{"id":9197,"date":"2022-04-29T00:00:00","date_gmt":"2022-04-29T00:00:00","guid":{"rendered":"https:\/\/www.nextias.com\/current_affairs\/uncategorized\/29-04-2022\/new-cybersecurity-guidelines-by-cert-in\/"},"modified":"2022-04-29T00:00:00","modified_gmt":"2022-04-29T00:00:00","slug":"new-cybersecurity-guidelines-by-cert-in","status":"publish","type":"post","link":"https:\/\/www.nextias.com\/ca\/current-affairs\/29-04-2022\/new-cybersecurity-guidelines-by-cert-in","title":{"rendered":"New Cybersecurity Guidelines by CERT-In"},"content":{"rendered":"<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>In News<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Recently, the <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Indian Computer Emergency Response Team (CERT-In)<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> has issued new guidelines for <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>cyber incidents<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">.<\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>New Guidelines<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Mandatory: <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Indian Computer Emergency Response Team (CERT-In)<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> has mandated that:<\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">All cybersecurity incidents must be informed to it by the respective companies <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>within six hours<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> of either being made aware of the incident or becoming aware itself.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Service providers, intermediaries, data centres, companies and government organisations <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>enable logs of all their ICT systems<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> and maintain them securely for a <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>rolling period of 180 days<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">.<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Incidents includes:\u00a0<\/strong><\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Targeted scanning or probing of critical networks and systems,\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Compromise of critical systems and information,\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Unauthorised access of data and systems among others.<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Maintain information:\u00a0<\/strong><\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Virtual asset service providers, virtual asset exchange providers and custodian wallet service providers shall maintain all the information they have gathered as a part of the <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>know your customer (KYC) process<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> and records of financial transactions for a <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>period of five years.<\/strong><\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Information retrieval:<\/strong><\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">With respect to transaction records, accurate information shall be maintained in such a way that individual transactions can be reconstructed.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">It is to be done along with the relevant elements comprising of, but not limited to:<\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Information relating to the identification of the relevant parties including IP addresses along with timestamps and time zones,\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Transaction ID,\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The public keys (or equivalent identifiers),\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Addresses or accounts involved (or equivalent identifiers),\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The nature and date of the transaction, and\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The amount transferred<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Reason for New Guidelines:<\/strong><\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The guidelines came because during the course of handling cyber incidents and interactions with the constituency, it has identified certain gaps causing hindrance in the analysis of breach incidents.<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>Issues in Present System<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Accurate information<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> relating to customers\/subscribers were <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>not<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> present.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Mostly the information is either deleted or not stored at all.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Proper maintenance <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">or reporting of the data was missing.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Personal data leakage <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">has also been a troublesome issue. Some companies continued to <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>ignore alerts by cyber security researchers and<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> acted only after the data was made public.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Users are not informed <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">of the data breach and hence are not able to protect themselves from cyber crimes.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Users are still unaware if their KYC (Know Your Customer) and financial data is safe or not.<\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>Indian Computer Emergency Response Team (CERT-In)<\/u><\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Operational: <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">CERT-In has been operational since January 2004.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>constituency<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> of CERT-In is the Indian Cyber Community.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">CERT-In is the <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>national nodal agency<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> for responding to computer security incidents as and when they occur.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Power: <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">CERT-In is empowered under <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Section 70B of the Information Technology Act<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> to collect, analyse and disseminate information on cyber security incidents.\u00a0<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">It has been designated to serve as the national agency to perform the <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>following functions<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> in the area of cyber security:<\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Collection, analysis and dissemination of information on cyber incidents.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Forecast and alerts of cyber security incidents<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Emergency measures for handling cyber security incidents<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Coordination of cyber incident response activities.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Such other functions relating to cyber security as may be prescribed.<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong><u>What are the reasons for increasing Cyber attacks?<\/u><\/strong><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Adverse relations with China:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> China is considered one of the world leaders in information technology. Therefore, it is expected to have capabilities to disable or partially interrupt the information technology services in another country.\u00a0<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Asymmetric and covert warfare:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> Unlike conventional warfare with loss of lives and eyeball to eyeball situations, cyber warfare is covert warfare with the scope of plausible deniability, i.e. the governments can deny their involvement even when they are caught. Therefore, cyber warfare has increasingly become the chosen space for conflict between nations.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Increasing dependency on technology:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> As we grow faster, more and more systems are being shifted to virtual space to promote access and ease of use. However, the downside to this trend is the increased vulnerability of such systems to cyber-attacks.\u00a0<\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong><u>Government steps to ensure Cyber Security<\/u><\/strong><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Institutional Structure:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> India has a well-organised structure to regulate and strengthen the national information technology systems across the country. This includes the National Cyber Security Council as well as Computer Emergency Response Team \u2013 India (CERT-In).<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Banning of potentially unsafe apps:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> Recently, India had banned many apps (mostly of Chinese origin), which were found to be unsafe for usage by the Indian citizens. The apps were allegedly transferring data to the servers located outside India and did not have proper safeguards to ensure that the private data of Indian citizens was protected from unauthorised access.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Personal Data Protection Bill:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> The bill mandates strengthening of data infrastructure by the private companies to safeguard the data of individuals. Therefore, there is a focus on including the private companies in the ambit of data protection, rather than restricting it to the government only.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Upcoming Cyber Security Strategy:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> Cyber Security Strategy aims to prepare a comprehensive document on preparing for and dealing with the cyber-attacks and securing the cyberspace in the country. For e.g. the strategy identifies three stages in the arena of cyber-attacks:<\/span><\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Pre attack or Preparatory Phase:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> In this stage, the systems\u2019 gaps are identified and they are plugged in. The focus is on strengthening the defence mechanism and the firewalls and keeping the system up to date so that any potential threat is averted and the system is not compromised.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>During the Attack:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> At the time of the attack, the focus is on stopping it as soon as possible and minimising the damage to the system. Also, it is to be ensured that the critical assets and data are not lost to the attack. When the attackers have been pushed out of the system, the focus shifts to restoring the services so that the consumers do not face long outages.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Post-Attack Phase:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> After the attack is over and the system is restored to normalcy, the focus is on identifying the loopholes or gaps in the system, understanding how the reaction could have been more swift and creating Standard Operating Procedure (SOPs) in case of similar future attacks.<\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong><u>Challenges with Cyber Security<\/u><\/strong><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Low digital literacy among the general public:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> The general level of awareness in India about internet etiquette is low. It is often reported that people are duped easily by click-baiting them into clicking interesting content, which often has malware attached to itself.\u00a0<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Vulnerable points in the system:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> There is a need to find and address the vulnerable points in the system, which might allow unauthorised entry into the system. For e.g. it is expected that the sensitive nuclear data is protected by heavy encryption, but the users may be vulnerable to human errors while accessing the systems.\u00a0<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>State-sponsored Cyber Attacks:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> The problem with such state-sponsored attacks is the unlimited funding received by the hackers to break into the foreign systems. This means that to counter such threats from China or other countries, we need to allocate sufficient resources, which can proportionately deter the systems from being compromised.\u00a0<\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"text-align:justify\"><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong><u>Way Ahead<\/u><\/strong><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Increased awareness and monitoring:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\">\u00a0 In the era of cyber wars, the only thing which has the potential to prevent vulnerability is information control. There is a need to enhance the general awareness levels of the government installations as well as the general public to counter such threats.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Strengthening the policy and ecosystem:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> The need of the hour is to come up with a futuristic National Cyber-Security Policy which allocates adequate resources and addresses the concerns of the stakeholders.\u00a0<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Pre-empting the cyber-attacks:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> There is a need to invest in the right tools and technologies apart from the human resources, which can predict and detect the cyber attacks early, so that preventive steps could be taken while the time is still on our side.\u00a0<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Capacity Building:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> Unlike other sectors requiring huge machinery and equipment, information technology is one sector which is highly dependent upon the skill level of human resources more than anything else.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Continuous Testing:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> There is a need to conduct regular and frequent checks of the existing system by bringing in ethical hackers and other experts on board so that if there are chinks in the system, they can be addressed swiftly before they are exploited by the hackers.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Partnership with the private sector:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> There is a need to collaborate and cooperate in erecting defences against outside intruders, who try to gain unauthorised entry into the system.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Classification and prioritisation of the assets:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> Although all sectors are important and need to be protected from outside intrusion, there is a need for classification of assets and systems in such a way that the core systems have multiple layers of protection. This includes power and energy systems, which might lead to a cascading effect on the economy as the supply of power is critical for the proper functioning of the dependent systems.<\/span><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"><strong>Sharing the Best Practices:<\/strong><\/span><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#212529\"><span style=\"background-color:#ffffff\"> Cyber systems are extensive in nature. Also, they are staggered across the spectrum. Therefore, it makes sense to collate the experience of the different entities together to form a comprehensive knowledge base, which can be utilised in case of future incidents.<\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Source<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">: <\/span><\/span><\/span><a href=\"https:\/\/indianexpress.com\/article\/business\/reporting-cyber-incidents-in-6-hrs-mandatory-7892344\/#:~:text=The%20Indian%20Computer%20Emergency%20Response,to%20it%20by%20the%20respective\" style=\"text-decoration:none\" target=\"_blank\" rel=\"noopener\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#1155cc\">IE<\/span><\/span><\/span><\/a><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> + <\/span><\/span><\/span><a href=\"https:\/\/www.thehindu.com\/news\/national\/organisations-must-report-cyber-security-breach-within-six-hours-indiancert\/article65363495.ece\/amp\/\" style=\"text-decoration:none\" target=\"_blank\" rel=\"noopener\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#1155cc\">TH<\/span><\/span><\/span><\/a><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> <\/span><\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In News Recently, the Indian Computer Emergency Response Team (CERT-In) has issued new guidelines for cyber incidents. New Guidelines Mandatory: The Indian Computer Emergency Response Team (CERT-In) has mandated that: All cybersecurity incidents must be informed to it by the respective companies within six hours of either being made aware of the incident or becoming [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9198,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21],"tags":[114,26],"class_list":["post-9197","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-current-affairs","tag-cyber-crime-security","tag-gs-3"],"acf":[],"jetpack_featured_media_url":"https:\/\/wp-images.nextias.com\/cdn-cgi\/image\/format=auto\/ca\/uploads\/2023\/07\/7549591Screenshot_6.png","_links":{"self":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/9197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/comments?post=9197"}],"version-history":[{"count":0,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/9197\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media\/9198"}],"wp:attachment":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media?parent=9197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/categories?post=9197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/tags?post=9197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}