International law not adequate to check terror cyberattacks: India

[Hindustani78]

http://www.deccanherald.com/content/596350/international-law-not-adequate-check.html

International law not adequate to check terror cyberattacks: India
United Nations, Feb 14, 2017 (PTI)

India has called for collaborative preventive approach to address terrorist cyberattacks against critical infrastructures, underlining that current international law is not well positioned to deal with the threat.

Citing the 26/11 Mumbai terror attacks, India said that financial hubs are targeted by terrorists to impact a country's economy.

"The investigations into the heinous terrorist attacks on Mumbai in 2008 revealed the impact its perpetrators wanted to have on the psyche and economy of the whole of India.

"These attacks, including on a hospital, railway station and hotels were carefully planned and crafted from beyond our borders to have crippling effects not only on daily life in a bustling metropolis but targeted a country of a billion people," India's Permanent Representative to the UN Syed Akbaruddin said here yesterday.

Addressing a Security Council debate on 'Threats to International Peace and Security caused by terrorist acts : Protection of Critical Infrastructure', Akbaruddin said big urban centres like Mumbai, New York and London have become targets as impact on cities serving as financial hubs affect the economy of the country in multiple ways.

He, however, lamented the lack of adequate international law to deal with the threat of cyber attacks, adding that despite years of concern, states have addressed few international instruments addressing issues of threats from cyberspace.

"Current international law is not well positioned to support responses to cyber attacks," he said adding that protection of critical infrastructure is primarily a national responsibility.

"However, given that much of our technologies and base templates for systems around the world are similar, threats of attacks on an international stock exchange, a major dam, a nuclear power plant, possible sabotaging of oil/gas pipelines, air safety systems of airports, or potential blocking of an international canal or straits have much wider implications and pursuant complications far beyond national frontiers," he said.

Akbaruddin said many recent terrorist attacks have revealed that accessto Information and Communication Technologies (ICTs) and in some cases their manipulation was an "important enabler".

"The global nature of information and communication technologies raises the necessity for an international vision and coordination on policy aspects with the aim of enhancing capabilities," he said.

He noted that Security Council decisions that impose binding counter-terrorism duties do not mention cyber attacks, while Member States have been negotiating the proposed Comprehensive Convention on InternationalTerrorismsince the latter halfofthe1990s, a period corresponding to the rise of worries against terrorist cyber attacks.

He stressed that UN member states need to work out their differences in the face of concerns regarding ICT related threats to critical infrastructure and not wait for a "cataclysmic event" to foster greater international collaboration to protect critical infrastructure from terrorist cyber attacks.

"Since we can discern the threat and there is understandable global angst, can we look at options for strengthening international law against terrorist cyber attacks? If we are not willingtonegotiateatreatyon terroristcyber attacks, can we at least start by clarification of the applicability of certain anti-terrorism treaties to terrorist cyber attacks," he said, asking members states are they ready fora "collaborative preventive approach" to address terrorist cyber attacks against critical infrastructure.

"Collaboration is key to moving the perimeter you defend from yourfront door to the edge of your neighbourhood. Critical infrastructure protection from terrorist cyber attacks requires a 'global neighbourhood watch programme' because, as they say, there is safety in numbers.

"Anyeffectivecollaborationrequirestrust. And currently, there is a trust deficit. The lesson from the past is that, international law on terrorism has largely developed through states reacting to terrorist violence," he said.

In a resolution adopted unanimously, the 15-member Council reiterated "the need to strengthen efforts to improve security and protection of particularly vulnerable targets, such as infrastructure and public places."

Given the importance of critical infrastructure for a country’s prosperity and security and against the backdrop of increasingly diverse physical and cyber threats from terrorist groups, the United Nations Security Council underlined the need for international collaboration – both domestically and across borders – to ensure their protection.

The resolution called upon UN Member States "to share information...to prevent, protect, mitigate, investigate, respond to and recover from damage from terrorist attacks on critical infrastructure facilities, including through joint training, and use or establishment of relevant communication or emergency warning networks.

 

[Hindustani78]

http://www.deccanherald.com/content/639189/it-security-firm-detects-cyber.html

A major IT security software maker has detected some servers in India that are used by notorious cyber criminal gang Lazarus, which is believed to be behind large-scale cyber attacks across the world, including the recent WannaCry ransomware.

While researching the latest activities of the infamous cyber criminal group Lazarus, the company uncovered a number of compromised servers being used as part of the threat actor's global command and control infrastructure, the software company said.

"The compromised servers, found in Indonesia, India, Bangladesh, Malaysia, Vietnam, South Korea, Taiwan, Thailand, among others, could be used by Lazarus to launch targeted attacks against a company or organisation," the company said in a statement.

Korean-speaking Lazarus group is believed to be behind recent high-profile cyber attacks like the 2014 hack of Sony Pictures, the million-dollar Bangladesh Bank heist in 2016 and the recent WannaCry destructive ransomware epidemic, as per the statement.

The criminal group, by name of Guardians of Peace, had claimed responsibility for the hack of Sony Pictures. It had demanded Sony to pull down the film 'The Interview,' which was a comedy about a plot to assassinate North Korean leader Kim Jong-un.

The IT security major said Lazarus, which is also a Korean-speaking group, "is thought to be state-sponsored".

The US, China and India are the top three countries housing the maximum number of compromised servers, the company's report said.

3rd highest in India

"According to open source intelligence, three of the top five countries that still have servers carrying this vulnerability is in the APAC region: China (with 7,848), India (1,524) and Hong Kong (1,102). The US tops the list with the most vulnerable servers (11,949), while the United Kingdom ranks fifth with 805," the report said.

The company said researchers have discovered that the servers had been infected using malware called Manuscript, which could have been installed using a vulnerability in Microsoft Internet Information Services that was patched by Microsoft on June 13, 2017.

 

[Hindustani78]

Bengaluru, November 09, 2017 21:26 IST
Updated: November 10, 2017 12:54 IST

http://www.thehindu.com/business/Ec...-a-week-rai/article20046726.ece?homepage=true

“We need to define security standards and protocols,” observes Gulshan Rai.

India will release a concept paper on its Data Protection Act within a week seeking stakeholders’ comments as government experts grapple with issues concerning inter-operability, security and privacy of new emerging technologies such as artificial intelligence and cloud computing, said Gulshan Rai, National Cyber Security Coordinator under the Prime Minister's Office.

“We need to define security standards and protocols,” Mr. Rai told delegates at a Internet of Things (IoT) conference here on Thursday. “Government is in the process of evolving a Data Protection Act. There is an expert committee under the chairmanship of Justice Srikrishna, of which I am also a member. The concept paper of the group will be out in a week’s time.”

To keep data of Indians “secure” and “protected” the Ministry of Electronics and Information Technology, on July 31, formed a committee of experts headed by B.N. Srikrishna, a former Supreme Court judge.

The experts, who include members from the government, academia and industry, will identify data protection issues and recommend methods for addressing them. It will also suggest a draft Data Protection Bill.

Technical issues

“There are technical issues such as interoperability, compatibility, privacy, security and adaptability and the cost of implementation. The other issues concern the diplomatic part of it. Also, do we have a international legal framework? How do we interpret the jurisdiction? That is another challenge,” Mr. Rai said.

There are nine billion IoT devices worldwide and by 2020 “we expect almost an increase by factor of three.” Today, the entire turnover of IoT devices is about $150 billion and “we expect it to go up by a factor of four in the next four years,” he said, quoting a report.

The committee’s view was that before the technology was implemented in the smart cities one needs to have a security architecture and framework in place, Mr. Rai said.

“Who will tellus, we did not have any experience. We had some expertise of what the security systems are in the conventional systems. We did not have the experience on smart cities and other technologies. There will be a different sort of technological implementation issues in smart cities and IoT technologies. Those can be in terms of protocols, application programme interface and upgradation software,” he said.

“A whole new world, not only for the development of technology, but for security will also emerge. The investment on device is much lesser as compared to the investment planned on security in both architecture or security application,” Mr. Rai said. A UN Group of Governmental Experts, tasked with examining cyberthreats and making recommendations, was unable to reach a consensus on its final report in June. While previous UN GGE reports remain valid and applicable, though not legally binding, the group’s future is uncertain, according to a statement on the UN website.

Nations may move towards bilateral agreements, a trend which was prevalent in 2015 and 2016, according to the UN.

“When we went to the meeting there were lot of opposition on the attributions,” Mr. Rai said. Ultimately how do you attribute where the crime incident happened? Who is the actor? How do we define attribution? Do we have the inherent right to defend if attack happens? The talks failed.”

“Relationship with industry is important on realising what is the techno-cyber or techno-legal procedure is,” he said. “Today we need a collaboration with the industry because the entire cyber governance involves multiple stakeholders. We need help of stakeholders to build security architecture and cybergovernance architecture. We are looking at whether to be compatible to the European GDPR or the U.S. standard.”

Mr. Rai told the industry to build capacities for training graduates on new technologies by initiating short-term courses which needed to be upgraded from time to time.

“Discussions are on with IIT Delhi and Hyderabad. Practical part will have to come from the industry. We want to set up 10 centres in the next eight to nine months.”

 

[Hindustani78]

Ministry of Electronics & IT
14-November, 2017 13:01 IST
300 Cyber security experts to attend first ever Asia Pacific Computer Emergency Response Team (Apcert) Conference

The Indian Computer Emergency Response Team (CERT-In) under the aegis of Ministry of Electronics & Information Technology organizing the Asia Pacific Computer Emergency Response Team (APCERT) Conference from November 12-15, 2017 in New Delhi. This is the 15th Conference of APCERT and first ever conference in India and South Asia and is expected to be attended by 21 economies.

The conference theme is "Building Trust in the Digital Economy". November 12-14 are closed for AGM and other APCERT meetings. The open session including industry, academia, civil society and Government stakeholders will be held on November 15, 2017 at Hotel The Ashok, New Delhi. This will be inaugurated by Shri Ravi Shankar Prasad, Hon'ble Minister of Electronics & Information Technology, and is expected to be attended by over 300 cyber security professionals from the Asia Pacific region, USA, Europe, Industry, Academia, Government and Media.

This conference would cover contemporary topics around strategies of CERTs, Technology and Instruments for building trust in digitally evolving economies and best practices for handling cyber security in mobile and social media.

The Union Minister for Electronics & Information Technology and Law & Justice, Shri Ravi Shankar Prasad lighting the lamp to inaugurate the open session of APCERT (Asia Pacific Computer Emergency Response Team), in New Delhi on November 15, 2017. The Minister of State for Tourism (I/C) and Electronics & Information Technology, Shri Alphons Kannanthanam and other dignitaries are also seen.

The Union Minister for Electronics & Information Technology and Law & Justice, Shri Ravi Shankar Prasad addressing at the inauguration of the open session of APCERT (Asia Pacific Computer Emergency Response Team), in New Delhi on November 15, 2017.

The Union Minister for Electronics & Information Technology and Law & Justice, Shri Ravi Shankar Prasad addressing at the inauguration of the open session of APCERT (Asia Pacific Computer Emergency Response Team), in New Delhi on November 15, 2017. The Minister of State for Tourism (I/C) and Electronics & Information Technology, Shri Alphons Kannanthanam and other dignitaries are also seen.

The Minister of State for Tourism (I/C) and Electronics & Information Technology, Shri Alphons Kannanthanam addressing at the inauguration of the open session of APCERT (Asia Pacific Computer Emergency Response Team), in New Delhi on November 15, 2017.

 

[Hindustani78]

The Union Minister for Electronics & Information Technology and Law & Justice, Shri Ravi Shankar Prasad briefing the media on the importance of the Global Conference on Cyber Space (GCCS 2017), in New Delhi on November 16, 2017.

The Union Minister for Electronics & Information Technology and Law & Justice, Shri Ravi Shankar Prasad briefing the media on the importance of the Global Conference on Cyber Space (GCCS 2017), in New Delhi on November 16, 2017. The Secretary, Ministry of Electronics & Information Technology, Shri Ajay Prakash Sawhney is also seen.

The Union Minister for Electronics & Information Technology and Law & Justice, Shri Ravi Shankar Prasad briefing the media on the importance of the Global Conference on Cyber Space (GCCS 2017), in New Delhi on November 16, 2017. The Secretary, Ministry of Electronics & Information Technology, Shri Ajay Prakash Sawhney is also seen.

 

[Hindustani78]

http://www.hindustantimes.com/india...dipak-misra/story-HFYaBjXZNiaBI1giYi1GQL.html

He also highlighted the growing necessity or the judiciary to be up-to-date with the latest trends concerning cyberspace.
india Updated: Nov 15, 2017 23:59 IST
Press Trust of India, New Delhi

Chief Justice of India Justice Dipak Misra addresses Bombay High Court judges and lawyers during the inaugural ceremony of an alternate dispute resolution centre and a creche for lawyers and court staff in Mumbai.(PTI FILE)

Chief Justice of India Dipak Misra on Wednesday said there is a need to concentrate on the emerging legal, policy and regulatory issues concerning cyberspace and it is the State’s obligation to strengthen its cyberlaws.

Justice Misra, who inaugurated the ‘International Conference on Cyberlaw, Cybercrime and Cybersecurity’, said that while considering the formation of an international committee for cybersecurity, the Indian concept of constitutional sovereignty cannot be diluted.

He said that the cyber world has been under constant change and hence it was imperative to discipline cyber law and cyber crime and the cyber purity assumes a great significance for the stakeholders.

He stressed upon the need for concentrating on emerging legal, policy and regulatory issues concerning cyberspace and the need for all stakeholders, including lawmakers and judiciary, to be more aware about the nuances of emerging cyber technologies.

He also highlighted the growing necessity or the judiciary to be up-to-date with the latest trends concerning cyberspace as this issue would be coming before the judiciary and adjudication in coming times.

“There has to be an international committee but as far as law making is concerned, the Indian concept of constitutional sovereignty cannot be diluted. As citizens of India it is the duty of everyone to protect the constitutional sovereignty. That cannot be mutilated.

“Simultaneously we have international harmony and co- operation to save people from cybercrimes which doesn’t have barriers. As there are no barriers, there has to be something else which has to be thought of and in that area I have no objection in saying there has to be an international committee,” he said.

The CJI added that it is the obligation of the State to strengthen its cyberlaws.

“The countries world over have taken manifold steps in order to strengthen the cyberlaws by visiting the existing cyber-legal frameworks for the purpose of adopting to the evolving realities.

“There has to be a regulatory framework. There has to experts. They have to be more intelligent than those nuisance makers. The nuisance that corrodes social and constitutional values,” he added.

Steven Wilson, head of EUROPOL Cybercrime Centre, also called upon all the stakeholders to work together to deal with deadly challenges being presented by cyber criminals and hackers across the world.

The conference director, advocate Pavan Duggal said there was a need for the lawmakers and all the other stakeholders to deal with the legal and policy issues concerning cyberspace in a more effective, holistic and pragmatic manner.

 

[Hindustani78]

Ministry of Electronics & IT
16-November, 2017 16:17 IST
India to Host Global Conference on Cyber Space 2017: A Giant Leap Towards a Secure and Inclusive Cyberspace

· GCCS 2017 to be much bigger than its previous editions

· The Curtain Raiser events to kick-off from 20th November

· A 36-hour Grand Finale of Global Cyber Challenge - Peace-a-thon to take place in the GCCS 2017

· A nearly paperless event in which entire chain starting from pre-registration to travel to hotel booking to meals to session check in will be done through App and Web




India, for the first time ever, is going to host the Global Conference on Cyber Space (GCCS), one of the world’s largest conferences in the field of Cyber Space and related issues, on 23 & 24 November 2017, at Aerocity, New Delhi. The Hon’ble Prime Minister of India Shri Narendra Modi will inaugurate the mega event, while Smt. Sushma Swaraj, Hon’ble Minister of External Affairs will deliver the keynote address in the Valedictory function.


Incepted in 2011 in London, second GCCS was held in 2012 in Budapest with focus on relationship between internet rights and internet security, which was attended by 700 delegates from nearly 60 countries. The third edition of GCCS was held in 2013 in Seoul with commitment to Open and Secure Cyberspace. The fourth version GCCS 2015 was held on April 16-17, 2015 in The Hague, Netherlands which saw participation from 97 countries.


Themed on Cyber4All: A Secure and Inclusive Cyberspace for Sustainable Development, this is the fifth edition of GCCS wherein international leaders, policymakers, industry experts, think tanks and cyber experts will gather to deliberate on issues and challenges for optimally using cyber space. The overall goals of GCCS 2017 are to promote the importance of inclusiveness and human rights in global cyber policy, to defend the status quo of an open, interoperable and unregimented cyberspace, to create political commitment for capacity building initiatives to address the digital divide and assist countries, and to develop security solutions in a balanced fashion that duly acknowledge the importance of the private sector and technical community.


While briefing the press, Shri Ravi Shankar Prasad, Hon’ble Minister for Electronics & IT and Law & Justice, said, “This is a historic moment for all of us to host the Fifth edition of the Global Conference of Cyberspace in India. I believe it is recognition of India’s emerging role as a massive cyber power, accelerated by the Digital India push, which has acquired international acknowledgment. The GCCS 2017 is certainly in accord with the Hon’ble Prime Minister’s vision to transform India into a digitally empowered country. GCCS 2017 will give the world’s cyber community a unique opportunity to learn from global experience and expert insight, and discover more about the technology led transformation being engineered in India. As India is poised to become a US$1 Trillion digital economy and lead the digital revolution in the world, it is imperative to formulate and put across a robust cyber space.”


“The GCCS 2017 is going to be four times bigger than its previous edition in terms of its magnitude. The last conference held in The Netherlands saw about 1800 delegates, and I am happy to announce that we have over 10000 delegates who will participate in person. There will also be virtual participation from over 2800 locations across the world will be connected in an interactive mode. We have had over 40 Run-up events around the world since March 2017 to precede the main event that received an unprecedented response from the policy makers, industry, academia, civil society and think tanks. We look forward to cooperation and knowledge sharing among countries to implement and replicate successful initiatives as one of the major expected outcomes of this conference. ”added Shri Prasad.



GCCS 2017: Key Highlights

· Tens of thousands of delegates (Both in person and through Webinar/ Video Conference from around the world). Millions will watch over webcast from 5 Conference locations at the venue

· Representatives from 124 countries

· 33 Ministerial delegates from 31 countries already including PM of Sri Lanka

· 2800 locations to be virtually connected in an interactive mode

· 15 Parallel sessions & 12 Side events

· Participation of policy makers, industry, academia, civil society and think tanks

· Grand Finale of worldwide Peace-a-thon Events



The plenary sessions and other activities during GCCS 2017 have been designed around the themes of Cyber4Inclusive Growth, Cyber4DigitalInclusion, Cyber4Security and Cyber4Diplomacy. During various sessions and activities focused around these themes, GCCS 2017 will bring forth the business, empowerment and developmental potential of Cyber space for realizing the goals of sustainable development.


GCCS 2017 in India is going to be the biggest ever cyber event of its kind. Including about 35 run up events, more than ten thousand delegates from more than 123 countries are expected to participate in person

· About 7000 in run-up events held by Academia, Civil Society, Industry and Policy Makers since March, 2017 in India and abroad.

· More than 1000 in 13 Curtain Raiser Events

· More than 2000 (about 700 from abroad and 1500 from India) in 18 Plenary & Parallel Sessions and 12 Side Events on November 23 and 24


33 ministers from various nations dealing with the subject matter of cyber space (ICT or similar ministries in some countries and Foreign Ministry in others) have already confirmed. Prime Minister of Sri Lanka also is expected to come for the inaugural ceremony.


More than 7000 people have already registered on the website; only 2500 will get their invites to the conference. Till now, some of the eminent speakers at the conference who have already confirmed participation include Ministers from various countries such as France, Russia, Israel, Kazakhstan, Mexico, Portugal, Bangladesh and the United Kingdom; Mr. Houlin Zhao (Secretary General, International Telecommunication Union); Mr. Mukesh Ambani (Chairman, MD, RIL); Mr. Sunil Bharti Mittal (Founder and Chairman, Bharti Enterprises); Mr. Tarek Kamel (Senior Advisor to President & SPV, Government And IGO Engagement, ICANN); Ms. Marina Kalijurand (Chair, Global Commission on Stability of Cyber Space, Estonia); Mr. David Martinon (Ambassador for Cyber Diplomacy and the Digital Economy, France); Mr. Uriël "Uri" Rosenthal (Ex- Foreign Minister, The Netherlands); Mr. LaliteshKatragadda(Founder, Google Map Maker); Mr. VeniMarkovski (Bulgarian Internet pioneer, Co-founder and CEO of bol.bg); Ms. Debjani Ghosh (Former MD, Intel, South Asia); Mr. Saurabh Srivastava (Founding Member, Indian Angel Network);Mr. Paul Wilson (Director General, APNIC).


The list of illustrious speakers from around the world can be viewed at www.gccs2017.in/speaker.


In a first ever initiative, 800 locations for Video Conference and 2000 locations are being made available for Live Webinar across the world. Assuming average participation of about 10 at each location, nearly thirty thousand persons are expected to participate virtually during live sessions and even ask questions. This has been made possible using a combination of NIC VC (200 locations) and Learning Management System (2600) locations.


6 oldest IITs and IISc are among academic partners of the GCCS. Leading multinationals, SBI and PNB also are among the sponsors.


In a first time ever initiative, a world-wide Hackathon and Appathonare being hosted by top Universities worldwide. 15 winning teams will compete in the grand finale in Delhi during Curtain Raiser. Prize winners are proposed to be honoured by the Hon’ble PM.


GCCS 2017 - A Truly Digital One: A web-based Portal and a unique app have been created to inter-alia include the following so as to have a less-paper Conference:



· Pre-registration on the web by the target group

· Work-flow based verification by Ministry of External Affairs and Ministry of Home Affairs (including IB)

· Approval and generation of Invitation Letter

· Confirmation by the applicant and subsequent generation of discount codes for travel and stay.

· Final travel programme (including hotel stay)

· Reception at flights / hotels

· Assignment of blocks

· Electronic check-in to sessions

· Chat among delegates and fixing of appointments for side meetings.

· E-Food Coupons

· Priority of questions for checked in users



The tentative program for GCCS 2017 has been planned on the lines of previous conferences to ensure uniformity and continuity of GCCS. The detailed program has also been made available on https://gccs2017.in/. The conference is planned as a two-day event which will include an inaugural, plenary sessions, parallel sessions and valedictory session. GCCS 2017’s structure has tracks with plenary sessions and parallel sessions. These are a mix of keynote addresses, panel discussions, parallel sessions, along with side events and curtain raiser events.


Besides the conference sessions, technical poster exhibition and a digital exhibition showcasing over 20 exhibitors from government, industry, sponsors etc. will also be showcased. As a post conference event, we are happy to announce that a doctoral colloquium co-organized by IIT, to learn about the standards/methodology and global research practices in e-Governance. We are also releasing a coffee table book which documents 25 success stories from 5 continents. A Country book with thought leaders visioning the future of Digital India, and its contribution to a Safe and Peaceful Cyber Space is another expected output.

Ministry of Home Affairs
16-November, 2017 17:51 IST
Need for robust cyber-security policy and skilled manpower: Shri Hansraj Ahir

Union Minister of State for Home Affairs, Shri Hansraj Gangaram Ahir has said we must have a robust cyber-security policy and there is an urgent need for skilled manpower. Addressing the inaugural session of the 6th International Conference & Exhibition on Homeland Security here today, he asked the industry to fulfill the Prime Minister Shri Narendra Modi’s objective of ‘Make in India’ and said the domestic manufacturers should invest more on R&D, particularly in Defence Production.

Shri Ahir said the Government’s focus towards emerging Internal Security challenges is highlighted with the recent restructuring of Divisions in the MHA, resulting in the creation of Cyber and Information Security (CIS) Division and Counter-Terrorism and Counter-Radicalisation (CTCR) Division. Thefts resulting from cyber crimes and radicalization through the social media have altered the security dynamics and pose a grave challenge to the Security Agencies, he added.

Expressing concern over an estimated more than one crore illegal immigrants in the country, Shri Ahir said the Government has taken several initiatives to secure the country’s porous borders by erecting Smart Fencing. He called upon the various stakeholders to come out with robust solutions to secure our country’s borders.

******

 

[Hindustani78]

The Minister of State for Development of North Eastern Region (I/C), Prime Minister’s Office, Personnel, Public Grievances & Pensions, Atomic Energy and Space, Dr. Jitendra Singh addressing the 6th International Conference on Homeland Security, in New Delhi on November 17, 2017.

The Minister of State for Development of North Eastern Region (I/C), Prime Minister’s Office, Personnel, Public Grievances & Pensions, Atomic Energy and Space, Dr. Jitendra Singh addressing the 6th International Conference on Homeland Security, in New Delhi on November 17, 2017.