Internet is a two edged sword where one one hand there is a world of good that has been derived out of it but at the same time it is also a silent dark force that creeps into our lives with renewed threats to our homes, businesses and the world of good. Its good time that we discuss about the forces of the dark thereby creating an awareness.
The advent of Internet has made the world " a global village ". Organizations worldwide tend to increasingly move from a paper based environment to paperless environment. That necessitates organizations to go online. Cybercrime has a great challenge of the world having become a global village in a manner that a person sitting in one part of the globe is able to commit crime in a different part of the globe and there seems to be not proper framework, legislation, rules or procedures to bring such perpetrators to accountability. In other words in a typical cybercrime scene we don't have a crime scene, criminal, weapon and the victim at the same geographic area . There needs to be a multi jurisdictional approach across governments, international organizations and businesses to curb such activities in this pervasive online world.
As devices seems to grow complex and compact so it the list of devices and tactics that are developed by the perpetrators. Nearly $ 2Bn is transacted daily online and this is at risk due to the dark forces. So financial incentives of cybercrime is increasingly lucrative business. There are great questions on whenever we are involved in a security breach what should be our response both formal and facilitated approach. There needs to be a clear defined mechanism that should clearly outline the systems of response that need to be invoke and the points of contact that need to be established between the organizational response centers and external security teams so on. There ought to be a strategy and you need to know who your friends are and with regular exercises fine tune the system to ward of probable incidents.
Traditional crime that has moved online is Cybercrime. Then there are newer crimes that are a result of the technology like phishing, DDOS , Botnet , crimes in virtual world. Then there are threats to existing networks and systems either by a disgruntled employee or someone who has better knowledge of the systems. Then there is online propaganda for terrorist activities or posting of videos that are capturing those moments. An organization follows this approach typically
Cyber threat >> Action >> Feedback >> Reaction >> Prevention
Yourself, Computer Incident Response team, Computer Emergency Response team are a few of the involved stakeholders in this system . Each of these take holders are proficient in only a set of activity. There needs to be interaction between each of the stakeholders and there needs to be a continuous dialogue between them. Whenever there is an attack to the system there needs to be a level of increasing transparency from the victim organization to divulge critical information to each of the stakeholders and different stages to effect a better tracking and prevention mechanism in place. Organizations need to have a balancing act between the rights of users and the transparency of information to the stake holders external to the system.
Gulshan Rai the Head of CERT in India gave a clear outline of the online behavior of Indian users in impacting the economic potential of India. His talk was towards increasing threats that the online world has faced . SPAM is increasingly becoming a common phenomenon in India. Increased cases of Phishing of the banking sites has come to the lime light. India was the 12th country to implement the IT Act at 2000. But there is a lot of evolution in terms of technology that has happened ever since and those things have been addressed in the update on the IT Act as per the Draft 2006 that is yet to be approved by Government of India. Data Security Council of India is a government initiative to educate the public servant and governmental offices in areas of incident management and areas of cyber security.
Alexander Ntoko insisted on the basic premise / understanding for a need of a uniform global response through an initiative called Global Cyber security agenda that clearly represent the common interests of all the stakeholders. Accordingly they were focused on 5 major areas Legal Measures, Technical and procedural measures, Organizational structures, Capacity building and finally International cooperation.
This Panel was chaired by the following experts in IGF:
Mr Chandrasekar , Chairman IGF India
Secretary: Mr. Markus
Panelist : Mr. Bertrand De La Chapelle
Mr. Michael Lewis , Qatar Tel. Cybersecurity Research
Mr. Marc Goodman , Director , International Cooperation
Mr. Patrik FaltStorm
Mr. Jayantha Fernando, ICT Head , Srilanka
Mr. Gulshan Rai - Head of CERT, India
Mr. Alexander Ntoko, Head Corporate Strategy , ITU