India’s Cyber Security Challenges: Threats And Solution Strategies

As the world is moving forward in the field of digitalization, the threat of cyber attacks is also increasing and India is also not untouched by it. In October 2023 the American company ‘Recicurity’ (Resecurity) exposed that personal data of Indians are available on the dark web (dark web). It would have been easy to ignore in the rush of news, but the size and sensitivity of the data quickly drew attention to it. The vendor of this data set was claiming to provide verifiable, sensitive information of 55% of the Indian population (about 81.5 crore Indian citizens).

These notifications included personally identifiable information such as people’s names, phone numbers, Aadhaar numbers, passport numbers and addresses. This data was being sold for a mere US$80,000. Delhi Police, which became active, arrested four people in this case on 18 December.

How Sensitive Is India Towards Cyber Attacks?

A large and growing population of Internet users is found in India, where more than 52% of the population or 759 million people were using the Internet at least once a month in the year 2022.

India is the second largest online market in the world after China.

This number is expected to increase to 900 million by the year 2025.

India has a rapidly growing digital economy, with sectors such as healthcare, education, finance, retail and agriculture relying on online platforms and services.

India’s outdated or inadequate cyber security infrastructure, policies and awareness make it easier for hackers to take advantage of gaps and vulnerabilities in the system. This is why India faces sophisticated and regular cyber threats from state-sponsored and non-state actors that target India’s strategic, economic and national interests.

What Are The Challenges Posed By Cyber Attacks On India?

1. Vulnerability/Sensitivity of Critical Infrastructure: India’s critical infrastructure, such as power grids, transportation systems and communication networks, is vulnerable to cyber attacks that can disrupt essential services and threaten public safety and national security. For example, in October 2019, there was an attempted cyber attack on the Kudankulam Nuclear Power Plant.
2. Threat to the financial sector: The financial sector in India faces a high risk of cyber attacks from cyber criminals who want to make profits from theft or extortion. Cyber attacks on banks, financial institutions and online payment systems can lead to situations like financial loss, identity theft and lack of trust in the financial system. For example, a malware attack on City Union Bank’s SWIFT system (SWIFT system) in March 2020 led to a US$2 million unauthorized transaction.
3. Data breaches and privacy concerns: As India moves towards a digital economy, the amount of personal and government data stored online is also increasing. It has also increased the risk of data breaches, where hackers access and leak sensitive information. Data breaches can have serious consequences for the privacy and security of individuals and organizations. For example, in May 2021 the Personally Identifiable Information (PII) and test results of 190,000 candidates of the Common Admission Test (CAT) 2020 (which is used to select applicants in IIMs) were leaked and made available for sale on the Cybercrime Forum
4. Cyber Espionage: Cyber espionage is the process of spying on other countries or entities or using cyber attacks to harm their interests. Like other countries, India is also the target of cyber espionage activities, which aim to steal confidential information and gain strategic edge. Cyber espionage can affect India’s national security, foreign policy and economic development. For example, in the year 2020, a cyber espionage campaign called Operation Sidecopy (Operation SideCopy), a Pakistani threat actor, was exposed which targeted Indian military and diplomatic personnel with malware and phishing emails.
5. Advanced Persistent Threats: APTs are complex and long-term cyberattacks, usually carried out by resource-rich and skilled groups. These attacks are designed to infiltrate and remain hidden in the target’s network for long periods of time, giving them the opportunity to steal or manipulate data or cause damage. APTs are difficult to detect and combat, as they use advanced technologies and tools to circumvent security measures.  For example, in February 2021, a cybersecurity firm called RedEcho revealed that the China-linked APT group had targeted 10 entities in India’s power sector with malware that could potentially cause power outages in India.
6. Supply Chain Vulnerabilities: Supply chain vulnerabilities refer to vulnerabilities in software or hardware components that are used by governments and businesses for their operations. Cyber attackers can exploit these vulnerabilities to impact systems and services dependent on these components and cause extensive damage. For example, in December 2020 a global cyber attack on SolarWinds, a US-based software company providing network management tools, affected several Indian organisations including National Informatics Centre (NIC), Ministry of Electronics and Information Technology (MeitY), Bharat Heavy Electricals Limited (BHEL) etc

What Are The Major Initiatives Taken Regarding Cyber Security?

• National Cyber Security Policy: This policy aims to create a secure and resilient cyberspace for citizens, businesses and government. It outlines various objectives and strategies to protect cyberspace information and infrastructure, build capabilities to prevent and respond to cyber attacks, and minimize damage through coordinated efforts of institutional structures, individuals, processes and technology.
• Cyber Secure India’ Initiative: This initiative was launched to raise awareness about cyber crimes and create security measures for Chief Information Security Officers (CISOs) and frontline IT staff in all government departments.
• Indian Cyber Crime Coordination Center (Indian Cyber Crime Coordination Center-I4C): This center was established to provide a framework and ecosystem to law enforcement agencies to deal with cyber crimes in a comprehensive and coordinated manner. It has seven components:

National Cybercrime Threat Analytics Unit

• (National Cyber Crime Reporting Portal)
• (Platform for Joint Cyber Crime Investigation Team)
• (National Cyber Crime Forensic Laboratori Ecosystem)
• (National Cyber Crime Training Centre)
• (Cyber Crime Ecosystem Management Unit)
• National Cyber Research and Innovation Centre
• (National Cyber Research and Innovation Centre.)

Cyber Hygiene Center (Botnet Clearing and Malware Analysis Centre): This center was launched in the year 2017 to build a secure cyberspace by detecting botnet infections in India and to inform end users and enable botnet refinement and security systems to prevent further infections.

Computer Emergency Response Team – India (CERT-In): It is an organization of MeitY that collects, analyzes and transmits information on cyber incidents and also issues alerts on cyber security incidents.

Critical Information Infrastructure (Critical Information Infrastructure-CII): Defined as a computer resource whose destruction would have destabilizing effects on national security, the economy, public health, or security.

The Government has set up the National Critical Information Infrastructure Protection Center (NCIIPC) to protect CIIs from various sectors such as power, banking, telecommunications, transport, governance and strategic enterprises.

Defence Cyber Agency (Defence Cyber Agency-DCyA): DCyA is a tri-service command of the Indian Armed Forces responsible for dealing with cyber security threats. It has the ability to conduct cyber operations such as hacking, surveillance, data recovery, encryption and retaliatory action against various cyber threat actors.

What Should India Do Next To Avoid Cyber Attacks?

Strengthening the legal framework in place: The Information Technology (IT) Act, 2000, is India’s primary law governing cyber crimes, which has been amended several times to address new challenges and threats.

However, the IT Act still has some shortcomings and limitations, such as lack of clear definitions, procedures and penalties for various cyber crimes and low conviction rate of cyber criminals.

India needs to enact comprehensive and updated laws that cover all aspects of cyber security, such as cyber terrorism, cyber warfare, cyber espionage and cyber fraud.

Enhancing Cyber Security Capacities: Several initiatives and policies have been adopted in India to improve the cyber security landscape, such as National Cyber Security Policy, Cyber Cells and Cyber Crime Investigation Units, Cyber Crime Reporting Platform and capacity building and training programmes.

However, these efforts are still inadequate and fragmented, as India faces a lack of technical staff, cyber forensic facilities, cyber security standards and coordination among various stakeholders.

India needs to invest more in developing its human and technological resources, setting up cyber security centers of excellence, adopting best practices and standards and promoting cooperation and information partnerships between various agencies and sectors.

Establishing a Cyber Security Board: India should set up a Cyber Security Board with participants from the government and private sector to analyze any significant cyber incident and make concrete recommendations to improve cyber security. Have the right to hold a meeting.

Adopt a zero-trust architecture and mandate a standardized ‘playbook to respond to cybersecurity vulnerabilities and incidents. A plan should be immediately implemented to protect and modernize the state network and update its incident response policy.

Expanding international cooperation: India is not the only country facing cyber security challenges, as cyber attacks are not limited to national borders and are affecting the entire global community.

India needs to further engage with other countries and international organizations such as the United Nations, International Telecommunication Union, Interpol and the Global Forum on Cyber Expertise (Global Forum on Cyber Enterprise) to engage in best practices, sharing of intelligence, To benefit from coordination of cyber laws and standards and cooperation in cyber investigation and prosecution.

India needs to participate more actively in regional and bilateral dialogues and initiatives such as the ASEAN Regional Forum, BRICS (BRICS) and the India-US Cyber Security Forum to build trust and confidence and address shared cyber security issues and interests. Can be addressed.

Read Also:

1. Cyber Crime In India: Types, Vulnerability And Solutions In India
2. Role Of Police In Integrity And Awareness
3. What Is Cyber Crime
4. Detailed Scenario of The Emergence And History Of Cyber Crimes
5. Financial Fraud How To Reduce Customer Complaints
6. Financial Fraud In India: Criticality, Prevention, And Technical Solutions
7. Caution Is Security In The Context Of Cyber Crimes
8. Cybercrime: An Introduction
9. Cyber Crime (History, Examples, Types And Laws)
10. Cyber Crime And The Role Of Social Media
11. How To Avoid Financial Fraud, Online Fraud, Credit Card Fraud, What To Do If You Become A Victim
12. How To Protect Yourself From Financial Fraud
13. Chit Fund Scam: Will Mamata Banerjee Image Be Corrected
14. Major Scams You Should Know About
15. What To Do If A Credit Card Is Stolen Or Lost
16. Smart Use Of Credit Cards: 6 Mistakes To Avoid
17. Now AI Has Become The New Weapon Of Cyber Attackers, Be Alert If You Get A Call From Someone Close To You For Money, Haste Can Prove Costly
18. FBI Issued Tips To Avoid AI Scam, Cyber Fraudsters Commit Such Frauds, Know How To Avoid Them
19. Phone Scams
20. Email Scams
21. Text Or SMS Scams
22. Easy Steps To Detect And Stay Safe From Scams

2046200cookie-checkIndia’s Cyber Security Challenges: Threats And Solution Strategiesyes