In early March, suspected Chinese hackers breached the computers of India's top military organisation, the Defence Research and Development Organisation (DRDO), in what was touted to be amongst the biggest such security breaches in the country's history.
Defence minister AK Antony ordered a probe into the matter, though an official statement denied any sensitive file had been compromised.
India has seen many such attacks on its critical installations and the misuse of social media and internet has brought home the threat of cyberterrorism, which cybersecurity experts say the country is poorly equipped to handle.
Experts believe the country is vulnerable to such cyberterrorism attacks with some countries and vested interest groups bent on espionage and destruction.
According to Supreme Court lawyer and leading cyberlaw expert Pavan Duggal, while the threat of cyberattacks remains "imminent," the country lacks an institutionalised mechanism of a cyberarmy to deal with the threat.
"The recent DRDO breach was a classical case of cyberwar attack rather than mere hacking. It was an attack on India's critical information infrastructure. Cyberwarfare as a phenomenon is not covered under the Indian cyberlaw. Clearly, the country's cybersecurity is not in sync with the requirements of the times," Duggal told IANS.
Over the past few years, India has witnessed a growing number of cyberassaults, with government departments, particularly defence establishments, coming under attack.
Last year, hacker group Anonymous carried out a series of Distributed Denial of Service (DDoS) attacks against a number of government websites, in retaliation against the alleged internet censorship.
Hackers from Algeria also carried out an attack on websites run by the DRDO, the Prime Minister's Office and various other government departments last year. A group called Pakistan Cyber Army had also hacked into several Indian websites.
"The threat landscape remains very threatening," said cyberlaw and cybersecurity expert Prashant Mali.
"India is awakening to the global threat of cyberwarfare now. Our cybersecurity is still ineffective as mass awakening towards it is missing or inadequate. Even though NTRO and DRDO are mandated with cyberoffensive work, only time will show effectiveness of these organisations," Mali told IANS.
Usually, cyberattacks follow the same modus operandi. An email is sent to an individual, or small group, within an organisation. Efforts are made to make the email look legitimate, that is, it will appear as though it was sent by somebody the recipient trusts and the content of the mail will often be related to the recipient's area of interest.
In order to install the malware, the user is tricked into either clicking a malicious link or launching a malicious attachment. In the more sophisticated attacks, the attacker will use a new "zero day vulnerability", in which attackers send email attachments which when opened exploit vulnerabilities in web browsers.
According to CERT-In (the Indian Computer Emergency Response Team), which is a government-mandated information technology security organisation, an estimated 14,392 websites in the country were hacked in 2012 (till October).
In 2011, as many as 14,232 were hacked, while the number of websites hacked in 2009 stood at 9,180. About 16,126 websites were hacked in 2010.
With cybersecurity impacting the country's security, Shivshankar Menon, the national security adviser, announced last month that the government is putting in place a national cyber security architecture to prevent sabotage, espionage and other forms of cyberthreats.
"The past few years have witnessed a dramatic shift in the threat landscape. The motivation of attackers has moved from fame to financial gain and malware has become a successful criminal business model with billions of dollars in play. We have now entered a third significant shift in the threat landscape, one of cyberespionage and cybersabotage," Shantanu Ghosh, vice president at India Product Operations - Symantec corporation, which develops Norton AntiVirus, told IANS.
Ghosh said cybersecurity questions are no longer an exotic topic focussing primarily on spam messages and personal computers but have started to impact on the national security and defence capability of a country.
Rikshit Tandon, consultant at Internet and Mobile Association of India (IAMAI) and advisor to the Cyber Crime Unit of the Uttar Pradesh Police, said: "Cyberterrorism is a grave threat not only to India but to the world."
"It can come to any country and, yes, proactive measures by government and consortium of countries needs to be taken as a collective effort and policy since internet has no geographical boundaries," Tandon told IANS.
Experts say the country spends a small amount of money on cybersecurity. The budget allocation towards cybersecurity was Rs 42.2 crore ($7.76 million) for 2012-13, as against Rs 35.45 crore in 2010-11.
In comparison, the US spends several billion dollars through the National Security Agency, $658 million through the Department of Homeland Security and $93 million through US-CERT in 2013.
No comments:
Post a Comment