Major Vineet Kumar is a social entrepreneur, activist, founder, and global CEO of CyberPeace Foundation. In the beginning, he started his journey as an activist by launching the National Anti-Hacking Group. This initiative was started in 2003 and was one of the first ventures initiated in the fight against cybercrime in the world. Ever since its launch in 2003, sir has been working towards devising programs and policies for safer cyberspace and sensitising people to stay safe online.
Vineet Kumar has served as a Chief Technology Officer (CTO) and Head of the State Government agency, Cyber Defence Research Centre (CDRC) of Jharkhand Police, Government of Jharkhand. The apex bodies in the field of business, governance, social sectors, educational institutions, aviation and organisations affiliated to international organisations, United Nation Youth Assembly have all not only credited the contribution but also have ceremonially recognised and awarded sir’s selfless effort.
He has been interviewed by Arshia Jain, EBC-SCC Online Student Ambassador who is currently pursuing law from Vivekananda Institute of Professional Studies, Delhi.
-
I would request you to give our readers a small glimpse of your journey as a student and about your interests in a nutshell. What attracted your interest in this field as a student?
During the 90s, when computers were not accessible to the commoners, what was the vital component that drew your inclination towards cyber security that persuaded you to take it as your desired career and you could behold it as a future in the cyber sector/world.
At the age of 7, I got my first ever exposure towards the digital sphere as my father was an Army Officer and was serving on deputation in a government-based PSU which was in charge of IT modernisation back then. It was one of the first PSUs to get access to the internet. In 1995, India for the first time started to experience, gain and learn from the internet. My father taught me how to send e-mail in an era where there were no applications like Google and Facebook, telegrams and letters were the most common means of communication at that time. After school, I used to visit my father at his office and was fascinated by professionals in the IT team and how they connected to the internet. In those days, access to the internet was not easy as compared to today’s fast paced connectivity, as one was required to give a call to the nearest city Mayor (Calcutta) as we had a station in Ranchi. Then, the STD line was used, to connect using trunk lines, and after this hefty and lengthy process, one could access the internet.
Back then, the Utora Lite application was used to exchange e-mail and messages. I tried to utilize to the fullest even few minutes that I got on the PC- as the internet being an interesting idea and how technology had taken up, intrigued me. Few websites like yahoo existed, and so I came across internet relay chat (IRC) channel. One day when I was using my father’s PC, I got access to a hacker’s channel and in that era, hackers were taken as a negative and dangerous influence. Broadly, the 3 prominent types of hackers are white hat hackers, grey hat hackers and black hat hackers. A white hat hacker or ethical hacker is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks. However, unlike black hat hackers or malicious hackers, white hat hackers respect the rule of law as it applies to hacking. Gray hat hackers fall between white and black hats on the moral spectrum. Gray hats generally consider themselves good guys who are more flexible about the rules under which they operate. That hacker spoke to me for some time and I requested him to mentor me. He was a senior individual, aged around 45-50, of American nationality, only known by his code name, showed me a hack by hacking one of the major brands in the United States, live. The fact that he had access to my father’s PC and the documents on it, made me even more scared. As he realised, I was just a curious student who was still in school, he left me with some content, websites, and resources to research which then I took on and further I started reading and researching more about hacking and other cyber activities.
By 2001, I was clear to make a career in this space and I would not prefer to do anything else even though we lived in an era where engineers, doctors and IAS officers were careers the family wanted you to pursue, but fortunately my parents were very supportive and always said that do whatever you want to do and continue to pursue it but never do something wrong. Their blessings and support sparked that confidence in me that I would not do anything wrong and in turn use my knowledge to make world a better place. So, I created a small online group of like-minded individuals who can come together. I thought of applying the same knowledge with something positive, and decided that I will use the knowledge to protect individuals and organisations from cybercrimes and cyberattacks. I could foresee ten to fifteen years down the line the next generation of the internet is going to come and we are going to live in a connected world.
In the year 2003, I, started one of Asia’s first online anti-hacking group which protects individuals and organisations from hackers. At that time words like cyber security, ethical hacking were caveman words. We started working in the space and started protecting individuals, advising organisations and that time I came across multiple incidents that were taking place, for instance there was a cyberwar between Indian hackers and Pakistan based hackers, who were attacking each other but also gave some kind of inroads to work more in this space. We started a few awareness programs in the university and institution but it was very difficult back then to get any inroads because (i) nobody had the understanding about the subject; (ii) hacking being a negative word at that time made it difficult for people to believe and trust us. Hence institution and people used to keep us slightly away as they clearly did not understand the virtues of cyber security and this led to a lot of rejections in early days. But some forward-looking institutions who thought that we have the skills actually invited us to make the students aware of this field. One of the first institutions that invited us was Vellore Institute of Technology (VIT), followed by St. Xavier College in Ranchi after which gradually, people started following us. We registered the National Anti-Hacking Group (NAG) as a non-profit organisation at an online platform in 2003.
Then, in 2006 we registered it as a non-profit social organisation as an NGO in India. Very soon we got featured by a leading famous tech magazine called Digit in July 2006 wherein we were on the cover page of the magazine, and I just being a class 11th student got featured on the cover page of a leading tech magazine, was a major achievement for all of us. We were known as National Anti-Hacking Group (NAG) — the protectors of the nation’s data. The tagline given to us by the tech magazine was in itself a huge compliment and responsibility. We shot into fame after digit story and quickly different platforms like centre from various organisations, individuals inviting us for talk shows and news channels started inviting us to display our professional space.
Then in 2007, I got featured by reddit.com as an achiever wherein they highlighted around ten such achievers pan India which included people like the CEO of Bharat Matrimony, CEO of Paramount Airways, and others. At this time, I was giving my 12th boards and getting featured in the aspects of cyber security and entrepreneurship, was a very proud moment for me. As compared to earlier, now there has been awareness about these concepts, people were now willing to enter these spaces. But back then, many used to question my space, what I was doing, and what is this organisation, they were concerned about my future if I was going in right direction but my parents support led me to diligently continue my journey and ignore all the unwanted discussions around me.
After getting a few major achievements that signified positive growth of my career, I was sure about my movement in the right direction and also of the fact that a need for cyber security was starting to persist and so as an NGO, I thought that this is the right way to educate and spread awareness amongst people about cybercrimes.
Then in 2008, I became one of the first persons to be awarded the UN Youth Achievement Award for working and contributing for cyber security space under Millennium Development Goals by the United Nations Youth Assembly. To curb the challenge of frequent scarcity of funds and to sustain the operations of NAG, me and one of my partners in Mumbai decided to set up a for profit organisation also called Security Brigade in 2006 and whatever revenue was earned a part of it was donated to National Anti-Hacking Group’s social activities like educating people.
After Digit’s and Rediff’s coverage on us, Vodafone was the first company that invited us to test their networks for security which was such a big achievement and the affair of getting offers started to grow immensely. Earlier, for instance, informing people about their security lapses or issues was complementary but later on the people started paying us for our work through which we started sustaining our operations. Initially, it started where we used to discover bugs in the website free of cost and when we used to present such bugs to admin then they used to come back to us with the offers that it was difficult for them to look after it. We also faced threats from the company that how did you get inside our network and that we will sue you even though intent was social but people took it negatively. Later, even MNCs and multiple organisation invited white hackers to come in their network with boundaries to check for security. It was indeed a difficult era for us, but it allowed us to educate people of the potential cyber and data crimes.
-
Sir, can you please share your experience in Cyber Defence Research Centre (CDRC) of Jharkhand Police, Government of Jharkhand as Chief Technology Officer (CTO) and Head of the State Government agency?
In the year 2007 itself, I got an opportunity from the Government of Jharkhand and they wanted to have me on board as their cyber advisor. At that time, I had just cleared my boards and was supposed to enrol in the college. So, they asked me to work as an advisor and that I would be eligible for consulting fees only but as soon as I complete my degree, they will give me a proper job. I was given an office there, started helping Jharkhand police agency, I was heading IT Modernisation and the cyber cell. Very few people are aware that Jharkhand was one of the first States to start a lot of things quite early such as cyber cell. When world was still thinking and planning about it, the advent was Mumbai cyber cell, subsequently Jharkhand started the cyber cell operations in Ranchi and a State cyber cell was set up which I was heading. Later, I met with another individual Mr S.N. Pradhan (DG Narcotics Control Board presently) in Jharkhand police, he was the DIG operations at that moment, I shared with him my foreseen idea of cybercrimes and its potential shape in next ten years wherein I requested him to establish a State level agency that can do extensive research works in cyber security spectrum and also protect individual, this in turn developed his trust in me. We had an interesting dialogue exchange with Mr Arjun Munda, the then Chief Minister, wherein he gave us a green light to set up a dedicated agency on cyber defence making Jharkhand the first State ever to do so. One request was made to me to head that agency. It took 4 years for getting approval from the State Cabinet under the shape of Chief Minister Arjun Munda for the centre through the government process and in 2011, I also happen to finish my bachelor’s. Immediately, after showing my provisional certificate, I was made to join the Cyber Defence Research Centre as the Chief of the Centre.
Just at the age of 22, the responsibility to head this State level research centre was massive and challenging for me but the support of well-wishers and individuals like Mr S.N. Pradhan who at that time was the Additional Director General (ADG) of police of modernisation, was encouraging. Today in 2022 also, many State Governments including Kerala Police Cyberdome are following the Cyber Defence Research Centre Jharkhand model and many more are going to come up, so we got much ahead of time. I continued to run NAG’s operations, being a social entity and all the activities in NAG as well as the Cyber Defence Research Centre were all aligned to cyber peace but had exited the Security Brigade in 2011.
-
Sir, you founded National Anti-Hacking Group (NAG) way back in 2003 when everyone in India was still getting accustomed to the internet. Further the evolution of CyberPeace Foundation (CPF) as part of the social mission in 2013 was started. How did the idea of CPF come into existence?
In 2014 February, I thought it is time to dedicatedly run the organisation. I was done running the State Government agency as it was running in a successful manner and we also had teams set up in place. I thought it is time to move on and go back to the NAG and then widen our reach internationally as well. NAG was renamed in the year 2013 to CyberPeace Foundation because all our activities were related to cyber peace. Since then, I have taken up full time as President and Global CEO of the foundation.
I did my postgraduation at UK in Cyber Defence and Information Assurance as I was selected for the Chevening Scholarship. After completing my degree, I used the knowledge, I gained, in India under CyberPeace Foundation which included the UK ecosystem. I did a lot of activities in collaboration with the UK Government and with other Governments as well.
Until 2014, CyberPeace Foundation was my primary focus but after I cleared my territorial army examination, I made it to the merit list of territorial army and finally got in Commission within a month. Since then, CyberPeace Foundation has been expanding it’s operations in other countries as well which resulted in having three global offices at India, Africa (Kenya) and the United States (San Francisco). Other than that, our volunteers are spread across 40 countries. In India, we have operations in almost every State. Cyber is one such thing which is vast in itself, so we do not limit ourselves to any boundaries. Despite facing challenges and issues such as budget constraints, we are still trying to work for the community as progressively as we can.
By 2015, a lot of achievements came in such as I got the National Youth Award from Government of India, the national honour given to a youth, something like a Padma Shri award by the Government of India. I also made it to some of the list, like recently I was one of the finalists in the list of World Economic Forum as the Global Social Entrepreneur of the Year and other than that British Council also selected me as a future leader wherein, I was in one of the sixteen future leaders that were selected from across the world to be there in UK. In 2017, I was selected for the International Visitors Leadership program (IVLP) in cyber spectrum that is given by the Department of the United States of America and so was there in the US for a month.
-
Who are the acting directors of CyberPeace Foundation?
We wanted to go global from the very first day it was registered as a non-profit in India. So, the founding team comes from different backgrounds like, we have
- Mr S.N. Pradhan, Director General of the Narcotics Control Bureau (NCB) still serving Government of India in Ministry of Home Affairs as well he was earlier the DG of NDRF, which makes him the co-founder to the entire initiative.
- Professionals who previously worked/served in UN like people from United Nations International Children’s Emergency Fund (UNICEF) and other agencies.
- Mr Prakash who has more than 20-25 years of experience from the civil society sector, so he brings the civil society perspective.
- Ms Stuti Narayan Kakkar, currently the Chancellor of Subharti University, who earlier was the Industry Secretary to the Government of India and was also the Chairperson of the National Commission for Protection of Child Rights.
- We also have some veterans from Army, Navy and Air Force who are a part of CyberPeace Foundation.
- People from industry, academia, people from the Government from the civil society, media, press, etc.
The foundation has a Board, then Advisory Board and then Global Advisory Council, thus not just people from India but other countries as well. The entire foundation structure has four major pillars; policy, advocacy and cyber diplomacy and second vertical is innovation and research. A lot of research activities are done under other policy, advocacy and cyber diplomacy. Foundation also contributes to requests that comes in from Government on cyber laws, for instance, for Personal Data Protection Bill as they invited feedback/remarks on it. We also contributed globally by advising the UN on cyber-related aspects.
We have been conducting global dialogues called CyberPeace Dialogues every year since 2020, where we get people from different continents to brainstorm about key issues of cyberspace like geopolitics of cyberspace, cross-border data flow, etc. mostly related to tech policy. Then, we have cyber clubs for research work. We have established the CyberPeace Centre of Excellence (CoE) in various academic institutions because cyberspace is huge like an ocean, if one starts going deeper into it, will find a lot of things that can be done.
-
While you have been a proud recipient of 8 international and 17 national prestigious awards like Special Recognition Award, CISO Awards (2015) and Karmaveer Chakra (2008) you might have experienced ebbs and flows. Kindly uprise our readers with the struggles that motivated you to perceive your career which can be an inspiration for them.
There have been lot of struggles in my life. The very first being the place where I used to come from. Coming from a small tier three city called Ranchi, today there is lot of awareness, connectivity there but back then in late 90s, I had a tough time getting access to technology, connectivity, etc. But I was determined and just kept going on even though there were number of roadblocks, but I always used to find a way out. Then, the people were very resistant to the need of cyber security even after mentioning them about the issues in cyberspace. Coming from the space where we were not having a proper ecosystem related to cyber security or if you talk about entrepreneurship- nobody to back you, to support you, it was really tough at times such that we as an organisation were bootstrapping. Like today, we see Shark Tank, India, wherein different investors come to support new ideas but back then there were no such models, investors, etc. I used to save expenses and whatever pocket money my dad used to give and continued investing in the organisation. Sometimes, I even used to work for some management institutions as a website designer even for small amount of money they offered.
I used to find out various ways and kept focused on my ultimate goal. Whatever I did was to support my activities in this space, for instance joining Jharkhand police as I felt through this, I would be able to contribute to all my cyber-related activities. So, I was very clear with my vision and I always used to find a way to get out of such problems.
On realising that we should expand our base, we immediately expanded the foundation to Delhi and got into the circles. Then we started understanding funding organisation and by that time a lot of awareness had already come into people where they started to accept that this is a serious problem. Today everybody talks about and needs cyber security. I am in that stage today wherein I am getting requests but unable to fulfil because I have lot of things on my plate. But there was a time where I used to go from door-to-door requesting people to get their security up but they used to tell that is not important and required by them. I just feel that you should have fire burning inside of you and if you have it then you will make things happen. There may come any problem but once you decide to face it you are going to learn the art of overcoming it. The biggest issue I faced was fund crunch, in fact there was point in my life that to support me more financially my dad had to sell off some land and I pumped that money for my work. As government servant he was not having that amount of money but due to my passion and determination to my work, he believed in me and supported me. So “keep going on” is the mantra.
-
Sir, you made it to Forbes 30 under 30 and evolved as a strong entrepreneur. Also, currently you are part of Indian Territorial Army. What is the driving force for serving a tenure in government system despite founding your own organisation? What substance can be drawn by today’s youth from this modus operandi?
I find the concept of the Territorial Army very unique and very few people know about it. I am a kind of person who wants to pursue and work on different ventures like the start-up for profit, non-profit and so was the childhood dream to serve in the Government. I briefly worked with Government of Jharkhand as the Chief of the Centre but I also wanted to have the uniform on me and explore how things happened in the operational areas like J&K. With this I wanted to contribute to my motherland even though as an entrepreneur I was but I also dreamt of paying regards to the uniform I will wear. So, I was initially shortlisted for regular army and got the SSB offer as well but then I realised that if I switch to the regular army, I might not get time to look after my organisation and all that I have been doing for so many years would go for a toss. Then, somebody shared the idea of territorial army because I have been helping the Indian army since school days, I was in an army school and when I was in army school I used to go to college of military engineering and other army training establishments to train officers on cyber security. So, one of the officers shared the idea of territorial army – if you are not looking for full-time engagement with the army. After researching on it, I found out that two months in a year is mandatory and that people can serve for the entire year as well which depends on the vacancies. So, I was sure that I can spare two months out of 12 months for serving in the army and that I could contribute to our nation. I immediately got enrolled, filled up the application form and gave the examination.
I will request the readers to have a clear picture of what they want to achieve in life. One must align activities, studies and everything to the ultimate goal and avoid jumping in different zones for instance if you doing BTech jumping into MBA will create a chaos. This is the key which I followed to be here today.
I cleared SSB exam in the very first attempt which involved a lot of different subjects like history which I remember that in my school days I used to just study to pass. Fortunately, I passed and because I was confident due to the turnovers faced and interactions with officers, I was comfortable such that in one shot I cleared my interview prelim board which was headed by a Major General along with some officers. I was recommended from Service Selection Board (SSB). After clearing SSB, I cleared the medical board and finally landed up in the territorial army since then. It is indeed a fantastic organisation. My current unit is 124 Infantry Battalion TA Sikh Regiment (India Gate Terriers) which is posted at the India Gate. We have other officers, for example we have Captain Sachin Pilot who is Deputy Chief Minister of State of Rajasthan, current Minister of Information and Broadcasting, Mr Anurag Thakur, Mr Abhinav Bindra who is Honorary Commission Officer who is part of 124 TA Sikh Regiment. It is very unique world altogether where you also meet celebrities like Mahendra Singh Dhoni and all who are part of this institution. I have contributed as a Commission Officer and lately came down from Siachen. I was, in fact, in Ladakh for some time serving the Indian Army and have been in a different parts like North East, J&K. Serving as Territorial Army Officer, we are the infantry officers who are soldiers on the ground i.e., we serve on the ground and have nothing to do with technical activities or technology there. So, all I have to do is play with rocket launchers. (Laughs*) Even though it is a total 360-degree switch for me but it gives me a different perspective of life and how things happen in the armed forces. There is a lot to learn from how to control manpower, it’s management, to command and control. I try to bring that learning into my organisation so it is more and more structured which tells that both of the organisations compliment each other and I genuinely enjoy it.
-
Can you throw some more light on the kind of projects being taken up by CyberSpace Foundation and its agglomerated assignments with few examples?
I would start by mentioning some key activities in which the students would be interested like “The Global CyberPeace Challenge”. It is a Global Hackathon which was launched by Prime Minister Modi along with Sri Lankan Prime Minister in 2017 and since then we have been continuing this global challenge. In the first edition about 40 countries participated, in the 2021 edition around 70 countries participated and in this year the registrations just got closed with around 107 countries participating which it is growing edition by edition. It is like a cyber olympics in which anybody especially law students can participate. For example, for law students, we have a track known as cyber strategy and cyber policies where people come from tech policy schools. We have cyber diplomats, foreign ministers who are on track one which is a part of this. its own ongoing activity though registrations are closed but you can follow the official website of cyber challenge that is developments@cyberchallenge.net. Other than that, we have a program that we do with the Ministry of Education in terms of project e-Raksha which is again a competition for students of colleges and schools. The Ministry of Education, All India Council for Technical Education (AICTE), National Council of Educational Reasearch and Training (NCERT), Central Board of Secondary Education (CBSE) support and jointly organise this particular competition. We have various competitions like app making, painting, blogging, singing, jingle making, and many more in which any non-techy can also contribute to that competition. Its website is eraksha.net wherein you can get all the competition related details. The registration will begin again in the month of April 2022. We also run project e-Saksham, which is in collaboration with the All-India Council for Technical Education where we are training around 5,00,000 students and educators on cyber security. We are also opening 50 clubs in institutions across India. Now, we are getting a lot of requests by institutions to open a club but in the phase I, we have just opened 50 clubs as we are very selective on the institution and especially those institutions having a lot of interest and passion to drive it. These clubs will have various activities. We firmly believe that cyber city is not something that you can convey via dos and do not rather you need to have a research ecosystem, different activities like debate competition, blog writing competition, slogan writing, etc. for the engagement of students. There are singing competitions as well on cyber security and you can find all of these links on YouTube for example, somebody created a rock music on cyber security. So, all of this is a part of e-Raksha and e-Saksham and this is how we plan to further. We are also going to create 25,000 volunteers across India and those who can sustain a mission and vision we will be training them first at are centres and then there after we will be hand-holding these volunteers to spread awareness about cyber security i.e., all the content will be created by us and they will be just disseminating that content. So that is project e-Saksham with the Ministry of Women and Child, National Commission for Women. We run project Digital Shakti which will bring more women into the cyber security space and make them aware and save in this space. So last year we trained around 1,00,000 women, this year we are going to touch 2,00,000 and it is an ongoing project in which all institutions can enrol and we can conduct some sessions for them as well under Digital Shakti. Then, we have programs running with WhatsApp, other institutions. UNICEF is also one of our main funders, so with UNICEF we have training programs to train law enforcement on cybercrime investigation. We are also setting up specialised cyber cell units and CoEs within the State police. So, these are some of the key projects we take up and the readers can also refer to our website and social media to get updates about all the projects.
One of the major programs is if any student is interested and has a passion to learn more can also enrol as an intern with CyberPeace Foundation. The duration periods of internship can be different like one month, two months, six months, and for a year. We are also providing paid internship to some of the smarter students who are quite good, for instance, in content writing or speaking and they have been interning with us from when they were in their first years and they continue to intern even after their fourth year. This is an ongoing internship and we do not put an end to the internship, so they get paid for the entire duration of the work for the foundation.
-
Among all the projects taken up by CyberPeace Foundation which has been the most demanding or exciting according to you?
Whatever we do is all exciting! We take up cyber as well as relief activities. During COVID, CyberPeace Foundation teamed up with National Disaster Response Force (NDRF) and we distributed food, clothing and other essentials to the people who were need. So, we have been doing such activities because as a foundation, we strongly feel that we should give back to the community in whatever form and should not restrict ourselves. All our activities are engaging and interesting such that when our passionate team members were positive with COVID, they still continued working from home. It is not just me but the entire team, our supporters and volunteers who are there are quite interested and passionate in all the programmes activities. And its impact is seen on the ground and all of the activities are extremely important to us.
-
Based on your opinion, what is the current status quo of cyber security in our country? With new advancements like Metaverse and Tesla budding up, what can be anticipated about the future of cyber security hold in India? How do you plan to tackle the challenges these upcoming technologies will unfold/create?
New and emerging technologies will keep coming. By this I mean, yesterday it was something else, today it is something and tomorrow it could be something else and you will keep hearing technologies like Metaverse and others. Technology is so dynamic and emerging that probably 10 years down the line you will see 20 of other substitutes coming in. Thus, technology is never going to die and so the challenges. Here, I would like to quote–unquote Spiderman, “With great responsibilities, comes greater challenge”. With this I mean to say that technology brings great powers and with great powers, we get great responsibilities and this opens the door to a lot of challenges as well. Challenges like there has been issues like sextortion, bulling, stalking, ransom attacks and other offences. These challenges in return open doors for someone to solve them.
So as a student, we should lookout for solutions to these problems, for instance, there could be any number of startup ideas to solve the challenges that are currently there. I see a great future in the cyber security space which is evergreen and never going to die. Like technology is not going to die, so is cyber security not going to die. According to the statistics that Government released around 5-6 years earlier, our country was in need of 5,00,000 cyber safety experts and last year Government said we need 15,00,000 cyber security experts which is increasing. Just wait for the Data Protection Bill to become an act and you will see massive increase in the numbers. Also, see the NASSCOM statistics which said 15,00,000 and I am sure after one or two years NASSCOM will again revise strategy and will ask for a requirement of around 25,00,000 cyber security experts.
So, there is huge gap in this space and for those people who are kind of thinking to come into this space or are in a dilemma of coming or not, I would recommend you to blindly follow and come into this space, follow what the expert has to say, learn about cyber security you need not necessarily do a certification or something as you can self learn like I did. By going to different forums, accessing different websites, doing activities, I learned by myself. Even my formal education on cyber security was just after I got Chevening Scholarship, then I went to Cranfield University and then later on I went to Cambridge also to do my leadership. But I explored this space, kept on visiting different websites and networks and self-learned. You need to do have that hunger to learn things, keep exploring and everything will fall into line. As CyberPeace Foundation, we have also been running the program for those who are looking for a formal program like we run some diploma program with some institutions. We are going to launch one program with Christ university, then will be launching a BTech Computer Science and cyber security with a university, MTech program, MBA program in cyber security management and many more programs are there. For people who are interested to have a formal degree can enrol in programs and that many such programs are also being programmed on great learning and other websites. So, my advice that just choose the right one, get into the space and the future is bright. I would say a lot of opportunities are coming your way as every problem demands a solution and as technologist or as a lawyer or as somebody interested in this space, you can solve that problem. We can engage students plus professionals like right now we are teaming up with ISB Hyderabad and as we are collaborating, some are students and some of them are working professionals also, who have been in their program on emerging tech. So, we have long list of projects going on be it whether blockchain, AML, threat intelligence all you need to do is connect with us and will be happy to get you on board.
-
The concept of Atmanirbhar Bharat provided a vision and a mission to you and CyberPeace Foundation in collaboration to accomplish a lot on its own. Given the ongoing pandemic, cyberspectrum is experiencing a boom. With the increasing number of cyberattacks, what is the contribution of CyberPeace Foundation for providing remedy and protection to its victims?
Adding to what I mentioned earlier, CyberPeace Foundation is busting a lot of misinformation campaign that is going on during the pandemic. We have a project called infodemic wherein we are tracking fake news, phishing, different kinds of financial frauds using instant loan applications and sites, etc. After tracking, we are then releasing an advisory there which is kind of providing relief to the victims and busting criminal gangs. Other than this, we have a very active cyber peace helpline managed by experts and as of now we are not made public to that extent but by the word of mouth people are getting to know that CyberPeace Foundation runs a helpline and on that helpline, we are getting a lot of requests like people approaching us, for example, if their Instagram ID gets hacked they reach out to us then we try to team up with Instagram team to provide relief to the victim without that individual going to the police. After due diligence, both at our level and Instagram’s level, we are able to solve it. The same goes with other social media applications like Twitter, Facebook, etc. because we have a working relationship with them, so we have been doing all that which requires to be done to provide relief to the victim. We have set up a task force that also tracks child sexual abuse material (CSAM).
Research team does constant research on how child sexual abuse materials circulated on different platform whether it is end to end platform or whether it is social media we continuously keep doing those researches and then release the report which you can find on the LSE website, on Columbia University website. On the other hand, we have this task force which constantly hunts for these predators. We team up with the State police, so that these predators are caught and put behind the bars for doing such activities. There is a rise in cases related to trafficking in the cyberspace because of the pandemic, as victims are at home and they are approached by all these criminals through social media which provides instant messages and then that is how they fall into the trap. The first connect is through these platforms and with this task force we try to give our best. It is a small team but a very passionate one which tries to handle whatever possible, along with investigating crimes and checking health system of police we tried to do all of that for providing relief to victims.
-
Being a burning issue, what is your stake for the aspirants/students to pursue cyber security as a career and have you as an organisation been able to contribute in increasing this space?
We felt that in India as well as in Africa the ecosystem on cyber security was missing. Since we strongly feel that academia is going to play a very keen role, we started equipping the academia with the right set of knowledge, connecting them to individuals, organisations, industries and Government altogether where we started the concept of CyberPeace Centre of Excellence (CoE). The first CoE was set up at Gujarat Technological University in Gujarat and now we have around 30 such CoEs majority of them with Indian Institute of Technology (IITs), National Institute of Technology (NITs), Indian Institute of Management (IIMs), Veermata Jijabai Technological Institute (VJTI) (Mumbai) which are scattered in different parts of India as well outside such as in Kenya, Nigeria, and other places. We also go to institutions other than IITs, NITs, etc. who do not have that facility to set up CoEs and help them as we believe we must build such capacities with smaller institutions also. So, we started the concept of clubs for smaller institutions creating an ecosystem for cyber security, for example, which provides interested students a platform to come into space where they can learn about security, interact with experts rather than just giving books or some content, here we made a research ecosystem for students to do it themselves. So, with the CoEs we engaged interested students with like projects which are tech as well as non-tech.
People have a wrong notion about cyber security as it is believed to be a very technical subject whereas it is not a technical subject anymore. Even non-tech people can play a role in the cyber security space provided they know about it. Not just people who come from the BTech programme but I have come across people who had done BA in History (Hons.) and still they are contributing to this cyber ecosystem. We have started working with tech and non-tech institutions, colleges like we signed up MoU with the National Law University, Bhopal, we are working with National Law School, Bangalore from that it is going on with Delhi as well, so with different law colleges together we are trying to work on techno legal aspects because this is an emerging sector and we do not have much experts under a techno legal space so all of this is escalating up for creating that ecosystem for cyber security.
-
How important is doing proper legal research and how should law students equip themselves with legal research skills? Could you please throw some light on “exhaustion of research” and its importance in law?
Majority of our research teams are techno-legal experts i.e., they have technical as well as law background. Some of them are BTech LLB, which is an integrated program. Legal researching along with technical research in this field is very important because as I mentioned about CSAM we need to keep ourselves updated to fill the gap. So, then we send an advisory to the Government or to the UN agencies, that, this is the problem and here this is the gap for example, in cyber laws. As I already mentioned that you will be seeing a new version of IT Act soon that was last amended in 2008. I feel lawyers with some technical bend of mind have an important role to play for instance in cyber security policies and strategies and as we discussed such cyber acts. A lawyer with a combination of understanding technology and different platforms has a long way to go. In fact, I will not say immediately there is a requirement but, in the future, there will be plenty of opportunities after this amended act comes into power.
-
I would like to deduce this informative and inspirational discourse while looking forward for your suggestions to eradicate cyberattacks with more robust internal systems, to strengthen security measures and educate an individual to be more vigilant about the cyber security risks.
There is a long list to go about but I will just stick to the key points of the brochures that CyberPeace Foundation has. We have a very active social media so our readers can follow us at @cyberpeacecorps on Twitter, Instagram, Facebook and other channels. Also, we run a channel called as CyberPeace TV on YouTube wherein you can find advises along with to do lists, like how do you do it yourself as well as other videos related to cyber security.
- Keep your software up to date. Be it operating system, a mobile platform (Android or iOS), the applications that you download for example, a VLC player in your mobile phones, needs to be updated on a regular basis as with some additional features they also patch you with lot of new form of attacks, bugs and exploits.
- To protect any digital device (for instance smart TV, smart camera, mobile phones, computers) install antivirus and firewall. A powerful device like phones requires internet security application installed in it because we have been observing a lot of attacks especially ransom from mobile phones and crypto mining is being done through them. So, when your phone is idle, it is utilised by the cybercriminals to mine for cryptocurrency and hence, you need to be more careful. At my home, I have installed a smart router that has an inbuilt firewall and antivirus solution for the traffic that goes in and out. It smartly scans and protects from malicious traffic. I would suggest the readers to get a smart router or unified threat management (UTM) for organisation which blocks malicious traffic. Also, if you need to protect your children you can enable controls like parental control so that they do not get access to something wrong.
- Then, you need to have a very strong password. Everyone must avoid using passwords like you spouse’s/partner’s name or series of continuous numbers like 123456789 as they are very easy for cyberattack and the password can be cracked within seconds. A strong password must be mixture of uppercase, lowercase, special characters and numbers. I create my password with a phrase and include special characters somewhere in middle or the end to make it a long one which is difficult to break.
- Enable two-factor authentication whether be it for social medias or e-mail. This method saves 99% of the users.
- Do not get attracted to flashy offers like get the 90% off on Amazon or iPhone 13 pro only for Rs 4999 as that could be a trap. For security, do not believe in such freelancers, free songs that you get from sites like songs.apk, torrent site. All of this gets a lot of additional things when they get installed and then important information like personal data could be stolen.
- Back up all the data regularly, because issues can happen at any time. For example, you cannot say that I will do my backup during the weekend and after that, I will be saved as cyberattacks can happen during the weekdays also. Thursday night there could be a hacker who gets into your phone and steels server data when you are waiting for the weekend.
- When on a public WiFi or free WiFi be extremely careful because whatever work you do there, all the activities can be seen by the attacker. Also, beware of free charging points that you see at airports and avoid using hanging chargers because they might steal all your data. Do things in a very secure way by using virtual private network (VPN) and your own charger. 99% of attacks are happening in this space. These tips can help you stay secure from majority of attacks.