CYBER SECURITY IN INDIA – INTERNAL SECURITY

News: Cyberattacks are rising, but there is an ideal patch 


What's in the news?

The past few weeks have highlighted the soft underbelly of our fast expanding digital networks. 

The first was the ransomware attack on the servers of India’s premier institute, the All India Institute of Medical Sciences. 

Nearly 40 million health records were compromised and it took over two weeks for the systems to be brought online. 

India’s G-20 presidentship and submit later this year are ideal opportunities for the crafting of a comprehensive domestic and global cyber security framework.


Cyber security:

Backdrop:

Also known as internet security, cyber security relates to preventing any form of unauthorized or malafide access to computers, networks, smartphones, banking networks, etc. 

Also after land, sea, air and space, cyberspace has been officially declared as the 5th dimension of warfare, by US and other NATO countries already.

Cyber space comprises IT networks, computer resources and all internet connected devices, mobile or fixed. 

It is important to understand that a nation’s cyberspace is a part of the global cyberspace, without any borders. 

This borderless cyberspace is expanding exponentially with the increased internet penetration and inclusion of Internet of Things (IoT).


Why is cybersecurity important for India?

As India is investing heavily in building e-services for its citizens by providing higher bandwidths and integrating the national economy with digital marketplace, there is an increased need for emphasis on cyber security in India.

The cyber security threats generally emanate from a variety of sources and manifest themselves in disruptive activities that target individuals, businesses, national infrastructure, industry establishments and Governments alike.

Therefore, cyber security is seen as the latest tenant of the security challenge since major critical infrastructure including banking, defense, power, etc. are shifting to the digital realm.

The effects of a threatened cyber space carry significant risk for public safety, national security and stability of the globally linked economy. 

Hence, cyber security threats pose a serious economic and national security challenge for our country in present times.


Why Cyber warfare is different from traditional warfare:

Excellent tool for Asymmetric warfare

Difficulty in tracing

Independent theater of war

Anonymity

Borderless

Ease of attack

Low cost of attack.


Cyber attacks in India:

India saw a malware-related security breach in banking ATMs following which the State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank blocked millions of debit cards that were compromised.

Attack over the Kudankulam nuclear power station.

Attack over the website of national institutions

Petya Ransomware – In India, the ransomware has crippled the operations at one of the terminals of the Jawaharlal Nehru Port Trust.

In 2017 malware attack on the Tehri Dam in Uttarakhand.


India's Vulnerability:

India remains vulnerable to cyber-espionage and cybercrime.

With the growing adoption of the Internet and smart-phones, India has emerged “as one of the favourite countries among cyber criminals.”

There is growing threat from online radicalization.

Lack of coordination among different government agencies.

Attackers can gain control of vital systems such as nuclear plants, railways, transportation or hospitals that can subsequently lead to dire consequences.


Various threats and challenges to cyber-security in India:

1. Cyber terrorism: 

It is a premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence.

2. Digital Data Threat: 

Growing online transactions have generated bigger incentives for cybercriminals. 

Besides, establishments looking to mine data (customer information, results of product surveys, and generic market information), they also create intellectual property that is in itself an attractive target.

3. Cyber warfare: 

It involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks.

4. Cyber Infrastructure Concerns: 

Most equipment and technology systems are vulnerable to cyber threats just like any other connected system. 

Although the government has set up the National Critical Information Infrastructure Protection Centre (NCIIPC), it is yet to identify and implement measures to protect critical information infrastructure.

5. Lack of specialists: 

Globally, India ranks 2nd in terms of the number of Internet users after China (Internet World Stats, 2021). 

However, India has a negligible base of cyber-security specialists, when compared to internet user base.

6. Lack of robust law enforcement mechanisms: 

India’s approach to cyber security has so far been ad hoc and unsystematic. 

Despite a number of agencies, policies and initiatives, their implementation has been far from satisfactory.

7. Lack of Coordination: 

Due to the existence of too many agencies with overlapping functions in the field of cyber security, coordination between these agencies is poor.

8. Lower reporting and conviction rate.               


Institutional Measures in India:

1. National cyber coordination center (NCCC) to scan internet traffic coming into the country and provide real time situational awareness and alert various security agencies.

2. A new Cyber and Information Security (CIS) Division has been created to tackle internet crimes such as cyber threats, child pornography and online stalking. Under this, Indian cyber- crime coordination center (I4C) and Cyber Warrior Police force has also been established.

3. Formation of Defence Cyber Agency in the realm of military cyber security under the Ministry of Defence.

4. Formation of three cyber-forensic laboratories in Bangalore, Pune and Kolkata in association with software industry group NASSCOM.

5. National Critical Information Infrastructure Protection Centre (NCIIPC) to battle cyber security threats in strategic areas such as air control, nuclear and space. It will function under the National Technical Research Organization, a technical intelligence gathering agency controlled directly by the National Security Adviser in PMO.

6. Indian Computer Emergency Response Team (CERT-in) to enhance the security of India’s Communications and Information Infrastructure through proactive action and effective collaboration. CERT-fin has also been launched exclusively for the financial sector.  CERT-in is also operating Cyber Swachhta Kendra, a Botnet Cleaning and Malware Analysis Centre.

7. On similar lines for protection of critical sectors of the Indian economy FIN-CERT for India’s financial sector was launched.

8. Government inaugurated the new body National Information Centre Computer Emergency Response Team (NIC-CERT) to prevent and predict cyber-attacks on government utilities.

9. Cyber Surakshit Bharat Initiative to strengthen the Cyber Security ecosystem in India. It is the first public private partnership of its kind and will leverage the expertise of the IT industry in cybersecurity.

10. Creation of National Critical Information Infrastructure Protection Centre and mandating security practices related to the design, acquisition, development, use and operation of information resources.

11. Security – Cyber Swachhta Kendraà It is the Botnet Cleaning and Malware Analysis Centre under the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MeitY). The aim of Cyber Swachhta Kendra is to promote awareness among Indian citizens to secure their data in computers, mobile phones, and other electronic devices.

12. National Cyber Security Strategy 2020 entailing the provisions to secure cyberspace in India. The cabinet’s nod is pending and it will soon be out for the public.

13. National Informatics Center (NIC) – The National Informatics Centre is an attached office under the Ministry of Electronics and Information Technology in the Indian government. The NIC provides infrastructure to help support the delivery of government IT services and the delivery of some of the initiatives of Digital India.

14. The Cyber Warrior Police Force: In 2018, the government announced its plans to introduce CWPF. It is proposed to be raised on lines of the Central Armed Police Force (CAPF).

15. Cyber-Crime Prevention against Women & Children’ Scheme: Implemented by the Ministry of Home Affairs, the scheme aims to prevent and reduce cyber crimes against women and children.


International cooperation:

1. Budapest Convention on Cybercrime, 2001:

It deals with issues such as infringements of copyright, computer-related fraud, child pornography and violations of network security.

It aims to pursue a common criminal policy, especially by adopting appropriate legislation and fostering international police as well as judicial co-operation.

a. The Convention has 56 members, including the US and the UK. India is not yet a member.

b. Legally binding convention.

2. Global Centre for Cyber security:

Initiative of the World Economic Forum with its headquarters in Geneva.

Aims to establish the first global platform for governments, businesses, experts and law enforcement agencies to collaborate on cyber security challenges and to develop a comprehensive regulatory mechanism.

3. Global Conference on Cyber space:

Conference includes members from Government, civil society, private sector and the theme is cooperation in cyberspace and enhancing cyber capacity building.

Conference is held since 2011 biennially.

4. Commonwealth Cyber Declaration at the Commonwealth Summit 2018:

World’s largest inter-governmental commitments on cyber security cooperation.

A cyberspace that supports economic and social development and rights online.

Build the foundation of an effective national cyber security response.

Promote stability in cyberspace through international cooperation.

5. Paris Call:

At the UNESCO Internet Governance Forum (IGF) meeting convened in Paris, “The Paris Call for Trust and Security in Cyberspace” was commenced, aimed at developing common principles for securing cyberspace.


WAY FORWARD:

1. Building capabilities: There is an urgent need to build capabilities and capacity for application, equipment and infrastructure testing.

2. Human resource: Immediate attention has to be given to human resource development which would increase the number of experts who can effectively manage the cyber security of the country.

3. R&D: Investments should be made on R&D to develop more innovative technologies to address increasing cyber security threats.

4. Policy and Governance: It is important to bring a robust policy and effectively implement the same. Further, duties and responsibilities should be defined clearly for smooth functioning and better coordination among departments and stakeholders.

5. Awareness: A periodic awareness campaign by the government and big private organizations should be conducted to aware people about cyber security threats.

6. Strengthening Private Partnership: It is important to strengthen the public- private partnership on cyber security.