#FactCheck -AI-Generated Image Falsely Linked to Kotdwar Shop Controversy

On March 02, 2023, the Biden-Harris Administration unveiled the National Cybersecurity Plan to ensure that all Americans can enjoy the advantages of a secure digital environment. In this pivotal decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that is consistent with our values. These values include a commitment to economic security and prosperity, respect for human rights and fundamental freedoms, faith in our democracy and its institutions, and a commitment to creating a fair and diverse society. This goal cannot be achieved without a dramatic reorganisation of the United States’ cyberspace responsibilities, roles, and resources.

VISION- AIM

A more planned, organised, and well-resourced strategy to cyber protection is necessary for today’s rapidly developing world. State and non-state actors alike are launching creative new initiatives to challenge the United States. New avenues for innovation are opening up as next-generation technologies attain maturity and digital interdependencies are expanding. Thus, this Plan lays forth a plan to counter these dangers and protect the digital future. Putting it into effect can safeguard spending on things like infrastructure, clean energy, and the re-shoring of American industry.

The USA will create its digital environment by:

• Defensible if the cyber defence is comparatively easier, more effective, cheaper
• Resilient, where the impacts of cyberattacks and operator mistakes are lasting and little widespread.
• Values-aligned, where our most cherished values shape—and are in turn reinforced by— our digital world.

Already, the National Security Strategy, Executive Order 14028 (Improving the Nation’s Cybersecurity), National Security Memorandum 5 (Improving Cybersecurity for Critical Infrastructure Control Systems), M-22-09 (Moving the U.S. Government Toward Zero-Trust Cybersecurity Principles), and National Security Memorandum 10 (Improving Cybersecurity for Federal Information Systems) have all been issued to help secure cyberspace and our digital ecosystem (Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems). The Strategy builds upon previous efforts by acknowledging that the Internet serves not as an end in itself but as a means to a goal—the achievement of our highest ideals.

There are five key points that constitute the National Cybersecurity Strategy:

1. Defend Critical Infrastructure –

Defend critical infrastructure by, among other things: i) enacting cybersecurity regulations to secure essential infrastructure; (ii) boosting public-private sector collaboration; (iii) integrating federal cybersecurity centres; (iv) updating federal incident response plans and processes; and (v) modernising federal systems in accordance with zero trust principles.

2. Disrupt and Dismantle Threat Actors

Disrupt and dismantle threat actors, including by i) integrating military, diplomatic, information, financial, intelligence, and law enforcement competence, (ii) strengthening public-private sector collaborations, (iii) increasing the speed and scale of intelligence sharing and victim information, (iv) preventing the abuse of U.S.-based infrastructure, and (v) increasing disruption campaigns and other endeavours against ransomware operators;

3. Shape Market Forces to Drive Security and Resilience

The federal government can help shape market forces that drive security and resilience by doing the following: i) supporting legislative efforts to limit organisations’ ability to collect, use, transfer, and maintain personal information and providing strong protections for sensitive data (such as geolocation and health data), (ii) boosting IoT device security via federal research, development, sourcing, risk management efforts, and IoT security labelling programs, and (iii) instituting legislation establishing standards for the security of IoT devices. (iv) strengthening cybersecurity contract standards with government suppliers, (v) studying a federal cyber insurance framework, and (vi) using federal grants and other incentives to invest in efforts to secure critical infrastructure.

4. Invest in a Resilient Future

Invest in a resilient future by doing things like i) securing the Internet’s underlying infrastructure, (ii) funding federal cybersecurity R&D in areas like artificial intelligence, cloud computing, telecommunications, and data analytics used in critical infrastructure, (iii) migrating vulnerable public networks and systems to quantum-resistant cryptography-based environments, and (iv) investing hardware and software systems that strengthen the resiliency, safety, and security of these areas, (v) enhancing and expanding the nation’s cyber workforce; and (vi) investing in verifiable, strong digital identity solutions that promote security, interoperability, and accessibility.

5. Forge International Partnerships to Pursue Shared Goals

The United States should work with other countries to advance common interests, such as i) forming international coalitions to counter threats to the digital ecosystem; (ii) increasing the scope of U.S. assistance to allies and partners in strengthening cybersecurity; (iii) forming international coalitions to reinforce global norms of responsible state behaviour; and (v) securing global supply chains for information, communications, and operational technologies.

Conclusion:

The Strategy results from months of work by the Office of the National Cyber Director (“ONCD”), the primary cybersecurity policy and strategy advisor to President Biden and coordinates cybersecurity engagement with business and international partners. The National Security Council will oversee the Strategy’s implementation through ONCD and the Office of Management and Budget.

In conclusion, we can say that the National Cybersecurity Plan of the Biden administration lays out an ambitious goal for American cybersecurity that is to be accomplished by the end of the decade. The administration aims to shift tasks and responsibilities to those organisations in the best position to safeguard systems and software and to encourage incentives for long-term investment in cybersecurity to build a more cyber-secure future.

It is impossible to assess the cyber strategy in a vacuum. It’s critical to consider the previous efforts and acknowledge the ones that still need to be made. The implementation specifics for several aspects of the approach are left up to a yet-to-be-written plan.

Given these difficulties, it would be simple to voice some pessimism at this stage regarding the next effort that will be required. Yet, the Biden administration has established a vision for cybersecurity oriented towards the future, with novel projects that could fundamentally alter how the United States handles and maintains cybersecurity. The Biden administration raised the bar for cybersecurity by outlining this robust plan, which will be challenging for succeeding administrations to let go. Also, it has alerted Congress to areas where it will need to act.

References:

• https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/
• https://www.huntonprivacyblog.com/2023/03/02/white-house-releases-national-cybersecurity-strategy/
• https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy

Introduction

In order to effectively deal with growing cyber crime and threats the Telangana police has taken initiative by launching Law Enforcement Chief Information Security Officers (CISO) Council, an innovative project launched in Telangana, India, which is a significant response to the growing cyber threat landscape. With cyber incidents increasing in the recent years and concerning statistics such as a tenfold rise in password-based attacks and an increase in ransomware attacks, the Council aims to strengthen the region's digital defenses. It primarily focuses on reducing vulnerability, improving resilience, and providing real-time threat intelligence. By promoting partnerships between the public and private sectors, offering legal and regulatory guidance, and facilitating networking and learning opportunities, this collaborative effort involving industry, academia, and law enforcement is a crucial move towards protecting critical infrastructure and businesses from cyber threats, the Telangana police in partnership with industry and academia, has launched the Law Enforcement CISO (Chief Information Security Officers) Council of India on 7^th October 2023. Chief of the Central Crime Station Stephen Ravindra said that the forum is a path-breaking initiative and the Council represents an open platform for all the enforcement agencies in the country. The upcoming inititiative inculcate close association with different stakeholders, which includes government departments, startups, centers of excellence and international collaborations, carving a nieche for a sturdy cybersecurity envirnoment. 

Enhancing Cybersecurity is the Need of the Hour:

The recent launch of the Law Enforcement CISO Council in Hyderabad, India emphasized the need for government organizations and industries to prioritize the protection of their digital space. Cyber incidents, ransomware attacks, and threats to critical infrastructure have been on the rise, making it essential to take proactive cybersecurity measures. Disturbing statistics regarding cyber threats, such as password-based attacks, BEC (Business Email Compromise) attempts, and vulnerabilities in the supply chain, highlight the importance of addressing these issues urgently. This initiative aims to provide real-time threat intelligence, legal guidance, and encourages collaboration between public and private organizations in order to combat cybercrime. Given that every cyber attack has criminal elements, the establishment of these councils is a crucial step towards minimizing vulnerabilities, enhancing resilience, and ensuring the security of our digital world.

International Issue & Domestic Issue:

The announcement by the Telangana State Police, is a proactive step to form a first-of-its-kind Law Enforcement CISO Council (LECC), as part of an initiative from the State government to give a further impetus to cyber security. Jointly with its law enforcement partners, the Telangana Police has decided to make cyber cops more efficient and shape them on par with the technology advancements. The Telangana police have proved its commitment for a secure cyber environment by recovering INR 2.2 crore and  INR 6.8 crore lost by people in cyber frauds which is industry’s highest rate of helping the victims. 

The Police department complemented efforts by corporate executives for their personal interest in the subject and mentioned police officers’ expertise and inputs from professionals from the industry need to work cohesively to prevent further increase in the number of cyber crime cases. Data indicates that the exponential increase in cyber threats in recent times necessitates an informed and prudent action with the cooperation and collaboration of the IT Department of Telangana, centers of excellence, start-ups, white hats or ethical hackers, and international associations.

A report from Telangana commissioner states the trend of a surge in the number of cyber incidents and vulnerabilities of Government organizations, Critical Infrastructure and MSMEs and stressed that every cyber security breaches have an element of criminality in it. The Law Enforcement CISO Council is a progressive step in this direction which ensures a reduced cyber attacks, enhanced resilience, actionable strategic and tactical real-time threat intelligence, legal guidance, opportunities for public private partnerships, networking, learning and much more.

The Secretary of SCSC, shared some alarming statistics on the threats that are currently rampant across the digital world. To combat it in today’s era of widespread digital dependence, the program launched by the Telangana Police stands as a commendable step or an initiative that offers a glimmer of aspiration. It brings together all the heroes who want to protect the digital spaces and counter the growing number of threats.

Contribution of Telangana Police for carving a niche to be followed:  

The launch of the Law Enforcement CISO Council in Telangana represents a pivotal step in addressing the pressing challenges posed by escalating cyber threats. As highlighted by the Director General of Police, the initiative recognizes the critical need to combat cybercrime, which is growing at an alarming rate. The Council not only acknowledges the casual approach often taken towards cybersecurity but also aims to rectify it by fostering collaboration between law enforcement, industry, and academia.

One of the most significant positive aspects of this initiative is its commitment to sharing intelligence, ensuring that the hard-earned lessons from cyber fraud victims are translated into protective measures for others. By collaborating with the IT Department of Telangana, centers of excellence, startups, and ethical hackers, the Council is poised to develop robust Standard Operating Protocols (SOPs) and innovative tools to counter cyber threats effectively.

Moreover, the Council's emphasis on Public-Private Partnerships (PPPs) underscores its proactive approach in dealing with the evolving landscape of cyber threats. It offers a platform for networking and learning, enabling information sharing, and will contribute to reducing the attack surface, enhancing resilience, and providing real-time threat intelligence. Additionally, the Council will provide legal and regulatory guidance, which is crucial in navigating the complex realm of cybercrime. This collective effort represents a promising way forward in safeguarding digital spaces, critical infrastructure, and industries against cyber threats and ensuring a safer digital future for all.

‍Conclusion:

The Law Enforcement CISO Council in Telangana is an innovative effort to strengthen cybersecurity in the state. With the rise in cybercrimes and vulnerabilities, the council brings together expertise from various sectors to establish a strong defense against digital threats. Its goals include reducing vulnerabilities, improving resilience, and ensuring timely threat intelligence. Additionally, the council provides guidance on legal and regulatory matters, promotes collaborations between the public and private sectors, and creates opportunities for networking and knowledge-sharing. Through these important initiatives, the CISO Council will play a crucial role in establishing digital security and protecting the state from cyber threats.

References:

• http://www.uniindia.com/telangana-police-launches-india-s-first-law-enforcement-ciso-council/south/news/3065497.html
• https://indtoday.com/telangana-police-launched-indias-first-law-enforcement-ciso-council/
• https://www.technologyforyou.org/telangana-police-launched-indias-first-law-enforcement-ciso-council/
• https://timesofindia.indiatimes.com/city/hyderabad/victims-of-cyber-fraud-get-back-rs-2-2-cr-lost-money-in-bank-a/cs/articleshow/104226477.cms?from=mdr

‍

Introduction:

With the rapid advancement in technologies, vehicles are also being transformed into moving data centre. There is an introduction of connectivity, driver assistance systems, advanced software systems, automated systems and other modern technologies are being deployed to make the experience of users more advanced and joyful. Software plays an important role in the overall functionality and convenience of the vehicle. For example, Advanced technologies like keyless entry and voice assistance, censor cameras and communication technologies are being incorporated into modern vehicles. Addressing the cyber security concerns in the vehicles the Ministry of Road Transport and Highways (MoRTH) has proposed standard Cyber Security and Management Systems (CSMS) rules for specific categories of four-wheelers, including both passenger and commercial vehicles. The goal is to protect these vehicles and their functions against cyber-attacks or vulnerabilities. This move will aim to ensure standardized cybersecurity measures in the automotive industry. These proposed standards will put forth certain responsibilities on the vehicle manufacturers to implement suitable and proportional measures to secure dedicated environments and to take steps to ensure cyber security. 

The New Mandate

The new set of standards requires automobile manufacturers to install a new cybersecurity management system, which will be inclusive of protection against several cyberattacks on the vehicle’s autonomous driving functions, electronic control unit, connected functions, and infotainment systems. The proposed automotive industry standards aim to fortify vehicles against cyberattacks. These standards, expected to be notified by early next month, will apply to all M and N category vehicles. This includes passenger vehicles, goods carriers, and even tractors if they possess even a single electronic control unit. The need for enhanced cybersecurity in the automotive sector is palpable. Modern vehicles, equipped with advanced technologies, are highly prone to cyberattacks. The Ministry of Road Transport and Highways has thus taken a precautionary measure to safeguard all new-age commercial and private vehicles against cyber threats and vulnerabilities.

Cyber Security and Management Systems (CSMS)

The proposed standards by the Ministry of Road Transport and Highways (MoRTH) clarify that CSMS refers to a systematic risk-based strategy that defines organisational procedures, roles, and governance to manage and mitigate risks connected with cyber threats to vehicles, eventually safeguarding them from cyberattacks. According to the draft regulations, all manufacturers will be required to install a cyber security management system in their vehicles and provide the government with a certificate of compliance at the time of vehicle type certification.

Electrical vehicle charging system

Electric vehicle charging stations could also be susceptible and prone to cyber threats and vulnerabilities, which significantly requires to have in place standards to prevent them. It is highlighted that the Indian Computer Emergency Response Team (CERT-In), a designated authority to track and monitor cybersecurity incidents in India, had received reports of vulnerabilities in products and applications related to electric vehicle charging stations. Electric cars or vehicles becoming increasingly popular as the world shifts to green technology. EV owners may charge their cars at charging points in convenient spots. When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This trail of data sharing and EV charging stations in many ways can be exploited by the bad actors. Some of the threats may include Malware, remote manipulation, and disturbing charging stations, social engineering attacks, compromised aftermarket devices etc.

Conclusion

Cyber security is necessary in view of the increased connectivity and use of software systems and other modern technologies in vehicles. As the automotive industry continues to adopt advanced technologies, it will become increasingly important that organizations take a proactive approach to ensure cybersecurity in the vehicles. A balanced approach between technology innovation and security measures will be instrumental in ensuring the cybersecurity aspect in the automotive industry. The recent proposed policy standard by the Ministry of Road Transport and Highways (MoRTH) can be seen as a commendable step to make the automotive industry cyber-resilient and safe for everyone.

References:

• https://economictimes.indiatimes.com/news/india/road-transport-ministry-proposes-uniform-cyber-security-system-for-four-wheelers/articleshow/105187952.cms
• https://www.financialexpress.com/business/express-mobility-cybersecurity-in-the-autonomous-vehicle-the-next-frontier-in-mobility-3234055/
• https://www.gktoday.in/morth-proposes-uniform-cyber-security-standards-for-four-wheelers/
• https://cybersecurity.att.com/blogs/security-essentials/the-top-8-cybersecurity-threats-facing-the-automotive-industry-heading-into-2023

‍