To seek measures and spread awareness about vulnerability, India's first crossdisciplinary cyber conference, Cyber 360, planned on Sept 28-30 in Bangalore
In April this year, over 50,000 Indian Army officers, including Chief of Army Staff General Dalbir Singh, realised how vulnerable India is to cyber-attacks. All their personal details were compromised after the website of the office of the Principal Controller of Defence Accounts (PCDA) was hacked. The PCDA manages accounts linked to salaries and remunerations of defence officers. The reaction? First, it was panic; followed by a hurried advisory to the officers that they should open new email accounts, and that they should stop using passwords of their old accounts.
This incident opened Indian eyes to a worrisome fact: The country lies extremely vulnerable to cyber-attacks with potential to completely cripple the country, and there is no deterrence; this, at a time when cyber security is being considered much more critical than the conventional border security.
Acknowledging this as a worrisome fact that throws up several insecurities in various sensitive domains that could irreversibly affect national security, industry and the economy, a first-of-its-kind cyber conference is being planned in Bengaluru on September 28, 29 and 30, called Cyber 360. In fact, this conference has been attributed such importance that Interpol, too, has confirmed its participation with a scheduled presentation on the Dark Web and Crypto Currency - significant threats for industry, especially for industries in the banking and financial sector.
"The primary objective of this conference is to build capacity against cyber threats (deterrence) and helping to better understand the existential threats that it poses to the Industry. We are bringing some of the finest experts in both strategic and cyber security in the world to Bangalore," Tobby Simon, president, Synergia Foundation, told Bangalore Mirror, although not completely divulging details about the conference as several other confirmations are expected in the next two-three days. The foundation is an inter-disciplinary do-tank working in the area of geo-economics and geo-security, with cyber security as one of its main focus areas. The foundation, along with Confederation of Indian Industry (CII) and Chatham House UK, is organising this conference.
Detailing the challenges faced in India, Simon said the two main challenges faced were at the enterprise and the critical infrastructure levels. With the emerging internet economy delivering growth and efficiency at an unprecedented scale, organisations everywhere - from small businesses to the largest - are equally vulnerable to cyber-attacks. Criminals deliver spams, cast phishing attacks, facilitate click-fraud and launch distributed denial of service attacks with high precision.
"We are not equipped to prevent such attacks," says Simon. "Just imagine what would happen if the security of a company like Infosys or Wipro is breached through cyber means! If large companies cannot take care, obviously the smaller ones would remain even more vulnerable."
He points to the thriving underground economy that fuels growth of innovative malwares which incentivizes cyber-attacks. "The hyperconnectivity and relative anonymity provided by dark web lowers the risk of detection and makes economic espionage activities straightforward and attractive to conduct," he says.
Also at the heart of any critical infrastructure is an industrial control system which includes supervisory control and data acquisition systems that monitor processes and controls the flow of information. However, while the widespread use of cloud computing and the adoption of internet of things technology has reduced costs, it has increased its cyber-vulnerability of this very industrial control system.
Simon suggests that cyber-hygiene can be taught in school to spread awareness from a very young age. "Teachers could be trained to teach the children; and when we have the first such module many can be replicated in schools across the country," he says.
The conference aims to do a similar thing - but with professionals in different fields. It aims to bring together CEOs; members of boards; COOs; senior management of over 60 companies; think thanks from US, UK, France and India; senior bureaucrats from state & Central governments; media; academia (IITs, IISc, MIT , Oxford , NIAS); security practitioners; senior ministers; and consul generals from the embassies (or high commission) of US, UK, France, Germany , EU, and Japan.
MAJOR TYPES OF CYBER THREATS
MALWAREMalware is any computer code that has malicious intent. It is often used to destroy something on a computer or to steal private information. Odds are, nearly everyone with a computer has fallen victim to some form of malware in their time.
VIRUSES As the name implies, viruses make a computer 'sick'. They infect a computer, just like a real virus that infects a person, then they hide inside the depths of the computer. Viruses replicate themselves, and they survive by attaching to other programs or files. Though viruses are one of the oldest types of cyber-attacks, they can be some of the craftiest. The capability of viruses has evolved, and they are often hard to spot and remove from a computer.
SPYWARE Spyware is a form of malware that monitors or spies on its victims. It usually remains in hiding, but even so, it can log the various activities performed by a user. Spyware is capable of recording keystrokes (what a user types on the keyboard), which means that the attacker can view passwords that the victim enters into the computer. Spyware is also used to steal confidential information.
WORMS Similar to viruses, worms replicate themselves many times to fulfill a nefarious purpose. But worms are capable of surviving all by themselves, and not only do they replicate on a single computer host, they can also replicate across an entire network of computers. It is these features that can make a worm significantly more dangerous than a virus.
PASSWORD ATTACKS These attacks are focused on cracking a victim's password so the attacker may obtain access to a secured system. A username/password combination is typically the standard form of authentication on most systems. Though this type of account security is not necessarily weak by default, a user must follow good password procedures in order to stand a chance against a password attack.
BRUTE-FORCE ATTACK This type of attack is typically used as an end-all method to crack a difficult password. A brute-force attack is executed when an attacker tries to use all possible combinations of letters, numbers, and symbols to enter a correct password.
DENIAL-OF-SERVICE ATTACKS A denial-of-service (DoS) attack is a special form of cyber attack that focuses on the interruption of a network service. This is achieved when an attacker sends high volumes of traffic or data through the target network until the network becomes overloaded.