Critical national infrastructure is the lifeline of any nation. If you
think this is a statement blown out of proportion then consider
infrastructure like power supply grids, oil and gas supply networks,
rail and port networks, etc. To this story, now add a pinch of ICT that
has eased the functions of these units. Use of ICT and dependence on
Internet networks may have eased the task of providing the respective
service and also enabled to increase the reach of these services. Now,
imagine life for just an hour with these essential services out of the
picture, not possible, then think about the damage that can be caused
by even a small intrusion. Think again and shudder as even a small
intrusion can paralyze the entire system and the resultant losses are
just unimaginable.
In Detail
Highlighting the possible threat to the infrastructure, Zia Saquib,
Executive Director, CDAC, says, Hackers today no longer are
restricting their activities to acquiring data or disrupting the
services of any particular entity. They have now trained their eyes on
critical national infrastructure with the view of disrupting essential
services, which may in turn disrupt the functioning of an entire city.
Once they hack into a system and manipulate the network signals and
software programmes, they can control the entire system to either
destroy it or cause any other disruptive action. All this could lead to
a nationwide disaster, which could take a toll of human life.
This statement may just appear to be born from a piece of imagination
or a fictional statement that may find effect in the future. But no,
this is no piece of fiction, as experts like Dr Muttukrishnan
Rajarajan, Assistant Dean E-Learning, City University London explain
that such incidents of cyber security have been the cause of concern
disrupting services in countries like the US, Australia, etc, and India
could not be far behind. Dr Rajarajan further adds, Certain standards
need to be set that identify the behavioral patterns of
href="http://dqindia.ciol.com/content/industrymarket/focus/2007/107051005.asp">
cyber crimes so that it could set an alert and consequently such
incidents could be scaled down. And basically, need to join hands to
jointly counter a scenario arising from cyber crime as it lacks
boundaries.
Absence of key
href="http://dqindia.ciol.com/content/top_stories/2010/110050402.asp">security
regulations and protocols in India, make security risks, threats
and vulnerabilities put critical national infrastructure on the hit
list.
href="http://dqindia.ciol.com/content/industrymarket/focus/2010/110042301.asp">Security
of critical network is important as ICT exposure has also brought
with it increased vulnerability landscape. This also brings to the
forefront the need to mitigate risks without having to move away from
Internet usage. This also brings to importance the need for regulatory
standards. Going forward the threats will move to the government
clouds, consider a period when income tax returns are to be filed. Any
manipulation during this time could cause a dent in the economy of the
country.
Another example could be the railway network system that necessitates
the need to be linked with the Internet for online ticket reservation
facilities. So the issue is how to mitigate such risks in leveraging
the benefits of using Internet. As an academic institute, we want to
educate people and make them aware and also want the government to come
out with a national regulation and compliance standards for security of
the critical national infrastructure, Dhiren Patel, Visiting Professor
(Computer Science and Engineering), IIT Gandhinagar.
To the Rescue
Recognizing the effect of damage that could be caused by disrupting the
critical national infrastructure, a 15-member team at C-DAC
Mumbai developed three new innovative security products over a period
of two and half years. C-DAC's security product line includes Revival
1000, a cost effective solution for critical data protection and
disaster recovery and is based on iSCSI platform over TCP/IP to provide
block replication at remote site. It is interoperable with legacy
hardware systems including SAN boxes and other database-based
applications.
The second, Guard Your Network (GYN) 1000 is a network intrusion
prevention appliance that works in bridge mode (in-line) for providing
protection. It analyses the packets to take preventive measures after
validating the critical attacks by carrying out multi-method detection
using several signatures and anomaly detection mechanism. GYN1000
ensures protection against DoS, DdoS, worms, web attacks, E-mail
attacks, attacks against Database (SQL) servers, scans, floods,
protocol and application anomalies. Currently, Gyn 1000 is still in the
beta stage. The third, STARS is a two-factor authentication solution
for web-based services such as e-commerce, e-shopping, e-banking, etc.
It ensures high level security for authentication and encrypted
communication using authenticated dynamic session key. It offers
flexibility of using either an external device such as USB token or
soft token as second factor in addition to smart cards.
Explaining about the products, Saquib elaborates, "The indigenous
technology will help us to increase our competency, and reduce our
depency on foreign countries and multinational companies. The reason
for us to venture into these offerings is that we do not intend to
start developing such solutions only after MNCs deny us such products.
Its features are comparable to that offered by the top five vendors.
Currently, we have not worked on the pricing of the models but they
will be cost effective. There are no major initiatives made to sell
these products but these are being offered specially for government
entities."
These new products follow open standards protocol, which enables them
to be deployed on any existing systems and networks. In addition, the
product-customisation will help in application and usage beyond the
critical national infrastructure networks. It is for the first time
that C-DAC will be putting these security products in the open
commercial market and will be competing with various established
multinational companies and vendors.
Highlighting the scenario better, Saquib says, "It is a growing area
for product development as well as research. We want more and more
local companies to work with the government under the public private
partnership (PPP) model in developing security regulations and
compliance standards to enhanced the security of our critical national
infrastructure.
On a final note, it can be said that C-DAC has made the right move to
stregthen the critical national infrastructure of the nation.
At a glance:
- Hackers today no longer are restricting their activities to
acquiring data or disrupting the services of any particular entity. - They have now trained their eyes on critical national
infrastructure with the view of disrupting essential services. - Even a small intrusion to the critical national infrastructure
can paralyze the entire system and the resultant losses are
unimaginable. - Security of critical network is important as ICT exposure has
also brought with it increased vulnerability landscape.
Zia Saquib, Executive Director, CDAC, says, "The indigenous technology
will help us to increase our competency, and reduce our depency on
foreign countries and multinational companies."