On 28 Aug 2012, there was a Press Meet organized by Cyber Society of India to sensitize the Press on the wider ramifications of the action taken by the government by blocking many websites and curbing sms as a preventive measure in the aftermath of mass exodus of people to North East, from different parts of the country. On behalf of CySI, as an official spokesperson, I clarified to the Press along with the other CySI office-bearers present said that what the government to block the websites and curb sms and thus prevent major threat or loss of life is most welcome. But we have to look at the preventive measures. As an immediate measure, steps like verification and a 2 Factor Authentication of a mobile number and session generated PIN to activate the newly opened mail (like in Gmail) or even while creating a website can be followed. Monitoring, surveillance etc for sms with the usage of specific software search string based utilities may be explored. As long term measure, India going in for our own operating system, our own anti virus, firewall and other security related software like Unified Threat Management software including URL filtering, stateful inspection etc and even hardware manufacturing may be explored. Our indigenous O/s BOSS developed by C-DAC is not being effectively used, for want of support and patronage, marketing and popularity. Better and enhanced co-ordination among all information security related agencies and government departments may be ensured. Now these agencies and departments come under various Ministries exposing to lack of exchange of information security information. In a crisis situation, enhanced exchange of such intelligence information will be of great help. http://www.thehindu.com/sci-tech/internet/article3844006.ece
One journalist in his blog has questioned the expertise of CySI office-bearers to convene the Press Meet and address the media as experts, though the media gave extensive coverage to the Press release and all these suggestions, especially The Hindu, The Times of India, Deccan Chronicle and Dinamani in Tamil.
One or two sentences in the blog, especially the phrases like ‘self-styled cyber experts’ , “hiring PR agencies vying for a 15 seconds slot in national TV” are all grossly uncalled for and highly in bad taste. He has not mentioned by name. If CySI is a self styled cyber expert vying for 15 seconds in national TV channel, what is this reporter doing? He too by spitting venom wants the same few minutes attention by this article, right? In fact, I read the story twice. Frankly, I do not understand what exactly he was trying to convey. Other than the view that our idea of asking for id is not practical and cannot be used, there is nothing else I can make out.
Even to this counter, I would ask him this: I have seen “A Wednesday” the Naziruddin Shah film as well as its Tamil version by Kamal Hassan “Unnai pol Oruvan”. That is not about mobile number and id proof. (In fact that is about stuxnet or Fast flux — ie a variant of botnet — where your IP address keeps changing taking the bot’s IP on the fly making the system work like a zombie). That apart, if id proof can be faked and does not serve the purpose, even number plates in cars are faked and in many films the villains and sometimes heroes too drive the cars with fake number plates. Can I say, we do not need number plates, they don’t serve any purpose. Police officer’s uniform is faked and many con-men come dressed in police attire. Can we say police uniform does not serve the purpose?. I can make the list endless. If the reporter can quote “A Wednesday” I can pretty well quote the Prakash Raj film “Payanam” wherein a journo comes in the uniform of a police and takes a photo of the hijacked aircraft. Can we say for a moment that all reporters are criminals and cheat like that?
The other idea of national level body. The Note on Securing the Cyber Frontiers, submitted by DSCI – NASSCOM, dated 22 March 2012,may be seen, wherein the first of the ten recommendations, is on National Structure for Cyber Security…appointing a fully empowered head for cyber security at the highest level….
The NASSCOM-DSCI recommendation No,5 is on National Threat Intelligence Centre which should integrate all the existing information sources such as CERTs, intelligence bodies…..(In fact this is what we were precisely telling in the Press Meet)
Recom No7 is on building lawful interception capabilities. This is again what we stated I the Press Meet by describing it with ‘key word search’, interception of message etc.
The NASSCOM -DSCI publication is in the form of a 72-page book, and carries a diagrammatic (pictoral) representation of various ministries showing the agencies coming under them ie showing DIT, CERT,NIC, NISCG under ICT Ministry, CBI, NIA etc under Home, DIARA, DRDO under the Defence Minsitry and NTRO separately. In fact, this is what exactly we were telling in the Press Meet. Frankly, though nothing new in our suggestions to the government, there is nothing wrong or technically impractical either.
Appeared in Sun News Channel on 10 July 2012 on the recent cyber attack in the Tamil Nadu Police Department website in which newspapers reported that police data have been stolen by “Anonymous”.
Senior police officials stated that only some data relating to the complaint detailed lodged with the police have been stolen/copied and no critical information. In the TV interview I explained the provisions of Information Technology Act 2000 and Information Technology Amendment Act 2008 which have stringent provisions on Hacking and other data related offences. I explained the need for the government to have more Information Security professionals in places and to take swift action and spread the message that the government was serious in data protection.