On May 14th & 15th, CDAC Mumbai, IIT Gandhinagar & City University London organized a workshop on information security perspective of Critical National Infrastructure Protection. This workshop was intended to brainstorm and learn more on the information security risk of SCADA systems and other such critical applications of computers. Looking at the rate at which digitalization of our infrastructure is happening and the current state where only a very small part of our critical infrastructure has gone digital, this workshop was organized in a very apt moment. It’s necessary for all of us to understand the risk and take proper steps to mitigate during the building phase itself. It would be a shame & disaster if we ignore this aspect at this point of time & build infrastructure for future correction. Due to pre-occupation & time constraint I was not able to speak in this event. So I was chosen to conclude the event with my closing note.
Here’s my view of the workshop as an attendee, a closing note speaker as well as a normal tech-savvy citizen
Day 1 – Tutorials & Product launch
The event started on 14th with a tutorial on “Vulnerability and counter measures in Critical Infrastructure SCADA” by CDAC Mumbai & ABB Bangalore. CDAC Mumbai is known to be working on SCADA and related security products where as ABB is an industry leader in manufacturing electrical components, which is a very critical part of the CNI. This tutorial was a real eye opener on the concept and the kind of risk involved at this level.
The second on schedule was product launch by CDAC Mumbai. CDAC had been instrumental in development of some good products in the field of information security and they released 3 products at the event
1. Disaster Recovery Solution (Revival)
Revival family (family of 3 solutions) is a hardware based solution which is storage agnostic and can work on almost all popular storage hardware. Based on an Intel ATOM (N270) processor revival family uses iSCSI protocol to talk to 1TB inbuilt storage media. Revival family gives Synchronous, Semi-Synchronous & Optimal DR solution by connecting 1, 2 or multiple revival boxes in local as well as remote locations. CDAC’s idea is to provide bundled solution low or zero RTO/RPO solution for critical data installations. To achieve the same, revival also exploits WAN optimization techniques such as compression & recompression.
My verdict – Good product & would be really useful if installed and configured properly at critical locations
2. Intrusion Detection & Prevention System (GYN)
Guard Your Network or GYN is the name of IDS/IPS created by CDAC which works in inline bridge mode to provide gateway security for networks. GYN1000 claims to provide security against DoS, DDoS, worms, web attacks, email attacks, database attacks, scans, floods, and other anomalies. As per the release note, GYN1000 provides a throughput of 1Gbps with more than 10,00,000 concurrent TCP connections
My verdict – I felt like looking at yet another IPS in market unless they prove it to be something very superior. I’d wait to see the product in market with price benefit and/or feature as well as performance.
3. Secure Two-factor Authentication for Remote Systems (STARS)
CDAC also launched a java based two factor authentication using text, graphical & tex-o-graphical passwords. A demo of the same was shown where a user can choose authentication solution of his/her choice. STARS give user freedom to opt for any suitable second factor such as smart card, usb token, etc.
My Verdict – I feel that this is good as an academic project and might not see a real day light due to the complexity of operation. Users today want an easy solution, not a difficult one. Further development on the same might make it more useful for people, at least for some applications.
Day 2 – Technical sessions
Second day of the event was scheduled for technical talks. Some of the speakers invited were not able to make it to the event due to some VISA issues. Let’s have a look at the technical sessions
1. Security and Trust in Group Communication – G SivaKumar, IIT Mumbai
Prof G Sivakumar gave a very light and simple perspective of trust in communication between peers of groups & projects. The idea was to understand the access levels of different peer members as and when they join or leave the core working group. This kind of communication is very much required in an academic environment when at different times different people join in & leave their working groups
2.Cyber Threat to Banking industry – Vishal Salvi, CISO HDFC Bank
Vishal’s talk was targeted towards the banking industry and how banks these days are working day and night to fight fraudsters so as to save customers, themselves as well the money. It was a delight to notice that how banks are taking care to tune systems & process to help user’s safety. . In most of the cases we have seen users falling prey to phishing attack by their own ignorance.
3. Traitor Tracing – Bimal Roy, ISI Kolkata
Frankly speaking, this talk was too mathematical and statistical for me to understand. I didn’t get a lot from this talk except the fact that many organizations are working seriously to add more and more security & investigative power to the country’s pool
4. Cyber Security in Network Manager: Power Distribution – Deven Patel, ABB Bangalore
Deven Patel gave a very nice insight of how power industry works today and what are the steps these companies take to make the system more secure in physical, network & other security aspects. It is very important to understand at this time that every component installed in any critical infrastructure needs to be quality checked with proper control. If a small component used in critical infrastructure is outsourced and not made by these security conscious companies can also create havoc in the infrastructure. For example, the passive insulator being used to separate connectivity, if that is bugged by an adversary during production at an outsourced location can produce inferior product which can cause break down at a very critical stage causing a major loss .
5. Small Machines, Big Targets – Sitaram Chamrty, TCS Hyderabad
Small machines in Sitaram’s perspective were the normal desktops & laptops we use today. Indeed they are small in comparison to the SCADA devices but are equal or even bigger targets of attack. Very well pointed by him that in today’s scenario, the laptop used by a key position IAS officers is also a part of Critical Infrastructure for us because the kind of data it holds is very critical. As a normal trend we have seen the same devices being taken home and then used by family members especially kids to play around with. One mistake by these members or even by the officer can cause leakage of data which we have already seen in near past. Sitaram gave a very nice concept of application isolation where as each and every application runs in its own userspace with minimum privileges. He told that he is working on the same and will be releasing the Linux version of the solution soon. We’d really wait to see that it is working and hope to see similar project for windows users.
6. Protecting from phishing attack on ATM – Rajat Moona, IIT Kanpur
This talk caught attendees in surprise by showing the possibility of fake ATMs. In today’s world ATM authenticates users & it’s equally important for users to authenticate the ATM machines too. Rajat presented few ideas on which some students on IIT Kanpur were working. These included smart card based & cell phone based authentication where a mutual authentication of both ATM as well as card holder can be done. This kind of solution can also work in remote locations such as villages where connectivity can be an issue. This kind of offline/partially online ATM can be a boon if developed and brought to market.
7. Monitoring & Protection of airwaves from malicious unlicensed radios – Kaustubh Phanse, Airtight Networks, Pune
Kaustubh presented his views on importance of wireless security where the minor mistakes and ignorance create havocs in corporate networks. This can also extend to critical installations if users as well as the admins are not alert.
8. Threats to CNI from Mobile attack – Saritha Arunkumar, IBM UK
Sarita’s talk was targeted on mobile application security and its relevance with CNI. From my point of view it was an important talk in information security perspective but not very apt for this platform where most of the discussions were on CNIP. Though a POV was presented on why mobile apps are important in relation with CNIP but somehow I wasn’t convinced with that.
9. The threat on the net – Steven Furnell, Univ of Plymouth, UK
This was a recorded presentation sent from UK because Steven was unable to travel due to some VISA issues. This talk was again more on an information security perspective but not very closely knit to CNI.
10. SCADA Security – Zia Saquib, CDAC Mumbai
Last talk of the day was by Executive Director of CDAC Mumbai himself where he again pointed out the need and importance of security in SCADA networks. Knowing the fact that slowly SCADA networks are getting connected to internet cloud and data is being transmitted over same cloud, it has really become a matter of concern and very strong security measures should be taken to secure our Critical National Infrastructure.
The event concluded by a closing note from my side and vote of thanks from Dhiren Patel, IIT Gandhinagar.
The presentations of the event will be online and can be access from http://cnip2010.cdacmumbai.in