Draft Cybersecurity Strategy


    In News

    • The National Security Council Secretariat (NSCS) has formulated a draft National Cyber Security Strategy which looks at addressing the issue of security of national cyberspace. 
      • The timeline for its implementation and other details are not yet mentioned.

    About National Cyber Security Strategy

    • Headed by: Lt General Rajesh Pant.
    • Aim: It proposes a separate legislative framework for cyberspace and the creation of an apex body to address threats, responses and complaints.
      • The policy will focus on both threat assessment and response
    • Need: The existing legal and regulatory frameworks do not address the evolving threat scenarios or processes to combat the cyber incidents.
      • There is no dedicated body to look after cyber security at present and no one that you can hold accountable.
      • Currently, the response to cyber security threats can be taken under the information technology act and the Indian Penal Code
    • Other provisions:
      • It aims to create a comprehensive system with both state-owned and private companies having to comply with cybersecurity standards
      • It provides for a periodic cyber audit and recommends annual reviews by the apex body that will be created.
      • A centre of excellence will also be set up in Bangalore to further innovations in the area.

    Data/ Facts

    • Till November 2022, a total of 12,67,564 cyber security incidents were reported. 
    • In 2021, the authorities had recorded 14,02,809 such events compared to 11,58,208 in 2020 and 3,94,499 in 2019.
    • Ransomware attacks jumped 51% in 2022. Maharashtra was the most targeted state in India facing 42% of all ransomware attacks.
    • Cyber thieves also exploited legitimate tools like “AnyDesk” used for remote administration.

    Reasons for increasing Cyber Attacks

    • Adverse relations with China
      • China is considered one of the world leaders in information technology. 
      • Therefore, it is expected to have capabilities to disable or partially interrupt the information technology services in another country. 
      • Combined with the recent border standoff and violent incidents between the armies of the two countries, the adversity in relations is expected to spill over to attacking each other’s critical information infrastructure.
    • Asymmetric and covert warfare
      • Unlike conventional warfare with loss of lives and eyeball to eyeball situations, cyber warfare is covert warfare with the scope of plausible deniability, i.e., the governments can deny their involvement even when they are caught. 
      • Similarly, even a small nation with advanced systems and skilled resources can launch an attack on a bigger power, without the fear of heavy losses. 
    • Increasing dependency on technology
      • As we grow faster, more and more systems are being shifted to virtual space to promote access and ease of use. 
      • However, the downside to this trend is the increased vulnerability of such systems to cyber-attacks. 

    Issues with Cyber Security

    • Low digital literacy among the public: While India is considered the world leader in the technology industry, the general level of awareness in India about internet etiquette is low. 
    • Vulnerable points in the system: sometimes the third-party apps have built-in back door entry or may have malware attached to their installation file. Such issues can be addressed by effective user account control and careful monitoring of the system.
    • State-sponsored Cyber Attacks: The problem with such state-sponsored attacks is the unlimited funding received by the hackers to break into the foreign systems. 
    • It is a continuous process: Cyber-attacks, by their very nature, are innovative and creative. They continue to evolve, and the next attack is more advanced than its previous version. 
    • Novel issues: Because of the ever-changing and fast evolving nature of technology, new issues keep creeping up in the IT sector. 

    Way Forward/ Steps taken by the Government 

    • The government aims at ensuring an open, safe, trusted and accountable Internet for the users.
    • The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on an ongoing basis. 
      • CERT-In operates the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) to detect malicious programmes and free tools to remove the same, and to provide cyber security tips and best practices for citizens and organisations. 
    • Security tips have been published for users to secure their desktops and mobile phones and to prevent phishing attacks.
    • CERT-In and the Reserve Bank of India [RBI] jointly carry out a cyber security awareness campaign on ‘Beware and be aware of financial frauds’ through the Digital India Platform.
    • The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs (MHA) has been designated as the nodal point in the fight against cybercrime.
    • Pursuant to the United Nations General Assembly resolution 75/282: an ad-hoc committee to elaborate a ‘Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes’ was established with all the member states. 
      • India being the member of the committee has proposed criminalisation of cyber terrorism under the said Convention.
    • The MHA has issued National Information Security Policy and Guidelines to the Central Ministries as well as State governments and Union Territories with the aim of preventing information security breaches and cyber intrusions in the information and communication technology infrastructure. 

    Source: TH