📅: 10th Mar2021    ⌚ : 20 Minutes   

GS-3: Science and Technology- developments and their applications and effects in everyday life. Achievements of Indians in science & technology; indigenization of technology and developing new technology. Awareness in the fields of IT, Space, Computers, robotics, Nano-technology, bio-technology and issues relating to intellectual property rights.

 Note

• Following is the summary of 'The Big Picture' discussion, which was aired on RSTV.
• Host: Vishal Dahiya
• Panellists: Abhishek Singh, National e-Governance Division, Ministry of Electronics and Information Technology; Amit Dubey, Cyber Technology Expert
• Please note that some inputs have been given by our team in order to make the topic more relevant to UPSC.

Context

• Recently, the power ministry has shed light on the attempts of ‘Red Echo’ – a Chinese hacker group, to target Indian critical information technology infrastructure including the control centre of power systems in India. If the Chinese would have been a success, it would have led to massive power blackouts and a huge economic loss to the country.
• The ministry claimed that due to the alertness of the Indian technological team, the attack was foiled and no data breach was detected.
• The year 2020 has brought focus on cyber security due to the increasing reliance on technology in the era of social distancing apart from the increasing number of cyber-attacks in the global arena.

Prelims Focus

Critical Information Infrastructure: It consists of data related to the sectors of an economy, any damage to which can cause harm to the economy, political system or society of the country. CII includes nuclear energy installations, power grid, banking system, transport systems etc. In India, the integrity and security of CII are managed by the National Critical Information Infrastructure Protection Centre (NCIIPC).

Cryptocurrency: It is a virtual currency, operating generally outside the ambit of the central bank. Cryptocurrency uses encryption to ensure the integrity of transactions and finite generation of the currency. The ledger is maintained in the public nodes to ensure transparency in the circulation of the currency.

Mains Focus

Reasons for increasing Cyber Attacks:

• Adverse relations with China: China is considered one of the world leaders in information technology. Therefore, it is expected to have capabilities to disable or partially interrupt the information technology services in another country. Combined with the recent border standoff and violent incidents between the armies of the two countries, the adversity in relations is expected to spill over to attacking each other’s critical information infrastructure (see inset).
• Asymmetric and covert warfare: Unlike conventional warfare with loss of lives and eyeball to eyeball situations, cyber warfare is covert warfare with the scope of plausible deniability, i.e. the governments can deny their involvement even when they are caught. Similarly, even a small nation with advanced systems and skilled resources can launch an attack on a bigger power, without the fear of heavy losses. Therefore, cyber warfare has increasingly become the chosen space for conflict between nations.
• Increasing dependency on technology: As we grow faster, more and more systems are being shifted to virtual space to promote access and ease of use. However, the downside to this trend is the increased vulnerability of such systems to cyber-attacks. For e.g. there is a concern of widespread damage and huge loss, if hackers are able to intrude into the nuclear, financial or energy systems of a country. Since almost all sectors of an economy are dependent upon power, the takedown of the power grid can substantially impact the economy.

Government steps to ensure Cyber Security:

• Institutional Structure: India has a well-organised structure to regulate and strengthen the national information technology systems across the country. This includes the National Cyber Security Council as well as Computer Emergency Response Team – India (CERT-In).
• Banning of potentially unsafe apps: Recently, India had banned many apps (mostly of Chinese origin), which were found to be unsafe for usage by the Indian citizens. The apps were allegedly transferring data to the servers located outside India and did not have proper safeguards to ensure that the private data of Indian citizens was protected from unauthorized access.
• Personal Data Protection Bill: The bill mandates strengthening of data infrastructure by the private companies to safeguard the data of individuals. Therefore, there is a focus on including the private companies in the ambit of data protection, rather than restricting it to the government only. This is also important as the private sector may provide an entry point to the attackers compromising the integrity of the system.
• Upcoming Cyber Security Strategy: Cyber Security Strategy aims to prepare a comprehensive document on preparing for and dealing with the cyber-attacks and securing the cyberspace in the country. For e.g. the strategy identifies three stages in the arena of cyber-attacks:
  • Pre attack or Preparatory Phase: In this stage, the systems’ gaps are identified and they are plugged in. The focus is on strengthening the defence mechanism and the firewalls and keeping the system up to date so that any potential threat is averted and the system is not compromised.
  • During the Attack: At the time of the attack, the focus is on stopping it as soon as possible and minimising the damage to the system. Also, it is to be ensured that the critical assets and data are not lost to the attack. When the attackers have been pushed out of the system, the focus shifts to restoring the services so that the consumers do not face long outages.
  • Post-Attack Phase: After the attack is over and the system is restored to normalcy, the focus is on identifying the loopholes or gaps in the system, understanding how the reaction could have been more swift and creating Standard Operating Procedure (SOPs) in case of similar future attacks.

Issues with Cyber Security:

• Low digital literacy among the general public: While India is considered the world leader in the technology industry, the general level of awareness in India about internet etiquette is low. It is often reported that people are duped easily by click-baiting them into clicking interesting content, which often has malware attached to itself. Combined with the hurried shift to online financial transactions after demonetisation as well as COVID-induced lockdown, this has the potential to result in a large scale fraud in the future. Therefore, it is critical to make people aware of the perils of clicking on suspicious links.
• Vulnerable points in the system: There is a need to find and address the vulnerable points in the system, which might allow unauthorised entry into the system. For e.g. it is expected that the sensitive nuclear data is protected by heavy encryption, but the users may be vulnerable to human errors while accessing the systems. Similarly, sometimes the third party apps have built-in back door entry or may have malware attached to their installation file. Such issues can be addressed by effective user account control and careful monitoring of the system.
• State-sponsored Cyber Attacks: As has been already discussed, India has been a victim to cyber-attacks from China. The problem with such state-sponsored attacks is the unlimited funding received by the hackers to break into the foreign systems. This means that to counter such threats from China or other countries, we need to allocate sufficient resources, which can proportionately deter the systems from being compromised, It has to be remembered that while the security agencies of Indian technological systems have to be successful in defending the systems every time, the attackers need to be successful only once to deal catastrophic damage to the system.
• It is a continuous process: Cyber-attacks, by their very nature, are innovative and creative. They continue to evolve and the next attack is more advanced than its previous version. In such a scenario, it is imperative that there is no laxity in fighting cyber-attack and the vulnerabilities continue to get plugged as they are discovered.
• Novel issues: Because of the ever-changing and fast evolving nature of technology, new issues keep creeping up in the IT sector. For e.g. now a days, many apps have voice based transactions or conversations between individuals. Voice based data is difficult to store and process in comparison to text based data. Therefore, it is important to keep updating laws and rules as per the contemporary requirements. Similarly, any innovations like cryptocurrency (see inset) need to be brought under the ambit of law and their status clarified, so that the Indian business is not a laggard in adopting new technologies.

Way Forward:

• Increased awareness and monitoring:  In the era of cyber wars, the only thing which has the potential to prevent vulnerability is information control. There is a need to enhance the general awareness levels of the government installations as well as the general public to counter such threats. For example, people need to be discouraged from clicking on suspicious and unexpected links, which may cause the system to become vulnerable to outside attacks. Similarly, there needs to be a heightened awareness about the permissions being given to an app, so that the risk to the system is minimized.
• Strengthening the policy and ecosystem: The need of the hour is to come up with a futuristic National Cyber-Security Policy which allocates adequate resources and addresses the concerns of the stakeholders. Similarly, there is a need for quicker upgradation of the existing infrastructure as information technology is a fast-evolving field and there is a need to stay ahead of the competition.
• Pre-empting the cyber-attacks: There is a need to invest in the right tools and technologies apart from the human resources, which can predict and detect the cyber attacks early, so that preventive steps could be taken while the time is still on our side. Also, the relevant industry leaders need to be engaged, so as to evolve an action paradigm according to the needs of the hour. For e.g. the western companies like Norton (by Symantec) and McAfee are considered leaders in cyber security and can be approached to partner with the government to safeguard Indian cyber-space.
• Capacity Building: Unlike other sectors requiring huge machinery and equipment, information technology is one sector which is highly dependent upon the skill level of human resources more than anything else. Therefore, the more advanced the human resources of a country, the higher it is placed on the pedestal of technological advancement. Therefore, It is imperative to train the resources involved in the protection mechanism.
• Continuous Testing: There is a need to conduct regular and frequent checks of the existing system by bringing in ethical hackers and other experts on board so that if there are chinks in the system, they can be addressed swiftly before they are exploited by the hackers.
• Partnership with the private sector:  As we move forward, there is an expectation that it is not just the government companies which will come under attack, but even the private sector might become vulnerable to cyber-attacks. This is because the policy-makers have envisaged a bigger role for the private sector in the Indian development story in the coming decades. Therefore, there is a need to collaborate and cooperate in erecting defences against outside intruders, who try to gain unauthorised entry into the system.
• Classification and prioritisation of the assets: Although all sectors are important and need to be protected from outside intrusion, there is a need for classification of assets and systems in such a way that the core systems have multiple layers of protection. This includes power and energy systems, which might lead to a cascading effect on the economy as the supply of power is critical for the proper functioning of the dependent systems. Similarly, financial sector including banks, NBFCs, ATMs etc. is also important to ensure smooth functioning of the economy.
• Sharing the Best Practices: Cyber systems are extensive in nature. Also, they are staggered across the spectrum. Therefore, it makes sense to collate the experience of the different entities together to form a comprehensive knowledge base, which can be utilised in case of future incidents. Such a repository should be made available to all the stakeholders and they need to be encouraged to undertake its implementation.

Conclusion:

• The Indian security agencies need to be applauded for their continuous stonewalling of the attempts by our neighbours to breach the security of the government portals. However, there is no scope for complacency in this rather complicated scenario of proving and testing each other’s technological superiority.
• Similarly, there is a scope for government intervention in expanding the awareness about various steps to safely access data and use cyber-systems, while maintaining the integrity of the data and safeguarding one’s privacy.

Practice Question:

• Potential to cause catastrophic damage has made cyber-warfare a preferred mode of engagement with the enemy in the contemporary world. Discuss, with special reference to India’s strategy for the prevention of its critical information infrastructure.

UPSC Previous Year Question:

• What is the CyberDome Project? Explain how it can be useful in controlling internet crimes in India. (GS3 - 2019)

•  Discuss the potential threats of Cyber attack and the security framework to prevent it. (GS3 - 2017)

• What are the areas of prohibitive labour that can be sustainably managed by robots? Discuss the initiatives that can propel research in premier research institutes for substantive and gainful innovation. (GS3 – 2015)

nnnn