Blog

CCMP – Cyber Crisis Management Plan

With the advent of cyber age in Government of India, many things have changed. Changed for good, but like every technology has its own pros and cons, the change has made the data vulnerable.

HistoryThe Global Crisis

It all started with (DoT) Department of Telecom conceiving the idea of National Internet Backbone (NIB) project. The broadband connectivity was laid down, parallely National Informatics Centre (NIC) started working on (NeGP) National e-Governance Plan, later (SWAN) State wide area network created DM to CM connectivity and in last 20 years, all government departments have been put on to the world wide web. Many of them do have their own datacenters and a lot of data is stored there.

While on one hand it increased their efficiency, connectivity and visibility, the flipside is that this made their data vulnerable too. A website hosted in their own datacenter, or a virtual private network (VPN), torrents, chat applications, instant messaging etc. all create a temporary or in some cases elongated data gateway for access. Their access to internet and vice-versa.

The staircase that goes up, is also used for coming down – it’s simple. When you connect to the internet, the same door is used for upload and download both. So if you aren’t prepared, be ready to host some uninvited guests.

Symptoms

Like any other disease, when you network or your machines or your datacenter gets infected, they show symptoms. But we “humans” are fond of ignoring them and we “Indians” are very fond of finding and alternative way out often called as the “Jugaad”.signs

For example, if floppy wasn’t working, instead of reporting it to IT, people used to write CDs, as reporting would have caused a downtime and we are workaholic people. Today, if the USB doesn’t work, we send it through mail or upload it on “Gdrive” and share a download link, since the broadband day of 64kbps are gone.

We are habitual of that, not just with our machines and networks, we are the same to our body as well. If we have headache, we take Disprin, if we have cold cough, we take D-cold total, without consulting a doctor and in the process we suppress the symptoms, till it becomes a big, really BIG problem. We shouldn’t be doing that with our data networks, because we’ll be putting the entire organization at risk, if we do it.

So let’s understand the symptoms – what we shouldn’t be ignoring.

  • Slow network – is the first symptom.
  • Erratic behavior of the machine.
  • Losing control on your mouse.
  • Junk mail in your mail box.
  • Malware / Spyware / Adware – when you open your browser, it gets filled with many unwanted ads / pop-ups.
  • Invitation from unknown people / unknown sites.
  • Unwarranted sex messages on your social media accounts / chat / mail-box.

All the above are symptoms that you must report to your system administrator. Probably your machine / network needs some security audit / service and the security has been breached or has been attempted to breach.

Solution

As they say, “prevention is better than cure” – it’s not just true for general life and human disease, it stands equally true for networks too. The user can be made aware and updated to report to the system administrator in case of a problem, but there must be a plan with the system administrator to fight the menace of cyber-attack. And in this case, the administrator is not just the law maker, he is the implementer and the enforcer too. For the network in our country, the system administrator has to work like a parliamentarian to discuss and make amendments in the security constitution, its implementation as police, it’s custodian as judiciary and its enforcement too like DRI, NIA, IB & CBI. So the life is tough for a Government of India system administrator, with all that accountability and responsibility at the same time.

In order to make it simpler, the system administrator must plan for the act of prevention, apart from planning for the cure. Following are some steps, to make the life of an administrator simpler;

  • Keep the security essentials status as “on” for each client node in the network.
  • Keep the AV patches updated. If the network is big enough to done manually, go for a (NAC) Network Access Control and a policy enforcement server, or go for implementation of (ANIHS) Augmented Network Infrastructure Hegemony System, so that you never miss any desktop / laptop or even smartphone / tablet that is permitted in the network under BYOD policy.
  • Apart from securing the LAN side, you also need to protect your network on the WAN side. For which you need to have (iWORDS) internet WAN Optimization & Refuge Data System. A system that ensure five levels of security & refuge on the WAN side that are;
    1. Sophisticated social media controls
    2. Enhanced anti-malware behavior appraisal and forensic malware narration
    3. OS independent BYOD support (single console for all OS including Windows, iOS/OS X & Android)
    4. SSL / HTTPS session decoding & inspection
    5. Confidential document content control
    6. Roles-based administration & reporting
    7. Empowered Web Content filtering

And last but not the least – Regular Security Audit (RSA). Like regular exercise is essential of the human body to keep fit, similarly regular security audit would keep your security policies in good shape.

Leave a Comment