Se­cur­ing your dig­i­tal trans­for­ma­tions

Panel Dis­cus­sion

Governance Now - - FORUM 2018 -

Rahul Ag­gar­wal,

part­ner, cy­ber se­cu­rity, Pwc in­dia, said that the gov­ern­ment is push­ing dig­i­tal in­dia and dig­i­tal pay­ments and em­pha­sis­ing on smart cities. A lot of tech­nolo­gies are also com­ing in like Blockchain, Ar­ti­fi­cial In­tel­li­gence and Google As­sis­tant. “We are evolv­ing very fast from a tech­nol­ogy per­spec­tive,” he said, adding, “We have fig­ure out how we will take care of pri­vacy and se­cu­rity. We have to cre­ate a right bal­ance of con­ve­nience, au­to­ma­tion and se­cu­rity. What are the var­i­ous con­trols that we are giv­ing to build trust and com­fort and as­sur­ance to con­sumers?”

AS Rao,

ex­ec­u­tive di­rec­tor-ciso, oil & nat­u­ral Gas cor­po­ra­tion ltd, said that se­cu­rity is a chal­lenge and one must con­tin­u­ously evolve in that area. “We are in the process of fi­nal­is­ing the last phase of en­ter­prise-wide isoc. We are go­ing to sub­sti­tute our ex­ist­ing sim tool and are also go­ing to in­stall TAM and other tools in a few months from now,” he said.

Jayant Gupta,

chief gen­eral man­ager- is in­fra­struc­ture & se­cu­rity, Hin­dus­tan Petroleum cor­po­ra­tion ltd, gave a mixed per­spec­tive on OT. “Five years back, the field was pretty ok for us as it was an iso­lated area and not much of in­ter­ac­tion was happening with SCADA. The mo­ment you joined that net­work threats on the nor­mal net­work started flow­ing on OT net­work,” he said.

He fur­ther said that Hpcl is work­ing with some ot com­pa­nies and has been able to con­vince them for let­ting some of the con­trols built in.

Dr Mukesh Arora,

GM, cor­po­rate it, Bhel, said that Bhel has more than 25,000 end­points spread around man­u­fac­tur­ing units, re­gions, sites and cus­tomers. “Till last De­cem­ber we had 10-11 lay­ers of end­point se­cu­rity that were con­sol­i­dated. now we have a bet­ter con­trol of the cen­tral server to dis­trib­uted server and then to the end­points. We have been do­ing the in­ter­nal au­dits be­fore se­cu­rity au­dits by the gov­ern­ment agen­cies. in last De­cem­ber we had also set-up our soc (se­cu­rity op­er­a­tion cen­tre) which will mon­i­tor the internet traf­fic in the first phase and in the se­cond phase will mon­i­tor email and other traf­fic across the unit. We have formed Bhel-cert for emer­gency re­sposne,” he said.

PK Mukhopad­hyay,

gen­eral man­ager (IT), Ru­ral Elec­tri­fi­ca­tion cor­po­ra­tion ltd, talked about the other as­pect of se­cu­rity which is the user. He said that se­cu­rity has two parts; one is tech­nol­ogy and other is the user. “If users are not fully trained the se­cu­rity can­not be im­ple­mented prop­erly. so in

ad­di­tion to tech­nol­ogy, users should be made aware of the im­pact of se­cu­rity and its im­por­tance,” he said.

Sav­itri Sri­vas­tav,

gen­eral man­ager (it) and ciso, nhpc ltd, said that the or­gan­i­sa­tion has 21 power sta­tions and most of them have SCADA in place. “Not only it we have ot too. We have projects in all Hi­malayan ranges in re­mote ar­eas where there are con­nec­tiv­ity is­sues. Hence it is dif­fi­cult to get data. We have con­nected all th­ese lo­ca­tions through Mpns lease lines,” she said. High­light­ing that peo­ple too are strong and weak se­cu­rity links, she said that any breach can hap­pen by a mis­taken click on any wrong email or at­tach­ment.

Power sec­tor is con­sid­ered as a crit­i­cal in­fra­struc­ture. “We are get­ting sup­port from our gov­ern­ment part­ners like cert-in, nci/nec. They are send­ing guide­lines and ad­vi­sory reg­u­larly. The min­istry has set up sec­toral certs also. We are given the re­spon­si­bil­ity of pro­vid­ing guide­lines to other nodal agen­cies,” she said.

Vi­jay Dev­nath,

gen­eral man­ager (in­fra & se­cu­rity) & ciso, cris, said that the en­tity is up­grad­ing its sig­nalling sys­tem by us­ing a lot of spe­cialised it sys­tem as safety is very im­por­tant. But the systems are not avail­able for up­grades 24X7. “We are not able to take even a block of few hours to up­grade or re­place them,” he said.

“We have 13 lakh em­ploy­ees who need to be made aware and ap­prox 3.5 lakh end­points to look af­ter. even a cen­tralise soc is out of the ques­tion in our case. so we have a plan to have 16 SOCS in dif­fer­ent rail­ways zone and then the cen­tral soc will look af­ter. But just by mak­ing em­ploy­ees aware will not help. The aware­ness has to be backed up by bring­ing in the in­for­ma­tion, tech­nol­ogy and se­cu­rity into the cur­ricu­lum of the em­ploy­ees (in staff col­leges),” he said.

Amit Ku­mar,

it man­ager & ciso, irctc, said that irctc is known more for its tick­et­ing ser­vice with a huge vol­ume. it is the largest e-com­merce plat­form and there­fore has many se­cu­rity chal­lenges. “In 2015, we re­vamped the en­tire in­fra­struc­ture ap­pli­ca­tion ar­chi­tec­ture and de­sign in col­lab­o­ra­tion with cris. As far as se­cu­rity is con­cerned we have im­ple­mented var­i­ous tech­nolo­gies to safe­guard the sys­tem; be it fire­wall, or in­tru­sion de­tec­tion sys­tem, or the end­point pro­tec­tion. We have also im­ple­mented the ded­i­cated soc fa­cil­ity. We face a lot of at­tacks on our sys­tem and have been suc­cess­fully coun­ter­ing them. We con­tin­u­ously up­grade the sys­tem in terms of se­cu­rity,” he said.

L to R: Vi­jay Dev­nath, CRIS; Sav­itri Sri­vas­tav, NHPC; AS Rao, ONGC; Rahul Ag­gar­wal, PWC In­dia; Jayant Gupta, HPCL; PK Mukhopad­hyay, Ru­ral Elec­tri­fi­ca­tion Cor­po­ra­tion; Dr Mukesh Arora, BHEL; and Amit Ku­mar, IRCTC

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.