 Good morning. I am Deepak Phatak. I am the principal investigator of the National Mission Project on Training Teachers on a large scale the T10KT program as we call it. I'm very happy to welcome all of you here with me on the dais are the two faculty colleagues who are going to steer this workshop for the coordinators. First one is Professor Barnard Menizis. Like me and like many of us here, he's an alumnus of IIT Bombay. After doing his PhD in U.S., working there for some time, then decided to come back and contribute to nation building. Curiously spent a few years in building the computer science department from scratch in a small college before coming to IIT Bombay and joining our school of IIT. Why I say this is, like many of us who interact with other colleges, he has a first-hand view of the problems faced by the faculty in smaller places, the ethos at those places. The desire of several people at such places to do extraordinarily well and he brings with it the complete understanding and hopes to use that in translating all of our desires to empower our colleague teachers. Next to him is Professor G. Shiv Kumar. G. Shiv Kumar comes from a wrong IIT for me. He comes from IIT Madras. But we share a passion where both chess players used to play for his team. I used to play for my team here. More importantly, ever since he has come here, he has contributed significantly to the development of the computing ethos of this place. He has not only led our signature software lab to greater glory, he works in multiple areas actually. So networks and network security could be just one of his areas, but he is also involved in formal verification. He is involved in too many things in fact. And like many of us, he has been contributing significantly to the building of expertise in other sister institutions by participating in either faculty recruitment or participating in the workshops such as this. He is also a stalwart advisor to a large number of industries on issues related to many things including cyber security. So welcome Bernard, welcome Shiv Kumar. Thank you so much for agreeing to conduct this workshop. When the national mission asked me to conduct a workshop on cyber security, I was slightly perplexed because our primary mission is to empower teachers who teach basic courses in engineering and science, primary. We do of course look at a few electives which are more popular, but mostly that was our mandate. Cyber security is certainly not a matter of introductory course in any engineering college. In fact, in many colleges the cyber security per se is not a separate subject. It is included in the discussions on either networks or some other. But what happened and this background is important for you to know is that the Prime Minister's office realized that we need to spruce up our expertise and ability to manage our servers under the dire threats of security that are emerging day by day. All of you, how many of you have heard of the problems in Estonia? I think it was 2002, Shiva, the complete Estonian commercial system broke down for a day, complete computerized system. Initially people blamed it on hackers, as you all know there are hackers everywhere in the world. It was subsequently discovered, it couldn't be legally proven, but it was subsequently discovered and almost proven that there was a state actor behind that meltdown. And the state actor was implicitly assumed to be the government of Soviet Union and Russia then, not Soviet Union 2002, it was Russia. The Russians of course never admitted to it. Subsequently it was discovered that China and the United States are also while safeguarding their own installations against the threats from outside, they're also engaged in creating threats for others. What it meant to the government of India is that the next decades wars will not be limited to conventional wars, but they might even be fought on the turf of cyberspace. Now how do you secure your N number of installations, particularly in a country where security is itself considered a very sort of low key thing? How many people you have seen who routinely share their passwords for example, have seen that in the banking sector for a long time? So on one hand it is necessary to build the awareness of the computer security, but on the other hand it is necessary to safeguard a large number of servers that exist in the distributed environment that pertains in the country. So Prime Minister's office is of the opinion that at the block panchayat level, where there is a server, there has to be somebody who is in charge of the security of the content of that server. And such a person would be called information security officer, ISO. The ISOs need not necessarily be high-floating engineers, they could be technical people trained into the art, but the estimate of the PMO is that we would require about four lakh such information security officers in next three to four years in order to safeguard the country's interest against the possible threat either by hackers or by the nation states or what. Now how do you train three lakh four lakh people in three years? These people need not as I said be top-end engineers, hello. There could be diploma holders from polytechnics, there could be even ITI trained people in the appropriate manner. Now how do you train them? So naturally the first task is to train the trainers who would eventually train these people. Unfortunately the government of the PMO was not aware of any mechanism which could train people on large number and which could train even teachers on large scale. Then M.H.R.D. told them that we have IIT Bombay which is running our T-10KT program and although not strictly part of the T-10KT mandate, it may be possible for IIT Bombay to conduct such a program. I went to see cert, Dr. Gulshan Rai, a good friend of mine, you cert in, you know the designation cert in, he is effectively a constitutional authority which looks at the cyberspace issues at the government level. It initially started with allocation of domain names and whatever whatever but effectively they also shortlist and certify agencies which can handle information audit, information security audit and so on. I was hoping that they will be able to send some of their experts to conduct these trainings. Unfortunately while Gulshan Rai believes that this training is important and in fact he personally requested me that we should actually conduct this program, they do not have adequate expertise at the level of training the trainers. We also contacted CDAC and my friend Prasar Rajat Munna is the director general of CDAC has promised that a couple of their experts might come and join us either in this workshop or subsequently in the main workshop for 10,000 teachers. I am giving you all this background to tell you that it has not been an easy task for us to do it till I found out Dr. Barnard and I found out Dr. Shokumar to be enthusiastic enough and to provide a helping hand to conduct this program. So on behalf of the government of India and on all our behalf I would like to give them a big hand for agreeing to conduct this workshop. Barnard has been a security buff for quite some time and in fact he has written a book. Have we got those books or they are distributed? Let me admit that whenever in the past we have decided to get some learning material we have never been able to get that in advance. This is the first time that all the coordinators are getting the book on the first day and I must thank my workshop team for handling the logistics. I am also glad to announce that books have been ordered for all participants. So you will know the exact numbers which will come to your respective centers and those many books will be dispatched to you before the actual participants come to your place. Ideally we would like to have the books with the teachers ahead of the workshop but that is not possible because these 10,000 people come from various places and I suppose as coordinators you will undertake the task of distributing the books in time to them and so on. So that in a nutshell is the backdrop preparation about the workshop itself, the content and the extent of the activities that you will do. Professor Barnard will mention those things in the introduction. My task here is limited to give a brief inaugural address and leave things to the experts. Since Barnard is going to speak to you at a great length, in fact even Professor Shukumar later but Barnard is going to kick start the session. At this juncture I would request Professor Shukumar to say a few words and then I will give some concluding remarks. Thank you very much Professor Fartak and very warm good morning to all of you. It's a pleasure and an honour and a privilege to be associated with this course and once you see the timetable and the schedule of lectures and labs and so on you will find that Professor Barnard is the one doing the bulk of the hard work and I am just making some appearances here and there is a reason for that. I think many of you would have read or heard about this book Accidental Prime Minister Sanjay Bharu. So in the context of yesterday's news it is all the more relevant. So Professor Fartak also hinted at it I am an accidental networking person and an even more accidental security person and I can tell you why and how and maybe many of you may have faced similar situations in your own universities and campuses. So when I joined here quite some time back Professor Fartak was ahead and we were asking ERnet was just getting started so you can guess how many years over back and so on and I kept asking for facilities I want this I want it and that I want email and then I didn't realise I was young that it's not a good thing to do because if you keep asking they'll say why don't you do it why don't you build it. So accidentally I got drawn into helping the setup of the networking infrastructure in our campus and it's been a long journey and to keep a long story short that's how you learn on the job we started with 64 kbps van link so all of us know 64 kbps what it can do that was considered a big jump in those days and therefore accidentally it became very important to manage that link well so what is the contention for the van link at that time or even today academic usage usage for good purposes versus misuse within codes and a campus with students like this were so bright and who know much more than the faculty in issues like this it was a challenging job to ensure that our internet resources were used properly or at least most of it was available for proper use and we could at least control if not eliminate the misuses so this led me to the second role which again I'm not unhappy don't take this as a complaint I became head of the computer centre and had to for two three years make sure that our internet services ran properly and that was a real challenging job email works beautifully 29 days of the month you don't hear a word on the 30th day there's an outage for one and a half hours then what do you hear okay all the choices to abuse more than what happened in the election campaign so you make sure that you learn how to secure your services how to make sure security has several meanings security does not always mean only attack there are bonds and securities right what is your secure you feel secure means what safe that there is no disruption in your you get used to having power here so you feel secure if power goes every five minutes so running a smooth service which is in the in the other sense a denial of service attack and so on and so all that will come later in the course so keeping services properly running meant hands on so this is the second message that I want to say that my learning is not because I did research in this area and did work in this area and wrote my phd in this area but because I was by circumstance forced to learn hands on so the second point that I want to make in this brief inaugural address is that while lectures will is a must and listening to the theory part is a must the labs that we have planned for you I think will have tremendous value if you put in the effort so the labs to the best extent possible we have tried to design so that at least half of it or maybe two-thirds of it is doable by you in the lab but there'll always be a one-third which you have to take back and continue learning and continue you know trying and so on so forth so all I want to say is that this is a there's a small story again which all of you know probably but anyway let me repeat it that anxious mother brought her young you know son eight years or ten years to Ramakrishna and said this guy is eating too many sweets I've tried to hide it in the kitchen here there he finds it he rides everything and it's not good for him why don't you advise him to eat less how many of you have heard the story good so just for the benefit of others so he says okay bring him back after one week after one week the mother brings him back and then Ramakrishna tells him she is not good for you your health eat only two per day and then when you're big you'll feel by all sorts of things and the boy agrees so the mother is puzzled why didn't you say this one week back what was the answer I myself could not control I wanted to try for one week and see that I know how to control and only then I can teach a boy how to control this urge similarly if you are going to teach network security it would be great if it was push button technology that you just buy a device you plug it in and you're secure it would be great right that is the holy grail most technology wants to be invisible it should work that's all and our job should be to simply at the most put it on yeah is there any technology there like that if it is whether it is there or not security is not like that okay it is a knowledge oriented thing and you have to know you have to know what is happening how the tool works what it does what it is capable of and the human is not yet out of the loop okay so again I want to emphasize that the lab component of this course is something you should take very seriously and that is where the learning will happen if not right here in this workshop when you go back you should not assume that you know that that's the only thing or the tools that we give for you to try are the only ones and so on so forth so I think that will that will happen so the last point I want to make before handing the floor to Bernard who is done like I said most of the work for this course is that two things while it is a pack schedule and I'm pretty sure that most of you will find it a little demanding if you take it seriously do not you know lose the opportunity to enjoy some of the beauty of this campus okay most of the students are away campus is empty and nice it's beautiful there's a lake on that side lake on this side there's a mountain okay so do spend some time spend some time and the last part is what I think Mukta also told you that learning is not always this way from the stage to the audience much more learning happens between you so you are from different institutions different colleges so try to learn from each other the best practices or inputs which will also happen in the labs and so on so forth so with those two inputs to you I will conclude my initial address I'll be back on Monday morning to teach you one part of the course which is to how to set up services securely especially in a campus like ours so I'll hand the floor back to Bernard thank you President Shukumar I thought in the remaining 12 minutes of the time I'll take about seven or eight minutes to share with you some general thoughts I'll start with this 64 kbps link that he mentioned I do not know how many of you are aware of the prevailing costs for the so-called 64 kbps pipeline which BSNL used to give those days it was department of telecom that time it used to cost 950,000 rupees per year to have a dedicated 64 kbps link between Mumbai and Delhi life insurance corporation which I used to advise refused to implement a wide area network considering the cost running costs of that fortunately the prices have come down significantly and we can all talk about this but since he mentioned the early ERnet days let me share with you a very hilarious experience it was very frustrating Dr. Ramani at NCST and I at IIT Bombay we had our labs trying to establish an email service and we needed modems in those days you could not just buy a modem and install it and use it you required each modem to be certified by the department of communication as worthy of being used for whatever reason and they would take 15 to 20 days to certify a modem we went through that process we got two modem pair we put one here we put one in NCST and funny things happened either the both modems will transmit simultaneously or both would receive simultaneously so we couldn't get anything then we decided to use another set of modems we went to DOT again and they again took 20 days and Ramani and I felt so frustrated because these modems also did not work for somebody so finally Ramani says what is this nonsense let's go and working pair of modems doesn't matter and we'll go to DOT post fact say actually surreptitiously use the modems connected them without taking permission we are generally very very legal so we were ourselves were worried but our desire was to push the email exchanges in the when the first email was exchanged between our software lab and NCST's lab we actually danced with joy and Ramani pointed out the danger that we are on the wrong side of the law later on in a CSI conference I remember Dr. FC Kohli was chairing that session and I said sir we could have gone to jail for doing this and then he said you would have been the first martyrs of free India to get another freedom for the people of the country so that was the ethos there getting a modem working nowadays the kids buy modems and put them at homes all of us do that all of our technical people do that about the security I remember in hilarious incidents when I set up the first UNIX environment here was it 83 84 Shiva around that time we had three terminals and two machines each or something like that and we opened these terminals for people giving slots for half an hour and these slots were 24 by 7 so 2 to 2 30 a m 2 30 to 3 a m etc etc now one of the problems was that the kids would like to play games they're not great games the full graphic terminals were not there only text terminals there but the snake was one of the popular games for example and so on now as present Shukumar said we wanted to insist on good academic usage policy not for anything else but for the reason that the terminals were in short supply and there were other students who would like to compile their programs and none and so on so a battle royal ensue people would surreptitiously store the executables in their delight they're all UNIX machines we're a team of four very very smart programmers to assist us they were called Fata Chandal Chowkadi at that time it became Shukumar Chandal Chowkadi later when he took over as head of so the the best of them was called a wizard because he could write device drivers on the screen Hattu he was called Dr. Pradeep Hathkenangalekar so he wrote a script to automatically go into every account and find out an executable with the size of the game and delete that the next we saw that students first tried to shift the what you call the games in some other directories but with minus all option on the UNIX you could actually search everywhere else then students came up with this brilliant idea of breaking that into two or three parts storing them into under three different names and then concatenating them just before executing Hattu wrote another script to find out all executables and find various permutations and combinations which will amount to the same size of that file and started deleting those from the student director then students form collaborative unions so they will break it up into three parts one part will be with one student another part will be with another student so yeah so you see this is a choresy pie game which goes on perpetual and what you see in terms of hackers and even national players doing state players doing such funny thing is nothing but a extension of the desire of individuals to beat the system and the system to beat the individuals and this is a perpetual game it will never stop the point is that while we could successfully ensure that some symbolums of security happens here what is very very important to remember is what Professor Shukumar said at the end there is no shortcut to dirtying our own hands okay many of you may not be cyber security experts it's all right none of us were by the way okay I'm a hardcore electrical engineer converted to computer science Professor Shukumar actually is a regular computer person but as he told you he was handling the networks incidentally but it is possible even if you are required circumstantially to handle something it is possible to dedicate yourself learn things but do things by your own hand so that you're on top of things please do not leave these only to the technical staff who support you and in fact the technical staff will support you with greater admiration and greater commitment if they know that at any point in time you can roll up your sleeves and do exactly what you expect them to there is no shortcut to dirtying our hands in engineering and I would urge all of you to use the opportunity here in the labs to sit down and do things for yourself and there is absolutely no harm if you make mistakes all of us do that one great syndrome of the IIT system is that we do not hesitate in learning from anyone young or old as he said many of our students are smarter and we learn from them many of our technical staff are smarter and we learn from them as long as we show adequate humility to accept that look I don't understand this and I do not mind learning from you in fact people are encouraged to tell us more tell us better and that way a rapport is established and better systems are established having said this the general nature of the technology that is being increasingly used in education is mind-blowing and I would like you to also go back and reflect on how much of technology is being effectively used for educational purposes network and network security is one part of it but take the services for example email services I am allergic to an email ID which does not end in .in for Indians yet 90 percent of the people I come across use either gmail.com or yahoo.com or at best yahoo.co.in and when that happens in our academic institutions I feel ashamed my institute gives a login ID for lifelong for every faculty member for every student for every alumnus all those login IDs end in .ac.in IITB.ac. Why because IIT Bombay runs an efficient email service which caters to all the requirements people like President Shukumar had a big hand in building that establishing that service how many of your institutions run this first-class service how many of your students and your teachers do not feel compelled to go outside to some other domain to get an email ID including you yourselves I think this should be a matter of great concern to all I would expect the following within the next six months and six months a long time within the next six months each one of you should undertake the responsibility of going back convincing your institution institute administration convincing yourselves that to run a first-class email service for all the constituents of my institute is my personal mission and that we would make our students and our colleague teachers and our colleague staff proud to use my institute .ac.in or yahoo.in or whatever as a email I will tell you why this is important in all international conferences that are held everywhere in the world including those which are held in India the only people who have their email IDs ending in their nation's name are people from outside India whether it is Japan whether it is Zekoslovakia whether it is South Africa smallest countries you take that tremendously proud their email IDs will end with their nations only in our case and one more case that is United States but they believe .com means .com.us they believe that .org means .org.us so this is something I would like to leave behind as an added important activity to be undertaken if nothing else at least at these 220 remote centers if that is established and if you can pass on this message to all 10,000 teachers who come to attend this workshop I think we can make a a different sense of pride in the usage of all but please remember you cannot just set up a service and say email IDs are given the email service better work properly 24 by 7 people have to have faith in that service they're only people will people don't use emails just like that they have faith in that service they must have faith in our services and unless we can establish a faith in such simple services how can we establish the user's faith in the security that we'll set up the security will come only after services so this is what I would I would like to say I I just wanted to know how many of you these colleges are have participated in the QEE program that MHRD had recently started one two three four four not very many all the QEE institutions there is a special workshop that we are arranging on pedagogy my colleagues process either a year and process Anna Murthy will be conducting it we will be offering this educational pedagogy workshop later for all the teachers but we ourselves have discovered how teaching learning has become so very different and can be so very effective if we understand not the conventional pedagogy or methodology of teaching but the modern methodology of learning and teaching in the context of heavy use of technology so that will be a workshop which will follow the QEE colleges will come to know about it but we will be offering this workshop for the general teachers across the country probably in this December or next summer so I already taken more than my fair share of time let me formally close this inaugural session and hand over mic to Krisha Bernard wishing you well for a very successful workshop as Shiva said please try to use this opportunity to interact with other elements of the institute live behind some of the good practices that you have at your places so that we learn from you take back with you whatever good that you find in this institution with an intention to try and establish those good practices in your own institute thank you very much God bless you