Cyber Warfare

In News: An October 12 grid failure in Mumbai may have been caused by the Chinese malware as per US cyber security and intelligence firm, Recorded Future.

About

• As per US firm, Chinese state-sponsored actors (named Red Echo) may have deployed malware into Indian power grids and seaports as border tensions between India-China began escalated in a deadly clash in May 2020.
• The Power Ministry confirmed that while attempts to breach systems were made, the power sector had not been impacted.
• Recorded Future identified 21 IP addresses targeting
  • 10 power organisations ( RLDCs and SLDCs – Regional Load Despatch Centres and their State counterparts)
  • two seaports: the V.O. Chidambaranar Port and Mumbai Port Trust.
• Other intrusions included a high voltage transmission substation and a coal-fired thermal power plant, as per Recorded Future.
• China has denied any such attempt and termed it baseless, speculative and without any evidence.

Cyber Warfare

• Cyberwarfare is the use of digital attacks or computer- or network-based conflict to attack a nation.
  • It causes comparable harm to actual warfare and/or disrupts the vital computer systems, infrastructure, etc.
• In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage.
• Examples:
  • Stuxnet Worm developed by Israel and the US sabotaged Iranian nuclear centrifuges starting in 2009.
  • Power Grid failure struck Ukraine twice, presumably at the hands of Russia cyberwarriors
  • 2013 attack froze three major South Korean banks
  • Russia’s manipulation of social media to sway Western elections, most notably the 2016 U.S. presidential vote.

Concerns/ Challenges while dealing with Cyber Warfare

• Fluid Definition and Nature: Cyber warfare is an evolving mode of attack and the technological advancements are making it more and more complicated.
  • Further it may be done by a single person, group of persons, firms, terror organisations or even by Nation States.
• Evolving Technology: The cyber attackers are continuously working on novel ways to sabotage the systems.
• Human Resource: Anyone in cybersecurity needs to be an equally potent hacker.
• Lack of robust law enforcement mechanisms: India’s approach to cyber security has so far been ad hoc and unsystematic.
  • Despite a number of agencies, policies and initiatives, their implementation has been far from satisfactory.
• Lack of Internal Coordination: Due to the existence of too many agencies with overlapping functions in the field of cyber security, coordination between these agencies is poor.
• Lack of International Coordination: The international cooperation and consensus is missing in this field.

Steps By Indian Government

• Information Technology Act, 2000 (Amended in 2008): It is the main law for dealing with cybercrime and digital commerce in India.
  • National Critical Information Infrastructure Protection Centre (NCIIPC) was created under Section 70A of IT Act 2000 to protect Cyberinfrastructure.
• CERT-In (Cyber Emergency Response Team, India): It is National Nodal Agency for Cyber Security and is Operational since 2004
• National Cyber Security Policy, 2013: The policy provides the vision and strategic direction to protect the national cyberspace.
• Cyber Swachhta Kendra: Cyber Swachhta Kendra helps users to analyse and keep their systems free of various viruses, bots/ malware, Trojans, etc.
  • Launched in early 2017.
• Indian Cyber Crime Coordination Centre (I4C):Launched in 2018, It is apex coordination centre to deal with cybercrimes.
• Cyber Surakshit Bharat: It was launched by Ministry of Electronics and Information Technology (MEITy) in 2018 with aim to
  • spread awareness about cybercrime and
  • building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
• The Cyber Warrior Police Force: It was organised on the lines of the Central Armed Police Force in 2018.

Way Forward:

• Human Resource Development: The human resource is crucial and there is an urgent need to create an informal Indian team of Cyber Warriors.
• Infrastructure Strengthening: The critical infrastructure managers should also be well trained in cyber warfare and well equipped with all the technologies for isolating the viruses and attacks.
• Mock Drills using White Hackers: There should be reward for white hackers who can highlight the shortcomings.
• Awareness: The managers and Common mass must be made aware.
• Involvement of Private Sector: Often the private sector is seen as a key innovator and their help can be crucial in securing cyberspace.
• Separate wing under Army or Navy as Cyber Command on lines of US

Source: TH