Definition: Cybersecurity or information technology security are the techniques of protecting computers, networks, programs, and data from unauthorized access or attacks that are aimed for exploitation.
Cybersecurity is a complex issue that includes multiple domains. It is different from the other traditional security challenges due to its diffused nature and varied nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators.
|Cyber Crime||“Any unlawful act where computer or communication device or computer network is used to commit or facilitate the commission of crime”.|
|Cyber warfare||When a nation-state or international organization attacks and attempts to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks.|
|Cyber spying/ cyber espionage||Cyber spying/ cyber espionage is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of proxy server.|
|Cyber terrorism||Cyber terrorism can be also defined as the intentional use of computers, networks, and public internet to cause destruction and harm for personal objectives|
|Motives behind Cyber Attacks|
To attack critical assets of a nation or an individual.For commercial gain by hacking banks and financial institutions.
- For strategic Advantages: To penetrates into both corporate and military data servers to obtain plans and intelligence.
- To affect the social harmony of the country: To hack sites to virally communicate a message for some specific campaign related to politics and society.
|Methods used for cybercrime/Cyber Attack:|
|Phishing||It is a kind of fraudulent attempt that is made through email, to capture personal and financial information.|
|Cyber Stalking||Repeated use of electronic communications to harass or frighten someone|
|Identity theft||It is a type of fraud in which a person pretends to be someone else and does crime with the name of someone else|
|Denial of service (DoS)||It attacks refers to an attempt to make computer, server or network resources unavailable to its authorized users usually by using temporary interruption or suspension of services.|
|Ransomware||Ransomware is a type of computer malware that encrypts the files, storage media on communication devices like desktops, Laptops, Mobile phones etc., holding data/information as a hostage. The victim is asked to pay the demanded ransom to get his device decrypts.|
|Botnets||A Botnet is a collection of networked computers that reside on the Internet. These computers silently send spam, viruses, and malicious information, to other Internet computers. All based on the instructions they receive from those controlling the botnet.|
|Whaling||A whaling attack is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes.|
|Spoofing||Spoofing, as it pertains to cybersecurity, is when someone or something pretends to be something else in an attempt to gain our confidence, get access to our systems, steal data, steal money, or spread malware.|
|Browser hijacking||Browser hijacking is the unintended modification of a web browser’s settings by a malware. The term “hijacking” is used as the changes are performed without the user’s permission. Some browser hijacking can be easily reversed, while other instances may be difficult to reverse. Various software packages exist to prevent such modification|
|Pharming||It is a method used by phishers to deceive users into believing that they are communicating with a legitimate Web site. Pharming uses a variety of technical methods to redirect a user to a fraudulent or spoofed Web site when the user types a legitimate Web address|
|Skimming||It is the act of obtaining data from an unknowing end user who is not willingly submitting the sample at that time. An example could be secretly reading data while in close proximity to a user on a bus.|
|Spamming||Unsolicited commercial e-mail (UCE) sent to numerous addressees or newsgroups.|
|Espionage||Espionage is the act or practice of obtaining data and information without the permission and knowledge of the owner.|
|Computer Virus||It is a program written to enter your computer and damage/alter your files/data and replicate themselves.|
|Worms||Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc.|
|Trojan horse||A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be stolen.|
Special features of cyber war compared to traditional war:
|Special feature of cyber war compared to traditional war|
Components of Cyber Security
Application Security:It encompasses measures or counter-measures that are taken during an application’s development process to protect it from threats that can come through flaws in the app design, development, deployment, upgrade or maintenance.
- Information security:It is related to the protection of information from an unauthorized access to avoid identity theft and to protect privacy.
- Network Security:It includes activities to protect the usability, reliability, integrity and safety of the network.
- Disaster Recovery Planning:It is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of an attack.
Need for Cyber Security
- For Individuals:Photos, videos and other personal information shared by an individual on social networking sites can be inappropriately used by others, leading to serious and even life-threatening incidents.
- For Business Organizations:Companies have a lot of data and information on their systems. A cyber-attack may lead to loss of competitive information (such as patents or original work), loss of employees/customers private data resulting into complete loss of public trust on the integrity of the organization.
- For Government:A local, state or central government maintains huge amount of confidential data related to country (geographical, military strategic assets etc.) and citizens. Unauthorized access to the data can lead to serious threats on a country.
India and cyberspace threats
- Meaning – Cyberspace is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology devices and networks.
- Global Information Security Survey (GISS) 2018-19 – India was observed, one of the highest number of cyber threats have been detected in India, and the country ranks second in terms of targeted attacks.
- The 2019 Global Risk Report (World Economic Forum) highlights India’s history of malicious cyber attacks and lax cyber security protocols which led to massive breaches of personal information in 2018.
|The future war will target Crucial areas such as:|
Critical Information Infrastructure (CII):
- Critical information infrastructure is communications or information service whose availability, reliability and resilience are essential to the functioning of a modern economy, national security and other essential social values.
- The complex interactions among various industrial functions of critical infrastructure and the exchange of information leads to “interdependencies”. A minor disruption at one point could have a rippling effect across multiple infrastructures.
- Among these Critical Information Infrastructures (CIIs) which are intricately interrelated and interdependent are :
|Threats to Critical Information Infrastructure (CII)|
|Internal Threats||External Threats|
|It is defined as ‘one or more individuals with the access and/or inside knowledge of company, organisation or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products or facilities with the intent of cause harm.||This threat arises from outside of the organisation, by individual, hackers, organisations, terrorists, foreign government agents, non-state actors, and pose risk like crippling CII, espionage, cyber/electronics warfare, cyber terrorism etc.|
|Effects of cyber-attack on CII|
- Damage or Destruction of CII
- Disruption or Degradation of Services
- Loss of Sensitive / Strategic information
- Cascading Effect
|Components of Critical Infrastructure such as:|
- Programmable Logic Control (PLC)
- Supervisory Control and Data Acquisition (SCADA) systems were targeted by the Stuxnet malware that attacked supposedly secure Iranian nuclear facilities.
- Meaning – “Cyber terrorism is the convergence of terrorism and cyber space. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives, Further, to qualify as cyber terrorism, an attack should result in violence against persons or property or at least cause enough harm to generate fear, Serious attacks against critical infrastructures could be acts of cyber terrorism depending upon their impact.”
|Cyberspace has been used as a conduit by terrorists-|
- For planning terrorist attacks,
- For recruitment of sympathizers,
- For Communication purposes
- For command and control
- Spreading propaganda in form of malicious content online to brain wash using their myopic ideological view
- For funding purposes
- As a new arena for attacks in pursuit of the terrorists’ political and social objectives.
- From that perspective, the challenges from non-state actors to national security are extremely grave. The shadowy world of the terrorist takes on even murkier dimensions in cyberspace where anonymity and lack of attribution are a given.
- The government has taken a number of measures to counter the use of cyberspace for terrorist-related activities especially in the aftermath of the terrorist attack in Mumbai in November 2008.
- Parliament passed à
- 2008 amendments to the IT Act, with added emphasis on cyber terrorism and cyber-crime.
- The Information Technology (Guidelines for Cyber Cafe) Rules, 2011 under the umbrella of the IT Act.
In doing so, the government has had to walk a fine balance between the fundamental rights to privacy under the Indian Constitution and National Security Requirements.
Government’s steps toward strengthening India’s Cyber Security
- National cyber coordination centre (NCCC) to scan internet traffic coming into the country and provide real time situational awareness and alert various security agencies.
- A new Cyber and Information Security (CIS) Division has been created to tackle internet crimes such as cyber threats, child pornography and online stalking. Under this, Indian cyber- crime coordination centre (I4C) and Cyber Warrior Police force has also been established.
- Formation Defence Cyber Agency in the realm of military cyber security under the Ministry of Defence.
- Formation of three cyber-forensic laboratories in Bangalore,Pune and Kolkata in association with software industry group NASSCOM.
- National Critical Information Infrastructure Protection Centre (NCIIPC) to battle cyber security threats in strategic areas such as air control, nuclear and space. It will function under the National Technical Research Organisation, a technical intelligence gathering agency controlled directly by the National Security Adviser in PMO.
- Indian Computer Emergency Response Team (CERT-in) to enhance the security of India’s Communications and Information Infrastructure through proactive action and effective collaboration. CERT-fin has also been launched exclusively for the financial sector. CERT-in is also operating Cyber Swachhta Kendra, a Botnet Cleaning and Malware Analysis Centre.
- On similar lines for protection of critical sectors of Indian economy FIN-CERT for India’s financial sector was launched.
- Government inaugurated the new body National Information Centre Computer Emergency Response Team (NIC-CERT) to prevent and predict cyber-attacks on government utilities.
- Cyber Surakshit Bharat Initiative to strengthen the Cyber Security ecosystem in India. It is the first public private partnership of its kind and will leverage the expertise of the IT industry in cybersecurity.
- Creation of National Critical Information Infrastructure Protection Centre and mandating security practices related to the design, acquisition, development, use and operation of information resources.
- Security – Cyber Swachhta Kendraà It is the Botnet Cleaning and Malware Analysis Centre under the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MeitY). The aim of Cyber Swachhta Kendra is to promote awareness among Indian citizens to secure their data in computers, mobile phones, and other electronic devices.
- Cyber Surakshit Bharat Initiativeà MeitY in collaboration with National e-Governance Division (NeGD) came up with this initiative in 2018 to build a cyber-resilient IT set up.
- National Cyber Security Strategy 2020à Indian Government is coming up with the National Cyber Security Strategy 2020 entailing the provisions to secure cyberspace in India. The cabinet’s nod is pending and it will soon be out for the public.
- National Informatics Center (NIC) – The National Informatics Centre is an attached office under the Ministry of Electronics and Information Technology in the Indian government. The NIC provides infrastructure to help support the delivery of government IT services and the delivery of some of the initiatives of Digital India.
|Cyberspace has been used as a conduit by terrorists-|
- To provide a legal framework for transactions carried out by means of electronic data interchange, for data access for cybersecurity etc.
|Salient Features of the Information Technology Act, 2000:|
- Digital signature has been replaced with electronic signature to make it a more technology neutral act.
- It elaborates on offenses, penalties, and breaches.
- It outlines the Justice Dispensation Systems for cyber-crimes.
- The Information Technology Act defines in a new section that cyber café is any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.
|Shreya Singhal v. Union of India(Section 66 A)|
- In Shreya Singhal v. Union of India judgement, Supreme Court had observed that the weakness of Section 66A lay in the fact that it had created an offence on the basis of undefined actions: such as causing “inconvenience, danger, obstruction and insult”, which do not fall among the exceptions granted under Article 19 of the Constitution, which guarantees the freedom of speech.
- The court also observed that the challenge was to identify where to draw the line Traditionally, it has been drawn at incitement while terms like obstruction and insult remain subjective.
- In addition, the court had noted that Section 66A did not have procedural safeguards like other sections of the law with similar aims, such as :
- The need to obtain the concurrence of the Centre before action can be taken.
- Local authorities could proceed autonomously, literally on the whim of their political masters.
- The judgment had found that Section 66A was contrary to both Articles 19 (free speech) and 21 (right to life) of the Constitution. The entire provision was struck down by the court.
|Offences under IT act 2000|
|Section 43||Data protection: laws and regulations that makes it illegal to store or share some type of information or share information about people without their knowledge or permission|
|Section 66||Hacking of systems present over the network.|
|Section 66 B||Dishonestly receiving stolen computer resources|
|Section 73||Publishing electronic Signature certificate false in certain particulars.|
|Key provisions of the National Cyber Security Policy 2013:|
- Set up different bodies to tackle various levels of threats, along with a national nodal agency to coordinate all cybersecurity matters.
- To promote adoption of global best practices in information security.
- Create a National Critical Information Infrastructure Protection Centre (NCIIPC) Create a workforce of around 500,000 trained in cyber security.
- To create a think tank for cyber security policy inputs, discussion and deliberations.
- Provide fiscal benefits to businesses to adopt best security practices.
- To enhance the national and global cooperation among security agencies, CERTs, NCCC etc.
- Set up testing labs to regularly check safety of equipment being used in the country.
- Create a cyber ecosystem in the country, developing effective public-private partnerships and collaborative engagements through technical and operational cooperation.
- Build indigenous security technologies through research.
- To develop bilateral and multilateral relationships in the area of cyber security with other countries.
Assessment of National Cyber Security Policy 2013
Issue of Personal Data Security
- Personal Data: In simple words personal data is that data from which an individual can be identified like name, address etc, these personal data can include sensitive personal information like gender, financial, health etc. which can be misused by easily.
- In the India justice B.N Sri Krishna committee provided a framework of personal data.
- Global personal data protection laws: European Union law, General Data Protection Regulation (GDPR), this right allows an individual to remove consent for data collection and disclosure.
| Rights offered to citizens by personal data security bill 2019|
International cooperation in Cyber Security:
Budapest Convention on Cybercrime, 2001:
- It deals with issues such as infringements of copyright, computer-related fraud, child pornography and violations of network security.
- It aims to pursue a common criminal policy, especially by adopting appropriate legislation and fostering international police as well as judicial co-operation.
- It is supplemented by a “Protocol on Xenophobia and Racism” committed through computer systems.
- India is not yet a member. The Convention has 56 members, including the US and the UK.
- This convention of the council of Europe is the only binding international instrument on this issue that addresses Internet and computer crime by harmonizing national laws, improving legal authorities for investigative techniques, and increasing cooperation among nations.
Global Centre for cyber security :
- It is an initiative of the World Economic Forum with its headquarters in Geneva.
- Aims to establish the first global platform for governments, businesses, experts and law enforcement agencies to collaborate on cyber security challenges and to develop a comprehensive regulatory mechanism.
Global conference on Cyber Space:
- Conference includes members from Government, civil society, private sector and the theme is cooperation in cyberspace and enhancing cyber capacity building.
- Conference is held since 2011 biennially.
‘Commonwealth Cyber Declaration’ at the Commonwealth Summit 2018:
- Commonwealth Heads of Government, commit to:
- World’s largest inter-governmental commitments on cyber security cooperation.
- A cyberspace that supports economic and social development and rights online.
- Build the foundation of an effective national cyber security response.
- Promote stability in cyberspace through international cooperation.
Signed in April 2018.
- At UNESCO Internet Governance Forum (IGF) meeting convened in Paris, “The Paris Call for Trust and Security in Cyberspace” was commenced, aimed at developing common principles for securing cyberspace.
Latest attack over the Indian Information Infrastructure:
- Coronavirus Pandemic Based Cyber Attack – Microsoft has reported that cyber crooks are using Covid-19 situation in 2020 to defraud people through phishing and ransomware in India and the world
- WannaCry – It was a ransomware attack that spread rapidly in May, 2017. The ransomware locked users’ devices and prevented them from accessing data and software until a certain ransom was paid to the criminals. Top five cities in India (Kolkata, Delhi, Bhubaneswar, Pune and Mumbai) got impacted due to it.
- Mirai Botnet – Mirai is malware that infects smart devices that run on ARC processors, turning them into a network of remotely controlled bots or zombies. This network of bots, called a botnet, is often used to launch Distributed Denial of Service (DDoS) attacks. In September 2016, Mirai malware launched a DDoS attack on the website of a well-known security expert.
- Attack over the Kudankulam nuclear power station.
- Attack over the website of national institutions
- Petya Ransomware – In India, the ransomware has crippled the operations at one of the terminals of the Jawaharlal Nehru Port Trust.
- In 2017 malware attack on the Tehri Dam in Uttarakhand.
Case of Stuxnet:
|Stuxnet, the cyber worm allegedly created by US’ National Security Agency and Israeli military and posed a massive attack on the cyber infrastructure of Iran’s nuclear enrichment centre at Natanz. Stuxnet exploited five distinct zero-day vulnerabilities in desktop systems, apart from vulnerabilities in PLC systems. Indian investigators had already found Stuxnet in Indian systems in early 2012|
- As the attack of this nature is complex so periodic ‘back of data’ can prevent data theft.
- Real time monitoring and data gathering to prevent the cyber-attack.
- Development of a mechanism which is to be followed during the time of attack.
- Empowerment of people through digitally literacy
- Training personnel in the field of cyber expertise.
- A comprehensive policy along with strong laws can prevent the cyber-attack in the country.