3. What are the most potent threats to India’s cyberspace today? Explain. What are the institutional arrangements in place to address these threats? Examine.
आज भारत के साइबर स्पेस के लिए सबसे प्रबल खतरे क्या हैं? स्पष्ट करें। इन खतरों को दूर करने के लिए संस्थागत व्यवस्थाएं क्या हैं? जांच करें।
Demand of the question:
It expects students to write about the most potent threats to India’s cyberspace along with efficiency of institutional arrangement in place to address these threats.
A cyber security firm Cyfirma has warned against a potential cyber attack from hacking groups in China in retaliation for the violent clashes between armed forces in India and China. Reports of ‘incident’ happened in Kudankulam Nuclear power plant in last September was related to cyber security, highlights threats posed to cyberspace of India by various elements based in national and international arena.
As the lack of digital literacy, substandard quality of devices used to access internet, import dependence, lack of skilled manpower makes Indian cyberspace vulnerable to cyber threats. The digital economy today comprises 14-15% of India’s total economy, and is targeted to reach 20% by 2024. India has more than 120 recognised data centres and clouds. The average data consumption per person a year is in the range of 15-20 gigabits.
Threats to India’s cyberspace:
- Threats to Critical information infrastructure: As it is essential to the functioning of a modern economy, security and other essential social services. Critical information sectors in India include Power, ICT/Communication, Finance/Banking, Transport and e-governance. A minor disruption at one point could have a rippling effect across multiple infrastructures.
- As tool of Proxy warfare: China has built strong ‘cyber offense force’. Hacking groups of Pakistan and China, external intelligence agency of Pakistan has started using cyber space as tool to attack security and economic infrastructure, which might hamper India’s growth trajectory. These countries are acquiring offensive capabilities by building bits of software called ‘cyber weapons’ to do enormous damage to the adversary’s networks.
- Threat to economic security: Sectors such as healthcare, retail trade, energy and media face advance persistent threats (APTs), as the latest reports of an Israeli spyware allegedly used to spy on Indian journalists and human rights activists attest. These incidents relating to data leakage, ransom ware, ATM/credit cards denial of service, diversion of network traffic intrusion in IT systems and networks using malware are on rise.
- Threat to IT infrastructure: As India is renowned IT service provider to the rest of the world; compromise on the security of IT infrastructure will be huge risk to India’s service sector.
- Advance technologies: With more inclusion of artificial intelligence (AI), machine learning (ML), data analytics, cloud computing and Internet of Things (IoT), cyberspace has become a complex domain, giving rise to threats of complex nature. Attacks on embedded systems and IoT have also registered a sharp increase of late. Such incidents are being launched from cyberspace of different international jurisdictions.
Institutional arrangements in India:
- National Critical Information Infrastructure Protection Centre (NCIIPC) to battle cyber security threats in strategic areas such as air control, nuclear and space. It will function under the National Technical Research Organisation, a technical intelligence gathering agency controlled directly by the National Security Adviser in PMO.
- National cyber coordination centre (NCCC) to scan internet traffic coming into the country and provide real time situational awareness and alert various security agencies.
- A new Cyber and Information Security (CIS) Division has been created to tackle internet crimes such as cyber threats, child pornography and online stalking.
- Under this, Indian cyber- crime coordination centre (I4C) and Cyber Warrior Police force has also been established.
- Ministry of Defence formed Defence Cyber Agency in the realm of military cyber security. Indian Computer Emergency Response Team (CERT-in) to enhance the security of India’s Communications and Information Infrastructure through proactive action and effective collaboration.
- CERT-fin has also been launched exclusively for financial sector. CERT-in is also operating Cyber Swachhta Kendra, a Botnet Cleaning and Malware Analysis Centre.
- Government inaugurated the new body National Information Centre Computer Emergency Response Team (NIC-CERT) to prevent and predict cyber-attacks on government utilities.
- Cyber Surakshit Bharat Initiative to strengthen Cyber security ecosystem in India. It is first public private partnership of its kind and will leverage the expertise of the IT industry in cyber security.
- Information Technology Act, 2000 (amended in 2008) to provide a legal framework for transactions carried out by means of electronic data interchange, for data access for cyber security.
Steps to be taken:
- There is need to strengthen National Cyber security Coordinator (NCC) to bring about much-needed synergy among various institutions and work out a coordinated approach to cyber security, including cyber deterrence.
- India needs to make a proper assessment of an offensive cyber doctrine.
- National cyber security strategy, 2020 is need of the hour to ensure a safe, secure, trusted, resilient and vibrant cyber space for our Nation’s prosperity.
- The concept of ‘active cyber defence’ is generally being adopted to address the new challenges; India should devise its own strategy on the lines of Examples like EU’s General Data Protection Regulation (GDPR).
As the global multi-stakeholder model of internet governance is showing cracks. UN could not decide norms of global cyber behaviour. India should not left behind in advancement in fields of cyber security and need to rethink joining Budapest convention on cyber security.
Stress on development of cutting edge technology in the field of cyber security along with capacity of skilled human resources can make Indian cyber space robust, irrespective of changing norms of cyber behaviour at global level. Priority to cyber security is no longer optional but one of the pillar of India’s internal and external security.