cyber security

India's prospects in Cyber Space:
  1. Internet and Mobile Association of India - internet users expected to grow upto 314m by the end of 2017. Growth rate of 28% bw 2013-17.
  2. 3rd largest hub for tech startups
  3. Networked devices expected to grow over 2bn.
  4. India ranked 23/165 in Global Cyber Security Index

Cyber Security relates to preventing any unauthorised and malafide access to computers or ICT infrastructure. After land, sea, air and space, cyberspace has been officially declared as the 5th dimension of warfare. 
Challenges in cybersecurity:
  1. geographical barriers
  2. difficult to locate perpetrator, anonymity
  3. evoloving technology
  4. diffcult to apply traditional security concepts like deterrence and retaliation
Use of cyber space by non state actors:
  • 32 lakh debit cards in India were compromised in 2016; 500m Yahoo accounts were breached
  • Mirai Botnet cyber attack in 2016 that brought down much of America's internet is one of the biggest so far
  • Wanna Cry Ransomware hit 150 countries, including US and Russia

CYBER CRIMES IN INDIA
  • According to ASSOCHAM, surge of ~350% in cybercrime cases registered bw 2011-14
  • cyber-attacks on government sector doubled from 7% in 2015 from 14% in 2016
  • Legion attack - hacker group broke into Twitter accounts of Congress party, its Vice President and other popular people. Claim to be in possession of servers of Apollo hospitals.

Critical Information Infrastructure: IT Act 2000 defines CII as the computer resource - the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety. Such as telecommunication networks, online payment gateways, electronic stock trading.
Factors which render CII as preferred targets:
  1. Adversary nations: due to concealed origin and lack of conventional restrictions of being in proximity. Ex. cyber-attacks by Russia on Georgia, use of Stuxnet malware to damage Iran’s nuclear facility.
  2. Embedded systems: since components of electronic devices are procured via global supply chains, possibility of tampering, insertion of malicious software.
  3. Insider Threat: of disgruntled/compromised employee, unintentional hiring of a hacker. Ex Edward Snowden.
  4. Lack of training: accidents

Financial Sector:
  • Attacks 3% in 2015 to 14% in 2016.
  • Biggest debit card fraud in Indian history - 32lakh debit cards compromised across 19 banks due to malware induced in Hitachi Payment Systems that provide ATMs and PoS machines.

Issues in India's Cyber Sec:
  1. Appointment of National Cyber Security Coordinator in 2014 has not been supplemented by creating liaison officers in the States.
  2. Computer Emergency Response Team (CERT-In) is understaffed.
  3. Electronic fraud is notoriously underreported in India. According to Interpol, less than 10% reported.
  4. Lack of voluntary, sector-specific standards for reporting data breaches nor industry backchannels for sharing confidential security information.
  5. Attitudinal factor - The continued perception has been that cyber security is “optional”. Most Indian companies don't make 2 factor authentication mandatory while using services such as Gmail.
  6. International threat of cyber war to the functionality of our defence services.
  7. Lot of equipment is imported, danger of tampering or malafide programming. Need vigorous testing.
  8. National Critical Information Infrastructure Protection Centre yet to be fully functional.

STEPS TAKEN BY GOVERNMENT OF INDIA
  1. Indian Common Criteria Certification Scheme (IC3S) by DEITY to evaluate and certify IT Security Products and Protection Profiles
  2. National Cyber Coordination Centre to scan the country’s web traffic to detect cyber security threats made operational
  3. Information Security Education and Awareness (ISEA) project with the aim to develop human resource
  4. Cyber Swachhta Kendra - Botnet Cleaning and Malware Analysis Centre
  5. Ground Zero Summit: Theme ‘Securing Digital India’
  6. National Critical Information Infrastructure Protection Centre (NCIIPC): nodal agency, 24×7 centre to take care of strategic areas such as air control, nuclear and space. Placed under National Technical Research Org.
  7. Sectoral CERTs for Defence and Finance.
  8. Establishment of Defence Information Assurance and Research Agency (DIARA) for cyber security issues of the tri services and Defence Ministry.
  9. Maharashtra - cyber-police station in each district and 51 cyber-crime labs with trained manpower and modern equipment.
  10. Measures by RBI:
    • directed banks to implement a security policy containing strategy for dealing with cyber threats and cyber hygiene measures.
    • notified the Cyber Security Framework
    • created a specialised cell (C-SITE) to conduct detailed IT examination of banks’ cyber security preparedness and identify the gaps

Information Technology (IT) Act 2000:
  • Provides a legal framework for transactions carried out by means of electronic data interchange and communication.
  • Amended in 2008 to deal with new forms of cyber-crimes like publicizing sexually explicit material in electronic form, video voyeurism, cyber terrorism, breach of confidentiality and leakage of data by intermediary and ecommerce frauds.
  • Provides for the Controller of Certifying Authorities - to license and regulate the working of Certifying Authorities which issues digital signature certificates for electronic authentication of users.
  • Cyber Appellate Tribunal

Indian Computer Emergency Response Team (CERT-in):
  • National Watch and Alert System where CERT-in scans cyber space in country 24x7
  • Functions according to IT Act, 2000:
    • Collection, analysis and dissemination of information on cyber incidents
    • Forecast and alerts
    • Emergency measures
    • Coordination efforts
  • Implementing National Information Security Assurance Programme (NISAP) to create awareness in government and critical sector organizations and adopt best practices.

National Cyber Security Policy 2013
  1. Set up different bodies to tackle various levels of threats
  2. Create a National Critical Information Infrastructure Protection Centre (NCIIPC)
  3. Create a workforce of around 500,000 trained in cyber security
  4. Provide fiscal benefits to businesses to adopt best security practices.
  5. Create testing labs to check safety of imported equipment.
  6. Cyber ecosystem and PPP
  7. Indigenous security technologies through research.

WAY FORWARD
  1. India can adopt suitable best practices from Budapest Convention (it is the only multilateral treaty on cyber security - but developing countries like India refused to join it becuase it was drafted wo consuting them)
  2. Implement a Cyber Crisis Management Plan.
  3. Cyber Security mock drills
  4. Currently, the only source of international guidelines on “cyber warfare” is the Tallinn Manual, a document that was put together by Western experts under the aegis of NATO. Need a more inclusive document.
  5. Concept of air gapping - ie isolate the critical infrastructures from the internet.
  6. International data protection law that facilitates quick information sharing with multinational companies which do not host domestic servers.
  7. Sensitise people
  8. Develop offensive capabilites
  9. China's cyber sec law has provisions of 'data localization' - requiring data to be hosted in local servers and 'security certification’ for important network equipment. Also specific requirements for ‘key industries’ like energy, transportation, finance etc. to maintain web logs of at least six months

*Section 79 of the Information Technology Act, 2000 acknowledges the limited role that internet intermediaries can play in filtering the flow of information by conferring on them immunity from liability with respect to third party information. In the landmark case on internet freedom, Shreya Singhal v Union of India, the Supreme Court held that an intermediary (like Google) becomes liable only if it violates a court order directing it to take down offensive material. 


Comments

Post a Comment

Popular posts from this blog

Longing For

Have you ever dreamt and failed to do so. How hard was your desire ? Often people fail being working hard it quite visible these days. Dreaming is easy as everyone can dream because it doesn't have any limits and it's no more aparthied.  Anyone one having a mind to think can dream , From a boy living  in the corner of the slums to the rich living in his luxurious Villa.  Dream has a sense of equality as it does discriminate and it has limitations too. One can dream about becoming a supreme leader which is quite possible  In contrary one cannot . becoming god , Becoming immorta which is not possible and beyond our knowledge . Everyone is not successful and successful people are the one who made their dreams come true. What are the qualities that makes one success ? Do successful persons are made or born ?  Do these qualities are innate to them ? There are many queries about this gut instinctness.        The desire which drives us to our destin...
Read more

E- Learning

          E- learning is a method of learning by using various digital tools and elctronic media.It is a online learning where the student can access his materials / lectures /Work, at any place and time. It is a easy method of learning when comapred with tradtional way of learning. It had enabled the opportunites to learn from anywhere, (Ex- A student from remote area can get high class education through e - learning )                It is a emerging technology in the recent years due to its advantages. The pandemic has disrupted the children's education, as it stalled the classes and examinations. In this outbreak, there was shift in eduaction system as the world went for E- learning.  E - learning has got wide attention due to its accessbilty , Flexibility and convenience. It has removed Social, Economic barriers, becoming the common platform to everyone, Accesibility of e- learning needs a device and internet conn...
Read more