How India is combating the cyber terrorism?
Table of Contents
It has been said that by 2020, India will have 730 million internet users, 75% new users from rural areas, 175 million online shoppers and 70% e-commerce transactions will be done via mobiles. It was just 21 years ago that public internet came to India and now India has the third highest number of internet users after China and U.S. With recent Government initiatives to a digital economy, one of them being “Digital India” Campaign that time is not so far when India will become a Digital Society.
The rapid increase of dependency on Digital world highlights the necessity to secure the cyber space of the nation. But India, besides of its huge development in the cyber world, is facing many challenges of cyber security. Lately, wireless, data computing, storage, processing, cloud computing, transmission capabilities are rapidly increasing and making cyber-attacks easy to occur. . We can see many data breaches and cyber-attacks across all the sectors.
According to a report ,India is amongst the top10 spam-sending countries in the world and is ranked among the top 5 countries affected by cyber Crime .The crimes related to the cyber space can be multi-location, multi-legal ,multi-culture,multi-layered and that is why it is very hard to detect the perpetrator. As India is investing heavily in building e-services for the citizens by giving them higher bandwitdhs and inetrgrating digital ecmomy with digital marketplace, there is an urgent need to increase the cyber security in India and to know what are the challenges of cyber security and to plan our prevention strategies.
The aim of this essay is to highlight the cyber
2. Recent Cyber Attacks in India
What drives India towards the cyber security, were the cyber-attacks that continued to escalate year after year in severity, impact and frequency. All the prevention and detections methods were infective against increasingly adept assaults. So, it is equally important to know the cyber-attacks occurred in India to form an effective planning strategy against cybercrime and to be better prepared for the future of cyber security.
2.1 Wanna Cry
Wanna Cry is one of the biggest cyber-attacks in history that swept in the world in May, 2017. This was a Ransom ware attack and the top 5 cities that were affected by the attack are Kolkata, Delhi, Bhubaneswar, Pune and Mumbai. And the top 5 states where maximum Wanna Cry viruses detected were Orissa, West Bengal, Gujarat, Delhi, and Maharashtra.
Nearly 60% enterprises were targeted by the malicious Ransom ware virus Wanna Cry and rest were on individual customers. The computers which were running on older version of Microsoft Operating systems like XP were affected by the virus. The impact of this virus was that the user devices were locked and they were unable to access their data unless some ransom was paid by the customers and perpetrators demanded ransom of $300 in crypto currencies like Bit Coin to unlock the device.
Perpetrators targeted the Government sectors of the nation and the areas that got affected were West Bengal State Electricity Distribution Company limited (WBSEDCL), Government Hospital in Orissa, Police Department in Andhra Pradesh and Maharashtra and over 120-odd computers connected with Gujarat state wide area network (GSWAN) were affected.
Under the top 10 listing of nations, India was additionally included to be targeted by Petya ransom ware attack. Petya was not really a ransom ware cyber-attack but was a wiper instead .Wiper generally means it will wipe out all the data from the computer even the data store on the first sectors of the disk where the operating system information is stored. The aim of this virus was not to make financial gains but to cause massive loss of the data. The attack was on the Jawaharlal Nehru port (JNPT), India’s largest container port along with local manufacturing units of global companies.
2.3 BSNL Malware Attack
The tele-communication network run by the state of Karnataka was largely affected by malware attack.60, 000 modems were affected by this virus where the default username/password combination was “admin-admin”. The customers were not able to connect to the internet and so BSNL issued an advisory notice to all the customers suggesting to change their default router username and passwords.
2.4 Data Breaches
Zomato ,which is India’s restaurant search and discovery service provider were the victim of data breaches in May,2017 .the company reported that type data of the company was breached and the data of 7 million users were being stolen. On the other hand, the user’s leaked information was put on the sale on Dark net market. Zomato tracked down the hacker and took all the data back but the further details about the details have not been disclosed.
Likewise, the most trending network in India the Reliance Jio was also the victim of data breach. After this attack, a website called magicapk.com went live where anyone can check the personal details of jio customers. The website was taken down later when it went viral.
This clearly shows that cyber-attacks incidents are increasing day by day in India. We always keep hearing the cyber breach news like social media accounts of famous personalities are hacked or debit cards breach etc. After demonetization occurred in India, there was an increase in the use of online platforms and therefore with this, there is an increase in the fraudulent misuse of payment networks like data theft. As India progresses, its dependence on the Internet will increase at a rapid pace and along with it India’s vulnerability to the threat of Information War (IW) will become greater. So, there is an emergence of advanced technologies and services including Internet of Things (IOT) and cloud computing to change the threat landscape of India and to get prepared, in advance, for any kind of danger.
3. Cyber Schemes and Policies
Governments, all across the globe, is adapting new policies and contributing in necessary investments to fight the hazardous nature of cybercrimes. These investments and policies authorize the citizen’s privacy rights in the cyber space. Similarly, India, which has its economy secured at INR 152.51 Lakh crore (or USD2.34 Billion) and with its current GDP growth rate being 7.36% is progressing rapidly in its internet economy, where cashless transactions are being done continuously and digital payments have grown by 24.2% by value. Internet is proving a good way to expand its economy and business avenues but it is subject to ever increasing dangers of cybercrimes and citizens of India needs a legal protection to secure thrie transactions and to protect their personal rights.
Indian Government and regulators in sectors such as banking and financial services are taking multiple initiatives to meet the risk challenges of Cyber security.
3.1 Legal Framework for data protection and cyber security
India executed Information Technology (IT) Act in 2000 and it has been amended in 2008 which included cybercrimes, electronic signatures, data protection and cyber security. In 2011, a set of privacy rules were introduced and were further added to the Indian Information Technology Act 2008.
In 2017, India’s Supreme Court conveyed a judgment that privacy is constitutionally protected right. Citizen’s Right of privacy is guaranteed by the Indian constitution through Article 21. Supreme Court of India, in its various judgements, maintained the importance of citizen’s privacy rights and recognized constitutional right to privacy against constitutional government invasions. Through this, India entered into the league of countries that have a legal regime for privacy and cyber security.
3.2 National Cyber Security Policy
The first formalized step of India’s Government towards the cyber security in 2013 was its new policy called National Cyber Security Policy 2013.The aim of this policy was to build a secure and robust cyberspace for all the individuals, Business and the Government. The mission is to secure cyberspace infrastructure and information, to develop the capabilities to plan, prepare, prevent and respond to cyber-attacks and minimize the damages by coordinating with technology, people and institutional structures. In addition, this policy has planned to setup the national Nodal Agency in order to create a secure cyber ecosystem.
3.2.1 Initiatives by Government:
a.) Indian Computer Emergency Response Team (Cert-in)
The most important part of India’s cyber community is Cert-in. It makes sure that the state ensures the cyber space security in the nation by increasing the information infrastructure and security communications. It has signed MOUs with similar organizations in different nations such as Canada, Malaysia, Australia, United Kingdom, Korea, Singapore, Uzbekistan and japan.
b.) National Information Security Assurance Program (NISAP):
This program mandates that Government and critical infrastructures should have a security policy and should create a point of contact and it is compulsory for the Organizations to implement security control and report any security incident to Cert-In.
c.) Crisis management Plan:
To counter cyber-attacks and cyber terrorism India has prepared a crisis management plan to prevent the large scale disruption in the functioning of information systems of public, private and Government resources and services.
d.) “Cyber Swachhta Kendra”:
India’s Cert-in has launched “Cyber Swachhta Kendra” in 2017 to prevent and combat the cyber security violations. This program is bot-net cleaning and malware analysis centre that helps to detect the bot-net infections in India, preventing further infections by communicating, enable cleaning and securing systems of end users.
e.) National Cyber Coordination Centre (NCCC):
Another India’s operating cyber security and e-surveillance agency is NCCC that is set up for cyber-crime investigation training, reviewing the out-dated laws, making the cyber-crime prevention strategies, etc.
f.) National Critical Information Infrastructure Protection Centre (NCIIPC) :
According to the Article 70A(It Act 2008) it is compulsory have a special agency that will take care of designated critical infrastructure and develop practices, procedures and policies to secure them from a cyber-attack. Therefore, NCIIPC was established which comes under the technical intelligence agency called the National Technical research Organization.
g.)Cyber Security Awareness:
Upon the realization of importance of information security, Department of Information Security (DIT) has initiated the Information Security Awareness (ISA) program which relies on the education exchange program the security research in engineering and PhD program, train system administrators /professionals and train government officers.
3.2.2 Private Sector Initiatives:
Digital has become a need of an hour and not even a single Indian business can deny this fact. Many Organizations are still struggling with the complexity that comes with deploying digital initiatives in spite of the intent shown towards the digital vision.The four major components for any Organization are: Employee/Business partner, customer, data and assets. In an enterprise these four components interact through social media, mobile devices, websites, cloud and advanced technologies.
Organisations are spending a lot in developing skill sets I n some of the key areas such as intelligence and analytics, application security, security of data to ensure protection of data across the nation and training and awareness to employees as well as third parties.
4. What should be the areas of focus for India’s cyber security?
In the past few decades, all we knew about the cyber-attack was virus attacks but cyber threats evolved slowly to more sophisticated malwares and advanced denial of service (DOS) attacks. The sectors that are high on the priority list of the criminals are: Government, defence, military, energy, and telecom, along with banking. Some of the key focus areas of organizations across all the sectors are as follows:
Cyber Security Awareness
Many boards of Directors and C-Suite have begun to address cyber security as a serious risk oversight issue that has cross-functional, financial, strategic and legal implications and are following essential steps in providing awareness cyber security awareness among employees.
Securing the technology infrastructure
Hackers will look for the weakest link and exploit industries that have highly sensitive information and lower investment in security solutions. The technology is key enabler for Digital India; therefore, the protection has to be in securing the technical infrastructure.
Stringent on Security of their third party vendors and collaboration partners
Organizations will be expected to put in place stricter compliance regulations on their third party outsource vendors and external collaboration partners. Third parties pose a huge risk because they require access to system and data to conduct their business, yet there is no accountability in handling company’s data.
Adopt Data Centric Approach
Organizations should understand the need to secure data itself, and not just infrastructure and devices .The focus should be on data leakage prevention.
IT Hygiene and monitoring mechanism
Recent ransom ware attacks using Wanna Cry and Petya confirmed cyber as a ‘weapon of Mass Disruption’ with a large number of computers affected across various industry sectors i.e. Finance, health, transport, ports ,worldwide.
At a national level, some of the key initiatives that Government should take in future to further strengthen our cyber security maturity level are as follows:
Security standards, frameworks and audits
India needs to develop and promulgate the cyber security standards and frameworks for development and audit processes for protection of nation’s National Critical Information Infrastructure, Enabling policy measures are required to encourage establishments of testing labs for managing risks.
Rand D product development
India proposes to take R and D initiatives in development of safe products, discovery and analysis of vulnerabilities, fixing attribution and design of cyber weapons. Manufacturing and export of cyber security products presents a very attractive opportunity for India.
Cyber workforce development
This is an urgent requirement to have a national plan to develop a cyber-security workforce and associated cadre.
Cyber Threat Intelligence Centre
India proposes to have cyber analysis centres to collect attack on various infrastructures, financial systems, services and websites; correlate big data generated from government with commercial and financial data to create patterns and suggest anomalies for advance preventive actions.