Strengthening Cyber Security

1.0 WHAT IS PUBLIC-PRIVATE PARTNERSHIP

Public-private partnership (PPP) is a system in which a government service or private business venture is funded and operated through a partnership of government and one or more private sector companies. These schemes are sometimes referred to as PPP or P3.

In some types of PPP, the government uses tax revenue to provide capital for investment, with operations run jointly with the private sector or under contract (see contracting out). In other types (notably the Private Finance Initiative), capital investment is made by the private sector on the strength of a contract with government to provide agreed services. Government contributions to a PPP may also be in kind (notably the transfer of existing assets).

Typically, a private sector consortium forms a special company called a "special purpose vehicle" (SPV) to build and maintain the asset. The consortium is usually made up of a building contractor, a maintenance company and a bank lender. It is the SPV that signs the contract with the government and with subcontractors to build the facility and then maintain it. A typical PPP example would be a hospital building financed and constructed by a private developer and then leased to the hospital authority. The private developer then acts as landlord, providing housekeeping and other non medical services while the hospital itself provides medical services.

2.0 PPP IN CYBER SECURITY

When it comes to the security and particularly Cyber Security dependencies Cut Across Virtually Every Industry and Vertical — Not Just IT Industry. Industry built and owns 85%-90% of critical infrastructure:

 Financial structures

 Power grids / stations

 Dams and water supply

 Ports / rails / airports

 Pipelines

 Information Infrastructure

Communication Must Take Place between the following:

 Government Agency to Government Agency

 Government to Industry Sectors

 Industry Sector to Industry Sector

 First Tier Companies to Second and Third Tier Companies

And for Communication to be Effective:

 Trust Must Be Established

 Redundancy Must Be Eliminated

 Information Sharing Protocols Must Be Clearly Established

 Nature of Information To Be Disseminated Must Be Defined

Some of the barriers to Effective Communication are:

 Information Lacks Detail, Timeliness or is Not Actionable

 Information is Misdirected within Organizations

 Ability to Protect Sensitive Information Becomes Suspect

 Community of Trust Breaks Down

3.0 THE CURRENT INDIAN SCENARIO:

• Growing dependence on computer networks for communications, data management and operation of critical infrastructure.

• Healthy and secure cyberspace is essential for economic and national security.

• Information infrastructure and other critical infrastructure that rely on IT such as banking, finance, stock exchange, transportation, and power etc. are increasingly becoming vulnerable to cyber attacks.

• Threats with motives ranging from criminal groups seeking financial gain to politically motivated groups attacking government websites.

• Attacks getting more organized and sophisticated.

4.0 CERT-In : Analysis of Defaced Indian websites under .in ccTLD for year 2004

Defacements by year:

On analyzing the defacement statistics along the years, it was observed that though there was a steep decline in defacements after 2001, there was a growth in the number