Published: July 22, 2013 00:25 IST | Updated: July 22, 2013 04:31 IST
NSA scoffs at Indian Prism, favours cooperation on cyber security
The HinduNational Security Advisor Shivshankar Menon has advocated formulating ground rules for cooperation which would help India succeed in obtaining Internet information from major powers such as the U.S. that control much of cyber space. File photo
Acknowledging that better indigenous snooping capabilities may not be enough to protect India’s cyber security, National Security Advisor Shivshankar Menon has advocated formulating a set of “standard operating procedures” (SOPs) — ground rules for cooperation which would help India succeed in obtaining Internet information from major powers that control much of cyber space.
In an internal note focusing on the cyber security challenges that India faces today and the way forward, Mr. Menon has said that apart from striving to augment its own capabilities, India needs to counter cyber warfare/terrorism through international cooperation rather than go it alone, particularly when attacks, espionage and anarchy in cyber space would remain a reality for a long time to come.
Stating that international cyber space was today an “anarchic, lawless domain”, Mr. Menon noted: “Instead of chasing a chimera and tying our prestige to it, it would be better to use our cyber security dialogues and international cooperation to achieve practical results…We might press partners for the sharing of data harvested from Indian users and sites, the purposes for which they were used, and the legal basis on which the acquisition was authorised. A practical goal would be to seek SOPs for security cooperation in cyber space with other major IT powers, rather than attempting grand pursuits.”
Noting that the U.S. and U.K. agencies and ISPs were “extremely stingy” in sharing information, Mr. Menon says: “When we seek data about or action against malicious or criminal activity, the US government and ISPs plead inability to respond due to privacy laws, as we found when social media were used to create panic and drive out North-Easterners from south and west India last summer.”
http://www.thehindu.com/news/national/nsa-scoffs-at-indian-prism-favours-cooperation-on-cyber-security/article4938279.ece?homepage=true
NSA Prism Leak Forces Countries to Step up Cyber Security
(Photo: Reuters)
NSA Prism Leak Forces Worldwide Countries to Bolster Cyber Weapons - Reuters
NSA Prism Leak Forces Worldwide Countries to Bolster Cyber Weapons - Reuters
The stunning leak by National Security Agency (NSA) whistleblower Edward Snowden has forced many countries to beef up their cyber security.
Germany is considering a €100m (£84.86m) revamp plan for its intelligence agency BND that includes strengthening its cyber wing, according to Der Spiegel.
The Federal Intelligence Service is likely to expand its internet surveillance to monitor communications both within and outside the country.
The agency intends to recruit 100 new cyber experts while at the same time increasing its server capacities to fortify its cyber defence.
German Interior Minister Hans-Peter Friedrich told the daily: "We have to balance out a loss of control over the communication of criminals through new legal and technological means. Of course our intelligence agencies also have to be present on the internet."
India, the fifth most tracked country by the NSA, is also putting in place measures to plug leaks at a cost of nearly rupees10bn (£110m).
New Delhi has announced that it would launch a multi-agency body, known as the National Cyber Coordination Centre (NCCC), to ramp up cyber security.
"The NCCC will collect, integrate and scan [internet] traffic data from different gateway routers of major ISPs at a centralised location for analysis, international gateway traffic and domestic traffic will be aggregated separately ... The NCCC will facilitate real-time assessment of cyber security threats in the country and generate actionable reports/alerts for proactive actions by the concerned agencies," said a secret government note, according to the Indian daily, The Hindu.
"The proposed cyber security architecture envisages setting up a National Cyber Coordination Centre [NCCC] which would be a multi-agency body under Department of Electronics and IT," added the note. The proposed agency will have on board all the country's top intelligence units.
Even before the NSA leak, Iran and Israel had stepped up their cyber security.
To report problems or to leave feedback about this article, e-mail:v.sridharan@ibtimes.com
To contact the editor, e-mail: editor@ibtimes.co.uk
To contact the editor, e-mail: editor@ibtimes.co.uk
Published: June 21, 2013 02:01 IST | Updated: June 21, 2013 16:14 IST
India’s surveillance project may be as lethal as PRISM
Project documents relating to the new Centralized Monitoring System (CMS) reveal the government’s lethal and all-encompassing surveillance capabilities, which, without the assurance of a matching legal and procedural framework to protect privacy, threaten to be as intrusive as the U.S. government’s controversial PRISM project.
These capabilities are being built even as a debate rages on the extent to which the privacy of Indian Internet and social media users was compromised by the PRISM project. A PIL petition on the subject has already been admitted by the Supreme Court.
The documents in the possession of The Hindu indicate that the CMS project now has a budgeted commitment nearly double that of the Rs. 400-crore estimate that senior officials mentioned in a recent briefing to the media. Once implemented, the CMS will enhance the government’s surveillance and interception capabilities far beyond ‘meta-data,’ data mining, and the original expectation of “instant” and secure interception of phone conversations.
The interception flow diagram, hitherto under wraps, reveals that the CMS being set up by C-DoT — an obscure government enterprise located on the outskirts of New Delhi — will have the capability to monitor and deliver Intercept Relating Information (IRI) across 900 million mobile (GSM and CDMA) and fixed (PSTN) lines as well as 160 million Internet users, on a ‘real time’ basis through secure ethernet leased lines.
The CMS will have unfettered access to the existing Lawful Interception Systems (LIS), currently installed in the network of every fixed and mobile operator, ISP, and International Long Distance service provider. Mobile and long distance operators, who were required to ensure interception only after they were in receipt of the “authorisation,” will no longer be in the picture. With CMS, all authorisations remain secret within government departments.
This means that government agencies can access in real time any mobile and fixed line phone conversation, SMS, fax, web-site visit, social media usage, Internet search and email, including partially written emails in draft folders, of “targeted numbers.” This is because, contrary to the impression that the CMS was replacing the existing surveillance equipment deployed by mobile operators and ISPs, it would actually combine the strength of two — expanding the CMS’s forensic capabilities multiple times.
Even where data mining and ‘meta-data’ access through call data records (CDRs) and session initiation protocol data records (SDRs) — used for Internet protocol-related communications including video conferencing, streaming multi-media, instant messaging, presence information, file transfer, video games and voice & fax over IP is concerned — the CMS will have unmatched capabilities of deep search surveillance and monitoring. The CMS is designed to have access to call content (CC) on multiple E1 leased lines through operators ‘billing/ mediation servers’. These servers will reveal user information to the accuracy of milliseconds, relating to call duration, identification and call history of those under surveillance. Additionally, it will disclose mobile numbers and email IDs, including pinpointing the target’s physical location by revealing cellphone tower information.
Nationwide surveillance
The Hindu’s investigation has also unveiled the mystery relating to the CMS’s national rollout. Contrary to reports about it being active nationwide, only Delhi and Haryana have tested “proof of concept” (POC) successfully. Kerala, Karnataka and Kolkata are the next three destinations for CMS’s implementation. Till 2015, two surveillance and interception systems will run in parallel — the existing State-wise, 200-odd Lawful Intercept and Monitoring (LIM) Systems, set up by 7 to 8 mobile operators in each of the 22 circles, plus the multiple ISP and international gateways — alongside the national rollout of CMS. The aim is to cover approximately one dozen States by the end of 2013-14.
On November 26, 2009, the government told Parliament that CMS’s implementation would overcome “the existing system’s secrecy which can be easily compromised due to manual interventions at many stages.” In January 2012, the government had admitted to intercepting over 1 lakh phones and communication devices over a year, at a rate of 7,500–9,000 per month.
Privacy vs. security
Currently two government spy agencies — the Intelligence Bureau (IB), and the Research and Analysis Wing (RAW) — plus seven others, including the Central Bureau of Investigation (CBI), the Narcotics Control Bureau, DRI, National Intelligence Agency, CBDT (tax authority), Military Intelligence of Assam and JK and Home Ministry — are authorised to intercept and monitor citizens’ calls and emails, under the guidelines laid down by the Supreme Court, The Indian Telegraph Act 1985, Rule 419(A) and other related legislation.
Given the major technological advancements in monitoring and enhanced forensic capabilities in surveillance, coupled with the change in procedure which mandates the interception authorization to be kept secret between two government departments with no scope of a transparent public disclosure of who is being monitored, for what purpose and for how long, privacy and free speech activists are protesting and raising many questions. The government, meanwhile, is proceeding undeterred.