National Cyber Security Strategy

APR 29

Mains   > Security   >   Cyber Security   >   Cyber crime

IN NEWS:

  • Recently, Union Power Minister confirmed that Chinese hackers made two attempts to target electricity distribution centres near Ladakh but were not successful.
  • However, amid a surge in cyberattacks on India’s networks, Centre is yet to implement the National Cyber Security Strategy which has been in the works since 2020.

CYBER SECURITY:

  • Cyber security involves the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.
  • The concept includes guidelines, policies, safeguards, technologies, tools and training to provide the best protection for the cyber environment and its users.

CYBERATTACK:

  • Cyberattack can be defined as any act that compromises the security expectations of an individual, organization, or nation in its cyber space.  

TYPES OF CYBER ATTACKS:

Based on perpetrators and their motives, Cyber threats can be categorized into:

  1. Cyber Espionage:
    • Refers to the use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.
    • The 2019 cyber-attack on Kudankulam nuclear power plant using a data extraction malware falls under this category.
  2. Cyber Crime:
    • Cybercrime is any criminal activity that involves a computer, networked device or a network.
    • Most cybercrimes are carried out in order to generate profit for the cybercriminals. However, some cybercrimes are carried out against computers or devices directly to damage or disable them, to spread malware, illegal information, images or other materials. Some cybercrimes do both.
  3. Cyber Terrorism:
    • It is the convergence of terrorism and cyber space. It refers to unlawful attacks and threats of attacks against computers, networks and information stored to intimidate or coerce a government or its people in furtherance of political or social objectives.
    • They are offensive maneuvers that targets computer information systems, infrastructures or computer networks, with an intention to damage or destroy targeted computer network or system.
  4. Cyber Warfare:
    • Though there is no proper definition, it may be defined as actions by a nation-state or its proxies to penetrate another nation’s computers or networks for the purposes of espionage, causing damage or disruption.
    • It is perceived to be the fifth domain of warfare.

TYPES OF CYBER-CRIMES:

STATISTICS:

  • According to 'Crime in India’, released by the National Crime Records Bureau 2021:
    • Cybercrimes recorded an increase of 11.8% in 2020
    • Cybercrimes have increased four times or 306 percent in the past four years and rate of cybercrime (incidents per lakh population) increased in 2020.
    • Number of cases registered under Cyber Crime against Children during 2019 was 305.
  • As per data by CERT-In
    • 1.16 million cases of cyberattacks were reported in 2020, up nearly three times from 2019 and more than 20 times compared to 2016.
    • Over 26,100 Indian websites were hacked during 2020
  • As per Norton Cyber Safety report 2021:
    • 59% of adults in India have become victim of cyber crime
  • As per ‘Cyberthreats to Financial Organizations in 2022’ report:
    • India is among the top five targets for cyberattacks in the Asia Pacific (APAC) region, particularly security breaches that involve cyber espionage.
  • As per State of Ransomware 2021
    • 68% of organizations in India deals with ransomware
  • Global Cyber Security Index of ITU 2020
    • India scored 97.5 points to make it to the 10th position worldwide in the GCI 2020. This was an improvement from 47th rank in 2019.                          

PRESENT STATUS OF NATIONAL CYBER SECURITY STRATEGY

  • The National Cyber Security Strategy, conceptualized by the National Security Council Secretariat of India headed by Lt General Rajesh Pant, has been in the works for the past two years.
  • Recently, the Minister of State for Electronics and IT Rajeev Chandrasekhar said that the National Security Council Secretariat (NSCS) has formulated a draft National Cyber Security Strategy 2021 (NCSS 2021), which holistically looks at addressing the issues of security of national cyberspace.
  •  As per the information available from various sources, the National Cyber Security Strategy proposes a separate legislative framework for cyberspace and the creation of an apex body to address threats.
    • The strategy aims to create a comprehensive system, with both state-owned and private companies having to comply with cybersecurity standards.
    •  It provides for a periodic cyber audit and recommends annual reviews by the apex body that will be created.
  • India has a National Cyber Security Policy and the country needs a cyber-strategy.
    • Difference between a policy and a strategy is that a strategy is an action-oriented plan with a timeline.

WHY INDIA NEEDS A NATIONAL CYBER SECURITY STRATEGY?

  • Surge in cyber-attacks:
    • According to a report by American cyber security firm Palo Alto Networks, ransom ware attacks on organizations in India increased by 218% in 2021.
    • Another report from French tech firm Thales says that one in four Indian organizations suffered a ransomware attack in 2021, which was higher than the global average of 21%.
    • Cyber-attacks on critical infrastructure:
      • Safety and security of critical infrastructure such as Aadhar, NATGRID, Health Stack, Nuclear plants etc. are heavily depend upon secure cyber architecture.
      • In India cyber attacks on critical infrastructure by hackers have risen in the recent times. Eg. Chinese hackers made attempts to target electricity distribution centres near Ladakh.
      • India's Critical Infrastructure Witnessed 70% Jump In Ransomware Attacks In 2021 ,according to a report by cybersecurity company Trelix.
  • Increasing internet use in India
    • With over 600 million internet users, India is the second largest online market in the world, ranked only behind China.
    • It was estimated that by 2023, there would be over 650 million internet users the country.
    • This demands increased focus in security of internet spaces.
  • Service hub:
    • India is home to a large share of IT and service-sector industries. It hosts some of the largest outsourcing services in the world.
    • To add to this, through several initiatives such as Digital India, the government is pushing for large scale digitization. This not only attracts tech investors, but also tech criminals.
  • Exponential growth of digital space during covid-19:
    • The pandemic has resulted in digital technology adoption being fast forwarded and the demand for technology-driven products increasing multifold. But this growth has further exposed our cyber vulnerabilities.
    • As per the data from Computer Emergency Response Team (CERT-In), cyber-attacks in India amid the Covid-19 pandemic rose by almost 300% in 2020.
  • Increasing digitisation in India:
    • Digital India initiatives, Land records digitization, Digital Health Mission, Aadhar, Increasing cashless economy etc. puts further pressure on the need for secure cyber architecture in the country.
  • Cost incurred due to cyber-attacks are increasing:.
    • India has lost a huge amount of money each year in cyber-attacks. For instance, cybercrimes in India caused losses of Rs. 1.25 lakh crore in 2019.
  • Limited inter-agency coordination:
    • Cyber crimes often pans across the jurisdiction of different agencies, such as state police forces, Enforcement Directorate, departments under Home and Foreign Affairs Ministries etc.
    • However, till recently there has been no proper mechanism to ensure the smooth coordination between these agencies in matters of data sharing, investigation etc.
    • Private sector, despite being a major stakeholder in the cyberspace, has not been involved proactively for the security of the same.

 

RECOMMENDATIONS OF THE DATA SECURITY COUNCIL OF INDIA

  • DSCI (Data Security Council of India), a not-for-profit industry body on data protection in India, has consolidated its perspectives on the National Cyber Security Strategy in a 22-page report which focuses on 21 areas to ensure a safe, secure, trusted, resilient, and vibrant cyberspace for India.
  • The main sectors of focus of the report are:-
    • Large scale digitisation of public services: There needs to be a focus on security in the early stages of design in all digitisation initiatives and for developing institutional capability for assessment, evaluation, certification, and rating of core devices.
    • Supply chain security: There should be robust monitoring and mapping of the supply chain of the Integrated circuits (ICT) and electronics products. Product testing and certification needs to be scaled up, and the countrys semiconductor design capabilities must be leveraged globally.
    • Critical information infrastructure protection: The supervisory control and data acquisition (SCADA) security should be integrated with enterprise security. A repository of vulnerabilities should also be maintained.
    • Digital payments: There should be mapping and modelling of devices and platform deployed, transacting entities, payment flows, interfaces and data exchange as well as threat research and sharing of threat intelligence.
    • State-level cyber security: State-level cybersecurity policies and guidelines for security architecture, operations, and governance need to be developed.

  • To implement cybersecurity in the above-listed focus areas, the report lists the following recommendations:
    • Budgetary provisions:
      • A minimum allocation of 0.25% of the annual budget, which can be raised up to 1% has been recommended to be set aside for cyber security.
      • The report also suggests setting up a Fund of Funds for cybersecurity and to provide Central funding to States to build capabilities in the same field.
    • Research, innovation, skill-building and technology development:
      • The report suggests investing in modernisation and digitisation of ICTs.
      • Furthermore, a national framework should be devised in collaboration with institutions like the National Skill Development Corporation (NSDC) and ISEA (Information Security Education and Awareness) to provide global professional certifications in security.
      •  The DSCI further recommends creating a ‘cyber security services’ with cadre chosen from the Indian Engineering Services.
    • Crisis management:
      • For adequate preparation to handle crisis, the DSCI recommends holding cybersecurity drills which include real-life scenarios with their ramifications.
      • In critical sectors, simulation exercises for cross-border scenarios must be held on an inter-country basis.
    • Cyber insurance:
      • Cyber insurance being a yet to be researched field, must have an actuarial science to address cybersecurity risks in business and technology scenarios as well as calculate threat exposures.
      • The DSCI recommends developing cyber insurance products for critical information infrastructure and to quantify the risks involving them.
    • Cyber diplomacy:
      • Cyber diplomacy plays a huge role in shaping India’s global relations. To further better diplomacy, the government should promote brand India as a responsible player in cyber security and also create ‘cyber envoys’ for the key countries/regions.
    • Cybercrime investigation:
      • With the increase in cybercrime across the world, the report recommends unburdening the judicial system by creating laws to resolve spamming and fake news.
      • It also suggests charting a five-year roadmap factoring possible technology transformation, setting up exclusive courts to deal with cybercrimes and remove backlog of cybercrimes by increasing centres providing opinion related to digital evidence under section 79A of the IT act.
      • Moreover, the DSCI suggests advanced forensic training for agencies to keep up in the age of AI/ML, blockchain, IoT, cloud, automation.
      • Law enforcement and other agencies should partner with their counterparts abroad to seek information of service providers overseas.

PRACTICE QUESTION:

Q. Discuss various cybersecurity threats faced by India and examine how implementing a National Cyber Security Strategy will help the country to create a secure cyber space.