Indigenous development of cyber technologies, products is important for cyber security: Dr (Prof) Nisha Kant Ojha
Cybercrime is a growing concern to countries all over the world. 154 countries (79 per cent) have enacted cybercrime legislation.
Countries do not have a consensus on the definition of Cyber terrorism like terrorism. However, Cyber terrorism may be defined as use of cyberspace including social media by state sponsored Terrorists and criminal groups for planning and executing their cyber and terror attacks against the national security interests of adversaries.
According to Dr (Prof) Nisha Kant Ojha, Eminent Expert – Cyber & Counter Terrorism (West Asia & Middle East), “Today, India has the world’s second largest numbers of internet users after China. Aadhar is the world’s largest biometric database of more than a billion Indians. India’s digital economy is growing with emphasis on digital payments/ online financial transactions.”
“The emergence of cloud and mobile technology has further complicated the cyber threat landscape,” he says.
Dr (Prof) Nisha Kant Ojha, shares his views on various aspects of cyber terrorism with Huma Siddiqui.
Following are excerpts
Is India prepared to handle cyber terrorism?
Recently in June 2021, India’s Foreign Secretary Harsh Shringla raised concerns about cross-border state-sponsored cyber-attacks during the United Nations Security Council (UNSC) Open Debate on “Maintenance of International Peace and Security: Cyber Security” and without naming Pakistan or China, hit out at neighbours that have increasingly posed threats to India in the cyber sphere.
India’s Foreign Secretary pointed out that Terrorists have also used social media for planning and executing their terror attacks and wreaking havoc. As a victim of terrorism, India has always underlined the need for Member States to address and tackle the implications of terrorist exploitation of the cyber domain more strategically,
The increased internet penetration has also led to more sophisticated cyber threats. The unique features of cyberspace of anonymity and inter-connectivity are being exploited by criminals and terrorists to carry out identity theft and financial fraud, conduct espionage, disrupt critical infrastructures, facilitate terrorist activities, and steal information and plant malicious software (malware) and Trojans which can be exploited in different ways.
Crisis Management Plan has been formulated for countering cyber attacks and cyber terrorism.
Cyber security mock drills and exercises are regularly undertaken to strengthen cyber security posture and preparedness of organizations in Government and critical sectors.
India Indian Cyber Crime Coordination Centre (IC4) under the Ministry of Home Affairs (MHA) has been set up to deal with cyber-crime and cyber terrorism.
Also, setting up the NCCC is one of the principal steps in to handle the cyber threats and cyber terrorism. All CERTs and ISACs would then be linked with NCCC for quick and seamless flow of information on cyber threats across the board for all stakeholders.
Further, in order to minimize the vulnerability to cyber attack on internet traffic, efforts will be made to ensure that traffic originating and terminating within India are routed within the geographical borders of India. The modalities will be worked in consultation with the concerned Government departments, the Internet Service Providers (ISPs) and NIXI.
Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for providing detection of malicious programmes and free tools to remove such programmes.
However, an important aspect of cyber security is indigenous development of cyber technologies and products.Dependence on imported equipment and components in sensitive sectors is not helpful as the imported products are always suspect from the security point of view. It is important to develop home grown solutions and create an ecosystem.
R&D activities should focus on carrying out research, design and development of innovative solutions to real-life problems in the area of security, digital forensic, high-speed networking, encryption, standards and auditing.
What kind of Cybercrimes take place globally & especially in India?
Cyber Criminals commit different types of crime, ranging from the theft of personal information, the transfer of financial assets to the seizing of computer systems for ransom. Cybercrime increases drastically every year, as attackers improve in efficiency and sophistication.
Cyber crime targeting Critical Information Infrastructures (CIIs) also has a detrimental impact on national security.
Cybercrime is a growing concern to countries all over the world. 154 countries (79 per cent) have enacted cybercrime legislation. Europe has the highest adoption rate (93 per cent) and Asia and the Pacific the lowest (55 per cent).
Cyber attacks on Indian cyberspace have increased significantly in the recent past. Massive probing and targeted attacks on IT assets are being witnessed.
In the year 2020, CERT-In handled 1158208 incidents. The type of incidents handled were Website Intrusion & Malware Propagation, Malicious Code, Phishing, Distributed Denial of Service attacks, Website Defacements, Unauthorized Network Scanning/Probing activities, Ransomware attacks, Data Breach and Vulnerable Services.
The Indian cyberspace is also being used to host Command & Control Servers in the data centers. A serious attempt has been noticed to attack telecom infrastructure particularly, the routers and DNS.
How do you compare India’s preparedness to deal with such crimes vis a vis China?
Indian Govt has taken a number of steps to ensure a safe and secure Indian cyberspace and strengthen the cyber resilience of the critical information infrastructures (CIIs). Major cyber security initiatives includes the 2013 National Cyber Security Policy, InformationTechnology Act 2000, setting up of CERT-In and NCIIPC as nodal cyber agencies under IT Act, Draft Personal Data Protection Bill , measures to strengthen privacy and data protection, promotion of cyber security R&D, capacity building and skill development, promotion of public-private partnership in cyber security.
The framework for enhancing cyber security, 2013, underlines the multi-layered approach to secure ICT infrastructure. Protection of Critical Information Infrastructures (CIIs) is an important element of the Framework for Enhancing Cyber Security. It also delineates the role and responsibility of various stakeholder Ministries/ Departments with respect to cyber security.
National Cyber Security Coordinator has been entrusted to coordinate and synergise the cyber security efforts of stakeholder Ministries/ Departments. Cyber agencies included CERT-In and NCIIPC under the IT Act. In addition, stakeholder Ministries/ Departments are taking cyber security measures in their respective domain.
National Digital Communications Policy 2018 (NDCP) follows a three-pronged approach of “Connect-Propel-Secure India”, in line with “Digital India” initiative. This is aimed to establish a ubiquitous, resilient and affordable digital communications infrastructure and services. It covers areas such as Internet of Things, M2M, Cloud Computing, artificial intelligence, and cyber security.
Also, the government has taken steps to spread awareness about cyber crimes, issue of advisories, capacity building and training of law enforcement, improving cyber forensics facilities etc. to prevent such crimes and to speed up investigation.
However, the existing combined strength of cyber security experts in the country is grossly inadequate to handle cyber security activities in a meaningful and effective manner. Thus, capacity building including technical and human resource development are prerequisites to deal with growing cyber threats and cyber terrorism vis a vis China.
India has capability Asymmetry vis a vis China in terms of indigenization in hardware as well as software cybersecurity tools. This makes India’s cyberspace vulnerable to cyberattacks motivated by state and non-state actors.
Pegasus and it being used in India?
In September 2021, the government submitted in the Supreme Court that it cannot make public whether its agencies used Israeli spyware Pegasus for surveillance of Indian citizens since such disclosure will be against national interest.Since the same is subjective in the court of Law, it will not be appropriate to put any remark.
However, given the importance of Information Warfare we should believe that it’s all a game of Information, the more the country has the information the more he is in all ways whether Economic ,Political ,Military or anything. And we should believe that the National Security of the country is the most important task &prime job responsibilities of all and each citizen of India who is living in this soil then followed by anything .Spyware Malware are easily managed in the sites of Malaware.com and others, also similar type of spyware can be easily procured & managed in Dark & Deep Web like Pegasus … So it will not be right to put any blame on the Government or the Agencies for the same. But lastly to state there is no direct evidence found or available as of my knowledge which states that the Indian Securities Agencies’ had used such kind of Malware for any such illegitimate purpose. So any allegation is baseless and will not stand anywhere.
Are the Indian Armed Forces and Paramilitary Forces prepared to deal with cyber attacks? How does AI & C4i help in dealing with the growing rates as the technology evolves on a daily basis?
Over the last decade, we have seen ever increasing use of ICT to achieve a set of discrete military and political purposes. Cyber technologies are evolving continuously, from the Internet of Things (IoT) to 5G to artificial intelligence to quantum computing, and each advance is accompanied not only by new opportunities, but new challenges.
Cyberspace has also emerged as the fifth domain for military operations along with air, sea, land and space. Cyber warfare capabilities will become an integral part of the overall military capability. All this makes cyber security an issue of critical importance with profound implications for our economic development and national security.
The Ministry of Defence has recently upgraded the Defence Information Assurance and Research Agency (DIARA) to establish the Defence Cyber Agency, a tri-service cyber agency to coordinate joint cyber operations.
How can India help countries in West Asia as well as in Africa in dealing with such crimes?
Commenting on Africa’s increasing cyber-victimization, Hamadoun Toure, an ex-secretary-general of the ITU stated that “At the moment, cybercriminals see Africa as a safe haven to operate illegally with impunity”.Cyberattacks originated from African economies have a worldwide effect.
Cybersecurity is considered to be a luxury, not a necessity in many African countries.Many of the African countries have legislation, law enforcement and face severe shortage of cybersecurity manpower.
Increasing cyberattacks in West Asia as well as in Africa can be attributed to vulnerable systems and lax cybersecurity practices. But it cannot be ruled out that countries like Iran, Saudi Arabia , Israel and Jordan had developed their strength in the Next Generation Cyber War.
The first India Africa Defence Ministers Conclave (IADMC) was held in Lucknow, Uttar Pradesh in conjunction with DefExpo on February 6, 2020. India proposes to institutionalise the India Africa Defence Dialogue and to explore cooperation in the area of cyber security and counter terrorism.
Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.