The Emerging IT Security Scenario: February 2012

LIVE M N Vidyashankar Principal Secretary, e-Governance, Kanataka p22

ASIA’S FIRST MONTHLY MAGAZINE ON E-governance ` 75 / US $10 / ISSN 0973-161X

February 2012 VOLUME 08 n ISSUE 02 n ISSN 0973-161X www.egovonline.net

The promise of

biometrics

for empowerment, safety and security p27

“Technology is

changing the entire paradigm”

- Dr Gulshan Rai, Director General, CERT-In p16

The Emerging IT Security Scenario www.egovonline.net

Kapil Sibal Union Minister for Communications and Information Technology http://bit.ly/wHABgd

Cyber infrastructure and its role in empowering citizens

Anil K Sinha Vice Chairman, Bihar State Disaster Management Authority http://bit.ly/xpJxfz

Importance of public awareness and community education in disaster management and effective use of technology

Leaders speak on ICT in public safety and security

R Chandrashekhar

B Bhamathi

Shambhu Singh

Secretary, DoT and DIT, MCIT, Government of India http://bit.ly/xh2AKB

Additional Secretary, Ministry of Home Affairs, Government of India http://bit.ly/wJMffg

Joint Secretary (North East), Ministry of Home Affairs, Government of India http://bit.ly/w2VhxN

India as an ICT leader for countries around the world

Risks to business and national security from cyber space and role of a regulatory framework towards addressing the same

Use of technology today and if it is a secure technology will definitely be of great use and great help

Maj Gen (Dr) R Siva Kumar

Sanjiv Mital

Maj Gen R C Padhi

Head (NRDMS) & CEO (NSDI), DST, Government of India http://bit.ly/yLO6dM

CEO, National Institute for Smart Government http://bit.ly/yISlru

MOGSGS, Military Survey, India Army http://bit.ly/wM7PKx

â&#x20AC;&#x153;Most of the human activities are related to Geo-Spatial data. So, we have to migrate from e-Governance to g-Governanceâ&#x20AC;?

Technology alone will not make a difference. Effective use of technology has to be there

Using technologies such as GIS, GPS and geo-spatial mapping and data for pre-determining the natural disasters is the call of the situation

egov.eletsonline.com January 2012 / www.egovonline.net / egov

Contents february 2012

second grid grid name issue 02 nâ&#x20AC;&#x201A; volume 08

biometric systems & securityThe Promise of Biometrics Empowerment, safety and security through biometric technologies

Analysis Inclusive Growth through Mobiles - I Mobiles present a great opportunity for sustainable development

12 | cover story

The Emerging IT Security Scenario: an Overview In an age of rapid technological change, low costs and unprecedented collaboration also present complex security challenges to infrasturcture, information and applications

talks to Dr Rajeshree Dutta Kumar and Anand Agarwal

talks business with Dr Ravi Gupta

in a talk with Anand Agarwal and Puneet Kathait

discusses e-Governance with Dr Ravi Gupta

ICT in Bangladesh, discussed with Dr Ravi Gupta and Dr Rajeshree Dutta Kumar

talks about security issues with eGov

interview Dr Gulshan Rai

interview M N Vidyashankar

interview Sajeeb Ahmed Wazed (Joy)

egov / www.egovonline.net / February 2012

interview Dr Mukesh Aghi

analysis Making Geospatial Smarter for India Discussing GIS applications with a peek into the future

interview Arvind Thakur

interview Michael Sentonas

further reading Editorial 05 News 08 india News 20 industry News 26 world news 54

A Good Servant...

oughly 4,00,000 years ago, mankind finally managed to control fire. This seemingly-innocuous achievement ushered in a transcendental shift in human life, the scale of which is hard to comprehend in totality. Mastery over fire gave humans security from wild animals, the ability to cook food, obtain warmth, and for perhaps the first time in the history of our evolution – a semblance of power over nature. Mastery over fire put mankind on the path to acquiring mastery over their destiny, and freed us from an animal existence. Where earlier, man had to either run away from wildfire, he now had domesticated it, mastering it for productive use. Thus the saying, ‘fire is a good servant but a bad master’. In the modern era, mankind’s mastery over electronics ushered in the Information Revolution and a mind bogglingly diverse range of opportunities opened up to us. In less than three decades, the power that earlier used to reside in large mainframes housed in garages has been domesticated into handheld devices. With the gradual move to IPv6, we are approaching an era where every molecule on earth could be assigned an IP address, if the need for that ever arose. However, just as fire can be used for cooking food as well as for arson, technology is a tool that can be twisted to bad ends, and creative minds with a destructive bend have been busy doing this. Malware has come a long way from the time two inquisitive programmers first dumped rogue, but harmless, code on the boot sector of a floppy. Malicious code now causes millions of dollars worth of economic loss worldwide, impacts lives in multiple ways, and is becoming a bigger threat with each passing day. As diverse systems become increasingly automated and interconnected; as precious, sensitive, private data goes increasingly online; as governance goes mobile and to the Cloud and as an ever-increasing mass of humanity comes online, the havoc that few lines of malicious code can wreak is perhaps unimaginable. Identity theft, social engineering, phishing, vishing – these are all terms that did not exist till a few years back. These, and many more, are today as ubiquitous as the technology that we so dearly love, that has become an integral part of our lives. Security is now a never-ending race, and the stakes are only getting bigger. A new generation of worms such as Stuxnet and Duqu can take control of critical infrastructure – Stuxnet is believed to have infected Iranian nuclear installations last year. The scale of risk posed by such malware is too frightening to contemplate. In this issue of eGov, we take at some of the major issues related to the IT Security scenario. Talking to highly placed experts from the government and industry, we have put together a picture of the overall security scenario and also what the future is likely to bring in its wake. As with fire, its best that mastery over technology is also used towards constructive purposes; but as is pretty evident, eternal vigilance is a price that we will have to pay for securing our vital information and assets from pernicious minds.

From the history Email at subscription@elets.in to get previous issues

November 2011

December 2011

ravi guptA Ravi.Gupta@elets.in

January 2012

Febuary 2012 / www.egovonline.net / egov

february 2012 issue 02 n volume 08

President Dr M P Narayanan Editor-in-Chief: Dr Ravi Gupta GM Finance Ajit Kumar DGM Strategy: Raghav Mittal Programme Specialist: Dr Rajeshree Dutta Kumar

INbox

partnerships & Alliances Sheena Joseph, Shuchi Smita EDITORIAL Anand Agarwal, Divya Chawla, Dhirendra Pratap Singh, Pragya Gupta, Shally Makin (editorial@elets.in) Sales & marketing Delhi & NCR: Jyoti Lekhi, Ragini Shrivastav, Fahimul Haque, Rakesh Ranjan (sales@elets.in) Mumbai: Rachita Jha | Pune: Shankar Adaviyar Bangalore: Puneet Kathait | Hyderabad: Amit Kumar Pundhir | Ahmedabad: Sunil Kumar circulation & subscription Jagwant Kumar, Mobile: +91-8130296484; Gunjan Singh, Mobile: +91-8860635832 subscription@elets.in Design & Creatives: Bishwajeet Kumar Singh, Om Prakash Thakur, Shyam Kishore Web Ishvinder Singh, Anil Kumar img Gaurav Srivastava, Prateek Mittal IT infrastructure Mukesh Sharma, Zuber Ahmed

www.facebook.com/egovonline

www.twitter.com/egovonline

It has been excellent commentary. In my opinion our awareness about data/information security is in very nascent stage. Even though we do have very innovative applications, and the process of transition to the e-mode is very commendable, our preparedness to tackle any untoward happening is very much wanting. I really like that with all secured networks in advanced nations still we have so much of threats like WikiLeaks, we wonder what could be our response. Dr Sunil K Agrawal, Director, STPI Maharashtra on eGov January Interview with Dr Avinash Vashistha, Chairman & MD, Accenture India

Events Vicky Kalra human resource Sushma Juyal legal R P Verma accounts Anubhav Rana, Subhash Chandra Dimri Editorial & Marketing Correspondence egov – G-4 Sector 39, NOIDA–201 301, India Phone: +91-120-2502181-85 Fax: +91-120-2500060 Email: info@egovonline.net egov is published by Elets Technomedia Pvt. Ltd in technical collaboration with Centre for Science, Development and Media Studies (CSDMS). Owner, Publisher, Printer: Ravi Gupta, Printed at Vinayak Print Media Pvt. Ltd, D-320, Sector-10, Noida, U.P. and published from 710 Vasto Mahagun Manor, F-30, Sector - 50 Noida, UP Editor: Ravi Gupta © All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic and mechanical, including photocopy, or any information storage or retrieval system, without publisher’s permission.

egov / www.egovonline.net / February 2012

In the previous efforts to build supercomputing in India, we ended up funding projects in IISc, CDAC etc. However these ended up as damp squibs as they never really opened up the youth to teachers and students, or became a part of the culture iin the education system. Past record of access to supercomputing set up in IISc to those desirous of using it has been abysmally poor. We may be repeating the same mistake by just funding a small group in IISc once again without it becoming a truly national mission. Here I may quote William Press of Harvard, “Simulation and Mathematical Modeling will drive the 21st Century just the way steam did in the 19th Century.” Hence building a culture of supercomputing in the nation needs a national thrust in nurturing a national culture among the youth in colleges in the algorithms and their implementations in different architectures. The NAL group in Atmospheric Sciences did a great job in building a truly ‘desi’ supercomputer. Others essentially imported available hardware from abroad and used it for their own individual research interests. I do hope that this time we learn from past poor record in this area. We need to set up a national mission in supercomputing with equal emphasis on UG and PG

education in Simulation and Mathematical Modeling with opportunities for scholars to develop algorithms and applications. We may note that Supercomputing implies capacity for managing large volumes of data and capacity to build gigantic scientific databases. We have treated this vast and strategically important field in fragmented ways in the past. We need the spirit of NPTEL that engages large numbers of faculty across multiple institutions. Hopefully we shall not fall into the past trap of a few possessive researchers restricting the developments in this area. The new and younger scientific minds in this area should drive this project itself in well organized and professionally managed ways across an open network of institutions and scholars. K R Srivathsan on eGov portal news item “Ministry of Science and Technology Sanctions 5000 Crore for Supercomputer Research” It is, no doubt, an ambitious project of the Government of Gujarat to ensure social justice for the poor and deprived sections of our population. But the important areas which need to be covered under ICT are the additional employment created under MGNREGP, public distribution system and the land ownership patterns of the SC and ST households. Binayak Rath Professor of Economics IIT Kanpur Binayak Rath, Professor of Economics, IIT Kanpur on eGov January interview with Sanjay Prasad, Principal Secretary, Department of Social Justice and Empowerment, Government of Gujarat

Write in your reactions to eGov news, interviews, features and articles. You can either comment on the individual webpage of a story, or drop us a mail: editorial@elets.in

IN PERSON

Dr Gulshan Rai

Director General, Computer Emergency Response Team – India (CERT-In)

“Technology is changing the entire paradigm”

Dr Gulshan Rai, Director General, Computer Emergency Response Team – India (CERT-In) talks to Dr Rajeshree Dutta Kumar and Anand Agarwal, and touches upon a wide range of issues related to security in the ICT domain

I’

d start by requesting you to share with us the mandate that CERT-In has, and the activities your organization is involved in, in the cyber security domain.

CERT-In draws its mandate from Section 70 (B) of the Information Technology Act, 2000. The mandate includes the collection of information pertaining to cyber incidents, issue vulnerability notes, advisories, White Papers, the analysis of those incidents and then advising to the users all over the country about the security breaches and what threat is persisting, what threats are likely to come there. These are the basic mandates and are carried out through different modes, different ways, by interacting with the public parties, by interacting with the users group be it public, private, govt. or academia. We take their help and a lot of incidents are reported by them. We analyse threats ourselves and also take their help. We also take help from the international agencies who are in touch with us. The prime responsibility of CERT-In is to analyze the incidents and to provide emergency response to the users, organizations in the country and outside.

If we were to classify your functions into proactive and reactive parts, what functions would come into the proactive security provisions for the cyber assets the country has and what are the reactive measures? The CERT computer emergency response team is the nodal agency in the area of emergency response team in the country. Every country has one and we are the national agency for India. When we talk about reactive manner, it means incident happens and we analyze incidents and recover from the incidents and then tell the users that these are the steps you need to take in future.

egov / www.egovonline.net / February 2012

IN PERSON

We have around 800 contracts throughout the country, with Chief Security Officers (CSOs), who are distributed among public and private sectors, academia and government CERT-In DG Dr Gulshan Rai touches upon a range of securityrelated issues February 2012 / www.egovonline.net / egov

IN PERSON

security of this valuable national information that is present online? We keep coming across reports that our systems have been targeted by hacker groups, by outside powers… There is a proliferation of Information Technology and the e-Governance plan is very ambitious and we have moved quite a way forward in implementing various applications. When it comes to the larger projects, there is quite a high level of security awareness in terms of securing information or securing infrastructure and when these projects are implemented, infrastructure security is getting inbuilt into the implementation part of it. For example, look at NIC – they have been strengthening their infrastructure very significantly. We also circulate monthly bulletins and expose them to the threats that are coming and the steps that need to be taken over it and those steps are being implemented by many large organizations. Security infrastructure is getting implemented with the general infrastructure. The states are

When we talk about proactive part, based on our experience and on the international scenario, we take steps in advance – proactively – so that the systems and IT infrastructure at the user and organisations’ level or the government is kept secured. There are many preventive or proactive steps. Firstly, we issue the advisories, we issue the vulnerability notes. Then we issue the white papers bringing out different technologies and different vulnerability or the different threats that technology has. We have around 800 contracts throughout the country, with Chief Security Officers (CSOs), who are distributed among public and private sectors, academia and government. We regularly conduct trainings for them, exposing them to different emerging threats, different security breaches, what solutions have been implemented, what they can do, what technology they can deploy etc. We also train police officials on cyber forensics. The third proactive thing that we do is conduct is the cyber drills, each of which is done with a specials group. We have conducted five drills so far, and are going to conduct one more in March. We have conducted drills with the power sector, financial sector, banks and insurance companies, with the government, with ISPs and also with general industry bodies such as FICCI, NASSCOM, CII etc. We also conduct drills

egov / www.egovonline.net / February 2012

“We work 24X7 and our working is very transparent”

internationally. Our participation in the past has been highly appreciated at international forums such as the Asia Pacific Forum of CERTs. We also help the user organisations to implement the best security practices. We provide online testing, test their security practices, perform selective audit of systems and access their systems from here with their permission. Every user is advised through our web as to what steps need to be taken or how we can interact with this. We work 24X7 and our working is very transparent.

We now see more and more government functions moving online. Paper-based exchanges are now being replaced by email and the IT Act makes these legally valid documents. So, how well placed is the Government of India and governments of various states when it comes to

aware about it, concerned about it, are being trained, are being exposed to that. But one thing needs to be recognised is that there can never be 100 percent security. There are some issues in terms of manpower, and in terms of awareness, things are looking to be more positive but we have to do that, we have to be very careful. The whole issue is categorized by the options in the technology, new technology comes up, new software comes up, and one has to really be on the toes to counter the emerging threats. Of course, many things still need to be done, but overall, we are moving in the right direction.

Do we have an IT Security Policy for the private sector? Do we have one for the government sector? I think there are couple of issues here. The Draft IT policy has been up on the web in March 2011 and lot of comments have come. These

IN PERSON

comments are being analysed and major government departments have given very significant comments on the policy and we are on the verge of finalising the policy and I think before the end of the financial year, the policy will be in place. In addition, the 2008 Amendment to the IT Act introduced Section 43A, which is primarily intended to enhance provisions related to data security and data protection. Section 43A requires the body corporates to maintain and implement the reasonable best security practices, protect the sensitive private information. It lays down procedures for handling of this information and data transfer etc. The Rules under this Section were notified in February 2011. The victim whose information has been stolen or whose system has been compromised, is now entitled to get compensation from the body corporate, commensurate to the damage. Then, there is section 72A, where any user or any victim can file a case for leakage of information or for breach of contract. So that gives a criminal protection to the persons whose data is compromised. The laws have been strengthened, the implementation is now underway. It will take some

time, as training people is a lengthy process. More or less we are on the right path. Europe has recently come out with a Data Protection Act. If you look at their policies, many of those provisions are already present in our IT Act and Rules.

What kind of security challenges would shift to the clouds and shift to mobile governance sphere entail, and how are we going to meet them? These things are being discussed. In my view, the issues right now are primarily more of a legal nature. Only then would the security aspects come up. So far, no country has implemented a true government cloud, due to complex legal issues. A number of best practices need to be evolved to address the security and legal challenges. I think there is no single understanding of legal and security aspects and that is the reason why no true cloud has been implemented.

How is the government going to balance the need for ensuring privacy and at the same time not compromise on national security? There are three aspects to this debate, and these

are similar to the three vertices of a triangle. You have privacy, you have security, and the third aspect is the right to information. So if you want to have privacy, you compromise on security, you compromise the right to information and vice versa. So we have to strike a balance and for that, lot of maturity and awareness has to come among the citizens in the country or worldwide. The three aspects are connected but we need to draw a line. We should know what we need to do.

So who gets to draw that line? Thatâ&#x20AC;&#x2122;s the key question here. This is not the issue that has remained with the government. Govternment is one important stakeholder. Society is a key stakeholder. We have to come to a certain level of understanding. It is a complex area. Today you talk about cloud computing, today you talk about the Internet, how do such technologies impact privacy? How do you do that? Technology is changing the entire paradigm, whether you talk about security or privacy. The very complex matrix can be defined, understood and can be implemented only once we all be mature, sit together and find a solution and follow discipline.

your daily cup of hot tea with hot

e-governance news! log on to www.egovonline.net

February 2012 / www.egovonline.net / egov

cover story

The

Emerging IT Security Scenario:

an Overview Anand Agarwal

In an age when technology changes at a rate faster than ever before, new means of communication, collaboration and data storage have brought in unprecedented rise in productivity and lowered costs beyond imagination. On the flip side, however, modern threats to security of IT systems, applications and data have also evolved as rapidly as their legitimate cousins, giving rise to a global security industry worth billions of dollars. All the research and vigilance, however, can one day turn to naught, and eternal vigilance has become the price one must pay for securing cyber assets â&#x20AC;&#x201C;tangible and intangible 12

egov / www.egovonline.net / February 2012

cover story

n the 1950s, a blind American kid Joe Engressia discovered that a certain whistling tune could stop recorded phone messages. Soon, others had discovered tones and pitches that enabled them to make free phone calls. In the 1980s, hackers like Kevin Mitnik gained worldwide prominence. At the time of his arrest in 1995, Mitnick was on the US’ most wanted list and had to spend a year of his sentence in solitary confinement because the judge was told he could whistle the nuclear launch codes into a phone, prompting the judge to order that Mitnik would not be allowed to even touch a phone or modem! The only way of doing this was by putting him in solitary, and he thus spent an entire year alone in a cell. The world has moved a long distance from the days of Engressia and Mitnick. As computerised information systems become almost ubiquitous and assume control of critical services and infrastructure, threats to security are much more serious than ever before. Similarly, financial data is almost exclusively maintained in electronic form, and any unauthorised access to such applications and data could wreak havoc. In an increasingly integrated world, the consequences of any such mishap might not remain confined to a single economy.

Emerging Threats to Security Security of infrastructure, data and applications is an increasingly complex, 24X7 job. One has to practically keep running to stay in the same place. One slip-up is all it takes

for valuable, confidential business data to be compromised – leaving in its wake not only financial loss, but also loss of trust – something far more difficult to recoup than money. In an increasingly interconnected world, news travels fast, and bad news travels faster. Security for IT is no longer an option, it is a core part of any solution implementation. Talking of the biggest emerging threats to IT security in the current scenario, Lucius Lobo, Vice President and Global Head, Security Services, Tech Mahindra, says social engineering attacks on employees to obtain confidential information will be the biggest threat in 2012. Lobo fears employees could become victims of such attacks through malware or by phishing. RSA’s Country Manager for India and the SAARC Region, Kartik Shahani says new forms of exploits such as Man in the Browser (MITB) attacks would become more frequent. MITB attacks are designed to infect a web browser with malware that can result in modified web pages and transactions that are largely transparent to both the user and the host application. Such attacks can lead to illegal money transfers, identity theft, or the compromise of valuable enterprise information. Shahani also says that securityrelated information, and not financial data is now the major object of desire for hackers. Echoing Lobo, eScan CEO and MD Govind Rammurthy also picks social engineering as the standout threat. Shahani identifies a class of threats known as Advanced Persistent Threats (APTs), which combine social engineering techniques with other technical means to gain illegitimate access to systems and information. Many of today’s malware could give pro-

Lucius Lobo Vice President and Global Head, Security Services, Tech Mahindra

“Social engineering attacks on employees to obtain confidential information will be the biggest threat in 2012”

Stuxnet – first

Cyberweapon?

Stuxnet – a sophisticated worm that specifically targets Siemens-built systems – is believed to have been unleashed upon key Iranian nuclear installations in 2009-10. Stuxnet targets the Simatic WinCC Step7 software developed by Siemens. The software is deployed in industrial control systems and is used to program controllers that drive components such as motors, valves and switches in a large number of industrial assemblies. It infects Windows systems and spreads via USB sticks, allowing it to infect ‘air-gapped’ systems – systems that are not connected to a public network such as the Internet. Stuxnet had four ‘zero-day exploits’ – vulnerabilities that were unknown and unpatched when the worm was released – in its repertoire, showing the technical sophistication that must have gone into creating the worm. Security researchers studying the exploit later discovered that computers in Iran formed the majority of compromised systems – a rarity in a world where the US is on the top of any malware infections. Iran later acknowledged that computers at its Bushehr plants had been infected. Iran’s largest plant at Natanz was also facing severe problems at around the same time. There is no conclusive way to establish whether Stuxnet was developed to target Iranian nuclear installations and unleashed upon them by another country, but the coincidences involved are too stark to be ignored. For now, the only thing that can be said with certainty is that Stuxnet takes us into a frightening new era where things such as water, gas and electric supply, things that we take for granted, might one day become weapons that can be turned upon us.

fessionally-written ‘good’ software a run for its money in design and sophistication. Take Stuxnet (see box) for example. A malware of such sophistication was never seen before. Stuxnet comes up in a conversation with Dr Gulshan Rai, Director General of CERT-In (Indian Computer Emergency Response Team) – India’s central authority for responding to security incidents in the cyber domain. Agreeing that Stuxnet was probably the outcome of a dedicated project, Rai says it showed the kind of dangerous weapons that can be fashioned through IT, and emphasises upon the need to incorporate such concerns into upcoming infrastructure. ESET India Director Pankaj Jain also brings up Stuxnet and social engineering. February 2012 / www.egovonline.net / egov

cover story

New-age Technologies bring New-age Threats With the huge savings, ease of access, consistency of data and information and other such attributes that it offers, the Cloud is fast becoming a favourite of the private sector as well as governments. A number of governments in India are now talking of moving to private clouds, and some pioneer states have already started the preliminary work in this direction. Similarly, the increasing ubiquity of mobiles – smart and dumb – have seen a boom in m-commerce and governments are now looking at m-Governance as the next step in e-Governance. This is not without threats, however. Both the Cloud and mobile platforms face a number of security issues that stand in the way of full-scale adoption. The convenience and collaborative potential offered by the Cloud and mobile devices is a mixed blessing. While on the one hand it has opened up hitherto unimagined vistas and expanded business potential (for enterprises as well as governments), it has also ushered in a highly complex security environment where the conventional defences offered by security software and intrusion detection systems is proving to be virtually futile. RSA’s Shahani says that in this new era, conventional notions

Kartik Shahani Country Manager for India and the SAARC Region, RSA

“There’s still considerable confusion about how best to handle information security in the cloud” of security would have to change and become more agile and intelligence-based. Response times have to be brought down and vulnerability windows have to be shrunk. Security should be automatic and incident response needs to shift to real-time reporting and mitigation. Saying that existing and legacy government

systems need to be upgraded on a priority basis in order to stand against modern threats, Tech Mahindra’s Lobo emphasises upon the need for a cultural change to enhance cyber security awareness among its employees, a point that CERT-In’s Rai concedes, saying that while the policy and legal framework relating to security has been considerably tightened, training and full adoption will take some time. Rai also points out the continuous efforts being made in this direction through regular security workshops and security drills being conducted by CERT-In, in partnership with industry groups, security agencies and the law and order machinery etc. Talking of issues related to security of Cloud-based data and applications, as well as mobile platforms, Amit Nath, Country Manager, Trend Micro says the anywhere, anytime access made possible by such technologies is a security nightmare.

Ensuring Security From the government side, the IT Act 2000 and its 2008 amendment form the bedrock of IT-related policies in India. Section 43A of the IT Act, introduced by the 2008 amendment, is primarily concerned with enhancing provisions related to data security and data protec-

Constant threat to Indian Websites

The Indian Computer Emergency Response Team (CERT-In), the country’s designated national agency in areas related to cyber security reported a total of 1277 security incidents and over 15,000 instances of Indian websites being defaced in the JanuaryNovember 2011 period. CERT-In defines a security incident as “any real or suspected adverse event in relation to the security of computer systems or networks”. Security Incidents by type (Jan-Nov 2011)

egov / www.egovonline.net / February 2012

cover story

tion. However, this is mainly related to data security by corporations and fixes liabilities in cases of compromise of data. Dr Kamlesh Bajaj, CEO, DSCI (Data Security Council of India) – a specialised body set up by NASSCOM – outlines the steps his organisation has taken to promote data safety and security. DSCI has developed a set of best practices and frameworks in data security & privacy and is actively involved in promoting their implementation in the industry and government. In addition, it also conducts regular conferences and seminars etc., conducts trainings in cyber forensics and cyber crime investigations for law enforcement agencies; provides policy inputs to the Government and is also engaged in international collaborations. The DSCI Cyber Labs programme for training law enforcement officers would soon be upgraded to a national programme supported by Ministry of Home Affairs, Bajaj informs. CERT-In is also actively engaged in helping improve the security stance of Indian websites, Rai discloses. CERT-In brings out regular bulletins and white papers on security threats, conducts trainings and workshops, security drills and audits to evaluate the preparedness of websites. In addition, it also helps compromised sites to get back on feet, all the while maintaining secrecy regarding its identity. Shahani ticks off a set of key steps needed to ensure data safety. Key among these are:

Pankaj Jain Director, ESET India

“The number of threats for smartphones and tablets is growing rapidly, for all the platforms”

Amit Nath Country Manager, Trend Micro

“A holistic, multilayered, high-quality solution should be used by enterprises and government as a first line of defence”

a stricter initial registration and validation processes; enhanced fraud monitoring; monitoring of the full network with cyber-forensic tools; strong authentication and access controls and encryption of data being transmitted etc. Bajaj emphasises the role of a security-oriented mindset, ongoing education & awareness on information security and privacy among individuals – employees, intermediaries and end-users.

Evolving Security Solutions Kutty Nair, Chairman & Managing Director of Mielesecurity, says that modern antivirus consistently fails at protecting against anything other than consumer level or mass threats, and Lobo acknowledges the threat posed by malware. He advises a deep defence approach, modelled on the ISO27001 standards. Nath says future attacks could be targeted at virtual machines and cloud computing services, but conventional attacks would be common, as these are still more effective. He advises a holistic, multilayered, high-quality solution implementation by enterprises and government as a first line of defence. Asked about the changing character of security solutions in light of the dynamic nature of threats, he says that the security industry is facing a complicated horizon – escalation in targeted attacks, increasing use of unsecured mobile devices at the workplace (or for work) and cloud implementations where data can be accessed anytime, anywhere. With the proliferation of mobile devices or consumerisation of IT, coupled by virtualization or cloud adoption, Nath says the security needs to move closer to the application and data where it resides i.e. the host becomes self

defending, be it mobile devices, virtual servers, or cloud servers. The strategy should be to ensure a higher degree of host defence by applying stronger & effective context aware security to protect the applications and data on the hosts. Both Lobo and Nath point to increasing threat of malware on mobile devices. It is feared that roughly 300 million devices could be infected by mobile malware. Experts say that whereas mobile viruses may be effectively mitigated by antivirus products, mobile malware that gains access through downloads of malicious apps will be a difficult risk to manage. Experts eGov spoke to are also optimistic about the positive impact that the impending adoption to IPV6 would have on security, but with caveats. As opposed to IPv4, IPv6 has been developed with security in mind, and as Nair points out, IPv6 eliminates some traditional network level attack vectors and provides mechanisms for maintaining transport confidentiality and integrity. Lobo sees the increased address space as a positive, saying the consequent reduction in sharing of IP addresses would make it easier to track down cyber criminals and cyber crime vectors like Botnets. Jain points out that the IT infrastructure will have to ensure the IPv6 compatibility of firewalls, intrusion-prevention devices, and other security appliances to successfully deploy IPv6 avoiding possible security issues, and says it is at least 5 years to fully implement IPv6. Nair says that IPv6 might not essentially change things for the better as the major security issues have simply moved ‘up-the-stack’ to the application level in the new implementation. February 2012 / www.egovonline.net / egov

cover story

Cyberterrorism – How big is the Threat? Numerous movies have portrayed insanely smart, crooked programmers who get access to a nation’s vital defence systems to either launch nuclear weapons, or demand massive ransoms in return; or, worm their way into the financial system to either transfer billions to themselves or unleash a financial Armageddon. Just how real are such scenarios? What is cyberterrorism in the first place? As with terrorism, cyberterrorism is a term that has defied a universal definition. However, in a testimony before the US House Armed Services Committee in May 2000, computer science professor Dorothy Denning identified some characteristic features of cyberterrorism: • Cyberterrorism is the convergence of cyberspace and terrorism • It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. • A cyberterrorist attack would result in violence against persons or property, or at least cause enough harm to generate fear. • Serious attacks against critical infrastruc-

Dr Kamlesh Bajaj CEO, Data Security Council of India

“DSCI has developed DSCI Security Framework (DSF) for data security and DSCI Privacy Framework (DPF) for data privacy” tures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt non-

Anonymous— Templars or Rogues? As its name suggests, Anonymous is an underground group with a very small core made up of expert hackers. Anonymous has made quite a splash for itself in the virtual world, targeting leading sites such as PayPal, Mastercard, Visa and Amazon, Bank of America, The United States Department of Defense, The United Nations, and Lockheed Martin etc. Anonymous has also brought down sites in support of the Iranian protests and also the Arab Spring uprisings. Its most recent victims include CBS and Universal Music, in response to their backing of the (stillborn) controversial anti-piracy legislations SOPA

The Anonymous signature line: We are Anonymous, We are Legion, We do not forgive, We do not forget, They should have expected us

and PIPA. Anonymous have also (repeatedly) hacked into the Sony Playstation network, and recently put out a warning to Sony, telling its support for SOPA would invite another attack, and asked it to be “prepared to be extinguished”. Sony and Nintendo withdrew support to SOPA following threats by Anonymous.

egov / www.egovonline.net / February 2012

Anonymous have written a software – Low Orbit Ion Cannon (LOIC) – that launches a coordinated Distributed Denial of Service (DDoS) attack on target websites, overwhelming the servers with hundreds of thousands of data packets and crashing them. Anonymous had also targeted one of the world’s largest websites – Facebook, running on over 60,000 servers – for a takedown on January 28. This was the most audacious attack ever announced by the group but they were not successful in bringing Facebook down.

essential services or that are mainly a costly nuisance would not. So how real is cyberterrorism? Rammurthy says cyberterror is a big threat. He says Supervisory Control and Data Acquisition (SCADA) systems are favourite targets for cyber criminals as they have control over the critical infrastructures like government, large enterprises, etc. Echoing concerns about SCADA systems, Tech Mahindra’s Lobo says that although there have been no major incidents to date, inadequate security in SCADA systems can be targeted to cripple critical national infrastructure such as power, water, and nuclear facilities. There are plenty of opportunities to do so should these systems be connected or accessible via the Internet. SCADA systems the world over were not built for security and the cost for replacement or security refit is huge. Noting that governments worldwide are prioritizing cyber security as both a national security and economic security issue, and have invested heavily in beefing up defences, RSA’s Shahani cites the growth in cyber crime, the rampant theft of IP and other sensitive information from corporations, and the penetration of defence systems and critical infrastructure by cyber attackers to emphasise upon the growing threats to cyber security. Shahani also says that the US Federal Government is ramping up its cyber security workforce plans and forecasts spending $13.3 billion on cyber security initiatives by 2015. Jain chooses to focus more on the broader domain of cyber crimes. Saying user data is fast becoming the most valuable asset, he says increasing access to the Internet and gadgets such as laptops, smartphones and tablets means more and more people are carrying data on-the-go, and with the lack of proper security awareness among users, this data becomes a tempting target for cyber criminals. Data can be stolen through bots and the compromised system could be made part of a Botnet, or zombie network, consisting of thousands or even millions of compromised computers controlled from the botnet’s command and control centre. Botnets are used to steal bank data, emails, and perform such cyber attacks as spam, DDOS, phishing, click fraud, adware and malicious programs’ distribution.

cover story

Jain also says India is the world’s leading source of spam - In 2011 India continued to be on the top of the rank as about 15-17% of world’s spam traffic originated from India. Most of the spam is generated from compromised systems - In 2010 more than 700,000 IP addresses globally were infected with Rustock botnet and the majority of them were in India. This particular botnet was believed to send out as many as 40 billion spam emails per day. Distributed Denial of Service (DDoS) attacks through compromised ‘zombie’ systems are also of concern to experts we spoke to. DDoS has been widely deployed by hacker groups such as Anonymous (see box) to target large websites.

Industry Outlook The future for security industry looks bright, given the rapidly evolving overall security scenario. It is, at the same time, also very challenging to keep up with the increasingly complex threats and explosion of platforms that we are witnessing. Jain sees spending on security by enterprise and SMB increasing at a good pace and sees major business potential from educational and government organisations. The Indian security industry has been growing at a much rapid clip than global average rates of 10-12 percent CAGR. Estimating the industry size at $ 150 billion, Jain says Indian industry is growing at about 20-25 percent CAGR. Shahani prefers to focus on the technological trends when talking of industry outlook, and says the evolving computing paradigm presents vast opportunities for cyber criminals, hacktivist groups and nation states to exploit. We are facing a new reality – one of persistent, advanced and intelligent threat. In the wake of this phenomenon, CEOs and corporate boards are taking a keen, increased interest in security. In his view, shaken by the wave of attacks in 2011, corporations would endeavour to make 2012 an year of action towards ensuring better security of their information assets. Rammurthy concurs with the rosy predictions for revenue, quoting Gartner estimates of the security software market in India touching US$ 209 million in 2011 and is forecasted to grow to US$ 320 million in 2014.

Privacy Issues The debate over privacy has been getting increasingly heated in India of late. Particularly since the IT Rules (under the 2008 Amendment), were notified in April 2011 privacy advo-

egov / www.egovonline.net / February 2012

Kutty Nair Chairman & Managing Director, Mielesecurity

“The threats are growing daily, as evidenced by numerous breaches that have been uncovered. We should not be ostriches and pretend the problem does not exist” cates are up in arms. However, the government has been citing national security concerns, and the need for maintaining public order as the two main motives driving its actions. Privacy and web-censorship related issues got a fresh lease of life when last month, representatives of social media giants such as Google, Facebook and Twitter etc were summoned by the government and asked to devise mechanisms for screening of potentially objectionable content.

21 companies are currently embroiled in a case alleging they have violated Indian laws related to what kind of information can be published in the public domain, and have also been blamed with endangering national security under various sections of the Indian Penal Code. The outcome of this case will be keenly watched across the globe. Defending the government’s stance, CERTIn DG Gulshan Rai says the government is

Wikileaks – Information Warrior or Sensationalist? WikiLeaks, a non-profit that says its goal is to bring important news and information to the public, had been in the business of leaking confidential government and corporate information for a while. November 2011 was different, however. In this month, WikiLeaks commenced sequential release of over 2,50,000 secret US diplomatic cables that had been stolen by Bradley Manning – a US military analyst now under incarceration. Following the massive leak, WikiLeaks came under sustained fire from a number of governments. It has also sparked a yet-inconclusive debate on the correctness of its actions and the impact these would have on international relations. WikiLeaks has also triggered a massive review of information

November 2007: WikiLeaks publishes the Standard Operating Procedures for Camp Delta. This document laid down the processes for the infamous Guantanamo Bay detention camp of the U S Navy, revealing systemic abuse of prisoners’ rights at the Guantanamo Bay detention centre of the US. August 2009: Censoring of a WikiLeaks story on fraud in Iceland’s largest bank leads to drafting of the world’s most liberal freedom of speech law – the Iceland Modern Media Initiative and institution of a new ‘Nobel Prize’ for free speech by the Iceland Parliament. April 2010: WikiLeaks sets up a website ‘collateral murder’ showing video footage of American soldiers apparently launching airstrikes on unarmed men in Iraq in July 2007 July 2010: WikiLeaks releases more than 90,000 documents relating to the Afghanistan war, showing documented instances of human rights abuse, civilian deaths and friendly fire among Western forces in Afghanistan. October 2010: In the biggest ever leak of military documents in world history, WikiLeaks releases about 400,000 documents from the Pentagon showing widespread human rights violations, active Iranian support to Iraqi insurgents and abuse of US laws by private US defence contractors operating in Iraq. security protocols in a number of countries and it is unlikely that another Manning could

leak classified information as easily as by copying it onto a Lady Gaga CD.

cover story

one of the stakeholders in this entire debate, and is committed to protecting privacy and freedom of expression. In his view, there is a delicate balance among three concerns – privacy, national security and the right to information, and the government is trying to find an equilibrium. Rai also says that the provisions on data safety and security incorporated in the IT Act are ahead of similar provisions elsewhere, and that the recently unveiled Data Protection Policy of the EU borrows several ideas from the Indian Act. Pankaj Jain is of the view that the Indian law enforcement agencies are at the very initial stage of developing policies and practices in cyber privacy surveillance, and seconds Rai’s opinion regarding the need for a balance between the need for security and privacy. Saying that individuals need to raise their awareness on data privacy and on their rights available under Indian laws, Rahul Jain, Senior Consultant with the DSCI, advocates constant vigilance when providing personal data to third parties. He points out that quite often, we freely disclose personal details without even knowing the purpose for which it is collected and ascertaining if the other party is collecting information more than what is required. He also stresses upon the need for keeping oneself aware of the latest developments related to cyber crime and following basic security practices such as checking authenticity of sites, not saving & sharing passwords, installing suspicious software & applications, etc. The increase in surveillance and monitoring by security agencies vs. privacy is an ongoing debate. To an extent, monitoring and surveillance does impact privacy, however, appropriate balance between both is the only way out. Reflecting the general consensus, Lobo also admits that the issue of privacy and free speech vs. national security is a complicated one with few easy answers. As others, he also advocates clarity in laws and procedures that allow government to snoop upon private information, and to censor speech on the web.

WRITE BACK Your views and feedback matter to us. Tell us what you think of the stories in the magazine or what more you would like us to cover. Write back to us at editor@elets.in

Power

Packed magazineS

ASIA’S FIRST MONTHLY MAGAZINE ON e-GOVERNANCE

Asia’s First Monthly Magazine on ICT in Education

The Enterprise of Healthcare

now

Subscription Order Card Duration Issues Subscription (Year) USD

Newsstand Subscription Savings Price INR Price INR

1 12 100 900 2 24 150 1800 3 36 250 2700

900 -1500 `300 2000 `700

*Please make cheque/dd in favour of Elets Technomedia Pvt. Ltd., payable at New Delhi

I would like to subscribe: egov

digitalLEARNING

eHEALTH

Please fill this form in Capital Letters First Name............................................... Last Name ................................................................. Designation/Profession ...................................... Organisation .................................................... Mailing address ........................................................................................................................... City ......................................................... Postal code ................................................................ State ....................................................... Country ..................................................................... Telephone ............................................... Fax ............................................................................. Email ...................................................... Website ...................................................................... I/We would like to subscribe for

Years

I am enclosing a cheque/DD No. ................................................ Drawn on ................................ ..................................................... (Specify Bank) Dated ........................................................... in favour of Elets Technomedia Pvt. Ltd., payable at New Delhi. For `/US $ ........................................................................................................................... only Subscription Terms & Conditions: Payments for mailed subscriptions are only accepted via cheque or demand draft • Cash payments may be made in person • Please add `50 for outstation cheque • Allow four weeks for processing of your subscription • International subscription is inclusive of postal charges.

you can subscribe online also www.egovonline.net | www.digitallearning.in | www.ehealthonline.org | www.elets.in

February 2012 / www.egovonline.net / egov

news

india

citizen services

Online G2C Services to be Doubled As many as 1,000 government services are likely to go online by the end of the current fiscal year. The Department of Information Technology (DIT), under the National e-Governance Plan (NeGP), is likely to deliver services such as registering births and deaths and accessing land records electronically. The plan will help the government achieve goals that were set as part of a $150 million long-term World Bank loan approved to support the NeGP. The targeted number of services is double of what was provided up till now by the DIT. Services that are likely to be offered online include farm updates, commercial taxes, registering on employment exchanges and municipal services, among others. A fund of `50 crore is likely to be created to serve as a revolving fund for development of the new projects, as the amount spent in development of the project will gradually be recouped once the project gets approved for implementation. An additional `50 crore will be spent on building an authentication platform for users, cloud services and an application store.

National Knowledge Network

Government to spend `1 trillion to democratise information India will spend `1 trillion over the next three years to “democratise information” through projects such as the National Knowledge Network (NKN) and the Gram Panchayat (village councils) network, Sam Pitroda, Adviser to the Prime Minister on Public Information, Infrastructure and Innovation, has said. Pitroda, also a member of the National Innovation Council (NInC), said

though the budget for NKN is now `6,000 crore, it could increase by some 65 percent. NKN aims to connect the top universities, science

research institutes, central institutions like the Indian Institutes of Technology, and research labs through fibre optics, to promote research in the country. It will be a multigigabit pan-India network providing a unified high speed network backbone for all knowledge-related institutes in the country. Of the targeted 1,500 institutes, NKN has so far connected 693. NKN

will later connect with Edusat (education satellite launched by the Indian Space Research Organisation) and foreign research labs to allow people from diverse background to come together. S V Raghavan, Scientific Secretary to the Government, stated that NKN, once fully rolled out, will allow for virtual classrooms, countrywide classrooms and sharing of faculty among institutions.

aadhaar

public interface

MG-NREGA workers with Aadhaar will now be able to withdraw money through micro ATM device launched by the Unique Identification Authority of India (UIDAI). The beneficiary has to put his finger and Aadhaar number into the micro ATM wireless device and get the money within 8 to 9 seconds from a business correspondent after verification about the beneficiary having that much amount deposited in the bank account shown through a receipt by the device. The device functions through any SIM and wherever there is a mobile tower. The device will be operated by a bankappointed business correspondent.

The Prime Minister’s Office recently made its debut on popular microblogging site Twitter. It is worth noting that the new media foray by the PMO comes in wake of TV journalist Pankaj Pachauri taking over as Communications Adviser to the Prime Minister. “The Prime Minister’s work should be in the public domain so that people know that the government is functioning for their benefit,” PMO sources said. The PMO Twitter account can be accessed http://twitter.com/pmoindia. The PMO’s first tweets were on the national awards for bravery function held at Singh’s official residence. The Twitter account of the PMO will have regular updates on the Prime Minister’s programmes in near real time.

UIDAI brings micro ATM for daily wagers with Aadhaar

PMO Debuts on Twitter

Indian Railways start m-Ticketing MG-NREGA workers with Aadhaar will now be able to withdraw money through micro ATM device launched by the Unique Identification Authority of India (UIDAI). The beneficiary has to put his finger and Aadhaar

egov / www.egovonline.net / February 2012

number into the micro ATM wireless device and get the money within 8 to 9 seconds from a business correspondent after verification about the beneficiary having that much amount

deposited in the bank account shown through a receipt by the device. The device functions through any SIM and wherever there is a mobile tower. The device will be operated by a bank-appointed business correspondent.

IN PERSON

M N Vidyashankar

Principal Secretary, e-Governance, Government of Karnataka

Taking stock of e-governance

in Karnataka

arnataka is perhaps the only government in the country to have a separate Department for e-Governance. What is the idea behind setting up of a separate Department? How is its mandate different from the Department of IT?

M N Vidyashankar is a man who wears many hats. Apart from his primary responsibility as Principal Secretary, e-Governance, Mr Vidyashankar also holds charge of Departments of Information Technology, Bio-Technology and Science and Technology. One of the pioneers of e-Governance initiatives in the country, he has driven a number of path breaking projects which have earned national and international acclaim. In an e-mail interview with Anand Agarwal and Puneet Kathait, he talks of the vision behind e-Governance in Karnataka and gives an overview of new initiatives in the offing

egov / www.egovonline.net / February 2012

The importance given to the e-Governance can be ascertained by the fact that a separate Department for e-Governance was created in 2003, within the Department of Personnel and Administrative reforms (DPAR). The idea is to plan and leverage the ICT for the benefit of common man. Creation of this Department as part of administrative reforms stems from the strong conviction of the State that e-Governance is a necessary tool to bring about administrative reforms. The mandate of the Department is to create a policy framework, setting the vision and guidelines for e-Governance projects. It is also tasked with the creation of administrative framework for approval of e-Governance Projects of the entire Department; technical assistance to Departments for taking up e-Governance projects; creation and maintenance of core e-infrastructure that can be used by Departments for planning and implementing e-Governance initiatives and development and promotion of common standards in designing of e-Governance projects.

In your view, what are the major factors that stand between success and failure of any e-Governance project? I am of the view that specific, measurable goals and time frames for each e-Government project need to be clearly identified before

IN PERSON

register updation; project has been implemented across all Departments of the Government of Karnataka. • Treasury Department: Khajane – Financial Management of the Government has been successfully implemented. • Survey and Settlement Department: Mojini – project for online preparation and issue of maps in respect of individual parcels has been successfully implemented. • Registration Department: Electronic registration of the property documents, introduction of property registration from anywhere in Bangalore city now functional.

embarking on the project. Specifically, an e-Governance project needs to meet the following criteria in order to be successful: 1. Achievable project goals 2. Estimation for resources should be accurate 3. System requirements should be well defined 4. Continuous monitoring of the project should be undertaken in order to check the health of the project 5. Appropriate technology management strategy should be in place well in time 6. An effective strategy for communication amongst all the stakeholders is equally important 7. The Project Management Team also needs to be constituted with great care, ensuring that the competencies of personnel match requirements of the project Karnataka has been one of the front runners in adopting e-Governance. Please share with us some of the major projects under implementation in the state. The state is presently implementing a number of e-Governance projects. Department-wise, some of the major projects undertaken are: • Revenue Department: Bhoomi project, Issue of various certificates (38 different certificates) such as caste, income, agriculture etc., through the Nemmadi RDS application and Social Security Pensions (5 services) • e-Procurement: Complete Process Reengineering of procurement process implemented in 165 Departments and agencies. • Human Resource Management System (HRMS): Complete Process Reengineering of employee payroll generation, service

vices, and similar such forty services are being offered under the BangaloreOne project. As far as replication of BangaloreOne to other urban areas of Karnataka is concerned, so far, it has been replicated in nine cities of Karnataka viz Bellary, Belgaum, Gulbarga, Davangere, Mangalore, Mysore, Shimoga, Hubli -Dharward and Tumkur. Few of the services which are offered at BangaloreOne Centres are also offered at KarnatakaOne Centres.

What is the technology and business model for Nemmadi? The state’s Nemmadi project aims to provide

“The study and Proof of Concept (PoC) for transition to IPv6

are currently underway” • Transport Department: Issue of Driving Licences and Registration Certificates, Electronically-conducted driving test. • Commercial Tax Department: e-Filing of returns and electronic payments of Taxes, e-Sugama. • Food and Civil Supplies Department: Issue of ration cards.

What is the most important component of an e-Governance programme? Any e-Governance programme needs Change Management. Change Management is the methodology that integrates change and the ability to adapt into the organization. It is an organized, systematic application of the knowledge, tools, and resources of change that provides organizations with a key process to achieve their basic business strategy. This will involve training of the personnel at all levels, more so, at the lower rung of government management organizations.

What services are presently being offered under the BangaloreOne project? Payment of electricity bills, water bills, mobile bills, BSNL landline and mobile bills, property corporation taxes, KSRTC ticket booking, domestic air ticket, recruitment facilitation ser-

citizen services in rural areas, similar to services offered by BangaloreOne. Most of the projects of e-Governance are on PPP model. Accordingly, BangaloreOne, Nemmadi are on PPP model. The entire Nemmadi project is built on Microsoft technology. The application has been developed using DotNet architecture and database used is MSSQL. Nemmadi delivers rural centric services like, Caste/ Income/Birth and Death certificates, RTC, Mojini, Social Security Pension schemes and such 70 services.

Please share with us details of your plans for transition to IPv6. The study and Proof of Concept (PoC) for transition to IPv6 are currently underway. The state has partnered with HP for this project. We would be able to share further details once the study and PoC are concluded.

Please share with us details of the proposed m-Governance policy. Presently, the policy is under process of drafting. Once we freeze the draft policy, it would be shared in the public domain.

What next for e-Governance in Karnataka? We are in the process of introducing a number of new e-Governance projects in the state. February 2012 / www.egovonline.net / egov

IN PERSON

Some of the major upcoming projects that are in the offing are: • Right to Information Project: The objective of this project is to enable citizens to seek information under the Right to Information Act, 2005 through Call Centre/Bangalore-One/Karnataka-One/ State Web Portal. The Centre for e-Governance has prepared the technical platform required to implement this project. • Management Information System (MIS) for the Planning Department: The objective of this project is to enable web-based collection and collation of information about the implementation of various plan schemes of different Departments from the districts and talukas within certain prescribed timelines. The Centre for e-Governance has prepared the technical platform required to implement this project. • State Service Delivery Gateway (SSDG): The Gateway has been concep-

tualised to provide anywhere/everywhere services to the citizens. A large number of services and forms will be made available through the internet to the citizens, thereby avoiding frequent trips to the offices. • Karnataka Residents Data Hub: The State Government is implementing citizen friendly schemes like Nemmadi, Bhoomi, BangaloreOne, etc. The intention of this project is to have consolidated information relating to all the citizens availing the benefits with linkages established between the different databases. This will help the Government in evaluating not only the progress of the project but also extending the benefits to the targeted beneficiary. • e-Forms: This is a Government initiative to facilitate the public to submit forms electronically for various services provided by different Government Departments. Electronic for submission forms enables citizens to fill in and submit forms

to Government anytime and anywhere for obtaining services. Currently 408 e-forms have been made available through the State Web Portal.

How do you see social media changing governance? What is the state doing on this front? Social Media is now a part of mainstream governance. It is a very powerful tool to ensure that governance reaches the last person in the queue and address issues on the last mile of governance. The way social media was utilised during the last US Presidential elections bears adequate testimony to its potential. In the days to come, social media has to be integrated with other governance tools for governance to be sustainable, equitable and accountable. We are trying to make use of the social media in some of our initiatives covering the activities of disaster management cell, in organizing international conferences such as BangaloreIT.Biz, etc.

G UPh N I rc COtM h ma m 16 cha I ELH asso D NEW

Following the success of 2011, eHEALTH once again presents Healthcare Leaders’ Forum Series 2012

mumbai, june hyderabad, august

EVENT OBJECTIVES

WHO SHOULD ATTEND

FOCUS AREAS

• Create a vibrant platform for senior industry leaders to share business experiences • Provide opportunity of mutual learning among industry players • Showcase existing success stories and best practices in healthcare industry • Germinate new business ideas and winning strategies rends and analysis

• Government visionaries, Health secretaries • CXOs of healthcare organisations • Senior administrators, HODs and business managers of hospitals • Investors from private equity and venture capital firms • Vendors and suppliers of hospital materials, technologies, equipments and devices • Healthcare consultants and experts

• Current market opportunities of healthcare industry • Investment trends in healthcare sector • Policy initiatives and economic factors for success • Medical Devices and Technology • Emerging business models in healthcare • Human resource and workforce development • Future trends and analysis

For updates visit healthcareleaders.eletsonline.com

coming up

egov / www.egovonline.net / February 2012

special feature

trend micro

Trend Micro Securing SCADA Environments New Delhi, 20 January, 2012: Trend Micro, Inc. (TYO: 4704; TSE:4704) a global cloud security Leader and long-time innovator in securing the changing threat landscape, announced that the software used in SCADA environments has came under renewed scrutiny, as attack code exploiting dozens of serious vulnerabilities in this widely used programs, were published. Programs sold by Siemens, Iconics, 7-Technologies, Datac, and Control Microsystems were apparently affected. In some cases, the flaws may be used to remotely execute code when the so-called supervisory control and data acquisition software is installed on machines connected to the internet. Two separate organizations released the code. The published information includes proof-ofconcept exploit code for at least 34 vulnerabilities in widely used SCADA programs. SCADA actually refers to any control system, so covers everything from Nuclear Power Plants, to the machine that sews a logo into a pair of trainers! If breached, it may pose a threat to national security, or perhaps just affect a manufacturing line. Protection for SCADA Networks needs to reflect the actual setting in which it is used. SCADA networks span a set of industries which have traditionally enjoyed relative segmentation because process control software was closed & proprietary, and not connected to the global Internet. In recent times, this situation has changed. These industries (e.g. manufacturing, oil & gas, water processing, etc.) are now using off-the-shelf software platforms (e.g. MS Windows) and management platforms designed & created by specific vendors (e.g. Siemens, Johnson Controls, etc.). Additionally, new hardware designed for these environments often now includes ports such as Ethernet and in some cases the devices are even wireless equipped. This is ideal for business optimization strategies, and large installations. However, serious consideration needs to be given before activating or enabling such accessibility in critical environments. It’s worth remembering that attackers most often target common platforms. It’s essential to protect the platform but in SCADA environments it is often difficult or impossible to patch them - as they may be legacy programs (eg. Windows 2000) or no patch is available anymore. A good introduction and overview to SCADA can be found on Wikipedia.

should be given as to the absolute necessity of connecting Critical Infrastructure to other networks or the Internet. The safest way to ensure critical infrastructure is secure is to ensure there is a physical gap between the networks. Ensure best practice security is followed – Such as disabling USB and other access, and ensuring proper physical security mechanisms is a must. Treat every SCADA environment as unique – SCADA spans multiple industries – some relate to critical infrastructure, others to manufacturing. Recognition of this individual environment is essential when planning and implementing security for the network.

Solution and Technology Recommendations from Trend Micro: More often than not, owing to the way in which SCADA networks are implemented and used, traditional security measures, such as antivirus, cannot be implemented on a device or to a system. Trend Micro’s technology offers multiple other choices, a few of which are covered below.

Deep Security Deep Security supports a wide array of operating systems along with its extremely compact memory requirements allow it to protect and shield specialized SCADA systems that cannot support conventional endpoint security. • Deep Packet Inspection - Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack. • Intrusion Detection and Prevention - Protects against known and zero-day attacks by shielding known vulnerabilities from unlimited exploits Automatically shields newly discovered vulnerabilities within hours, pushing protection to thousands of servers in minutes without a system reboot

Trend Micro Threat Management Services Threat Management Services provides network traffic inspection that can detect malware infiltration of any device of system. If malware activity emanating from a SCADA system is detected, Threat Management Services alerts the security staff to take appropriate action.

For More information: Policy and Process Advice to Help Secure SCADA Environments: Build an Air-Gap between the networks – Deep consideration

Visit : www.trendmicro.co.in Call : 18001036778 Email : marketing_in@trendmicro.com February 2012 / www.egovonline.net / egov

news

industry

ipv6

e-governance

HP in partnership with Government of Karnataka and IIIT-B to facilitate smooth transition to IPv6 HP has announced the signing of a partnership agreement with the Government of Karnataka (GoK) and International Institute of Information Technology, Bangalore (IIIT-B) to conduct a pilot project that will help organisations in Karnataka through a smooth transition to Internet Protocol version 6 (IPv6). The current version of IP addressing, IPv4, is reaching its theoretical maximum of about 4 billion Internet addresses. IPv6 is the new Internet addressing protocol with the capacity to support 340 trillion addresses. This allows for the dramatic expansion of connected devices from computers

and smart phones to household electronics, industrial appliances, vehicles and commercial systems. As a part of the announcement, HP Network University also unveiled the Unified Communication & Collaboration (UC&C) Innovation Centre at IIIT-B. The HP Network

University aims at providing advanced knowledge, including IPv6, to professionals working in the area of technology. The university will showcase, under a single roof, a complete Unified Communication (UC) platform representing technologies from HP and its major UC technology partners.

Oracle iGovernment emerges as one of the preferred partners for India’s e-Governance projects Oracle iGovernment has become a popular tool for the implementation of e-Governance initiatives in India. Oracle iGovernment offers technology and tools to move beyond e-Governance to develop flexible systems that integrate multiple functions and departments. It provides the foundation to continue the evolution of government computing by increasing integration. Andhra Pradesh Industrial Infrastructure Corporation (APIIC), Commercial Tax Dept (Rajasthan), Chennai Metro Water, Center for eGovernance (Karnataka), Delhi State Spatial Infrastructure, Assam PWD, West Bengal Central School Service Commission, Mishra Dhatu Nigam Ltd (MIDHANI), Haryana Treasury, Indian Railways, Indian Institute of Management (Lucknow) etc are some major entities that have selected Oracle iGovernment recently.

business outlook

Gartner lowers forecast for IT spending in 2012 Gartner now believes that all major technology sectors will witness slower gains in spending this year. In 2012, the spending on IT products and services is expected to reach US $3.8 trillion. This is a 3.7 percent rise from last year, when the spending totalled US $3.7 trillion, and had climbed by 6.9 percent from 2010. The new forecast indicates a sharp dip from Gartner’s prior projection of 4.6 percent this year. Richard Gordon, Research Vice President at Gartner, said, “Faltering global economic growth, the eurozone crisis and the impact of Thailand’s floods on hard-disk drive (HDD) production have all taken their toll on the outlook for IT spending.” Telecom equipment spending is projected to show the strongest growth, with revenue increasing 6.9 percent in 2012, followed by the enterprise software market, which will grow 6.4 percent. “With the eurozone crisis causing uncertainty for both businesses and consumers in Western Europe we have adjusted our forecast, and we expect IT spending in Western Europe to decline 0.7 percent in 2012,” Gordon said.

egov / www.egovonline.net / February 2012

national security

NIIT Technologies Ltd joins hands with BSF Union Home Minister P. Chidambaram recently launched the Intranet Prahari Project at the Border Security Force (BSF) Headquarters at CGO Complex, New Delhi. The Intranet Prahari Project worth Rs. 229 Cr was sanctioned by MHA on 25 February 2010. This is an ERP Solution developed by NIIT Technologies Ltd wherein all major processes such as Finance, Inventory Management, Operations and Personnel Information have been automated and integrated to act as a robust and quick Decisions Support System and for consolidated view of data by higher echelons and for various analyses. Under this Project, network connectivity has been extended up to Battalion level i.e to 237 locations of BSF. State-ofthe-Art Data Centres have been established; the Main Data Centre; a Disaster Recovery Data Centre (in a different seismic zone) and Mini Data Centres at Frontier HQrs for data storage. Sufficient cyber security measures to ensure network security and to prevent data loss or pilferage have been incorporated.

biometric

systems & security

biometric

The

Promise

of Biometrics

Press your eyeball into the retina scanner, or just brush past a proximity sensor, the modern biometric security systems are all about using the unique in your personality to make it easy for you to access certain secure areas Anoop Verma

hen we want to do anything online, we identify ourselves through user IDs and passwords. These identifying tools are not only difficult to manage, their security is also a cause of concern. IDs and passwords can be forgotten or stolen; devices can be hacked or tampered with. Many of us find ourselves juggling around with up to 100 passwords, far too many for the human mind to remember. Some take the path of least resistance and write their passwords on pieces of paper, which they store in their desks or even stick to their computer screens. We have reached a stage where we need alternatives to passwords.

â&#x20AC;&#x153;Biometrics is a complex technology but when supported by new services and improved processes, this technology can lead to profound improvements. All governments are realizing this, including the Government of India,â&#x20AC;? says Adarsh Parekh, Partner, Lead Identity and Border Management, Accenture. Recently the leading technology company, February 2012 / www.egovonline.net / egov

biometric

systems & security

IBM, presented its forecast for 2012 in a blog, which carried this interesting quote, “Biometric data – facial definitions, retinal scans and voice files – will be composited through software to build your DNA unique online password.” The technology that can be used to identify oneself without using passwords and IDs is already there. “Fingerprint reader, Face recognition, Iris scanning, Voice recognition, Palm Scanners and Retina Scanners have been deployed according to the sensitivity and security needs of the respective organisations,” says Govind Rammurthy,CEO & MD, eScan. In times to come you might not even need to use your debit card for withdrawing money from ATM. You will only have to look into the camera at the ATM booth and speak your name.

Scanning for an unique match Unlike password or PIN, biometric traits are

Adarsh Parekh Partner, Lead - Identity and Border Management, Accenture

“Biometrics is a complex technology but when supported by new services and improved processes, this technology can lead to profound improvements. All governments are realizing this” 28

egov / www.egovonline.net / February 2012

Govind Rammurthy CEO & MD, eScan

“Fingerprint reader, Face recognition, Iris scanning, Voice recognition, Palm Scanners and Retina Scanners have been deployed according to the security needs” more difficult to forge, copy, share, misplace or guess. While safeguarding the safety and integrity of the user’s information, biometric systems also enable the authorities to determine if a person has been issued multiple official documents, like ration cards, voter ID cards, driving licence or even passport. This is the reason why biometric systems have been gaining in popularity during the last few years. Facial scan technology in laptops, notebooks and in high end smartphones has become fairly common these days. With the price of sensors and microprocessors falling considerably, biometric systems are becoming more pervasive. Finger scanners are being used in many offices to determine if an individual can be allowed to enter a building. Iris recognition technology is already being used in many high security installations to properly identify employees and visitors. In some advanced countries there is now the talk of equipping security forces with hand-held devices that can instantly scan through millions of digital files in a matter of seconds, and help in identifying suspects even at remote checkpoints. “Biometric security system depends on the application and required level of security. Fingerprint is widely accepted by corporate, banks, manufacturing units and many more industries because of its cost and associated security features. However, for high-end security in areas like R&D, nuclear stations or government bodies other biometric solutions like retina, palm vein are being utilised,” says Jatin Desai, Product Engineer-Security Products, Matrix Comsec Pvt. Ltd. The current form of Iris Recognition technology that is being used is slower, as it

requires the users to stand close to the camera. But now a more invasive kind of “iris recognition technology” is round the corner. Perhaps it will be as perfect as what we have seen in movies like “Minority Report” and “Mission Impossible.” The new technology will work by photographing the iris, which is the membrane controlling the quantum of light that reaches the retina, from a distance and converting the image into a code that computers can read. The code then gets compared to one that is already stored in the database. As the device can capture an image of an iris from farther away, it can process larger number of people in much shorter span of time. Perhaps this will lead to a situation where your Iris can become your passport, your credit card and much else. Irises are unique, much like fingerprints. Even both irises in the same person are different. Fingerprints take lot of time in matching through a database of millions, whereas irises, which use more data points for biometric identification, are faster to process.

Biometric systems for everyone Biometrics can be used for creating ATMs and other machines that can cater to the needs of all sections of society. Many illiterate people are unable to use ATM machines, as they cannot read the keyboards to key in the PIN numbers. They can’t interact with the digital interface. But it is not at all necessary that an ATM machine should have a digital interface or a keyboard. In fact, newer advances in biometrics make it possible for us to have machines that can facilitate interactions

biometric

systems & security

Securing the Biometric Data in UIDAI How has the experience been like in providing unique identity to millions of Indians in the country? Millions of Indians are deprived of entitlements for want of an identity. The overwhelming response for enrolments all over the country bears testimony to the fact that this is a much awaited initiative. It is important to note that within Aadhaar system, one person can get only one identity in his/her lifetime due to the use of biometric in establishing identity, eliminating the issues of fakes and duplicates as seen in other document based identity system. How quick are the biometric systems being used? Is there any scope for making the system of creating UID cards even more efficient? The system currently has the capability of processing 10 lakh enrolments a day with enrolment database (gallery) of over 15 crore. It has scaled (grown) as expected. The additional computing power required to handle increasing number of enrolments will not grow at an abnormally high (non-linear) rate; it is well within the design and expectations of the UIDAI. UIDAI will certainly make every effort to make the systems more efficient. However, it may be noted that the current rates of one million de-

“uniqueness” which is critical to Aadhaar system to meet its objectives. Notice that passwords and one time passwords (OTP) can be used in conjunction with biometrics (multi-factor) to further strengthen resident authentication. UIDAI offers both biometrics and OTP as part of its authentication offering.

R S Sharma, Director General & Mission Director, Unique Identification Authority of India (UIDAI), spoke to eGov on the various aspects of biometrics being used in UIDAI initiative

duplications a day are the highest anywhere in the world. Are biometrics more secure than passwords? Both passwords and biometric are two different aspects of identification. While the password is external to the individual (what you know) biometrics are intrinsic (who you are) to the individual concerned. While passwords can be shared, guessed, and stolen, biometrics is unique to the individual. While one person can have one or more passwords, biometrics provide

through fingerprints, iris scan and voice based communications. There is talk of using ATM machines in India’s rural areas, where a user can conduct a transaction by simply pressing his or her thumb on the senor, pushing appropriate, colour-coded button for desired denominations and walking away with cash and a receipt. “The latest commercially viable biometric solution is the ‘car seat’ developed by the scientists of ‘Advanced Institute of Industrial Technology’ which can identify a person who is sitting on it. The success rate is 98 percent. Now we are hearing that some researchers are conduct-

egov / www.egovonline.net / February 2012

There have been instances where biometric security systems have been targeted by hackers. So how does the UID system ensure that the biometric security that is in place is itself secured? It is very important that all personal data collected for the purpose of UIDAI, be provided significant protection. UIDAI has ensured that the resident data is handled with the utmost care within its own and partner domains and follows some of the major principles of data privacy/protection. The UIDAI restricts itself to the collection of the minimal amount of (PI) personal information, as recommended by the DDSVP (Demographics Data Standards and Verification Processes) Committee, just necessary for identification purposes. Every enrolment data packet is “always” stored in PKI encrypted, tamper proof files and are never decrypted or modified during transit. Enrolment data is “never” decrypted until it is reached within UIDAI’s data centre’s secure production zone. We have

ing research on the dog’s heightened olfactory ability,” says Govind Rammurthy, CEO & MD, eScan. Social sector schemes in India are also planning to use biometric devices for ensuring proper identification of those who are entitled to their payments. The government of India’s MNREGA initiative for creating jobs in the rural areas has made use of ICT devices and biometric databases in some pilot projects. At times such projects have been plagued with the problem of ghost workers and of the local leaderships appropriating the job cards. But with the use of biometric and GPS enabled ICT

physical security outside and within data centres with access controls including biometric access control, physical caging, and 24x7 monitoring using cameras. Data is “partitioned” across multiple security “zones”, meaning “no” single database has all the resident data in completeness. UIDAI has issued guidelines to its partners, agencies (Registrars, Enrolment Agencies), and others involved to ensure that resident data is kept secure, and confidential. Is it possible for someone’s biometric identity to get stolen? In view of the security systems in place, there is no possibility of biometric identity getting stolen. Is it possible for us to have biometric security system in which we don’t have to touch something or even look deeply into a camera? There are several types of biometric security systems like face recognition, voice recognition, fingerprint, iris, handprint, retina, DNA etc. Apart from the extent of intrusiveness, the choice of technology depends on implementability and adaptability for authentication. UIDAI has chosen fingerprints and iris based on the expert committee recommendation and also has consulted best experts from around the world to implement this project.

devices on work sites, it will become possible to conduct biometric attendance of the workers.

Empowerment in rural areas Adarsh Parekh, Partner, Lead - Identity and Border Management, Accenture, says, “With advances in biometrics technology and improvements in IT infrastructure, there is a growing acceptance of biometric recognition technologies in our daily lives and this acceptance will grow with time. In the coming years, Accenture believes businesses and governments alike will introduce biometric technologies into many of their operations to enable secure access

biometric

systems & security

to services, drive efficiencies, and increase public safety and security.” The UIDAI initiative of the government is using biometric systems for providing unique digital identity to India’s billions of people, including the poor and underprivileged communities. As the poor in this country often lack the documents to prove that they are entitled to government schemes, they are forced to pay bribe for obtaining benefits. The foolproof biometric systems like retina scan, face scan and fingerprinting that are being used for creation of unique UID Cards will make it possible for many more Indians to gain easy access to all kinds of benefits. The UID could eventually turn into the world’s largest biometric database. “Nowhere have so many enrolments been done in so short a time,” R S Sharma, director general, UIDAI. Best thing is that the entire exercise of providing UID cards to citizens is being done a most cost effective way. “We have partnered with certain private entities, and this has even helped reduce the cost of the project. The global cost of de-duplication is pegged at Rs 20 per biometric identity, but we have been

Jatin Desai Product Engineer-Security Products, Matrix Comsec Pvt. Ltd.

“In addition to common electronics/computer and hardware failures, common biometric issues include poorquality biometric samples, evasion or noncorporation, dirty sensor” 32

egov / www.egovonline.net / February 2012

able to bring down that cost to Rs 2.75,” adds UIDAI director general, R S Sharma. Around 12 crore UID cards have already been generated. R S Sharma says, “We had the target of completing enrolment of 60 percent of the population by 2014 and we are scaling up well to meet the same.” New systems of biometric security are constantly being developed. IBM and other companies are currently engaged in creating a system that identifies individuals by the unique movement patterns of their eyes. L S Subramanian, of NYSE says, “10 years from today, you will be identified based on your odour or similar biological excretion from your body rather than any contact. Usage of facial recognition will increase with better scanning devices and better back-end algorithms for facial recognition.”

Can biometrics fail? Is it possible for biometric security systems

to fail? Occasionally we hear about biometric systems failing to recognise finger prints, and even retina scans. Biometric systems mainly work by comparing the scans of iris or retina, measurements of hand geometry, fingerprints, or any other measurement of the physical person against previously registered measurements. Such failures can be avoided or minimised by proper choice of technology. The hardware and the software have to be up to date. There has to be a proper implementation strategy to ensure that the biometric technology that is most appropriate for the organisation is used. “In addition to common electronics/computer and hardware failures, common biometric issues include poor-quality biometric samples, evasion or non-corporation, dirty sensor, network failure, user unawareness and extreme weather conditions,” Jatin Desai, Product Engineer-Security Products, Matrix Comsec Pvt. Ltd.

Introducing the all new

Kaspersky Endpoint Security 8 www.kaspersky.co.in

45%

of businesses are ‘under-prepared’ for a cyber attack.

Where do you stand? Fully protect and control your changing IT environments with Kaspersky Lab’s newest innovation – the Kaspersky Endpoint Security suite – significantly reducing the risks to your organization, enhancing your flexibility and greatly improving business productivity. Stay ahead of the threats. Confidently take on new opportunities to help drive your business forward. And always be ready for what’s next. For sales enquiries email us at: india-sales@kaspersky.com Nationla Distributors (Enterprise) :

enquiry@caps.in

info@ivalue.co.in

biswajeet@seainfonet.com

girish@techmatrix.co.in

IN PERSON

Sajeeb Ahmed Wazed (Joy) ICT Advisor to the Honourable Prime Minister of Bangladesh

an ict vision

for digital bangladesh With a vision of realising Digital Bangladesh by the year 2021, the Government of Bangladesh has initiated many of the public sector reforms along with various e Governance initiatives. Three years ago the GDP growth in Bangladesh was 4.4 percent and today the country is at 7.5 per cent in the formal economy. Bangladesh bank estimates that the growth in the informal sector is adding another 2.5 per cent. Realistically, Bangladesh is close to 10 per cent GDP growth rate. Additionally, the poverty level in Bangladesh, from the fiscal year 2006 to fiscal year 2010, has dropped by 10 percent entailing that 50 million Bangladesh nationals have been lifted out of poverty in Bangladesh. Sajeeb Ahmed Wazed (Joy), ICT Advisor to the Honourable Prime Minister of Bangladesh shares his vision for the â&#x20AC;&#x2DC;Digital Bangladeshâ&#x20AC;&#x2122; with Dr Ravi Gupta and Dr Rajeshree Dutta Kumar at the Prime Ministerâ&#x20AC;&#x2122;s Office in Dhaka, Bangladesh

ow in the next 5 years do you think ICT can transform Bangladesh?

Bangladesh has five main strategic thrusts towards building an inclusive economy: Building Capacity; Connecting People; Serving Citizens; Driving Economy; Breaking Barriers. The two drivers that will transform Bangladesh are a) e-Governance services or citizen services and b) industry growth. To begin with, one of the major concerns was that all the digitisation of government services would benefit only the city dwellers and the rural people will be left out leading to an increase in the existing digital divide. But we did it in such a way that digitisation is now benefitting the entire population and as a result, the greatest impact has actually been felt in the rural areas. It is a tremendous driver of growth and development beyond the cities. IT industry will become the next job creation engine in Bangladesh shaping into much higher income sector than our traditional ones. My hope is that within the next decade, the IT industry earnings will surpass the government sector. So, both in terms of the lives of the rural population as well as the job growth sector, I hope that this Bangladesh will be a transformed Bangladesh.

What is your strategy to handle the increasing cost of telecom and Internet sectors in Bangladesh? It is not telecom but the Internet that is expensive. Telecom, in Bangladesh, is one of the cheapest in the world. The government has liberalised telecom policies. Prior to liberalisation, there was only one mobile operator in Bangladesh that had very high monopoly rates. So we liberalised it, we issued six new licenses but it has not happened for the Internet sector. We looked at what was holding back the development, why Internet cost was not dropping the way the mobile and voice sectors grew, why is the data sector not growing. What we found was that there were several vertical and horizontal barriers in the policy itself, that were preventing growth. With the new policy that is coming, we wish to move towards unified licensing regime similar to what India has.

How do you plan to move towards 3G and 4G? We plan to work towards an auction of 3G spectrum by June 2012. Currently, we are finalising the policy guidelines. We are trying to decide on the kind of auction that we will have. We, certainly, do not wish to have a completely western style of auction as that will end up driving the spectrum cost up and that cost will eventually go to the consumers. We have some bandwidth available for one more operator to come in, but mobile sector is a very competitive market here. So that is highly unlikely to happen.

egov / www.egovonline.net / February 2012

IN PERSON

To encourage the growth of ICT industry, we eliminated all import duties on IT equipments, hardware or software

ICT Advisor to the Bangladesh PM, Sajeeb Ahmed Wazed (Joy) is excited about the potential for ICT in the country February 2012 / www.egovonline.net / egov

IN PERSON

While we do not wish to drive up the cost too much, we do wish to keep it competitive.

How has the Government of Bangladesh planned to roll out the e-Governance initiatives? Have you thought of outsourcing your ICT projects to other agencies? When we started with our Digital Bangladesh plan, we identified various e-Governance and e-Services projects that needed to be implemented. We identified three different tiers â&#x20AC;&#x201C; a) quick wind or short term projects that could be implemented quickly; b) mid-term projects, typically, of 5-6 years; and c) long term projects of 10 years. A total of 270 short and mid-term e-Governance projects were identified to be implemented the right way and quickly. And, once the plan was formulated, we essentially gave this plan to each ministry to implement on a priority basis. So, most of the immediate projects have already been implemented or in the process of being implemented. Outsourcing industry in IT and skill development go hand in hand. There is a need to have a good pool of IT manpower, which includes finishing skills to cater to the needs of Outsourcing sector. There is academia- industry gap and a need of education reforms in these areas. We have completely revamped the education policy as part of the government agenda independent of our Digital Bangladesh initiative. IT education is one of the essential elements of education curriculum. This will help further down the line because the next generation will be familiar with IT and at least have basic knowledge. As far as the industry skill is concerned, frankly speaking, this is the area that we do not have any answer yet. We have about 7000 computer science graduates in this country every year that are lacking in their finishing skills, relevant vocational training, relevant IT skills set, and English communications skill. What we are hoping is that private vocational training schools will pop up to provide this. Our government is open to welcoming the private entities who could open a chain of trained centers.

For the ICT industry to grow in two or three tier cities, is the Government of Bangladesh giving any tax incentives? To encourage the growth of ICT industry, we eliminated all import duties on IT equipments, hardware or software. Now there is almost no import duty on IT equipment. In terms of the BPO industry, our government is giving tax breaks

egov / www.egovonline.net / February 2012

or holidays of 10 years or longer. We are in the process of building several IT parks. The government is going to provide this land at very low costs to any IT company that comes in here. There are a couple of locations within Dhaka city and we are actually in the process of building essentially an IT city just on the outskirts of Dhaka, We really studied the Indian model and adopted it. Besides the tax incentives we also have a fund set up by the

Are there any bilateral collaborations with your neighbouring countries? Yes. We have some collaboration with National Informatics Center (NIC) in India. In general, all our e-Governance projects are based on outsourced model open to all vendors- domestic and international. Many of the companies from Malaysia and China are here. Since our thrust is

eASiA 2011, I believe, has been a tremendous

status symbol for Bangladesh Bangladesh bank to provide low interest loans to the IT industry. So, small startup firms in Bangladesh can take advantage of this provision.

India is providing broadband connectivity to Panchayats, education institutions and public health centres. The knowledge network will improve collaboration and service delivery. What are you plans realted to these aspects? We have built 4501 union information centres, which are the smallest local government units in Bangladesh. A union comprises of several villages with the lowest level of local government office existing, we have built essentially information kiosks like a cyber cafĂŠ, aptly managed by usually a young girl or a boy from village whom we have trained on the systems. The villagers can obtain information on online. All of these offices are now connected through the mobile network but we intend to connect all these 4500 union information centres to around 20,000 government offices throughout the country. We have several projects on hand to connect all of these with broadband. We are partnering with the private sector to develop the rest of the network on a PPP model. The big advantage we have in Bangladesh is that the physical country is quite small. So our goal is that within the next 10 years we will have fibre to every union level and the last mile solution can be provided by wireless, 3G or 4G. So once the backbone infrastructure is put in place it will be easier to spread the last mile solution to the village level. We have another project to cover all government universities with fibre.

on PPP, we do not have direct government collaborations with them. Our collaboration is with the industry and the foreign IT industry is very much present here participating in a lot of projects.

With the country being open to IT investments, a comprehensive growth can be anticipated. Please comment. Three years ago Bangladesh did not have the concept of an IT industry and e-Governance, and digitisation also did not exist in the government of Bangladesh. With our governmentâ&#x20AC;&#x2122;s manifesto, it all began and the progress that has been made is highly commendable. I would say that this government is moving as fast as possible. The growth in the industry is 40 per cent year on year in the last three years, which is a phenomenal number. We would love to get even faster, but so far we are quite happy with the growth in the IT sector employment and income.

How do you think initiative like eASiA helps Bangladesh ICT industry? eASiA 2011, I believe, has been a tremendous status symbol for Bangladesh. It really raises our profile. You know, when we think of IT outsourcing, three years ago you would not have thought of Bangladesh at all. Since last two years people have been talking about Bangladesh as a potential IT outsourcing hub. I think, eASiA takes it to the next level with the foreign experts coming to Bangladesh, speaking, seeing the development themselves. eASiA has been a tremendous marketing platform for us as it has been instrumental in drawing international attention to Bangladesh helping the IT industry to grow.

Analysis

Inclusive

Growth through

Mobilesâ&#x20AC;&#x201D;I The rate at which mobiles have penetrated every aspect of society is unprecedented in the annals of world history. In a two-part article, an analysis of the trends so far is presented with an overview of the policy initiatives being proposed to effectively leverage the almost limitless potential of mobiles for sustainable development Ashis Sanyal

or the last two decades or so, most governments all over the world are focusing on long-term, sustainable, and inclusive growth in order to provide development opportunities for all sections of the society. Remotely located rural and traditionally under-served communities have been the key target beneficiaries of these approaches. Enabling inclusive growth requires improving access for the poor, allowing them to participate in the mainstream development eco-system through economic opportunities. Information and Communication Technology (ICT) has very long-impacting role to play in economic growth of any country. For example, one of the common and popular research findings relates a 10 percent growth in telecommunications connectivity to 1 percent growth in the GDP. In the background of economic recession in the last two decades or so, including the recent one, India has demonstrated its capacity to sustain a reasonably high level of growth in which the IT sector has played a stellar

egov / www.egovonline.net / February 2012

role. This has been possible partly because of continuous efforts being made towards sectoral integration of domestic markets, through effective use of ICT.

Attributes of Inclusiveness There are four important attributes of â&#x20AC;&#x2DC;inclusivenessâ&#x20AC;&#x2122; in the context of a developing society. Broadly, the economy of an inclusive society would provide many opportunities for better livelihood to its people, facilitating consequent increase incomes over a period of time.

Analysis

Secondly, it would also provide various means for the people, to enhance their capabilities to utilize those available opportunities. Access is the third of the attributes of an inclusive society, which actually brings opportunity and capability together. For instance, an individual having access to social needs like education or health services, can appreciate self values in society better: a sense of his or her true place in the larger community, and its associated obligations. The fourth dimension of an inclusive society is security, which ought to be provided by the government to citizens in a rapidly growing economy. A truly inclusive society would provide safety in terms of predictability and stability of livelihood to its people. In the context of India, this dimension of security in sustainable inclusive growth must be considered as having paramount importance, as majority of our population is still primarily dependent on agriculture-based livelihood activities. Interestingly enough, all these four dimensions of inclusiveness i.e. opportunity, capability, access and security issues can be addressed very effectively with intelligent and judicious use of ICTs within a desirable timeframe. In today’s world, time is crucial in most of the initiatives towards inclusiveness and order of the day is to resolve any issue in the right way first time and at the right time. ICT has given an unprecedented opportunity to the world for helping realize inclusive development

initiatives under time constraints. In the following sections we examine the impact that the evolution of communication technologies, especially the mobile technologies has made on inclusive growth. In our analysis, focus is on financial inclusion and governance, more specifically, on the delivery of public services to the citizens.

Mobile – the Latest Revolution As governments have been compulsively focussed on how to usher in sustainable inclusive growth in society, the world has been experiencing exponential growth in mobile connectivity and mobile phones. While the number of cars has crossed the figure of 950 million, that for TVs 1.5 billion, credit cards 1.6 billion and PCs have crossed the 1 billion mark since their introduction, mobile phones have crossed 6 billion in the last 3 decades alone. As wisely stated by Mr R Chandrashekhar, Secretary, Department of IT of Government of India, ‘mobile revolution’ is the only revolution in the history of civilization, which could truly touch the lives of billions of the people around the world in a very short span of time. According to the latest Wireless Intelligence predictions, the total number of mobile connections globally would have touched 6.07 billion by December 2011. With world population crossing 7 billion in October 2011, this

means that the global mobile penetration rate would have touched 86 percent by end 2011. It is further estimated that mostly developing economies are driving this global growth, representing close to 80 percent of global mobile connections. Wireless Intelligence expects that in 2012 the developing countries would contribute over 40 percent of global mobile revenues compared to 33 percent four years ago. It is observed that such growth in the developing region would offset declining trends seen in developed economies, particularly in Europe, where operator revenues have been negatively impacted by market saturation and regulatory measures. For many countries including India, the mobile revolution has been a boon for good governance. The constantly widening mobile user base has presented decision makers with an unprecedented opportunity for taking the benefits of governance and expanding the reach of public services to every citizen, especially in hitherto under-privileged rural areas through innovative mobile applications. For the providers of telecom services, electronic governance applications and electronic content, the mobile revolution presents a very good business opportunity as well. With the large number of potential mobile users across the country, it makes sound business sense to develop applications, content and services on mobile platforms. The pie is appreciably February 2012 / www.egovonline.net / egov

Analysis

very large. For example, among the 31 Mission Mode Projects (MMPs) under the National e-Governance Plan (NeGP) of Government of India, the government-to-citizen and citizen-to-government (G2C/C2G) category itself numbers more than 1100 services, which are expected to be delivered in multi-channel delivery platform. Many of these services have sound economic potential for delivery through a mobile platform. In this context it may be recalled that in 2009, more than 850 million m-payment transactions took place across the world. By another estimate, NavTeq mobile maps are used by over 100 million people every day. This shows the steadily increasing use of a mobile platform for day-to-day use.

Look South Asia (Pacific) for Mobile Revolution The growth-rate of mobile users in South Asia and Asia Pacific countries for the last few years has steadily surpassed the corresponding figures in the developed countries. The highest cumulative growth rate for mobile subscribers is currently held by the South-Asian countries, with India leading the group, adding an average of almost 15 million subscribers each month. Wireless Intelligence observed that global growth is being driven by the Asia-Pacific region, accounting for about 50 percent of all connections at the end of 2011. Almost two-thirds of connections in the Asia-Pacific region relate to China and India – currently the two largest mobile markets in the world. Both countries are on track to hit 1 billion connections each, in early 2012. By this time six of the world’s top ten largest mobile markets will be located in Asia-Pacific region with China as #1, India #2, Indonesia #4, Vietnam#7, Japan #8 and Pakistan #9. Also, in the fourth quarter of 2011-12, Africa is set to overtake the Americas as the second-largest regional market with 648 million connections (11 percent of the total). Africa is forecast to record the strongest year-on-year connections growth of all the global regions, rising 18 percent over the previous year. This period will also see Eastern Europe overtaking Western Europe in terms of connections, with Western Europe predicted to record the weakest year-on-year growth. While examining the above statistics and in analysing the cause and effect situation, one may wonder whether it is a traditional oral society effect for these countries! In this part of the world, religious, social, cultural and

egov / www.egovonline.net / February 2012

ethnic heritage were kept alive, mostly orally, for thousands of years and consequently the technology which best supported the way of oral communication, has been overwhelmingly adopted by the society pretty fast.

Mobile Revolution in India and its Impact on Society The equivalent statistics for the Indian scenario are very impressive. While the number of TV sets has hardly reached 500 million in the last 4 decades, radios and newspapers have reached approximately 180 million. In this light, the more than 900 million mobile phone connections, increasing by around 15 million per month and expected to reach 1200 million by 2014 is a truly astounding achievement! However, there is a caveat in these figures due to existence of multiple connections per user and also many inactive connections. A recent study of the Indian market revealed that 30 percent of the country’s total mobile market size is redundant.

Four dimensions of inclusiveness i.e., opportunity, capability, access and security issues can be addressed very effectively with intelligent and judicious use of ICTs The Government of India has very wisely been following calibrated policy measures in the areas of tele-communications and IT, in consultation with the stakeholders, for some time. Perhaps, the most visible result of all these policy initiatives is the fast growth of mobile penetration within the country. Mobile phones are being currently seen in most quarters in India, as a key enabler of information and also a sort of social revolution. Through extensive use of mobile phones in all business sectors, the traditional information control by the middleman is disappearing. One can say that mobile phones have thus contributed to a breakdown of social hierarchy, thereby improving the access of socially deprived people to markets and capital. The next phase of the initiative is to ensure that the impact of rising mobile density be maximised in identified priority social sectors like health, education, poverty elimination, environment etc.

A recent survey revealed that the mobile subscriber base among the rural population in India is also increasing very rapidly, highly outnumbering bank account holders in rural India. This presents a great emerging opportunity – to provide basic governance and also financial services on mobile platform, which would reach under-served and un-banked sections in rural areas. As the Government of India currently has the mandate to facilitate reach of electronic governance to maximum number of citizens, it has been pro-active in finalising the policy framework for delivering basic financial services through a mobile platform while also working on policy guidelines for mobile governance and delivery of public services through mobile phones.

Government Policy Initiatives The issue confronting the government now is how to use the mobile revolution more effectively, not only for governance, but also for all walks of social life, for all aspects of inclusive growth – opportunity, capability, access and security, whether in social sector viz., education, health or in governance sector, so as to provide better government-to-citizen services at much cheaper cost, including reliability and efficiency of government-togovernment services. For this, the Government of India has taken a conscious decision to bring about major policy interventions for mobile governance, considering its great potential to uplift social and economic conditions of the common citizen, especially of those living in the remote and difficult places in rural India, where fruits of development and progress did not reach adequately for many years. The number of applications developed and increasingly being used in mobile platform, to provide health and education services, various citizen-centric government services etc., amply demonstrate the power of the mobile technologies to enable the poorest citizens to help themselves get access to mainstream economic growth.

the author last served as Senior Director in DIT, GoI. He now works as an Independent Consultant

IN PERSON

Dr Mukesh Aghi

Steria (India) Chairman and CEO

“You Cannot

Legislate Behaviour”

In a free-wheeling discussion with e-Gov Editor-in-Chief Dr Ravi Gupta, Steria (India) Chairman and CEO Dr Mukesh Aghi discusses major e-Governance initiatives that his company has been involved in, across the globe. He also presents his perspectives on the status of ICT adoption in the Indian private and government sectors, and makes the point that technology can aid governance only upto a point

egov / www.egovonline.net / February 2012

teria, I have been told, has a very strong government presence globally. What are some of the major government interventions you have been involved in and what are the tools and practices you would like to see implemented in India? Steria generates roughly €1.75 billion in revenues, and 40 percent of that comes from the public sector, and we have been working with governments at different levels. Some of big projects we are working on, for example, we have built and manage the Schengen Visa system. So all the visas and border control, everything, we manage that, and we have built the technology. Similarly, for the Ministry of Justice in UK, from the case analysis perspective all the way down to conviction and managing the prison environment – we have built and manage the entire system .We have also built and mange the Land Records System in the UK. Then we have massive projects in the defence system, we do supply chain logistics for the UK defence. We also provide very strong biometric solutions to UK and also for the defence forces. We have developed a solution for the Cleveland State of the US. Every police officer has a product like a smart phone or smart pad, we call it CUPID and it has all the information you need. So as a policeman stops a vehicle he can basically punch in the vehicle’s licence plate number, and it immediately retrieves all the details. You can get driver’s id number, license number, punch it and keep all the information. Within the CUPID you can file the FIR. And then we have identified something very unique, which is, every time a police officer comes into contact with a citizen or an issue, we have a marketing team which calls up the citizen and does a customer survey, what is the experience, what is the solution needed here, is the citizen happy with the experience and so on. So we have integrated customer satisfaction to encourage better police services. We are also present in countries such as Norway, France, and Germany etc. In Germany, for example, we are managing all of the systems of the Ministry of Finance. We manage their back office and also handle payroll, citizen contact etc. In Singapore, we work very closely with their transport, LTA and that is interesting because there we are bringing citizens who use public transport system because Singapore is saying listen, we have limited land, don’t buy cars. We will do everything from safety to tunnel management. Basically we are trying to provide services to encourage citizens to use more public transportation.

IN PERSON

I think it is important to set the expectations early on that technology and e-environment cannot bring in massive change, unless the fundamental value system of the people does not change with their constant clash of technology and the ideology or behaviour

Steria (India) Chairman and CEO, Dr Mukesh Aghi discusses his companyâ&#x20AC;&#x2122;s activities with governmentâ&#x20AC;&#x2122;s across the globe February 2012 / www.egovonline.net / egov

IN PERSON

Coming to the second part of your question, I think one has to understand that technology for itself is not a panacea to solve the complex issues we deal in the country. You know, we have issues related to corruption, transparency, accountability, ethics etc. I think it is important to set the expectations early on that technology and e-environment cannot bring in massive change, unless the fundamental value system of the people does not change with their constant clash of technology and the ideology or behaviour. Let us look at one example, what we are doing in UIDAI. It is an ambitious project, a daring project that the country needs to basically address issues of absence of transparency and making sure that the government investments are flowing down to the citizen level where it is needed. I believe our minds are very creative, and as people find out that it is going to make things little more transparent, it is going to bring in more accountability, they will find ways to twist the whole thing. So what I am trying to say is, that while technology is critical to bring more efficiency, unless we focus on the value system we will never get full benefits of technology.

You have given an interesting perspective, talking of the clash of technology and value systems. This is a very fundamental problem that you have highlighted. Having seen the progress of e-Governance across many countries spread across continents, developing countries, developed countries… how would you say India is positioned in terms of the global perspective, and where are we in the cycle of IT adoption? I think let us just benchmark ourselves with Singapore. And the reason I am saying is, if you look at 1963-64 when Singapore got its independence, or actually independence was thrust on them, it was a swamp land with no natural resources. It was a country of a couple of million people who were at that time focused on fighting with each other: the Chinese, the Malayans and the Tamilian Indians and what you call the mixed races. And I think early on Lee Kuan Yew decided that he needed to bring in unity of the people and leverage technology to provide services which are transparent, efficient and effective. And I think Singapore has done a fantastic job in every aspect. Today if one wants to change the address,

egov / www.egovonline.net / February 2012

one just haste go to one point – go on the website and change the information on driver’s license, mailing address with the post office, tax department, revenue department – everybody. Everybody is inter-connected. You could say that for a country of 5 million people it would be easy to implement such solutions, and I agree. But I think there are something else which is happening which we need to benchmark. Singapore is having an ageing population now, whereas India’s demographics are much lower now. So what Singapore is saying is, in e-governance, especially in health we need to be able to provide world quality and most cost effective healthcare, because as a nation we can’t afford. So that is one phenomenon we need to look at from Indian perspective. A bigger thing, which I think we are not ready as a nation is, in the next ten years almost 400 million Indians

I think that’s where the smart cities and the ‘e’ is going to play a very strong role.

Now, the way IT is happening in India, although we have a national mission – a National e-Governance Programme, UID and few other initiatives by different Departments, people still feel we don’t have clarity, we don’t have a roadmap, we don’t have specific targets. People talk of the need for an Electronic Service Delivery Act for making e-Governance services mandatory. What are your views on this, regarding making it mandatory for Departments to offer services electronically?

“[UID] is an ambitious

project, a daring project that the country needs to basically

address issues of absence of transparency and making sure

that government investments are flowing down to the citizen”

will migrate from villages to the cities. It is a mega trend. That means we need to have smart cities, where our government can provide efficient education, efficient security, efficient transport system, basically efficient healthcare and they all have to be inter-connected because resources are going to be very limited. Now the question is if you rate Singapore at 10, I think India probably in our perspective will be at 1 or 1.5. So we have a long, long way to go. The other major trend which I think is going to impact India is the environment. Today, you know, almost 150 million Indians are almost zero carbon contributors. When I say almost zero, they have no electricity, no car, no television, they get up when the sun comes up and they go to bed when the sun goes down. But as their affluence goes up so will their aspirations, their desires; they would want electricity, television etc., and they will start contributing heavily to the environment from a CO2 perspective. So are we ready as a nation? I don’t think we are. So

I think legislation is not the answer because you cannot legislate behaviour. Plus, we have to understand that India as a nation is not one nation from what the perspective of adoption of technology. We have one part of India which is in 21st century and the other part is in the previous century. So the question that really comes mind is: how do you basically drive this to make it more efficient? When you look at the reasons why Information Technology has become much more pervasive and efficient in private sector vis-à-vis government, again it’s the issue of behaviour. In the private sector, the motivation is to become more competitive, more efficient, more productive and get better RoI, on your technology investments. On the other hand, in governments this motivation is not as strong. If a law makes IT mandatory, I will do it but I will do it to level that, I won’t step beyond. So I think the whole behaviour factor have to change, you can’t legislate behaviour itself.

www.emaharashtra.eletsonline.com

IN PERSON

Arvind Thakur

NIIT Technologies CEO

“The National GIS Programme would be an attempt to

tag every asset”

IIT Technologies has been pursuing government business very seriously for a while now. What are the latest developments on that front?

eGov Editor-in-Chief Dr Ravi Gupta and NIIT Technologies CEO Arvind Thakur engage in a conversation over NIIT’s current projects with governments and the reason why it has chosen to focus upon only a few verticals. Opportunities in the government sector as the pace of e-Governance in different Departments picks up is also discussed, and so are the company’s plans for expansion into a greater number of functional domains

egov / www.egovonline.net / February 2012

In Asia, and particularly in India, there is a very sharp focus on government. As a company, we have been very sharply focused globally on the few industry segments. Government is an activity we do only in Asia. We have pretty good brand salience in the domestic market as far as engaging with the government is concerned. Essentially there are three areas where we are focusing on; first is defence, second is police and the third is power. Each of these three large segments has a significant outlay for investments in technology. We have been working with the Ministry of Home Affairs, Central Police Organisations like CRPF and very recently we have completed a project with the Border Security Force – the Intranet Prahari Project. It is a very large programme, connecting 250 remote border locations and getting people from the force to use the technology, training over 20,000 people. Of late, we have also been involved with the CCTNS Programme. This is largely funded centrally and has to be implemented in every state. We are now working with the states of Tamil Nadu and Jharkhand and are in talks with a number of others. In the power sector there is APDRP Programme. Our engagement is in the specialized area of GIS. The government programmes are large, complex, challenging, and we have been able to build ourselves in these areas. Hopefully we will see our business grow with the same pace. There are peaks and troughs in doing businesses with the government; our government business has varied between 4-10 percent.

IN PERSON

You have a huge expertise in GIS, which is largely a governmentoriented domain. How do you plan to leverage this experience? The genesis of our engagement with the government is through the GIS programmes. The private sector also has phenomenal implementation of the GIS in the areas like telecom, utilities, and in the areas that require large asset management. The government is very serious in this sector and is putting together the National GIS Programme, almost at the same magnitude as UID. If the UID Programme is an attempt to tag every individual, the National GIS Programme would be an attempt to tag every asset. These are very large programmes, and the GIS domain has the potential for exponential growth. Some of the areas we are expanding into, such as defence, police organisations, or power: these are led to large turnkey engagements which are normal system integrated engagements.

What kind of opportunity you see in states adopting the CCTNS, a very deep IT implementation? If you look at the environment, with respect to law and enforcement, every police station is an island by itself. The only connection is through wireless and now mobile phones. So there is only voice connectivity and no data connectivity. This is a great handicap for information sharing. Policing is a basic citizen service and the government has a pretty significant outlay, around Rs 2,000 crores, to get this whole thing going. Basically, the programme is about creating a common application and customized implementation in different states. So while we have a centralised application, the implementation has to be unique. We can go for VSAT solution, and we can leverage whatever infrastructure required. Obviously it will take some time. Each one of these programmes would vary in terms of size. Tamil Nadu has about 1,500 police stations, Jharkhand has only about 500 â&#x20AC;&#x201C; so implementation times and costs would vary from state to state. Typically these programmes would have implementation period of 18 to 40 months and then a running period of 3 to 5 years.

How are you looking to go deeper into areas like defence, power etc? How is the roadmap? We donâ&#x20AC;&#x2122;t have any plans to have a federal practice In US or in Europe. We mainly deal with the matters in Asia as a matter of fact. Dynamics of business vary from country to country. We are

strong in India, and in Asia, we are strong in Singapore and Australia because we have done a lot of government business in these markets and there is a strong brand salience and also they are big enough. One would not want to spread too thin and to move to other markets when you have a strong brand salience. Our whole approach towards the business is to remain very sharply focused so that we built specialization: on the technical part.

You have also done something in Singapore in e-Procurement. Are their plans for India as well? e-Procurement is a good example that you cite. Singapore is perhaps the most advanced government in the implementation of e-Governance. And besides the programme that we have implemented with the Singapore government on e-Governance, there is a portal called Gbiz and all government procurement happens through this portal. So this is what we have built and we have

government and execute government programmes are very different from the skills sets required to execute international programmes. Fundamental difference lies in the programme management because the maturity and discipline in government organisations to implement large programmes is much lower simply because the customer per se does not understand their responsibility in implementing the programme. When you are implementing IT projects not only internationally but also in the corporate world, the customers understand that they are the equal partners in the implementation process. With the government, the responsibility entirely lies with the vendor. I think this attitude is a major reason behind delays in large programmes. Departments need to take ownership of projects, and shed the attitude that the project responsibility entirely lies with the vendor. When the economic environment is tough, only the government can continue spending. Per capita IT spending by the government is around $

With respect to law and enforcement, every police station is an island by itself

maintained. We have entered into a partnership with the Singapore government and we would now take this solution to other parts of the world. In India, we have implemented an e-procurement system for the Ordinance Factory Boards. Most of the government contracts are system integrated contracts. Its hardware, software, everything combined, we have done total integration of the implementation.

There are opportunities coming from multiple Government Departments. How do you plan to make use of these? As I said earlier, you have to build upon your own track record, you have to choose your own battles. So when you are looking at the large government bids, you are competing with the largest players in the industry. Each of these bids consumes a lot of energy of the organisation and you need to have a reasonable chance of success, like around 70% probability of winning the deal to participate. You cannot expand just like that; you cannot spread yourselves too thin. The skills sets required to engage with the

1.5 in India and in Australia or US, it is around $ 100. So we are at the base of the whole curve. The comparison is unfair because the size of the population is dramatically different. The good thing is that the government has recognised an agenda for inclusive growth. So from that point of view, they have initiated many policy changes as well and are creating the infrastructure to be able to use the technology for all its programmes. I think that is very useful. For example a huge programme like NREGA can be very successfully supported by the UID programme. Besides this there are many other programmes also. So this is the investment in infrastructure to support that. Reaching out for basic healthcare, village do not have a medical facility. Envisaging a situation where doctor in the city using technology can consult and can give basic medicine at least is phenomenal. Likewise we talked about public distribution, education and law and enforcement, these are all basic programmes where we are talking about inclusive growth using technology. Though very small percentage right now but as citizens start getting benefits, you would definitely be able to increase the outlay for technology. February 2012 / www.egovonline.net / egov

Analysis

Making Geospatial Smarter for India The idea of Government organisations using GIS as a core technology is now accepted in part or whole by many Government organisations. Will “making Geospatial smarter” help Government, what is meant by this phrase and what might it look like? Dominic McNeillis

he nation is looking for increased Government efficiency in delivering services at a sustainable pace; it is looking for increased transparency; it is looking for Government Agencies and their Partner Organisations to be accountable. Against this backdrop of Increasing Efficiency, Transparency and Accountability we can start to pay due attention to government workers, citizens and thence relevant use-cases in India – “Research in India, for India” is the mantra. Something having worked in other countries is not necessarily a good place to start. The three homes of GIS could be said to be in the Office, in the Field and on the Internet. Without data and function, a digital map on our screen is of no more interest than a casual conversation. Relevant data must inform or flow from a function (or workflow); the function must reflect a business need; the business need must offer potential for increased

egov / www.egovonline.net / February 2012

efficiency in a manner valued by users and stakeholders. An implementation with Kolkata Metropolitan Development Authority showed that the driving business need at that time was to avoid paper maps and duplicate effort in multiple departments. It was a cultural change that allowed what now seem obvious efficiency improvements. Today we might see it as the first stepping stone, providing a platform onto which departmental solutions can be built. Today, introducing Geospatial technologies is less likely to fulfil the Efficiency, Transparency, Accountability needs in itself, but might smarter Geospatial?

GIS for Development GIS, as a technology, has been gaining a lot of popularity in India, with the 11th Five Year Plan citing implementation projects in Power, Agriculture , Forestry, Mining and ICT sector. There are model projects in India both in the field of Rural and Urban Development - Department of Agriculture in Punjab has been actively using GIS for agriculture and in Karnataka, Bangalore Development Authority

has made it their mission to make Bangalore the “Best Indian City”. Another case in point is around Infrastructure Development - A Highways and Roads Maintenance Service is provided in India by the NHAI, State and Municipality Engineering teams and their partner organisations. Roads provide no more than transport, but represent freedom of movement, the ability to work and therefore earn money to many and the ability to move goods within the country and therefore spread the wealth of the nation among citizens. They represent that chance to get to educational establishments of choice, shops that charge us what we can afford and we are, therefore, more free to flourish. Roads are the Arteries of the Indian nation and its citizens are demanding that, having invested in new roads, they are maintained and improved. Roads degrade over time with weather and vehicular use; they need to be inspected, work issued and contractors paid. The Inspection could be planned according to industry data collected over many years so that the roads are kept is a use that makes them fit for purpose.

Analysis

An industry and profession has been built around the efficient maintenance of roads. In India, the overarching professional organisation is the Indian Roads Congress (IRC) which has developed standards for inspection of roads that differs according to the likely use, the strategic importance and the material used to build the road. Along the road there are many types of assets that also need to be inspected. Bridges are a specialist case of assets that need to be inspected according to a 2 year and 6 year cycle. In India, additional inspections are carried out before and after the monsoon season. Looking at the case for GIS in relation to the business need, it is clear that the best a GIS could do is to show where the roads are as a series of lines on a map: in itself is very useful. If we flip this on its head and ask if we built a system that dealt efficiently with the (data and function) workflows associated with Roads Maintenance we have smarter Geospatial software improving efficiency by automating existing manual workflows and adding “where”, then adding the ability to spatially analyse trends in roads repairs that are not easily seen from columnar lists: • The ability to record where defects are spot clustering and repetitive incidents/ defects • The ability to record performance data of which zones repaired roads defects most efficiently (then spread best practice between workforce teams) • The ability to decide on more cost effective measures – resurface a stretch of road rather than repair potholes twice a month • The ability to record a citizen complaint against on a map and then communicate where the inspection or works order should take place to the workforce. Such data can also be published onto a website using Internet mapping software, increasing transparency and accountability.

Smarter Geospatial could be defined as “new software that responds to business needs where the solutions are improved in part by maps, data and workflow”

The ability to issue a works order to the nearest workforce team using mobile technology • The ability to provide a citizen portal to report defects, thus providing Public Services 24/7/365…the list goes on and on. A second example, directly involving citizens might be: a person moves home to a new area with their family. They wish to know where their nearest facilities are, what services are provided to their home from which organisations and how they will be charged. As they get used to their area but having a household where all adults work, they can only catch up on family issues in the evenings and at weekends. This is not uncommon. State provided government services and Municipality provided government services are a mystery to most citizens but they will have computers and will link to the internet. GIS on the Internet, linked to Core Government Service data but structured with a citizen user interface that works how citizens think: I live at this address, please find my nearest “everything” and then I can click on what I want to and get some extra information about each service. Crowdsourcing in GIS capabilities can be a huge plus. The revolution is already happening with Google Mapmarker – with users giving their data inputs in mapping. This example calls for smarter Geospatial that connects live with multiple departmental systems and their data, as well as offering a “live-linked” web page (portal) for citizens to interact. Such systems offer ambitious Politicians potential to create the new wave of •

transparent and accountable Government: • Citizen services available to citizens 24/7/365 –The ability for Citizens to complain, request a service, submit an RFI at any time • A “tell me once” Government portal (“tell me once” that you have a new child, you move house, you marry, you pass your driving test in State A, B or C etc) • The ability to share non-sensitive data with partner service organisations and focus on improved Citizen experiences • Bringing India Government Services up to its “Best of World” ambitions

Smarter Geospatial Smarter Geospatial could be defined as “new software that responds to business needs where the solutions are improved in part by maps, data and workflow”. In the context of Government in India, we might add that such software should also provide politically appropriate, (and therefore) sustainable improvements to the lives of citizens. By making Geospatial smarter in India, we will introduce solutions to problems and avoid GIS becoming a solution looking for a problem.

the author is Solutions Marketing Manager, Public Sector, EMEA and India, Pitney Bowes Software

February 2012 / www.egovonline.net / egov

IN PERSON

A key consideration for governments across the globe is the extent to which to rely upon outsourced vs. in-house cyber security talent

Michael Sentonas, McAfee VP and CTO (Asia Pacific) discusses security

egov / www.egovonline.net / February 2012

grid name IN PERSON

Michael Sentonas

Vice President and Chief Technology Officer, Asia Pacific, McAfee

“There is an immense opportunity

IN THE e-Governance space”

McAfee Vice President and Chief Technology Officer, Asia

hat would be some of the most critical security threats the Indian government faces?

Governments globally face threats to key assets. These threats can range from hacktivism, attacks on critical infrastructure through state-sponsored cyber sabotage and intellectual property theft. Increased penetration of mobile devices means more mobile government workers and increased potential for data leakage and for malware penetrating into the network if security policies and technical mechanisms are insufficient. Second, as the Unique Identity (UID) project rolls out, ensuring utmost protection for the IDs and data associated with each record would be critical. The Indian government is already planning a comprehensive security strategy to protect this project. Third, outsourcing protections will be critical – and this revolves around legislative policy or laws which the government should be instituting – since so much of Indian economy relies upon outsourcing.

What are your views on security of public information in India, particularly with respect to the UID programme?

Pacific, Michael Sentonas is responsible for driving the integrated security architectures and platforms that have propelled McAfee into a leadership position in digital security, with a focus on the Asia Pacific region. With a background in sales and engineering, he has been able to drive innovation and optimise product direction and development in the company. He has over fifteen years experience in the IT industry, focusing on internet

Currently, security adoption across government enterprises is largely restricted to perimeter security and malware protection. However, the UID is one programme which takes stringent steps to preserve and maintain critical citizen data. It has been structured in a way so as to prevent any sort of data leakage, as it deals with confidential individual information. The privacy of the individual is respected and this will be one of the major reasons for the success of the project.

security solutions with past

What is McAfee’s play in the government sector? Could you share with us some your major initiatives in this sector?

major security challenges to

There is an immense opportunity in the e-Governance space for technology and related companies in India. Industry reports estimate it to be in the region of $ 6-10 billion over the next 2-3 years. At McAfee, we are very bullish about the Government vertical globally and this strategy translates into the Indian context as well. We have

government sector

roles including software development, security consulting and management. In an email interview with eGov, he talks about the government business and McAfee involvement in the

February 2012 / www.egovonline.net / egov

IN PERSON

increased. Nearly 30 percent believed their company was not prepared for a cyberattack and more than 40 percent expect a major cyberattack within the next year. In a country such as India, much of the critical infrastructure is with Public Sector Undertakings and hence owned by the government. Because of their inherent economic importance, such assets make strong targets for political sabotage, data infiltration and extortion.

• Key network areas – IT, Operations and New Smart Grid Projects – should be overseen by a single security authority responsible for interconnectedness and synergies necessary across all three as compared to a silo-based approach. It is advisable to have a single security authority as to enable holistic protection of the assets. • A strong data governance plan that classifies data as per its value needs

“Compliance never equates to security so an over-focus on

regulation diminishes the importance of

other important security controls a separate team globally as well as in India that has been institutionalised for managing government projects; bearing testimony of our concentrated focus on this sector. The initiation of large projects such as UID project, r-APDRP (restructured-Accelerated Power Development and Reforms Programme) etc., and the international phenomenon of terrorism moving into the cyber domain implies that IT security will continue to grow in importance for the Indian government. We are working together with a number of Indian government agencies and ministries through our channel partners to help develop coordinated strategies to tackle the lacunae in India’s defences.

What is McAfee’s advice to protect critical infrastructure from cyber attacks? In April 2011, McAfee and the Center for Strategic and International Studies (CSIS) came out with findings from the Critical Infrastructures report that reflects the cost and impact of cyberattacks on critical infrastructure such as power grids, oil, gas and water. The survey of 200 IT security executives from critical electricity infrastructure enterprises in 14 countries found that 40 percent of executives believed that their industry’s vulnerability had

egov / www.egovonline.net / February 2012

McAfee McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. McAfee products empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security

Managing security issues is certainly a challenge for the government in India because there are manpower as well as cost-related challenges to deal with. A key consideration for governments across the globe is the extent to which to rely upon outsourced vs. in-house cyber security talent. There is also a worldwide belief that regulation will somehow solve network security related concerns. Compliance never equates to security so an over-focus on regulation diminishes the importance of other important security controls. Therefore spending budget wisely to ensure the government achieves the right level of security means balancing compliance with security and the right level of in-house talent to do so.

What would be the key components of a comprehensive security plan for protecting the country’s critical infrastructure? A highly sophisticated network security posture is needed to guard critical establishments from premeditated attacks. We recommend adhering to a 5 step risk-based checklist to create a strong network control which will minimize such attacks:

to be developed. Post this, a relevant plan to safeguard vital data (at rest on the network, in transit within/to/ from the network, and in peripherals and mobile devices) can be executed. • Cyber attacks can also be instigated through a weak vendor network, as a result of which hackers can gain direct access to the critical infrastructure. Vendors should be selected carefully and made to validate their security standards. When vendors notify new patches or other urgent actions over a possible threat, the recommended mitigation steps must be assigned high priority. • Daily vulnerability assessment to understand potential weaknesses especially when new devices/applications are added to the network is also needed. It is also important to maintain regular checks when the control system becomes IP-enabled. • There has been an increasing trend in the deployment of ‘whitelisting’, a technology which blocks all unauthorized executables or applications and obviates the need for regular updates which require downtime on the network. It is also suitable for devices which are purpose-built – such as control systems; or those that run only limited applications – such as servers.

THE PREMIER GLOBAL PLATFORM FOR E-DEVELOPMENT

15-16 June 2012, Le Meridien, New Delhi, India Past lEaDErs at EworlD forum

Kapil sibal Jyotiraditya scindia Union Minister of Communication Minister of state for Commerce and Information Technology, and Industry, Government of India Government of India

arvind mayaram Additional secretary and Financial Advisor, Ministry of rural Development, Govt. of India

shankar agarwal Additional secretary, Department of Information Technology, Government of India

Hon. tassarajen Pillay Chedumbrum Minister of Information and Communication Technology, Mauritius

ranjith siyambalapitiya Minister of Telecommunication and Information Technology, sri Lanka

r Chandrashekhar secretary, Department of Telecom, Ministry of Communication & IT, Government of India

r K tandon Managing Director, Indian railways Catering and Tourism Corporation

walter fust President of Globethics.net Geneva

seema Hafeez sr Economic Affairs Officer, Division for Public Administration and Development Management, UN Department of Economic and social Affairs

EvEnt HigHligHts l l l l l

DElEgatE ProfilE

Power packed thematic sessions on governance Exposition on e-Governance Platform for exploring new business avenues in government Awards for excellence in governance across the globe Opportunities for networking with key international government influencers

OrGANIsErs

PrEsENTED by

l l l l l l

Ministers of different countries from world over Policy decision- makers from governance Key high level government officials from various departments from India and abroad Officials from bilateral and multilateral agencies NGOs and civil society organisations, International Development Agencies ICT entrepreneurs, Industry representatives and experts

PArTNEr PUbLICATIONs

For Programme enquiry ContaCt: sunil Kumar, Mobile: +91 8860635837, sunil@elets.in For Business enquiry ContaCt: ragini srivastava, Mobile: +91 8860651650, ragini@elets.in Jyoti lekhi, Mobile: +91 88860651634, jyoti@elets.in

news

world

immigration control data protection

Reform of EU Data Protection Norms proposed The European Commission has proposed a comprehensive reform of the EU’s 1995 data protection rules to strengthen online privacy rights and boost Europe’s digital economy. The Commission’s proposals update and modernise the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights in the future. Key changes in the reform include: • A single set of rules on data protection, valid across the EU. This will save businesses around €2.3 billion a year. • Wherever consent is required for data to be processed, it has to be given explicitly, rather than assumed. • People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). • A ‘right to be forgotten’ will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it. • EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens. • A new Directive will apply general data protection principles and rules for police and judicial cooperation in criminal matters. The rules will apply to both domestic and cross-border transfers of data. The Commission’s proposals will now be passed on to the European Parliament and EU Member States (meeting in the Council of Ministers) for discussion. They will take effect two years after they have been adopted.

Hacking

immigration control

Computer hackers plan to take the internet beyond the reach of censors by putting their own communication satellites into orbit. The scheme was outlined at the recent Chaos Communication Congress in Berlin. The project’s organisers said the Hackerspace Global Grid will also involve developing a grid of ground stations to track and communicate with the satellites. In the long run, a wider hacker aerospace project aims to put an amateur astronaut onto the moon within the next 23 years. Experts say the satellite project is feasible, but could be restricted by technical limitations. Low earth orbit satellites such as have been launched by amateurs so far, do not stay in a single place but rather orbit, typically every 90 minutes.

Taiwan has launched an e-Gate system, which can be used by citizens 14 years and over with valid passports and registered biometric data, at international airports in Taoyuan County, Taipei and Kaohsiung and at the Kinmen Seaport after trial runs. The system allows for faster immigration services and improved border security. The e-Gate system, equipped with infrared ray sensors, facial recognition cameras and passport readers, can clear arriving travel-

Hackers Conference in Berlin plans space satellites to combat censorship

egov / www.egovonline.net / February 2012

South Korea Extends Biometrics Scanning to all Foreigners All foreigners entering South Korea will have to undergo biometrics scanning starting from 2012 to combat terrorism and prevent threats to national security. According to the Korea Immigration Service (KIS) , foreigners age 17 or older will undergo fingerprint and facial scanning upon entering the county starting Jan. 1. The program started scanning those from countries deemed high-risk by the KIS in September 2010, and has since expanded to include all foreigners choosing long-term stay. The programme excludes minors, diplomatic officials and other

foreign government officials. Registered foreigners currently in the country will also be exempt. Biometrics scanning will be conducted in 11 different languages including English, Chinese and Japanese. At the immigration desk, foreigners entering the country for the first time will have both index fingers and their faces scanned as part of the Justice Ministry’s Biometric Identification System.

Airport e-Gates Launched to Speed up Immigration Clearance in Taiwan

ers in 12 seconds by scanning the passenger’s passport and face or fingerprint. More than 170,000 citizens have registered biometric data, such as their facial features and fingerprints, at immigration counters at Taiwan’s gateways during

the programme’s trial run this year. Passengers must be at least 140 centimeters in height and must not be under a travel ban in order to register to use the system. Once the registration is accepted, it will remain valid permanently.

Oracle Government

20 of the 20 Top Governments United States, Japan, China, Germany, France, United Kingdom, Italy, Brazil, Spain, Canada, India, Russia, Australia, Mexico, Republic of Korea, Netherlands, Turkey, Indonesia, Switzerland, Belgium

Get Better Results With Oracle

For more information, email salesinquiry_in@oracle.com or call 000 800 100 7789 / 080 4029 1298

Copyright ÂŠ 2011, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.