S
Ramadorai, vice-chairman of TCS and chairman of the National Skill
Development Agency, says the private sector must play a crucial role in
enhancing cybersecurity capabilities. The IT veteran calls for hiring
and training young, talented people to handle cyberattack units. Edited
excerpts from an interview with ET:
On the importance of companies like RIL sharing their learning from building cybersecurity capabilities with the government
Private
companies have a lot to share in terms of experience and in capacity
building of relevant skills. The private sector has indigenized various
security-related technologies and supported in building the security
infrastructure of the country.
Many private
companies have considerable experience in cybersecurity. The offshoring
model has matured significantly with several top-of-the-line security
controls and processes.
On enhancing cybersecurity in the face of attacks from various corners, especially from China and even from the US
The
country does require a skilled cybersecurity labour force. Most
countries, notably China, have started grassroots campaigns to identify
technically gifted youngsters and recruit them for defending the nation.
In
India, too, these initiatives have been started by various agencies.
However, much more needs to be done. The talent is available. We must
also focus on rapid detection, containment and reaction.
One
statistic shows that attackers remain undetected on a network on
average for 416 days! The amount of damage that can be done in this time
is huge. Offensive security testing (known as penetration testing) is a
wonderful way to audit the security of networks.
Some
companies such as Facebook, Twitter and so on run what are known as
"bug-bounty programmes" where any hacker is invited to find
vulnerabilities in their systems (without causing damage). On disclosing
the flaw, they can be paid to the tune of $10,000. This is a great way
to identify talent.
Ultimately, it is more
important to have a pool of extremely high-quality talent rather than
just large numbers. A sophisticated team of even 50 top hackers is far
better than 1,000 average/semi-skilled professionals. We must treat
these teams like special forces.
On how crucial cyber security is in a war scenario
Offensive
cybersecurity capabilities are of great importance, as they will be the
fourth branch of the defence forces. No war will be fought without
taking recourse to these capabilities for intelligence and disruption
prior to putting boots on the ground, ships to sea or planes in the air.
The
power of an offensive cybercapability cannot be underestimated, as
shown by the Stuxnet virus used against Iran, and various other
cyberweapons that have recently been seen such as Flame, Gauss, Wiper,
Duqu, etc.
Defensive capabilities in India need
to be bolstered significantly. Most government IT infrastructure is
vulnerable to attacks. Besides, most government officials are in no
position to handle threats such as spear-phishing (e-mail spoofing
fraud) or social-engineering attacks, which target them as a means of
entry into the government networks.
0 comments:
Post a Comment