GS Paper III

News Excerpt:

There has been a surge in cyber attacks in India due to vulnerabilities in rapidly deployed technological infrastructures which are impacting sectors like banking, insurance, and healthcare, with a call for advanced defence technologies.

More detail on the news:

•   Rapid digital transformation in India leads to complex infrastructures with vulnerabilities.
•   According to a recent study by Indusface(Application security saas firm), India witnessed a 70% rise in cyber attacks in Q3, 1.6 billion blocked attacks globally from India.
•  Banking and insurance sectors face 90% bot attacks due to increased digital transactions.
• Software-as-a-service and conglomerates experience a tenfold increase in attacks. Cyber security experts believe that Big Data and AI usage contribute to data hoarding, attracting cybercriminals globally.
• India, the US, the UK, Russia, and Singapore are the major source countries of cyber-attacks across the globe.
• Cyber security experts advocate AI, language models, and machine learning for dynamic defense.

Recent incidence of cyber attacks in India:

• State-sponsored cyber attacks against India went up by 278% between 2021 and September 2023 State-sponsored cyber attacks against India went up by 278% between 2021 and September 2023.
• The targeted cyber attacks on government agencies went up by 460% and those on startups and small and medium enterprises (SMEs) by 508%, according to the 2023 India Threat Landscape Report by Singapore-based cyber security firm Cyfirma.
• In India, Cyfirma(Cybersecurity firm) found that services companies, including IT and BPO, were at the receiving end of 14.3% of cyber attacks between March 2021 and September 2023.  This was followed by manufacturing at 11.6%, and healthcare and education at around 10% each.
• Retail, including online platforms, saw 9.8% of attacks while government agencies saw 9.6%. Banking and financial services institutions, automobiles, and airlines saw 9.5%, 8.3%, and 6.1% of attacks.

What is cyber Security?

• Cyber security is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.
• It is the collection of tools, policies,   security concepts,   security safeguards, guidelines,   risk management approaches,   actions, training, best practices, assurance, and technologies that can be used to protect the cyber environment and organization and user’s assets.
• Cyber security ensures the maintenance of the security properties of the organization and user’s assets against security risks in the networked environments.

Need for Cyber Security:

•   For Individuals: Photos, videos, and other personal information shared by an individual on social networking sites can be inappropriately used by others.
• For Business Organizations: A cyber attack may lead to loss of competitive information (such as patents or original work), and loss of employees/customers' private data resulting into a complete loss of public trust on the integrity of the organization.
•  For Government: A local, state or central government maintains a huge amount of confidential data related to the country. Unauthorized access to the data can lead to serious threats on a country.
•   Government’s digital push: Programs such as Aadhaar, MyGov, Government e-Market, DigiLocker, Bharat Net, etc. are prompting a larger number of citizens, companies, and government agencies to transact online.
• o   For example-During the last nine years, the number of digital transactions in India has increased from a mere 127 crore in 2013-14 to 12,735 crore transactions in 2022-23.
•  Prevent economic loss: The estimated cost of cyber-attacks in India stands at four billion dollars which is expected to reach $20 billion in the next 10 years.

Challenges of Cyber Security in India:

• Data colonization: Data servers of a majority of the digital service providers are located outside India. Also, data is being misused for influencing electoral outcomes, spread of radicalism, etc.
• Widespread digital illiteracy makes Indian citizens highly susceptible to cyber fraud, cyber theft, etc.
• Lack of adoption of new technology: For eg, Banking infrastructure is not robust to cope with the rising digital crime as 75% of the total credit and debit cards are based on magnetic strip, which are easy to be cloned.
• Lack of adequate infrastructure and trained staff: There are currently around 30,000 cyber security vacancies in India but demand far outstrips Anonymity: Even advanced precision threats carried out by hackers is difficult to attribute to specific actors, state, or non-state.
• Underreporting: More than 90% of cybercrime incidents remain under the sheet due to fear of reputational and credibility loss of an organization.

Steps taken to prevent cyber attacks:

Measures taken by India -

• National Cyber Security Policy (NCSP): The policy aims at protecting the public and private infrastructure from cyber attacks.
• National Cyber Security Reference Framework (NCRF) 2023: The NCRF policy will be aimed at helping critical sectors such as banking, energy and others with a “strategic guidance" to address cyber security concerns.
• Indian Computer Emergency Response Team (CERT-In): It plays a crucial role in providing alerts, advisories, and continuous monitoring of cyber security threats.
• Information Technology Act: The government has enacted and amended laws to address cyber threats and crimes. The Information Technology Act, 2000, and its amendments empower authorities to take action against cyber offenses.
• The Ministry of Home Affairs has provided financial assistance to all the States & UTs under Cyber Crime Prevention against Women & Children (CCPWC) scheme to support their efforts for setting up of cyber forensic-cum-training laboratories, training, and hiring of junior cyber consultants.
• The Government has established Indian Cyber Crime Coordination Centre (I4C) to provide a framework and eco-system for LEAs to deal with the cyber crimes in a comprehensive and coordinated manner.
• The Government has launched the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) to enable public to report incidents pertaining to all types of cyber crimes, with a special focus on cyber crimes against women and children. A toll-free number 1930 has been operationalized to get assistance in lodging online cyber complaints.

International measures:

• Cyber-diplomacy: Indian government has entered into cyber security collaborations with countries such as the USA, European Union and Malaysia. For e.g., U.S. India Cyber Relationship Framework
• Participating in Global Conference on Cyber Space: It is a prestigious global event where international leaders, policymakers, industry experts, think tanks, cyber wizards, etc. gather to deliberate on issues and challenges for optimally using cyberspace.
• Global Centre for Cyber Security: It was launched by the World Economic Forum (WEF) to serve as laboratory and early-warning think tank for future cyber security scenarios and help build a secure global cyberspace.
• Budapest Convention: It is the only binding international treaty on cybercrime. The Budapest Convention aligns member countries’ laws on cybercrime, making it easier for them to cooperate on criminal investigations. India is yet to join this treaty. 

Way forward:

• Develop intelligent systems: To mitigate the increasing number of cyber attacks in India, cyber security experts call for the use of AI, large language models, and machine learning to develop intelligent systems that are capable of identifying and responding to cyber threats autonomously.
• These technologies can adapt to new patterns and trends in data, providing a dynamic defence against cyber attacks, say experts.
• Budapest Convention: India may consider acceding to the Budapest convention.
• Mock drills: Cyber Security mock drills should be regularly conducted to prepare the organizations to detect, mitigate and prevent cyber incidence.
• Air gapping: Concept of air gapping which isolates critical infrastructures from the internet should be used.
• International data protection law: The Indian government should promote attempts to create an international data protection law that facilitates quick information-sharing with multinational companies that do not host domestic servers.
• Awareness: Launch campaigns to educate the public about cyber security best practices.

Conclusion:

India faces a significant surge in cyber attacks, impacting sectors crucial to its digital transformation. Urgent measures, including AI-driven defense, international collaboration, and public awareness campaigns, are crucial for robust cyber security.

Prelims PYQ

Q. In India, it is legally mandatory for which of the following to report on cyber security incidents? ( UPSC 2017)

1. Service providers
2. Data centres
3. Body corporate

Select the correct answer using the codes given below:

(a). 1 only

(b). 1 and 2 only

(c). 3 only

(d). 1, 2 and 3

Mains PYQ

Q. Discuss different types of cyber crimes and measures required to be taken to fight the menace. (UPSC 2020)