Cyberattacks are rising, but there is an ideal patch | 25th February 2023 | UPSC Daily Editorial Analysis

February, 2023 UPSC
Please Share with maximum friends to support the Initiative.





What's the article about?

  • It talks about the rising threat of cyber security to India and the world and ways to address it.

Relevance:

  • GS3: Basics of Cyber Security;
  • Essay
  • Prelims

Context:

  • Cyberattacks are on the rise in India and around the world.
  • For example, ransomware attacks on the servers of the All India Institute of Medical Sciences and the Solar Industries Limited company, which manufactures ammunition and explosives for the Ministry of Defence.
  • Due to this attack on AIMS, nearly 40 million health records were compromised and it took over two weeks for the systems to be brought online.

What are cyber attacks?

  • Cyberattacks are unwelcome attempts to steal, expose, alter, disable or destroy information through unauthorized access to computer systems.
  • Typically, such forms of attacks to keep networks from functioning after encrypting data, are carried out by ransomware-seeking entities and organisations are sent demands which are often negotiated and paid without informing law enforcement.
  • Important types of cyber attacks are as follows:
    • Ransomware: This type of malware hijacks computer data and then demands payment, usually in bitcoins, in order to restore it.
    • Trojan Horses: A Trojan horse attack uses a malicious program that is hidden inside a seemingly legitimate one.
    • Clickjacking: Act of tempting internet users to click links containing malicious software or unknowingly share private information on social media sites.
    • Denial of Service (DOS) Attack: The deliberate act of overloading a particular service like website from multiple computers and routes with the aim of disrupting that service.
    • Zero Day Vulnerability: A zero-day vulnerability is a flaw in the machine/network’s operating system or application software which has not been fixed by the developer and can be exploited by a hacker who is aware of it.

Why cyber attacks are rising in India?

  • Increasing dependency on technology: As we grow faster, more and more systems are being shifted to virtual space to promote access and ease of use.
  • Lack of robust law enforcement mechanisms: India’s approach to cyber security has so far been ad hoc and unsystematic.
  • Lack of International Coordination: International cooperation and consensus is missing in this field.
  • Adverse relations with China: China is considered one of the world leaders in information technology. Therefore, it is expected to have capabilities to disable or partially interrupt the information technology services in another country.

What are the major initiatives of the government to deal with cybercrime?

  • Indian Computer Emergency Response Team (CERT-In): It is an organisation of the Ministry of Electronics and Information Technology with the objective of securing Indian cyberspace.
  • Indian Cyber Crime Coordination Centre (I4C): The Home Ministry launched this I4C Indian Cyber Crime Coordination Centre program to combat cybercrime in the country, through a coordinated and efficient method.
  • Information Technology Act, 2000: IT Act of 2000 came into effect in India on 09 June 2000. IT Act states in its preamble that the purpose of the legislation is to provide legal recognition to electronic transactions.
  • National Critical Information Infrastructure Protection Centre: NCIIPC is a central government establishment, formed to protect critical information of our country, which has an enormous impact on national security, economic growth, or public healthcare.
  • Cyber Surakshit Bharat Initiative: It is an initiative from the Ministry of Electronics and Information Technology (MeitY) that aims at creating a robust cybersecurity ecosystem in India. This program was in association with the National e-Governance Division (NeGD).

Analysis:

  • Ransomwares has emerged as the most predominant of malicious cyberattacks in recent times.
  • In 2020, approximately 82% of Indian companies suffered ransomware attacks.
  • Data show that over 75% of Indian organisations have faced such attacks, with each breach costing an average of ₹35 crore of damage.
  • There are other malwares that could infect all kinds of computer systems.
  • With the lines between the physical and digital realms blurring rapidly, every critical infrastructure, from transportation, power and banking systems, would become extremely vulnerable to the assaults from hostile state and non-state actors.
  • The ongoing Russia-Ukraine war has shown that cyber threats capable of undermining our critical infrastructure, industry and security, a comprehensive cyber security policy is the need of the hour.

What initiatives are being taken by India to deal with cyber crimes?

  • In 2022, the Indian Computer Emergency Response Team (CERT-In) introduced a set of guidelines for organisations to comply with when connected to the digital realm.
    • This included the mandatory obligation to report cyber attack incidents within hours of identifying them, and designating a pointsperson with domain knowledge to interact with CERT-In.
  • India’s draft Digital Personal Protection Bill 2022 proposes a penalty of up to ₹500 crore for data breaches.
  • Recently, India’s armed forces created a Defence Cyber Agency (DCyA), capable of offensive and defensive manoeuvres. All Indian States have their own cyber command and control centres.

What are the shortcomings of India's cyber security framework?

  • Most organisations in India lack the tools to identify cyberattacks, let alone prevent them.
  • India also faces an acute scarcity of cybersecurity professionals.
    • India is projected to have a total workforce of around 3,00,000 people in this sector in contrast to the 1.2 million people in the United States.
  • Most of our organisations are in the private sector, and their participation remains limited in India’s cybersecurity structures.
  • They would be advised to look at the Digital Geneva Convention, where over 30 global companies have signed a declaration to protect users and customers from cyber breaches, and collaborate with like-minded intergovernmental and state frameworks.

Digital Geneva Convention:

  • 34 leading global technology firms including Facebook, Microsoft, HP, ARM, Cisco, and Oracle have signed Cybersecurity Tech Accord to work together on cybersecurity issues. 
  • Under it, signatory companies have agreed to collaborate on stronger defence systems, no offensive cyberattacks, and protect against tampering of their products, capacity building and collective action.
  • The participant companies view Tech Accord as Digital Geneva Convention.
  • Four Principles of Cybersecurity Tech Accord:
    • Protect users and customers everywhere
    • Oppose cyberattacks on innocent citizens and enterprises
    • Empower users, customers and developers to strengthen cybersecurity
    • Partner with each other and like-minded groups to enhance cybersecurity

Cyber attacks – a global threat:

  • With most cyberattacks originating from beyond our borders, international cooperation would be critical to keep our digital space secure.
  • This year, cybercrimes are expected to cause damage worth an estimated $8 trillion worldwide.
  • India has already signed cybersecurity treaties, where the countries include the United States, Russia, the United Kingdom, South Korea and the European Union.
  • Even in multinational frameworks such as the Quad and the I2U2 (which India is a member of) there are efforts to enhance cooperation in cyber incident responses, technology collaboration, capacity building, and in the improvement of cyber resilience.
    • Yet, there is no truly global framework, with many operating in silos.
  • Previous years have seen the United Nations General Assembly establish two processes on the issues of security in the information and communication technologies (ICT) environment.
    • One is the Open-ended Working Group (OEWG), comprising the entire UN membership, established through a resolution by Russia.
    • The other is the resolution by the U.S., on the continuation of the Group of Governmental Experts (GGE), comprising 25 countries from all the major regions.

Way Forward:

  • With the introduction of 5G and the arrival of quantum computing, the potency of malicious software, and avenues for digital security breaches would only increase.
    • India’s cybersecurity strategy would do well not to overlook these actualities and trends.
  • The G-20 summit this year in India is a rare opportunity to bring together domestic and international engagement groups across the spectrum, and steer the direction of these consultations.
    • India could make an effort to conceptualise a global framework of common minimum acceptance for cybersecurity.
    • This would be one of the most significant contributions made by any nation towards collective security in modern times.



Please Share with maximum friends to support the Initiative.

You might also be interested in:

Download the Samajho App

Join 5 lakh+ students in downloading PDF Notes for 2000+ Topics relevant for UPSC Civil Services Exam. &nbsp Samajho Android App: https://bit.ly/3H9hva1 Samajho iOS App: https://apple.co/3H8ZJE2 &nbsp Samajho IAS Youtube Channel (300K+ Subscribers): https://www.youtube.com/@SamajhoIAS