Sophistication of threats link cyber security to national security. Global losses due to cyber attacks estimated to be between USD 3.7 to 6.9 trillion dollars; up to USD 1.3 trillion losses in the banking sector.
The NASSCOM-Data Security Council of India (DSCI) conducted its Annual Information Security Summit in Mumbai between December 11-12. The theme for the 7th edition of this summit was ‘Indian meets for Security’ and the focus was on the national and enterprise aspects of Cyber Security. The Annual Summit is the flagship event of DSCI, where security professionals from industry verticals and government meet to exchange ideas, share knowledge, discuss and deliberate on common issues faced by the security community globally. The summit was inaugurated by N. Chandrasekaran, Chairman, NASSCOM and CEO, TCS.
The special guests in attendance were Jack Christin Jr., Associate General Counsel, Global Asset Protection, eBay and Lata Reddy, Deputy, NSA.
Speaking at the inauguration of the summit, Dr. Kamlesh Bajaj, CEO, DSCI said, “The global and national landscape for data protection has witnessed many changes. And we have modified our work plan to stay in tune with these changes so as to deliver value to the industry, user organizations, public sector and the government.”
Alluding to some of the changes in the landscape, Dr. Bajaj said individuals now face a greater privacy risk, especially on social networks. He said there is a need for individuals to control their data. And countries in the EU and the US are looking to revise existing laws. He mentioned the US Consumer Bill of Rights and the EU’s Data Protection Regulation.
“Cyber threats are on the rise globally. There’s a rise in cyber crimes, cyber espionage, and attacks on critical information infrastructure. It is not just the financial frauds and identity thefts, copyright and trademark violations, but attacks on critical information infrastructure that are catching attention and linking cyber security to national security. The global losses (due to cyber attacks) are estimated to be between USD 3.7 to 6.9 trillion dollars, with losses in the Banking sector being up to USD 1.3 trillion,” informed Dr. Bajaj.
He pointed out that attacks on high value institutions and highly secured organizations are on the rise -- even security companies were being attacked these days. Espionage and theft of intellectual property and state secrets are on the rise. In fact IPR losses are estimated to be about USD 1 trillion every year.
Attacks on social media platforms and applications are also on the rise. Social networks are also being misused to spread rumours and arouse feelings of hatred and contempt in national communities. Being a global hub for outsourcing, India also faces ICT supply chain risks.
All this calls for more awareness and regulation from both government and industry. It also calls for modification of Indian laws to address new technologies like cloud computing and social networks. In fact the Government of India has already set up a working group to formulate a cloud policy. And on the industry side, Microsoft for instance, is about to launch a radio campaign targeted at college students. The campaign aims to create awareness about using social networks in a responsible manner.
The summit was spread over two days, during which a number of keynotes, roundtables, and panels around specific security and privacy themes were held to promote security approaches and solutions. One of the panels this year was Women in security, which raised some interesting points about gender equality. There was a general session on careers in security too. And in other sessions there were experts from the industry, academia and government deliberating on a range of issues from cyber security and Internet governance, to engagement with EU on India’s ‘adequacy’ under the Data Protection Directive for trans-border data flows.
DSCI UPDATE
Dr. Bajaj also updated the congregation about DSCI’s accomplishments in the past year. DSCI set up a task force called the Cyber Security Advisory Group, under the chairman of NASSCOM. The Group released a report in April 2012 titled ‘Securing our Cyber Frontiers’. The report which was presented to the Home Minister and the National Security Advisor, has 10 key recommendations.
“The government now realizes that it cannot secure cyberspace alone – private sector support is essential. DSCI and NASSCOM have had several discussions with the Government. NASSCOM member companies have contributed to those discussions at various levels,” said Dr. Bajaj.
He informed us that the government has set up a permanent joint working group under the chairmanship of Deputy, NSA to oversee and coordinate implementation. The sub-groups are focussed on areas such as capacity building, testing & certification in the context of ICT supply chain, standards & audits, critical infrastructure protection, centres of excellence, and international cooperation and advocacy.
“In the context of privacy we have held a number of discussions with the European Union, on data transfer and adequacy of India. We made presentations about how India has a strong data protection regime and how the privacy principles under section 43 of the IT Act correspond to what the Europeans have for data protection. It is an on-going engagement,” informed Dr. Bajaj.
With regard to privacy developments in India, it was felt that, apart from the IT Act 2008, there was a need for a horizontal law covering all the areas of government and private sector. The government is implementing many projects such as NATGRID and UID/Aadhar which impact the privacy of individuals.
DSCI and NASSCOM are now involved in the establishment of a new international standard ISO 27036 for Security for Supplier Relationships. The standard, currently under development, will impact the outsourcing industry.
DSCI has also been called upon by the Government of India to express its stand on Internet governance. There has been an international debate on how ICANN, a US organization, is governing Internet controls, and the need for more international participation in technical and security controls of the Internet.
DSCI also released some reports on thought leadership and assessment frameworks for privacy and security during the summit.
The first day of the summit concluded with the
DCSI Excellence awards to acknowledge individuals and organizations
for outstanding achievement in the area of information security and
cybercrime investigation. InformationWeek had earlier reported on
the award ceremony here:
http://www.informationweek.in/Security/12-12-13/DSCI_honors_organizations_individuals_for_undertaking_excellent_security_initiatives.aspx
The summit was well attended by delegates from
India and overseas.
0 comments:
Post a Comment