A guiding role

The Centre for Development of Advanced Computing is conducting workshops on cyber security to boost awareness of a cross-section of people.

I USED to give my name while interacting with others in open chat rooms earlier. But now I give a fancy name, which is a cool thing these days, said Hari Kumar J., a Standard XII student of Kendriya Vidyalaya, CRPF, Barkas, in the Old City of Hyderabad.

He is one of the thousands of students who were made aware of the importance of cyber security, thanks to the Information Security Education & Awareness (ISEA) programme launched by the Department of Information Technology (Ministry of Communications and Information Technology) to educate students, teachers, parents, housewives, government employees and others through workshops. While the Centre for Development of Advanced Computing (C-DAC), Hyderabad, was entrusted with the task of executing the ISEA programme, several other institutions, such as the International Institutes of Information Technology and universities, have been roped in to deal with both awareness and educational issues, including introducing relevant courses on the subject. Some M.Tech courses and PhD studies in information security are sponsored by the department.

Hari Kumar said he also learnt what social engineering was. Social engineers are those who seek and acquire personal details after gaining your acquaintance through online chatting. In most cases, we give the details unwittingly. That's why we have been asked not to post anything in chat rooms, he said.

With the Internet becoming a tool for terrorists, hackers, fraudsters, criminals and disgruntled employees to inflict economic and social damage, cyber security has become synonymous with national security. Since it is the responsibility of every citizen to promote cyber security, the awareness programme seeks to address the information security needs of individuals and organisations, including businesses and Ministries.

With about 4,000 malwares flooding the Internet on a daily basis, the awareness campaign seeks to update knowledge of participants on issues such as Internet ethics, password threats, online predators and computer viruses. As the list of stakeholders is limitless, the awareness campaign adopted a coordinated approach involving various organisations, including the National Association of Software and Services Companies (NASSCOM), the Computer Society of India and non-governmental organisations (NGOs).

The participants at the workshops learn several aspects of cyber security, covering a wide gamut of issues right from observing Internet ethics to handling suspicious e-mails. For instance, they are told about the various techniques hackers use to retrieve passwords. Hence, for a password to be strong, it should not have dictionary words but must have a combination of alphabets, numbers and characters. It must contain both upper- and lower-case characters and should not be based on personal information such as the names of family members or pets. The password has to be changed regularly and different passwords have to be used for different logins. The Remember Password feature of applications should never be used.

After attending one of the workshops organised by C-DAC in Hyderabad, Suma, a teacher at Kendriya Vidyalaya at Golconda in the city, has been able to bar students from logging onto social networking sites and indulging in chatting while in school. Previously, students used to go to such sites clandestinely but now a parental control bar has been introduced to block them, she said. Besides, the workshop taught participants how to prevent misuse of one's credit card while making online transactions.

As children are highly receptive to ideas, they need to be made to understand the pros and cons of Internet use, especially the importance of Internet ethics and the possibilities of enhancing their knowledge by seeking correct information. The workshops feature cartoon characters, quizzes and comic books so that they would be interesting to children.

In the workshops for school students, it was found that 75 per cent of them were aware of aspects such as social networking and chatting but had no inkling of what activities were likely to lead them or their families into trouble. However, after attending the workshop, they realised the importance of constantly updating anti-virus software, scanning copied or downloaded files, avoiding sharing personal information and passwords with others.

The effectiveness of such workshops 122 have been organised so far all over the country was revealed in surveys conducted in Hyderabad, Bangalore and Jammu. It was found that before children attended workshops on cyber security-related issues 92 per cent of them were willing to provide personal details while chatting online; the figure came down to a mere 8 per cent after they had attended workshops.

Similarly, in the pre-workshop survey, 27 per cent of children said they would inform elders before providing personal details online; this percentage went up to 73 per cent in the post-workshop survey. Before participating in workshops, only 4 per cent of the children surveyed said they would take their parents' permission before meeting a person with whom they had chatted online. The figure zoomed to 82 per cent post-workshop.

Another important spin-off of the workshops was the desire of the participants to educate and motivate others on the need to observe cyber security. So far, workshops have covered as many as 20,000 students and 5,000 teachers across the country. The focus of upcoming workshops will be small and medium enterprises (SMEs), the general public and NGOs, for instance, those running computer service centres in rural areas.

C-DAC also invited parents to attend a part of the workshops conducted at schools because they will not be in a position to guide their children on the do's and don'ts of the cyber world if they themselves are not familiar with Internet usage, its policies and ethics.

Parents were repeatedly told that they ought to have an open mind while dealing with their children. A friendly atmosphere at home will enable kids to discuss freely with their parents any Internet material that troubled them. Parents, in turn, could teach them about the extent of the information needed to be taken from the Internet and the importance of licensed contents. Parents were told that observing cyber security protocols was similar to taking general security measures in day-to-day life; for instance, not replying to or downloading anything from mails from unknown sources was simply like ignoring strangers.

To a question in a pre-workshop survey whether parents guided their children when they used the Internet, 89 per cent replied in the negative. But after attending the workshop, 85 per cent answered in the affirmative.

While individuals faced cyber threats such as e-mail snooping, organisations encountered problems such as data theft and distributed denial of service, a kind of cyber attack in which various computers are used to target a particular server or network. With the Internet and the intranet playing a major role in communications, employees who are not aware of security aspects could cause losses to their company/organisation. During the workshops for employees, cyber attacks were simulated and the countermeasures needed to prevent them were outlined.

Ch. A.S. Murty, of C-DAC and coordinator of the ISEA programme, pointed out that cyber attacks basically took place because operating systems were vulnerable. For instance, it was found that one popular operating system had more than 60,000 vulnerabilities. Attackers understand these vulnerabilities and write exploits to steal data, he said.

According to information posted on the website of the Indian Computer Emergency Response Team (CERT-In), as many as 3,678 Indian websites had been defaced from the beginning of this year up to May 31 2,223 .in sites, 1,177 .com sites, 167 .org sites, 94 .net sites and 17 others. Last year, more than 6,000 websites were defaced.

In the light of such attacks on websites and as part of the ISEA programme, C-DAC Hyderabad is conducting one-week or two-week training courses for Indian government information technology staff on cyber security, its risks and the countermeasures. The programme, titled e-Suraksha A Practical Approach in Network Security, covers issues such as network security concepts, vulnerability analysis, attacks and management, and the role of cryptography in network security.

As part of its endeavour to create information security awareness among various sections, the Department of Information Technology has created a portal (www.infosecawareness.in). The part dealing with children gives details about ethics and guidelines. Similar useful tips are available for parents, students, government employees, NGOs, women and system administrators. Demonstration videos that could help in the installation of various anti-virus, anti-spyware software and tools are also available. C-DAC has developed brief flash and cartoon movies for children, which can be downloaded from its portal.

The section on how to secure your PC gives guidelines regarding updating the operating system regularly to prevent malware coming into the computer, installing up-to-date anti-virus software and firewalls and the need to use strong passwords.

The section on Internet addiction says Internet addiction disorder (IAD) or Internet overuse or problematic computer use or pathological computer use is excessive computer use that interferes with daily life. It points out that because of the engaging nature of Internet communications and interactive games, many children and teenagers have trouble keeping track of time when they are online.

Some of the psychological symptoms of those addicted to the Internet are having a sense of well-being or euphoria while at the computer; inability to stop the activity; craving to spend more and more time at the computer; neglecting family and friends; feeling empty, depressed and irritable when not at the computer; lying to family and friends about activities; and problems at school or work.

In addition to the awareness programmes, C-DAC conducts six-month training courses for students interested in cyber security issues. A special course on certification in networking is being offered in collaboration with the Jawaharlal Nehru Technological University Hyderabad, according to D.K. Jain, Director, C-DAC, Hyderabad.

Students interested in joining the course, which has an intake of 20 for each batch, can appear for the common entrance test conducted across the country. Four batches have been covered under the certificate course so far, and C-DAC ensured placements for all the candidates who passed. In addition, it was in talks with NASSCOM and the cyber crime wings of the police department to take up awareness programmes and conduct cyber security weeks in various cities and towns to educate people on cyber fraud. The aim is to reach out to a larger section of people.

With the objective of generating information security awareness among Indian citizens and to enable them to use cyber space safely, C-DAC has brought out posters, brochures, a cyber security guide book, an open source cyber security tool kit for home users, schoolchildren and housewives. It also extends help through its web portal to anybody facing problems such as cyber attacks. C-DAC has also designed several tools and products to contain cyber attacks on individual and networked personal computers. These are available at nominal prices.

Ch. A.S. Murty said that C-DAC in association with police departments would conduct cyber safety weeks in various metropolitan cities for the general public. NASSCOM and the Data Security Council of India will also participate in the programme. Following a pilot workshop in Chandigarh for SMEs in collaboration with the Confederation of Indian Industry (CII), it was planned to conduct such events all over the country. National quiz programmes and painting/drawing contests for students are also proposed to be held across the country.