Naavi.org

AP Chief Minister Mr Chandrababu Naidu laid the foundation stone for the new Capital City of Andhra Pradesh to be known as Amaravati. The City is to be developed as a “Smart City”. Knowing the cyber savvy nature of Mr Chandra Babu Naidu and the opportunity to build the capital city with a Zero based planning, it is possible that Amaravati can come up as an ideal smart city which is the dream of Mr Narendra  Modi.

While we watch the developments as they unfold, we once again reiterate that the success of the concept of “Smart City” is closely associated with the Cyber Security plans that are implemented when the smart city is built brick by brick. As if to remind everyone about the vulnerabilities associated with the dependence on “Information” in Governance, US Government has announced its apprehensions of a major hacking of its federal information systems by China. (Read the article in Independent here).

A Smart City by its very concept is highly susceptible to information security vulnerabilities since its critical resources such as Electricity Supply, Water Supply, Road Transport, Health system etc will be vulnerable to terrorist attacks and cyber warfare. We are not sure if managers of other smart cities are capable of understanding these risks and taking appropriate security measures but feel that Mr Chandrababu Naidu is one who can understand the risks and take such steps which would form a guideline to other smart cities in India.

We therefore congratulate Mr Naidu on laying of the foundation stone for  Amaravati, and at the same time urge him to lay the foundation stone for an appropriate “Smart City Cyber Security Framework” which is technologically sound.

We reiterate that the technologically sound cyber security framework should also be supported by a “Smart City Cyber Law Framework” which takes into account the issues surrounding Big Data and Internet of Things. Aditionally  people involved must be adequately trained and motivated to implement the information security as a backbone to the city’s law and order eco system.

Naavi.org will try to present the major information security issues to be tackled by a Smart City one by one. I request all security professionals to consider contributing to this knowledge base in the form of articles on various issues involved in securing the Smart City cyber systems. The articles and comments can be sent to naavi@vsnl.com with a brief profile of the author, for publication in Naavi.org. Students of Technical and Legal institutions are also welcome to contribute.

Naavi

It has come to the notice of Naavi.org that two individuals in Australia  have registered a domain name “Naavi.co” and are attempting to promote a blog and other educational products in the name of Naavi.

A preliminary notice has been sent to the promoters for necessary corrective action, failing which necessary action through legal means would be initiated.

In the meantime we would like to inform all the visitors of Naavi.org that we donot have any relation with Naavi.co or any of its declared promoters, Naavi Pty.co or the individuals Mr Blake Seufert and Michael Bates who declare themselves as the Co-Founders of Naavi.co.

Naavi

It is reported that NASSCOM and DSCI has set up a Cyber Security Task Force with representatives from industry and academia to identify key priorities and build a detailed action plan. The task force is expected to study the Indian Cyber Security eco system to identify the issues and challenges. The Chairman of NASSCOM states that the efforts will be to “bring together the stakeholders from across the board”.

(Refer report here)

The initiative is welcome.

However, it has been noticed earlier that the approach of NASSCOM lead by technology specialists often fail to address Cyber Security from the holistic perspective. The end results of most such initiatives lead by business leaders is to identify and pursue business opportunities that arise out of such initiatives and any benefits that the society may achieve becomes incidental. The interest of the end consumers is not always kept in mind by such initiatives.

One example which we can quote here for those who have great faith in such industry lead committees is the attempt made by some Bankers who were part of the G Gopalakrishna Working Group (GGWG) of RBI which was meant to address the Information Security requirements in E Banking, to influence the committee into taking decisions which were anti consumer and violation of the law of the land. It was only the efforts of a vigilante Naavi.org and an understanding Chair Person that the effort was thwarted.

It is therefore anticipated that even this NASSCOM-DSCI Cyber Security Task force runs the risk of such motivated manipulations that needs to be guarded against.

It is necessary for the task force to recognize that “Cyber Security is not achieved only by a set of technology tools such as an Anti Virus package,  Firewall or an IDS system but includes the Cyber Law environment and the management of the behaviour of human resources”. In other words it is necessary to recognize that Cyber Security is a three dimensional exercise involving technology, law and behavioural science.

I am confident that the task force will do an adequate work as regards the technical aspects of security. However I am more or less certain that the task force will fail to have a holistic view of the Cyber Security eco system that includes laws that affect technology and behavioural aspects of ICT users.

To be a comprehensive approach the task force report should incorporate the Cyber Law requirements to support the issues such as Cyber War fare, Cyber Terrorism, Organized international Cyber Crime syndicates, Privacy Issues, Anonymity and Pseudonomity, Addiction of Internet users to Social media, Effects of Video Gaming, Pornography, the issues of Social Engineering and the ubiquitous presence of Mobiles.

The attempt of technologists would be to drive technology use without fully covering up the risks. When the technology person himself looks at the security, there is an inherent conflict of interest and the final outcome always leans towards what increases the revenue and profitability. The risks which make consumers lose money are never the focus of such task forces.

I would like to draw the attention of the Chair persons of NASSCOM and DSCI to the above apprehension and take appropriate steps.

Naavi

Naavi.org has been highlighting the fact that banks are conducting “Unsafe Banking” in pursuance of “Profit before Customer Service” and pushing Customers into greater and greater risks.

RBI has through the 2001 guidelines on Internet Banking and again through the Information security guidelines (GGWG) in 2011 has mandated that Banks need to ensure proper cyber security and also cover themselves with Cyber Insurance. However, Banks have not upgraded their security but going for higher and higher levels of untested technology.

The Adjudicator of Maharashtra had provided several awards in favour of the customers and Bankers were very much dissatisfied. Eventually, the Adjudicating officer was transferred.

Simultaneously the Karnataka Adjudication system has been kept closed since the IT secretary is not interested.

As of now the entire system of Adjudication across the country has been paralyzed.

It is also well known that probably it is the influence of the Banks that the post of the Cyber Appellate Tribunal (CAT) remains unfilled for four years.

Cases which are already before CAT are in a limbo.

Now it is learnt that all the affected Banks in Mumbai are considering challenging the decision of the Adjudicator of Maharashtra in High Courts. From the recent verdict of a High Court in Bangalore we know that any lower court verdict can be turned upside down if necessary even using a faulty calculator to add. Banks have the resources which can work wonders with our system.

It is therefore necessary for Netizens and public spirited lawyers to be vigilant and ensure that Courts donot take decisions which are anti cyber crime victims under the influences that banks can mount on them. Consumer protection organisations also need to step in now to see that injustice is not done to bank fraud victims.

In any such litigation, RBI must also be made a party to clarify its stand on “Security in Banking system”.

I wish media also turns its attention on this class action by Banks against its own customers to cheat them of their hard earned savings in pursuance of the greed for more profits by Banks.

Naavi

“The general culture in our bank is to brush data security breach and loopholes under the carpet” says one of the senior executives of a leading Bank, according to this article in Midday.

Mumbaikars beware! Your bank details are being stolen and sold!

It is well known that Cyber Security has been subordinated by Bankers today to profits and RBI has been looking the other way. Highlighting one of the vulnerabilities in the Security protocols which became public a few months back, (SSl V3 exploit), the article explains how many of the Bank’s own executives admit that the Banks have been deliberately neglecting the security and “brushing the problem under the carpet”.

This should be an eye opener for RBI to tighten up its regulatory measures so that Indian Banking system is not a victim of greed of bankers to make profits at the cost of security.

Naavi

Any Questions on Cyber Law? Download this App from Google App Store a Ask

The undersigned has been undertaking several measures from time to time towards spreading awareness of Cyber Laws in the country. In a bid to further the mission of “Cyber Law Awareness For Everyone”, Naavi has launched a mobile App called “Cyber Law Guru”.

The app which is presently on Android platform enables any person to post a query and an attempt will be made to provide a feedback to the best of our ability.

Initially, Naavi will be providing the answers but in due course it is intended that a panel of experts will be answering the queries.

The purpose of this App is only to “Educate” and “Create a better awareness” and not to provide any consultancy.

The app can be downloaded from the Google App Store and here:

We hope that the app would be found useful.

The app is presently on extended testing and any constructive feedback is welcome. The feedback can be sent to Naavi

Naavi