Cyber Security scenario of India

Er. Neeraj Dubey
In this global world of communication, the Internet has proved to be a powerful force for good. Within 20 years it has expanded from almost nothing to a key component of critical national infrastructure and a driver of innovation and economic growth. It facilitates the spread of information, news and culture. It underpins communications and social networks across the world. A return to a world without the internet is now hardly conceivable. Among top 20 countries with highest number of internet users, India is at 3rd position with an estimated 110 million internet users. As per the background note furnished by the department, the risks in cyber space are manifold. They threaten personal data security-that is to say, they may undermine the individual’s ability to control the information that they have entered into or stored on connective devices such as PCs, mobile telephones, or databases operated by commercial organizations, Government agencies and others. Victims typically suffer financial loss through fraud, though in cases of identity theft they may also suffer loss of reputation, or, in extreme cases, may be accused of crimes they did not commit. Online risks may also impact upon personal safety – it means that they may lead to direct physical or psychological harm to the individual, while even adults who injudiciously disclose personal information online have found that their personal physical safety has been compromised and abused. As of now, it can be said that the benefits, costs and dangers of the internet, are poorly understood and appreciated by the general public. The key contributors to online risks for an individual can be summarized as follows:-  Lack of knowledge, carelessness, un-intentional exposure of or by others, flaws in technology. In keeping with the general trend of growth of information technology worldwide, in India too there has been tremendous growth in use of information technology in all walks of life. As a result, today Indian cyber threat landscape, like other parts of the world, has seen a significant increase in spam & phishing activities, virus and worm infections, spread of bot infected systems. The rate of computer infections and spam & phishing activities in the country keep fluctuating, making India figure among the active sources, as is generally seen in developed economies with high rate of IT usage. Most of the Internet frauds reported in the country are relating to phishing, usage of stolen credit cards / debit Cards, unauthorized fraudulent real time gross settlement (RTGS) transactions, fictitious offers of funds transfer, remittance towards participation in lottery, money circulation schemes and other fictitious offers of cheap funds etc. When the Committee desired to know the mode of occurrence and prevention of various types of cyber-crimes existing/emerging around the world and in our country, the department in their written reply, furnished the following information regarding type of crime, its definition, mechanism in which it is carried out and how it can be prevented. The common internet attacks now days are like: cyber stalking, intellectual property crime, e-mail bombing, personal data theft, identity theft, phishing, spoofing, virus, worms & trojans. There have been cyber attacks on the government, public sector and private sector IT infrastructures like website defacements, intrusions, network probing, and targeted attacks to steal some information, identity theft (phishing) and disruption of services. More than 100,000 viruses/worms variants are reported to be propagated on the net on a daily basis, of which 10,000 are new and unique. The infrastructure hosting, collecting and propagating malicious activities are offered on lease / rent basis. As per the information provided by the department for the last five years the number of reported incidents of website compromise has grown 5.5 times and India is today among the first five countries with respect to spam mail. Based on the incidents reported to CERT-In in the past five years (2007-12) the phishing incidents have increased from 392 to 887 and in the year 2013 (till February), a total of 110 phishing incidents have been observed. On the increasing threat in cyber space and the Government’s action plan to tackle the issue, the secretary, department of electronics and information technology, during the course of evidence submitted that 20 different categories of threats looming around us and against which we have to protect the whole cyber space. Again, as you have rightly pointed out, a number of reported crimes and the number of reported incidents are on the increase year to year. That has led the Government to come out with an overall framework for the National Cyber Security and also a specific policy. While the framework is cross-cutting in nature, it applies across several major ministries and sector. So, that is being looked after by the National Security Council Secretariat (NSCS) whereas the Cyber Security Policy is the responsibility of the Department of Information Technology. When the Committee desired to know the quantum of financial loss to the country due to cyber-attack/fraud in last five years, the Department, in their written reply, stated that according to Reserve Bank of India (RBI), the number of fraud cases as reported by banks on account of ATM Debit Cards / Credit Cards / Internet have decreased from 15018 (in 2010) to 8322 (in 2012). However, the amount involved had increased from Rs. 40.48 crore in the year 2010 to Rs. 52.66 crore in the year 2012. The Department had repetitively submitted that there is shortfall of cyber auditors/experts/IT skill in the country and therefore, their HRD activities are targeted to ensure availability of trained human resources for the manufacturing and service sectors of electronics and IT industry. For everything, we need skilled manpower because the country is large and our problems are different and complex. So, a continuous programme of capacity building and training is going on. So far 42,000 students of engineering and computer sciences have been taken through a special course, short-term and medium-term course as they are doing their B.Tech., M.Tech., or Ph.D; this course was also done side-by-side by them in a programme called IESA. The Department of Electronics and Information Technology (DeitY) has informed that it has set up a Sub-Group on Cyber Security for 12th Five Year Plan on Information Technology Sector, consisting of various experts/ representatives from academic and R&D organizations, Industry and user agencies, which has deliberated on various issues related to Cyber Security R&D and has identified key priorities for R&D which inter-alia include to carry out innovative R&D with focus on basic research, technology development and demonstration, setting up test-beds, transition, diffusion and commercialization leading to widespread deployment in the field to enhance security of cyber space in the country.
The author is  Sr. Faculty – (C.S.E) (GCET – Jammu