By Dr. Gulshan Rai
India is among the top 10 countries facing cyber-attacks. These incidents have increased manifold during the lockdown period — almost three times increase in cases of phishing, spamming and scanning of ICT systems, particularly of critical information infrastructure.
There is significant increase in incidents relating to hacking, injecting malware through spam mails and other forms of exploiting vulnerabilities. There was an almost 56% rise in malicious traffic on internet during the lockdown period also on account of the culture of work from home. This might be just the beginning which suggests even more increased interest in exploiting cyber breaches.
A news daily too reported massive “denial of service” attacks on financial institution in the country which, however, could not be verified. The border stand-off has further increased worries about enhanced cyber attacks from China and its close allies. Several advisories have been published by the Indian Computer Emergency Team and media about possibilities of cyber-attacks from China, though not much malicious activity has been observed.
Many cyber hackers — state, non-state, professional, freelancer’s groups, so-called “anonymous groups” — operate worldwide and conduct attacks internationally. Approximately more than one third of all cyber-attacks worldwide are launched from China. They have one of the largest military groups of cyber experts in the world. Countries like North Korea and Pakistan are also very active on their own and work in close collaboration with the Chinese. These countries have been accused of perpetrating state-sponsored attacks for a variety of purposes.
Recently, the Australian Prime Minister expressed concerns over Chinese cyber attacks. About 38% of Advance Persistent Threat Vectors like APT40, APT3, APT10 and APT17 have been reported to be developed and deployed by China for espionage, stealing of data and IP. Some APTs are general purpose tools but others are customised for specific countries and purposes.
The techniques and tools like APT1, APT3, APT10, APT15, APT17, APT26 etc have been deployed against India too. The Chinese are in the process of developing technology to penetrate the internet through satellite channels. Pakistan too has deployed APT 36 targeting Indian entities. The role of hacker group called LAZARUS is well known in carrying out attacks on financial targets in India, Bangladesh and other South Asian countries.
The National Cyber Security Policy, 2013, was the first comprehensive document brought out by the government. The policy had several action points. Important ones relate to setting up a National Cyber Security Center, Test Infrastructure, Malware Monitoring & Cleaning Center, National Critical Information Infrastructure Center etc.
The government had announced that a new Cyber Security Policy, 2020, will be brought out. Certainly, there are lot of gaps with regard to resilience of infrastructure. However, let us not overestimate Chinese capabilities and underestimate ours. Their software codes are not so sophisticated, but they are successful due to legacy systems deployed in the country. Technologies like artificial intelligence, machine earning, internet-enabled devices and big data have complicated the cyber attack ecosystem. Nevertheless, agencies in the country are geared up and capable to address challenges. Indian entities have successfully defended large cyber attacks from China and other countries. We, however, need to review the 2013 policy and take corrective steps to strengthen the system to enhance resiliency of cyber infrastructure in the country, particularly critical infrastructure. The draft of the policy, considering technological innovations and resulting complexity in cyber incidents, should be announced.
The National Cyber Coordination Centre urgently needs significant upgrade in all aspects, including technology and manpower. Time is of the essence. The role of the national cyber security coordinator may also need to be reviewed regarding his effectiveness in comprehensively coordinating cyber security issues. Maybe he needs to be empowered. There must be single-point of responsibility at the central level.
Proper coordination is needed between the coordinator and respective regulators. We are in a connected world. More and more activities will be carried on internet and public networks. Heterogeneity of devices and software will increase with more built-in vulnerabilities. Tech and data, due to their very nature, will get more and more geopolitical attention. We have set a target of a US$ 5 trillion economy. It is better to be prepared now with respect to policy, legal framework, monitoring infra and technology to emerge as safe a and secure digital country.
Dr Gulshan Rai is a Senior Advisor at Dua Associates.
This article was first published in Times of India