QUESTION : Several high-profile cyberattacks can be observed across the world and they have exposed vulnerabilities in the critical infrastructure of even advanced nations. In light of this, critically examine the challenges posed by cyberattacks and suggest some key measures to deal.
THE WORLD IS HARDLY WIRED FOR CYBER RESILIENCE
WHAT ?
Cyber Attacks And Cyber Security
WHY IN NEWS ?
A string of high-profile cyber attacks in recent months has exposed vulnerabilities in the critical infrastructure of even advanced nations.
• This has reinforced the need for improved defences against actual, and potential, cyberattacks by all countries across continents.
INCREASING THE FREQUENCY OF CYBER ATTACKS GLOBALLY :
• Recently a major cyberattack headlined ‘SolarWinds’ involved data breaches across several wings of the U.S. government, including defence, energy and state.
• An audacious ransomware attack by Russia/East Europe-based cybercriminals, styled DarkSide, on Colonial Pipeline (which is the main supplier of oil to the U.S. East Coast), compelled the company to temporarily shut down operations.
o The siege was lifted after Colonial Pipeline paid out several million dollars as ransom to unlock its computers and release its files.
• There are reports of the ransom being received in bitcoins which was later seized by the U.S government.
CHALLENGES FOR CYBERSECURITY :
• Huge amount of data: Reportedly, we create more than three quintillion bytes of data everyday with several billion devices interconnected to billions of end point devices exchanging petabytes of sensitive data, on the network.
• Civilian targets: Obviously cyber, which is often referred to as the fifth domain/dimension of warfare, is now largely being employed against civilian targets, bringing the war into our homes.
• Obsession with protection of military targets and critical : Most nations have been concentrating till date mainly on erecting cyber defences to protect military and strategic targets, but this will now need to change.
o The obsession of military cyber planners has been to erect defences against software vulnerabilities referred to as ‘Zero-day’, that had the capability to cripple a system and could lie undetected for a long time. E.g. Stuxnet, which almost crippled Iran’s uranium enrichment programme some years back.
o A whole new market currently exists for Zero day software outside the military domain.
• Distinction between military and civilian targets is increasingly getting erased and the consequences of this could be indeterminate.
o For instance, the 2012 cyberattack on Aramco, employing the Shamoon virus, has ever since been one reason for the very frosty relations between different countries in West Asia and the Gulf region.
• Damaging methodologies: In the civilian domain, two key manifestations of the ‘cat and mouse game’ of cyber warfare today, are ransomware and phishing, including spear phishing.
o Cybercriminals are becoming more sophisticated, and are now engaged in stealing sensitive data in targeted computers before launching a ransomware attack. This is resulting in a kind of ‘double jeopardy’ for the targeted victim.
o India figures prominently in this list, being one of the most affected.
• Threat to economy and industry: The recovery cost from the impact of a ransomware attack — in India, for example, has tripled.
o Mid-sized companies today face a catastrophic situation, if attacked, and may even have to cease operations.
o Banking and financial services were most prone to ransomware attacks till date, but oil, electricity grids, and lately, health care, have begun to figure prominently.
• Attack on health care: Compromised ‘health information’ is proving to be a vital commodity for use by cybercriminals.
o All indications are that cybercriminals are increasingly targeting a nation’s health-care system and trying to gain access to patients’ data.
o The available data aggravates the risk not only to the individual but also to entire communities.
• Motivation factors for cyber attacks: For some nation states, the motivation is geopolitical transformation;
o for cybercriminals, it is increased profits;
o for terror groups, the motivation remains much the same, but the risk factor may be lower.
o For industry, it is ‘insider threats’ — due to discontent with the management or for personal reasons — that could well become an omnipotent reality.
NEED FOR DATA PROTECTION :
• Cybersecurity essentially hinges on data protection. The data life cycle can broadly be classified into
o data at rest (when it is being created and stored),
o data in motion (when it is being transmitted across insecure and uncontrolled networks), and data in use (when it is being consumed).
• Constant exposure lends itself to ever increasing data thefts and abuse.
What is Cyber Security?
• It is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
• There are 4 main types of threat to cyber security:
1. Cyber espionage: It is an Intelligence gathering and data theft activity. The data theft will occur without the user’s permission/knowledge.
2. Cyber warfare: It refers to the use of digital attacks (like computer viruses and hacking) by one country to disrupt the computers or information networks of another country.
3. Cyber terrorism: It refers to the convergence of terrorism and cyberspace. In this, the terrorists will use the internet to conduct violent activities such as threats, loss of life etc. Terrorists will use cyberspace to achieve their political and ideological gains.
4. Cyber crime: It is any criminal activity that involves a computer, networked device or a computer network.
Few recent examples of cyber attacks in India
Global Cyber Security Index 2018 positioned India at 23rd place globally. The report mentioned India’s vulnerability to cyber-attacks. Some of the examples of cyber attacks are:
1. A Goldman Sachs backed firm Cyfirma has reported that Chinese hacker group APT 10 (also known as Stone Panda) had allegedly attacked the Covid-19 vaccine manufacturers in India. Cyfirma has also mentioned that there were links between the Chinese government and Stone Panda.
2. In November 2020 Microsoft detected cyber attacks from Russia and North Korea. Microsoft mentioned that these attacks were targeting the Covid-19 vaccine companies in India, France, Canada, South Korea and the United States.
3. Similarly, in February 2021, a US-based cyber company had mentioned about the Chinese group called Red Echo. They cautioned that Red Echo was using malware called ShadowPad to target India’s power sector.
WAY FORWARD :
• ‘Zero Trust Based Environment’: With mobile and cloud computing expanding rapidly, and also given the nature of the on-going pandemic, cybersecurity professionals are now engaged in building a ‘Zero Trust
Based Environment’.
o It means zero trust on end point devices, zero trust on identity, and zero trust on the network to protect all sensitive data.
• Building deep technology in cyber is essential. New technologies such as artificial intelligence, Machine learning and quantum computing, also present new opportunities.
• Awareness in industry: Pressure also needs to be put on officials in the public domain, as also company boards, to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.
• Coordination Enhancement: There is a need to improve coordination at international, national, state and local levels. An important step in this regard could be the signing of the Budapest Convention on Cyber-crime by the Indian government.
• Robust Training of law enforcement agencies is the need of the hour. The government will have to provide continuous, robust and effective training to law enforcement agencies and individuals with a special focus on cyber security and safe internet handling techniques.
• Infrastructure Development: This would involve creating more cyber cells, cyber courts and cyber forensic labs so that the violators are duly punished.
• Inculcating Digital Literacy: This can be done by addressing the vulnerabilities of the masses towards cyber offences.
• Responsibility on Service providers: Website owners must be made more cautious towards traffic on their sites and report any irregularity. This will ensure large scale data collection on cyber attacks. These data can be used to create a new cyber security strategy in future.
• Amending of the Information Technology Act: There is a need to put a legal responsibility on companies to conduct regular cyber security audits. For that, the IT Act can be amended to include mandatory cyber security audit by independent agencies.
CONCLUSION :
The recent pandemic has once again shown the importance of cyberspace for mankind. Considering the need for cyber security the government needs to fast pace the National Cyber Security Strategy 2020 and its implementation.
QUESTION : “There has been a clamour for expanding G7 and India is being considered as one of the prospective candidates in the expanded group.” Analyse this given statement
AN ELITE CLUB
WHAT ?
India And G-7 Summit
WHY IN NEWS ?
The recent meeting of G7 countries was attended by India as a guest country. The meeting provided a template for Indian engagement with the West based on shared democratic values and mutual cooperation.
BACKGROUND :
• The recent summit of G7 countries took place in Cornwall, England from 11-13th June 2021. India, Australia, South Korea, and South Africa were invited as guest countries for the Summit.
• A joint statement on Open Societies was adopted. The statement reaffirms and encourages the values of freedom of expression, both online and offline.
It recognizes freedom as a virtue for safeguarding democracy and allowing people to live free from fear and oppression
ABOUT G-7 :
o It is an intergovernmental organisation that was formed in 1975.
o The bloc meets annually to discuss issues of common interest like global economic governance, international security and energy policy.
o The G-7 does not have a formal constitution or a fixed headquarters. The decisions taken by leaders during annual summits are non-binding.
o G-7 is a bloc of industrialized democracies i.e. France, Germany, Italy, the United Kingdom, Japan, the United States, and Canada.
o The G7 was known as the ‘G8’ for several years after the original seven were joined by Russia in 1997.
o The Group returned to being called G7 after Russia was expelled as a member in 2014 following the latter’s annexation of the Crimea region of Ukraine
SIGNIFICANCE OF THE G-7 MEETING :
• Indian Participation shows it is a natural ally of the G-7 and its partners. Further, laying emphasis on shared democratic values that bind India with the West shows a greater willingness to cooperate with India.
• The summit can be seen as the beginning of institutionalization of India’s cooperation with the West.
• The joint statement on open societies shows a willingness to construct an alliance of democratic countries. This can be leveraged as a common platform to counter China’s assertiveness over India and the western countries.
• It also shows the revived importance of the grouping in comparison to the G20. The revival has been on account of China’s rise in the global economic order and rising U.S-China and U.S-Russia rivalry.
RELATIONS BETWEEN INDIA AND WEST :
• India and U.S: The relations were not very conducive during the Cold War. The 1998 nuclear test saw the imposition of sanctions by the U.S over India.
o However, prudent efforts have been made since 1998 to improve the relations based on the shared commitment to democratic values.
o The Indian government supported the U.S’s initiative on building a global community of democracies. It later joined the Bush Administration in promoting a Global Democracy Fund at the UN.
o The recent deterioration of US-China and Indo-China relations induced both countries to further improve their bilateral relations.
• India and Europe: The improvement in Indo-U.S relations didn’t automatically compute into broader warmth towards the West.
o However, this position began to change in the last few years, as Delhi embarked on an expansive engagement with Europe.
CHALLENGES FACED BY G-7 MEMBERS :
1. There are a number of disagreements in the Group of 7 internally, e.g. clash of the USA with other members over taxes on imports and action on climate change.
2. It is also facing a challenge from fast-growing emerging economies like India and Brazil are not members of the G7. However, In 1999, G20 was formed to bring more countries on board to address global economic concerns. You can know in detail about the G-20 summits in the link provided here.
3. G7 The organization has also been criticized for not reflecting the current state of global politics or economics.
4. Non-Binding nature: Unlike other bodies such as NATO, the G7 has no legal existence or a permanent secretariat. Further, the meeting commitments are non-binding in nature.All decisions and commitments made at G7 meetings need to be ratified independently by governing bodies of member states.
5. Failed in tackling global problems : G7 accounts for 59% of historical CO2 emissions and pledged to phase out fossil fuels.
Yet there is no visible progress of the same, and they currently account for twice the CO2 emission than African continent.
In terms of terrorism, ISIS has thousands of fighters from G7 countries.
The West Asian crisis in Syria, Yemen, Iraq led to a migrant exodus towards the European nations. G7 nations failed in addressing this migrant crisis, leading to deaths and inhumane statelessness for millions.
WAY FORWARD :
• The grouping can be used to reorient global supply chains and reduce dependency on Chinese products. It can be used to initiate a fresh inquiry into the origins of the Covid-19 pandemic in China.
• India should participate in the grouping for ensuring a peaceful Indo-Pacific, mitigating climate change and prudently managing the Covid-19 pandemic.
• Further, there is a need for sustained consultations based on democratic values between India and the West over new challenges posed by digital technologies. This includes radicalization, disinformation, electoral interference, cyberattacks, and the role of large social media companies.
• The grouping needs expansion to reflect the current geopolitical reality. It can be converted to G 11 with the inclusion of India, Australia, South Korea, and Russia.
• The G7 countries should expeditiously fulfill their commitment to supply one billion doses of Covid-19 vaccines to poor and middle-income countries. The doses would be supplied as part of a campaign to “vaccinate the world” by the end of 2022.
• The grouping requires a G7 charter and a permanent secretariat for the organisation. It must realise that global interdependence cannot be managed without global public goods.
CONCLUSION :
The grouping should become more representative in nature and emerging economies like India and South Korea must be made a part of the group. The new principles and policies of the group should reflect a global outlook rather than merely focusing on the myopic interests of the developed world. This would result in prudent tackling of global problems like climate change and the Covid-19 pandemic.
हिन्दी