National Security Database

National Security Database is reportedly an official accreditation program in India, awarded to information respected cybersecurity experts with proven skills to protect the country's National Critical Infrastructure and economy.

Under the program, reportedly developed by the Information Sharing and Analysis Center (ISAC), in support with the Government of India, professionals can apply for the program by clearing a technical lab examination and psychometric test. Program alumni reportedly become instrumental in a pool of ethical defence-testing hackers tasked with fixing the weakness of organizational systems in case of large cyberattacks.

History
The project was conceived after the 2008 Mumbai attacks to protect India's National Critical Infrastructure and Cyberspace. The program was founded by Rajshekhar Murthy, under a non-profit section 25 company, 'Information Sharing and Analysis Center', supported by the highly specialised technical intelligence agency NTRO, run under the Government of India.

Earlier, the program was announced as a pilot at the International Malware Conference, MalCon, in 2010 in Mumbai, where Indian Government officials reportedly asked Indian hackers to learn Chinese.

Program launch
The program was released on 26 November, the same date as of the 2008 Mumbai Attacks, at the International Malware Conference, MalCon, at JW Marriott, Mumbai. The program was inaugurated by Shri Sachin pilot, Minister of State in the Ministry of Communications and Information Technology.

Access restrictions
The empanelment in the database can only be applied by Indian citizens, and limited access is available to the Industry to benefit from a list of credible experts. However, most of the database access is restricted to supporting Indian government organisations.

Debate
The program is largely believed to identify professional, ethical hackers and security experts by the government of India to protect its critical infrastructure and cyberspace. IT Minister Kapil Sibal has reportedly expressed the need for a community of ethical hackers.

Alok Vijayant, director of the information dominance group at the National Technical Research Organisation, quoted in an interview with India's top weekly magazine Outlook, that NSD should not be “trivialised” by describing it as just a group of hackers. “Supported by the government and the industry, NSD is a good initiative since it will provide a ready-aid database of the most credible security professionals. This is more so because information security is a domain where individuals have the skills, not companies, to move from one firm to another regularly..

Official support to the project
NSD is officially endorsed by the multiple Indian Government organisations, such as CERT-IN and NTRO, for the stated National objectives with recognition of the foundation and declared support for the work being done. The collaboration is open, and all supporting organisations who need to access the database can do so with a formal MoU with the body.

Industry and community contribution
Various organisations are actively participating and supporting the National Security Database. Notable organisations having voluntary representations governing the NSD advisory panel at a national level include the HoneyNet India Chapter, Microsoft India and the country's oldest security conference clubhack.

Current speciality domains of the NSD
The National Security Database program has the following speciality domains under which professionals can apply for empanelment:


 * 1) Information security compliance and penetration testing
 * 2) Reverse engineering
 * 3) Web application security
 * 4) Malware research and analysis
 * 5) Exploit development
 * 6) Mobile application security
 * 7) Digital forensic analysis
 * 8) Telecom security (by Invitation)
 * 9) Banking security (by Invitation)

In a quote with Outlook magazine, the director of ISAC, Rajshekhar Murthy, stated that it is necessary to have people who are not only competent, but also have a high degree of trustworthiness and integrity. "The selection process will involve examination of references, technical skills, criminal history, and even psychological assessment to generate a credit report for security clearance.”

More Information

 * National Security Database Academy


 * National Security Database Certification