vibrant gujarat summit on cyber security, facing issues and challenges
DESCRIPTION
Quantification of the term cyber security is necessary in today’s world. All the stakeholders comprising of Government, private and public should join hands for this initiative.TRANSCRIPT
Report on
“Leadership Summit on ICT – 2013” Cyber Security: Issues and Challenges
Towards a More Secure Society Date: 27th January, 2014 Venue: The Pride Hotel, Ahmedabad, Gujarat
Supported by
Platinum Partner Silver Partner Knowledge Partner
Event Partner Partner Association
2
CONTENTS
Background ......................................................................................................................................................... 4
Inaugural Session Details .................................................................................................................................. 4
List of Dignitaries ................................................................................................................. 4
Session Details ..................................................................................................................... 5
Inauguration by Chief Guest Shri. Rajni Patel, Hon’ble Minister of State for Home, Government of Gujarat ....................................................................................................................................................... 5
Welcome Address by Shri Umang Das, Chairperson- ASSOCHAM National Council on Information & Communication Technology .................................................................................................................... 5
Theme Address by Shri Rajan Vasa, Senior Advisor, Knowledge Partner KPMG ...................................... 6
Special Address by Shri S.J. Haider, Secretary, Science & Technology Department, Government of Gujarat ....................................................................................................................................................... 6
Chief Guest Address by Shri Rajni Patel, Hon’ble Minister of State for Home, Government of Gujarat . 7
Guest of Honour Address by Dr. S.K. Nanda, Additional Chief Secretary, Home Department, Government of Gujarat ............................................................................................................................. 7
Keynote Address by Dr. Gulshan Rai, Director General, Indian Computer Emergency Response Team (CERT-In), Department of Electronics & IT, Ministry of Communication & IT, Government of India ................................................................................................................................................................... 7
Industry Address by Shri T.V. Ramachandran, Chairman, ASSOCHAM National Communications Convergence Committee & Resident Director, Regulatory Affairs & Gov. Relations, Vodafone ......... 8
Vote of Thanks by Dr. Neeta Shah, Director (e-governance/COE/I/C Projects), Gujarat Informatics Limited, Department of Science and Technology, Government of Gujarat .......................................... 8
Technical Session I: Cyber Security: Issues & Challenges .................................................... 9
Panellists ......................................................................................................................................................... 9
Dr. Gulshan Rai, Director General, CERT-In, Department of Electronics & IT, Ministry of Communication & IT, Government of India ........................................................................................... 9
Dr. Kamlesh Bajaj, CEO, Data Security Council of India ............................................................................. 9
Shri Manoj Agrawal, IGP, SCRB, Gandhinagar ............................................................................................ 9
Shri Vishwa Jha, National Head, Govt. & Defence, Cyberroam Technologies ......................................... 10
Shri Shomiron Das Gupta, Founder, NETMONASTERY NSPL ................................................................ 10
Shri Siddhartha Rao, VP & Global Head, Product Security Response, SAP AG ....................................... 10
Concluding Remarks by Dr. Gulshan Rai, Session Moderator .................................................................. 10
Q & A Session ............................................................................................................................................... 10
Technical Session II: Safe & Secure ICT Infrastructure: Independent & Collaborative
Approaches ..................................................................................................................... 11
3
Panellists ........................................................................................................................................................ 11
Shri K.R. Gururaja Rao, Chairman cum MD, Gujarat Informatics Ltd. (Session Moderator) ................. 11
Smt. Anjana Choudhary, Deputy Director General & Head, Cyber Security, National Informatics Center, Government of India ................................................................................................................. 12
Shri Brijesh Datta, Head, Information Security, Bharti Airtel Ltd. .......................................................... 12
Mr. Saket Modi, CEO, Lucideus .................................................................................................................. 12
Way Forward ....................................................................................................................... 13
4
Background With a theme “Cyber Security: Issues and Challenges, Towards a More Secure Society”, the Leadership
Summit on ICT – 2014 was held on 27th January at Ahmedabad, Gujarat. The summit was aimed at
finding the ways to build a secure and resilient cyberspace for citizens, businesses and government. The
summit was organized by ASSOCHAM and supported by Department of Science and Technology,
Government of Gujarat (DST), Gujarat Informatics Limited (GIL) and Industrial Extension Bureau
(iNDEXTb) with KPMG being the Knowledge Partner. The other sponsors for the summit were Airtel,
Cyberoam and Gujarat Electronics & Software Industries Association (GESIA).
Inaugural Session Details
List of Dignitaries Name Organization Designation
Shri Rajni Patel Government of Gujarat Hon’ble Minister of State for Home
Dr. S.K. Nanda Home Department, Government of Gujarat Additional Chief Secretary
Dr. Gulshan Rai
CERT-In, Department of Electronics & IT, Ministry of Communication & IT, Government of India Director General
Shri P.C. Thakur Government of Gujarat Director General of Police
Shri S.J. Haider Science & Technology Department, Government of Gujarat Secretary
Shri Umang Das ASSOCHAM National Council on Information & Communication Technology Chairperson
Shri T.V. Ramachandran ASSOCHAM National Communications Convergence Committee Chairman
Shri Rajan Vasa KPMG Senior Advisor
Shri K.R. Gururaja Rao Gujarat Informatics Ltd, Department of Science & Technology, Government of Gujarat
Chairman and Managing Director
Dr. Neeta Shah Gujarat Informatics Ltd, Department of Science & Technology, Government of Gujarat
Director (e-governance)
5
Session Details
Inauguration by Chief Guest Shri. Rajni Patel, Hon’ble Minister of State for Home, Government of Gujarat
Welcome Address by Shri Umang Das, Chairperson- ASSOCHAM National Council on Information & Communication Technology Shri Umang Das started the session by giving an overview of the phenomenal growth envisaged in IT and
Telecom sector, and the underlying threats to the digital infrastructure & the importance of cyber
security. Quoting Hon’ble CM Shri Narendra Modi’s words “India Tomorrow is equal to Information
Technology and Indian Talent (IT=IT+IT)” it was emphasized that technology has the potential to shape
India’s future, whether dealt in fuelling innovation or in delivering distinct products and services, all on a
common mobile-internet platform through increasing use of mobile devices and high speed broadband
networks. It was highlighted that this is only the tip of the iceberg as the IT and Telecom sectors are
envisaged to grow and scale up phenomenally. Given that for cyber management, India we have about
only 1000 people whereas in comparison, China has 1.25 Lakh and USA has 91000 people. So India still
have a long way to go to build capability in preventing cyber attacks.
6
Theme Address by Shri Rajan Vasa, Senior Advisor, Knowledge Partner KPMG Shri Rajan Vasa gave an address on the theme of the event i.e. Cyber Security Issues and Challenges
focusing on why cyber security is important and relevant in today’s world and what steps may be taken
to become cyber-attack resilient. He started his address quoting Isaac Ben-Israel, Major General
(Retired) Israeli Air Force: “If you want to hit a country severely you hit its power and water supplies.
Cyber technology can do this without shooting a single bullet” to highlight the degree of vulnerability
the cyber space has if proper steps are not taken. The various examples of the types of cyber threats and
how not only businesses, governments, military and banks are subject to cyber-attacks were shared.
Further, the various risks, issues and challenges of cyber security for the various stakeholders were
discussed. In the end, certain mitigation steps that may be taken by organizations, governments and
individuals to be resilient and to deal with cyber-attacks and cyber-crimes were suggested.
Special Address by Shri S.J. Haider, Secretary, Science & Technology Department, Government of Gujarat Shri S.J. Haider, IAS, welcomed all on behalf of the Government of Gujarat and addressed that the issues
of cyber security have become much more relevant to the common man as well as to the professionals
and domain experts as we have speedily and exponentially moved towards an e-connected society thus
making heightened awareness and requisite preparedness for the citizens and technical people alike is
an imperative need of the hour. It was cited that Gujarat is the most e governed state in the country
with several landmark programs such as SWAGAT, E-gramViswagram, e-gujcop , e-city, etc implemented
successfully to bring about transparency, efficiency and citizen friendliness. The e-taal portal which is
7
the national e-services dashboard maintained by NIC on behalf of Government of India indicates that 43
Crore e-transactions, the highest in the country, have been recorded in Gujarat. Thus, it was stressed
that the criticality of existing networks and transactions is such that any manipulation or disruption can
have disastrous consequences to the social order, economic well being and even national security and
hence, cyber security is of grave concern to the society which would require structured and
institutionalized mechanism and multi pronged strategy to deal with. It was concluded that certain
provisions have been made in the IT act 2000 and amended from time to time to safeguard e-
governance e-commerce e-banking, etc however that alone is not enough and further measures need to
be taken that will pave the future for a roadmap to a safe and secure cyber society.
Chief Guest Address by Shri Rajni Patel, Hon’ble Minister of State for Home, Government of Gujarat Shri Rajni Patel released the concept paper on Cyber Security by the Knowledge Partner, KPMG. In his
address to the gathering it was stated that the government is serious about Cyber security and wants to
create awareness in the society about cyber incidents. It was highlighted that the various eGovernance
projects going on in the state has made Gujarat one of the leading state in terms of IT implementation.
It was stressed that though technology provides better facilities to the masses but still its application
brings with it many hurdles & Cyber Security is one of them. It was suggested that the best solution to
this problem is educating people on how to remain safe online. It was assured that the government
looks forward to the ways how more people can be made part of this education drive.
Guest of Honour Address by Dr. S.K. Nanda, Additional Chief Secretary, Home Department, Government of Gujarat Dr. S.K. Nanda gave insights on developing a comprehensive guidelines of do’s and don’ts for various
applications used on mobile phones and other mobility devices for protecting the systems as well as
taking the right precautions as individuals for securing personal contents. Further, the proposal of the
Home Department to RBI for introducing a third level of security check in the banking system after CCTV
and password authorization stages was discussed. It was concluded that there is a need to create
trained personnel to deal with cyber security issues that will grow in the future.
Keynote Address by Dr. Gulshan Rai, Director General, Indian Computer Emergency Response Team (CERT-In), Department of Electronics & IT, Ministry of Communication & IT, Government of India Dr. Gulshan Rai gave the keynote address wherein he highlighted the issues on Jurisdiction, Privacy,
absolute freedom of expression or restricted freedom. It was stated that ‘People’, ‘Process’ and
‘Technology’ have to come together and have to work hand in hand to deal with the issues of cyber
security. The audience was enlightened how the cyber criminals work and prove to be a menace to the
society. It was stated that the fishing incidents ranging from 15 to 18 per day have become more
sophisticated wherein the server is located in one country, IP address is located in another, fishing sites
will be somewhere else and the effected party can be anywhere in the world. It was emphasized that
the issue of cyber security ranges from home to the military organizations of the nations.
8
Industry Address by Shri T.V. Ramachandran, Chairman, ASSOCHAM National Communications Convergence Committee & Resident Director, Regulatory Affairs & Gov. Relations, Vodafone Shri T.V. Ramachandran shared some perspectives on the Telecom sector of the country stating that
Telecom sector which is the backbone and the real enabler of IT plays an instrumental part in several
cyber crime situations. The Telecom sector transformation that has taken place in the last 20 years was
shared. In terms of the tremendous increase in teledensity, increase in internet users from no users to
more than 200 million internet users & more than 85% of them as mobile internet users over the years
and the privatization of telecom sector of the country leading to approximately 7% contribution to the
GDP of the nation from a state of being a burden on state exchequer previously. Further, it was
emphasized that even a 10% increase in teledensitycan lead to 1.2% increase in GDP growth, hence a
growing and emerging economy like ours cannot afford to ignore this. The various difficulties that the
Telecom sector in the current times is mired were discussed. Since it can hinder the progress of IT in the
state and so as a conclusion 6 urgent measures to deal with and keep the sector afloat were proposed.
The measures were:
Need for policy stability, consistency and clarity & honouring of licence commitments and obligations
Rationalization of the huge burden on taxes, duties,& levies which sum to greater than 30% of the revenue and promotion of manufacturing and other ICT programs
Facilitatation of telecom infrastructure roll out, permission for sharing of infrastructure
Need for open , successful auction of spectrum
Need for spectrum reforms in terms of M&A, sharing, sustainability
Facilitation of new initiatives, innovation, policies in regards to mobile technology, M2M, cloud computing and other new technologies
Need for rational and modern approach for security
Vote of Thanks by Dr. Neeta Shah, Director (e-governance/COE/I/C Projects), Gujarat Informatics Limited, Department of Science and Technology, Government of Gujarat Dr. Neeta Shah expressed her gratitude to all the dignitaries present on the dais. She further thanked all
the speakers of the summit and the Knowledge Partner, KPMG. She further highlighted the statement by
the Hon’ble Chief Minister of the State Shri Narendra Modi “In the 21st century wars will be fought in the
Cyber World rather than on the borders. India’s ICT capabilities will play a crucial role in our standing
globally. We must therefore encourage and empower our brilliant young minds to strengthen this
critical domain of national security”. The presence of the Chief Guest, Shri Rajni Patel, Hon’ble Minister
of State for Home, Government of Gujarat and Dr. Gulshan Rai, Director General, CERT-In, Department
of Electronics & IT, Ministry of Communication & IT, Government of India were acknowledged.
9
Technical Session I: Cyber Security: Issues & Challenges
Panellists
Name Organization Designation
Dr. Gulshan Rai
(Session Moderator)
Indian Computer Emergency Response Team (CERT-In), Department of Electronics & Information Technology, Ministry of Communication & IT, Government of India
Director General
Dr. Kamlesh Bajaj Data Security Council of India CEO
Shri Manoj Agrawal State Crime Records Bureau IGP
Shri Vishwa Jha Cyberoam Technologies National Head, Govt. & Defence
Shri Shomiron Das Gupta NETMONASTERY NSPL Founder
Shri Siddartha Rao Product Security Response, SAP AG Vice-President & Global Head
Dr. Gulshan Rai, Director General, CERT-In, Department of Electronics & IT, Ministry of Communication & IT, Government of India Dr. Gulshan Rai spoke about how computer was studied as a part of electricals, then as a part of electronics and ultimately as computer science. But today Cyber Security has become a subject on its own. It was stated that the legal, technical and procedural aspects of security differ in the virtual world as compared to the physical world which needs to be known. It was further highlighted that one of the most alarming issues of cyber security is “privacy”. The meaning of privacy has changed as anyone from any part of the world can penetrate into any system anywhere in the world. It was discussed that this activity has led to associate the aspect of Sovereignty with the cyber world too.
Dr. Kamlesh Bajaj, CEO, Data Security Council of India Dr. Kamlesh Bajaj gave examples of some serious cyber espionage cases worldwide. Quoting Mandian Report, an example of the APT1 group based out of Shanghai which was linked to People’s Liberation Army unit was shared. This group attacked 141 companies in 20 major industries in all continents and went undetected for 356 days. Some more examples of cyber espionage cases mentioned in Horizon Data Breach Report were discussed. It was proposed that there should be a treaty similar to Nuclear Non Proliferation Treaty which can put limits on the cyber surveillance by the countries.
Shri Manoj Agrawal, IGP, SCRB, Gandhinagar Shri Manoj Agrawal started by saying as any kind of technology develops, the cons with the pros also develops and which in the early stage of technology development gets overlooked. The fact was further supported that more no. of skilled people are required to work in this domain. Some key points of technical expertise a police personnel need to have regarding cyber security were discussed. It was indicated that the current laws which enable police to handle the cases of cyber-crime still have some loopholes and police come across some situation where it has no answer to the questions.
10
Shri Vishwa Jha, National Head, Govt. & Defence, Cyberoam Technologies Shri Vishwa Jha started with the current status of India in the global IT playing field. It was stated that since India is embracing a great change with IT, securing this change is a shared onus. The need of government – industry collaboration was emphasized. It was highlighted how India is taking unprecedented leaps in governance with IT stating the ongoing Mission Mode Projects (MMPs) under The National e-Governance Plan. Further, various products and services of Cyberoam were discussed and how Cyberoam can contribute in combating India’s cyber security challenges.
Shri Shomiron Das Gupta, Founder, NETMONASTERY NSPL Shri Shomiron Das Gupta started with pinpointing the loopholes of the cyber security. The role of application security was highlighted. The audience learnt that cyber-attacks these days are not much on networks or Operating Systems but more on applications. India makes about 78% of the applications worldwide so if more skilled people are associated with application development, this problem can be diminished. It was further accentuated that there should be a measurable indicator of cyber security so that one can identify how secure the system is.
Shri Siddhartha Rao, VP & Global Head, Product Security Response, SAP AG Shri Siddhartha Rao emphasized more on the topic of industrial cyber espionage. It was stated that it’s not only defence organizations whose data is pilfered but the corporate sector too. An example of Coca Cola where their data relating to a merger and acquisition was pilfered was shared. Further, the different ways to safeguard the interests of India Inc. were put forward.
Concluding Remarks by Dr. Gulshan Rai, Session Moderator It was summarized that most of the applications being used are not security tested which has been the main loophole in most of the systems having cyber security issues. It was also suggested that the issue of sovereignty should also be sought out relating with the issue of cyber security.
Q & A Session Smt. Neeta Shah, Director, GIL asked Shri Shomiron Das Gupta about how application testing need to be done and what frequency is appropriate? Answer: Shri Shomiron Das Gupta replied that core testing need to be done apart from penetration testing and doing it once a year is perfectly fine or whenever a new patch is coded to the application.
11
Technical Session II: Safe & Secure ICT Infrastructure: Independent & Collaborative Approaches
Panellists
Name Organization Designation
Shri K.R. Gururaja Rao
(Session Moderator)
Gujarat Informatics Ltd. Chairman cum Managing Director
Smt. Anjana Choudhary National Informatics Center, Government of India
Deputy Director General & Head, Cyber Security
Shri Brijesh Datta Bharti Airtel Ltd. Head, Information Security
Mr. Saket Modi Lucideus Tech CEO
Shri K.R. Gururaja Rao, Chairman cum MD, Gujarat Informatics Ltd. (Session Moderator) Shri K.R. Gururaja Rao started with a quote “Vigilance is the price of Independence” so similarly, vigilance is also the price for privacy and security of the data and the services being delivered. Further,
12
the Norton Cyber Crime Report 2011 according to which 80% of the Indian Internet users have been the victim of cyber-attacks unknowingly was highlighted.
Smt. Anjana Choudhary, Deputy Director General & Head, Cyber Security, National Informatics Center, Government of India Smt Anjana Choudhary emphasized that the key in improving the cyber security is to strengthen the broader cyber ecosystem that enables rapid information sharing across the stakeholders, enhances public private partnerships and provides sufficient investment to address current and emerging threats. It was proposed that the IT-enabled state of the art tracking system to enhance real time information sharing between various agencies should be formed. It was concluded that to advance the goal of safe and secure ICT, the government, the private sector and the Individual citizens need to expand their ways to work together.
Shri Brijesh Datta, Head, Information Security, Bharti Airtel Ltd. Shri Brijesh Datta started with explaining different terms and their meanings related to cyber attacks i.e. cyber war, cyber-crime, hacktivism, cyber espionage etc. Ways to counter the different attacks were discussed. It was stated that as the technology is improving, the ways to hack systems are also improving. It was highlighted that building capabilities and collaboration are the means to go safe. It was suggested that it is important to encrypt the critical data and carry out masking of critical components and if someone wants to spend some more then Digital Rights Management System is also a good solution to make the data safe.
Mr. Saket Modi, CEO, Lucideus Mr Saket Modi put forward that the very problem rests in the fact that information security has not been imbibed into the culture of our society as everybody uses internet but nobody is taught how to use it. A live demonstration on how issue of cyber security can affect a common man was given. It was an eye opening demonstration wherein it was showed how vulnerable are the mobile phones of common people.
13
Way Forward
Quantification of the term cyber security is necessary in today’s world. All the stakeholders comprising of Government, private and public should join hands for this intiative.
Information Security needs to be imbibed into the culture of our society & therefore more awareness programs should be orgainised.
Building capabilities and collaboration are the means to go safe
More number of skilled people are needed to represent the domain of cyber security
Whenever any new patch is coded to the application, its core testing apart from the penetration testing needs to be done
Encryption of the critical data and masking of critical components is necessary. For further security the solution like Digital Rights Management System (DRMS) should be implemented