Concept

06 Sep 2006 Cyber security It has two distinct actions Enabling actions Directives/Standards/Guidelines/Empanelment & rating/Training & awareness Endorsing actions Assessments, Testing & Certification covering Product, Process & People – includes specific services such as ISMS certification as per ISO 27001/BS 7799 etc Common Criteria security product test/evaluation as per ISO IT Security auditing (Pen. Test/ VA etc) IT Security auditor training and skill evaluation Security Assurance Framework - Concept

06 Sep 2006 Cyber security Areas of Cooperation Coordination in early warning, threat & vulnerability analysis and incident tracking Assistance in Cyber space monitoring Cyber security drills/exercises to test the vulnerability & preparedness of critical sectors Joint R&D projects on cyber security Exchange of expertise

06 Sep 2006 Cyber security Thank you