According to the 2023-24 annual report of the Department of Personnel Training (DoPT), the Central Bureau of Investigation (CBI) investigated complex cyber crimes with national security implications.

More On News

• CERT-In Report of 2023:  According to the Indian Computer Emergency Response Team (CERT-In), cybersecurity incidents rose sharply, reaching 15,92,917 cases in 2023 compared to 53,117 in 2017.

Key Highlights of the Department of Personnel Training (DoPT) Report, 2023

• Attacks that Occurred in 2023: 

Enroll now for UPSC Online Course

• • Ransomware Attack on Defence Unit: A critical Indian defence unit was targeted by a ransomware attack.
  • Data Breach: A significant data breach exposed sensitive information of millions of Indian citizens.
  • Malware Attack in a Government Ministry: A government ministry suffered a malware attack, potentially compromising sensitive information.
  • DDOS Attack on Critical Infrastructure and Airports: A massive Distributed Denial-of-Service (DDOS) attack targeted critical infrastructure, including airports.
• Cross-Border Cybercrime Investigations: The CBI collaborated with international agencies, including the Federal Bureau of Investigation (FBI), Royal Canadian Mounted Police (RCPM), and Singapore Police, to dismantle fraudulent networks, notably:
  • Uncovering a $2 million cryptocurrency scam linked to fake tech support.
  • Identifying a Delhi-based call centre scamming Canadian citizens.
  • Tracing cryptocurrency fraud involving tax evasion by an Australian citizen to India.
• Cyber Fraud in Investment and Loan Apps: The CBI investigated fraudulent loan and investment apps targeting Indian citizens, often operated from neighbouring countries.
• • At the instance of RBI [Reserve Bank of India], CBI registered a case of IMPS (Immediate payment service) fraud at UCO Bank involving reversed transactions across multiple banks, amounting to a staggering ₹820 crore.

About Cyber Attacks

• Definition: A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorised access to a network, computer system or digital device.
  • They can target individuals, organisations, or even entire nations, with motives ranging from financial gain to espionage, hacktivism, or simply disruption.

Types of Cyber Attacks

• Malware: Malicious software, like viruses, worms, and ransomware, that infiltrates systems to steal data, corrupt files, or hold data hostage.
  • Ransomware: Ransomware is sophisticated malware that uses strong encryption to hold data or systems hostage. 
    • It blocks access to systems through malware until a ransom is paid.
• Phishing: Phishing messages are often designed to look as though they’re coming from a legitimate source. 
  • Example: The Ayushman Bharat phishing attack deceives users by falsely claiming free health insurance under a government scheme, tricking them into sharing personal information via a fraudulent link.
• Man-in-the-Middle (MitM): Intercepting and altering communications between two parties, often to steal data or inject malware.
  • Example: In 2017, credit reporting agency Equifax was the victim of a man-in-middle attack due to an unpatched vulnerability in its web application framework. 
    • The attack exposed the financial information of nearly 150 million people.
• SQL Injection: Exploiting vulnerabilities in a database to manipulate or steal data.
  • Example: In 2008, Heartland Payment Systems, a major U.S. payment processing company, suffered an SQL injection attack.

Check Out UPSC CSE Books From PW Store

India and Its Vulnerability To Cyber Attacks

• Rapid Digitisation of India: India is the second-fastest digitising economy amongst 17 leading economies of the world and has the potential to create up to $1 trillion of economic value from the digital economy in 2025.
  • There were 751.5 million internet users in India at the start of 2024, when internet penetration stood at 52.4 percent.
  • The massive scale of digitisation and expanding digital footprint significantly increases the vulnerability to cyber attacks.

• According to India Cyber Threat Report 2023, released by the Data Security Council of India (DSCI) and Quick heal: 
  • Total Detections: Over 400 million detections across approximately 8.5 million Endpoints.
  • Detection Rate: Averaging 761 detections per minute.
  • Ransomware Incident Ratio:  1 per 650 detections
  • Malware Incident Ratio:  1 per 38,000 detections · 
• As per a cybersecurity firm Zscaler, India Recorded 79 Million Cyber Attacks In 2023, and ranked as the third-largest country globally for phishing attacks after the US and UK.
  • The technology sector saw the highest volume of attacks, accounting for almost 33 percent of the phishing attacks observed in the country.

Check Out UPSC NCERT Textbooks From PW Store

Consequences of Cyber Attacks For India

• Data Breaches: Loss or exposure of personal, financial, or proprietary data can lead to identity theft, fraud, and financial loss.
  • ICMR Data Breach: In October 2023, American cyber security and intelligence agency ‘Resecurity’ had issued an alert that the Indian Council of Medical Research (ICMR) had suffered a data leak of the Aadhaar and passport information of 81 crore Indians, along with their names, phone numbers, and addresses.
• Financial Costs: Direct costs from theft, ransom payments, and operational disruptions, plus long-term impacts like lost trust and legal penalties.
  • Example: WazirX, one of India’s leading cryptocurrency exchanges, recently faced a significant security breach, resulting in a loss of over $230 million
• National Security Threats: Attacks on critical infrastructure like power grids, water supply systems, and healthcare facilities can have serious implications for public safety.
  • Example: In 2019, malware attributed to North Korea’s Lazarus group had infected a system on the administrative network of Kudankulam Nuclear Power Plant in India.
• Cyber Espionage: Cyber Espionage refers to the use of digital tools to spy on or steal sensitive information from governments, organisations, or individuals, often for political, military, or economic gain.
  • Example: Operation SideCopy (Pakistan linked hackers) targeted Indian military and critical Infrastructure Public Sector Undertakings (PSUs) in India.
• Negative Perception of Technology: A high-level cyber incident can lead to widespread mistrust of technology, causing 
  • Reluctance to adopt new tools such as 5G, Internet of Things (IoT), and Artificial Intelligence, 
  • Loss of confidence in tech providers,
  • Slowdown in Foreign Investment in the Tech Sector and
  • Increased regulatory scrutiny.
• Psychological Impact: Victims may experience depression, embarrassment, shame, or confusion.

Challenges in Cyber Security For India

• Rising Cyber Threats: The volume and sophistication of cyber-attacks, including ransomware and DDoS, have surged, posing significant challenges for defence.
• Skilled Workforce Shortage: There is a severe shortage of cybersecurity professionals, impacting response and prevention capabilities.

• • According to the World Economic Forum Cybersecurity Head, India has a shortage of 8 lakh cybersecurity professionals in 2024.
• Inadequate Infrastructure: Many critical sectors still lack proper cybersecurity measures, leaving them vulnerable to attacks.
  • Example: 2023 cyberattack on the Indian Council of Medical Research (ICMR) exposed vulnerabilities in healthcare systems.
• Low Awareness: Limited understanding of cybersecurity risks among citizens and organisations increases vulnerability to threats.
  • The Urban Rural Digital Divide also increases the severity of the problem.
    • Example: According to government data, there were 84,000 cases of UPI fraud in 2021-22, and in 2020-21, 77,000 such cases were recorded.
• Concerns of DarkNet: The darknet is a part of the internet that is intentionally hidden and inaccessible through standard web browsers.
  • Unlike the surface web, which is indexed by search engines, the darknet operates on encrypted networks and requires specific software, such as Tor (The Onion Router) or I2P (Invisible Internet Project), to access. 
  • These tools anonymise user activity by routing traffic through multiple servers, making it difficult to trace.
    • Example: The darknet fuels cybercrime by providing an anonymous marketplace for leaked data, hacking tools, phishing kits,and professional hacking services for a fee.

Check Out UPSC Modules From PW Store

Measures Taken By India To Enhance Cyber Security

• National Security Council Secretariat (NSCS): Recently, the National Security Council Secretariat (NSCS), which reports to the National Security Adviser (NSA), has been designated as the agency responsible for overall coordination and strategic direction for Cyber Security.
  • The Ministry of Electronics and Information Technology (MeitY) has been assigned as the nodal body for telecom network security.
  • The Ministry of Home Affairs (MHA) as the nodal body for matters related to cyber crimes.
• India Achieves Tier 1 Status in Global Cybersecurity Index 2024: India has achieved Tier 1 status in the Global Cybersecurity Index (GCI) 2024 by the International Telecommunication Union (ITU), scoring 98.49 out of 100. 
  • This places India among global leaders in cybersecurity, recognised for its commitment to high standards and practices.
• Indian Cyber Crime Coordination Centre (I4C): Provides a framework and ecosystem for Law Enforcement Agencies (LEAs) to deal with cyber crimes in a comprehensive and coordinated manner.
• National Cyber Crime Reporting Portal: To enable the public to report incidents pertaining to all types of cyber crimes, with a special focus on cyber crimes against women and children. 
• Defence Cyber Agency (DCyA): It is an integrated tri-services agency of the Indian Armed Forces. Headquartered in New Delhi, the agency is tasked with handling cyber security threats.
• Computer Emergency Response Team (CERT-In): The national agency responsible for responding to and mitigating cybersecurity incidents. It issues alerts and advisories to the public and private sectors to enhance cybersecurity awareness.

Way Forward

• Build Robust Cybersecurity Infrastructure: Upgrade the National Critical Information Infrastructure Protection Centre (NCIPC) and the National Cyber Coordination Centre (NCCC) for effective cyber response.
• Enhance Skill Development and Address Workforce Gaps: The Data Security Council of India has forecast that the cybersecurity ecosystem will expand up to a point where nearly one million professionals will be required by 2025.
  • Example: Ensuring effective enrollment and completion of Cyber Threat Management Courses under Skill India.
• International Collaborations: India needs to engage more with other countries and international organisations, such as the United Nations, the International Telecommunication Union, the Interpol etc for better coordination and exchange of best practices. 
  • The first-ever US-India Cyber Security Initiative was launched in February, 2024 to unite top cyber security experts globally to create jobs and develop cutting-edge solutions.
• Update Cybersecurity Policies: Update and effectively implement the National Cyber Security Policy to address current cybersecurity challenges.
• Adoption of Cyber Hygiene Practices: Cyber hygiene, or cybersecurity hygiene, is a set of practices organisations and individuals perform regularly to maintain the health and security of users, devices, networks and data
  • Example: Regular software updates, strong password management, and secure online behaviour.
• Encourage Adoption of Cyber Insurance: To cover the financial losses that result from cyber events and incidents. 

Enroll now for UPSC Online Classes

Conclusion

Tackling cybercrime in India demands advanced cybersecurity, public awareness, international cooperation, and a strong legal framework to protect individuals, businesses, and digital infrastructure.

DOWNLOAD PDF