Cyber Security Blueprint for Digital India

 

 

 

While there is still no simple answer or solution to the cyber security challenge, it is increasingly apparent that there are steps the global community can take – as well as individual organizations – to drive demonstrable progress in reducing cyber security risk, including the need to collaborate to reach agreement on principles, laws, standards, best practices, norms of conduct, and protocols – with recognition that trust has to be earned and continuously validated. To drive progress in the global community, it is likely that governments will have to take the lead – or at least be active facilitators and participants – to establish united and integrated governance to drive forward comprehensive and collaborative approaches to cyber security.

 

Supply chain risk is one part of the over-arching cyber security risk that an organization must understand and manage to be successful. It is important to recognize that an organization cannot address supply chain risk appropriately without implementing the measures necessary to handle risk across the board. The ENISA report pointed out that although many countries, industries, and agencies have concerns about supply chain risk, there is a fragmentation of efforts and an absence of coordination between and among them, which the report says is necessary. Also NIST supply chain cyber security framework addresses some of the issue. The report includes a number of actions that they characterize as necessary, including the need for a consistent view, practices, and metrics, which ENISA believes is necessary for there to be an appropriately coordinated programme, including in the areas of research and development; the need for independent evaluation and certification; a supply chain integrity framework, referenced above; and the need for consideration of legislative action.

 

ISO28000-compliant supply chain security management system can identify and control the security risks during the end-to-end process from incoming materials to deliveries to customers. The Vendor needs to check the integrity of the third-party components during each of the incoming material, production and delivery processes, record the performance, and establish a visualized traceability system throughout the process. Governments would do well to initiate conversations among major buyers of ICT about what security requirements they should consider asking for, or requiring from their suppliers.

 

Convening meetings of representatives of key sectors of critical infrastructure could identify sectorspecific security requirements that cut across the sector. Cloud computing has developed rapidly in recent years, becoming an important feature of ICT supply chains. It involves the remote provision of services to replace certain hardware elements to which users previously needed physical access, including extra data storage and processing power. It can also encompass software as a service. The promise of software-defined networks (SDNs) is usually expressed in similar terms as most innovations in network technology will allow network operators to improve speed and efficiency. In traditional networks, switches and routers are preset with instructions on how to forward data traffic, and must be manually altered or upgraded. In SDNs, by contrast, the instructions controlling traffic can be altered through software administered from a remote location.

 

Organizations need to ensure products and services integrity in global supply chain. We will identify and resolve threats in the early process, and strengthen the security of physical infrastructure, conveyances and information assets, to establish a sustainable supply chain security management system, identify supply chain risks and work out plans to address these always changing threats and dangers to ensure increased resilience of supply chain from disruption. We will establish accurate and effective traceability system to identify and determine problems on the first time, quickly implement supply chain recover and prevent products from being tainted is our critical task. T

 

Traceability system establishment is another important task, which prevents tainted and counterfeit products from entering supply chain. Corporate method to strengthen supply chain security, that is, establishing security baseline according to customers’ and corporate requirements and industry’s standards such as ISO28000/TAPA/CTPAT, then imbed baseline into business process to form an integral part of business process. Secure products in the “last mile” take stringent measures on regional warehouse inbound; inventory and outbound management also select logistics service from first class and trusted LSP and build product site inspection mechanism. These are the key measures that need to be taken to improve cyber security of supply chain to make ICT growth more robust and viable.