#FactCheck - Viral Videos of Mutated Animals Debunked as AI-Generated

Introduction

Against the dynamic backdrop of Mumbai, where the intersection of age-old markets and cutting-edge innovation is a daily reality, an initiative of paramount importance has begun to take shape within the hallowed walls of the Reserve Bank of India (RBI). This is not just a tweak, a nudge in policy, or a subtle refinement of protocols. What we're observing is nothing short of a paradigmatic shift, a recalibration of systemic magnitude, that aims to recalibrate the way India's financial monoliths oversee, manage, and secure their informational bedrock – their treasured IT systems.

On the 7th of November, 2023, the Reserve Bank of India, that bastion of monetary oversight and national fiscal stability, unfurled a new doctrine – the 'Master Direction on Information Technology Governance, Risk, Controls, and Assurance Practices.' A document comprehensive in its reach, it presents not merely an update but a consolidation of all previously issued guidelines, instructions, and circulars relevant to IT governance, plaited into a seamless narrative that extols virtues of structured control and unimpeachable assurance practices. Moreover, it grasps the future potential of Business Continuity and Disaster Recovery Management, testaments to RBI's forward-thinking vision.

This novel edict has been crafted with a target audience that spans the varied gamut of financial entities – from Scheduled Commercial Banks to Non-Banking Financial Companies, from Credit Information Companies to All India Financial Institutions. These are the juggernauts that keep the economic wheels of the nation churning, and RBI's precision-guided document is an unambiguous acknowledgment of the vital role IT holds in maintaining the heartbeat of these financial bodies. Here lies a riveting declaration that robust governance structures aren't merely preferred but essential to manage the landscape of IT-related risks that balloon in an era of ever-proliferating digital complexity.

Directive Structure

The directive's structure is a combination of informed precision and intuitive foresight. Its seven chapters are not simply a grouping of topics; they are the seven pillars upon which the temple of IT governance is to be erected. The introductory chapter does more than set the stage – it defines the very reality, the scope, and the applicability of the directive, binding the reader in an inextricable covenant of engagement and anticipation. It's followed by a deep dive into the cradle of IT governance in the second chapter, drawing back the curtain to reveal the nuanced roles and defiant responsibilities bestowed upon the Board of Directors, the IT Strategy Committee, the clairvoyant Senior Management, the IT Steering Committee, and the pivotal Head of IT Function.

As we move along to the third chapter, we encounter the nuts and bolts of IT Infrastructure & Services Management. This is not just a checklist; it is an orchestration of the management of IT services, third-party liaisons, the calculus of capacity management, and the nuances of project management. Here terms like change and patch management, cryptographic controls, and physical and environmental safeguards leap from the page – alive with earnest practicality, demanding not just attention but action.

Transparency deepens as we glide into the fourth chapter with its robust exploration of IT and Information Security Risk Management. Here, the demand for periodic dissection of IT-related perils is made clear, along with the edifice of an IT and Information Security Risk Management Framework, buttressed by the imperatives of Vulnerability Assessment and Penetration Testing.

The fifth chapter presents a tableau of circumspection and preparedness, as it waxes eloquent on the necessity and architecture of a well-honed Business Continuity Plan and a disaster-ready DR Policy. It is a paean to the anticipatory stance financial institutions must employ in a world fraught with uncertainty.

Continuing the narrative, the sixth chapter places the spotlight on Information Systems Audit, delineating the precise role played by the Audit Committee of the Board in ushering in accountability through an exhaustive IS Audit of the institution's virtual expanse.

And as we perch on the final chapter, we're privy to the 'repeal and other provisions' of the directive, underscoring the interplay of other applicable laws and the interpretation a reader may yield from the directive's breadth.

Conclusion 

To proclaim that this directive is a mere step forward in the RBI's exhaustive and assiduous efforts to propel India's financial institutions onto the digital frontier would be a grave understatement. What we are witnessing is the inception of a more adept, more secure, and more resilient financial sector. This directive is nothing less than a beacon, shepherding in an epoch of IT governance marked by impervious governance structures, proactive risk management, and an unyielding commitment to the pursuit of excellence and continuous improvement. This is no ephemeral shift - this is, indisputably, a revolutionary stride into a future where confidence and competence stand as the watchwords in navigating the digital terra incognita.

References:

https://www.businesstoday.in/industry/banks/story/rbi-issues-new-directions-on-it-governance-in-banks-nbfcs-effective-from-april-2024-check-details-405061-2023-11-08

‍

Introduction

‍

India is confronting a wake-up call as a recent cyber incident aimed at the aviation sector underscores the fragile nature of digital systems that guide national air travel. The disclosure in Parliament has pushed the conversation on flight safety, signal integrity, and cyber readiness back into urgent focus. In a written response to a Parliamentary question, Civil Aviation Minister Ram Mohan Naidu acknowledged that GPS spoofing, a malicious method employed to alter navigation signals, had been noticed at seven major airports of the country. New Delhi flights had not been affected during the incident, but still, it was an event that again made air travel's safety, GNSS interference, and the overall cyber threat to India's airspace an issue of concern.

‍

The Incident: What Happened?

‍

Initial notices came from Indira Gandhi International Airport in Delhi, where the pilots of the different inbound flights talked about GPS spoofing as the reason for their landing. Spoofing is the process of sending counterfeit GPS signals which mislead the aircraft's navigation systems and may cause a wrong measure of the altitude, the position or the runway alignment. In Delhi, pilots operating under GPS-based landing procedures over Runway 10 experienced errors in their approaches and promptly switched to the alternative procedures without any delay.

The Minister said that apart from Delhi, other airports, viz. Kolkata, Amritsar, Mumbai, Hyderabad, Bengaluru, and Chennai were the 6 airports that recorded similar GNSS interference patterns consisting of both jamming and spoofing. Though no major interruptions or incidents occurred, these occurrences are a sign of a steady and enlarging threat.

‍

Why Is GPS Spoofing So Dangerous?

‍

Satellite navigation and communication systems are the backbone of modern aviation, which is now a matter of great precision. Signal jamming by malicious actors comes with a bunch of risks:

‍

1. Diversions and Delays: Pilots may be forced to either give up attempts to land or divert flights, which translates into higher consumption of fuel and more complicated operations due to the case of jamming.

2. Threat of Safety Issue: Pilots are trained to deal with such incidents by following the prescribed fallback procedures, but still they depend very much on the GNSS signals that are accurate for safe manoeuvring, especially in low visibility situations.

3. Pressure on Old Systems: Indian airports are still in the process of completely converting from ground-based navigation aids to GNSS. Signal disruptions entail the use of older technologies, which results in putting additional pressure on the already overburdened air traffic control systems.

4. Opening Up Possibilities for Direct Attacks: Signal jamming can be made a tool for more clever tactics of operation that can include causing confusion during the busy traffic period or performing coordinated attacks to create chaos.

‍

Aviation and Cyber Threats

‍

The disturbances that have been mentioned at the seven airports are not unique. The civil aviation regulators all over the world have already reported an increase in GNSS jamming. The exemplary cases in the Middle East, Eastern Europe, and East Asia have revealed that the safety of airspace has turned into a tactical issue.

Moreover, India's quick adoption of digital technology in the aviation sector could open threat vulnerabilities from state-sponsored groups, hackers. In this instance, the government has not yet announced who was responsible for the spoofing, but the trend points to an adversary with advanced technology.

‍

Government and Regulatory Response

‍

The confirmation from the Civil Aviation Minister underscores a proactive stance by agencies such as:

• Directorate General of Civil Aviation (DGCA)
• Ministry of Civil Aviation
• Airports Authority of India (AAI)

‍

The involved entities are collaborating now to do an inquiry into the cases and set up preventive measures. 

‍

The main steps that are taken in response are: 

‍

• More thorough observation of GNSS signal anomalies 
• More pilot briefings and training on dealing with spoofing situations 
• Improving navigation aids to set up a backup 
• Working with IT security experts to find out the sources of interference 
• Communicating with other global aviation authorities to share the best practices 

‍

India, being a significant player in the world aviation market, is not allowed to relax its guard. Cyberattacks on airports show how digital as well as physical security are becoming more and more intertwined.

‍

The Bigger Picture: Protecting Critical Infrastructure

‍

Aviation is a sector that very clearly shows that threats from cyberspace can easily translate into security issues for a nation. The airport system not only becomes more vulnerable to attacks but also the whole aviation industry as the digital ecosystems gain more complex forms together with integrated telecommunications networks, the Internet of Things (IoT)-enabled systems, and cloud-based services.

‍

One of the many threats in the form of GNSS spoofing demonstrates so-called: 

‍

• Ransomware attacks on airport systems
• Contamination of air traffic control infrastructure 
• Data breaches conducted by insiders 
• Passenger data attacks 
• Hinderance of airport logistics and baggage systems 

‍

What Needs to Happen Next?

‍

India is compelled to embrace a multi-faceted approach in order to manage the intricacies of GNSS interference risk:

‍

1. Cybersecurity Measures in Aviation Enforced: New monitoring tools, anomaly detection systems, and instant response plans will be put into service.
2. Redundant Technology: The non-GNSS-based navigation system will be expanded to guarantee the continuity of operations in the event of jamming.
3. Cyber Drills Across all Sectors: To get pilots, air traffic control personnel, and airport operators ready, the aviation cyber drills will be conducted at the national level.
4. Global Cooperation: International organisations will be approached to share the information and standardise the procedures.
5. R&D and Innovations: Funding will be directed towards anti-spoofing technology, stronger satellite signals, and the domestic navigation system, like NavIC.

‍

Conclusion

‍

The cyberattack that targeted the seven airports serves as a clear reminder that aviation cybersecurity should not be considered a secondary issue anymore. Even though the quick reaction from the authorities managed to averted any disruptions, the event still shows the vulnerabilities of modern aviation systems. India's air travel infrastructure expansion will be a good time for the country to install its strong cybersecurity frameworks to protect its passengers, maintain the continuity of operations, and secure the airspace of its territory. At CyberPeace, we believe that a coordinated, proactive, and technology-driven approach is no longer an option, it is the new fundamental of aviation security in the digital age.

‍

Reference

‍

• https://www.youtube.com/watch?v=8ZgAVgwQ5lE

‍

"Cybercriminals are unleashing a surprisingly high volume of new threats in this short period of time to take advantage of inadvertent security gaps as organizations are in a rush to ensure business continuity.”

Cyber security firm Fortinet on Monday announced that over the past several weeks, it has been monitoring a significant spike in COVID-19 related threats.

An unprecedented number of unprotected users and devices are now online with one or two people in every home connecting remotely to work through the internet. Simultaneously there are children at home engaged in remote learning and the entire family is engaged in multi-player games, chatting with friends as well as streaming music and video. The cybersec firm’s FortiGuard Labs is observing this perfect storm of opportunity being exploited by cybercriminals as the Threat Report on the Pandemic highlights:

A surge in Phishing Attacks: The research shows an average of about 600 new phishing campaigns every day. The content is designed to either prey on the fears and concerns of individuals or pretend to provide essential information on the current pandemic. The phishing attacks range from scams related to helping individuals deposit their stimulus for Covid-19 tests, to providing access to Chloroquine and other medicines or medical device, to providing helpdesk support for new teleworkers.

Phishing Scams Are Just the Start: While the attacks start with a phishing attack, their end goal is to steal personal information or even target businesses through teleworkers. Majority of the phishing attacks contain malicious payloads – including ransomware, viruses, remote access trojans (RATs) designed to provide criminals with remote access to endpoint systems, and even RDP (remote desktop protocol) exploits.

A Sudden Spike in Viruses: The first quarter of 2020 has documented a 17% increase in viruses for January, a 52% increase for February and an alarming 131% increase for March compared to the same period in 2019. The significant rise in viruses is mainly attributed to malicious phishing attachments. Multiple sites that are illegally streaming movies that were still in theatres secretly infect malware to anyone who logs on. Free game, free movie, and the attacker is on your network.

Risks for IoT Devices magnify: As users are all connected to the home network, attackers have multiple avenues of attack that can be exploited targeting devices including computers, tablets, gaming and entertainment systems and even online IoT devices such as digital cameras, smart appliances – with the ultimate goal of finding a way back into a corporate network and its valuable digital resources.

Ransomware like attack to disrupt business: If the device of a remote worker can be compromised, it can become a conduit back into the organization’s core network, enabling the spread of malware to other remote workers. The resulting business disruption can be just as effective as ransomware targeting internal network systems for taking a business offline. Since helpdesks are now remote, devices infected with ransomware or a virus can incapacitate workers for days while devices are mailed in for reimaging.

“Though organizations have completed the initial phase of transitioning their entire workforce to remote telework and employees are becoming increasingly comfortable with their new reality, CISOs continue to face new challenges presented by maintaining a secure teleworker business model. From redefining their security baseline, or supporting technology enablement for remote workers, to developing detailed policies for employees to have access to data, organizations must be nimble and adapt quickly to overcome these new problems that are arising”, said Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet – Office of CISO.