Cyberattacks on Indian Sites

In Context

  • Recently, Computer Emergency Response Team (CERT-In) reported that almost 26,000 Indian websites have been hacked into in the 10-month period ended October.

About

  • There have been attempts from time to time to launch cyberattacks on Indian cyberspace.
  • The attackers are compromising computer systems located in different parts of the world and use masquerading techniques and hidden servers to hide the identity of actual systems from which the attacks are being launched.

Reasons for increasing Cyber Attacks in India

  • Increasing dependency on technology: As we grow faster, more and more systems are being shifted to virtual space to promote access and ease of use.
    • However, the downside to this trend is the increased vulnerability of such systems to cyber-attacks. 
      • For e.g. there is a concern of widespread damage and huge loss if hackers are able to intrude into the nuclear, financial or energy systems of a country. 
      • Since almost all sectors of an economy are dependent upon power, the takedown of the power grid can substantially impact the economy.
      • Growing digital reliance in the post-COVID era has exposed digital disparities which must be bridged through capacity building.
  • There’s a sophisticated use of cyberspace by terrorists to broaden their propaganda and incite hatred.
  • Lack of robust law enforcement mechanisms: India’s approach to cyber security has so far been ad hoc and unsystematic
    • Despite a number of agencies, policies and initiatives, their implementation has been far from satisfactory.
  • Adverse relations with China: China is considered one of the world leaders in information technology. Therefore, it is expected to have capabilities to disable or partially interrupt the information technology services in another country. 
    • Combined with the recent border standoff and violent incidents between the armies of the two countries, the adversity in relations is expected to spill over to attacking each other’s critical information infrastructure.
  • Asymmetric and covert warfare: Unlike conventional warfare with loss of lives and eyeball to eyeball situations, cyber warfare is covert warfare with the scope of plausible deniability, i.e. the governments can deny their involvement even when they are caught.
    •  Similarly, even a small nation with advanced systems and skilled resources can launch an attack on a bigger power, without the fear of heavy losses. 
    • Therefore, cyber warfare has increasingly become the chosen space for conflict between nations.
  • Lack of International Coordination: International cooperation and consensus is missing in this field.
  • Low digital literacy among the general public and digital gaps amongst nations create an unsustainable environment in the cyber domain.
    • It is often reported that people are duped easily by click-baiting them into clicking interesting content, which often has malware attached to itself. 
  • Poor cybersecurity infrastructure
  • State-sponsored cyber attacks
  • Increased internet usage and technology advancement like 5G, IoT, crypto etc.

India’s Preparedness to Ensure Cybersecurity

  • The government is fully cognizant and aware of various cybersecurity threats including cyber terrorism and has taken various measures to enhance the cybersecurity posture and prevent cyberattacks.
  • Banning of unsafe apps: India had banned apps that posed a threat to security.
    •  India had banned many apps (mostly of Chinese origin), which were found to be unsafe for usage by Indian citizens.
    •  The apps were allegedly transferring data to the servers located outside India and did not have proper safeguards to ensure that the private data of Indian citizens were protected from unauthorized access.
  • Awaited National cybersecurity strategy: Comprehensive plan in preparing & dealing with cyber-attacks (Pre, Post and During the attack).
  • Indian Cyber Crime Coordination Centre (I4C): Launched in 2018, It is an apex coordination centre to deal with cybercrimes.
  • Evolving Technology: Cyber attackers are continuously working on novel ways to sabotage the systems. 
  • Human Resource: Anyone in cybersecurity needs to be an equally potent hacker.
  • CERT-In (Cyber Emergency Response Team, India): It is National Nodal Agency for Cyber Security and is Operational since 2004
  • National Cyber Security Policy, 2013: The policy provides the vision and strategic direction to protect the national cyberspace.
  • Cyber Swachhta Kendra: Cyber Swachhta Kendra helps users to analyse and keep their systems free of various viruses, bots/ malware, Trojans, etc.
    • Launched in early 2017.
  • Indian Cyber Crime Coordination Centre (I4C): Launched in 2018, It is an apex coordination centre to deal with cybercrimes.
  • Cyber Surakshit Bharat: It was launched by the Ministry of Electronics and Information Technology (MEITy) in 2018 with an aim to 
    • spread awareness about cybercrime and 
    • building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
  • The Cyber Warrior Police Force: It was organised on the lines of the Central Armed Police Force in 2018.
  • Personal Data Protection Bill: The bill mandates the strengthening of data infrastructure by private companies to safeguard the data of individuals.
    • Therefore, there is a focus on including the private companies in the ambit of data protection, rather than restricting it to the government only. This is also important as the private sector may provide an entry point to the attackers compromising the integrity of the system.
  • Information Technology Act, 2000 (Amended in 2008): It is the main law for dealing with cybercrime and digital commerce in India.
    • National Critical Information Infrastructure Protection Centre (NCIIPC) was created under Section 70A of IT Act 2000 to protect Cyberinfrastructure.

International Efforts in this direction 

  • Budapest Convention: 1st international treaty to address cybercrime; India is not a signatory.
  • Internet Corporation for Assigned Names and Numbers (ICANN): US-based not-for-profit organisation for coordinating & maintenance of several databases.
  • Internet Governance Forum: UN forum for multi-stakeholder policy dialogue on Internet governance issues. 

What more needs to be done in this context?

  • Human resource is crucial and there is an urgent need to create an informal Indian team of Cyber Warriors.
  • The critical infrastructure managers should also be well trained in cyber warfare and well equipped with all the technologies for isolating viruses and attacks.
  • There should be a reward for white hackers who can highlight their shortcomings.
  • The managers and Common mass must be made aware.
    • There is a need to enhance the general awareness levels of the government installations as well as the general public to counter such threats.
  • Separate wing under Army or Navy as Cyber Command on lines of US
  • The need of the hour is to come up with a futuristic National Cyber-Security Policy which allocates adequate resources and addresses the concerns of the stakeholders.
  •  Similarly, there is a need for quicker up-gradation of the existing infrastructure as information technology is a fast-evolving field and there is a need to stay ahead of the competition.

Source: TH