UPSC CSE Mains Syllabus: GS-3- Awareness in the fields of IT, Space, Computers, robotics, nano-technology, bio-technology and issues relating to intellectual property rights.
Cybersecurity – Threats and Measures
Cybersecurity companies have been warning of increasing cyber threats during the pandemic with significant fallout for victims.
The German police have launched homicide inquiry against hackers who uploaded ransomware on to the servers of a hospital in Dusseldorf; with the hospital systems scrambled, attempts were made to rush critical patients to other hospitals, and a woman lost her life while she was being transferred to another facility.
- While hackers have been increasingly targeting hospitals and other public infrastructure, this is the first attack to claim a life.
- With public and mass-use cyber infrastructure being sitting ducks for cyber attacks, part of the onus is also that of countries that have not upgraded public digital and cyber infrastructure and adopted the latest security systems.
- In 2017, after the Wannacry and Petya attacks, many countries had started to work in this area.
- The attack on NHS, for instance, prompted the British government to create a fund to upgrade legacy systems and infuse more money in cyber defence mechanisms.
- But, such responses have only been limited to a few countries.
- Last year, India was the centre of the attack, and hackers were able to gain access to the Kudankulam nuclear plant.
- While the government was able to avert tragedy, it did highlight the deficiencies in India’s defence architecture.
Cyber security measures taken in India:
Central Government has taken steps to spread awareness about cyber crimes, issue of alerts/advisories, capacity building/training of law enforcement personnel/ prosecutors/ judicial officers, improving cyber forensics facilities etc. to prevent such crimes and to speed up investigation. The Government has launched the online cybercrime reporting portal, www.cybercrime.gov.in to enable complainants to report complaints pertaining to Child Pornography/Child Sexual Abuse Material etc. The Central Government has rolled out a scheme for establishment of Indian Cyber Crime Coordination Centre (I4C) to handle issues related to cybercrime in the country in a comprehensive and coordinated manner.
‘Police’ and ‘Public Order’ are State subjects as per the Constitution of India. States/UTs are primarily responsible for prevention, detection, investigation and prosecution of crimes through their law enforcement machinery. The Law Enforcement Agencies take legal action as per provisions of law against the cyber crime offenders.
Further, Government has taken several steps to prevent and mitigate cyber security incidents. These include:
(i) Establishment of National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country.
(ii) All organizations providing digital services have been mandated to report cyber security incidents to CERT-In expeditiously.
(iii) Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for providing detection of malicious programmes and free tools to remove such programmes.
(iv) Issue of alerts and advisories regarding cyber threats and counter-measures by CERT-In.
(v) Issue of guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
(vi) Provision for audit of the government websites and applications prior to their hosting, and thereafter at regular intervals.
(vii) Empanelment of security auditing organisations to support and audit implementation of Information Security Best Practices.
(viii) Formulation of Crisis Management Plan for countering cyber attacks and cyber terrorism.
(ix) Conducting cyber security mock drills and exercises regularly to enable assessment of cyber security posture and preparedness of organizations in Government and critical sectors.
(x) Conducting regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber attacks.
- Governments, the world over, need to classify essential services like hospitals as critical infrastructure.
- India specifically needs to reimagine its cyber-defence, moving from a multi-front (government departments and state governments have their separate mechanisms) approach to a more centralised system.
POSSIBLE UPSC MAINS EXAMINATION: