Summary

Security Class 10

OVERVIEW OF THE PREVIOUS CLASS (01:00 PM)

CYBER SECURITY (01:02 PM)

According to the IT Act, of 2000 cyber security has been defined as securing devices networks and information stored on them from unauthorised access, disruption, disclosure, modification or destruction.
VULNERABILITY OF INDIA TO CYBERATTACKS
STATISTICS AROUND INCIDENTS OF CYBER ATTACKS IN INDIA
According to NCRB, there was a 24% increase in cyber crimes in 2022. This is greater than an 11% increase in the year 2021.
65% of the cybercrime cases were registered with the motive of fraud.
The next major category is extortion which is 5.5% followed by cases of sexual exploitation (5.2%)
68% of organizations in India have had at least one incident of ransomware.
EXAMPLES (01:26 PM)
Data of more than 81 cr Indians was leaked from the data bank of ICMR and put on sale on the dark web.
There was an alleged Chinese cyber attack on 5 AIIMS servers which is feared to have compromised the records of nearly 3-4 cr patients.
In 2020, Mumbai was hit by a massive power outage and it is alleged that a few terror organizations were behind it.
In 2017, Petya ransomware disrupted shipping facilities at JNPT.

THREATS FROM ADVERSARY STATES (01:31 PM)

India is among the top five targets for cyber attacks in the Asia Pacific region, especially cyber espionage.
India lost over 1.25 lakh crores in 2019 alone.
India's internet penetration has gone up from just 4% in 2007 to around 45 % in 2021.
A renewed emphasis on e-governance and digitalisation has also created certain vulnerabilities. For instance, India has the world's largest citizen identity programme.

CYBER THREATS FACED BY INDIA (01:55 PM)

CYBERCRIME
These are those crimes which are conducted with the help of cyberspace. For example: Phishing, Cyberstalking, Child pornography, denial of service attacks etc.
CYBERWARFARE
It refers to offensive action by a nation-state against others. For example: The Stuxnet attack.
Wiper Malware - Russia Ukraine conflict as many as 16 different families of wiper malware have been detected over the last year (Not Petya, Olympic destroyer)
The most impactful of Russia's wiper attack on Ukraine targeted its ViaSat satellite modems which knocked out a significant proportion of Ukraine's military communications.
CYBER TERRORISM
It refers to the use of cyberspace by terrorist organisations to carry out unlawful attacks or issue threats of attacks to intimidate or coerce the government or its people in furtherance of social/political objectives.

CYBER SECURITY ARCHITECTURE IN INDIA (02:22 PM)

ON THE LEGAL FRONT
The IT Act,2000
The act defines cyber security and has included certain provisos listing certain cyber offences - Section 43 A - This section mandates that private companies are responsible for handling sensitive personal information of their users.
Section 66 B deals with child pornography.
Section 66 D deals with identity theft.
Section 66 E deals with denial of access
Section 66 F defines Cyber terrorism.
ON THE POLICY FRONT (02:54 PM)
National Cyber Security Policy 2013.
This policy mandates a 5-year target for training 5 lakh cyber security professionals.
Setting up a nodal agency to protect against cyber attacks on critical information infrastructure.
Developing a 24/7 cyber security technology to proactively detect and respond to cyber threats.
It mandates both private and public institutions to hire a chief information officer.
It also mandates the development of IT infra according to standards and guidelines provided under ISO 27001.
This policy recommends giving financial incentives to private organizations to strengthen cyber security practices.
ON THE INSTITUTIONAL FRONT
1)NCIIPC(National Critical Information Infrastructure Protection Centre)
It is India's nodal agency for a safe and secure critical information infrastructure.
2)CERT-In
It is the nodal agency for issuing emergency responses in cases of cyber security incidents.
There has been a renewed emphasis on creating sectoral research.
3)Cyber Swachhta kendra
It is the botnet and malware analysis centre for detecting malicious programs and provides free tools to citizens to remove the same.
4)I4C (Indian Cyber Crime Coordination Centre)
To coordinate response to cyber attacks.
5)National cyber crime reporting portal
It caters to complaints about cyber crimes.
6)National information board
This board is responsible for inter-ministerial coordination.
It is to be headed by the NSA.

CHALLENGES FOR CYBER SECURITY IN INDIA (03:16 PM)

CHALLENGES ON THE LEGAL FRONT
India does not have a dedicated procedural law concerning IT offences.
In the absence of a dedicated procedural law, we have to rely on the Indian Evidence Act which is not fit for effective trial of such offences.
The last set of amendments was made to the IT law in the year 2008. Since then both the nature and types of cyber attacks have evolved significantly for which there are no provisions under the existing act. For example, Ransomware has not been defined under this act.
INSTITUTIONAL CHALLENGES
Multiplicity of bodies and there is also a lack of coordination among them.
POLICY RELATED CHALLENGES
India's National cyber security policy is outdated and there is a need to urgently unveil a reformed National cyber security policy. India does not have a comprehensive cyber security doctrine.
INFRASTRUCTURAL CHALLENGES
India imports about 70% of its telecom equipment.
Most state forensic labs lack the technology to carry out effective investigations.
At present most private companies store their data in servers located outside India.
India spends a minuscule proportion of its GDP on R&D, especially in cyber security.
HUMAN RESOURCE RELATED CHALLENGES (03:43 PM)
Police agencies lack technically trained staff for carrying out investigations under cyber laws.
India lacks trained cyber security professionals to combat the threat of cyber crimes.
There is no deterrence for public and private agencies to prevent the misuse of data.

The topic for the next class is border security.