State Governments' War Against CybercrimeCyber Labs, CERTs Will Play Critical Roles
Following cyberattacks on public and private organizations, state governments in India are rolling up their sleeves to fight cybercrime.
For example, Maharashtra Chief Minister Devendra Fadnavis announced the "Maharashtra Cyber Project" on Independence Day, planning 51 cyber labs across districts providing technical and forensic investigation support to the cyber police. The project also will launch a computer emergency response team, or CERT.
Three other states - UP, Karnataka and Kerala states - that have already set up cyber labs intend to scale up and emulate the Maharashtra model.
In the Maharashtra project, "the labs will be equipped to analyze mobile forensic and call detail records," Fadnavis says. "Totally, 51 labs will be started across the state, expected to be completed by December 2016."
Security leaders from law enforcement and business enterprises welcome Maharashtra's move, while acknowledging the challenges the program entails.
Bangalore-based Sanjay Sahay, additional director general of police-cybercrime for the Karnataka Police, says the project will be effective only when law enforcement officers understand how to leverage cyber lab capabilities. "The key challenge is finding the right resources and capabilities to develop a defensive forensic and incidence response mechanism and auditing capabilities to defend against growing hacktivism," Sahay says.
The Cyber Project
Although Fadnavis only recently announced the initiative, the Maharashtra government already has been issuing tenders for hardware and software tools and other infrastructure.
Sources say that so far, 34 labs already have been set up. The state has trained 1,000 personnel who'll be assigned jobs at these labs and get regular updates on the latest technologies.
Brijesh Singh, inspector general (cyber), says the labs will analyze evidence, including CCTV footage, call data records, retrieved files that criminals had deleted from gadgets, retrieved bank records and links traced and hacked by fraudsters.
"The cyber force ... will help create forensic reports of the technical evidence collected in offences," Singh says.
Maharashtra police is collaborating with the Centre for Development of Advance Computing, CERT-In, Department of Electronics and IT and Department of Telecom, to identify a system integrator and value service provider to carry out the functions.
Maharashtra will establish a CERT along the lines of CERT-In with experts from the Army, Navy, Defence Research Development Organization and other cybersecurity agencies. Sources at the state's police headquarters declined to divulge details on CERT's role and cyber labs functions.
Maharashtra is investing $118 million in its project, far more than other states have invested so far.
By comparison, Lucknow-based Dr. Triveni Singh, additional superintendent of Police, at UP Police, says UP has established 27 cyber labs across districts, investing more than $2.5 million to build forensic investigation capabilities.
"We've created training modules for the police force in coordination with the Central Bureau of Investigation for cyber forensics, investigation and telecom interception, and they are also trained under CBI," Singh says.
Delhi-based Data Security Council of India initiated setting up cyber labs in about five to six states way back in 2011 as part of its private-public partnership.
Vinayak Godse, DSCI's senior director, says the council partnered with state police and DeitY to set up labs across Mumbai, Pune, Bangalore and Kolkata for cybercrime investigations and standardized training material for law enforcement.
"We trained over 55,000 police personnel in cyber forensics and evidence gathering," Godse says.
Telangana rolled out its new cybersecurity policy early this year, emphasizing involving and training law enforcement.
Recently, Andhra Pradesh's chief minister, N. ChandraBabu Naidu, worked with Nasscom and DSCI to roll out a draft cybersecurity policy. Sources say that state will come launch a CERT to drive public-private partnership.
The key challenge in establishing cyber labs is creating a sustenance model to ensure the ability to scale up capabilities as needed.
"It's critical to sustain them with enhancement in new techniques and procedures to tackle new risks; this means new investments," Godse says.
Three key challenges in establishing and operationalizing these labs, security experts say, are:
- Establishing robust technological framework in gathering evidence and investigation;
- Gaining access to information about data thefts and hackers both inside and outside of India;
- Dealing with a lack of clarity in Indian law regarding how to punish cybercriminals.
"It's a challenge to get trainers to train the police on key skills like forensics, evidence gathering, log management, data mining etc., unless there's an effective public and private partnership model in place," notes Rakshit Tandon, cybersecurity adviser to the Uttar Pradesh Police Task Force.
Sahay says gaining the necessary expertise is expensive. For example, he notes, "Hiring an expert to audit the website during website defacement means about $70,000 for a small activity."
Role of CERTs
Some security practitioners contend that because the government doesn't have an effective model for leveraging public and private partnerships in its sustenance program, the proposed CERTs will need to develop an effective program seeking private enterprises to hire talent to train law enforcement groups.
The Kerala State Police has already commissioned a CyberDome - a high-tech cybersecurity and innovation centre, via public/private partnership, to tackle cybercrime.
CyberDome is envisioned as a primary monitoring unit for the internet and the nodal centre for policing social networking sites and anti-terror activities, says Manoj Abraham, inspector general of police and nodal officer for the Kerala Police.
Some security experts argue that state governments should support private sector for cybersecurity through effective public-private partnership models with clearly defined roles.
"It's not an investment in high-tech infrastructure that's required; empowering the state academy and having an incentive program for private parties to build skills of these police groups is critical," Tandon says.