CYBER SECURITY THREATS AND GOVERNMENT INITIATIVES

Context: In July 2021, reports based on forensic analysis by Amnesty International's Security Lab revealed Pegasus spyware, developed by NSO Group, was used to target activists, journalists, and politicians in India and across the globe. Pegasus exploits vulnerabilities in smartphones to gain access to data including messages, calls, and location.

What is Pegasus Spyware?

1. Definition: Pegasus is a highly advanced spyware. It can extract data from the mobile phones, record calls, and secretly activate microphones and cameras.
2. Capabilities: Pegasus can infect a phone through a link or even without the user's interaction, making it exceptionally stealthy and dangerous.

Allegations Related to Pegasus

1. Global & India's Concern: Reports in 2021 revealed that Pegasus was allegedly used by various governments to spy on journalists, activists, politicians, and other public figures worldwide.

Steps Taken to Address the Issue

1. Investigative Committee: The Supreme Court of India set up an expert committee to investigate the allegations of Pegasus use in India.
2. Global Awareness: The revelations led to increased global awareness and calls for regulating the sale and use of such spyware.

Challenges

1. Balancing Security and Privacy: Finding a balance between national security needs and individual privacy rights is challenging.
2. Technical Complexity: The advanced nature of spyware like Pegasus makes detection and prevention difficult.
3. International Jurisdiction Issues: Different countries have varying laws, making international cooperation complex.

Solutions:

1. Stronger Cybersecurity Laws: There's a need for robust laws to regulate the use and trade of spyware, ensuring accountability and transparency.
2. International Cooperation: Global norms and treaties to control cyber surveillance tools like Pegasus are essential.
3. Enhanced Digital Literacy: Educating citizens about cybersecurity and ways to protect against spyware.

Conclusion

The Pegasus spyware case highlights the need for strict cybersecurity measures and international cooperation to protect individual privacy rights. While governments may need surveillance tools for security, there must be clear laws and oversight to prevent abuse. The challenge lies in creating a global consensus on the use of such technologies while respecting individual rights and national sovereignty.

Cyber-attack on AIIMS Delhi in November 2022, disrupting patient care services.

Significant Cyber Attack: Ransomware encrypts a victim's computer files or systems, demanding payment (usually in cryptocurrency) for decryption. Ransomware attacks can disrupt critical infrastructure, businesses, and healthcare institutions, causing significant financial losses, operational disruptions, and data breaches.

1. Contemporary Example: In November 2022, a ransomware attack on AIIMS Delhi disrupted hospital operations and patient care for several hours, highlighting the vulnerability of healthcare systems.
2. Shift to Manual Operation: Following the attack, the institute had to revert to manual operations, highlighting vulnerabilities in digital healthcare systems.

Issues and Challenges

1. Healthcare Vulnerability: Critical healthcare services like AIIMS are particularly vulnerable to such attacks.
2. Data Security: Concerns about the safety of sensitive patient data.
3. Operational Disruption: Affects critical patient services, leading to delays and inefficiencies.
4. Digitalization Risks: Increased dependency on digital platforms raises the risk of major disruptions due to cyber-attacks.

Solutions:

1. Need for Robust Cybersecurity: The attack underscores the importance of strong cybersecurity measures, especially in critical public service sectors like healthcare.
2. Balancing Digitalization and Security: While digitalization offers efficiency and convenience, it also necessitates stronger security protocols to protect against such threats.
3. Collective Responsibility: Ensuring cybersecurity is not just a governmental task but also requires awareness and preventive measures by organizations and individuals.

Other Emerging Cyber Threats

1. Deep Fakes

1. Description: AI-generated synthetic media used to create fake videos or audio recordings.
2. Purpose: Used for disinformation or fraud.
3. Risk: Potential to manipulate public opinion or commit identity fraud.

2. Supply Chain Attacks

1.  Target: Exploiting vulnerabilities in third party software or services.
2.  Objective: Gain unauthorized access to an organization’s systems.
3.  Consequence: Breaches can lead to widespread disruption and data theft.

3. Internet of Things (IoT) Security

1. Concern: IoT devices often lack robust security protocols.
2. Vulnerability: Susceptible to attacks disrupting smart homes, cities, and critical infrastructure.
3. Challenge: Ensuring security in the rapidly expanding IoT landscape.

Government Initiatives for Cyber Security

1. National Cyber Security Strategy 2020

    Focus: Comprehensive roadmap for cyber security preparedness and response.

    Elements: Includes awareness, prevention, detection, response, and recovery.

2. Cyber Suraksha Kendra

    Role: Provides cyber security awareness and training.

    Aim: Promote cyber hygiene and best practices among individuals and organizations.

3. National Critical Infrastructure Protection Centre (NCIPC)

    Function: Monitors and protects critical infrastructure from cyber threats.

    Collaboration: Works with sector specific agencies for coordinated defense.

4. Cyber Crime Coordination Centre (C4C)

    Purpose: Facilitates interagency coordination in investigating cybercrimes.

    Goal: Ensure efficient response and prosecution of cybercrimes.

5. National Security Council Secretariat (NSCS)

    Responsibility: Oversees national cybersecurity policy and strategy.

   Advisory Role: Advises the government on strategic cybersecurity decisions and coordinates with relevant   stakeholders.

6. Establishment of CERT-In: The Indian Computer Emergency Response Team (CERTIn) is the primary national agency for responding to cyber security incidents. It plays a crucial role in strengthening India's cyber defense by issuing guidelines, advisories, and handling cybersecurity incidents.

7. Information Technology (Amendment) Act, 2023: This act empowers CERTIn with more authority to investigate and monitor cybercrimes. It also includes provisions for data protection and privacy, making it a key legislative tool in combating cyber threats.

Conclusion: These steps by the Indian government show a comprehensive approach towards securing the nation’s cyberspace, balancing preventive and reactive measures, and focusing on both technological advancements and public awareness.

Must Check: Best IAS Coaching In Delhi