National Security Database

Last updated

National Security Database is reportedly an official accreditation program in India, awarded to information respected cybersecurity experts with proven skills to protect the country's National Critical Infrastructure and economy.

Contents

Under the program, reportedly developed by the Information Sharing and Analysis Center (ISAC), in support with the Government of India, professionals can apply for the program by clearing a technical lab examination and psychometric test. Program alumni reportedly become instrumental in a pool of ethical defence-testing hackers tasked with fixing the weakness of organizational systems in case of large cyberattacks.

History

The project was conceived after the 2008 Mumbai attacks to protect India's National Critical Infrastructure and Cyberspace. The program was founded by Rajshekhar Murthy, [1] under a non-profit section 25 company, 'Information Sharing and Analysis Center', supported by the highly specialised technical intelligence agency NTRO, run under the Government of India.

Earlier, the program was announced as a pilot at the International Malware Conference, MalCon, in 2010 in Mumbai, where Indian Government officials reportedly asked Indian hackers to learn Chinese. [2] [3]

Program launch

The program was released on 26 November, [4] the same date as of the 2008 Mumbai Attacks, at the International Malware Conference, MalCon, at JW Marriott, Mumbai. The program was inaugurated by Shri Sachin pilot, Minister of State in the Ministry of Communications and Information Technology.

Access restrictions

The empanelment in the database can only be applied by Indian citizens, and limited access is available to the Industry to benefit from a list of credible experts. However, most of the database access is restricted to supporting Indian government organisations.

Debate

The program is largely believed to identify professional, ethical hackers and security experts by the government of India to protect its critical infrastructure and cyberspace. IT Minister Kapil Sibal has reportedly expressed the need for a community of ethical hackers. [5]

Alok Vijayant, director of the information dominance group at the National Technical Research Organisation, quoted [6] in an interview with India's top weekly magazine Outlook , that NSD should not be "trivialised" by describing it as just a group of hackers. "Supported by the government and the industry, NSD is a good initiative since it will provide a ready-aid database of the most credible security professionals. This is more so because information security is a domain where individuals have the skills, not companies, to move from one firm to another regularly..

Official support to the project

NSD is officially endorsed by the multiple Indian Government organisations, such as CERT-IN and NTRO, for the stated National objectives with recognition of the foundation and declared support for the work being done. The collaboration is open, and all supporting organisations who need to access the database can do so with a formal MoU with the body.

Industry and community contribution

Various organisations are actively participating and supporting the National Security Database. Notable organisations having voluntary representations governing the NSD advisory panel at a national level include the HoneyNet India Chapter, Microsoft India and the country's oldest security conference clubhack.

Current speciality domains of the NSD

The National Security Database program has the following speciality domains under which professionals can apply for empanelment:

  1. Information security compliance and penetration testing
  2. Reverse engineering
  3. Web application security
  4. Malware research and analysis
  5. Exploit development
  6. Mobile application security
  7. Digital forensic analysis
  8. Telecom security (by Invitation)
  9. Banking security (by Invitation)

In a quote with Outlook magazine, the director of ISAC, Rajshekhar Murthy, stated [6] that it is necessary to have people who are not only competent, but also have a high degree of trustworthiness and integrity. "The selection process will involve examination of references, technical skills, criminal history, and even psychological assessment to generate a credit report for security clearance".

More Information

Notes

  1. "JAI VIRU(S)". www.jammag.com. Archived from the original on October 21, 2011. Retrieved November 18, 2011.
  2. J Dey Date: 2010-12-05 Place: Mumbai (2010-12-05). "Ethical hackers asked to learn Chinese to beat red attacks". Mid-day.com. Archived from the original on 2012-09-21. Retrieved 2013-05-16.{{cite web}}: CS1 maint: numeric names: authors list (link)
  3. kohi10 (2010-12-05). "Got Mad Hacking Skillz? Speak Chinese? | MadMark's Blog". Kohi10.wordpress.com. Archived from the original on 2014-04-22. Retrieved 2013-05-16.{{cite web}}: CS1 maint: numeric names: authors list (link)
  4. "techgoss.com". techgoss.com. 2011-11-09. Archived from the original on 2021-10-08. Retrieved 2013-05-16.
  5. "We need a community of ethical hackers, says IT minister Kapil Sibal – Economic Times". The Economic Times. 2011-11-16. Archived from the original on 2013-12-27. Retrieved 2013-05-16.
  6. 1 2 "Our Ether Warriors | Debarshi Dasgupta". Outlook. New Delhi. Archived from the original on 2013-12-10. Retrieved 2013-05-16.
  7. "Information Sharing and Analysis Center | National Security Database". Information Sharing and Analysis Center. Archived from the original on 2021-08-04. Retrieved 2021-10-08.
  8. "Information Sharing and Analysis Center". isacindia.org. Archived from the original on 2021-08-04. Retrieved 2021-10-08.

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

The National Informatics Centre Services Inc. (NIC) is an Indian government department under the Ministry of Electronics and Information Technology (MeitY). The NIC provides infrastructure, IT Consultancy, IT Services including but not limited to architecture, design, development and implementation of IT Systems to Central Government Departments and State Governments, helping in implementing the digitization initiatives of Digital India. The organisation also carries out research in the IT domain and recruits various scientists and Scientific/Technical Assistants. The organisation's primary function is to cater to ICT needs at all levels of governance and facilitate digital access to government services for citizens.

<span class="mw-page-title-main">Internet censorship in India</span>

Internet censorship in India is done by both central and state governments. DNS filtering and educating service users in suggested usages is an active strategy and government policy to regulate and block access to Internet content on a large scale. Measures for removing content at the request of content creators through court orders have also become more common in recent years. Initiating a mass surveillance government project like Golden Shield Project is an alternative that has been discussed over the years by government bodies.

The Aviation Research Centre (ARC) is India's imagery intelligence organisation, a part of the Directorate General of Security, run by the Research and Analysis Wing (R&AW). It started functioning in November 1962, in the wake of the Sino-Indian War, as an extension of the Intelligence Bureau, but placed under the Ministry of External Affairs.

<span class="mw-page-title-main">National Technical Research Organisation</span> Technical intelligence agency of India

The National Technical Research Organisation (NTRO) is a technical intelligence agency of India. It was set up in 2004. The agency reports to the National Security Advisor and to the Prime Minister's Office. NTRO also comprises the National Critical Information Infrastructure Protection Centre and the National Institute of Cryptology Research and Development.

The Information Technology Act, 2000 is an Act of the Indian Parliament notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce.

Operation Green Hunt is the name used by the Indian media to describe the "all-out offensive by paramilitary forces and the states forces" against the Naxalites. The operation is believed to have begun in November 2009 along five states in the "Red Corridor."

The Mariposa botnet, discovered December 2008, is a botnet mainly involved in cyberscamming and denial-of-service attacks. Before the botnet itself was dismantled on 23 December 2009, it consisted of up to 12 million unique IP addresses or up to 1 million individual zombie computers infected with the "Butterfly Bot", making it one of the largest known botnets.

<span class="mw-page-title-main">Kanwal Sibal</span> Indian diplomat

Kanwal Sibal is a career diplomat who retired as Foreign Secretary to the Government of India. In 2017, The Government of India awarded him the Padma Shri award for his distinguished services in the field of Public Affairs.

NETRA is a software network developed by India's Centre for Artificial Intelligence and Robotics (CAIR), a Defence Research and Development Organisation (DRDO) laboratory, and is used by the Intelligence Bureau, India's domestic intelligence agency, and the Research and Analysis Wing (R&AW), the country's external intelligence agency to intercept and analyse internet traffic using pre-defined filters. The program was tested at smaller scales by various national security agencies, and is reported to be deployed nationwide as of 2022.

Open Government Data (OGD) Platform India or data.gov.in is a platform for supporting Open data initiative of Government of India. This portal is a single-point access to datasets, documents, services, tools and applications published by ministries, departments and organisations of the Government of India. It combines and expands the best features of India government's India.gov.in and the U.S. government's data.gov project.

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

The Office of Personnel Management data breach was a 2015 data breach targeting Standard Form 86 (SF-86) U.S. government security clearance records retained by the United States Office of Personnel Management (OPM). One of the largest breaches of government data in U.S. history, the attack was carried out by an advanced persistent threat based in China, widely believed to be the Jiangsu State Security Department, a subsidiary of the Government of China's Ministry of State Security spy agency.

Rai Technology University (RTU) is an Indian private university located in Bangalore, Karnataka, India.

National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under Section 70A of the Information Technology Act, 2000 (amended 2008), through a gazette notification on 16 January 2014. Based in New Delhi, India, it is designated as the National Nodal Agency in terms of Critical Information Infrastructure Protection. It is a unit of the National Technical Research Organisation (NTRO) and therefore comes under the Prime Minister's Office (PMO).

The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasive cyber threats."

<span class="mw-page-title-main">Anomali</span> American cybersecurity company

Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing security analytics powered by artificial intelligence (AI).

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.