Cyber Security - Sanjay Sahay, Additional Director General, Karnataka Police

CYBER SECURITY

Sanjay Sahay

The biggest emerging threat!

How big is this

bubble?

Chronology of Computerization

1994: CCIS

2005: G-CARE

2008: e-Beat

2009: KSP WAN

2010: 'Police IT'

2011: KSP DC

2012: CCTNS

2014: DRC

2015: Private Cloud

NetworkData

Center

Training for 75

System Administ-

rators

Creation of Skilled Internal

Resource pool

Training for End-

Users

Police IT ERP

Gover-nance

Structure

Enforce-ment

Stabiliza-tion

Police-IT Ecosystem Development

Police IT ERP Application

MIS417Reports

64Roles

Core Function-alities

• Crime• Law & Order• Traffic

Admin-istration

• Administration• Finance• Stores

Ancillary support

• Armed Reserve• Motor Transport• Training

Technical Modules

• Wireless• Forensic Science • Laboratory

522Screens

11Modules

Architecture Diagram of KSPWAN

DIGITAL INDIA IS

The transformational enablement of

1. Governance

2. Citizen Services and

3. Ease of business using…

…ICT in the creation of

• digital infrastructure (technological and human), competent enough to enable

• dynamic and

• real time decision making

• and service delivery

• with seamless backend processes and

• creation of databases and its integration at differential levels

catering to all requirements of the nation

DEDICATED CLOUD INFRASTRUCTURE

DIGITAL INDIA

PARAMETERS AND MEASUREMENTS

VISION TO WORKABLE DOCUMENTS

THE WHEREWITHAL

SECTOR WISE

PHASE WISEBLUEPRINT

GAPANALYSIS

BRIDGING

LONG LASTING PUBLIC PRIVATE PARTNERSHIPS

VISIONARY DOCUMENTATION

TRUST

SECURITY

DIGITAL INDIA

IN THE LAST FEW MONTHS..,

• Sony & Anthem attacks

• Chinese breach data of 4 million federal workers

• Obama seeks $14 billion to boost U.S. cybersecurity defenses

• Obama Calls on US Firms to Help Fight Cyberattacks

• Obama signed an executive order laying out a framework for companies to share data about cyber threats with each other and the government

• New agency to sniff out threats in cyberspace - Cyber Threat Intelligence Integration Center

Zero-Day Flaw Found in 'Linux Kernel' leaves Millions

Vulnerable

US Intelligence Chief Hacked by the Teen Who Hacked CIA

Director

602 Gbps! This May Have Been the Largest DDoS Attack in

History

Hacking News

After Paris Attacks, Encrypted

Communication Is Back In Spotlight

"the ISIS geek squad is teaching terrorists how

to use encryption and communication

platforms like Silent Circle, Telegram and

WhatsApp."

A HACKER who claims to have broken into the AOL

account of CIA Director John Brennan says he

obtained access by posing as a Verizon worker to trick another employee into revealing the spy chief’s personal information.

The country which built a Digital Iron Dome, Israel had undergone one of the largest serious cyber attack this year.

This time, the name of Israel is being popped up in the current headlines is for the massive cyber attack which triggered against the Nation's Electrical Power Grid.

Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls

Anyone with "Fortimanager_Access" username and a hashed version of the "FGTAbc11*xy+Qqz27" password string, which is hard coded into the firewall, can login into Fortinet's FortiGate firewall networking equipment

Juniper Firewalls with ScreenOS Backdoored Since 2012

Juniper Networks has announced that it has discovered "unauthorized code"in ScreenOS, the operating system for its NetScreen firewalls

Date back to at least 2012

Allows anyone to decrypt VPN traffic

Ridiculous Bug in Trend Micro Antivirus Allows

Hackers to Steal all Your Passwords

Product that allow hackers to execute arbitrary commands

remotely as well as steal your saved password from Password

Manager built into its AntiVirus program

FORTUNE 500 COMPANIES

97% HAS BEEN HACKED!

“If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.”

-Weinberg's Second Law

LinearVs

Exponential

from pace maker to nuclear

power plants

from text documents to the hybrid cloud

Internet of things!

Global Information GridA very vulnerable one!

DATAis at the center of our universe

Resilience

What the System Ought to Provide

Curiosity

Monetary Gain

National Security

Espionage,Political Activism

The sophistication of cyber threats, attackers and motives is rapidly escalating.

Motive

1995 – 20051st Decade of the Commercial Internet

Revenge

Script-kiddies or hackers using tools, web-based “how-to’s”

Insiders, using inside information

Organized Crime, Hackers and Crackers using sophisticated tools

Competitors, Hacktivists

Nation-state Actors; Targeted Attacks / Advanced Persistent Threat

2005 – 20152nd Decade of the Commercial Internet

Adversary

*X-Force Research - 2013

March 10, 2016 26

WORLD AT CROSSROADS…Internal Security

External

Security

Counter

Terrorism

Rogue States

Cyber War

Money

Laundering

Underworld

Underground

Economy

Naxalism

Data Brokers

Hacktivists

WORLD AT CROSSROADS…

And the IT companies themselves!!!

Privacy has no meaning

More data, more money!

Everything for a price

Access Control Policy

Access Control Policy

Ubiquitous Surveillance Military - Internet Complex

“The corrupt fear us. The honest support us. The heroic join us.”

I

S

I

S

V

S

The Malware Story Criminals & Virus writers outinnovating and

outmaneuvering the anti-virus industry

First information

Detection rate

“time – to – detection rate”

“out of their leagues in their own game”

Precision is the key

Outstanding Coding and Testing

Absolute Game Changer

One of its kind

Who will take a call?

Zero Dayat the heart of it all

Asymmetric Warfare – A new form

2009 Iraq-$45 billion drone and satellite surveillance system

Skygrabber-$25.95

The costing

Cloud The most happening place

How secure are we?Sanjay Sahay

CLOUD COMPUTING

Results of IDC survey ranks Security 74.6% as the biggest challenge

WEAKEST LINK

the human factor

Where should you start?These three controls can help you address the top vulnerabilities

and begin to reduce risk.

Build a

risk-aware

culture

Protect the

network &

end-points

Automate security

hygiene & manage

incidents with

intelligence

The Dark Net, The Secret Web, The Digital Underground, The Invisible Internet

The Internet provides a delivery system for the pathological states of mind

Blatant

Is there a desire to control?

Is there a mechanism in place?

Crime Inc.

Crime as a service!Payment mechanism in place!

Information Sharing!

Data Brokers

UNDERGROUND ONLINE MARKETS

What we buy?

What we use?

What we know?

The Issues The hardware The software Networking Data Center Human Resources Standards Uniformity Audit

Cyber Security Public Private Partnership

NSA CIA FBI Homeland Security Booz Allen Hamilton Lockheed Martin Fire Eye, Crowd Source, Mandiant Raytheon And large number of IT companies globally

Asymmetric Warfare – A new form

This is a battle of knowledge, effort, focus and precision

Govt’s glacial age response and MNCs blindfolded commercial focus is not the answer

Foster information security without trying to fight the internet architecture

the way forward

There’s no reason

that the good guys can’t be the same !!!.

The bad guys are smart, well equipped, and determined.

the way forward

A seamlessly connected, data driven and digitally serviced India is also more vulnerable Digital India. If recent history is to go by the cyber security landscape is worsening by the day. Security ought to be a design element and creating a risk aware culture will facilitate in achieving Digital India with confidence. Adoption of technology is directly proportional of the comfort levels it provides with least risks. This is the way forward.

Thank you all for the rapt attention!