Cybersecurity in India

• A recent study by the non-profit organization PRAHAR projects that cyberattacks on India could escalate to 1 trillion annually by 2033 and reach 17 trillion by 2047, coinciding with India’s centenary of independence. This surge poses a significant threat to India’s growth, with adversaries aiming to destabilise the nation both internally and externally.

What is Cybersecurity?

• Cybersecurity refers to safeguarding computers, networks, programs, and data from unauthorised access, misuse, or attacks. In today’s interconnected digital age, cyberspace, the global network of internet-enabled systems, has become the backbone of critical infrastructure, commerce, communication, and governance. This dependence amplifies the importance of robust cybersecurity measures.

Types of Cyber Threats

1. Cybercrime: Illegal activities over digital networks for financial gain or disruption, such as ransomware attacks like WannaCry (2017).
2. Cyber-Espionage: Unauthorised access to confidential information for political or economic motives, such as the APT 10 group targeting Bharat Biotech and the Serum Institute of India in 2021.
3. Cyberwarfare: Digital attacks used in warfare between nations, like the Stuxnet virus (2010) that targeted Iran’s nuclear facilities or denial-of-service attacks on government websites.
4. Cyberterrorism: Attacks by terrorists to disrupt critical systems, like the 2007 cyberattack on Estonia, which targeted government and financial systems, causing widespread disruption.

Significance of Cybersecurity for India

• Growing Internet Usage: India’s internet users grew from 560 million in 2019 to 700 million in 2023, necessitating privacy and data protection.
• Digital Economy Goals: India aims to become a $1 tn digital economy, making secure cyberspace vital.
• Critical Infrastructure: Sectors like defence, finance, energy, and transport depend on secure digital systems to avoid disruptions.
• Government Schemes: Initiatives like Digital India, Make in India, and Smart Cities require strong cybersecurity frameworks.
• Digital Push: Programs like BharatNet, GSTN, BHIM, and MyGov depend on safe cyberspace for efficient functioning.
• Cybercrime Surge: Cybercrimes in India increased by 500% recently, with notable cases like Aadhaar breaches and Pegasus spyware attacks.
• Transnational Threats: About 75% of cybercrimes in India originate from foreign actors, emphasising the need for global cybersecurity measures.
• Smart Cities and IoT: Increased use of IoT devices in smart cities amplifies vulnerability to cyberattacks.
• IT-ITES Exports: India’s IT-ITES sector, growing at 8%, needs cybersecurity to maintain trust and global competitiveness.
• E-commerce Boom: Rising online frauds, such as identity theft, could slow the sector’s impressive 60% CAGR growth.
• Terrorism Nexus: Cyberspace is used by terrorist groups and state/non-state actors, posing significant threats to national security.

Challenges in India’s Cybersecurity

• Policy Gaps and Legal Shortcomings: The National Cyber Security Policy, 2013 lacks actionable measures, and the IT Act, 2000 inadequately addresses modern cybercrimes, with most offences being bailable.
• Fragmented Coordination: Multiple agencies like MeitY, NCIIPC, and NCCC operate without a central nodal body, causing inefficiencies in tackling cyber threats. (CAG Report, 2022)
• Underreporting and Inadequate Cybercrime Cells: Low public awareness and limited availability of dedicated cybercrime cells lead to significant underreporting of incidents.
• Workforce Shortage and Capacity Building: India faces a 70% shortfall in skilled cybersecurity professionals, along with insufficient training for law enforcement and judicial officers.
• Overdependence on Imports: More than 70% of IT and telecom equipment is imported, posing risks of embedded vulnerabilities due to the lack of robust certification mechanisms.
• Digital Illiteracy and Public Negligence: Over 80% of India’s population lacks digital literacy, and indiscriminate app downloads exacerbate vulnerabilities to fraud and phishing attacks.
• Data Protection and Privacy Gaps: Absence of a robust Data Protection Law exposes citizens to risks from breaches like the Aadhaar leaks, with companies rarely disclosing such incidents.
• Rising Cybercrimes and Transnational Nature: Cybercrime in India has surged 500%, with 75% of attacks originating from abroad, including incidents like Pegasus spyware and the Union Bank heist.
• Digital Arrest and Privacy Concerns: The rise in digital arrests raises concerns over privacy and the misuse of digital data.
• Critical Infrastructure Vulnerabilities: Sectors like finance, energy, and transport remain susceptible to attacks, such as the Cosmos Bank cyber heist, due to reliance on outdated systems. (CERT-In)
• Smart Cities and IoT Risks: Expanding IoT devices and Smart Cities projects increase exposure to cyber attacks without sufficient security measures in place.
• Limited International Collaboration: India’s absence from the Budapest Convention hampers international cooperation against cross-border cybercrimes.

Steps Taken by India Towards Cybersecurity

Legal and Policy Framework

• Information Technology Act, 2000: Provides legal recognition to e-documents, e-filing, and e-commerce, establishing a foundation for addressing cybercrimes.
• National Cyber Security Policy, 2013: Aims to create a secure cyber ecosystem by fostering trust in IT systems, developing indigenous security technologies, and building a skilled cybersecurity workforce of 500,000 professionals.
• India’s Digital Personal Data Protection Act (DPDP Act), 2023: Protects individuals’ rights over their personal data while enabling lawful processing. The Act includes provisions for data security, such as data localisation, mandatory breach notifications, and penalties for non-compliance.

Institutions and Agencies

• National Technical Research Organization (NTRO): Focuses on technology capabilities in aviation, data processing, cyber security, and cryptology.
• National Critical Information Infrastructure Protection Centre (NCIIPC): Nodal agency responsible for protecting critical information infrastructure.
• National Cyber Coordination Centre (NCCC): Mandated to scan internet traffic and detect real-time cyber threats across government and private service providers.
• CERT-In (Computer Emergency Response Team India): Provides sector-specific CERTs, such as NIC-CERT to counter cyber-attacks on government infrastructure.
• Cyber and Information Security (CIS) Division: Created by the Ministry of Home Affairs to monitor cybercrimes and protect critical information infrastructure.
  • Indian Cyber Crime Coordination Centre (I4C): Tracks and counters online criminals through a centralised approach.
  • Cyber Warrior Police Force: A specialised unit to combat cybercrimes and ensure effective law enforcement in cyberspace.

Key Programs and Initiatives

• Pradhan Mantri Gramin Digital Saksharta Abhiyan (PMGDISHA): Aims to make 6 crore rural households digitally literate under the Digital India Programme.
• Cyber Surakshit Bharat (CSB) Programme: Trains Chief Information Security Officers (CISO) and IT officers of government, banks, and PSUs.
• Cyber Swachhta Kendra: A Botnet Cleaning and Malware Analysis Centre that provides free tools for detecting and removing malicious programs.
• Proposals for Digital Payment Bill: Strengthens the legal framework for financial sector cybersecurity, particularly addressing frauds targeting cards and e-wallets.
• Crisis Management Plan for Cyber Attacks: A plan designed to counter cyberattacks & cyber-terrorism.
• RBI’s Data Localisation Initiative: Requires localisation of sensitive data for digital payment services, ensuring better security for Indian users.

Way Forward for Strengthening India’s Cybersecurity

• Timely Implementation of Committee Recommendations: Act swiftly on the recommendations from committees like the Rao Inderjit Singh and Gulshan Rai Committees to address evolving cybersecurity challenges.
• Revisions in Cyber Laws and Policies: Regularly update the Information Technology Act, 2000, and the National Cyber Security Policy, 2013, to address emerging digital threats and global technological advances.
• Strengthening Data Protection Framework: Expedite the passage of the Personal Data Protection Bill to ensure robust privacy and security measures for citizens’ data.
• Establish Centralised Cybercrime Management: Set up a single, unified body to manage and coordinate cybercrime prevention, investigation, and enforcement at all levels of government.
• Building Cybersecurity Capacity: Focus on the training and upskilling of a specialised cybersecurity workforce, including law enforcement, judicial officers, and private sector employees.
• Encouraging Indigenous Cybersecurity Solutions: Promote domestic development of cybersecurity technologies to reduce dependency on imported solutions and enhance national security.
• Cybersecurity Standards and Compliance: Establish clear cybersecurity standards and frameworks, and ensure regular audits to guarantee compliance, especially in critical sectors.
• Cybersecurity Awareness and Digital Literacy: Launch nationwide campaigns to raise public awareness of safe online practices and secure data management.

From ‘Long Lines’ to ‘Going Online,’ digital technologies must shift from being a ‘threat multiplier’ to a ‘force multiplier’ by strengthening cybersecurity frameworks, fostering innovation, and enhancing capacity building to drive national growth and security.

Reference: PMF IAS: Cybercrime | The Hindu

UPSC Mains PYQs – Theme – Cyber Security

1. Cyber warfare is considered by some defense analysts to be a larger threat than even Al Qaeda or ter-rorism. What do you understand by Cyber warfare? Outline the cyber threats which India is vulnerable to and bring out the state of the country’s preparedness to deal with the same. (2013)
2. Considering the threats cyberspace poses for the country, India needs a “Digital Armed Force” to pre-vent crimes. Critically evaluate the National Cyber Security Policy, 2013 outlining the challenges per-ceived in its effective implementation. (2015)
3. Use of Internet and social media by non-state actors for subversive activities is a major concern. How have these have misused in the recent past? Suggest effective guidelines to curb the above threat. (2016)
4. Discuss the potential threats of Cyber-attack and the security framework to prevent it. (2017)
5. Discuss different types of cybercrimes and measures required to be taken to fight the menace. (2020)
6. Keeping in view India’s internal security, analyse the impact of cross-border cyber attacks. Also, discuss defensive measures against these sophisticated attacks. (2021)
7. What are the different elements of cyber security? Keeping in view the challenges in cyber security ex-amine the extent to which India has successfully developed a comprehensive National Cyber Security Strategy. (2022)

PMF IAS Pathfinder for Mains – Question 18

Q. As India aspires to become a $1 trillion digital economy by 2030, the need for robust cybersecurity measures has never been more critical. Critically evaluate the existing cybersecurity framework, identify key vulnerabilities, and suggest strategic interventions to safeguard India’s digital ambitions. (250 Words) (15 Marks)

Approach

• Introduction: Write a brief introduction about importance of cyber security in India.
• Body: Discuss key challenges in India’s cybersecurity framework & also strategic interventions needed.
• Conclusion: Conclude the answer by highlighting the need of an integrated approach.