CYBER SECURITY

CYBER SECURITY

  • As per Information Technology Act, 2000, “Cyber security means protecting information, equipment, devices computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction.”
  • Cyber Securityis protecting cyber space including critical information infrastructure from attack, damage, misuse and economic espionage.
  • Cyber Space:A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
  • Critical Information Infrastructure:According to Section 70(1) of the Information Technology Act, CII is defined as a “computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety”.

 

CYBER ATTACK

  • Cyber Attack:It is a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization.

A) Motives behind Cyber Attacks

  • To seek commercial gain by hacking banks and financial institutions.
  • To attack critical assets of a nation.
  • To penetrate into both corporate and military data servers to obtain plans and intelligence.
  • To hack sites to virally communicate a message for some specific campaign related to politics and society.

B) Types of Cyber Attacks

  • Malware, short for malicious software refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spy ware, Worms, viruses, and Trojans are all varieties of malware.

 

 

  • Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites.
  • Denial of Service attacks: A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
  • Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
  • SQL Injection:
    • SQL (pronounced “sequel”) stands for Structured Query Language, a programming language used to communicate with databases.
    • Many of the servers that store critical data for websites and services use SQL to manage the data in their databases.
    • A SQL injection attack specifically targets such kind of servers, using malicious code to get the server to divulge information it normally wouldn’t.
  • Cross-Site Scripting (XSS):
    • Similar to an SQL injection attack, this attack also involves injecting malicious code into a website, but in this case the website itself is not being attacked.
    • Instead the malicious code the attacker has injected, only runs in the user’s browser when they visit the attacked website, and it goes after the visitor directly, not the website.
  • Social engineering is an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.

C) Recent cyber-attacks in India

  • WannaCry: It was a ransomware attack that spread rapidly in May, 2017. The ransomware locked users’ devices and prevented them from accessing data and software until a certain ransom was paid to the criminals. Top five cities in India (Kolkata, Delhi, Bhubaneswar, Pune and Mumbai) got impacted due to it.
  • Mirai Botnet: Mirai is malware that infects smart devices that run on ARC processors, turning them into a network of remotely controlled bots or zombies. This network of bots, called a botnet, is often used to launch Distributed Denial of Service (DDoS) attacks. In September 2016, Mirai malware launched a DDoS attack on the website of a well-known security expert.
  • Cosmos Bank Cyber-Attack in Pune 
  • A recent cyber-attack in India 2018 was deployed on Cosmos Bank in Pune. This daring attack shook the whole banking sector of India when hackers siphoned off Rs.94.42 crore from Cosmos Cooperative Bank Ltd. in Pune. Hackers hacked into the bank’s ATM server and took details of many visas and rupee debit cardholders. Money was wiped off while hacker gangs from around 28 countries immediately withdrew the amount as soon as they were informed.
  • ATM System Hacked 
    • Around mid-2018, Canara bank ATM servers were targeted in a cyber-attack. Almost 20 lakh rupees were wiped off from various bank accounts.
    • Count of 50 victims was estimated and according to the sources, cyber attackers held ATM details of more than 300 users. Hackers used skimming devices to steal information of debit cardholders. Transactions made from stolen details amounted from Rs.10,000 to the maximum amount of Rs.40,000.
  • UIDAI Aadhaar Software Hacked
  • 2018 started with a massive data breach of personal records of 1.1 Billion Indian Aadhaar cardholders. UIDAI revealed that around 210 Indian Government websites had leaked Aadhaar details of people online.
  • Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and mostly every personal information of all individual cardholders. If it wasn’t enough shocking, anonymous sellers were selling Aadhaar information of any person for Rs.500 over Whatsapp. Also, one could get any person’s Aadhaar car printout by paying an extra amount of Rs.300.
  • Hack Attack on Indian Healthcare Websites 
  • Indian-based healthcare websites became a victim of cyber-attack recently in 2019. As stated by US-based cyber-security firms, hackers broke in and invaded a leading India-based healthcare website. The hacker stole 68 lakh records of patients as well as doctors.
  • SIM Swap Scam
  • Two hackers from Navi Mumbai were arrested for transferring 4 crore rupees from numerous bank accounts in August 2018. The illegally transferred money from bank accounts of many individuals.

By fraudulently gaining SIM card information, both attackers blocked individuals’ SIM cards and by the help of fake document posts, they carried out transactions via online banking. They also tried to hack accounts of various targeted companies

 

OTHER FORMS OF CYBER THREATS

A) Cyber Terrorism

  • Acts of Terrorism related to cyber space or act of terrorism executed using Cyber technologies is popularly known as ‘cyber terrorism’.

 

 

  • It should be noted here that if they create panic by attacking critical systems/infrastructure, there is no need for it to lead to violence. In fact such attacks can be more dangerous.
  • Besides, terrorists also use cyberspace for purposes like planning terrorist attacks, recruiting sympathizers, communication purposes, command and control, spreading propaganda in form of malicious content online to brain wash, funding purposes etc. It is also used as a new arena for attacks in pursuit of the terrorists’ political and social objectives.

B) Cyberwarfare

  • Oxford Dictionary defines Cyberwarfare as “The use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes.”
  • These hostile actions against a computer system or network can take any form. On one hand, it may be conducted with the smallest possible intervention that allows extraction of the information sought without disturbing the normal functioning of a computer system or network.
  • This type of intervention is never notice by user and is continuing.Other type may be destructive in nature which alters, disrupts, degrades, or destroy anadversary’s computer systems

 

 

 

 

C) Cyber Espionage

  • As per Oxford dictionary, Cyber espionage is “The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.”
  • It is generally associated with intelligence gathering, data theft and, more recently, with analysis of public activity on social networking sites like Facebook and Twitter. These activities could be by criminals, terrorists or nations as part of normal information gathering or security monitoring.
  • Examples of Cyber Espionage include- 2014 hacking of major US companies to steal trade secrets by Chinese officials; Titan Rain;
  • Moonlight Maze; NSA surveillance Program as revealed by Edward Snowden in USA.

 

 

 

 

 

IMPORTANCE OF CYBERSPACE

A) Cyber Security has assumed strategic and critical importance because of following reasons:

  • Cyberspace has become key component in the formulation and execution of public policies.
  • It is used by government to process and store sensitive and critical data which if compromised can have devastating impact.
  • Taking down cyberspace will result into disruption of many critical public services likerailways, defense systems, communication system, banking and other financial system etc.
  • Several states are developing the capabilities in the area of cyberattacks which can alter outcomes in the battlefield.
  • Individuals are using internet based services at a growing pace making them vulnerable to cybercrimes, such as- online bank frauds, surveillance, profiling, violation of privacy etc.

B) Challenges in defending cyberspace

  • Diffused and intangible threat in the absence of tangible perpetrators coupled with low costs of mounting an attack makes it difficult to frame an adequate response.
  • Difficult to locate the attacker who can even mislead the target into believing that the attack has come from somewhere else.
  • Absence of any geographical constraints enabling attackers to launch attack anywhere on the globe
  • Need of international cooperation – Cyberspace are inherently international even from the perspective of national interest. It is not possible for a country to ignore what is happening in any part of this space if it is to protect the functionality of the cyberspace relevant for its own nationals.
  • Rapidly evolving technology needs investment, manpower and an ecosystem to keep track of global developments, developing countermeasures and staying ahead of the competition.
  • Non-existence of foolproof security architecture due to low resources requirement for attacker to launch attack coupled with potential bugs in any system
  • Human element in cybersecurity – Target users, themselves, make mistakes and fall prey to cyberattack. Most sophisticated cyberattacks have all involved a human element: Stuxnet needed the physical introduction of infected USB devices into Iran’s nuclear facilities; the 2016 cyber-heist of $950 million from Bangladesh involved gullible (or complicit) bankers handing over SWIFT codes to hackers.

 

 

 

COMPONENTS OF CYBER SECURITY

  • Application Security: It encompasses measures or counter-measures that are taken during an application’s development process to protect it from threats that can come through flaws in the app design, development, deployment, upgrade or maintenance.
  • Information security: It is related to the protection of information from an unauthorized access to avoid identity theft and to protect privacy.
  • Network Security: It includes activities to protect the usability, reliability, integrity and safety of the network.
  • Disaster Recovery Planning: It is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of an attack.

 

NEED FOR CYBER SECURITY

  • For Individuals: Photos, videos and other personal information shared by an individual on social networking sites can be inappropriately used by others, leading to serious and even life-threatening incidents.
  • For Business Organizations: Companies have a lot of data and information on their systems. A cyber attack may lead to loss of competitive information (such as patents or original work), loss of employees/customers private data resulting into complete loss of public trust on the integrity of the organization.
  • For Government: A local, state or central government maintains huge amount of confidential data related to country (geographical, military strategic assets etc.) and citizens. Unauthorized access to the data can lead to serious threats on a country.

 

 

 

INTERNATIONAL MECHANISMS

  • The International Telecommunication Union (ITU) is a specialized agency within the United Nations which plays a leading role in the standardization and development of telecommunications and cyber security issues.
  • Budapest Convention on Cybercrime: It is an international treaty that seeks to address Internet and computer crime (cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It came into force on 1 July 2004. India is not a signatory to this convention.
  • Internet Governance Forum (IGF): It brings together all stakeholders i.e. government, private sector and civil society on the Internet governance debate. It was first convened in October–November 2006.
  • Internet Corporation for Assigned Names and Numbers (ICANN): It is a non-profit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the network’s stable and secure operation. It has its headquarters in Los Angeles, U.S.A.

 

LAWS RELATED TO CYBER SECURITY IN INDIA

A) Information Technology Act, 2000

  • The act regulates use of computers, computer systems, computer networks and also data and information in electronic format.
  • The act lists down among other things, following as offences:
    • Tampering with computer source documents.
    • Hacking with computer system
    • Act of cyber terrorism i.e. accessing a protected system with the intention of threatening the unity, integrity, sovereignty or security of country.
    • Cheating using computer resource etc.

Criticisms of the Information Technology Act

  • The issues relating to confidential information and data of corporates and their adequate protection have not been adequately addressed.
  • The maximum damage, by way of compensation, stipulated by the cyber law amendments is Rs.5 crore. This is a small figure and hardly provides any effective relief to corporates.
  • The issue pertaining to spam has not been dealt with in a comprehensive manner. In fact, the word ‘spam’ is not even mentioned anywhere in the IT Amendment Act. It is pertinent to note that the countries like U.S.A., Australia and New Zealand have demonstrated their intentions to fight against spam by coming across with dedicated anti-spam legislations.
  • This make India a heaven as far as, spam is concerned.
  • It does not address jurisdictional issues. Numerous activities on the internet take place in different jurisdictions and that there is a need for enabling the Indian authorities to assume enabling jurisdiction over data and information impacting India, in a more comprehensive way than in the manner as sketchily provided under the current law.

B) Strategies under National Cyber Policy, 2013

  • Creating a secure cyber ecosystem.
  • Creating mechanisms for security threats and responses to the same through national systems and processes.
    • National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.
  • Securing e-governance by implementing global best practices, and wider use of Public Key Infrastructure.
  • Protection and resilience of critical information infrastructure with the National Critical Information Infrastructure Protection Centre (NCIIPC) operating as the nodal agency.
    • NCIIPC has been created under Information Technology Act, 2000 to secure India’s critical information infrastructure. It is based in New Delhi.
  • Promoting cutting edge research and development of cyber security technology.
  • Human Resource Development through education and training programs to build capacity.

Challenges

  • Increased use of mobile technology and internet by people.
  • Proliferation of Internet of Things (IoT) and lack of proper security infrastructure in some devices.
  • Cyberspace has inherent vulnerabilities that cannot be removed.
  • Internet technology makes it relatively easy to misdirect attribution to other parties.
  • It is generally seen that attack technology outpaces defence technology.
  • Lack of awareness on Cyber security.
  • Lack of Cyber security specialists.
  • Increased use of cyberspace by terrorists.

 

INSTITUTIONAL FRAMEWORK

A) National Cybersecurity Coordination Centre (NCCC)

  • It is India’s cyberspace intelligence agency which will conduct security and electronic surveillance. It aims to screen communications metadata and work in close coordination with various law-enforcement agencies for intelligence gathering.
  • The body, functioning under the IT ministry, would strengthen the country’s cybersecurity posture. Some have expressed concern that the body could encroach on citizens’ privacy and civil-liberties, given the lack of explicit privacy laws in the country.

B) India’s Computer Emergency Respose Team (CERT-In)

  • The CERT-In has been established to thwart cyber-attacks in India. It is mandated under the IT Amendment Act, 2008 to serve as the national agency in charge of cyber security.
  • Charter- “The purpose of the CERT-In is, to become the nation’s most trusted referral agency of the Indian Community for responding to computer security incidents as and when they occur”
  • Mission- “To enhance the security of India’s Communications and Information Infrastructure through proactive action and effective collaboration.”
  • Constituency – The CERT-In’s constituency is the Indian Cyber-community.

CERT-Fin has also been established based as a specialized agency on the recommendation of a sub-committee of the Financial Stability and Development Council (FSDC) to tackle threats related to financial sector

 

CHALLENGES – CYBER SECURITY IN INDIA

A) Structural

  • The rapid rate of growth of this sector in both scope and meaning of cybersecurity.
  • Internet, by its design, has been created for openness and connectivity and not for ensuring security and protection from unauthorized access.

B) Administrative

  • Lack of best practices and statutory backing for the same, e.g.- India does not have norms of disclosure.
  • The government is yet to identify and implement measures to protect “critical information infrastructure”.
  • The appointment of National Cyber Security Coordinator in 2014 has not been supplemented by the creating liaison officers in states.

C) Human Resource Related

  • Huge under-staffing of Cert-In.
  • Attitudinal apathy of users towards issues of cybersecurity.

D) Procedural

  • Lack of awareness in local police of various provisions of IT Act, 2000 and also of IPC related to cybercrimes.
  • Post-demonetisation, government has pushed the citizenry to go ‘cashless’, without building capacity and awareness on the security of devices or transactions thus increasing vulnerability.
  • Also, the core infrastructure elements of a smart city cover urban mobility, water and electricity supply, sanitation, housing, e-governance, health and education, security and sustainability, all bounded and harnessed by the power of information technology (IT).
  • Given the massive use of IT in the delivery and management of core infrastructure services, the volume of citizen data generated in a smart city is expected to grow exponentially over time. The current IT Act might not give adequate protection to the citizen data that smart cities will generate.

 

RECENT STEPS TAKEN BY GOVERNMENT

  • Cyber Surakshit Bharat Initiative: It was launched in 2018 with an aim to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
  • National Cyber security Coordination Centre (NCCC): In 2017, the NCCC was developed. Its mandate is to scan internet traffic and communication metadata (which are little snippets of information hidden inside each communication) coming into the country to detect real-time cyber threats.
  • Cyber Swachhta Kendra: In 2017, this platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.
  • Training of 1.14 Lakh persons through 52 institutions under the Information Security Education and Awareness Project (ISEA) – a project to raise awareness and to provide research, education and training in the field of Information Security.
  • International cooperation: Looking forward to becoming a secure cyber ecosystem, India has joined hands with several developed countries like the United States, Singapore, Japan, etc. These agreements will help India to challenge even more sophisticated cyber threats.

 

 

 

GLOBAL INITIATIVES

A) Budapest Convention

  • It is the only multilateral treaty on cyber security that addresses Internet and computer crime
  • Its focus is on harmonizing national laws, improving legal authorities for investigative techniques and increasing cooperation among nations.
  • Developing countries including India have not signed it stating that the developed countries lead by the US drafted it without consulting them

B) Ground Zero Summit

  • Ground Zero Summit is the largest collaborative platform in Asia for Cyber security experts and researchers to address emerging cyber security challenges and demonstrate cutting-edge technologies.
  • It is the exclusive platform in the region providing opportunities to establish andstrengthen relationships between corporate, public sector undertakings (PSUs), government departments, security and defense establishments.
  • The Summit gets its name from a piece of ancient Indian history. India is the ground wherezero was discovered and zero is integral part of digital systems.
  • It is being organized by the Indian Infosec Consortium (IIC), which is an independent notfor-profit organization formed by leading cyber experts.
  • Aim of the summit: The summit was organized to deliberate upon various issues related tocyber security challenges emerging due to the latest technological developments.
  • The theme for the Summit – Digital India – ‘Securing Digital India’

C) ICANN

  • ICANN, or the Internet Corporation for Assigned Names and Numbers, is a non-profit public benefit corporation and also a global multi-stakeholder organization that was created by the U.S. government.
  • It coordinates the Internet Domain Name Servers, IP addresses and autonomous system numbers, which involves a continued management of these evolving systems and the protocols that underlie them.
  • While ICANN began in the U.S. government, it is now an international, community-driven organization independent of any one government.
  • ICANN collaborates with a variety of stakeholders including companies, individuals, and governments to ensure the continued success of the Internet. It holds meetings three times a year, switching the international location for each meeting.

 

WAY FORWARD

  • Real-time intelligence is required for preventing and containing cyber attacks.
  • Periodical ‘Backup of Data’ is a solution to ransomware.
  • Using Artificial Intelligence (AI) for predicting and accurately identifying attacks.
  • Using the knowledge gained from actual attacks that have already taken place in building effective and pragmatic defence.
  • Increased awareness about cyber threats for which digital literacy is required first.
  • India needs to secure its computing environment and IoT with current tools, patches, updates and best known methods in a timely manner.
  • The need of the hour for Indian government is to develop core skills in cyber security, data integrity and data security fields while also setting stringent cyber security standards to protect banks and financial institutions.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *