The National Cyber Coordination Centre (NCCC) is considered to be one
of the several tools being built by the government of India to monitor
the country’s web traffic. At a time when the recent expose of the
United States government’s PRISM programme has the entire world worried
about its privacy online, NCCC has already received much flak from the
country’s privacy activists for being a snooping tool.
But, is it? While the privacy experts have slammed the tool for arming the government with unprecedented powers to monitor web content in the garb of national security, the government says their reactions are knee-jerk and the arguments are based on incomplete knowledge of the project. Supporters of the project claim that in the wake of rising cyber threats to the country’s internal and economic security, the government has a strong case for the project which will just track the Internet traffic flowing through the country without watching the content. Business Standard gets a sneak peek into the functioning of the project and here is the government’s version of the project as they see it along with two expert takes on the project just as they said it.
So, is NCCC a potential snooping tool of the future or is it an honest effort by the government to fight cyber crime? You decide.
Aim
According to three government officials closely associated with the project, who did not wish to be identified, the intent is to watch the traffic flowing through the Internet pipes of the country. The idea is to check malicious activity in general and in strategic sectors along with sensitive government organizations in particular, without accessing the content. “It is like knowing who is posting letters to whom without opening them to see what is written inside,” said one of the officials. Currently, the government is waking up after the attack has happened. In most cases, the attacks go unreported. With this system in place, there will be some visibility about the state of traffic in the country, and information on where are the higher volumes of traffic are coming from, where is malicious content flowing from, where are botnets located, from where are the viruses are spreading etc. At the moment it is being done by private companies like Symantec, IBM, TrendMicro etc which are running enterprise level security operation centres in which they have a group of enterprises for whom they are doing similar kind of stuff. But, that visibility is not there at the country level, a problem which this tool will fix.
Justification
On why it should not be construed as a snooping tool, the officials said that the network flow analysis, which they are doing, is like getting a phone bill with details of calls made, numbers, durations etc without the actual conversation. “In wire tapping, it’s a full packet capture so you are able to listen to the full conversation. But, here I am not doing that. If I have to capture the entire packet then, I will have to duplicate that or create a mirror image. So, I will have to put some kind of a port mirroring device to capture the entire traffic. But, if I have to just monitor the traffic flow of any organization, then I don’t have to put any hardware. That feature is already available in the router and one command has to be enabled to activate it.” The flow doesn’t collect any data and is non-intrusive, officials claim. “There is nothing malicious in it. All countries have a body like NCCC.”
Functioning
The major activity involved in NCCC will be traffic analysis. Most organizations have a traffic pattern. For instance, when there is a surge in usage or a dull period. In NCCC, these flows will come from different networks, and on that basis the traffic will be analysed and anomalies will be identified. For instance: If there is a break in traffic, it will be immediately noticed. The traffic flow will be at the country level, not just at the organizational level. The traffic coming into the country as well as going out will be seen. In case of an external attack, the traffic will be cut off at the external gateway itself. All the important government websites are hosted on the National Informatics Centre network, which will be studied by NCCC. Other important government websites can be monitored separately. For detection of attacks, two techniques will be deployed – proactive technique and defensive technique. In the proactive technique: the attack can be seen as coming, by the use of network traffic flow analysis. Honey nets or pots are deployed which act as lures for attackers. In the defensive technique, immediate action can be taken after an attack has been identified.
The data which is actually captured includes: time of usage, date, duration, interface, flags, source internet protocol, destination internet protocol, source code, destination code, packet size and the number of packets. “If somebody is trying to hack into a website, it requires deeper inspection of the packets, so we will not be able to tell that but if someone is doing continous spamming, or generating some traffic, so we will be able to very easily track that,” one of the officials said.
Status
A detailed project report of the Rs.600 crore project which is currently under the ministry of communications and information technology is being prepared. But, there is not much clarity who will finally execute it and whether private technology companies will be roped in to build the infrastructure or the government will build it completely on its own. Also, the government would not require any additional permission to build this tool as current Information Technology Act allows it. “We are not monitoring content after all,” re-emphasised one of the government officials.
But, is it? While the privacy experts have slammed the tool for arming the government with unprecedented powers to monitor web content in the garb of national security, the government says their reactions are knee-jerk and the arguments are based on incomplete knowledge of the project. Supporters of the project claim that in the wake of rising cyber threats to the country’s internal and economic security, the government has a strong case for the project which will just track the Internet traffic flowing through the country without watching the content. Business Standard gets a sneak peek into the functioning of the project and here is the government’s version of the project as they see it along with two expert takes on the project just as they said it.
So, is NCCC a potential snooping tool of the future or is it an honest effort by the government to fight cyber crime? You decide.
Aim
According to three government officials closely associated with the project, who did not wish to be identified, the intent is to watch the traffic flowing through the Internet pipes of the country. The idea is to check malicious activity in general and in strategic sectors along with sensitive government organizations in particular, without accessing the content. “It is like knowing who is posting letters to whom without opening them to see what is written inside,” said one of the officials. Currently, the government is waking up after the attack has happened. In most cases, the attacks go unreported. With this system in place, there will be some visibility about the state of traffic in the country, and information on where are the higher volumes of traffic are coming from, where is malicious content flowing from, where are botnets located, from where are the viruses are spreading etc. At the moment it is being done by private companies like Symantec, IBM, TrendMicro etc which are running enterprise level security operation centres in which they have a group of enterprises for whom they are doing similar kind of stuff. But, that visibility is not there at the country level, a problem which this tool will fix.
Justification
On why it should not be construed as a snooping tool, the officials said that the network flow analysis, which they are doing, is like getting a phone bill with details of calls made, numbers, durations etc without the actual conversation. “In wire tapping, it’s a full packet capture so you are able to listen to the full conversation. But, here I am not doing that. If I have to capture the entire packet then, I will have to duplicate that or create a mirror image. So, I will have to put some kind of a port mirroring device to capture the entire traffic. But, if I have to just monitor the traffic flow of any organization, then I don’t have to put any hardware. That feature is already available in the router and one command has to be enabled to activate it.” The flow doesn’t collect any data and is non-intrusive, officials claim. “There is nothing malicious in it. All countries have a body like NCCC.”
Functioning
The major activity involved in NCCC will be traffic analysis. Most organizations have a traffic pattern. For instance, when there is a surge in usage or a dull period. In NCCC, these flows will come from different networks, and on that basis the traffic will be analysed and anomalies will be identified. For instance: If there is a break in traffic, it will be immediately noticed. The traffic flow will be at the country level, not just at the organizational level. The traffic coming into the country as well as going out will be seen. In case of an external attack, the traffic will be cut off at the external gateway itself. All the important government websites are hosted on the National Informatics Centre network, which will be studied by NCCC. Other important government websites can be monitored separately. For detection of attacks, two techniques will be deployed – proactive technique and defensive technique. In the proactive technique: the attack can be seen as coming, by the use of network traffic flow analysis. Honey nets or pots are deployed which act as lures for attackers. In the defensive technique, immediate action can be taken after an attack has been identified.
The data which is actually captured includes: time of usage, date, duration, interface, flags, source internet protocol, destination internet protocol, source code, destination code, packet size and the number of packets. “If somebody is trying to hack into a website, it requires deeper inspection of the packets, so we will not be able to tell that but if someone is doing continous spamming, or generating some traffic, so we will be able to very easily track that,” one of the officials said.
Status
A detailed project report of the Rs.600 crore project which is currently under the ministry of communications and information technology is being prepared. But, there is not much clarity who will finally execute it and whether private technology companies will be roped in to build the infrastructure or the government will build it completely on its own. Also, the government would not require any additional permission to build this tool as current Information Technology Act allows it. “We are not monitoring content after all,” re-emphasised one of the government officials.
No comments:
Post a Comment