News

For a safe cyberspace

Cybersecurity needs to be integrated in every aspectof policy and planning India is one of the key players in the digital and knowledge-based economy, holding more than a 50% share of the world’s outsourcing market. Pioneering and technology-inspired programmes such as Aadhaar, MyGov, Government e-Market, DigiLocker, Bharat Net, Startup India, Skill India and Smart Cities are propelling India towards technological competence and transformation. India is already the third largest hub for technology-driven startups in the world and its Information and Communications Technology sector is estimated to reach the $225 billion landmark by 2020. However, these achievements come with a problem: innovation in technology, enhanced connectivity, and increasing integration in commerce and governance also make India the fifth most vulnerable country in the world in terms of cybersecurity breaches, according to the Internal Security Threat Report of 2017 by Symantec. Till June 2017, 27,482 cybersecurity threats had been reported in the country, according to the Indian Computer Emergency Response Team’s report. As this is a 23% increase from 2014 figures, it coincides with rapid growth and innovation in the ICT sector. The good news, though, is that India recognises this. The second Global Cybersecurity Index, released by the International Telecommunication Union in July, which measured the commitment of nations to cybersecurity, found that India ranked 23 out of 165 nations. Types of attacks Of the cybersecurity attacks, Ransomware attacks have been the most common in the last few years (Ransomware is a type of software that threatens to publish a person’s data or block it unless a ransom is paid). Apart from WannaCry and Petya, other Ransomware attacks that made news globally were Locky, Cerber, Bucbi, SharkRaaS, CryptXXX and SamSam. The success of each of these inspired new attacks. The ransom demands also increased — the average mean ransom demand rose from $294 in 2015 to $1077 in 2016, according to Symantec. In India, in May 2017, a data breach at the food delivery App, Zomato, led to personal information of about 17 million users being stolen and put for sale on the Darknet. The company had to negotiate with the hacker in order to get it taken down. Similarly, hackers stole data from 57 million Uber riders and drivers. Uber paid the hackers $100,000 to keep the data breach a secret. While Windows operating systems were the most vulnerable to cyberattacks, a number of Android threats have been reported in the last couple of years, including potent crypto-ransomware attacks on Android devices. The attacks aren’t limited to mobile phones and e-Pads. All devices, including televisions that use Android, are also potentially vulnerable. In 2016, the first known Ransomware, named KeRanger, targeting Mac users was also reported. The Mirai botnet malware affected 2.5 million home router users and other Internet of Things devices. A number of viruses, malware and cryptoworms are also being developed in the JavaScript, which gives the attackers cross-platform options. Taking action Given the huge number of online users and continued efforts on affordable access, cybersecurity needs to be integrated in every aspect of policy and planning. At the 15th Asia Pacific Computer Emergency Response Team conference in Delhi, Minister for Electronics and Information Technology Ravi Shankar Prasad highlighted the need for robust cybersecurity policies and frameworks. The government is keen to fund cybersecurity research. It announced that it will award a grant worth Rs. 5 crore to startups working on innovations in the field of cybersecurity. India needs to quickly frame an appropriate and updated cybersecurity policy, create adequate infrastructure, and foster closer collaboration between all those involved to ensure a safe cyberspace. Minister of Communications Manoj Sinha said at the Global Conference on Cyberspace 2017 that there must be enhanced cooperation among nations and reaffirmed a global call to action for all United Nations member nations to not attack the core of the Internet even when in a state of war. This also clearly emphasises the fact that more than ever before, there is a need for a Geneva-like Convention to agree on some high-level recommendations among nations to keep the Internet safe, open, universal and interoperable. Subi Chaturvedi is former member of United Nations Internet Governance Forum-Multistakeholder Advisory Group and heads public affairs, Cellular Operators Association of India .