Aatmanirbharta in Action: Shouldn't India Learn from China's recent Chip Play?

       Prime Minister Modi's Aatmanirbharta mission, which emphasizes self-reliance, is a crucial step for India's technological future. Recent developments in China offer valuable insights into both the challenges and potential rewards of domestic chip manufacturing.

China's Bold Move: Stepping Away from US Tech Giants

        China recently implemented new guidelines phasing out Intel and AMD processors, along with Microsoft's Windows operating system, in favor of domestic alternatives for government computers. This move highlights China's commitment to reducing reliance on foreign technology, particularly from the US. {Source: https://www.reuters.com/world/china/china-blocks-use-intel-amd-chips-government-computers-ft-reports-2024-03-24/ }

        This strategic decision by China to prioritize domestic alternatives to Intel and AMD chips underscores the nation's broader objective of technological self-sufficiency and reducing dependency on foreign technology. Understanding the rationale behind this focus is crucial. China's move aligns with its long-term vision of building a robust indigenous semiconductor industry to bolster national security, economic resilience, and technological advancement. By reducing reliance on foreign-made components, China aims to mitigate risks associated with geopolitical tensions and ensure uninterrupted access to critical technologies. This decision also reflects China's ambition to assert itself as a global leader in innovation and technology. As such, it serves as a clarion call for countries like India to introspect and accelerate efforts towards enhancing domestic capabilities in semiconductor manufacturing to safeguard their technological sovereignty and secure a competitive edge in the digital age.

A Cause for Celebration, But Not Without Reservations

While China's initiative deserves recognition, it's important to maintain perspective.

• Catching Up: While China boasts domestic alternatives, their performance might not yet fully match established players like Intel and AMD.

• The Long Game: China's plan acknowledges this and prioritizes continuous improvement. Their commitment to domestic production suggests a long-term strategy for achieving technological parity.

Lessons for India's Aatmanirbharta Journey

India's Aatmanirbharta mission can learn from China's example:

• Accelerated Efforts: Time is of the essence. Delays can hinder India's ability to compete in the global tech landscape.

• Investment and Collaboration: Building domestic chip manufacturing requires significant investment in research, development, and infrastructure. Collaboration will only maintain dependence somewhere. Lesson to learn is let's be prepared if we fail...lets bear some R&D investments if they go down the drain...lets build our own technologies...lets wait before we announce the year 2047 as envisioning to be a developed nation...let there be some delay...but lets have a nation purely built on its own expertise and own technologies....alas we postpone 2047 later...We have the time...we have the brains...we have the economy....

India's Opportunity: Seize the Moment

By learning from China's approach and expediting its own efforts, India can leverage Aatmanirbharta to establish itself as a major player in the global chip market. This will not only ensure technological self-reliance but also empower the nation's future economic growth....remember our mission is 28nm in 2026....way far from targets of 2047

Your passwords can be cracked easily if less then 16 Characters now!!!!

1.    When the IT security big bang of Do's and Don'ts started some years back it was widely advertised to the Cyber masses to keep their respective passwords any thing more then 8 characters with a mix and match of capitals and smalls with special characters...then this was increased to 10 and last heard it was 15...and was told that 15 character password which is not dictionary based will take years and is actually uncrackable...

2.  As recent as 4 days back,a team of 3(your read it rite it's three) hackers has been able to crack more than 14,800 supposedly random passwords from a list of 16,449 by simply brute forcing!!!!

Image courtesy : http://www.buzzquake.com/tag/brute-force-attacks/

3.   In December it was unveiled by Jeremi Gosney, the founder and CEO of Stricture Consulting Group, that a 25-computer cluster can cracks passwords by making 350 billion guesses per second. It can try every possible word in less than six hours to get plain text passwords from lists of hashed passwords...the word of significance is that you do not need high end machines and east-west architecture to build this kind of IT infra...it is simply a cluster of machines processing power...

4.   The general user in the cyber space like you and me have actually no control over which hashing process websites use and therefore remain at the mercy of an algorithm all would invariably be clueless about...so if you are concerned about security and your email id and password which is the key for so many transactions in your routine life.long passwords are the best defense....and not simply long it has to be a mix match of numerics,capitals,smalls and special characters!!!.

5.  All the best to all of us...keep surfing but avoid drowning!!!! :-)Thanks http://thehackernews.com

Cloud Threat : Malicious Insiders

1.   A lesser known fact but a serious threat comes in form of a malicious insider ie the people who work for the organisation delivering the cloud services.In a typical organisation,one malicious insider can put the company in serious trouble and embarassment unless all are monitored by placing strict access controls and policies.Thus the threat multifolds in capacity of doing damage in case of companies who offer cloud models as service since all services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance.To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. 

2.   Recommendations by CSA are put up below :

-  Enforce strict supply chain management and conduct a comprehensive supplier assessment.

-  Specify human resource requirements as part of legal contracts.

-  Require transparency into overall information security and management practices, as well as compliance reporting.

-   Determine security breach notification processes.

3.   Thanks CSA

Cloud Threat : Unknown risk profile

1.    The best thing all of us like and promote about cloud is that we have very little and reduced investment in software and hardware and also that the cloud user is able to focus on his core business.Like for a bank he should not be worried about what server should he buy or what storage should he provision...the bank should be able to focus on how to improve the banking procedures and profits.So this way the distraction is less for the prime user.But at the same time these benefits must be weighed carefully against the contradictory security concerns which are complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security requirements and musts.Would ever the Bank,in an case example,bother to know the Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design ?I am sure no bank would do that once they have outsourced their worries to the Cloud.Details and Information with whom the same infrastructure is being shared becomes critical.One loose hole and u get compromised.Although this is not so easy....but we should know that the cyber criminals and hackers work more then us to keep all of us on toes and if successful then on Knees:-)

2. An old, 2009, real case example exploiting this specific threat is available at http://www.pcworld.com/article/158038/heartland_has_no_heart_for_violated_customers.html

3.  Recommendations by CSA :

-  Disclosure of applicable logs and data.

-  Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.).

-  Monitoring and alerting on necessary information.

4.  Thanks https://cloudsecurityalliance.org

Cloud Threat : Insecure Interfaces and APIs

1.    How does a typical cloud user interacts,manages and configures his cloud ? This interaction is achieved with Cloud Computing providers exposing the user to a set of software interfaces or APIs.Thus the overall demand,settings,managing and all configuration is achieved using this interface and APIs only.Thus comes the aspect of security of handling and designing these interfaces and APIs.The security and availability of ANY cloud service is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.Not only this,but all the third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API.The recommended remediation's vide CSA are mentioned below :

- Analyze the security model of cloud provider interfaces.

- Ensure strong authentication and access controls are implemented in concert with encrypted transmission.

- Understand the dependency chain associated with the API

2.   Thanks CSA : CLOUD SECURITY ALLIANCE

Cloud Threat : Shared Technology Issues

1.   When a computer processor is designed/manufactured...viz core 2 Duo or quad-core processor or for this purpose any processor,the processor doesn't know what will it be finally used for....I mean it may be used as a standalone machine or a server machine!!!Here's the issue..ie this processor was not meant to be used for cloud....but how does this matter?This matter because from the security point of view this processor was meant to support strong ISOLATION properties which is not the case in routine manufacturing.Only dependent on the hypervisors for the regular interface as discussed at an earlier post here.In cases of cloud we have to handle two platforms ..one is the OS running like windows or any other OS which comes along with inbuilt and already exploited vulnerabilities that keep getting patched(what about Zero day???) and the other is hypervisor vulnerabilities(just google on hypersvisor vulnerabilities and u see what's in store to get surprised).Both of these combined together would be deadly if not taken care of...because in the cloud world, reacting to a damage would be like taking some one to hospital after an accident or a bomb blast whereas it should be the other way round....remove all possibilities of the accident and ensure 100% secure Areas....latter being too tough to imagine in current environment.

2.   I read about this few years back when I was not very much clear on Cloud Computing concepts(though still naive but better then past!!! :-),there was an incident involving a hypervisor breach that was not widely publicized.Now if u know about XBox 360(is a video game console developed by Microsoft that competes with Sony's PlayStation 3 and Nintendo's Wii),it has an embedded hypervisor (surprisingly not Hyper-V),so it was some time in 2007, that there was a documented buffer overflow vulnerability in this hypervisor which could be exploited to gain access to the hypervisor mode and thus, to the entire system. Microsoft immediately released a patch for this.Now unlike regular Windows OS Option, patches are not optional for Xbox users. Thus,the patch was applied the next time a user connected to Xbox Live or installed a new game. Proof of concepts quickly appeared that exploited the hypervisor vulnerability as well as online documentation on how people have used the Xbox “hypervisor exploit” to crack their systems.(...got this info from http://blogs.gartner.com/neil_macdonald/2009/02/20/hypervisor-attacks-in-the-real-world/)

3.   Thus arises a need for strong secured compartments to ensure that the individual cloud users are not compromised in a manner that would ensure unmanageable losses in monitory terms as well as brand devaluation.The CSA gives the following point wise remidiation format for designing the policy boundaries to counter Shared Technology Issues : 

-  Promote strong authentication and access control for administrative access and operations.

-  Monitor environment for unauthorized changes/activity.

-  Enforce service level agreements for patching and vulnerability remediation.

-  Implement security best practices for installation/configuration.

-  Conduct vulnerability scanning and configuration audits.