Cyberattacks are rising, but there is an ideal patch

Context: 

In recent times, ransomware attacks on India have increased. Nearly 40 million health records were compromised through an attack on The All India Institute of Medical Sciences

Probable Question:

In the light of recently increased frequency of ransomware attacks, discuss various challenges associated with cyber threats along with steps taken by the government to prevent it. 

 

Growing Vulnerability: 

  • Data show that over 75% of Indian organisations have faced such attacks, with each breach costing an average of ₹35 crore of damage
  • There are other malwares that could infect all kinds of computer systems. Every critical infrastructure, from transportation, power and banking systems, would become extremely vulnerable to the assaults from hostile state and non-state actors.
  • Cyber capabilities are also playing a pivotal role, as seen in the ongoing conflict in Ukraine, where electronic systems in warheads, radars and communication devices have reportedly been rendered ineffective using hacking and GPS jamming. 
  • With the introduction of 5G and the arrival of quantum computing, the potency of malicious software, and avenues for digital security breaches would only increase.

Major Types of Cyber Threats:

  1. Ransomware: This type of malware hijacks computer data and then demands payment (usually in bitcoins) in order to restore it.
  2. Trojan Horses: A Trojan horse attack uses a malicious program that is hidden inside a seemingly legitimate one. When the user executes the presumably innocent program, the malware inside the Trojan can be used to open a backdoor into the system through which hackers can penetrate the computer or network.
  3. Clickjacking: Act of tempting internet users to click links containing malicious software or unknowingly share private information on social media sites.
  4. Denial of Service (DOS) Attack: The deliberate act of overloading a particular service like website from multiple computers and routes with the aim of disrupting that service.
  5. Man in Middle Attack: In this kind of attack, the messages between two parties are intercepted during transit.
  6. Cryptojacking: The term Cryptojacking is closely related to cryptocurrency. Cryptojacking takes place when attackers access someone else’s computer for mining cryptocurrency.
  7. Zero Day Vulnerability: A zero-day vulnerability is a flaw in the machine/network’s operating system or application software which has not been fixed by the developer and can be exploited by a hacker who is aware of it.

Reasons for increasing Cyber Attacks in India

  • Increasing dependency on technology
  • Lack of robust law enforcement mechanisms: India’s approach to cyber security has so far been ad hoc and unsystematic.
  • Asymmetric and covert warfare: Unlike conventional warfare with loss of lives and eyeball to eyeball situations, cyber warfare is covert warfare with the scope of plausible deniability.
  • Lack of International Coordination: International cooperation and consensus is missing in this field. Russia and the USA differ vastly on many aspects of the Internet, including openness, restrictions on data flow, and digital sovereignty.
  • Most of our organisations are in the private sector and their participation remains limited in India’s cybersecurity structures.
  • Most organisations lack the tools to identify cyberattacks, let alone prevent them. India also faces an acute scarcity of cybersecurity professionals. 
  • Limited workforce: India is projected to have a total workforce of around 3,00,000 people in this sector in contrast to the 1.2 million people in the United States.

Initiatives taken by Government:

  • Indian Computer Emergency Response Team (CERT­In) guidelines 2022: 
    • Mandatory obligation to report cyber attack incidents.
    • designate a point person with domain knowledge to interact with CERT­In. 
  • India’s draft Digital Personal Protection Bill 2022 proposes a penalty of up to ₹500 crore for data breaches. 
  • Defence Cyber Agency (DCyA: India’s armed forces created a Defence Cyber Agency (DCyA), capable of offensive and defensive manoeuvres. 
    • All Indian States have their own cyber command and control centres.
  • Cybersecurity Treaties: India has already signed cybersecurity treaties with various countries, including the United States, Russia, the United Kingdom, South Korea, and the European Union.
  • Multinational Frameworks: International frameworks like the Quad and I2U2 are working to increase collaboration among countries in areas such as cyber incident responses, technology collaboration, capacity building, and improving cyber resilience. 
  • Cyber Surakshit Bharat Initiative: It is an initiative from the Ministry of Electronics and Information Technology (MeitY) that aims at creating a robust cybersecurity ecosystem in India. 
    • This program was in association with the National e-Governance Division (NeGD)
  • Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): It is an installation under the Ministry of Electronics and Information Technology (MeitY).

Measures taken by UN:

  • Previous years have seen the United Nations General Assembly establish two processes on the issues of security in the information and communication technologies (ICT) environment. 
  • One is the Open Ended Working Group (OEWG), comprising the entire UN membership, established through a resolution by Russia. 
  • The other is the resolution by the U.S., on the continuation of the Group of Governmental Experts (GGE), comprising 25 countries from all the major regions. 

Way Forward:

  • Digital Geneva Convention: Indian companies should sign the Digital Geneva Convention, where over 30 global companies have signed a declaration to protect users and customers from cyber breaches.
  • Opportunities for India to Lead in Global Cybersecurity Frameworks at G20 Summit: The G20 Summit in India offers a unique opportunity to convene domestic and international stakeholders to discuss cybersecurity. 
    • India can take the lead in creating a global framework that establishes minimum cybersecurity standards.
  • Mandatory Data Protection Norms: All government and private agencies dealing with personal data should be required to adhere to mandatory data protection norms. 
    • Relevant authorities should conduct regular data protection audits.
  • Cyber-Awareness: Education plays a vital role in spreading awareness about preventing cybercrimes. It is important to educate young people so they can act as a force multiplier to create a cybersecurity ecosystem and prevent cybercrimes.
  • Tech-Diplomacy for Secure Global CyberSpace: To tackle emerging cross-border cyber threats and move towards a secure global cyberspace, India should strengthen its diplomatic partnerships with advanced economies and techno-democracies.

News Source: The Hindu

To get PDF version, Please click on "Print PDF" button.

Need help preparing for UPSC or State PSCs?

Connect with our experts to get free counselling & start preparing

THE MOST
LEARNING PLATFORM

Learn From India's Best Faculty

      
Quick Revise Now !
AVAILABLE FOR DOWNLOAD SOON
UDAAN PRELIMS WALLAH
Comprehensive coverage with a concise format
Integration of PYQ within the booklet
Designed as per recent trends of Prelims questions
हिंदी में भी उपलब्ध
Quick Revise Now !
UDAAN PRELIMS WALLAH
Comprehensive coverage with a concise format
Integration of PYQ within the booklet
Designed as per recent trends of Prelims questions
हिंदी में भी उपलब्ध

<div class="new-fform">







    </div>

    Subscribe our Newsletter
    Sign up now for our exclusive newsletter and be the first to know about our latest Initiatives, Quality Content, and much more.
    *Promise! We won't spam you.
    Yes! I want to Subscribe.