This document discusses cybersecurity issues related to critical infrastructure. It begins by providing examples of past cyberattacks on industrial systems and infrastructure in countries like the US, Germany, and Israel. It then discusses the challenges of securing industrial control systems and critical infrastructure from cyberattacks. The document calls for coordinated efforts between government and industry to address these challenges through clear roles and responsibilities, information sharing, and public-private partnerships. It emphasizes the need to prioritize cybersecurity and treat it with the same importance as national security issues.

1. Manindra Agrawal and Sandeep K. Shukla
Center for Cyber Security of Critical Infrastructure
Indian Institute of Technology Kanpur

2. ISIS tries to hack Google,
takes down small Indian firm
Hackers associated with the terror group ISIS made a
boo boo in their grand scheme of bringing down Google
and instead hacked a small Indian firm.
IndiaToday.in
New Delhi, March 3, 2016 | Posted by Parthshri Arora | UPDATED 20:23 IST
Home
India
India-News-India
Indian government website hacked by terrorist group al Qaeda
Indian government website
hacked by terrorist group
al Qaeda
Al Qaeda's south Asia chief is Maulana Aasim Umar who has a
message for Muslims in India
By: Express Web Desk
New DelhiUpdated: Mar 2, 2016, 11:10
Pakistani hackers deface 24
Chhattisgarh government websites
Rashmi Drolia | TNN | Sep 29, 2015, 03.50 PM IST

3. Ukraine blackout is a
cyberattack milestone
Hundreds of thousands of homes were left in the dark in what security
experts say was a first for hackers with ill intent.
Israel's Electrical Grid Targeted by 'Severe Cyber-attack'
Energy Minister Steinitz says Israeli electric authority succeeded in
mitigating attack by shutting down systems to prevent virus from
spreading.
Danna Harman Jan 26, 2016 8:43 PM
read more: http://www.haaretz.com/israel-news/.premium-1.699706
Home /
Cybersecurity/
Iranian Cyberattack Infiltrated Control System of New York Dam
Iranian Cyberattack Infiltrated Control System
of New York Dam
12/22/2015 | Thomas Overton
TV5Monde hack: 'Jihadist'
cyber attack on French TV
station could have Russian
link
The invasion of the computers was claimed by 'CyberCaliphate' on behalf of Isis
Home › Vulnerabilities
Cyberattack on German Steel Plant Caused
Significant Damage: Report
By Eduard Kovacs on December 18, 2014
Turkish banks under cyberattack
amid crisis with Russia
Hülya Güler – ISTANBUL

5. • Davis-Besse Ohio Nuclear Power Plant and Slammer Worm – January
2003
• North-East Power Blackout – August 2003
• CSX Train Signaling System and Sobig Virus – August 2003
• Automobile Plants and the Zotob Worm (Daimler-Chrysler) August 2005
• Hatch Nuclear Power Plant Shutdown – March 2008
• Stuxnet and Iran Nuclear Enrichment Plant problems – 2009

7. Title Year Industry Type Country
Page 1 of 9
German Steel Mill Cyber
Attack
2014 Metals Germany
Russian-Based Dragonfly
Group Attacks Energy
Industry
2014 Power and Utilities United States
Public utility
compromised after brute-
force hack attack, says
Homeland Security
2014 Power and Utilities United States
After ‘Godzilla Attack!’
U.S. warns about traffic-
sign hackers
2014 Transportation United States
U-2 spy plane caused
widespread shutdown of
U.S. flights: report
2014 Transportation United States
Virus shuts down county
highway department
network
2013 Transportation United States
Signal problèmes cause
train Delay
2013 Transportation United States
Computer Glitch Leads to
Shutdown of Nuclear
Reactor
2012 Power and Utilities United States

8. Software error
23%
Malware Attacks
35%
SCADA Component Failure
19%
Operator Error
11%
Other
12%
Figure : Main Causes of Incidents in Industrial Networks

9. date
The rise of mobile banking Trojans (Kaspersky Security Bulletin 2014)

10. Assocham Mahindra SSG Report 2015

16. black market
Source: Andy Greenberg (Forbes, 3/23/2012 )

17. Pay-per-install (PPI) services
PPI operation:
1. Own victim’s machine
2. Download and install client’s code
3. Charge client
Source: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf)
spam
bot
keylogger
clients
PPI
service
Victims

18. Source: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf)
spam
bot
keylogger
clients
PPI
service
Victims
Cost: US - 100-180$ / 1000
machines
Asia - 7-8$ / 1000 machines

19. Hackers Terrorists, Criminal Groups
Hacktivists
Disgruntled Insiders
Foreign Governments
19

22. Cybersecurity —
Executive Order 13636
On February 12, 2013, President Obama signed Executive Order
13636, “Improving Critical Infrastructure Cybersecurity.” The Executive
Order is designed to increase the level of core capabilities for our critical
infrastructure to manage cyber risk. It does this by focusing on three key
areas: (1) information sharing, (2) privacy, and (3) the adoption of
cybersecurity practices.
Cybersecurity Framework Workshop
2016
National Institute of Standards and
Technology, Gaithersburg MD
April6-7, 2016
Workshop Purpose: The purpose of this workshop is to provide attendees a broad sampling of
Framework use and work products, as well as gather input to help NIST understand stakeholder
awareness and current use of the Framework, the need for an update to the Framework,
cybersecurity best practices sharing, as well as the future governance of the Framework.
Views on the Framework for Improving
Critical Infrastructure Cybersecurity
A Notice by the National Institute of Standards and
Technology on 12/11/2015
•
Notice; Request For Information (Rfi).
The National Institute of Standards and Technology (NIST) is seeking
information on the “Framework for Improving Critical Infrastructure
Cybersecurity” (the “Framework”).

23.  Government has authorized ‘National Critical
Information Infrastructure Protection Centre’ (NCIIPC)
to take all necessary measures to facilitate safe, secure,
and resilient Information Infrastructure for Critical
Sectors
 NCIIPC is under of National Technical Research
Organization (NTRO).
 The government of India’s Inter Departmental
Information Security Task Force (ISTF) has set up
Indian Computer Emergency Response Team (CERT-
In) to respond to the cyber security incidents and take
steps to prevent recurrence of the same.

24.  National Nodal Agency to protect NCII.
 Deliver advice to reduce vulnerabilities.
 Identify all CII elements for notification.
 Provide strategic leadership and coherent Government response.
 Coordinate, share, monitor, collect, analyze and forecast threats.
 Develop plans, adopt standards, share best practices and refine
procurement processes.
 Evolve protection strategies, policies, vulnerability assessment and auditing
methodologies and plans for CII.
 Undertake R&D to create, collaborate and develop technologies for growth
of CII protection.
 Develop training programs for CII protection.
 Develop cooperation strategies.
 Issue guidelines, advisories etc. in coordination with CERT-In and other
organizations.
 Exchange knowledge and experiences with CERT-In and other
organizations.
 NCIIPC may call for information and give directions to CII.
Source: http://workshop.nkn.in/2015/sources/speakers/sessions/NKN_NCIIPC.pdf

25. Lack of credible information about the measures that NCIIPC is taking
in protecting the country from cyber threats is a cause of concern.
NCIIPC’s charter mandates that it should “raise information security
awareness among all stakeholders” and it is failing in its duty by its
silence. While almost all leading Computer Emergency Response
Teams (CERT) are regularly issuing alerts about the vulnerabilities, it
is annoying to find that even the website of its Indian counterpart
(CERT-In) is not accessible most of the time.
Rajabahadur V. Arcot, Independent
Industry Analyst / columnist and
Automation Consultant
Saikat Dutta, Defending India's Critical Information Infrastructure : The Development and Role of
NCIIPC available at https://internetdemocracy.in/wp-content/uploads/2016/03/Saikat-Datta-
Internet-Democracy-Project-Defending-Indias-CII.pdf, Internet Democracy Project, 2015.

26.  Roles and responsibilities of each of the parties need to be clearly
defined.
 At the same time, governments need to establish the appropriate
policy and legal structures.
 Nations, such as the United States, have advocated for a market-
based, voluntary approach to industry cybersecurity as part of the
National Strategy to Secure Cyberspace.
 But this has not worked entirely, because security investments
made by industry, as per their corporate needs, are not found to
be commensurate with the broader national interest.
 How will the additional private investments be generated?
 Is there a case for government incentives, as part of an incentive program
to bridge the gap between those security investments already made and
those additional ones that are needed to secure critical infrastructure?
Several security surveys point to this need. They reveal a lack of adequate
knowledge among executives about security policy and incidents, the
latest technological solutions, data leakage, financial loss, and the training
that is needed for their employees.
Ack: From DSCI Website

27.  NASSCOM envisages the Indian IT-BPM
industry to achieve a size of USD 350-400
billion by 2025; the country can aspire to
build a cyber security product and services
industry of USD 35-40 billion by 2025
 Currently, Indian industry revenue from security
is estimated to be around 1% (USD 1.5 billion) of
overall IT-BPM industry revenue (USD 146
billion); by 2025, India can aspire to scale it to 10%
Ack: From DSCI Website

28.  One million certified skilled cyber security professionals by 2025
 1. Develop cyber security as a national mainstream cadre. Mandate through SSC, global best
practices and certifications:
 • 200 universities/colleges to run both dedicated stream and commercial research
 • 200 vocational training providers
 • 5 regional security hubs integrated with industry
 Select 100 Cyber security “Drone” acharyas and establish 10 COEs to create a pool of
expert Cybers ecurity trainers
 Govt. declares cyber security as a strategic sector on par with the space, atomic
energy and defence and make investments for capability and capacity building
 Attract the best talent for Cyber security via widespread advocacy, early
introduction in schools and talent search through hackathon and reality shows
 Mandate Cyber security health index of essential public services, critical
infrastructure and public companies
 Embed Cyber security in the academic curriculum across all levels for creating cyber
aware citizens Ack: From DSCI Website

29. What a hacker
must be trying?
What a defender
must be doing?
Need to be Schizoid

36. Layers/Research
AnalyticalMethods
Simulation/Co-
Simulation
Laboratory
Emulation
Cryptography
theoryand
Engineering
Softwareand
SystemSecurity
ProgramAnalysis
MachineLearning
andDataAnalytics
NetworkSecurity
Physical Dynamics of the
System
X X X X
The Electro-Mechanical
Equipment/sensors/actuators
X X X
Industrial Automation and
control
X X X X X
Firmware X X X
Electronics/Hardware
X X X
Networking
X X X X X X X
Middleware and System
Software
X X X X X X X
Application Software
X X X X X X
Cloud Layer X X X X X

38.  Analytical Methods
 Formal Methods based Dynamic Signature Extraction of
SCADA Components to Counter Code Replacement
Attacks
 Developing Game Theoretic Models for Cyber Security
 Simulation/Co-Simulation and Laboratory
Emulation
 Analysis of CPS Threat Models and Discovery of Counter
Measures
 Discovery and Remediation of Smart Grid Cyber Security
 Experimenting with SCADA Security Architecture
Faculty: Sandeep Shukla, S. C. Srivastava, Abhijeet Mahapatra, Indranil Saha,
Sunil Simon, Piyush Kurur

39.  Cryptography theory and Engineering
 Cryptographic protocols, Cryptanalysis
 Side Channel Attacks, and Counter Measures
 Number Theory, Algorithms, and Analysis
 Software and System Security
 Automated Protocol Reverse Engineering for
Various Protocols and Counter Measures
 Cloud Security, Hypervisor Security, Separation
Kernel Methods
 Perimeter Defense and Penetration Testing
Faculty: Manindra Agrawal, Nitin Saxena, Piyush Kurur, Sandeep Shukla,
Indranil Saha

40.  Program Analysis
 Static Analysis Based Techniques to Discover
Software Vulnerabilities for Software Components
 Analysis of Vulnerabilities in Hardware
Components such as in PLCs, and IEDs
 Application of Machine Learning techniques
for Discrimination of Physical Dynamics under
Cyber Attacks
 Network Security
 Intrusion Detection in Control Network using
Automated Event Correlation
Faculty: Subhajit Roy, Amey Karkare, Indranil Saha, Sunil Simon, Sandeep Shukla,
Arnab Bhattacharya, Piyush Rai, Sumit Ganguly, B. M. Shukla

41.  Education & Outreach
 Engineering Educational Research on replicating
similar SCADA Lab at other Institutes in India
 Short Term Courses for Executives and
Engineers, Summer Courses, Workshops, and
Public Awareness & Education

42.  The eventual goal is to build a Center of Excellence for
Cyber-Security of Critical Infrastructures at IIT Kanpur
 Create an interdisciplinary research program in Cyber-
Security of Critical Infrastructures at IITK
 Create Manpower in the field of Cyber Security at all
levels (PhD, M.Tech, B.Tech, and even training
program for executives, engineers etc in the CII Sector)
 Make IITK as the main center for Cyber Security of CII
in India
 Create collaborative links with a few International
centers for Cyber Security (In talks with Blavatnik
Interdisciplinary Center for Cyber Security at Tel Aviv
University)

43.  Awareness – anyone who uses any technology
– smart phone, net banking, ATM, internet,
social networks – must be trained to defend
their digital assets
 Integrate Cyber Security into Engineering
courses
 Integrate Cyber Security Ethics into High
School and College Courses
 Train the police, military, civil servants, and
ministers on cyber security challenges, and
how to protect

44.  Certification courses for creating cyber security
foot soldiers
 6 months to 2 year long immersive training courses
 Certification courses for creating cyber security
strategists and technologists
 1 year to 3 years
 Creating specialized Masters level courses for
cyber security engineers, technologists, and
policy makers
 Creating teachers for training institutes who
actually would know their stuff

45.  Securing distributed information infrastructures
from inside attackers
 Detection of on-going attacks in a power grid by
anomaly detection in PMU data
 Building India specific malware repository and
trend analysis tools

46.  I tried to scare you – not probably not enough
 We really need to consider cyber security in
war-time footing
 We need to take action – NOW!
 We cannot wait and see – as we are almost a
decade behind most developed countries –
surely Israel and the US and possibly China
 We need ACTION and NOW! Talking about is
not enough!!!

47. Thank you and be Cyber Safe