Securing your digital transformations
partner, cyber security, Pwc india, said that the government is pushing digital india and digital payments and emphasising on smart cities. A lot of technologies are also coming in like Blockchain, Artificial Intelligence and Google Assistant. “We are evolving very fast from a technology perspective,” he said, adding, “We have figure out how we will take care of privacy and security. We have to create a right balance of convenience, automation and security. What are the various controls that we are giving to build trust and comfort and assurance to consumers?”
executive director-ciso, oil & natural Gas corporation ltd, said that security is a challenge and one must continuously evolve in that area. “We are in the process of finalising the last phase of enterprise-wide isoc. We are going to substitute our existing sim tool and are also going to install TAM and other tools in a few months from now,” he said.
chief general manager- is infrastructure & security, Hindustan Petroleum corporation ltd, gave a mixed perspective on OT. “Five years back, the field was pretty ok for us as it was an isolated area and not much of interaction was happening with SCADA. The moment you joined that network threats on the normal network started flowing on OT network,” he said.
He further said that Hpcl is working with some ot companies and has been able to convince them for letting some of the controls built in.
Dr Mukesh Arora,
GM, corporate it, Bhel, said that Bhel has more than 25,000 endpoints spread around manufacturing units, regions, sites and customers. “Till last December we had 10-11 layers of endpoint security that were consolidated. now we have a better control of the central server to distributed server and then to the endpoints. We have been doing the internal audits before security audits by the government agencies. in last December we had also set-up our soc (security operation centre) which will monitor the internet traffic in the first phase and in the second phase will monitor email and other traffic across the unit. We have formed Bhel-cert for emergency resposne,” he said.
general manager (IT), Rural Electrification corporation ltd, talked about the other aspect of security which is the user. He said that security has two parts; one is technology and other is the user. “If users are not fully trained the security cannot be implemented properly. so in
addition to technology, users should be made aware of the impact of security and its importance,” he said.
general manager (it) and ciso, nhpc ltd, said that the organisation has 21 power stations and most of them have SCADA in place. “Not only it we have ot too. We have projects in all Himalayan ranges in remote areas where there are connectivity issues. Hence it is difficult to get data. We have connected all these locations through Mpns lease lines,” she said. Highlighting that people too are strong and weak security links, she said that any breach can happen by a mistaken click on any wrong email or attachment.
Power sector is considered as a critical infrastructure. “We are getting support from our government partners like cert-in, nci/nec. They are sending guidelines and advisory regularly. The ministry has set up sectoral certs also. We are given the responsibility of providing guidelines to other nodal agencies,” she said.
general manager (infra & security) & ciso, cris, said that the entity is upgrading its signalling system by using a lot of specialised it system as safety is very important. But the systems are not available for upgrades 24X7. “We are not able to take even a block of few hours to upgrade or replace them,” he said.
“We have 13 lakh employees who need to be made aware and approx 3.5 lakh endpoints to look after. even a centralise soc is out of the question in our case. so we have a plan to have 16 SOCS in different railways zone and then the central soc will look after. But just by making employees aware will not help. The awareness has to be backed up by bringing in the information, technology and security into the curriculum of the employees (in staff colleges),” he said.
it manager & ciso, irctc, said that irctc is known more for its ticketing service with a huge volume. it is the largest e-commerce platform and therefore has many security challenges. “In 2015, we revamped the entire infrastructure application architecture and design in collaboration with cris. As far as security is concerned we have implemented various technologies to safeguard the system; be it firewall, or intrusion detection system, or the endpoint protection. We have also implemented the dedicated soc facility. We face a lot of attacks on our system and have been successfully countering them. We continuously upgrade the system in terms of security,” he said.
L to R: Vijay Devnath, CRIS; Savitri Srivastav, NHPC; AS Rao, ONGC; Rahul Aggarwal, PWC India; Jayant Gupta, HPCL; PK Mukhopadhyay, Rural Electrification Corporation; Dr Mukesh Arora, BHEL; and Amit Kumar, IRCTC