Cyber Security: Cyber Security in India | Challenges to Internal Security | types of cyber threats | National Cyber Security Policy

The term, ‘Cyber’ is used in relation to the culture of computers, information technology, and virtual reality. Cyber Security is the protection of those that are dependent on internet connection and are thus vulnerable to threats that are operating within the cyberspace. The threats to cyberspace are ever-evolving, making it challenging to secure the devices and enact laws to punish and prevent those who are involved in cyber-related illicit activities. 

Cyberwarfare is becoming a new domain of warfare among nations. This warfare is different from others as even non-state players like terrorists and organized criminal groups are involved in it on a daily basis. With increased digital transactions in India, post demonetization, it is essential for the government of India to take measures to safeguard Indian citizens from crimes related to Cyber Space.

Cyber Security:

> Cyber Security is protecting cyberspace including critical information infrastructure from attack, damage, misuse, and economic espionage.

> Cyber Space: A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

> Critical Information Infrastructure: According to Section 70(1) of the Information Technology Act, CII is defined as a “computer resource, the incapacitation or destruction of which, shall have a debilitating impact on national security, economy, public health or safety”.

> Cyber Attack: It is a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization.

Cyber-threats means the malicious use of ICT as a target or as a tool by malevolent actors. It involves three things

> A set of activities, intended to protect computers, computer networks, related hardware, and devices software, and the information they contain and communicate, including software and data, as well as other elements of cyberspace, from all threats, including threats to national security.

> The protection intended in the application of these activities and measures;

> The associated field of research and analysis, aimed at implementing those activities and improving their quality.

=> The source of Cyberthreat arises from the following: 

> Nation states 

> Hackers/ Hacktivists 

> Terrorists, drug trafficking organizations, etc. 

> Criminal Organizations 

> Private organizations

=> Reasons may include: 

> Use of financial information that was stolen for personal gains- 73% of the cases show that it occurred due to financial motivation. 

> Stealing personal information of users to promote the organization’s growth. 

> Selling of personal data of the users. 

> Stealing of national secrets and security vulnerabilities. 21% of the breaches were related to espionage. 

> To recruit or create propaganda.

Motives behind Cyber Attacks

> To seek commercial gain by hacking banks and financial institutions.

> To attack critical assets of a nation.

> To penetrate into both corporate and military data servers to obtain plans and intelligence.

> To hack sites to virally communicate a message for some specific campaign related to politics and society.

Cyber Threats:

Cyber threats can be disaggregated, based on the culprits and their motives, into following-

> Cyberespionage: Intelligence gathering and data theft. Examples of this were Titan Rain and Moonlight Maze.

> Cyberwarfare: It involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks.

> Cyber terrorism: It is a premeditated(सोचा-समझा), politically motivated attack against information, computer systems, computer programs, and data which result in violence.

> Cybercrime: It is any criminal activity that involves a computer, networked device, or a network.

Types of Cyber Attacks:

=> Malware, short for malicious software refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spyware, Worms, viruses, and Trojans are all varieties of malware.

=> Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites.

=> Denial of Service attacks: A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash.

=> Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.

=> SQL Injection:

>> SQL stands for Structured Query Language, a programming language used to communicate with databases.

>> Many of the servers that store critical data for websites and services use SQL to manage the data in their databases.

>> A SQL injection attack specifically targets such kinds of servers, using malicious code to get the server to divulge information it normally wouldn’t.

=> Cross-Site Scripting (XSS):

>> Similar to an SQL injection attack, this attack also involves injecting malicious code into a website, but in this case, the website itself is not being attacked.

>> Instead the malicious code the attacker has injected, only runs in the user's browser when they visit the attacked website, and it goes after the visitor directly, not the website.

=> Social engineering is an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.

Who are the victims of cyber-attack?

Some of the victims of Cyber-attacks are as follows: 

> Financial Organisations 

> Health sector 

> Government organizations 

> Individual internet users

Components of Cyber Security:

> Application Security: It encompasses measures or countermeasures that are taken during an application’s development process to protect it from threats that can come through flaws in the app design, development, deployment, upgrade, or maintenance.

> Information security: It is related to the protection of information from unauthorized access to avoid identity theft and to protect privacy.

> Network Security: It includes activities to protect the usability, reliability, integrity, and safety of the network.

> Disaster Recovery Planning: It is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of an attack.

Need for Cyber Security:

> For Individuals: Photos, videos, and other personal information shared by an individual on social networking sites can be inappropriately used by others, leading to serious and even life-threatening incidents.

> For Business Organizations: Companies have a lot of data and information on their systems. A cyber attack may lead to loss of competitive information (such as patents or original work), loss of employees/customers’ private data resulting in complete loss of public trust on the integrity of the organization.

> For Government: A local, state or central government maintains a huge amount of confidential data related to country (geographical, military-strategic assets, etc.) and citizens. Unauthorized access to the data can lead to serious threats to a country.

International Mechanisms:

> The International Telecommunication Union (ITU) is a specialized agency within the United Nations which plays a leading role in the standardization and development of telecommunications and cybersecurity issues.

> Budapest Convention on Cybercrime: It is an international treaty that seeks to address Internet and computer crime (cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It came into force on 1 July 2004.

> Internet Governance Forum (IGF): It brings together all stakeholders i.e. government, private sector, and civil society on the Internet governance debate. It was first convened in October–November 2006.

> Internet Corporation for Assigned Names and Numbers (ICANN): It is a non-profit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the network's stable and secure operation. It has its headquarters in Los Angeles, USA.

Laws related to Cyber Security in India:

=> Information Technology Act, 2000

>> The act regulates the use of computers, computer systems, computer networks, and also data and information in electronic format.

>> The act lists down among other things, following as offenses:

> Tampering with computer source documents.

> Hacking with the computer system.

> Act of cyber terrorism i.e. accessing a protected system with the intention of threatening the unity, integrity, sovereignty, or security of the country.

> Cheating using computer resources etc.

Issues and Challenges:

> Hardware Cyber Security Concerns: Most equipment and technology for setting up Cyber Security infrastructure in India are currently procured from global sources. These systems are vulnerable to cyber threats just like any other connected system.

> Skill gaps: Globally, India ranks second in terms of the number of Internet users after China (Internet World Stats, 2017). However, India has a negligible base of cybersecurity specialists, when compared to the internet user base.

> Lack of robust Legal and law enforcement mechanisms: India’s approach to cybersecurity has so far been ad hoc and unsystematic. Despite a number of agencies, policies, and initiatives, their implementation has been far from satisfactory.

> Lack of Coordination between stakeholders: Due to the existence of too many agencies with overlapping functions in the field of cybersecurity, coordination between these agencies is poor

> Lack of awareness: There is a lack of awareness about cybersecurity threats and preventive measures at both the organizational level as well as individual level.

> Increased use of mobile technology and the internet by people.

> Proliferation of Internet of Things (IoT) and lack of proper security infrastructure in some devices.

> Cyberspace has inherent vulnerabilities that cannot be removed.

> Internet technology makes it relatively easy to misdirect attribution to other parties.

> It is generally seen that attack technology outpaces defense technology.

> Lack of Cybersecurity specialists.

> Increased use of cyberspace by terrorists.

Institutions & Steps taken by Government:

=> Cyber Surakshit Bharat Initiative: It was launched in 2018 with an aim to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.

=> National Cybersecurity Coordination Centre (NCCC): In 2017, the NCCC was developed. Its mandate is to scan internet traffic and communication metadata coming into the country to detect real-time cyber threats.

=> The CERT-In (Cyber Emergency Response Team – India)

> CERT-In is operational since 2004. It is the national nodal agency for responding to computer security incidents as and when they occur.

> Since Nov 2012, DG of CERT-In is called the National Cyber Security Coordinator (NCSC)

=> National Technical Research Organization

> Set up in 2004, it is a technical intelligence agency under the National Security Adviser in the Prime Minister’s Office, India.

> It also includes the National Institute of Cryptology Research and Development (NICRD).

=> Indian Cyber Crime Coordination Centre (I4C): The Union Government has decided to set up 14C. It will be an apex coordination center to deal with cybercrimes based in New Delhi. It will coordinate with State governments/UTs and closely monitor cyberspace and social media with due emphasis on vernacular content.

=> Cyber Forensic Laboratory: The Cyber Forensic Laboratory and Digital Imaging Centre functioning under CFSL assist enforcement agencies in the collection and forensic analysis of electronic evidence.

=> National Critical Information Infrastructure Protection Centre (NCIIPC):

> It is an organization of the Government of India created under Sec 70A of the Information Technology Act, 2000.

> The NCIIPC under NTRO released the “Guidelines for Securing the National Critical Information Infrastructures” (NCII) of the country. It has identified critical information infrastructures like power and energy, transportation, banking/finance, and insurance, telecommunication, defense, space, public health, e-governance, etc.

=> Cyber Swachhta Kendra: In 2017, this platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.

=> Training of 1.14 Lakh persons through 52 institutions under the Information Security Education and Awareness Project (ISEA) - a project to raise awareness and to provide research, education, and training in the field of Information Security.

=> International cooperation: Looking forward to becoming a secure cyber ecosystem, India has joined hands with several developed countries like the United States, Singapore, Japan, etc. These agreements will help India to challenge even more sophisticated cyber threats.

What are the latest cyber-attacks in India? 

> In July 2016, $171 million dollars were swindled from Union Bank of India through a phishing emails. 

> In May 2017, the infamous Wannacryransomware affected numerous systems in India. These systems were locked down and the cybercriminals were demanding ransom from the owners. The victims of this cyber-attack include Andhra Pradesh Police and West Bengal’s state utilities. 

> In May 2017, Zomato suffered due to the theft of its user data including email ID and passwords. 

> In June 2017, Petyaransomware had halted the functioning of one of the terminals of India’s largest container port, Jawaharlal Nehru Port. 

> In 2018, ransomware attacks were down by 49% but, there was a 53% rise in malware attacks.

Way Forward:

> Human resource: Immediate attention has to be given to human resource development which would increase the number of experts who can effectively manage the cybersecurity of the country.

> R&D: Investments should be made on R&D to develop more innovative technologies to address increasing cybersecurity threats.

> Policy and Governance: It is important to bring a robust policy and effectively implement the same. Further, duties and responsibilities should be defined clearly for smooth functioning and better coordination among departments and stakeholders

> Awareness: A periodic awareness campaign by the government and big private organizations should be conducted to aware people of cybersecurity threats.