Mumbai, October 26: In an increasingly interconnected world, the realm of cyberspace has become an integral part of our daily lives. As our reliance on digital technology continues to grow, so does the need to protect our data and systems from a wide range of threats. Cybersecurity is the discipline dedicated to defending the public domain and private interests from malicious actors seeking to exploit vulnerabilities in the digital landscape. This ever-evolving field employs a combination of technology, policies, and best practices to ensure the confidentiality, integrity, and availability of information in the public domain.
Join Mr. Some Nath Kundu who is the Deputy General Manager & Alternate CISO for NTPC Limited is in conversation with Mr. Marquis Fernandes, who spearheads the India Business at Quantic India ,as they delve into the dynamic world of cybersecurity, where vigilance, innovation, and collaboration are essential to securing the digital frontier.
Mr. Some Nath Kundu, a distinguished cybersecurity professional, is the Alternate Chief Information Security Officer (CISO) at NTPC Limited, a prominent public sector enterprise in India. With nearly 18 years of experience, he excels in operational technology (OT), cybersecurity, risk management, and digital transformation. His expertise spans Secure Access Service Edge (SASE), Zero Trust Network Access (ZTNA), and policy development. Renowned for his end-to-end cybersecurity solutions, Mr. Kundu’s leadership and insights have significantly impacted the field, especially within critical information infrastructure (CII) and digitalization. His educational background includes a B.Tech. And B.Sc., complemented by a rich tapestry of certifications, cementing his reputation as a cybersecurity authority.
What drives and sustains your motivation to pursue a career in cybersecurity, considering the evolving challenges and constant advancements in the field?
My motivation to pursue a career in cybersecurity is deeply rooted in a combination of my insatiable passion, hunger to grow, professional fulfilment, ethical considerations associated with a cybersecurity career and a profound sense of responsibility. One of the core drivers is the desire to protect assets of national importance. In a world where digital threats are constantly evolving and cyberattacks can have far-reaching consequences, the need for cybersecurity has never been more critical. The idea that my work in cybersecurity can contribute to safeguarding individuals, organizations, critical information infrastructure and society as a whole is a powerful motivator. Moreover, the ever-evolving nature of the cybersecurity landscape serves as a perpetual motivator. The challenges presented by rapidly changing threats and technological advancements each day brings new opportunities to learn, adapt, and innovate. Cybersecurity is like a game of cat and mouse. The adversaries are constantly evolving their tactics, and as defenders, we must stay ahead in the race. This requires a deep understanding of technology, an ability to think critically and creatively, and a commitment to staying current with the latest cybersecurity trends. Furthermore, the cybersecurity community is a source of inspiration and motivation. It’s a global network of professionals who share knowledge, experiences, and insights. The collaborative nature of this community fosters a sense of camaraderie and support, making it easier to navigate the challenges of the field. It’s reassuring to know that there are fellow professionals who are just as passionate and dedicated to the cause.
How can the team identify and fix vulnerabilities in critical systems, and what methods work best for this?
Identifying and fixing vulnerabilities in critical systems is a crucial aspect of maintaining cybersecurity. The process involves a combination of systematic assessment, advanced tools, and vigilant practices. The first and foremost job is compliance to statutory, regulatory requirements, Industry standards and complying to the objectives, mission & goal of the organization. The other processes comprise of Inventory and Asset Management, Configuration Management including segmentation into zones and conduits, Threat Intelligence, internal & external Vulnerability Scanning & Penetration Testing, Risk Assessment, applying countermeasures, System, software & application hardening, anti-malware protection, whitelisting, access control, continuous monitoring and Regular Review & Improvement. It’s important to document all identified vulnerabilities, their severity, and the steps taken to remediate them. Closure of all security audits is to be ensured. Also strategic and tactical measures should include replacement of obsolete legacy systems phase wise with Security by Design Cyber Physical Systems implementing Defence in Depth architecture. In addition to the use of technology and strengthening the process, the most effective and best method is the training, awareness and upskilling of the people. It’s important to recognize that cybersecurity is an ongoing process, and staying proactive and vigilant is key to maintaining the security of critical systems.
How is machine learning and AI being used in the public sector to make its cybersecurity better and find new threats in important systems?
Machine learning (ML) and artificial intelligence (AI) are increasingly being integrated into the Indian public sector to enhance cybersecurity efforts and identify emerging threats in critical systems. Typical use cases are:
Anomaly Detection: ML algorithms are used to establish baseline behaviour for network traffic, system activity, and user behaviour. Any deviations from these baselines can trigger alerts for potential security threats. This helps in the early detection of abnormal activities, such as unauthorized access or data breaches.
Threat Intelligence: AI-powered tools gather and analyze vast amounts of threat intelligence data from various sources, both within and outside India. This data along with customized feeds from CERT-In & NCIIPC, helps in identifying new threats, malware, and attack patterns.
Predictive Analysis: ML models can analyze historical attack data and patterns to predict future threats. By identifying trends and potential vulnerabilities, public sector organizations can take proactive measures to mitigate risks.
Malware Detection: ML algorithms can scan files and network traffic for signs of malware, including zero-day threats. This real-time analysis helps in preventing the spread of malware within systems.
Behavioural Analytics: AI-driven behavioural analysis tools monitor user and system behaviour to detect anomalies or suspicious activities. For instance, they can identify users accessing sensitive data during non-business hours or multiple failed login attempts.
Security Information and Event Management (SIEM): SIEM systems with ML capabilities can process and correlate large volumes of security data from diverse sources. They provide a holistic view of the security posture and help in identifying threats across the government’s IT infrastructure.
Training and Awareness: AI-driven cybersecurity training and awareness programs are being developed to educate government employees about best practices, common threats, and how to recognize phishing attempts.
How do you ensure end-to-end cybersecurity, and what holistic strategies have you found most effective in safeguarding critical infrastructure against cyber threats?
Ensuring end-to-end cybersecurity and safeguarding critical infrastructure against cyber threats require a comprehensive and holistic approach. It starts with the need for enhanced GRC (Governance Risk & Compliance) including third party Governance, having well identified Strategic and tactical security plans. Organizations, based on the mission, vision and objective should have good Business Continuity Plan with Business Impact Analysis, Incident Response Plan and Disaster Recovery plan, Cyber Crisis Management Plan to ensure the continuous functioning of essential services. The ability to swiftly recover from cyber incidents is crucial in maintaining essential services. All business process of an organization can’t be critical. Hence identification of Critical Information Infrastructure and then protecting the crown jewels using Physical, administrative and logical/ technical security controls is the ultimate target. The Cyber Resilient design, implementation, maintenance and operation part comprises of Asset Inventory and Classification, understanding the Risk appetite of the organization & setting a target security level, Vulnerability Analysis and risk assessment. Once risks are identified and prioritized, either mitigating, transferring (cyber insurance) or terminating these risks is of utmost importance. Mitigation of risk is being carried out by using different countermeasures, upgradation or renovation of legacy systems, implementing security by design (supply chain security) & security by obscurity, periodic patch management, backup & recovery. Assessing and managing the cybersecurity risks posed by third-party vendors and contractors who have access to critical infrastructure is also very critical. Requirement is to ensure that contractual agreements include cybersecurity testing, certification & compliance to different relevant standards’ requirements. People being the weakest link in the People process & Technology chain, training employees and contractors in security best practices, emphasizing the role they play in safeguarding critical infrastructure is the most critical and also the most effective measure. The idea is to promote a culture of cybersecurity awareness throughout the organization. Conducting regular drills and exercises to test the effectiveness of the plans. Documentation, reporting, continuous review of the existing system and updating the live documents with findings and solutions is also a key element.
Can you share a key lesson or best practice in effectively responding to and analysing cybersecurity incidents to improve overall security posture?
Certainly, one key lesson in effectively responding to and analyzing cybersecurity incidents to improve overall security posture is the importance of a well-prepared and coordinated incident response and recovery plan. Preparedness is the Foundation of Effective Incident Response and recovery. The best Practice is to develop and maintain a Comprehensive Incident Response and recovery Plan.
Preparation is Key: The first and most crucial step in incident response and recovery is preparation. Organizations should have a well-documented incident response and recovery plan (both IR & DR) in place before an incident occurs. This plan should be regularly updated to account for emerging threats and changes in the organization’s infrastructure.
Cross-Functional Team: Establish a cross-functional incident response team comprising members from IT, security, legal, public relations, and operation & maintenance executives. Clearly define roles and responsibilities for each team member to ensure a coordinated response.
Define Incident Categories: Categorize incidents based on severity and impact to prioritize response efforts. This helps in allocating resources effectively and responding promptly to critical incidents.
Clear Communication Protocols: Develop communication protocols for notifying relevant stakeholders, both internally and externally. Ensure that all team members know who to contact in the event of an incident and what information needs to be communicated.
Containment and Eradication: Implement procedures for containing and eradicating the incident while minimizing further damage. This may involve isolating affected systems, disabling compromised accounts, and patching vulnerabilities.
Evidence Preservation: Emphasize the importance of preserving digital evidence. Document all actions taken during the incident response process to support potential legal or forensic investigations.
Continuous Monitoring: Maintain continuous monitoring of the incident as it unfolds. Monitor network traffic, logs, and endpoints to identify any signs of persistent threats or additional compromises.
Post-Incident Analysis: After the incident is resolved, conduct a thorough post-incident analysis, often referred to as a “lessons learned” or “after-action” report. This analysis should focus on understanding how the incident occurred, what data or systems were affected, and what improvements can be made to prevent future incidents.
Documentation and Reporting: Document all findings and lessons learned during the incident response process. This documentation is invaluable for improving the organization’s security posture and for regulatory compliance purposes.
Continuous Improvement: Use the insights gained from the post-incident analysis to update and improve the incident response plan, security policies, and preventive measures. This iterative process ensures that the organization becomes more resilient to future threats.
Training and Simulation: Regularly train the incident response team and conduct tabletop exercises or simulations to test the effectiveness of the response plan. These exercises help identify gaps and areas that need improvement.
Collaboration and Information Sharing: Collaborate with other organizations and industry peers to share threat intelligence and incident details. This collective sharing of information can help prevent similar incidents across the industry.
How are public sectors foreseeing the future of Cyber Security in their realm with challenges revolving around them?
Indian public sectors are proactively shaping the future of cybersecurity in light of the multifaceted challenges that surround them. The following strategies and considerations are at the forefront as they anticipate the future of cybersecurity:
Digital Initiative and Cloud Adoption: With the Government’s ambitious Digitization program and the wave of Industry X.0, the public sectors are witnessing a rapid digitization of services and data. As a response, the focus is on integrating robust cybersecurity measures into this digital transformation, recognizing the increased cyber challenges it presents. Also Cloud adoption, particularly for the less critical processes, is on the rise in the public sector, be it Private, public or Hybrid cloud, offering scalability and cost-efficiency. However, securing data and services in the cloud is a priority. They foresee the need for cloud-native security solutions and a strong emphasis on data encryption and access control.
Critical Information Infrastructure Protection: Safeguarding critical information infrastructure, including power & energy, transportation systems, healthcare facilities, Banking & Financial Services, Information & Telecommunication Services, Space, Defence services is paramount. Public sectors foresee the need for enhanced GRC (Governance Risk & Compliance) having well identified Strategic and tactical security plans. As more and more new disruptions are likely to come with the technological advancements (e.g. IIoT, 5G, Gen AI, Quantum computation) Public Sectors need good Business Continuity Plan with Business Impact Analysis, Incident Response Plan and Disaster Recovery plan to ensure the continuous functioning of essential services. The ability to swiftly recover from cyber incidents is crucial in maintaining essential services.
Threat Intelligence and Collaboration: Working towards reaching a common goal of Cyber resiliency as a greater good, rather than working for competitive age, there is an increasing emphasis on sharing, gathering and analyzing threat intelligence. Collaboration between government agencies, industry partners, System Integrators, Service Providers, OEM and international bodies is viewed as essential to keep pace with emerging cyber threats.
Data Privacy and Regulatory Compliance: India’s Digital Personal Data Protection Bill and other data privacy regulations are driving public sectors to prepare for stringent compliance. The future entails robust data protection measures and governance practices to protect sensitive information. With cybersecurity regulations and standards becoming more stringent, public sectors are investing in compliance efforts.
Supply Chain Security, third party Governance and Security by Design: Public sectors are paying increased attention to supply chain security and third party Governance. They recognize that vulnerabilities in the supply chain can be exploited by attackers. They are implementing measures to assess and secure the supply chain, especially for critical infrastructure. The impetus is on Security by Design using trusted make and model products through trusted vendors. The target is to increase use of self-reliant Atmanirbhar technologies to reduce dependencies on others.
To know more about us / publish your article, reach us at
www.quanticindia.com
marquis@quanticindia.com
