India's updated Data Protection Bill | Increased cyber risks in offshore oil and gas
CyberInsights #70
Not New and Improved version 2.0
India’s second attempt at a data protection bill is worse than its first.
Fortune India reports it as “From Policy Paralysis to Toothlessness”. Justice B N Srikrishna, who drafted the original version, the watered down version of which was shot down by the parliament, says that this version gives ‘sweeping powers to the government’.
To give credit where it is due, the Ministry of Electronics and Information Technology (MeITY) has released this as a draft for public consultation. You can view and download the same here.
Take Action:
If you are an infosec and privacy professional that will be affected by this, read the draft and give your feedback. You can give your feedback here. If you are not, it still makes sense to read this and talk about it on public forums. A bill on data privacy that affects 1.3 billion people will affect the whole world.
Increased risk of cyber attacks on offshore oil and gas facilities
Oil and Gas attacks gain more prominence in cyber warfare strategies
The US Government Accountability Office (GAO) has released a report on the increasing risk of cyber attack on critical oil and gas infrastructure. The report focuses on threats to the upstream and midstream infrastructure - exploration, drilling and transportation.
Oil firms have always known their importance in traditional warfare and have come to terms with cyber warfare in the last decade. This report (pdf) ups the ante.
Attacking and protection critical infrastructure is something most nations are already aware of. What makes this news important is the renewed focus, probably due to the Russia - Ukraine conflict.
Take Action:
If your organisation is a part of critical infrastructure, then take this report as a sign to increase your protection efforts. Review your OT protection capabilities. If OT and infosec are separate, see if you can run a combined review and identify threats and weaknesses.
We have regularly spoken of protecting critical infrastructure. Read up a bit more here:
or this:
Enjoyed reading? Receive this in your email every week.