Why is Cyber Security crucial?

This topic is a part of General Studies Paper-III.

Information Technology (IT) is one of the critical sectors in India to have catapulted the country’s economy. It has played a significant role in transforming India’s image to that of a global player. Successive governments have been playing an active role in the adoption of IT-based products and IT enabled services in government services such as Public services, Healthcare, Education and Financial services.

This sector is vulnerable to *cybercrimes as huge amounts of sensitive data is exchanged in the cyberspace, on a day to day basis, which can be exploited for dangerous purposes by nations- state and non-state entities. Such cyber threats come from different sources like ,*hackers who take advantage of the known vulnerabilities for fun or to make a political statement, then there are those hackers who are motivated by economic gain, and then again there are foreign armed forces or intelligence agencies or non-state entities targeting business to achieve competitive advantage or government for intelligence gathering.

These attackers can broadly be placed into three groups. First, there is Tier one and Tier two attackers who exploit the known vulnerabilities. Second, Tier three and Tier four attackers who have a higher level of expertise and therefore can discover new vulnerabilities in the system. Third, Tier five and Tier six attackers who have sufficient funds and time to create new vulnerabilities using the full spectrum in systems.

A cyber attack by an attacker may take any form such as introducing a computer* virus or *worms or any malicious software code to exploit a system; the other ways in which people, businesses and government fall prey to cyber crimes are identity theft, *phishing, social engineering, hactivism, cyber terrorism, threats targeting mobile devices and smart phone, compromised digital certificates, denial of service, bot nets etc.

A total number of 22,060, 71,780,and 1,30,338 cyber security incidents, including phishing, spam, malicious code and website intrusion, were reported to Indian Computer Emergency Response Team (CERT-In) during the years 2012, 2013 and 2014. A total of 27,605 and 28,481 and 32,323 websites were hacked during the year 2012, 2013 and 2014 respectively.

Thus a cyber war by attackers is not merely a narrative. There are notable incidents that substantiate it. Some of the most recent cyber attacks around the world are, the *Distributed Denial of Service (DDoS) attack which took place in Estonia in 2007 and in Burma (Myanmar) in 2010. An attack on the web services of US Homeland Security In May 2009 and the taking over of over 1300 Computers at various embassies around the World by Ghostnet in 2009. These attacks indicate a growth in cyber-attacks.

So protection of information infrastructure and preservation of the confidentiality, integrity and availability of information in cyberspace is the heart of a secure cyber space. A rapid identification, information exchange, investigation and coordinated response and remediation can mitigate the damage caused by malicious cyberspace activity. India has taken steps in establishing institutions to deal with cyber security issues.

It released the National Cyber Policy in 2013.CERT-IN was established to provide assistance to victims when the attack takes place. India has also created the National Critical Infrastructure Protection Centre under National Technical Research Organisation (NTRO) for the protection of its vital information centres and the armed forces and intelligence agencies have their own units to meet their operational requirements.

Inspite of the above, there are problems in securing the cyberspace. The National Cyber Policy is overly dogmatic and is not geared to adapt to the evolving nature of threats. It means that India needs to acknowledge that the vulnerabilities do not merely arise from inadequacies in technology but also from inadequacies in governance, processes and management.

While the Policy states that our mission is to build a secure and resilient cyber space for citizens, business and Government and to protect information and information infrastructure, build capabilities to prevent and respond to cyber threats, it has not specified how to achieve these objectives.

Therefore, in view of all the above it is obvious that cyber security threats are assuming dangerous dimensions, India has to evolve a national cyber strategy for defending its system by utilising optimally all its assets. To deal with the growing cyber threats we require an overarching national cyber strategy. This requires both defensive and offensive capabilities as also the ability to detect the attackers.

• Cybercrime is a range of illegal digital activities targeted at organisations in order to cause harm. It can range from mere web site defacements to grave activities such as service disruptions that impact business revenues to e-banking frauds.
• A Hacker is a person who uses computers to gain unauthorized access to data.
• Hacking is to gain unauthorized access to data in a system or computer.
• A virus is a piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.
• A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention.
• A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
• Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.