Cyber security policy of India

Cyber terrorism is the convergence of terrorism and cyber space. Any attack which hampers
the normal functioning of the infrastructure.
Generally critical infrastructure is targeted. Situation creates panic, denial of service, loss of
financial and personal data.
Some tactics used:
1. Hacking: most popular method used.
Any kind of unauthorized access to a computer (sniffing, packet analyser)
2. Trojan
3. Computer Viruses. (A computer virus attaches itself to a program or file enabling it to
spread from one computer to another, leaving infections as it travels)
4. Computer Worms (Worms spread from computer to computer, but unlike a virus, it has the
capability to travel without any human action. Capacity to replicate in system)
5. Cryptology. Terrorists have started using encryption, high frequency encrypted voice/data
links etc. It is tough to intercept and identify.

IMAGINE a situation when in a cyber war suddenly:

Telephone NWs Collapse

Satellites out of Control
Oil Refineries
Collapse of Financial Services
SCADA Systems Controlling Power Grids Collapse
(http://en.wikipedia.org/wiki/SCADA)
Collapse of Health and Civic Services
AIR TRAFFIC CONTROLL Management Collapses
Defence Forces
Railway Traffic Control Collapses
Chemical Plants

Problem is: There would be no responsibility. These attacks will appear to have come from all
over the globe as also servers within the country. There would be nobody who could be
definitely identified.
FOR more: http://www.idsa.in/system/files/book_indiacybersecurity.pdf

Some steps/agencies created by government to protect IT infra.

National Informatics Centre (NIC).

Provide network backbone
Manages IT services, E -GOV initiatives to central and state governments.

Indian Computer Emergency Response Team (Cert-In).

Cert-In is the most important constituent: aimed at security incident prevention and
response and security assurance.
14000 Indian sites and 250 around gov sites were hacked (cert in reported)

National Information Security Assurance Programme (NISAP).

For Government and critical infrastructures

Government and critical infrastructures should have a security policy

Essential to implement security control and report security breach
To cert-In
Cert-In will have auditor panel to inquire about security; third party audit too.

Indo-US Cyber Security Forum (IUSCSF).

Formation of India Information Sharing and Analysis Centre (ISAC) for anti hacking.
India Anti Bot Alliance to raise awareness about cyberspace (CII)
India's Standardization Testing and Quality Certification (STQC) and the US National
Institute of Standards and Technology (NIST) will join hands in matter.
WHAT ARE THE PROBLEMS WE FACE

LACK OF AWARENESS
AGE OLD CYBER LAWS
NO TRAINED MANPOWER DESPITE OF IT HUB
DEARTH OF CYBER SECURITY EXPERTS
POLICY RELATED TO THE EMAIL ACCOUNTS OF SERVING PERSONNELS

NEW CYBER POLICY IN BRIEF 2013

1. To build secure and resilient cyber space

 Creating a secure cyber ecosystem, generate trust in IT transactions

24*7 NATIONAL CRITICAL INFORMATION INFRASCTRUCTURE
PROTECTION CENTER (NCIIPC)
Indigenous technological solutions (Chinese products and reliance on foreign
software)
Testing of ICT products and certifying them. Validated products
Creating workforce of 500,000 professionals in the field
FISCAL Benefits for businessman who accepts standard IT PRACTICES
FOR MORE: http://deity.gov.in/sites/upload_files/dit/files/National%20Cyber
%20Security%20Policy%20(1).pdf

Department of Electronics and IT will be the nodal ministry, other stakeholders like
Ministry of Defence, National Technical Research Organisation (NTRO) Defence
Research and Development Organisation (DRDO) will also play major roles in
implementing this policy.
A national cyber coordination centre will be coming up soon.
KEY words:
CERT-IN
CYBER SPACE
ICT
NCIIPC
IUSCF
NIST
NISAP
ISAC
SCADA

From:
MAHARSHI RAVAL

SUGGESTED
READINGS:
Phishing
Pharming
Spoofing
PRISMUS gov program and
outrage
Cyber security and
mobile banking