SYmbiosis any economy’s critical infrastructure.”Not only that, increasingly

SYmbiosis Centre
For Information Technology

First
Progress Report

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

A
study on critical infrastructure and cyber warfare : An Indian perspective

 

Aniket Burande – 16030241158

12/24/2017

 
 

MBA-ITBM Batch 16-18

 

 

Table of Contents
Chapter I. 3
1. Title: 3
2. Introduction: 3
3. Scope: 4
4. Objective: 4
5. Methodology: 4
Chapter II. 5
1. Review of literature: 5
a) Cyber warfare and
Critical Infrastructure: 5
b) India’s need for
Critical Infrastructure Protection. 6
c) Indian Government
Initiatives to protect its Critical Infrastructure: 7
d)  Scope for improvements in critical
infrastructure in cyber space: 8
Bibliography. 10
 

 

Chapter I
 
1. Title: A
study on critical infrastructure and cyber warfare: An Indian perspective

2. Introduction:

 

The Internet has not only become
the preferred medium of communication, internally and with the external world,
for all businesses or nations but also is now the pillar of any economy’s
critical infrastructure.”Not
only that, increasingly critical data, business-sensitive information and
personal information is being shared online as well as stored in a virtual
environment on the cloud. In this virtual environment, a targeted cyber attack
can be aimed at causing communication shutdown, stealing confidential data and
intellectual property, and even sabotaging the companywide intranet by the
motive of simply causing damage to the reputation of the organization or nation
or just with the motive of stealing confidential data. ”

Cyber-attacks by hostile”organizations, nations
and criminals are on the rise, along with increase in cases of threat to
governments, businesses and individuals by attempting to extract technical,
financial, and national security information.”This was quoted by Gulshan Rai, Director
General, Government of India, and Department of IT. We are much aware that
cyber attacks possess unique challenges as most of the times it becomes
impossible to detect the exact origin of attackers. It can be because of
hijacked systems, using proxies or by simply using a stealth attack such as an
APT. This becomes the first challenge. The second challenge is that in a matter
of couple hours, the cyber attack can spread across boundaries, countries as
well as continents causing huge damage with respect to technical, financial and
critical infrastructure of an economy. Third challenge is that cyber attacks
mostly do not require any expensive arms, technology or manpower. All it
requires is hacking skills, systems and internet to create a large-scale havoc.

Cyber security has evolved as a
critical matter of national security to any nation’s critical infrastructure. As
far as Indian perspective is concerned,”our inability to act can put at jeopardy the national”lifelines-telecommunication,
power, public health, banking, aviation, and even people’s lifetime savings
like”pension funds.
Further, with the government’s increased focus on e-governance and moving
public services delivery like passport, driving license, birth certificates,
aadhar card, etc. online, the cyber infrastructure is evolving to be as crucial
as, if not more than, physical infrastructure. And, protecting the cyber
infrastructure therefore, has become as much of a national priority. Even
though it may sound like a Prophet-of-Doom’ statement, the destruction wrecked by this looming cyber
war can easily dwarf anything that conventional warfare can achieve. ”

As per the dissertation topic, research
shall be conducted on the recent cyber warfare trends that have the objectives
of disrupting any economy. The research shall also be conducted on Indian
government’s initiatives taken so far to prevent the disruption of India’s
critical infrastructure. To tackle against emerging cyber warfare, research is
been carried out to understand the readiness of India as a nation to defend its
own critical infrastructure.

 

3. Scope:

 

The scope of this dissertation topic
is as follows:

a)     
All the cyber warfare tactics

b)     
All Indian governments’ initiatives, acts,
policies to defend against cyber warfare

c)     
All other initiatives, acts, policies to defend
critical infrastructure against cyber warfare

d)    
All the domains that fall under critical
infrastructure.

 

4. Objective:

 

In this case, to find out how
much India is ready to defend its own critical infrastructure against such
cyber warfare is the main objective of the research topic. The main objective
can be sub divided into following categories:

a)     
To find out the impact of cyber warfare tactics
on India’s critical infrastructure

b)     
To find out the efficiency of Indian
government’s initiatives for strengthening India’s critical infrastructure
against warfare.

c)     
To find out gaps in the current security of
critical infrastructure and recommend solutions for future scope to defend
against cyber warfare.

 

5. Methodology:

 

The methodology used here for the
research shall be an exploratory one where various perspectives of the topic
shall be deep dived into where the scope shall be widened in the initial phase.
On the basis of research, a questionnaire shall be formed that can be used to
obtain inputs from technical and government experts. The methodology used to
obtain those inputs shall be personal interviews. In this way, the readiness of
India as a nation can be assessed by formulating right type of questionnaire.

 

Chapter II

1. Review of literature:

a) Cyber warfare and Critical Infrastructure:

 

As mentioned in Techtarget
Network, Cyber warfare 1
is a”computer or
network-based conflict involving politically motivated attacks by a nation-state
on another nation-state. In these types of attacks, nation-state actors attempt
to disrupt the activities of organizations or nation-states, especially for
strategic or military purposes and cyber espionage. ”

It is rightly defined by
Government of Canada that, Critical infrastructure 2
refers to”processes,
systems, facilities, technologies, networks, assets and services essential to
the health, safety, security or economic well-being of Canadians and the
effective functioning of government. Critical infrastructure can be stand-alone
or interconnected and interdependent within and across provinces, territories
and national borders. Disruptions of critical infrastructure could result in
catastrophic loss of life, adverse economic effects and significant harm to
public confidence.”Enhancing
the resilience of critical infrastructure can be achieved through the
appropriate combination of security measures to address intentional and
accidental incidents; business continuity practices to”deal with disruptions and ensure the
continuation of essential services; and emergency management planning to ensure
adequate response procedures are in place to deal with unforeseen disruptions
and natural disasters.””

As stated by Rajabahadur Arcot, Cyber
security 3 has now been
regarded as one of our nation’s top concerns, as any nation’s critical
infrastructure is vulnerable to motivated groups/individuals to disrupt
critical ser­vices and attack any one of our 16 critical infrastructures which
could do the damage from major economic disruption to massive physical destruc­tion
is becoming more difficult to defend against. Another concern on our nation’s
Department of Defence and military assets is cyber attacks as they could
disrupt or disable our military command and control systems, communications, and
intelligence which could in turn jeopardize our national security. The threat
of cyber warfare is on a constant rise and therefore it is time to take
immediate measures.

The book Cyber Security- Critical
Infrastructure 4
addresses these issues by understanding the certain refer­ence points in the
development of the computer industry and, in particular, the dark side, which
has seen the development of worms, viruses, Trojans, and a threat landscape
that has created the need for an emerging, field of cybersecurity. The concern
for protecting India’s critical infrastructure is therefore the right concern. The
protection of national security issues requires a vigilant cyber intel­ligence
capability not only to address cyber conflicts but more importantly to be able
to prevent or defend against cyber warfare. This book suggests that the
discussion of cyberspace, cyber warfare is important to understand the analyze
the impact of cyber warfare and therefore to defend it. Therefore, the use of
cyber weapons in order to defend any nation’s critical infrastructure is an
area in need of both analysis and fur­ther research.

The nation-state cyber conflicts
and the Tallinn Manual on International Law and cyber warfare has been another
emerging world­wide issue that continues to grow that is necessary necessity for
guideline developments. Also, the cost of cybersecurity has also been a growing
burden on the community as a whole. Therefore, this book also present the
results of various important industry-based economic studies of security
breaches that have occurred in past and also provide a global perspective for
comparative purposes. The latest emergence of cybersecurity insurance plans and
programs from the insurance community is another sign of the growing
cybersecurity concerns and economic costs involved in it. Also, the challenges
of well known cybersecurity models are being probed in terms of the audit and
compliance model as being reactive, when the need for more proactive
cybersecurity strategies is being explored for wider application. Specifically,
additional research in the field of cybersecurity needs to tackle these transfor­mational
challenges and absorb these challenges in the most positive manner possible.

 

b) India’s need for Critical Infrastructure
Protection

 

Cyber security is an important
domain from the warfare, law and privacy point of view. The flip side of the
freedom of the internet is that there are very few rules to prevent wrong
doings or get access to dark things in internet world. At the cost of cyber
warfare, nations do attack each other to steal sensitive or confidential information,
and criminals manipulate customers into giving them financial information. This
extract from the internet, The Hans India – An overview of cyber security
policy in India 5 shows the impact
that hacking can have:

·        
A large number of Indians are going digital and
doing financial transactions online, and hacking incidents like Petya and other
ransom ware attacks expose the country’s cyber security vulnerabilities

·        
Also, there has been a surge of about 350% of
cybercrime cases registered under the Information Technology (IT) Act, 2000
from the year of 2011 to 2014

·        
Another trend is the increasing no. of attacks
designed for mobiles and online banking. 6

The cyber security challenges in India would keep
on increasing in the future as India has adopted the Digital India initiative.
This implies that India should always be prepared for any cyber warfare attack
and make sure that its critical infrastructure should be protected. As per the
website, National Cyber Security Policy (NCSP), 5 is an affirmative
step in the right direction. Such policies should be used that shall integrate
the ongoing and also the new activities, programs under an umbrella framework
with a cohesive vision. However, it must be implemented with the spirit to
build a secure and a resilient cyberspace for citizens, business and
government. Protection
of Critical Information Infrastructure (CII) is of paramount concern to
governments worldwide. To achieve this, it is essential to ensure that relevant
security mechanisms are built into Critical Information Infrastructure as key
design features.

c) Indian Government Initiatives to protect its
Critical Infrastructure:

 

There exist groups with excellent
degree of computer hacking skills, sophistication, and resources. These groups
or individuals include even state actors or other groups acting on behalf of
non-state actors.”The
canvas is so wide that it has become extremely difficult to imagine the scope of
upcoming cyber-attacks in order to prepare a defensive mechanism against them.
When it comes to facing cyber threats, India has the potential to be highly
vulnerable because of its geo-political reasons.”Except for the information that the Stuxnet
malware infected a large number of installations in India and that the
government has authorized”
‘National Critical Information Infrastructure Protection Centre’ (NCIIPC) to
take all necessary measures to facilitate safe, secure, and resilient
Information Infrastructure for Critical Sectors in the country no other
information is available in the public domain.””

Following
rising instances of”
cyber-attack episodes, lately, the Indian government has become more serious
about securing the country’s cyber space and formulated the National Cyber
Security Policy (NSCP) of India in July 2013. The following are the key
measures mooted in the policy:”

 

       
i.           
Indian government has successfully set up a 24×7
National Critical Information Infrastructure Protection Centre (NCIIPC) for
protecting critical infrastructure. NCIIPC is”under of National Technical Research Organization
(NTRO). 3

 

     
ii.           
The”government
of India’s Inter Departmental Information Security Task Force (ISTF) has set up
Indian Computer Emergency Response
Team (CERT-In) to respond to the cyber security incidents and”take steps to prevent
recurrence of the same.”

 

   
iii.           
The imposition and enforcement of acts like Indian
IT Act, 2000, Indian Copyright Act, Indian Penal Code and Indian Contract Act,
1872

 

   
iv.           
Forming of Cyber Swachhta Kendra that is
responsible for malware and bot detection and removal.

 

     
v.           
Indian government has proposed formation of National
Cyber Crime Coordination Centre in India (NCCC) and National Cyber Security
Agency (NCSA). 7

 

   
vi.           
Forming of International Initiatives
Collaboration  and Ground Zero Summit,
2015 organized by Indian Infosec Consortium

 

  vii.           
Other Government measures includes Information
Security and Awareness Projects such as introduction of information security
curriculum at B.Tech. and M. Tech. levels, PhD programme for research, Exchange
with CMU and other institutes, train system administrators through diploma and
certificate courses.

 

viii.           
Continuous media briefing around security and
privacy that includes cyber safety Weeks for conducting mass awareness campaign
for promoting information security among end-users

 

   
ix.           
National Skills Registry 8 is a database of pre-verified resumes of all the
employees working in IT sector or even associated with IT operations. National
skills registry possess the data ownership with IT Professional and exercises
finger print for unique identification. NSR is operated by NSDL, which is a
capable database company and has  a web
based secure interface. 9

 

     
x.           
Data
Security Council of India is a self regulated organization formed by industry
best standards that help in acquiring greater knowledge of data privacy and
security standards.”DSCI
possesses better understanding of the commercial issues involved in cyber
security. DSCI has”adopted
the best global practices and draws on the experience in other countries at different
variants for different verticals.”This
helps in increasing the maturity levels.”10

 

d)  Scope for
improvements in critical infrastructure in cyber space:

 

    
i.       
Most of the time it is frustrating to find that
even the website of its Indian counterpart (CERT-In) is not accessible. The
website should be made more accessible and user friendly.

 

   
ii.       
More”proactive measures such as organizing seminars and
training workshops, involving the academia in starting appropriate courses,
initiating a”dialogue
with the information technology companies and seeking their involvement in
software testing are needed to prepare the country for future”eventualities.

 

  iii.       
Creating awareness “among the critical infrastructure
industries so that they are future ready for such contingencies is critically
important.”In my
humble opinion, self-reliance is the way forward while fully collaborating with
all the global initiatives. Based on the success achieved in space and nuclear
technologies thanks to domestic institutions such as”Indian Space Research Organization and
Bhabha”Atomic
Research Centre, it is time for the policy makers to initiate appropriate
measures. ”

 

  iv.       
Securing”e-evidence for criminal justice purposes is particularly
challenging in the context of cloud computing where data is distributed over
different services, providers, locations and often jurisdictions, and where
mutual legal assistance is often not feasible. These”challenges are currently being addressed by
the Cybercrime Convention Committee at the Council of Europe representing the
Parties to the Budapest Convention on Cybercrime. Solutions to enable criminal
justice access to evidence in the cloud are a priority of this Committee. While
India is confronted with the very same challenges, India is not participating
in this work,”is
not sharing its experience and is not shaping future international solutions as
it has not yet decided to join this treaty.”With regard to “cyber” as a matter of state-to-state
relations and international security, the work of the UN Group of Governmental
Experts seems to be the most promising avenue at present. With regard to
cybercrime and electronic evidence as a matter of criminal justice, the
Budapest Convention on Cybercrime is in place and functioning. So far, general
foreign policy considerations may have prevented accession to the Budapest
Convention by India. Given the surge in cybercrime and the vision of a “Digital
India” it may be time for the Government of India to reconsider the benefits of
joining this treaty. ”

 

  
v.       
Introducing “cyber
security super specialization:”India
is renowned the world over for its top-tier technology institutes, which have
regularly”contributed
innovators, entrepreneurs and business managers over the years. A focus on
building such a talent pool in the domain of cyber security is the need of the
hour. A good start would be to introduce various short-term, long-term,”certification and
advanced”learning
programs at the graduation and post-graduation level in cyber security as a
super specialization.

 

  vi.       
Training netizens in cyber security skills:”Although, India has tens
of millions of Internet users, the level of awareness is very low when it comes
to protecting/sharing confidential information online,”conducting safe e-commerce transactions,” and maintaining
passwords, email accounts etc.”A
large majority of Internet users, including even those” with post-graduate qualification, are not
aware of basic security guidelines to follow, when online. ”

 

vii.       
Consequently, “each individual PC, laptop or Smartphone is
a gateway through which a cyber-attack can be launched,”e.g. a virus, eventually spreading through
and sabotaging a wide network. Therefore, it becomes essential to create a cyber
security literacy framework through ongoing campaigns, with active participation
of all key stakeholders”e.g.
social media sites, banking and financial service providers, and e-commerce businesses.

 

 

 

 

 

 

 

Bibliography

1

Techtarget Network,
“Search Security,” September 2017. Online. Available:
http://searchsecurity.techtarget.com/definition/cyberwarfare. Accessed 19
November 2017.

2

Government of
Canda, “Public Safety Canada,” 04 July 2017. Online. Available:
https://www.publicsafety.gc.ca/cnt/ntnl-scrt/crtcl-nfrstrctr/index-en.aspx.
Accessed 19 November 2017.

3

R. Arcot, Is
India prepared to protect its critical infrastructure assets from cyber
threats?, 2013.

4

T. A. Johnson,
“Cyber security – Critical Infrastructre,” in Cyber Security –
Protecting Critical Infrastructre from cyber attack and cyber warfare,
Missouri, USA, CRC Press, 2015, p. 346.

5

G. R. Kumar, “An overview
of cyber security policy in India,” The Hans India, 09 December 2016.
Online. Available:
http://www.thehansindia.com/posts/index/Civil-Services/2016-12-09/An-overview-on-cyber-security-policy-in-India/267807.
Accessed 23 December 2017.

6

V. Reddy, “Cyber
security and challenges,” 14 June 2017. Online. Available:
http://www.thehansindia.com/posts/index/Hans/2017-06-14/Cyber-security-and-challenges/306445.
Accessed 19 November 2017.

7

R. Kumar, “Cyber
Security in India – A skill development perspective,” India Telecom 2013,
Delhi, 2013.

8

N. Saravade, “Cyber
Security Initiatives in India,” NASSCOM, Delhi, 2012.

9

R. Kedia,
“iPleaders,” 17 August 2017. Online. Available:
https://blog.ipleaders.in/cyber-security-initiatives/. Accessed 19 August
2017.

10

Ptlb, “Cyber
security trends,” 2 January 2017. Online. Available:
http://ptlb.in/csrdci/. Accessed 20 November 2017.