[NEW] Flagship TS Batch 2 for IAS Prelims 2018 starts on 15th Sept

To join click here | Want a demo test? Click here | Have Q? Call us at 8823831311

Govt plans Bill with more teeth to tackle cyber crimes

Note4Students

Mains Paper 3: Basics of cyber security

The following things are important from UPSC perspective:

Prelims: Inter Ministerial Committee.

Mains level: Steps being taken by the government to tackle rising number of cyber attacks post demonetization.


News

Context

Post-demonetization a spurt in number of cyber crimes has been observed-

  1.  In 2016-17, 998 crore digital transaction were reported as compared to 552 crore in 2015-16 and 369 crore in 2014-15.
  2.  As many as 1,44,496 cyber security attacks have been observed in the country in the past three years.
  3. CBI in December last year registered multiple FIRs after e-wallet company, Paytm filed a complaint, alleging that its customers were cheated to the tune of Rs 9.41 lakh soon after demonestisation.
  4. According to RBI data made available to the MHA, as many as 16,468 complaints related to ATM fraud, debit and credit card misuse and net banking hacking were filed with them in 2015-16 as compared to 13,083 in 2014-15.

So, in order to tackle these problems, the government plans to bring a digital payment Bill to strengthen legal framework and enhance surveillance to check cyber crimes in the financial sector, including frauds targeting cards and e-wallets.

  1. An inter-ministerial committee headed by the home minister will be setup to first study existing laws to deal with cyber crimes and then propose new legislation.
  2. The inter-ministerial panel will have representatives from the RBI, financial services, ministry of electronics and information technology, Delhi police and the National Cyber Security Coordinator.
  3. The proposed legislation will not only deal with punishment and fine but it will also have measures to fix responsibility in cases where digital transactions land in any dispute.
  4. The Home Minister directed all agencies concerned to take required measures in a time-bound manner and emphasized on the coordination of all agencies in this regard.

 Way Forward

To contain the rising number of cyber attacks-

·          Capacity building of various stakeholders — such as police, judicial officers, forensic scientists as well as officials in the banking sector should be focused upon and both legal and technological steps needs to be taken to address the problem.

 

Post data leakage reports: Govt seeks data security details from mobile makers

Image Source

Note4students

Mains Paper 2: Governance | Government policies and interventions for development in various sectors and issues arising out of their design and implementation.

From UPSC perspective, the following things are important:

Prelims level: CERT

Mains level: Strategically important step by government.


News

Direction to prevent leakage of data

  1. The Indian Computer Emergency Response Team (CERT-In) has written to all 21 smartphone manufacturers operating in the country, including Chinese firms
  2. Why: To seek details of safety and security practices, architecture, frameworks, and standards put in place by manufacturers
  3. It is done to prevent leakage of data from handsets used by consumers

Objective of the exercise

  1. Through this exercise the government aims to scrutinise in hardware component as well as preloaded software and apps to find potential loopholes

Why this step?

  1. The step has implemented due to various cases of contacts and text messages being leaked in India as well as abroad
  2. According to government officals, further steps could be taken to contain the overall threat arising from “increasing Chinese business interest” in India
  3. The government is also undertaking a review of import of electronics and other IT products from China on account of fears about security and data leakages

Centre unveils steps to boost cybersecurity

  1. What: In an attempt to strengthen cyber security in India, the government on Friday announced a slew of measures
  2. Measure: All organisations having a significant IT infrastructure will need to appoint cyber security officers
  3. Cert-In is being strengthened
  4. State Certs are being planned by Maharashtra, Tamil Nadu, Telangana, Kerala and Jharkhand
  5. Three sectoral Certs in power sector — generation, transmission and distribution, have been set up, in addition to the banking one
  6. Further,  a National cyber coordination center is being set up to provide near real time situational awareness and rapid response at a cost of Rs 985 crore

Customers must be doubly vigilant: Security experts

  1. Event: India has been hit by one of its biggest financial security breaches compromising hundreds of thousands of debit cards
  2. Who bears the loss: According to experts, all banks are intermediaries under the Income Tax Act
  3. Under Section 79 of the Act they are mandated to do due diligence
  4. In case banks are negligent in doing this, leading to a loss, it is the banks that will have to bear the brunt of the loss
  5. But a bank may not be liable if it asks the customer to change his or her PIN but the customer chooses to ignore the advice

RBI asks banks to replace 17.5 lakh debit cards

  1. The RBI has asked banks to replace debit cards whose security is suspected to have been compromised after being used in some ATM’s
  2. The issue was first suspected by payment gateways such as Visa, Mastercard and Rupay
  3. Cards falling in the suspicious category and needing replacement would number about 17.5 lakh
  4. Debit cards and credit cards face security issues when unauthorised parties access confidential details embedded in the card
  5. Such access could happen even as the card is being used in an ATM

[op-ed snap] Towards a database nation

  1. Theme: An increase in surveillance measures by the government without appropriate public debate.
  2. Surveillance Measures and information databases in question: The Central Monitoring System, The National Intelligence Grid and the Aadhaar.
  3. The Central Monitoring System (CMS) is scanning citizens’ communication in real time in Delhi and Mumbai and its reach will be expanded gradually.
  4. CMS enables law enforcement agencies to get near real-time access to intercepted communication without the involvement of the telecommunications service provider.
  5. This raises concerns of potential surveillance excesses by the government and private information of citizens falling in the wrong hands. But this system has never been discussed meaningfully with the public, and no efforts have been made to explain what safeguards prevent its misuse.
  6. The National Intelligence Grid (NATGRID) which links multiple government databases will be operational next year. NATGRID is classified among the ‘intelligence and security’ organisations and is exempted from the Right to Information Act.
  7. Also, it is not known whether Aadhaar, with its access to citizens’ biometric identification and its connection with various databases like banking, health etc , will be a part of NATGRID.
  8. Additionally, various critical services have been made contingent on Aadhaar numbers.
  9. Also, it does not offer adults a way to withdraw consent and does not offer the next generation the opportunity to reverse their parents’ decisions.
  10. There is no mechanism/obligation on the part of government to inform the concerned citizens when their data is breached.
  11. There is no clarity on security of these databases despite major data breaches having been reported from entities ranging from the U.K. government to Adobe, Sony and Ashley Madison.
  12. Also, there has been no discussion on the consequences of a data breach.

India’s quest for self-reliant communication

  1. In recent months, India has stepped up efforts to become self-reliant in its communication networks
  2. ISRO is soon expected to operationalise the Indian Regional Navigation Satellite System (operational name- NAVIC)
  3. The Indian Air Force had recently teamed up with NPL to improve the accuracy of their time-keeping systems and reduce error to the range of microseconds

Setting computers to IST is just a matter of time

  1. What? CSIR has formally proposed to the Central government that all Indian computers be legally required to synchronise their clocks to the IST
  2. Globally: All countries require their computer infrastructure to synchronise to their local times
  3. Why? The time displayed on laptops or smartphones is derived from multiple American servers & is a few seconds off from the actual Indian time
  4. The frequent mismatches in the time stamps make it harder for Indian cyber security experts to investigate Internet-perpetrated frauds

Discuss: Who defines the Indian Standard Time (IST)?

Cybercrimes have risen 4-fold in 3 years

  1. Study: ‘Protecting Interconnected Systems in the Cyber Era’ by PwC and Assocham
  2. Findings: The number of cybercrime cases registered in India has risen by 350% in the three-year period from 2011 to 2014
  3. Earlier, attacks have been mostly initiated from countries such as the U.S., Turkey, China, Brazil, Pakistan, Algeria, Turkey, Europe, and the UAE
  4. However, with the growing adoption of the Internet and smart-phones, India has emerged as one of the favourite countries among cyber criminals
  5. Cyber attacks around the world are occurring at a greater frequency and intensity
  6. A new breed of cyber criminals has now emerged, whose main aim is not just financial gains but also causing disruption and chaos to businesses in particular and the nation at large
  7. Attackers can gain control of vital systems such as nuclear plants, railways, transportation or hospitals that can subsequently lead to dire consequences

Cabinet approves cyber security deal with UAE

  1. News: MoU signed between India and United Arab Emirates (UAE) on Technical Cooperation in Cyber Space and Combating Cyber-Crime
  2. Objective: To cooperate in combating cybercrime in the wake of the serious security threat posed by it to safety of people
  3. Cooperation in: cyber space and combating cyber-crime in all forms, particularly through coordination and exchange of information in relation with cyber crime
  4. Nodal Agency: Ministry of Home Affairs (MHA)
PIB

Learn about Project Shield

  1. Context: Project Shield is free and aims to help independent news organisations to be able to continue their work without the fear of being shut down
  2. Origin: Project Shield came out of Google Ideas (now renamed Jigsaw)
  3. Uses: Was used by about 100 sites focused on topics like human rights, election monitoring and independent political news
  4. Infra: It used Google’s security infrastructure to detect and filter attacks on these websites
  5. It is not just about protecting journalism but also about improving the health of the Internet
  6. How? by mitigating against a significant threat for publishers and people who want to publish content that some might find inconvenient

Project Shield to protect news sites from attacks

  1. Context: Google said it will open its ‘Project Shield’ technology to protect news sites and portals
  2. Aim: Shield portals related to human rights from attacks that threaten free expression and access to information
  3. Debate: The move comes at a time when there is a raging debate globally about freedom of expression for media firms & around privacy and security in the era of social media

U.S. had cyber-attack plans for Iran’s Fordo

  1. Context: In early years, US developed an elaborate plan for a cyber-attack on Iran in case diplomatic effort to limit its nuclear programme failed and led to a military conflict
  2. The Plan: code named Nitro Zeus, was designed to disable Iran’s air defences, communications systems and key parts of its power grid
  3. Relevance: Nitro Zeus was part of an effort to assure President Obama that he had alternatives, short of a full-scale war, if Iran lashed out at the US or its allies in region
  4. Cyber Plan: To disable the Fordo nuclear enrichment site, which Iran built deep inside a mountain near the city of Qum
  5. Importance of Fordo: It has considered one of the hardest targets in Iran, buried too deep for all but the most powerful bunker-buster in U.S. arsenal

Obama launches cyber-security ‘action plan’

  1. The president has called for an overhaul of aging government networks and a high-level commission to boost security awareness
  2. The announcement responds to an epidemic of data breaches and cyber attacks on both government and private networks in recent years
  3. Under this plan, Mr. Obama has asked for $19 billion for cyber-security efforts, a 35% increase from current levels, with $3 billion earmarked
  4. To help modernise the patchwork of computer systems used in government agencies
  5. An executive order for creating a 12-member cyber-security commission to make recommendations to both the public and private sectors has also been issued

CERT-In signs cyber security pacts with 3 nations

  1. CERT-In is the nodal agency responsible for dealing with cyber security threats.
  2. The Indian Computer Emergency Response Team (CERT-In) has signed cooperation pacts with Malaysia, Singapore and Japan for cyber security.
  3. The MoUs will promote closer cooperation for exchange of knowledge and experience in detection, resolution and prevention of security-related incidents.

India to hire US, Israel cyber security firms for terror intel

The aim is to plug the holes in our cyber security apparatus.

  1. India to monitor communication between terror modules, block content meant for radicalising youths.
  2. India and Israel are working on a mechanism to encourage start‐ups from both countries to work on cyber security solutions.
  3. Indian cyber security market is still at a nascent stage – Rs. 1,500 Cr while Israel is the biggest player followed by US.

Lets see dimensions of Cyber Security

  1. The increase in the use of IT has led to threats at cyber space level, manifesting in various forms.
  2. Cyber Crime – It involves use of cyber space for economic crimes or causing serious harm to someone either physically or virtually.
  3. Cyber Terrorism – It involves use of cyber space by a terrorist organisation to spread its propaganda and recruit new members.
  4. Cyber Warfare – In involves a attack on critical information architecture of another country.

Cyber security is no longer just about protection

  1. The nature and scale of threats organisations are facing have changed the dimensions of cyber security.
  2. It’s no longer about protection alone, but also about hunting down new malware.
  3. The industry has moved from protection to threat defence lifecycle, which involves protection, detectionand correction.

Cybercrime hit half of India’s Net users: study

  1. The security services firm Norton says that nearly half of India’s netizens affected by cyber-crime during the past year.
  2. Despite the threat of cybercrime in India, it hasn’t led to widespread adoption of simple protection measures to safeguard information online.
  3. There are only 41% people who use a secure password, despite the concerns towards cybercrime.
  4. Besides the financial loss, there is an emotional impact as well.

India follows global trends in taking on cyber attacks


 

  1. The trend in increase in cyber attacks on Indian computer networks is similar to that worldwide.
  2. Most of these attacks originate from countries such as the U.S., Pakistan, China and Bangladesh.
  3. In case of an attack, CERT-In notifies the organisation concerned regarding the cyber attacks and requests for logs of network devices, servers and other related components for analysing the attacks and identifying sources of attack.
  4. CERT-In (the Indian Computer Emergency Response Team) is a govt. mandated IT security organization to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.

MHA nod for cyber security wing under IB

  1. Creation of “cyber-security architecture” within the Intelligence Bureau (IB) that will work independently of the National Technical Research Organisation (NTRO), which works under the Prime Minister’s Office (PMO).
  2. In the past, it has been seen that cyberspace was used to recruit young people to join terrorist outfits like IS.
  3. The threat emanating from this medium is imminent and we require a dedicated team to crackdown on it.

A Cyber Wing in the National Cadet Corps

  1. The 2014 Annual Security Report reveals that 2013 was a ‘particularly bad year’ with cumulative annual threat alert levels increasing by 14% since 2012.
  2. The writer explores the possibility of creation of a ‘Cyber Wing’ in each the 4 divisions of the NCC in India.
  3. The motto of the NCC is Unity and Discipline.
  4. The cadets must be given encouragement by way of financial rewards, recognition, scholarships for further studies in cyber security.
  5. With programmes like Digital India, National Optical Fibre Network, e-Governance, e-commerce and e-Services, our vulnerability in cyberspace cannot be condoned.

Gulshan Rai takes charge as India’s first cyber security chief

  1. This new post was created in PMO and Rai is its first head.
  2. Prior to this appointment, he was Director-General Computer Emergency Response Team (CERT) at the Department of Electronics and Information Technology (DeitY).
  3. He also heads the E-Security and Cyber Law division in the Union Ministry of Communications and Information Technology.


:( We are working on most probable questions. Do check back this section.







Highest Rated App. Over 3 lakh users. Click to Download!!!