In its brief period of existence, there has been a dramatic expansion in the use of Information Technology (IT), the increasing dependency on IT bring with it a new form of threat and hence cyber security has become an integral part of country’s internal security. (Cyber security refers to the preventive measures employed to protect the information being compromised)
Cyber security is a complex issue as it calls for a multi-dimensional approach cutting through various domains and involving various agencies. The primary reason because of which cyber security has become difficult to manage is due to the diffused nature of threats and inability to form a strategy against it owing to non-tangible nature of perpetrators.
The IT sector is undoubtedly an integral part of country’s critical information infrastructure (CII) and supports the very existence of most of the critical infrastructure (CI), disruption of which will have catastrophic effect on nation’s internal security, governance, economy and social well-being as all these services are dependent on the relay of information either for communication, transactions or operational security.
Cyber security involves various steps and first and foremost important step is to identify and understand the different forms of threats an individual or state is likely to encounter. Cyber threats can be broadly classified into two categories, Cyber Crime: against individuals, and Cyber warfare: against a state. By definition, cyber crime can be understood as the use of cyberspace to commit a crime by an individual or by a group of individuals. Cyber attackers use a variety of techniques to commit a cyber crime the most common of which is the targeting vulnerabilities in software or hardware design through the use of malware or viruses to disrupt computers operation or to gather sensitive information. Another form of cyber crime known as Denial of Service is an attempt to make services unavailable to the end users. On the other hand use of information system by a state to disrupt other country’s critical infrastructure for espionage is known as cyber warfare. And when an organisation working independently of the nation state operates terrorist activities through cyberspace it is known as cyber terror.
Securing the cyberspace is, however, a difficult task as cyberspace is designed to increase connectivity rather than security. The challenge also lies in the fact that there is no physical demarcation in cyberspace and one cannot differentiate between defense cyber-space or civilian cyberspace, what makes it even more complex is that one country cannot choose to ignore what is happening any part of this space if it wants to protect its own national interest. Hence a nation’s defense against cyber threats is intertwined with its internal security and international cooperation. What this means is that a nation has to adopt a coherent approach while formulating national policies against cyber threats and while taking diplomatic stance keeping in mind international rights related to information freedom. To make matters worse in a cyberspace it is quite easy for the attacker to cover the tracks and can even mislead the target in believing that threat has originated from somewhere else.
National Cyber Security Policy in 2013
Indian approach towards cyber security has changed dramatically since the formulation of National Cyber Security Policy in 2013. The Government of India is constantly endeavoring to build a secure and resilient cyberspace for citizens, businesses and government. The mission of the policy is to protect the information and information infrastructure in cyberspace, build capacity to prevent and respond to cyber threats, reduce vulnerabilities and reduce damage from cyber incidents. A major step forward was creating the list of critical computer infrastructure which needs special protection against such attacks.
Establishment of National Critical Information Infrastructure Protection Centre (NCIIPC) to create a firewall against such networks is also one of the ideas being implemented. A multi-agency National Cyber Coordination Centre is also being set up. Centre of Excellence in Cryptology, the science of data encryption is established in Kolkata. The government of India has also come up with a roadmap on cyber security which laid emphasis on the participation of private sector, to follow that up government has set up three cyber-forensics laboratories, nine more of such laboratories are in pipeline. A cyber crisis management plan is already in place of which state governments are an integral part. A Computer Emergency Response Team (CERT) has been set up for defence and railways to deal with the crisis situation.
Clearly, the road to cyber security is not smooth and there exist a few road blocks too, the unwillingness of defense and intelligence agencies to align their security policy with national policy is one of them. Another arise due to the non-existent curriculum on cyber security in colleges due to which there arise a need to train the workforce before employing them on large scale and of course there is a shortage of funds and training institutes. The multitude of mobile devices and an existence of a market of pirated software make the task difficult to address. Lack of awareness among the people is another cause of rising global concern.
To sum up, the ever persistent nature of the cyber attack has made governments all over the world to take stringent actions in securing their cyberspace, as the cyber attack genie is out of the bottle and it is certainly not willing to go back in any soon.