AI critical to manage cyber security in a connected world, Dr Amar Kumar Mohapatra, Chief Technical Advisor, Delhi Police
The connected systems will throw a lot of data. The security patterns have to be deciphered out of that data, which can only be possible with advanced AI and ML. The future of cyber security thus should not be based on legacy systems but AI and ML having a predictive nature
How do you see the future of Cyber Security
The future of cyber security is very complex and challenging because of the widening sprawl of connected IT systems. The smart cities mission and the usage of IoT, connected systems like CCTV cameras throw a lot of data. The security patterns have to be deciphered out of that data, which can only be possible with advanced AI and ML. The future of cyber security thus should not be based on legacy systems but AI and ML having a predictive nature.
As far as the policy, audit and compliance is concerned, adequate monitoring mechanisms should be included to ensure security. We should get rid of the perimeter security approach to adopt the defense-in-depth strategy. A sandbox environment should thus be created at the university and organisational level.
In the times of the pandemic, the importance of the end-point has become very important. How important is the end point in your opinion.
The cyber security breaches skyrocketed during the pandemic. In securing the end points, the signature based solutions are not sufficient. An endpoint security mechanism can help in detecting and even preventing the breaches. The endpoint has the door to your data center. The hacker can get into your endpoint and then to your network followed by the data center.
The city surveillance project, under the smart cities mission involves a large scale CCTV deployment. One of the ways to breach these devices is through a backdoor entry which gives a direct entry into the network. The recent Mirai attack was perpetrated through the CCTV cameras.
The endpoint security solution should provide malware and APT analysis. To sum up, in order to protect the network, it’s imperative to secure the endpoint.
How important is capacity building for cyber security particularly for local education agencies
The CDAC and Meity have launched the information security programme; even at the university level many cyber security education initiatives have been launched. To be specific, a BTech, MTech programme in cyber security has been introduced. The UGC has mandated cyber security and disaster management as compulsory subjects at least in one semester.for the BTech stream.
Cyber forensics is one area in the field of investigations, which should also find place in the cyber security education offered by the local education agencies. The Delhi police has built forensics capability in internet forensics, desktop, mobile phones but the crypto and darknet forensics is a challenging area where capabilities have to be developed by the law enforcement agencies, going forward.
In the next couple of years, the next set of forensics capabilities will have to be built in the Transport Layer Security (TLS 1.3) protocol, wherein the time taken to encrypt a message will be reduced to half. Cloud and malware forensics will also be areas where capabilities will have to be built. The universities and various organisations will have to create a sandbox environment to work on these capabilities in a controlled environment.
The importance of threat intelligence and threat hunting has increased in the times of COVID-19. Because of the increasing trend of WFH and WFA, people are increasingly spending time on online platforms. How does it impact the way cyber security is managed in organisations ?The threat intelligence platform will combine the people, process and technology aspects, which are integral to any comprehensive information security platform. In any organisation any threat intelligence report should be shared and managed. AI and ML can play an important role in managing, predicting and even averting cyber security incidents. Thus actionable intelligence should be shared using the threat intelligence reports. A threat hunting platform will become essential in all organisations in the near future because we need a shared and coordinated approach to manage cyber security, which covers the important ingredients of people, process, technology.
This interview is based on the fireside chat organised by Express Computer in association with CrowdStrike. Vishwas Dass from Express Computer also contributed to the interview.