THE CONTEXT: In an era when technological prowess is essential for national security, India must act swiftly to secure its digital future. The country’s rapid digital transformation, coupled with the increasing sophistication of cyber threats, necessitates a comprehensive and proactive approach to cybersecurity.
DIGITAL LANDSCAPE IN INDIA:
-
- As of March 2024, there were over 954.4 million internet subscribers, 556.05 million in urban areas and 398.35 million in rural areas.
- The digital economy supports critical sectors like healthcare, education, finance, and agriculture.
CYBERSECURITY READINESS:
-
- According to the 2024 Cisco Cybersecurity Readiness Index2, only 4% of Indian companies are fully prepared to counter cyber threats.
- Recent incidents, such as the 7.9 million customer records breach at Angel stockbroking firm, highlight vulnerabilities.
THE CHALLENGES:
-
- Rapid Digital Adoption: Digital adoption has outpaced cybersecurity measures, creating exploitable gaps. As of March 2024, the average monthly data consumption per user reached 20.27GB, up from just 0.27GB in 2014-153.
- Sophisticated Threats: Emerging technologies like AI enable more complex cyber-attacks, including deepfakes and disinformation campaigns. GenAI tools are making it easier to conduct complex cyber-attacks at scale, with a 135% increase in novel social engineering attacks observed in just one month5.
- State-Sponsored Attacks: Threats from state-sponsored entities targeting India’s economic and strategic assets have increased. A recent analysis shows a significant surge of 278 percent in state-sponsored cyber-attacks against India from 2021 to September 20237.
- Lack of Comprehensive Strategy: The absence of a national cybersecurity strategy limits effective threat response and assessment. The National Cybersecurity Strategy of 2020 is still under development and pending review6.
- Borderless Nature of Cyberspace: Complicates defense efforts as attacks can target both military and civilian assets globally.
RECENT CYBER ATTACKS IN INDIA:
-
- AIIMS Attack (2023): Hackers attacked AIIMS Delhi, causing server shutdowns and disrupting health services. Patient data was potentially compromised.
- Telangana and Andhra Pradesh Power Utility Systems Attack: A ransomware attack took down all servers of power utility systems in these two southern states.
- UHBVN Ransomware Attack: Uttar Haryana Bijli Vitran Nigam, a power company in Haryana, was attacked by hackers who demanded a ransom of Rs.1 crore or $10 million.
- Indian Telecom Data Breach (Jan 2024): This massive data breach affected an estimated 750 million records and impacted 85% of the Indian population. The data was priced at $3000 on the dark web.
- Hyundai Motor India Critical Data Breach (Jan 2024): A bug in web links shared by Hyundai Motor India exposed customer information, including names, addresses, and vehicle details.
GOVERNMENT INITIATIVES:
INDIAN CYBER CRIME COORDINATION CENTRE (I4C) INITIATIVES
The I4C was established by the Ministry of Home Affairs in 2018 and became operational in 2020. It aims to provide a coordinated framework for law enforcement agencies to tackle cybercrime comprehensively. Recently, four new initiatives were launched to enhance India’s cyber defense capabilities:
-
- Cyber Fraud Mitigation Centre (CFMC): This initiative focuses on tackling online financial crimes through immediate action and seamless cooperation between various stakeholders, including banks, telecom providers, and law enforcement agencies. It is an example of “Cooperative Federalism” in combating cyber fraud.
- Cyber Commandos Program: This program aims to establish a special wing of trained “Cyber Commandos” in States/UTs and Central Police Organizations (CPOs). These commandos will be equipped to counter sophisticated cyber threats.
- Samanvay Platform: A web-based module designed as a one-stop portal for data repository, crime mapping, data analytics, and cooperation among law enforcement agencies across India. It facilitates joint investigations into cybercrimes.
- Cyber Suspect Registry: This registry is created based on National Cybercrime Reporting Portal (NCRP) data. It will be developed in collaboration with banks and financial intermediaries to strengthen fraud risk management capabilities within the economic ecosystem.
- Cyber Surakshit Bharat Initiative: Aims to raise awareness about cybercrimes and create safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
- Indian Cyber Crime Coordination Centre (I4C): Established to provide a framework and eco-system for law enforcement agencies to deal with cybercrimes comprehensively and in a coordinated manner.
- National Critical Information Infrastructure Protection Centre (NCIIPC): Set up to protect critical information infrastructure in India.
- Defence Cyber Agency (DCyA): A tri-service command of the Indian Armed Forces to address cyber threats.
- Digital Personal Data Protection Act, 2023: This act aligns with global data security standards to improve company transparency and accountability.
THE WAY FORWARD:
-
- Comprehensive National Strategy: Develop and implement a unified cybersecurity framework. Regulation of AI, harmonized cyber and data protection laws, and mandatory reporting of cyber risk management, strategy, and governance will be most important for future growth.
- Public-Private Partnerships: Foster government and private sector collaboration for robust cyber defense. The Cyber Security Association of India (NCSAI) is a multi-stakeholder consortium that brings together corporates, State and central governments, Academics, and other stakeholders to improve cybersecurity.
- Regulatory Standards: Establish unified standards to protect public and private sectors, tiny businesses. The Reserve Bank of India has mandated banks to create and present their cyber crisis management plans and implement corporate-approved information security policies.
- International Cooperation: Engage in global cybersecurity initiatives and information sharing. India’s collaboration with the United States in the Joint Indo-US Quantum Coordination Mechanism offers a unique opportunity to enhance its cybersecurity capabilities.
- Technological Innovation: Invest in cutting-edge cybersecurity technologies and research, particularly AI and quantum computing for cybersecurity applications.
- Establish a National Cyber Security Commission: This commission would develop and implement a comprehensive National Cyber Security Strategy, addressing immediate and long-term threats. It would coordinate with various government agencies, private sector entities, and international partners. Allocate resources and funding for cybersecurity initiatives. Monitor and evaluate the effectiveness of cybersecurity measures.
- Develop Cyber Workforce and Education: Introduce cybersecurity curricula at school and university levels. Establish specialized cybersecurity institutions and research centers. Provide incentives for cybersecurity certifications and skill development. Create a national cybersecurity internship program. Israel’s successful cybersecurity ecosystem is built on its education system, which introduces cybersecurity concepts as early as high school and offers specialized university programs.
THE CONCLUSION:
India’s meteoric rise as a digital powerhouse is a testament to the convergence of affordability, technology, and aspiration. With affordable handsets empowering millions and 5G revolutionizing connectivity, India is at the cusp of a new era. By addressing the challenges and leveraging the opportunities in cybersecurity, India can secure its position as a global leader in the digital age.
UPSC PAST YEAR QUESTION:
Q. Describe the context and salient features of the Digital Personal Data Protection Act, 2023. 2024
MAINS PRACTICE QUESTION:
Q. Discuss India’s challenges in securing its digital infrastructure against evolving cyber threats. How can public-private partnerships and international cooperation enhance India’s cybersecurity posture?
SOURCE:
Spread the Word