Need for an updated Cybersecurity strategy
For IASToppers’ Editorial Simplified Archive, click here
Cybersecurity has become an integral aspect of national security. Its area of influence extends far beyond military domains to cover all aspects of a nation’s governance, institutions, and business establishments and for any common citizen.
- Cybercrime includes unauthorized access of information and breaks security like privacy, password, etc. of any person with the use of the internet.
- Cyber theft is a part of cybercrime which means theft carried out using computers or the Internet.
- Common types of cyber theft: identity theft, password theft, theft of information, internet time thefts etc.
i. Identity Theft
- Illegally obtaining someone’s personal information which defines one’s identity for economic benefit.
- It is the commonest form of cyber theft and personal information could be procured from electronic devices as follows: –
a) Hacking: Hackers are unauthorized users who break into computer systems to steal, change or destroy information, often by installing dangerous malware.
b) Phishing: Fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
c) E-Mail/SMS Spoofing: The spoofed e-mail is one which shows its origin to be different from where it originated. In SMS spoofing, the offender steals the identity of another person in the form of phone number and sending SMS via internet and the receiver gets the SMS from the mobile number of the victim.
d) Carding: Unauthorized use of the ATM debit and credit cards to withdraw money from the bank accounts of the individual.
ii. Internet time theft:
- It refers to the theft in a manner where the unauthorized person uses internet hours paid by another person; by illegal access to another person’s ISP user ID and password.
iii. Intellectual property Theft:
- It is a theft of material that is copyrighted, the theft of trade secrets, and trademark violations etc.
- One of the most commonly and dangerously known consequences of IP theft is counterfeit goods and piracy.
Cybersecurity policy 2013:
- The National Cyber Security Policy, 2013, was the first comprehensive document brought out by the government.
- The policy had several action points including setting up a National Cyber Security Center, Test Infrastructure, Malware Monitoring & Cleaning Center, National Critical Information Infrastructure Center etc.
- However, not much was realised in terms of a coordinated cyber approach andthere are gaps regarding the resilience of infrastructure which need to be addressed.
- We need to review the 2013 policy and take corrective steps to strengthen the system to enhance the resiliency of cyber-infrastructure in the country.
- The government has announced that a new Cyber Security Policy, 2020, to be brought out soon.
Need for an updated policy:
- India is among the top 10 countries facing cyber-attacks.
- These incidents have increased manifolds during the lockdown period — almost three times increase in cases of phishing, spamming and scanning of ICT systems, particularly of critical information infrastructure.
- The border stand-off has further increased worries about enhanced cyber-attacks from China and its close allies.
- Several advisories have been published by the Indian Computer Emergency Team and media about possibilities of cyber-attacks from China.
- Many cyber hackers — state, non-state, professional or anonymous groups operate worldwide and conduct attacks internationally.
- Financial services, payments, health services, etc are all connected to digital mediums; and are expected to increase in future.
- Unlike the US, Singapore, and the UK where there is a single umbrella organisation dealing in cybersecurity, India has 36 different central bodies.
- Most ministries have their own bodies that deal with cyber issues, and each has a different reporting structure; each state government has its own CERT.
- While CERT-IN has responded to cyber threats, it has been late in conducting security checks and often has released advisories once an attack has taken place.
- The government itself uses legacy systems which are vulnerable to cyberattacks; countries like China and Singapore have progressed towards creating cyber defence networks and upgraded systems.
- India’s existing cybersecurity policy of 2013 must be reviewed in the light of emerging cyber threats by state-sponsored international cyber-terrorism, military espionage, corporate espionage and financial frauds by individual hackers and groups.
- India’s cybersecurity strategy must be able to protect multiple digital intrusions at all levels: military and corporate espionage, electronic attacks disrupting critical infrastructure, ICT and IoT systems and data privacy, integrity and security of its citizens.
- There is an urgent need for dissemination of best security practices, intelligence sharing, intrusion reporting and effective coordination and partnership between private, corporate, government and international level organisations like the UN, the European Union and India’s allies.
- The MoUs on cyber defence with allies and international organisations will prove instrumental as cyber threats defy state borders and organisational boundaries.
- Adequate funding for ICT and IoT security is inevitable for strategic research and development.
- A special task force must be engaged for round the clock vigilance.
- Cybersecurity professionals must be prepared for the new challenges for identification, surveillance, monitoring, location tracking, targeting for recruitment, access to networks and stealing user credentials.
We are in a connected world and more activities will be carried on the internet and public networks, and heterogeneity of devices and software will add to the vulnerabilities. To achieve the set a target of a US$ 5 trillion economy, India needs to be prepared for policy, legal framework, monitoring infra and technology to emerge as a safe and secure digital country.
With countries resorting to digital warfare and hackers targeting business organisations and government processes, India needs comprehensive cybersecurity guidelines and standards for checking cyber vulnerabilities and cyber responses.