Magazine
Tag: GS 3 || Security || Internal Security Threats || Cyber Security
Why In News?
- The National Cyber Security Coordinator’s office in partnership with Data Security Council (DSCI) of India launched TechSagar – a platform to discover India’s technological capability through a portal.
TechSagar
- TechSagar is a consolidated and comprehensive repository of India’s cyber tech capabilities which provides actionable insights about capabilities of the Indian Industry, academia and research across key technology areas.
- The portal will list business and research entities from the IT industry, startups, academia, and individual researchers.
- These include internet of things (IoT), Artificial Intelligence (AI), Machine Learning (ML), blockchain, cloud & virtualization, robotics & automation, wireless & networking, and more.
- TechSagar will allow targeted search, granular navigation and drill down methods using more than 3000 niche capabilities.
Components of TechSagar
- As of now, the repository features 4000+ entities from industry, academia and research including large enterprises and start-ups providing a country level view of India’s cyber competencies.
- A dynamic platform, TechSagar, will be frequently updated with new entities and information to maintain its relevancy and usefulness.
Why such move?
- In order to combat the growing threat from cyber crime, there is an urgent need to collaborate and develop cyber technology capabilities in India.
- With the launch of TechSagar, we have sown the seed for start-ups to prosper in cyber tech.
- This is a good example of government facilitating industry growth in a strategic domain.
- Cyber technology capabilities have become central to our national strategic outlook and there was an urgent need for developing TechSagar.
- Start-ups, enterprises, academia, researchers, and R&D institutes in the country need to synergise their efforts and work in tandem to make India a technology leader.
About Data Security Council (DSCI) of India
- DSCI is not-for-profit industry body on data protection in India, setup by NASSCOM.
- It is committed to making the cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy.
- To further its objectives, DSCI engages with governments and their agencies, regulators, industry sectors, industry associations and think tanks for policy advocacy, thought leadership, capacity building and outreach activities.
Cyber Security
- According to EY’s latest Global Information Security Survey (GISS) 2018-19 – India edition, one of the highest number of cyber threats have been detected in India, and the country ranks second in terms of targeted attacks. Although Banking and Telecom are the most attacked sectors but Manufacturing, Healthcare, and Retail have also faced a significant number of cyber attacks.
- Cyber Security is protecting cyber space including critical information infrastructure from attack, damage, misuse and economic espionage.
- Cyber Space: A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
- Cyber Attack: It is a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization.
Motives behind Cyber Attacks
- To seek commercial gain by hacking banks and financial institutions.
- To attack critical assets of a nation.
- To penetrate into both corporate and military data servers to obtain plans and intelligence.
- To hack sites to virally communicate a message for some specific campaign related to politics and society.
Types of Cyber Attacks
- Malware, short for malicious software refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spy ware, Worms, viruses, and Trojans are all varieties of malware.
- Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites.
- Denial of Service attacks: A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
- Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
Latest Cases
- WannaCry: It was a ransomware attack that spread rapidly in May, 2017. The ransomware locked users’ devices and prevented them from accessing data and software until a certain ransom was paid to the criminals. Top five cities in India (Kolkata, Delhi, Bhubaneswar, Pune and Mumbai) got impacted due to it.
- Mirai Botnet: Mirai is malware that infects smart devices that run on ARC processors, turning them into a network of remotely controlled bots or zombies. This network of bots, called a botnet, is often used to launch Distributed Denial of Service (DDoS) attacks. In September 2016, Mirai malware launched a DDoS attack on the website of a well-known security expert.
Components of Cyber Security
- Application Security: It encompasses measures or counter-measures that are taken during an application’s development process to protect it from threats that can come through flaws in the app design, development, deployment, upgrade or maintenance.
- Information security: It is related to the protection of information from an unauthorized access to avoid identity theft and to protect privacy.
- Network Security: It includes activities to protect the usability, reliability, integrity and safety of the network.
- Disaster Recovery Planning: It is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of an attack.
Need for Cyber Security
- For Individuals: Photos, videos and other personal information shared by an individual on social networking sites can be inappropriately used by others, leading to serious and even life-threatening incidents.
- For Business Organizations: Companies have a lot of data and information on their systems. A cyber attack may lead to loss of competitive information (such as patents or original work), loss of employees/customers private data resulting into complete loss of public trust on the integrity of the organization.
- For Government: A local, state or central government maintains huge amount of confidential data related to country (geographical, military strategic assets etc.) and citizens. Unauthorized access to the data can lead to serious threats on a country.
Challenges
- Increased use of mobile technology and internet by people.
- Proliferation of Internet of Things (IoT) and lack of proper security infrastructure in some devices.
- Cyberspace has inherent vulnerabilities that cannot be removed.
- Internet technology makes it relatively easy to misdirect attribution to other parties.
- It is generally seen that attack technology outpaces defence technology.
- Lack of awareness on Cyber security.
- Lack of Cyber security specialists.
- Increased use of cyberspace by terrorists.
Way Forward
- Real-time intelligence is required for preventing and containing cyber attacks.
- Periodical ‘Backup of Data’ is a solution to ransomware.
- Using Artificial Intelligence (AI) for predicting and accurately identifying attacks.
- Using the knowledge gained from actual attacks that have already taken place in building effective and pragmatic defence.
- Increased awareness about cyber threats for which digital literacy is required first.
- The need of the hour for Indian government is to develop core skills in cyber security, data integrity and data security fields while also setting stringent cyber security standards to protect banks and financial institutions.
Additional Info
Mains Question
Identify the key points in Techsagar to reduce the cyber crimes in India?
