Cyber Warfare
KAKALI DAS
Is India ready for Cyber Warfare?
Do we even realise how big threat cyber warfare has become for us and the country as a whole?
Many a times this cyber fraud causes embarrassment on individual and national level. If you as readers are aware of the cyber frauds and attacks happening, then you will understand its magnitude from lower level cyber frauds like OTP, credit card frauds to bigger frauds of cyber hacking like ransomware attack on the large companies.
Let’s first discuss about the vastness of our digital ecosystem.
Business and Consumer Data company, Statista, for FY 2021 shows that 3870 government services are provided on the internet, and the focus is on digital governance as the population is so large. Transactions through our digital payments system or UPI will reach $1 trillionby 2026 as per CLSA report. Now, we are at $300 billion. So, it will be a rapid growth in digital transactions.
A Deloitte study shows that India will have 1 billion smartphone users by 2026. In 2021, there were 750 million smartphone users already in digital payments, and by 2026, the digital payments will be the norm. We had roughly half a billion social media users by Jan, 2021. Digital Readiness Survey (DRS), 2021, revealed almost 62 per cent of large and middle-market companies are still in the formative stages of digitalisation in India. That is why, much of the investment will be towards digitalisation.
A Vast Market Brings Vast Problems
Digitalisation is good for our huge population. But large scale digitalization may also cause few problems because hackers are working from home for 2 years now. And in these 2 years, from Covid-19 vaccine’s study to Oil India were targets under Cyber-attacks. Cyber fraud might not make the news but it is the digital equivalent of stealing from someone’s house.
Let’s learn about what was said in the Lok Sabha: there were 6,74,021 cyber-attacks in the country this year until June. Meaning, 3,700 cyber-attacks are happening every day. This number is year to date only. If this was 3,700 firings a day or 3700 infiltrations a day, there would have been havoc created in the country, but this is only the number of cyber-attacks, so all is well, isn’t it?
Enemy At The (Digital) Gates
Cyber-attack is also a crime, unbeknownst to us the enemy is knocking on our door. While we were busy, the biggest attack, the digital attack, happened on April 22, and you may not even know about it.
There was a time when wars were fought with weapons, but now, digitally. A serious ransomware attack happened on Oil India Limited, Assam. 200 computers were hacked, andencrypted the BIOS level, and for them to be unusable again one must pay ransom. A ransom of 120 crores was demanded, in Bitcoins, from Oil India. Oil India employed a US company to deal with the attack, and their operations resumed after a week. The authorities employed an international cyber security expert to devise a way to reboot and restore the systems. So, you can imagine the scale of cyber-attacks that can affect work at this level. And they may also get worse.
The Attacks Will Get Worse
In Dec 2021, Business Standard reported, “India is expected to be one of the largest victims of cyber-attacks in two years with attacks increasing by 200 per cent year on year.”
Why is this happening? Probably, because our digital adoption happened too fast, unaware of its use and misuse. Similarly, services became digital from enterprises and Govt., but have we followed safety protocols at the same rate?
This isn’t a warning; the cyber-attacks are happening already. Another report on Business Standard said that India witnessed a three-fold increase in cybersecurity-related incidents in 2020 compared to 2019, recording 1.16 million breaches. And the number of security breaches are expected to increase as per data.
Cyber-Attacks Difficult to Catch
Why are cyber-attacks hard to catch? They are reported way less – social stigma. Victims of cyber fraud keep quiet out of shame – for the reasons like, why let others know, what will people say etc. And, what will come out of reporting the case anyway? These aren’t geographical boundaries; cyber-criminal could be anywhere in the world as these attacks happen remotely. Suppose, we report the case and try to find the criminal, then is system capable of tracking the hacker working from multiple locations?
Let’s discuss about us (the common mass) – how are we planning to deal with cyber frauds like ATM fraud, OTP credit card fraud, etc. massive chunk of which happened to us from 2017-20?
Not just the country, individual too under attack
Ajay Kumar Mishra, Minister of State in Ministry of Home Affairs, responded to a query in Rajya Sabha – NCRB data shows that cyber fraud crimes shot up from 3,466 in 2017 to 10,395 in 2020. This is the reported number. During the pandemic, the cyber frauds increased like never before. NCRB started collecting this data of frauds from 2017 onwards.
The government is keeping distance (as there are other problems), and saying that states and union territories are responsible for maintaining personnel or adequate man-power to handle cyber fraud. But, do we have manpower? How many cyber fraud victims got their money back? But, at least, measures are being taken!
Union Government has developed Indian Cybercrime Coordination Centre, known as I4C, under the national cyber-crime reporting portal. When you report a cyber-crime case, then automatically it will be sent to respected state system. What action will be taken is debatable, but at least there is a structure.
Moreover, A Citizen Financial Cyber Reporting and Management System has been launched for reporting financial frauds and to stop siphoning off funds by the fraudsters. The best way to stop fraud is not allowing withdrawal of fraud money and to assure that reporting should be fast. You can call on helpline 1930 immediately to report a fraud. Alongside, Centre is training states and union territories to deal with cyber fraud.
Cyber-Attack Post Nupur Sharma
After suspended BJP member Nupur Sharma made controversial remarks on Prophet Muhammad, a chain of cyber-attacks began on our country websites. Malaysian hacktivist group Dragon Force launched a series of attacks – on Indian Embassy in Israel, National Institute of Agriculture Extension Management and E-portal of the Indian Counsel for Agricultural Research. Basically, they identify those platforms which have weak security and infiltrate to deface the website, lock out, ransomware etc.
Dragon force Malaysia has attacked on
- 70 websites
- Delhi Public Schools
- Colleges Across the country.
- 50 websites across Maharashtra defaced.
Audio clips and religious call to other hackers are made all over the world to attack Indian sites and systems.
Following are different kinds of cyber-attacks –
- Politically Motivated Attacks
- Defacement Attacks (putting unwanted text or image)
- Data Theft (stealing and downloading data)
- Ransomware Attack
- Full-fledged Infrastructural Attack
The most dangerous is the full-fledged infrastructural cyber-attack in which transport, power grid, pipeline, etc. are collapsed, and there is war like situation.
What has the govt. done till now?
Government funded CERT-in, a noble agency to tackle cyber frauds was founded in 2004 under IT Ministry. Countries like China, North Korea and Pakistan are targeting India, so we should increase cyber security in the country. Some countries are making digital armies that don’t operate in the field, but sits on the desk and practice hacking. There should be a digital version of Agnipath that would recruit and train hackers.
How to Protect Critical Infrastructure
Modi administration has decided to work on computer security response team as well. Government is trying to track VPN service providers because hackers may enter through the VPN. Because of which a debate has started whether this may be done just for national security reason or it will even stop anti-national hackers! Questions on privacy are also being raised. This also shows the power of VPNs as govt. wants to know what people are surfing through the services of VPN.
But, the actual spending on cyber security is less than the budget always. Government had spent 88.2% of its budget on 2016-17 in terms of cyber-threat/security is concerned. And 53% expenditure made in 2020-21 even though cyber threats are rising. Let’s take the example of the Ukraine-Russia war – Russia launched warfare on Ukraine to disrupt their systems, which shows importance of cyber ability. We urgently need national cyber security strategy in the country.
A Business Standard article argued that our current policy is only defensive, we don’t know how we will launch counter attack. And the focus of cyber strength is government and military systems. But, what about private infrastructures, as private companies hold so much of our data that may be played with? They control so much in our economy. So, whatever the strategy is made, it should include all three – government, military and private. So, our strategy needs much upgradation. Offence is the best defence!
Rajeev Chandrasekhar, Minister of State for Electronics and IT said that the government is also not going to make any change in the rules on mandating entities to report the cyber breaches in their system within six hours of learning about it.
Government seems serious about cyber breaches, yet strategy needs rework. Considering that the threat is not only on border, but digitally too, as countries like China have cyber army to carry cyber-attacks, is utmost necessary. Government here sadly is more concerned about censoring.
The latest Twitter transparency report is out which shows
- Government of India issued highest number of legal demands to block content from verified journalists.
- Our country is second to ask for user information from platforms
- India is among top 5 countries (includes Russia, Pakistan, Turkey etc.) to issue content blocking order
So, government has identified the problem, but execution is a problem. Our focus is on VPN and freedom of speech, but focus must be on offensive and defensive cyber warfare strategies, and on raising digital army to respond if any country eyes on our security, as far as digital world is concerned.
[Headline Image: https://www.aa.com.tr]
Mahabahu.com is an Online Magazine with collection of premium Assamese and English articles and posts with cultural base and modern thinking. You can send your articles to editor@mahabahu.com / editor@mahabahoo.com ( For Assamese article, Unicode font is necessary)