UPSC Articles
SECURITY/ GOVERNANCE
- GS-3: Cyber Security and its challenges
- GS-3: Government policies and interventions for development in various sectors and issues arising out of their design and implementation.
Cyber Threats
Context: Estimates of the cost to the world in 2020 from cyber-attacks/ cyber crimes is believed to be more than $1 trillion and in 2021 it is likely to range between $3trillion-$4 trillion.
- US defence secretary warned that the world had to prepare for a kind of ‘cyber Pearl Harbour’, highlighting a new era of potential vulnerabilities.
- However, the West seemed to lose its way on how to deal with the emerging cyber threat. Each succeeding year witnessed no change in the method of response despite an increase in cyber threats.
Sectors that are vulnerable
- According to experts, among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments.
- In the Information age, data is gold. Credential threats and the threat of data breaches, phishing, and ransomware attacks, apart from major IT outages, are expected to be among the main concerns
- Vast majority of cyber attacks are directed at small and medium sized businesses, and it is likely that this trend will grow.
- Ransomware is increasing in intensity and is tending to become a near destructive threat, because there are many available soft targets. Statistics in this regard are also telling, viz., that new attacks are taking place every 10 seconds.
- The huge security impact of working from home (accelerated by Pandemic) is likely to further accelerate the pace of cyber attacks. A rash of attacks is almost certain to occur on home computers and networks
- According to experts, a tendency seen more recently to put everything on the Cloud could backfire, causing many security holes, challenges, misconfigurations and outages.
Issue of low clarity
- Despite evidence, cyber security experts appear to be floundering in finding proper solutions to the ever widening cyber threat
- Devising standard methodologies may not ensure protection from all-encompassing cyber attacks. Some of the standard methodologies suggested are:
- Technology geeks are insisting on every enterprise incorporating SASE — Secure Access Service Edge — to reduce the risk of cyber attacks.
- Additional solutions are being proposed such as CASB — Cloud Access Security Broker — and SWG — Secure Web Gateway — aimed at limiting the risks to users from web-based threats.
- Zero Trust Model that puts the onus on strict identity verification ‘allowing only authorized and authenticated users to access data applications may not be effective in the face of the current wave of cyber attacks.
- While the West focused on ‘militarization’ of the cyber threat, and how best it could win with its superior capabilities, valuable time was lost that led to misplaced ideas and erroneous generalisations.
Way Ahead
- A detailed study of the series of low- and medium-level proactive cyber attacks that have occurred during the past decade is needed.
- Individual companies need to be prevented from tradeoffs — between investing in security and maximising short-term profits. One needs to make aware that inadequate corporate protection could have huge costs for company and thus persuade & support these companies to adopt cyber security in their operations.
- Nations and institutions, instead of waiting for the ‘Big Bang cyber attack’, should actively prepare for a rash of cyber attacks — essentially ransomware — mainly directed at available data.
- Consequently, law enforcement agencies would need to play a vital role in providing effective defence against cyber attacks.
- While solving the technical side is ‘one part of the solution, networks and data structures need at the same time to prioritise resilience through decentralised and dense networks, hybrid cloud structures, redundant applications and backup processes’.
- This implies ‘planning and training for network failures so that individuals could adapt and continue to provide service even in the midst of an offensive cyber campaign’.
Connecting the dots: