Saturday, 26 November 2011

Cyber Defence Through Community Action

Today sees the start of Malcon (http://malcon.org/) in India.  The clue is in the name: it is a conference about malware.  However, it has some important differences to the now infamous DEFCON gathering in Las Vegas each year, where hackers attend to learn from each other how best to attack systems around the world.  Malcon has a degree of involvement from the Indian government.  Not hidden or disguised: totally in the open.  Whereas DEFCON has a "spot the fed" competition, Malcon appears to welcome government involvement.

The Indian government formed a centrally run register of those who can help organisations to counter and respond to cyber attack.  It is known as the National Security Database (http://nsd.org.in/web/).  The government certifies the individuals they list so that users of the register can trust those that they call upon. Whilst it has existed for some time, the NSD is due to be launched (or some would say re-launched) at Malcon.  The NSD was conceived after the terror attacks in Mumbai in 2008 when India realised it was as vulnerable as anyone else to attack, including cyber attack, particularly on critical national infrastructure.

In many ways the NSD look a lot like some elements of the planned "hub" in the UK.  How successful either model will be has yet to be seen, but at least the Indians have taken action and have put the NSD in place.

In a further demonstration of how a community can (apparently) come together to help defend itself, a not-for-profit organisation has been formed called the Indian Cyber Army (http://www.cyberarmy.in/).  Their ambitions appear very laudable in trying to engage white and black hat hackers in defence rather than attack.  Whats more, they are trying to engage them from a very early age.  However, whether this works or is simply a magnet for black hat hackers to collaborate through will only become clear over time.