Review of national cyber security policy 2013 by chintan pathak

Review of

National

Cyber

Security

Policy 2013 By

Chintan T. PathakLL.M,PGDIT,PGDTM,B.Com,DCL

Research Scholar

At

Veer Narmad South Gujarat University

1Review of National Cyber Security

Policy 2013 Chintan T. Pathak

The Internet has become the first

computing platform: Standalone apps ---Web Based ---Cloud Computing

Some most frequently used Computer Applications:

Emailing, Texting

Gaming

Search Engines

Amazon, ebay

Word Processors

Wikipedia, Google maps

Drop Box, Google Drive, Sky drive

Web Browsers

Review of National Cyber Security Policy 2013

Chintan T. Pathak

2

How Much Data are on the Internet?

The big four online storage & service companies

(Google, Microsoft, Amazon & facebook) have got

1200 petabytes( or 1.2 million terabytes)

(http://sceincefocus.com/qa/how-many-terabytes-

data-are-internet)

Facebook process more than 500TB of data daily

(http://news.cnet.com/)


Chintan T. Pathak

3

http://sceincefocus.com/qa/how-many-terabytes-data-are-internet

Why Cyber Security is an issue?

New Technology may bring new vulnerabilities

Large data on Internet (1.2 million terabytes)

Evolving tactics by attackers

Automation has made attackers more profitable

Attack techniques propagation is now more rapid &easier.

Action at a distance is now possible

Wireless networking

Mobile computing


Chintan T. Pathak

4

What is cyber security?

Cyber security standards are security standards which enableorganizations to practice safe security techniques tominimize the number of successful cyber security attacks.

Cyber security refers to the technologies and processesdesigned to protect computers, networks and data fromunauthorized access, vulnerabilities and attacks delivered viathe Internet by cyber criminals.

Though, cyber security is important for network, data andapplication security.


Chintan T. Pathak

5

What is…?

Communication security-protecting organization

communication media , technology , and content.

Network security-is the protection of networking

components, connection and content.

Information security-protection of information and its

critical elements , including the systems and hardware

that use , store or transmit that information.


Chintan T. Pathak

6

Cyber Security – India Perspective

Review of National Cyber Security Policy

2013 Chintan T. Pathak

7

Cyber Security – India Perspective

Spam in India:

Spam originating in India accounted for one

percent of all spam originating in the top 25 spam

producing countries making India the eighteenth

ranked country worldwide for originating spam.

A high percentage of email originating in India

constituted spam. Of the messages originating in

India 76 percent were considered spam.

(www.cert-india.com)4


Chintan T. Pathak

8

Cyber Security – India PerspectiveThreats to Confidential Information


Chintan T. Pathak

9

Cyber Security – Global Trend


Chintan T. Pathak

Recent studies reveal three major findings:

Growing threat to national security - web espionage becomes increasingly

advanced, moving from curiosity to well-funded and well-organized operations

aimed at not only financial, but also political or technical gain

Increasing threat to online services – affecting individuals and industry

because of growth of sophistication of attack techniques

Emergence of a sophisticated market for software flaws – that can be used to

carry out espionage and attacks on Govt. and Critical information

infrastructure. Findings indicate a blurred line between legal and illegal sales

of software vulnerabilities.

10

National Cyber Security Policy 2013Need of Today & Necessity for Tomorrow

Review of National Cyber Security Policy 2013 Chintan

T. Pathak

Preamble:

“..This policy, therefore, aims to create a cyber security framework,

which leads to specific actions and programmes to enhance the security

posture of country’s cyberspace..”

Vision:

Build a secure & resilient cyberspace for Citizen, Business &

Government.

11



Chintan T. Pathak

Mission:

1. To Protect information & information infrastructure

2. Build capability to:

- Prevent and Respond to Cyber threats.

3. Reduce vulnerability

4. Minimise damage from cyber incidents through – Institutional

Structure, People,

5. Process & Technology.

12


Key Highlights of the Policy:

Policy aims at creating a national level nodal agency that will co-ordinate all matters related to cyber security in the country.

It will encourage organizations to develop their own security policies as per international best practices.

The policy will ensure that all organizations earmark a specific budget to implement their security policies and initiatives.

Policy plans to offer various schemes and incentives to ensure that proactive actions are taken for security compliance.

To create an assurance framework, policy will create conformity assessment and certification of compliance to cyber security best practices, standards and guidelines.


Chintan T. Pathak

13



Policy aims at encouraging open standards that facilitate interoperability and data exchange among different IT products and services.

A legal framework will be created to address cyber security challenges arising out of technological developments in cyber space.

The policy also plans to enforce a periodic audit and evaluation of adequacy and effectiveness of security of Information infrastructure in India.

The policy will create mechanisms to get early warnings in case of security threats, vulnerability management and response to the security threats thereof


Chintan T. Pathak

14



A 24X7 operational national level computer emergency response team (CERT-in) will function as an umbrella organization that will handle all communication and coordination in deal with cyber crisis situations.

To secure e-governance services, policy will take various steps like encouraging wider usage of Public Key Infrastructure (PKI) standards in communications and engagement of expert security professionals / organizations to assist in e-governance.

The policy will encourage and mandate use of tested, validated and certified IT products in all sensitive security areas

The policy also plans to undertake and invest in various R&D programs in area of national cyber security


Chintan T. Pathak

15


Issues not to be addressed satisfactory in Policy:

Cloud Computing

Citizen Privacy

Governance of Social Media

Policy is silent for data collection, handling ,storage and transmission

methods

Policy is also silent about how it balancing citizen liberty and security

of nation.


Chintan T. Pathak

16


Conclusion:

The key to success of this policy lies in its effective implementation.

The much talked about public-private partnership in this policy, if

implemented in true spirit, will go a long way in creating solutions to

the ever-changing threat landscape.

Indigenous development of cyber security solutions as enumerated in

the policy is laudable but these solutions may not completely tide over

the supply chain risks and would also require building testing

infrastructure and facilities of global standards for evaluation.


Chintan T. Pathak

17


Conclusion:

The provisions to take care security risks emanating due to use of new

technologies e.g. Cloud Computing, has not been addressed.

Another area which is left untouched by this policy is tackling the

risks arising due to increased use of social networking sites by

criminals and anti-national elements.

There is also a need to incorporate cyber crime tracking, cyber

forensic capacity building and creation of a platform for sharing and

analysis of information between public and private sectors on

continuous basis.


Chintan T. Pathak

18


Suggestions:

Social economic political and technological background should betaken into account while finalizing this policy.

As India is a developing country hence it should be considered not incontinuum with developed world while finalization of this policy.

Short and long term consistent realistic objectives should be there inthe policy.

Fundamental root issues should be addressed in order to be able tosustain secondary issues.

Policy should consider available resources and their budgeting tosupport the short and long term objective.


Chintan T. Pathak

19


Suggestions:

Policy should not be static in nature. So as to be tuned to the changing

needs. There must be a provision for a constant review in order to

improve the policy and remove the impediments if any.


Chintan T. Pathak

20

Thank You

“ In Security matters, there is nothing like

absolute Security”


Chintan T. Pathak

21