Cyber Security : Indian perspective

Cyber’ is originated from ‘Cybernetics’ which was coined in the the magnum opus of Norman Weiner. In the said book a link between human and animal was explored. But definitely it was the Cold War which gifted internet i.e cyberspace to the world[1]. In response to Russia’s successful launch of SPUTNIK in the space, US declared the launch of ARPANET which was assigned to develop rules of communication i.e. protocols for communication. However, internet gained popularity from 1996 with launching for the public. At that moment of time internet was young and its structure was simple consisting of just three layers: -server, network and client. Each had its own security component. Then user have to simply make few click over the hyperlinks. But today’s internet world is inexorable networked world and far more complex, which are shaping our daily lives through different ways. Almost everything can be done online. Since most of of our activities are being performed by internet and the Government agencies along with other Institution to collect, process, and store huge amount of confidential information on computers and transmit that data across networks to other computers, it has become an attractive target for criminal & fraudsters as well as state actors to destabilise the economic and strategic interest. With the passage of time the focus of the computer crime has shifted to financial crime from merely damaging the computer or destroying or manipulating date for personal benefit. With the participation of the state sponsored actor, it has changed into very effective tool of modern warfare.

2. These developments require an enhanced effort to strengthen the security scenario and thereby demands better way to protect the vital interests. There is no doubt that threat from professional criminals and state sponsored saboteurs in cyber space is growing and continues to become more sophisticated. State sponsored saboteurs focus on economic and political espionage and on making preparations for digital sabotage exposing sensitive personal and business information, disrupting critical operations, and imposing high costs on the economy. Cyber attackers are highly motivated, well-funded and technically advanced as it is a low risk business investment with huge returns. These attacks pose a direct threat to national initiatives such as Smart Cities, E-Governance and digital public identity management. Cyber security lapses can’t only lead to monetary losses, but also put national security at risk if critical information infrastructure is targeted. Various security breaches and countless records lost have been reported in India. The majority of these attacks happened in the ecommerce and banking sectors due to high value of personally identifiable information. Cyber criminals breached the IRCTC website, the country’s largest government site and stole around 10 million customer record from the server to e-ticketing portal. Similarly, SBI was forced to replace to millions of Debits/Credit Cards in 2017. Cyber security attacks take many forms from obtaining users personal information to attacking critical national infrastructure and obtaining companies propriety data. Sony has shut down its PlayStation Network in 2011 because off a "non-gaming" intrusion into its system. It led to the theft of the data of the 77 million users. Similarly, Adobe Breach Impacted At Least 38 Million Users. On February 4, 2016, unidentified criminals used fraudulent orders on the SWIFT payments system to steal the funds from the Bangladesh Bank's account in the Federal Reserve Bank of New York. This has been one of the world's biggest cyber hoists. Besides, there is an interesting case of online stalking which was registered by Mrs. Ritu Kohli at Delhi Police (Kaur, 2013). it was found that a false story was created to blackmail an NRI[2]. The scenario is rapidly changing with the evolution of next generation. It is amazing that an unknown town of Jamtara, in Jharkhand has become the India’s cyber-crime capital, to which more than half the attacks in the country can be traced back. Records reveal that between April 2015 and March 2017, police teams from 12 different States have visited the station 23 times and arrested around 38 accused. Over 80 cases have been registered suo motu by the police between July 2014 and July 2017 against 330 residents of the area.

3. Globally India is as a preferred outsourcing destination which is rolling out ‘Digital India’ programme focused on efficient service delivery and governance along with digitalisation of the Economy. The Indian landscape is experiencing an unbelievable amount of transformation in a short span of time. This obviously creates vulnerabilities wherein state and non-state actors could potentially exploit for their selfish gains. There is urgent need to protect the integrity of networks, programs and data from attack, damage or manipulation from unauthorized access. With the advent of IoT (Internet of things), virtual life is going to be reality which is diminishing our privacy and confidentiality in the world on internet.

4. In this regard, the main aim of Cyber Security is to protect our cyber space (critical infrastructure) from attack, damage, misuse and economic espionage. From the past experiences, It may be concluded that there are five main types of cyber-attack, each with its own distinct – though sometimes overlapping. Economic crime is committed for commercial and financial gains from hacking as well as phishing scams and computer ransom ware. Cyber Espionage attempts to obtain secrets and information from individuals, organisations and governments through Internet using proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber Activism are carried out by supporters of an idealistic cause for specific campaigns. Most recently the supporters of WikiLeaks. Cyber Terrorism’s main mission is to penetrate and attack critical assets and national infrastructure for aims relating to political power for destabilisation. Now a days this is a persistent threat. Cyber Warfare necessarily involves a nation-state in attacking & damaging another nation’s interest through cyberspace. stuxnet is believed to be first in its category believed to be responsible for causing damage to Iran's nuclear program. Cyberattacks had become an established tool of statecraft by the time they were used against the Republic of Georgia in the summer of 2008[3]. The war between Russia and Georgia that took place in August of that year was remarkable for its inclusion of a series of large-scale, overt cyberspace attacks that were relatively well synchronized with conventional military operations.

5. From the initial phase to current phase or in the history of Cyber Security there are three main evolutionary phases i.e virus protection, IT & Network Security and Cyber security. VIRUS Protection was the first stage in which entire concepts were largely focused on protecting individual computers from Vital Information Resources Under Siege (VIRUS) attacks. This largely took the form of simple Anti-VIRUS software that could be purchased and installed in individual computer systems. VIRUS protection focussed on ensuring that IT systems and devices performed as expected, upon installation of the anti-VIRUS software. IT and Network Security was the next phase of evolution. This phase was the direct consequence of the realization that attacks to individual computers can affect the whole networks to which they are connected to. IT and Network Security focuses on the protection of the devices and the information assets passing through the network, by installing fire walls and network security software. In the current phase of Cyber Security data, network, privacy and infrastructure all requires a comprehensive approach and scenario is changing significantly day be day.

6. As the USA is in leading position in the era of cyber security, analysing the nature of threats and their complexities, U.S. Department of Defence has introduced Directive 8570 in 2005 as an information security workforce organization model. It was an effort to keep up with changing security needs. It outlined 14 specific job roles under four categories which includes Management (Information Assurance Manager), Architect (Information Assurance Manager), Technician (Information Assurance Technician), and Operations (Computer Network Defense). In 2015, Directive 8140 was introduced, advocating for new NICE cyber Security workforce framework which divides information security into seven activity categories and 31 speciality areas. The activity categories are: analyse, collect and operate, investigate, operate and maintain, oversight and development, protect and defend and security provision and finally promulgated the law “the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation establishes the Cybersecurity and Infrastructure Security Agency (CISA) responsible for building the national capacity to defend against cyber attacks. CISA's main focus areas include combatting cyber crime and cyber incident response, protecting federal networks & critical infrastructure and providing cyber security governance.

7. The National Informatics Centre (NIC) was set up as early as 1975 with the goal of providing IT solutions to the government. However, the enactment of IT Act 2000 by the Indian Parliament was the most significant step that allowed electronic records, digital signatures and a notification in electronic gazette to be legally recognised adding that Indian authorities have spent the lion’s share of their resources tackling localised cybercrime while responding to major attacks on a case-by-case basis[4]. Initially, insight and far sightedness seems to be missing in India, in the areas of cyber law and cyber security. This fact is evident from Information Act, 2000 as well as various decisions taken by the Government. Whether it is the Home Ministry banning the use of Internet or chief justice of India recommending banning of pornography and hate sites which was/is futile exercise. For instance, blocking of a website can be simply bypassed by using proxy servers. India has made almost all the cyber crimes “bailable” due to which Indian cyberspace has become a “free zone” and “safe heaven” for cyber offenders[5]. Efforts must be made to strengthen our cyber security to counter growing dangers of “cyber terrorism” and “cyber war”. But what is more important is for an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system comprising of Network security, application security, endpoint security, data security, identity management, database and infrastructure security, cloud security, mobile security, disaster recovery/business continuity planning, end-user education. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known threats.

8. As the conventional approach was insufficient and threats were advance, the Government of India took the first formalized step towards cyber security in 2013 by promulgating National Cyber Security Policy, 2013. The Policy is aimed at building a secure and resilient cyberspace for citizens, businesses and the Government. Its mission is to protect cyberspace information and infrastructure, build capabilities to prevent and respond to cyber-attacks, and minimise damages through coordinated efforts of institutional structures, people, processes, and technology. The objectives of the policy include creating a secure cyber ecosystem, compliance with global security standards, strengthen the regulatory framework, creating round the clock mechanisms for gathering intelligence and effective response, operation of a National Critical Information Infrastructure Protection Centre for 24×7 protection of critical information infrastructure, research and development for security technologies, create a 500,000 strong cyber security workforce, to provide fiscal benefits to businesses for adopting cyber security practices, to build public private partnerships for cooperative cyber security efforts. Now a days National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.

9. Recognising the strategic dimensions of cyberspace, the Prime Minister’s Office (PMO) created the position of the National Cyber Security Coordinator in 2014. In response to the intrusions by infamous hacker group ‘Legion’ in 2016, the Ministry of Electronics and Information Technology issued several orders and directives. These included use of the National Payment Corporation of India (NPCI) to audit the financial sector, review and strengthening of the IT Act, directives to social networking site Twitter to strengthen its network, and directives to all stakeholders of the financial industry including digital payment firms to immediately report any unusual incidents. India’s first chief information security officer (CISO) was appointed in 2016 with the aim of enhancing cyber security in the country and subsequently all ministries were asked to appoint Central Information Security Officers.

10. To combat cyber security violations, Government of India’s Computer Emergency Response Team (CERT-in) in February 2017 launched ‘Cyber Swachhta Kendra’ (Botnet Cleaning and Malware Analysis Centre) a new desktop and mobile security solution for cyber security in India. The " Cyber Swachhta Kendra " (Botnet Cleaning and Malware Analysis Centre) is a part of the Government of India's Digital India initiative under the Ministry of Electronics and Information Technology (MeitY) to create a secure cyber space by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections. The " Cyber Swachhta Kendra " (Botnet Cleaning and Malware Analysis Centre) is set up in accordance with the objectives of the "National Cyber Security Policy", which envisages creating a secure cyber ecosystem in the country under Section 70B of the Information Technology Act, 2000. It will detect botnet infections in India and prevent further infections by notifying, enable cleaning and securing systems of end-users. It functions to analyze BOTs/malware characteristics, provides information and enables citizens to remove BOTs/malwar and to create awareness among citizens to secure their data, computers, mobile phones and devices such as home routers. This centre operates in close coordination and collaboration with Internet Service Providers and Product/Antivirus companies to notify the end users regarding infection of their system and providing them assistance to clean their systems, as well as industry and academia to detect bot infected systems. The centre strives to increase awareness of common users regarding botnet, malware infections and measures to be taken to prevent malware infections and secure their computers, systems and devices.Tthe cyber swachhta Kendra while providing USB-Pratirodh, Samvid-App for PC, MKavach for Android devices, JS-Guard browser extension for Chrome & Mozilla are playing a significant role in maintaining minimum requirement of cuber security for common masses. But there is lack in coordination at the top level among various agencies. What is alarming in Indian scenario is that there are involvements of various agencies which are performing cyber operation resulting into the fragmented efforts and responsibility. CERT in was created in 2004 in order to response to computer security incidents throughout the country and is also responsible for overseeing administration of IT Act. National Information Security Assurance Programme (NISAP) is an initiative which were taken by CERT-In for developing and implementation of information security policy and best practises for use of protection of infrastructure with the establishment of computer forensics. Besides NTRO, National Intelligence Grid and National Information Board are the top layer of agencies assigned for performing cyber operation in India.

11. India currently has a top layer of agencies performing cyber operations — the National Technical Research Organisation, the National Intelligence Grid, and the National Information Board. But over the last two decades, the responsibility of cyberspace security has been fragmented among several ministries, agencies, departments and even non-government organisations (NGO), thereby making coherent and consistent government-wide action a challenge. As proposed NCTC is supposed to serve as a single and effective poinbt of control and coordination of all countetr terrorism measures as per with the American NCTC and UK’s Joint Terrorism Analysis. National Critical Information Infrastructure Protection Centre (NCIPC) of India is supposed to act as a nodal agency for the protection of critical information infrastructure of India. This combined data will be made available to 11 central agencies, which are: Research and Analysis Wing, the Intelligence Bureau, Central Bureau of Investigation, Financial intelligence unit, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Enforcement Directorate, Narcotics Control Bureau, Central Board of Excise and Customs and the Directorate General of Central Excise Intelligence. Crime and Criminal Tracking Networks and Systems (CCTNS) is a project under National e-Governance Plan (NeGP) aims to facilitate collection, storage, retrieval, analysis, transfer and sharing of data and information at the police station and between the police station and the State Headquarters and the Central Police Organizations. CCTNS would provide a comprehensive database for crimes and criminals, and it would be easier for the law enforcement agencies to track down a criminal moving from one place to another. National Cyber Coordination Centre (NCCC) is responsible for cyber-attack prevention strategy, cyber-attack investigations and training, etc. Besides. Data Security Council of India (DSCI): is a body on data protection in India, setup by NASSCOM, committed to making the cyberspace safe various stakeholders. Including government and other private entities.

12. Development of Public Private Partnerships is an important strategy under the National Cyber Security Policy 2013. Pursuant to this aim, under the Cyber Swachhta Kendra initiative, antivirus company Quick Heal is providing a free bot removal Tool. To combat the ever-evolving techniques of cyber intrusions, the government also recognises the need for working in collaboration with industry partners. Consequently, CISCO and Ministry of Electronics and Information Technology’s Indian Computer Emergency Response Team (CERT-In) have signed a Memorandum of Understanding (MoU) whereby a threat intelligence-sharing programme will be established, wherein personnel from CISCO and CERT-In will work collectively to tackle digital threats and develop and incorporate new ways to improve cybersecurity. The Indian government has entered into cyber security collaborations with countries such as the USA, European Union and Malaysia to deal with the increasing international nature of cyber crime. U.K. has agreed to assist in developing the proposed National Cyber Crime Coordination Centre in India. Both the countries agree to share and implement cybersecurity best practices, share cyber threat information on a real-time basis, develop joint mechanisms to mitigate cyberthreats, promote cooperation between law enforcement agencies and improve their capacity through joint training programs, encourage collaboration in the field of cybersecurity research, and Strengthening critical Internet infrastructure in India. Indo US Cyber Security Forum (IUSCSF): was established in 2001 and is dedicated to protecting the critical infrastructure of the knowledge-based economy. The members of the forum are various government and private sector organizations, both from India and the United States, working under the Forums auspices, have identified risks and common concerns in cyber security and crafted an action-oriented work plan on securing networked information systems. The Forum focuses on cyber-security, cyber-forensic sand related research and works towards enhancing co-operation among law enforcement agencies on both sides in dealing with cyber crime. Defence services of both the countries will enhance their interaction through exchange of experience in organizational, technological, and procedural aspects. Ongoing co-operation between India’s STQC and the US National Institute of Standards and Technology (NIST) will expand to new areas including harmonization of standards. CII and their US counterpart have decided to set up an India Information Sharing and Analysis Centre (ISAC) and India Anti-Bot Alliance (“bot‟ refers to software that can be tasked to invade computers and undertake malicious activities remotely on behalf of hackers (Press Information Bureau, 2006).

13. But, at the national level it is required to pay special attention to advanced persistent threats (APT) groups that receive direction and support from established nation state. APT groups try to steal data, disrupt operations or destroy infrastructure. It may pursue its objectives over months or years. They adapt to cyber defences and frequently retarget the same victim. APT 38 is suspected to be attributed by North Korea regime and has conducted operation in over 16 organisations in at least 11 countries. APT 34 is from Iran. It has largely focussed within the Middle East and has targeted across a variety of industrious including financial, Government and telecommunications while APT 33 has targeted organization headquartered in the US, Saudi Arabia and South Korea mostly in aviation and energy sector. APT 32 from Vietnam is also known as Ocean Lotus group which poses a threat to companies doing business, manufacturing or preparing to invest in the country. From the cyber security point of view, findings of Symantec’s 2019 Internet Security Threat Report is warranted. It reveals that Formjacking attacks skyrocketed, with an average of 4,800 websites compromised each month. Ransomware shifted targets from consumers to enterprises, where infections rose 12 percent. It further states that Supply chains remained a soft target with attacks ballooning by 78 percent. The same report also amazingly mentions that “Smart Speaker, get me a cyber attack” — IoT was a key entry point for targeted attacks; most IoT devices are vulnerable.

14. It needs to be stressed that all warfare is based on deception. If techniques such as denial and deception, psychological operation and propaganda have been central to modern warfare for a very long time, new cyber capabilities merely extend the above opportunities day by day with technological advancements offering new tools of technological expression of existing elements of warfare. India’s digital capabilities lag significantly behind regional and global players such as US and China. India is a net information exporter. Its information highways point west, carrying with them the data of millions of Indians. The massive gap between the security offered by the cheapest phone in the Indian market and a high-end smartphone makes it impossible for regulators to set legal and technical standards for data protection. India’s infrastructure is susceptible to four kinds of digital intrusions: espionage, which involves intruding into systems to steal information of strategic or commercial value; cybercrime, referring to electronic fraud or other acts of serious criminal consequence; cyber attacks, intended at disrupting services or systems for a temporary period; and cyber war, caused by a large-scale and systematic digital assault on India’s critical installations. Although, certain critics have pointed out Military Industrial complexity/commercial interest that has good reason to exaggerate the threat of cyber war since it will lead to a number of very lucrative defence contracts/commercial profit and the chance to exercise and dominant power over weaker nations, a fully operational Cyber Command armed with offensive cyber capabilities within legal frame work in India is the need of the hour to deal with critical threat from cyber security point of view. This would involve the development of software designed to intrude, intercept and exploit digital networks. A cyber arsenal may serves the key function of strategic deterrence. New trends have also been emerged in recent days which is the Cyber Campaigning in an ongoing election in order to create enthusiasm in favour of particular candidates. The allegation of Russian intrusion into the US Presidential election and Cambridge Analytica case in connection with Facebook and so called Twitter’s favourism in Indian context will be a tragedy for any democratic setup in a country. In the country like India, which is full of diversity, it will have cascading effect on national security and functioning of the democratic civilian & military establishment. There is always a chance for exploitation by exaggerating the social tensions by the external enemy or internal interested groups. Such scenario is of great concern and is required to be dealt/addressed immediately executives or policy makers without leaving any scope for reassertion.

[1] The Internet: A Cold War Baby http://www.historywiz.com/internet.htm

[2]First cyber sex crime in Delhi https://www.thehindu.com/2000/06/18/stories/14182186.htm

[3] https://mwi.usma.edu/understanding-cyberwarfare-lessons-russia-georgia-war/

[4] https://www.groundreport.com/Media_and_Tech/India-Is-Waking-Up-To-The-Cyber-Crimes-Realities_1/2916938

[5] http://ptlbindia.blogspot.com/2009/11/cyber-terrorism-in-india-and-its.html