Government may rope in private sector to help check cyber threats
December 23, 2012 at 9:10 pm | Posted in Additional business, Applications, The Market | Comments Off on Government may rope in private sector to help check cyber threatsGovernment may rope in private sector to help check cyber threats
DEVESH K. PANDEY
The Union Government plans to rope in the private sector besides other stakeholders to build up necessary capabilities, expertise and infrastructure to put in place a capable set of overlapping institutions with clear mandates and responsibilities to respond to cyber threats faced by the country.
Addressing the first one-day national conference of Chief Information Security Officers (CISOs) of various critical information, government and public sectors like energy, economy and transportation organised by the National Critical Information Infrastructure Protection Centre (NCIIPC) here, National Security Adviser Shivshankar Menon said critical sectors — interdependent physical and cyber-connected assets — were sectors whose incapacitation or destruction would have a debilitating effect on national security, economy, public health and safety.
“Protecting Critical Information Infrastructure (a physical or virtual information system that controls, processes, stores or exchanges electronic information vital to the functioning of critical sectors) will also mean working not just in government but with other stakeholders, particularly the private sector whose networks and assets are integral to our cyber security and whose expertise is essential to this purpose. The NCIIPC is setting up a joint working group under Indian Institute of Science Associate Director N. Balakrishnan with representatives of industry associations to bring out guidelines for protection of CII,” said Mr. Menon, expressing hope that the conference would help formulate legal frameworks, create necessary expertise and suggest practical measures within a clear timeframe to achieve the goal.
Mandated under the Information Technology Act to undertake necessary measures including research and development to protect CII, nodal agency NCIIPC envisages prevention, issuing early warnings, detection, mitigation and response to cyber attacks, focusing simultaneously on resilience and recovery of the systems. At the conference attended by Cabinet Secretary Ajit Seth, National Technical Research Organisation (NTRO) Chairman P.V. Kumar, Senior NTRO Adviser Alhad Apte and Adviser NTRO Dr. M. S. Vijayaraghavan besides over 200 representatives of the stakeholder community, NCIIPC centre director Muktesh Chander apprised the participants of the varied nature of internal and external cyber threats to critical sectors.
“Over 1.9 crore distinct malware have been identified so far…the threats may originate from individuals, disgruntled/former employees, hackers, cyber criminals, mercenaries, hostile States, non-State actors and even terrorist groups. The attacks may result in damage or destruction of CII, disruption of services, loss of sensitive and strategic data and may have cascading effects on several CII (interlinked). According to the Indian Computer Emergency Response Team, 13,000 incidents were handled by it in 2011,” said Mr. Chander, citing examples of cyber attacks that crippled systems in Estonia (2007), Georgia (2008) and Lithuania (2008).
While some of the critical sectors have been identified by NTRO, the NCIIPC now ventures in its five-year plan to identify more such sectors, earmark organisations in terms of criticality, to ascertain whether they are interconnected and, if so, protected, and if not, conduct security audit and recommend required measures. The instant goal is to develop a set of mandatory minimum guideline to be followed to ensure protection of CII.
Apart from issuing periodic alerts, advisories and analysis on attacks, tracking trends and organising training and awareness programmes, the NCIIPC is to set up a 24×7 helpdesk.
It is learnt that such a nodal centre was set up in the U.S. over a decade ago and is also functional in countries like South Korea.
Although many critical sectors have appointed information security officers, officials said the appointments are yet to be made in several others.
Blog at WordPress.com.
Entries and comments feeds.
A research blog 