Cybersecurity or information technology security is the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation. Exploitation could be in the form of data theft, violation of privacy or in any other form that affects the normal functioning of hardware or software of the service.
After land, water, air, and space, cyberspace is said to be the fifth domain of security. The crimes related to the cyber world can be multi-layered, multi-location, multi-lingual, multi-cultural and multi-legal. Hence it is difficult to track, investigate and find the criminal which on the other hand gives an advantage to the criminals of being anonymous.
• India witnessed more than 27,000 cybersecurity threat incidents in the first half of 2017. Example: Wannacry Ransomware
• The number of cyber crime cases registered under IT Act 2000 in India has risen by 300 percent in the period from 2011 to 2014, according to a joint study by PwC and Assocham.
• The study also revealed that in the past, the attacks have been mostly initiated by countries like the US, Turkey, China, Brazil, Pakistan, Algeria, Turkey, Europe, and the UAE.
• Internet user base of India is said to be around 450million
• Growing number of internet and Smartphone users has increased the vulnerability for cybercrimes.
• The threats could also be to critical infrastructure systems like nuclear plants, railways, hospitals, as they use outdated technologies and weaker protocols.
• The governments at the Centre and states are the main targets of cyber-attacks, driven by motives ranging from theft, espionage and data extraction to counterfeiting.
• In 2015 and 2016, the government sector accounted for 27% and 29% of all cyber-attacks.
• Major victims of cyber crimes are women. This affects their safety, dignity, and empowerment.
Cybersecurity Architecture in India
• India enacted Information Technology Act in 2000 and it has been amended in 2008 to include electronic transactions, digital signatures, cyber-crimes, cybersecurity and data protection.
• CERT-In (Cyber Emergency Response Team – India) established in 2004 is the national nodal agency for responding to cybersecurity incidents as and when they occur.
• Since Nov 2012, DG of CERT-In is called the National Cyber Security Coordinator (NCSC)
• There has been a proposal to establish sectoral CERTs in all the government departments.
• National Technical Research Organisation (NTRO) has been established in 2004. IT is a technical intelligence agency under the National Security Adviser in the Prime Minister’s Office, India. It has also been the responsibility of protecting critical infrastructure institutions and developing offensive capabilities.
• National Cyber Security Policy 2013: Aims at protecting the public and private infrastructure from cyber attacks and build a secure and resilient cyberspace for citizens, business, and government and also to protect anyone from intervening into privacy.
• National Cyber Coordination Centre (NCCC): Has been made operational recently, August 2017. It is a cybersecurity and e-surveillance agency implemented by CERT-In. It is intended to screen communication metadata and coordinate the intelligence gathering activities of other agencies.
• National Critical Information Infrastructure Protection Centre (NCIIPC) mandated the need for a special agency that would look at designated Critical Information Infrastructure (CIIs) like defence, banking, and finance, power, transport, space and evolve practices, policies, and procedures to protect them from a cyber-attack.
• A Crisis Management Plan (CMP) has been prepared for countering cyber-attacks and cyber terrorism for preventing the large-scale disruption in the functioning of critical information systems of the Government, public and private sector resources and services.
At International Level:
• Ground Zero Summit: India organized the summit in 2015 with the theme” Digital India – Securing Digital India”. It is the largest collaborative platform in Asia for Cybersecurity experts and researchers to address emerging cyber security challenges and demonstrate cutting-edge technologies.
• India is an active participant in discussions around the Tallinn Manual, which is a set of non-governmental guidelines for engagement during a war.
Challenges in Cybersecurity for India
• Lack of coordination among different agencies of the government.
• Government agencies are severely overburdened and understaffed.
• Many government websites have been hacked several times.
• National Information Centre which hosts government’s mail servers has been compromised several times in the past.
• Government is promoting Digital India through e-governance, e-Kranti, broadband highways, etc. With initiatives like demonetization, internet and Smartphone user base is only set to grow. Banks and other financial institutions are also promoting mobile banking and net banking. These increase the vulnerability to cybercrimes like data theft, espionage, etc.
• Frequent attacks erode the trust of customers on digital platforms and could hamper India’s dreams of becoming cash-less economy.
• New age companies like start-ups mainly work on the online platform. Hackers are exploiting this opportunity for attacks like Distributed Denial of Service.
• Poor investments in Cybersecurity by private companies.
• Private companies and banks do not report about the attack to the government organizations.
• Lack of awareness among the common people about Cybersecurity. Hence they fall prey to the attempts the hackers.
• Growth in online radicalization is another area of concern. Cyberspace has no physical boundaries for extremists and terrorists, unlike the traditional warfare. Cyber Terrorism is as big a threat as Cybercrimes.
• India is not a signatory to the Budapest Convention, which is the only international convention in the field of cybersecurity.
• There is a need for coordination among national and international agencies working on cybersecurity.
• India could thus learn from the best practices of other countries and streamline the processes and protocols.
• The Government has made it mandatory for organizations to report in case of an attack. Organisations should also be pro-active in doing keeping in interest the larger good of the society instead of worrying about their reputation and brand value.
• There is an urgent need to build a Digital Armed Force of trained IT professionals to carry on both defensive and offensive operations.
• The proposed project NETRA for internet surveillance should be taken up. Concerns about privacy and freedom of expression have to be taken care of.
• National Cyber Security Policy should be amended according to the changing times and need.
• State Governments should also be taken up operations for Cybersecurity. Example SHE Team of Telangana Government has been successful in protecting women from online harassment and cybercrimes. Similar initiatives could be taken up by other states as well.
• Cybersecurity Help Desks need to be set up to provide guidance and support to first level users.
• Indian Cyber Crime Coordination Centre” (I-4C) which will help in monitoring and capacity building of the cyber crimes needs to be established. This will also help the Law Enforcement Agencies in curtailing the crimes.
With growing adaptation to technology, cyber attacks, cyber crimes and cyber terrorism are growing at a faster pace. India needs to be proactive and diligent in handling these attacks. Steps should be taken to protect public, private organizations and individuals. A holistic approach is needed to the address the issue, with no loose ends left. Cybersecurity is also key to success in initiatives like Make in India, Digital India, Smart cities program.