A string of high-profile cyberattacks in recent months has exposed vulnerabilities in the critical infrastructure of even advanced nations. This has reinforced the need for improved defences against actual, and potential, cyberattacks by all countries across continents.
GS-III: Internal Security Challenges (Basics of Cyber Security; Role of media and social-networking sites in internal security challenges; Internal security challenges through communication networks)
To what extent does the increasing sophistication in cyber-attacks affect the importance of Cyber Security? Discuss by throwing light on how cybersecurity is handled by other countries and India. (15 marks)
Dimensions of the Article:
- What is Cyber Attack and Cyber Security?
- Cybercrime at the international stage
- International legislative responses and cooperation regarding cybercrime
- Recently in news: America under attack
- Targeting critical civilian targets
- Increasing sophistication of the cybercriminals
- Challenges of Cyber Security in India
- Measures taken by the government to improve the Cyber Security
What is Cyber Attack and Cyber Security?
- A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
- Cybersecurity means securing the cyberspace from attack, damage, misuse and economic espionage. Cyberspace is a global domain within the information environment consisting of interdependent IT infrastructure such as Internet, Telecom networks, computer systems etc.
Cyberwarfare and cyberterrorism
- Cyberwarfare utilizes techniques of defending and attacking information and computer networks that inhabit cyberspace, often through a prolonged cyber campaign or series of related campaigns. It denies an opponent’s ability to do the same, while employing technological instruments of war to attack an opponent’s critical computer systems. Cyberterrorism, on the other hand, is “the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population”. That means the end result of both cyberwarfare and cyberterrorism is the same, to damage critical infrastructures and computer systems linked together within the confines of cyberspace.
Recently in news: America under attack
- Several high-profile cyberattacks were reported from the United States during the past several months.
- The end of 2020 witnessed the ‘SolarWinds’ cyberattack involving data breaches across critical wings of the U.S. government like defence, energy and state.
- Early 2021 witnessed a cyberattack by a Chinese group called Hafnium. Thousands of U.S. organizations were hacked and remote control was gained over the affected systems.
- Then there was the ransomware attack on Colonial Pipeline (which is the main supplier of oil to the U.S. East Coast) by Russia/East Europe-based cybercriminals, styled DarkSide. Colonial Pipeline had to pay out several million dollars as ransom to unlock its computers and release its files.
Targeting critical civilian targets
- Unlike the traditional approach to cyber warfare, cyber attacks are now being employed against civilian targets of critical importance. The fact that most nations have been concentrating mainly on cyber defences to protect military and strategic targets has left civilian targets vulnerable to attacks.
- Unlike previously where the banking and financial services were most prone to ransomware attacks, recently even oil, electricity grids, and health care are being increasingly targeted.
- Defending critical civilian targets against cyberattacks is almost certain to stretch the capability and resources of governments across the globe.
Increasing sophistication of the cybercriminals
- The technical competence of cybercriminals has only increased. They have been employing advanced methods like ‘penetration testers’ to probe high secure networks.
- Zero day software vulnerabilities are being increasingly used for cyber attacks such as ransomware, phishing and spear phishing.
- Cybercriminals are becoming more sophisticated in their modus operandi. They first steal sensitive data in targeted computers before launching a ransomware attack thus resulting in a kind of ‘double jeopardy’ for the targeted victim.
- A zero-day is a computer-software vulnerability unknown to those who should be interested in its mitigation. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.
- Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
- Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers or to deploy malicious software on the victim’s infrastructure like ransomware. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
- Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
Cybercrime at the international stage
- There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks.
- Cybercrime is “international” or “transnational” – there are ‘no cyber-borders between countries’.
- International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced.
- Cybercrime is a growing concern to countries at all levels of developments and affects both, buyers and sellers.
- While 154 countries (79 per cent) have enacted cybercrime legislation, the pattern varies by region: Europe has the highest adoption rate (93 per cent) and Asia and the Pacific the lowest (55 per cent).
- The evolving cybercrime landscape and resulting skills gaps are a significant challenge for law enforcement agencies and prosecutors, especially for cross-border enforcement.
- Various organizations and governments have already made joint efforts in establishing global standards of legislation and law enforcement both on a regional and on an international scale.
- China–United States cooperation is one of the most striking progress recently, because they are the top two source countries of cybercrime.
International legislative responses and cooperation regarding cybercrime
International Telecommunication Union (ITU)
- The International Telecommunication Union (ITU), as a specialized agency within the United Nations, plays a leading role in the standardization and development of telecommunications and cybersecurity issues. The ITU was the lead agency of the World Summit on the Information Society (WSIS).
- In 2003, Geneva Declaration of Principles and the Geneva Plan of Action were released, which highlights the importance of measures in the fight against cybercrime.
- In 2005, the Tunis Commitment and the Tunis Agenda were adopted for the Information Society.
- Group of Eight (G8) is made up of the heads of eight industrialized countries: the U.S., the United Kingdom, Russia, France, Italy, Japan, Germany, and Canada.
- In 1997, G8 released a Ministers’ Communiqué that includes an action plan and principles to combat cybercrime and protect data and systems from unauthorized impairment. G8 also mandates that all law enforcement personnel must be trained and equipped to address cybercrime, and designates all member countries to have a point of contact on 24 hours a day / 7 days a week basis.
- In 1990 the UN General Assembly adopted a resolution dealing with computer crime legislation. In 2000 the UN GA adopted a resolution on combating the criminal misuse of information technology. In 2002 the UN GA adopted a second resolution on the criminal misuse of information technology.
Council of Europe
- Council of Europe is an international organisation focusing on the development of human rights and democracy in its 47 European member states.
- In 2001, the Convention on Cybercrime, the first international convention aimed at Internet criminal behaviors, was co-drafted by the Council of Europe with the addition of USA, Canada, and Japan and signed by its 46 member states. But only 25 countries ratified later.
- It aims at providing the basis of an effective legal framework for fighting cybercrime, through harmonization of cybercriminal offenses qualification, provision for laws empowering law enforcement and enabling international cooperation.
Challenges of Cyber Security in India
- Data colonization: India is net exporter of information however data servers of majority of digital service providers are located outside India. Also, data is being misused for influencing electoral outcomes, spread of radicalism etc.
- Digital Illiteracy: Widespread Digital illiteracy makes Indian citizens highly susceptible to cyber fraud, cyber theft, etc.
- Substandard devices: In India, majority of devices used to access internet have inadequate security infrastructure making them susceptible to malwares such as recently detected ‘Saposhi’. Also, rampant use of unlicensed software and underpaid licenses make them vulnerable as well.
- Lack of adoption of new technology: For example – The Banking infrastructure is not robust to cop-up with rising digital crime as 75% of total Credit and Debit card are based on magnetic strip which are easy to be cloned.
- Lack of uniform standards: There are variety of devices used with non-uniform standards which makes it difficult to provide for a uniform security protocol.
- Import dependence: Import dependence for majority of electronic devices from cell phones to equipment’s used in power sector, defence, banking, communication and other critical infrastructure put India into a vulnerable situation.
- Lack of adequate infrastructure and trained staff: There are currently around 30,000 cyber security vacancies in India but demand far outstrips supply of people with required skills.
- Under-reporting: majority of cases of cybercrime remains unreported because of lack of awareness.
- Unsynchronised Agencies: Lack of coordination among various agencies working for cyber security. Private sector, despite being a major stakeholder in the cyberspace, has not been involved proactively for the security of the same.
- Anonymity: Even advanced precision threats carried out by hackers is difficult to attribute to specific actors, state or nonstate.
Measures taken by the government to improve the Cyber Security
- National Critical Information Infrastructure Protection Centre (NCIIPC) to battle cyber security threats in strategic areas such as air control, nuclear and space. It will function under the National Technical Research Organisation, a technical intelligence gathering agency controlled directly by the National Security Adviser in PMO.
- National cyber coordination centre (NCCC) to scan internet traffic coming into the country and provide real time situational awareness and alert various security agencies.
- A new Cyber and Information Security (CIS) Division has been created to tackle internet crimes such as cyber threats, child pornography and online stalking.
- Cyber Surakshit Bharat Initiative to strengthen Cybersecurity ecosystem in India. It is first public private partnership of its kind and will leverage the expertise of the IT industry in cybersecurity.
- Information Technology Act, 2000 (amended in 2008) to provide a legal framework for transactions carried out by means of electronic data interchange, for data access for cybersecurity etc.
-Source: The Hindu