Cyberattacks are rife in India, only the US and China are placed higher on this list. Bangalore, Mumbai, Delhi are among states which receives the highest traffic. In the first quarter of 2019, 48% of the total attack was recorded in Chennai. With companies suffering heavy damages (monetary as well as in data theft), cybersecurity insurance purchases are selling like hotcakes, 50% increase in 2018 alone.
“Globally, the trend is to have overarching agencies for better and command and control. It is time we also have a similar structure. India’s capabilities in the cyber world have expanded and there are a large number of agencies — but sharing real-time information is always not enough. Cyber defence capabilities is a critical strategic requirement. I think this a very positive move,” commented former telecom secretary Aruna Sundararajan.
Kundankulam Nuclear Power Plant (KNPP), came under a cyberattack in the last week of October. The damage was in the form of data theft, the same data can be used to enhance future attacks on the power plant. Even ISRO faced attacks prior to the Chandrayan 2 mission.
India-based healthcare website was attacked in 2019, medical records and information of 68 million patients and doctors were stolen.
On average, it takes foreign agencies 7 days to respond and contain cyberattacks, cybersecurity agencies in India take 9 days to do the same. The additional 2-day window is a lot of time, especially for hackers. In 2017, Indian servers were beached once every 10 minutes. What’s discouraging to know is that not all instances of cyber-related crimes are reported, hence, a breach every 10 minutes could very well be a breach every minute. Cyberattacks exploit reported vulnerabilities in the system and of the users, keeping oneself and your operating systems updated comes highly recommended.
How The Authorities Handled The Attacks
The authorities in India have also not been up to the task. Their reluctance to divulge information is worrisome, it took NPCIL (National Power Corporation of India Ltd.) 55 days to own their mistakes following Kundankulum incident. They have put their faith in systems and strategies which have been proven, in the past in other countries, to be inefficient and prone to attacks. A study by CrowdStrike, looked into the problem-solving skills and aptitudes of people in charge to measure the ability (or inability) of Indian institutions in tackling cyberattacks from well-equipped nations and organisations. Out of the ten people who respond to such attacks, nine said that the 1-10-60 (1 minute to detect the threat, 10 minutes to assess and quarantine and 60 minutes to resolve the issue) approach laid down by CrowdStrike was difficult to adhere to.
Indian IT sector growth, in recent years, has prompted the rise of digital data inventory. The vast amount of data accumulation has led to cyberattacks becoming frequent and the government and cybersecurity authorities to implement strict rules and regulations. Digital India Mission and increasing cybersecurity concerns have transformed this area into a multi-billion-dollar industry, currently valued at $4.5 billion, expected to reach $35 billion by 2030.
The three sectors which are heavily invested in cybersecurity efforts are the Government, Information and Technology Services and Banking.
Perils Of Going Digital
People preferences are shifting from traditional to digital modes of transactions, this has led to an increase in the frequency of cyberattacks and each cyberattack is more sophisticated than the other. India was among the top nations which came under ransomware attacks in 2019. Stop, Ryuk and Purga were the most prominent ones. Demands were marked to be as high as five million dollars but usually ranged between $1-5 million on an average. Records revealed that the money spent on resolving the issue and paying for the damages exceeded the ransom amount. Kaspersky, who undertook this study, said that once the systems were breached, the best solution would be to rebuild, initiate an internal investigation and commence audits.
PM Narendra Modi’s ‘Digital India’ initiative, though flamboyant in outlook but necessary for the country’s economic prosperity, has been more harmful than helpful. India does not have security personnel, as Taiwan does, who are specifically trained to counter cybersecurity threats. The infrastructure is not up to par yet with vacancies outnumbering qualified individuals. India can better equip themselves by providing vocational cybersecurity guidelines to its professionals. India can also participate in cybersecurity exchanges and programs with other Asian countries, it does run stimulations domestically but the experience gained interacting with other countries can expose India to new opportunities, software and technology and an understanding of other country’s cybersecurity models and platforms.
Personal Data Protection Bill
On 11th Dec 2019, Minister of Electronics and Information Technology, Mr Ravi Shankar Prasad, introduced the Personal Data Protection Bill in the Lok Sabha. The bill seeks to secure digital collection of data of individuals through the establishment of the Data Protection Authority which will supervise and authorise companies and institutions (domestic and global) from accessing personal information of the citizens of India.
It has been reported that the Indian army is subject to recurring cyberattacks to the tune of twice a month on an average. India also makes it to the list of top 15 least cyber-secure countries in the world. It has led to the creation of tri-service command which will administer and oversee cybersecurity and Space operations. The Ministry of Defence has appointed two-star officers from the Indian Army and the Indian Navy to lead the Armed Forces Special Operations Division (AFSOD) and the Defense Cyber Agency (DCA) respectively; two-star officers from the Indian Airforce were appointed to head the Defense Space Agency (DSA).
The DCA, under Rear Admiral Mohit Gupta, has been assigned two important functions – to fight cyber-crimes and to define and set guidelines to tackle cyber warfare. This initiative may lead to sharing of intel among the three wings which may bolster better communication and friendly relations. Lt. Col. Rajesh Pant, National Cybersecurity Coordinator, announced that the Government of India plans on releasing new cybersecurity Policy by early 2020. This plan will take into consideration incoming technologies (like 5G) too, the last update was in 2013.