Securing India in Cyber Space

The past and the current years have been dominated by the Covid-19 pandemic, which brought a lot of distress around the world. However, the pandemic has also led to a significantly higher adoption of digital technologies in almost all aspects of our lives and livelihoods.

As most of the activities have shifted to online mode in the post-pandemic world, there is also a surge in cyber-attacks. The cyber incidents will keep on growing as we move towards more and more digitization. The attackers are targeting a wide spectrum of users, from individuals to corporate organizations and government assets. They are devising new strategies to target victims with scams or malware campaigns.

Threat landscape
Cyber threat landscapes generally prioritize corporate and governmental network assets as high priorities. However, personal devices and accounts have also come under sophisticated cyber-attacks. This is partly due to the increased adoption of work from home, online education, telemedicine, etc., which have provided bad actors with more opportunities to prey on remote workers, students, patients, etc. Breach or loss of sensitive personal, medical and financial data of the users from both corporate networks and at individual level has emerged as a big risk due to these increasingly sophisticated cyber-attacks.

Therefore, today’s threat landscape must now include personal computing assets as high-risk and high-value targets, due to the sensitive data being accessed outside of the traditional protection of corporate networks.

Increasing adoption of the fourth industrial revolution technologies, including the fast-expanding Internet of Things (IoT) and Internet of Systems (IoS) has exposed devices to cyberattacks that a few years ago would not have been included in most threat landscape models. For example, modern farming equipment incorporate large amounts of technologies—including data centers, networks, satellites and even artificial intelligence (AI)—to allow farmers to more efficiently manage agriculture. These are all now vulnerable to cyber-attacks.

While some technologies such as social media and wireless technologies have long been incorporated in threat models, the levels of risk have risen in recent times as a greater number of individuals use social media platforms.

Strategies and solutions
Understanding today’s threat landscape is critical for developing strategies and solutions to establish a strong cybersecurity framework. The adoption of new innovations creates an environment where threat landscapes can change quickly.

It is critical for both organizations and individuals to not become complacent and always remain vigilant, regularly defending their threat landscape. While there are multiple threats today for homes and businesses, we must develop strategies to better protect ourselves from these threats while identifying future ones.

The digital payments ecosystem of the country has been a striking example of innovations and experimentations. The digital backbone has enabled faster, real time and open payment system in the country. Security of the digital payment systems has become a top priority now.

Artificial intelligence (AI) and machine learning (ML) applications are being embedded into the cyber suite of offerings—especially in security intelligence, detection and response (IDR), end point security detection and response (EDR).

Capacity building in the cyber security domain is the key to strengthen cyber space. Industry and academia need to join with the government to build a strong cyber security ecosystem in the country. These efforts will help in making India a destination for innovation and act as an investment magnet. Deep technology innovations such as IoT, Blockchain, AI and ML etc., will lead India to emerge as a global innovation hub.

MeitY has come out with a scheme called Preferential Market Access (PMA) with the intent to create a conducive environment for the Indian security product companies. I would like to call upon the cybersecurity leaders from the industry to nurture the cybersecurity ecosystem.

Steps taken by MeitY for cybersecurity
The Ministry of Electronics and IT (MeitY) and its organisations, such as CERT-IN, STQC, CDAC, etc., have been very proactive in developing and adopting advanced cybersecurity measures to secure the cyber space and digital assets of the government. As a result of these very proactive measures taken by MeitY, India has been ranked at the 10th position in the world in the Global Cybersecurity Index in June 2021 by the ITU under the UN. This is a jump of 37 places from the last year’s ranking.

‘Cyber Surakshit Bharat’ programme initiated by MeitY in partnership with industry consortium is a good example of Public Private Partnership to promote cybersecurity. Initiated in January 2018, more than 800 officials from Central/State Government, PSUs and Government organizations have benefitted from this programme. MeitY is offering awareness training and foundation level online training courses in cybersecurity for officers of the Central Government Ministries/Departments. More than 600 Government officials have completed the foundation level training.

MeitY has come out with a scheme called Preferential Market Access (PMA) with the intent to create a conducive environment for the Indian security product companies. I would like to call upon the cybersecurity leaders from the industry to nurture the cybersecurity ecosystem.

The National Cyber Security Policy of MeitY caters to the cyber security requirements of the Govt. and non-Govt entities as well as large, medium & small enterprises and home users. The policy recognises the need for objectives and strategies that need to be adopted both at the national as well as the state level. This policy aims at facilitating the creation of a secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders’ actions for protecting cyber space. Government is also promoting R & D in cyber security by funding projects to academic and research institutes in the focus areas of cryptography including quantum cryptography, threat intelligence, 5G security, IoT security, cyber forensics, network and systems security, and embedded system security.

The Information Technology Act was enacted in the year 2000 and it was amended in the year 2008. With the widespread use of social media platform and with the emergence of IoT, 5G, AI, use of digital platforms such as online news, OTT platforms, etc., a revised Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 was issued in February 2021. These Rules aim at creating a safe online experience for the users.

I hope that the conclave on the theme, ‘Securing India in Cyber Space’ organised by MMA will bring out innovative ideas, concepts and important issues in cybersecurity. Government is collaborating with industry associations to evolve policies and take up capacity building initiatives. I urge all the interested stakeholders to take part in these initiatives to ensure a safe cyberspace for all in the country.