11 November 2024 : Daily Answer Writing

Q1) Outlining the various cyber threats faced by India, assess the state of the country’s preparedness to deal with the same.

(150 Words/10 Marks)

ANS

Cyber threat can be defined as the possibility of a malicious attempt by inimical interests to damage or disrupt a computer network or system. According to an international report, India was ranked the third-worst country (after USA and Brazil) for cybersecurity risk events in the first half of 2023.

Different kinds of cyber threats in India are as follows:

1. Cyber espionage: It is the use of computer networks/virus to gain illegal access to confidential information held by the government/citizens. E.g., Fancy Bear, a Russia-based cyber attacker that targeted US and European military organizations; Pegasus spyware cyber-attack in India etc.
2. Cybercrime: Cybercrime is defined as offensive manoeuvre employed with an intention to damage or destroy a specific computer network or system. E.g., 32 lakh SBI ATM cards got hacked in 2016.
3. Cyber terrorism: Convergence of terrorism and cyberspace to cause severe disruption in society resulting in violence against person or property. E.g., ISIS’s propaganda to recruit terrorists.
4. Cyber warfare: Actions by a nation-state or its proxies to penetrate other nations’ computers or networks. E.g., Stuxnet was designed to attack the Iranian nuclear programme, recent AIIMs cyberattack, extensive use of cyber warfare in Russia-Ukraine/Israel-Hamas conflict.

Realizing the threats posed in cyber domain, India has initiated the following programmes and initiatives towards building cyber resilience and thwart/mitigate the cyber-attacks:

1. Policy measures:
2. National Cyber Security Policy 2013: Facilitates creation of secure computing environment and enables adequate trust and confidence in electronic transactions.
3. It aims to guide stakeholders’ actions for protection of cyberspace.
4. Legislative measures:
5. IT Act, 2000 amended in 2008.
6. Government’s decision to block Chinese applications in 2020.
7. Personal Data Protection Act: focuses on Data Localisation that strictly states that individuals’ sensitive personal data is to be stored locally.
8. Bodies and organizations to deal with cyber-attacks in India:
9. CERT-In: All organizations providing digital services have been mandated to report cyber security incidents to CERT-In expeditiously.
10. Cyber Swachhta Kendra: launched for providing detection of malicious programmes.
11. Cyber Surakshit Bharat: To raise awareness against cybercrimes and build capacities/capabilities to tackle the same. Page 11 of 28
12. National Critical Information Infrastructure Protection Centre: Protection of “critical sectors”- Power & Energy, Banking, Financial Services & Insurance, etc.
13. National Cyber Coordination Centre: to scan internet traffic and communication metadata, detect real-time cyber threats and generate actionable reports/alerts.
14. I4C- Indian Cyber Crime Coordination Centre: It comprises of threat analysis unit, reporting portal etc., and conducts joint cybercrime investigation etc.
15. Défense Cyber Agency: tri-service command of Indian forces, and Chief Information Security Officer.

India’s cybersecurity framework has improved over the years as reflected in Global Cybersecurity Index 2020 by ITU (International Telecommunication Union), where it was ranked 10th (47th in 2019). However, a broad collaborative approach between industry, citizens and the state is needed to tackle cyber threats in their entirety.