Although India was one of the few countries to launch a cybersecurity policy in 2013, not much has transpired in terms of a coordinated cyber approach.
Last week, Australia had to stave off its biggest cyber threat with the attack targeting everything from public utilities to education and health infrastructure. While the Australian prime minister said a ‘state-based actor’ was behind the attack, the fact is that cyber incursions—whether by state-based actors or not—have been on the rise as digital mediums have increased; while each person had 1.7 networked devices in 2014, according to Strategy Analytics, this is up to seven today.
Financial services, payments, health services, etc are all connected to digital mediums; and thanks to Corona, this is expected to increase. In India, too, attacks have been happening with increasing frequency. In 2016, banks had reportedly announced a leak of personal information of 3.2 million debit cards. In 2018, Pune-based Cosmos Bank lost Rs 94 crore in a malware attack. Last year, the Kudankulam plant was attacked using malware. And, CERT-IN has recently issued an advisory that there is a threat of a massive phishing attack.
Although India was one of the few countries to launch a cybersecurity policy in 2013, not much has transpired in terms of a coordinated cyber approach. Unlike the US, Singapore, and the UK where there is a single umbrella organisation dealing in cybersecurity, India has 36 different central bodies—most ministries have their own—that deal with cyber issues, and each has a different reporting structure; each state government has its own CERT. Add to this the fact that while the National Cyber Security Strategy 2020 was to devise a cyber-readiness roadmap for organisations and the government for cyber-readiness, this is yet to be announced. While CERT-IN has responded to cyber threats, it has been late in conducting security checks, and often has released advisories once an attack has taken place. In the case of WhatsApp and Pegasus, CERT-IN only came in after others had warned of the possibility of individuals being compromised. With countries resorting to digital warfare and hackers targeting business organisations and government processes, India needs comprehensive cybersecurity guidelines and standards for checking cyber vulnerabilities and cyber responses. In many cases, as it happens, the government itself uses legacy systems which are vulnerable to cyberattacks; countries like China and Singapore, in the meanwhile, have progressed towards creating cyber defence networks. India cannot afford to be complicit about cybersecurity. In 2018, when Wannacry disrupted the national health service systems in the UK, the country’s health system was brought to a standstill. A Telegraph report indicates that till then, some hospitals were still using legacy Windows XP systems. An attack explicitly directed towards these services can cause much more damage. India should not wait for an attack to upgrade its infrastructure.