Challenges in cyberspace & Steps taken by Government

 Challenges in defending cyberspace

  • Diffused and intangible threat in the absence of tangible perpetrators coupled with low costs of mounting an attack makes it difficult to frame an adequate response.  (Action on cyber security: Recover, Protection & Retaliation (It is intangible, difficult to retaliate or find)
  • Difficult to locate the attacker who can even mislead the target into believing that the attack has come from somewhere else.
  • Absence of any geographical constraints enabling attackers to launch attack anywhere on the globe.
  • Need of international cooperation - Cyberspace are inherently international even from the perspective of national interest. It is not possible for a country to ignore what is happening in any part of this space if it is to protect the functionality of the cyberspace relevant for its own nationals. (Cyber security is global Issue)
  • Rapidly evolving technology needs investment, manpower and an ecosystem to keep track of global developments, developing countermeasures and staying ahead of the competition.
  • Non-existence of foolproof security architecture due to low resources requirement for attacker to launch attack coupled with potential bugs in any system
  • Human element in cybersecurity Target users, themselves, make mistakes and fall prey to cyberattack. Most sophisticated cyberattacks have all involved a human element: Stuxnet needed the physical introduction of infected USB devices into Iran’s nuclear facilities; the 2016 cyber-heist of $950 million from Bangladesh involved gullible (or complicit) bankers handing over SWIFT codes to hackers. (Human are not aware about cybersecurity).
Steps taken by Government in Cybersecurity
Legal Framework
  • National Cybersecurity Policy 2013
  • Information Technology Act 2000 (As Amended in 2008 – add internet based crime) – Regulates persecution and actions of government.
  • National Telecom Policy 2012 – Obligations on the Telecom Service Providers for safe service, privacy in customers, cooperation with law enforcement agencies.
Institutional Framework
  • National Cybersecurity Coordination Centre (NCCC), - cyberspace intelligence agency which will conduct security and electronic surveillance. (Monitor the internet, any threat it informs to user or Government) – Under Ministry of Home Affairs
  • National Technical Research Organisation – Under Prime Minister Office, RAW + IB like agency.
  • India’s Computer Emergency Respose Team (CERT-In) – National Agency to respond to Cyber Threats. (Retaliate of cyber security, awareness to people) – Under Ministry of Electronic.
  • National Critical Information Infrastructure Protection Centre (NCIIPC) – Identify Critical Infrastructure (like Nuclear Reactor, SBI bank), Protect and lay policies and strategies.
  • Indian cyber-crime coordination centre (I4C) and Cyber Warrior Police force - MoHA – To tackle Cyber Crime, National Cyber Crime Reporting Portal.
  • Digital Army of 5 Lakh Cyber Hactivists – Under Suspension.
  • Cyber Swachatha Kendra.
Cyber Swachatha Kendra
  • Botnet Cleaning and Malware Analysis Centre for analysis of malware and botnets that affect networks and systems. It is part of Digital India initiative.
  • This centre will work in coordination with the internet service providers (ISPs) and Industry and will also enhance awareness among citizens regarding botnet and malware infection.
  • CSK provides various tools to prevent cyberattacks, like-
    • M Kavach: Special anti-virus tool for smartphones and tablets.
    • USB Pratirodh: It is a USB protector to help clean various external storage devices like USB(s), memory cards, external hard disks, etc.
    • App Samvid: This is a whitelisting tool for the desktop Applications
    • Browser JSGuard: It helps to block malicious JavaScript and HTML files while browsing the web.
    • Free Bot Removal Tool: It‘s a QuickHeal partner tool.
Cyber Surakshit Bharat Yojana:
  • It was launched in 2018 by Ministry of Electronics and Information Technology in association with National e-Governance Division (NeGD) and industry players. It includes awareness programs on cyber security; workshops on best practices and enablement of the officials with cyber security health tool kits.
Other Steps taken by Government
  • Audit of government websites and applications.
  • Formulation of Crisis Management Plan for countering cyber-attacks - Conducting cyber security mock drills and exercises regularly to enable assessment of cyber security posture and preparedness of organizations in Government and critical sectors.
  • Training of 1.14 lakh persons through 52 institutions under the Information Security Education and Awareness Project (ISEA) - a project to raise awareness and to provide research, education and training.
Challenges - Cybersecurity in India
Structural
  • The rapid rate of growth of this sector in both scope and meaning of cybersecurity.
  • Internet, by its design, has been created for openness and connectivity and not for ensuring security and protection from unauthorized access.
Administrative
  • Lack of best practices and statutory backing for the same, e.g.- India does not have norms of disclosure.
  • The government is yet to identify and implement measures to protect “Critical information infrastructure”.
  • The appointment of National Cyber Security Coordinator in 2014 has not been supplemented by the creating liaison officers in states.
Human Resource Related
  • Huge under-staffing of Cert-In.
  • Attitudinal apathy of users towards issues of cybersecurity.
Procedural
  • Lack of awareness in local police of various provisions of IT Act, 2000 and also of IPC related to cybercrimes.
  • Also, the core infrastructure elements of a smart city cover urban mobility, water and electricity supply, sanitation, housing, e-governance, health and education, security and sustainability, all bounded and harnessed by the power of information technology (IT).
  • Given the massive use of IT in the delivery and management of core infrastructure services, the volume of citizen data generated in a smart city is expected to grow exponentially over time. The current IT Act might not give adequate protection to the citizen data that smart cities will generate.
Way Forward - Cyber Security
  • 5 Editorials - 23, 25, 34, 51.
  • Develop an evolving, dynamic Open Cyber Security Doctrine – Cyber deterrence Strategy on lines of “No- First use policy”
  • National Mission in Cyber forensics.
  • Indigenization of Operating systems.
  • Cyber terrorism must be incorporated into national terrorism response operations.
  • Skill development to create a cadre of cyber workforce to tackle coordinated cyber-attack.
  • Cyber security must be mandatory part of Computer Science curriculum.
  • Cyber Security Awareness among population.
  • Enhancing capabilities of small businesses to tackle cyber situation.
  • International coordination and cooperation to tackle the cyber threat by adhering to international norms and standards.
  • Develop a 24x7 nodal point for cyber cooperation.
  • Shift focus from - Big Bang Cyber Security Attacks to Decentralised Attacks (Ransomeware, Phishing (Random send to 1000 people, 10 people affect), Spear Phising (Particulate target. Ex: 10 people).
  • Zero Trust Systems. (Don’t trust anyone, check everyone).

Comments

Popular posts from this blog

Indian Painting - Pre History

Classification of Indian Paintings

Folk Paintings