Welcome everyone to a special episode of IT Talks by IT Voice. Today, we are honored to have with us Dr. Prashant Saxena, a cybersecurity expert with over 15 years of experience. Dr. Saxena holds a doctoral degree in cyber law. Sir, could you please introduce yourself to our audience and tell us what motivated you to join the field of cybersecurity? Also, how have you seen this industry evolve over the last 15 years?
Dr. Prashant Saxena: Thank you for inviting me to this talk. The most important thing to highlight is the transition I have witnessed in this field. I started my career with Tech Mahindra in 2008, which was a private entity. Later, I moved into government services, and for the last 14 years, I’ve been working within the government sector. The transformation I’ve seen is significant. Initially, it was all about network and application engineering, but today, we’re in the era of artificial intelligence (AI), and cybersecurity is playing a pivotal role.
Cybersecurity is no longer just a buzzword; it’s an essential area that we must focus on. Even the government is heavily prioritizing cybersecurity.
Vighnesh: Absolutely, sir. Cybersecurity has evolved into a necessity in today’s digital world, especially with the rise of digital scams. Could you explain how organizations can become cyber-secure? And also, could you tell us more about your role and your organization’s approach to cybersecurity?
Dr. Prashant Saxena: I currently work for Rajasthan Vidyut Prasaran Nigam Limited, a government entity responsible for managing electricity transmission across Rajasthan. I’m also closely associated with various ministries at both national and state levels. Cybersecurity in the government perspective differs significantly from the private sector.
In the private sector, organizations aim to protect their assets. In contrast, in the government sector, we face threats from nation-state actors, who often target our critical assets to steal data or cause damage. India, under the leadership of our Prime Minister Narendra Modi, is growing rapidly, making us a target for cyberattacks.
One specific example is the rise in cyberattacks during the COVID-19 pandemic. As India was among the first nations to develop a vaccine, we saw a surge in attacks aimed at stealing the formulation of our vaccines. This is where cybersecurity plays a critical role in protecting our assets, particularly in sectors like electricity, which is the backbone of any nation.
Vighnesh: That’s a critical point. Electricity is indeed a backbone, and if any disruption occurs, it can have widespread effects. Moving forward, you’ve authored a book titled Cybersecurity: The Fourth Dimension in the Post-COVID World. Could you explain to our audience what this fourth dimension is and how it affects cybersecurity post-COVID?
Dr. Prashant Saxena: Absolutely. Cybersecurity encompasses network security, application security, and database security. However, the COVID-19 era introduced a new challenge: remote working. As people started working from home, it created a new avenue for cyber threats, and this is what I refer to as the “fourth dimension.”
In my book, I’ve discussed how cybersecurity has evolved to adapt to this new remote work culture and the importance of securing our digital assets in this context. The fourth dimension refers to the additional risks and strategies needed to secure our data in this new work environment.
Vighnesh: That’s fascinating! People often don’t realize how these threats operate in the background. Moving on, based on your work with the government of Rajasthan, what unique cybersecurity challenges do government agencies face compared to private sector organizations?
Dr. Prashant Saxena: The government faces very specific challenges. For example, we detected a cyberattack from a foreign country targeting our organization. It wasn’t a large-scale attack, but it involved suspicious communication between our network and a foreign entity. This incident was when I began working in digital forensics, about six years ago. Since then, I have focused heavily on incident response and forensic investigation.
In terms of skills, I’m largely self-taught. Over the years, the government has also provided me with opportunities, including participating in national cybersecurity exercises, which have enhanced my expertise. I’ve represented Rajasthan in several such initiatives, and this hands-on experience has made us much better prepared to handle cyber threats.
Vighnesh: It’s great to hear how much progress has been made. Now, for those looking to excel in digital forensics and incident response (DFIR), what core skills are essential for success in this field?
Dr. Prashant Saxena: The most important skill is having a clear understanding of the basics. In DFIR, you need to be meticulous about extracting evidence and maintaining the chain of custody. Without a proper chain of custody, your evidence may not hold up in court. So, having strong knowledge of operating systems, network forensics, and application forensics is crucial.
Also, focus on building a solid foundation in protocols like TCP/IP, because without understanding the basic protocols, you won’t succeed in forensics. Certifications are helpful, but a strong grasp of the fundamentals is essential.
Vighnesh: I completely agree. Basics are the building blocks for mastering any field. Now, switching gears slightly, could you explain what OT (Operational Technology) security is, and how does it differ from IT security?
Dr. Prashant Saxena: IT stands for Information Technology, which handles data servers and networks. OT, or Operational Technology, refers to the systems that control physical processes. For example, in a factory, if the boiler temperature exceeds a certain level, OT systems will automatically shut it down. These systems are critical in industries like manufacturing and energy, where automation plays a key role.
Unlike IT systems, OT systems are rarely updated. They are often deployed for 7-8 years without updates, making them more vulnerable. Additionally, OT systems face interoperability challenges, which make it difficult to integrate components from different vendors.
Vighnesh: That’s a great distinction. OT security is critical, especially in sectors like manufacturing and energy. How does securing OT systems differ from securing IT systems?
Dr. Prashant Saxena: In IT, you receive regular updates and patches, but OT systems can go years without updates. This makes them vulnerable, and you need to focus more on configuration and authorization rather than relying on things like antivirus software. Proper accreditation and compliance with frameworks like IEC 62443 are crucial to ensure OT systems remain secure.
Vighnesh: That makes a lot of sense. Moving on, what do you do in your free time, considering your busy schedule?
Dr. Prashant Saxena: I am passionate about cybersecurity, and in my free time, I focus on training the next generation of cybersecurity professionals. I founded the Center for Cyber Security Studies and Research (CFCS2R), a non-profit organization that provides free training and internships to individuals interested in learning cybersecurity from scratch. We currently operate in 48 countries and have trained over 10,000 people globally.
My focus is on skill development, both within my organization and for the broader community, especially those who are underprivileged and lack access to proper cybersecurity education.
Vighnesh: That’s truly inspiring, sir! You’ve dedicated your life to cybersecurity both professionally and personally. Lastly, what message would you like to leave for our audience to help them stay safe in this rapidly evolving digital world?
Dr. Prashant Saxena: My advice to everyone is to stay educated. Cybersecurity is no longer just a fancy term; it’s a necessity in today’s digital age. Everyone, from the common man to industry professionals, needs to be aware of basic cybersecurity practices. Share your knowledge with others, especially those who might not be as educated about digital security, such as your household help or drivers. Digital literacy is critical for everyone, and we must all contribute to spreading awareness.
Vighnesh: Thank you so much, Dr. Saxena, for your valuable insights. It was a pleasure speaking with you today, and I’m sure our audience learned a lot. Don’t forget to subscribe to our channel for more insightful discussions like this. Thank you again, sir, for your time!
Dr. Prashant Saxena: Thank you, Vighnesh. It was my pleasure.