|
|
|
|
|
Cyber Security India woke up to the cyber threat after Snowden revelations, and documents related to its missile programme and thousands of top secret files were found downloaded by Chinese hackers. It has now evolved a National Cyber Security Policy which will enable security agencies to thwart such attacks. By Girja Shankar Kaura Cyberspace as an independent theatre of war is about attacks that compromise the capability of countries to use their facilities. And India has experienced it firsthand. Recent media reports have brought out the vulnerability of the Indian cyber security with Chinese hackers getting through to the computers of high-ranking officials both in the defence and the civilian sector, causing one of the biggest security breaches in the country.
Will India’s cyber policy plug the breach? |
|
|
|
|
Combating the new-age spies India woke up to the cyber threat after Snowden revelations, and documents related to its missile programme and thousands of top secret files were found downloaded by Chinese hackers. It has now evolved a National Cyber Security Policy which will enable security agencies to thwart such attacks. By Girja Shankar Kaura
Cyberspace
as an independent theatre of war is about attacks that compromise the capability of countries to use their facilities. And India has experienced it firsthand. Recent media reports have brought out the vulnerability of the Indian cyber security with Chinese hackers getting through to the computers of high-ranking officials both in the defence and the civilian sector, causing one of the biggest security breaches in the country. The cyber attack also underlined the need for a strong cyber security system as the hacking compromised systems of hundreds of key DRDO and other security officials. The breach also resulted in leakage of sensitive files related to the Cabinet Committee on Security (CCS), the highest decision-making body for security issues of the Government of India. The breach came to light in the first week of March when officials from the technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts, cracked open a file called “army cyber policy”. The file had been attached to a number of email accounts of senior DRDO officials which had been hacked, and it spread through the system in a matter of seconds, endangering Indian sovereignty. Security at risk Investigations by Indian security experts revealed that all sensitive files stolen from the infected systems were being uploaded on a server in the Guangdong province of China. On further and detailed probe of the breach, it was found that thousands of top secret CCS files and documents related to surface-to-air missile and radar programmes from DRDL (DRDO laboratory based in Hyderabad), among many other establishments, had been downloaded by Chinese hackers, who could have been working at the behest of Chinese security agencies. Even e-tickets of the scientists who had travelled to Delhi in the last week of February were found on the server. Although India lodged an official protest with China, the cyber attack underscored the need for Indian security agencies to strengthen the security connect with the Internet and an immediate response to curtail any such further incident. Stealth war Another recent disclosure that India is among the top five countries whose data has been compromised by the NSA surveillance system of the US indicates that just as the armed forces in physical form are used for waging wars, space in the cyber world is being increasingly used by a large number of countries against other nations to wage a quiet, undetected war. Experts point out that since cyberspace is the fifth common global space, it is imperative to be cautious and take precautions, well in time. There should be coordination, cooperation and uniformity of legal measures among all nations with respect to cyberspace as its extraordinary growth has led to misuse by cyber criminals. Earlier in the week, the government came out with a National Cyber Security Policy which would provide security agencies with the basic outline to curb, and fight back, such a menace being stealthily unleashed from the cyberspace. National Security Adviser (NSA) Shivshankar Menon had flagged off a set of recommendations for government-private sector collaboration on cyber security last October, which form the basis of the new architecture. The recommendations included joint training of almost five lakh cyber security professionals in five years. The training was to be undertaken by the government and the private sector. Out of pace Unlike China, India has lagged behind in implementing IPv6 (Internet protocol) which is not only more secure but also makes it easier to ‘hide’ certain important information through encryption, which is impossible under the current IPv4 used here. Experts say that China has been less affected by global surveillance by the US partly because it has already set up its own cyber structures, including social media. The defence of cyberspace involves the forging of effective partnerships between public organisations charged with ensuring the security of cyberspace and those who manage the use of this space by the end-users like government departments, banks, infrastructure, manufacturing and service enterprises and individual citizens. The defence has a special feature. While the national territory or space which is being defended by the land, sea and air forces is well defined, outer space and cyberspace are understandably different. They are inherently international even from the perspective of national interest. According to industry watchers, the development of the Internet and low-cost wireless communication is the contemporary equivalent of what airplanes were a hundred years ago. These technologies already play an important part in military operations in the traditional spheres of land, sea, air and the newer one of space. Over a period of time, cyberspace has become an independent theatre of war, posing a threat to vital information and infrastructure of a country. Covering tracks Another complicated feature of a cyber attack is that it is extremely easy for an attacker to cover his tracks and even mislead the target into believing that the attack has emanated from somewhere else and not the suspected source. This can prove counterproductive and lead to a meaningless chase. Also, while there is no agreed definition of cyber warfare, there is enough evidence that states may be attacking the information systems of other countries for espionage and for disrupting their critical infrastructure.
The worldwide web of crime, espionage & terror
Cyber security is a complex issue as it cuts across multiple domains and calls for multidimensional and multilayered initiatives, and responses. It is a challenge as it involves different domains and works through ministries and departments. On the basis of perpetrators and their motives, cyber threats can be distinguished into four categories: Espionage: There is enough evidence that states may be attacking information systems of other countries for espionage, and for disrupting their critical infrastructure. Warfare: In its latest official military doctrine, the US has declared cyberspace to be the fifth dimension of warfare after land, air, oceans and space. It has reserved the right to take all actions in response, including military strikes, to respond to cyber attacks against it. Other countries may follow suit, recognising cyberspace as one of the most important aspects of security. Deadly attacks The US Department of Defense (DoD) notes that cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those included are: 1970: One of the highest profiled banking computer crimes occurred during a course of three years, beginning 1970. The chief teller at the Park Avenue branch of New York’s Union Dime Savings Bank embezzled over $1.5 million from hundreds of accounts. 2007: Cyber attacks were allegedly made by Russian hackers on Estonia’s infrastructure. June 2012: LinkedIn and eHarmony were attacked, compromising 65 million passwords; 30,000 passwords were cracked; and 1.5 million passwords were posted online. December 2012: Wells Fargo website witnessed a denial of service attack, potentially compromising 70 million customers and 8.5 million active viewers. Other banks thought to be compromised were Bank of America, JP Morgan US Bank, and PNC Financial Services. January 2012: Zappos.com experienced a security breach after credit card numbers, personal information, billing and shipping addresses of 24 million customers were compromised. How it works Cyber attackers exploit the weaknesses in software and hardware designs through the use of malware.
New commands
IT Act: The Indian government has taken several measures to counter the use of cyberspace by terrorists, especially after the 2008 Mumbai attack. These include amendments to the IT Act with added emphasis on cyber-terrorism and crime. Cyber policy: The Information Technology (Guidelines for Cyber Café) Rules, 2011, under the umbrella of the IT Act, have been brought out. The latest National Cyber Security Policy will go a long way in securing the country.
|
|
Will India’s cyber policy plug the breach?
Minister for Communications and IT Kapil Sibal earlier this week released the National Cyber Security Policy, which underlines the need for protecting information such as personal information, financial and banking information and sovereign data. Sibal pointed out that the real challenge was in the operationalisation of this policy. He also stated that the government, through incentives and subsidies, would need to support small and medium enterprises (SMEs) for accessing the technology to make their systems safe. He also called on businesses to set aside finances for keeping themselves safe in cyberspace. The new architecture, which was cleared by the Cabinet last month, envisages an interconnected set of organisations in key departments like the NTRO, defence and home ministries. The CERT will remain the umbrella body to oversee cyber protection. A cyber security coordinator, to be named at the end of the month, will preside over the new inter-agency structure. Late, but right A key aspect of the policy is that the government will work with ISPs to oversee metadata of Indian users. Experts say that though late, the policy is in the right direction. The recent cyber attacks on Indian Government establishments had made unveiling of such a policy imperative. Experts say with 13,000 cyber attacks witnessed in India in 2011 and 10,000 email IDs of top government officials targeted on a single day in July 2012, it was critical to address cyber issues. Reports say over 1,000 government websites storing critical and sensitive data concerning national security had been hacked by cyber criminals in the last three years. Experts point out that to achieve the objectives of the policy it is important to note that the country also needs the expertise of trained security professionals. The policy, which has been prepared in consultation with all relevant stakeholders, user entities and the public, aims at facilitating the creation of secure computing environment and enabling adequate trust and confidence in electronic transactions, besides guiding actions of stakeholders for the protection of cyberspace. It outlines a road map to create a framework for a comprehensive, collaborative and collective response to deal with cyber security at all levels within the country. The policy also recognises the need for objectives and strategies that need to be adopted both at the national as well as international levels. Coming together The objectives and strategies outlined in the policy serve as a means to articulate concerns, understanding and priorities for action as well as directed efforts, and provide confidence and reasonable assurance to all stakeholders in the country (government, business, industry and general public) and global community about the safety, resiliency and security of cyberspace. It also aims to adopt a suitable posturing that can signal the nation’s resolve to make determined efforts to effectively monitor, deter and deal with cyber crime and attacks. The policy aims at building a secure and resilience cyber space; enabling goals aimed at reducing national vulnerability to cyber attacks; preventing cyber attacks and crimes; minimising response and recovery time; and effective cyber crime investigation and prosecution. It is focused at the level of government, public-private partnership arrangements; cyber security-related technology actions; protection of critical information infrastructure and national alerts and advice mechanism; awareness and capacity building; besides promoting information sharing and cooperation. Government officials say a number of initiatives can be pursued at the government level, sectoral levels as well as in the public-private partnership mode. It also facilitates monitoring key trends at the national level such as trends in cyber security compliance, cyber attacks, cyber crime and cyber infrastructure growth. — GSK
|
|
| HOME PAGE | |
Punjab | Haryana | Jammu & Kashmir |
Himachal Pradesh | Regional Briefs |
Nation | Opinions | | Business | Sports | World | Letters | Chandigarh | Ludhiana | Delhi | | Calendar | Weather | Archive | Subscribe | Suggestion | E-mail | |
The threats 
Terrorism: Cyberspace has emerged as a conduit for planning terrorist attacks, for recruitment of sympathisers, or as a new arena for attacks in pursuit of the terrorists’ political and social objectives. Terrorists are known to have used cyberspace for communication, command and control, propaganda, recruitment, training, and funding purposes. 
Crime: The increasing number of people using the Internet has proved to be a happy hunting ground for cyber criminals, with losses due to cyber crime being in billions of dollars worldwide. Not much has been reported from India, probably due to the lack of knowledge regarding the laws governing the space. 
India vigilant
Amendments: A number of amendments have been made to the existing Sections and new Sections have been added. 
Firewall-ed