Governance in Cybercrime and Cybersecurity orgns - final distribution Organizations

Governance in
CyberCrime Investigation
&
Cyber Security
Organizations
On
Dec. 07, 2013

At
The Palladium, Mumbai

Presented At
CyberAttack 2013
Security Conference

Governance in CyberCrime Investigation
& Cyber Security Organizations

CYBER ATTACK 2014, Mumbai

By

Dinesh O. Bareja
Information Security &
Management Advisor

Distribution Version
• This presentation has been optimized for distribution which means that animation panes have
been deleted and expanded so that the slides with animation do not appear with unreadable
clutter
• The images that have been used are sourced freely from the Internet using multiple search
resources. Our logic is that if your creations are searchable then they are usable for
representation AND we never use any such images in our commercial works
• All our works that are put up as ‘distribution’ versions are published under Creative Commons
license and are non-commercial – these are available for download from common document
sites on the internet or from our website
• If some images are deleted the slide will show the hyperlink to it and you can follow the link to
see the image. This is done if I have received an objection or a take-down notice from the
copyright owner
• I/We make every effort to include a link or name to the copyright owner of the image(s) that
have been used in this presentation and please accept our sincere apologies in case any image
has not been individually acknowledged
• Copyright notices or watermarks are not removed from images or text which are not
purchased, however, we may say that practically all text is our own creation
• Inspite of all the above and other declarations, if you have objections to the use (as owner of
any of the IP used in this presentation / paper) you may please send an email to us and we
shall remove the same right away (please do remember to include your communication
coordinates and the URL where you spotted this infringement


CYBER ATTACK Mumbai
CYBER ATTACK 2014,2014, Mumbai

A Brief Introduction
Dinesh O Bareja
• Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd
• Cyber Surveillance Advisor – Cyber Defense Research Centre (Jharkhand Police – Special Branch)
• Member IGRC – Bombay Stock Exchange
• COO – Open Security Alliance

Enterprise & Government Policy Development;
Cyber Security Strategy and Design Architect;
Current State Maturity Assessment & Optimization;
Digital Forensics, Cloud Forensics and Security;


CYBER ATTACK Mumbai

Setting The Context..
Thinking .. Strategizing … Planning should be done
when you are in square one

However it is better late than never:
Stop Take stock Create a going-ahead plan
Restart from where you stopped


CYBER ATTACK Mumbai

Context…

Taking stock of our current situation:

It is about time the Information Security community
woke up to voice the weakness in governance in
our government’s thinking on national cyber
security
And

The increasing inability to control (cyber) related
incidents with the looming threats of cyber war /
terrorism / espionage / crime

CYBER ATTACK Mumbai

Or (in the near future)… Face

Annihilation

CYBER ATTACK Mumbai

Context

Defining the three key terms in our title to set the
context (from Wikipedia and Dinesh’speedia

• Governance: That which defines expectations, grants power or

verifies performance. Is a system by which entities are directed and
controlled and a governance structure specifies the distribution of rights
and responsibilities among different stakeholders. It is the process or a part
of decision-making and the process by which leadership is established and
decisions are implemented (or not implemented)

• Cybercrime Investigation Organizations: Are primarily law
enforcement organizations and such bodies that are engaged in
investigating and controlling cyber crime.

• Cybersecurity Organizations: Intelligence services, offensive and
defensive solution development and delivery, sector specific entities like
Telecom CERT etc, cyber command wings of defence forces and such
organizations that are outside the ambit of being termed a LEA.


CYBER ATTACK Mumbai

We
Need
To


CYBER ATTACK Mumbai

My Plan is to Talk About

Why
don’t
we

• Relevance and strengths of planned security
organizations
• Why traditional security entities are not relevant
against new-age challenges
• The demand and growth of know-it-alls and the
ignorant experts
• Existing organization structure of Cyber Security
Forces, Capability at national and state level
• Disadvantages and challenges arising out of
present organization structures
• Way Ahead

CYBER ATTACK Mumbai

Lets Talk About

Why
don’t
we

organizations
ignorant experts
• Way Ahead

CYBER ATTACK Mumbai

Relevance and Strengths in
Planned Security Organizations

Why

do we need to structure a
centralized command governance
for Cyber Security across the nation
(or states) when we already have our
Cyber-thanas, CERTs, NTRO-NCIIPC,
DIARA and more


CYBER ATTACK Mumbai

Relevance and Strengths
• Centralized system provides strategic, tactical,
operational and administrative control
• Need-to-know Data Access and Distribution Policy
• Central Information Library and Knowledgebase
• Politics-free Inter-Disciplinary dependencies
• Common goals across all stakeholders
• Quick response capability
• Enhanced intelligence and capability sharing

CYBER ATTACK Mumbai

Relevance and Strengths
• Standardized response by organizations across the
nation states provide harmony in operations
• Resources, capacities, capabilities can be shared
• Crisis communication is controlled and effective


CYBER ATTACK Mumbai

One Bright Example - CDRC
• Jointly setup by Jharkhand State and Jharkhand
Police (special branch)
• Located in PHQ it is the authority in the state for
cybercrime and cyber security related information,
advisories, investigation – QUICK RESPONSE
• Engaged in citizen awareness outreach, critical
infrastructure protection, training etc
• Connects with the InfoSec community, LEA and
security establishments across the country …

CYBER ATTACK Mumbai

Change Gives No Choices
Hopefully
not a major
incident

http://socialmediastrategiessummit.com/blog/relevance-strategic-inflection/

Period of
ignorance on
the power trip

CYBER ATTACK Mumbai

Enlightenment
dawns on the
lawmakers

Traditional Entities
• Cyber Thana, Cybercell, Cyber Lab, FSL
• Police, BSF, ITBP, CID, CBI, EOW, SFIO, IT
• CERT, Sectoral CERT, NTRO, NCSC, NIA, IB, NCIIPC
• Army, Air Force, Navy
• My personal list has a count of about 60
organizations which are (in some way or the
other) connected to the aims of cybercrime /
cybesecurity control

CYBER ATTACK Mumbai

But, we have..
• The same problems which face any traditional
entity

• Lack of sharing
• Blame it on the enemy-of-the-day
• High spending
• Generally go around in circles do nothing
• Lack of capability / skills / resources

CYBER ATTACK Mumbai

If you don’t believe me I hope
you will believe someone who
was more intelligent than me !


CYBER ATTACK Mumbai

Why Traditional Can’t Survive
• Borders and jurisdictions are porous
• Speed of decision making and communication is
the need of the hour second (it will soon be the
need of he nanosecond)
• A single crime may be committed from multiple
locations at the same time
• Attacks and malicious activity can be initiated by
individuals, groups or nations…. Who attacks
whom is unknown!
• Every one in the team has to be a hacker… etc!

CYBER ATTACK Mumbai

What is Needed
• Organization Agility
• Thought Leadership
• Planned Operations and Response
• Acceptance of knowledge as power
• Budget and support for growth
• Reality – a child can be the adversary
• … etc!


CYBER ATTACK Mumbai

FUDsters Trolls Carpetbaggers
and Scalawags abound
http://horrorfilmaesthetics.blogspot.in/2011_06_01_archive.html

As with any new frontier one will
find the settlers along with the
charlatans, the con men, the
criminal minded and others.

The internet is no different… there
are scamsters, crackers, business
people, phishers, bankers,
bloggers, settlers etc…

CYBER ATTACK Mumbai

FUDsters Trolls Carpetbaggers
and Scalawags abound
• Organizations and Governments are shooting
themselves in the foot
• False expectations are created to believe that the
largest organization has the best solution
(qualification - 200 crore turnover for past 3 years)
• Vendors present snazzy catalogs and are generally
people who know everything about anything
• Analyst opinion is considered to be gold standard
• Auditors are trained to never give the true picture

CYBER ATTACK Mumbai

The Quantum of Risk
grows exponentially when
one is stuck in the past

Just hope to get unstuck quick!

CYBER ATTACK Mumbai

Buyers live in the old mindset
• Insurance company seeking Risk Management
framework – QC is Rs 200 cr profit making
company for past 3 years
• Bank seeking IS support services sets the QC at Rs
100cr .. profit making, in past 3 years
• Company hiring a Security Manager expects the
person to have all certifications and skills in audit,
technology, forensics, communication, application
development, business continuity, malware etc


CYBER ATTACK Mumbai

Hiring Managers live in their
personal heaven


CYBER ATTACK Mumbai

Where do they think they will
get value

How do they expect to secure
their organizations if they
leave out the world
Just hope to get unstuck quick!

CYBER ATTACK Mumbai

Now Lets Talk About

Why
don’t
we

organizations
ignorant experts
• Way Ahead

CYBER ATTACK Mumbai

Current State of Cyber Security
Governance - worldwide
• Multiple organizations are established by different
departments of Government, Law Enforcement,
Defence Forces, Large Enterprises
• Each of them is doing “their own thing” to protect
their turf (assets, perimeter, technologies)
• Every one is a de facto expert claiming to have the
most wonderful system in place after God’s
creation
• Chaos and confusion reign supreme and it is
evident in the continued bashing of the domain

CYBER ATTACK Mumbai

Current State of Cyber Security
Governance - worldwide
• Each looks at cybersecurity as an extension of their
own present function – so the Naval team looks at
threats to their own naval installations and the
Police is only concerned with cybercrime
• Capabilities are being created in silos which do
not communicate or may do so at the MHA
sponsored senior officer meetings
• And what do we have in the end..


CYBER ATTACK Mumbai

Silos
• Absence of Inter-State Information Sharing among
LEA and others
• Everyone is going their own way
• State of the Art purchases


CYBER ATTACK Mumbai

Traditional Entities
• My personal list has a count of about 60
organizations which are (in some way or the
other) connected to the aims of cybercrime /
cybesecurity control
• A listing will come up in the next slide

• These organization names have been taken from
news / media reports so it is in public domain (no
secrets are disclosed!)

CYBER ATTACK Mumbai

What Org Structure

What We Need
What We Have

CYBER ATTACK Mumbai

Organization
Soup

CERT-In

Computer Emeregency Response Team

CHCIT

Cyber and Hi-Tech Crime Investigation and Training Center

NIC

National Informatics Center

NTRO

National Technical Research Organization
Cyber Regulation Advisory Committee

General Weapons and
Electronics Systems
Engineering Establishment

NCSC

DIARA

Defense Information and
Research Agency

CMS

Central Monitoring System

DIA

Defence Intelligence Agency

NCSF

National Cyber Security Framework

WESEE

National Cyber Security Commissioner

Cyber Coordination Center

Cyber Security Board

Special Operations
Command

Cyber Security Board - Cyber Security Coordinators

Strategic Forces Command

NCCC

National Cyber Coordination Centre

CERT-Navy

NSCS

National Security Council Secretariat

NCCC

National Cyber Coordination Centre

NSAB

National Security Advisory Board

CERT-Army

CERT-AirForce
Cyber Operations Centre
(NTRO with Armed Forces)

National Information Security Authority

NCIIPC

National Critical Information Infrastructure Protection
Committee

CYBER ATTACK Mumbai

Organization
Soup

National Intelligence Board

SSTCG

Strategic Security Technology Coordination Group

MAC

Multi Agency Centre
Joint Cipher Bureau

CDRC

Cyber Defence Research Centre, Jharkhand

Scientific Advisory Group

Cyber Suraksha Cell, Guajarat

Indian Stastistical Institute

Special Operations Group, Gujarat

Cipher Committee

Cyberdome, Kerala Police

Scientific Advisor to Raksha Mantri

DSCI

Data Security Council of India

IISc

Indian Institute of Science, Bangalore

ISAC

Information Sharing and Analysis Centre

CSI

Computer Society of India

Telecom Security Council of India
NATGRID

National Security Database
IDRBT

Institute for Development and Research in
Banking Technology

IBA

Indian Banks Association

RBI

Crimes and Criminal Tracking Network and System
NCTC was to weld together multiple intelligence
databases:

NJDG

Indian Cyber Army

CCTNS

NCTC

Deccan Hackers

National Intelligence Grid

National Judicial Data Grid

TETC

Telecom Testing and Security Certification Centre

Reserve Bank of India

TRAI
DOT

CBI's Bank Securities and Fraud Cell

CYBER ATTACK Mumbai

Our Score = 60+
• The country should have been on the top of the
Cyber capability index worldwide

• We would not having this conference.. Rather …
the topic would have been different
• Nations and individuals would have to think twice
to face up to us – no website defacements or data
breach

What We Have


CYBER ATTACK Mumbai

• To respond to an attack by air the Air Force is
called, on land it is the Army and the Navy at sea

Who do we call upon for an
attack through the internet

• How do 60+ agencies coordinate with each other
• How can a planned response be launched in the
absence of a central coordinator….

CYBER ATTACK Mumbai


CYBER ATTACK Mumbai

• Worldwide – other countries are no
better
• No wonder attacks are on the rise
and everyone is hurting bad


CYBER ATTACK Mumbai

Taking a Look At

Why
don’t
we

organizations
ignorant experts
• Way Ahead

CYBER ATTACK Mumbai

Disadvantages / Challenges
• Increased risk of incompetent response when
faced with a challenge
• Uncontrolled purchases expenditure
• Head in the sand bliss
• Wasteful expenditure in the absence of
competence or capability
• The only certainty – defeat at the hands of anyone
with a computer and malicious intent


CYBER ATTACK Mumbai

One Bright Example - NDMA
• Central Disaster Management agency
• Body of Knowledge and expertise
• Ensures regular drills and exercises
• Follows national level standard processes
• National mandate to coordinate and guide all
states in their response and management setup
• Recent Success – Orissa (Phailin) and AP (Lehar)
• Challenge - communication, post-incident
response

CYBER ATTACK Mumbai

One Bright Example - NDMA
• Before the NDMA • Many deaths
• Unorganized response
• Could we ever evacuate
• Of course NDMA did not spring up overnight – it
was formed in December 2005 and has come a
long way


CYBER ATTACK Mumbai

Way Ahead
• Cyber Security must be entrusted (at national level)
to one authority and organization
• PMO / President should be designated as C-in-C as
this is a frontier, a battleground
• Cybercrime, Terrorism, War, Attacks, Espionage,
Reputation, Information Exchange, Development
of Offensive Capabilities et al cannot be decided
upon by the NCSC


CYBER ATTACK Mumbai

Commander in Chief
PM / President

Second Line of Command (Operational and Strategic)
NSA

NCSC

Defence
Chief of Staff

CERT

Head of
Intelligence

MHA

LEA, Industry
Rep & Bodies

Cyber Security Organizations and Organizations with Cyber Command Centers
State Cyber
Security Centers

Sectoral CERTs

NTRO(cyber)
NCIIPC

IB, RAW, NIA,
DIA

Academia
Participants

Defense CERTs,
DIA, DRDO etc

CyberCrime
Police Stations

CCTNS,
NATGRID

Information &
Data Library

Online
Battalions

Continuing
Education &
Training

General areas
n.e.s.

Control and Operational Areas (national and state level)
Capacity
Building

Capability
Building

Education
and Training

Citizen
Outreach

Sectoral
Departments

Critical
Infrastructure

International
Relations

Policy &
Regulations

Offensive and
Defensive

Intelligence
Gathering

Knowledge
Repository

Domestic
Relationships

Risk
Advisories

Research and
Development

Public Private
Partnership

Public
Relations

Talent
Identification

Security
Clearance

Think Tank

Testing
Group

Responsible
Disclosure

Reporting and
Measurement

Audit, Risk,
Technology

Field Organizations and Teams
CERT
Incident
Response

Awareness,
Education,
Training


Skill
Development

Developers

Embedded
Cyber
Patrollers

CYBER ATTACK Mumbai

Way Ahead
• Organization will be responsible for every aspect
of cyber security
•
•
•
•
•
•
•

Policy and regulations
Advisories and Information sharing systems
State level organizations – mandate and operations
Cyber Defense Command
Armed Forces cyber security organizations
National and sectoral CERT
National Critical Infrastructure Protection


CYBER ATTACK Mumbai

Way Ahead
• Build capacity and capability
• Secure national and state infrastructure
• Raise awareness of cybersecurity needs
• Learn what is coming up – or what will come
• So who will own this defence organization ? MHA
or MOD ?


CYBER ATTACK Mumbai

This is a peek into
the Future
what’s coming up
ahead

CYBER ATTACK Mumbai

BAD


CYBER ATTACK Mumbai

Dinesh O. Bareja,
CISA, CISM, ITIL, BS7799, Cert IPR, Cert ERM

• Professional Positions
•
•
•
•

Pyramid Cyber Security & Forensics (Principal Advisor)
Open Security Alliance (Principal and CEO)
Jharkhand Police (Cyber Security Advisor)
Indian Honeynet Project (Co Founder)

• Professional skills and special interest areas
• Security Consulting and Advisory services for IS Architecture, Analysis,
Optimization..
• Technologies: SOC, DLP, IRM, SIEM…
• Practices: Incident Response, SAM, Forensics, Regulatory guidance..
• Community: mentoring, training, citizen outreach, India research..
• Opinioned Blogger, occasional columnist, wannabe photographer

CYBER ATTACK Mumbai

Contact Information
E dinesh@opensecurityalliance.org

@bizsprite

+91.9769890505

dineshobareja

L: http://in.linkedin.com/in/dineshbareja

dineshobareja

References
http://socialmediastrategiessummit.com/blog/relevance-strategic-inflection/

Acknowledgements & Disclaimer
Various resources on the internet have been referred to contribute to the information
presented. Images have been acknowledged (above) where possible. Any company names,
brand names, trade marks are mentioned only to facilitate understanding of the message
being communicated - no claim is made to establish any sort of relation (exclusive or
otherwise) by the author(s), unless otherwise mentioned. Apologies for any infraction, as this
would be wholly unintentional, and objections may please be communicated to us for
remediation of the erroneous action(s).

CYBER ATTACK Mumbai

Governance in Cybercrime and Cybersecurity orgns - final distribution Organizations

Governance in Cybercrime and Cybersecurity orgns - final distribution Organizations

Recommended

More Related Content

What's hot

What's hot(20)

Viewers also liked

Viewers also liked(16)

Similar to Governance in Cybercrime and Cybersecurity orgns - final distribution Organizations

Similar to Governance in Cybercrime and Cybersecurity orgns - final distribution Organizations (20)

More from Dinesh O Bareja

More from Dinesh O Bareja(9)

Recently uploaded

Recently uploaded(20)

Governance in Cybercrime and Cybersecurity orgns - final distribution Organizations