Also known as internet security, cyber security relates to preventing any form of unauthorized or malafide access to computers, networks, smartphones, banking networks, etc.
- Cyber space comprises of IT networks, computer resources and all internet connected devices, mobile or fixed. It is important to understand that a nation’s cyberspace is a part of the global cyberspace, without any borders. This borderless cyberspace is expanding exponentially with the increased internet penetration and inclusion of Internet of Things (IoT).
- 5th dimension: Also, after land, sea, air and space, cyberspace has been officially declared as the 5th dimension of warfare, by US and other NATO countries already.
As India is investing heavily in building e-services for its citizens by providing higher bandwidths and integrating national economy with digital marketplace, there is an increased need for emphasis on cyber security in India.
The cyber security threats or Cyber attacks generally emanate from a variety of sources and manifest themselves in distruptive activities that target individuals, businesses, national infrastructure, industry establishments and Governmnets alike.
Therefore, cyber security is seen as the latest tenant of the security challenge since major critical infrastructure including, banking, defense, power, etc. are shifting to the digital realm.
The effects of a threatened cyber space carry significant risk for public safety, national security and stability of the globally linked economy. Hence, cyber security threats pose a serious economic and national security challenge for our country in present times.
Major Cyber Attacks in recent past :
In 2010 there were attacks on Iranian Nuclear establishment. Then, there have been attacks like Struxnet, Operation Shady rat or BadBios in the world countries which have constantly highlighted the vulnerability of critical infrastructure.
Lately, the US intelligence community accused Russians of being responsible for the hacking that led to the leaking of damaging material which dogged Democratic presidential nominee Hillary Clinton in the Presidential elections.
In 2016, hackers also disrupted the Korean transport system, American DAM and Swiss water company. Major attacks on healthcare grew by 63% in same years.
India also saw a malware-related security breach in banking ATMs following which the State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank blocked millions of debit cards that were compromised.
Cyber Security Preparedness of India
It was just 21 years ago that public internet came to India and right now India has large number of subscribers for internet usage. With recent government push towards a digital “cashless” economy, India is heading towards being a Digital Society rapidly. This increasing dependency on digital highlights the need for a secure cyber space in the country, especially when a number of users are beginners (novice) as far as secure practices go.
The government has identified following objectives for securing country’s cyber space :
- preventing cyber attacks,
- reducing national vulnerability to cyber attacks
- minimizing damage and recovery time from cyber attacks.
The initiatives taken by the government of India have focused on threats to critical information infrastructure and national security, adoption of relevant security technologies, information security awareness, training and research. Due to dynamic nature of cyber threat scenario, these actions need to be continued, refined and strengthened from time to time. There has been some steps taken:
- The Information Technology (Amenedment) Act 2008 has been enacted to cater to the needs of National Cyber Security.
- Indian Computer Emergency Response Team (CERT- In) has been operational as a national agency for cyber security incident response.
- Growth and application of digital signature certificates in a number of areas has taken place.
- National Crisis Management Plan for countering cyber attacks and cyber terrorism has been prepared and is annually updated.
- Security Auditors have been empaneled for conducting security audits.
Cyber Security Threats and Challenges in India
India sees a net outflow of data as data servers of majority of digital service providers take information highways to West. Hence, India has largely become a net exporter of information especially with social media making deep inroads.
Also, internet users from India use a variety of devices, ranging from cheap handsets with little infrastructure for cyber security to high-end smartphones. This makes it difficult to provide for a uniform security protocol.
Amidst the push for digital economy, India faces widespread digital illiteracy which makes Indian citizens highly susceptible to cyber fraud, cyber theft, etc.
A number of electronic equipments in India are imported. It remains unknown whether these devices are tampered with or programmed for control processes. Hence, there is a need for much more rigorous testing of these equipments. Particularly those that are being imported for telecommunication, power grid management or air traffic control.
The CERT-In (Computer Emergency Response Team) is awfully understaffed to manage the reporting rise in cyber crimes. From 22,000 reported incidents in 2012, it has gone up to 1.3 lakh cyber attacks as reported in 2014.
The private sector in India fails to report and respond to security breaches in digital networks, even though it remains prominent player. There is lack of awareness among internet users about Privacy enhancing technologies. Even most of Indian companies don not even mandate the existing two-factor authentication (2FA) on Gmail for official communication.
Threats from hacker groups from hostile countries has been increasing day by day. The capacities developed to handle these cyber attacks need to be scaled up exponentially to deal with the cyber risks India is going to face.Nasscom has projected, India would need 1 million cyber security experts by 2020.
The National Cyber Security Policy came up in 2013 which has well laid out 14 parameters but the implementation needs to be far more strict.
An organization supposed to come up since 2014 – National Cyber Coordination Centre but not much has been achieved in this area yet.