National Security Database

Last updated

National Security Database is reportedly an official accreditation program in India, awarded to information respected cybersecurity experts with proven skills to protect the country's National Critical Infrastructure and economy.

Contents

Under the program, reportedly developed by the Information Sharing and Analysis Center (ISAC), in support with the Government of India, professionals can apply for the program by clearing a technical lab examination and psychometric test. Program alumni reportedly become instrumental in a pool of ethical defence-testing hackers tasked with fixing the weakness of organizational systems in case of large cyberattacks.

History

The project was conceived after the 2008 Mumbai attacks to protect India's National Critical Infrastructure and Cyberspace. The program was founded by Rajshekhar Murthy, [1] under a non-profit section 25 company, 'Information Sharing and Analysis Center', supported by the highly specialised technical intelligence agency NTRO, run under the Government of India.

Earlier, the program was announced as a pilot at the International Malware Conference, MalCon, in 2010 in Mumbai, where Indian Government officials reportedly asked Indian hackers to learn Chinese. [2] [3]

Program launch

The program was released on 26 November, [4] the same date as of the 2008 Mumbai Attacks, at the International Malware Conference, MalCon, at JW Marriott, Mumbai. The program was inaugurated by Shri Sachin pilot, Minister of State in the Ministry of Communications and Information Technology.

Access restrictions

The empanelment in the database can only be applied by Indian citizens, and limited access is available to the Industry to benefit from a list of credible experts. However, most of the database access is restricted to supporting Indian government organisations.

Debate

The program is largely believed to identify professional, ethical hackers and security experts by the government of India to protect its critical infrastructure and cyberspace. IT Minister Kapil Sibal has reportedly expressed the need for a community of ethical hackers. [5]

Alok Vijayant, director of the information dominance group at the National Technical Research Organisation, quoted [6] in an interview with India's top weekly magazine Outlook , that NSD should not be “trivialised” by describing it as just a group of hackers. “Supported by the government and the industry, NSD is a good initiative since it will provide a ready-aid database of the most credible security professionals. This is more so because information security is a domain where individuals have the skills, not companies, to move from one firm to another regularly..

Official support to the project

NSD is officially endorsed by the multiple Indian Government organisations, such as CERT-IN and NTRO, for the stated National objectives with recognition of the foundation and declared support for the work being done. The collaboration is open, and all supporting organisations who need to access the database can do so with a formal MoU with the body.

Industry and community contribution

Various organisations are actively participating and supporting the National Security Database. Notable organisations having voluntary representations governing the NSD advisory panel at a national level include the HoneyNet India Chapter, Microsoft India and the country's oldest security conference clubhack.

Current speciality domains of the NSD

The National Security Database program has the following speciality domains under which professionals can apply for empanelment:

  1. Information security compliance and penetration testing
  2. Reverse engineering
  3. Web application security
  4. Malware research and analysis
  5. Exploit development
  6. Mobile application security
  7. Digital forensic analysis
  8. Telecom security (by Invitation)
  9. Banking security (by Invitation)

In a quote with Outlook magazine, the director of ISAC, Rajshekhar Murthy, stated [6] that it is necessary to have people who are not only competent, but also have a high degree of trustworthiness and integrity. "The selection process will involve examination of references, technical skills, criminal history, and even psychological assessment to generate a credit report for security clearance.”

More Information

Notes

  1. "JAI VIRU(S)". www.jammag.com. Archived from the original on October 21, 2011. Retrieved November 18, 2011.
  2. J Dey Date: 2010-12-05 Place: Mumbai (2010-12-05). "Ethical hackers asked to learn Chinese to beat red attacks". Mid-day.com. Archived from the original on 2012-09-21. Retrieved 2013-05-16.{{cite web}}: CS1 maint: numeric names: authors list (link)
  3. kohi10 (2010-12-05). "Got Mad Hacking Skillz? Speak Chinese? | MadMark's Blog". Kohi10.wordpress.com. Archived from the original on 2014-04-22. Retrieved 2013-05-16.{{cite web}}: CS1 maint: numeric names: authors list (link)
  4. "techgoss.com". techgoss.com. 2011-11-09. Archived from the original on 2021-10-08. Retrieved 2013-05-16.
  5. ET Bureau Nov 16, 2011, 04.22am IST (2011-11-16). "We need a community of ethical hackers, says IT minister Kapil Sibal – Economic Times". Articles.economictimes.indiatimes.com. Archived from the original on 2013-12-27. Retrieved 2013-05-16.{{cite web}}: CS1 maint: multiple names: authors list (link) CS1 maint: numeric names: authors list (link)
  6. 1 2 "Our Ether Warriors | Debarshi Dasgupta". Outlookindia.com. Archived from the original on 2013-12-10. Retrieved 2013-05-16.
  7. "Information Sharing and Analysis Center | National Security Database". Information Sharing and Analysis Center. Archived from the original on 2021-08-04. Retrieved 2021-10-08.
  8. "Information Sharing and Analysis Center". isacindia.org. Archived from the original on 2021-08-04. Retrieved 2021-10-08.

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

<span class="mw-page-title-main">Kapil Sibal</span> Indian lawyer and politician

Kapil Sibal is an Indian lawyer and politician. A designated Senior Advocate, he has represented several high-profile cases in the Supreme Court of India and is widely regarded as one of the famous lawyers of India. He is a Member of Parliament, in Rajya Sabha.

The National Informatics Centre (NIC) is a premier Indian government department under the Ministry of Electronics and Information Technology (MeitY). The NIC provides infrastructure, IT Consultancy, IT Services including but not limited to architecture, design, development and implementation of IT Systems to Central Government Departments and State Governments thus enabling delivery of government services to Citizens and pioneering the initiatives of Digital India. Research for betterment of citizens and Government department and organizations is also carried out by scientists working in NIC .It recruits various scientists and Scientific/Technical Assistants almost every three years and many NIT and IIT graduates have joined this premier organisation in past few decades. NIC endeavours to cater to ICT needs at all levels of governance for making last mile delivery of Government services.

<span class="mw-page-title-main">Internet censorship in India</span> Overview of Internet censorship in India

Internet censorship in India is done by both central and state governments. DNS filtering and educating service users in suggested usages is an active strategy and government policy to regulate and block access to Internet content on a large scale. Measures for removing content at the request of content creators through court orders have also become more common in recent years. Initiating a mass surveillance government project like Golden Shield Project is an alternative that has been discussed over the years by government bodies.

The Aviation Research Centre (ARC) is India's imagery intelligence organisation, a part of the Directorate General of Security, run by the Research and Analysis Wing (R&AW). It started functioning in November 1962, in the wake of the Sino-Indian War, as an extension of the Intelligence Bureau, but placed under the Ministry of External Affairs.

<span class="mw-page-title-main">National Technical Research Organisation</span> Technical intelligence agency of India

The National Technical Research Organisation (NTRO) is a technical intelligence agency of India. It was set up in 2004. The agency reports to the National Security Advisor and to the Prime Minister's Office. NTRO also comprises the National Critical Information Infrastructure Protection Centre and the National Institute of Cryptology Research and Development.

A zero-day is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

The Mariposa botnet, discovered December 2008, is a botnet mainly involved in cyberscamming and denial-of-service attacks. Before the botnet itself was dismantled on 23 December 2009, it consisted of up to 12 million unique IP addresses or up to 1 million individual zombie computers infected with the "Butterfly Bot", making it one of the largest known botnets.

<span class="mw-page-title-main">Kanwal Sibal</span> Indian diplomat

Kanwal Sibal is a career diplomat who retired as Foreign Secretary to the Government of India. In 2017, The Government of India awarded him with the Padma Shri award for his distinguished services in the field of Public Affairs.

Save Your Voice is a movement against internet censorship in India. It was founded by cartoonist Aseem Trivedi, journalist Alok Dixit, socialist Arpit Gupta and Chirag Joshi in January 2012. The movement was initially named "Raise Your Voice", before it was renamed. The movement started from Ujjain in Madhya Pradesh, under the frontier-ship of the movement's four founders; with a "Langda March" at Ujjain. The movement opposes the Information Technology Act of India and demands democratic rules for the governance of Internet. The campaign is targeted at the rules framed under the Information Technology Act, 2000.

NETRA is a software network developed by India's Centre for Artificial Intelligence and Robotics (CAIR), a Defence Research and Development Organisation (DRDO) laboratory, and is used by the Intelligence Bureau, India's domestic intelligence agency, and the Research and Analysis Wing (R&AW), the country's external intelligence agency to intercept and analyse internet traffic using pre-defined filters. The program was tested at smaller scales by various national security agencies, and is reported to be deployed nationwide as of 2022.

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

Carbanak is an APT-style campaign targeting financial institutions, that was discovered in 2014 by the Russian cyber security company Kaspersky Lab. It utilizes malware that is introduced into systems running Microsoft Windows using phishing emails, which is then used to steal money from banks via macros in documents. The hacker group is said to have stolen over 900 million dollars, from the banks as well as from over a thousand private customers.

National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under Section 70A of the Information Technology Act, 2000 (amended 2008), through a gazette notification on 16 January 2014. Based in New Delhi, India, it is designated as the National Nodal Agency in terms of Critical Information Infrastructure Protection. It is a unit of the National Technical Research Organisation (NTRO) and therefore comes under the Prime Minister's Office (PMO).

The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasive cyber threats."

INS <i>Dhruv</i> Indian Navy strategic support ship

INS Dhruv (A40) is a research vessel and missile range instrumentation ship built by India's Hindustan Shipyard Limited (HSL). The ship was earlier only known by its shipyard designated yard number as VC-11184.

<span class="mw-page-title-main">Anomali</span> American cybersecurity company

Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing Security Analytics powered by AI.

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.