01-07-2017 (Important News Clippings)
To Download Click Here.
Ransomware attacks and cyber security
Standing e-gilant at the gates
By Siddharth Vishwanath,The writer is partner, cybersecurity, PwC India
A new wave of the Petya ransomware variation has been affecting a significant number of organisations across a wide range of industries since June 27. Petya has now been redubbed as ‘NotPetya’, and increasingly tongue-in-cheek variants of that name — Petna, Pneytna, etc — have also been given to the virus that has been wreaking havoc.Many victims have already been observed, including multiple entities within Ukraine, Spain, the Netherlands and Britain. This is reminiscent of the WannaCry outbreak in May, which also had a worldwide reach, compromising a similarly broad range of organisations at speed.
Petya is known for its unusual encryption method, which seeks to encrypt data at a more basic level, preventing the machine from booting.And if administrator privileges are unable to be obtained via the Petya malware, encryption can still occur using the typical ransomware approach of encrypting at the file level.Many companies have issued technical advisories to their client information technology (IT) and cyber security teams on preventing, detecting and responding to the malware.
However, doing the basics right cannot be overemphasised. The threat is far more complicated than what meets the eye.Immediate measures would include actions such as the patching of systems in a timely manner, and updating anti-virus signatures. These are the basic controls that, when rigorously followed, would go a long way in safeguarding the proverbial crown jewels.There are many pragmatic steps that organisations can take to reduce the likelihood of incidents, limit their impact when such a strike does occur, and to recover swiftly and effectively. These span several aspects of IT operations and security.
Some of the steps include the ability to restore systems rapidly from backups. It is important that at least the mission-critical assets have a robust backup mechanism. Another important step is to have effective incident-response plans in place.
The golden tenet continues to be having strong security hygiene policies and user awareness to prevent ransomware entering your IT environment through both technical controls and vigilant employees. Rigorous patch and vulnerability management is another area to be constantly monitored since this ensures that you make effective use of work already done to address vulnerabilities.The focus of cyber criminals who launch ransomware is usually monetary gains. But at times, they could also be purely focused on disruption of services. The latter is usually the case if it is a targeted attack.Another important, but often overlooked, aspect is the impact of paying ransom on future campaigns. Simply put, the criminal mastermind today has a greater incentive to carry out such attacks because of the monetary gains that it promises. And the advent of cryptocurrencies like bitcoin, with its promise of anonymity, only adds more fuel to the fire.
Such campaigns are no longer acts carried out by individuals, but a more sophisticated, coordinated global effort that mimics many of the collaborative and efficient practices modern-day corporates are known for.And just like those corporate entities, a certain amount of the ransom received is reinvested to develop and enhance attacks in the future.India is rapidly moving towards becoming a digital economy. Are we prepared for a threat of this nature? WannaCry and Petya are mere tips of the iceberg. The threat is real. It is an impending crisis that can not only cause financial loss but can also affect business continuity and reputations. Cybersecurity needs to become apriority for any business, any country.India needs to move faster with strategic procedures to prevent such attacks with the following measures:
Immediate measures:
* Patch all Microsoft systems.
* Update anti-virus on all systems.
* Strengthen the email filtering and spam gateway.
* Implement additional firewall rules, web gateway rules and detection mechanisms mentioned in detailed advisories.
Strategic measures:
* Robust IT disaster recovery plans: Ensuring that individual user systems and key servers can be restored rapidly from backups.
* Strong security hygiene policies and user awareness: Preventing ransomware entering your IT environment through the most common delivery vectors.
* Rigorous patch and vulnerability management: Ensuring that known vulnerabilities are not exploited by attackers.
* Crisis and incident response planning and exercising: Ensuring that there are organisational capabilities to restore service to employees and customers.
ट्रम्प की फिसलपट्टी पर जरा संभलकर चलें
वेदप्रताप वैदिक भारतीय विदेश नीति परिषद के अध्यक्ष,(ये लेखक के अपने विचार हैं।)
Date:01-07-17
सिक्किम सहित पूर्वोत्तर में एडीबी की रुचि का महत्व
जब सिक्किम से लगी अंतरराष्ट्रीय सीमा पर चीन और भारत के बीच सैन्य गतिरोध जारी है, एशियाई विकास बैंक (एडीबी) ने सिक्किम सहित पूर्वोत्तर के राज्यों की परियोजनाओं के लिए धन देने की तैयारी दिखाई है। यह घटनाक्रम इसलिए महत्वपूर्ण है, क्योंकि विश्व बैंक सहित अंतरराष्ट्रीय वित्तीय संस्थाएं भारत के विवादास्पद सीमा वाले हिस्सों के किसी प्रोजेक्ट में धन लगाने के प्रति अनिच्छुक रहती थीं। इसके पीछे चीन का दबाव भी कारण रहा है। फिर 1962 के युद्ध के बाद हमारी सरकारों ने जान-बूझकर चीन से लगे सीमावर्ती इलाकों में मूलभूत ढांचे के विकास की अनदेखी की। इसके पीछे उद्देश्य यह था कि चीन के किसी दुस्साहस के खिलाफ यह प्राकृतिक अवरोध का काम करे। जब चीन ने अपनी तरफ के हिस्से में तेजी से विकास कर सैन्य दृष्टि से बढ़त हासिल कर ली तो हमें भी यह नीति छोड़नी पड़ी। फिर 1992 में अर्थव्यवस्था खोलने के बाद देश ने अगले दशक में जो आर्थिक रफ्तार पकड़ी उसके कारण उसका आत्मविश्वास भी काफी बढ़ा। चीनी सैनिकों द्वारा बार-बार सीमा का उल्लंघन करना भी नीति बदलने का कारण रहा है। उन्हें रोकने के लिए पुख्ता मूलभूत ढांचे की जरूरत से कौन इनकार कर सकता है। एडीबी का यह फैसला भारत में जापान के दूत केंजी हिरामात्सु के दो माह पहले के बयान के बाद आया है कि उनका देश पूर्वोत्तर भारत में मूलभूत ढांचे के विकास में योगदान देना चाहता है। अब भारत और अमेरिका के बढ़ते रिश्ते और संयुक्त रूप से चीन को चुनौती मानने के बाद एडीबी ने भारत के लिए नई कंट्री स्ट्रैटेजी बनाते हुए उसके अल्प विकसित राज्यों में मूलभूत ढांचे के विकास में पैसा लगाने का फैसला किया है। एडीबी के कंट्री डायरेक्टर केनिची योकोयामा ने कहा कि इसी नीति के तहत पूर्वोत्तर के राज्यों को अल्प विकसित राज्यों की श्रेणी में रखकर मदद दी जा सकती है। दरअसल, दुनिया माथा देखकर ही तिलक लगाती है। जब हमारी नीति चीन के सामने दबकर चलने की थी, उसके डर से हमने अपने ही सीमावर्ती इलाकों में विकास रोककर रखा था तो अंतरराष्ट्रीय एजेंसियों को भी ऐसे प्रोजेक्ट में हाथ डालने में आशंका नज़र आती थी। अब जब हमने आत्मविश्वास दिखाकर वहां विकास का बीड़ा उठाया है और विभिन्न मुद्दों पर चीन का विरोध करने का साहस दिखाया है तो ऋणदाता एजेंसियों का भी रवैया बदला है।
चीन से चुनौती
आने वाले वर्षों में अंतरराष्ट्रीय स्तर पर भारत के सामने सबसे बड़ी चुनौती होगी चीन के उद्भव और उसकी बढ़ती आक्रामकता से निपटना। चीन ने गत सप्ताह सिक्किम में सीमा पर एक मामूली खींचतान के मौके पर सन 1962 के युद्घ की याद दिलाकर यह अहसास करा दिया है। इस प्रकार उसने एक तरह से भारत की मौजूदा सैन्य क्षमताओं को ही दरकिनार कर दिया। बहरहाल अगर हम बहरे नहीं हैं तो हमें चीन के सार्वजनिक विरोध प्रदर्शन में लगातार बढ़ते दंभ को महसूस करना होगा। यह दंभ निजी बातचीत में भी झलकता रहता है। चीन के वार्ताकारों ने भारतीय समकक्षों से यह कहना जारी रखा है कि दोनों अर्थव्यवस्थाओं के आकार में पांच गुने का अंतर है। उनका स्पष्टï कहना है कि भारत को चीन की श्रेष्ठïता को स्वीकार करना चाहिए और उसी हिसाब से व्यवहार करना चाहिए।
Why we need nuclear power
Solar power may be price competitive, but it is subject to vagaries of weather
Kirit Parikh,The writer is chairman, Integrated Research and Action for Development (IRADe) and former member, Planning Commission
Prime Minister Narendra Modi signed an agreement early June with President Vladimir Putin for two more units of nuclear plants at Kudankulam. Earlier, the government announced an agreement with international companies to set up 7,000 MW of nuclear plants for Rs 70,000 crore based on our domestic technology. Its wisdom has been questioned by many commentators.
I have long argued that from a long-term perspective India needs to keep the nuclear power option alive. This is because we are short of oil, gas and even coal. More than 70 per cent of petroleum products, 40 per cent of gas and 20 per cent of coal consumption are based on imports. Our known extractable coal reserves will run out in about 40 years if our coal consumption keeps growing as it has over the past 25 years.
As a result in the report of the expert group on integrated energy policy in 2006 that I chaired, we had argued that for India, from a long-term perspective, renewable energy is inevitable and nuclear option should be retained as an insurance. Thus I had applauded the Bush-Manmohan Singh agreement on nuclear energy. The energy scene has changed dramatically since then and one needs to revisit that conclusion.
To push renewables, the government launched the National Solar Mission in 2009 with a target of setting up of 20,000 MW of solar plants by 2022. It was recognised that solar plants would need subsidy through a guaranteed price via feed-in-tariff (FIT) at which solar electricity would be purchased. However, to ensure that the subsidy does not kill competition and incentives to cut cost and innovate, the FIT was to be competitively bid. This has worked out beyond expectations. In the first auction in 2010, when the expected bid was Rs 15 per unit, the bid came to Rs 13.50. The latest bid in May 2017 asks for a FIT of Rs 2.44 per unit for a 500 MW plant at Bhadla Solar Park 3 in Rajasthan. There are, however, some subsidies involved in this. The plant has been provided guaranteed purchase of the power generated and the transmission and distribution charges have been waived. Even accounting for all these, the long-term levelised tariff would be around Rs 3 per unit. This may be compared with the average rate of Rs 3.20 per unit of coal power generated by NTPC, which owns some 50,000 MW of coal power plants. Besides, the price of solar photovoltaic (PV) plants is expected to fall further.
The threat of climate change and the concern for environmental pollution are likely to constrain the development of coal-based plants. Installation of electrostatic precipitators to trap particulate matter, fuel desulphurisation plants, etc, to reduce local air pollution will increase the cost of coal power. They will still not reduce carbon dioxide (CO2) emissions. CO2 emissions can be dealt with by capturing it from the exhaust and storing it underground. Apart from the long-term reliability of underground storage of CO2, the cost of carbon capture and storage (CCS) is quite high and requires more energy, so the cost of power would be some 30 to 50 per cent higher. Thus India cannot rely on coal power for long.
Solar power is available only when the sun is shining unless it is stored in some way. In a year, a solar PV plant of one KW capacity generates no more than 2,000 KWh of electricity, whereas a coal-based or nuclear plant can generate around 7,000 KWh/year per KW of capacity. To provide power when the sun is not shining, we need some balancing power. It could be coal-based, gas based, nuclear, hydro power or through stored electricity.
India’s potential for hydro power is 150,000 MW at 35 per cent load factor that means around 460 billion units per year. It is unevenly distributed across months. The generation from run-of-the river plants during the lean month may be as low as 10 per cent of generation during the peak month. If the country is to grow at seven or eight per cent till 2050 and even where energy efficiency is pushed, we will need around 8,000 bkWh. If we were to push electrical vehicles it could be as much as 12,000 bkWh.
Thus even when we have fully developed our hydro capacity, we will still need balancing power. Since gas has to be imported, it is a limited option. Nuclear plants have been run in the past with more or less constant load. However, with some design change it should be possible to run them in a load following mode. France has been operating some nuclear plants in this mode.
If the cost of battery storage comes down dramatically, we can envisage a system running entirely on solar, wind and limited hydro power. However, having some nuclear power helps diversify the system and adds to energy security.
The cost of nuclear electricity will depend on how it is financed. With a capital cost of Rs 10 crore per MW, with a debt/equity ratio of 4/1, debt interest of 12 per cent, return on equity of 15 per cent, and annual generation of 7,000 MWh, the capital charge is Rs 2.10/kWh. The operating cost at 2.5 per cent of capital cost comes to Rs 0.36/kWh and fuel cost for pressurised heavy water reactor is Rs 0.16/kWh. The total cost is Rs 2.62/kWh. If we compare these with similar financing charges of solar PV with storage that gives 6,000 MWh/year it will cost Rs 2.75/unit and cheap storage systems are yet to be developed.
Thus, if we can install the nuclear plants without delay and within budget, they are economically attractive. The decision to set up 7,000 MW of nuclear plants makes economic sense.
Making the House rules
Parliament must codify the legislature’s privileges to prevent misuse of power
M.R. Madhavan, is the president and co-founder of PRS Legislative Research
The Karnataka Legislative Assembly has found two journalists guilty of breach of its privilege and sentenced them to jail. This followed certain articles written by the journalists which were alleged to defame some legislators. This case once again raises the question of what should constitute privilege of the legislative bodies.
The idea of privilege emerged in England as Parliament started to protect itself from excesses by the monarch. It established several rights and privileges including the freedom of members of Parliament to freely speak and vote in Parliament (including its committees).
The question of privilege
The Indian Constitution specifies the powers and privileges of Parliament in Article 105 and those of State legislatures in Article 194. In brief, they (a) provide freedom of speech in Parliament subject to other provisions of the Constitution and standing orders of the House; (b) give immunity for all speeches and votes in Parliament from judicial scrutiny; and (c) allow Parliament (and State legislatures) to codify the privileges, and until then, have the same privileges as the British Parliament had in 1950. Till now, Parliament and State legislatures have not passed any law to codify their privileges.The power of privilege has been used against journalists in several instances. For example, in 2003, the Tamil Nadu Legislative Assembly sentenced the publisher, editor, executive editor and two senior journalists of The Hinduand the editor of Murasoli to 15 days’ imprisonment for contempt. The action against The Hindu was taken for three articles that described the Chief Minister’s speeches and used words such as “diatribe” and “high-pitched tone”, and an editorial.
Interestingly, the editorial commented on the privilege motion against the articles and argued that privilege must be invoked “only rarely when there is real obstruction to its functioning, and not in a way that sets legislators above ordinary comment and criticism.” The journalists obtained a stay on the arrest and the matter was referred to the Constitution Bench of the Supreme Court.
Given this history, there are several issues that need resolution. First, what should be the privileges that protect the members of legislatures and the House? How does the privilege power sit with fundamental rights of expression and personal liberty? It is clear that members of legislatures should be able to perform their legislative duties without any obstruction, and should be free to speak and vote without fear of legal repercussions. Should the privilege extend to comments on the individual actions of members?
Perhaps, it is better to restrict the use of privilege to proceedings of the legislature. Any member who is falsely accused of any impropriety can use the defamation route through courts. A further issue is whether the House should have the power to sentence a person to a jail term. While the British Parliament continues to have such powers, it has not used it since 1880.An even more fundamental question is: what are the privileges? In the absence of a code, how does one know whether an action is a breach of privilege or not? Therefore, it is important to codify them.
In this context, it may be pertinent to note that Australia passed the Parliamentary Privileges Act in 1987. That Act states that “words or acts shall not be taken as an offence against a House by reason only that those words or acts are defamatory or critical of Parliament, a House, a committee or a member”. However, this protection does not apply “for words spoken or acts done in the presence of a House or a committee”.The Act also prescribes a maximum punishment of one-year imprisonment and a fine of A$5,000. In 1999, a joint committee of the British Parliament recommended codification but this recommendation was overturned by another committee in 2013.
It is evident that the framers of our Constitution envisaged codification of privileges. In the Constituent Assembly, Dr. Rajendra Prasad said, “Parliament will define the powers and privileges, but until Parliament has undertaken the legislation and passes it, the privileges and powers of the House of Commons will apply. So, it is only a temporary affair. Of course, Parliament may never legislate on that point and it is therefore for the members to be vigilant.”
Parliament has examined the issue of codification. In 2008, the Committee of Privileges of Lok Sabha felt that there was no need for codification. It noted that the House had recommended punishment only five times since the first Lok Sabha, and that allegations of misuse of its powers were due to a lack of understanding of its procedures.
Given the number of such cases, Parliament and Legislative Assemblies should pass laws to codify privilege. It may also be time for the courts to revisit the earlier judgments and find the right balance between fundamental rights of citizens and privilege of the legislature. The recent case in Karnataka gives another opportunity to examine the issue.