DT
PT
Subscribe To Print Edition About The Tribune Code Of Ethics Download App Advertise with us Classifieds
search-icon-img
search-icon-img
Advertisement

Cyber crime net widens

Phishing, spoofing, network scanning, data breaches, disruption of services, virus infection, code manipulation, website hacking — cyberspace is a fast growing area for crime, transcending boundaries and assuming a global proportion. India figures among the top five countries to be affected by cyber crime. And though Central and state agencies are constantly at work, the vulnerabilities are more pronounced, the threat more real
  • fb
  • twitter
  • whatsapp
  • whatsapp
Advertisement

Vijay Mohan in Chandigarh

The arrest of two persons by Delhi Police’s Special Cell for allegedly attempting to dupe Haryana Power Minister Ranjit Singh Chautala by spoofing the office and residential landline number of Union Home Minister Amit Shah has brought into focus the increasing instances of cyber-related crime in the country.

The calls received demanding hefty amounts for party funds were made through an app, Crazy Call, which is banned in India. There have been numerous instances when individuals as well as organisations have been targeted using spoofed telephone or mobile numbers and email addresses or fake websites.

Advertisement

The Indian Computer Emergency Response Team (CERT-In), set up by the Central government in 2004 as a national agency for incident response, has reported around 8.5 lakh cyber security incidents such as phishing, spoofing, network scanning and probing, data breaches, disruption of services, virus infection, code manipulation and website hacking from 2004 till October 2019.


Read also: 

Advertisement


Cyberspace is a fast growing area for crime, transcending national boundaries and assuming a global proportion. A computer or a mobile telephone with access to the Internet that offers a wide array of tools, some of which may be illegal to use, and a bit of technical expertise is what it takes to perpetuate a crime in relative obscurity and from remote areas.

Experts have defined cyberspace as a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

As people become more and more socially and economically dependent on Internet-connected computers and e-governance — where a lot of government business and public services are transacted online, including e-banking, e-payments, e-commerce, etc — grows, especially in India, prospective targets for cyber crime assume a mammoth scale. The numbers say it all.

With a projected 730 million in 2020, India ranks third in the number of Internet users after the USA and China, clocking a compound annual growth rate of 44 per cent over the past few years. It also figures among the top five countries to be affected by cyber crime.

As per the information reported to and tracked by CERT-In, the number of cyber security incidents in India was 50,362 in 2016, 53,117 in 2017 and 2,08,456 in 2018. The figure had already touched 3,13,649 by October 2019. According to the logs analysed, the Internet Protocol (IP) addresses of the computers from where the attacks appear to have originated belong to various countries, including India, Algeria, Brazil, China, France, the Netherlands, North Korea, Pakistan, Russia, Serbia, South Korea, Taiwan, Thailand, Tunisia, the USA and Vietnam. Cyberspace knows no borders, physical or virtual.

Scary figures

In December last year, the Ministry of Electronics and Information Technology informed Parliament that the number of cyber-related crimes cases registered in the country went up by 77 per cent in two years. National Crime Records Bureau (NCRB) data reveals that 12,317 cyber crime cases were registered under provisions of the Information Technology Act, 2000 and related sections of the Indian Penal Code as well as other special and local laws in 2016, which spiked to 21,796 in 2017. In 2015, 11,592 cases were registered.

The NCRB data also shows that Uttar Pradesh, Maharashtra and Karnataka were the top three states, respectively, in registering cyber crimes. The regional states of Punjab, Haryana and Himachal Pradesh were lower in the pecking order.

Cyber crime comes under the purview of ‘police’ and ‘law and order’, which is a state subject and as such the states and Union Territories are primarily responsible for prevention, detection, investigation and prosecution through their law enforcement machinery.

Cyberspace, experts say, has inherent vulnerabilities that simply cannot be done away with. There are countless entry points into the Internet, and technology makes it relatively easy to misdirect attribution to other parties. Nation-states, non-state operators like terrorist organisations and criminal gangs as well as individuals are all capable of waging attacks at various levels, targeting government networks, corporate entities, financial systems or solitary persons.

The motives of such attacks could vary from commercial or monetary gain by criminal elements, penetrating national infrastructure and critical assets as part of a power play or subversion, espionage and cyber hacktivism where websites and servers are hacked and messages are communicated virally to further political agendas or campaigns.

While information and communications technology has enabled people to communicate and work with each other electronically over great distances in real time, the attack technology is outpacing defence technology and hence, cyber threats are of great concern globally. Human resources and funds are critical to cyber security.

Tackling cyber crime

In India, cyber security is primarily the domain of the government and the National Cyber Security Policy was promulgated in 2013 as a doctrinal approach to build a secure and resilient cyberspace for citizens, businesses and government.

Several measures such as formulating new policies, setting up security centres, increased surveillance and monitoring, issuing advisories and devising standard operating procedures have been initiated to protect information and information infrastructure, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimise damage from cyber incidents, but there are shortcomings such as financial constraints, an acute shortage of resource persons and domain experts and inadequate research in academia.

Budget analysis reveals that funding in this field has been noticeably declining over the past four fiscals. Official data shows that the budgetary estimate (BE) of Rs70 crore for CERT-in in 2016-17 was reduced to Rs53.61 crore in the revised estimate (RE) and the actual spending was Rs41.27 crore.

In 2017-18, the BE and RE were Rs40.28 crore and Rs26.48 crore, with the actual spending being Rs22.92 crore. The respective figures in 2018-19 were Rs40 crore, Rs31.83 crore and Rs29.89 crore. For the 2019-20 fiscal, the BE and RE are Rs49.75 crore and Rs42 crore. While there were no budgetary provisions for special cyber security projects in 2016-17, the BE of Rs100 crore in 2017-18 was brought down to Rs60 crore in the RE, out of which Rs55.69 crore could be utilised. The year 2018-19 was a bit better with the BE of Rs110 crore remaining unchanged in the RE and finally Rs107.48 crore being spent. The BE of Rs586.05 crore for 2019-2020 has been drastically curtailed to Rs120 crore in the RE.

As part of the special cyber security projects, the Union government is setting up the National Cyber Coordination Centre (NCCC) to generate near real-time macroscopic views of the cyber security threats. The centre will scan the cyberspace at meta data level and generate real-time situational awareness. Being implemented by CERT-in, it will be a multi-stakeholder body and provide a structured system and facilitate coordination among different agencies.

While phase-I has been operationalised, the second phase is scheduled to be functional this year for analysis of meta data from 15 remote sites.

Another area where the government has been found wanting is telecom network security. A proposal to establish a Telecommunication Security Testing Laboratory for security testing of various network elements was approved in 2015, but there were no bidders for repeated tenders.

In its latest report tabled in the Lok Sabha, the Standing Committee on IT stated that the lab has assumed significance as the Centre has mandated that it will be compulsory for the telecom equipment to be tested and certified prior to import, use or sale into the country. “More so, as admitted by the Secretary, DoT, security equipment testing in India is not of world standard,” the report added.

Sectors that can be targeted

  • Banking and Finance
  • Communication
  • Defence Industrial Base
  • Government Facilities
  • Energy
  • Food and Agriculture
  • Information Technology
  • Commercial Facilities
  • Transportation Systems
  • Emergency Services
  • Public Healthcare
  • Manufacturing

Checklist for Cyber Security

  1. Setting up network securitytesting and access control
  2. Installing protection
  3. Monitoring and analysing user logs
  4. Establishing incident management and disaster recovery capability
  5. User education and awareness
  6. Formulating policy for home and mobile working
  7. Secure configuration of systems
  8. Control on use of removable media
  9. Establish account management processes and user privileges
  10. Establishing information risk management regime

Securing cyberspace Hierarchy in India

PM Office/Cabinet Secretariat

  • National Security Council
  • National Technical Research Organisation
  • National Critical Information Infrastructure

Protection Centre

  • Joint Intelligence Committee
  • National Crisis Management Committee
  • Research and Analysis Wing
  • Multi-Agency Centre
  • National Information Board

Ministry of Home Affairs

  • National Cyber Coordination Centre
  • Directorate of Forensic Science
  • National Disaster Managenment Authority
  • Central Forensic Science Laboratories
  • Intelligence Bureau

Ministry of External Affairs

  • Ministers and Ambassadors
  • Defence Attaches
  • Joint Secretary (IT)

Ministry of Defence

  • Tri-Service Cyber Command
  • Army/Navy/Air Force Intelligence
  • Defence Information Assurance & Research Agency
  • Defence Research and Development Authority

Ministry of Communications and IT

  • Department of Information Technology
  • Department of Telecom
  • Indian Computer Emergency Response Team
  • Educational Research Network
  • National Informatics Centre
  • Centre for Development of Advanced Computing
  • Standardisation Testing and Quality Certification

Non-Governmental Organisations

  • Cyber Security and Anti-Hacking Organisation
  • Cyber Society of India
  • Centre of Excellence for Cyber Security Research and Development in India
  • National Cyber Security of India

Source: NITI Aayog

Advertisement
Advertisement
Advertisement
Advertisement
tlbr_img1 Home tlbr_img2 Opinion tlbr_img3 Classifieds tlbr_img4 Videos tlbr_img5 E-Paper