Professional Documents
Culture Documents
Cyber Security - Indian Perspective
Cyber Security - Indian Perspective
A PRESENTATION BY
R. M. JOHRI
PRINCIPAL DIRECTOR
(INFORMATION SYSTEMS)
OFFICE OF CAG OF INDIA
Quotable Quotes
The only system which is truly secure is one which is switched off
Technology trends
Increasing complexity of IT systems and networks will mount
High
Stealth Diagnostics
Sniffers
Sweepers
Back Doors
Exploiting Known
Vulnerabilities
Hijacking
Sessions
Disabling
Audits
Sophistication of
Hacker
Tools
Password
Cracking
Self Replicating Code
Password Guessing
Technical
Knowledge
Required
Low
1980
1990
2006
01 Dec 2007
US in
Estonia in April 2007
Computer systems of German Chancellery and three Ministries
E-mail accounts at National Informatics Centre, India
Highly classified Govt. computer networks in New Zealand & Australia
The software used to carry out these attacks indicate that they were clearly designed & tested with much greater
and coordination in using the botnets was totally new. National networks with less sophistication in monitoring and
defense capabilities could face serious problems to National security.
There are signs that intelligence agencies around the world are constantly
probing others networks and developing new ways to gather intelligence
There is a new level of complexity in malware not seen before. These are more resilient, are modified over
and over again and contain highly sophisticated functionality such as encryption (Ex. Nuwar also known
as Zhelatin and Storm worm with a new variant appearing almost daily)
As a trend we will see an increase in threats that hijack PCs with bots. Another challenging trend is the
Given the exponential growth in social networking sites, social engineering may
shortly become the easiest & quickest way to commit ID theft
it you. Malware is being custom written to target specific companies and agencies.
Computer skills are no longer necessary to execute cyber crime. On the flip side malware writers today
need not commit crimes themselves. People can subscribe to the tools that can keep them updated with
latest vulnerabilities and even test themselves against security solutions (Ex. MPACK pr Pinch include
support service).
The black market for stolen data (Ex. Credit cards, e-mails, skype accounts etc) is now well established
WMF (windows meta file) exploit was sold for $ 4000 USD.
Competition is so intense among cyber criminals that customer service has now become a specific selling point
Future Trends
Trends suggest an increase in safe havens for cyber criminals and
hence the need for International cooperation arrangements.
It is an inevitable that some countries will become safe havens for
Future Trends
We may see industry sector codes of practice demanding
sites.
46+ million social network users.
400 million mobile users had subscribed to data packages
awareness.
Security R&D for securing the Infrastructure, meeting the
domain specific needs and enabling technologies.
Security Promotion & Publicity.
Other issues:
Back Up and Recovery There should be a policy in
existence to ensure that regular back up of the critical data are
taken and kept on-site and off-site to ensure its availability
whenever required.
Outsourcing - Risks related to integrity, availability and
confidentiality of data need to be addressed
Change Management controls Only authorised and
approved changes are made and proper documentation exists
for each area of the system to support future modifications.
System Security Issues
Data Migration Issues
Survival
It
Q &A
Thank You