Introduction:

• There have been numerous cases of Chinese-led cyber-attacks on Indians and Indian-based businesses recently.
• Chinese hackers have been targeting Indian firms that created Covid-19 vaccinations, according to a cyber security firm located in the United States (Covaxin and Covishield).
• Another US study revealed that a Chinese outfit (Red Echo) was targeting India's power industry with malware called Shadow Pad.
• Some of these Chinese-led cyber-attacks were also backed by the Chinese government, according to evidence.
• India has been targeted by cyber-attacks from Russia, North Korea, and other countries, in addition to China. These cases underlined the need for India's cyber security infrastructure to be strengthened.

Cyber Security:

• It refers to the process of protecting computers, servers, mobile devices, electronic systems, networks, and data from hostile attacks.

Types of Cyber Security:

• There are four primary types of cyber security threats:
• Cyber espionage is a term that refers to the act of using the internet to It's a data stealing and intelligence collecting operation. Data will be stolen without the user's permission or awareness.
• Warfare in cyberspace: It refers to a country's use of digital attacks (such as computer viruses and hacking) to disrupt another country's computers or information networks.
• Cyber terrorism: It refers to the convergence of terrorism and cyberspace. In this, the terrorists will use the internet to conduct violent activities such as threats, loss of life etc. Terrorists will use cyberspace to achieve their political and ideological gains.
• Cyber Crime: It is any criminal activity that involves a computer, networked device or a computer network.

Ranking & Cyber Intrusions:

• India was ranked 23rd in the world in the 2018 Global Cyber Security Index. India's vulnerability to cyber-attacks was mentioned in the study. Here are a few examples of cyber-attacks.
• A Chinese cyber outfit APT 10 (also known as Stone Panda) allegedly hacked the Covid-19 vaccine makers in India, according to Cyfirma, a Goldman Sachs-backed firm. There were additional linkages between the Chinese government and Stone Panda, according to Cyfirma.
• Microsoft identified cyber intrusions from Russia and North Korea in November 2020. The Covid-19 vaccination firms in India, France, Canada, South Korea, and the United States were the targets of these attacks, according to Microsoft.
• In February 2021, a cyber security firm located in the United States mentioned the Chinese outfit Red Echo. They warned that Red Echo was targeting India's power sector with malware called ShadowPad.

Government Initiatives:

• The Information Technology Act (IT) of 2000 is India's primary law governing cybercrime and digital trade.
• The law covers a wide range of crimes, such as child pornography and cyber terrorism.
• The government has the authority under Section 75 of the Act to punish anyone accused of the crime who are located outside of India.
• CERT-In (Indian Cyber Emergency Response Team) – Section 70B of the IT Act established it. It is the national nodal agency's responsibility to respond to computer security threats as needed.
• National Cybersecurity Policy, 2013: The strategy establishes a vision and strategic direction for safeguarding the nation's cyberspace. The following are some of the policy's goals:
• To construct a safe and resilient cyber-ecosystem, as well as sufficient trust and confidence in electronic transactions.
• The policy's goal is to direct the behaviour of stakeholders (users) in order to ensure cyberspace security. In order to ensure a secure cyber ecosystem in India, the regulatory framework must be strengthened. In the ICT industry, build appropriate indigenous technology.
• Section 70A of the IT Act established the National Critical Information Infrastructure Protection Centre (NCIIPC). In terms of vital information infrastructure protection, it has been classified as a national nodal agency. Its goal is to secure and protect critical information infrastructure (CII) from cyberterrorism, cyberwarfare, and other threats.
• Cyber Swachhta Kendra is a platform that allows users to analyse and clean their computers by eradicating viruses, bots/spyware, Trojans, and other malware. It was first released in 2017.
• The National Cyber Security Coordination Centre (NCCC) is a government-run organisation that coordinates cyber security. The NCCC is required to assess threats in real time. Additionally, they raise situational awareness of potential cyber threats to the government. In 2017, it became operational.
• In 2018, the Cyber Surakshit Bharat Initiative was established. The goal of the programme is to raise awareness about cybercrime. Capacity building for Chief Information Security Officers (CISOs) and frontline IT personnel across all government agencies is also a focus of the effort.
• Sandes Platform: It's a WhatsApp-like instant messaging platform. Previously, it was known as the Government Instant Messaging System (GIMS).
• Anyone having a phone number or an email address can utilise the platform for any type of communication. Users will be able to communicate in a secure manner thanks to the platform.
• It was first introduced in 2020 for state and federal government employees, but it has now been expanded to include all citizens.

Challenges in Tackling:

• Poor cyber security infrastructure: India has only a few cities with cybercrime units, and specific cyber courts have yet to be established.
• People do not report cybercrimes because of a lack of awareness or a fear of harassment.
• There are numerous data-related issues that must be addressed in order to ensure cyber security.
• For example, the vast bulk of Indian data is housed in data centres outside of India. As a result, data storage businesses do not inform India about cyberattacks.
• Incentives for cybercriminals have increased as online transactions have grown. An example of this is a recent cyberattack on Zomato (a meal delivery app).
• Officials' capacity deficit: Law enforcement agencies charged with conducting cyber investigations frequently lack the necessary cyber expertise and training.
• Anonymity: Encrypting techniques in cyberspace allow people to hide or falsify their identities. This increases the difficulty of the investigation.
• Concern about jurisdiction: At cybercrime, an individual can commit a crime while sitting in a remote place anywhere on the planet. A classic example of this is the recent WannaCry virus attack. Even if the perpetrator is discovered, bringing him to justice and conducting a trial in court will require international collaboration.

Suggestions:

• Enhancing Coordination: At the international, national, state, and local levels, there is a need to improve coordination. The Indian government's signing of the Budapest Convention on Cybercrime could be a significant step forward in this regard.
• Robust: The need for law enforcement agencies to be trained is urgent. The government will have to give law enforcement agencies and individuals with ongoing, comprehensive, and effective training, with a special emphasis on cyber security and safe internet handling skills.
• Instilling Digital Literacy: This can be accomplished by addressing the public's susceptibility to cybercrime.
• Infrastructure Development: This would entail the establishment of more cyber cells, cyber courts, and cyber forensic labs to ensure that those who violate the law are held accountable.
• Service providers' responsibilities: Website owners must be taught to be more aware of traffic on their sites and to report any irregularities. This will ensure that vast amounts of data on cyber-attacks are collected. In the future, these data could be used to develop a new cyber security strategy.
• Amending the Information Technology Act: It is necessary to make firms legally responsible for conducting regular cyber security audits. The IT Act could be changed to include a need for independent bodies to conduct cyber security audits.

Conclusion:

• The latest pandemic has highlighted the relevance of internet for humanity once again. Given the importance of cyber security, the government should move quickly to execute the National Cyber Security Strategy 2020.