GIST OF RAJYA SABHA TV (RStv Debate):Global cyber security - India in top 10

Introduction

• India ranked 10th in the 4th edition of the Global Cybersecurity Index 2020 (GCI), a significant leap of 37 places from its previous GCI rank in 2018.
• Meanwhile at UNSC India has also flagged sophisticated use of cyberspace by terrorists and reiterated it is committed to open, secure, free, accessible & stable cyberspace.
  • A drone attack was conducted on the Jammu Air Force Station on June 27.
  • It was the first such instance of suspected Pakistan-based terrorists deploying unmanned aerial vehicles to strike at vital installations.

In this article, all important aspects of Cyber Security challenges and solution are discussed and analyzed.

Edited Excerpts from the debate

Important findings of the Index

Overall ranking:

• USA, UK, Saudi Arabia, and Estonia are ranked at top 3 positions, respectively, in the Index.
  • The UK and Saudi Arabia are placed in 2^nd position together.
  • The top rank in the GCI was secured by the US with a score of 100.
  • In the Asia Pacific region, South Korea and Singapore ranked at the top with a score of 98.52, tied for the fourth spot globally.
  • The list featured China at the 33rd spot and Pakistan at the 79th spot in the GCI 2020 report.

India’s ranking:

• India ranked 10th in the Global Cybersecurity Index 2020 (GCI).
  • India also ranked 4th in the Asia-Pacific region.
  • In the last edition of the GCI in 2018, India was placed at the 47th spot.
  • India achieved a consolidated score of 97.5.
  • The score is based on 20 indicators under 5 pillars.

What is the concept of cyber attack?

• The concept of a cyber attack can be described as a “deliberate exploitation of computer systems, technology-dependent enterprises and networks.”
• Cyber attacks use “malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.”

What are the gaps in India’s Cyber Security?

• lack of effective coordination
• overlapping responsibilities
• lack of clear institutional boundaries and accountability
• outdated strategies
• inappropriate approach to deal with cyber conflict
• absence of credible cyber deterrence strategy

How to enhance India’s cyber security structure?

• Effective strategy and transparency
• Better coordination
• Focus on creating secure cyber ecosystem
• Learning from expertise

Conclusion

India needs to build a safe cyberspace in order to protect social order, defend national sovereignty, and ensure sustainable development.

Value Addition

What is Global Cybersecurity Index 2020?

• The index is released by the United Nations (UN) agency for information and communication technologies (ITU).
• It was the 4^th edition of the GCI ranking.
• It measures the commitment of countries to cybersecurity at a global level.
• Pillars: The GCI index is based on the countries commitment to 5 pillars namely:
  • Legal
  • Technical
  • Organizational
  • Capacity development
  • Cooperation

Types of Cybercrime                                                                                                                                                                                               

• DDoS Attacks: These are used to make an online service unavailable and take the network down by overwhelming the site with traffic from a variety of sources.
• Identity Theft: This cybercrime occurs when a criminal gains access to a user’s personal information to steal funds, access confidential information, or participate in tax or health insurance fraud.
• Cyberstalking: This kind of cybercrime involves online harassment where the user is subjected to a plethora of online messages and emails.
• PUPs: Potentially Unwanted Programs (PUPs) are less threatening than other cybercrimes, but are a type of malware.
• Online Scams: These are usually in the form of ads or spam emails that include promises of rewards or offers of unrealistic amounts of money.
• Botnet:Botnet is a network of devices that have been infected with malicious software, such as a virus. 
• Malware:Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms.
• Phishing:Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. 
• Ransomeware: In a ransomware attack, the victim is forced to delete all necessary information from their system if they fail to pay a ransom within the timeline given by cybercriminals. 
• Trojan Horses:A Trojan is a malware software program that aims at hacking digital devices by appearing as useful software to the victims.
• Worm:A worm is a type of malware that doesn’t attack a host file and replicates itself as it travels across computers and networks and leaves copies of itself in the memory of each computer.

What are the laws for cyber security in India?

• Information Technology Act, 2000: The act provides legal recognition to e-commerce and e-governance and facilitates its development as an alternative to paper-based traditional methods.
• Crime and Criminal Tracking Network System (CCTNS): It is a nationwide network infrastructure for evolution of IT-enabled state-of-the-art tracking system around “investigation of crime and detection of criminals”.
• National Cyber Security Policy, 2013: It provides for:
  • To build a secure and resilient cyberspace
  • Creating a secure cyber ecosystem, generate trust in IT transactions
  • Creation of a 24 x 7 National Critical Information Infrastructure Protection Center (NCIIPC)
  • Indigenous technological solutions
  • Testing of ICT products and certifying them
• National Technical Research Organization (NTRO): NTRO is a highly specialized technical intelligence gathering agency. 
• NCIIPC:The National Critical Information Infrastructure Protection Centre (NCIIPC) was established under NTRO in 2014 to facilitate the Protection of Critical Infrastructure.
• CERT-In: CERT-In has been designated to serve as the national agency to perform the following functions:
  • Collection, analysis, and dissemination of information on cyber incidents
  • Forecast and alerts of cybersecurity incidents
  • Emergency measures for handling cybersecurity incidents 
  • Coordination of cyber incident response activities
  • Issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents
• National Cyber Coordination Centre (NCCC): It is a critical component of India’s cyber security against hackers and espionage as well as to track terrorist activity online.