Communication and co-ordination critical to cyber breach response: Dr Sanjay Bahl, CERT-in
Dr Sanjay Bahl, Director General, Indian Computer Emergency Response Team (CERT-in) cites few examples of using a communication and co-ordination strategy to neutralise breach incidents. He was speaking at the FINSEC Conference 2018 organised by DSCI in Mumbai
Communication and Co-ordination (C&C) is critical to incident response and mitigating crises. The research community, CISOs, product vendors, media, doing webcasts, call centre handling are the mediums through which CERT-in is constantly communicating and co-ordinating with multiple stakeholders. All these mediums of engaging with the multiple stakeholders were adequately used during the spate of ransomware attacks last year.
A recent breach incident of a bank’s SWIFT network was neutralised swiftly by a seamless (C&C) strategy adopted by CERT-in.
SWIFT has considerably raised the alertness level by constantly monitoring the activities on the network in the aftermath of the spate of incidents of breach of the SWIFT network. “The efforts paid of when SWIFT alerted a major bank in India about a possible breach of their SWIFT network,” cites Dr Sanjay Bahl, Director General, CERT-in. However SWIFT wasn’t able to reach out to the bank; but because of the CERT-in’s relationship with various vendors, agencies, they were able to contact CERT-in, which further alerted the bank. They acknowledged the breach, after which due to proper triangulation between SWIFT, bank and CERT-in, the breach was plugged. This wouldn’t have been possible without proper communication and co-ordination.
The Intel issue about the Spectre and Meltdown vulnerabilities could have been handled better with proper (C&C) – it was a massively failure.
CERT-in follows a white, green, red, and amber alert system to raise the alarm in case vulnerabilities are exposed. Alerts were sent to more than 300 organisations after the recent vulnerability was exposed in the devices from Cisco. CERT-in also issued an advisory on the website the next day. The communication was delivered and action was taken from CERT-in. On the contrary, “Cisco failed in its C&C strategy. The product vendors are not yet geared to handle issues and challenges from an issues and challenges from a crises perspective. Probably they never anticipate that they can be at the receiving end,” states Bahl.
On the technology side, similar to the Ransomware incidents, there is clarity on how they can be handled and also on the process side with the SWIFT incidents. “The products side is the weakest link currently.” Bahl points out.
Globally, breach incidents do result in a market impact. Gradually, India will also be subjected to similar impact after incidents of breach.
In case of a breach incident, it’s important to report to the required authorities – to the company’s board and to the RBI in case if the affected party is in the financial sector. The board should pull up the company, in case if they are not reported about the incident.
These views were expressed in a panel discussion at the FINSEC Conference 2018 organised by DSCI in Mumbai. The other panelists include Nandkumar Saravade, CEO, ReBIT; Kiran Shetty, CEO, SWIFT India and Anup Dhingra, FINPRO & Private Equity and M&A Leader, Marsh.