- Disinformation is a cybersecurity threat
- Denying women the right over their bodies
- The move to privatize banks
Editorial: Disinformation is a cybersecurity threat
- There is a lot of similarity in the strategies, tactics and actions between cybersecurity and disinformation attacks.
- GS Paper 3: Basics of Cyber Security; Role of media and social-networking sites in internal security challenges; Internal security challenges through communication networks.
- Society needs to be protected from infodemics, to prevent the possibility of a breakdown, interruptions and violence. Discuss. 15 Marks
- What are social networking site and what security implications do these sites present? 15 Marks
Dimensions of the Article:
- Cybersecurity vs Disinformation
- Similarities between Cybersecurity and Disinformation
- Cognitive hacking
- Implications of cognitive hacking
- Spreading disinformation
- Lessons from cybersecurity
- Measures to counter the Disinformation
- Education is key
- Way Forward
Cybersecurity vs Disinformation:
- Cybersecurity focuses on protecting and defending computer systems, networks, and our digital lives from disruption. Nefarious actors use attacks to compromise confidentiality, the integrity and the availability of IT systems for their benefit.
- Disinformation is, similarly, an attack and compromise of our cognitive being. Nation-state actors, ideological believers, violent extremists, and economically motivated enterprises manipulate the information ecosystem to create social discord, increase polarisation, and in some cases, influence the outcome of an election.
Similarities between Cybersecurity and Disinformation:
There is a lot of similarity in the strategies, tactics and actions between cybersecurity and disinformation attacks:
- Cyberattacks are aimed at computer infrastructure while disinformation exploits our inherent cognitive biases and logical fallacies.
- Cybersecurity attacks are executed using malware, viruses, trojans, botnets, and social engineering.
- Disinformation attacks use manipulated, miscontextualised, misappropriated information, deep fakes, and cheap fakes. Nefarious actors use both attacks in concert to create more havoc.
- Historically, the industry has treated these attacks independently, deployed different countermeasures, and even have separate teams working in silos to protect and defend against these attacks.
- The lack of coordination between teams leaves a huge gap that is exploited by malicious actors.
- Cognitive hacking is a threat from disinformation and computational propaganda. This attack exploits psychological vulnerabilities, perpetuates biases, and eventually compromises logical and critical thinking, giving rise to cognitive dissonance.
- A cognitive hacking attack attempts to change the target audience’s thoughts and actions, galvanise societies and disrupt harmony using disinformation. It exploits cognitive biases and shapes people by perpetuating their prejudices.
- The goal is to manipulate the way people perceive reality. The storming of the U.S. Capitol by right-wing groups on January 6, 2021, is a prime example of the effects of cognitive hacking.
Implications of cognitive hacking:
- The implications of cognitive hacking are more devastating than cyberattacks on critical infrastructure. The damage wrought by disinformation is challenging to repair.
- Revolutions throughout history have used cognitive hacking techniques to a significant effect to overthrow governments and change society. It is a key tactic to achieve major goals with limited means.
- For example, QAnon spread false information claiming that the U.S. 2020 presidential election was fraudulent, and conspiracy theorists (in the United Kingdom, the Netherlands, Ireland, Cyprus and Belgium) burned down 5G towers because they believed it caused the novel coronavirus pandemic.
- COVID-19 disinformation campaigns have prevented people from wearing masks, using potentially dangerous alternative cures, and not getting vaccinated, making it even more challenging to contain the virus.
- Distributed Denial-of-Service (DDoS) is a well-coordinated cybersecurity attack achieved by flooding IT networks with superfluous requests to connect and overload the system to prevent legitimate requests being fulfilled.
- A well-coordinated disinformation campaign fills broadcast and social channels with so much false information and noise, thus taking out the system’s oxygen and drowning the truth.
- The advertisement-centric business modes and attention economy incentivise malicious actors to run a sophisticated disinformation campaign and fill the information channels with noise to drown the truth with unprecedented speed and scale.
- Disinformation is used for social engineering threats on a mass scale. Like phishing attacks, to compromise IT systems for data extraction, disinformation campaigns play on emotions, giving cybercriminals another feasible method for scams.
- A report released by Neustar International Security Council (NISC) found 48% of cybersecurity professionals regard disinformation as threats, and of the remainder, 49% say that threat is very significant; 91% of the cybersecurity professionals surveyed called for stricter measures on the Internet.
- Deep fakes add a whole new level of danger to disinformation campaigns. A few quality and highly targeted disinformation campaigns using deepfakes could widen the divides between peoples in democracies even more and cause unimaginable levels of chaos, with increased levels of violence, damage to property and lives.
Lessons from cybersecurity
- Cybersecurity experts have successfully understood and managed the threats posed by viruses, malware, and hackers.
- IT and Internet systems builders did not think of security till the first set of malicious actors began exploiting security vulnerabilities.
- The industry learned quickly and invested profoundly in security best practices, making cybersecurity a first design principle.
- It developed rigorous security frameworks, guidelines, standards, and best practices such as defense-in-depth, threat modelling, secure development lifecycle, and red-team-blue-team (self-attack to find vulnerabilities to fix them) to build cybersecurity resilience.
- ISACs (Information sharing and analysis centers) and global knowledge base of security bugs, vulnerabilities, threats, adversarial tactics, and techniques are published to improve the security posture of IT systems.
Measures to counter the Disinformation:
- Defense-in-depth is an information assurance strategy that provides multiple, redundant defensive measures if a security control fails. For example, security firewalls are the first line of defence to fend off threats from external systems.
- Antivirus systems defend against attacks that got through the firewalls. Regular patching helps eliminate any vulnerabilities from the systems.
- Smart identity protections and education are essential so that users do not fall victim to social engineering attempts.
- The defense-in-depth model identifies disinformation actors and removes them. Authenticity and provenance solutions can intervene before disinformation gets posted. If the disinformation still gets by, detection solutions using humans and artificial intelligence, internal and external fact-checking can label or remove the content.
- A mechanism like ISACs to share the identity, content, context, actions, and behaviours of actors and disinformation across platforms is needed.
- Information sharing will help disinformation countermeasures to scale better and respond quickly.
Education is key
- A critical component of cybersecurity is education: Technology industry, civil society and the government should coordinate to make users aware of cyber threat vectors such as phishing, viruses, and malware.
- Media Literacy: The industry with public-private partnerships must also invest in media literacy efforts to reach out to discerning public.
- Intervention with media education can make a big difference in understanding context, motivations, and challenging disinformation to reduce damage.
- Balancing Approach: The freedom of speech and the freedom of expression are protected rights in most democracies. Balancing the rights of speech with the dangers of disinformation is a challenge for policymakers and regulators.
- Implementing laws: There are laws and regulations for cybersecurity criminals. More than 1,000 entities have signed the Paris Call for Trust and Security in Cyberspace, for stability and security in the information space.
The disinformation infodemic requires a concerted and coordinated effort by governments, businesses, non-governmental organisations, and other entities to create standards and implement defences. Taking advantage of the frameworks, norms, and tactics that we have already created for cybersecurity is the optimum way to meet this threat. We must protect our society against these threats or face the real possibility of societal breakdown, business interruption, and violence in the streets.
Editorial: The move to privatize banks
- The Budget proposes to privatise two PSU banks this financial year.
- GS Paper 3: Banking Sector
- The banking landscape in India is set to change with the government’s decision to privatise two public sector banks. In this context, discuss how moving from nationalization to privatization of banks can help to address the pressing issues in banking sector. 15 Marks
Dimensions of the Article:
- Why the proposal?
- What are the issues plaguing PSU banks?
- Why were private banks nationalised in the first place?
- Are private banks doing better?
- What has been the government and RBI stand on privatisation since 1969?
Why the proposal?
- Budgetary Proposal: The Union Budget has announced the privatisation of two public sector banks (in addition to IDBI Bank) and one general insurance company in the upcoming fiscal. It also announced a strategic sale/disinvestment policy for four strategic sectors — including banking, insurance and financial services — in which it will have a “bare minimum presence”.
- Increasing stressed assets: Years of capital injections and governance reforms have not been able to improve the financial position of in public sector banks significantly. Many of them have higher levels of stressed assets than private banks, and also lag the latter on profitability, market capitalisation and dividend payment record.
- Reducing fiscal burden: Privatisation of two public sector banks will set the ball rolling for a long-term project that envisages only a handful of state-owned banks, with the rest either consolidated with strong banks or privatized. This will free up the government, the majority owner, from continuing to provide equity support to the banks year after year.
- NITI Aayog recommendation: The two banks that will now be privatised will be selected through a process in which NITI Aayog will make recommendations, which will be considered by a core group of secretaries on disinvestment and then the Alternative Mechanism.
What are the issues plaguing PSU banks?
- Increasing Non-performing assets: After a series of mergers and equity injections by the government, the performance of public sector banks has shown improvement over the last couple of years. However, compared with private banks, they continue to have high non-performing assets (NPAs) and stressed assets although this has started declining.
- As per the RBI’s recent Financial Stability Report, gross NPA ratio of all commercial banks may increase from 7.5% in September 2020 to 13.5% by September 2021 under the baseline scenario (from 9.7% to 16.2% for public sector banks; from 4.6% to 7.9% for private banks).
- Recapitalization: This would mean the government would again need to inject equity into weak public sector banks. The government is trying to strengthen the strong banks and also minimise their numbers through privatisation to reduce its burden of support.
Why were private banks nationalised in the first place?
- Socialistic Approach: The idea was to align the banking sector with the socialistic approach of the then government. State Bank of India had been nationalised in 1955 itself, and the insurance sector in 1956.
- Changing Political Approach: As former RBI Governor Dr Y V Reddy once said, nationalisation was a political decision, so privatisation too will have to be one. Seen in this context, privatisation of two banks and the indication of carrying it further is a major reform signalling a changing political approach.
Are private banks doing better?
- Better performance in giving loans: Private banks’ market share in loans has risen to 36% in 2020 from 21.26% in 2015, while public sector banks’ share has fallen to 59.8% from 74.28%.
- Market Share: Competition heated up after the RBI allowed more private banks since the 1990s. They have expanded the market share through new products, technology, and better services, and also attracted better valuations in stock markets.
- Issues in private banks: However, in the last couple of years, some questions have arisen over the performance of private banks, especially on governance issues.
- ICICI Bank MD and CEO Chanda Kochhar was sacked for allegedly extending dubious loans.
- Yes Bank CEO Rana Kapoor was not given extension by the RBI and now faces investigations by various agencies.
- Lakshmi Vilas Bank faced operational issues and was recently merged with DBS Bank of Singapore.
- Moreover, when the RBI ordered an asset quality review of banks in 2015, many private sector banks, including Yes Bank, were found under-reporting NPAs.
What has been the government and RBI stand on privatisation since 1969?
- Committees proposals: Many committees had proposed bringing down the government stake in public banks below 51% — the Narasimham Committee proposed 33% and the P J Nayak Committee suggested below 50%.
- RBI Stand: An RBI Working Group recently suggested the entry of business houses into the banking sector. According to RBI’s History series, the number of commercial banks was brought down sharply from 566 in 1951 to 91 in 1967 in order to consolidate commercial banking, which was very fragile.
The initial plan of the government was to privatise four. Depending on the success with the first two, the government is likely to go for divestment in another two or three banks in the next financial year. PSU banks are under dual control, with the RBI supervising the banking operations and the Finance Ministry handling ownership issues.
Editorial: Denying women the right over their bodies
- Recently, Argentina’s Congress legalised abortions up to the 14th week of pregnancy. The Indian Parliament too will consider an amendment to our abortion laws this Budget Session but unlike the Argentina law which is touted as being historic, the Medical Termination of Pregnancy (Amendment) Bill, 2020 (MTP Bill), will not translate into greater autonomy for women over their own bodies.
- GS Paper 1: Women Empowerment
- Neither the state nor doctors have any right to deny a woman a safe abortion. Discuss. 15 Marks
Dimensions of the Article:
- History of the law
- Key Features of the Bill:
- Issues related to Bill:
- Way Forward:
History of the law
- The MTP Act of 1971 was framed in the context of reducing the maternal mortality ratio due to unsafe abortions. It allows an unwanted pregnancy to be terminated up to 20 weeks of pregnancy and requires a second doctor’s approval if the pregnancy is beyond 12 weeks.
- Further, it only allows termination when there is a grave risk to the physical or mental health of the woman or if the pregnancy results from a sex crime such as rape or intercourse with a mentally challenged woman.
- Therefore, the law is framed not to respect a woman’s right over her own body but makes it easier for the state to stake its control over her body through legal and medical debates.
Key Features of the Bill:
The Bill amends the Medical Termination of Pregnancy Act, 1971.
- Time limit and grounds for terminating a pregnancy: The Act specifies the grounds for terminating a pregnancy and specifies the time limit for terminating a pregnancy. The Bill amends these provisions.
- Termination due to failure of contraceptive method or device: Under the Act a pregnancy may be terminated up to 20 weeks by a married woman in the case of failure of contraceptive method or device. The Bill allows unmarried women to also terminate a pregnancy for this reason.
- Medical Boards: All state and union territory governments will constitute a Medical Board. The Board will decide if a pregnancy may be terminated after 24 weeks due to substantial foetal abnormalities. Each Board will have a gynaecologist, paediatrician, radiologist/sonologist, and other members notified by the state government.
- Privacy: A registered medical practitioner may only reveal the details of a woman whose pregnancy has been terminated to a person authorised by law. Violation is punishable with imprisonment up to a year, a fine, or both.
Issues related to Bill:
- There are differing opinions with regard to allowing abortions. One opinion is that terminating a pregnancy is the choice of the pregnant woman, and a part of her reproductive rights. The other is that the state has an obligation to protect life, and hence should provide for the protection of the foetus. Across the world, countries set varying conditions and time limits for allowing abortions, based on foetal health, and risk to the pregnant woman.
- Several Writ Petitions have been filed by women seeking permission to abort pregnancies beyond 20-weeks due to foetal abnormalities or rape. The Bill allows abortion after 24 weeks only in cases where a Medical Board diagnoses substantial foetal abnormalities. This implies that for a case requiring abortion due to rape, that exceeds 24-weeks, the only recourse remains through a Writ Petition.
- The Bill does not specify the categories of women who may terminate pregnancies between 20-24 weeks and leaves it to be prescribed through Rules. It may be argued that such matters should be specified by Parliament and not delegated to the government.
- The Act (and the Bill) require abortion to be performed only by doctors with specialisation in gynaecology or obstetrics. As there is a 75% shortage of such doctors in community health centers in rural areas, pregnant women may continue to find it difficult to access facilities for safe abortions.
Abortion rights are central to a woman’s autonomy to determine her life’s course. Neither the state nor doctors have any right to deny a woman a safe abortion. Doing so means that women are not being treated properly as adults who are responsible for their own choices.