Cybersecurity & Imports from NSO Group

In News

  • The spyware maker Cognyte, often billed as an alternative to Pegasus, has been selling tech gear to the Signal Intelligence Directorate which comes under the Ministry of Defence.
    • The firm in question is Cognyte Software Ltd, which faces a class action lawsuit in the U.S. from investors.

About

  • Cognyte regularly targeted journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists around the world, without their knowledge, and collected intelligence on these people by manipulating them to reveal information and/or by compromising their devices and accounts.
  • Earlier, the Pegasus spyware was reportedly used on Indian activists, journalists, and politicians, among others. A year has passed since the disclosures about the Pegasus Project revealed the threat to India’s democracy.

Cybersecurity

  • Cybersecurity or information technology security are the techniques of protecting computers, networks, programs, and data from unauthorized access or attacks that are aimed for exploitation.
  • Cyber security is concerned with making cyberspace safe from threats, namely cyber-threats. 
  • Cyber warfare: When a nation-state or international organization attacks and attempts to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks.

Need for Robust Cybersecurity

  • A nation’s cyberspace is part of the global cyberspace; it cannot be isolated to define its boundaries since cyberspace is borderless. Unlike the physical world that is limited by geographical boundaries in space—land, sea, river waters, and air—cyberspace can and is continuing to expand. Increased Internet penetration is leading to growth of cyberspace, since its size is proportional to the activities that are carried through it.
  • India is positioned to become a global leader in terms of data, technology, digitization and inclusion. The government has been at the forefront of driving technology-led initiatives through flagship programmes like Startup India, Digital India etc. to foster a favourable business environment for existing and new businesses to become global unicorns.
  • India has significant potential for growth in the coming years. And as the digital economy grows, it becomes more prone to  cyber threats and vulnerabilities. For instance, there is a growing risk of cyberattacks on key infrastructure as well as financial institutions.
  • India has the world’s highest number of Internet users downloading millions of apps every year. However, 80% of these apps are insecure from a security standpoint.

cyber sec

Government Initiatives

  • The Government of India (GoI) has taken several technical, institutional, and legislative steps to tackle issues related to cybersecurity, including the National Cyber Security Policy (2013) and enactment of the Information Technology (IT) Act, 2000.
  • The Indian Computer Emergency Response Team (CERT-In) was founded by the Ministry of Electronics and Information Technology (MeitY) as the national bureau for event response, including evaluation, prediction and alerts for cybersecurity breaches. 
  • The Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) (CSK), a constituent of the Digital India initiative of the GoI under MeitY, works to create a secure cyberspace by identifying botnets.
  • Cyber and Information Security (C&IS) division of MHA deals with issues relating to Cyber Crime, Cyber Security, National Intelligence Grid (NATGRID) and National Information Security Policy & Guidelines (NISPG).
  • NATGRID is an integrated intelligence master database structure that links databases from several security agencies within the GoI. 
  • Cyber Crime Prevention against Women and Children (CCPWC) Scheme is established by MHA to give the states/UTs financial support of USD 11.99 million for the establishment of cyber forensic-cum-training laboratories.
  • MHA established the Indian Cyber Crime Coordination Centre (I4C) to deal with all types of cybercrime in the country in a coordinated and comprehensive manner. It has an outlay of USD 49.9 million.
  • National Cyber Coordination Centre (NCCC) and National Critical Information Infrastructure Protection Centre (NCIIPC) are some other initiatives undertaken by the government concerning cybersecurity.
  • For example, Card-on-File Tokenization is one of the most recent technologies rolled out by the Reserve Bank of India (RBI) to create a robust and safer digital payment infrastructure for consumers and increase business confidence in accepting digital payments.

Solutions and Initiatives to safeguard India’s Cybersecurity journey 

  • Governments, both at the state and central level as well as industry will need to play an active role in spreading awareness and training individuals. A large part of India’s population is digitally literate but unaware about basic security measures.
  • The role of policymakers will be equally crucial as they can help the industry in catalysing innovation and bringing new solutions to the market at a faster pace and with enhanced agility. 
  • To tackle cyber threats on an urgent basis, the government and industry players have to build capabilities that are being driven by advanced AI and ML solutions
  • AI/ ML helps in analysing data from millions of cyber incidents and using it to identify potential threats or a new variant of malware.

First-Ever Anti-Spyware Declaration

  • The US and 10 other nations issued the first-ever significant anti-spyware declaration.
  • Countries involved:  Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the United Kingdom, and the United States
  • The declaration seeks to realize the importance of stringent domestic and international controls on the proliferation and use of this technology.
  • Need: Threat posed by the misuse of commercial spyware e.g., Israeli software Pegasus, Hermit spyware.

Source: TH