www.pwc.

in

The 10th Annual

Summit on Cyber
and Network
Security
Key recommendations
The 10th Annual Summit on Cyber
and Network Security
Date: 31 August 2017
Venue: Hotel Shangri-La, New Delhi

Shri Ravi Shankar Prasad, the Hon’ble Union Minister of the Ministry
of Electronics & Information Technology and the Ministry of Law & Justice,
Government of India, addressing the valedictory session of the summit, along
with Shri D. S. Rawat, Secretary General, ASSOCHAM; Shri Venkat Krishnapur,
Managing Director, McAfee India Centre; Shri Sandeep Jajodia, President,
ASSOCHAM; Shri Sunil Kanoria, Immediate Past President, ASSOCHAM and
Vice Chairman, SREI Infrastructure Finance Ltd.; Dr Debu Nayak, Co-Chairman,
ASSOCHAM National Council on Cyber Security; Shri Jayantha Fernando,
Director ICTA, Sri Lanka; and Shri Arijit Sen, Director, Dell EMC India.

2 PwC
Shri Kiren Rijiju, Hon’ble Minister of State, Ministry of Home Affairs,
Government of India, inaugurating the summit and releasing the whitepaper titled
‘Securing the nation’s cyberspace’, along with Shri D. S. Rawat, Secretary General,
ASSOCHAM; Dr Gulshan Rai, National Cyber Security Coordinator, Government
of India; Shri Sandeep Jajodia, President, ASSOCHAM; Shri Pratyush Kumar,
Chairman, ASSOCHAM National Council on Cyber Security and Vice President,
Boeing International and President, Boeing India; Shri Gaurav Agarwal, MD
Symantec India and SAARC; Ms Meenu Chandra, Senior Attorney, Microsoft India;
and Shri Sivarama Krishnan, Partner, PwC India.

The 10th Annual Summit on Cyber and Network Security 3

 Key recommendations

To pursue the vision of a cyber secure nation, ASSOCHAM organised

the 10th Annual Summit on Cyber and Network Security
on 31 August 2017 at Shangri-La’s Eros Hotel, New Delhi. PwC
collaborated with ASSOCHAM as the knowledge partner for the
event and released a thought leadership report on ‘Securing the
nation’s cyberspace’. The report highlighted the key cyber security
challenges in the current digital landscape, recent initiatives taken
by the Government of India and the strategy to secure the country’s
cyberspace. It also focuses on the building blocks of the nation’s
cyberspace and the different security measures that are to be
addressed across each building block.
Shri Ravi Shankar Prasad, Hon’ble Union Minister, Ministry of
Communication and Information Technology and Ministry of Law &
Justice, Government of India, addressed the valedictory session of
the summit, and Shri Kiren Rijiju, Hon’ble Minister of State, Ministry
of Home Affairs, Government of India, and Dr Gulshan Rai, National
Cyber Security Coordinator, Government of India, addressed the
inaugural session.
The event comprised a series of panel discussions and keynote
addresses by various dignitaries, covering a number of topics
such as the rise of cyberattacks in the digital landscape, the role
of individuals and industries in securing the nation’s cyberspace
and technological and human capacity building. Discussions were
also held on topics related to the Internet of things (IoT), machine
learning, the Digital India programme and cyberwarfare,
among others.
The summit was supported by the Ministry of Electronics &
Information Technology, Government of India, Digital India
programme and Council of Europe, France.
The summit was also the run-up programme to the prestigious
Global Conference on Cyberspace (GCCS), which is to be held from
23–24 November 2017 at Aero City, New Delhi, India. The theme of
the GCCS is ‘Cyber4All: A Safe, Secure and Inclusive Cyberspace for
Sustainable Development’.

4 PwC
‘ I am sure that the cyber security initiatives of India will serve as a learning for the world.
‘
We are insisting that all banks have cyber security auditors, and are taking on the challenge
of conducting cyber security trainings and drills for officers, judges and policemen.

– Shri Ravi Shankar Prasad

‘ When it comes to national security, I personally feel that the country’s national interest
overrides everything. While governments can provide cover security by deploying police
‘
and paramilitary forces, both private agencies, especially the business community, and the
government need to work together as partners in the larger context.

– Shri Kiren Rijiju

‘
‘ Cyber security has become paramount as mankind is facing the challenge of a cyberwar.

– Dr Gulshan Rai

‘ Effective international cooperation on cybercrime and electronic evidence are essential

to ensure the rule of law in cyberspace. To promote international cooperation, India
‘
should consider joining international conventions such as the Budapest Convention on
Cybercrime.

– Shri Jayantha Fernando

The 10th Annual Summit on Cyber and Network Security 5

Key takeaways from the event
Cyberattacks are occurring at a greater frequency and with greater intensity around the world. Operating securely
in the cyber environment is the most urgent issue facing governments, industries and individuals. Therefore,
governments, regulators and enterprises must ensure security in designing and implementing their strategies.

1. Strengthening the governance framework

It is important to define detailed policies, procedures annual security assessment of government agencies
and standards to address security requirements across and their respective ecosystems for adequacy and
all government infrastructure. As part of the policy effectiveness of cyber security controls.
and procedures, the government should mandate

2. Implementing technology to prevent, detect, respond and recover

To address security from a technology perspective,
the government should carry out due diligence
and, accordingly, prescribe baseline cyber security
parameters for relevant systems to be deployed in the
government ecosystem, as well as for critical information
infrastructure protection. The emphasis should be on
building capabilities and capacities for application,
equipment and infrastructure testing through the
deployment life cycle to detect and mitigate any
vulnerabilities and backdoors in the product/technology.

3. Creating a central monitoring mechanism

The government should enable continuous and advanced analytical capabilities. The SOC should
real-time monitoring of all IT assets, interconnected develop a fusion centre to integrate information
networks and operational environments through available from other commercial sources as well to have
a central Security Operations Centre (SOC) with a better assessment of evolving global threats.

4. Developing sector-specific measures

The government should mandate sector-specific policies
and procedures to address the security requirements
of different industry sectors. It can engage industry
bodies, academia, the government and law enforcement
agencies to develop and define standards, mechanisms
and guidelines which are in sync with the requirements
of specific industries. Sector-specific CERTs should
be established in the sectors of critical information
infrastructure. Further, incident reporting and disclosure
by government agencies should be mandated.

5. Developing cyber security cooperation at the national level

The sharing of information between state intelligence
agencies, the central intelligence agency and various
government departments and ministries in India
should be seamless. Further, a framework needs to
be established to effectively curb cyber incidents and
reduce time to respond to cyber incidents. Free flow of
information between the Indian Computer Emergency
Response Team (CERT-In) and state Computer
Emergency Response Teams (CERTs) is one such step
in building a safe and secure cyber environment. It is
important that the government, industry and security
vendors come together on a common platform to
formulate and implement policies and procedures for
cyber security.

6. Encouraging global cyber security cooperation

Effective mechanisms should be established to ensure
coordination and cooperation between various
countries, promoting information sharing at the global
level. India should ensure active collaboration with
other countries and global cyber security agencies
through international treaties, bilateral agreements and
memorandums of understanding in order to understand
the latest threats and take proactive security measures
to tackle them. The government should consider
active participation in international cyber security
conventions and treaties, which provide measures to
combat cybercrime and gather electronic evidence
from service providers. These conventions issue
guidance notes for effective implementation of cyber
security across legal, policy and technology domains.

6 PwC
 7. Focusing on cyber security with mandatory spend
Cyber security readiness needs to continuously
evolve in response to the dynamics and kinetics of
` the threat environment. This implies investment in
technology, processes and people. It may be pertinent
here to mention that Singapore has been ranked as
the global leader in the cyber security index released
by the UN’s International Telecommunication Union
8. Building capacities and capabilities in people to practice security
The government needs to focus on promoting cyber
` security as a skill set among individuals. It should
identify and include security-related skills in the job
descriptions of government employees by working in
close coordination with the Department of Personnel
9. Building an industry-ready workforce
The government should look at building an industry-
ready workforce to ensure cyber security at workplaces.
This could be achieved in collaboration with academia.
Including cyber security in educational programmes
10. Capacity building of law enforcement agencies
Officers in law enforcement agencies need to be trained
in the requisite cyber skills to ensure that digital
evidence is secured efficiently and used properly in
criminal proceedings. Periodic cyber security-related
11. Making citizens cyber aware
To promote cyber security at an individual level, the
government should define a national cyber security
awareness programme, identifying the target
audience and defining mechanisms to disseminate
cyber awareness material effectively. National- and
international-level seminars and workshops should
12. Promoting cyber security as a social responsibility
Cyber security should be promoted as a social
responsibility in organisations. The expenses incurred
by organisations on trainings, conferences, awareness
13. Encouraging research and development in cyber security
The government should establish programmes to
promote research and development in the field of cyber
security. Tax incentives, subsidies and investment
funds should be introduced. Cyber security challenges
and bounty programmes should be established to
(ITU) in June 2017. One of the major reasons for this
is that Singapore’s national cyber security strategy,
unveiled in October 2016, mandates spending 8% of its
information technology budget on the cyber security
sector. Therefore, we suggest that the government set
aside a budget for every cyber security-Information and
Communication Technology (ICT) project.
and Training (DoPT). The government should also grant
security clearances and non-disclosure agreements
(NDAs) to third parties and vendors working for critical
establishments.
and promoting it as a mainstream profession will help in
attracting the right talent. Further, relevant qualifications,
duly recognised by the National Skill Development
Corporation (NSDC), should be rolled out.
trainings must be imparted to the police, judges and
lawmakers so that they remain updated and are capable
of taking cyber-safe decisions more effectively.
be conducted in association with industry bodies and
academia to promote cyber security awareness. The
government should introduce cyber security courses at
all levels of education such as undergraduate school and
even the panchayat level.
programmes and other cyber security initiatives for
residents should be included as a part of organisations’
CSR budgets.
encourage people to come forward and report security
vulnerabilities. Additionally, budgets should be allocated
for developing and registering intellectual property rights
(IPRs) in India.
The 10th Annual Summit on Cyber and Network Security 7
Programme agenda
Time
09:30 a.m.–10:00 a.m.
10:00 a.m.–11:30 a.m.
11:30 a.m.–11:45 noon
11:45 a.m.–12:45 p.m.
Securing the cashless economy
Innovative solutions to modern
cyber challenges
GST network
Promoting a secure
communications infrastructure
Critical infrastructure and its
protection
Cyber insurance
Standardisation and cyber audit
12:45 p.m.–01:45 p.m.
International cyber diplomacy:
Developing norms
Threat intelligence: A practical
and actionable approach
Emerging technologies/
applications in cyber security,
R&D, the blockchain, etc.
Protecting IPR
cyber resilience: The connected
policy issues
01:45 p.m.–02:15 p.m.
02:15 p.m.–03:15 p.m.
8 PwC
Session
Registration
Inaugural session
Welcome address: Shri Sandeep Jajodia, President, ASSOCHAM
Theme address: Shri Pratyush Kumar, Chairman, ASSOCHAM National Council on Cyber Security and
Vice President, Boeing International and President, Boeing India
Knowledge partner address: Shri Sivarama Krishnan, Partner, PwC India
Industry address: Ms Meenu Chandra, Senior Attorney, Microsoft India
Industry address: Shri Gaurav Agarwal, MD, Symantec India and SAARC
Release of report by ASSOCHAM and PwC India
Keynote address: Dr Gulshan Rai, National Cyber Security Coordinator, Government of India
Guests of honour: Shri Kiren Rijiju, Hon’ble Minister of State, Ministry of Home Affairs, Government of
India
Vote of thanks: Shri D. S. Rawat, Secretary General, ASSOCHAM
Networking tea break
Session - Cyber security for BFSI, mobile and telecommunications systems
Keynote address: Shri G Narendra Nath, DDG, Security, Department of Telecommunications,
Government of India
Session moderator: Shri Anirban Sengupta, ‎Partner, IT Risk Assurance, PwC India
Panel discussion
• Dr Debu Nayak, Co-Chairman, ASSOCHAM National Council on Cyber Security
• Shri Loshan Wickramasekara, Manager Information Security, Fincsirt, Sri Lanka
• Shri Sandeep Sehgal, Head, Government and Defence, VMware India
• Dr Siva Sivasubramanian, Global Chief of Security, Bharti Airtel
• Shri Samuel Sathyajith, Country Manager, India and SAARC, Arbor Networks
• Shri Merlin Lucas, Country Head, Chipcard and Security Sales, Infineon Technologies India
Q&A
Session - International cooperation: Information sharing, R&D, issue of IPR
Presentation on the GCSS, 2017
Shri Premjit Lal, Director, NeGD, Ministry of Electronics & Information Technology, Government of India
Cyber security and emerging trends:
Shri Sanjay Sahay, IPS, ADGP, grievances, human rights and cyber security expert, Bengaluru, Karnataka
Panel discussion
Session moderator: Shri Vidur Gupta, Partner, EY
Panellists
• Shri Vikash Khandelwal, CEO, SREI Insurance Broking Pvt Ltd.
• Shri Saket Modi, Co-founder, Lucideus
• Shri Jayantha Fernando, Director ICTA, Sri Lanka
• Shri A K Sharma, IG (Communications and IT), BSF
Session – Data protection and the issue of privacy
Panel discussion
Session moderator: Shri Shree Parthasarathy, Partner, Deloitte India
Panellists
• Shri Shivakumar Sriraman, Chief Risk Officer, India and South Asia, Visa
• Shri Kapil Chaudhary, Corporate Counsel, India and SAARC, Autodesk
• Shri Suman Jyoti Khaitan, Managing Director, Khaitan and Partners
• Shri Virag Gupta, Partner, VAS Global
Networking lunch break
Time Session

03:15 p.m.–04:30 p.m. Valedictory session – Cyber security: Conducive legal and regulatory environment

Opening remarks: Shri D. S. Rawat, Secretary General, ASSOCHAM

Welcome address: Shri Sandeep Jajodia, President, ASSOCHAM
Industry address: Shri Sunil Kanoria, Immediate Past President, ASSOCHAM and Vice Chairman,
SREI Infrastructure Finance Ltd.
Keynote address: Shri Jayantha Fernando, Director ICTA, Sri Lanka
Industry address: Shri Venkat Krishnapur, Managing Director, McAfee India Centre
Special address: Shri Anadi Nath Mishra, Office on Special Duty, Department of Legal Affairs,
Government of India
Chief guest: Shri Ravi Shankar Prasad, Hon’ble Union Minister, Ministry of Electronics & Information
Technology and Ministry of Law & Justice, Government of India
Vote of thanks: Dr Debu Nayak, Co-Chairman, ASSOCHAM National Council on Cyber Security

04:30 p.m. Networking coffee break

The 10th Annual Summit on Cyber and Network Security 9

About ASSOCHAM

The knowledge architect of corporate India

Evolution of value creator
ASSOCHAM initiated its endeavour of value creation for Indian industry in 1920. Having in its fold more than 400 chambers and
trade associations, and serving more than 4,50,000 members from all over India. It has witnessed upswings as well as upheavals
of the Indian economy, and contributed significantly by playing a catalytic role in shaping up the trade, commerce and industrial
environment of the country.
Today, ASSOCHAM has emerged as the fountainhead of knowledge for Indian industry, which is all set to redefine the dynamics of
growth and development in the technology-driven cyber age of the ‘knowledge-based economy’.
ASSOCHAM is seen as a forceful, proactive and forward-looking institution equipping itself to meet the aspirations of corporate
India in the new world of business. ASSOCHAM is working towards creating a conducive environment of India business to
compete globally.
ASSOCHAM derives its strength from its promoter chambers and other industry/regional chambers/associations spread all over
the country.
Vision
Empower Indian enterprise by inculcating knowledge that will be the catalyst of growth in the barrierless technology-driven global
market and help them upscale, align and emerge as formidable player in respective business segments.
Mission
As a representative organ of corporate India, ASSOCHAM articulates the genuine, legitimate needs and interests of its
members. Its mission is to impact the policy and legislative environment so as to foster balanced economic, industrial and social
development. We believe education, IT, BT, health and corporate social responsibility and environment to be the critical
success factors.
Members – our strength
ASSOCHAM represents the interests of more than 4,50,000 direct and indirect members across the country. Through its
heterogeneous membership, ASSOCHAM combines the entrepreneurial spirit and business acumen of owners with management
skills and expertise of professionals to set itself apart as a chamber with a difference.
Currently, ASSOCHAM has more than 100 national councils covering the entire gamut of economic activities in India. It has been
especially acknowledged as a significant voice of Indian industry in the fields of corporate social responsibility, environment
and safety, HR and labour affairs, corporate governance, information technology, biotechnology, telecom, banking and
finance, company law, corporate finance, economic and international affairs, mergers and acquisitions, tourism, civil aviation,
infrastructure, energy and power, education, legal reforms, real estate and rural development, competency building and skill
development , to mention a few.
Insight into ‘new business models’
ASSOCHAM has been a significant contributory factor in the emergence of new-age Indian corporates, characterised by a new
mindset and global ambition for dominating the international business. The chamber has addressed itself to key areas like India
as an investment destination, achieving international competitiveness, promoting international trade, corporate strategies for
enhancing stakeholders value, government policies in sustaining India’s development, infrastructure development for enhancing
India’s competitiveness, building Indian MNCs, and the role of the financial sector the catalyst for India’s transformation.
ASSOCHAM derives its strengths from the following promoter chambers: Bombay Chamber of Commerce & Industry, Mumbai;
Cochin Chambers of Commerce & Industry, Cochin: Indian Merchant’s Chamber, Mumbai; The Madras Chamber of Commerce
and Industry, Chennai; PHD Chamber of Commerce and Industry, New Delhi, and has over 4 lakh direct/indirect members.
Together, we can make a significant difference to the burden that our nation carries and bring in a bright, new tomorrow for
our nation.

Key Contact
D. S. Rawat
ASSOCHAM Corporate Office
Secretary General
ASSOCHAM 5, Sardar Patel Marg, Chanakyapuri, New Delhi-110 021
Email: d.s.rawat@assocham.com Tel: 011-46550555 (hunting line), 011 4655 0514 (direct)
Phone: 011-46550555 Fax: 011-23017008, 23017009
Email: assocham@nic.in
Website: www.assocham.org
10 PwC
About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms
in 158 countries with more than 2,36,000 people who are committed to delivering quality in assurance,
advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com

In India, PwC has offices in these cities: Ahmedabad, Bengaluru, Chennai, Delhi NCR, Hyderabad, Kolkata,
Mumbai and Pune. For more information about PwC India’s service offerings, visit www.pwc.com/in

PwC refers to the PwC International network and/or one or more of its member firms, each of which is a
separate, independent and distinct legal entity. Please see www.pwc.com/structure for further details.

© 2017 PwC. All rights reserved

Key Contact
Sivarama Krishnan
Leader and Partner, Cyber Security
PwC India
Email: sivarama.krishnan@in.pwc.com
Building 08, Tower C, DLF Cyber City,
Gurugram, Haryana - 122002
pwc.in
Data Classification: DC0
This document does not constitute professional advice. The information in this document has been obtained or derived from sources believed by
PricewaterhouseCoopers Private Limited (PwCPL) to be reliable but PwCPL does not represent that this information is accurate or complete. Any opinions or
estimates contained in this document represent the judgment of PwCPL at this time and are subject to change without notice. Readers of this publication are
advised to seek their own professional advice before taking any course of action or decision, for which they are entirely responsible, based on the contents of this
publication. PwCPL neither accepts or assumes any responsibility or liability to any reader of this publication in respect of the information contained within it or for
any decisions readers may take or decide not to or fail to take.
© 2017 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers Private Limited (a limited liability
company in India having Corporate Identity Number or CIN : U74140WB1983PTC036093), which is a member firm of PricewaterhouseCoopers International Limited
(PwCIL), each member firm of which is a separate legal entity.
AK/November2017-11099