Cyber Attacks in India

Context: Recently, the premier medical institute in the country, the All India Institute of Medical Sciences New Delhi (AIIMS) was crippled by a major cyberattack.

About Cyberattacks:

• Cyberattacks are unwelcome attempts to steal, expose, alter, disable or destroy information through unauthorized access to computer systems.
• Typically, such forms of attacks to keep networks from functioning after encrypting data, are carried out by ransomware-seeking entities and organisations are sent demands which are often negotiated and paid without informing law enforcement.
• Cyberterrorism: It is often defined as any premeditated, politically motivated attack against information systems, programs and data that threatens violence or results in violence.

Reasons for increasing Cyber Attacks in India

• Increasing dependency on technology: As we grow faster, more and more systems are being shifted to virtual space to promote access and ease of use.
  • However, the downside to this trend is the increased vulnerability of such systems to cyber-attacks.
  • For e.g., there is a concern of widespread damage and huge loss if hackers are able to intrude into the nuclear, financial or energy systems of a country.
  • Growing digital reliance in the post-COVID era has exposed digital disparities which must be bridged through capacity building.
• There’s a sophisticated use of cyberspace by terrorists to broaden their propaganda and incite hatred.
• Lack of robust law enforcement mechanisms: India’s approach to cyber security has so far been ad hoc and unsystematic.
  • Despite a number of agencies, policies and initiatives, their implementation has been far from satisfactory.
• Adverse relations with China: China is considered one of the world leaders in information technology. Therefore, it is expected to have capabilities to disable or partially interrupt the information technology services in another country.
  • Combined with the recent border standoff and violent incidents between the armies of the two countries, the adversity in relations is expected to spill over to attacking each other’s critical information infrastructure.
• Asymmetric and covert warfare: Unlike conventional warfare with loss of lives and eyeball to eyeball situations, cyber warfare is covert warfare with the scope of plausible deniability, i.e., the governments can deny their involvement even when they are caught.
  • Similarly, even a small nation with advanced systems and skilled resources can launch an attack on a bigger power, without the fear of heavy losses.
  • Therefore, cyber warfare has increasingly become the chosen space for conflict between nations.
• Lack of International Coordination: International cooperation and consensus is missing in this field.
  • Low digital literacy among the general public and digital gaps amongst nations create an unsustainable environment in the cyber domain.
  • It is often reported that people are duped easily by click-baiting them into clicking interesting content, which often has malware attached to itself.

Suggestive measures to mitigate cyberattacks:

• Cyber readiness: That strategy will be a guiding document to motivate and monitor the preparedness of cyber readiness of institutes and also enhance capacity on many fronts including forensics, accurate attribution and cooperation.
• Budgetary preference: Significant budgets have to be allocated by various ministries to ensure that cyber security measures don’t remain the last priority.
• Need of the national cyber security strategy: This incident is a wake-up call for organisations across sectors to shore up cyber security measures, it is also important to push and announce the national cyber security strategy.
• Capacity enhancement: The capacity enhancement for the National Critical Information Infrastructure Centre (NCIIPC) and CERTIn has to be undertaken to address the emerging sophisticated nature of threats and attacks and sectoral CERTs have to be set up for many areas including health.
• International cooperation: International cooperation on countering cyber-attacks has to gain more teeth beyond the Group of Governmental Experts (GGE) meetings and the US-led Counter Ransomware Initiative (CRI) of 37 countries and the European Union.

Major Government Initiatives for Cyber Security:

• CERT-In: It is an organisation of the Ministry of Electronics and Information Technology with the objective of securing Indian cyberspace.
• Cyber Surakshit Bharat Initiative: It is an initiative from the Ministry of Electronics and Information Technology (MeitY) that aims at creating a robust cybersecurity ecosystem in India. This program was in association with the National e-Governance Division (NeGD).
• National Critical Information Infrastructure Protection Centre: NCIIPC is a central government establishment, formed to protect critical information of our country, which has an enormous impact on national security, economic growth, or public healthcare.
• Indian Cyber Crime Coordination Centre (I4C): The MHA launched this I4C Indian Cyber Crime Coordination Centre program to combat cybercrime in the country, through a coordinated and efficient method.
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): It is an installation under the Ministry of Electronics and Information Technology (MeitY).
• Information Technology Act, 2000: IT Act of 2000 came into effect in India on 09 June 2000. IT Act states in its preamble that the purpose of the legislation is to provide legal recognition to electronic transactions.

Way Forward:

Human resource is crucial and there is an urgent need to create an informal Indian team of Cyber Warriors. The critical infrastructure managers should also be well trained in cyber warfare and well equipped with all the technologies for isolating viruses and attacks.

There should be a reward for white hackers who can highlight their shortcomings. The managers and Common mass must be made aware. There is also a need to enhance the general awareness levels of the government installations as well as the general public to counter such threats.

Separate wing under Army or Navy as Cyber Command on lines of US is required to establish along with a futuristic National Cyber-Security Policy which allocates adequate resources and addresses the concerns of the stakeholders. Similarly, there is a need for quicker up-gradation of the existing infrastructure as information technology is a fast-evolving field and there is a need to stay ahead of the competition.

Source: Indian Express