7 PM Editorial |India needs to review its 2013 Cyber Security Policy| 23rd June 2020

Good evening dear reader.

Here is our 7pm editorial Summary for today

About 7 pm Editorial Summary – This initiative provides an in-depth analysis of the important news editorial of the day. Students don’t need to look anywhere more for their daily news analysis. We take the most important editorial of the day and provide its comprehensive summary.

For 7pm Editorial Archives Click HERE →

India needs to review its 2013 Cyber Security Policy

Introduction

National Cyber Security Policy, 2013 was formulated to create a secure cyber ecosystem in the country, generate adequate trust & confidence in IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.

The incidents of cyber-attacks during COVID-19 Pandemic has increased manifold as the society embraces digital technologies. India is among the top 10 countries facing cyber-attacks. There have been almost three times increase in cases of phishing, spamming and scanning of ICT systems, particularly of critical information infrastructure. The role of hacker group called LAZARUS is well known in carrying out attacks on financial targets in India, Bangladesh and other South Asian countries.

In this light, the government had announced that a new Cyber Security Policy, 2020, will be brought out.

What is a Cyberspace?

Cyberspace is complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology (ICT) devices and networks.

Cyberspace is vulnerable to a wide variety of incidents, whether intentional or accidental, manmade or natural, and the data exchanged in the cyber space can be exploited for nefarious purposes by both nation-states and non-state actors.

Information Technology (IT) is one of the critical sectors that rides on and resides in cyberspace. It has emerged as one of the most significant growth catalysts for the Indian economy.

Objectives of National Cyber Security Policy, 2013

• Creation of Secure Cyber Ecosystem:To create a secure cyber ecosystem in the country, generate adequate trust & confidence in IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
• Compliance to Global Security Standards:To create an assurance framework for design of security policies and for promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (product, process, technology & people).
• Strengthening the Regulatory Framework:To strengthen the Regulatory framework for ensuring a Secure Cyberspace ecosystem.
• NCIIPC:To enhance the protection and resilience of Nation’s critical information infrastructure by operating a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) and mandating security practices related to the design, acquisition, development, use and operation of information resources.
• Indigenization of Technologies:To develop suitable indigenous security technologies through frontier technology research, solution oriented research, proof of concept, etc.
• Testing and Validation:To improve visibility of the integrity of ICT products and services by establishing infrastructure for testing & validation of security of such products.
• Human Capacity Development:To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, skill development and training.
• Safeguarding Privacy:To enable protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen’s data and for reducing economic losses due to cybercrime or data theft.
• Cybercrime:To enable effective prevention, investigation and prosecution of cybercrime and enhancement of law enforcement capabilities through appropriate legislative intervention.

What are Critical Information Infrastructures?

Critical Information Infrastructure (CII) is defined as those facilities, systems or functions whose incapacity or destruction would cause a debilitating impact on national security, governance, economy and social well-being of a nation.

Examples: Reserve Bank of India (RBI), Nuclear Power Plants, Indian Space Research organization (ISRO), Department of Atomic Energy, transport, electricity, etc.

National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under Sec 70A of the Information Technology Act, 2000 (amended 2008). It is designated as the National Nodal Agency in respect of Critical Information Infrastructure Protection.

Types of Cyber Hackers

There are varied kinds of cyber hackers such as — state, non-state, professional, freelancer’s groups, so-called “anonymous groups” that operate worldwide and conduct attacks internationally.

Approximately more than one third of all cyber-attacks worldwide are launched from China. They have one of the largest military groups of cyber experts in the world. Countries like North Korea and Pakistan are also very active on their own and work in close collaboration with the Chinese. These countries have been accused of perpetrating state-sponsored attacks for a variety of purposes.

Need to review the National Cyber Security Policy

1. Advent of revolutionary technologies:Technologies like artificial intelligence, machine earning, internet-enabled devices and big data have complicated the cyber-attack ecosystem.
2. Increasing incidences of cyber-attacks: There is significant increase in incidents relating to hacking, injecting malware through spam mails and other forms of exploiting vulnerabilities. There was an almost 56% rise in malicious traffic on internet during the lockdown period.
3. Social transformation and inclusive growth: In the light of the growth of IT sector in the country, ambitious plans for the rapid social transformation and inclusive growth and given India’s prominent role in the global IT sector, creation of a suitable cyber security eco-system in the country, in tune with globally networked environment is necessary.
4. Border disputes with neighbouring nations: The border stand-off has further increased worries about enhanced cyber-attacks from China and its close allies. Recently, Australia expressed concerns over Chinese cyber-attacks. The Chinese are in the process of developing technology to penetrate the internet through satellite channels.
5. Success of Digital India Programme: With increasing internet penetration and smart phones, the vulnerabilities associated with cyber-attacks increases and may dampen the progress of Digital India Programme. Example: In September 2016, Indian banks faced a similar massive data breach, when 3.2 million debit cards got compromised after fraudsters exploited a vulnerability at Hitachi Payment Systems.
6. Right to Privacy:Right to Privacy being a fundamental right (K.S Puttaswamy Case), puts the responsibility on the government to safeguard the privacy of an individual from various cyber-attacks.

Way Forward

• The National Cyber Coordination Centre urgently needs significant upgrade in all aspects, including technology and manpower.
• The role of the national cyber security coordinator may also need to be reviewed regarding his effectiveness in comprehensively coordinating cyber security issues. Maybe he needs to be empowered.
• There must be single-point of responsibility at the central level.
• Proper coordination is needed between the coordinator and respective regulators.

Heterogeneity of devices and software will increase with more built-in vulnerabilities. Tech and data, due to their very nature, will get more and more geopolitical attention. Therefore, it is better to be prepared now with respect to policy, legal framework, monitoring infra and technology to emerge as safe and a secure digital country.

Source: orfonline.org

Question:

1.What are Critical Information Infrastructures? In the light of emergence of various cyber-physical systems and cyber-attacks, discuss the need to review the National Cyber Security Policy, 2013. Also suggest measures to strengthen the policy? (15 Marks)