15th International Conference on Information Systems Security (ICISS) – 2019 held at IDRBT

Visit Conference Website

Continuing the practice of organizing one good international conference every year, the Institute organized the 15th International Conference on Information Systems Security (ICISS 2019) from December 18-20, 2019.

The ICISS, held annually, is a premier international interdisciplinary forum, focused on disseminating the latest research in Information and Systems Security. The conference is of critical importance for the banking and financial sector since it is amongst the most targeted domain of cyber-attacks. So it is necessary that banks are abreast with the latest advances and research in the security space so as to be well-prepared against these attacks.

Dr. A. S. Ramasastri, Director, IDRBT , started off the proceedings by spotlighting the unique positioning of the IDRBT at the intersection of academia and industry and its focus on applied research in the areas of direct relevance to banking, especially the new initiatives such as setting up FinTech Exchange and 5G Use Case Lab. He also dwelt upon the latest developments in the areas of academics and executive education, with a particular focus on the contributions in the areas of Cyber Security, Analytics, Cloud Computing, Payment Systems, Mobile Banking, Affordable Technologies and the patents the Institute has received on various facets of Cyber Security.

Shri G. Padmanabhan, Non-Executive Chairman, Bank of India and former Executive Director, Reserve Bank of India, inaugurated the ICISS 2019. In his inaugural address, Shri Padmanabhan highlighted the following:

  • The productivity of banks and financial institutions have increased multi-fold after inclusion of cyber in their delivery channels. But it has also resulted in various threats and challenges to ensure safety for wired as well as wireless transactions. The Banking and Financial Sector is the most vulnerable and most targeted as money is involved.
  • The challenge of protecting open and faster delivery channels riding on blockchain coupled with 5G gets immense when "walls and roof" of banks are vanishing.
  • In the Indian context, when 3-4 vendors have rolled out banking solution for the entire banking industry, if a security lapse is exploited by one rogue, then almost all banks using that solution become potentially vulnerable.
  • In the year 2018, cyber-attacks on India had increased by more than 100% over the previous year as against the corresponding global increase of 35%. India was the 2nd most targeted country for cyber-attacks in the world, after the US.
  • Nation state actors, often operating through a vast network of well-funded proxies, strive to exert influence, threaten stability, and sow discord through the mechanisms of cyberspace. Hacktivist organisations seek to undermine, damage or discredit organisations whose agendas they oppose.
  • Generally, all cyber-security acts focus on industries identified as critical infrastructure (CI) or critical information infrastructure (CII) of the nations, such as national security, financial, telecommunication, public transportation and logistics, healthcare and energy sectors.
  • Another challenge pertains to the high frequency, high volume audit data (Big-Data) analysis using proper IT solutions. It is like searching for a needle in a haystack. Financial organisations need to build capability in this domain and ensure that audit logs are scrutinised regularly, as timely automated detection may save the loss of information and malicious attacks and minimise the cost of attacks, if any.
  • Threat hunting, segmentation of networks, regular data backup, implementation of multifactor authentication, fine tuning SoC alerts can help in containing cyber-attacks better.
  • Countering cyber threats calls for dedicated and continuous research to monitoring evolving threats and counter measures. The financial sector depends heavily on academia for this. I suggest that the financial sector come together to fund such research on an ongoing basis. This would enable the institutions to be proactive rather than reactive in dealing with cyber-attacks.
  • Ideally, the solutions emerge from academia which are then delivered to banks through fintechs and IT companies. It is in this context that institutions like IDRBT which are at the intersection between industry and academia are playing an important role.
  • Further, the most duplicated work in the banking or financial sector anywhere in the world is the KYC process. IDRBT may try to see if there can be some solace for the Financial Sector in India in this matter.

A galaxy of renowned international researchers in the area of Information and Systems Security including the following participated in the ICISS - 2019 and delivered keynote talks:

  • Karthikeyan Bhargavan, directeur de recherche, Institut national de recherche en informatique et en automatique (INRIA), Paris on "Secure Messaging: Towards Verified Standards and High Assurance Implementations."
  • Krishna P. Gummadi, Head, Networked Systems Research Group, Max Planck Institute for Software Systems (MPI-SWS), Germany on "Privacy, Fairness, Transparency, and Abuse of Targeted Advertising on Social Media."
  • Reza Shokri, Assistant Professor of Computer Science at the National University of Singapore (NUS) on "Trusting Machine Learning: Privacy, Robustness, and Interpretability Challenges."

This three-day conference was preceded by a two-day tutorial on December 16 – 17, 2019 on Digital Forensics – Process, Tools and Challenges, Capitalizing on DevOps and Android Malware Prediction using Machine Learning Techniques.

17 research papers covering the areas of Smart Contracts, Formal Techniques, Access Control, Machine Learning, Distributed Systems, Cryptography, Online Social Networks and Images and Cryptography authored by leading researches from across the globe including Moscow State University, Russia; University of Kentucky, USA; Norwegian University of Science and Technology, Norway; University of Cauca, Columbia; University of Minho, Portugal; Peking University, China; Bangladesh University of Engineering and Technology, Bangladesh, were presented in the conference etc. The acceptance rate of the conference was 23.29%.

From this year, the IDRBT has instituted a "IDRBT Best Practice Paper Award" to encourage and tap into the novel ideas presented at ICISS. The inaugural award went to the paper titled "Policy Reconciliation and Migration in Attribute Based Access Control" authored by Gunjan Batra, Vijayalakshmi Atluri, Jaideep Vaidya from Rutgers Business School and Shamik Sural from IIT Kharagpur.

Dr. N. V. Narendra Kumar, IDRBT & Dr. Deepak Garg, Max Planck Institute for Software Systems, co-chaired the conference.