- Prelims: G20, ransomware, Computer Emergency Response Team (CERT-In) etc
- Mains GS Paper III: Linkage of organized crimes with terrorism, implications of cybercrimes on security etc
ARTICLE HIGHLIGHTS
- India has highlighted the soft underbelly, fast expanding digital networks.
- Ransomwares have emerged as the most predominant of malicious cyberattacks.
- According to the National Crime Records Bureau (NCRB), from 12,317 cases of cybercrime in 2016, there were 50,035 cases registered in 2020.
INSIGHTS ON THE ISSUE
Context
Cybercrime:
- It is defined as a crime where a computer is the object of the crime or is used as a tool to commit an offense.
- Cybercrimes are at an all-time high, impacting individuals, businesses, and countries.
Types of Cybercrimes:
Recent ransomware attack:
- On the servers of All India Institute of Medical Sciences: Nearly 40 million health records were compromised.
- Ransomware gang, BlackCat: breached the parent company of Solar Industries Limited(Ministry of Defence’s ammunition and explosives manufacturers, and extracted over 2 Terabyte of data.
Vulnerabilities associated with Ransomwares:
- The perpetrators demand hefty payments for the release of withheld data.
- Data show that over 75% of Indian organizations have faced such attacks
- Each breach costs an average of ₹35 crore of damage.
- Every critical infrastructure, from transportation, power and banking systems, would become extremely vulnerable to the assaults from hostile state and non-state actors.
Cyber capabilities play a pivotal role:
- Ongoing conflict in Ukraine: electronic systems in warheads, radars and communication devices have reportedly been rendered ineffective using hacking and GPS jamming.
Indian Computer Emergency Response Team (CERT-In) guidelines:
- Mandatory obligation to report cyber attack incidents within hours of identifying them
- Designating a point person with domain knowledge to interact with CERT-In.
Other guidelines:
- India’s draft Digital Personal Protection Bill 2022 proposes a penalty of up to ₹500 crore for data breaches.
- India’s armed forces created a Defence Cyber Agency (DCyA), capable of offensive and defensive maneuvers.
- All Indian States have their own cyber command and control centers.
Cyber professionals:
- India is projected to have a total workforce of around 3,00,000 people in this sector in contrast to the 2(one point two)million people in the United States.
- Most of the organizations are in the private sector. Their participation remains limited in India’s cybersecurity structures.
Digital Geneva Convention:
- 30 global companies have signed a declaration to protect users and customers from cyber breaches, and collaborate with like-minded intergovernmental and state frameworks.
- Signatory companies have agreed to collaborate on:
- stronger defense systems
- no offensive cyberattacks
- Protect against tampering of their products, capacity building and collective action.
India has signed Cybersecurity treaties with:
- United States, Russia, the United Kingdom, South Korea and the European Union.
- Multinational frameworks such as the Quad and the I2U2 (which India is a member of).
Global effort:
- The United Nations General Assembly established two processes on the issues of security in the information and communication technologies (ICT) environment.
- Open-ended Working Group (OEWG), comprising the entire UN membership, established through a resolution by Russia.
- Resolution by the U.S., on the continuation of the Group of Governmental Experts (GGE), comprising 25 countries from all the major regions.
- The two antagonistic permanent members of the UN Security Council, differ vastly on many aspects of:
- Internet
- openness
- restrictions on data flow
- digital sovereignty.
- Member-states have found the resolutions to be complementary, and not mutually exclusive.
Issues in India related to Cybercrimes:
- No procedural code: There is no separate procedural code for the investigation of cyber or computer-related offenses.
- Shortage of technical staff: There have been half-hearted efforts by the States to recruit technical staff for the investigation of cybercrime.
- It is only a technically qualified staff who could acquire and analyze digital evidence rather than regular police officers without training.
- Issues with cyber labs: The cyber forensic laboratories of States must be upgraded with the advent of new technologies.
- Offenses related to crypto-currency remain under-reported as the capacity to solve such crimes remains limited.
- Trans-national crimes: Most cyber crimes are trans-national in nature with extra-territorial jurisdiction.
- India has extradition treaties and extradition arrangements with 48 and 12 countries, respectively.
Steps taken by India:
Way Forward
- With cyber threats capable of undermining our critical infrastructure, industry and security, a comprehensive cyber security policy is the need of the hour.
- With the introduction of 5G and the arrival of quantum computing, the potency of malicious software, and avenues for digital security breaches would only increase.
- India’s cybersecurity strategy would do well without overlooking these actualities and trends.
- With most cyberattacks originating from beyond our borders, international cooperation would be critical to keep our digital space secure.
- This year, cybercrimes are expected to cause damage worth an estimated $8 trillion worldwide.
- The G-20 summit in India is a rare opportunity to bring together domestic and international engagement groups across the spectrum, and steer the direction of these consultations.
- India could make an effort to conceptualize a global framework of common minimum acceptance for cybersecurity.
- This would be one of the most significant contributions made by any nation towards collective security in modern times.
QUESTION FOR PRACTICE
Discuss different types of Cybercrimes and measures required to be taken to fight the menace.(UPSC 2020) (200 WORDS, 10 MARKS)
What is the CyberDome Project? Explain how it can be useful in controlling internet crimes in India.(UPSC 2019) (200 WORDS, 10 MARKS)