Thursday, August 11th, 2022 04:43:16

Cyber Security: A Sine Qua Non

Updated: September 15, 2012 2:43 pm

The recent cyber attack originating from Pakistan with regard to the exodus by the people of the northeast and the tepid response from the government are worrying causes for the people of the country. Worst is that our secret documents are being pilfered from India by joint efforts by Pakistan and China via cyber warfare. It seems that India has become a staging ground for Pakistan and other rogue powers as to how to hurt the democratic powers, leaving no trace behind. The evil experiments staged in India by jihadi elements (with pliant China) are duplicated across the globe in the UK and the USA.

No surprise, Nasscom’s report “Securing Our Cyber Frontiers” calls for strong cyber infrastructure to deal with online crime. The report also suggests designing and implementing a competency framework and setting up a Centre of Excellence for best practice in cyber security. Besides, it has called for establishing a cyber command within the defence forces. It is worth mentioning that even before the above-mentioned north-eastern episode, the government had been victim of cyber crimes with a number of its websites being hit by cyber attacks. Sachin Pilot, Minister of State for Communications and IT, had revealed that 112 sites including those of Planning Commission, the Finance Ministry and various state government agencies, were defaced by cyber attacks. The Defence Research and Development Organisation also stressed the importance for having more resources to control these cyber attacks in near future. Against this backdrop, it is mandatory on part of the government that it must raise its vigilance especially the cyber intelligence against the disruptive forces coming from abroad and as well as home grown.

Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multilayered initiatives and responses. It is a challenge for governments because different domains are typically administered through siloed ministries and departments. The task is made all the more difficult by the inchoate and diffuse nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators. The rapidity in the development of Information Technology (IT) and the relative ease with which applications can be commercialised has seen the use of cyberspace expand dramatically in its brief existence.

In less than two decades, advances in information and communications technologies have revolutionised government, scientific, educational, and commercial infrastructures. Powerful personal computers, high-bandwidth and wireless networking technologies, and the widespread use of the Internet have transformed stand-alone systems and predominantly closed networks into a virtually seamless fabric of interconnectivity. The types of devices that can connect to this vast IT infrastructure have multiplied to include not only fixed-wired devices but mobile wireless ones. A growing percentage of access is through always-on connections, and users and organisations are increasingly interconnected across physical and logical networks, organisational boundaries, and national borders. As the fabric of connectivity has broadened, the volume of electronic information exchanged through what is popularly known as cyberspace has grown dramatically and expanded beyond traditional traffic to include multimedia data, process control signals, and other forms of data. New applications and services that use IT infrastructure capabilities are constantly emerging.

The IT infrastructure has become an integral part of the critical infrastructures of the country. The IT infrastructures interconnected computers, servers, storage devices, routers, switches, and wire line, wireless, and hybrid links increasingly support the functioning of such critical national capabilities as power grids, emergency communications systems, financial systems, and air traffic- control networks. The operational stability and security of critical information infrastructure is vital for economic security of the country.

Against this back ground it is worth mentioning that the threat of terrorism has posed an immense challenge in the post-Cold War period. Terror attacks in major cities, towns and tourist resorts across the globe have demonstrated the inadequacy of the State mechanisms to address this challenge. Serious attempts have been made by nations to address this challenge by designing counter-terrorism strategies and anti-terror mechanisms. However, most of these are designed in a conventional paradigm, which might be effective in a conventional terror attack. However, there are limitations when it comes to a terror attack of an unconventional nature.

IT has exposed the user to a huge data bank of information regarding everything and anything. However, it has also added a new dimension to terrorism. Recent reports suggest that the terrorist is also getting equipped to utilise cyber space to carry out terrorist attacks. The possibility of such attacks in future cannot be denied. Terrorism related to cyber is popularly known as cyber terrorism.

In the last couple of decades India has carved a niche for itself in IT. Most of the Indian banking industry and financial institutions have embraced IT to its full optimization. Reports suggest that cyber attacks are understandably directed toward economic and financial institutions. Given the increasing dependency of the Indian economic and financial institutions on IT, a cyber attack against them might lead to an irreparable collapse of our economic structures. And the most frightening thought is the ineffectiveness of reciprocal arrangements or the absence of alternatives.

It is high time, therefore, that an understanding of the nature and effectiveness of cyber attacks making an effort to study and analyse the efforts made by the country to address this challenge and highlight what more could be done.

As the nation became successful in unearthing terrorist networks involved in the recently carried-out terror attacks, the most outstanding feature was the use of the tools of the information age like emails, cell phones, satellite phones etc to stay connected. The worrying aspect was the use of modern gadgets bringing out that the terrorist is not only obsessed with IEDs and AK-47 but has also mastered the use of laptops and tablet PCs to give finesse to his nefarious designs. As terrorist organisations realise its capability and potential for disruptive efforts at lower costs they will become more and more technology-savvy and their strategies and tactics will have a technological orientation. Cyber terrorism is the convergence of terrorism and cyber space. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property or at least cause enough harm to generate fear, attacks that lead to death or bodily injury, explosions, plane crashes, water contamination or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism depending upon their impact.

This is one of the most comprehensive definitions of cyber terrorism. But even this has a limitation. It states that for an attack to qualify as a cyber attack it should incite violence. This is more conventional. Terrorist may direct an attack only to disrupt key services; If they create panic by attacking critical systems/infrastructure there is no need for it to lead to violence. In fact, such attacks can be more dangerous. The most popular weapon in cyber terrorism is the use of computer viruses and worms. That is why in some cases of cyber terrorism it is also called computer terrorism. The attacks or methods on the computer infrastructure can be classified into three different categories. (a) Physical Attack: The computer infrastructure is damaged by using conventional methods like bombs, fire etc. (b) Syntactic Attack: The computer infrastructure is damaged by modifying the logic of the system in order to introduce delay or make the system unpredictable. Computer viruses and Trojans are used in this type of attack. (c) Semantic Attack: This is more treacherous as it exploits the confidence of the user in the system. During the attack the information keyed in the system during entering and exiting the system is modified without the users knowledge in order to induce errors,

Cyber terrorism is not only limited to paralysing computer infrastructures but it has gone far beyond that. It is also the use of computers, Internet and information gateways—to support the traditional forms of terrorism like suicide bombings. Internet and email can be used for organising a terrorist attack also. Most common usage of Internet is by designing and uploading websites on which false propaganda can be pasted. This comes under the category of using technology for psychological warfare.

Tools of Cyber Terrorism

Cyber terrorists use certain tools and methods to unleash this new age terrorism. These are—(a) Hacking: This is the most popular method used by a terrorist. It is a generic term used for any kind of unauthorised access to a computer or a network of computers–some ingredient technologies like packet-sniffing, tempest attack, password cracking and buffer outflow facilitates hacking. (b) Trojans: These programmes pretend to do one thing while actually they are meant for doing something different, like the wooden Trojan Horse of the 1z’ Century BC. (c) Computer Viruses: It is a computer programme, which infects other computer programmes by modifying them. They spread very fast. (d) Computer Worms: The term ‘worm’ in relation to computers is a self-contained programme or a set of programmes that is able to spread functional copies of itself or its segments to other computer systems usually via network connections. (e) E-Mail Related Crime: Usually worms and viruses have to attach themselves to a host of programmes to be injected. Certain emails are used as host by viruses and worms. E-mails are also used for spreading disinformation, threats and defamatory stuff. (f) Denial of Service: These attacks are aimed at denying authorised persons access to a computer or computer network. (g) Cryptology: Terrorists have started using encryption, high frequency encrypted voice/data links etc. It would be a Herculean task to decrypt the information terrorist is sending by using a 512 bit symmetric encryption.


 Cyber Counter-Intelligence

NEED FOR FINESSE


Intelligence is the collection of information from the real world that could be important for our national security. Counter-intelligence is the technique of preventing our ill-wishers from collecting intelligence about us that could weaken our national security. Cyber-intelligence is the collection of intelligence having a bearing on our national security by systematically monitoring the web.

Cyber counter-intelligence is the prevention, detection and neutralisation of attempts by our ill-wishers to weaken our national security by misusing the web for destabilising us. It is also the prevention, detection and neutralisation of attempts by our ill-wishers to penetrate our cyber security architecture for the collection of information about us and for using this capability for disrupting our economy and the fighting capabilities of our armed forces.

The Task Force For the Revamping of the Intelligence Apparatus headed by Gary Saxena, former head of the R&AW, which was set up by the Government of Atal Behari Vajpayee in 2000, had, inter alia, gone into our cyber intelligence and counter-intelligence capabilities and made a set of recommendations.

It had suggested that the Intelligence Bureau (IB) should be given the additional responsibility for cyber intelligence and counter-intelligence. It had also recommended that the IB should be made responsible for all counter-intelligence—whether in the real or virtual world—and that its capabilities in this regard should be further strengthened,

One was given to understand that the NDA Government accepted these recommendations, but gave these new responsibilities for cyber intelligence and counter-intelligence to the National Technical Research Organisation (NTRO), which was set up as a Techint agency on the pattern of the National Security Agency (NSA) of the US.

In the US, the NSA used to have additional responsibility for cyber intelligence and counter-intelligence. Two years ago, it was decided to set up an independent Cyber Command for this purpose, but to place it under the head of the NSA. The NSA and the Cyber Command are separate organisations with separate staff and separate budgets, but they have a common chief.

As a result of the NDA Government’s decision to entrust the responsibility for cyber intelligence and counter-intelligence to the NTRO, we now have the IB dealing with intelligence and counter-intelligence in the real world and the NTRO in the virtual world of the Internet and the social media sites that have come up in recent years.

The recent incidents relating to Psyjihad sought to be waged against us through the Net and its social media sites and mobile telephones by exploiting Muslim anger over the anti-Muslim violence in the Rakhine State of Myanmar and in our Assam State and our incoherent and ill-coordinated reaction to it bring out two serious deficiencies:

  1. The NTRO has not been systematically monitoring the Net and its Social Media Sites for cyber chatter that could have a bearing on our internal and external security in order to sound a wake-up call to the Govt when the contents of the cyber chatter indicate possible attempts at destabilisation. This is clearly evident from the fact that the large number of websites disseminating exaggerated accounts of the anti-Muslim violence with the help of morphed images seems to have been noticed by the NTRO only after the violent incidents in the Azad Maidan of Mumbai on August 11 and the panic departure from South India and Pune of many people from the North-East working and living there. Had these web sites and their false and provocative propaganda been noticed in time, the Government might have been able to take pre-emptive action to prevent the violence and contain the panic.
  2. The NTRO has not yet developed a capability for the identification of suspects who have been misusing the Net and its social media sites for their Psyjihad meant to destabilise us. As a result, one could see over-reaction and an attempt at a disproportionate use of the powers under the existing laws for cyber surveillance. After the surveillance failed initially due to lack of alertness on the part of our agencies, there has been a disproportionate use of the surveillance powers by way of large-scale blocking of web sites and attempted control over social media sites without applying our mind. Instead of targeting our counter-action on the suspects responsible for the Psyjihad, we have been targeting the instruments used by them for their Psyjihad such as Facebook and Twitter. These instruments have benign and malign uses. Our actions should have been targeted against malign uses, but there is an impression that we have been trying to discourage both benign and malign uses in order to deter the use of these sites and instruments even for well-intentioned criticism of the Government and its policies. The misuse by ill-wishers of the country has been sought to be exploited for preventing legitimate uses of the social media networks even by well-wishers of the country.

There is a need for a mid-course correction in the follow-up actions initiated after the recent panic in order to introduce an element of finesse in our cyber intelligence and counter-intelligence architecture and techniques. Target the ill-wishers of the country who have been misusing the Net and the social media sites for nefarious purposes, but don’t target the well-wishers. Make the ill-wishers dysfunctional and not the Net and the social media sites.

The Naresh Chandra Task Force on national security has in its report submitted to the Prime Minister on May 24 devoted a chapter to cyber security. Its chapter on intelligence revamp also contains some important recommendations on this subject. While vetting them, the lessons drawn from our recent experience in handling our existing cyber intelligence and counter-intelligence architecture and techniques should also be taken into consideration in order to see whether any modifications in the recommendations during implementation are called for.

 By B Raman

(The writer is Additional Secretary (retd), Cabinet Secretariat, Govt. of India, New Delhi.)


Cyber Threats

Cyber threats can be categorised based on the perpetrators and their motives, into four parts: cyber espionage, cyber warfare, cyber-terrorism, and cyber crime. Cyber attackers use numerous vulnerabilities in cyberspace to perpetrate these acts. They exploit the weaknesses in software and hardware design through the use of malware. Distributed Denial-of-Service (DDoS) attacks are used to overwhelm the targeted websites. Hacking is a common way of piercing the defences of protected computer systems and interfering with their functioning. Identity theft is also common. The scope and nature of threats and vulnerabilities is multiplying with every passing day.

Cyber Warfare

There is no single definition of cyber warfare but it has been emphasised that states may be attacking the information systems of other countries for espionage and for disrupting their critical infrastructure. The attacks on the websites of Estonia in 2007 and of Georgia in 2008 have been widely reported. Although there is nothing that made one believe about the involvement of a state in these attacks, it is widely believed that in these attacks, non-state actors (e.g. hackers) may have been used by state actors. Since these cyber attacks, the issue of cyber warfare has assumed urgency in the global media. The US has moved swiftly and set up a cyber command within the Strategic Forces Command and revised its military doctrine. In the latest official military doctrine, the US has declared cyberspace to be the fifth dimension of warfare after land, air, oceans and space, and reserved the right to take all actions in response, including military strikes, to respond to cyber attacks against it. It is almost certain that other countries will also respond by adopting similar military doctrines. The issue whether cyber attacks can be termed acts of warfare and whether international law on warfare applies to cyber warfare is being pondered upon grimly. Multilateral discussions are veering around to debating whether there should be rules of behaviour for state actors in cyberspace. The issue becomes extremely complicated because attacks in cyberspace cannot be attributed to an identifiable person and the attacks traverse several computer systems located in multiple countries. The concept of cyber deterrence is also being debated but it is not clear whether cyber deterrence can hold in cyberspace, given the easy involvement of non-state actors and lack of attribution.


Technology Trends

The risks associated with current and anticipated vulnerabilities of, threats to, and attacks against the IT infrastructure provide the rationale for Department of Electronics and Information Technology, Government of India’s strategy. Fast-shifting trends in both technologies and threats make it likely that the security issues of the IT infrastructure will only intensify in the coming years.

Key areas of concern include:

  • The increasing complexity of IT systems and networks, which will present mounting security challenges for both the providers and consumers
  • The evolving nature of the telecommunications infrastructure, as the traditional phone system and IT networks converge into a more unified architecture
  • The expanding wireless connectivity to individual computers and networks, which increases their exposure to attack. In hybrid or all-wireless network environments, the traditional defensive approach of securing the perimeter is not effective because it is increasingly difficult to determine the physical and logical boundaries of networks.
  • The increasing interconnectivity and accessibility of (and consequently, risk to) computer-based systems that are critical to the countrys economy, including supply chain management systems, financial sector networks, and distributed control systems for factories and utilities
  • The breadth and increasingly global nature of the IT supply chain, which will increase opportunities for subversion from attackers within and outside the country.

 


However, a debate is going on between those who believe that cyber warfare is over-hyped and those who believe that the world is heading towards a cyber Armageddon. Both sides have valid arguments, but even as that debate continues, cyber warfare as a construct has become inevitable because the number of countries that are setting up cyber commands is steadily growing. These commands have been accompanied by efforts at developing applicable military doctrines. There is, therefore, a pressing need to think about norms for cyber warfare, whether the laws of armed conflict (LOAC) can be adapted to cyber warfare, and how principles like proportionality and neutrality play out in the cyber domain. Current rules of collective security such as Art. 41 of the UN Charter and Chapter 7 are found wanting in the context of cyber warfare, particularly when it comes to the rapidity of cyber attacks, and the inordinate time it takes for decision making and action under these rules.

Cyber Crime

In the contemporary would, we are witnessing ever-increasing number of people hooked to online service, which provides a happy hunting ground for cyber criminals, with losses due to cyber crime being in billions of dollars worldwide. While other countries are reporting enormous losses to cyber crime, as well as threats to enterprises and critical information infrastructure (CII), there are hardly any such reports coming out of India other than those relating to cyber espionage. Though the report of the National Crime Records Bureau (NCRB) for 2010 reported an increase of 50 per cent in cyber crime over the previous year, the numbers were quite small in absolute terms. The total number of cases registered across various categories was 698; but these low numbers could be because cyber laws have proved ineffective in the face of the complex issues thrown up by Internet.

As a case in point, though the cyber crimes unit of the Bengaluru Police receives over 200 complaints every year, statistics show that only 10 per cent have been solved; a majority of these are yet to be even tried in the courts; and the cases that did reach the courts are yet to reach a verdict since the perpetrators usually reside in third countries. Even though the Information Technology Act (IT Act) 2000 confers extraterritorial jurisdiction on Indian courts and empowers them to take cognizance of offences committed outside India even by foreign nationals provided that such offence involves a computer, computer system or computer network located in India, this has so far existed only on paper. Similarly, there are relatively few reports of Indian companies suffering cyber security breaches of the sort reported elsewhere. Companies attribute this to the primacy placed on information assurance in the outsourcing business. Industry bodies such as the National Association of Software and Services Companies (NASSCOM) also attribute this to the fact that they have been at the forefront of spreading information security awareness amongst their constituents, with initiatives such as the establishment of the Data Security Council of India (DSCI) and the National Skills Registry.


 THE ESSENTIAL ACTIONS UNDER NATIONAL CYBER ALERT SYSTEM INCLUDE


  • Identification of focal points in the critical infrastructure
  • Establish a public-private architecture for responding to national – level cyber incidents
  • Tactical and strategic analysis of cyber attacks and vulnerability assessments;
  • Expand the Cyber Warning and Information Network to support the role of Government in coordinating crisis management for cyberspace security;
  • Improve national incident response capabilities (CERT-In and Sectoral CERTs)
  • Exercise cyber security continuity plans and drills

The Indian government has also aided these initiatives in a variety of ways, including deputing a senior police officer to NASSCOM to work on cyber security issues, keeping the needs of the outsourcing industry in mind. That said, cyberspace is increasingly being used for various criminal activities and different types of cyber crimes, causing huge financial losses to both businesses and individuals. Organised crime mafia have been drawn to cyberspace, and this is being reflected in cyber crimes gradually shifting from random attacks to direct (targeted) attacks. A cyber underground economy is flourishing, based on an ecosystem facilitated by exploitation of zero-day vulnerabilities, attack tool kits and botnets.

The vast amounts of money lubricating this ecosystem is leading to increased sophistication of malicious codes such as worms and trojans. The creation of sophisticated information-stealing malware is facilitated by toolkits such as ZueS, which are sold on Internet for a few thousands of dollars. At the other extreme, components of critical infrastructure such as Programmable Logic Control (PLC) and Supervisory Control and Data Acquisition (SCADA) systems were targeted by the Stuxnet malware that attacked supposedly secure Iranian nuclear facilities. Stuxnet exploited five distinct zero-day vulnerabilities in desktop systems, apart from vulnerabilities in PLC systems, and exposed the grave threat to critical infrastructure such as nuclear plants and other critical infrastructure.

Cyber criminals are using innovative social engineering techniques through spam, phishing and social networking sites to steal sensitive user information to conduct various crimes, ranging from abuse to financial frauds to cyber espionage. While large enterprises are ploughing more resources into digital security, it is the small enterprises and individuals that are falling prey to cyber crime, as evinced by the increasing number of complaints on consumer complaint forums.


 Creation and Augmentation of Response Capabilities


 

Augmentation of Indian Computer Emergency Response Team (CERT-In): CERT-In is operational since January 2004 and is catering to the security needs of Indian Cyber community, especially the Critical Information Infrastructure. In line with the expectation of the user community and various stake holders, there is a need to augment the facilities at CERT-In in terms of Manpower, Communication systems, tools, etc. for vulnerability prediction, analysis & mitigation, Cyber forensics/artifact analysis, Cyber space monitoring & interception Capabilities and Critical information infrastructure Security health check. The National Information Board and National Security Council have endorsed the need for augmentation of facilities at CERT-In.

Creation/augmentation of Sectoral CERTs: For an effective National Cyber Security Alert System, there is a need to create sectoral CERTs to cater to the very specific domain needs of different sectors. In this direction sectoral CERTs have been established by Army, Air force and Navy in Defense sector, IDRBT in Finance sector. But the facilities of these sectoral CERTs are at primitive levels and need to be augmented to meet the needs of respective sectors. Similarity sectoral CERTs with state-of-the-art facilities need to be created in other critical sectors such as Aviation, Energy, Telecommunication, Railways etc.


Cyber Espionage

The examples of cyber espionage are quite evident, with regular reports of thousands of megabytes of data and intellectual property worth millions being exfiltrated from the websites of both government and private enterprises. While government websites in India have been hacked, the private sector claims that it has not been similarly affected. It may also be that theft of intellectual property from private enterprises is not an issue here because R&D expenditure in India is only 0.7 per cent of GDP, with government expenditure accounting for 70 per cent of that figure. Companies are also reluctant to disclose any attacks and exfiltration of data, both because they could be held liable by their clients and also because they may suffer a resultant loss of confidence of the public.

As far as infiltration of government websites is concerned, cyber espionage has all but made the Official Secrets Act, 1923 redundant, with even the computers in the government’s sensitive departments being accessed, according to reports. The multiplicity of malevolent actors, ranging from state-sponsored to hactivists, makes attribution difficult. The government currently can only establish measures and protocols to ensure confidentiality, integrity and availability (CIA) of data. Law enforcement and intelligence agencies have asked their governments for legal and operational backing in their efforts to secure sensitive websites and to go on the offensive against cyber spies and cyber criminals who are often acting in tandem with each other.

In the current climate of elevated risk created by the vulnerabilities of and threats to the Nations IT infrastructure, cyber security is not just a paperwork drill. Adversaries are capable of launching harmful attacks on IT systems, networks, and information assets. Such attacks could damage both the IT infrastructure and other critical infrastructures. Cyber security is slowly gaining wider adoption in many consumer products for a variety of reasons, due to appreciation of consequences of insecurity, the need for developing secure products, performance and cost penalties, improved user convenience, need for implementing and consistently maintaining security practices, and importance of assessing the value of security improvements. But consumer and enterprise concerns have been heightened by increasingly sophisticated hacker attacks and identity thefts, warnings of a cyber terrorism, and the pervasiveness of IT uses. Consequently, many in the industry and critical infrastructure organizations have come to recognize that their continued ability to gain consumer confidence will depend on improved software development, systems engineering practices and the adoption of strengthened security models and best practices.

In order to highlight the growing threat to information security in India and focus related actions, Government had set up an Inter Departmental Information Security Task Force (ISTF) with National Security Council as the nodal agency. The Task Force studied and deliberated on the issues such as

  • National Information Security Threat Perceptions
  • Critical Minimum Infrastructure to be protected
  • Ways and means of ensuring Information Security including identification of relevant technologies
  • Legal procedures required to ensure Information Security
  • Awareness, Training and Research in Information Security

      In line with the recommendations of the ISTF, the following initiatives have been taken by the Government:

  • Indian Computer Emergency Response Team (CERT-In) has been established to respond to the cyber security incidents and take steps to prevent recurrence of the same
  • PKI infrastructure has been set up to support implementation of Information Technology Act and promote use of Digital Signatures
  • Government has been supporting R&D activities through premier Academic and Public Sector Institutions in the country
  • Information Security Policy Assurance Framework for the protection of Government cyberspace and critical infrastructure has been developed.
  • The Government has mandated implementation of Security Policy in accordance with the Information Security Standard ISO 27001
  • Currently in India 246 organisations have obtained certification against the Information Security Standard ISO 27001 as against total number of 2814 ISMS certificates issued worldwide. Majority of ISMS certificates issued in India belong to IT/ITES/BPO sectors.
  • Security Auditors have been empanelled for auditing, including vulnerability assessment & penetration testing of computer systems & networks of various organizations of the government, critical infrastructure organizations and those in other sectors of the Indian economy. Nationwide Information Security Education and Awareness Program has been launched.

The IT infrastructures significance to the country has gained visibility in the recent years due to cyber attacks and rapid growth in identity theft and financial frauds. These events have made it increasingly clear that the security of the IT infrastructure has become a key strategic interest to the government. Although the industry now making investments in security-related infrastructure, their actions are directed primarily at short-term efforts driven by market demands to address immediate security problems. The government has a different but equally important role to play in cyber security assurance in the form of long-term strategies. In this direction, the deliberations of the National Information Board (NIB), National Security Council (NSC) have stressed the importance of a national strategy on cyber security, development of national capabilities for ensuring adequate protection of critical information infrastructures including rapid response and remediation to security incidents, long-term investments in infrastructure facilities, capacity building and R&D. Governments responsibilities in long-term investment and fundamental research will enable development of new concepts, technologies, infrastructure prototypes, and trained personnel needed to spur on next-generation security solutions.

Hence, the above points make it amply clear that we need to develop cyber infrastructures; the IT infrastructure enables large-scale processes throughout the economy, facilitating complex interactions among systems across global networks. Their interactions propel innovation in industrial design and manufacturing, e-commerce, e-governance, communications, and many other economic sectors. The IT infrastructure provides for the processing, transmission, and storage of vast amounts of vital information used in every domain of society, and it enables government agencies to rapidly interact with each other as well as with industry, citizens, state and local governments, and the governments of other nations.

Understanding the threat of cyber warfare and developing capacity for offensive actions in this domain is mandatory. Nations, non-state actors, terrorist groups and individuals pose a challenge to growth, which is increasingly going to be dependent on the cyber security. Cyber warfare will also be central to any hostile or conflict situation. Clearly defined objectives and national doctrine in this regard along with supporting structures and matching capabilities are thus inescapable.

By Sudhanshu Jain

 

 

 

 

 

 

 

 

Comments are closed here.

Archives

Categories