Challenges posed by Cyber Threats to Internal Security of India

[GS Paper 3 – Internal Security, Cyber Space and Security]

Context – With the advancement in the 21st century, cyber threat is becoming a daily menace. Military establishments are often the most targeted but still it cannot be said to be limited to only one domain. Cyber threats are becoming more prevalent in the civilian world at present.

What is Cyber Threat?

A Cyber Security Threat can be defined as a malicious act intended to steal or damage data or disrupt the digital wellbeing and stability of an enterprise. It includes a wide range of attacks ranging from data breaches, computer viruses, denial of service, and numerous other attack vectors.

How Cyber Threats are on the rise?

• Rise in Grey Zone Operations – New battlegrounds have risen in the world which are categorized away from the traditional concepts of conflicts, particularly with regards to cyber warfare. They are termed as the Grey Zone Operations. Such are already beginning to be employed to undermine the vitality of a state’s functioning which is likely to grow further in times to come. The confluence of advanced technologies and new hybrid usages, pose several challenges to nations and institutions.

• Attack on examination – In India, a recent arrest has been made of a Russian for hacking into computers involved in the conduct of examinations for the IITs. It is a reflection of how the cybercriminals are significantly amplifying their Grey Zone Warfare’ tactics.

• Pervasive nature of cyber threat – The most unfortunate issue is that not enough attention is being given to the all-encompassing nature of the cyber threat. Owing to the Russia-Ukraine conflict, the world seems awash with papers on artificial intelligence (AI)-driven military innovations and potential crisis hot zones, along with stray references to new forms of hybrid warfare.

• Weaponization of everything – There is no doubt over the serious challenges posed by the cyber security threats. Among all this, the new reality of the weaponization of everything’ is also being ignored which has entered the dictionary of threats. It clearly demands a ‘proto-revolutionary’ outlook on the part of policymakers, which is evidently lacking.

• Becoming a Multi-dimensional threat – The nature of today’s weapon of choice i.e. cyber is also lost in translation. At a time when countries clearly lack the necessary resilience to face a variety of multi-vector threats, the lack of awareness is also very unfortunate.

• Simultaneous attacks in multiple dimensions – As mentioned earlier, Cyber threats are not limited to mere a single set of conflicts such as Ukraine, where cyber tools are being extensively employed extending well beyond. Cyber security threat is in this sense all-pervading, embracing many regions and operating on different planes.

Challenges to India’s Cyber Security Infrastructure

• Structural Challenges:
  

1. Absence of any geopolitical constraints
2. Lack of uniformity in devices used over the world wide web.

• Administrative Challenges:

1. Lack of nation-wide architecture for cybersecurity.
2. There is no periodical security audit done in India. It also does not adhere to the international standards set for cyber security.
3. While the post of National Cyber Security Coordinator has been created at the centre since 204, the same is not yet created for the individual states.

• Procedural Challenges:
  

1. Lack of Awareness with the Local Police, who are largely unaware of the various provisions of the IT Act, 2000 or the IPSC related to cyber crime.
2. Absence of any concrete data protection regime.

Measures taken by India to Strengthen Cyber Security

• Section 66F, ITA – The Section includes specific provisions to deal with issues of cyber terrorism that covers unauthorized access, introduction of computer contaminants or virus, sensitive data thefts etc. The Act provides for punishment extending upto life imprisonment.
• National Cyber Security Policy, 2013 – It is the policy document drafted by the Department of Electronics and Information Technology. Under this policy, the National Critical Information Infrastructure Protection Centre (NCIIPC) has been established to improve the protection and resilience of the country’s critical infrastructure information.
• Computer Security through CERT-IN – It is an organization under the Ministry of Electronics and Information Technology which aims to secure Indian Cyberspace. Its main purpose is to respond to computer security incidents, report on the vulnerabilities and promote effective security practices throughout the country.
• Cyber Surakshit Bharat Initiative – This initiative was launched in 2018 with an aim to spread awareness about cybercrime and build capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
• National Cyber Coordination Centre (NCCC) – The organization seeks to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions of individual entities. It is headed by the National Cyber Security Coordinator (NCSC) and coordinates with various agencies at the National Level for cyber security matters.
  
• Information Security Education and Awareness Project (ISEA) – Under this project the training of personnel to raise awareness and also to provide research, education and training in the field of Information Security.

Conclusion

With the involvement of a widespread non-state actors in hybrid warfare and distortion of daily practices, the cyber security threats pose legal, ethical and real dilemmas. If left in ignorance, the global order may have to confront a new kind of Enemy, before the countries find a common path or denominator to regulate cyberspace and thereby fight the menace.

Download as PDF