From UPSC perspective, the following things are important :
Prelims level : NA
Mains level : Cyber Threats and Cyber security measures
- As the 21st century advances, a new danger the cyber threat is becoming a daily monster. It is hardly confined to any one domain though the military is the one most often touted. Rather, it is the civilian sphere where the cyber threat is becoming more all-pervading today and, in turn, a serious menace.
What is mean by Cyber threat?
- A cyber threat or cyber security threat is defined as a malicious act intended to steal or damage data or disrupt the digital wellbeing and stability of an enterprise.
- Cyber threats include a wide range of attacks ranging from data breaches, computer viruses, denial of service, and numerous other attack vectors.
How Cyber threat is ever increasing?
- Increasing Grey Zone Operations: Grey zone Operations which fall outside traditional concepts of conflicts have become the new battleground, especially in regard to cyber warfare. ‘Grey Zone Operations’ are already beginning to be employed to undermine the vital of a state’s functioning, a trend likely to grow. The convergence of emerging technologies alongside new hybrid usages, pose several challenges to nations and institutions.
- Attack on examination: The recent arrest in India, of a Russian for hacking into computers involved in the conduct of examinations for entry into the Indian Institutes of Technology (IITs), is a reflection of how cybercriminals are significantly amplifying their Grey Zone Warfare’ tactics
- Pervasive nature of cyber threat: What is most unfortunate is that not enough attention is being bestowed on the all-encompassing nature of the cyber threat. In the wake of the Russia-Ukraine conflict, the world seems awash with papers on artificial intelligence (AI)-driven military innovations and potential crisis hot zones, along with stray references to new forms of hybrid warfare.
- Weaponization of everything: There is very little about the threat posed by cyber-attacks. Ignored also is the new reality of the weaponization of everything’ which has entered the vocabulary of threats. The latter clearly demands a ‘proto-revolutionary’ outlook on the part of policymakers, which is evidently lacking.
- Becoming a Multi-dimensional threat: Lost in translation is also the nature of today’s weapon of choice, viz., cyber. This lack of awareness is unfortunate at a time when states clearly lack the necessary resilience to face a variety of multi-vector threats.
- Cyber weapon as symbol of national Power: Cyber space has been described by Lt. Gen. Rajesh Pant (retired), India’s current national cyber security coordinator, as a “superset of interconnected information and communication technology, hardware, software processes, services, data and systems”. Viewed from this perspective, it constitutes a critical aspect of our national power.
- Simultaneous attacks in multiple dimensions: Cyber threats are not confined to merely one set of conflicts such as Ukraine, where no doubt cyber tools are being extensively employed extending well beyond this and other conflicts of a varied nature. The cyber threat is in this sense all-pervading, embracing many regions and operating on different planes.
Challenges to India’s cyber security infrastructure
1. Absence of any geographical constraints.
2.Lack of uniformity in devices used for internet access.
- Lack of national-level architecture for cybersecurity
- Security audit does not occur periodically, nor does it adhere to the international standards.
- The appointment of the National Cyber Security Coordinator in 2014 has not been supplemented by creating liaison officers in states.
- Lack of awareness in local police of various provisions of IT Act, 2000, and also of IPSC related to cybercrime.
- Lack of data protection regime.
- Human Resource Related
- Inadequate awareness among people about the security of devices and online transactions.
What are the Steps taken by India to strengthen cyber security?
- Section 66F of ITA: Specific provision dealing with the issue of cyber terrorism that covers denial of access, unauthorized access, introduction of computer contaminant leading to harm to persons, property, critical infrastructure, disruption of supplies, ‘sensitive data’ thefts. Provides for punishment which may extend to life imprisonment.
- National Cyber Security Policy 2013: Policy document drafted by the Department of Electronics and Information Technology. Established National Critical Information Infrastructure Protection Centre (NCIIPC) to improve the protection and resilience of the country’s critical infrastructure information; Create a workforce of 5 lakh professionals skilled in cybersecurity in the next 5 years.
- National Critical Information Infrastructure Protection Centre (NCIIPC): It has been setup to enhance the protection and resilience of Nation’s Critical information infrastructure. It functions under the National Technical Research Organization (NTRO).
- Computer Security through CERT-IN: Organization under the Ministry of Electronics and Information Technology with an objective of securing Indian cyberspace. The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country. According to the provisions of the Information Technology Amendment Act 2008, CERT-In is responsible for overseeing the administration of the Act.
- Cyber Surakshit Bharat Initiative: It was launched in 2018 with an aim to spread awareness about cybercrime and build capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
- Cyber Crisis Management Plan (CCMP): It aims at countering cyber threats and cyber-terrorism.
- National Cyber Coordination Centre (NCCC): It seeks to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities. National Cyber Security Coordinator (NCSC) under National Security Council Secretariat (NSCS) coordinates with different agencies at the national level for cyber security matters.
- Cyber Swachhta Kendra: This platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.
- Information Security Education and Awareness Project (ISEA): Training of personnel to raise awareness and to provide research, education, and training in the field of Information Security.
- With several non-state actors engaging in hybrid warfare and distorting day-to-day practices, including examinations, these pose legal, ethical and real dilemmas. Left unchecked, the world may have to confront a new kind of Wild West, before states find a common denominator for regulating cyber space and lay down proper rules and practices to prevent anarchy and chaos.
Q. Cyber threat is intruding the daily life of citizens and making the internal security more challenging task. Comment what are the policy loopholes in India’s fight against the cyber threat?