14-12-2017 Shelley Vishwajeet
As more and more of India, Indians and businesses get connected, country’s cyber risk vulnerability has also increased dramatically to the point that it has become a top national security and business threat. This was the common concern among top cyber security experts gathered here at the 4th International Summit on Cyber Security India, 2017 organized in New Delhi by Bharat Exhibitions with support from Ministry of Electronics & IT, GoI; Indian Computer Emergency Response Team (Cert-in) & COAI.
Experts were unanimous to warn that the country and Indian businesses could be hit by cyber attacks tsunami unless counter measures put in place soon to prevent such a scenario.
A particular worrying aspect according to experts was that despite fair degree of awareness about cyber threats among top stakeholders, the required cyber security apparatus was yet to be put in place which left panelists wondering if India was waiting for a national cyber security crisis to happen to jolt itself out of slumber.
“Are we waiting for the cyber version of Mumbai type of terror attack to happen to really wake us up to grave cyber threats hovering over us,” wondered Dr Muktesh Chander, DGP of Goa and former Centre Director, Cyber Division, NTRO. He expressed these concerns during the inaugural session on “Securing Critical National Infrastructure from Cyber Attacks”.
Low reporting of cyber cases was another worrying area as reporting and investigation are critical to preventing cyber crimes. “Despite over a 1.17 lakh cyber security incidence reported in 2014, the number that actually got reported to police was miniscule. Low reporting remains a big bottleneck in preventing future cyber crimes and enhancing cyber security walls,” pointed out Dr Chander.
Other areas of high concerns remain the non appointment of CSO (Cyber Security Officer) in major government departments or even corporates, lack of uniform standard for cyber monitoring and reporting, absence of ‘Mandatory Breach Disclosure Law” and organizational reluctance to spend adequately on creating a robust cyber security apparatus.
The inaugural session was moderated by Mr Atul Gupta, Partner & Cyber Security Leader, KPMG India who pointed out that cyber security has moved beyond the realm of technology concern to become a business and national security concern. “Cyber threats are no longer a technology issue but a business risk agenda and has indeed become the number one risk to business worldwide,” said Mr Gupta.
“I would like to assure that GSTN is a very secure system as it has followed and embedded major threats mitigating principles that address both internal and external threats. Though, we have used many Open Source software in GST System but only after thorough scrutiny and scanning. The best part is that the core of GST is not directly exposed to the internet and that makes it a very safe and reliable system,” Anand Pande, Senior Vice President & CISO, Goods & Services Tax Network (GSTN)
“Its Zero Day Vulnerability scenario now with hackers community becoming more organized and smarter. With enough tools available now, they can immediately know the vulnerable or weak corners of a deployed system or IT architecture. So the time lag for cyber attacks has reduced. Today we don’t have the time privilege to experiment with a system. Cyber attacks can start within 24 hours of the launch of a system or architecture deployment,” Vikram Mehta, Associate Director, Information Technology, MakeMyTrip.com
Besides Dr. Chander, experts on the panel included Dr Siva Sivasubramanian, Global Chief of Security, Bharti Airtel; Anand Pande, Sr Vice President & CISO, Goods & Services Tax Network; Vikram Mehta, Associate Director, - Information Security, MakeMyTrip.com; Pawas Agrwal, General Manager & CISO, Aircel and Sumit Puri, CIO, Max Healthcare.
Positive aspect is that prevention is possible but it requires a holistic and engaging approach. Top cyber experts and officials from police, defense, telecom and private sector stakeholders were in unison that massive cyber risk awareness campaign and multi-stakeholderism were potent shields against cyber threats which otherwise would have grave disruptive impact on our economy, business and national security.
The technical session focused on “The Cyber Challenges for a New Era” whereby experts urged drafting of ‘Internet Governance Framework” while emphasizing multi-stakeholderism as the most potent shield against cyber threats.
“The mindset that government knows best must be given a go-by. As first line of defense comes from individuals and businesses, multi-stakeholderism has to be norm in devising any robust strategy against cyber threats,” pointed out Dr Subi Chaturvedi, Sr Director, Public Affairs & Communication, COAI.
Technical session was moderated by Anirban Sengupta, Partner, Cyber Security & Privacy, PwC India while expert panel included S. Rajesh Kumar, Tech Lead, Juniper Networks, Asaithambi N., Technology Specialist, Spirent; Badhrinarayanan Srinivasan, Manager, System Engineering, Ixia Technologies; Ravi Vijayvargiya, Sr. Technical Director & HoG, Network Security, National Informatics Centre (NIC), Govt. of India; Dr. Subi Chaturvedi, Sr. Director – Public Affairs & Communication, Cellular Operators Association of India (COAI); Krishna Basudevan, Chief Enterprise Security Architect & Advisor, Kratikal Tech and Col. Inderjeet Singh, Director - Strategic Accounts, Scanpoint Geomatics Ltd.
Conference deliberated upon critical issues such as:
Top Cyber Security Concerns Identified: