Today, we are living in an era of technological advancement. The Internet has become the necessity of common man these days, just like food, cloth, and shelter. Today 3.2 billion people in the world use the internet, among which 1/6th are Indians. With over 460 million internet users, India is the second largest online market, ranked only behind China.
The online world is also termed as ‘Cyberspace’. As per the definition of National Cyber Security Policy, “Cyberspace is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology (ICT) devices and networks.”
The cyberspace today is a common pool used by citizens, businesses, critical information infrastructure, military, and governments. From online shopping, cash transaction to defense purposes in the country, the internet is used everywhere. Some of this information is very sensitive and if go to the wrong hands, it may prove harmful to the individual and in some cases, to the nation. Here the need arises for the protection of the information, and hence cybersecurity is needed to be explored, guided and regulated.
Some of the examples of cyber threats to individuals, businesses, and government are identity theft, phishing, social engineering, hacktivism, cyber terrorism, compound threats targeting mobile devices and smartphone, compromised digital certificates, advanced persistent threats, denial of service, botnets, supply chain attacks, data leakage, etc.
In the last five years, there has been a drastic increase in the number of internet users in India, and this increment is projected exponentially. (insert graph) Hence we have focused on the cyber threats and measures taken in the last 5 years, and hence the topic.
Evolution of global Cyber Security:
The cyber landscape is being more complicated day by day. The three main evolutionary phases in the history of Cyber Security are as follows:
- VIRUS Protection: In the first stage, cybersecurity concepts were largely focused on protecting individual computers from Vital Information Resources Under Siege (VIRUS) attacks. This largely took the form of simple Anti-VIRUS software which could be purchased and installed in individual computer systems. VIRUS protection focussed on ensuring that IT systems and devices performed as expected, upon installation of the anti-VIRUS software.
- IT and Network Security: In the next phase of evolution came to the concept of IT and Network Security. This phase was the direct consequence of the realization that attacks to individual computers can affect the whole networks to which they are connected to. IT and Network Security focuses on the protection of the devices and the information assets passing through the network, by installing firewalls and network security software.
- Cyber Security: In this phase, where we are currently, Cyber Security and information assistance have taken on more comprehensive systems, data, and mission assistance role. The threats have become far more complex, which necessitates far more complicated responses as well.
Status of India in Cyber Security
The Indian digital landscape has seen an unbelievable amount of transformation in a short duration of time, having grown substantially over a relatively shorter period. Among other things, India is currently rolling out the world’s largest ICT program called ‘Digital India’, which is focused on efficient service delivery, governance, improving access from education to health, as well as moving India towards digital currency, to open up India to the digital age. This obviously creates vulnerabilities that state and non-state actors could potentially exploit for their selfish gains. The increasing number of cyber attacks are the results of this increased vulnerability.
Although India is among the top five countries in the number of internet users, it is also among the top 5 targeted countries in the world for cyber attacks. It is one of the worst countries in terms of malware-infected desktops and mobile phones. Our country ranks 47 in the UN global cybersecurity index 2018 – which measures commitment to cybersecurity of a country. It shows that India is taking the right steps to in the direction of improving cybersecurity in the country.
Recent big incidents in the last five years
Over the last five years, the country has seen a series of cyber crimes; some of them are worth mentioning here:
Steps taken in India to prevent these incidents:
Government has taken a number of legislative, technical and institutional measures for addressing issues related to cybersecurity. These include National Cyber Security policy (2013), enactment of Information Technology (IT) Act, 2000 and setting up of Indian Computer Emergency Response Team (CERT-In). Some specific measures taken by the Government of India to strengthen cybersecurity system in the country are as under:
- National Cyber Security Coordinator (NCSC) under National Security Council Secretariat (NSCS) coordinates with different agencies at the national level for cybersecurity matters.
- Information Technology Act, 2000 was enacted to provide legal recognition for electronic communication, electronic commerce, and cyber crimes, etc. IT Act has deterrent provisions to deal with cyber threats and cyber attacks.
- The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding the latest cyber threats and countermeasures on a regular basis.
- National Critical Information Infrastructure Protection Centre (NCIIPC) has been established for the protection of critical information infrastructure in the country.
- Cybersecurity exercises are being conducted regularly to enable assessment of preparedness of organizations in Government and critical sectors.
- Guidelines have been issued for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications/infrastructure and compliance.
- Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for the detection of malicious programs and provide free tools to remove the same.
- National Cyber Coordination Centre (NCCC) has set up to generate necessary situational awareness of existing and potential cybersecurity threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
- All the new government websites and applications are audited prior to their hosting and on a regular basis after hosting.
- CERT-In conducts regular training programmes for network/system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organizations regarding securing the IT infrastructure and mitigating cyber attacks.
- Under Cyber Crime Prevention for Women and Children (CCPWC) Scheme, Government of India has released grants to States/UTs including Andhra Pradesh for setting up of a Cyber Forensic cum Training Laboratory and organizing capacity building programme on
cyber awareness and cybercrime investigation. Rs. 4.42 Crore has been released to Andhra Pradesh for the purpose. - A Division has been established under the Ministry of Home Affairs to deal with Cyber and Information Security.
- The Indian Computer Emergency Response Team (CERT-In) has entered into Memorandum of Understanding (MoU) with its overseas counterpart agencies/Computer Emergency Response Teams (CERTs) for information exchange and collaboration for cybersecurity incident response.
[source – PIB]
How to improve?
We see that the government has taken many steps to prevent cybercrime and strengthen security. Yet some of the points are needed to be addressed more clearly. First of all, the role of various agencies has to be clearly defined. There should be a clear boundary in their ambit of work. There should be a single nodal agency for cybersecurity and all other agencies should be reporting to them. There are broadly two types of cyber threats. Threats to the state or society writ large (e.g. cyber warfare, cyber espionage, cyber terrorism) come under the scrutiny of National Cyber Security whereas with threats to businesses and individuals (e.g. fraud, identity theft) are called cyber crimes. The agencies should be structured accordingly.
Secondly, the cybersecurity infrastructure should be ‘technology neutral’. That is, a set of functionalities should be defined for Critical Information Infrastructure which should be at par with the global standards. The Operators of Critical Information Infrastructure should be required only to ensure these functionalities. This is what happens in other countries and their cybersecurity agencies. In this way, we shall not lag technologically and will be able to tackle continuously advancing techniques of cyber attacks.
Thirdly, a special curriculum should be developed on school and college level to develop cybersecurity expertise in the country. Separate courses should also be designed to handle different areas of cybersecurity. There are various areas of cyber attacks – so different areas of expertise are needed to address each of them. The courses should be designed accordingly.
What should we do on a personal level to protect our data?
To prevent ourselves from becoming a victim of cyber crimes, we should always be alert and updated. Alert in terms of avoiding sharing personal data online on any unknown platform or to any unknown source, and updated in terms of keeping up – to – date antivirus and anti-malware to protect our devices from any potential cyber attack.
Let’s make all the efforts towards developing a safe world free of cyber attacks.
Kailasha Foundation – Bringing Solutions To You
Follow us on Facebook, Twitter, Instagram, LinkedIn for regular updates.
<<<CLICK HERE TO ASK ANY DOUBTS>>>