Warning: A non-numeric value encountered in /nfs/c03/h01/mnt/56080/domains/vyuha.nationalinterest.in/html/wp-content/plugins/twitter-mentions-as-comments/includes/boilerplate/class.plugin-boilerplate.php on line 50

Warning: Cannot modify header information - headers already sent by (output started at /nfs/c03/h01/mnt/56080/domains/vyuha.nationalinterest.in/html/wp-content/plugins/twitter-mentions-as-comments/includes/boilerplate/class.plugin-boilerplate.php:50) in /nfs/c03/h01/mnt/56080/domains/vyuha.nationalinterest.in/html/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 1152

Warning: Cannot modify header information - headers already sent by (output started at /nfs/c03/h01/mnt/56080/domains/vyuha.nationalinterest.in/html/wp-content/plugins/twitter-mentions-as-comments/includes/boilerplate/class.plugin-boilerplate.php:50) in /nfs/c03/h01/mnt/56080/domains/vyuha.nationalinterest.in/html/wp-includes/feed-rss2.php on line 8
Initiatives – Vyūha https://vyuha.nationalinterest.in Mapping the digital battlelines Thu, 30 May 2013 08:20:11 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.18 Secrecy of Cyber Threats Said to Cause Complacency?https://vyuha.nationalinterest.in/secrecy-of-cyber-threats-said-to-cause-complacency/ https://vyuha.nationalinterest.in/secrecy-of-cyber-threats-said-to-cause-complacency/#comments Sun, 24 Apr 2011 12:26:23 +0000 http://vyuha.nationalinterest.in/?p=248 Similar posts:
  1. Book review – “Inside Cyber Warfare: Mapping the Cyber Underworld”
  2. Cyber mongering and semantic misuse
  3. “The case for an India-US partnership in cyber security” – Takshashila Institution discussion document
  4. General Keith Alexander speaks cyber security at CSIS
  5. Takshashila responds to GoI’s discussion draft on National Cyber Security Policy
Secrecy of Cyber Threats Said to Cause Complacency? Oh please! First of all, ignorance or unawareness is not the same as complacency. Furthermore, while the bill concerned, Cyber Security Public Awareness Act, is itself a boon, especially for researchers as well as those who want to hold the government accountable, the central theme of the article‘s rhetoric that the awareness among population is low because the attacks on critical infrastructure and government networks are classified just doesn’t add up. Give the high rate of identity theft,
a lot of which has cyber-related cause and the huge amount of existing press on the matter of cyber attacks (China is the new USSR), it is not the lack of information that is preventing the spread of “awareness” (read hysteria). More likely is a combination of:

  • Bigger things to worry about, economy comes to mind
  • Cognitive disconnect between report of incident, its impact and relevance to oneself
  • Knowledge that recent over-the-top war mongering is a part of an elaborate scheme to get more federal budget
https://vyuha.nationalinterest.in/secrecy-of-cyber-threats-said-to-cause-complacency/feed/ 2
Bruce Sterling – “India india india hack hack hack”https://vyuha.nationalinterest.in/bruce-sterling-india-india-india-hack-hack-hack/ https://vyuha.nationalinterest.in/bruce-sterling-india-india-india-hack-hack-hack/#comments Thu, 21 Oct 2010 05:08:35 +0000 http://vyuha.nationalinterest.in/?p=154 Similar posts:
  1. Teens blame Pakistan Supreme Court website hack on Indian contact
  2. Week 30 Links
  3. Army does 27001 audit, that should make it secure
  4. RIM – India’s and UAE’s objections
  5. Was India Behind Stuxnet?
Bruce Sterling, yes that one, has an “in-depth” analysis of an Economic Times article announcing India’s decision to give “shape to an IT infrastructure setup manned by a small army of software professionals to spy on the classified data of hostile nations by hacking into their computer systems.”

Somewhere there’s an Indian IIT graduate watching a Bollywood movie, and he’s leaning into the next seat to whisper into the fiancee’s shell-like ear, and he’s like: “Baby: I’ve gone to work for the ‘National Technical Research Organization.’ And, from now on, I can’t tell you any more than that.” And she’s, like, squeezing his hand, all proud of him.

The act of creating such an “army” is not the subject of the ridicule, or at least should not be. Calling it such should be, but what bears the brunt of Sterling’s jokes is the sensation-styled reporting of the journalist involved. It is a pity that there is still a lack of good quality reporting that goes beyond parroting of (un)official statements and fifth-standard level reconstruction of simple sentences into compound ones, without an iota of analysis in them.

(I realise this is an old article but in my defense, I had disappeared in that month from Vyūha. Slowly getting back into the groove, you know!)

https://vyuha.nationalinterest.in/bruce-sterling-india-india-india-hack-hack-hack/feed/ 1
Week 32 linkshttps://vyuha.nationalinterest.in/week-32-links/ https://vyuha.nationalinterest.in/week-32-links/#respond Sat, 14 Aug 2010 19:44:37 +0000 http://vyuha.nationalinterest.in/?p=110 Similar posts:
  1. Week 30 Links
  2. Week 31 links
  3. Week 33 links – defining cyber war
  4. General Keith Alexander speaks cyber security at CSIS
  5. Links for 28-10-2011
  • Mission Success in Cyberspace by General Keith Alexander
  • Why You Might Not Want That Cybersecurity Job
  • FCC charts ‘Cybersecurity Roadmap’ with public’s help
  • DHS wants more teams that respond to cyber threats
  • ]]>
    https://vyuha.nationalinterest.in/week-32-links/feed/ 0
    Home Ministry sets deadline for RIMhttps://vyuha.nationalinterest.in/home-ministry-sets-deadline-for-rim/ https://vyuha.nationalinterest.in/home-ministry-sets-deadline-for-rim/#respond Thu, 12 Aug 2010 17:01:16 +0000 http://vyuha.nationalinterest.in/?p=113 Similar posts:
    1. RIM – India’s and UAE’s objections
    2. Links for 28-10-2011
    3. RIM, Skype, Google and DoT
    4. eVoting expert arrested on charge of stealing the EVM he studied
    5. Week 33 links – defining cyber war
    Hot off the press is the news that Home Ministry has set a deadline of 31st of August for RIM to make its content accessible by law enforcement agencies. From the press release:

    A meeting was taken here today by the Union Home Secretary Shri G.K.Pillai with representatives of Central Security Agencies and Telecom Department. The meeting asked the Telecom Department to convey to service providers that two Blackberry services namely, Blackberry Enterprise Service(BES) and Blackberry Messenger Service(BMS) be made accessible to Law Enforcement Agencies by 31st August, 2010. If a technical solution is not provided by 31st August, 2010, the Government will review the position and take steps to block these two services from the network. The meeting also took note of the fact that the Blackberry services like Voice, SMS and BIS have been made available to Law Enforcement Agencies.

    That is a pretty short deadline and unless RIM has been receiving behind the scene, but official, detailed information about this impending move, it would leave them stranded for a solution. Note that most previous developments on this issue has been via “leaked” notes and memos from the ministry and never really an official announcement.

    https://vyuha.nationalinterest.in/home-ministry-sets-deadline-for-rim/feed/ 0
    Govt to develop own operating systemhttps://vyuha.nationalinterest.in/govt-to-develop-own-operating-system/ https://vyuha.nationalinterest.in/govt-to-develop-own-operating-system/#comments Wed, 12 May 2010 09:09:39 +0000 http://vyuha.nationalinterest.in/?p=42 Similar posts:
    1. System security and fascination with homegrown solutions
    The Times of India reported yesterday of an initiative launched by the India government to develop its own operating system.

    The government formed a high-level taskforce in February to devise a plan for building indigenous software, said a senior intelligence official who is a member. The panel will also suggest ways to conduct third-party audits on existing software in government offices to prevent online sabotage attempts until the software’s launch, he said.

    While the details are sketchy and confusing, starting from the fact that there is more reference to “software” than operating system, it looks like the plan is to build an indigenous OS that can be used by government officials, starting from an open source OS out there. No further details are available on whether it will be BSD or Linux based.

    This is a very encouraging step in the right direction though not without potential pitfalls.

    For an OS to be secure and useful it has to get to a maturity level that is hard to reach. It remains to be seen how many of the government offices would find their way around a Linux distribution, even if it is as intuitive as Ubuntu or others out there.

    Starting from an existing OS, while a practical thing to do, is risky in that either the current state of the OS has to be assumed to be secure or a careful meticulous audit has to be carried out to ascertain the security of the code. Given that so many vulnerabilities are being found in Open Source kernels and software, it would be prudent not to assume that they are secure just because they are open source. Of course being open source means that one has at least the option of  performing the necessary code analysis.

    Another downside of using an open source distribution is that of maintenance and support. Unless a government agency takes it upon itself to maintain the distribution and provide end user support, the move is going to hit a brick wall soon.  This point should not be underestimated. A secure OS or a distribution that is not well maintained is just as insecure as any other out there. In addition, given that this OS is meant to be used by a wider non-technical user base that is the government offices, support service will turn out to be very important in the long run. Try explaining SELinux or how to configure it to a layman!

    Operating system, though critical, is still only one of the pieces that makes the distribution. The software used within the OS is also critical. Is it not clear if this initiative is aimed at securing general purpose software too.

    As the article mentions, regular audits have to be conducted in order to ascertain the security of the infrastructure. Though the content of the article casts a shadow at the anti-virus vendors, it is more likely that the users did not keep the virus signatures up to date than that the vendors had any malicious intent. Of course regular audits will only highlight the problem. The actual task of solving the problem (patching the OS, updating the signatures etc.) still needs to be carried out without delay.

    At the end of the day the weakest link is almost always between the keyboard and the chair. Any initiative to secure the software infrastructure has to be accompanied with educating the users of best security practices and do-nots of computer security.

    https://vyuha.nationalinterest.in/govt-to-develop-own-operating-system/feed/ 7