Securing Bengaluru's Digital Future

Cybersecurity

  • Classical CIA triad still works:
    • Confidentiality, Integrity, Availability
  • Needed everywhere
    • ​It might be useful to define a few broad areas for investigation and cooperation.
  • Useful to define adversaries and modes of failure

Smart Grids

  • Bengaluru is part of "Smart Cities Mission".
  • (BESCOM) project in Bangalore envisaged the Smart Grid Pilot Project for integration of renewable and distributed energy resources into the grid, which is vital to meet growing electricity demands of the country, curb power losses, and enhance accessibility to quality power.
  • Smart Grids, comprising of numerous communication, intelligent, monitoring and electrical elements employed in power grid, have a greater exposure to cyber-attacks that can potentially disrupt power supply in a city.

Example: Smart Grids

  • BESCOM has come out with a separate IT security policy and dedicated trained IT cadre to safeguard its data and servers, becoming one of the few Discoms in India to take such measures for safeguarding the servers and data network from cyber crimes and threats.
  • National Cyber Security Policy 2013 talks of protecting public and private infrastructure from cyber attacks, along with all kinds of information, such as personal information of web users, banking and financial information, etc.

Smart Grids

  • National Electricity Policy (NEP) as well as the Electricity Act 2003 and its amendment in 2007, don't mention cyber security concerns.
  • Many international standard setting organisations like IEC, IEEE, NIST, CENELEC are engaged in standardization activities of Smart Grids and in India, the Bureau of Indian Standards (BIS) has been rolling out several varieties of standards targeting various technologies. 

Smart Grids

  • National Electricity Policy (NEP) as well as the Electricity Act 2003 and its amendment in 2007, don't mention cyber security concerns.
  • Many international standard setting organisations like IEC, IEEE, NIST, CENELEC are engaged in standardization activities of Smart Grids and in India, the Bureau of Indian Standards (BIS) has been rolling out several varieties of standards targeting various technologies. 

Examples of Attacks

  • ‘Logic Bomb’ attack against Delhi airport.
    • 3 disgruntled employees
  • Hacking of a Certificate Authority: NIC
    • NIC CA was forced to revoke all 250,000 SSL Server Certificates issued until that date.
    • NIC still doesn't know full extent of the attack.

Examples of Attacks

  • Suckfly
    • Backdoor.Nidiran found in disproportionate numbers in India.
    • "one of India's largest financial institutions is among them, another a top five IT firm, another a large e-commerce company, the Indian business unit of a US healthcare company, and two government organizations."

Ideas to Consider

  • Complexity increases fragility.
  • More technology won't necessarily help.
  • Latest technologies aren't necessarily better.

Ideas to Consider

  • Security is a process, not just a policy.
  • Security is a precondition for privacy, just as privacy is a precondition for security.
    • Data retention policies.
    • Privacy-protective surveillance (CCTVs, etc.)
    • Security by design + Privacy by design.

Copy of Securing Bengaluru's Digital Future

By Pranesh Prakash

Copy of Securing Bengaluru's Digital Future

  • 1,536