Cyber Security Challenges In India

Cyber security issues in India have added a new variety of challenges for India. Till now cyber security in India and its challenges and problems are well known and India has also realised that urgent attention in this direction is needed. For instance, the cyber security challenges for the smart grids in India were realised during the recent power outrage in India.

This is just the beginning of the cyber security journey of India. Critical infrastructure protection in India is not undertaken in the manner required. Even we have no critical ICT infrastructure protection policy of India  that can provide norms and best practices for critical infrastructure protection in India.

On top of it, stealth and sophisticated malware like Stuxnet, Flame, Shamoon and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to both known and unknown cyber attacks.

There are many concepts that were not even acknowledged by India a few years back. For instance, concepts like cyber warfare against India and its defenses, cyber terrorism against India and its defences and solutions, cyber security in India and its challenges and problems, cyber espionage against India and its challenges, solutions and defences, etc were never considered to be a threat by India.

Now it is well known that these concepts are not just theoretical concepts but actual and potential threats to any nation. India has also realised this bitter truth that also without much loss of crucial information and data.

Of course, strategic computers at Indian defence forces, governmental departments, etc were successfully breached and compromised. In many cases, India was not even aware of such compromise and there may be incidences where such compromise are still present and are undetected.

As on date we have neither a strong cyber law nor effective cyber security capabilities in India. Further, if we analyse the cyber security reflections the trend is really troublesome. The cyber law, cyber crimes and cyber security trends by Perry4Law and Perry4Law Techno Legal Base (PTLB) have shown the loopholes of Indian cyber security capabilities.

We at Perry4Law and PTLB strongly recommend that Indian government must stress really hard upon developing both defensive and offensive cyber security capabilities. The sooner it is done the better it would be for the national security of India in general and cyber security of India in particular.

Cyber Espionage Against India And Its Challenges, Solutions And Defences

If we analyse the Cyber Attacks Trends against India for the past few years it would be apparent that the frequency and sophistication of these Cyber Attacks has increased and developed a lot. The Cyber Attack by the Chinese Crackers at the computers in the Prime Minister's Office (PMO) of India in December 2009 is one such example.

In this incidence, the Crackers targeted India's key National Security Peoples including National Security Advisor M.K. Narayanan, Cabinet Secretary K.M. Chandrashekhar, PM's Special Envoy Shyam Saran and Deputy National Security Advisor Shekhar Dutt. The four and up to 26 others were specifically targeted in the Cracking exercise that was very successful.

The Cyber Espionage attack was very sophisticated and well executed. The E-Mail was routed through multiple proxy servers to defeat the Traceability. The Cracking Spyware was embedded in a PDF document to get it executed once opened. The Trojan Malware was programmed to carry out multiple functions, including downloading malicious files, accessing E-Mails and passwords and also accessing the desktop from a remote location.

In another incidence, it was reported that the Chinese Intelligence Agencies may have planted Malware in Computers and broken into the Headquarters of 33 Corps, the Army formation looking after most of the North-Eastern border with China. The Cyber Intrusion also planted a Trojan Horse to give Chinese Agencies remote access to the computer network at the 33 Corps Headquarters in Sukhna, near Siliguri, West Bengal.

 

In another incidence, many Computers of the Home Ministry were found infected with Malware. Reacting sharply, but wrongly, to these developments, the Union Home Ministry decided to ban the use of Internet by the lower rank staff up to section officers.

This was a “Defective Strategy” as banning use of Internet or Technology rather then developing Cyber Security Capabilities in India can never be a good choice. It is better to “Train” the staff rather than prohibiting them from using Internet.

The Home Ministry was barking the wrong tree as Security through Obscurity and Non-Access in itself and without further steps to develop Cyber Skills and Capabilities is a bad choice. The Government of India must concentrate upon “Capacity Development” of not only its employees but also its core Departments and Offices in order to tackle Cyber Espionage Attacks. Thus, Cyber Security Capabilities of India must be strengthened as soon as possible.

Cyber Espionage may be committed by an Insider or an outsider with the help of Internet and Computer. The problem is that Cyber Espionage is inexpensive and relatively easy to commit and it is also difficult to prove with absolute certainty. This is more so regarding “Authorship Attribution” that can pin point the liability to a Nation/Individual/Organisation.

Authorship Attribution is an important aspect of “Determining the Culpability” of an offender where the means to commit the offence are common and accessible to many people simultaneously. Data Mining and Profiling of the accused to “Attribute Culpability” to him/her alone is an emerging area of Cyber Crime Investigation but it is still far from perfect.

Having an effective Cyber Security Mechanism at place can help in prevention of majority of Cyber Espionage issues, but there is no full proof method of preventing Cyber Espionage. With adequate resources and time, a Cracker can penetrate and exploit the intended target.

The Cyber Security Policy of India must be urgently formulated that must incorporate provisions regarding Cyber Warfare, Cyber Terrorism, Critical Infrastructure Protection, Cyber Espionage, etc. In the ultimate analysis, enhancing Cyber Security of India is the ultimate solution.