Table of Contents
Context: The Parliamentary Standing Committee on Finance, in its report, highlighted the need to establish a Cyber Protection Authority to enhance
Recommendations of the Report
- Establish a Centralised ‘Cyber Protection Authority’: The committee has proposed the creation of a centralised and empowered ‘cyber protection authority’, similar to the Directorate General of Civil Aviation (DGCA), specifically aimed at safeguarding the financial services ecosystem. This authority would be responsible for tackling the increasing instances of white-collar crimes in cyberspace.
- Regulate Third-Party Service Providers: This regulation aims to ensure that these service providers adhere to security standards and share comprehensive metadata about their apps with relevant authorities for security checks. This measure is intended to bolster the security of the digital landscape.
- Implement a White-Listing Framework for Digital Lending Agencies: This framework would involve a thorough evaluation of these agencies to ensure regulatory compliance, operational transparency, and adherence to ethical practices. The goal is to eliminate fraudulent or unscrupulous lending agencies from the market and protect borrowers from predatory lending practices and other illicit activities.
- Adopt an Automatic Compensation System: The committee proposes the implementation of an automatic compensation system as designed by the Reserve Bank of India (RBI). Financial institutions would be solely responsible for promptly compensating affected customers in case of cybercrime incidents, without requiring the victims to prove a direct connection between the cybercrime and the financial loss.
- Enhance Enforcement Capabilities and Collaboration: The committee emphasizes the need to enhance enforcement capabilities in the realm of cyber security. Additionally, they recommend collaborating with international counterparts to adopt best practices and ensure a proactive approach to global cyber security regulations.
What is Cyber Security?
- Cybersecurity refers to the practice of protecting computers, servers, networks, electronic systems, and digital data from unauthorized access, theft, damage, or disruption.
- It involves implementing measures and employing technologies and processes to ensure the confidentiality, integrity, and availability of information and systems.
- Cybersecurity is necessary to protect sensitive data, preserve operational continuity, and mitigate financial risks posed by evolving cyber threats and crimes in the digital landscape.
Various elements of cyber security
- Application security: Applications play an essential role in business ventures; that is why every firm needs to focus on web application security. Web application security is important in order to protect customers, their information and interests.
- Information security: Information includes business records, personal data, customer’s data, intellectual property etc; hence, it is important for a corporation to have strong cyber security for information to prevent its leakage.
- Network Security: Network security consists of protecting the usability and reliability of network and data. Measures to secure networks, including firewalls, intrusion detection and prevention systems (IDPS), virtual private networks (VPNs), and network segmentation.
- Disaster Recovery/ Business continuity planning: It is about being prepared for any kind of interference or cyber threat by identifying threats to the systems on time and analyzing how it may affect the operations and methods to counter that threat.
- Operational security (OPSEC): It is used to protect organization functions. It identifies important information and assets to track down threats and vulnerabilities that exist in the functional method.
- End-user education: It is important for an organization to train their employees about cyber security because human error is one of the major causes of data breaches.
Why India Needs to Secure Its Cyber Space?
- Increasing cybercrimes: As per the NCRB data from “Crime in India, 2020”, Cybercrimes have increased four times or 306 percent in the past four years and rate of cybercrime (incidents per lakh population) increased in 2020.
- India saw a 53 per cent increase in ransomware incidents in 2022 (year-over-year), according to the “India Ransomware Report 2022″ published by the CERT-In.
- Digital India: According to a report, the value of digital payments in India will grow close to 1 trillion dollars in FY26 from 300 billion dollars in FY21.
- Critical Infrastructure: India’s critical infrastructure, including power plants and power distribution, healthcare, railways and banking, have witnessed increasing cyberattacks, allegedly from Chinese state-sponsored groups.
- Cyber Defence: Presently, the nature of the war in Ukraine indicates that India needs to review its cyber-defence policies. India also needs to give equal attention to building a deterrent cyber-offensive capability.
- Offensive cybersecurity strategies preemptively identify vulnerabilities and security weaknesses before an attacker exploits them.
- Terrorism: As per a report by the International Institute for Counter Terrorism, hacktivism activities have increased in Southeast Asia, including website defacement, distributed denial-of-service (DDoS) attacks and information leaks. Such threats will increase in the coming times.
Current Cyber Security Architecture in India
- National Cyber Security Policy, 2013: It was the first comprehensive document brought out by government to create a secure and resilient cyberspace ecosystem and strengthen the regulatory framework.
- It aims to protect information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
- National Cyber Security Strategy 2020: It was conceptualized by the National Security Council Secretariat to ensure a safe, secure, trusted, resilient and vibrant cyberspace for Nation’s prosperity.
- Pillars of strategy are Secure (the National Cyberspace), Strengthen (Structures, People, Processes, Capabilities), and Synergise (Resources including Cooperation and Collaboration).
- Institutional mechanism:
- Indian Cyber Crime Coordination Centre (I4C): It was rolled out by Ministry of Home Affairs for the period 2018-2020 to combat cybercrime in the country, in a coordinated and effective manner.
- Indian Computer Emergency Response Team (CERT-In): It serves as national agency for responding to cyber security incidents as per provisions of IT Act, 2000. It issues alerts and advisories regarding latest cyber threats/vulnerabilities and counter measures to protect computers and networks on regular basis.
- Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): It has been launched for detection of malicious programs and provide free tools to remove the same. o National Cyber Crime Reporting Portal: It caters to complaints pertaining to cybercrimes only with special focus on cybercrimes against women and children.
- National Cyber Coordination Centre (NCCC): It is multi-stakeholder cybersecurity and e-surveillance agency, under CERT-In. It generates situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
- National Critical Information Infrastructure Protection Centre (NCIIPC): It is created under IT Act, 2000 (amended 2008) and designated as National Nodal Agency to facilitate safe, secure and resilient information infrastructure for critical sectors of the Nation.
Challenges and concerns in India’s preparedness of cyber warfare
- Lack of comprehensive strategy: Unlike the US, India still lacks a comprehensive, modern, and updated cyber warfare strategy. In the preset capacity, India can only address cybersecurity attacks and not cyber warfare.
- Lack of Strong Security Culture: India lacks a strong security culture which is quite imperative in the cyber security domain.
- Lack of Awareness: Women and children are increasingly becoming victims of cybercrimes such as pornography, stalking, cheating, and hacking.
- “Whack-a-mole” approach: India’s current approach adopts a reactionary “whack-a-mole” approach rather than creating deterrence.
- “Whack – a – Mole’ approach is a style of managing or leading others where a manager waits for something, he/ she believes to be wrong to happen, and “whacks” the behavior with words and/or actions.
- Shortage of Technical Staff for the Investigation of Cybercrime: There have been half-hearted efforts by the States to recruit technical staff for the investigation of cybercrime.
- A regular police officer may be unable to understand the nuances of the working of a computer or the Internet.
- It is only a technically qualified staff who could acquire and analyse digital evidence.