Cyberattacks are Rising

Context: 

Recent events have exposed vulnerabilities in our digital networks. A ransomware attack on the All India Institute of Medical Sciences compromised 40 million health records.

• In another incident, the BlackCat ransomware gang breached the parent company of Solar Industries Limited, a Ministry of Defence ammunition and explosives manufacturer, and extracted over 2 Terabytes of data.

Challenges: 

• Ransomware attacks are predominant and cost Indian organizations an average of ₹35 crore per breach.
• Blurring lines between physical and digital realms make critical infrastructure vulnerable to cyberattacks.
• Shortage of cybersecurity professionals in India, with projected workforce of 300,000 compared to 1.2 million in the United States.
• Private sector participation limited in India’s cybersecurity structures.
• Potency of malicious software and avenues for digital security breaches expected to increase with 5G and quantum computing.

Steps Taken by India:

• Guidelines introduced by India’s cybersecurity agency, Indian Computer Emergency Response Team (CERT-In), including mandatory reporting of cyberattacks and designated pointsperson for interaction.
• India’s draft Digital Personal Protection Bill 2022 proposes penalty of up to ₹500 crore for data breaches
• India’s armed forces created a Defence Cyber Agency capable of offensive and defensive maneuvers.
• India has already signed cybersecurity treaties with various countries, including the United States, Russia, the United Kingdom, South Korea, and the European Union.
• Multinational frameworks like Quad and I2U2 aim to improve cybersecurity through enhanced cooperation in cyber incident responses, technology collaboration, capacity building, and the improvement of cyber resilience.

UN Processes on Security in the ICT Environment:

• Two processes established by the UN General Assembly on security in the ICT environment.
  • Open-ended Working Group (OEWG) established through resolution by Russia and comprises entire UN membership.
  • Group of Governmental Experts (GGE) established through resolution by U.S. and comprises 25 countries from major regions.
• Permanent members of UN Security Council, including India’s strategic partners, have different views on openness, data flow, and digital sovereignty
• Member-states find the two resolutions complementary, not mutually exclusive

Way Forward:

• Comprehensive cyber security policy needed to protect critical infrastructure, industry, and security.
• Indian companies should sign the Digital Geneva Convention, where over 30 global companies have signed a declaration to protect users and customers from cyber breaches.
• The G20 Summit in India offers a unique opportunity to convene domestic and international stakeholders to discuss cybersecurity. 
  • India can take the lead in creating a global framework that establishes minimum cybersecurity standards.

News Source: The Hindu

DOWNLOAD PDF