Beruflich Dokumente
Kultur Dokumente
New Delhi
Cyber Era
Securing the future
11th India Knowledge Summit 2013
14 -15 October 2013
New Delhi
Message from Ministry
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Message from President, ASSOCHAM
The internet has revolutionized the The Chamber has adopted the theme
way people communicate and access of ‘Cyber Security’ for the 11th India
information. The convenience and Knowledge Summit. I am confident that
speed afforded by Internet has closely the Summit will address several key
integrated businesses extended value issues related to Cyber Security and
chains across geographies dispersed. present key policy recommendations to
It has also enabled an unprecedented the Government and other stakeholders.
exchange of ideas, information and I compliment KPMG and ASSOCHAM
culture across the world. Its virtues for presenting a background paper on
notwithstanding, the rising Penetration the theme.
of the internet has also resulted in
I convey my best wishes for the success
the propagation of risks and security
of the India Knowledge Summit and look
threats.
forward to the Summit outcomes and
Exponential growth and dependence recommendations to further strengthen
on technology has also exposed the our Nation’s cyber infrastructure for
vulnerability of our institutions to National Security.
imminent threats like cyber attacks
which can severely cripple vital
systems, and can bring the entire
Nations to a grinding halt, thereby
severely compromising National
Security. Institutions focused on Rana Kapoor
addressing National Security including President
ASSOCHAM
communication networks, hospitals,
energy and defense installations
are increasingly prone to such cyber
threats. It is therefore critical to provide
robust security apparatus, to ensure
their smooth functioning. Cyber security
is a serious concern and merits indepth
discussion amongst thought leaders,
domain experts, Government and policy
makers and also Cooperation across
various agencies.
India has the world’s third largest
community of internet users, with a
vast majority now accessing internet
through their mobile phones. Mobile
phone security, due to increased
adoption, presents a different set of
challenges. However, cyber regulation
and supervision must accord due
consideration to the “Right to individual
privacy and freedom of speech” without
compromising National Security. As
the Knowledge Chamber of India,
ASSOCHAM endeavours to mobilize
industry opinion to further strengthen
the legal and regulatory regime so that
citizens’ rights are safeguarded along
with security of vital National systems.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Message from Chairman, ASSOCHAM
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Message from Co-Chairman, ASSOCHAM
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Message from Secretary General, ASSOCHAM
The growing use of ICT for We are confident that the deliberations
administration and in other spheres of at the India Knowledge Summit – 2013,
our daily life cannot be ignored. Further, with the theme ‘Cyber Era, Securing
we also cannot ignore the need to the Future’ will provide more insight to
secure the ICT infrastructure used for emerging cyber related challenges and
meeting the social functions. their appropriate solutions for further
securing the cyber space.
In the era of E-Governance and
E-Commerce a lack of common security ASSOCHAM is committed to creating
standards can create havoc for the more awareness about the Cyber
global trade in goods and services. related issues and this Background
Paper jointly prepared by KPMG and
The threat from cyber attacks and
ASSOCHAM is a step in that direction
malware is not only apparent but also
and we congratulate the team for their
very worrisome. There cannot be a
efforts.
single solution to counter such threats.
We need a techno legal “Harmonized We convey our very best for the success
Law” to address these challenges. of the India Knowledge Summit, 2013.
A good combination of law and
technology must be established and
then an effort be made to harmonize
the laws of various countries keeping
in mind common security standards. D. S. Rawat
In this respect ASSOCHAM lauds Secretary General
ASSOCHAM
the efforts made by the Ministry of
Communications and IT, Government
of India in recently releasing the
National Cyber Security Policy 2013
to ensure a secure and resilient cyber
space for citizens, businesses, and the
Government.
We at ASSOCHAM, have been
discussing and deliberating with the
concerned authorities and stakeholders
about the need for security compliance
and a legal system for effective dealing
with internal and external cyber security
threats.
ASSOCHAM has been a member of
the National Security Council, Joint
Working Group (JWG) on Public Private
Partnership on Cyber Security and we
deeply appreciate the efforts made by
the JWG in inviting private industries’
views and suggestions on Cyber
Security related issues.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Message from KPMG
We are living in a connected era where The laws around cyber crime in India
the governments and organisations are are also being tested for their ability to
making their services available online to deter and tackle such crimes. While
citizens like never before. Governments the government has taken couple of
have taken strides in delivering citizen steps at the policy-level in recent times,
services online. Organisations continue these may become dated unless they
to earn revenues only out of their are being reviewed on a regular basis.
online presence. These have brought in The government alone cannot tackle the
efficiency and convenience in our daily issue of cyber crimes. An ecosystem
lives. The entire smart phone market for regular consultation workshops with
growth has been one of the catalysts industry and experts and a mechanism
for the dawn of the connected era. to develop threat-intelligence needs
As the country’s infrastructure and to be developed. More than ever now,
the citizens keep getting online, the the industry and the government now
opportunities for cyber criminals to need to come together on the issues of
conduct their attacks also increase. This dealing with cyber security.
has tested the security measures of the
governments and organizations.
The mindset of ‘compliance-based’
approach towards security needs to be
unlearned to deal with the sophistication
of cyber attacks. Relying on tools and Navin Agrawal
Partner and Head
scripts may not help tackle security Government and Public Sector
issues unless there is some intelligence KPMG in India
built in it. Of course, all of these steps
will fail if there is not enough skilled
manpower to manage cyber security.
This requires an assessment of the
overall maturity of the cyber security
program of the organizations and the
governments.
Many cyber attacks are part of online
protests or cross-border retaliations
against countries. There has to be a
mechanism for real-time intelligence to
handle security threats. In order to be
better prepared to handle such cyber
attacks, it is important to understand
their modus-operandi.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Contents
8. Epilogue 17
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
1 KPMG-ASSOCHAM – Cyber Era: Securing the future
Source: Trend Labs 2Q 2013 Security Roundup, Govt to chart road map to safeguard India’s
cyber security architecture – DNA, August 2013
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the future 2
At present, one in four card transactions Electronic Delivery of Cyber crime cases in the country
takes place online and the number has
Services Bill, 2011 registered under the IT Act last year
been growing at 50 percent year on
year as against the 35 percent growth in The Bill requires public authorities to rose by about 61 percent to 2,876
‘card present’ transactions1. Recently, deliver all public services electronically with Maharashtra recording the
SEBI has also approved e-IPO procedure within a maximum period of eight most number of cases.
for electronic bidding in public offers. years. There are two exceptions to this The country had witnessed
requirement: (a) services that cannot be 1,791 cases registered under
While the internet facing transactions
delivered electronically; and (b) services the Information Technology (IT)
are growing every day, there is a
that public authorities, in consultation Act in 2011, Minister of State
dire need of securing the underlying
with the Commissions, decide not for Communication and IT Shri
infrastructure from cyber attacks.
to deliver electronically. The Bill Milind Deora said in a written
establishes Central and State Electronic reply to Rajya Sabha.
Service Delivery Commissions to
monitor compliance of government “As per the cyber crime data
departments and hear representations. maintained by National Crime
Public authorities have to establish a Records Bureau (NCRB), a total
mechanism to redress complaints. of 288, 420, 966, 1,791 and 2,876
cyber crime cases were registered
The Bill requires all government under IT Act during 2008, 2009,
departments to provide services 2010, 2011 and 2012, respectively,”
electronically. This may involve he added.
the storage and communication of
information in an electronic form. While Maharashtra registered a total
the right to privacy is a fundamental of 471 cases in 2012 followed by
right, India does not have a law on Andhra Pradesh (429), Karnataka
privacy. (412), Kerala (269) and Uttar Pradesh
(205) under the IT Act, Deora said.
In the absence of such a law, data
that is stored electronically may be A total of 176, 276, 356, 422 and 601
misused. The IT Act was enacted to cases were registered under cyber
facilitate e-commerce by providing legal crime related sections of the Indian
recognition to electronic transactions. Penal Code (IPC) during 2008, 2009,
It only penalizes wrongful disclosure 2010, 2011 and 2012, respectively,
of information collected under that the Minister added.
Act. It does not penalize disclosure Source: zeenews.india.com
of information collected by the
government under other laws, such as
under this Bill.
The Bill empowers the government to
prescribe ‘e-governance standards’.
However, these standards may not
include safeguards for privacy. The
Standing Committee that examined
the Bill recommended that suitable
amendments be made either to this Bill
or to the IT Act to address this issue.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
3 KPMG-ASSOCHAM – Cyber Era: Securing the future
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the future 4
National Cyber Security Here are ten things you should know about India’s National Cyber Security
Policy of India Policy 2013:
In July 2013, Minister of Set up a 24x7 National Critical Information Infrastructure Protection
Communications and IT, Mr. Kapil Sibal
1
Centre (NCIIPC) for protecting critical infrastructure of the country
released the much-awaited National
Cyber Security Policy of India 2013. In Create a taskforce of 5,00,000 cyber security professionals in next five
the wake of increasing attacks from 2 years
state and non-state actors, on public
as well as private infrastructure, this Provide fiscal schemes and benefits to businesses for adoption of
policy was essential to prevent and 3 standard security practices
reduce such attacks. This policy also
intends to circumvent any resultant Designate CERT-In as the national nodal agency to co-ordinate cyber
economic instability arising due to
4
security related matters and have the local (state) CERT bodies to co—
cyber attacks. While the authority has ordinate at the respective levels
acknowledged that the real challenge
will be in operationalising this policy, All organizations to designate a CISO and allot a security
the Cyber Security Policy still provides 5 budget
a strong vision to secure the critical
infrastructure of the country. 6 Use of Open Standards for Cyber Security
Key points from the draft version missing in the final policy:
• Initiative to establish a countrywide secure intranet for connecting strategic
installations with CERT for emergency response and coordination
• The draft policy had objectively set out actions for ensuring security by
Service Providers, Corporate and SOHO
• Of the 12 stakeholders identified in the draft, only four are mentioned in the
policy.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
5 KPMG-ASSOCHAM – Cyber Era: Securing the future
cyber attacks. Among these Critical 11 Predictable Failure Prevention 26 APT protection
Information Infrastructures (CIIs)
which are intricately interrelated and 12 Information/Data Leakage Protection 27 Network Device Protection
interdependent are defence, finance,
13 Checks and Balances for Negligence
power, transport, communications, 28 Cloud Protection
water supply etc. The NTRO will 14 Outsourcing and Vendor Security 29 Intranet Security
also monitor if they are following the
guidelines. 15 Critical Information Disposal and Transfer 30 Access Control Policies
public private partnership. India will also Maintaining, Monitoring and Analysing
36
create a Cyber Crisis Management Plan logs
to respond to major breaches of cyber
37 Penetration Testing
security.
38 Data storage : Hashing and Encryption
39 Security Certifications
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the future 6
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
7 KPMG-ASSOCHAM – Cyber Era: Securing the future
The Government of India has brought causing DoS attacks, introduction of The cyber security and data protection
major amendments to ITA-2000 in the computer contaminant, etc. provisions in IT (Amendment) Act, 2008
form of the Information Technology are also supported by various other
The Information Technology
Amendment Act, 2008. It has added enactments, namely:
Amendment Act 2008 also defines
several new sections on offences
the term ‘intermediary’ which includes • The Indian Telegraph Act, 1885
including Cyber Terrorism and Data
telecom service providers, internet
Protection. A set of Rules relating • The Indian Contract Act, 1872
service providers, web-hosting service
to Sensitive Personal Information
providers, search engines, online- • The Specific Relief Act, 1963
and Reasonable Security Practices
payment sites, online auction sites,
(mentioned in section 43A of the ITAA, • The Public Financial Institutions Act,
online market places and cyber cafes.
2008) was released in April 2011. The 1983
Under the amended section 79 of the
ITAA 2008 adds eight offences,five of
IT Act, the requirement of ‘knowledge’ • The Consumer Protection Act, 1986
which are added to the ITA 2000 and
has now been expressly changed to
three to IPC. • The Credit Information Companies
‘receipt of actual knowledge’. A limit of
(Regulations) Act, 2005.
Many cybercrimes for which no 36 hours is specified to respond to such
express provisions existed in the IT a request. If an intermediary refuses to
Act, 2000 now stand included by the do so, it can be dragged to the court as a
IT (Amendment) Act, 2008. Sending co-accused.1
of offensive or false messages (66A),
The amended Act also enables
receiving stolen computer resource
setting up of a nodal agency for
(66B), identity theft (66C), cheating
critical infrastructure protection, and
by personation (66D), violation of
strengthens the role of CERT-In. This
privacy (66E). A new offence of Cyber
Act creates provision for the central
terrorism is added in Section 66 F which
government to define encryption policy
prescribes punishment that may extend
for strengthening security of electronic
to imprisonment for life. Section 66 F
communications. Presently, encryption
covers any act committed with intent
of upto 40 bits is allowed under the
to threaten unity, integrity, security or
telecom policy.
sovereignty of India or cause terror by
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the future 8
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
9 KPMG-ASSOCHAM – Cyber Era: Securing the future
In April 2013, the Union Section 69 of the IT Act, that deals The procedure and safeguards to
with power of Controller to intercept exercise this power are laid out by
government began rolling out information being transmitted through the Information Technology Rules,
a central monitoring system, a computer resource when necessary 2009 (procedure and safeguards for
or CMS, which will enable it to in national interest, is amended by interception, monitoring and decryption
Section 69 of the IT Amendment of Information).
monitor all phone and internet Act 2008. In fact the power vests
communication in the country. The subscriber or intermediary that fails
now with the Central Government or
to extend cooperation in this respect
State Government that empowers it
is punishable offence with a term
to appoint for reasons in writing, any
which may extend to seven years and
agency to intercept, monitor or decrypt
imposition of fine. The element of fine
any information generated, transmitted
did not exist in the erstwhile Section
received or stored in any computer
691.
resource.
This power is to be exercised under
great caution and only when it is
satisfied that it is necessary or
expedient to do so in interests of
sovereignty, or integrity of India,
defence of India, security of the State,
friendly relations with foreign states or
public order or for preventing incitement
to the commission of any cognizable
offence relating to above or for
investigation of any offence.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the future 10
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
11 KPMG-ASSOCHAM – Cyber Era: Securing the future
The Privacy Act should put into place Different geographies across the globe While there are minor variations
a regulatory framework for both public have defined their privacy requirements, between these various formulations,
and private sector organisations. articulating the requirements for the it would not be inaccurate to suggest
The ambit of the privacy legislation protection of personal data and prevent that there is a set of globally accepted
will extend to data being processed harm to an individual whose data is at privacy principles on which the India’s
within India, and data that originated stake. Privacy Law should be based on.
in India, even when it is transferred
The table on following page represents
internationally. To do this, the Act should
the derivation of privacy requirements
establish the offices of the privacy
as articulated by the OECD Privacy
commissioner. Additionally, the Act
Guidelines, EU Data Protection
should enable a system of co-regulation
Directives, APEC Privacy Framework,
through self-regulating organizations
Canada PIPEDA (Personal Information
and their member organizations.
Protection and Electronic Documents
These bodies should each play a distinct Act), and Australia ANPP (Australia
role in implementing the provisions National Privacy Principles).
of the Act. The Privacy Act should
The privacy principles represent the
establish offenses and penalties, and
foundation for any regime to protect
list exceptions to the right of privacy.
privacy. With regard to the principles
Any exception should be necessary in a
in force the world over, there is a high
democratic society, proportional, and in
degree of agreement among various
accordance with laws in force.
approaches, most specifically, the
The framework should enable quick principles followed by the US, OECD,
redress by allowing individuals to EU and APEC, where transparency,
resolve their complaints through enforcement and accountability are
alternative dispute mechanisms, the considered the cornerstone for privacy
Privacy Commissioner, or the Courts. protection.
Once the Privacy Act is approved by
Parliament, the regulatory bodies
in the Act should be accountable to
Parliament.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the future 12
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
13 KPMG-ASSOCHAM – Cyber Era: Securing the future
The Joint Working Group (JWG) Report Given the role of security standards
on Engagement with Private Sector and audit in enhancing the level of Coduct Consultation Workshops
on Cyber Security highlights the need preparedness and assurance in cyber
for a pivotal body that will co-ordinate security, the private sector can be
the cyber security measures between an active partner in defining baseline Share Cyber Intelligence
the private and public sector. This will security standards and practices/
not only help in sharing the intelligence guidelines for the critical sectors both
Fund Research programs
of cyber security but also help align in the public and private sectors. There
the maturity of cyber security across should also be security standards
the country. The industry should also and guidelines for acquisition of IT Develop Capacity building and
Training Centers
coordinate with CERT-In or the sectoral products and services. In this regard,
CERTs that the NCSP outlines. Critical Joint Working Group on Cyber Security
shortage of cyber security professionals also recommends making cyber Collaborate during cyber-attacks
need to be tackled in mission mode with security audit mandatory by appropriate
innovative recruitment and placement amendment in the listing requirements
procedures along with specialized under the Companies Act.
training of existing manpower. This
programme can be implemented in
PPP mode.1 Private sector may be
associated with establishment of
training facilities; apart for the regular
security exercises that are conducted.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the future 14
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
15 KPMG-ASSOCHAM – Cyber Era: Securing the future
Legal Frameworks
• The proposed Cyber Intelligence • The National Security Strategy
Sharing and Protection Act (CISPA) of the UK has categorized cyber
in the United States would establish attacks as a Tier One threat
procedures to allow elements of to national security, alongside
the intelligence community to international terrorism.
share cyber threat intelligence with
private-sector entities and utilities Sectoral Developments
and to encourage the sharing of • The U.K. has allocated £650 million
such intelligence. Based on this over four years to establish a new
Executive order of the President National Cyber Security Programme
of the U.S., the National Institute to strengthen the UK’s cyber
of Standards and Technology capacity setting up a National Cyber
(NIST) released a preliminary Crime Unit1 and also intends to form
cyber security draft framework UK National Computer Emergency
outlining standards, best practices Response Team (CERT-UK)2. UK is
and guidance for cyber security. behind India in terms of setting up
The draft Cyber Security Act of a CERT but intends to do so in the
USA intends to on an ongoing near future.1
basis, facilitate and support the
development of a voluntary,
industry-led set of standards,
guidelines, best practices,
methodologies, procedures, and
processes to reduce cyber risks to
critical infrastructure of America.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the future 16
Capacity Development Public Private Partnerships together the four Welsh police
• Similar to India’s Cyber Security • By relying on practices developed, forces, and holds an annual e-crime
Policy, the Cyber Security Act3 managed, and updated by summit at which leading experts,
of U.S. sets forth the need of industry, the NIST’s Cyber Security including ex-FBI employees,
developing a cyber security Framework will evolve with share their knowledge. The unit
research and development program, technological advances and will also hosts a full suite of practical,
offer cyber security scholarships align with business needs. This downloadable tools that businesses
and how to test and verify that includes industry driven standards, can use – everything from an
software and hardware, is free of best practices and implementation acceptable internet-user policy
significant known security flaws. measures to manage cyber security for staff to a “preventing e-crime
risks to information technology and for dummies” handbook. More
• In line with U.K.’s Cyber Security than half of businesses that have
operational technology.3
Challenge, the Cyber Security interacted with the e-Crime Wales
Act of the U.S. states to support • As a result, the Framework is initiative report putting e-security
competitions and challenges not designed to replace existing higher on their business priorities as
to identify, develop, and recruit processes of an organization a result. This work has proved such
talented individuals to perform does not have an existing risk a success that Scotland followed
duties relating to the security of management process for cyber suit with its own version – e-Crime
information infrastructure in Federal, security, the Framework provides Scotland.4
State, and local government the tools to build one.
agencies, and the private sector. International Relationships
• Government of U.K. intends to
• The Act has clearly defined the roles building a ‘Cyber Information • Through its various acts and
and expectations of the various Sharing Partnership’ with policies, both U.S. and U.K.
agencies of the government that businesses to allow the government acknowledge the need of
are involved in national security. The and industry to exchange international information sharing for
Act has defined timelines to report information on cyber threats in a building stronger cyber intelligence.
and review the activities directed to trusted environment
such agencies.
• The Welsh model – e-Crime Wales
• Government of U.K. envisages – is one example of a public-private
setting up a ‘Global Centre for sector initiative, led by a designated
Cyber Security Capacity Building’ unit within the Welsh government,
and developing a ‘cyber reserve’ of that harnesses the insight of
computer experts. businesses, academia and industry
experts. E-Crime Wales has brought
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
17 KPMG-ASSOCHAM – Cyber Era: Securing the future
Epilogue
While India has taken tangible measures This requires an independent ‘Cyber Apart from striving to augment its own
to secure the cyber space in recent Maturity Assessment’ in the industry capabilities, India also needs to counter
months, there is always a lingering and governments which will evaluate cyber attacks through international
question over the Return on Investment the overall governance and response cooperation rather than doing it alone.
(RoI) of security measures. While mechanisms along with the people Public Private Partnerships and robust
security issues such as data theft can aspect of the cyber security. In order policy frameworks from the Centre are
be quantified, say, in terms of monetary to thwart cyber crime, the previously both key in this endeavor.
losses, issues such as the defacements adopted way of ‘compliance-based’
of websites by the so-called ‘hobbyists’ approach has to now slowly give way
is a bit subjective. There are instances to a more systematic and pragmatic
where hacker groups only deface the approach to tackle cyber security.
content in a bid to boast their presence
It is an utmost need for enterprises,
or to retaliate / voice their opinions.
SMEs and the government bodies to
The monetary loss in these cases is not not only adopt the various guidelines
much but results in reputations losses. and advisories issued by the security
Depending on the organization that is agencies but also to regularly review
attacked, the ‘value’ of defacement the implementation of the same. There
may differ. While ISO 27001 has been needs to be a timely review of the IT act
comprehensive enough to meet the to keep pace with the developments
need of a ‘reasonable’ security standard and sophistications in cyber crime. At
across different sectors, there is a need the policy level, India needs to conduct
for sector-specific standards which consultation workshops with the
addresses the intricacies and levels of private sectors and the cyber security
technology of the specific sectors. equipment manufacturers to regularly
track the developments in the cyber
security space.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the futurez 18
About ASSOCHAM
The Knowledge Architect of Corporate India
Evolution of Value Creator Members – Our Strength Merchant’s Chamber, Mumbai; The
Madras Chamber of Commerce and
ASSOCHAM initiated its endeavour ASSOCHAM represents the interests
Industry, Chennai; PHD Chamber of
of value creation for Indian industry in of more than 4,00,000 direct and
Commerce and Industry,
1920. Having in its fold more than 400 indirect members across the
Chambers and Trade Associations, and country. Through its heterogeneous New Delhi and has over 4 Lakh Direct
serving more than 4,00,000 members membership, ASSOCHAM combines / Indirect members. Together, we can
from all over India. It has witnessed the entrepreneurial spirit and business make a significant difference to the
upswings as well as upheavals of Indian acumen of owners with management burden that our nation carries and bring
Economy, and contributed significantly skills and expertise of professionals in a bright, new tomorrow for our nation.
by playing a catalytic role in shaping up to set itself apart as a Chamber with a
the Trade, Commerce and Industrial difference.
environment of the country.
Currently, ASSOCHAM has more than
Today, ASSOCHAM has emerged 100 National Councils covering the
as the fountainhead of Knowledge entire gamut of economic activities
for Indian industry, which is all set in India. It has been especially
to redefine the dynamics of growth acknowledged as a significant voice of
and development in the technology Indian industry in the field of Corporate
driven cyber age of ‘Knowledge Based Social Responsibility, Environment &
Economy’. ASSOCHAM is seen as a Safety, HR & Labour Affairs, Corporate
forceful, proactive, forward looking Governance, Information Technology,
institution equipping itself to meet the Biotechnology, Telecom, Banking &
aspirations of corporate India in the Finance, Company Law, Corporate
new world of business. ASSOCHAM is Finance, Economic and International
working towards creating a conducive Affairs, Mergers & Acquisitions,
environment of India business to Tourism, Civil Aviation, Infrastructure,
compete globally. Energy & Power, Education, Legal
Reforms, Real Estate and Rural
ASSOCHAM derives its strength
Development, Competency Building &
from its Promoter Chambers and
Skill Development to mention a few.
other Industry/ Regional Chambers/
Associations spread all over the country. Insight into ‘New Business Models’
Vision ASSOCHAM has been a significant
contributory factor in the emergence
Empower Indian enterprise by
of newage Indian Corporates,
inculcating knowledge that will be the
characterized by a new mindset
catalyst of growth in the barrierless
and global ambition for dominating
technology driven global market and
the international business. The
help them upscale, align and emerge as
Chamber has addressed itself to the
formidable player in respective business
key areas like India as Investment
segments.
Destination, Achieving International
Mission Competitiveness, Promoting D. S. Rawat
International Trade, Corporate
As a representative organ of Corporate Secretary General
Strategies for Enhancing Stakeholders
India, ASSOCHAM articulates the Value, Government Policies in sustaining email : d.s.rawat@assocham.com
genuine, legitimate needs and interests India’s Development, Infrastructure
of its members. Its mission is to impact Development for enhancing India’s The Associated Chambers of
the policy and legislative environment Competitiveness, Building Indian Commerce & Industry of India
so as to foster balanced economic, MNCs, Role of Financial Sector the ASSOCHAM Corporate Office:
industrial and social development. Catalyst for India’s Transformation. 5, Sardar Patel Marg, Chanakyapuri,
We believe education, IT, BT, Health, ASSOCHAM derives its strengths from New Delhi-110 021
Corporate Social responsibility and the following Promoter Chambers:
environment to be the critical success Bombay Chamber of Commerce & Tel: 011-46550555 (Hunting Line)
factors. Industry, Mumbai; Cochin Chambers of Fax: 011-23017008, 23017009
Commerce & Industry, Cochin: Indian
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
17 KPMG-ASSOCHAM – Cyber Era: Securing the future
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG-ASSOCHAM – Cyber Era: Securing the futurez 18
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG Contacts
Pradeep Udhas
Partner and Head
Markets
T: +91 22 3090 2040
E: pudhas@kpmg.com
Navin Agrawal
Partner and Head
Government and Public Sector
T: + 91 22 3090 1720
E: navinagrawal@kpmg.com
Follow us on:
Twitter - @KPMGIndia
kpmg.com/in
Latest insights and updates are now available on the KPMG India app.
Scan the QR code below to download the app on your smart device.
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual
or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information
is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information
without appropriate professional advice after a thorough examination of the particular situation.
© 2013 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated
with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.
Printed in India.