(Published IndraStra Global 16 Aug 2017)
“The single most effective thing you can do right now to improve the security of your computer is unplug it from the Internet. Pull out that Ethernet cable; throw the wireless router in the microwave. The vast, vast majority of infections that plague your machine will arrive via the Web[i].” Omar El Akkad
Today standalone computers and devices can be injected by viruses using drones and aircraft to cripple a nation’s cyber capability. Air Gaps placed at critical points in cyber infrastructure does not provide protection against a cyber-attack anymore. US has been flying EC-130 H on daily missions to deny ISIS military leaders and fighters the ability to communicate and coordinate defensive actions by shutting down their cell phones, radios, IEDs and very likely their new weapon of choice, drones[ii].
Big Data management (Storage, Handling, Analysis, Transmission) is directly linked to its security. Big Data security involves, infrastructure security, data management, data privacy, and integrity & reactive security[iii]. The Government of India has appreciated the all-pervasive nature of the cyber space domain and has therefore structured a holistic approach to the issues of Cyber Security and Big Data.
The Indian IT Act 2000 defines “Cyber Security” as means for protecting information, equipment, devices, computer, computer resource, communication devices and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction[iv].
The Government of India has recognised that Cyberspace is vulnerable to a wide variety of incidents, where in targets could be the infrastructure or underlying economic well-being of a nation state. A cyber related incident of national significance may take any form; an organized cyber-attack, an uncontrolled exploit such as computer virus or worms or any malicious software code, a national disaster with significant cyber consequences or other related incidents capable of causing extensive damage to the information infrastructure or key assets. Large-scale cyber incidents may overwhelm the government, public and private sector resources and services by disrupting functioning of critical information systems. Complications from disruptions of such a magnitude may threaten lives, economy and national security[v]. The Government of India released the National Cyber Security Policy 2013 with the Vision “To build a secure and resilient cyberspace for citizens, businesses and Government”. The stated Mission is “To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation”.
Some of the objectives of the policy are to; create a secure cyber ecosystem in the country, create an assurance framework for design of security policies, strengthen the Regulatory framework, enhance and create National and Sectoral level 24 x 7 mechanisms for obtaining strategic information regarding threats to ICT infrastructure, enhance the protection and resilience of Nation’s critical information infrastructure by operating a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) and mandating security practices, develop suitable indigenous security technologies through frontier technology research, improve visibility of the integrity of ICT products and services, create a workforce of 500,000 professionals skilled in cyber security in the next 5 years, create a culture of cyber security and privacy, develop effective public private partnerships, enhance global cooperation by promoting shared understanding[vi].
Important agencies dealing with cyberspace include- National Information Board (NIB) which is an apex agency with representatives from relevant Departments and agencies that form part of the critical minimum information infrastructure in the country. National Cyber Response Centre – Indian Computer Emergency Response Team (CERT-In) which monitors Indian cyberspace and coordinates alerts and warning of imminent attacks and detection of malicious attacks among public and private cyber users and organizations in the country. It maintains 24×7 operations centre and has working relations/collaborations and contacts with CERTs, across the globe. National Information Infrastructure Protection Centre (NIIPC) is a designated agency to protect the critical information infrastructure in the country.
Big Data Analytics
In India, Department of Science and Technology the under Ministry of Science and Technology and Earth Sciences has been tasked to develop Big Data Analytics, BDA eco system.[vii] DST has identified important areas for development of BDA eco system in India. Creation of the HR talent pool is the first requirement. This will require creation of industry academia partnership to groom the talent pool in universities as well as development of strong internal training curriculum to advance analytical depth. The Big Data Analytics programme has five steps: –
-to promote and foster big data science, technology and applications in the country and to develop core generic technologies, tools and algorithms for wider applications in Govt.
-to understand the present status of the industry in terms of market size, different players providing services across sectors, SWOT of industry, policy framework and present skill levels available.
-to carry out market landscape survey for assessing the future opportunities and demand for skill levels in next ten years.
– to bridge the skill level and policy framework gaps.
– to evolve a strategic road map and micro level action plan clearly defining roles of various stakeholders such as government, industry, academia and others with clear timelines and outcome for the next ten years.
National Data Sharing and Accessibility Policy (NDSAP) 2012 of DST is designed to promote data sharing and enable access to government owned data.
Big Data Analytics infrastructure development in India is being steered by the C-DAC (Centre for Development of Advanced Computing), Ministry of Electronics and Information Technology. State of the art hardware system and networking environment has already been created by the C-DAC at its various facilities. C-DAC’s research focus in cloud computing includes design and development of open source cloud middleware; virtualization and management tools; and end to end security solution for the cloud. A number of applications in C-DAC are being migrated to cloud computing technology. C-DAC regularly conducts Training on “Hadoop for Big Data Analytics” and “Analytics using Apache Spark” for various agencies including Defence.
Indian Navy-Big Data Analytics
The Big Data Analytics infrastructure for the Indian Navy operates under the holistic approach of the Government of India with respect to Big Data Analytics eco system and cyber security.
Indian Navy has a robust naval network with thousands of computers connected to it. This naval network ensures information availability/ processing, communication services, service facilitation platforms, multi-computing platforms, resources/information sharing, data warehousing, and so on. However, Cyber Security and Network Integrity is crucial to protect the naval network from data theft, denial of service, malicious viruses/ trojans attacks, single point failure, data & network integrity loss, and active/ passive monitoring.
Indian Navy has Naval Unified Domain NUD or Enterprise Intranet, which is back bone of Indian Navy. All communications, internal to enterprises, are through NUD only. It offers secure, isolated, fast and reliable connectivity across navy. NUD network operates only on controlled data (no unknown data from other applications is permitted) which can be easily segregated and analysed.
Vulnerabilities arise as personnel working on NUD may need to transfer data from internet to NUD and vice-versa, which may lead to security breaches of NUD. Further, physical guarding of NUD network lines against Men-in-the-Middle Attack is a complex task since Naval units are located at different geographical locations. There is also a possibility of attacks carried out by sophisticated software and hardware technologies such as via a mirror port or via a network tap to undertake passive monitoring, active monitoring, and certificates replications and so on.
The applicability of big data analytics in context of Indian Navy is very much in line with the developed forces in the world. There exists a requirement of efficient big data analytics in the fields of intelligence, operations, logistics, mobilization, medical, human resources, cyber security and counter insurgency/ counter terrorism for the Indian Navy. There is also the associated requirement to acquire predictive capability to anticipate specific incidents and suggest measures by analysing historical events.
However, due to nascent nature of big data analytics its awareness is limited to a small number of involved agencies in the Navy. The benefits of big data in operational scenario decision making while safe guarding accuracy and reliability have not yet been internalized. Big data projects even at pilot scales may not be available currently. In the present situation, decision makers are not clear about capability of big data, costs, benefits, applicability or the perils if any of not adopting big data.
Big data holds enormous potential in Naval Context to make the operations of Navy more efficient across the entire spectrum of its activity. The research and development necessary for the analysis of big data is not restricted to a single discipline, and requires an interdisciplinary approach. Computer scientists need to tackle issues pertaining to inferences, statisticians have to deal with algorithms, scalability and near real time decision making. Involvement of mathematicians, visualizers, social scientists, psychologists, domain experts and most important of all the final users, the Navy, is paramount for optimal utilization of big data analytics. The involvement and active participation of national agencies, private sector, public sector, and armed forces would ensure full exploitation of the potential of big data for the Indian Navy.
The need today is to start feasibility studies and research programs in select fields in order of desired priorities, followed by pilot studies and thereafter adapting COTS hardware and available big data analytic software suit
[i] Omar El Akkad. Nothing is hack-proof: The guide to safer computing. The Globe and Mail, 08 Apr, 2014. https://www.theglobeandmail.com/technology/digital-culture/nothing-in-your-digital-life-is-hack-proof-the-guide-to-safer-computing/article17858297/ (Accessed 10 Aug 2017)
[ii] Wetzel, G. The Little-Known Aircraft That Wages War On ISIS’ Communications. Jalopnik,31 Mar 2017.
[iii] Big Data Working Group; Cloud Security Alliance (CSA). Expanded Top Ten Big Data Security and Privacy. April 2013. https://downloads.cloudsecurityalliance.org/initiatives/bdwg/Expanded_
Top_Ten_Big_Data_Security_and_Privacy_Challenges.pdf (accessed 10 Aug 2017).
[iv] Indian IT Act 2000 as amended in 2008. http://meity.gov.in/writereaddata/files/it_amendment_act2008%20%281%29_0.pdf (Accessed 10 Aug 2017)
[v] National Cyber Security Policy -2013
[vii] Big Data Initiative.Department of Science and Technology, Ministry of Science and Technology and Earth Sciences, Government of India. http://dst.gov.in/big-data-initiative-1 (Accessed 10 Aug 2017)