Technology has had a transformational impact at all levels in society – be it professional or personal. The increasing transition as well as dependence of memory as well as cognitive functions on technology and information systems is an integral factor in everyday life today. What is hence very important is to ensure that this dependence on technology is trustworthy and has the functional integrity to ensure security and privacy. Especially when it comes to defence and security related information systems, it is imperative that the systems being leveraged have the uppermost security levels.
The pace of change in the current high-tech era is exponential – sometimes too fast for absorption by most of the population. This fast evolution of technology results in gaps which further lead to cyber security threats. These threats are characterised by intentional and malicious attempts to breach systems integrity with motives like data theft, espionage, sabotage, or financial benefits.
A recent Kaspersky report has reportedly mentioned that Distributed Denial of Services (DDoS) attacks or cyber breaches increased by nearly 4.6 times in the first year of calendar year 2022. To put into perspective, the total value of damages that cybercrime reportedly inflicted globally in 2021 amounted to almost $6 trillion[1] and is expected to increase to $10.5 trillion by 2025. On a lighter note, it could turn out to be the third largest economy by value. That is the colossal risk and damage that needs to be addressed.
India and cyber security
From an India perspective, CERT-In reported more than 14 lakh cyber security related incidents in total in 2021[2] while in the first two months of 2022 (Jan-Feb), more than 2.12 lakh incidents were already reported. While digital was always the way forward, the COVID pandemic turbo charged it. With most of the world forced to work remotely and interact and transact virtually using digital means, there was a huge rise in cyber activity.
With increasing digitisation, the risks posed by the technologies also increases especially targeted towards critical infrastructure sectors including infrastructure, nuclear and space entities.
So much so that, now even though the world has moved back to a “physical” mode, the affinity to digital technology payments remains. As per latest data by MeitY, India clocked more than 3,270 crores of digital transactions in the first quarter of financial year 2022-23 while the value of digital transactions in FY22-23 till July has already crossed INR 566 lakh crores[3].
India also faces the same threats as the global population – phishing scams, website spoofing, ransomware, malware, IOT hacking, data leakage and with the growing presence of digital in India, the threats are only going to increase. With increasing digitisation, the risks posed by the technologies also increases especially targeted towards critical infrastructure sectors including infrastructure, nuclear and space entities.
The most vulnerable facets when it comes to national cyber security include towards large scale digitized public services, supply chain, critical information infrastructure as well as digital payments. Hence, in this context measures towards cyber security are a natural response. The Government has taken initiatives to further enhance the cyber security posture and countering such attacks through advisories, alerts as well as proactively collating and analysing data across sectors and segments. These initiatives as per the National Cyber Security Strategy 2020 by Data Security Council of India (DSCI) can be categorized under the 3-S umbrella of Secure, Strengthen and Synergise.
Why safety matters
Steps including ensuring supply chain security through continuous and real time monitoring and mapping coupled with increased product testing and certification efforts along with development of agile mechanisms for adaptability help in keeping the systems secure. A formal structure with earmarked institutions and a robust governance mechanism are a necessary step to ensure and strengthen the efficient execution of cyber security policies through both security and state.
This of course needs to be backed by budgetary provisions especially towards investments in R&D and incentivization and enhancement in related infrastructure with required focus on capacity and capability building. With the above two taken care of what is the most critical is integrating all efforts to ensure there is synergy across all verticals with compliance to adopted standards. There are various entities in all strata of society including industry, government as well as academia that are working and contributing towards both cyber security policy formulation as well as its execution.
A formal structure with earmarked institutions and a robust governance mechanism are a necessary step to ensure and strengthen the efficient execution of cyber security policies through both security and state.
There are many agencies in India which work on various facets of cyber threats. The National Technical Research Organization (NTRO) acts as a feeder agency for technical security intelligence to other national agencies in India. The National Critical Information Infrastructure Protection Centre (NCIIPC), a unit of the NTRO itself, acts as a nodal agency for critical information infrastructure protection for sectors like power and energy, BFSI, telecom, transport etc.
The National Cyber Coordination Centre (NCCC) is an operational cybersecurity and e-surveillance agency in India supporting and co-ordinating intelligence gathering activities. However, what is being attempted now is to further synergize all activities to ensure maximum output while ensuring there is enough and more outreach amongst the population on the threats posed by cyber / digital activities and how to build solutions for the same.
Cyber security in defence
DRDO for instance has its affiliated lab, the Directorate of Information Technology and Cyber Security (DIT&CS) – a dedicated lab largely towards operating, maintaining, and expanding DRDO’s internal cyber security.
Its roles and responsibilities include, among others, work towards DRDO’s internal unified communication services, ERP, Central Internet Access Gateway (CIAG) as well as collaboration with academia in the field of cyber security. Hence entities like these are critical for the national ecosystem as they become benchmarks for other small and big entities to pursue and achieve. Initiatives like these when coupled with definitive and structured knowledge sharing with relevant stakeholders have the potential to start a revolution in the segment.
DRDO, for example, through Defence Institute of Advanced Technology (DIAT), a DDR&D funded autonomous organisation conducts online training and certification courses on cyber security to create awareness as well as a capability to tackle the threat. Once of the short-term training and certification courses for example is a 12-week online course[4] offering a mix between fundamentals of cyber security and advanced topics such as forensic and incident response, system programming, reverse engineering and malware analysis, basic and advanced vulnerability analysis, exploit mitigation and penetration testing followed by the tools and techniques for Cyber Security professionals.
It is important that as the threats become more complex, they will require constant innovation to keep the space secure and resilient to threats. It will always be important to stay ahead of the curve.
In another instance, DRDO and the Gujarat University collaborated to announce in 2021 the setting up of Sardar Vallabhbhai Patel Centre for Cyber Security Research (SVP-CCR)[5]. The centre is planned as a DRDO funded CoE towards multi-disciplinary scientific and applied research in critical and futuristic technologies related to defence and security.
With the core research work planned in verticals including IOT, cyber security, cryptocurrency analysis, cyber defence, and malware analysis, the CoE plans to leverage researchers and faculties from across the country. DRDO will drive this initiative by providing problem statements to be worked upon by the members of the CoR.
Efforts are clearly being made across all segments and by all stakeholders. It is important that as the threats become more complex, they will require constant innovation to keep the space secure and resilient to threats. It will always be important to stay ahead of the curve.
Indigenous solutions of course are key to ensure no dependencies on foreign entities. Hence it is important to evolve, develop, build, handhold and leverage the in-house expertise in the country. Entities like DRDO are more than capable to work with academia and industry in ensuring that the small steps being taken in the right direction become giant leaps for the society.
[1] https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
[2] https://inc42.com/buzz/2-12-lakh-cybersecurity-incidents-reported-in-2022-indian-govt/
[3] https://www.livemint.com/news/india/india-records-over-3-000-crore-digital-transactions-between-april-july-2022-11659523567667.html
[4] https://www.drdo.gov.in/sites/default/files/whats_new_document/DIATSCA25012021.pdf
[5] https://indianexpress.com/article/cities/ahmedabad/gu-drdo-to-set-up-cyber-security-research-centre-7760634/