In its brief period of existence, there has been a dramatic expansion in the use of Information Technology (IT), the increasing dependency on IT brings with it a new form of threat and hence cyber security has become an integral part of country’s internal security. Cyber security refers to the preventive measures employed to protect the information from being compromised.
Cybersecurity is a complex issue as it calls for a multi-dimensional approach cutting through various domains and involving various agencies. The primary reason because of which cybersecurity has become difficult to manage is due to the diffused nature of threats and the inability to form a strategy against it owing to the non-tangible nature of perpetrators.
The IT sector is undoubtedly an integral part of a country’s critical information infrastructure and supports the very existence of most of the critical infrastructure, disruption of which will have a catastrophic effect on the nation’s internal security, governance, economy and social well-being as all these services are dependent on the relay of information either for communication, transactions or operational security.
Cybersecurity involves various steps and first and the foremost important step is to identify and understand the different forms of threats an individual or state is likely to encounter. Cyber threats can be broadly classified into two categories Cyber Crime: against individuals, and Cyberwarfare: against a state. By definition, cybercrime can be understood as the use of cyberspace to commit a crime by an individual or by a group of individuals. Cyber attackers use a variety of techniques to commit a cybercrime the most common of which is the targeting vulnerabilities in software or hardware design through the use of malware or viruses to disrupt computers operation or to gather sensitive information. Another form of cybercrime known as Denial of Service is an attempt to make services unavailable to the end users. On the other hand use of information system by a state to disrupt other country’s critical infrastructure for espionage is known as cyber warfare. And when an organisation working independently of the nation-state operates terrorist activities through cyberspace it is known as cyber terror.
Securing the cyberspace is, however, a difficult task as cyberspace is designed to increase connectivity rather than security. The challenge also lies in the fact that there is no physical demarcation in cyberspace and one cannot differentiate between defence cyberspace or civilian cyberspace, what makes it even more complex is that one country cannot choose to ignore what is happening any part of this space if it wants to protect its own national interest. Hence a nation’s defence against cyber threats is intertwined with its internal security and international cooperation. What this means is that a nation has to adopt a coherent approach while formulating national policies against cyber threats and while taking diplomatic stance keeping in mind international rights related to information freedom. To make matters worse in a cyberspace it is quite easy for the attacker to cover the tracks and can even mislead the target in believing that threat has originated from somewhere else.
Indian approach towards cybersecurity has changed dramatically since the formulation of the National Cyber Security Policy in 2013. The Government of India is constantly endeavouring to build a secure and resilient cyberspace for citizens, businesses and government. The mission of the policy is to protect the information and information infrastructure in cyberspace, build capacity to prevent and respond to cyber threats, reduce vulnerabilities and reduce damage from cyber incidents. A major step forward was creating the list of critical computer infrastructure which needs special protection against such attacks. Establishment of National Critical Information Infrastructure Protection Centre (NCIIPC) to create a firewall against such networks is also one of the ideas being implemented. A multi-agency National Cyber Coordination Centre is also being set up. Centre of Excellence in Cryptology, the science of data encryption is established in Kolkata. The government of India has also come up with a roadmap on cybersecurity which laid emphasis on the participation of private sector, to follow that up government has set up three cyber-forensics laboratories, nine more of such laboratories are in pipeline. A cyber crisis management plan is already in place of which state governments are an integral part. A Computer Emergency Response Team (CERT) has been set up for defence and railways to deal with the crisis situation.
Clearly, the road to cyber security is not smooth and there exist a few roadblocks too, the unwillingness of defence and intelligence agencies to align their security policy with national policy is one of them. Another arises due to the non-existent curriculum on cyber security in colleges due to which there arises a need to train the workforce before employing them on large scale and of course there is a shortage of funds and training institutes. The multitude of mobile devices and the existence of a market of pirated software makes the task difficult to address. lack of awareness amongst people is also another cause of concern.
To sum up, the ever-persistent nature of the cyber attack has made governments all over the world to take stringent actions in securing their cyberspace, but there as the genie of the cyber threat is out of the bottle and it is not willing to go back in.