Deciphering Cyber Threats in the Digital Era: Challenges for India

 By Vishakh Krishnan Valiathan
0
349

India’s digital economy is getting vibrant progressively and therefore, India needs to be more vigilant with respect to its cyberspace. Recently in 2020, India banned more than 220 mobile applications, post the Chinese aggression in the Line of Actual Control (LAC), and later banned around 43 Chinese apps in November 2020— due to fear of selective cyber attacks on the Indian government sites and personal profiles of individual personalities by its northern adversary.[1] As the character of warfare is changing, therefore, it is pre-requisite for India to adapt to the changes in technology while strategising and strengthening the domains of information and cybersecurity.

In August 2020, the Indian Prime Minister Narendra Modi mentioned about the creation of a National Cyber Security Strategy 2020 to shape the next generation of the country’s cybersecurity.[2] According to Lt Gen Rajesh Pant— National Cyber Security Coordinator of India—  discussions on personal data protection bill is ongoing and  that the bill would be introduced in the winter session of the Parliament.[3] At the same time, he also asserted that it is in the current context, as according to reports, a China-based company has allegedly been carrying out harvesting of personal data of 2.4 million people which includes Australians, Americans and Indians and that there are allegations of it all being used for influence operations.[4] In India, the Information Act 2000 and the revised Information Technology (Amendment) Act 2008 are two critical laws for cybercrimes and digital commerce.[5]

Role of Cyberspace and Information Technology as Critical Infrastructures of the  Indian Economy

During the last decade, India witnessed rapid urbanisation and intense deployment of smart city infrastructure which is a part of its plan to digitally enhance the various citizen-centric services of the central and state governments. The country’s digital infrastructure is growing at a fast rate, however, it is also prone to cyber attacks. According to the  Data Security Council of India (DSCI), with respect to cyberattacks, India was the second most affected nation during 2016-18.[6] However, the average cost for a data breach in the country had risen to 7.9 per cent since 2017. [7] Moreover, it is of immense importance for a country like India to secure its citizens’ data, which has been digitally growing over the last few years. India has one of the largest smartphone markets globally, and its population is also social-network friendly. Apart from this, the  IT sector is also a  critical one, as it contributes to over 7 per cent towards the Real Gross Domestic Product (GDP) of the country.

The more the country’s IT sector is developing, the more India is becoming prone to various hybrid threats related to cybersecurity. Therefore, conventional security measures like firewall, anti-viruses, end-point protection, Security Operation Centres (SOCs) and other traditional defences are still very relevant today. Given the intensity of threat perceptions currently, these defences although would detect the threats, however, may not give accurate information as would be desired. [8] With such threats multiplying day by day, the Indian Government and various concerned departments need to secure their critical and sensitive data. Therefore, a human-centric approach could be considered, concerning cybersecurity as a human behavioural trend, and policies are to be framed according to such behavioural patterns.[9] However, the new Cyber Strategy would upgrade the cyber defences and attain a vision to safeguard India’s future generations who are already under the influence of digital globalisation.

Hybrid Nature of Cyber Threats- Global and Indian

Hybrid forms of attack have become a part of the new generation of warfare. For instance, the attack on Saudi Arabia’s state-owned Aramco oil facilities, at Abqaiq and Khurais, in 2019. The attack was unexpected as the oil facilities are safeguarded by a massive air defence system installed jointly by Saudi Arabia and the United States.[10] Therefore, it can be deduced that, in today’s digital era, the best defensive mechanisms cannot assure hundred per cent security in this digital era. Therefore, cyber attacks form a part of a country’s national power as well.

Tracing back to 2007, as cyberspace and information arenas have evolved to be new platforms of warfare, it is interesting that on 27 April 2007 Estonia faced a  cyber attack, whereby government sites were hacked and there was a  total blackout in the wired country— the country is also known for ‘e-government’ formulation in the world.[11] As per rumours, Russia was behind the cyberattack, as most attacks in the early phases were traced to the Russian state institutions.[12] Apart from this, fake news and bot net weaponisation affected a considerable population as they are interlinked with computer and cyberspace. Therefore, it is a clear example of how unknown sources can attack a digitally equipped state to disturb the national integrity and threaten national security.

Nuclear power plants and reactors are also vulnerable to cyber attacks as they are an integral part of any country’s security and energy programmes.[13] Some of the instances that happened in the last decade are as follows:

  • Stuxnet Computer Worm attack on Iran’s Natanz Uranium Enrichment Plant in 2010.
  • The hacking of the United States’s Hanford Nuclear Site in 2015.
  • W32 Ramnit and conflicker viruses on Germany’s Gundremmingen Nuclear Power Plant in 2016.
  • Malware Attack on India’s Kudankulam Nuclear Power plant in 2019.[14]

The safeguarding of the National Strategic assets is crucial for any country,   including India. Interestingly, two India should, therefore, be vigilant as its cyberspace, and other strategic assets are linked to the World Wide Web and the same are vulnerable to attacks especially from its Northern and Western adversaries— China and Pakistan respectively.

Interestingly, India saw a decrease in cyberattack cases in 2019 than in 2018 as is evident from the data released by Kaspersky Lab whereby 38.8 per cent of users in the country using Kaspersky were web-attacked at least once in 2019,  as compared to  40.4 per cent in 2018. According to Saurabh Sharma, Senior Security Researcher (the Asia Pacific) at Kaspersky, “In India, we did see a decrease in the number of adware and malware attacks; however, there has been a huge increase in riskware attacks from 28 per cent in 2018 to 39 per cent in 2019. The presence of riskware on your machine will allow threat actors to use that legitimate application for malicious purposes”.[15] As evident from table 1 below, there has been around  37 per cent increase in cyber attacks in India during the first quarter of 2020 when compared to the last quarter of 2019. With this, India’s global ranking witnessed a jump from 32nd position in 2019 to 27th position in 2020, in detecting web-related threats. A significant reason for this is the great Lockdown (that started in March 2020), thereby forcing economies to work virtually/remotely and often creating easy pathways for computer viruses and malware to enter the systems and damage the same.

Table 1. Cyber Attacks in India (2019-2020)

              Duration (Quarterly)Number of local cyber attacks
October – December 201940,700,057
January- March 202052,820, 874

Source: Kaspersky

As evident from table 2 below public institutions are also vulnerable targets of the hackers. This is a serious threat to any country as, due to digitalisation, personal data of any country’s population is stored digitally, which could be misused easily at any point in time. As seen in  Table 2 below,  education websites and applications are more vulnerable to data breaches by virtue of its large user base.

Table 2. Organisations and Software Applications affected by Cyber Attacks during 2019-20

Organisation/App Cyber Attacked Target Population Impacted (Millions and Billions) Month and Year
Whitehat Jr.    0.3   millionNovember 2020
Big Basket  20      millionOctober     2020
Edureka    2      millionSeptember 2020
Dunzo    3.4   millionJuly 2020
Unacademy  22      millionMay 2020
KKNP and ISROOctober 2019
Health Care Data Breach    6.8   millionAugust 2019
Just Dial100  millionApril 2019
State Bank of India    3      millionJanuary 2019
Aadhar Data LeakOver 1 billion2019

Source: CIOL, https://www.ciol.com/fireeye-whitehat-jr-top-10-data-breach-incidents-2019-2020-india/.

Challenges and the Way Forward

Cyber attacks on various Indian organisations had increased especially post the Galwan Valley incident and the banning of Chinese apps in India. The banned apps may not affect China drastically, however,  it is enough to check China’s rise, as India is, without doubt, one of the largest markets of Chinese apps like TikTok, PUB G, etc. Moreover, the apps were banned, for security concerns, especially privacy and data breach issues. India has been the victim of increasing cyber intrusions and attacks especially targeting sensitive and personal data and critical information infrastructure, therefore impacting the national economy and security, due to rapid growth of information and cyber domain which includes Artificial intelligence, cloud computing, Internet of Things(IoT) and 5G.[16]

India is yet to face significant challenges, and consequences related to data protection and privacy, law enforcement in cyberspace, access to the data stored abroad, fake news and misuse of social media, etc. With the educational sector in the country, having moved towards digital platforms due to Covid-19 since April 2020, the Government must take adequate measures to safeguard its critical infrastructure as the educational sectors have now become heavily dependent on foreign digital platforms as Google meet, Zoom meetings or Microsoft teams. Even though local platforms have emerged, however, their security and privacy cannot be trusted. Interestingly, there has been a 350 per cent increase in attacks on education websites alone due to this.[17]

The traffic that India has been having since the introduction of 4G in the country, needs to be cautiously observed and protected, as any information leaked through an open network, could harm a large population.

India have to be vigilant and should aim at securing its power grids, strategic petroleum reserves, nuclear plants and systems, public banking and healthcare systems from various cyber espionage and attacks— whether ransomware or malware. More importantly, the Government has to provide education and train individuals with proper skills so as to tackle the complex cyber-related challenges. Even though the papers are put forward to formulate the National Cyber Security Strategy 2020, to ratify in the Indian Parliament, the debate and discussion for safer cyberspace should be encouraged even after the passing of the   bill— it is a vital national security issue. Perhaps it is time that India gears up along with the other dominating powers in cyberspace, while also putting forward a doctrine to fight and deter future battleground threats.

End Notes

[1]IANS, “India’s ban on 43 chinese apps draws mixed reactions”, The Economic Times, 25 November, 2020. Available athttps://telecom.economictimes.indiatimes.com/news/indias-ban-on-43-chinese-apps-draws-mixed-reactions/79406405. Accessed on 08 December, 2020.

[2]A Bharadwaj, “India to get new, ‘robust’ cyber security policy soon, says PM Modi”, The Print, 15 August,2020. Available at https://theprint.in/india/india-to-get-new-robust-cyber-security-policy-soon-says-pm-modi/482356/. Accessed on 08 December, 2020.

[3]  “National Cyber Security Strategy 2020 awaiting approval: Rajesh Pant”, The Economic Times, 19 September, 2020. Available at  https://government.economictimes.indiatimes.com/news/digital-india/national-cyber-security-strategy-2020-awaiting-cabinet-approval-rajesh-pant/78202472. Accessed on 10 December, 2020.

[4] Ibid.

[5] S Dharmaraj, “The Current State of Cyber Security in India”, OpenGov Asia, 1 August, 2018. Available at https://opengovasia.com/the-current-state-of-cyber-security-in-india/. Accessed on 08 December, 2020.

[6] DSCI, “National Cyber Security Strategy 2020”, Data Security Council of India, a NASSCOM Initiative, 2020.Available at https://www.dsci.in/sites/default/files/documents/resource_centre/National%20Cyber%20Security%20Strategy%202020%20DSCI%20submission.pdf .Accessed on 08 December, 2020.

[7]Ibid.

[8] S Singh, “Why National Cyber Security Strategy 2020 must embrace behavioural analysis”, The Economic Times, 07 September, 2020. Available at https://government.economictimes.indiatimes.com/news/secure-india/why-national-cyber-security-strategy-2020-must-embrace-behavioural-analysis/77959344 , Accessed on 12 December, 2020.

[9] Ibid.

[10] Ibid.

[11] I Traynor, “Russia accused of unleashing cyberwar to disable Estonia”, The Guardian, 17 May, 2007. Available at

https://www.theguardian.com/world/2007/may/17/topstories3.russia. Accessed on 10 December, 2020.

[12] H Grassenger and M Krogerus, “Fake news and botnets: how Russia weaponised the web cyber attack on Estonia”, The Guardian, 2 December 2017. Available at https://www.theguardian.com/technology/2017/dec/02/fake-news-botnets-how-russia-weaponised-the-web-cyber-attack-estonia. Accessed on 10 December, 2020.

[13] Pulkit Mohan, “Cyber Security in India’s Nuclear Systems”, ORF, Issue Brief No.412, 15 October 2020. Available at https://www.orfonline.org/research/ensuring-cyber-security-in-indias-nuclear-systems/. Accessed on 10 December, 2020.

[14] M Robbins, “Cyberattacks hits Indian Nuclear Plant”, Arms Control Association, December 2019. Available at https://www.armscontrol.org/act/2019-12/news/cyberattack-hits-indian-nuclear-plant. Accessed on 10 December, 2020.

[15] S Chengappa, “Kaspersky reports  a drop in cyber threat incidents in India”, The Hindu Business Line, 21 January, 2020. Available at

https://www.thehindubusinessline.com/info-tech/kaspersky-reports-a-drop-in-cyber-threat-incidents-in-india/article30615470.ece . Accessed on 12 December, 2020.

[16] IANS, “Why India needs a strong cybersecurity policy soon”, The Economic Times, 16 August, 2020. Available at https://government.economictimes.indiatimes.com/news/digital-india/why-india-needs-a-strong-cybersecurity-policy-soon/77571413 .Accessed on 13 December, 2020.

[17] ETCIO, “DDoS attacks against Educational resources grew by more than 350 percent”, The Economic Times, 09 September, 2020. Available at

https://ciso.economictimes.indiatimes.com/news/ddos-attacks-against-educational-resources-grew-by-more-than-350-per-cent/78017325. Accessed on 12 December, 2020.

Previous articleVaccine Diplomacy – A Game Changer In World Order
Next articleChinese Debt Trap Diplomacy in Hambantota: Implications.
Vishakh Krishnan Valiathan is a Research Assistant at the Centre for Land Warfare Studies (CLAWS), New Delhi. He holds an MPhil in International Relations from University of Madras, Chennai. His MPhil Thesis was titled ‘India- Israel Relations: An Analytical Study with Reference to Defence Industry and Equipment Trade Since 1992’. He also has a Master’s in Politics and International Relations from the Department of Politics and International Studies, Pondicherry University (a Central University) and a Bachelor’s in Economics from Mar Ivanios College (Autonomous), University of Kerala, Thiruvananthapuram. Prior to CLAWS, he has interned with Middle East Institute at New Delhi ([email protected]), Regional Centre for Expertise Acknowledged by United Nations University- Trivandrum and National Institute of Advanced Studies (NIAS), Bengaluru. His research-oriented areas include West Asia, South Asia, Central Asia, India’s Foreign Policy, Energy Security, Economy and Strategic Cooperation.