The Union Home Minister highlighted the importance of multilateral cooperation in safeguarding nations against emerging cyber security in India upcoming at the recently concluded G20 conference in india.
“Crime and Security in the Age of NFTs, AI, and Metaverse” at Gurugram.
Table of Contents
WHAT IS CYBER SECURITY
Cyber security refers to the practice of protecting computers, servers, networks, electronic systems, and digital data from unauthorized access, theft, damage, or disruption.
It was involves implementing measures and employing technologies and processes to ensure the confidentiality, integrity, and availability of information and systems. Cyber security is necessary to protect sensitive data, preserve operational continuity, and mitigate financial risks posed by evolving cyber threats and crimes in the digital landscape.
VARIOUS ELEMENTS OF CYBER SECURITY
Applications play an essential role in business ventures; that is why every firm needs to focus on web application security. Web application security is important in order to protect customers, their information and interests.
Information includes business records, personal data, customer’s data, intellectual property etc; hence, it is important for a corporation to have strong cyber security for information to prevent its leakage.
Network security consists of protecting the usability and reliability of network and data. Measures to secure networks, including firewalls, intrusion detection and prevention systems (IDPS), virtual private networks (VPNs), and network segmentation.
Disaster Recovery/ Business continuity planning
It is about being prepared for any kind of interference or cyber threat by identifying threats to the systems on time and analyzing how it may affect the operations and methods to counter that threat.
Operational security (OPSEC)
It is used to protect organization functions. It identifies important information and assets to track down threats and vulnerabilities that exist in the functional method.
It is important for an organization to train their employees about cyber security because human error is one of the major causes of data breaches.
WHY INDIA NEEDS TO SECURE ITS CYBER SPACE
Increasing cyber crimes
As per the NCRB data from “Crime in India, 2020”, Cybercrimes have increased four times or 306 percent in the past four years and rate of cybercrime increased in 2020.
India saw a 73% increase in ran some ware incidents in 2022, according to the India Ran some ware Report 2022 published by the CERT-In.
According to a report, the value of digital payments in India will grow close to 1 trillion dollars in FY26 from 300 billion dollars in FY21.
India’s critical infrastructure, including power plants and power distribution, healthcare, railways and banking, have witnessed increasing cyber attacks, allegedly from Chinese state-sponsored groups.
the nature of the war in Ukraine indicates that India needs to review its cyber-defence policies. India also needs to give equal attention to building a deterrent cyber-offensive capability cyber security strategies preemptively identify vulnerabilities and security weaknesses before an attacker exploits them.
As per a report by the International Institute for Counter Terrorism, hacktivism activities have increased in Southeast Asia, including website defacement, distributed denial-of-service (DDoS) attacks and information leaks. Such threats will increase in the coming times.
CURRENT CYBER SECURITY ARCHITECTURE IN INDIA
National Cyber Security Policy, 2013
the first comprehensive document brought out by government to create a secure and resilient cyberspace ecosystem and strengthen the regulatory framework.
aims to protect information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
National Cyber Security Strategy 2020
the National Security Council Secretariat to ensure a safe, secure, trusted, resilient and vibrant cyberspace for Nation’s prosperity.Pillars of strategy are Secure Cyberspace, Structures, People, Processes, Capabilities.
Indian Cyber Crime Coordination Centre (I4C)
It was rolled out by Ministry of Home Affairs for the period 2018-2020 to combat cyber crime in the country, in a coordinated and effective manner.
Indian Computer Emergency Response Team (CERT-In)
It serves as national agency for responding to cyber security incidents as per provisions of IT Act, 2000. It issues alerts and advisories regarding latest cyber threats/vulnerabilities and counter measures to protect computers and networks on regular basis.
Cyber Swachhta Kendra /Bot-net Cleaning and Malware Analysis Centre
It has been launched for detection of malicious programs and provide free tools to remove the same.
National Cyber Crime Reporting Portal
It caters to complaints pertaining to cybercrimes only with special focus on cybercrimes against women and children.
National Cyber Coordination Centre (NCCC)
It is multi-stakeholder cyber security and e-surveillance agency, under CERTIn. It generates situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
National Critical Information Infrastructure Protection Centre (NCIIPC)
It is created under IT Act, 2000 (amended 2008) and designated as National Nodal Agency to facilitate safe, secure and resilient information infrastructure for critical sectors of the Nation.
CHALLENGES AND CONCERNS IN INDIA’S PREPAREDNESS OF CYBER WARFARE
Lack of comprehensive strategy
Unlike the US, India still lacks a comprehensive, modern, and updated cyber warfare strategy. In the preset capacity, India can only address cyber security attacks and not cyber warfare.
Lack of Strong Security Culture
India lacks a strong security culture which is quite imperative in the cyber security domain.
Lack of Awareness
Women and children are increasingly becoming victims of cybercrimes such as pornography, stalking, cheating, and hacking.
India’s current approach adopts a reactionary “whack-a-mole” approach rather than creating deterrence. “Whack–a-Mole’ approach is a style of managing or leading others where a manager waits for something he/ she believes to be wrong to happen, and “whacks” the behavior with words and/or actions.
Shortage of Technical Staff for the Investigation of Cybercrime There have been half-hearted efforts by the States to recruit technical staff for the investigation of cybercrime.
A regular police officer may be unable to understand the nuances of the working of a computer or the Internet.
It is only a technically qualified staff who could acquire and analyze digital evidence.
National Cyber security Strategy
The Union Government is in the process of formulating a National Cyber Security Strategy which will holistically look at addressing the issue of security of national cyberspace
Increased Participation and Awareness There needs to be enhanced private and public sector participation along with data protection efforts to prevent frequent cyber attacks.
India also needs to study the evolving tactics, techniques, and procedures (TTPs) of hackers and criminals to be able to prevent these attacks. The cyber forensic laboratories of States must be upgraded with the advent of new technologies.
Most cyber crimes are trans-national in nature with extra-territorial jurisdiction. The collection of evidence from foreign territories is not only a difficult but also a tardy process.
Human Resource Development.
There is a need to introduce new courses, curriculum and academic institutions in the field of cyber security, ethical hacking, cryptology etc. to boost human resource in the field of cyber warfare.
A Parliamentary Standing Committee has recently recommended that funds for cyber security may be increased on a year on basis to forestall any failures in this domain for sheer lack of funds.
Digital personal data protection bill 2023 passed.
The parliament passed the digital personal data protection bill 2023. The approval of the rajya sabha 9 august 2023,according to the bill a person can process personal data of an individual for a legal purpose based on their consent and for certain lawful uses.
The bill provides for the establishment of the data protection board of India. In case of protection data breach the board will investigate the matter and impose penalty
recently Cyber attacks insurance on SMEs and MSMEs often come in the form cyber extortion. cyber insurance can help navigate through such risks. Studies also indicate that about 43 % of all cyber attacks are directed at small businesses and startup.
Cyber insurance India’s economic progress today heavily banks aims on the small and medium enterprise and the micro small and medium enterprises
A recent report by cyber security firm indicated companies in India repot more cyber attacks than any other in the world.
Digital personal data protection bill also aim to protect and strengthen data privacy. Cyber insurance is the very first step for organization towards ensuring cyber security
India also Strategy on Cyber Security to stop hacking activities same protect data privacy passed to stop this activities.