ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions...
Transcript of ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions...
![Page 1: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/1.jpg)
BUILDING RESILIENCEAGAINST CYBER ATTACKSDURING COVID-19 CRISIS
A P R I L 2 0 2 0
PREPARED BY :
NATIONAL CRITICAL INFORMATIONINFRASTRUCTURE PROTECTIONCENTRE
ADDRESS :
BLOCK III, OLD JNU CAMPUS, NEWDELHI-110067, INDIA
![Page 2: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/2.jpg)
N C I I P C P A G E 0 1
MISSION COVID-19
To identify Threat Actors activeduring COVID-19 outbreak allover the world. These includethose who are targeting CriticalInformation Infrastructure ofIndia.
MissionSafe and Secure Cyber Space forCritical InformationInfrastucture of India.
Vision
Information collection, analysisand dissemination from & to allStakeholders in time-boundmanner.
Values
![Page 3: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/3.jpg)
N C I I P C P A G E 0 2
COVID-19 THREATLANDSCAPE
•Links to live tracking map and Mobile Apps•Email attachments with malicious docs•Donations for COVID-19 •IT fraud for credential harvesting (VISHING)•Business Email Compromise / impersonation
• RDP and VPN credentials brute force•SOHO Devices•Invitation to fake VC/RAT application urls
Social Engineering
Remote Access
![Page 4: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/4.jpg)
GUIDELINES During COVID-19 Crisis
N C I I P C P A G E 0 3
![Page 5: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/5.jpg)
N C I I P C P A G E 0 5
GUIDANCE TO LEADERSHIPAND MANAGERS
To
su
pp
ort
IT
& I
S t
eam
s in
pro
tect
ion
of
the
org
anis
atio
n's
cri
tica
l as
sets
an
d t
og
et
pro
du
ctiv
ity
fro
m t
he
ir r
em
ote
ly w
ork
ing
sta
ff/
em
plo
ye
es
and
co
ntr
acto
rs.
purpose
Identify all business critical functions of the organisation/critical e-governance and service delivery functions of theGovt, which have to be operational during the lock down.Choose only what is essential but everything that is essential. Assess how these critical functions can be delivered by on-site andremote workers. What are the controls in place and how do thesecontrols protect the applications and data from large scale cyberattacks on confidentiality, integrity and availability. Carry out risk assessment – enable work vs cyber threats, businesscontinuity and cyber crisis management plans. Focus on employeeawareness training. Ensure IT &IS Teams are not overwhelmed by urgent but lowpriority IT support calls from employees. IT & IS Teams shouldfocus on Critical aspects of business operations and businesscontinuity. Organise remote working awareness training for employees, if notdone already.
![Page 6: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/6.jpg)
Allow remote access to the organization's internal network strictlywith MFA and through proxy servers. Apply application whitelisting, block unused ports, turn off unusedservices, monitor network traffic to prevent suspicious activities. Apply least privilege controls to applications. Security update/patches for all devices firmware/application. Closely monitor privileged users/ administrators of criticalaccounts. Track all CRUD (Create-Read-Update-Delete) activities inIdentity and Access Management (IdAM), AAA servers, NAC etc. Backup of all configurations, networks, systems, databases, useridentity and access data etc. Specifically focus on resilience ofbackups against ransomware attacks. Check that all stakeholders are clear on Business Continuity andCyber Crisis Management Plans and the actions they need to take ifBCP or CCMP is activated.
N C I I P C P A G E 0 5
GUIDANCE FOR IT/ IS TEAM
To
pro
tect
th
e o
rgan
isat
ion
's c
riti
cal
asse
ts a
nd
en
able
em
plo
ye
es
and
con
trac
tors
to
wo
rk r
em
ote
ly.
purpose
![Page 7: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/7.jpg)
N C I I P C P A G E 0 7
MANAGE EMAIL PHISHINGRISKS
Enforce Multi-factor Authentication (MFA) to access business email. Configure Spoof Protection Controls : Ensure spoofing controls such as SenderPolicy Framework (SPF), Domain-based Message Authentication, Reporting, andConformance (DMARC), and DomainKeys Identified Mail (DKIM) are fullyconfigured for mail-enabled domains with hard fail and reject policies, whereapplicable. Validate Email Security Gateway Implementation: Scan and sanitize all emails andattachments from malicious content and embedded URLs. Block certain fileattachment types automatically (e.g., .scr, .exe, .chm, etc.) along with implementautomated email warning reminders for external email. Block Macros in Microsoft Office Documents. Validate Web Proxy or URL FilteringConfigurations. Implement Strong Password Policies, ensure sufficient logging and altertingmechanism in place. Develop and operationalize Phishing Incident ResponsePlaybook.
![Page 8: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/8.jpg)
N C I I P C P A G E 0 5
GUIDANCE TO EMPLOYEES
Tak
e r
esp
on
sib
ilit
y t
o p
rote
ct t
he
org
anis
atio
n's
ass
ets
purpose
Identify and secure devices to be used for remote working withlatest versions, patches and updates of Anti-virus/ anti-malware , OSand other application like MS Office/Libre Office suite/ webbrowsers/ Acrobat PDF Reader/ web conferencing utilities likeSkype/ Webex/ Zoom etc. Strong password protection, Firewall, Drive Encryption of thedevice to be enabled. Do not share devices with other family members, specially childrenfor the duration of remote working from home. If sharingis unavoidable, log off from your account and let them accessthrough their own login account, which has no administrativeprivileges and cannot install applications. Ensure that web browser protection feature is enabled and active.This will flag unknown and risky websites. Secure the Home Router by changing the Admin and WiFipasswords and use strong wifi protocol. Actively participate in all employee awareness training programsand strictly follow the advisories and guidelines given by ITand IS teams.
![Page 9: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/9.jpg)
N C I I P C P A G E 0 8
TIME IS CRUCIAL
Situation is Ad-hoc butLearning is long term
Challenge is to supportscaled up 'work-from-home' employees andaccess to CriticalInformaiton in a Securemanner.
Online Training andAwareness program is crucial for Employeesand Management
![Page 10: ìô J#N#N #8NS g J SS /N W#1 #8 J N#1# 8 · critical e-governance and service delivery functions of the Govt, which have to be operational during the lock down. ... NCIIPC PAGE 05](https://reader033.fdocuments.us/reader033/viewer/2022050117/5f4e25a4f7a455141779a604/html5/thumbnails/10.jpg)
Best Practices
This document is intended to be shared withall NCIIPC Stakeholders to make them awareof ongoing Cyber Threats and OrganisationBest Practices related to COVID-19 pandemic. Feedback/Suggestions are welcome [email protected] CopyrightNCIIPC, Government of India
" Its our responsibility to
protect Critical
Information
Infrastructure of India .
We are prepared to
defeat COVID-19 Cyber
Threat together ."
N C I I P C P A G E 1 0