Facts/Keywords:
-
70 % increase in cases of cybercrimes in 2014 compared with 2013.
-
Radicalization of Indian Youth
-
Govt. plans to setup Rs400 cr. “Indian Cyber Coordination centre” a cyber-crime control hub. –> will check cyber-crime especially child porno and online abuse.
-
Crimes relate to cyber world is multi-layered, multi-locational, multi-lingual, multi-cultural and multi-legal –> difficult to investigate and locate criminals.
-
India tops Facebook’s list for content restriction requests
-
Tallinn manual: The Tallinn Manual is an academic, non-binding study on how international law applies to cyber conflicts and cyber warfare. (Term ca be used in answers
Why sudden increase in cyber-crimes?
-
Due to drowing adoption of the Internet and smart-phones, India has emerged “as one of the favourite countries among cyber criminals.”
-
A new breed of cyber criminals has now emerged, whose main aim is not just financial gains but also causing disruption and chaos to businesses in particular and the nation at large.
Example of threats:
-
Threats in Aadhar as foreign companies are involved,
-
DBT and Jan Dhan like Bangladesh swindling of money point,
-
Digilocker threat like identity theft, etc.
-
Of the cyber security attacks, Ransom ware attacks have been the most common in the last few years
-
In India, in May 2017, a data breach at the food delivery App, Zomato, led to personal information of about 17 million users being stolen and put for sale on the Darknet. The company had to negotiate with the hacker in order to get it taken down. Similarly, hackers stole data from 57 million Uber riders and drivers. Uber paid the hackers $100,000 to keep the data breach a secret.
-
While Windows operating systems were the most vulnerable to cyberattacks, a number of Android threats have been reported in the last couple of years, including potent crypto-ransomware attacks on Android devices.
Various dimensions:
-
Legal aspect
-
Currently there is no dedicated cyber security law.
-
The IT Act which covers it does so incompletely, missing out key issues like privacy, breach disclosure norms etc.
-
A new law covering these issues is separately required
-
This should mandate the cyber-security breach disclosures by corporates, as in the US and EU
-
-
Cyber Strategy
-
India doesn’t have a “cyber strategy” in place like the nuclear doctrine. It should take a leaf out of developed countries like the US which sees the violation of air, water, land, space and even cyber space as a war on its sovereignty
-
-
Institutional aspect
-
India should first secure its “Critical Information Infrastructure” (including banking and power), quite like Estonia did after a cyber-attack in 2007. India’s National Critical Information Infrastructure Protection Centre is working in this regard
-
-
PPP
-
The government must work in tandem with the industry to combat any cyber-attack. This cooperation can be provided legal backing. US’s Cyber Security Information Sharing Act aims to help US companies to work with the US government to combat hackers
-
-
Cyber army
-
Recruitment guidelines need to be brought out to hire and train a cadre of cyber specialists.
-
-
R&D
-
Budgetary spending on R&D in cyber security should be increased and specialised courses on cyber security can be introduced
-
A recent study has indicated a dramatic rise in attacks by cyber criminals on Indian entities in recent years. Critically examine how these crimes should be tackled by concerned agencies and government. (200 Words)
In the past few years Indian economy has been going digital at a fast rate – ecommerce has exploded; leading to growing online transactions. Government of India & various states have launched many e-governance initiatives to improve governance. Rising mobile penetration particularly internet enabled smart phone users. On a flip side this has led to a spurt in cybercrimes targeting Indian entities & naive first internet users; To tackle this menace all concerned agencies including government should come up with a suitable strategy
Steps that can be taken:
-
Individuals: should be educated to create backups & also understand the need for it. They must be educated not to reveal their sensitive personal information indiscreetly.
-
Businesses should enhance their cyber security spending. Study the best practices across globe and frame their cyber security measures accordingly. Organizations should designate a Chief Information Security Officer.
-
Conducting cyber security drills to assess the preparedness of the organisations. This should be increased further according to the present situations.
-
Govt. should set up nodal centers to tackle cyber threats – National Cyber Coordination Center & a computer emergency response team are a welcome step. NCCC – will screen online threats and coordinate with the intelligence agencies to handle issues related to the national security such as hacking and espionage. NeTRA ( Network Traffic Analysis System) and Centralized Monitoring System will go a long way in ensuring national security. They need to remain technologically updated always. Also, a balance must be struck between the need to surveillance for security and intrusion into private lives of citizens. This will also help winning citizens‘ cooperation in dealing with cyber threats.
-
Come up with innovative measures such as ethical hacking so as to find out the weakness in the existing architecture and then fix it.
-
Fishy emails and spam lure employees with attractive offers, then slowly steal data. NIC should create filters to block such emails, mandatory continuous training should be provided on safe practices.
-
Strengthen the legal framework. Give statutory status to national cyber security policy. Quick investigations and prosecutions should be done
-
Upgrading the critical IT infrastructure in nuclear facilities, Electricity grids, Oil storage and Weapons facilities
-
Raising a corps of trained professionals who specialize in dealing with and neutralizing threats in cyber-space. National cyber security policy aims to train 5 lakh people. Increase in training centers to facilitate advanced training in cybercrime investigations which is now undergoing at limited centers.
-
Taking steps to build our own servers instead of depending on external servers by engaging IT organizations which could decrease the cases of snooping.
Related Questions:
-
Use of internet and social media by non-state actors for subversive activities is a major security concern. How have these been misused in the recent past? Suggest Effective guidelines to curb the above threat. (UPSC Mains 2016)