With the lines between the physical and digital realms blurring rapidly, every critical infrastructure, from transportation, power and banking systems, has become extremely vulnerable to cyber-attacks from hostile state and non-state actors.
Data show that over 75% of Indian organisations have faced ransomware attacks, with each breach costing an average of ₹35 crore of damage.
The recent case is that of the ransomware attack on the servers of India’s premium institute, the All India Institute of Medical Sciences when nearly 40 million health records were compromised. Soon afterwards, a ransomware gang, BlackCat, breached the parent company of Solar Industries Limited, one of the Ministry of Defence’s ammunition and explosives manufacturers, and extracted over 2 Terabyte of data.
Though the challenges of cyber security are more or less the same for most countries, India faces some specific issues such as:
- 1. Most organisations lack the tools to identify cyberattacks hence, making the prevention tough.
- 2. India also faces an acute scarcity of cybersecurity professionals. India is projected to have a total workforce of around 3,00,000 people in this sector in contrast to the 1.2 million people in the United States.
- 3. Most of our organisations are in the private sector, and their participation remains limited in India’s cybersecurity structures.
- 4. India’s internet base is expanding, with over 900 internet users anticipated by 2025. With the development of digital technology, cybercrimes are becoming more sophisticated as well.
- 1. In 2022, the Indian Computer Emergency Response Team (CERT-In), which is India’s cybersecurity agency, introduced a set of guidelines for organisations to comply with when connected to the digital realm. This included the mandatory obligation to report cyberattack incidents within hours of identifying them, and designating a pointsperson with domain knowledge to interact with CERT-In.
- 2. India’s draft Digital Personal Protection Bill 2022 proposes a penalty of up to ₹500 crore for data breaches.
- 3. Cyber capabilities are also playing a pivotal role, as seen in the ongoing conflict in Ukraine, where electronic systems in warheads, radars and communication devices have reportedly been rendered ineffective using hacking and GPS jamming. Hence, India’s armed forces created a Defence Cyber Agency (DCyA), capable of offensive and defensive manoeuvres.
- 4. All Indian States have their own cyber command and control centres.
- 5. A cyber and information security division operates under the aegis of the Ministry of home affairs which deals with matters relating to Cyber Security, Cyber Crime, National Information Security Policy & Guidelines (NISPG), and implementation of NISPG, NATGRID, etc.
With the introduction of 5G and the arrival of quantum computing, the potency of malicious software, and avenues for digital security breaches would only increase.
Private organisations must be advised to look at the Digital Geneva Convention, where over 30 global companies have signed a declaration to protect users and customers from cyber breaches, and collaborate with like-minded intergovernmental and state frameworks.
With cyber threats capable of undermining our critical infrastructure, industry and security, a comprehensive Cyber- Security Policy is the need of the hour.