For registration call @ 9958826967

Cyber Security (2 March 2021)

Cyber Security (2 March 2021)

Context:

Chinese state-sponsored Red Echo group targeted India’s power infrastructure.

Background:

  • Amid the Indo-China conflict along the Line of Actual Control (LAC) in 2020, China-based ‘Red Echo’ group had targeted at least 10 assets of India’s critical power sector as well as two ports.

Summary of the Debate

About the attack:

  • On 28 February 2021, ‘Recorded Future’ a Massachusetts-based cyber security firm released a report titled,diagram: Suspected Indian power sector victims of RedEcho targeted intrusions. Image source: Recorded Future, Map data ©2021 Google 'China-linked Group ‘Red Echo’ targets the Indian Power Sector Amid Heightened Border Tensions' that points to the inflow of Chinese malware into India's critical infrastructure systems that manage electricity supply.

  • Mumbai practically came to a standstill around 10 am on 12 October last year by the blackout. A grid failure resulted in a major power outage, affecting electricity supply, local trains etc.

  • It took hours for the power supply to be gradually restored in a phase-wise manner.

  • The targeted units are spread across India including Delhi, Maharashtra, TN, Karnataka, West Bengal and Assam. 

  • All the targeted entities have been classified as critical infrastructure by the National Critical Information Infrastructure Protection Centre (NCIIPC), which oversees India’ cybersecurity operations in critical sectors.

Importance of concept of cyber security:

  • Cyber security refers to preventing any form of unauthorized and malafide access to any of the electronic digital device.

  • Cyber security breaches in the world specifically in India are constantly on the rise.

  • With the development of smart cities and rolling out 5G network in India, cyber threats will continue to target the country.

  • There is big vacuum in the Indian companies in making cyber security products.

  • As India move towards an increasingly digitised landscape, cyber-crimes are only bound to increase.

  • There is surge in cyber-attacks mainly due to the digital shift that has occurred due to the conditions of the pandemic.

  • Women are becoming major victims of cyber-crimes.

Challenges India facing today in Cybersecurity:

  • India has been one of the biggest targets of cyber-attacks from across the border.

  • In last few years, there have been attempts to target defence account, government account, Ministry website, etc.

  • National Crime Records Bureau (NCRB) stated that India recorded 9,622, 11,592 and 12,317 cases of cybercrime in 2014, 2015 and 2016 respectively.

  • In the first half of 2017, India witnessed more than 27,000 cybersecurity threat incidents.

  • India suffered loss of 1.25 trillion in 2019 due to cyber-crimes.

  • A study says that in year 2020, India was one of the Asian countries which saw highest number of cyber-attacks.

  • Recently, US-based cybersecurity company Recorded Future said that India is likely to see a rise in attacks throughout 2021 on its infrastructure and organisations by Chinese state-sponsored threat actor groups like Red Echo.

Steps taken by Indian Government to deal with cyber-crimes:

  • Indian Cyber Crime Coordination Centre (I4C): Set up under cyber and information security division of Ministry of Home Affairs, to handle issues related to cybercrime in the country in a comprehensive and coordinated manner.

  • Crisis Management Plan: For countering cyber-attacks and cyber terrorism.

  • National Critical Information Infrastructure Protection Centre (NCIIPC): Set up to identify the critical information and take steps for its protection.

  • Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): A part of the Indian Computer Emergency Response Team (CERT-In), to provide detection of malicious programmes and free tools to remove such programmes.

  • Cyber Surakshit Bharat: A initiative by MeitY, the first public-private partnership of its kind that is set to leverage the expertise of the IT industry in cybersecurity.

  • Ground Zero Summit (2015): The largest collaborative platform in Asia for Cybersecurity experts and researchers to address emerging cyber security challenges

  • Special Department: Government has created a special department which is taking care of cyber security of only critical infrastructure.

  • Personal Data Privacy (PDP) Bill: Government is coming with Personal Data Privacy (PDP) Bill to make corporate entities more responsible to ensure that data is protected.

Mechanism exist in India:

  • At the apex level, National Security Council (established in 1998 by former PM Atal Bihari Vajpayee) serves as a coordinating body for cybersecurity and internet governance.

  • Cyber security Arm within the Ministry of Electronics and IT which looks into the cyber threats.

  • There is extensive cyber security training programme.

  • There are so many cyber cell and cyber experts are working to make India cyber secure under Cyber Surakshit Bharat.

  • There are SOC (Security Operation Control) where all the government assets are monitored by 24/7.

  • India’s IT Act is quite robust in order to ensure that anyone indulging in any kind of cyber crime is punished in the way he should be.

What are the Do’s and Don’ts as far as end user is concerned?

  • Ensuring the privacy, especially with the applications whether it is social media application or chats or messaging apps because they all are sourcing lots of information from the phone. So, people should have the setting very private.

  • Even if you are sharing content, it should be to the limited audience. For example, if anyone using Facebook, his friend list should be private.

  • When people will realise that whenever they are using anything which is free whether it’s email or social media platform which is asking to share to the people then there is a risk that is attached. In doing that, people should understand what is the way, they can keep themselves safe.

  • People should keep personal information personal to them.

  • When people will understand the value of the privacy, they can themselves start thinking and putting those security guidelines.

 Way Forward:

  • We need every state government, every government institutions, every research institutions, every academic institutions have a necessary security policy built in, necessary infrastructure, necessary software built in, in order to secure from the cyber threats.

  • There is a need for coordination among national and international agencies working on cybersecurity.

  • We need a lot of investment to make banks more cyber secure.

  • As a growth of private sector goes up, they would also be subject to cyber-attacks. So, it is the responsibility of all the stakeholders to put in all the necessary measures.

  • Regular issue of alerts and advisories is the need of the hour.

  • Entire security chain ends up at the human level, we need to ensure that all the people have sufficient awareness.

Comment

Upload File