14 Sep

Cyber Security and other challenges (DAMP)

 

< Free Damp Home Page

Contents

• India faces multiple and intricate challenges to its cybersecurity, however, a holistic approach that integrates both technological and policy-based solutions can effectively tackle these issues. Discuss (10 Marks)
• Cyber-attacks have emerged as a major threat to internal security. Highlight the challenges associated with cyber-attacks in the context of national security.
• State the reasons behind targeting of Critical Information Infrastructure (CII) by state and non-state actors. Also, discuss the steps taken by the Indian government to secure its CII.

---

22-04-2023

Q: India faces multiple and intricate challenges to its cybersecurity, however, a holistic approach that integrates both technological and policy-based solutions can effectively tackle these issues. Discuss (10 Marks)

For Answer Submission Please Join the Telegram Group: Click here to join the Group

Answer :

Introduction: Write in brief about cybercrime. Body: Mention some challenges and also write about technological & policy-based solutions. Conclusion: To conclusion with positive feedback to deal with cybercrime.

Under the Indian context, cybercrime refers to any criminal activity or offense committed using computer networks or the internet. The Information Technology Act, 2000, which is the primary law governing cybercrime in India, defines cybercrime as any illegal activity involving a computer, computer network, or computer resource.

Multiple challenges faced in cybersecurity:

• Cybercrime: India has seen an increase in cybercrime cases, such as online financial fraud, phishing scams, and identity theft. For instance, in February 2021, a Mumbai-based businessman lost INR 1.86 crore (approximately USD 252,500) to a phishing scam.
• Data breaches: In 2020, a data breach at India’s largest airline, Air India, exposed the personal information of around 4.5 million customers. This incident highlighted the need for better data protection measures in the country.
• Ransomware attacks: In April 2021, India’s largest private port operator, Adani Ports, was hit by a ransomware attack that caused disruption to its operations. The cybercriminals demanded a ransom of USD 4 million in exchange for the decryption key.
• Lack of cybersecurity awareness: For instance, in 2020, an Indian bank lost INR 1.3 crore (approximately USD 177,000) due to a social engineering attack, where the attackers used phishing emails to gain access to the bank’s system.
• Cyber espionage: In 2020, a Chinese state-sponsored hacking group targeted several Indian organizations, including the Indian government’s COVID-19 response team.
• Lack of skilled cybersecurity professionals: India faces a shortage of skilled cybersecurity professionals, which makes it difficult to address the growing threat of cybercrime and cyber-attacks.

Technological and policy-based solutions:

• Technological Solutions: India has made significant progress in developing and deploying technological solutions to enhance cybersecurity.
• For instance, the Indian Computer Emergency Response Team (CERT-In) operates a 24/7 cybersecurity helpline, which helps individuals and organizations report cyber incidents and receive timely assistance.
• Several cybersecurity projects such as Cyber Swachhta Kendra and National Cyber Coordination Centre, aimed at improving cybersecurity awareness and strengthening India’s cyber defense capabilities.
• Policy-based Solutions: India has also implemented several policy-based solutions to improve cybersecurity. For instance, the government has established the National Cyber Security Policy 2013, which outlines a comprehensive framework to address cybersecurity challenges.
• Public-Private Partnerships: India has initiated several public-private partnerships to enhance cybersecurity. For instance, the Data Security Council of India (DSCI) is a not-for-profit organization established in partnership with NASSCOM.
• Cybersecurity Education: For instance, the government has established the National Institute of Electronics and Information Technology (NIELIT), which offers various cybersecurity courses.
• Moreover, the National Cyber Security Coordinator has launched initiatives such as Cyber Surakshit Bharat, which aims to educate individuals on safe online practices.

There is a need to revamp the IT Act 2000 to keep in mind the evolving technologies and challenges. India also needs to strengthen its technological capacity and manpower to address the challenges. The recently proposed Personal Data Protection Bill, 2019, which aims to regulate the collection, use, and transfer of personal data in India and strengthen the country’s cybersecurity framework.

15-09-2023

Q: Cyber-attacks have emerged as a major threat to internal security. Highlight the challenges associated with cyber-attacks in the context of national security. (15 Marks, 250 Words)

Answer :

Cyber threats are harmful activities committed with the intent of destroying, stealing, or disrupting
data and digital life in general. Computer viruses, data breaches, and Denial of Service (DoS) assaults are
examples of these risks.

Cyber-attacks as threat to internal security:

• Cyber terrorism: A premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence. Or financial damages.
• Stealing digital Data: Personal and professional data like customer information and intellectual property rights can result in loss of hundreds of crores to the businesses and loss of trust of customers.
• Stealing personal data of citizens of a country and using them to target specific groups, manipulating elections etc.
• Cyber warfare: The actions by any nation or international organization to attack and attempt to damage another nation’s computers or information networks.
• Critical Infrastructure: Hacking critical infrastructure like nuclear power plants, defense installation controls and commands, transport and energy infrastructure can create havoc to the economy and security of nation.

Challenges associated with cyber-attacks:

• Lack of specialists: Globally, India ranks 2nd in terms of the number of Internet users after China (Internet World Stats, 2017). However, India has limited of cyber-security specialists, when compared to internet user base.
• Lack of robust law enforcement mechanisms: India’s approach to cyber security has so far been ad hoc and unsystematic. Despite several agencies, policies and initiatives, their implementation has been far from satisfactory.
• Lack of Coordination: Due to the existence of too many agencies with overlapping functions in the field of cyber security, coordination between these agencies is poor.
• National cyber security policy, 2013 has not been updated despite significant changes in the cyber security environment, digital penetration, and associated threats.
• Private sector participation remains limited in India’s cybersecurity structures.
• Import dependence on cyber and communication equipment makes them vulnerable to cyberattacks.

To tackle these threats recent initiatives like booting domestic manufacturing and import from “trusted sources”, NCIIPC, CERT-IN, NCCC, Cyber Surakshit Bharat Initiative and Cyber Crisis Management Plan have been launched to prevent, respond, and swiftly mitigate cyber-attacks.

22-09-2023

Q: State the reasons behind targeting of Critical Information Infrastructure (CII) by state and non-state actors. Also, discuss the steps taken by the Indian government to secure its CII. (15 Marks, 250 Words)

Answer :

As per the Information Technology Act of 2000, Critical Information Infrastructures (CII) encompass essential computer resources that, if compromised or destroyed, can severely disrupt national security, economy, public health, or safety across public and private domains. These infrastructures are targeted by both adversarial state and non-state actors due to their critical importance. Attacks on CIIs result in compromised information systems, control hijacking, component destruction, and extraction of sensitive data.

Reasons for Targeting Critical Information Infrastructures (CII) by state and non-state actors:

• Valuable Information: CIIs store sensitive data, like nuclear facility details and reactor designs, making them attractive targets for both state and non-state entities. For example, the Stuxnet virus targeted Iran’s enrichment program.
• Evolution of Warfare: CIIs extend the realm of conflict beyond traditional warfare, requiring fewer skilled individuals to incapacitate systems compared to conventional weaponry or armies.
• National Security: CIIs encompass physical and cyber systems crucial for a nation’s security landscape. Any harm inflicted on them profoundly impacts national security, politics, economy, and social well-being.
• Disrupting State Operations: Modern critical infrastructure, such as power grids and reactors, are highly interconnected across regions and sectors. Minor malfunctions can cascade through various segments, generating extensive, unforeseen consequences.
• Eroding Trust: A cyberattack targeting a specific element exposes vulnerabilities in the entire system, leading to strained relations with allies and adversaries alike.

Challenges in Safeguarding CIIs:

• Resource Shortage: Organizations, including infrastructure maintainers, lack sufficiently trained cybersecurity professionals to fulfill security requirements.
• Information Sharing Hesitation: Concerns about losing a competitive edge hinder the sharing of vulnerability information across public and private sectors.
• Coordination Deficiency: Agencies report to various entities like the Ministry of Home Affairs, Prime Minister’s Office, Defence Ministry, and MeitY, leading to coordination challenges.
• Capability Imbalance: India lacks domestically developed cybersecurity hardware and software, making it susceptible to cyberattacks from state and non-state actors.

Government Initiatives for CII Protection:

• National Critical Information Infrastructure Protection Centre (NCIIPC) regulates and safeguards the nation’s CIIs.
• Information Technology (National Critical Information Infrastructure Protection Centre and Manner of Performing Functions and Duties) Rules, 2013, guide NCIIPC’s operations.
• Indian Computer Emergency Response Team (CERT-In) responds to computer security incidents.
• National Cyber Security Coordinator (NCSC) under the National Security Council Secretariat coordinates national-level cybersecurity activities.
• National Cyber Coordination Centre enhances situational awareness of cyber threats and facilitates timely information sharing for preventive actions.
• Comprehensive Security Policy: A comprehensive policy addressing physical, legal, cyber, and human dimensions of security is essential. Understanding vulnerabilities and interdependencies among infrastructures is crucial.