cover story
Security is Prime Worldwide data, information pilferage and economic intelligence gathering through the use of Internet has redefined security needs and strategies to combat growing threats
ith the rise in e-Governance across India and the establishment of State Data Centres that meet the information requirements of the citizens, threats to the government vertical has risen manifold. Leakage of confidential information through spyware, viruses, phishing, pharming and other blended threats is brought to the fore. There is no better example than the discovery of spyware, originating from China in the Ministry of External Affairs itself the impact of which can be immense, considering that spyware sends out at regular intervals to the attacker. Indian enterprises today are in the process of either establishing or reinforcing their security architecture. The increasing usage of IT by government department
Future Of Policing Public safety organisations continuously look for new tools to help them better serve and protect the citizens of the community as well as to ensure the safety of their officers. For years, law enforcement has used radio to provide them with the information they need to perform their missions. To increase the success of each operation, police are now incorporating video into their information network. Video can benefit law enforcement before, during, and after an incident. Before an event, highly visible video cameras act as a deterrent to crime. During an event, real-time video can be useful to a command center to plan a measured response with mobile units. After an event, recorded video can aid investigation efforts or serve as a source of additional evidence.
Mobile Video Sharing: Improving Policing Effectiveness Until recently, video has been constrained to either fixed locations with high-bandwidth wireline networks or to local storage with future playback solutions. These solutions lack the ability to provide live information to the people who need it most: officers on the front line. Combining mobility with video sharing allows officers and commanders to share critical new information, helping them to safely perform their missions. We are not simply talking about traditional CCTV video surveillance; we are talking about putting video into the hands of officers on the street, greatly increasing the availability of accurate real-time information at their disposal. Surveillance cameras are becoming more prevalent, thereby increasing the number and location of video sources. Video cameras can be found on light poles, on fire trucks, in police cars, and as part of buildings surveillance systems. Instant access to this video helps individuals and groups assess situations in real-time and respond more effectively. Mobile Video Sharing extends the availability of this information
16 }
to the many individuals outside the command centre. With access to this same information, officers en route can assess a situation and plan their approach prior to arrival. Once at the scene, the live video from the patrol car can be sent back to the command centre for another angle and view of the incident, providing a true video collaboration opportunity.
Redefining Policing “Mobile applications of camera technology are the future of policing,” said Charlie Beck, deputy chief of the LAPD. The department implemented a wireless network in the Watts neighborhood of Los Angeles where crime has been high. • 10 cameras wirelessly deliver video to an intelligence officer who monitors the area • When trouble is spotted, an intelligence officer instantly sends that video to the mobile police officers in that area • The responding officer views the video and responds accordingly • The technology helps LAPD cover a greater area with fewer people • Responding officers are more aware of the situations before they enter the area
Mobile Video Sharing Users of mobile video sharing today are finding new ways to utilize the technology. The following are examples of the value of mobile video sharing. www.egovonline.net
ov
and for online transactions by banks and other financial institutions has given a boost to the demand for security solutions. Over the last several years, phishing, and subsequent identity theft, is proving to be one of the biggest threats plaguing the Indian Internet space. Enterprises are now seeing the real potential of security solutions and infrastructure and they are moving towards leveraging them to accelerate business productivity. With the Government of India taking major initiatives to make the country e-Ready by initiating various e-Governance implementations there is an increasing need to create trust by educating the transacting parties about the confidentiality and integrity of their messages. This requires identification and authentication of transacting parties. From a consumer point of view, it isn’t anymore about someone siphoning your password with a keylogger or a phishing attack. Professional cyber criminals are
adopting various methods which include, hacking consumer’s online accounts to study behavior and obtain information and then using this information for launching a fraud attack. Internet users of social networking sites have also become soft targets for future threats. Looking at the international scenario in US, securing your network against attacks is not only good practice but is also mandated by laws such as Sarbannes-Oxley (SOX), PCI-DSS, HIPAA, GLBA and more. All these regulations require detailed reporting and an audit trail to show that you have indeed complied with the letter of the law. The intricacies of these regulations are as follows. GLBA is an important regulation in the banking and insurance industry and governs various activities of financial institutions. HIPAA concerns itself with privacy and security of electronic patient data in hospitals. PCI-DSS
regulates security in the credit card and retail industry. A company processing, storing, or transmitting payment card data must be PCI-DSS compliant. Digvijaysinh Chudasama , VP – Sales, Cyberoam-India said, “ It can be clearly
High crime area monitoring
Disaster management
Monitoring areas with a history of a high criminal activity can be enormously advantageous for police departments and the community. Conspicuous placement of cameras throughout the area creates an immediate crime impediment because criminals are aware that they are being monitored and recorded. When suspicious activity is captured on camera, mobile officers can view the crime in progress and may choose and the share the video with other officers. This form of immediate collaboration helps officers to evaluate the situation before entering a dangerous area. The result is greater officer safety. Response also benefits. Officers can see what is happening prior to arriving on scene, keeping them a step ahead of the bad guys. Officers do not need to drive slowly down the street, looking for the suspect – knowing exactly where to go and who to look for allows them to speed directly to the location.
Serious management challenges emerge in the aftermath of a disaster. In most cases, different agencies need to work together to respond effectively to the incident. Here again, video can play a key role in facilitating the response and improving the outcome. With Mobile Video Sharing, an adhoc network can be established to assist decision-makers as they establish a plan of action and workflow. A unified command centre might coordinate and help the various agencies deliver the best possible relief. Video from various responder agencies may be shared amongst one another and with incident command.
In-vehicle camera monitoring In-vehicle camera monitoring provides another valuable measure for improving officer safety. Car mounted cameras capturing video in front of them helps deliver a “virtual backup.” All the activity at a traffic stop caught on camera may be viewed live at remote locations, which may prove immensely valuable if the situation escalates. That video may be shared with a command centre and/or other officers as needed. As a result, the police department can respond quickly with the appropriate support.
ov
March 2009
Technical Requirements of a Successful Mobile Video Sharing Solution A mobile environment provides some unique challenges to implementing a video sharing solution. Consider the essential requirements: • A wireless broadband network must be available to mobile clients • The network must accommodate two-way video streams • Security must be provided at all access points and across the network • Users must be able to send and receive data while on the move • Each unit, mobile or fixed, must be equipped for “command and control” collaboration • Cameras must serve the various needs of police, fire, and EMS departments • Huge amounts of digitized video must be recorded and archived • All technology must be easy to adopt and extremely user-friendly The increasing availability of video is changing traditional policing methods before, during, and after an event. Putting that video into the hands of the officers in the street exponentially increases the value of that information. 17
seen that, India’s current IT Act doesn’t have the scope and vision to ensure such a granular degree of control over electronic data covering various industries. Complying with these and other regulations is often complicated, time-consuming, and costly. “ According to a report by IDC India, the key trends in the Indian e-Security market are a convergence of network and desktop security coming closer, unified threat management appliances and policy-based administration coming into usage. Also of significance is the emergence of security consulting, endto-end security services and managed security services. With the installed base growth in PCs, broadband and mobile connections increasing sporadically, several market studies show the Indian market for security products and solutions to be around $120M, growing to around $1B by 2012. If we analyse the data over the last several years, the overall loss in the country due to digital security lapses is increasing. In addition, many companies that have not fortified their online presence have their brands defaced by hackers taking control of their customers’ digital identities, and in some cases the company’s website itself. The good news is that most institutions that have online presence understand the need for providing a safe and secure environment for their customers. Secondly, the end consumers are also becoming aware of how to operate online in a safe and secure manner. With this in mind, we are currently working on our go-to-market plans to address the needs of the Indian market, so that our products support the RoI expectations of the local market.
18
international security trends Some of the international security trends garnering steam through 2009 are: • Local Language spam will target emerging markets in 2009. • Enterprise attacks will use VOIP technologies to engage in fraud that includes voice fraud, data theft and other scams. • New strains of malware consisting of millions of distinct threats will propagate as a single core piece of malware. • Web based security threats will continue to increase • Virtualized environments will be increasingly used to secure sensitive transactions and protect critical infrastructure. • Security attacks will focus on stealing intellectual property rather than personal data
The nature of worldwide data, information pilferage and economic intelligence gathering through the use of Internet has redefined security needs and strategies to combat growing threats. In one recent case, a company, a major player in power and utilities, was sabotaged and its critical information assets compromised by its very own security vendor - a foreign security company-something that highlights the vulnerability of networks, especially those of a nation whose information security needs are manifold. According to Digvijaysinh Chudasama, “There is an urgent need to redefine the concept of national security secrets and moving beyond protection of the defense industry and public sector to include even the entire private sector through compliance regulation”. He further added that setting up a Central Nodal Agency and Accreditation for CyberSecurity Solutions along the lines of National Security Agency in USA and other Approval and Certification bodies for Security Solutions is crucial. It should be made mandatory for security product to be indigenous especially in importantly identified centres like HQ and R&D in India. The need to choose deployment of security solution that integrates identity of a user as important criteria in providing protection. In regards to digital signatures Rajiv Chaddha, Vice President Sales, VeriSign India said, “The main challenge to digital signatures gaining popularity in the government vertical is the relative lack of education and awareness about digital signatures and its advantages. However, the awareness is increasing rapidly among business users and government officials as the Controller of Certifying Authorities (CCA) is
working hard to educate people about the applications and benefits of digital signatures.’” He further added, “Though deployments in the government sector have been less in the last two to three years; many government departments have now begun taking interest in digital signatures as part of their e-Governance initiative.” Commenting on NIC’s role, he further said that, “After NIC has become a nodal agency, the government departments have started trying digital signatures in areas like tenders, data, e-Procurement and many other applications”. Digital signatures provide a secure environment by assuring the parties involved in the transaction that their information is confidential and ensuring the identification and authentication of the transacting parties, so that they cannot repudiate the transaction at a later date. Among other major government departments that have embraced this concept is the DGSD or Directorate General of Supplies and Disposal that has considered digital signatures for better transparency and is expectedly going to formally complete the online rollout soon. With the arrival of the e-Governance era, information like taxation, land records and more while available easily and readily to the citizens stands vulnerable to attackers. Securing the data centers and other repositories of information, thus preventing confidential data leakage, controlling access to inappropriate sites, complete visibility into the network so as to know who is doing what in it, and monitoring and control of user behavior hold the key to future security. Sandeep Budki sandeep@egovonline.net
www.egovonline.net
ov