Thread on what to do and what not to do:
1. Cyber threats are real. As more institutions become digital, from payments to power and nuclear, there are more surfaces for attack, and attacks will happen.
(4 other points follow)
1. Cyber threats are real. As more institutions become digital, from payments to power and nuclear, there are more surfaces for attack, and attacks will happen.
(4 other points follow)
2. What is perhaps critical here is our ability to detect, clean, (maybe respond) and get things up and running again, and prevent as much as possible. Think of it as a shield in a fight. Testing for vulnerabilities is essential. Speed of response when alerted is essential.
3. What is difficult:
a. dealing with zero day vulnerabilities (where there is limited info of security problem up for exploit, & thus at least one chance to exploit)
b. Attributing attacks to entities/nation states, because cyber attacks can be launched by compromised devices.
a. dealing with zero day vulnerabilities (where there is limited info of security problem up for exploit, & thus at least one chance to exploit)
b. Attributing attacks to entities/nation states, because cyber attacks can be launched by compromised devices.
4. What will help:
a. Global conventions around cyber attacks. A global agreement around the digital space , akin to a digital Geneva convention on cyber warfare. A minimum agreed-upon list of norms on what states must absolutely not do to other states and citizens
a. Global conventions around cyber attacks. A global agreement around the digital space , akin to a digital Geneva convention on cyber warfare. A minimum agreed-upon list of norms on what states must absolutely not do to other states and citizens
b. Cooperation btw states in sharing info about cyber attacks: identification, fixing, attributing cyber attackers, prosecuting. Remember: attacks originate somewhere
c. States not allowing their territory to be used for intl cyber attacks by proxies, and not using proxies
c. States not allowing their territory to be used for intl cyber attacks by proxies, and not using proxies
d. States agreeing to not attacking critical infrastructure of others, and helping those whose critical infrastructure is attacked. Impact on critical infrastructure can cripple nations and cause serious damage.
e. Strengthening our CERT's , empowering sectoral CERT's and constant vigilance will help. PPP in cyber security to bring the best in security to work with govt to strengthen our responses will help.
5. What does not help is irresponsible usage of this for digital politics:
a. Data localisation will not help. It will create more vulnerabilities because easier to identify targets for data
a. Data localisation will not help. It will create more vulnerabilities because easier to identify targets for data
b. Digital sovereignty or creating the great firewall of India will not help. India will benefit more from an open internet and global cooperation on cyber security, and building internal prevention and response capabilities.
c. Deny that these issues have occurred (if they have) would be pointless. Don't learn from UIDAI's disingenuous "there was no breach" approach. Don't have your head in the sand.
d. Don't do nothing. Acknowledge, address, improve. Build capacity to respond faster.
Detailed post here: medianama.com/2019/10/223-ed…
Important this alleged attack has come to light a little over a month before there's a meeting at UN on cyber security issues (details in screenshot below) from 2-4 Dec 2019
Thanks to @EUCyberDirect and @patrykpawlak for bringing this meeting to our notice. Worth following.
Thanks to @EUCyberDirect and @patrykpawlak for bringing this meeting to our notice. Worth following.
