Insights into Editorial: For a safe cyberspace
Insights into Editorial: For a safe cyberspace
The Indian government has embarked on a programme to turn the country into a digital economy. It has unveiled a series of initiatives—from introducing Aadhaar, MyGov, Government e-Market, DigiLocker, Bharat Net, Startup India, Skill India and Smart Cities to propel India towards technological competence and transformation.
The move towards a digital economy is likely to help trigger a fresh wave of economic growth, attract more investment, and create new jobs, across multiple sectors. However, it also poses a big challenge, that of Cyber Security.
India’s recent Digital transformation
India is currently pursuing “an alternative and very exciting” route in which it is making the use of digital technology and digital records in public administration with new technologies, according to IMF.
- India is one of the key players in the digital and knowledge-based economy, holding more than a 50% share of the world’s outsourcing market.
- India is already the third largest hub for technology-driven start-ups in the world.
- It’s Information and Communications Technology sector is estimated to reach the $225 billion landmark by 2020.
- Digital India program seeks to launch a large number of e-governance services across different sectors. These include education, healthcare and banking.
- The number of mobile phone users in India is expected to rise to 730.7 million. The number of smartphone users in India is predicted to reach 340 million and could reach almost 468 million by 2021.
- India has made a few achievements in e-governance projects such as Digital Locker, ebastas, the linking of Aadhaar to bank accounts to disburse subsidies.
- Bharat Net (erstwhile National Optical Fiber Network), the country’s digital infrastructure, has created a common service centre for each panchayat, for which all post offices and CSCs are to be upgraded.
- India’s mobile wallet transactionswere up nine-fold in two years to reach $9 billion.
Growing threat of Cyber Security
The achievements in digital sector come with a problem: innovation in technology, enhanced connectivity, and increasing integration in commerce and governance also make India the fifth most vulnerable country in the world in terms of cyber security breaches, according to the Internal Security Threat Report of 2017 by Symantec.
- Increased no of cyber-attacks:
Till June 2017, 27,482 cyber security threats had been reported in the country, according to the Indian Computer Emergency Response Team’s report. As this is a 23% increase from 2014 figures, it coincides with rapid growth and innovation in the ICT sector.
- Cost of cyber-attacks
The cost of cyber-attacks in India currently stands in excess of Rs25, 000 crore ($4billion). It is important to note that there are many cyber-attacks that go undetected and unreported as well.
The losses emanate from operational disruptions, loss of sensitive information and designs, customer churn and impact on brand image, as well as increase in legal claims and insurance premium.
- Limited awareness
Many companies do not treat importance of cyber security as a strategic agenda, but rather as a small issue for their IT departments. In fact, a lot of cyber security incidents go unidentified and hence, unreported.
There is limited awareness of the need for specialized and customized industry-specific cyber security measures which are significantly different from IT security and need to be adapted by the industry.
All this is underpinned by the fact that there is low existing capability, or lack of skill sets, to drive cybersecurity agendas.
Types of Cyber attacks
- In 2016, nearly one percent of all emails sent were essentially malicious attacks, the highest rate in recent years.
- Ransomware attacks (Ransomware is a type of software that threatens to publish a person’s data or block it unless a ransom is paid) increasingly affected businesses and consumers, with indiscriminate campaigns pushing out massive volumes of malicious emails.
- Apart from WannaCry and Petya, other Ransomware attacks that made news globally were Locky, Cerber, Bucbi, SharkRaaS, CryptXXX and SamSam.
- Attackers are demanding more and more from victims, with the average ransom demand rising to over 1,000 USD in 2016, up from approximately 300 USD a year earlier.
- Some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of Internet of Things (IoT) devices.
- In India, in May 2017, a data breach at the food delivery App, Zomato, led to personal information of about 17 million users being stolen and put for sale on the Darknet.
- Potent crypto-ransomware attacks on Android devices including televisions that use Android.
Cyber security should be an integral part of technological progress
The global community is increasingly embracing ICTs as key enabler for social and economic development. Governments across the world recognize that digital transformation has the power to further the prosperity and wellbeing of their citizens.
In supporting this transformation, they also recognize that cyber security must be an integral and indivisible part of technological progress.
In May 2017, a massive cyber-attack caused major disruptions to companies and hospitals in over 150 countries, prompting a call for greater cooperation around the world.
The good news, though, is that India recognises this. The second Global Cybersecurity Index, released by the International Telecommunication Union in July, which measured the commitment of nations to cybersecurity, found that India ranked 23 out of 165 nations.
Global Cybersecurity Index (GCI)
The Global Cybersecurity Index (GCI) is a survey that measures the commitment of Member States to cybersecurity in order to raise awareness.
- The GCI revolves around the ITU Global Cybersecurity Agenda (GCA) and its five pillars (legal, technical, organizational, capacity building and cooperation).
- The 2017 publication of the GCI continues to show the commitment to cybersecurity of countries around the world. The overall picture shows improvement and strengthening of all five elements of the cybersecurity agenda in various countries in all regions.
- However, there is space for further improvement in cooperation at all levels, capacity building and organizational measures. The gap in the level of cybersecurity engagement between different regions is still present and visible.
- This report also provides a set of illustrative practices that give insight into the achievements of certain countries.
It’s time to reboot
One of the biggest misconceptions about cybersecurity is that cyber-attacks are restricted to the financial services and banking sector. It is important to note that industrial companies are equally vulnerable.
Given the huge number of online users and continued efforts on affordable access, cybersecurity needs to be integrated in every aspect of policy and planning.
At the 15th Asia Pacific Computer Emergency Response Team conference in Delhi, the need for robust cybersecurity policies and frameworks has been highlighted. The government is keen to fund cybersecurity research. It announced that it will award a grant worth ₹5 crore to startups working on innovations in the field of cybersecurity.
The Need of the hour
India needs to quickly frame an appropriate and updated cybersecurity policy, create adequate infrastructure, and foster closer collaboration between all those involved to ensure a safe cyberspace.
- Companies in India need to be proactive to ensure they foster efficiency and efficacy in cybersecurity management. Companies also need to assess the assets that are most at risk.
- Tough laws are needed to be put in place for perpetrators of cybercrime to ensure such criminals are deterred effectively
- There must be enhanced cooperation among nations and reaffirmed a global call to action for all United Nations member nations to not attack the core of the Internet even when in a state of war. This also clearly emphasises the fact that more than ever before, there is a need for a Geneva-like Convention to agree on some high-level recommendations among nations to keep the Internet safe, open, universal and interoperable.
GCCS(Global Conference on Cyber Space) platform should be utilised to establish internationally agreed ‘rules of the road’ for behaviour in cyberspace, and create a more focused and inclusive dialogue between all those with a stake in the internet (governments, civil society and industry) on how to implement them.