Cyber Threats: Serious Action needed : Daily Current Affairs

Relevance: GS-3: Challenges to internal security through communication networks, basics of cyber security.

Key phrases: Big Bang cyber-attack, Cyber-attacks, terrorism, Worm, cyber Pearl Harbour, cybercrimes, ransomware, Data breaches.

Why in News?

Rather than wait for the ‘Big Bang cyber-attack’, nations and institutions ought to be prepared for a rash of cyber strikes.

Background:

Cyber-attacks may be a relatively new phenomenon, but in a short time frame, have come to be assessed as dangerous as terrorism. The world was possibly made aware of the danger and threat posed by cyber weapons with the advent of the Stuxnet Worm in 2010, which resulted in large-scale damage to Iran’s centrifuge capabilities.
Two years later, in 2012, a bank of computers belonging to the Saudi Aramco Oil Company were targeted, reportedly by Iranian operatives, employing malware that wiped out data on 30,000 computers.
The string of instances appear to have provoked then United States Defence Secretary, to utter the warning that the world had to prepare for a kind of ‘cyber Pearl Harbour’, highlighting a new era of potential vulnerabilities.
The years 2020 and 2021 have proved to be extremely difficult from the perspective of cyber-attacks but no changes in methodology have been seen. In 2021, cyber-attacks that attracted the maximum attention were Solar Winds and Colonial Pipeline in the U.S., but these were merely the tip of a much bigger iceberg among the string of attacks that plagued the world.
Estimates of the cost to the world in 2021 from cyber-attacks are still being computed, but if the cost of cybercrimes in 2020 (believed to be more than $1 trillion) is any guide, it is likely to range between $3trillion-$4 trillion.

Cyber Pearl Harbor refers to a potential cyber-attack that some people believe threatens U.S.-based IT infrastructure and related services. The term was coined in 2012 by U.S. Defense Secretary Leon E. Panetta and aims to relate the intensity and potential devastation of a major cyber-attack with the 1941 attack on Pearl Harbor, a surprise military attack by the Japanese Navy against the U.S. Cyber Pearl Harbor is a term that implies that the U.S. faces an attack and, perhaps, cyber warfare with an aggressive nation or terrorist organization.

Cyber threat in India:

India saw an exponential rise in the cyber security incidents amid the coronavirus pandemic. The information tracked by the Indian Computer Emergency Response Team (CERT-In) showed that such attacks saw a four-fold jump in 2018 and recorded an 89 per cent growth in 2019.
The numbers in India went from 1.3 million in February 2020 to 3.3 million in March 2020. From April 2020 onward, monthly attacks never dipped below 300 million, and they reached a new high of 409 million attacks worldwide in November 2020. In July 2020, India recorded its highest number of attacks at 4.5 million.
In February 2021- Nearly one year from the start of the pandemic—there were 377.5 million brute-force attacks—a far cry from the 93.1 million witnessed at the beginning of 2020. India alone witnessed 9.04 million attacks in February 2021. The total number of attacks recorded in India during Jan & Feb 2021 was around 15 million.

A cyber-attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. Cybercriminals use a variety of methods to launch a cyber-attack, including malware, phishing, ransomware, denial of service, among other methods.

Sectors that are vulnerable:

As 2022 begins, the general consensus is that the cyber threat is likely to be among, if not the biggest, concern for both companies and governments across the globe. In the Information age, data is gold. Credential threats and the threat of data breaches, phishing, and ransomware attacks, apart from major IT outages, are expected to be among the main concerns. In January 2022. A Belarusian hacktivist group accessed the networks of state-owned Belarusian Railway. The group encrypted the majority of the Railway’s servers and destroyed data held on a backup server, possibly to complicate Russian troop movements throughout the country.
Results are also likely to far eclipse the damage stemming from the COVID-19 pandemic or any natural disasters. A little publicised fact is that the vast majority of cyber-attacks are directed at small and medium sized businesses, and it is likely that this trend will grow.
According to experts, among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments. Health-care ransomware has been little publicised, but the reality is that ransomware attacks have led to longer stays in hospitals, apart from delays in procedures and tests, resulting in an increase in patient mortality. In January 2022. A Chinese hacking group breached several German pharma and tech firms. According to the German government, the hack into the networks of service providers and companies was primarily an attempt to steal intellectual property.
Far more than merely apportioning costs linked to cybercrime is the reality that no organisation can possibly claim to be completely immune from cyber-attacks. While preventive and reactive cyber security strategies are needed — and are essential to mitigate cyber risks — they are proving to be highly illusive in an increasingly hyper-connected world. Comprehending the consequences of this reality could be devastating.

Government Initiatives for Cyber Security in India.

National Cyber Security Strategy 2020: To improve cyber awareness and cyber security through more stringent audits. Under the policy, empanelled cyber auditors will carefully look at the security features of organisations.
National Cyber Security Policy -2013: The policy aims at facilitating creation of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders actions for protection of cyber space.
Cyber Swachhta Kendra: The "Cyber Swachhta Kendra" (Botnet Cleaning and Malware Analysis Centre) is a part of the Government of India's Digital India initiative under the MeitY to create a secure cyber space by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections.
Cyber Surakshit Bharat Programme: It aims to strengthen the cyber security ecosystem in Government organizations in the country. It was conducted by the NeGD under the Ministry of Electronics and Information Technology (MeitY).
Notification - Pilot scheme for Notifying Examiner of Electronic Evidence Under section 79A of the Information Technology Act 2000
Indian Cyber Crime Coordination Centre (I4C).
National Critical Information Infrastructure Protection Centre (NCIIPC).
Information Technology Act, 2000.

Way forward:

Nations and institutions, instead of waiting for the ‘Big Bang cyber-attack’, should actively prepare for a rash of cyber-attacks — essentially ransomware — mainly directed at available data. The emphasis should be on prioritising the defence of data above everything else.
Consequently, law enforcement agencies would need to play a vital role in providing effective defence against cyber-attacks.
On the strategic plane, understanding the nature of cyber space is important. While solving the technical side is ‘one part of the solution, networks and data structures need at the same time to prioritise resilience through decentralised and dense networks, hybrid cloud structures, redundant applications and backup processes’. This implies ‘planning and training for network failures so that individuals could adapt and continue to provide service even in the midst of an offensive cyber campaign’.
The short answer is to prioritise building trust in systems — whether it is an electrical grid, banks or the like, and creating backup plans including ‘strategic decisions about what should be online or digital and what needs to stay analog or physical, and building capacity within networks to survive’ even if one node is attacked.
Failure to build resilience - at both the ‘technical and human level - will mean that the cycle of cyber-attacks and the distrust they give rise to will continue to threaten the foundations of democratic society’. Preventing an erosion of trust is critical in this day and age.

Source: The Hindu

Mains Question:

Q. In the wake of digital India mission, Discuss the vulnerability of India’s digital infrastructure related to cyber threat. What should be the measures to tackle the cyber threat problems in India? Critically examine.(250 words)