Internal Security (Challenges to internal security through communication networks) by Viraj C Rane

Model Answer

Question #1. Strategy for cyber security in India would not be complete without factoring efforts required at the state level. Discuss.

Approach:

• The question requires analysis of cyber security in light of state government’s role 
• Contextually introduce with efforts taken for digitizing the economy and associated cyber security risk 
• Then highlight the significance of state governments in dealing with cyber security
• Then explain the efforts required at the states in cyber security then write how central government is supplementing the initiatives of the State Governments in cyber security
• Conclude with the gist of your answer

Hints:

States would be the key to realizing India's goal of USD 5 trillion economy. Many states in the country are taking concerted efforts for digitizing levers of the economy and delivering public services on digital channels. However, as the digital economy grows, states become more prone to cyber threats and vulnerabilities. In 2021, the country recorded over 52 thousand cases of cyber crime that year marking a significant increase compared to about 12 thousand cases in 2016. 

Role of state governments in dealing with cyber security

• Police’ and ‘Public Order’ are State subjects as per the Seventh Schedule of the Constitution of India. States/UTs are primarily responsible for the prevention, detection, investigation and prosecution of crimes including cyber crime through their Law Enforcement Agencies (LEAs). The LEAs take legal action as per provisions of law against the offenders. 
• It is important to ensure that states take cyber security on their agenda in their efforts of industrialization and digitization. For this, measures like promoting, acknowledging, and driving the states for proportionate attention and investment in cyber security is required.

Efforts required at the state level in cyber security

• Promoting the development of state-level cyber security policies
• Mandating roles and responsibilities of cyber security functions 
• Allocation of dedicated funds
• Incentivizing enhancement in the security preparedness 
• Creation of the infrastructure and development of capabilities 
• Subjecting the digitization plans for critical scrutiny, validation, and authorization 
•  Issuing guidelines for enhancing security architecture, operations, and governance 
• Advocating the sharing of threat information/intelligence to address target attacks from state/non-state actors 
• Promoting responsible use of cyberspace and data
•  Developing capabilities of the state machinery to address cyber security challenges
• Developing a mechanism for overseeing and monitoring cyber security preparedness and performance of the states 
• Promoting the programs of developing skills and talent at the state level 
• Partnering for developing India as a global hub for cyber security products and services by orchestrating the state-level efforts 

Steps taken by the government to supplements the initiatives of the State Governments in cyber security:

• The Central Government supplements the initiatives of the State Governments through advisories and financial assistance under various schemes for their capacity building.

• The Ministry of Home Affairs has provided financial assistance to all the States & UTs under Cyber Crime Prevention against Women & Children (CCPWC) scheme to support their efforts for setting up of cyber forensic-cum-training laboratories, training, and hiring of junior cyber consultants. 

• Cyber forensic-cum-training laboratories have been commissioned in all States. The Central Government has taken steps for spreading awareness about cyber crimes, issuance of alerts/ advisories, capacity building/ training of law enforcement personnel/ prosecutors/ judicial officers, improving cyber forensic facilities etc.
• The Government has established Indian Cyber Crime Coordination Centre (I4C) to provide a framework and eco-system for LEAs to deal with the cyber crimes in a comprehensive and coordinated manner. ‘Joint Cyber Coordination Teams’ have been constituted for seven regions at Mewat, Jamtara, Ahmedabad, Hyderabad, Chandigarh, Vishakhapatnam and Guwahati under the I4C to address the issue of jurisdictional complexity, based upon cyber crime hotspots/ areas, by on-boarding all the States/UTs to provide a robust coordination framework to the LEAs.

Conclusion:

As cyber security will continue to remain a potent factor in India’s digital ecosystem, all stakeholders must focus on a collaborative approach to develop formidable solutions that can create safer digital spaces. Thus, role of policymakers at both centre and state will be equally crucial in making strategy for cyber security in India. 

Question #2. With the advent of 5G technology and consequent increase in dependency on telecom networks, there is an increased vulnerability to cyber threats. Elaborate. Also, highlight the significance of the National Security Directive on the Telecom Sector (NSDTS) in securing the Telecom industry from threats of cyber-attacks.

Approach:

• The question requires analysis of security issues related to telecom sector
• Contextually introduce with the emerging cyber security and privacy threats across the telecom sector
• Highlight the vulnerability of telecom sector to cyber threats then write about the 5G and cyber security
• The n explain how the National Security Directive on the Telecom Sector (NSDTS) will help in securing the Telecom industry from threats of cyber-attacks.
• Conclude by suggesting way forward

Hints:

Telecom sector is exposed to the emerging cyber security and privacy threats across the industries. Telecommunication companies are a major target for cybercriminals and nation-state actors because they build, control and operate critical infrastructure that is used to transmit and store large amounts of sensitive data.  5G is likely to escalate telecom sector vulnerability to security breaches with its attributes of edge computing, and dynamic bandwidth sharing, among others where each activity will become a potential attack vector.

Vulnerability of telecom sector to cyber threats

• Critical Infrastructure: Telcos often open themselves up to cyber threats since they are responsible for the construction and operation of crucial infrastructure needed to communicate and store sensitive data.
• Vulnerable to hacking: Communication channel components like edge devices, core network elements, and end user services that run on them are often targeted.
• Fourth industrial revolution: It will be fueled by the 5G communications foundation that is coming up and which is destined to be a problem for security as it directly impacts critical infrastructure industry verticals. 
• Domino Effect on other sectors: Cyber attacks in telecom networks can have a domino effect on other dependent industry sectors such as healthcare, financial services, utilities, manufacturing etc.
• Corrupted Hardware : Purported backdoors in telecom equipment products continue to be cause of concern related to sanctity of these networks and communication delivered through them
• Increasing Bandwidth : In the future IoT based DDoS attacks are expected to rise with high bandwidth availability enabled through next generation networks

5G and cyber security

5G is critical for India to make further progress and compete on a global scale. Experts predict that 5G will have a cumulative economic impact of $1 trillion by 2035 and that it will increase the nation’s GDP by $150 billion between 2025 and 2040. However, there are a number of security challenges associated with 5G:

• Powered by high speed and low latency, 5G will push us into a world of interconnected networks. It will pave the way for new technologies like the IOT, AR, VR AI, etc. These new technologies involve the transfer and exchange of large amounts of data. This could translate into security challenges if that data gets intercepted by people with dubious intentions.
• 5G is also likely to escalate our vulnerability to security breaches with its attributes of edge computing, and dynamic bandwidth sharing, among others where each activity will become a potential attack vector.
• Malware and ransomware attacks: As 5G networks will become more widely adopted, they are likely to be targeted by malware and ransom ware attacks. These attacks can compromise the security of the network and its users, leading to data breaches and other security incidents. With 5G, a cybercriminal could possibly access a large number of compromised devices (such as smart phones or smart home devices) to quickly spread malware or ransom ware across a network eventually allowing the attacker to infect a large number of devices in a short amount of time, potentially causing widespread disruption and damage.
• Distributed denial-of-service (DDoS) attack: 5G technology has the potential to significantly increase the speed and capacity of wireless networks. This increased speed and capacity could make it easier for attackers to launch large-scale DDoS attacks. Attackers could potentially use advanced techniques to bypass security measures and launch attacks that are more difficult to detect and defend against.
• Man-in-the-middle attacks: With 5G, an attacker could use new techniques to intercept and manipulate data transmitted over the network. This could allow the attacker to read, modify, or even impersonate one of the parties involved in the communication, potentially leading to the theft of sensitive information or the compromise of systems and networks. 

Significance of the National Security Directive on the Telecom Sector (NSDTS)

India is one of the top three countries in the world that is facing cyber-attacks. It is important to secure the Telecom industry as it is the backbone of all other infrastructure sectors in the country such as transport, banking, power, finance. NSDTS will impact the cyber security, digital and telecom ecosystem in the country.

• Objective of the directive: It is mainly to check any ‘backdoor’ or ‘trapdoor’ vulnerabilities in the telecom networks, which can be exploited to extract information and pass on illegally to agencies around the world.
• Indigenisation of telecom equipment: The National Security Committee on Telecom will take measures to increase use of equipment from Indian trusted sources. This will give a boost to the use of indigenous products in the telecom networks
• Integration with Global Supply chains: The directive also ensures that the Indian manufactured telecom products get into the global supply chain of the system integrators.
• Apart from the directive, the government will release at regular intervals new guidelines for effective monitoring and effective control of the network security of the TSPs.
• Under the provisions of the Directive, in order to maintain integrity of the supply chain security and to discourage insecure equipment in the network, the government will declare a list of 'trusted sources/trusted products'.

Conclusion:

It is relevant that the telecom sector today is a key infrastructure provider with strong linkages with economic growth, direct and indirect employment generation and expansion of Digital India. Securing the hardware that goes into the infrastructure along with the codes and network connectors is part of this new security challenge. The NSDTC is effort in right direction to provide guidance in securing the key telecom sector.