Industrial Cybersecurity in India

Team

Denrich Sananda

Denrich is a Harvard Business School qualified business leader with 23 years of experience in the process automation sector, whose progressive career has been based on leading high potential teams in complex business environment to protect high value government, non- government asset in verticals like Oil & Gas, Utilities, Fertilizers, Petrochemicals, Refinery etc. Denrich’s extensive […]

Denrich Sananda, the Coordinator of the Industrial Cybersecurity Center in India (CCI Coordinators Team), helps us to get into context about the state of industrial cybersecurity in his country, and for this he shares his impressions below.

Describe the level of sensitivity of industrial organizations in your country according to the following percentages:

He also comments that the trend regarding concern about industrial cybersecurity in his country in the last year has exponentially grown.

India has national public bodies that ensure the creation of an adequate legal framework, which guarantees the progressive incorporation of industrial cybersecurity in the structures of companies with a national presence (mainly critical infrastructures), among the main ones it is worth highlighting:

  • NRTO - National Technical Research Organisation has been designed in order to prevent national critical infrastructure and to handle cybersecurity incidents in the critical sectors of the country.
  • NCIIPC - National Critical Information Infrastructure Protection Centre has been established under NRTO in 2014 to facilitate the protection of the critical infrastructure.
  • CERT-In - The Indian Computer Emergency Response Team has been delegated the responsibility of tracing several alerts regarding cybersecurity breaches and issues.

Among the main national laws and regulations that I control in this context in India, Denrich cites:

  • India does not have a dedicated industrial cybersecurity law, the Information Technology (IT) Act, 2000 deals with cybersecurity and associated cybercrimes.

As industrial cybersecurity measures distributed by Indian organizations to protect industrial automation systems, Denrich Sananda highlights the application of:

  • Industrial Cybersecurity Consulting / Advisory
  • Implementation of security management systems
  • Internal security audits
  • External security audits
  • Network architecture and design
  • Development of continuity and / or contingency plans
  • One-way gateways
  • IDS / IPS
  • Backups
  • SIEM (Cybersecurity Information and Event Management)
  • Encrypted communications
  • Industrial applications control
  • Identity management

The CCI Coordinator in India characterizes the situation in his country regarding industrial cybersecurity through the following SWOT:

Weaknesses

  • Lack of operational technologies certifications, processes and professionals

  • Lack of specific industry cybersecurity legislation

  • Lack of events and forums on industrial cybersecurity

  • Lack of specific CERTs

  • Silo working of government institutions

Strengths

  • Awareness, especially regarding industrial critical infrastructures

  • Qualified Engineers who can be trained

Threats

  • High development of industrial applications without cybersecurity requirements

  • Slow legislation

  • Shortage of local industrial cybersecurity professionals working for manufacturers

  • Shortage of specific industrial cybersecurity risk management tools

Opportunities

  • Increased of cibersecurity demand for Industry 4.0 and the Internet of things.

  • Strategic position in the industrial cyber security sector


Activities