National Cybersecurity Strategy

Context: The National Security Council Secretariat (NSCS) has formulated a draft National Cyber Security Strategy which looks at addressing the issue of security of national cyberspace.

About National Security Council:

• The National Security Council (NSC) of India is an executive government agency tasked with advising the Prime Minister’s Office on matters of national security and strategic interest.
• It was established by the former Prime Minister of India Atal Bihari Vajpayee on 19 November 1998, with Brajesh Mishra as the first National Security Advisor.
• Prior to the formation of the NSC, these activities were overseen by the Principal Secretary to the preceding Prime Minister.

Members:

• Besides the National Security Advisor (NSA), the Deputy National Security Advisors, the Ministers of Defence, External Affairs, Home, Finance of the Government of India, and the Vice Chairman of the NITI Aayog are members of the National Security Council.
• Prime Minister can chair the meeting of NSC (for e.g. – PM chaired the meeting of NSC Post Pulwama to discuss heightened tension with Pakistan). Other members may be invited to attend its monthly meetings, as and when it is required.

Organisational structure

• The NSC is the apex body of the three-tiered structure of the national security management system in India.
• The three tiers are the Strategic Policy Group, the National Security Advisory Board and a secretariat from the Joint Intelligence Committee.

About National Cyber Security Strategy:

• Aim: It proposes a separate legislative framework for cyberspace and the creation of an apex body to address threats, responses and complaints.
• The policy will focus on both threat assessment and response.
• Need: The existing legal and regulatory frameworks do not address the evolving threat scenarios or processes to combat the cyber incidents.
• There is no dedicated body to look after cyber security at present and no one that you can hold accountable.
• Currently, the response to cyber security threats can be taken under the information technology act and the Indian Penal Code.
• Other provisions:
  • It aims to create a comprehensive system with both state-owned and private companies having to comply with cybersecurity standards.
  • It provides for a periodic cyber audit and recommends annual reviews by the apex body that will be created.
  • A centre of excellence will also be set up in Bangalore to further innovations in the area.

Key facts:

• Till November 2022, a total of 12,67,564 cyber security incidents were reported.
• In 2021, the authorities had recorded 14,02,809 such events compared to 11,58,208 in 2020 and 3,94,499 in 2019.
• Ransomware attacks jumped 51% in 2022. Maharashtra was the most targeted state in India facing 42% of all ransomware attacks.
• Cyber thieves also exploited legitimate tools like “AnyDesk” used for remote administration.

Reasons for increasing Cyber Attacks:

• Adverse relations with China: China is considered one of the world leaders in information technology.
  • Therefore, it is expected to have capabilities to disable or partially interrupt the information technology services in another country.
  • Combined with the recent border standoff and violent incidents between the armies of the two countries, the adversity in relations is expected to spill over to attacking each other’s critical information infrastructure.
• Asymmetric and covert warfare: Unlike conventional warfare with loss of lives and eyeball to eyeball situations, cyber warfare is covert warfare with the scope of plausible deniability, i.e., the governments can deny their involvement even when they are caught.
  • Similarly, even a small nation with advanced systems and skilled resources can launch an attack on a bigger power, without the fear of heavy losses.
• Increasing dependency on technology: As we grow faster, more and more systems are being shifted to virtual space to promote access and ease of use.
  • However, the downside to this trend is the increased vulnerability of such systems to cyber-attacks.

Issues with Cyber Security:

• Vulnerable points in the system: sometimes the third-party apps have built-in back door entry or may have malware attached to their installation file. Such issues can be addressed by effective user account control and careful monitoring of the system.
• State-sponsored Cyber Attacks: The problem with such state-sponsored attacks is the unlimited funding received by the hackers to break into the foreign systems.
• Low digital literacy among the public: While India is considered the world leader in the technology industry, the general level of awareness in India about internet etiquette is low.
• It is a continuous process: Cyber-attacks, by their very nature, are innovative and creative. They continue to evolve, and the next attack is more advanced than its previous version.
• Novel issues: Because of the ever-changing and fast evolving nature of technology, new issues keep creeping up in the IT sector.

Steps taken by the Government: The government aims at ensuring an open, safe, trusted and accountable Internet for the users.

• The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on an ongoing basis.
  • CERT-In operates the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) to detect malicious programmes and free tools to remove the same, and to provide cyber security tips and best practices for citizens and organisations.
• Security tips have been published for users to secure their desktops and mobile phones and to prevent phishing attacks.
• CERT-In and the Reserve Bank of India [RBI] jointly carry out a cyber security awareness campaign on ‘Beware and be aware of financial frauds’ through the Digital India Platform.
• The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs (MHA) has been designated as the nodal point in the fight against cybercrime.
• Pursuant to the United Nations General Assembly resolution 75/282: an ad-hoc committee to elaborate a ‘Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes’ was established with all the member states.
  • India being the member of the committee has proposed criminalisation of cyber terrorism under the said Convention.
• The MHA has issued National Information Security Policy and Guidelines to the Central Ministries as well as State governments and Union Territories with the aim of preventing information security breaches and cyber intrusions in the information and communication technology infrastructure.

Way Forward:

• The need of the hour is to come up with a futuristic National Cyber-Security Policy which allocates adequate resources and addresses the concerns of the stakeholders.
• Similarly, there is a need for quicker up-gradation of the existing infrastructure as information technology is a fast-evolving field and there is a need to stay ahead of the competition.
• There is a need to enhance the general awareness levels of the government installations as well as the general public to counter such threats.
• Often the private sector is seen as a key innovator and their help can be crucial in securing cyberspace.

Source:  The Hindu