SECURE SYNOPSIS: 15 April 2017
NOTE: Please remember that following ‘answers’ are NOT ‘model answers’. They are NOT synopsis too if we go by definition of the term. What we are providing is content that both meets demand of the question and at the same time gives you extra points in the form of background information.
General Studies – 1;
Topic: Salient features of Indian society
India is land of multi-cultures, multi-linguists, multi-ethnicities, multi-religious, multi-thinkers and many more categories would get add if we delve into deeper. Such society needs to be tolerant, should have respect for other’s cultures, secular in governance and accommodative of all cultures. While all these notions are labeled to India, behaviors of majority of Indians do not reflect it.
- Though the evils of casteism are strictly dealt by law, most of the Indians have no respect for such laws. Even today marginalized sections and historically discriminated classes are subjected to denial of rights, imposition of menial jobs and exclusion from the basic serviced of the health and education. Moreover enforcement authorities have found to use provisions of the law selectively in order to appease the traditionally advanced communities.
- Unity in Diversity is the most revered principle in India. However diversity is hardly tolerated in most of the regions. The most evident example of this is how people from the North-East regions are treated. Jeered, mocked, laughed at, denied accommodation, and attacked for no reason except that they look and behave differently from the majority, these northeasterners are compelled to survive despite such racism. Also there are numerous examples of minority communities getting discriminatory and exclusionary treatment from the hands of the majority.
- Majority of Indians are blinded by the notion of ‘fair being the superior’. Thus people of darker complexion are looked down upon and fairs being treated respectfully. In addition to this racist nature is exhibited by many people. For people from Africa, the problem is even more acute. Not only do they look different from the average Indian, they have to confront the entrenched prejudice against their colour that is embedded in Indian myth and popular culture. Like northeasterners, hundreds of African nationals in different cities are forced to live in ghettos to be safe from the verbal and physical violence they face on a daily basis.
- The only kind of racism that our government recognises is one that takes place elsewhere. So when a person of Indian origin is attacked in another country, such as the United States or Australia, the government responds with alacrity condemning it as a “racist” attack. Yet, the same thing in India is apparently only “criminal and unfortunate”.
- The highest level of hypocrisy is shown towards women. Women in India are idolized, revered and even venerated. However majority of women are excluded from public life, their political representation is low and economically dependent on their male partners. Most of them have no say in the decision making, confined to home and are objectified particularly for marriage purposes.
The other side-
Though the majority of Indians exhibits such hypocrisy and misogyny, it would be wrong to label all the Indians with these terms. When there were attacks taking place on Africans, many Indians condemned it and sought to reform this tendencies. Many Indians are coming out in support of better representation for women in Political, Economic and social platforms. There are been efforts to fight caste injustices and to make historically discriminated clases better off. Though the numbers of Indians with progressive mindset are less vis-à-vis former, their contribution is indeed great in making progressive changes in the society.
India is still the nation-in-making, and hence requires more efforts and patience to bring out positive changes. Bringing behavioral and ideological changes is indeed a difficult work. Though there are different laws enacted to bring these changes, they have their own limitations. The need of the time is create awareness and sensitizations among Indians who show regressive and Hippocratic mindset.
Topic: The Freedom Struggle – its various stages and important contributors /contributions from different parts of the country.
2nd week of April (2017) marks the centenary of Gandhi’s arrival in Bihar to address the concerns of indigo farmers in the Champaran district. The foundations for the success of the Champaran satyagraha were laid by Rajkumar Shukla, the man who was instrumental in bringing Gandhi to the district but has not received the credit due to him in historical writings.
Condition of Champaran in initial decades of 20th century-
Despotism and exploitation by the planters was also an outcome of the inherent risk in indigo trade where the returns dramatically varied from year to year. Towards the end of the 19th century, the profits of the Champaran planter took a severe hit with the invention of synthetic dyes in Germany. The easy availability of a cheaper substitute forced the global market for natural indigo into a secular decline. Legal terms and debts had locked cultivators into long-term agreements with the planters, often for as long as 20 years. Now in the face of falling profits, the planters began to demand a heavy compensation to release peasants from the dreaded tinkathia agreement imposed on them. However, with the outbreak of the World War I in 1914, the German supplies were disrupted and Champaran indigo became exceedingly profitable for a brief period. Nevertheless, none of the new profits trickled down to the cultivator. Enmeshed in such an exploitative legal and social regime, the Champaran peasant had little recourse to justice.
Early life of Rajkumar Shukla-
Born on 23 August 1875, at the turn of the century, Shukla worked for a period of four years for the Bettiah Estate. Contrary to popular perception, Shukla was not always a penurious peasant. Living in the west Champaran region, he had a substantial money-lending business, owned a large number of buffaloes and cattle and was a cultivator of 20 bighas of land in Belwa and Sathi. Shukla’s trouble started with his refusal to pay an illegal irrigation cess that was being extorted by A C Ammon, the English manager of the Belwa indigo factory. Ammon decided to teach Shukla a lesson that would act as a deterrent against further protests. Ammon’s lathiyal henchmen continually harrassed him and also looted and burnt down his house. A number of frivolous cases were filed against Shukla and fighting them took up a substantial amount of time and resources. In the process, as intended by Ammon, Shukla ended up in prison and his personal fortunes went into precipitous decline
Contribution of Rajkumar Shukla to Champaran and national movement-
- R Shukla tried to create concentrated efforts against the injustices of British. Unable to muster adequate local support for action, Shukla headed to Lucknow for the 31st annual session of the Indian National Congress in 1916. This decision had momentous consequences in the following year.
- R Shulka, though faced the problems like language and communication barriers with Mahatma Gandhi, informed and made him aware of all the injustices done by British administration.
- At the Lucknow session, the 41 year old Shukla was an incongruous figure. Amidst the many lawyers and zamindars who formed the official delegation from the Bihar region, Shukla was the lone person who was an “agriculturist”.
- During the session, Shukla failed to persuade Gandhi to move a motion on the Champaran issue. Gandhi’s diffidence arose out of his personal ignorance of the facts of the indigo problem. In the event, a resolution demanding an official enquiry was passed and Shukla extracted a promise from Gandhi to visit Champaran and study the problem first-hand.
- Independent of Gandhi’s activities, throughout the year, R Shukla constantly attended court and judicial proceedings in multiple locations. In order to create an atmosphere of fear and obedience, the planters often foisted criminal cases against recalcitrant individuals. Invariably, R Shukla was present in court to lend his support to these unfortunate individuals in their moments of hardship.
- While Mahatma Gandhi was busy in conducting independent enquiry, R Shukla spent week mobilising the Champaran peasantry and exhorting them to join hands in a common fight.
- In seeking redress for himself, Shukla quickly widened the meaning of his life’s work. In championing the cause of justice for others in a similar predicament, he became a lightning rod of the planters’ ire and paid a great personal price.
- The Champaran campaign was itself a short one and rapidly achieved its primary objective of the end of tinkathia. In an atmosphere of fear and oppression that ruled the land, the end of tinkathia was a major psychological victory.
- Champaran continued to inspire later struggles in freedom and R Shukla being its pivot.
Champaran was the pivot around which history turned and India was eventually liberated. The role of R Shukla should not be kept limited to just persuasion of Mahatma Gandhi to come to Champaran, but should be seen as one who courageously took decision to fight British administration and mobilized the local peasantry in this noble cause.
General Studies – 2
Topic: Government policies and interventions for development in various sectors and issues arising out of their design and implementation.
3) “The idea behind the extensive push for Aadhaar does not seem to be addressing the real issues confronting people, that of hunger and deprivation, but mapping them for some intangible purposes.” Critically comment. (200 Words)
The Aadhar is the Unique Identity of All Indians, backed by the Aadhar Act 2016. Aadhar is made mandatory for availing the benefits of various social security benefits.
Aadhar is being made compulsory with the following objecives-
- Elimination of bogus beneficiaries (about 14 crore ghost people were eliminated after introducing Aadhar based DBT in LPG subsidy).
- Aadhar is also aimed at targeting the beneficiaries effectively and efficiently.
- Aadhar along with Jan Dhan and Mobile (JAM trinity) could prove as potent weapon against mal-administration, corruption and diversion.
However in many cases mechanical insistence of Aadhar is proving to be counter-productive-
- In a country rated very low in the hunger index, struggling to achieve zero infant and maternal mortality, and with a high rate of wasting and stunting in children in the zero to five cohort, the insistence on an Aadhaar number for those in need of supplementary nutrition sounds absurd.
- Pregnant and lactating women were required to give an undertaking that they were not availing themselves of services or benefits from any other anganwadi centre.
- Even children up to the age of six were required to have an Aadhaar number or a copy of his/her request and the parent required to give an undertaking that the child was residing with him or her and that they were not availing themselves of the services or benefits for the child from any other anganwadi centres.
- Rather than put in place robust measures to ensure that supplementary nutrition was made universally available to all pregnant women, lactating mothers and children under five without any conditions whatsoever given the pathetic health indices, the government, through its notifications, was making Aadhar a precondition for availing themselves of such basic forms of nutrition.
Government’s good intentions behind making Aadhar compulsory may turn into bad results if implemented without purpose. The rights of citizens to avail basic health and educational services should take precedence over government’s blind insistence of having Aadhar.
Topic: Effect of policies and politics of developed and developing countries on India’s interests, Indian diaspora
A very recent article contributed by Sun Jianguo, Vice Chief of Staff of the Chinese People’s Liberation Army (PLA) in the Chinese Communist Party’s theoretical organ, Qiu Shi, has made clear that under Xi Jinping’s new “Integrated National Security” approach, protecting the perceived core national interests will remain a basic principle; this is bound to have an impact on China’s foreign policy, making the country to continue its assertiveness internationally, particularly towards the countries in the neighbourhood having territorial disputes with Beijing.
What is it?
the PRC under Xi Jinping’s leadership continues to implement the post 2009 core-interests based foreign policy course, which seeks a win-win relationship for China with nations abroad, but under the condition that while doing so the country will not compromise on core national interests, more precisely those concerning national integrity and territorial sovereignty.
- To widen security management to include new fields like marine, marine, space, and cyber security.
- To fundamentally guarantee the enduring peace and stability of the country
- Protecting both internal and external security
- It states that political security should be taken as core, economic security as its basis, military, cultural, and societal security as an important guarantee, and the furthering of global security as foundation. The ambit of security management would be widened by the inclusion of new fields like marine, space, and cyber security.
How does it affect India?
- Tibet have a direct bearing on China’s “core interests, any reference to Arunachal Pradesh (‘Southern Tibet’ as China prefers to call it) fuel tensions between the two countries. Thus, damages India-China relations”
- Making the country to continue its assertiveness internationally in border disputes.
- The recent visit of Dalai Lama to Tawang in Arunachal Pradesh therefore caused a tension in China.
- Geopolitical impact – The OBOR initiative, investments in Africa and establishment of bases worldwide by China is an assertion of its legitimate rights under the INSC.
- Economic concern: OBOR can put China on the lead on the economic front
- Indian sovereignty concerns related to OBOR arm passing through PoK as China Pakistan Economic Corridor
- Energy Security – South China Sea conflict has been the most blatant manifestation of Chinese assertiveness. India’s energy interests could take a hit on account of this assertive behaviour.
- It might further deteriorate the South Asian peace process as an insecure China might collude with Pakistan for worse;
The possible consequences of an over-zealousness of such a doctrine would depend on how China actually deploys it whether for a collaborative framework, as in OBOR, or as a threat to its competitors especially its neighbours like India . In either case, India must keep itself ready with a pertinent counter-strategy that must be based on keeping in mind our own national ideals, principles, short as well as long term goals and the overall welfare of the people.
General Studies – 3
Topic: Basics of cybersecurity
5) Cyber security, in the near future, will be the main component of the state’s overall national security and economic security strategies. Are citizens, organizations and public institutions ready to face challenges of cybersecurity? Critically analyse. (200 Words)
Computer security, also known as cyber security or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection. Also, due to malpractice by operators, whether intentional, accidental, IT security is susceptible to being tricked into deviating from secure procedures through various method.
The field is of growing importance due to the increasing reliance on computer systems and the Internet in mostly developed (first-world) societies, wireless networks such as Bluetooth and Wi-Fi, and the growth of “smart” devices, including smartphones, televisions and tiny devices as part of the Internet of Things.
Major types of cyber attacks:-
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below:
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. They may exist for a number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability.
Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service (DDoS) attacks are possible, where the attack comes from a large number of points – and defending is much more difficult. Such attacks can originate from the zombie computers of a botnet, but a range of other techniques are possible including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim.
An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it. They may also compromise security by making operating system modifications, installing software worms, keyloggers, covert listening devices or using wireless mice. Even when the system is protected by standard security measures, these may be able to be by-passed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks.
Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware; TEMPEST is a specification by the NSA referring to these attacks.
Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security.
Privilege escalation describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level. So for example a standard computer user may be able to fool the system into giving them access to restricted data; or even to “become root” and have full unrestricted access to a system.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Preying on a victim’s trust, phishing can be classified as a form of social engineering.
Clickjacking, also known as “UI redress attack” or “User Interface redress attack”, is a malicious technique in which an attacker tricks a user into clicking on a button or link on another webpage while the user intended to click on the top level page. This is done using multiple transparent or opaque layers. The attacker is basically “hijacking” the clicks meant for the top level page and routing them to some other irrelevant page, most likely owned by someone else. A similar technique can be used to hijack keystrokes. Carefully drafting a combination of stylesheets, iframes, buttons and text boxes, a user can be led into believing that they are typing the password or other information on some authentic webpage while it is being channeled into an invisible frame controlled by the attacker.
Social engineering aims to convince a user to disclose secrets such as passwords, card numbers, etc. by, for example, impersonating a bank, a contractor, or a customer.
A common scam involves fake CEO emails sent to accounting and finance departments. In early 2016, the FBI reported that the scam has cost US businesses more than $2bn in about two years.
India’s growing emphasis to go digital and its increasing initiatives in digital domain indicates the need of the hour to check readiness of citizen, public and governmental organisations to stand up to the cyberattacks:-
- People’s readiness: Digital illiteracy still high in spite of plethora of government initiatives, low internet and smart phone penetration, ease and familiarity with paper currency and the insecurity about the digital mode of transfer.
- Current legal infrastructure:
1) Information technology (IT) Act, 2008 – punishes dissenters, puts liability on service providers for sufficient security norms,
protection against data theft and mishandling
2) Indian Penal Code
3) National Cyber security policy, 2003
4) Cyber defence army – CERT-IN
- Problems in Status Quo Organisational/ governmental inadequacy:
1) Technical know-how is not prevalent ordinary citizens. Even hired governmental experts lacks world class training, exposer and knowledge.
2) IT Act is still nascent, needs legal cases to make it more stringent.
3) CERT-IN lacks capable officers and subsequently action and impact is minimal.
4) Cyber Appellate Tribunal is not yet functional.
Thus cyber security should be the foremost priority of government, and related organization to overhauled the existing physical infrastructure but the present state is not ready yet, though gov. efforts and related measures like VISAKA, PMGDISHA, BHARATNET to create digital awareness and improvement of underlying network and towards security measures like CYBERDOME,CYBER SWACCHTA KENDRA, merging CAT with TDSAT for efficient disposal of cases etc. are the right moves in the right direction
Measures to protect from cyberattacks (additional information):-
Security by design
Security by design, or alternately secure by design, means that the software has been designed from the ground up to be secure. In this case, security is considered as a main feature.
Some of the techniques in this approach include:
- Theprinciple of least privilege, where each part of the system has only the privileges that are needed for its function. That way even if an attacker gains access to that part, they have only limited access to the whole system.
- Automated theorem provingto prove the correctness of crucial software subsystems.
- Code reviewsand unit testing, approaches to make modules more secure where formal correctness proofs are not possible.
- Defense in depth, where the design is such that more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds.
- Default secure settings, and design to “fail secure” rather than “fail insecure” (seefail-safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
- Audit trailstracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks.
- Full disclosureof all vulnerabilities, to ensure that the “window of vulnerability” is kept as short as possible when bugs are discovered.
The Open Security Architecture organization defines IT security architecture as “the design artifacts that describe how the security controls (security countermeasures) are positioned, and how they relate to the overall information technology architecture. These controls serve the purpose to maintain the system’s quality attributes: confidentiality, integrity, availability, accountability and assurance services“.
Techopedia defines security architecture as “a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls. The design process is generally reproducible.” The key attributes of security architecture are:
- the relationship of different components and how they depend on each other.
- the determination of controls based on risk assessment, good practice, finances, and legal matters.
- the standardization of controls.
A state of computer “security” is the conceptual ideal, attained by the use of the three processes: threat prevention, detection, and response. These processes are based on various policies and system components, which include the following:
- User accountaccess controls and cryptography can protect systems files and data, respectively.
- Firewallsare by far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering. Firewalls can be both hardware- or software-based.
- Intrusion Detection System(IDS) products are designed to detect network attacks in-progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems.
- “Response” is necessarily defined by the assessed security requirements of an individual system and may cover the range from simple upgrade of protections to notification oflegal authorities, counter-attacks, and the like. In some special cases, a complete destruction of the compromised system is favored, as it may happen that not all the compromised resources are detected.
Today, computer security comprises mainly “preventive” measures, like firewalls or an exit procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet, and can be implemented as software running on the machine, hooking into the network stack (or, in the case of most UNIX-based operating systems such as Linux, built into the operating system kernel) to provide real time filtering and blocking. Another implementation is a so-called “physical firewall”, which consists of a separate machine filtering network traffic. Firewalls are common amongst machines that are permanently connected to the Internet.
However, relatively few organisations maintain computer systems with effective detection systems, and fewer still have organised response mechanisms in place. As result, as Reuters points out: “Companies for the first time report they are losing more through electronic theft of data than physical stealing of assets”. The primary obstacle to effective eradication of cyber crime could be traced to excessive reliance on firewalls and other automated “detection” systems. Yet it is basic evidence gathering by using packet capture appliances that puts criminals behind bars.
Vulnerability management is the cycle of identifying, and remediating or mitigating vulnerabilities“,especially in software and firmware. Vulnerability management is integral to computer security and network security.
Vulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware
Beyond vulnerability scanning, many organisations contract outside security auditors to run regular penetration tests against their systems to identify vulnerabilities. In some sectors this is a contractual requirement.
While formal verification of the correctness of computer systems is possible, it is not yet common. Operating systems formally verified include seL4, and SYSGO‘s PikeOS – but these make up a very small percentage of the market.
Cryptography properly implemented is now virtually impossible to directly break. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information.
Two factor authentication is a method for mitigating unauthorized access to a system or sensitive information. It requires “something you know”; a password or PIN, and “something you have”; a card, dongle, cellphone, or other piece of hardware. This increases security as an unauthorized person needs both of these to gain access.
Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Training is often involved to help mitigate this risk, but even in a highly disciplined environments (e.g. military organizations), social engineering attacks can still be difficult to foresee and prevent.
It is possible to reduce an attacker’s chances by keeping systems up to date with security patches and updates, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.
Hardware protection mechanisms
While hardware may be a source of insecurity, such as with microchip vulnerabilities maliciously introduced during the manufacturing process, hardware-based or assisted computer security also offers an alternative to software-only computer security. Using devices and methods such as dongles, trusted platform modules, intrusion-aware cases, drive locks, disabling USB ports, and mobile-enabled access may be considered more secure due to the physical access (or sophisticated backdoor access) required in order to be compromised. Each of these is covered in more detail below.
- USBdongles are typically used in software licensing schemes to unlock software capabilities, but they can also be seen as a way to prevent unauthorized access to a computer or other device’s software. The dongle, or key, essentially creates a secure encrypted tunnel between the software application and the key. The principle is that an encryption scheme on the dongle, such as Advanced Encryption Standard (AES) provides a stronger measure of security, since it is harder to hack and replicate the dongle than to simply copy the native software to another machine and use it. Another security application for dongles is to use them for accessing web-based content such as cloud software or Virtual Private Networks (VPNs). In addition, a USB dongle can be configured to lock or unlock a computer.
- Trusted platform modules(TPMs) secure devices by integrating cryptographic capabilities onto access devices, through the use of microprocessors, or so-called computers-on-a-chip. TPMs used in conjunction with server-side software offer a way to detect and authenticate hardware devices, preventing unauthorized network and data access.
- Computer case intrusion detectionrefers to a push-button switch which is triggered when a computer case is opened. The firmware or BIOS is programmed to show an alert to the operator when the computer is booted up the next time.
- Drive locks are essentially software tools to encrypt hard drives, making them inaccessible to thieves.Tools exist specifically for encrypting external drives as well.
- Disabling USB ports is a security option for preventing unauthorized and malicious access to an otherwise secure computer. Infected USB dongles connected to a network from a computer inside the firewall are considered by the magazine Network World as the most common hardware threat facing computer networks.
- Mobile-enabled access devices are growing in popularity due to the ubiquitous nature of cell phones. Built-in capabilities such asBluetooth, the newer Bluetooth low energy (LE), Near field communication (NFC) on non-iOS devices and biometric validation such as thumb print readers, as well as QR code reader software designed for mobile devices, offer new, secure ways for mobile phones to connect to access control systems. These control systems provide computer security and can also be used for controlling access to secure buildings.
Secure operating systems
One use of the term “computer security” refers to technology that is used to implement secure operating systems. In the 1980s the United States Department of Defense (DoD) used the “Orange Book” standards, but the current international standard ISO/IEC 15408, “Common Criteria” defines a number of progressively more stringent Evaluation Assurance Levels. Many common operating systems meet the EAL4 standard of being “Methodically Designed, Tested and Reviewed”, but the formal verification required for the highest levels means that they are uncommon. An example of an EAL6 (“Semiformally Verified Design and Tested”) system is Integrity-178B, which is used in the Airbus A380 and several military jets.
In software engineering, secure coding aims to guard against the accidental introduction of security vulnerabilities. It is also possible to create software designed from the ground up to be secure. Such systems are “secure by design“. Beyond this, formal verification aims to prove the correctness of the algorithms underlying a system; important for cryptographic protocols for example.
Capabilities and access control lists
Within computer systems, two of many security models capable of enforcing privilege separation are access control lists (ACLs) and capability-based security. Using ACLs to confine programs has been proven to be insecure in many situations, such as if the host computer can be tricked into indirectly allowing restricted file access, an issue known as the confused deputy problem. It has also been shown that the promise of ACLs of giving access to an object to only one person can never be guaranteed in practice. Both of these problems are resolved by capabilities. This does not mean practical flaws exist in all ACL-based systems, but only that the designers of certain utilities must take responsibility to ensure that they do not introduce flaws.
Capabilities have been mostly restricted to research operating systems, while commercial OSs still use ACLs. Capabilities can, however, also be implemented at the language level, leading to a style of programming that is essentially a refinement of standard object-oriented design. An open source project in the area is the E language.
Topic: Infrastructure – energy; Changes in industrial policy and their effects on industrial growth.
6) Over the last 22 years, there have been attempts by different governments to merge state-owned oil companies to create a mega company. Does India need a giant integrated oil company? Critically examine. (200 Words)
Consolidation, merger and acquisition of Public Sector Enterprises is a preferred method of strengthening them. In the banking sector, the merger of SBI with its associates; and in oil and gas sector, the FM’s announced intention to create integrated public sector ‘oil major’ stand as testament to this.
The assumed benefits of such a mega-oil company include:
- With a bigger and stronger balance sheet, the company will have greater power to negotiate, among other things, for overseas assets, purchase of crude oil, and technology.
- It will have an enhanced ability to manage volatility, by integrating upstream (exploration) and downstream (refining) activities
- Consequently, energy security of the country will be enhanced.
- Return on investment will be better, as exploration is capital and technology intensive.
- It will be able to compete with the likes of Chevron, BP, ExxonMobil, and Shell, and thus, put India on the list of prominent players in the international arena.
- Also, the hitherto poor domestic appraisal and exploration may improve. Consequently, dependence on imported oil and gas will decrease (which in turn will reduce import bill, and cut down on trade deficit, etc.).
However, like everything else, this move is not without its attendant concerns/alternatives:
- Investing in overseas oil assets is subject to the host country’s political risks- as evident from ONGC Videsh’s investments in Syria, Sudan, Iran
- There is no clarity on how India will have access to crude oil being produced by an overseas asset in times of crisis. Very little oil from overseas assets in which CPSEs have invested is actually imported into India.
- Kelkar Committee (1995), Krishnamurthy Committee (2004) and many others have recommended against such a move. The advice of such luminaries should not be overlooked.
- The current competition between companies (ONGC, IOC, GAIL et al) prevents price monopolization. A merger might affect consumers; interests adversely. Also, the example of Mexico’s Pemex (its unholy influence on policies and even elections) shows the attendant political risks as well.
- There is no question of managing risks better as all the major companies have more than the minimum amount of capital required. Nor will the economy of scale come into play as production cost does not depend on the size of the company, but on technical ability and managerial efficiency.
- Also, the success story of Irish company Tullow in Ghana shows that forming consortia with small and large oil companies can be equally successful.
To conclude, a multi-criteria evaluation shows that India does not need a mega company. What is needed is better management, vis-a vis minimum political interference and lateral intake of corporate experts in Public Enterprises.
The mobile phone sector in India was stagnant for a few years because of an uncertain policy and regulatory environment. There was a reduction in the net addition to subscribers, an increase in the urban–rural divide, hyper-competition, and inefficient use of spectrum, which meant poor services, low investment, high debt, and a fall in revenue and profit. However, the sector’s performance has been improving after the announcement of the new telecom policy in 2012 and other regulatory changes.
- Telecom services in India began on a small scale with the introduction of a 50-line manual telephone exchange in 1882 in Kolkata, only four years after the invention of the telephone by Alexander Graham Bell. Growth of telephone usage was slow during British rule and India had 82,000 telephone connections at the time of independence in 1947. Even thereafter, the government did not perceive telecom services as a key infrastructure sector for the development of the country. The number of telephone connections increased to 3.05 million by 1984, but gained momentum after the sector was opened up in phases. The first phase of reform started with private sector participation in telecom equipment manufacturing in the mid-1980s.
- In the second phase, the National Telecom Policy was formulated in 1994 and the telecom sector opened up for services such as basic phone, cellular phone, and value added services (VAS) for private participation. This led to a duopoly in the telecom market with a private operator and a government one in each service area in the country called circles. To ensure fair competition and for protecting consumer interest, an independent agency, the Telecom Regulatory Authority of India (TRAI), was established in 1997.
- The third phase began with the New Telecom Policy in 1999 and adopting a revenue-sharing licence fee system. State-owned public sector undertakings (PSUs), Mahanagar Telephone Nigam Limited (MTNL) and Bharat Sanchar Nigam Limited (BSNL), were issued licences as third operators in 2000. Further, fresh licences were issued to private companies as fourth operators in 2001. The government established a separate dispute settlement body, the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) to take over adjudicatory and disputes functions from the TRAI in 2001. The universal service obligation fund (USOF) was set up in 2002 to encourage rural telecom services. A universal access service (UAS) licence was allowed in 2003,5 and the foreign direct investment (FDI) limit increased from 49% to 74% in 2005 (Upadhyay 2009; Desai 2006).
- The fourth phase started in 2007 with the removal of restriction on the number of players in a circle, and 122 new second generation (2G) licences were given to telecom companies on a first come, first served basis in January 2008. The auction of third generation (3G) and broadband wireless access (BWA) spectrum was held in 2010, and mobile number portability (MNP) was introduced in 2011.6 The current phase began with the announcement of the National Telecom Policy in 2012 to promote the next phase of growth with a unifi ed licence regime, where an operator can provide all kinds of services with a single licence, delinking spectrum from licences and broadband for all.
Performance of telecom sector:-
- Quality of Services :-The introduction of MNP has the potential for a paradigm shift. The reasons for it are compelling—to promote competition among mobile service operators so that service levels can improve further, and to provide users the right to change operators with minimal cost and inconvenience. Mobile service providers are likely to face higher competitive pressures, especially in the initial phase, as subscribers scout for better wireless deals, thereby raising the costs of subscriber acquisition and retention
- Investment :-The two main sources of investment capital expenditure in India’s telecom industry are own resources of mobile phone operators and foreign investment, which provide an opening for induction of advanced technological skills and funds for infrastructure development. The reduction in FDI during 2010–13 occurred because of an uncertain regulatory environment at a time when the sector required maximum capital to expand networks and to meet 3G roll-out challenges. Operators had put off their expansion plans and failed to meet roll-out obligations in many circles. This difficult time had a huge effect on the revenues and profits of operators.
- Revenue :-The competitive telecom market led to a decline in the cost of mobile services or revenue per minute. The tariff fell from `7.3 per minute in 2001 to `0.3 in 2010, and marginally increased to `0.5 in 2015
- Rural Market :-Half of the rural market is not yet covered by mobile phone services and a huge opportunity remains untapped. It is argued that private operators were less interested in serving low-revenue rural areas due to high operational costs, low population density, lack of commercial activity, and low affordability. However, the share of major operators in rural areas doubled between 2007 and 2015.
- Broadband or Data Services :-The internet, particularly wireless broadband or data, has been growing over the years. This is reflected in its increasing subscribers and revenue share. As elsewhere, voice revenue is declining while data revenue is increasing.
The uncertain regulatory environment, particularly cancellation of licences allotted in 2007, had disturbed the sentiment of foreign investors and telecom operators. The huge cost incurred by operators in purchasing spectrum left them with huge debts and without capital. Low prices of telecom services with high regulatory costs resulted in the profit margin of operators twisting negative. The causality analysis reveals that investment, new services such as broadband or data services, and government policy regulations relate unidirectionally to the financial performance of the sector. The future of mobile phone services lies in broadband or data services and the rural market. On a positive note, the performance of telecom sector has been improving, particularly after the New Telecom Policy of 2012, a hike in the foreign investment limit, and the announcement of a policy on trading and sharing of spectrum.