… Ethical and moral consequences of intervention of tech research in biology

Breakfast Session II

Venue:- Maple 2

If there is one universal fear across humanity, irrespective of their colour, creed or country, then that is Death. Attaining immortality has always been the ultimate goal of human life whether it’s through religion, philosophy or now science. We have done multiple interventions in our natural human cycle and gone quite far in increasing our lifespan from the time of plague, but are we ready for increasing it to infinity? That is the question we would like to explore here.

With technology giants like Google getting into the picture to increase human longevity or with emerging organizations like initiative 2045 which claims to achieve cybernetic immortality by the year 2045, investment into these areas of gene therapy, live sciences, genetics, cybernetics etc. has increased by multiple folds. Many futurists and scientists claim that it’s our moral obligation to fight against death and defy age-related suffering for greater human good. With the rise of humanism philosophy, We, mortals, want humans to have complete control of our life existence and not depend on crutches of some superstitious fallacy like God. 

Concepts like mind uploading or rejuvenation technologies are seeing light of the day to achieve our far-fetched dream of becoming immortal, but what about supplementary issues like social injustice, overcrowding, limited resources or the ultimate question of whether or not we want to extend our life indefinitely?

Discussion Areas:

·       Making people Immortal Vs. making people immune to heart diseases, cancer, dementia etc.

·       Social Injustice: who will have access to this fountain of youth?

·       Multiple copies of your brain without a switch off button

·       Are we ready to live Avatar life?

·       How to justify Immortality with limited resources at Earth?

·       Boon or bane for future generation?

… When attacks transcend the limits to explore unchartered territories

Biohacking is anything that involves manipulating your body in some way outside of a formal space, like a hospital or research setting. It can be gene modification, implanting devices of various kinds within the human body, etc. What is unique about biohacking is, because it’s outside of a formal regulatory system, there’s a lot more room for innovation in some ways as they’re not limited by procedures and testing protocols and things that a research institute might be. A few companies are encouraging [employees] to get RFID chips implanted, so instead of having a key or a key card to access things; you could have information stored on this chip and gestures like simply waving your hand would unlock doors and things like that.

Both the illegal and legal uses of implantable bio-monitoring devices and data deserve further consideration. It is imperative that device manufacturers, lawmakers, judges, and society at large consider these risks in a proactive way.  It’s more than just an issue of privacy but the righteousness between the information about your body that you own versus what other people have access to, which again is one of the interesting things about biohackers

… What it means for a nation and businesses?

Plenary Session I

Venue:- Pearl

Rapid emergence of disruptive technologies and digitization of services and transactions are exercising great influence on the functioning of society. The Digital India mission has been instrumental in leveraging these technological advancements as it facilitates citizens to get connected to the online world and avail host of benefits that the Digital world has to offer. Such are the moves, that India is now the second largest country in terms of Internet users and hence becoming the “data richest” nation ever. While the benefits of such endeavors are conspicuous & undeniable, there are several formidable concerns with regard to safety, security, privacy and trust of stakeholders especially the citizens who are the consumers of these services. Recent judgement by the apex court recognizing Right to Privacy as a Fundamental Right guaranteed through constitution, has put an end to one discussion but has raised many more subsequent queries for the individuals, government, businesses, and for the entire nation. The current regime being unable to address evolving privacy concerns, led government to constitute a committee for drafting a sector and technology agnostic data protection bill in India.

Over the past two years, major developed and developing economies have enacted Data Privacy laws, or amended existing legislations to reflect growing privacy requirements. Regulators are trying to keep pace with the velocity of changes in the cyberspace and necessitating the need of privacy protection. Organizational practices are also evolving to match privacy protection expectations. It becomes increasingly important that organizations in India too, have privacy strategies that strengthen privacy culture. In this context, implementation of a well-defined privacy framework, and globally-interoperable standards are a must.  Many organizations are also undergoing privacy specific assessments to demonstrate their commitment towards privacy to clients, customers, stakeholders and regulators. In all of this, there are many queries piling on every now and then regarding data privacy regime and the implications of “Right to Privacy” being recognized as ‘Fundamental Right’ in India.

Venue :- Pearl 

let's decipher Security underneath it

Track I (Technology)

Venue- Royal 1

… Evolution of Endpoint Protection Platforms (EPP), their imperatives in security architectures

Track II  (Enterprise Security)

Venue- Pearl 1

The traditional way of implementing endpoint security was to deploy an anti-malware software on endpoints. As the endpoint security products evolved, the software installed on endpoints gained more capabilities such as firewall, host intrusion detection system, USB monitoring, etc. This provided a certain level of comfort to information security managers but it didn’t last long. With time, as threats and cyber-attacks became more sophisticated, the effectiveness of these solutions reduced. Another factor that worked against traditional endpoint security software was the amount of resources they consumed. This reduced the end user efficiency while performing their daily tasks.

However, endpoint security has been going through a transformative period with significant innovation. The new generation of products and services flip the equation from the anti-malware software mantra of prevention to the more pragmatic—and realistic— tactic of detection and incident response. The modern endpoint security solutions offer complex, multi-layered protection. These solutions are built with continuous monitoring and analytics in mind, providing proactive exposure analytics, damage mitigation mechanisms, user activity and behavior monitoring, application whitelisting, heuristics, cloud sensor support, automated patches, and updates, sandboxing, and other indispensable features.

The endpoint security software is shifting towards machine learning. Machine learning becomes more informed and accurate over time. The longer a condition is observed or a language is studied, the more precise the model becomes. On the endpoint, where the most important function is judging good or bad, security teams require a comprehensive, responsive approach to machine learning to deliver the forward-looking coverage and customized accuracy that modern businesses need.

Discussion Points

·       The evolution of endpoint security platforms

·       How adoption of machine learning for securing endpoints is changing the game?

·       Can these next generation software detect and prevent zero-day attacks such as WannaCry, NotPetya, etc.?

·       What can be expected as the use of artificial intelligence becomes more prominent in endpoint security software?

… At level of hardware, chipset, protocol, connectivity, asset, authentication, network & application

Track III (Innovation)

The power of Internet to connect, communicate and remotely manage millions of networked devices is becoming pervasive. Market and nations are gung-ho about IoT phenomena globally and so does India. As per pundits, the IoT devices count would reach 20 to 30 billion by 2020. IoT uses cases underlying IoT architectural components such as protocols, networks, sensors, associated IT systems and gateways warrant robust cyber security architecture to achieve the objective of end-to-end protection. The IoT landscape is changing at the blink of an eye, and also the cyber threat landscape associated with it. IoT devices are exposed to cyber-attacks such as denial-of-services, identity theft, jamming, tampering, eavesdropping, side channel attacks, stolen keys of encryption and devices acting as bots, etc.

The burning question is how can we find a silver bullet for thwarting the cyber-attacks on IoT? The answer is, we can’t; because securing IoT ecosystem would evolve with time, learning from failures, and with data availability for the analysis. Now is the opportune time to understand in detail the security challenges landscape of the IoT ecosystem. The indicative challenges are, but not limited to, guarding program logic controllers (PLCs) embedded in the devices, patching industrial control systems without impacting its functional safety, prevention of unauthorized usage of private information hosted on plethora of IoT devices, anomaly detection in the behaviour of IoT devices functioning and to counter remote hijacking of IoT devices etc. It’s time to rise before it is too late for the organizations and nations to prepare for omnipresent cyber threats. The grave security and privacy issues of IoT need to be addressed before we miss ‘The Train’.

Discussion Areas:

·       Changing Paradigm of Industrial and Consumer IoT Use Cases

·       Challenges of IoT Security

·       IoT Cyber Threat Landscape

·       Evolution of Cyber Security Capabilities for IoT

·       India’s Organizations Preparedness

·       Way Forward to Build Robust IoT Cyber Security Capabilities

Venue- Pearl 1

Are you a CISO thinking of buying machine learning solutions? Tired of the vendor hype about AI? This must-attend session with 3 experts cuts through the marketing jargon. 

They'll clarify how machine learning works (and more importantly, where it doesn't), show you how to evaluate solutions, and also explore how attackers will use AI against you.

By Smokescreen , Netmonstery, Security Brigade 

Venue:- MapIe 1

Each and every day techniques in artificial intelligence (AI) and machine learning are changing our view of the world. They are impacting how we interact with technology and raise our expectations of what is possible. AI has been touted as the natural next step to solving a whole range of problems in fields like fraud prevention, medicine, and transport. Machine Learning is giving new capabilities to almost every field. It has the power to extract insights from massive data. It is helping us to remove some of the heavy lifting from time-consuming tasks. For example, we can analyse the normal behaviour for privileged users, privileged accounts, privileged access to machines and authentication attempts, and then identify deviations from the normal profile.

Cyber security being no exception, is leveraging the power of machine learning. The promise of machine learning in cybersecurity lies in its ability to detect as-yet-unknown threats, particularly those that may lurk in networks for long periods of time, seeking their ultimate goals. Machine learning technology does this by distinguishing atypical from typical behaviour, while noting and correlating a great number of simultaneous events and data points. Machine learning algorithms that continually adjust the baseline means we can continually adapt to a changing risk environment.

Cybercrime is a lucrative business and attackers are prepared to invest in tools and technologies which will result in a higher number of successful attacks. The more advanced and more targeted attacks which were typically reserved for nation-states and criminal syndicates are becoming available on a greater scale. The reality is that the InfoSec community is moving towards a game of machine-versus-machine. There has been much speculation of an impending “arms race” between threat actors and security professionals both using AI. Some phishing scams already use AI to generate convincing social engineering campaigns. Security products are currently integrating AI to aid with challenges like threat detection, threat modelling, and anomaly detection.

Discussion Points:

·       Capabilities ML bring to cyber security industry.

·       As hackers are using ML for attacks, the need to utilize ML capabilities to defend against attacks.

·       Real-time use cases of ML being used in cyber security problem statements.

Efficiency of ML is combating upcoming threat like ransomware, zero-day attacks.

… How security problems are solved using ML

Track I (Technology)

Venue-  Royal 1

… How to secure dynamic distribution of workload on on-prim & cloud?

Track II  (Enterprise Security)

Venue- Pearl 2

The vast majority of businesses running on-premises infrastructure have either already moved to cloud or planning to move at least a part of their infrastructure onto the cloud. On one hand, moving to cloud enhances organization’s agility for workload management but on the other, it demands concerted efforts for managing security posture which requires a separate strategy for its protection than the traditional one.

Understanding the dynamic behaviour of workloads which may include its launch, change in scale, and movement of workload in the infrastructure, plays a critical role in detecting and then defending the threats. It is highly important to have a deep and real-time visibility into infrastructure changes and dynamic distribution of workload on cloud which will help in strengthening the security posture of cloud. 

Protecting the Workload on Cloud becomes acute in case of mission critical infrastructures, and the complexity increases in case of hybrid cloud deployment where dynamic movement of the workload happens in the private or in-premises data centres and public cloud. Complexity of the infrastructure demand automated discovery of the security posture of workloads on cloud.

Demonstrating Use Cases … How security problems are solved using Blockchain “

Track III (Innovation)

Venue- Pearl 1

One may not have experienced the emergence of computers or the Internet, but for sure everyone today is inundated with blockchain ‘up and down’ streams. It is a wildfire which is spreading everywhere and trying to emerge as a solution to every problem of this planet. ‘Bitcoin’ is believed to be the birth of blockchain when it comes to large and complex application of it. It is a peer-to-peer ledger which is distributed in nature, based on the principle that ‘World can exist without intermediaries or third parties’ and it works based on consensus aka validation mechanisms programmed on different nodes of its networks. Characteristics such as no single point of failure (as it is distributed), absolute transparency, robust cryptographic techniques, near 100% immutability and its ability to use smart contracts (based on programming), makes blockchain the most loved child of this digital era.

The blockchain stack is growing day-by-day. The stack consists of, but not limited to, decentralized applications, new protocols to improve its performance or emergence of organizations based on it, etc. Banks have started using it for connecting their local branches and improving its settlement system’s processing time and save on irrelevant cost; putting client KYC system on blockchain so that other banks can use the data on real-time basis to provide expedited services and products.  Organizations are also using it to enhance visibility on its third parties and their integration, so that cost leakages in a complex supply chain can be avoided. The deep exploration has commenced to change the ecosystem of cyber security leveraging blockchain. The early favourite use cases of cyber security with blockchain are such as blockchain defined perimeter, protecting data, securing identities etc. The cyber threat landscape is becoming a menace day by day, with sophisticated threats targeting end consumers and enterprises, the need is to overhaul mitigation approach framework. Blockchain for cyber security may emerge as a new beacon to lead the preparedness against adversaries of cyber space. Hence it is imperative to explore cyber security use cases based on blockchain, to better our digital future.

Discussion Areas:

·       Emerging Paradigm of Blockchain

·       Need of Blockchain based cybersecurity

·       Evolution of Cyber Security Capabilities based on Blockchain

Use Cases of Blockchain for Cyber Security

… Changing role of Mobility- from personal & social transactions to financial transaction processing

Track I (Technology)

Venue- Royal 1

Mobile phones/systems with Internet connectivity are becoming one stop shop for most of our needs in daily life. The growth of smart phones witnessed over the years, made almost all electronic companies to venture in this field and benefit from its evolvement. Certain financial initiatives at the national level such as licensing payments banks, demonetization, evolution of digital currencies, exploded the no. of digital payments and financial transactions on one hand, and also created lucrative business market. Many conventional and non-conventional technology players have started venturing into the field and with newer innovations, every day. There are various forums where security of mobile technologies, applications, authentication mechanisms, etc. have been discussed for quite some time now, but digital payments integration with mobile technologies are creating entirely a new gamut of security and privacy concerns.

·       Integrating social, personal, financial and professional lives of individuals with development of digital finance on mobile technologies and platforms

·       Crimes and frauds of financial nature but due to exploitation of the vulnerability in mobile technology and overall authentication framework

·       Security concerns with involved software and applications’ designs and codes

New or enhanced regulatory measures, standards and frameworks to address security concerns with integration complexities of mobile technologies with digital financial transactions

...Investigative opportunities & challenges while drowning in digital data !

Track III (Innovation)

Venue- Pearl 1

The growing espousal of the Digital forensics in nearly all types of investigations viz., Criminal, civil or administrative investigations, the scientific plausibility of the result of such investigations has been improving considerably. Digital forensics help the investigators to create a hypothetical event reconstruction that may assist in the probes. Digital forensics in India and worldwide has evolved and advanced around the technical revolutions and is now facing yet another new era of transformation due to the emergence of social media, mobile devices, and cloud computing. The innovative emergence of counter-forensics tools has created unique challenges to the law enforcement authorities and corporate investigators. Device makers have publicly announced their efforts to strengthen privacy on mobile devices, which will ensure that it is no longer possible for digital forensics practitioners to unlock encrypted devices. 

To further complicate the position, there is a dearth of digital forensic experts in the corporate as well as Law enforcement. The absolute mass of complex data generated and stored in the cloud, on social media platforms and on mobile devices creates further opportunities for investigators at the same time gives options for the criminals to better hide their trails — getting the workload for investigators even more outstanding. Another challenge faced is the lack of standard operating procedures to test and analyze the increasing numbers and types of beginnings, which bring a multitude of working schemes, file formats, and so on Even though there are some international standards created for dealing with the digital evidence, there has been no adoption by the investigators.

The current investigation practice involves the analysis of data on standalone workstations. As such, the sophistication of the techniques that can be practically employed is limited. Distributed Digital Forensic, High-performance computing (HPC) advantages should be employed wherever possible to reduce computation time and to reduce the time required by humans. A move towards Digital Forensics as a Service (DFaaS) and high-performance computing is supposed to provide advantages beyond merely expediting the techniques currently applied in forensic investigations, which remain reliant on manual input.

Innovative research and development to enhance forensics and database capabilities is the demand of the hour. Universities and academic institutions should focus more on the research and development that may result in the development of indigenous issue specific technical tools and solutions.

Discussion points:

·       What are the opportunities for the law enforcement and private enterprises that digital forensics offer to deal with the cybercrime threats?

·       What requires to be done to fortify the relationship between law enforcement and private enterprise and to promote best practices for dealing with investigations.

·       What would be the function of government/private enterprises/academia to inspire apt individuals to acquire an involvement in Digital forensics?

·        Challenges related to Digital forensics and ways to maintain stride with technology and to move toward a model to facilitate complex investigations

… Exercising your options to manage complexity, diversity, agility, quantum, and scalability of challenges

Venue : Pearl 2

Cyber security is no longer a non-strategic domain. It is indicated as we follow billion dollar organizations and every week we hear of a cyber security breach and its impact on nations and industry ecosystem. With stakes so high, the government and business leaders must start thinking about cyber security in a new way. The cyber threats and challenges are increasing at an unfathomable rate. Governments and organizations are finding it arduous to protect its assets with precision especially when they encounter complex and large scale cyber-attacks. The necessity of strategic thinking in cyber security cannot be ignored going forward. Researchers and stakeholders have been leveraging strategic thinking for diverse scientific fields which represents chaotic environments. Cyber security as a scientific field is complex and chaotic at the same time. Achieving absolute control and visibility in the scenario of ‘unidentified presence of a malicious actor’ may result in an illusion which we may start believing as our reality.

Avoiding misconceived reality may need a special focus on inclusion of strategic thinking in cyber security of the organizations and country. The elements to achieve inclusion of strategic thinking in cyber security  are such as, but not limited to, (I) Learning from cyber incidents constantly (II) Achieving real-time collaboration between stakeholders (III) Inclusion of active cyber defence as a protection strategy (IV) Adopting ‘Security First’ principle in everything (IV) Building holistic strategies and organization wide approaches (VI) Earmarking new methods such as threat hunting, deception and actively obtaining threat intelligence (VII) Assigning gravity to cyber security for supply chain (VIII) Linking reputational damages and business losses with cyber security. These elements as cited are good for starters. The ‘cyber security strategic dish’ preparation needs extensive efforts.

Discussion Areas:

·       Emergence of cyber security as a strategic domain

·       Constituents of strategic thinking in cyber security

·       Learnings from other fields such as defence establishments to build strategic thinking

Case studies which demonstrates strategic thinking in cyber security

Venue: Mapple

Venue: Royal

Corporate, Product and Law Enforcement Segment

Venue: Pearl

Venue : Pearl

Corporate, Product and Law Enforcement Segment

Venue: Pearl

…Using Science of Habits For Secure User Behaviour

Breakfast Session II 

Venue:- Royal 2

Why do we eat french fries, despite knowing they are bad for our health? Because awareness alone is not sufficient to change user habits. In this session, you'll learn about the latest research on behavioral psychology and the "habit cycle." Humans execute more than 40% of their daily routines without conscious thinking, performing tasks like trying shoe laces and changing car gears. You'll learn how these automated habits are formed and stored, and how we can change them to help improve information security practices. The session will cover the following:

·       Why is security awareness is not enough?

·       Irrationality of the human mind

·       Understanding the science of Habits

·       Practical IT security use cases

·       An actionable playbook including 30-, 90, and 180-day plans

… Exploring the concepts of design thinking to solve security problems

Breakfast Session IV

Venue:- Maple 2

While designing solutions, revitalizing structures and processes, setting up objectives and strategies, articulating goals, motivating teams, organizing efforts, driving change, bring shift in paradigms making transactions sensitive to security and privacy. Any suggested change or solution often leads to problems and issues, as it may not have gone through the process of design thinking. Design thinking is an iterative process, which strives to refine the existing situation to a desired one in a gradual and step-by-step manner. Design thinking for security may entail following aspects, but not limited to:

o   Understanding of operational process, identifying interventions required for security and privacy. Knowledge of processes, and how they can be optimized with these interventions. Understanding of process design for a variety of security and privacy objectives

o   Comprehension of the cognitive processes and efforts of the users dealing with the IT systems, more particularly when taking decisions to protect security and privacy

o   Measuring emotional intensity of users, positive and negative, while going through a transaction or process, especially related to security aspects, to understand positives and pain points

o   Ideating solutions, evaluating the solutions and applying various dimensions in the ideation process. Devising story board of the process before and after application of solutions for purpose of validation, review and user feedback

o   Testing of new approach, view, solution and control that come through above process from various dimensions including users and stakeholders involved

This session would delve into the concepts of Design Thinking and assess their role in managing affairs of cyber security

Discussion Points:

1.     Design Thinking: fundamental concepts and its role

2.     How it helps any organization in various tasks and initiatives

3.     Challenges and complexity of security management: limitations of contemporary thinking and approaches

4.     Introducing Design Thinking to the disciplines of security and privacy

5.     Possibilities and potential of using Design Thinking in managing affairs of security and privacy

… Vulnerabilities, patching, legacies, assets, backups, recovery, operations, response, sharing & collaboration

Track I [Threat Response]

Venue:- Royal 1

Session Brief

Earlier this year, it became evident that targeted attacks is just one of the threats that companies face. Massive global cyber-attacks, such as WannaCry and NotPetya/Petwrap ransomware, demonstrated how companies can be affected by cyber-attacks without even being in the direct crosshairs of the perpetrator. Take for instance the impact of WannaCry, it hit more than two lakh machines, in 150 nations. Most of the affected companies had to halt their operations to contain the ransomware infection within their network. Some of the sectors affected by WannaCry were Health Services, Automobile Manufacturers, Telecom Services Providers, Banks, Logistics, OEMs, and Railways.

If one were to analyse the timeline of WannaCry or even PetWrap for that matter, one would observe that majority of affected companies failed to implement the MS17-010 security patch. This patch was released by Microsoft two to three months prior to these attacks. 

If anything, these attacks should serve as a wake-up call to organizations, both big and small, to get their basic cyber security practices right. They should perform a deep introspection of their security practices to begin with. With nation-state actors leveraging the cyberspace for their own interests, cyber security is no longer just an enterprise issue. It has now transformed into a political issue and organizations should start treating it as such.  

Discussion Points

·       Zero-days, play of state actors

·       Disclosure of vulnerability by technology providers

·       Security ramification of unsupported operating versions

·       Perpetration of the attacks

·       Ability to estimate possible damage to assets

… How media investigates and reports security and privacy?

Track II [Policy & collaborations]

Venue:- Pearl 1

Media with its speedy and all-pervasiveness nature has been ushering and influencing minds since ages.  In the current age of digital media, information being used, presented and consumed has even greater power to impact the masses. As cyber security has emerged as one of the key discussions at global forums and in the public interest, it is imperative to discuss the role of media in cyber security reporting.   

Among other public and diplomatic matters, reporting on cyber security & privacy matters has witnessed a long journey from conventional news reporting (more reactive) to in-depth, insightful, well researched information gathering and narration for public consumption. Significant efforts are being made to reach to the depth of a story, researching various dimensions involved, interacting with experts and presenting the report in more visual and interesting ways. 

The session will delve deep into the landscape of journalism with prime focus on cyber security and will try to find out answers to the following:

Role of media reporting in shaping discussions of security and influencing decision making 
Evolution of investigative journalism in cyber security
From sensational reporting of breaches to thorough investigation
What it takes to report on cyber security? Skills, expertise, research, interviews, analysis, visualisations and reporting
Challenges and need for collaboration from stakeholders
Role & responsibility of media in the dynamic nature of cyber world

… taking the leap from ideation to implementation

Track III  [Governance & Preparedness]

Venue:- Pearl 2

Technology with its ever increasing pace has encroached into everyone’s life. Whether it’s a smartphone or smart accessory or smart wearable or smart anything, there would be hardly anyone who has never interacted with anything Smart. One can discuss at length the definition of smart in “smart-X” (X being the proxy), but can never define it without using the terms connectivity, mobility, intelligence and analytics. And with these comes the data being generated, and concerns related to security and privacy of data and hence the “Smart X”. With digital India projects and urbanization of the cities in India, projects in conceptual stages have now started to actualize. Identification of smart cities by the central government in India also raised the requirement of having secure smart cities with all the necessary controls and measures to address social, physical and economical challenges. Though, there has been a decent growth in terms of frameworks for smart cities, but what lacks is the reasonable consideration of cybersecurity in those. The same could be addressed with the cyber security framework for smart cities, which can take security-by-design into consideration while the smart cities are actualized.

·       Industry measures taken till now while designing or building smart cities

·       Government efforts in identifying cybersecurity requirements while implementing smart city projects

·       Level of awareness with the residents and buyers of smart city’s smart homes/societies

·       Understanding the complexity of everything connected in smart world and IoT so as to be proactive and adhere to the security-by-design principle

·       Diverse risk profiles such as hardware security, larger attack surface, domino effect, application risk, privacy issues, etc. 

…Key strategy to contain sophisticated attacks deploying lateral movement techniques

Track I [Threat Response]

Venue:- Royal 1

To prevent attacks or reduce business impact, pace of detection is key but it’s always better to identify the attacker even before it reaches the network. Illusive network and deception technologies are a way to do so. These technologies are becoming more important in a multi-layered process as an alternative to existing tools to improve threat detection and response. Organizations are adopting these technologies for strengthening their defence posture along with benefits such as simpler deployment, and less operational burden. Illusive networks and deception techniques implement ways to divert attackers and rout them is a lucrative way to engage and reveal themselves.

The basic component of network based deception is adaptive honey potting. With the evolution of technologies such as virtualization and software defined networks, it became easier to deploy and manage the deception infrastructure. Deception technologies are suitable to infrastructures such as IoT, medical environment, supervisory control, etc. where complexity of the infrastructure demand expensive and may be difficult to implement security controls. 

Deception technologies are being used by organizations for identifying lateral threat movements inside the network. Once an attacker has penetrated the organization's external perimeter reaching ahead, target deception techniques can redirect it to a decoy and help in raising alert to the defending team.

 … Assessing hype and reality of cyber warfare

Track II [Policy & collaborations]

Venue:- Pearl 1

Unlike physical space, cyberspace is a manmade landscape of interconnected devices and networks. Organizations must connect and remain connected, to this Internet in order to compete in today's markets. Government agencies, businesses, and educational organizations utilize computers to such an extent that their routine operations would significantly be held up if their computer systems or network impede. While using of computer and computer system would enhance the ability of organizations to conduct activities in a cost-effective and efficient manner, however, along with it comes the vulnerabilities. The emergence of cyberspace adds an additional dimension to warfare: with and without clashes of traditional troops and machines of war. Usually cyber warfare is referred as attacking and defending information and computer networks in cyberspace, as well as denying an adversary's ability to do the same. Attacking a nation via the Internet will have extreme consequences to the attacker as well as collateral global damage. No nation-including both public and private infrastructure-is immune from attack.

With each passing day, cyber-attack landscape is becoming more advanced and sophisticated. In the recent past, we have witnessed some major cyber security incidents such as Stuxnet, Duqu, ransomware attacks on organizations and hospitals worldwide. A number of incidents of website defacement, theft of national defence information, and intellectual property theft indicate we are moving towards cyber warfare which is the biggest threat to the current world. On the other hand, we have an opinion that cyber warfare is a hype and it is not going to happen.

Discussion Points:

·       What is meant by the term cyber warfare?

·       The myths and reality to the cyber warfare

·       Increasing number of incidents is an indication of cyber warfare.

·       Role of nations in preventing cyber warfare

How the CISOs are responding ?

Track III  [Governance & Preparedness]

Venue:- Pearl 2

Innovation in the world of Security is driven by multitude of factors. Two noteworthy of them being- What will the Future Cybersecurity Landscape Look like & What Type of Solutions are needed to address the Most Critical Pain Points.  CISOs across the industry verticals are exploring and embracing newer cutting edge technologies and products and capabilities which are no longer in the conventional league but rather based on more intuitive concepts like Machine Learning, Artificial Intelligence, Deep Learning etc. The multi-faceted learning and experience which CISOs bring to the table can go a long way in enabling mentoring of capability providers.

While discussing the Innovation, a critical aspect to deliberate is the Funding that is going into Stimulating and fostering creation of more robust and world class products.  Questions such as Where is the Next Big Investment opportunity and why are being encountered more often than ever before.

This session will endeavour to brainstorm on the following aspects:

·       How CISOs are adopting and promoting Innovation in their organizations

·       Role of innovation in fuelling growth of indigenous Cyber Security product companies

·       Hurdles to Innovation

·       Value of having the right data set in the innovation ecosystem and how can the CISOs contribute to this, given their interface with variety of data sets

… Malicious actors targeting renowned ERP applications, worry for critical sector

Track I [Threat Response]

Venue:- Royal 1

Today, zero-day vulnerabilities are one of the worst nightmares for every CISO. The threat of an undisclosed vulnerability in an organization’s ERP system, without a preventative patch available, is frightening.

ERP systems often have access to sensitive information of a business such as financials, HR payroll data, inventory details etc. This information in the wrong hands could mean the end of a business. This leaves little guess work in why malicious hackers are so eager to discover zero-day vulnerabilities in ERP systems such as those from Oracle or SAP.

Since most organizations rely on ERP systems, a zero-day in one vendor’s ERP system could have a domino effect across multiple sectors. This also includes critical sectors such as telecommunications, transport, aviation etc. A breach in any one of these sectors could have a catastrophic effect on national security.

Discussion Points

·       How prominent are zero-day vulnerabilities in ERP systems?

·       Is there a bigger threat facing ERP systems than zero-days?

·       What best practices can be employed to protect organizations from zero-days in ERP systems?

… Imperatives of contextual, embedded, engineering focused, intelligence driven & automated approach

Track II [Policy & collaborations]

Venue:- Pearl 1

We live in a truly amazing time – a hyperconnected, digital world where people, processes, data, and things are connected in ways that stir the imagination. The effects of an increasingly digitized world are now reaching into every corner of our lives.  Digitization is transforming businesses through models like delivery control in form of personalized services, customer experience, workforce efficiency, personalized services through mobile, virtual warehouse and connected factory. The adoption of digital technologies and applications by consumers, enterprises, and governments — is a global phenomenon that touches every industry and nearly every consumer in the world. For every industry, digitization changes the way products are made, sold, and distributed, as well as how companies are managed, and how and with whom they compete.

Digital Transformation is disrupting businesses in every industry and breaking down barriers between people, businesses and things. Processes are getting digitally interconnected, organizations are embracing open ecosystems and digital engagements are increasing. Digitization has brought many benefits to businesses, but it also brings a new set of risks across a range of industries. With the adoption of digitization, new security requirements have arisen shifting traditional security paradigms.

For most companies, one of the first things standing in their way towards digitization is the question of security. As companies digitize, more sensitive information and processes are at disposal, and this has introduced new kind of threats across all industries. It is interesting to note that not all attacks come from the outside. Hackers can gain access to the personal data of your clients and customers. Personal data is particularly vulnerable in retail companies, the public sector, financial services, and healthcare. Cyber is often an organization’s largest aggregate risk. The cybersecurity risks are now on par with financial risk when it comes to exposure, the level of importance for business, and for the controls one must put in place.

Discussion Points:

·       The need of digitizing the security

·       The impact of security risk in adoption of digitization

·       The emerged security risk with the pace India is adopting digitization

·       How the risk should be addressed as a country when moving to digitization

…Insider threats , Litigations and regulatory investigations

Track III  [Governance & Preparedness]

Cybersecurity breach incidents continue to increase in number and frequency that is compelling the board of directors to focus on the oversight and management of the cybersecurity incidents. The financial losses and irreparable reputational damage such incidents inflict cannot be overcome unless there is a clear strategy defined by the board to deal with it. Many corporations are making wise investments related to security that is aiding to create a significant difference when cybercriminals try to attack.  A survey of the NYSE Governance Services found that cybersecurity is discussed at 80% of all board meetings. Yet, the same study revealed that only 34% of boards are convinced around their respective companies’ ability to fend for themselves against a cyber attack.

Evaluating the impact of any cybersecurity breach incidents cannot be known immediately post incident as most of the times the corporate do not know what the criminals will be doing with the data exfiltration.  Successful cyber attacks are launched against the corporations who do not have a strategy to implement safe security practices in protecting the consumer or employee personal information. Majority of the cyber attacks on the corporations are due to the absence of implementation of internal controls to protect the sensitive information.  Fear of negative publicity and undue delay in the legal proceedings also prevent them from notifying to the law enforcement authorities. 

The boards should clearly draw directions on how and when to contact the law enforcement and other regulatory bodies regarding insider or outsider threats, keeping in view the legal requirements of notifying any cybersecurity breach incidents.  Working with law enforcement agencies has some significant benefits like compelling the third parties to disclose data that are required to know the source of the attack and also reconstruct how the incident took place.

Working closely with the Law enforcement will also be looked favorably by the shareholders, the public, and other associated parties. The successful prosecution of cybercriminals will not entirely forestall the further harm but, also deter others from committing the crimes.

Discussion points:

1.     How are you seeing Cybercrimes evolving & how do you see enterprises gear up to respond?

2.     What steps do organizations need to choose to draw clean lines of accountability and responsibility for cybersecurity efforts to fend off and cut the impact of cybercrime?

3.     What are the benefits of working closely with the Law enforcement agencies, while dealing with any cybercrime incidents? What are the best practices for Law enforcement interactions?

4.     Legal aspects of dealing with the cybercrime incidents- Role of corporate legal counsel to help draw effective strategies.

How to bridge the gap in the perception of Cybersecurity governance effectiveness between the board and the security team.

Venue:- Pearl 2

By Forescout

Venue:- Royal 2

By: Fireeye 

Venue :- Maple 2

Venue :- Pearl 

Venue:- Pearl

Venue:- Pearl

… How the world of crime & crime investigation would be shaped in the digital age

Technological evolution has gifted our world with uncountable possibilities. Every new technology or innovation has its detrimental flip side but still we fail to imagine how they can be used against us. At the same time, criminals are canny enough to understand the emerging technology landscape and leverage it for their benefits. This warrants deliberations on the landscape of probable future crimes which may haunt us in upcoming times. The anatomy of future crimes may provide a high level visibility into the dark side of technological innovation and the inadvertent consequences of the connected world.

Where does even one begin to imagine the crimes of the future? The list is never ending with examples such as avatar hijacking, kidnapping via self-driven cars, remote hijacking of airplanes, murders via Smart Cars, mass 3D printing of advance weapons for illegal use, cartels delivering drugs with pocket size drones, bio-terrorism recipes available online, etc. The dissection of future of crimes may prime us in understanding how future criminals may make use of technologies of tomorrow, including robotics, synthetic biology, nanotechnology, virtual reality, and artificial intelligence. Humans need to prioritize their understanding regarding the future of crimes if they do not want to be exposed to a large set of risks and vulnerabilities. Understanding of futuristic crimes is imperative for future safety. 

Discussion Areas:

·       Changing landscape of crimes due to technological evolution

·       Focus and flavours of future crimes

·       Scenarios from science fiction helping in futuristic crime anatomy

·       Global preparedness to tackle future crimes

Plenary Session II

Venue:- Pearl