Mains Marathon

Approach

• Briefly explain what is meant by cyber security.
• Discuss national cyber security strategy and discuss how it will strengthen Cyber security of India.
• Conclude suitably.

Answer

Cyber security is the protection of cyber space including critical information infrastructure from attack, damage, misuse and economic espionage. Cybersecurity is to protect against unauthorized access to data centers and other computerized systems. Recently, the National Cyber Security Strategy was conceptualised by the Data Security Council of India (DSCI). It was focused on 21 areas to ensure a safe, secure, trusted, resilient, and vibrant cyberspace for India.

India needs robust cyber security system because-

• India has more than 700 million internet users.
• One in four Indian organisations suffered a ransomware attack in 2021 — higher the global average of 21%.
• Palo Alto Networks’ 2021 report, Maharashtra was the most targeted state in India — facing 42% of all ransomware attacks.
• Critical infrastructure is getting digitised in a very fast way — this includes financial services, banks, power, manufacturing, nuclear power plants, etc.
• For Protecting Critical Sectors: Due to increasing interconnectedness of sectors and proliferation of entry points into the internet, which could further grow with the adoption of 5G.
• Recent Cyber Attacks:
  • The Chinese hacker group known as Stone Panda had “identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India.

National Cyber Security Strategy will strengthen the cyber security of India-

• Large Scale Digitisation of Public Services: Focus on security in the early stages of design in all digitisation initiatives.
  • Developing institutional capability for assessment, evaluation, certification, and rating of the core devices
  • Timely reporting of vulnerabilities and incidents.
• Supply Chain Security: Monitoring and mapping of the supply chain of the Integrated Circuits (ICT) and electronics products.
  • Leveraging the country’s semiconductor design capabilities globally at strategic, tactical and technical levels.
• Critical Information Infrastructure Protection: Integrating Supervisory Control and Data Acquisition (SCADA) security.
  • Maintaining a repository of vulnerabilities.
  • Preparing an aggregate level security baseline of the sector and tracking its controls.
  • Devising audit parameters for threat preparedness and developing cyber-insurance products.
• Digital Payments: Mapping and modelling of devices and platforms deployed, supply chain, transacting entities, payment flows, interfaces and data exchange.
• State-Level Cyber Security: Developing state-level cybersecurity policies,
  • Allocation of dedicated funds,
  • Critical scrutiny of digitization plans,
  • Guidelines for security architecture, operations, and governance.
• Security of Small and Medium Businesses: Policy intervention in cybersecurity granting incentives for a higher level of cybersecurity preparedness.
  • Developing security standards, frameworks, and architectures for the adoption of the Internet of Things (IoT) and industrialisation.

Thus, the National Cyber Security Strategy will strengthen the cyber security of India.

Recommendation that can further increase the cyber security of India:

• A minimum allocation of 0.25% of the annual budget, which can be raised to 1%, has been recommended to be set aside for cyber security.
• In terms of separate ministries and agencies, 15-20% of the IT/technology expenditure should be earmarked for cybersecurity.
• Setting up a Fund of Funds for cybersecurity and providing Central funding to States to build capabilities in the same field.
• Research, Innovation, Skill-Building and Technology Development.
• Crisis Management: For adequate preparation to handle a crisis, Data Security Council of India (DSCI) recommends holding cybersecurity drills which include real-life scenarios with their ramifications.
• Cyber Insurance: Cyber insurance must have an actuarial science to address cybersecurity risks in business and technology scenarios as well as calculate threat exposures.
• Cyber Diplomacy: Cyber security preparedness of key regional blocks like Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC) and Shanghai Cooperation Organisation (SCO) must be ensured via programs, exchanges and industrial support.
  • The government should promote brand India as a responsible player in cyber security and also create ‘Cyber envoys’ for the key countries/regions
• Cybercrime Investigation: With the increase in cybercrime across the world, unburdening the judicial system by creating laws to resolve spamming and fake news.
  • It also suggests charting a 5-year roadmap factoring possible technology transformation, setting up exclusive courts to deal with cybercrimes and removing the backlog of cybercrime.
  • Moreover, DSCI suggests advanced forensic training for agencies to keep up in the age of AI/ML, Blockchain, IoT, Cloud, Automation.

Cyberspace is a new domain of national sovereignty and also a new domain of cyber warfare. India with a very huge cyber space due to its users and potential, must have a pre-planned strategy to counter all offensive and defensive threats. It can be better executed by the fair and mutual cooperation of the public and private sector.