Editorials/Opinions Analysis For UPSC 02 December 2022
- Cyber-attacks: A wake-up call for national security
- ‘Project Great Indian Bustard’
- Recently, India’s top public health institute, the All India Institute of Medical Sciences (AIIMS) in Delhi, was hit by a ransomware attack that crippled routine health care for thousands of patients.
- The cyber-attack comes just a month after AIIMS announced that it would go paperless on January 1, 2023, and would be fully digitised by April 2023.
GS Paper 3: Internal Security
How would you rate India’s preparedness for potential cyber-attacks? Suggest a few measures that should be implemented to combat this threat. (150 words)
- Definition: A cyber-attack is any unauthorised access to a computer, computing system, or computer network with the intent to cause harm.
- Motivation: Its goal is to disable, disrupt, destroy, or control computer systems, as well as to change, block, delete, manipulate, or steal the data contained within these systems.
- Ransomware attack: This is a type of malicious software that encrypts the victim’s files, disables access to a computer system, and demands a ransom to decrypt the files. WannaCry, Petya, and other examples
- It is frequently designed to spread across a network and target database and file servers, paralysing an entire organisation.
- Unlike other types of cyber-attacks, this one alerts the user to the attack.
More on the AIIMS cyberattack
- Restricting access: The organization’s critical data is encrypted, so they cannot access files, databases, or applications stored on the hospital’s main and backup servers.
- Ransom demand: The attackers have made an undisclosed demand in cryptocurrency for a key that will decrypt the data.
- Multi-agency investigation: Because of the scope and gravity of the attack, multiple agencies, including Delhi Police, the Centre’s Computer Emergency Response Team (CERT-In), the Ministry of Home Affairs, and even the National Investigation Agency, have joined the investigation.
- Plan B: In the meantime, AIIMS Delhi has decided to obtain four new servers from the Defence Research and Development Organization (DRDO) to be used immediately to provide e-hospital services to patients.
The attack’s ramifications
- Hackers compromised the data of nearly 4 crore patients, including sensitive data and medical records of VIPs such as former prime ministers, ministers, bureaucrats, and judges, among others, which could be sold on the dark web.
- Cyber-terrorism threat: The Delhi Police has classified the attack as a case of cyber terrorism under Section 66 (F) of the Information Technology Amendment Act 2008. This indicates a much broader scope than a typical ransomware attack.
Vulnerability of India’s Healthcare Sector
- According to the cyber threat watchdog CloudSEK, the Indian healthcare sector is the second most targeted by cybercriminals worldwide.
- Its research also revealed that during the pandemic, health organisations experienced a massive increase in cyber-attacks. For example, the number of cyber-attacks on the sector increased by 95.34% in the first four months of 2022 compared to the same period in 2021. According to Indusface, a software security company, over 1 million cyber-attacks of various types occurred across its global healthcare clientele. In India alone, 278,000 attacks were reported.
- According to Google, India experienced 18 million cyberattacks and 2 lakh threats per day in the first quarter of 2022.
Reasons for an increase in healthcare infrastructure cyber-attacks
- Increased reliance on digital systems following Covid: Hackers and criminal syndicates recognised medical institutes’ reliance on digital systems to optimally manage medical functions as well as store and handle large volumes of patient data.
- The health and medical sectors are not classified as critical information infrastructure (CII): While most countries have declared health to be a CI, it is not explicitly stated in India.
- According to the National Critical Information Infrastructure Protection Centre (NCIIPC), critical sectors include power and energy, banking, financial services, and insurance, telecommunications, transportation, government, strategic, and public enterprises.
Cybersecurity safeguards are available in India.
- Information Technology Act, 2000 (Amended in 2008): This is India’s primary law governing cybercrime and digital commerce.
- National Critical Information Infrastructure Protection Centre (NCIIPC): It was established under Section 70A of the Information Technology Act of 2000 to safeguard the nation’s critical information infrastructure.
- CERT-In (Cyber Emergency Response Team): It is the National Cyber Security Nodal Agency and has been in operation since 2004.
- National Cyber Security Policy, 2013: This policy establishes a vision and strategic direction for protecting the nation’s cyberspace.
- Cyber Swachhta Kendra: It assists users in analysing and keeping their systems free of various viruses, bots/malware, Trojans, and other threats.
- Cyber Surakshit Bharat: This initiative was launched in 2018 to raise awareness about cybercrime and build capacity for safety measures among Chief Information Security Officers and frontline IT staff across all government departments.
Steps to take to reduce cyber threats
- Make threat analysis a standard practise: A vulnerability report should be generated, followed by an audit that will highlight any gaps in the organization’s cyber-attack preparedness.
- Timely safety audit: An annual review of the software should also be performed, or as soon as the software is changed/updated, whichever comes first.
- Capacity development: To address the emerging sophisticated nature of threats and attacks, capacity enhancement for the NCIIPC and CERT-In is required in areas such as AI/ML, Blockchain, IoT, Cloud, and Automation.
- Sectoral CERTs must also be established in many areas, including health.
- Use the ‘3-2-1 backup’ strategy: Healthcare organisations must save three copies of each type of data in two different formats, including one offline. This is an industry best practise for ensuring the cyber security of healthcare institutions.
- National cyber security strategy: The strategy will serve as a guiding document for monitoring institutes’ cyber readiness and enhancing capacity on a variety of fronts, including forensics, accurate attribution, and cooperation, among others.
- Increased budgetary allocation: As recommended by the National Cyber Security Strategy, a minimum allocation of 0.25% of the annual budget, which can be increased to 1%, should be set aside for cyber security.
- Declaring strategic enterprise: An organisation such as AIIMS New Delhi could be considered a “strategic and public enterprise” because it serves crores of patients, including the country’s top leadership.
- Crisis Management: To adequately prepare for a crisis, cybersecurity drills that include real-life scenarios with their ramifications can be conducted.
- Safety protocols: A National Gold Standard should be established to ensure that Indian hardware and software companies follow the most stringent safety protocols.
- Cyber Diplomacy: To counter cyber-attacks, key regional blocs such as BIMSTEC and the Shanghai Cooperation Organization (SCO) must ensure cyber security preparedness through programmes, exchanges, and industrial support.
- Raising awareness: The general public needs to be made aware of the value of their personal data and the vulnerabilities it could create if accessed illegally.
- In order to save the critically endangered Great Indian Bustard (GIB), the Supreme Court has proposed launching ‘Project GIB’ along the lines of ‘Project Tiger.’
- Project Tiger was established in 1973 in order to save the big cats.
- The Supreme Court has requested the government’s response to the proposal.
GS Paper 3: Government Policies & Interventions
Explain the significance of India’s Eastern Ghats. Suggest actions that can be taken to protect the region’s biodiversity (250 Words).
The Great Indian Bustard (GIB)
- The Great Indian Bustard (GIB) is the largest of India’s four bustard species.
- The other three are MacQueen’s bustard, lesser florican, and Bengal florican.
- They are terrestrial birds that spend most of their time on the ground with occasional flights to get from one part of their habitat to another. GIBs are considered grassland’s flagship bird species and thus barometers of grassland ecosystem health.
GIB Habitat and status
- The International Union for Conservation of Nature has classified this bird, which is primarily found in Rajasthan and Gujarat, as critically endangered (IUCN).
- According to the IUCN’s 2021 report, they are on the verge of extinction, with only 50 to 249 remaining.
- GIBs’ historic range included much of the Indian subcontinent, but it has now shrunk to only 10% of it.
- GIBs prefer grasslands as their habitat, being among the heaviest birds with flight.
- The Wildlife Institute of India (WII) scientists have identified overhead power transmission lines as the greatest threat to GIBs.
- According to WII research, 18 GIBs die in Rajasthan each year after colliding with overhead powerlines.
- Because of their poor frontal vision, these birds cannot detect powerlines in time, and their weight makes in-flight quick manoeuvres difficult.
- Over the last two decades, Kutch and the Thar desert have seen the construction of massive renewable energy infrastructure, which has resulted in the installation of windmills and the construction of power lines even in core GIB areas.
- The Central Government launched the GIB species recovery programme in 2015.
- The WII and the Rajasthan Forest Department have collaborated to establish conservation breeding centres where GIB eggs harvested from the wild are artificially incubated and hatchlings raised in a controlled environment.
- The plan is to establish a population that can serve as insurance against extinction and then release the third generation of these captive-bred birds into the wild.
Intervention of the Supreme Court
- In April 2021, the Supreme Court ordered that all overhead power transmission lines in core and potential GIB habitats in Rajasthan and Gujarat be undergrounded.
- The Supreme Court also formed a three-member committee, including Devesh Gadhvi, an IUCN bustard specialist group member, to assist power companies in complying with the order.
- In November 2022, the court requested reports from the chief secretaries of the two states on the installation of bird diverters in priority areas within six weeks.
- It also asked them to estimate the length of transmission lines that would need to be buried.
- On April 1, 1973, the Government of India launched “Project Tiger” to promote tiger conservation.
- The Ministry of Environment and Forests’ Project Tiger Directorate was tasked with providing technical guidance and funding assistance.
- National Tiger Conservation Authority (NTCA) o Project Tiger was made a statutory authority (NTCA) by inserting enabling provisions into the Wild Life (Protection) Act of 1972 via an amendment, namely the Wild Life (Protection) Amendment Act of 2006.
- The NTCA addresses both ecological and administrative concerns in the conservation of tigers.
- It establishes a legal framework for the protection of tiger reserves, as well as strengthened institutional mechanisms for the protection of ecologically sensitive areas and endangered species.