India's Cyber Security Defence Persuit? A Proposal for GOI.

Objective: India needs to upgrade its indigenous R&D efforts to build up a robust defense against Cyber Attacks & hackers and for Big (Gigantic) Data Protection i.e. Data Protection including Data Mining & Data Privacy at the earliest is the sole objective of this post & proposal to the GoI and it involves the recommendations that how to go about it in a minimum time span by establishing an "India International Center of Excellence for Cyber Security(ICECS)" at Delhi. India is developing at a very fast speed and the use of digitization is increasing by each second, so, its Digital Infrastructure is certainly at a higher risk as more & more people are getting access to the internet and the digital payments or e-payments & e-commerce and e-governance are increasing in leaps & bounds,hence a huge amount of data is being generated in every stream of business, services and governance protocols. The recently introduced GST Regime itself has witnessed a huge digital transactions per day with an exponential increase within 45 days of its launch. The proposal made here does not amount to conclude that the present systems & measure those already in place against Cyber Attacks are not adequate but brings out home the conclusion that what additional efforts are needed ASAP in order to have a Grand Vision towards a Proactive Defence Mechanism against Cyber Attacks, hacking, data protection & Cyber Crimes for the times ahead when entire India thrives on Digital Platforms.Indian are technology savvy and use all the social media platforms such as FB,LinkedIn, Whatapp,Instgram, Twitter and so many others in huge numbers so some regulation has to be there for such social media platforms so that huge amount of data generated there is not used for the wrong purposes and against the country and its people.The ultimate aim of this proposal is to set an institute dedicated to R&D and develop counter part of FB & Whatsapp for India Digital Transformation so that we, the India remain in forefront of innovation in that front and to have a robust & resilient server & data storage including cloud platforms with in India.

Arguments:1. As the year, 2017 only being halfway over, there is a long list of significant breaches impacting organizational reputation and beating the BCP across a wide spectrum of industries & MNCs globally. The wanna cry and NotPetya outbreaks exploited computer security vulnerabilities and disrupted businesses in more than 150 countries on their way to a worldwide cost estimated at more than $4.0 billion in a single attack. The ransom is being demanded to be paid in Bitcoins, a crypto currency in which the transactions are more difficult to be traced. We’ve already had previews of the damage “smart” devices can cause. The most notorious was Mirai, which in October of last year, harnessed hundreds of thousands of Internet-connected devices into a botnet and pointed it at Dyn, a domain service provider, disrupting the internet service for many days. It is estimated with one study that $06 trillion is going to be the annual cost of Cyber Crimes globally by 2021, according to Cyber Security Ventures and it is about $ 450 billion loss per year as of now. The Maersk –a Danish company in Maritime Logistics Business which has lost about $ 300 million against Cyber attacks in 2016 itself. Other big MNCs those were hit were the British Advertising Giant-WPP, French Saint Cobain, Ukrananin Banks, Kiev Airport, Mumbai's JNPT (Jawahar Lal Nehru Port Trust) and Russia’s Rosneft oil giant by the “Petrwrap” virus, a modified version of the Petya ransomware. Even before that Ransomware attacks, the incidents against a Hospital in USA and theft of huge amount of personal data in many cases around the globe are worth to be considered. The Sony & HBO hacks are some of the incidents occurred in the past that needs no less attention as these attacks over a period of time are going to increase, rather increasing exponentially by each day. The variants of Ransomware are being developed overnight and they may contain messages with common subjects such as "please print", "documents", "photo", "images", "scans", and "pictures" in order to exploit vulnerabilities, hence, demand for Ransom could be made.

2. a: The Cyber Attacks and Hacking Attacks (CAs & HAs) are the reality of the “Digital World (DW)” or 'Dark Web" or the “Connected World (CW)” today and it shall remain so in times ahead rather the severity & frequency of it shall multiply many times to the unimaginable proportion and altogether at a different plane & scale in this VUCA (Vulnerable, Uncertain, Complex & Ambiguous) World. So, any country or an organization (Public or Private / Small or Big) has to secure its “Digital Assets (DAs)” with “Plausible Deniability (PD)”. It is fact that in spite a lot of innovative efforts & the constant pursuits in R&D to counter CAs & HAs have still not resulted in a foolproof mechanism or in terms of an “Acceptable Loss(AL)”against it and the hackers had been at their free will when to attack and when not to as they are miles ahead in advancements. The motivation indeed is, making a huge amount of easy money in the shortest possible time that too with no expenses, no hard work but at click of mouse & no trials and the hackers remains ahead as they spend lot of time, energy and research for carrying out the same but each time with an element of surprise with new scheme of things. Hence, a lot needs to be done at a massive scale & achieved in that direction by one & all individually and collectively by the nations & professionals. It is a fact that e-commerce in India is still at a nascent stage and it shall increase to at least 04 times by 2022 to a size about $ 60 billion from $ 16 billion in 2016 or maybe 100 times at least by 2030 worth about $03 trillion as cascading effect has to result in exponential spurt from 2019 onwards if the present GOI gets re-elected & that is for sure and the similar effect with increased effectiveness shall propel it further to new heights after 2024 to 2029. In my views, the e-commerce in India should be a $01 trillion industry by 2022 and the entire range of Digital India Industry shall be about another $ 02 trillion by 2024 with very pragmatic estimates. Hence, a lot needs to be done to safeguard e-retail, e-payments/mobile payments and also the “Digital Infrastructure (DI)” or "Digital Services" in the country from CAs & HAs. It is quite evident that Demonetisation (DeMo) has given a much-required push towards Digitalisation in India and the cashless transactions have seen an unprecedented spurt post DeMo. There is no denying that Demonetisation and the subsequent push toward Digitalisation have increased risk also in the same proportion and India is vigilant about the same. So, a narrative is clear that how to protect this backbone of “Digital India” & “New India Development” from the CAs & HAs. The GOI has informed that as per CERT-In there had been about 50 cyber attacks affecting 19 financial organizations since Nov 16 till Jun 17.Hence, besides CERT-In, the RBI has also issued detailed guidelines on Cyber Security for the banks. In addition, the Ministry of Electronics & IT has created a dedicated advisory to the entire industry. In India, in addition, the Home Security Solutions and IP based other security or other technology solutions are in place.The Media Companies are also vulnerable to cyber attacks.HBO & SPN are worst hit media companies so far so the media and the credit data is at risk and hackers seek to bully Start-Ups as well exploiting vulnerabilities of Big Data being generated there.

b: The freelance Darknet Hackers those are operating in an alternate Internet Universe where most of the things are illegal and not easily available to the common users is the biggest challenge as a population of such experts are on increase in India also. They can enter into emails or FB accounts or any other social media tools without any inkling to the user, hence make a good amount of money in this competitive world by electronically spying on the targets. Their remuneration goes up depending upon the difficulty level & urgency needed. The darknet can be accessed by software known as TOR to browse hidden websites anonymously as well as gain access to both legal and illegal services from hackers or other services. The spying on someone's computer or on an individual the rates varies depending upon the importance. The rivals in every field are making these experts instant rich as they charge in bitcoins for each task. The Start-Ups are using such techniques or darknet hackers to gain an advantage on the rivals, on one hand, the existing business is hiring such professionals to gain a competitive advantage on the other hand. The personal grudges and emotional stress in some cases are also the reasons when such methods are being used. At present, there are no such specific systems or devices which can find out how much is the number of Darknet Hackers in India, hence, no clue what they do. At least they exist in thousands and charge in lakhs. They are used by the corporate and may be by the governments for secret assignments as such darknet hackers does not reveal their identities and they charge in bitcoins. Hacking As A Service (HaaS) has started and one can hire it by paying amounts commensurate to profits made and most of the time it is mutual. One finds the soft target and another provides services in this set up exciting business.

3. It is also a fact that Indian Banks are losing about INR 65 K every minute this year to cyber attacks, it means INR 40 lakhs per hour & INR 10 Crore per day and 300 Cr per month making it a huge loss of INR 3600 Cr every year. Besides this, there is an increase in Cyber Crimes against innocent people of the country in equal amount or maybe more than that. The banks have deployed the best of the technology available & adopted the global best practices till date including some opting for the Blockchain or APi’s, still a large number of ATMs data or Debit & Credit Card Data has been compromised. With one estimate Cyber Crimes witnessed an increase by 100 % from 2014 to 2015 and about 154 % from 2015 to 2016.The GOI is very active in its attempt to protect its “Digital Infrastructure (DI)”including UADAI and towards this aim, it has established i-CERT in order to have a prompt mechanism to respond to Cyber Attacks & taking care of its post-event effects. The GOI has also initiated steps and set up a number of Skill Centres through RBI but such steps are inadequate as they need to be supplemented with a state-of-art R&D facility to develop foolproof proactive capabilities in terms of indigenous technology as well as with desired skills in numbers & expertise. The numbers of FinTech companies are operating now in India and employing the latest technology to take care of CAs & HAs but they are found wanting against Ransomeware, WannaCry and Petya ransomware attacks though these 02 pursuits were not that effective against Indian Networks but some of the Public, as well as Private Sector companies' operations, were certainly affected. The GOI is pushing now Aadhar based financial transactions in order to have Direct Benefit Transfer (DBT) in many schemes including MGNREGA so such large numbers of transactions are required to be protected against any such CAs & HAs. Let me state that about 94 Cr Aadhar Authentications Hit have been recorded in Jul 2017 itself. Hence, it is a huge data which is going to increase many folds as GST rollout has taken place completely and the revenue generation through GST has been a huge hit i.e. about INR 92,000 Crores in Jul 2017.The leakage of Aadhar data recently at Bangalore and a compromise about 3 million ATMs and Debit Cards through Hitachi –engineered ATM machines hacking has put a pressure not only GOI but also on technology companies / FinTech to secure such a huge digital network in India. Though the India has made substantial amount of work in that direction and a robust Cyber Security Framework has been put in place. However, multilayered proactive cyber security systems with a combination of various indigenous technologies & an ever-evolving "Pragmatic National Cyber Policy(PNCP)" Framework has to be supplemented. It is needless to state again what could be the size of Digital Network in India in times ahead as there is a lot of data is available in media or on the internet to estimate but it is for sure that India is going to surpass China in population by 2019 itself. But I would like to mention that the contribution of AI & Robotics along with IoT is going to generate a Parallel World of Digital Data or Gigantic Data Reservoir (GDR) in Virtual Reality(VR) / AR(Augmented Reality).Let me further amplify that future wars shall be fought in minds and with the deadly & Ultimate Killer “Digital Weapons(DW)” in various forms beyond the imaginations of many as of now. So, India needs a befitting readiness 24x7 always in place and in order to achieve that the following efforts are needed to be put in place in the form of India Cyber Security Mission (CSM) and National Cyber Security Policy (NCSP) purely in my views & estimates.

4. I would like to state that India needs to prepare in advance for the challenges those are nearly on the horizons such as AI has learned to write fake but totally believable, reliable and sophisticated product reviews that shall be totally undetectable and it may be very dangerous on our Social Eco-System. It shall have capabilities to influence human opinions maliciously, hence disrupt the industry. As such the social media is full of fake reviews those have been written by the human efforts but imagine if they get multiplied million times through AI with fakes what kind of a perception it may create among the entire connected population instantly, hence a huge damage could be done either to kill a reputed & trusted brand or an inferior one could be sold by such attempts. It could be a most dangerous tool in the hands of terrorists and hackers.

5. It is pertinent to mention that there is no need of speculating that when the next or a new ransomware attack is going to take place by 2018 or by 2019 or before & after ( as It was stated by a GOI expert on Cyber Security in Media recently-just a few days back as it was published in all the news dailies including ET & TOI) on India Digital Infrastructure(DI) or on Indian Banking Digital Backbone(IBDB) or an encroachment into Defence Installation’s Digital Networks(DIDNs) or on "GST Digital Framework (GSTDF)" as We / India needs to put some additional facilities in place in order to build adequate capacities at the earliest though we have enough capabilities:

a. Proposal for: India Centre of Excellence for Cyber Security(ICECS): The Cyber Security has emerged as a primary concern for online companies and the government as much of the customer verification processes get online, and cloud and private servers are increasingly being used to store critical data at a huge scale. Everywhere in all the GOI Flag Ship Program, the Gigantic Big Data is being generated that needs protection. The Privacy issue also now needs to be addressed with utmost priority. Also, India has massive expansion plans for the spread of network as about 01 lakh 30,000 km Fiber Optic cable has been laid in more than 01 lakh village. So, this centre with a short-term vision for next 05 years and spanning a long-term vision for next 50 years should develop indigenous State-of-Art Research & Development (R&D) facility to develop Time Stamping with indigenous Standardization of Timing for entire India Digital Networks which is so essential to track or carry out cyber forensics / diagnosis that how the Cyber Attacks or Haking Attacks have taken place and ascertaining POO(Point of Origin) within a shortest possible time in order to retrieve losses and putting the culprits behind bar with a fast track mechanisms. There needs to be a check on Darknet hackers. India has to develop counter to Google, Whatsapp & FB, Indian Portals & Platforms but complete hardened against cyber attacks/crimes. It shall also have a dedicated facility for the "Defence Futuristic Cyber Platforms (DFCP)". As a physicist with Nuclear Physics & Quantum Mechanics background I would like to suggest that this centre may come up at National Physical Laboratory (NPL), Delhi, as it deals with Standard Time Setting with its Atomic Clocks, those are even used for ISRO and an MOU for the same has been signed between the two recently to have indigenous GPS.So, NPL could help in time stamping. Especially the NPL has a track of lands available to build such a multi-story facility. So, it is a right place to pursue this Initiative I am sure it can develop Time Stamping capabilities at the earliest within a year or so which is helpful for Cyber Forensics along with Cyber Forensics Laboratory with cyber experts & Ethical Hackers which can carry out Cyber Audits of Government Departments & Organisations and also the needed Cyber Forensics on an incident. The proposed centre also could undertake dedicated research on Quantum Encryption (QE) & Quantum Computing which is an ultimate answer to Cyber Attacks & Crimes. The results could be combined with the outcomes of Time Stamping with required synergy without any loss of time and also collaborating other efforts underway within the country and also with international cooperation. It shall explore the complete synergy in terms of expertise available in the country which could be put to use in a systematic framework at the earliest and this shall enhance creation of desired Skills in numbers required for India. I know that presently ISC Bangalore has been assigned the task to carry out dedicated R&D on Quantum Encryption & maybe some work is also going on at CAT Indore or at any other place such as BARC, TIFR, Shah Institute of Nuclear Physics & IGCAR etc and also in all the IITs .I feel that the great amount of synergy is needed among R&D efforts in the country in order to have technology churning out fast from such efforts in order to address challenges that are being confronted by the country and its people. I have heard during some conference that a Consultancy Agency was asking about INR 17 crore from the GOI for the consultancy towards the same efforts i.e. Time Stamping needed for the Telecom Network & Cyber Attacks Diagnosis. So, I feel that why such a large sum to be spent on such consultancy which is already available with us as I have made this comprehensive proposal for a need of such a facility and also the expertise at the institutes as mentioned above. These are purely my views on the subject being a physicist and the understanding of the subject of Cyber Security with my background in technology academically as well as practically with my 12 years of experience in Integrated Security Solutions in Homeland Security Industry & Cyber Security. I have also gone through the IIT Kanpur Report on the subject in News Paper which says that in order to provide a foolproof mechanism to counter Cyber Security needs a minimum investment of about $ 04 billion to protect India Digital Infrastructure. I have also gone through a very encouraging work that has been carried out by the scientists of IIT Kharagpur in last 04-05 years to develop solutions to check hacking into IoT devices. It is indeed a hard work that could be made use in further research as it employes PUF(Physically Unclonable Functions) technology which prevents DDoS attacks on IoT devices. PUFs use Identify-Based Encryption(IBE), hence, it could be used for Industrial IoT applications. There are other technologies such as Blockchain & APIs. In my estimates, if INR 500 crore is allocated to this project instantly to bring up ICECS at the earliest, this facility could be created in record time and the Time Stamping capabilities could be developed within a year by establishing 03 more facilities in the country at other places as an extension to ICECS. This shall be an essential part of Indian Cyber Security Mission(ICSM). It shall bring out a National Cyber Security Policy also within first 04 months of its establishment. It shall also carry out a SWOT of indigenous capabilities & skills available in the country along with what technologies are being used by various sectors of the Indian Industry against Cyber Security and what best available globally. This effort is also needed to be sanctioned by the GOI at the earliest as India should not be left behind many countries those have already advanced and using Digital Weapons combined with Social Media to their advantage clandestinely. The future belongs to the technology, hence, this step needs to be initiated at the earliest in order to take lead in indigenous R&D.I can put my expertise at this task and get this centre established at the earliest if I am assigned this responsibility by the GOI what has been envisioned in this paper along with the close association of the Directors of other institutes if so desired to yield results in shortest possible time.NPL location is also a suitable place as necessary coordination among ministries and with India Think Tank at PMO & Niti Aayog could also be progressed at the fastest speed needed for such projects.

b, The ICECS shall also carry out R&D on other techniques other than Quantum Encryption such as Machine Learning, Blockchain, bots , Big data Analytics, data protection & privacy,Clusters Analysis and a definite pursuit forward towards Quantum Computing as that is the future. Also, to create tools such as BitScout to remotely collect cyber attack evidence which shall facilitate investigators, and law enforcement authorities to analyze the data without tempering the source data. It shall formulate SOPs and policies towards regulatory & enforcement mechanism. It shall further enhance R&D into PUF & IBE techniques.

c. The center shall have a dedicated facility for each area such as Robotics, AI, People+AI with an emphasis on Humans, IoT, Nano-Technology / Nano-Robotics and Quantum Computing,3-D printing, Robo-Analytics. I am keen to see that India become a front-runner in this technology of “Quantum Computing (QC)” and would like to hear a sound chus...chus...chus and a data of Quantum Bits (qubits). It is pertinent to mention that "Transportation of Quantum Bit" has become a reality and so are going to be the Quantum Computers shortly. The Quantum Mechanics is all about Amplitudes and these amplitudes are sort of probabilities, but they can also be negative and they could also be complex numbers, hence, opens a new area of possibilities where Cyber Attacks & Hacking Attacks shall not be possible though it may have other challenges.

Conclusion:

a. It is very clear in this paper, cyber-attacks & darknet hacker’s pursuits are becoming more and more sophisticated, making it harder to detect them. The GOI & cyber security industry must find new methods of detection to outsmart the attackers. By applying methods of data analysis such as machine learning and cluster-based analysis, it becomes possible to easily sift through huge volumes of data and identify where the new threats exist. The counter cyber attacks experts, ethical hackers & industry needs to develop an indigenous solution that uses machine learning and cluster analysis to protect organizations from the next generation of cyber attacks. Develop Quantum Encryption with the fast pace of R&D efforts to explore ultimate solutions to hacking & stealth cyber attacks. India needs to develop Time Stamping methods at the earliest in order to facilitate a faster mechanism of cyber diagnosis/forensics in order to catch cyber offenders & hackers at a faster speed so that they could be brought to speedy justice. Finally, India has to take a plunge to have the Quantum Computing R&D facility also at the proposed Centre at the earliest. I am keen to see that India attains its past glory when it did the pioneering work in R&D and it was on top. So, I strongly recommend that GOI may approve such a facility and sanction the required funds at the earliest. I am ready to work in close association with all in setting up of ICECS. This proposed center ICECS shall have a panel of top scientists from across disciplines in India to give a boost to R&D in this field as stated in the proposal and report directly to the PM India through MoS. The centre will see to it to formulate a White Paper in the form of Recommendations to GOI / PM of India in order to create “Cyber Command Centre & Futuristic Forces of India(CCCFFI or C3F2I)” so that necessary platforms could be developed at ICECS at the earliest keeping India at top in times ahead which is so essential for a New India Development.It shall have a State-of-Art Forensics Laboratory to take care of the requirements of MHA & MoF in addition to MoIT & MoTelecommunication. MoHRD & MoS&E shall also get involved so that a backup education system at schools & colleges with the required awareness that needs to be created and needed Skill could be produced in levels of expertise and in numbers.

b. The funds may come from the MHA, Ministry of Telecommunication & IT, Science & Technology, Ministry of Skills Development & Entrepreneurship and HRD in equal proportion. This institute is an attempt to make it bigger than any R&D Institute, Laboratory and any other research facility in the country or even globally in order to take lead in such areas forever as India took lead in IT. It shall change the entire dynamics of R&D in the country as these six ministries shall be nodal ministries but the Director-General -ICECS shall report to the PM through MoS as it shall be like the Space Commission or Department of Atomic Energy. So, on the establishment of this center first, it could be converted into the Cyber Security Commission of India (CSCI).The funds for the future expansion could be sanctioned subsequently on monitoring the progress. India should have an institute now which takes care of futuristic research in a most candid way keeping nation ahead of frontier technologies & innovation in this field. The M/s Tata projections or the requirement to build 400 Cyber Warriors and also the requirement of equal number as envisaged by the Airtel could also be met through this centre. Even Jio or any other Indian telecom companies can contribute to these efforts to create a giant R&D Centre on PPP basis. It is going to serve many purposes but the sole focus shall remain the futuristic R&D efforts to keep nation always in forefront in Cyber Security Defence or in AI or any other similar or more potent Technological Challenges in times ahead so that India start manufacturing state of art High-End Electronics & Defence Equipment / Weapons with complete confidence of their security aspects, and also the futuristic IoT, Robotics, and AI incorporated systems/platforms in order to meet the challenges.

c. I am aware that the "National Cyber Coordination Center" has come up with an estimated investment of about 1000 crore at Delhi but its mandate is different as it shall take care of ISPs and Data Centres. I am also aware that GOI has already put Botnet Cleaning and Malware Analysis Centre called as "Cyber Swachhta Kendra". There are also efforts in place to set up CERT for each sector such CERT-FIN, CERT-Communication and CERT-Power shortly. I am also aware that NASSCOM is doing a great job in creating skills in IT & Network Security.So, there is a large number of universities have been involved in skilling pursuit. I am also aware that CCTNS has started functioning very efficiently and its expansion to the police stations and investigating agencies. I am confident that ICEFCS shall be a step forward to take care of required synergy among various efforts and prove as a multiplier to enhance Indigenous Capabilities many folds to deal not only this challenge of Cyber Security but also emerging more potential challenges ahead as enumerated in the proposal.

d. The Humanity is on a unique journey called the Digital Transformation. The pace of technological change is accelerating and this brings the highest level of complexity. This increasing level of complication is placing a huge burden on the security industry. With more complexity comes more vulnerability because it is nearly impossible to proactively brainstorm all of the ways that criminals will exploit new digital tools. This is the simple reason criminals are growing their success. The next big challenge is going to be as the artificial intelligence (AI) will control futuristic Digital Tools. These devices will be connected to the internet and traffic huge amounts of valuable data. It is fact that progressively most devices, equipment, and machines shall get connected to the internet, from refrigerators to cameras and pacemakers. By adding AI to these devices, will make them autonomous in their activities and that sounds wonderful from an automation standpoint but terrible from a security viewpoint. The brigade of Robots controlled by auto-decision making & supported by auto Drones Platforms gets the scientists & military commanders shiver in the spine.This automation might offer us convenience and efficiency, but it also poses an enormous risk. Consider what might happen if a criminal gains access to a fully autonomous car or metro or a commercial building BMS or a missile launch or an Electric Feeder? In one situation they may ask a ransom, at the worst they will use it to do physical damage and that could be monumental. The worst scenario shall be if the hacker takes control of the algorithm that decides online governance issues. So, the sky is the limit what all topics could be studied & researched at ICECS in order to find futuristic solutions.

I am sure that ICECS shall serve the purpose in many ways what is needed for India to make it a strong, indigenous cyber security resilient and futuristic nation in innovation . I am confident to put such a facility in place.