National Critical Information Infrastructure Protection Centre (NCIIPC): Role and Responisbilities
CERCatIIITD
7,750 views
55 slides
Nov 29, 2014
Slide 1 of 55
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
About This Presentation
A talk about Critical Information Infrastructure (CII).
Slide Content
1
Role, Charter & Responsibilities
A Presentation by
Muktesh Chander IPS
Centre Director
NCIIPC
NTRO
Government of India
National Critical Information
Infrastructure Protection
Centre (NCIIPC)
Role, Charter & Responsibilities
A Presentation by
Muktesh Chander IPS
Centre Director
NCIIPC
NTRO
Government of India
National Critical Information
Infrastructure Protection
Centre (NCIIPC)
2
Critical Information Infrastructure (CII)
Threats to CII
Examples of Cyber attacks to CIIs
International Critical Information
Infrastructure Protection Efforts
International Information Security Standards
Information Security initiatives in India
National Critical Information Infrastructure
Protection Centre (NCIIPC)
Outline of Presentation
Critical Information Infrastructure (CII)
Threats to CII
Examples of Cyber attacks to CIIs
International Critical Information
Infrastructure Protection Efforts
International Information Security Standards
Information Security initiatives in India
National Critical Information Infrastructure
Protection Centre (NCIIPC)
Outline of Presentation
3
Energy
Transportation ( air, surface, rail & water)
Banking & Finance
Telecommunication
Defence
Space
Law enforcement, security & intelligence
Sensitive Government organisations
Public Health
Water supply
Critical manufacturing
E-Governance
…
Energy
Transportation ( air, surface, rail & water)
Banking & Finance
Telecommunication
Defence
Space
Law enforcement, security & intelligence
Sensitive Government organisations
Public Health
Water supply
Critical manufacturing
E-Governance
…
4
In general Critical Infrastructure (CI) can be defined
as:
“those facilities, systems, or functions, whose incapacity or
destruction would cause a debilitating impact on national
security, governance, economy and social well-being of a
nation”.
Critical Information Infrastructure (CII) are those ICT
infrastructure upon which core functionality of
Critical Infrastructure is dependent.
As per Section 70 of IT Act 2000, CII is defined as:
“the computer resource, the incapacitation or destruction of
which, shall have debilitating impact on national security,
economy, public health or safety.”
Critical Information Infrastructure
In general Critical Infrastructure (CI) can be defined
as:
“those facilities, systems, or functions, whose incapacity or
destruction would cause a debilitating impact on national
security, governance, economy and social well-being of a
nation”.
Critical Information Infrastructure (CII) are those ICT
infrastructure upon which core functionality of
Critical Infrastructure is dependent.
As per Section 70 of IT Act 2000, CII is defined as:
“the computer resource, the incapacitation or destruction of
which, shall have debilitating impact on national security,
economy, public health or safety.”
Critical Information Infrastructure
5
Information Infrastructure
CI
CI
CI
CII CII
CI
CII
Figure: Varying Dependence of CI on Information Infrastructure
Inter-dependence
Information Infrastructure
CI
CI
CI
CII CII
CI
CII
Figure: Varying Dependence of CI on Information Infrastructure
Inter-dependence
6
Characteristics of CII
Highly Complex
Distributed
Interconnected
Interdependent
Increasing trend in all of the above
Characteristics of CII
Highly Complex
Distributed
Interconnected
Interdependent
Increasing trend in all of the above
7
Complexity and Inter-
dependence of CII
Complexity and Inter-
dependence of CII
8
Threats to CII are classified as:
◦Internal Threat
It is defined as “One or more individuals with the access and/or
inside knowledge of a company, organization, or enterprise that
would allow them to exploit the vulnerabilities of that entity’s
security, systems, services, products, or facilities with the intent to
cause harm.”
Insider betrayals cause losses due to IT sabotage, Fraud, and Theft
of Confidential or proprietary information
This may be intentional or due to ignorance
◦External Threat
Arise from outside of the organization by individuals, hackers,
organizations, terrorists , foreign Government agents, non state
actors and pose risk like Crippling CII, Espionage, Cyber/Electronic
warfare, Cyber Terrorism etc.
Types of threats to CIIs
Threats to CII are classified as:
◦Internal Threat
It is defined as “One or more individuals with the access and/or
inside knowledge of a company, organization, or enterprise that
would allow them to exploit the vulnerabilities of that entity’s
security, systems, services, products, or facilities with the intent to
cause harm.”
Insider betrayals cause losses due to IT sabotage, Fraud, and Theft
of Confidential or proprietary information
This may be intentional or due to ignorance
◦External Threat
Arise from outside of the organization by individuals, hackers,
organizations, terrorists , foreign Government agents, non state
actors and pose risk like Crippling CII, Espionage, Cyber/Electronic
warfare, Cyber Terrorism etc.
Types of threats to CIIs
9
Malware Attacks ( 19,719,262 distinct malware so far)
Email attachments
Smartphones
Removable media
Web Application Attacks
Client Side Attacks, MITM
Social Engineering Attacks
Social network
Wireless attacks
DoS/DDoS
Botnet
SCADA APTs
Embedded systems
Supply Chain contamination
Threat vectors to CII
Malware Attacks ( 19,719,262 distinct malware so far)
Email attachments
Smartphones
Removable media
Web Application Attacks
Client Side Attacks, MITM
Social Engineering Attacks
Social network
Wireless attacks
DoS/DDoS
Botnet
SCADA APTs
Embedded systems
Supply Chain contamination
Threat vectors to CII
10
11
Individuals
Disgruntled or ex employee
Rivals (Industrial Espionage)
Hackers, Script kiddies, Crackers
Cyber criminals (organized as well as unorganized)
Hactivists
Cyber Mercenaries
Terrorist groups (CyberJehadis)
Non state actors
Hostile states
Threat actors
Individuals
Disgruntled or ex employee
Rivals (Industrial Espionage)
Hackers, Script kiddies, Crackers
Cyber criminals (organized as well as unorganized)
Hactivists
Cyber Mercenaries
Terrorist groups (CyberJehadis)
Non state actors
Hostile states
Threat actors
12
•Damage or destruction of CII
•Disruption or degradation of services
•Loss of sensitive and strategic information
•Widespread damage in short time
•Cascading effects on several CII
Effects of Cyber Attacks on CII
•Damage or destruction of CII
•Disruption or degradation of services
•Loss of sensitive and strategic information
•Widespread damage in short time
•Cascading effects on several CII
Effects of Cyber Attacks on CII
13
Example of Cyber Attacks on
CII
Example of Cyber Attacks on
CII
14
Discovered in June 2010
It is first known targeted worm to attack a particular
type of Industrial Control Systems (ICS).
It primarily spreads via portable USB drive
It first exploits zero-day vulnerabilities to infect
Windows based workstations then attacks associated
Programmable Logical Controller (PLC) based SCADA
machines and modifies their configuration and
behaviour.
Stuxnet, which affected the Nuclear program of Iran is
the most sophisticated APT.
Stuxnet Virus: A New weapon of War
Discovered in June 2010
It is first known targeted worm to attack a particular
type of Industrial Control Systems (ICS).
It primarily spreads via portable USB drive
It first exploits zero-day vulnerabilities to infect
Windows based workstations then attacks associated
Programmable Logical Controller (PLC) based SCADA
machines and modifies their configuration and
behaviour.
Stuxnet, which affected the Nuclear program of Iran is
the most sophisticated APT.
Stuxnet Virus: A New weapon of War
15
Concentration of infections in Iran.
Stuxnet spread and geographical
distribution of infected systems
Concentration of infections in Iran.
Stuxnet spread and geographical
distribution of infected systems
16
Discovered in September 2011.
Affected countries include Iran, France, UK,
Hungary, Austria, and Indonesia.
It is a variant of Stuxnet virus.
Unlike Stuxnet Duqu worm does not replicate but is
‘highly targeted’ and uses Trojans to gather
sensitive information and passwords and send back
to a command and control server.
It does not have a payload like Stuxnet, but instead
seems to exist to set up remote access capabilities.
Duqu Virus: A Stuxnet Variant
Discovered in September 2011.
Affected countries include Iran, France, UK,
Hungary, Austria, and Indonesia.
It is a variant of Stuxnet virus.
Unlike Stuxnet Duqu worm does not replicate but is
‘highly targeted’ and uses Trojans to gather
sensitive information and passwords and send back
to a command and control server.
It does not have a payload like Stuxnet, but instead
seems to exist to set up remote access capabilities.
Duqu Virus: A Stuxnet Variant
17
20 MB in size
Cause:
◦Flame can spread to other systems over LAN or USB stick.
◦Mine computer to record Skype conversation, screenshots,
keyboard activity and network traffic, turns infected
computers into Bluetooth becons which attempt to
download contact information from nearby Bluetooth-
enabled devices.
◦Collected information is sent back to remote control
servers.
Effect:
◦Initially infected 1000 machines, with victims including
governmental organizations, financial organizations etc. in
Iran, Egypt, Sudan, Lebanon, Saudi Arabia and Israel.
Flame Malware
20 MB in size
Cause:
◦Flame can spread to other systems over LAN or USB stick.
◦Mine computer to record Skype conversation, screenshots,
keyboard activity and network traffic, turns infected
computers into Bluetooth becons which attempt to
download contact information from nearby Bluetooth-
enabled devices.
◦Collected information is sent back to remote control
servers.
Effect:
◦Initially infected 1000 machines, with victims including
governmental organizations, financial organizations etc. in
Iran, Egypt, Sudan, Lebanon, Saudi Arabia and Israel.
Flame Malware
18
Targets:
◦Energy Sector.
◦Disrupted services of Saudi Aramco and Qatar RasGas.
Effect:
◦Capable to spread to other offline workstations on
network.
◦Wipes disks of workstations and overwrites Master
Boot Record preventing them from booting.
Motive:
◦Unlike other Cyber Espionage Malware, Shamoon is a
Cyber Sabotage Weapon.
Shamoon Malware (August
2012)
Targets:
◦Energy Sector.
◦Disrupted services of Saudi Aramco and Qatar RasGas.
Effect:
◦Capable to spread to other offline workstations on
network.
◦Wipes disks of workstations and overwrites Master
Boot Record preventing them from booting.
Motive:
◦Unlike other Cyber Espionage Malware, Shamoon is a
Cyber Sabotage Weapon.
Shamoon Malware (August
2012)
19
From Cyber Skirmishes
to
Cyber Warfare
From Cyber Skirmishes
to
Cyber Warfare
20
Cause:
◦Malicious emails when opened dropped Trojan horse .
◦Trojan horse connects back to Control Server to
download and install Gh0st Rat Trojan.
Effect:
◦Gh0st Rat allows attackers to gain complete, real time
control of computers running Microsoft windows.
◦Infiltrated high-value political, economic, and media
locations in 103 countries.
◦Compromised computer systems of embassies, foreign
ministries and other government offices, Dalai Lama’s
centers in India, London and New York city etc.
GhostNet: Cyber Spying
Operation
Cause:
◦Malicious emails when opened dropped Trojan horse .
◦Trojan horse connects back to Control Server to
download and install Gh0st Rat Trojan.
Effect:
◦Gh0st Rat allows attackers to gain complete, real time
control of computers running Microsoft windows.
◦Infiltrated high-value political, economic, and media
locations in 103 countries.
◦Compromised computer systems of embassies, foreign
ministries and other government offices, Dalai Lama’s
centers in India, London and New York city etc.
GhostNet: Cyber Spying
Operation
21
Cause:
◦A malware ecosystem employed by the attackers via
GhostNet etc.
◦Ecosystem Leveraged multiple redundant cloud
computing systems, social networking platforms,
free web hosting services etc to maintain persistent
control.
Effect:
◦Complex cyber espionage network.
◦Theft of classified and sensitive documents.
◦Collateral compromise: Visa applications stolen.
◦Command and control Infrastructure that leverage
cloud based social media services.
Shadow in Cloud: Cyber
Espionage
Cause:
◦A malware ecosystem employed by the attackers via
GhostNet etc.
◦Ecosystem Leveraged multiple redundant cloud
computing systems, social networking platforms,
free web hosting services etc to maintain persistent
control.
Effect:
◦Complex cyber espionage network.
◦Theft of classified and sensitive documents.
◦Collateral compromise: Visa applications stolen.
◦Command and control Infrastructure that leverage
cloud based social media services.
Shadow in Cloud: Cyber
Espionage
22
On 4
th
December 2011, Iran captured an
American Lockheed Martin RQ-170 Sentinel
unmanned aerial vehicle (UAV)
Iranian Government claimed that drone was
brought down by its cyber warfare unit stationed
near Kashmar.
An Iranian engineer claimed that the drone was
captured by jamming both satellite and land-
originated control signals to the UAV, followed
up by a spoofing attack, feeding the UAV false
GPS data to make it land in Iran at what the drone
thought was its home base in Afghanistan
Cyber Attack brought down US
Drone RQ-170
On 4
th
December 2011, Iran captured an
American Lockheed Martin RQ-170 Sentinel
unmanned aerial vehicle (UAV)
Iranian Government claimed that drone was
brought down by its cyber warfare unit stationed
near Kashmar.
An Iranian engineer claimed that the drone was
captured by jamming both satellite and land-
originated control signals to the UAV, followed
up by a spoofing attack, feeding the UAV false
GPS data to make it land in Iran at what the drone
thought was its home base in Afghanistan
Cyber Attack brought down US
Drone RQ-170
23
Incident Time Frame
◦Start 27 April 2007, End 18 May 2007, Duration 3 weeks
Methods
◦DoS and DDoS; Website defacement; Attacking DNS servers;
◦Mass e-mail and comment spam.
Targets
◦Servers of institutions responsible for the Estonian Internet
infrastructure;
◦Governmental and political
targets (parliament,
president, ministries,
state agencies, etc);
◦Services provided by the
private sector (ebanking,
news organisations etc);
◦Personal and random targets.
Estonia 2007 Cyber Conflict
Incident Time Frame
◦Start 27 April 2007, End 18 May 2007, Duration 3 weeks
Methods
◦DoS and DDoS; Website defacement; Attacking DNS servers;
◦Mass e-mail and comment spam.
Targets
◦Servers of institutions responsible for the Estonian Internet
infrastructure;
◦Governmental and political
targets (parliament,
president, ministries,
state agencies, etc);
◦Services provided by the
private sector (ebanking,
news organisations etc);
◦Personal and random targets.
Estonia 2007 Cyber Conflict
24
Incident Time Frame
◦Start 8 August 2008; End 28 August 2008; Duration 3 weeks
Methods
◦DoS and DDoS attacks;Distribution of malicious software
together with attack instructions; exploiting SQL vulnerability;
◦Defacement; Using e-mail addresses for spamming and
targeted attacks.
Targets
◦Government sites (President, Parliament, ministries; local
government of Abkhazia);
News and media sites, online
Discussion forums, Financial
institutions etc.
Georgia 2008 Cyber Conflict
Incident Time Frame
◦Start 8 August 2008; End 28 August 2008; Duration 3 weeks
Methods
◦DoS and DDoS attacks;Distribution of malicious software
together with attack instructions; exploiting SQL vulnerability;
◦Defacement; Using e-mail addresses for spamming and
targeted attacks.
Targets
◦Government sites (President, Parliament, ministries; local
government of Abkhazia);
News and media sites, online
Discussion forums, Financial
institutions etc.
Georgia 2008 Cyber Conflict
25
Incident Time Frame
◦Start 28 June 2008; End 2 July 2008; Duration 4 days.
Methods
◦Defacement. Pro-Soviet and communist symbols as well as
profane anti-Lithuanian slogans posted on websites.
◦Some e-mail spam.
Targets
◦Over 3oo private sector (95%) and governmental (5%)
websites;
◦Damage largely
avoided to the
public sector due to
timely warning;
◦Private sector suffered
most.
Lithuanian 2008 Cyber Conflict
Incident Time Frame
◦Start 28 June 2008; End 2 July 2008; Duration 4 days.
Methods
◦Defacement. Pro-Soviet and communist symbols as well as
profane anti-Lithuanian slogans posted on websites.
◦Some e-mail spam.
Targets
◦Over 3oo private sector (95%) and governmental (5%)
websites;
◦Damage largely
avoided to the
public sector due to
timely warning;
◦Private sector suffered
most.
Lithuanian 2008 Cyber Conflict
26
Cyber attacks on
Indian Government Infrastructure
Cyber attacks on
Indian Government Infrastructure
27
As reported by Indian Computer Emergency Response
Team (CERT-In) a total no. of 90, 119, 252 and 219
Government websites were defaced by various hacker
groups in the year 2008, 2009, 2010 and January –
October 2011 respectively
13000 incidents handled by CERT in in 2011
Cyber attacks on
Indian Government Websites
As reported by Indian Computer Emergency Response
Team (CERT-In) a total no. of 90, 119, 252 and 219
Government websites were defaced by various hacker
groups in the year 2008, 2009, 2010 and January –
October 2011 respectively
13000 incidents handled by CERT in in 2011
Cyber attacks on
Indian Government Websites
28
Loss of confidential information from sensitive
organisations
Email Compromises
Loss of confidential information from sensitive
organisations
Email Compromises
29
International efforts for Protection
Of Critical Information
Infrastructure
International efforts for Protection
Of Critical Information
Infrastructure
30
UN Resolution 58/199
ITU, G8
Agencies for protection of Critical Infrastructure:
◦Europe: European program for Critical Information
Infrastructure Protection (EPCIP)
◦United Kingdom: Centre for the Protection of National
Infrastructure (CPNI)
◦United States: Responsibility of Critical Infrastructure
protection falls under the jurisdiction of the Department of
Homeland Security.
◦Australia: National Security agency
◦South Korea: National Intelligence Service
International CIIP initiatives
UN Resolution 58/199
ITU, G8
Agencies for protection of Critical Infrastructure:
◦Europe: European program for Critical Information
Infrastructure Protection (EPCIP)
◦United Kingdom: Centre for the Protection of National
Infrastructure (CPNI)
◦United States: Responsibility of Critical Infrastructure
protection falls under the jurisdiction of the Department of
Homeland Security.
◦Australia: National Security agency
◦South Korea: National Intelligence Service
International CIIP initiatives
31
Information Security Management
Information Security Management
32
Some Information Security facts
◦ It is a multidisciplinary subject
◦Security depends on people, process more than technology;
◦Internal employees are a far bigger threat to information
security than any outside threat;
◦Security is not static entity but a running process; it should
flow through the organization.
◦Moving from technical, managerial, standardization &
certification to the Forth wave of Information security
Governance (B. Von Solms )
Information Security Management
Some Information Security facts
◦ It is a multidisciplinary subject
◦Security depends on people, process more than technology;
◦Internal employees are a far bigger threat to information
security than any outside threat;
◦Security is not static entity but a running process; it should
flow through the organization.
◦Moving from technical, managerial, standardization &
certification to the Forth wave of Information security
Governance (B. Von Solms )
Information Security Management
33
◦ISO/IEC 27000 family;
◦ISO 31000: Risk Management;
◦ISO 22301: Business continuity Management etc .
Federal Information Processing Standard (FIPS)
Control Objective for Information and Related
Technologies (COBIT)
Information Technology Infrastructure Library (ITIL)
Payment Card Industry Information Security Standard
(PCIDSS)
Data Security Council of India Security Framework (DSF)
International Standards
◦ISO/IEC 27000 family;
◦ISO 31000: Risk Management;
◦ISO 22301: Business continuity Management etc .
Federal Information Processing Standard (FIPS)
Control Objective for Information and Related
Technologies (COBIT)
Information Technology Infrastructure Library (ITIL)
Payment Card Industry Information Security Standard
(PCIDSS)
Data Security Council of India Security Framework (DSF)
International Standards
34
Specifies the requirements for establishing,
implementing, operating, monitoring, reviewing,
maintaining and improving a documented
Information Security Management System (ISMS)
within an organisation.
It is usually applicable to all types of
organisations, including business enterprises,
government agencies, and so on.
It is a normative standard against which
certification is obtained.
Adopts Plan-DO-Check-Act (PDCA) model and
is applied to structure all ISMS processes.
ISO/IEC 27001
Specifies the requirements for establishing,
implementing, operating, monitoring, reviewing,
maintaining and improving a documented
Information Security Management System (ISMS)
within an organisation.
It is usually applicable to all types of
organisations, including business enterprises,
government agencies, and so on.
It is a normative standard against which
certification is obtained.
Adopts Plan-DO-Check-Act (PDCA) model and
is applied to structure all ISMS processes.
ISO/IEC 27001
35
Establish the
ISMS
Implement
and operate
the ISMS
Monitor and
Review the
ISMS
Maintain and
Improve the
ISMS
Plan
Do
Check
Act
Information
security
Requirements
and Expectations
Managed
Information
Security and
Operations
PDCA Model
ISO/IEC 27001 Standard (contd..)
Establish the
ISMS
Implement
and operate
the ISMS
Monitor and
Review the
ISMS
Maintain and
Improve the
ISMS
Plan
Do
Check
Act
Information
security
Requirements
and Expectations
Managed
Information
Security and
Operations
PDCA Model
ISO/IEC 27001 Standard (contd..)
36
ISO/IEC 27001 ISMS Requirements
◦General requirements
Establishing and managing the ISMS
Establish the ISMS, Implement and operate the ISMS
Monitor and review the ISMS, Maintain and improve the ISMS
◦Documentation requirements
General, Control of documents, Control of records
◦Management responsibility Management commitment
Resource management Provision of resources
Training, awareness and competence
◦Internal ISMS audits
◦Management review of the ISMS
General, Review input, Review output
◦ISMS improvement
Continual improvement, Corrective action, Preventive action
ISO/IEC 27001 Standard (contd..)
ISO/IEC 27001 ISMS Requirements
◦General requirements
Establishing and managing the ISMS
Establish the ISMS, Implement and operate the ISMS
Monitor and review the ISMS, Maintain and improve the ISMS
◦Documentation requirements
General, Control of documents, Control of records
◦Management responsibility Management commitment
Resource management Provision of resources
Training, awareness and competence
◦Internal ISMS audits
◦Management review of the ISMS
General, Review input, Review output
◦ISMS improvement
Continual improvement, Corrective action, Preventive action
ISO/IEC 27001 Standard (contd..)
37
Criminal Offences Subsection
Sending offensive messages, including attachments, through communications service 66A
Dishonestly receiving stolen computer resource or communication device 66B
Identity theft 66C
Cheating by personating 66D
Violation of privacy 66E
Cyber terrorism: defined as causing denial of service, illegal access, introducing a virus in any of
the critical information infrastructure of the country defined u/s 70 with the intent to threaten
the unity, integrity, security or sovereignty of India or strike terror in the people or any section of
the people; or gaining illegal access to data or database that is restricted for reasons of the
security of state or friendly relations with foreign states.
66F
Publishing or transmitting of material containing sexually explicit act in electronic form 67A
Publishing or transmitting of material depicting children in sexually explicit act 67B
Preservation and retention of information by intermediaries as may be specified for such
duration and in such manner and format as the central government may prescribe.
67C
IT Act 2000
Criminal Offences Subsection
Sending offensive messages, including attachments, through communications service 66A
Dishonestly receiving stolen computer resource or communication device 66B
Identity theft 66C
Cheating by personating 66D
Violation of privacy 66E
Cyber terrorism: defined as causing denial of service, illegal access, introducing a virus in any of
the critical information infrastructure of the country defined u/s 70 with the intent to threaten
the unity, integrity, security or sovereignty of India or strike terror in the people or any section of
the people; or gaining illegal access to data or database that is restricted for reasons of the
security of state or friendly relations with foreign states.
66F
Publishing or transmitting of material containing sexually explicit act in electronic form 67A
Publishing or transmitting of material depicting children in sexually explicit act 67B
Preservation and retention of information by intermediaries as may be specified for such
duration and in such manner and format as the central government may prescribe.
67C
IT Act 2000
38
Section 70 deals with declaration of protected
systems as any computer resource which
directly or indirectly affects the facility of
critical information infrastructure (CII)
Protected Systems
Section 70 deals with declaration of protected
systems as any computer resource which
directly or indirectly affects the facility of
critical information infrastructure (CII)
Protected Systems
39
Sec 66 F: Punishment for Cyber Terrorism- (1)
Whoever,-
(A) with intent to threaten the unity, integrity, security or
sovereignty of India or strike error in the people or any
section of the people by-
(i) deny or cause the denial of access to any person authorized
to access computer resources; or
(ii) attempting to penetrate or access a computer resource
without authorization or exceeding authorised access; or
(iii) introducing or causing to introduce any computer
contaminant; or and by any means of such conduct causes or
is likely to cause death or injuries to person or damage to or
destruction of property or disrupts or knowing that it is likely
to cause damage or disruption of supplies or services
essential to the life of the community or adversely affect the
critical information infrastructure specified under section 70.
Cyber Terrorism
Sec 66 F: Punishment for Cyber Terrorism- (1)
Whoever,-
(A) with intent to threaten the unity, integrity, security or
sovereignty of India or strike error in the people or any
section of the people by-
(i) deny or cause the denial of access to any person authorized
to access computer resources; or
(ii) attempting to penetrate or access a computer resource
without authorization or exceeding authorised access; or
(iii) introducing or causing to introduce any computer
contaminant; or and by any means of such conduct causes or
is likely to cause death or injuries to person or damage to or
destruction of property or disrupts or knowing that it is likely
to cause damage or disruption of supplies or services
essential to the life of the community or adversely affect the
critical information infrastructure specified under section 70.
Cyber Terrorism
41
Under Section 70A NCIIPC, under NTRO is being
declared as the nodal agency for the protection of
Critical Information Infrastructure of India.
Gazette notification for NCIIPC under section 70A
(1) is underway.
NCIIPC under its mandate from section 70A(2) of IT
Act is responsible for all measures including R&D
for protection of Critical Information Infrastructure
Rules under section 70A being notified.
National Critical Information
Infrastructure Protection Centre (NCIIPC)
Under Section 70A NCIIPC, under NTRO is being
declared as the nodal agency for the protection of
Critical Information Infrastructure of India.
Gazette notification for NCIIPC under section 70A
(1) is underway.
NCIIPC under its mandate from section 70A(2) of IT
Act is responsible for all measures including R&D
for protection of Critical Information Infrastructure
Rules under section 70A being notified.
National Critical Information
Infrastructure Protection Centre (NCIIPC)
42
NCIIPC Vision
“To facilitate safe, secure and
resilient Information Infrastructure
for Critical Sectors of the Nation”
NCIIPC Vision
“To facilitate safe, secure and
resilient Information Infrastructure
for Critical Sectors of the Nation”
43
“To take all necessary measures to
facilitate protection of Critical Information
Infrastructure from unauthorized access,
modification, use, disclosure, disruption,
incapacitation or destruction through
coherent coordination, synergy and
raising information Security awareness
among all stakeholders.”
NCIIPC Mission
“To take all necessary measures to
facilitate protection of Critical Information
Infrastructure from unauthorized access,
modification, use, disclosure, disruption,
incapacitation or destruction through
coherent coordination, synergy and
raising information Security awareness
among all stakeholders.”
NCIIPC Mission
44
CERT-IN
NCIIPC
Organizational
Security
Department
LEAs
LOW Criticality HIGH
HIGH
Dependency
Dependency and Criticality Matrix for NCIIPC
CERT-IN
NCIIPC
Organizational
Security
Department
LEAs
LOW Criticality HIGH
HIGH
Dependency
Dependency and Criticality Matrix for NCIIPC
45
Prevention and early warning
Detection
Mitigation
Response
Recovery
Resilience
Prevention and early warning
Detection
Mitigation
Response
Recovery
Resilience
46
Identification of Critical Sub-sectors
Study of Information Infrastructure of identified
critical sub-sectors
Issue of Daily / Monthly cyber alerts / advisories
Malware Analysis
Tracking zombies and Malware spreading IPs
Cyber Forensics activities
Research and Development for Smart and Secure
Environment.
Facilitate CII owners in adoption of appropriate
policies, standards, best practices for protection of
CII.
Annual CISO Conference for Critical Sectors.
Awareness and training
24X7 operation and helpdesk
NCIIPC Activities
Identification of Critical Sub-sectors
Study of Information Infrastructure of identified
critical sub-sectors
Issue of Daily / Monthly cyber alerts / advisories
Malware Analysis
Tracking zombies and Malware spreading IPs
Cyber Forensics activities
Research and Development for Smart and Secure
Environment.
Facilitate CII owners in adoption of appropriate
policies, standards, best practices for protection of
CII.
Annual CISO Conference for Critical Sectors.
Awareness and training
24X7 operation and helpdesk
NCIIPC Activities
NTRO has identified 17 sub-sectors initially and has started
activities for 7 sub-sectors named below:
•Air Traffic Management (ATM), Civil Aviation (Transportation)
•Power grid (Energy)
•MTNL
•NSEI
•BSNL
•Railways
•SBI
activities for 7 sub-sectors named below:
•Air Traffic Management (ATM), Civil Aviation (Transportation)
•Power grid (Energy)
•MTNL
•NSEI
•BSNL
•Railways
•SBI
Sl
No.
SECTOR as identified in crisis
management plan 2010
Sub- sector Dept./Agency
Organization
Specific Area Remarks
1.
Transportation Civil aviation AAI ATC Work under
progress
2.
Transportation Railways IRCTC RAILTEL Passenger
reservation
system,
communication
Work under
progress
3.
Transportation Shipping Port Port management
4.
Energy Power Powergrid
corporation
POSOCO Work under
progress
5.
Energy Nuclear BAARC, NPCL
6.
Energy Oil & Gas ONGC
7.
Finance/Banking Finance NSE, BSE, Central
Economic
Intelligence
Bureau (CEIB)
SIEN network
(CEIB)
NFS(National
Financial
Switches)
Work under
progress
8.
Finance/Banking Banking SBI, RBI INFINET, NEFT,
SIEN
Work under
progress
9.
ICT Communication MTNL, BSNL Work under
progress
No.
SECTOR as identified in crisis
management plan 2010
Sub- sector Dept./Agency
Organization
Specific Area Remarks
1.
Transportation Civil aviation AAI ATC Work under
progress
2.
Transportation Railways IRCTC RAILTEL Passenger
reservation
system,
communication
Work under
progress
3.
Transportation Shipping Port Port management
4.
Energy Power Powergrid
corporation
POSOCO Work under
progress
5.
Energy Nuclear BAARC, NPCL
6.
Energy Oil & Gas ONGC
7.
Finance/Banking Finance NSE, BSE, Central
Economic
Intelligence
Bureau (CEIB)
SIEN network
(CEIB)
NFS(National
Financial
Switches)
Work under
progress
8.
Finance/Banking Banking SBI, RBI INFINET, NEFT,
SIEN
Work under
progress
9.
ICT Communication MTNL, BSNL Work under
progress
Sl
No.
SECTOR as identified in crisis
management plan 2010
Sub- sector Dept./Agency
Organization
Specific Area Remarks
10.
ICT IT NIC NKN, SWAN
11.
Law Enforcement, Security &
intelligence
Law Enforcement
& Security
ITBP, SSB, CRPF,
Assam Rifles, BSF,
CISF
12.
Law Enforcement, Security &
intelligence
Law Enforcement
& Security
MHA CCTNS
13.
Law Enforcement, Security &
intelligence
Intelligence
Agencies
R&AW, IB, NTRO,
CBI, NIA
NATGRID, FRRO
Networks Cobweb
Work under
progress
14.
Space -- ISRO Spacenet, Remote
sensing,
spacebased
Programme
15.
Defence Army, Navy, Air
Force, Coast
guard, Strategic
Forces Command
16.
MEA -- -- Passport
Database/Visa
OTHERS
17.
Sensitive Govt. Organisations PMO, NSCS, Planning Commission,
Cabinet Sectt., MHS, Registrar General
Doordarshan & AIR
AADHAAR
Network from any
of these areas
which go through
NIC
No.
SECTOR as identified in crisis
management plan 2010
Sub- sector Dept./Agency
Organization
Specific Area Remarks
10.
ICT IT NIC NKN, SWAN
11.
Law Enforcement, Security &
intelligence
Law Enforcement
& Security
ITBP, SSB, CRPF,
Assam Rifles, BSF,
CISF
12.
Law Enforcement, Security &
intelligence
Law Enforcement
& Security
MHA CCTNS
13.
Law Enforcement, Security &
intelligence
Intelligence
Agencies
R&AW, IB, NTRO,
CBI, NIA
NATGRID, FRRO
Networks Cobweb
Work under
progress
14.
Space -- ISRO Spacenet, Remote
sensing,
spacebased
Programme
15.
Defence Army, Navy, Air
Force, Coast
guard, Strategic
Forces Command
16.
MEA -- -- Passport
Database/Visa
OTHERS
17.
Sensitive Govt. Organisations PMO, NSCS, Planning Commission,
Cabinet Sectt., MHS, Registrar General
Doordarshan & AIR
AADHAAR
Network from any
of these areas
which go through
NIC
50
Each Organisation/Ministry in Critical Sector should
nominate a Nodal Officer (CISO) for interaction with NCIIPC.
CISO will be the point of contact for NCIIPC.
Nodal Officer/CISO
Each Organisation/Ministry in Critical Sector should
nominate a Nodal Officer (CISO) for interaction with NCIIPC.
CISO will be the point of contact for NCIIPC.
Nodal Officer/CISO
51
CISO responsibilities include, but not limited to:
◦Build an Information security culture
◦Assist senior management in the development, implementation
and maintenance of an information security infrastructure.
◦Develop, communicate and ensure compliance with
organizational information security policy, standards and
guidelines
◦Ensure regulatory and Standards compliance
◦Develop a security awareness and training program
◦Periodically conduct internal audit to check compliance with
organizational security policy, standard and guidelines
◦Risk Management
◦Incident Management
◦Business Continuity Management
◦Assist senior management in acquisition of products, tools and
services related to information & related technology.
CISO Roles & Responsibilities
CISO responsibilities include, but not limited to:
◦Build an Information security culture
◦Assist senior management in the development, implementation
and maintenance of an information security infrastructure.
◦Develop, communicate and ensure compliance with
organizational information security policy, standards and
guidelines
◦Ensure regulatory and Standards compliance
◦Develop a security awareness and training program
◦Periodically conduct internal audit to check compliance with
organizational security policy, standard and guidelines
◦Risk Management
◦Incident Management
◦Business Continuity Management
◦Assist senior management in acquisition of products, tools and
services related to information & related technology.
CISO Roles & Responsibilities
52
Guidelines for Protecting Critical
Information Infrastructure
Under preparation with the help of Academia and Industry
Guidelines for Protecting Critical
Information Infrastructure
Under preparation with the help of Academia and Industry
53
We understand several Ministries/Departments have
identified organisations under their administrative
control as a Sectoral CERT for their respective
Ministries/Departments
We would expect these Sectoral CERTS henceforth
workout an institutional mechanism to synergistically
work with NCIIPC towards providing effective
protection to the CII in these Ministries/Departments.
NCIIPC Expectations
We understand several Ministries/Departments have
identified organisations under their administrative
control as a Sectoral CERT for their respective
Ministries/Departments
We would expect these Sectoral CERTS henceforth
workout an institutional mechanism to synergistically
work with NCIIPC towards providing effective
protection to the CII in these Ministries/Departments.
NCIIPC Expectations
54
Take some time to fill questionnaire
Provide details of information security measures being
taken in your organisation
Leave above documents when you go for lunch.
Feedback
Take some time to fill questionnaire
Provide details of information security measures being
taken in your organisation
Leave above documents when you go for lunch.
Feedback
55
Marching towards building
a culture of cyber security
NCIIPC at your Service
Thank you
Marching towards building
a culture of cyber security
NCIIPC at your Service
Thank you
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7,750
- Slides 55
- Favorites 9
- Age 4029 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
36 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
39 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
35 views
14
Fertility awareness methods for women in the society
Isaiah47
32 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
31 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
32 views