Source-This post on Time for digital “nakabandi” has been created based on the article “ Nakabandi safeguard needed for Digital India” published in “The Hindustan Times” on 23 March 2024.
UPSC Syllabus-GS Paper-3-, Role of Media and Social Networking Sites in Internal Security Challenges, Basics of Cyber Security; Money-Laundering and its prevention.
Context– CERT-In, along with CSIRT-Fin, has recently issued a whitepaper on Application Programming Inter- face (API) security. This should give a boost to digital nakabandi. It is the tactical term for access control and area domination by law enforcement authorities. This is particularly important in the backdrop of rising guerilla tactics employed by hackers and cyber-prowlers
What is an API?
APIs are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols. For example, the weather bureau’s software system contains daily weather data. The weather app on your phone “talks” to this system via APIs and shows you daily weather updates on your phone.
What is the significance Of API for digital economy?
India is pacing towards a largely digital economy in which API is the mainstay of the sharing mechanism. It facilitates seamless data exchange between applications. It empowers banks to enhance customer experience and create revenue streams.
Read more- Cyber attacks and Cyber Security in India
What are the steps taken by the government to promote data sharing?
1) The government’s e-governance initiatives like the Open Government Data (OGD) platform have over 5 lakh resources, 12,000 catalogues and over 1 lakh APIs.
2) The government has launched a Policy on Open Application Programming Interfaces that sets out the government’s approach to the use of Open APIs to promote software interoperability for all e-governance applications.
3) The National Data and Analytics Platform (or NDAP) is NITI Aayog’s flagship initiative that hosts datasets from across India’s vast statistical infrastructure.
What are the issues with data sharing in India?
1) There is no model data-sharing toolkit that could help chief data officers to manage risk associated with the sharing and release of data sets. Consequently, many data cells are reluctant to share data sets.
2) The source code is not hidden from partners while linking various systems.
What are some norms for API security?
There is use of token-based authentication to securely manage access tokens, securely managing and storing API keys.
There are security assessments, and regular updating of response plans to address and mitigate the impact of potential API attacks.
What are the issues with traditional norms for API security?
1) A person can access an API any number of times from one IP or ID. Therefore, many data breaches use this route of data aggregation through excessive exposure and then misusing it.
2) There is no search limit for sensitive or resource-intensive data
3)There is no restriction on the number of requests from a single user or IP address to prevent attacks.
What should be the way forward?
1) Digital nakabandi– The digital nakabandi must include implementing rate-limiting to distribute the allowed number of search requests evenly over time and tying request limits to user authentication.In the case of sensitive or resource-intensive data, there is a need to set lower request limits.
2) Leveraging Artificial Intelligence- Organizations should leverage machine learning to analyze unique user behaviors. Analyzing the typical search behavior of one’s users, with AI-based models, is very important.
Question for practice
Highlight the problems with existing API security norms. How can digital nakabandi address this?
Discover more from Free UPSC IAS Preparation Syllabus and Materials For Aspirants
Subscribe to get the latest posts sent to your email.