Towards a (Secure ? !) Digital Nation

Vision, Strategy and Roadmap

SanjayDeshpandeManagingPartner&ChiefScien1st

FortyTwo42LabsDate:9thJanuary2017

The Structure

Real-Timee-Governance

[TheGoal]

DigitalTrust[Fidelity]

TheReality[Introspec=on]

TheVision[TheFuture]

TheStrategyandRoadmap

[GamePlan]Ac=onPlanandHope

•  UnitedKingdom:TimeboundprogramslaunchedforSecureSmartCi=esandFINTECHinnova=ons

•  India:MassivepushforDigitalFinancialEcosystemandReal-Timee-Governance

•  Switzerland:SwisscomSecureIOTnetwork

•  SouthKorea:DeploymentofubiquitoussensornetworkdedicatedforIOTdrivenpublicservices

•  Germany:Na=onalpriori=za=onforIndustry4.0

Key Global Initiatives in Secure Digital Transformations

Towards a (Secure?) “Digital Na7onal” NextGenera=onStrategyforEconomicGrowth,GovernanceandPolicyExecu=on

Makeeconomicenvironmentconduciveforinnova9onIns9tu9onbuilding,publicskilldevelopmentandtrainingEfficient,equal,transparent,servicesdeliverytoallci9zensCreateopendebateaboutacceptabilityofnewsystems,par=cularlyrelatedtoprivacy,safety,security,andresilienceCreateandsupportdynamic,compe99vemarket

Government’s Role in Accelerating Economic Growth

PrimeMinisterShriNarendraModilaunchedtheDigitalIndiaprogramwithavision“totransformIndiaintoadigitallyempoweredsocietyandknowledgeeconomy”CoreAreas•  Digitalinfrastructureasau=litytoeveryci=zen•  Governance&servicesondemand•  Digitalempowermentofci=zens•  Digitaleconomy•  Cyber-physicalengagement

The DIGITAL INDIA VISION

Ref:LayneandLeeModelofe-Governance

eGovernment Maturity Model: Type 1

Ref:AndersenandHenriksen

e-Government Maturity Model: Type 2

Fidelity of Real-Time eGovernance

TransformingeGovernancetoReal-TimeeGovernance@theSpeedof“?”:Ci=zensareaveryimpa=entlotFidelityofeGovernanceanditsfundamentalroleWhataboutDigitalTrustandhowtoachieveit?

IFWEDON’TFIXANDINSTALLANATIONALCYBERSECURITYINFRASTRUCTURE…WITHAMISSIONMODEPRIORITY….….WEAREHEADINGFORAMASSIVEDISRUPTIONINECONOMICGROWTH.PERIOD.

DIGITAL TRUST Why,WhatandHow?

PrivilegedandConfiden=alInforma=on12

Real-TimeeGovernanceneedstoensurefidelityoftheirdigitaltransac=ons,whiledeliveringdigitalservicesacrossvariouschannelstoitsusersinordertopreventcyberfraud.

What is Digital Trust?

PrivilegedandConfiden=alInforma=on

Allthetransac=ngpar=esareauthen=cated

Transac=ondetailsareprivate

Transac=onisnotmodified/tamperedlater

Transac=ngPar=escannotdenythe

transac=oninthefuture

Transac=onisauthorized&verified

Mul9-PartyIDENTITY&

AUTHENTICATION

DynamicKeyDataENCRYPTION

EmbeddedDATAINTEGRITY

In-LineTransac9onSiging

NONREPUDIATION

WorkflowbasedAUTHORIZATION&

VERIFICATION

13

DeliveringTransac9onFidelitywithaSingleUnifiedTechnology.Seamlessly.

The Reality Introspec=on

•  Theendusersofthee-GovernmentinfrastructureremainvulnerabletovarietyofthreatssuchasPacketSniffing,Probe,Malware,InternetInfrastructureAeacks,DenialofService(DOS)Aeack,RemotetoLocal(R2L)Aeack,UsertoRoot(U2R)Aeack

•  Datathe],financial/digitaltransac9ona_acks,corrup=onofdata,defacement,extor=on,cyberbullying,intellectualpropertytheh,businessespionage.

•  Governmentalins=tutesandcri=calinfrastructuresbearsignificantweightintheamountofaeackstheyencounter.

•  Anaeackermayhavepoli9cal,economic,military,intellectualandfinancialaims.

•  Mosthighimpacta_acksarenoworchestratedbyna9onstates.

Current Threat Landscape

PrivilegedandConfiden=alInforma=on16

WeimportmostofthecybersecuritytechnologiesfromrestoftheworldTherearenoincen9vestructuresforbuildingindigenouscu`ngedgenextgenera9oncybersecuritytechnologiesAna9onalpriorityoncrea9ngarobustcybersecurityinfrastructureisfundamentallymissingAcultureofinnova9onandleadershipinbuildingbothdefenceand“a_ackfordefence”plabormsisdormantinspiteoftheavailabilityofvastamountoftalentandcapitalWeworkinsilosandgroups(whilethehackersworkcollec9velyasonevirtualunit)

Current Innovation Scenario

PrivilegedandConfiden=alInforma=on17

LackofEnd-to-EndIden9ty,Authoriza9onandControlWorkflow

CostandComplexityofSecuritystSta9cSecurityPosture

PoorUsability

LowerAdop9onLoweradop=on,lowercustomeracquis=onandcannotbeprovisionedforalltransac=ontypes,customertypesandacrossalldigitalservicesduetocost.

Current Technology Scenario

The Vision: Secure Hi-Fidelity Real-Time eGovernance LeadingtheWorldthroughCukngEdgeInnova=oninSecureCompu=ngandCommunica=ons

To create a world-class secure and safe real-time eGovernance “ecosystem” that is built on top of a future proof, dynamic and evolving national cyber security infrastructure to protect the Citizens, the Financial, Industrial Ecosystem and Indian Defence from external and internal cyber threats to rapidly accelerate the economic growth of the country.

THE VISION

Sohwaredefinedautomated,machinelearningadap=veagile

securitycontrolplalorm.

Adap9veDigitalControl

ControlLifeCycleManagement[Design,Provision,Opera9onalize,Monitor,Adapt]

So]wareDefinedControlModel

DigitalAssets[Transac9ons,IOT,Devices,Apps,Docs,Data]

So]wareDefinedIden9ty

Crypto-ID

PrivilegedandConfiden=alInforma=on20

Technology Vision : Towards Adaptive Security Control

PrivilegedandConfiden=alInforma=on21

CryptographicIden=ty

UserIDsGoogle,Facebook,MobileNumber

EnterpriseIDsAccountNumber,

InternetBankingUserID

Users/Enterprises/

Things[Iden9tyChaining]

GovernmentIDs

Aadhaar,Passport,PAN

IDVxI-AM™Iden=ty

Verifica=onIndex

Iden==esareestablished

Transac=onisPrivate

Transac=onissealed NobodycandenyTransac=onisverified

IDENTITY ENCRYPTION DATAINTEGRITY

NONREPUDIATIONAUTHORIZATION

UnifiesEnd-UserIden99esEnablesIden9tyChaining

DynamicConfigurableVerifica9onIndexPKIGradeCryptoStrength

THE IDENTITY

A Non-PKI Digital World::[An Example of Disruptive Innovation] @ FortyTwo Labs in Vizag

Computa=onally(QuantumCompu9ng)SecureCryptographicIden=ty

NoChainNoAuthority

MassivelyScalableSimpleCostEffec9ve

CredibilityBasedPeer-To-PeerTrustNetworks

UnifiedIden=tyModel

Media9onbasedIden9tyGenera9onandDistribu=onModel

Adap9veandEvolving

BEYOND PKI

The Strategy and Roadmap A (7me bound!) Execu7on

#1 End-to-End Integrated Adaptive Holistic Security Control Ecosystem

PeripheralDefense

NetworkDefense

HostComputersDefense

Applica=onProgramsDefense

DataDefense

PhysicalSecurity

•  Collabora9veModel

•  Securingtheen9reinter-connectedchain

•  CyberWarfareReadinessandAn9-Terrorism

•  IntegratedReal-TimeCERTandCyberThreatIntelligence

•  IndigenousPreven9on/Defense/A_ackSolu9ons

#2 Components of a Holistic End-To-End National Cyber Security Ecosystem

•  BestinClassGlobaldetec9onsolu9ons&SIEM/SOC

•  IncidentResponse(Tools,Processes,SkillsandValues)

•  BusinessCon9nuityandDisasterRecovery

•  PhysicalSecurity

•  Step1:Mapallthecri9calna9onaldigital(andsome9mesnon-digital)assetsvis-à-visthethreatvectors.Thismightincludesecurityprocedures,datastores,networkarchitecture,physicaloffices,centralservers,portabledevices.

•  Step2:Conductadetailed/comprehensivena9onallevelthreatlandscapesurvey-thisanalysiswillhelpcreateacoherentriskmapthatenablescontrols,andsecuritymeasurestobeputintoplaceinanintelligentmannerwhiletakingintoconsidera=onthetruenatureoftheexposure.

•  Step3:Iden9fyallthecontours/perimetersofdefense/a_ack–thisanalysisshouldcoveralltheusers,devices,applica=ons,servers,network,anddatacenter(hardwareandsohware).

•  Step4:Define,ProvisionandEnforcePoliciesandrelevantsecuritytechnologiesforeachoftheassetsinthecontoursinrela=ontothecyberthreats

#3 Securing the National Digital Infrastructure : A Four Step Process

•  UserIden=tyandAuthen=ca=onPolicies/Technologies

•  Device/IOTAuthen=ca=onPolicy

•  DataEncryp=onStandards

•  Applica=onDevelopmentProcess

•  DataCenterAccessPolicies

•  Applica=onandDeviceAccesspolicy

#4 Design and Deploy Holistic End-To End Security Controls

•  Con=nuousThreatMonitoring

•  Businesscon=nuitytechnologiesandpolicies.

•  Iden=tyandAccessmanagementpoliciesandinfrastructure.

•  Privilegedaccesscontrolpoliciesanddatabreach/leakagedetec=onandcontrol

SYSTEMSENGINEERINGAPPROACH

•  Na9onalCyberSecurityThreatindexshouldbedefinedandcomputedinreal-=meandcommunicatedtoalltheconcernedstakeholders.

•  Suchanindex(likethestockmarket)willprovidethecurrent“temperature”ofthecyberthreattoalltheconcernedstakeholdersinreal-9meforthemtoac9vatetherequiredresponsestrategiesinreal-=metherebydras=callyreducingthethreatresponsereac=on=mes.

•  TheNa9onal/StateLevelCyberSecurityIndexisareal-9memeasureoftherisktothecorporate,industrial,andgovernmentalinforma9oninfrastructurefromaspectrumofcybersecuritythreats.

•  Itisbasedbothonthesen9mentaswellasreal9medatacollectedonthecyberthreatsfromacrosstheecosysteminrecogni=onoftherapidchangeincybersecuritythreatsandpostures,thestateofcybersecuritymetricsasaprac=calart,andthedegreeofuncertaintyinanyrisk-centeredfield.

#5 National and State Level Real Time Cyber Security Threat Index

•  CyberSecurityMaturityModelwillenablethestatetomeasurethecybersecuritymaturitylevelvis-à-visastandardmodel.

•  Thesemodelscanbecustomizedforvariousdigitalen99eswithinthecybersecurityecosystem–ci=zens,enterprises,governmentdepartmentsandcri=calinfrastructure.

•  Theoverallna9onalcybersecuritymaturitylevelcanbemodeledasanintegra=onoftheseindividualsub-models.

•  Thestatecanfurtherenforce/recommendcompliancebyci9zens,enterprises,governmentdepartmentsinaccordancetothismaturitymodel.

#6 Cyber Security Maturity Model for eGovernance Ecosystem (CSM2 for eGov)

CyberSecurityClusteris-  anetworkofdedicatedcyberandinfosecurityspecialists,investors,start-ups,academia,researchins9tutes,privatelabscomingtogetheringroups

-  whoac9velyworktocreateuniquesolu9onsandbuildIPfore-Governance,na9onalcri9calinfrastructuresecurityandothercommercialcybersecuritytechnologies.

# 7 Create World Class Cyber Security Clusters

•  TheseCybersecurityclusterswillactasacatalysttosupportthemembersoftheclusterbycommunica=ngstrategicini=a=vescri=caltostatee-Governanceimplementa=on

•  Theywillprovideanetworkingplalormtoshareideasandbestprac=ce,canfindnewwaystogrowandspurinnova=onandtechnologyIPcrea=oninthefieldofcybersecurity.

•  Specialistcybersecuritycompanies,labs,R&Dcenterswillbuildcybersecurityknowledge,skills,andcapabili=esintheregion,tomakebusinessesmoreresilienttocyber-aeacks.

•  APGovt’sfastandcollabora=veapproachenablesandplacesAPGovt.tobealeaderinthefieldofcybersecurity.VizaghasalreadylaunchedIndia’sfirstCyberSecurityandFINTECHcluster.

# 7 Create World Class Cyber Security Clusters

# 7 Create Frameworks and Policies for Secure IOT Infrastructure for Secure Smart Cities, Real-Time Sensor Data Networks for Agriculture and Home Land Security

•  Ins=tu=onalizeandprovisionapolicyforsecuringIOTinfrastructuretoensurethesafetyofthecyber-physicalworld

•  Set-upstateandna=onalLevelR&DCentersinaPPPmodeltodevelopnewsecuritymodelsandtechnologieswillberequiredtobeinnovated

•  Iden=fycri=calinfrastructure(smartci=es,surveydata,agriculturedata,homelandsecurity/drones/surveillance)andsecurethemonhighestpriorityina=me-boundmanner

Trustingovernmentisoneofthemostpreciousstateassets.Publicsupportcanhelpmobilizeambi9ousandinnova9vegovernmentpolicies.Necessarycybersecuritymeasuresmustbeincorporatedbydesignintothesystem.Aholis9ccybersecurityinfrastructureisthefundamentalbuildingblockontopofwhichsafeandsecureRealTimee-GovernancedeliverysystemscanbebuiltAPStateandVizagiswellpoisedtoleadthecountryandtheworld.Inordertofulfillthisvisionthestateleadershipwillhavetopriori9zeandallocatethenecessarybudgets,andexecutethecri9calcybersecurityrelatedini9a9vesina9meboundandmissionmode.

Way Forward The VIZAG Cyber Security Cluster

We should aim to be bold,

courageous, and innovative

SANJAY@FORTYTWO42.IN

@VIZAG

India’sFirstCyberSecurityand

FintechClusterwithanAmazingBeach!