The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 71 to 85.
Cyber Security of Smart Grids in India
http://editors.cis-india.org/internet-governance/blog/dataquest-april-25-2016-vanya-rakesh-and-elonnai-hickok-cyber-security-of-smart-grids-in-india
<b>An integral component of the ambitious flagship programme of the Indian Government- Digital India, which paves way for a digital data avalanche in the country, is a well-designed digital infrastructure ensuring high connectivity and integration of services, the potential areas being smart cities, smart homes, smart energy and smart grids, to list a few. Likewise, the 100 Smart Cities Mission envisions changing the face of urbanization in India, to manage the exponential growth of population in the cities by creating smart cities with ICT driven solutions, along with big data analytics. Smart grid technologies are key for both these schemes.</b>
<p>The article by Elonnai Hickok and Vanya Rakesh was published by <a class="external-link" href="http://www.dqindia.com/cyber-security-of-smart-grids-in-india/">Dataquest</a> on April 25, 2016</p>
<hr />
<p style="text-align: justify; ">Smart grid is a promising power delivery infrastructure integrated with communication and information technologies which enables monitoring, prediction and management of energy usages. Establishment of smart grids becomes highly important for the Indian economy, as the present grid losses are one of the highest in the world at upto 50% and costing India upto 1.5% of its GDP. India operates one of the largest synchronous grids in the world – covering an area of over 3 million sq km, 260 GW capacity and over 200 million customers with the estimated demand of India increasing 4 times by the year 2032.</p>
<p style="text-align: justify; ">In the year 2013, the Ministry of Power (MoP), in consultation with India Smart Grid Forum and India Smart Grid Task Force released a smart grid vision and roadmap for India, a key policy document aligned to MoP’s overarching objectives of “Access, Availability and Affordability of Power for All”. It lays plans for a framework to address cyber security concerns in smart grids as well. To achieve goals envisaged in the roadmap, the Government of India established the National Smart Grid Mission in the year 2015 for planning, monitoring and implementation of policies and programs related to Smart Grid activities.</p>
<p style="text-align: justify; ">A number of smart grid projects have been introduced, and are currently underway. KEPCO in Kerala has established smart meter/intelligent power transmission and distribution equipment system in the year 2011 and the smart grid operations focus on peak reduction, load standardization, reduction in power transmission/distribution loss, response to new/renewable energy and reduction in black-out time. Gujarat was introduced to India’s first modernized electrical grid in the year 2014, to study consumer behaviour of electricity usage and propose a tariff structure based on usage and load on the power utility by installing new meters embedded with SIM card to monitor the data. The Bangalore Electricity Supply Company Ltd. (BESCOM) project in Bangalore envisaged the Smart Grid Pilot Project for integration of renewable and distributed energy resources into the grid, which is vital to meet growing electricity demands of the country, curb power losses, and enhance accessibility to quality power.</p>
<h3 style="text-align: justify; ">Cybersecurity challenges</h3>
<p style="text-align: justify; ">At the same time, the introduction of a smart grid brings with it certain security risks and concerns, particularly to a nation’s cyber security. Increased interconnection and integration may render the grids vulnerable to cyber threats, putting stored data and computers at great risk.With sufficient cyber security measures, policies and framework in place, a Smart Grid can be made more efficient, reliable and secure as failure to address these problems will hinder the modernization of the existing power system. Smart Grids, comprising of numerous communication, intelligent, monitoring and electrical elements employed in power grid, have a greater exposure to cyber-attacks that can potentially disrupt power supply in a city.</p>
<div style="text-align: justify; "></div>
<div style="text-align: justify; ">Cyber security and data privacy are some of the key challenges for smart grids in India, as establishment of digital electricity infrastructure entails the challenge of communication security and data management. Digital network and systems are highly prone to malicious attacks from hackers which can lead to misutilisation of consumers’ data, making cyber security the key issue to be addressed. Vulnerabilities allow an attacker to break a system, corrupt user privacy, acquire unauthorized access to control the software, and modify load conditions to destabilize the grid. Hackers or attackers, who compromise a smart meter can immediately alter their energy costs or change generated energy meter readings to monetize it by help of remote PCs. Also, inserting false information could mislead the electric utility into making incorrect decisions about the local usage and capacity.</div>
<div style="text-align: justify; "></div>
<div style="text-align: justify; "></div>
<h3 style="text-align: justify; ">Initiatives in India</h3>
<div style="text-align: justify; ">As cybersecurity is critical for Digital India and the Smart City Concept note highlights a smart grid to be resilient to cyber attacks, a National Cyber Coordination Centre is being established by the Indian Government. Also, National Cyber Safety and Security Standards has been started with a vision to safeguard the nation from the current threats in the cyberspace, undertaking research to understand the nature of cyber threats and Cyber Crimes by facilitating a common platform where experts shall provide an effective solution for the complex and alarming problems in the society towards cyber security domain. Innovative strategies and compliance procedures are being developed to curb the increasing complexity of the Global Cyber Threats faced by countries at large.</div>
<div style="text-align: justify; "></div>
<p style="text-align: justify; ">The National Cyber Security Policy 2013 was released with an umbrella framework for providing guidance for actions related to security of cyberspace, by the Department of Electronics and Information Technology (DeitY). The Working Group on Information Technology established under the Planning Commission has also published a 12 year plan on IT development in India with a road map for cyber security, stating six key priority and focus areas for cyber security including:Enabling Legal Framework ; Security Policy, Compliance and Assurance; Security R&D; Security Incident – Early Warning and Response ; Security awareness, skill development and training, and Collaboration.</p>
<div style="text-align: justify; "></div>
<p style="text-align: justify; ">In case of Bangalore, to ensure smooth implementation of BESCOM’s vision, the company realised the need to put a cyber-security system in place to protect the smart grid installations in Bangalore city. To ensure security, BESCOM has come out with a separate IT security policy and dedicated trained IT cadre to safeguard its data and servers, becoming one of the few Discoms in India to take such measures for safeguarding the servers and data network from cyber crimes and threats.</p>
<h3 style="text-align: justify; ">Way forward</h3>
<p style="text-align: justify; ">An electric system like Smart grids has enormous and far-reaching economic and social benefits. However, increased interconnection and integration tends to introduce cyber-vulnerabilities into the grid. With the evolution of cyber threats/attacks over time, it can be said that there are a lot of challenges for implementing cyber security in Indian smart grid. Considering importance of secure smart grid networks for flagship projects in India, the existing regulatory framework does not seem to adequately take into consideration the cyber security implications.</p>
<div style="text-align: justify; "></div>
<p style="text-align: justify; ">In light of this, the government must aim to develop and adopt high level cybersecurity policy to withstand cyber-attacks. Also, India must focus on skills development in this domain and have a capable workforce to achieve the targets set by Indian Government. The country must look up to develop an overall intelligence framework that brings together industry, governments and individuals with specific capabilities for this purpose.</p>
<div style="text-align: justify; "></div>
<p style="text-align: justify; ">The National Cyber Security Policy 2013, protecting public and private infrastructure from cyber attacks, along with all kinds of information, such as personal information of web users, banking and financial information,etc. is yet to be implemented by the Government properly. In the Indian Power sector, the cyber security regulations or mandates are absent in the National Electricity Policy (NEP) as well as the Electricity Act 2003 and its amendment in 2007, with no reference to cyber security concerns. These key legislations must be amended to take into account the growing challenges due to increased use of ICT in the power sector.</p>
<div style="text-align: justify; "></div>
<div style="text-align: justify; ">As the concept of smart grids is still evolving in India, professional intervention from various domains has pushed for adoption and development of standard process and products. Many international standard setting organisations like IEC, IEEE, NIST, CENELEC are engaged in standardization activities of Smart Grids and in India, the Bureau of Indian Standards (BIS) has been rolling out several varieties of standards targeting various technologies. Therefore, BIS must develop standards taking into account the security challenges in the cyberspace as well.</div>
<div style="text-align: justify; "></div>
<div style="text-align: justify; "></div>
<p style="text-align: justify; ">Apart from policy and regulatory measure, the system on which the smart grids are built and networked must be made architecturally strong and secure.One of the areas where due attention is required is making the Supervisory Control and Data Acquisition (SCADA) secure, a system that operates with coded signals to provide control of remote equipment and is entirely based on computer systems and network. Numerous systems also employ the Public Key Infrastructure (PKI) to secure the Smart Grids and address the security challenges by enabling identification, verification, validation and authentication of connected meters for network access. This can be leveraged for securing data integrity, revenue streams and service continuity. The key vulnerable areas prone to cyber attacks on information transmission are network information, data integrity and privacy of information. The information transmission networks must be well-designed as the network unavailability may result in the loss of real-time monitoring of critical smart grid infrastructures and power system disasters.</p>
<div style="text-align: justify; "></div>
<p style="text-align: justify; ">Addressing these fast growing challenges and cyber security needs of the country by adopting suitable regulatory, policy and architectural steps would help achieve the objectives of Digital India and Smart Cities enabling “Access, Availability and Affordability for All”.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/dataquest-april-25-2016-vanya-rakesh-and-elonnai-hickok-cyber-security-of-smart-grids-in-india'>http://editors.cis-india.org/internet-governance/blog/dataquest-april-25-2016-vanya-rakesh-and-elonnai-hickok-cyber-security-of-smart-grids-in-india</a>
</p>
No publisherElonnai Hickok and Vanya RakeshCyber SecurityInternet Governance2016-04-28T15:34:17ZBlog EntryNASSCOM-DSCI Annual Information Security Summit 2015 - Notes
http://editors.cis-india.org/internet-governance/blog/nasscom-dsci-annual-information-security-summit-2015-notes
<b>NASSCOM-DSCI organised the 10th Annual Information Security Summit (AISS) 2015 in Delhi during December 16-17. Sumandro Chattapadhyay participated in this engaging Summit. He shares a collection of his notes and various tweets from the event.</b>
<p> </p>
<h2>Details about the Summit</h2>
<p>Event page: <a href="https://www.dsci.in/events/about/2261">https://www.dsci.in/events/about/2261</a>.</p>
<p>Agenda: <a href="https://www.dsci.in/sites/default/files/Agenda-AISS-2015.pdf">https://www.dsci.in/sites/default/files/Agenda-AISS-2015.pdf</a>.</p>
<p> </p>
<h2>Notes from the Summit</h2>
<blockquote class="twitter-tweet">
<p dir="ltr">Mr.G.K.Pillai ,Chairman DSCI addressing the audience @ 10th Annual Information Security Summit '15 <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/JVcwct3HSF">pic.twitter.com/JVcwct3HSF</a></p>
— DSCI (@DSCI_Connect) <a href="https://twitter.com/DSCI_Connect/status/676979952277987328">December 16, 2015</a></blockquote>
<p>Mr. G. K. Pillai, Chairman of Data Security Council of India (DSCI), set the tone of the Summit at the very first hour by noting that 1) state and private industries in India are working in silos when it comes to preventing cybercrimes, 2) there is a lot of skill among young technologists and entrepreneurs, and the state and the private sectors are often unaware of this, and 3) there is serious lack of (cyber-)capacity among law enforcement agencies.</p>
<p>In his Inaugural Address, Dr. Arvind Gupta (Deputy National Security Advisor and Secretary, NSCS), provided a detailed overview of the emerging challenges and framework of cybersecurity in India. He focused on the following points:</p>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/India?src=hash">#India</a> Dy NSA Dr Arvind Gupta calls 4 <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a> by <a href="https://twitter.com/hashtag/design?src=hash">#design</a> in <a href="https://twitter.com/hashtag/ICT?src=hash">#ICT</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/79kq9lWGtk">pic.twitter.com/79kq9lWGtk</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/676980799347023872">December 16, 2015</a></blockquote>
<ul>
<li>Security is a key problem in the present era of ICTs as it is not in-built. In the upcoming IoT era, security must be built into ICT systems.</li>
<li>In the next billion addition to internet population, 50% will be from India. Hence cybersecurity is a big concern for India.</li>
<li>ICTs will play a catalytic role in achieving SDGs. Growth of internet is part of the sustainable development agenda.</li>
<li>We need a broad range of critical security services - big data analytics, identity management, etc.</li>
<li>The e-governance initiatives launched by the Indian government are critically dependent on a safe and secure internet.</li>
<li>Darkweb is a key facilitator of cybercrime. Globally there is a growing concern regarding the security of cyberspace.
</li><li>On the other hand, there exists deep divide in access to ICTs, and also in availability of content in local languages.</li>
<li>The Indian government has initiated bilateral cybersecurity dialogues with various countries.</li>
<li>Indian government is contemplating setting up of centres of excellence in cryptography. It has already partnered with NASSCOM to develop cybersecurity guidelines for smart cities.</li>
<li>While India is a large global market for security technology, it also needs to be self-reliant. Indian private sector should make use of government policies and bilateral trust enjoyed by India with various developing countries in Africa and south America to develop security technology solutions, create meaningful jobs in India, and export services and software to other developing countries.</li>
<li>Strong research and development, and manufacturing base are absolutely necessary for India to be self-reliant in cybersecurity. DSCI should work with private sector, academia, and government to coordinate and realise this agenda.</li>
<li>In the line of the Climate Change Fund, we should create a cybersecurity fund, since it is a global problem.</li>
<li>Silos are our bane in general. Bringing government agencies together is crucial. Trust issues (between government, private sector, and users) remain, and can only be resolved over time.</li>
<li>The demand for cybersecurity solutions in India is so large, that there is space for everyone.</li>
<li>The national cybersecurity centre is being set up.</li>
<li>Thinktanks can play a crucial role in helping the government to develop strategies for global cybersecurity negotiations. Indian negotiators are often capacity constrained.</li></ul>
<p>Rajendra Pawar, Chair of the NASSCOM Cyber Security Task Force, NASSCOM Cybersecurity Initiative, provided glimpses of the emerging business opportunity around cybersecurity in India:</p>
<ul>
<li>In next 10 years, the IT economy in India will be USD 350 bn, and <a href="https://blogs.dsci.in/building-usd-35-billion-cyber-security-industry-how-do-we-do-it/">10% of that will be the cybersecurity pie</a>. This means a million job only in the cybersecurity space.</li>
<li>Academic institutes are key to creation of new ideas and hence entrepreneurs. Government and private sectors should work closely with academic institutes.
<blockquote class="twitter-tweet">
<p dir="ltr">'Companies+Govt+Academia= High growth of the cybersecurity industry' - Rajendra Pawar at <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a></p>
— Shivangi Nadkarni (@shivanginadkarn) <a href="https://twitter.com/shivanginadkarn/status/676995090955530246">December 16, 2015</a></blockquote>
</li>
<li>Globally, cybersecurity innovation and industries happen in clusters. Cities and states must come forward to create such clusters.</li>
<li>2/3rd of the cybersecurity market is provision of services. This is where India has a great advantage, and should build on that to become a global brand in cybersecurity services.</li>
<li>Everyday digital security literacy and cultures need to be created.</li>
<li>Publication of cybersecurity best practices among private companies is a necessity.
<blockquote class="twitter-tweet">
<p dir="ltr">Corporate disclosures of breaches being considered with Nasscom under cybersec task force: Rajendra Pawar <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a> <a href="https://twitter.com/ETtech">@ETtech</a></p>
— Neha Alawadhi (@NehaAlawadhiET) <a href="https://twitter.com/NehaAlawadhiET/status/676994553799417856">December 16, 2015</a></blockquote>
</li>
<li>Dedicated cybersecurity spending should be made part of the e-governance budget of central and state governments.</li>
<li>DSCI should function as a clearing house of cybersecurity case studies. At present, thought leadership in cybersecurity comes from the criminals. By serving as a use case clearing house, DSCI will inform interested researchers about potential challenges for which solution needs to be created.</li></ul>
<p>Manish Tiwary of Microsoft informed the audience that India is in the top 3 positions globally in terms of malware proliferation, and this ensures that India is a big focus for Microsoft in its global war against malware. Microsoft India looks forward to work closely with CERT-In and other government agencies.</p>
<blockquote class="twitter-tweet">
<p dir="ltr">RSA's Kartik Shahani <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> Adopt a Deep & Pervasive Level of True Visibility Everywhere <a href="https://t.co/2U8J8WkWsI">pic.twitter.com/2U8J8WkWsI</a></p>
— Debjani Gupta (@DebjaniGupta1) <a href="https://twitter.com/DebjaniGupta1/status/676999786722156544">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Data localization; one of the stumbling blocks that undermine investments in <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a>. <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/vrff3Amcv0">pic.twitter.com/vrff3Amcv0</a></p>
— Appvigil (@appvigil_co) <a href="https://twitter.com/appvigil_co/status/677043180731301888">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Trust verification 4 embedded devices isnt complex bt much desired as people lives r dependent on that-cld cause physical damage <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677057992831860736">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">"Most compromised OS in 2k15: iOS"-Riyaz Tambe, Palo Alto Networks <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Indira Sen (@drealcharbar) <a href="https://twitter.com/drealcharbar/status/677015382356533249">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Security by default in IOS architecture tho' can't verify code as noṭ open - is it security by obscurity? <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/kbPZgH8oA0">pic.twitter.com/kbPZgH8oA0</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677055086611173376">December 16, 2015</a></blockquote>
<p>The session on <strong>Catching Fraudsters</strong> had two insightful presentations from Dr. Triveni Singh, Additional SP of Special Task Force of UP Police, and Mr. Manoj Kaushik, IAS, Additional Director of FIU.</p>
<p>Dr. Singh noted that a key challenge faced by police today is that nobody comes to them with a case of online fraud. Most fraud businesses are run by young groups operating BPOs that steal details from individuals. There exists a huge black market of financial and personal data - often collected from financial institutions and job search sites. Almost any personal data can be bought in such markets. Further, SIM cards under fake names are very easy to buy. The fraudsters are effective using all fake identity, and is using operational infrastructures outsourced from legitimate vendors under fake names. Without a central database of all bank customers, it is very difficult for the police to track people across the financial sector. It becomes even more difficult for Indian police to get access to personal data of potential fraudsters when it is stored in a foreign server. which is often the case with usual web services and apps. Many Indian ISPs do not keep IP history data systematically, or do not have the technical expertise to share it in a structured and time-sensitive way.</p>
<blockquote class="twitter-tweet">
<p dir="ltr">Mr. Triveni Singh talks about raiding fake call centres in Delhi NCR that scam millions every year <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/EmE4y3jux2">pic.twitter.com/EmE4y3jux2</a></p>
— pradyumn nand (@PradyumnNand) <a href="https://twitter.com/PradyumnNand/status/677063276442738689">December 16, 2015</a></blockquote>
<p>Mr. Kaushik explained that no financial fraud is uniquely committed via internet. Many fraud begin with internet but eventually involve physical fraudulent money transaction. Credit/debit card frauds all involve card data theft via various internet-based and physical methods. However, cybercrime is continued to be mistakenly seen as frauds undertaken completely online. Further, mobile-based frauds are yet another category. Almost all apps we use are compromised, or store transaction history in an insecure way, which reveals such data to hackers. FIU is targeting bank accounts to which fraud money is going, and closing them down. Catching the people behind these bank accounts is much more difficult, as account loaning has become a common practice - where valid accounts are loaned out for a small amount of money to fraudsters who return the account after taking out the fraudulent money. Better information sharing between private sector and government will make catching fraudsters easier.</p>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/AkhileshTuteja">@AkhileshTuteja</a> With data overload and big data being prevalent are we considering privacy elements <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/hashtag/KpmgIndiaCyber?src=hash">#KpmgIndiaCyber</a></p>
— Atul Gupta (@AtulGup15843145) <a href="https://twitter.com/AtulGup15843145/status/677082045701488640">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">'Tech solns today designed to protect security - solns for privacy need to evolve'- <a href="https://twitter.com/Mayurakshi_Ray">@Mayurakshi_Ray</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a></p>
— Shivangi Nadkarni (@shivanginadkarn) <a href="https://twitter.com/shivanginadkarn/status/677066470325534721">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">In-house tools important but community collaboration critical to fight security threats <a href="https://twitter.com/tata_comm">@tata_comm</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/ZjbCnaROXC">pic.twitter.com/ZjbCnaROXC</a></p>
— aparna (@aparnag14) <a href="https://twitter.com/aparnag14/status/677067260268187648">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">'Orgns in India have a long way to go b4 they internalise privacy principles' Subhash S, CISO ICICI <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a></p>
— Shivangi Nadkarni (@shivanginadkarn) <a href="https://twitter.com/shivanginadkarn/status/677066928880410624">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Prof PK giving an interesting brief on Academia role in Cyber Security. <a href="https://twitter.com/ponguru">@ponguru</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a> at <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/MEiO6sCJwu">pic.twitter.com/MEiO6sCJwu</a></p>
— Vikas Yadav (@VikasSYadav) <a href="https://twitter.com/VikasSYadav/status/677088566871101440">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Potential for interaction between Academia, Government and Industry but not an established reality yet. <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/hashtag/MappingCyberEducation?src=hash">#MappingCyberEducation</a></p>
— Indira Sen (@drealcharbar) <a href="https://twitter.com/drealcharbar/status/677089590717517824">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">I have figured out why information security is not in any boardroom discussions. Cause there are no good speakers / orators . <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Virag Thakkar (@viragthakkar) <a href="https://twitter.com/viragthakkar/status/677078491699871745">December 16, 2015</a></blockquote>
<p>The session on <strong>Smart Cities</strong> focused on discussing the actual cities coming up India, and the security challenges highlighted by them. There was a presentation on Mahindra World City being built near Jaipur. Presenters talked about the need to stabilise, standardise, and securitise the unique identities of machines and sensors in a smart city context, so as to enable secured machine-to-machine communication. Since 'smartness' comes from connecting various applications and data silos together, the governance of proprietary technology and ensuring inter-operable data standards are crucial in the smart city.</p>
<p>As Special Purposed Vehicles are being planned to realise the smart cities, the presenters warned that finding the right CEOs for these entities will be critical for their success. Legacy processes and infrastructures (and labour unions) are a big challenge when realising smart cities. Hence, the first step towards the smart cities must be taken through connected enforcement of law, order, and social norms.</p>
<p>Privacy-by-design and security-by-design are necessary criteria for smart cities technologies. Along with that regular and automatic software/middleware updating of distributed systems and devices should be ensured, as well as the physical security of the actual devices and cables.</p>
<p>In terms of standards, security service compliance standards and those for protocols need to be established for the internet-of-things sector in India. On the other hand, there is significant interest of international vendors to serve the Indian market. All global data and cloud storage players, including Microsoft Azure cloud, are moving into India, and are working on substantial and complete data localisation efforts.</p>
<blockquote class="twitter-tweet">
<p dir="ltr">Session - Why should you hire Women Security Professionals?... Balancing gender diversity
<a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/hashtag/DSCI_Connect?src=hash">#DSCI_Connect</a> <a href="https://t.co/uIMfG9PvAb">pic.twitter.com/uIMfG9PvAb</a></p>
— Jagan Suri (@jsuri90) <a href="https://twitter.com/jsuri90/status/677109792679157760">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">gender Diversity in cybersecurity critical 4 India's future. <a href="https://twitter.com/symantec">@symantec</a> partnered with <a href="https://twitter.com/nasscom">@nasscom</a> via 1000 women scholarships <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677118674197602304">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Dialogue with CERT-In
.. Starting 2nd Day of <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a>
.. B J Srinath, DG, CERT
<a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a> <a href="https://twitter.com/hashtag/security?src=hash">#security</a> <a href="https://twitter.com/hashtag/privacy?src=hash">#privacy</a> <a href="https://t.co/cvDcrgkein">pic.twitter.com/cvDcrgkein</a></p>
— Vinayak Godse (@godvinayak) <a href="https://twitter.com/godvinayak/status/677342972170493952">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">New <a href="https://twitter.com/hashtag/problems?src=hash">#problems</a> can't b solved w old <a href="https://twitter.com/hashtag/solutions?src=hash">#solutions</a>: <a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT DG BJ Srinath <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677341246281539585">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">17 entities within <a href="https://twitter.com/hashtag/Indian?src=hash">#Indian</a> <a href="https://twitter.com/hashtag/government?src=hash">#government</a> engaged in <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a>: <a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT head <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677341728282533888">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Scope of activities by CERT in <a href="https://twitter.com/hashtag/India?src=hash">#India</a> way more than its counterparts elsewhere <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677342193854451712">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT looks 8 prediction & <a href="https://twitter.com/hashtag/prevention?src=hash">#prevention</a> <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a> <a href="https://twitter.com/hashtag/emergency?src=hash">#emergency</a> not just <a href="https://twitter.com/hashtag/response?src=hash">#response</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677343140630540288">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT willing to <a href="https://twitter.com/hashtag/share?src=hash">#share</a> <a href="https://twitter.com/hashtag/information?src=hash">#information</a> rather than just receiving <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677343512833101824">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Savita CERTin outlines drill initiatives taken 4 preparedness-detect (protect), defend attacks wth response <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/wXrkgoLzr2">pic.twitter.com/wXrkgoLzr2</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677346822449303553">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">CERTin also offers incident predicatibility,Crisis mgmt plans, <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a> assurance ladder (7 levels) besides 24 x 7 prevention <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677348506869239809">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/India?src=hash">#India</a> has 7.2 million bot infected <a href="https://twitter.com/hashtag/machines?src=hash">#machines</a>: <a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT DG Srinath <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677355051308871680">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Seizure & protection of electronic devices as admissible evidence (certificate u Sec 65B) imperative under Forensics investigation <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677364713005576192">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">'Law enforcement agency&corporate world must collaborate to fight cybercrime'-Atul Gupta,Partner-Risk Adv. @ <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/GwAQWhYMmK">pic.twitter.com/GwAQWhYMmK</a></p>
— KPMG India (@KPMGIndia) <a href="https://twitter.com/KPMGIndia/status/677373217711919104">December 17, 2015</a></blockquote>
<p>Mr. R. Chandrasekhar, President of NASSCOM, foregrounded the recommendations made by the Cybersecurity Special Task Force of NASSCOM, in his Special Address on the second day. He noted:</p>
<ul>
<li>There is a great opportunity to brand India as a global security R&D and services hub. Other countries are also quite interested in India becoming such a hub.</li>
<li>The government should set up a cybersecurity startup and innovation fund, in coordination with and working in parallel with the centres of excellence in internet-of-things (being led by DeitY) and the data science/analytics initiative (being led by DST).</li>
<li>There is an immediate need to create a capable workforce for the cybersecurity industry.</li>
<li>Cybersecurity affects everyone but there is almost no public disclosure. This leads to low public awareness and valuation of costs of cybersecurity failures. The government should instruct the Ministry of Corporate Affairs to get corporates to disclose (publicly or directly to the Ministry) security breeches.</li>
<li>With digital India and everyone going online, cyberspace will increasingly be prone to attacks of various kinds, and increasing scale of potential loss. Cybersecurity, hence, must be part of the core national development agenda.</li>
<li>The cybersecurity market in India is big enough and under-served enough for everyone to come and contribute to it.</li></ul>
<p>The Keynote Address by Mr. Rajiv Singh, MD – South Asia of Entrust Datacard, and Mr. Saurabh Airi, Technical Sales Consultant of Entrust Datacard, focused on trustworthiness and security of online identities for financial transactions. They argued that all kinds of transactions require a common form factor, which can be a card or a mobile phone. The key challenge is to make the form factor unique, verified, and secure. While no programme is completely secure, it is necessary to build security into the form factor - security of both the physical and digital kind, from the substrates of the card to the encryption algorithms. Entrust and Datacard have merged in recent past to align their identity management and security transaction workflows, from physical cards to software systems for transactions. The advantages of this joint expertise have allowed them to successfully develop the National Population Register cards of India. Now, with the mobile phone emerging as a key financial transaction form factor, the challenge across the cybersecurity industry is to offer the same level of physical, digital, and network security for the mobile phone, as are provided for ATM cards and cash machines.</p>
<p>The following Keynote Address by Dr. Jared Ragland, Director - Policy of BSA, focused on the cybersecurity investment landscape in India and the neighbouring region. BSA, he explained, is a global trade body of software companies. All major global software companies are members of BSA. Recently, BSA has produced a study on the cybersecurity industry across 10 markets in the Asia Pacific region, titled <a href="http://cybersecurity.bsa.org/2015/apac/">Asia Pacific Cybersecurity Dashboard</a>. The study provides an overview of cybersecurity policy developments in these countries, and sector-specific opportunities in the region. Dr. Ragland mentioned the following as the key building blocks of cybersecurity policy: legal foundation, establishment of operational entities, building trust and partnerships (PPP), addressing sector-specific requirements, and education and awareness. As for India, he argued that while steady steps have been taken in the cybersecurity policy space by the government, a lot remains to be done. Operationalisation of the policy is especially lacking. PPPs are happening but there is a general lack of persistent formal engagement with the private sector, especially with global software companies. There is almost no sector-specific strategy. Further, the requirement for India-specific testing of technologies, according to domestic and not global standards, is leading to entry barrier for global companies and export barrier for Indian companies. Having said that, Dr. Ragland pointed out that India's cybersecurity experience is quite representative of that of the Asia Pacific region. He noted the following as major stumbling blocks from an international industry perspective: unnecessary and unreasonable testing requirements, setting of domestic standards, and data localisations rules.</p>
<blockquote class="twitter-tweet">
<p dir="ltr">The Policy Makers' panel in <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> in progress. Arvind Gupta, Head, BJP IT cell (<a href="https://twitter.com/buzzindelhi">@buzzindelhi</a>) speaks. <a href="https://t.co/9yWR0gMwf5">pic.twitter.com/9yWR0gMwf5</a></p>
— Nandkumar Saravadé (@saravade) <a href="https://twitter.com/saravade/status/677437443356798977">December 17, 2015</a></blockquote>
<p>One of the final sessions of the Summit was the Public Policy Dialogue between <a href="https://twitter.com/rajeevgowda">Prof. M.V. Rajeev Gowda</a>, Member of Parliament, Rajya Sabha, and <a href="https://twitter.com/buzzindelhi">Mr. Arvind Gupta</a>, Head of IT Cell, BJP.</p>
<p>Prof. Gowda focused on the following concerns:</p>
<ul>
<li>We often freely give up our information and rights over to owners of websites and applications on the web. We need to ask questions regarding the ownership, storage, and usage of such data.</li>
<li>While Section 66A of Information Technology Act started as a anti-spam rule, it has actually been used to harass people, instead of protecting them from online harassment.</li>
<li>The bill on DNA profiling has raised crucial privacy concerns related to this most personal data. The complexity around the issue is created by the possibility of data leakage and usage for various commercial interests.</li>
<li>We need to ask if western notions of privacy will work in the Indian context.</li>
<li>We need to move towards a cashless economy, which will not only formalise the existing informal economy but also speed up transactions nationally. We need to keep in mind that this will put a substantial demand burden on the communication infrastructure, as all transactions will happen through these.</li></ul>
<p> Mr. Gupta shared his keen insights about the key public policy issues in <em>digital India</em>:</p>
<ul>
<li>The journey to establish <em>the digital</em> as a key political agenda and strategy within BJP took him more than 6 years. He has been an entrepreneur, and will always remain one. His approached his political journey as an entrepreneur.
</li><li>While we are producing numerous digitally literate citizens, the companies offering services on the internet often unknowingly acquire data about these citizens, store them, and sometimes even expose them. India perhaps produces the greatest volume of digital exhaust globally.</li>
<li>BJP inherited the Aadhaar national identity management platform from UPA, and has decided to integrate it deeply into its digital India architecture.</li>
<li>Financial and administrative transactions, especially ones undertake by and with governments, are all becoming digital and mostly Aadhaar-linked. We are not sure where all such data is going, and who all has access to such data.</li>
<li>Right now there is an ongoing debate about using biometric system for identification. The debate on privacy is much needed, and a privacy policy is essential to strengthen Aadhaar. We must remember that the benefits of Aadhaar clearly outweigh the risks. Greatest privacy threats today come from many other places, including simple mobile torch apps.</li>
<li>India is rethinking its cybersecurity capacities in a serious manner. After Paris attack it has become obvious that the state should be allowed to look into electronic communication under reasonable guidelines. The challenge is identifying the fine balance between consumers' interest on one hand, and national interest and security concerns on the other. Unfortunately, the concerns of a few is often getting amplified in popular media.</li>
<li>MyGov platform should be used much more effectively for public policy debates. Social media networks, like Twitter, are not the correct platforms for such debates.</li></ul>
<p> </p>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a>: <a href="https://twitter.com/rajivgowda">@rajivgowda</a> & <a href="https://twitter.com/buzzindelhi">@buzzindelhi</a> are talking abt proactive disclosure as a key part of <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a> strategy <a href="https://twitter.com/hashtag/openData?src=hash">#openData</a> <a href="https://twitter.com/DataPortalIndia">@DataPortalIndia</a></p>
— sumandro (@ajantriks) <a href="https://twitter.com/ajantriks/status/677447609502445568">December 17, 2015</a></blockquote>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/nasscom-dsci-annual-information-security-summit-2015-notes'>http://editors.cis-india.org/internet-governance/blog/nasscom-dsci-annual-information-security-summit-2015-notes</a>
</p>
No publishersumandroCybersecurityNASSCOMDSCIInformation SecurityCyber Security2016-01-19T07:58:56ZBlog EntryGround Zero Summit
http://editors.cis-india.org/internet-governance/blog/ground-zero-summit
<b>The Ground Zero Summit which claims to be the largest collaborative platform in Asia for cyber-security was held in New Delhi from 5th to 8th November. The conference was organised by the Indian Infosec Consortium (IIC), a not for profit organisation backed by the Government of India. Cyber security experts, hackers, senior officials from the government and defence establishments, senior professionals from the industry and policymakers attended the event. </b>
<h3 style="text-align: justify; ">Keynote Address</h3>
<p style="text-align: justify; ">The Union Home Minister, Mr. Rajnath Singh, inaugurated the conference. Mr Singh described cyber-barriers that impact the issues that governments face in ensuring cyber-security. Calling the cyberspace as the fifth dimension of security in addition to land, air, water and space, Mr Singh emphasised the need to curb cyber-crimes in India, which have grown by 70% in 2014 since 2013. He highlighted the fact that changes in location, jurisdiction and language made cybercrime particularly difficult to address. Continuing in the same vein, Mr. Rajnath Singh also mentioned cyber-terrorism as one the big dangers in the time to come. With a number of government initiatives like Digital India, Smart Cities and Make in India leveraging technology, the Home Minister said that the success of these projects would be dependent on having robust cyber-security systems in place.<br /><br />The Home Minister outlined some initiatives that Government of India is planning to take in order to address concerns around cyber security - such as plans to finalize a new national cyber policy. Significantly, he referred to a committee headed by Dr. Gulshan Rai, the National Cyber Security Coordinator mandated to suggest a roadmap for effectively tackling cybercrime in India. This committee has recommended the setting up of Indian Cyber Crime Coordination Centre (I-4C). This centre is meant to engage in capacity building with key stakeholders to enable them to address cyber crimes, and work with law enforcement agencies. Earlier reports about the recommendation suggest that the I-4C will likely be placed under the National Crime Records Bureau and align with the state police departments through the Crime and Criminal Tracking and Network Systems (CCTNS). I-4C is supposed to be comprised of high quality technical and R&D experts who would be engaged in developing cyber investigation tools. <br /><br />Other keynote speakers included Alok Joshi, Chairman, NTRO; Dr Gulshan Rai, National Cyber Security Coordinator; Dr. Arvind Gupta, Head of IT Cell, BJP and Air Marshal S B Dep, Chief of the Western Air Command.</p>
<h3 style="text-align: justify; ">Technical Speakers</h3>
<p style="text-align: justify; ">There were a number of technical speakers who presented on an array of subjects. The first session was by Jiten Jain, a cyber security analyst who spoke on cyber espionage conducted by actors in Pakistan to target defence personnel in India. Jiten Jain talked about how the Indian Infosec Consortium had discovered these attacks in 2014. Most of these websites and mobile apps posed as defence news and carried malware and viruses. An investigation conducted by IIC revealed the domains to be registered in Pakistan. In another session Shesh Sarangdhar, the CEO of Seclabs, an application security company, spoke about the Darknet and ways to break anonymity on it. Sarangdhar mentioned that anonymity on Darknet is dependent on all determinants of the equation in the communication maintaining a specific state. He discussed techniques like using audio files, cross domain on tor, siebel attacks as methods of deanonymization. Dr. Triveni Singh. Assistant Superintendent of Police, Special Task Force, UP Police made a presentation on the trends in cyber crime. Dr. Singh emphasised the amount of uncertainty with regard to the purpose of a computer intrusion. He discussed real life case studies such as data theft, credit card fraud, share trading fraud from the perspective of law enforcement agencies.<br /><br />Anirudh Anand, CTO of Infosec Labs discussed how web applications are heavily reliant on filters or escaping methods. His talk focused on XSS (cross site scripting) and bypassing regular expression filters. He also announced the release of XSS labs, an XSS test bed for security professionals and developers that includes filter evasion techniques like b-services, weak cryptographic design and cross site request forgery. Jan Siedl, an authority on SCADA presented on TOR tricks which may be used by bots, shells and other tools to better use the TOR network and I2P. His presentation dealt with using obfuscated bridges, Hidden Services based HTTP, multiple C&C addresses and use of OTP. Aneesha, an intern with the Kerala Police spoke about elliptical curve cryptography, its features such as low processing overheads. As this requires elliptic curve paths, efficient Encoding and Decoding techniques need to be developed. Aneesha spoke about an algorithm called Generator-Inverse for encoding and decoding a message using a Single Sign-on mechanism. Other subjects presented included vulnerabilities that remained despite using TLS/SSL, deception technology and cyber kill-chain, credit card frauds, Post-quantum crypto-systems and popular android malware.</p>
<h3 style="text-align: justify; ">Panels</h3>
<p style="text-align: justify; ">There were also two panels organised at the conference. Samir Saran, Vice President of Observer Research Foundation, moderated the first panel on Cyber Arms Control. The panel included participants like Lt. General A K Sahni from the South Western Air Command; Lt. General A S Lamba, Retired Vice Chief Indian Army, Alok Vijayant, Director of Cyber Security Operation of NTRO and Captain Raghuraman from Reliance Industries. The panel debated the virtues of cyber arms control treaties. It was acknowledged by the panel that there was a need to frame rules and create a governance mechanism for wars in cyberspace. However, this would be effective only if the governments are the primary actors with the capability for building cyber-warfare know-how and tools. The reality was that most kinds of cyber weapons involved non state actors from the hacker community. In light of this, the cyber control treaties would lose most of their effectiveness. <br /><br />The second panel was on the Make for India’ initiatives. Dinesh Bareja, the CEO of Open Security Alliance and Pyramid Cyber Security was the moderator for this panel which also included Nandakumar Saravade, CEO of Data Security Council of India; Sachin Burman, Director of NCIIPC; Dr. B J Srinath, Director General of ICERT and Amit Sharma, Joint Director of DRDO. The focus of this session was on ‘Make in India’ opportunities in the domain of cyber security. The panelist discussed the role the government and industry could play in creating an ecosystem that supports entrepreneurs in skill development. Among the approaches discussed were: involving actors in knowledge sharing and mentoring chapters which could be backed by organisations like NASSCOM and bringing together industry and government experts in events like the Ground Zero Summit to provide knowledge and training on cyber-security issues.</p>
<h3 style="text-align: justify; ">Exhibitions</h3>
<p class="Normal1" style="text-align: justify; ">The conference was accompanied by a exhibitions showcasing indigenous cybersecurity products. The exhibitors included Smokescreen Technologies, Sempersol Consultancy, Ninja Hackon, Octogence Technologies, Secfence, Amity, Cisco Academy, Robotics Embedded Education Services Pvt. Ltd., Defence Research and Development Organisation (DRDO), Skin Angel, Aksit, Alqimi, Seclabs and Systems, Forensic Guru, Esecforte Technologies, Gade Autonomous Systems, National Critical Information Infrastructure Protection Centre (NCIIPC), Indian Infosec Consortium (IIC), INNEFU, Forensic Guru, Event Social, Esecforte Technologies, National Internet Exchange of India (NIXI) and Robotic Zone.</p>
<p class="Normal1" style="text-align: justify; ">The conference also witnessed events such Drone Wars, in which selected participants had to navigate a drone, a Hacker Fashion Show and the official launch of the Ground Zero’s Music Album.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/ground-zero-summit'>http://editors.cis-india.org/internet-governance/blog/ground-zero-summit</a>
</p>
No publisherAmber SinhaCyber SecurityInternet Governance2016-01-03T06:06:56ZBlog EntryCyber Security Summit 2015
http://editors.cis-india.org/internet-governance/news/cyber-security-summit-2015
<b>The Government of Karnataka in association with Biz Wingz Production House organized this Summit on November 27, 2015 at JW Marriott, Bangalore from 10.30 a.m. to 5.30 p.m. Sunil Abraham was a panelist. </b>
<p style="text-align: justify; ">Cloud-based applications are often the darling of the CFO and the nemesis of the CISO & CIOs. How can an organization migrate to the cloud, thus relinquishing control, but still maintain <span class="highlightedSearchTerm">security</span>? Are we sacrificing <span class="highlightedSearchTerm">security</span> and robustness in exchange for other priorities? How do ‘Snowden’ disclosures change the legal and risk nature of cloud decision making and governance? What can proactive cloud providers do to capture the opportunity in the disruption? The panel explored these topics and more to provide the cutting edge thinking and perspectives you need to shape your own cloud strategies in ways that balance multiple priorities.</p>
<h3 style="text-align: justify; ">Panelists</h3>
<ul>
<li>Parag Deodhar, Chief Risk Officer, Bharti AXA General Insurance & Chief Operational Risk Officer India</li>
<li>Sunil Abraham, Executive Director, Centre for Internet and Society</li>
<li>Atul kumar, GM IT, Syndicate Bank</li>
<li>Lopa Mudra Basu, AVP & Head of Enterprise <span class="highlightedSearchTerm">Security</span> & Risk Governance, SLK Global</li>
<li>Sagar Karan, Chief Information <span class="highlightedSearchTerm">Security</span> Officer, Fullerton India Credit Co. Ltd.</li>
<li>R Vijay, CISO –Technology, Mahindra & Mahindra Financial Services Limited</li>
<li>Sanjivan S Shirke, Senior Vice President-Information Technology, Head -Information <span class="highlightedSearchTerm">Security</span>, UTI Asset Management Company Limited.</li>
<li>Sanjay Sahay, IPS, ADGP, Grievances & Human Rights, Police Dept, Govt of Karnataka (moderator).</li>
</ul>
<p><a class="external-link" href="https://www.eventshigh.com/detail/Bangalore/f8cf8b1a68202dca7543ec973f7ae2c0-cyber-security-summit-2015">More information about this event</a></p>
<ul>
</ul>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/cyber-security-summit-2015'>http://editors.cis-india.org/internet-governance/news/cyber-security-summit-2015</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2015-12-16T02:10:24ZNews ItemSummary Report Internet Governance Forum 2015
http://editors.cis-india.org/internet-governance/blog/summary-report-internet-governance-forum-2015
<b>Centre for Internet and Society (CIS), India participated in the Internet Governance Forum (IGF) held at Poeta Ronaldo Cunha Lima Conference Center, Joao Pessoa in Brazil from 10 November 2015 to 13 November 2015. The theme of IGF 2015 was ‘Evolution of Internet Governance: Empowering Sustainable Development’. Sunil Abraham, Pranesh Prakash & Jyoti Panday from CIS actively engaged and made substantive contributions to several key issues affecting internet governance at the IGF 2015. The issue-wise detail of their engagement is set out below. </b>
<p align="center" style="text-align: left;"><strong>INTERNET
GOVERNANCE</strong></p>
<p align="justify">
I. The
Multi-stakeholder Advisory Group to the IGF organised a discussion on
<em><strong>Sustainable
Development Goals (SDGs) and Internet Economy</strong></em><em>
</em>at
the Main Meeting Hall from 9:00 am to 12:30 pm on 11 November, 2015.
The
discussions at this session focused on the importance of Internet
Economy enabling policies and eco-system for the fulfilment of
different SDGs. Several concerns relating to internet
entrepreneurship, effective ICT capacity building, protection of
intellectual property within and across borders were availability of
local applications and content were addressed. The panel also
discussed the need to identify SDGs where internet based technologies
could make the most effective contribution. Sunil
Abraham contributed to the panel discussions by addressing the issue
of development and promotion of local content and applications. List
of speakers included:</p>
<ol>
<li>
<p align="justify">
Lenni
Montiel, Assistant-Secretary-General for Development, United Nations</p>
</li><li>
<p align="justify">
Helani
Galpaya, CEO LIRNEasia</p>
</li><li>
<p align="justify">
Sergio
Quiroga da Cunha, Head of Latin America, Ericsson</p>
</li><li>
<p align="justify">
Raúl
L. Katz, Adjunct Professor, Division of Finance and Economics,
Columbia Institute of Tele-information</p>
</li><li>
<p align="justify">
Jimson
Olufuye, Chairman, Africa ICT Alliance (AfICTA)</p>
</li><li>
<p align="justify">
Lydia
Brito, Director of the Office in Montevideo, UNESCO</p>
</li><li>
<p align="justify">
H.E.
Rudiantara, Minister of Communication & Information Technology,
Indonesia</p>
</li><li>
<p align="justify">
Daniel
Sepulveda, Deputy Assistant Secretary, U.S. Coordinator for
International and Communications Policy at the U.S. Department of
State </p>
</li><li>
<p align="justify">
Deputy
Minister Department of Telecommunications and Postal Services for
the republic of South Africa</p>
</li><li>
<p align="justify">
Sunil
Abraham, Executive Director, Centre for Internet and Society, India</p>
</li><li>
<p align="justify">
H.E.
Junaid Ahmed Palak, Information and Communication Technology
Minister of Bangladesh</p>
</li><li>
<p align="justify">
Jari
Arkko, Chairman, IETF</p>
</li><li>
<p align="justify">
Silvia
Rabello, President, Rio Film Trade Association</p>
</li><li>
<p align="justify">
Gary
Fowlie, Head of Member State Relations & Intergovernmental
Organizations, ITU</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">http</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">://</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">www</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">.</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">intgovforum</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">.</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">org</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">/</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">cms</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">/</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">igf</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">2015-</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">main</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">-</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">sessions</a><u>
</u></p>
<p align="justify">
Transcript
of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2327-2015-11-11-internet-economy-and-sustainable-development-main-meeting-room">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2327-2015-11-11-internet-economy-and-sustainable-development-main-meeting-room</a></u></p>
<p align="justify">
Video
link Internet
economy and Sustainable Development here
<a href="https://www.youtube.com/watch?v=D6obkLehVE8">https://www.youtube.com/watch?v=D6obkLehVE8</a></p>
<p align="justify"> II.
Public
Knowledge organised a workshop on <em><strong>The
Benefits and Challenges of the Free Flow of Data </strong></em>at
Workshop Room
5 from 11:00 am to 12:00 pm on 12 November, 2015. The discussions in
the workshop focused on the benefits and challenges of the free flow
of data and also the concerns relating to data flow restrictions
including ways to address
them. Sunil
Abraham contributed to the panel discussions by addressing the issue
of jurisdiction of data on the internet. The
panel for the workshop included the following.</p>
<ol>
<li>
<p align="justify">
Vint
Cerf, Google</p>
</li><li>
<p align="justify">
Lawrence
Strickling, U.S. Department of Commerce, NTIA</p>
</li><li>
<p align="justify">
Richard
Leaning, European Cyber Crime Centre (EC3), Europol</p>
</li><li>
<p align="justify">
Marietje
Schaake, European Parliament</p>
</li><li>
<p align="justify">
Nasser
Kettani, Microsoft</p>
</li><li>
<p align="justify">
Sunil
Abraham, CIS
India</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">://</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">www</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">.</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">intgovforum</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">.</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">org</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">cms</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">workshops</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">list</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">of</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">published</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">workshop</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">proposals</a><u>
</u></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2467-2015-11-12-ws65-the-benefits-and-challenges-of-the-free-flow-of-data-workshop-room-5">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2467-2015-11-12-ws65-the-benefits-and-challenges-of-the-free-flow-of-data-workshop-room-5</a></p>
<p align="justify">
Video link https://www.youtube.com/watch?v=KtjnHkOn7EQ</p>
<p align="justify"> III.
Article
19 and
Privacy International organised a workshop on <em><strong>Encryption
and Anonymity: Rights and Risks</strong></em>
at Workshop Room 1 from 11:00 am to 12:30 pm on 12 November, 2015.
The
workshop fostered a discussion about the latest challenges to
protection of anonymity and encryption and ways in which law
enforcement demands could be met while ensuring that individuals
still enjoyed strong encryption and unfettered access to anonymity
tools. Pranesh
Prakash contributed to the panel discussions by addressing concerns
about existing south Asian regulatory framework on encryption and
anonymity and emphasizing the need for pervasive encryption. The
panel for this workshop included the following.</p>
<ol>
<li>
<p align="justify">
David
Kaye, UN Special Rapporteur on Freedom of Expression</p>
</li><li>
<p align="justify">
Juan
Diego Castañeda, Fundación Karisma, Colombia</p>
</li><li>
<p align="justify">
Edison
Lanza, Organisation of American States Special Rapporteur</p>
</li><li>
<p align="justify">
Pranesh
Prakash, CIS India</p>
</li><li>
<p align="justify">
Ted
Hardie, Google</p>
</li><li>
<p align="justify">
Elvana
Thaci, Council of Europe</p>
</li><li>
<p align="justify">
Professor
Chris Marsden, Oxford Internet Institute</p>
</li><li>
<p align="justify">
Alexandrine
Pirlot de Corbion, Privacy International</p>
</li></ol>
<p align="justify"><a name="_Hlt435412531"></a>
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">://</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">www</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">.</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">intgovforum</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">.</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">org</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">cms</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">worksh</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">o</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">ps</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">list</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">of</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">published</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">workshop</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">proposals</a><u>
</u></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2407-2015-11-12-ws-155-encryption-and-anonymity-rights-and-risks-workshop-room-1">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2407-2015-11-12-ws-155-encryption-and-anonymity-rights-and-risks-workshop-room-1</a></p>
<p align="justify">
Video link available here https://www.youtube.com/watch?v=hUrBP4PsfJo</p>
<p align="justify"> IV.
Chalmers
& Associates organised a session on <em><strong>A
Dialogue on Zero Rating and Network Neutrality</strong></em>
at the Main Meeting Hall from 2:00 pm to 4:00 pm on 12 November,
2015. The Dialogue provided access to expert insight on zero-rating
and a full spectrum of diverse
views on this issue. The Dialogue also explored alternative
approaches to zero rating such as use of community networks. Pranesh
Prakash provided
a
detailed explanation of harms and benefits related to different
approaches to zero-rating. The
panellists for this session were the following.</p>
<ol>
<li>
<p align="justify">
Jochai
Ben-Avie, Senior Global Policy Manager, Mozilla, USA</p>
</li><li>
<p align="justify">
Igor
Vilas Boas de Freitas, Commissioner, ANATEL, Brazil</p>
</li><li>
<p align="justify">
Dušan
Caf, Chairman, Electronic Communications Council, Republic of
Slovenia</p>
</li><li>
<p align="justify">
Silvia
Elaluf-Calderwood, Research Fellow, London School of Economics,
UK/Peru</p>
</li><li>
<p align="justify">
Belinda
Exelby, Director, Institutional Relations, GSMA, UK</p>
</li><li>
<p align="justify">
Helani
Galpaya, CEO, LIRNEasia, Sri Lanka</p>
</li><li>
<p align="justify">
Anka
Kovacs, Director, Internet Democracy Project, India</p>
</li><li>
<p align="justify">
Kevin
Martin, VP, Mobile and Global Access Policy, Facebook, USA</p>
</li><li>
<p align="justify">
Pranesh
Prakash, Policy Director, CIS India</p>
</li><li>
<p align="justify">
Steve
Song, Founder, Village Telco, South Africa/Canada</p>
</li><li>
<p align="justify">
Dhanaraj
Thakur, Research Manager, Alliance for Affordable Internet, USA/West
Indies</p>
</li><li>
<p align="justify">
Christopher
Yoo, Professor of Law, Communication, and Computer & Information
Science, University of Pennsylvania, USA</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">http://www.intgovforum.org/cms/igf2015-main-sessions</a></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2457-2015-11-12-a-dialogue-on-zero-rating-and-network-neutrality-main-meeting-hall-2">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2457-2015-11-12-a-dialogue-on-zero-rating-and-network-neutrality-main-meeting-hall-2</a></p>
<p align="justify"> V.
The
Internet & Jurisdiction Project organised a workshop on
<em><strong>Transnational
Due Process: A Case Study in MS Cooperation</strong></em>
at Workshop Room
4 from 11:00 am to 12:00 pm on 13 November, 2015. The
workshop discussion focused on the challenges in developing an
enforcement framework for the internet that guarantees transnational
due process and legal interoperability. The discussion also focused
on innovative approaches to multi-stakeholder cooperation such as
issue-based networks, inter-sessional work methods and transnational
policy standards. The panellists for this discussion were the
following.</p>
<ol>
<li>
<p align="justify">
Anne
Carblanc Head of Division, Directorate for Science, Technology and
Industry, OECD</p>
</li><li>
<p align="justify">
Eileen
Donahoe Director Global Affairs, Human Rights Watch</p>
</li><li>
<p align="justify">
Byron
Holland President and CEO, CIRA (Canadian ccTLD)</p>
</li><li>
<p align="justify">
Christopher
Painter Coordinator for Cyber Issues, US Department of State</p>
</li><li>
<p align="justify">
Sunil
Abraham Executive Director, CIS India</p>
</li><li>
<p align="justify">
Alice
Munyua Lead dotAfrica Initiative and GAC representative, African
Union Commission</p>
</li><li>
<p align="justify">
Will
Hudsen Senior Advisor for International Policy, Google</p>
</li><li>
<p align="justify">
Dunja
Mijatovic Representative on Freedom of the Media, OSCE</p>
</li><li>
<p align="justify">
Thomas
Fitschen Director for the United Nations, for International
Cooperation against Terrorism and for Cyber Foreign Policy, German
Federal Foreign Office</p>
</li><li>
<p align="justify">
Hartmut
Glaser Executive Secretary, Brazilian Internet Steering Committee</p>
</li><li>
<p align="justify">
Matt
Perault, Head of Policy Development Facebook</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals">http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals</a></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2475-2015-11-13-ws-132-transnational-due-process-a-case-study-in-ms-cooperation-workshop-room-4">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2475-2015-11-13-ws-132-transnational-due-process-a-case-study-in-ms-cooperation-workshop-room-4</a></p>
<p align="justify">
Video
link Transnational
Due Process: A Case Study in MS Cooperation available here <a href="https://www.youtube.com/watch?v=M9jVovhQhd0">https://www.youtube.com/watch?v=M9jVovhQhd0</a></p>
<p align="justify"> VI.
The Internet Governance Project organised a meeting of the
<em><strong>Dynamic
Coalition on Accountability of Internet Governance Venues</strong></em>
at Workshop Room 2 from 14:00
– 15:30 on
12 November, 2015. The coalition
brought together panelists to highlight the
challenges in developing an accountability
framework
for internet governance
venues that include setting up standards and developing a set of
concrete criteria. Jyoti Panday provided the perspective of civil
society on why acountability is necessary in internet governance
processes and organizations. The panelists for this workshop included
the following.</p>
<ol>
<li>
<p>
Robin
Gross, IP Justice</p>
</li><li>
<p>
Jeanette
Hofmann, Director
<a href="http://www.internetundgesellschaft.de/">Alexander
von Humboldt Institute for Internet and Society</a></p>
</li><li>
<p>
Farzaneh
Badiei,
Internet Governance Project</p>
</li><li>
<p>
Erika
Mann,
Managing
Director Public PolicyPolicy Facebook and Board of Directors
ICANN</p>
</li><li>
<p>
Paul
Wilson, APNIC</p>
</li><li>
<p>
Izumi
Okutani, Japan
Network Information Center (JPNIC)</p>
</li><li>
<p>
Keith
Drazek , Verisign</p>
</li><li>
<p>
Jyoti
Panday,
CIS</p>
</li><li>
<p>
Jorge
Cancio,
GAC representative</p>
</li></ol>
<p>
Detailed
description of the workshop is available here
<a href="http://igf2015.sched.org/event/4c23/dynamic-coalition-on-accountability-of-internet-governance-venues?iframe=no&w=&sidebar=yes&bg=no">http://igf2015.sched.org/event/4c23/dynamic-coalition-on-accountability-of-internet-governance-venues?iframe=no&w=&sidebar=yes&bg=no</a></p>
<p>
Video
link https://www.youtube.com/watch?v=UIxyGhnch7w</p>
<p> VII.
Digital
Infrastructure
Netherlands Foundation organized an open forum at
Workshop Room 3
from 11:00
– 12:00
on
10
November, 2015. The open
forum discussed the increase
in government engagement with “the internet” to protect their
citizens against crime and abuse and to protect economic interests
and critical infrastructures. It
brought
together panelists topresent
ideas about an agenda for the international protection of ‘the
public core of the internet’ and to collect and discuss ideas for
the formulation of norms and principles and for the identification of
practical steps towards that goal.
Pranesh Prakash participated in the e open forum. Other speakers
included</p>
<ol>
<li>
<p>
Bastiaan
Goslings AMS-IX, NL</p>
</li><li>
<p>
Pranesh
Prakash CIS, India</p>
</li><li>
<p>
Marilia
Maciel (FGV, Brasil</p>
</li><li>
<p>
Dennis
Broeders (NL Scientific Council for Government Policy)</p>
</li></ol>
<p>
Detailed
description of the open
forum is available here
<a href="http://schd.ws/hosted_files/igf2015/3d/DINL_IGF_Open%20Forum_The_public_core_of_the_internet.pdf">http://schd.ws/hosted_files/igf2015/3d/DINL_IGF_Open%20Forum_The_public_core_of_the_internet.pdf</a></p>
<p>
Video
link available here <a href="https://www.youtube.com/watch?v=joPQaMQasDQ">https://www.youtube.com/watch?v=joPQaMQasDQ</a></p>
<p>
VIII.
UNESCO, Council of Europe, Oxford University, Office of the High
Commissioner on Human Rights, Google, Internet Society organised a
workshop on hate speech and youth radicalisation at Room 9 on
Thursday, November 12. UNESCO shared the initial outcome from its
commissioned research on online hate speech including practical
recommendations on combating against online hate speech through
understanding the challenges, mobilizing civil society, lobbying
private sectors and intermediaries and educating individuals with
media and information literacy. The workshop also discussed how to
help empower youth to address online radicalization and extremism,
and realize their aspirations to contribute to a more peaceful and
sustainable world. Sunil Abraham provided his inputs. Other speakers
include</p>
<p>
1.
Chaired by Ms Lidia Brito, Director for UNESCO Office in Montevideo</p>
<p>
2.Frank
La Rue, Former Special Rapporteur on Freedom of Expression</p>
<p>
3.
Lillian Nalwoga, President ISOC Uganda and rep CIPESA, Technical
community</p>
<p>
4.
Bridget O’Loughlin, CoE, IGO</p>
<p>
5.
Gabrielle Guillemin, Article 19</p>
<p>
6.
Iyad Kallas, Radio Souriali</p>
<p>
7.
Sunil Abraham executive director of Center for Internet and Society,
Bangalore, India</p>
<p>
8.
Eve Salomon, global Chairman of the Regulatory Board of RICS</p>
<p>
9.
Javier Lesaca Esquiroz, University of Navarra</p>
<p>
10.
Representative GNI</p>
<p>
11.
Remote Moderator: Xianhong Hu, UNESCO</p>
<p>
12.
Rapporteur: Guilherme Canela De Souza Godoi, UNESCO</p>
<p>
Detailed
description of the workshop
is available here
<a href="http://igf2015.sched.org/event/4c1X/ws-128-mitigate-online-hate-speech-and-youth-radicalisation?iframe=no&w=&sidebar=yes&bg=no">http://igf2015.sched.org/event/4c1X/ws-128-mitigate-online-hate-speech-and-youth-radicalisation?iframe=no&w=&sidebar=yes&bg=no</a></p>
<p>
Video
link to the panel is available here
<a href="https://www.youtube.com/watch?v=eIO1z4EjRG0">https://www.youtube.com/watch?v=eIO1z4EjRG0</a></p>
<p> <strong>INTERMEDIARY
LIABILITY</strong></p>
<p align="justify">
IX.
Electronic
Frontier Foundation, Centre for Internet Society India, Open Net
Korea and Article 19 collaborated to organize
a workshop on the <em><strong>Manila
Principles on Intermediary Liability</strong></em>
at Workshop Room 9 from 11:00 am to 12:00 pm on 13 November 2015. The
workshop elaborated on the Manila
Principles, a high level principle framework of best practices and
safeguards for content restriction practices and addressing liability
for intermediaries for third party content. The
workshop
saw particpants engaged in over lapping projects considering
restriction practices coming togetehr to give feedback and highlight
recent developments across liability regimes. Jyoti
Panday laid down the key details of the Manila Principles framework
in this session. The panelists for this workshop included the
following.</p>
<ol>
<li>
<p align="justify">
Kelly
Kim Open Net Korea,</p>
</li><li>
<p align="justify">
Jyoti
Panday, CIS India,</p>
</li><li>
<p align="justify">
Gabrielle
Guillemin, Article 19,</p>
</li><li>
<p align="justify">
Rebecca
McKinnon on behalf of UNESCO</p>
</li><li>
<p align="justify">
Giancarlo
Frosio, Center for Internet and Society, Stanford Law School</p>
</li><li>
<p align="justify">
Nicolo
Zingales, Tilburg University</p>
</li><li>
<p align="justify">
Will
Hudson, Google</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals</a></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2423-2015-11-13-ws-242-the-manila-principles-on-intermediary-liability-workshop-room-9">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2423-2015-11-13-ws-242-the-manila-principles-on-intermediary-liability-workshop-room-9</a></p>
<p align="justify">
Video link available here <a href="https://www.youtube.com/watch?v=kFLmzxXodjs">https://www.youtube.com/watch?v=kFLmzxXodjs</a></p>
<p align="justify"> <strong>ACCESSIBILITY</strong></p>
<p align="justify">
X.
Dynamic
Coalition
on Accessibility and Disability and Global Initiative for Inclusive
ICTs organised a workshop on <em><strong>Empowering
the Next Billion by Improving Accessibility</strong></em><em>
</em>at
Workshop Room 6 from 9:00 am to 10:30 am on 13 November, 2015. The
discussion focused on
the need and ways to remove accessibility barriers which prevent over
one billion potential users to benefit from the Internet, including
for essential services. Sunil
Abraham specifically spoke about the lack of compliance of existing
ICT infrastructure with well established accessibility standards
specifically relating to accessibility barriers in the disaster
management process. He discussed the barriers faced by persons with
physical or psychosocial disabilities. The
panelists for this discussion were the following.</p>
<ol>
<li>
<p align="justify">
Francesca
Cesa Bianchi, G3ICT</p>
</li><li>
<p align="justify">
Cid
Torquato, Government of Brazil</p>
</li><li>
<p align="justify">
Carlos
Lauria, Microsoft Brazil</p>
</li><li>
<p align="justify">
Sunil
Abraham, CIS India</p>
</li><li>
<p align="justify">
Derrick
L. Cogburn, Institute on Disability and Public Policy (IDPP) for the
ASEAN(Association of Southeast Asian Nations) Region</p>
</li><li>
<p align="justify">
Fernando
H. F. Botelho, F123 Consulting</p>
</li><li>
<p align="justify">
Gunela
Astbrink, GSA InfoComm</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals</a></u></p>
<p align="justify">
Transcript
of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2438-2015-11-13-ws-253-empowering-the-next-billion-by-improving-accessibility-workshop-room-3">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2438-2015-11-13-ws-253-empowering-the-next-billion-by-improving-accessibility-workshop-room-3</a></u></p>
<p align="justify">
Video
Link Empowering
the next billion by improving accessibility <a href="https://www.youtube.com/watch?v=7RZlWvJAXxs">https://www.youtube.com/watch?v=7RZlWvJAXxs</a></p>
<p align="justify"> <strong>OPENNESS</strong></p>
<p align="justify">
XI.
A
workshop on <em><strong>FOSS
& a Free, Open Internet: Synergies for Development</strong></em>
was organized at Workshop Room 7 from 2:00 pm to 3:30 pm on 13
November, 2015. The discussion was focused on the increasing risk to
openness of the internet and the ability of present & future
generations to use technology to improve their lives. The panel shred
different perspectives about the future co-development
of FOSS and a free, open Internet; the threats that are emerging; and
ways for communities to surmount these. Sunil
Abraham emphasised the importance of free software, open standards,
open access and access to knowledge and the lack of this mandate in
the draft outcome document for upcoming WSIS+10 review and called for
inclusion of the same. Pranesh Prakash further contributed to the
discussion by emphasizing the need for free open source software with
end‑to‑end encryption and traffic level encryption based
on open standards which are decentralized and work through federated
networks. The
panellists for this discussion were the following.</p>
<ol>
<li>
<p align="justify">
Satish
Babu, Technical Community, Chair, ISOC-TRV, Kerala, India</p>
</li><li>
<p align="justify">
Judy
Okite, Civil Society, FOSS Foundation for Africa</p>
</li><li>
<p align="justify">
Mishi
Choudhary, Private Sector, Software Freedom Law Centre, New York</p>
</li><li>
<p align="justify">
Fernando
Botelho, Private Sector, heads F123 Systems, Brazil</p>
</li><li>
<p align="justify">
Sunil
Abraham, CIS
India</p>
</li><li>
<p align="justify">
Pranesh
Prakash, CIS
India</p>
</li><li>
<p align="justify">
Nnenna
Nwakanma- WWW.Foundation</p>
</li><li>
<p align="justify">
Yves
MIEZAN EZO, Open Source strategy consultant</p>
</li><li>
<p align="justify">
Corinto
Meffe, Advisor to the President and Directors, SERPRO, Brazil</p>
</li><li>
<p align="justify">
Frank
Coelho de Alcantara, Professor, Universidade Positivo, Brazil</p>
</li><li>
<p align="justify">
Caroline
Burle, Institutional and International Relations, W3C Brazil Office
and Center of Studies on Web Technologies</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals</a></u></p>
<p align="justify">
Transcript
of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2468-2015-11-13-ws10-foss-and-a-free-open-internet-synergies-for-development-workshop-room-7" target="_top">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2468-2015-11-13-ws10-foss-and-a-free-open-internet-synergies-for-development-workshop-room-7</a></u></p>
<p align="justify">
Video
link available here <a href="https://www.youtube.com/watch?v=lwUq0LTLnDs">https://www.youtube.com/watch?v=lwUq0LTLnDs</a></p>
<p align="justify">
<br /><br /></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/summary-report-internet-governance-forum-2015'>http://editors.cis-india.org/internet-governance/blog/summary-report-internet-governance-forum-2015</a>
</p>
No publisherjyotiAccess to KnowledgeBig DataFreedom of Speech and ExpressionEncryptionInternet Governance ForumIntermediary LiabilityAccountabilityInternet GovernanceCensorshipCyber SecurityDigital GovernanceAnonymityCivil SocietyBlocking2015-11-30T10:47:13ZBlog EntryCyber Security Policy Research
http://editors.cis-india.org/internet-governance/events/cyber-security-policy-research
<b>Tim Maurer will give a presentation on cybersecurity policy research at the Centre for Internet & Society's New Delhi office on October 18, 2015, from 2 p.m. to 5 p.m. Geetha Hariharan and Sunil Abraham will participate in this event.</b>
<p style="text-align: justify; ">Tim Maurer's talk will give an outline of the definitional issues involved, the various threats to the confidentiality, integrity, and availability of information and underlying infrastructure, the actors involved and international efforts to address cybersecurity. The talk will also provide an overview of existing and ongoing cyber security policy research.</p>
<h2 style="text-align: justify; ">Tim Maurer</h2>
<p><img src="http://editors.cis-india.org/home-images/Tim.jpg/@@images/897b814d-5366-4da7-9270-b3c69b69020f.jpeg" alt="Tim" class="image-inline" title="Tim" /></p>
<p style="text-align: justify; ">Tim Maurer is an associate at the Carnegie Endowment for International Peace. His work focuses on cyberspace and international affairs, with a concentration on global cybersecurity norms, human rights online, Internet governance, and their interlinkages. He is writing a book on cybersecurity and proxy actors.<br /><br />Maurer serves as a member of the Research Advisory Network of the Global Commission on Internet Governance, the Freedom Online Coalition’s cybersecurity working group “An Internet Free and Secure,” and co-chaired the Civil Society Advisory Board of the Global Conference on CyberSpace. In 2014, he developed the Global Cyber Definitions Database for the chair of the OSCE to support the implementation of the OSCE’s cyber confidence-building measures. In 2013 and 2014, Maurer spoke about cybersecurity at the United Nations in New York and Geneva and co-authored “Tipping the Scale: An Analysis of Global Swing States in the Internet Governance Debate,” published by the Global Commission on Internet Governance. His work has also been published by Jane’s Intelligence Review, TIME, Foreign Policy, CNN, Slate, and other academic and media venues.<br /><br />Prior to joining Carnegie, Maurer was the director of the Global Cybersecurity Norms and Resilience Project at New America and head of research of New America’s Cybersecurity Initiative. He also gained experience with the United Nations in Rwanda, Geneva, and New York focusing on humanitarian assistance and the coordination of the UN system.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/cyber-security-policy-research'>http://editors.cis-india.org/internet-governance/events/cyber-security-policy-research</a>
</p>
No publisherpraskrishnaCyber SecurityEventInternet Governance2015-10-16T16:47:12ZEvent Cyfy 2015: The India Conference on Cyber Security and Internet Governance
http://editors.cis-india.org/internet-governance/news/cyfy-2015-india-conference-on-cyber-security-and-internet-governance
<b>In its third year, Cyfy; South Asia’s biggest internet policy conference is being held in New Delhi, from 14-16 October, 2015. The event is organized by Observer Research Foundation at Hotel Taj Mansingh. Sunil Abraham is a panelist in the session "Protection of Intellectual Property and Business Secrets in the Knowledge Economy".</b>
<p style="text-align: justify; ">Building on its scope and scale of the previous year — over 55 speakers, from 12 countries, with 350 attendees — the conference discusses issues that affect the emerging world and developed world alike. The conversations will further and widen the debate around internet governance, security, surveillance, freedom of expression, norms of state behaviour, technology and specific societal challenges that emerging and developing countries seek to address by the effective design and deployment on these technologies. In 2015, Cyfy will bring together more experts from South Asia, in order to present new thought on the specific challenges of internet access, policy and regulation, e-governance, financial inclusion, and bottom of the pyramid solutions.</p>
<p>Along with its growing network of both Indian and international partners, ORF looking forward to hosting another thought-provoking and productive few days, and bridging some digital divides in contemporary internet cyber policy debates.</p>
<h3>Protection of Intellectual Property and Business Secrets in the Knowledge Economy</h3>
<p style="text-align: justify; ">Over the past decade, there has been an exponential rise in cyber-enabled theft of intellectual property, and it has been recognized as an unfair predatory practice. With the rise of the globalized knowledge economy, the stability of open trading systems increasingly depends on cross-border IP protection. What is the relevance of the protection of intellectual property and business secrets for economic development and stability of the international trading system?</p>
<hr />
<p><a href="http://editors.cis-india.org/internet-governance/blog/cyfy-agenda" class="internal-link"><b>Download the agenda</b> </a>For more info visit <a class="external-link" href="http://cyfy.org/">here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/cyfy-2015-india-conference-on-cyber-security-and-internet-governance'>http://editors.cis-india.org/internet-governance/news/cyfy-2015-india-conference-on-cyber-security-and-internet-governance</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2015-10-17T14:44:42ZNews ItemCyber 360
http://editors.cis-india.org/internet-governance/news/cyber-360
<b>Synergy Foundation organized the Cyber 360 conference in Bangalore on September 29 and 30, 2015. Sunil Abraham participated in the event.</b>
<p style="text-align: justify; ">As part of Cyber 360 Degree, a two-day conference on cyber security continuing Wednesday in Bangalore, experts from around the world gathered to discuss global threats to information security, particularly focusing on open wifi, which poses a huge threat to information security. The conference aimed to bring together strategic security practitioners, policymakers, media and business enterprises on a single platform to obtain a 360o perspective on cybersecurity. It was an endeavour to create a holistic security strategy that will help to achieve resilience against modern cyber-threats. A range of keynote presentations and panel discussions will give participants a rare chance to interact and learn from leading cyber security experts and solution providers from around the world.</p>
<h3 style="text-align: justify; ">The Participants</h3>
<p> CEOs, Members of Board and CIOs of more than 60 companies<br /> Security practitioners<br /> Policy-makers<br /> Leading Academia<br /> International think tanks & media</p>
<p><a href="http://editors.cis-india.org/internet-governance/blog/cyber-360-agenda" class="internal-link">Download the agenda</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/cyber-360'>http://editors.cis-india.org/internet-governance/news/cyber-360</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2015-10-14T02:22:27ZNews ItemBangalore Chapter Meet of DSCI
http://editors.cis-india.org/internet-governance/events/bangalore-chapter-meet-of-dsci-september-26-2015
<b>The Centre for Internet & Society (CIS) will host the Bangalore Chapter Meeting of Data Security Council of India (DSCI) on September 26, 2015 at its Bangalore office in Domlur. The event will be held from 2.30 p.m. to 5.30 p.m.</b>
<p style="text-align: justify; ">After the Nasscom cyber security task force meeting held at Wipro in June, followed by DSCI Best Practices meet in July, we now have the next chapter meeting at CIS.</p>
<h3 style="text-align: justify; ">Speakers</h3>
<p style="text-align: justify; ">The first speaker will be <b>Melissa Hathaway, Commissioner, Global Commission for Internet Governance</b>. She is an internationally distinguished cyber security expert and has worked as cyber security adviser in two US Presidential Administrations, and is the former acting Senior Director for cyberspace at the National Security Council in the US. The topic she will be speaking on is "<a href="http://editors.cis-india.org/internet-governance/blog/connected-choices" class="external-link">Connected Choices</a>".</p>
<p style="text-align: justify; ">The second speaker will be <b>Sunil Abraham, Executive Director, CIS</b> (Center for internet & Society). Sunil is a renowned thought leader when it comes to internet governance, cyber space & its interface with civil society and actively contributes to DSCI and other forums. He will be presenting on "<a href="http://editors.cis-india.org/internet-governance/blog/anonymity-in-cyberspace" class="external-link">Anonymity in Cyberspace</a>" - the SIG that he led over last 8 months along with a diverse group of members from the industry in Bangalore.</p>
<h3 style="text-align: justify; ">Agenda</h3>
<table class="grid listing">
<tbody>
<tr>
<th>Time</th><th>Topic</th>
</tr>
<tr>
<td>2.30 p.m. - 2.45 p.m.</td>
<td>Recent Developments and Updates from DSCI</td>
</tr>
<tr>
<td>2.45 p.m. - 4.00 p.m.</td>
<td>Srinivas P. (Anchor): DSCI Bangalore Chapter</td>
</tr>
<tr>
<td>4.00 p.m. - 5.00 p.m.</td>
<td>Melissa Hathaway: Connected Choices</td>
</tr>
<tr>
<td>5.00 p.m. - 5.30 p.m.</td>
<td>Sunil Abraham: Anonymity in Cyberspace</td>
</tr>
</tbody>
</table>
<p style="text-align: justify; ">This will be followed by High Tea & Networking.</p>
<p style="text-align: justify; ">For participation, please send your email confirmation to Rajesh of Infosys at <a class="mail-link" href="mailto:Rajesh_K18@infosys.com">Rajesh_K18@infosys.com</a></p>
<p style="text-align: justify; ">Since seats are limited, the participation will be restricted to first 50 confirmations. We had to organize it on a Saturday, due to Melissa’s availability – I’m sure many of you who know about her as expert security speaker, will not see weekend as a constraint to attend. Look forward to meeting you at CIS.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/bangalore-chapter-meet-of-dsci-september-26-2015'>http://editors.cis-india.org/internet-governance/events/bangalore-chapter-meet-of-dsci-september-26-2015</a>
</p>
No publishersunilCyber SecurityEventInternet Governance2015-09-09T01:40:56ZEventCIS Cybersecurity Series (Part 24) – Shantanu Ghosh
http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-24-2013-shantanu-ghosh
<b>CIS interviews Shantanu Ghosh, Managing Director, Symantec Product Operations, India, as part of the Cybersecurity Series.</b>
<p><em>“Remember
that India is also a land where there are a lot of people who are beginning to
use computing devices for the first time in their lives. For many people, their
smartphone is their first computing device because they have never had
computers in the past. For them, the challenge is how do you make sure that
they understand that that can be a threat too. It can be a threat not only to
their bank accounts, with their financial information, but even to their
private lives.”</em></p>
<p>Centre for Internet and Society presents its twenty fourth
installment of the CIS Cybersecurity Series.”</p>
<p>The CIS Cybersecurity Series seeks to address hotly
debated aspects of cybersecurity and hopes to encourage wider public discourse
around the topic.</p>
<p>Shantanu Ghosh is the Managing Director of Symantec
Product Operations, India. He also runs the Data Centre Security Group for
Symantec globally.</p>
<iframe src="https://www.youtube.com/embed/dFN2_R0HzbA" frameborder="0" height="315" width="560"></iframe>
<p><strong>This work was carried out as part of the Cyber
Stewards Network with aid of a grant from the International Development Research
Centre, Ottawa, Canada.</strong></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-24-2013-shantanu-ghosh'>http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-24-2013-shantanu-ghosh</a>
</p>
No publisherpurbaPrivacyCybersecurityInternet GovernanceCyber Security FilmCyber SecurityCyber Security Interview2015-07-15T14:58:50ZBlog EntryCIS Cybersecurity Series (Part 23) – Justin Searle
http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle
<b>CIS interviews Justin Searle, security expert, as part of the Cybersecurity Series.</b>
<p><em>"I think that people here in India, just like everywhere else, are broadening the areas where security can be applied. We see elsewhere, like in the United States and in Europe, that a lot of security researchers are starting to get into not just control systems, but also embedded devices and hardware and wireless... And we are seeing the same trends here in India as well. It is fun to see that growth and continual development, and not only that, but we are seeing security projects and research coming out of India, that's unqiue and fresh and contributing back to what originally came more from the United States and Europe."</em></p>
<p>Centre for Internet and Society presents its twenty
third installment of the CIS Cybersecurity Series.</p>
<p>The CIS Cybersecurity Series seeks to address hotly
debated aspects of cybersecurity and hopes to encourage wider public discourse
around the topic. </p>
<p>Justin Searle is the managing partner for Utilisec.
Utisix provides security services to the energy sector. They also assist oil,
water, gas, and manufacturing companies. Justin specializes in security
assessments and finding vulnerabilities in systems. </p>
<iframe src="https://www.youtube.com/embed/ufOV8DXzQuA" frameborder="0" height="315" width="560"></iframe>
<p> </p>
<p><strong>This work was carried out as part of the Cyber
Stewards Network with aid of a grant from the International Development
Research Centre, Ottawa, Canada.</strong></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle'>http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle</a>
</p>
No publisherpurbaPrivacyCybersecurityInternet GovernanceCyber Security FilmCyber SecurityCyber Security Interview2015-07-15T14:44:38ZBlog EntryCIS Cybersecurity Series (Part 22) - Anonymous
http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous
<b>CIS interviews a Tibetan security researcher and information activist, as part of the Cybersecurity Series. He prefers to remain anonymous.</b>
<p><em>"I
don't know technology but I am aware of the information people share with me.
So yes, they can track you down through your mobile phone. The last time I was
in Nepal, I met a westerner. We went to this restaurant and she asked me to
take the battery out of the phone. That was the first time I had heard of this
and so when I asked why she said that it is possible that people had followed
us and it has happened to other Tibetans in Nepal..."</em></p>
<p>Centre for Internet and Society presents its twenty second installment of the CIS Cybersecurity Series.</p>
<p>The CIS Cybersecurity Series seeks to address hotly
debated aspects of cybersecurity and hopes to encourage wider public discourse
around the topic.</p>
<p><iframe src="https://www.youtube.com/embed/glsAFfj7tV4" frameborder="0" height="315" width="560"></iframe></p>
<p><em>This work was carried out as part of the Cyber
Stewards Network with aid of a grant from the International Development Research
Centre, Ottawa, Canada.</em></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous'>http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous</a>
</p>
No publisherpurbaPrivacyCybersecurityInternet GovernanceCyber Security FilmCyber SecurityCyber Security Interview2015-07-13T13:40:42ZBlog EntryMost emerging firms low on cyber security: Experts
http://editors.cis-india.org/internet-governance/news/economic-times-june-24-2015-malavika-murali-and-payal-ganguly-most-emerging-firms-low-on-cyber-security-experts
<b>When Pavitra Badrinath saw that the upgrade to a shopping application on her smartphone asked access to her contacts and messages, she decided against it. "Laws on privacy are not clear in India. So I am doing what I can to protect my information," the 26-year-old technology firm employee said.</b>
<p style="text-align: justify; ">The article by Malavika Murali and Payal Ganguly was <a class="external-link" href="http://articles.economictimes.indiatimes.com/2015-06-24/news/63783278_1_cyber-security-data-security-council-google-india">published in the Economic Times</a> on June 24, 2015. Sunil Abraham gave his inputs.</p>
<hr />
<p style="text-align: justify; ">Are users taking a risk by allowing applications to gain access to personal data shadowed by an upgrade? "Most definitely ," said Bikash Barai, cofounder and chief executive of security firm iViz Security .<br /><br />With at least 10 alleged breaches and hacks into the databases of startups such as Ola and Gaana this year, the alarm bells are going off.<br /><br />Experts warn that emerging businesses are lax with security frameworks, which is especially worrying as millions more Indians are shopping online, including on their phones, exposing crucial personal and financial data to fraud.<br /><br />More than 70 per cent of Indian companies are under-prepared when it comes to cyber security, according to a report by CISO Platform, a social platform for security experts where Barai is chief adviser.<br /><br />India's largest cab-hailing company, Ola denied hackers' claims in an email response to ET, stating that its data were not compromised.<br /><br />Music service Gaana.com, in response to being hacked by a person in Pakistan calling himself MakMan, said it had strengthened its security team and offerings in recent weeks. "In addition, we are working on a `bug bounty' program, which will allow individuals to point out any potential vulnerability in a safe way," said Pawan Agarwal, business head at Gaana.com.<br /><br />According to Google India, the number of online shoppers is expected to cross 100 million by the end of next year, from 35 million ear, from 35 million n 2014. But lack of roust regulations and ata privacy laws as ell as the fragmentd nature of the starup ecosystem, do not llow much scope for esearch on cyber seurity , said experts."Under the Indian "Under the Indian regime, there are no self-regulatory mechanisms for putting out breach notifications," said Sunil Abraham, executive director of the Centre for Internet and Society. "The numbers available with a central body like Data Security Council of India will be a gross underestimation of the cases of breach."<br /><br />"Most of the startups in India want to do everything in-house. This can lead to a potential compromise or lack of expertise on the security front, even if it is made priority," said Harshit Agarwal, founder and chief executive of Singapore-based Appknox, which provides security services to Paytm, Freecharge and Myntra among other clients.<br /><br />Jabong founder and managing director Praveen Sinha said the online fashion retailer spends 15-20 per cent of its revenue on cyber security. But other startups contended that budgets and teams sizes are not accurate indicators of security preparedness.<br /><br />"We do not work with any external security firms as we have realised that the average report is as good as our internal team can make," said Mukesh Singh, chief executive officer of online grocer ZopNow.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/economic-times-june-24-2015-malavika-murali-and-payal-ganguly-most-emerging-firms-low-on-cyber-security-experts'>http://editors.cis-india.org/internet-governance/news/economic-times-june-24-2015-malavika-murali-and-payal-ganguly-most-emerging-firms-low-on-cyber-security-experts</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2015-06-29T16:02:51ZNews ItemDesiSec: Cybersecurity and Civil Society in India
http://editors.cis-india.org/internet-governance/blog/desi-sec-cybersecurity-and-civil-society-in-india
<b>As part of its project on mapping cyber security actors in South Asia and South East Asia, the Centre for Internet & Society conducted a series of interviews with cyber security actors. The interviews were compiled and edited into one documentary. The film produced by Purba Sarkar, edited by Aaron Joseph, and directed by Oxblood Ruffin features Malavika Jayaram, Nitin Pai, Namita Malhotra, Saikat Datta, Nishant Shah, Lawrence Liang, Anja Kovacs, Sikyong Lobsang Sangay and, Ravi Sharada Prasad.</b>
<p style="text-align: justify; ">Originally the idea was to do 24 interviews with an array of international experts: Technical, political, policy, legal, and activist. The project was initiated at the University of Toronto and over time a possibility emerged. Why not shape these interviews into a documentary about cybersecurity and civil society? And why not focus on the world’s largest democracy, India? Whether in India or the rest of the world there are several issues that are fundamental to life online: Privacy, surveillance, anonymity and, free speech. DesiSec includes all of these, and it examines the legal frameworks that shape how India deals with these challenges.</p>
<p style="text-align: justify; ">From the time it was shot till the final edit there has only been one change in the juridical topography: the dreaded 66A of the IT Act has been struck down. Otherwise, all else is in tact. DesiSec was produced by Purba Sarkar, shot and edited by Aaron Joseph, and directed by Oxblood Ruffin. It took our team from Bangalore to Delhi and, Dharamsala. We had the honour of interviewing: Malavika Jayaram, Nitin Pai, Namita Malhotra, Saikat Datta, Nishant Shah, Lawrence Liang, Anja Kovacs, Sikyong Lobsang Sangay and, Ravi Sharada Prasad. Everyone brought something special to the discussion and we are grateful for their insights. Also, we are particularly pleased to include the music of Charanjit Singh for the intro/outro of DesiSec. Mr. Singh is the inventor of acid house music, predating the Wikipedia entry for that category by five years. Someone should correct that.</p>
<p>DesiSec is released under the Creative Commons License Attribution 3.0 Unported (CC by 3.0). You can watch it on Vimeo: <a href="https://vimeo.com/123722680" target="_blank">https://vimeo.com/123722680</a> or download it legally and free of charge via torrent. Feel free to show, remix, and share with your friends. And let us know what you think!</p>
<hr />
<h2>Video</h2>
<p><iframe frameborder="0" height="315" src="https://www.youtube.com/embed/8N3JUqRRvys" width="560"></iframe></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/desi-sec-cybersecurity-and-civil-society-in-india'>http://editors.cis-india.org/internet-governance/blog/desi-sec-cybersecurity-and-civil-society-in-india</a>
</p>
No publisherLaird BrownCensorshipPrivacyFreedom of Speech and ExpressionInternet GovernanceCyber Security FilmFeaturedChilling EffectCyber SecurityHomepageCyber Security Interview2015-06-29T16:25:43ZBlog EntryWWW: The Hackers’ Haven
http://editors.cis-india.org/internet-governance/news/business-world-9-2-2015-abraham-c-mathews-www-the-hackers-haven
<b>In an increasingly connected world, it pays to be careful when sharing personal information </b>
<p style="text-align: justify; ">This story by Abraham C. Mathews was published in <a class="external-link" href="http://www.businessworld.in/news/business/it/www-the-hackers%E2%80%99-haven/1707848/page-1.html">BW | Businessworld Issue Dated 09-02-2015</a>. Sunil Abraham gave his inputs.</p>
<hr />
<p style="text-align: justify; ">Last year, Whatsapp changed its encryption algorithm several times and, every time, it was breached,” says Saket Modi, hacker, entrepreneur and CEO of Lucideus Technologies, which just created an app that monitors wayward activity on your smartphone. That’s geekspeak for: “Your WhatsApp chats, including deleted ones, would have been accessible to any hacker worth his salt”. And we are talking about a company that was valued at $19 billion at some point during the year. Only in November 2014 did WhatsApp finally embrace end-to-end encryption, which will ostensibly address the issue.<br /> <br />Or take the sales claim that every smartphone purchaser has heard — “Android is safe from virus.” That’s not, however, what a joint study by security solutions company Kaspersky and Interpol found. In the first half of 2014, 1,75,442 unique malicious programmes targeted at Android were discovered. Clearly a tribute to the platform on which 85 per cent of smartphones run.<br /> <br />In a TEDx talk last year titled ‘What’s physically possible in the virtual world’, Modi demonstrated how, with access to your smartphone for barely 20 seconds, he can see everything that has ever happened on your phone — text messages, call log, browsing history, and so on. He also showed how fraudulent emails could be disguised so as to appear to have come from a yahoo.com email address, and how you could be hacked even without being connected to the Internet. “There are only two kinds of people in the world,” he says. “Those who know they have been hacked and those who don’t.”<br /> <br /><b>Epidemic Proportions</b><br />For cyber security, 2014 was annus horribilis. From celebrities whose intimate pictures were dumped on the Internet, to corporates such as Sony, JP Morgan and Target whose records were hacked into and personal information of millions of their customers compromised, it was the year when the proverbial shit hit the fan. Details (names, numbers, even favourite pizza toppings) of six lakh customers of Domino’s Pizza in France and Belgium were stolen for a $40,000 ransom. One hundred and ten million records (credit card details, social security numbers, along with addresses) from Target were stolen. The company later admitted that its sales were “meaningfully weaker” after the data theft was disclosed. One hundred and forty-five million records were stolen from eBay, 109 million from Home Depot and 83 million from JP Morgan during the year.<br /> <br />In 2013, a group that calls itself the Syrian Electronic Army hacked into Swedish company TrueCaller’s database. TrueCaller, an app, allows you to identify phone numbers. The data is collected from the contact list of those who download the app, which means, it even has details of those who haven’t downloaded or used the app in any way. Estimates put the number of Indians whose numbers could have been stolen at a million.<br /> <br />Cyber security is not yet a boardroom topic, says Anil Bhasin, MD, India & Saarc, Palo Alto Networks, which claims to create comprehensive security solutions for users but is fast becoming one with the increase in security breach incidents. Enterprises still use legacy technology that at times is 20 years old, he says, giving the example of banks that sometimes have a layer-3 staple inspection firewall, when they should ideally be running on layer-7.<br /> <br />When companies store your information, you also benefit. For example, when an e-commerce company does so, online shopping becomes faster and easier. But these companies should invest in measures to protect the information, says Sunil Abraham, executive director of the Centre for Internet and Society in Bangalore. But then again, he says, a lot of breaches, like the celebrity iCloud hack, happen because users are negligent with measures designed to protect them. Passwords, for instance.<br /> <br />A Pew Research report found that only four out of 10 Internet users changed passwords after the ‘heartbleed’ virus (which found a way to unlock encrypted data) was uncovered in April 2014. Only 6 per cent thought their information was stolen. But, in August, it emerged that a Russian crime ring had amassed 1.2 billion user name-password combinations of 500 million email addresses from 4,20,000 websites. A Kaspersky study found that the number of malicious programmes detected rose 10 times in just six months to 6,44,000 in March 2014. This shows the call for vigil cannot not be more critical.</p>
<p style="text-align: justify; ">Interestingly, your online financial payments may be relatively more secure, thanks to Reserve Bank of India’s dogged persistence in continuing with the two-step verification process for electronic payments (a one-time password and PIN verification). The central bank drew a lot of flak for barring taxi app Uber from storing payment information and automatically deducting charges at the end of a ride. But Modi isn’t impressed. He likens the two-step verification to a batsman going onto the pitch wearing just a helmet. “The rest of your body is still exposed,” he says.<br /> <br /><b>Easy Targets</b><br />Here’s one easy hack that Modi describes. Any app that you download from the app store on your phone asks for a set of permissions, which mostly come as an ‘all or nothing’ option. You either grant all the access it asks for, or you can’t download the app. Suppose, you grant a scrabble app access to your text messages. Your number can then be accessed by the app provider. Now think about how your banking transactions are verified — with a one-time password sent as a text message. With access to your text messages, entering that password would hardly be a challenge for hackers, says Modi. Or, suppose you were to set up a new WhatsApp account with that same number. The verification, like we all know, comes through a one-time password sent to your number. With access to your text messages, the hacker is given a virtual key to your entire WhatsApp history.<br /> <br />Or, take for instance, an app that requests access to your SD card (the storage card in your phone). With that permission, the app gets access to everything on your SD card, including your most private photos. Modi’s company Lucideus recently came out with an app, UnHack, that scans your phone to see which apps can access what data. If you use the app, you will find that not only can Facebook access the call logs on your phone, but apps like Wunderlist (which organises to-do lists) and Pocket (which stores articles for future offline reading) can access your contacts as well. The apps from TED (of TED Talks fame) as well as Flipkart can see as well as edit your personal photos and documents.<br /> <br />Companies —Uber, for instance — have in the past been found to be frivolous with data collected. Late last year, Uber greeted a Buzzfeed reporter who had arrived at the company’s New York headquarters with “There you are — I was tracking you”. No prior permission was sought. A venture capitalist, Peter Sims, had written earlier that his exact whereabouts in New York were displayed to a room full of people as part of a demonstration at a company event in Chicago.<br /> <b><br />Information Overload</b><br />Adam Tanner, a Harvard fellow and a Forbes columnist, was at an annual conference of the Direct Marketers Association, where he noticed a list of names of 1.8 million people with erectile dysfunction (ED), along with their email addresses and numbers. The organisers claimed the details were volunteered by the people themselves. Knowing that ED is something that men rarely admit to, he made the organisers an offer — “Let me purchase a list of a thousand people, and write to them to see if they know that they are on such a list.” The organisers refused, saying it would be an immoral use of their data. From this, one can tell that the information came from websites that took their details, promising a cure.<br /> <br />This, and other similar anecdotes made their way to his recent book, What Stays in Vegas, which deals with the world of personal data and the end of privacy as we know it. When Tanner meets Indians, he brings up matrimonial websites. What surprises him is the volume of information that people disclose. To westerners, details such as sub-caste or blood type, as well as in many cases the admission that a person is HIV+ is an outright breach of privacy. That people would volunteer to put this out in public is shocking. “When you are looking for a suitable match, giving the information may be important at the moment, but you must not forget that once something is on the Internet, it can never be completely deleted,” he warns.</p>
<p style="text-align: justify; ">But what is the problem if somebody has all the details, you may ask. Is the potential risk greater than the possibility of a perfect match? A PTI report from 2009 talks about a confession by an Indian Mujahideen operative who used information from such sites to get a student identity card as well as a driving licence. Mukul Shrivastava, a partner in the forensic practice at EY, gives you another alarming scenario. Let’s say somebody trawls your Facebook, what is the amount of information that such a person can get access to? Your daily routine, your physical movement, your favourite restaurant or whether you will be at home at a certain time (from a status message like “Can’t wait to watch the Devils trouncing Liverpool at ManU Café tonight!”). Even if a physical attack is not on the agenda, much of the information can be used to guess security questions (favourite cat, first school) and find out required details for phone banking (date of birth, email address, mother’s name). An HDFC Bank official says there is a rise in vishing (the voice equivalent of phishing) attacks, where people with access to bank account numbers as well as personal details pose as bank executives and lure customers with special benefits and convince them to divulge their banking passwords. <br /> <br />Security is an individual’s responsibility, says Sunil Abraham. “You have to remember that you have volunteered to put the information online,” he says. Information once put online is not private anymore. It’s like making an announcement in a large hall that is broadcast on TV. That’s what the Internet is. And once the Internet gets to know, it can never really be forgotten, says Vishnu Gopal, chief technology officer at MobME, a mobile value-added services provider. It will be available on some weblink or at least on archive.org, which claims to have ‘435 billion pages saved over time’.<br /> <br />While reclaiming lost information might be difficult, one can still reclaim privacy. Both Facebook and Gmail have options to disable monitoring by other applications. It might be worthwhile to pay the permissions page a visit. Routine password changes, as well as keying them in every time (rather than saving them on the system) might be worth the trouble. That said, nothing works like caution.</p>
<p style="text-align: justify; "><b>An Attacking Refrigerator!</b><br />A year ago, Proofpoint, a US-based security solutions provider, noticed an unusual type of cyber attack. Emails were sent in batches of about a lakh, thrice a day, aimed at slowing down large enterprises. What was unique about this attack was that upto 25 per cent of the volume was sent by devices other than computers, laptops, mobile phones or such devices. Instead, the emails came from everyday consumer electronic items like network routers, televisions, and at least one refrigerator, according to the company, with not more than 10 emails from any one device, making the attack difficult to block. This is now known as the first Internet of Things or IoT-based attack, where connected everyday-use devices are hacked into and used as cyber weaponry.</p>
<p style="text-align: justify; "> </p>
<div>With the IoT, you have devices talking to one another, opening up multiple places to be breached, says MobME’s Gopal. From your shoe to T-shirt, everything becomes a potential bot. India should be concerned. Research by securities provider Symantec says India tops the list of countries wherein Distributed Denial of Service (DDoS) attacks originate. DDoS attacks are those where hundreds of bots target a website (say, an e-commerce company) on its big discount day, thereby slowing down traffic to the site. The report says a bot’s services can be bought for as low as Rs 300 to bring down a site for a few minutes. Monthly subscription plans are available for lengthier attacks.</div>
<div>Corporates can never be too careful, feels Shrivastava who, as part of his investigations, comes across several instances where companies are hacked into because of lack of best practices. How many companies have blocked pen drives on office machinery, he asks. In a tiny device, a humungous amount of data can be stolen. Till the first incident happens, nobody realises the importance of security, he says. For example, at EY, the IT security does not permit copying of the text of emails by the recipient. Recent reports suggest that the JP Morgan security breach was the result of neglect of one of its servers in terms of a security upgrade.</div>
<div></div>
<div>According to a study by Microsoft, the estimated loss to enterprises from lost data in 2014 was $491 billion.</div>
<div></div>
<div><b>You Against The Mafia</b><br />The fight really is about who’s weaker, says Altaf Halde, managing director, Kaspersky Lab-South Asia. “The problem here is the consumer.” Nothing excuses us from not protecting ourselves. That includes getting an anti-virus installed, but most people often disable it when it flags a particular activity that we want to pursue online. <br /> <br />Halde also brings up the BYOD (bring your own device) culture that is taking root. Asking employees to bring their own devices could help cut costs for a company, but that also brings in their inadequate protection, which could potentially translate into a much higher cost to the company, he says. <br /> <br />On the other side of the ring is the virtual underground mafia that profits from all types of data that get compromised — details of one’s sexual preferences, favourite restaurants or credit card details. Modi says in underground circles, the going rate for a stolen credit card number is $2.2 for a Visa, $2.5 for a MasterCard and $3 for an AmEx number. Transactions are made through crypto-currencies such as bitcoins, making them virtually untraceable.<br /> <br />As Modi says, the ideal scenario would be for all of us to throw away our smartphones and live an entirely offline existence. “But since that isn’t feasible, let’s embrace the risk, but with adequate measures to ensure that we are not affected.”</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-world-9-2-2015-abraham-c-mathews-www-the-hackers-haven'>http://editors.cis-india.org/internet-governance/news/business-world-9-2-2015-abraham-c-mathews-www-the-hackers-haven</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2015-02-05T02:20:04ZNews Item