INDIA'S National Cyber Coordination Centre (NCCC) -READY TO ROLL

[RAM]

National Cyber Coordination Centre will give law enforcement agencies access to all Internet accounts .Indians using the Internet might be worried over the U.S. spy agencies snooping into their accounts and online data, but the government has set the ball rolling for creating its own multi-agency body — National Cyber Coordination Centre (NCCC) — that would carry out "real-time assessment of cyber security threats" and "generate actionable reports/alerts for proactive actions" by law enforcement agencies.

Though the government won't say that they would be able to look into your Facebook or Twitter accounts as and when required, the fact remains that the setting up of the federal Internet scanning agency will give law enforcement agencies direct access to all Internet accounts, be it your e-mails, blogs or social networking data.

"The NCCC will collect, integrate and scan [Internet] traffic data from different gateway routers of major ISPs at a centralised location for analysis, international gateway traffic and domestic traffic will be aggregated separately ... The NCCC will facilitate real-time assessment of cyber security threats in the country and generate actionable reports/alerts for proactive actions by the concerned agencies," says a secret government note.

All top government spy and technical agencies will be part of the NCCC that would be set up at a cost of around Rs. 1,000 crore. "The proposed cyber security architecture envisages setting up a National Cyber Coordination Centre [NCCC] which would be a multi-agency body under Department of Electronics and IT," says the note.

Other government agencies that will play an active role in the NCCC include the National Security Council Secretariat (NSCS), Intelligence Bureau (IB), Research and Analysis Wing (RAW), Indian Computer Emergency Response Team (CERT-In), National Technical Research Organisation (NTRO), Defence Research and Development Organisation (DRDO), DIARA, Army, Navy, Air Force, and Department of Telecommunications.

Government sources said the government would also involve Internet service providers (ISPs) to ensure round-the-clock monitoring of the Internet, while expertise of other private sector organisations would be utilised when required. It will be India's first layer for cyber threat monitoring and all communication with government and private service providers would be through this body only. The NCCC would be in virtual contact with the control room of all ISPs to scan traffic within the country, flowing at the point of entry and exit, including international gateway, they added.

Apart from monitoring the Internet, the NCCC would look into various threats posed by cyber attacks. "In recent months, we have seen growing cases of computer networks of government departments and organisations coming under cyber attacks. We have seen foreign spy agencies and hackers trying to get sensitive government data or hack important websites. For instance, hackers defaced CBI website and attempts were made to break into Indian Railways website. The NCCC would address these shortcomings," said a senior government official.

Before the NCCC comes into being, the National Information Board (NIB) has mandated the Operational Group on Cyber Security to have dialogue with stakeholders and share information to prepare a road map for setting up the cyber monitoring agency.

India gets ready to roll out cyber snooping agency | The Hindu

 

[The Messiah]

Yanks have targetted India also.

 

[rock127]

Yanks have targetted India also.

Let's return the favor to peep on Headly types.

 

[RAM]

Further developments on NCCC


India reveals cyber spy system, sources say no 'snooping' involved


New Delhi: With a controversial surveillance programme by the US leading to a global outrage, India too now has acquired the ability to analyse meta data, but not content, carried over the Internet. The new system will look for unusual data flow to identify and access cyber threats and not individual data.

Source told NDTV that any fears of invasion of individual privacy through internet should be discounted. The national cyber security policy unveiled by the government this past week will ensure that critical Information Technology infrastructure in the country is strengthened to prevent increasing cyber-attacks from across the globe. The policy is a part of the new cyber security architecture, which was unveiled by the government over the past one week.

However, unlike the US' surveillance programme PRISM, sources say India's surveillance system is not aimed at collecting individual data but is intended only to assess threats to India's cyber universe. (10 things to know about PRISM)

While the Department of Electronics and IT will be the nodal ministry, other stakeholders like Ministry of Defence, National Technical Research Organisation (NTRO) and Defence Research and Development Organisation (DRDO) will also play major roles in implementing this policy. A national cyber coordination centre will be coming up soon.

While, the National Security Council Secretariat would coordinate, oversee and ensure compliance of the policy, the government hopes to rope in the private sector in a major way to ensure there is no date theft or attack on critical infrastructure.

The policy aims to create a secure computing environment and enable adequate trust and confidence in electronic transactions. The government has reportedly begun exercises like mock drills of a national cyber security crisis.

The US' PRISM has led to a global outrage after a newspaper revealed the country's National Security Agency has been conducting secret surveillance on Web users around the world. The US program reportedly gathers hundreds of millions of US phone records to search for possible links to known terrorist targets abroad. It also allows the USA government to tap into nine US Internet companies, including Google, Apple, Facebook and Skype and gather all communications to detect suspicious behaviour that begins overseas

India reveals cyber spy system, sources say no 'snooping' involved | NDTV.com

 

[RAM]

An IT superpower, India has just 556 cyber security experts

 

[RAM]

An IT superpower, India has just 556 cyber security experts

The world may acknowledge India as an information technology superpower, but its very own official cyber security workforce comprises a mere 556 experts deployed in various government agencies. How "grossly inadequate" is India's cyber security manpower can be gauged by the fact that China has 1.25 lakh experts, the U.S. 91,080 and Russia 7,300. "The existing combined strength of cyber security experts in all organisations in the government domain is 556, which is grossly inadequate to handle cyber security activities in a meaningful and effective manner," says a secret note prepared by the National Security Council Secretariat (NSCS), which is engaged in creating an elaborate 'cyber security architecture'.

Waking up from a deep slumber, the government has decided to recruit 4,446 experts to be deployed in six organisations that would take care of India's cyber security infrastructure.

These are the Department of Electronics and Information Technology (DEITy), which includes Indian- Computer Emergency Response Team (CERT-In) and the National Informatics Centre (NIC); the Department of Telecom (DoT); the National Technical Research Organisation (NTRO); the Ministry of Defence; the Intelligence Bureau (IB); and the Defence Research and Development Organisation (DRDO).

Of the 4,446 posts, the armed forces will get a majority of the experts (1,887), followed by NTRO (695), DEITy (590), IB (565), DoT (459) and DRDO (250). The experts will take care of traffic scanning and mitigation, system audit and forensics, assurance and certification, research and development, and coordination.

An internal study conducted by the NSCS revealed that all major countries have established mechanism and organisations dedicated to cyber security, a field where India has fared poorly.

China shows the way

For instance, in 2010, China's Central Military Commission approved "Information Support and Safeguarding Base" to serve as People's Liberation Army cyber command to address potential cyber threats and safeguard national security. Interestingly, China makes little distinction between hackers who work for the government and those who undertake cyber adventures on its behalf.

"China's cyber workforce is composed of various components of military, national security, public security, propaganda militia and academia. It now has an estimated strength of 1.25-lakh personnel which includes regular troops (30,000), specialists from various universities, research institutes and states enterprises (60,000), and militia (35,000)," the note adds.

U.S. cyber command

Similarly, the U.S. has 91,080 experts in its cyber security workforce, of whom 88,169 are in the Department of Defense alone. Significantly, in May 2010, Pentagon set up the U.S. Cyber Command (Cybercom) headed by the Director of the National Security Agency (NSA), which was recently in the news for clandestine Internet snooping operations in various countries, including India.

The U.S. has also set up a 24x7 National Cyber Security and Communications Integration Centre (NCCIC) that is responsible for generating a common operating picture for cyber and communications across the federal, state and local governments, intelligence and law enforcement communities and the private sector. "During a cyber or communications incident, the NCCIC serves as the national response centre able to bring to bear the full capabilities of the federal government in a coordinated manner," the note adds.

Security architecture

Now, India is also setting up its own 'cyber security architecture' that will comprise the National Cyber Coordination Centre (NCCC) for threat assessment and information sharing among stakeholders, the Cyber Operation Centre that will be jointly run by the NTRO and the armed forces for threat management and mitigation for identified critical sectors and defence, and the National Critical Information Infrastructure Protection Centre (NCIIPC) under the NTRO for providing cover to 'critical information infrastructure'. The government is also coming up with a legal framework to deal with cyber security.

The NSCS has identified over a dozen 'critical information infrastructure' sectors/ facilities requiring protection. These include the civil aviation sector (Air Traffic Control or ATC), Railways' passenger reservation system and communication network, port management, companies and organisations in power, oil and natural gas sectors, banking and finance, and telecom sectors.


An IT superpower, India has just 556 cyber security experts | The Hindu

 

[RAM]

NCCC ..FURTHER Developments

India's surveillance project may be as lethal as PRISM


Project documents relating to the new Centralized Monitoring System (CMS) reveal the government's lethal and all-encompassing surveillance capabilities, which, without the assurance of a matching legal and procedural framework to protect privacy, threaten to be as intrusive as the U.S. government's controversial PRISM project.

These capabilities are being built even as a debate rages on the extent to which the privacy of Indian Internet and social media users was compromised by the PRISM project. A PIL petition on the subject has already been admitted by the Supreme Court.

The documents in the possession of The Hindu indicate that the CMS project now has a budgeted commitment nearly double that of the Rs. 400-crore estimate that senior officials mentioned in a recent briefing to the media. Once implemented, the CMS will enhance the government's surveillance and interception capabilities far beyond 'meta-data,' data mining, and the original expectation of "instant" and secure interception of phone conversations.

The interception flow diagram, hitherto under wraps, reveals that the CMS being set up by C-DoT — an obscure government enterprise located on the outskirts of New Delhi — will have the capability to monitor and deliver Intercept Relating Information (IRI) across 900 million mobile (GSM and CDMA) and fixed (PSTN) lines as well as 160 million Internet users, on a 'real time' basis through secure ethernet leased lines.

The CMS will have unfettered access to the existing Lawful Interception Systems (LIS), currently installed in the network of every fixed and mobile operator, ISP, and International Long Distance service provider. Mobile and long distance operators, who were required to ensure interception only after they were in receipt of the "authorisation," will no longer be in the picture. With CMS, all authorisations remain secret within government departments.

This means that government agencies can access in real time any mobile and fixed line phone conversation, SMS, fax, web-site visit, social media usage, Internet search and email, including partially written emails in draft folders, of "targeted numbers." This is because, contrary to the impression that the CMS was replacing the existing surveillance equipment deployed by mobile operators and ISPs, it would actually combine the strength of two — expanding the CMS's forensic capabilities multiple times.

Even where data mining and 'meta-data' access through call data records (CDRs) and session initiation protocol data records (SDRs) — used for Internet protocol-related communications including video conferencing, streaming multi-media, instant messaging, presence information, file transfer, video games and voice & fax over IP is concerned — the CMS will have unmatched capabilities of deep search surveillance and monitoring. The CMS is designed to have access to call content (CC) on multiple E1 leased lines through operators 'billing/ mediation servers'. These servers will reveal user information to the accuracy of milliseconds, relating to call duration, identification and call history of those under surveillance. Additionally, it will disclose mobile numbers and email IDs, including pinpointing the target's physical location by revealing cellphone tower information.

Nationwide surveillance

The Hindu's investigation has also unveiled the mystery relating to the CMS's national rollout. Contrary to reports about it being active nationwide, only Delhi and Haryana have tested "proof of concept" (POC) successfully. Kerala, Karnataka and Kolkata are the next three destinations for CMS's implementation. Till 2015, two surveillance and interception systems will run in parallel — the existing State-wise, 200-odd Lawful Intercept and Monitoring (LIM) Systems, set up by 7 to 8 mobile operators in each of the 22 circles, plus the multiple ISP and international gateways — alongside the national rollout of CMS. The aim is to cover approximately one dozen States by the end of 2013-14.

On November 26, 2009, the government told Parliament that CMS's implementation would overcome "the existing system's secrecy which can be easily compromised due to manual interventions at many stages." In January 2012, the government had admitted to intercepting over 1 lakh phones and communication devices over a year, at a rate of 7,500–9,000 per month.

Privacy vs. security

Currently two government spy agencies — the Intelligence Bureau (IB), and the Research and Analysis Wing (RAW) — plus seven others, including the Central Bureau of Investigation (CBI), the Narcotics Control Bureau, DRI, National Intelligence Agency, CBDT (tax authority), Military Intelligence of Assam and JK and Home Ministry — are authorised to intercept and monitor citizens' calls and emails, under the guidelines laid down by the Supreme Court, The Indian Telegraph Act 1985, Rule 419(A) and other related legislation.

Given the major technological advancements in monitoring and enhanced forensic capabilities in surveillance, coupled with the change in procedure which mandates the interception authorization to be kept secret between two government departments with no scope of a transparent public disclosure of who is being monitored, for what purpose and for how long, privacy and free speech activists are protesting and raising many questions. The government, meanwhile, is proceeding undeterred

India's surveillance project may be as lethal as PRISM | The Hindu

 

[pmaitra]

Hello Mr. @RAM, how have you been? It is great to see you back again.