Document Name: Back Story (Latest Information First)events.skoch.in/images/Back-Story-17-May-2019-V1.1.pdf · 3 BFSI Insurance - Life Ashish Shah Star Union Dai-ichi Life Insurance
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
6thCommunication:WhatsAppMessage,16thMay2019Message1:Greetings,youmusthaveseenmymailfromyesterday.Foreasierworking,wearecreatingfourgroups.1)PolicyGroup2)OTGroup3)BFSIGroupand4)ServicesGroup.Thesewouldalsobeformed onWhatsApp. These groups can simultaneouslywork on their areas of expertise. AllCyberPatriotswillbedividedacrossthesegroupsdependingontheirdomainarea.Allkeypapersandinputswouldbesharedacrossgroups.Since,mymailyesterday,IhavereceivedonepaperfromDr.AnupamSaraphandanotheronefromDr.C.MuralikrishnaKumarofNITIAyog.Iamsendingthismessagethroughthebroadcastroute.Themessagewillbesenttoeveryonebuttherepliescomeonlytome.Inthe4functionalgroups,allcommunicationcanbebi-directional.Iwillforwardtheinputsreceivedinthefollowingmessages.Encl(s):
1. Whatarethefeltneedsforcybersecurityfrom:a.CISOPerspectiveb.BusinessPerspectiveThe ability to protectmy relationshipwithmy customer is the number one need from abusinessperspective.Currentexcursionsintooutsourcing,creatingorusingplatformslikeIndia Stack,wheremy customer relationship is completely out ofmy control, are posingenormousrisknotmerelytomydatabuttomybusinessitself.
FromaCISOperspectivetheexcursionsofmyCTOtooutsourcetechnologiesandjoinforums,likeiSprit,wheremysecuritypracticesandbusinessneedscarrynoweightarethenumberone cyber security risk. These companies and forums are not exposed to the loss of mycustomers, my business, its business processes, or even the legal compliances andinternationalbestpracticesinmysector.
2. Whatarethegapsinwhatindustryisoffering?a.Productsb.Servicesc.AdviseThe IT industry isoffering technologyandplatforms for technologybasedauthentication.Howevertheymissthepointthatyoucannotandmustnotoutsourcethemostimportantpartofabusinesstransaction:identificationofthetransactingparties.Thisisthebiggestsecurityholethathasbeenofferedasproducts,servicesandadvise.Itisevidentthattheindustryhasno understanding of business processes or simply don’t care to protectmy business andcustomers.Thefailureoftechnologycompaniestounderstandthatnooneneedstechnologysolutions,theyneedgovernancesupportisalsoabiggapintheirofferings.Intheirfailuretorecognizethatbycausingoutsourcingassolutionstheynotonlydestroymyconnectionwithmycustomers,theyweakenmyabilitytodealwiththeproblemsofmybusiness.
3. Inwhatscenarioscanindustryengagementsincreasevulnerabilities?Asabusiness,Iincreasemyvulnerabilitybyoutsourcingmyrelationshipwithmycustomersorbyalteringmybusinessprocesses to suit theneedsof technologysolutionsofferedbytechnologyvendors.
optimalsolutions?While target pressures definitely cause a push in sales, it is the failure of research anddevelopment in developingmeaningful solutions that has pushed technology as solutionswhenitismostlyaproblem.
IthinkthebigchallengebeforetheRBIGovernoristoundothechangesinbusinessprocessesasa resultof the technologyTrojanhorses thathave invaded thebankingsector.Re-KYC isonewhichisdestroyingcustomerrecordsandcausingfinancialfraudinthefinancialworld.Moneywallets,Aadhaarpayments andUPI are another that are enabling the creationofmoneyandlaunderingofmoney.ThenewCyberSecurityCoordinatormusttakeupthesechallengesasanationalemergencyandensuretheRBI,theECI,theothernationalinstitutionsundertakethedismantlingoftheserisks.Bestregards,Anupam
4thCommunicationE-Mail,29thApril2019DearWelcomeaboard!ItismygreatestpleasuretohaveyouaspartofourcyberpatriotteamthathascometogethertogivethisCyberSecurityInitiativethemuchneededinputs.ItisourpleasuretoannouncethatwehaveflaggedofftheinitiativeformallyonMarch23,2019atConstitutionClubofIndia,NewDelhiwherecyberpatriotsfromdifferentpartsofthecountrybrainstormedanddiscussedtheurgentneedforcybersecurityframeworkinthecountry.However,toensurethatyoudonotmissonanydevelopmentordiscussionsofar,pleaseallowmetowalkyouthroughthetimelinefromthethoughttowherearewesofar.ThethoughtCyberthreatisreal.Soiscyberterrorism.Aswearemakinginroadsinthedigitalworld,wearealso increasing our vulnerability. But how prepared is India against cyber-crimes, cybermonopoliesandinthewakeofapotentialcyberwar?Youwouldbesurprisedtoknowthattherearelessthan1000Indianswiththerequisiteskillsetsandtheabilitytocontribute.ThisiswhentheideaofformingacybersecuritytaskforcegotitsrootsandthatiswhenIdecidedtogetasmanyofthese1,000individualsonboardandyouareoneofthose1000Indianswiththeskill.TheobjectiveThrough this task force, we should be able to identify the various contours of the Indiancybersecurity system through various views likePolicy (national, corporate, individual, etc.);Verticals(financialservices,homelandsecurity,etc.);Technology(AI,IoT,etc),Diplomacyandpointsofmultilateralnegotiations(datalocalizing,etc).Onceweareabletoidentifyanddetailthese,wecanevolveacoherentandpublishasabluebookthatcanbeupdatedperiodically.TheFirstMeetingWeformallygottheballrollingonMarch232019whenallthedelegatesandselectmembersmetforapaneldiscussionfollowedbyaboardroommeetingtodiscusstheactionplan.Pleasefindattached the list and details on the same. The meeting was a mixed bag, given the variedstakeholdersandexpertspresent,withlotofinputs,fewdifferencesandacommonpassiontowork towards this goal. You can access the panel discussion byclicking hereand for theboardroommeeting,pleaseclickhere.Toknowabouttheattendeesfortheabovetwo,pleasecheckattachment.However,togiveyouabriefideaofthe“Worksofar”,herearethepointersfromourfirstmeeting.1. Thedocument,asofnow,isnamed“NationalCyberSecurityStrategyofIndia”.
• Mr Brijesh Singh, Inspector General of Police- Cyber, Maharashtra had a differentviewpointonthetopicandhasbeenrequestedtosharehisinputdocument.
• Everyone has enthusiastically and sincerely agreed to build thisworkforce to a solid1000-membergroupandwillberecommendingresourcepersonsfromthetechnologyandoperations.
Now that you have joined us in this mission, we believe that your expertise will help thisframeworkimmensely.Givenyourbusyschedules,wewillkeepourcommunicationsprimarilythroughe-mails,callsandsoon,andsometimeshavesmallermeetingsatNewDelhiorMumbai.You can contribute through discussions, inputs, write-ups and feedback. Even though yourinvolvement is totally voluntary with no financial or legal liability, it becomes an unsaidresponsibilitytowardsthetreasuretroveofknowledgeandexpertiseyouhaveonthesubject.Wewill lookforwardtoenrichingthisvisionandwitheveryone’sconsortedefforts; thebookshouldbeabletoseethelightofthedaybytheendofthisyear.Iwouldrequestyoutokindlyacknowledgethereceiptatskoch@skoch.in.
3rdCommunication:E-Mail,26thMarch2019DearIamhappytoinformyouthattheCyberPatriotsInitiativedrivenbySKOCHGroupwaslaunchedformallyonMarch23,2019attheConstitutionClubofIndiathroughapaneldiscussion.Youcanwatchthediscussionhere.Thiswasfollowedbythefirstmeetingofthetaskforce.Youcanseethemeetinghere.Thelistofparticipantsisenclosed.Itwasclearthattherearestakeholderswhoseinterestistop-levelpolicy,otherswhowouldliketoseeanoperationsortechnologiesviewetc.Werecognisetheimportanceofalloftheseandpropose to hold meetings consisting of different types of stakeholders to cover all areaseventually.ForthepurposesoffocusthefirstmeetingwasonPolicyIssuesandexaminedsomeoftheareasthatareimportantfromagovernmentperspective.Afterdetaileddiscussions,severaldecisionsweretaken.Theinitialactionsareasfollows:
1. Theworking name for the document would be “National Cyber Security Strategy forIndia.”
i. Facilitiesii. People(skillsandHR)iii. Fundsiv. Systemsv. CompetitiveAdvantagesvi. AreasforUpgradation
d. PolicyGapse. KeyFactorsDrivingFutureCourse(egVirtualisation,5G,AI,IoTetc)f. NeedArticulationfortheStrategy
4. EconomicRationalefortheStrategy
SinceSivaramofPwChadcomepreparedforinputson3above,hewasrequestedtoputtogetheradraftpaper.Hispresentationisenclosed.Similarly, Anjali Kaushik has also done extensive work on Information Security AssuranceFrameworkfore-Governancewasrequestedtosharesomeofherwork.Thedocumentsentbyherisenclosed.AkhileshTutejaofKPMGwasrequestedtoworkonapaperonEconomicRationaleandthecostofnothavingsuchastrategy.
1. VisualiseCyberSecurityDoctrineasabook.2. MakeChapterisationPlan.3. Open for comments and to identify areas that need to be covered in each Chapter. (I
FOR SPONSORSHIP AND EXHIBITION OPPORTUNITIES: [email protected] REGISTER AT delegate.skoch.in skochgroup@skochsameer skochsameer@skochgroup
GOLD SPONSORS
Sameer KochharChairman
SKOCH Group
Kaveree BamzaiFormer Editor, India Today
POST TRUTH PATRIOTISM
Gulshan RaiNational Cyber Security
Coordinator
Cheering our armed forces is essential, but can we also constructively use our
own patriotism to make it more actionable for the nation?
CYBER PATRIOTISMWe need strategy and policies – at the national, corporate and individual levels. We need these across verticals – Fintech, internal security, social and information technology. We need a whole regime of international diplomacy and multilateral negotiations. We are raising a Cyber Patriotism Task Force to write India’s Cyber Security Doctrine.
CORPORATE PATRIOTISMWhat is patriotic corporate conduct? Besides fewer scams, paying taxes honestly, not being a wilful defaulter and not adding to Non-Performing Assets (NPAs) of banks, of course.
ECONOMIC PATRIOTISM MSMEs are the lifeline of the economy. They are a source of livelihood for millions of Indians. MSMEs, including kirana stores, are folding up. On the one hand is the MNC onslaught and on the other is big Indian business wanting to monopolise. We try to create a knowledge
based argument on what needs to change to protect and promote MSMEs.
POST TRUTH PATRIOTISMLies, mistaken beliefs, fake news and erroneous information endanger democracy. Ultimately, each one of us must do what we can at our individual OHYHO� WR�¿JKW�PLVLQIRUPDWLRQ�ZDUIDUH�DQG�safeguard India’s cherished democracy.
57TH SKOCH SUMMIT will serve as a wake-up call to all Indians to remind us of our duties and the fact that patriotism has to be practiced.
www.caii.in www.skoch.inwwwww
���� �� �� ������ ����� �
PRACTISING PATRIOTISM57th
23rd March 2019, Constitution Club of India, New Delhi
Akhilesh TutejaGlobal Co-Leader - Cyber
Security, KPMG
Anjali KaushikProfessor, Management
Development Institute (MDI)
Jaspreet SinghPartner – Cyber Security, AIM
Ernst & Young
Sivarama KrishnanLeader - Cyber Security
PwC
Gautam KapoorPartner, Cyber Security
Deloitte
Brijesh SinghInspector General of Police -
Cyber, Maharashtra
Gautam PandeDirector - Authentication and
Decision Products, Mastercard
Shefali DashFormer Director General,
National Informatics Centre
Shivkumar PandeyCISO
BSE Ltd
CYBER PATRIOTISM
M DamodaranChairman, Damodaran Group and Former Chairman, SEBI
Bhaskar ChatterjeeFormer Secretary
Government of India
Deepali Pant Joshi,Distinguished Fellow, SKOCH &
Former ED, RBI
Kishore SansiDistinguished Fellow, SKOCH & Former MD & CEO, Vijaya Bank
Rajeev Kumar Agarwal,Former Whole Time Member
SEBI
Rajkiran Rai GManaging Director and CEO
Union Bank of India
Saurabh ChandraChairman, MCX and Former
Secretary, Government of India
CORPORATE PATRIOTISM
Anil BhardwajSecretary General
FISME
Dilip ChenoySecretary General
FICCI
Priyanka MokshmarChairman and Managing
Director, Vaayu India
Mahavir LunavatGroup MD, Pantomath Capital
Advisors Private Limited
Shubhashis GangopadhyayManaging Trustee & Research
1stCommunication:IntroductoryLetter,February2019DearPatriotismcanbegut-wrenching!Youwanttodosomethingforthecountry,butdon’tknowhowto?India is being bled through amillion cuts. Not all of them are physical. Our cybersecurity isconstantly under attack from within the country and outside. As we move on to digitiseeverything, conventional armieswill be replaced by cyber armies and criminalswill becomecybercriminals.ThisgotmethinkingonthelevelofpreparednessofIndiaasacountryagainstcybercrime,cybermonopoliesandthethreatofapotentialcyberwar.Ispoketotheindustry,theassociations,thegovernment,thethink-tanks,socialnetworksetc.toputtogetheradatabaseofpeoplewhocanmeaningfullycontribute.Youwillbeshockedtoknowthattherearelessthan1,000Indianswiththerequisiteskillsetstoevencomprehendwhatisrequiredtobedone.Throughmyresearch,yournamecameupasoneofthose1,000Indians,whohaveboththeskillandtheabilitytocontribute;whichislessthan.0001%ofourpopulation.Thequestiontoyouthenis,wouldyou?Iinviteyoutoparticipateinagreatnationalsecurityinitiative.Wehavesetupadiscussiongrouponcybersecuritywiththefollowingobjectives:
• MrSivaramaKrishnan,Leader,CyberSecurity,PricewaterhouseCoopersPvtLtd• Mr Ankush Chowdhary, Principal Security Advisor, Asia Pacific Japan, Amazon Web
Given the time pressures on experts such as yourself, our attempt is to hold most of thediscussions remotely through email, calls, online and so on. There may be smaller groupdiscussionsheldatDelhi,Mumbaietc.togetsomefacetime.Basedonthese,someofthemembersmaywishtocontributepapersandotherstocritiqueandmakesuchinputsbetter.Yetothersmaycontributetotheknowledgerepositoryandsharebestpractices.AsIndiacelebratesthe73rd IndependenceDay,oureffortswouldcometogetherasanationalconsultationonAugust17,2019,atConstitutionClubofIndia,NewDelhientitled“CyberPatriotsConvention”.ItwillbethebiggestgatheringofIndiancyberexperts.Basedonthepapers,discussionsandtheconference,thefirst“IndianCyberSecurityDoctrine”wouldbepublishedasabook.The relevant stakeholders from the government, policymaking, civil society etc. would beengagedtomakeourworkameaningfulandactionableinput.
Q:WhatdoIhavetodo?A:Beinvolvedinconsultationsanddiscussions.Contributethroughinputsorwrite-ups,ifyousodesire.Q:Whatisthenatureofthisinvolvement?A:Theinvolvementispurelyvoluntarywithoutanyfinancialorlegalliability.Q:HowmuchtimedoIneedtocommit?A: Whatever can fit into your day-to-day schedule, while being patriotically justifiable.Leavingasidepaperwriting,thismayamountto4-5mandaysspreadoveraone-yeartimeperiod.Q:Whatisinitforme?A:Besidesthegreatsatisfactionofhavingservedthecountry,thisisahighvisibility,highimpactexercisewherethememberswillreceivenationalpublicityandmayevenqualifyfortheprestigiousSKOCHCyberPatriotAwardonthebasisofthecontributionsmade.