Recent few events have highlighted the vulnerability of our fast expanding digital networks.
GS Paper 3: Internal Security
Dimensions of the Article:
- Rising Cyber-attacks in the recent past
- Need for a comprehensive cyber security policy
- What are the issues with Cyber-security in India?
- International Cooperation in Cybersecurity
- Way Forward
- Definition: A cyber-attack is any unauthorised access to a computer, computing system, or computer network with the intent to cause harm.
- Motivation: Its goal is to disable, disrupt, destroy, or control computer systems, as well as to change, block, delete, manipulate, or steal the data contained within these systems.
- Ransomware attack: This is a type of malicious software that encrypts the victim’s files, disables access to a computer system, and demands a ransom to decrypt the files. WannaCry, Petya, and other examples
- It is frequently designed to spread across a network and target database and file servers, paralysing an entire organisation.
- Unlike other types of cyber-attacks, this one alerts the user to the attack.
Rising Cyber-attacks in the recent past:
- Ransomwares have emerged as the most predominant of malicious cyberattacks. The attackers here demand hefty payments for the release of withheld data.
- The Ransomware attack on the servers of India’s premium institute, the All India Institute of Medical Sciences was one of the significant cases to be considered.
- Nearly 40 million health records were compromised and it took over two weeks for the systems to be brought online.
- Another event where a ransomeware gang breached the parent company of Solar Industries Limited, one of the Ministry of Defence’s ammunition and explosives manufacturers.
- They extracted over 2 Terabyte of data.
- Cyber capabilities like hacking and GPS jamming has played a pivotal role in the ongoing conflict in Ukraine. The electronic systems in warheads, radars and communication devices are rendered ineffective by such techniques.
- Data show that over 75% of Indian organisations have faced such attacks, with each breach costing an average of ₹35 crore of damage.
- There are multiple malwares that could infect all kinds of computer systems.
- Every critical infrastructure, from transportation, power and banking systems, would become extremely vulnerable to the assaults from hostile state and nonstate actors.
Need for a comprehensive cyber security policy:
- A comprehensive cyber security policy is the need of the hour as they can pose significant damage to our critical infrastructure, industry and security.
- Indian Computer Emergency Response Team (CERTIn):
- CERTIn, India’s cybersecurity agency, introduced a set of guidelines for organisations to comply with when connected to the digital realm in 2022.
- The guidelines included mandatory obligation to report cyberattack incidents within hours of identifying them, and designating a pointsperson with domain knowledge to interact with CERTIn.
- India’s draft Digital Personal Protection Bill:
- The billproposes a penalty of up to ₹500 crore for data breaches.
- Defence Cyber Agency (DCyA):
- The agency is capable of offensive and defensive manoeuvres. It was created by the Indian armed forces.
- All Indian States have their own cyber command and control centres.
- Digital Geneva Convention: The Convention, where over 30 global companies have signed a declaration to protect users and customers from cyber breaches
- It also aims to collaborate with likeminded intergovernmental and state frameworks.
What are the issues with Cyber-security in India?
- Cybersecurity tools:
- Many organizations lack the tools to identify cyberattacks, let alone prevent them.
- Cybersecurity professionals:
- There is acute scarcity of Cybersecurity professionals in India.
- India is projected to have a total workforce of around 3,00,000 people in this sector in contrast to the 1.2 million people in the United States.
- Participation of Private sector:
- Most of our organisations are in the private sector, and their participation remains limited in India’s cybersecurity structures.
- Technological intervention:
- With the introduction of 5G and the arrival of quantum computing, the potency of malicious software, and avenues for digital security breaches would only increase.
International Cooperation in Cybersecurity:
- Most of the cyberattacks originate beyond our borders and thus international cooperation to defend such attacks is crucial to keep the digital space secure.
- This year, cybercrimes are expected to cause damage worth an estimated $8 trillion worldwide.
- Amidst the turbulent current world events, these UN groups would struggle to have effective dialogues related to cybersecurity.
- Steps towards international cooperation:
- India has already signed cybersecurity treaties, where the countries include the United States, Russia, the United Kingdom, South Korea and the European Union.
- India being a member of multinational frameworks such Quad and the I2U2, significant efforts are being made to enhance cooperation in cyber incident responses, technology collaboration, capacity building, and in the improvement of cyber resilience.
- G20 summit: The sumit to be held in India this year, which will see participation by all the stakeholders driving the global levers of power.
- There is a need for a comprehensive global framework with nations cultivating an environment of transparency and collaboration
- The coming G20 summit offers a rare opportunity to bring together domestic and international engagement groups across the spectrum, and steer the direction of these consultations.
- India could make an effort to conceptualise a global framework of common minimum acceptance for cybersecurity. This would be one of the most significant contributions made by any nation towards collective security in modern times.