CYBER SECURITY IN INDIA

Transcription

1 CYBER SECURITY IN INDIA Introduction In the last couple of decades India has carved a niche for itself in the field of Information technology. Optimization of Information technology in Banking, Defence, Services, and Telecom sectors to name a few has therefore also exposed them vulnerable to Cyber attacks. Such attacks can be so enormous as to collapse our economic system. Information technology has exposed the user to such a huge data bank that conventional warfare is replaced by Cyber attacks crippling the whole economic, defence and security system of any nation. This newly added dimension to terrorize is now frequently being exploited by anti-national groups to use the cyber space to carry out their evil designs. More frightening it is to digest the thought that means to counter such attacks are very limited and absent sometimes. Meaning of Cyber Terrorism Cyber terrorism can be defined as-...the convergence of terrorism and cyber space. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks and information stored therein when done to intimidate or coerce a government or its people in the furtherance of political or social objectives. Further to qualify as cyber terrorism, an attack should result in violence against persons or property or at least cause enough harm to generate fear. Attacks that lead to bodily injury or deaths, explosions, plane crashes, water contamination or severe economic loss would be examples... This however comprehensive definition suffers the limitation of focusing more on conventional attacks. Terrorists may direct an attack to disrupt key economic activities and create more panic than conventional attacks. During the recent unearthing of terrorist networks the most outstanding feature has been use of techno tools like Cellular phones, Satellite phones(who can forget the 26/11 Mumbai Attack) and s and have mastered the use of Laptops and Tablet PCs to give finesse to their nefarious designs. The architects of terror are now becoming more techno savvy.

2 Modes of Cyber Attacks Use of computer viruses and worms is most popular weapons in Cyber terrorism; however it can be classified broadly into the following categories- 1).Physical Attack- Damaging the Cyber system by use of conventional methods like bombs, fire etc. 2).Syntactic Attack- Damaging by modifying the logic of the system to introduce delayed processing or making the system unpredictable by introducing computer viruses, worms, Trojans etc. 3).Semantic Attack- This exploits the confidence of the user in the system. Information keyed in the system at the entry and exit modifies the information already stored by inducing errors without the knowledge of user. Cyber terrorism, besides paralyzing the computer infrastructure has gone far beyond by usage of Internet in designing and uploading websites on which false propaganda can be posted bringing it under the category of Psychological Warfare. Tools of Cyber Terrorism Cyber terrorists unleash this new age terrorism by utilizing tools like- 1).Hacking- Any kind of unauthorized access to a computer or network of computers using ingredients technologies Packet sniffing, Tempest attacks, Password cracking, and Buffer outflow etc. 2).Trojans- Programmes pretending to do one thing while actually meant to do something entirely different like the woodan trojan horse of 12th century B.C. 3).Computer Viruses- A computer programme infecting the existing programmes thereby making them unpredictable. 4).Computer Worms- These are self contained programmes or a set of programmes able to spread

3 functional copies of itself or its segments to other computer systems usually via network connections. 5). related Crimes- Worms and Viruses are used for spreading threats and defamatory stuff by attaching them to host programmes. 6).Denial of Services- Attacks aimed to deny access to a computer or network to duly authorized persons. 7).Cryptology- Encryption of voice/data links to disseminate terror which cannot be viewed or heard by a person without knowledge of encryption code. Challenges to our National Security Dependence on IT Sector is increasing day by day in every field. India is also shifting gears to E- Governance. Government departments like Income tax, Passports, visas are under the realm of it. Police and Judiciary are following the same suit. Travel, Banking, Stock Markets can't even think of functioning without full scale computerization. Havocs in these by means of InfoTech can be catastrophic and irreversible. The major challenges and concerns are- 1. Lack of awareness and the culture of Cyber security at individual as well as institutional level. 2. Lack of trained and qualified human resources to implement counter measures. 3. Lacunae in the Information Technology Act and age old Cyber laws. 4. account policy is not present in most of the key areas like police, defiance forces etc. 5. Existing Cyber Security Initiatives- Some counter initiatives to control Cyber attacks are- National Informatics Centre- A premier government body providing network backbone and E-Governance support to Central, State Governments, and to other state bodies.

4 Indian Computer Emergency Response Team- Also known as Cert-In is the most important constituent of India's Cyber community for enhancing the security communications and infrastructure through proactive action and effective collaboration aimed at security incident prevention and response and security assurance. National Information Security Assurance Programme (NISAP)- This is for Government and Critical Infrastructures. The highlights are- 1. Government and critical infrastructures to have a security policy and create a point of contact. 2. Mandatory for organizations to implement security control and report any security incident to Cert-In. Cert-In to create a panel of auditors for IT security. All organizations to be subject to a third party audit from this panel once a year and Cert-In to be reported on security compliance on periodic basis. Indo-US Cyber Security Forum(IUSCSF)- Set up in 2001 this high powered delegation aims at- 1. Setting up of an India Information Sharing and Analysis Centre(ISAC) for better cooperation in anti-hacking measures. 2. Setting up an alliance with Confederation of Indian Industries(CII) awareness programmes about threats in Cyberspace. 3. Increasing cooperation between India's Standard Testing and Quality Certification(STQC) and US National Institute of Standards and Technology(NIST). 4. Setting of R&D Groups on Cyber security, Cyber Forensics and Anti spasm research. Suggestions-

5 The threat of Cyber Attacks can be tackled through the following initiatives- Need to sensitize common citizen about dangers of Cyber Terrorism. Aggressive Strategy at academic level through involvement of Cert-In professionals. Joint effort by all Government agencies to attract qualified and skilled personnel. Cyber security not to be given mere lip service and bureaucratic dominance be avoided. Cyber security agreements to be given utmost importance. More investment in this field in terms of Finance and Manpower. Close vigil on recent developments in the IT sector of our potential adversaries. Conclusion- The landscape of terrorism will entirely change and jeopardize the national security if the nexus between Hacker and Terrorists remain unchecked. A common vision to ensure Cyber security is the call of the day. Author Name: Samir Dixit Designation: Asst. Professor (Laws) College of Law & Legal studies Teerthankar Mahaveer University Moradabad (U.P.),