WannaCry Wouldn’t Scare Us If India Had a Cybersecurity Ministry
Cyber attacks have the potential to be as dangerous as nuclear attacks: Former Railway Minister Dinesh Trivedi.
In Star Trek, Nero, a Romulan from the future, uses black holes to destroy planets of the Federation. Jim Kirk and Spock team up to find a way to stop his evil mission that threatens the very existence of mankind. The Star Wars franchise imagines wars fought with an armament driven by futuristic technology. The TV show Mr Robot “follows Elliot, a young programmer who works as a cybersecurity engineer by day, and a vigilante hacker by night.” Trouble starts when a cryptic anarchist recruits Elliot.
All these popular works of fiction are hailed for their entertainment quotient. But what if Mr Robot was a metaphor for powerful cyber viruses for which there are no antidotes yet?
Not many people realise that what was till yesterday a work of fiction, has become a reality today.
Fiction or Reality?
"Ok, Google, what is the meaning of cyber?” I asked Mr Google. The synthetic voice of a lady responded: “cyber means relating to characteristic of culture of computers, information technology and virtual reality”. The term virtual reality struck me.
Today, world leaders are rightly concerned about terror attacks and nuclear attacks. Climate change, hunger and poverty have taken a backseat. But the threat of cyber attacks is seldom discussed at the global leadership level.
In today’s technologically advanced world, it is possible to track the origin of terror and nuclear attacks. But tracing the origin of cyber attacks is extremely difficult.
Recently, the world witnessed the worst cyber attack of its kind – the WannaCry ransomware. According to Reuters, the attack, which began on 12 May 2017, affected 2,00,000 people in at least 150 countries, Europol confirmed, adding that the numbers were expected to rise. According to Economic Times, India was the third worst impacted nation by WannaCry.
Over one billion Yahoo! accounts were compromised in 2013, reports made public in 2016 revealed. The New York Times quoted Bob Lord, Yahoo’s chief information security officer, as saying that the state-sponsored actor in the 2014 attack had stolen Yahoo’s proprietary source code.
These cases are testament to the fact that there are countless state and non-state actors that are engaged in attacking various cyber systems across the world, compromising private sector organisations, vital government installations and agencies across the world, including that of the most advanced and powerful countries.
When India Was Hit By Serious Cyber Attacks
India has also fallen prey to several serious cyber attacks. Government websites were the victim of a cyber attack on 17 May 2016. The targeted systems belonged to the central government, a large financial institution, a vendor to the largest stock exchange, and an e-commerce company.
As reported by Business Standard and The Wire, cybersecurity firm, Symantec, traced the attack to a cyber-espionage group called Suckfly. It is reported that the espionage activity began in April 2014 and continued through 2015.
On 28 June 2017, one of the three terminals of the biggest port in the country – Jawaharlal Nehru Port Trust in Mumbai, was hit by a cyber attack. The impacted terminal handles 4,500 containers per day, including imports and exports.
The banking sector in India is also vulnerable to cyber attacks. In October 2016, around 32 lakh debit cards of various banks in India were compromised by a large scale cyber malware attack – the biggest security breach ever experienced by the financial sector in India, the Indian Express reported.
It is a matter of concern that the breach failed to be promptly identified, despite governmental bodies like the Reserve Bank of India (RBI) and the Computer Emergency Response Team-India (CERT-In) having issued advisories to banks to secure their information infrastructures against cyber criminals.
Ernst & Young’s Global Information Security Survey 2016 highlights the urgent need to improve the cybersecurity frameworks of Indian corporations. Around 64 percent of Indian organisations do not have a threat awareness programme, while almost 90 percent of organisations do not evaluate the financial impact of their cyber breaches – indicating that corporations are at the highest risk of cyber attacks in the country.
A Cyber Attack Can Be As Serious as a Nuclear One
The most important question is this: what do we do as a nation and how should world leaders tackle this cancerous virus of the cyber world? First of all, we need to recognise that a cyber attack could be as serious as a nuclear attack.
A cybersecurity breach could also compromise the systems of a nuclear installation.
Second, we need to understand that as of right now, the world seems to have no clue as to how to tackle and prevent such cyber attacks. Third, we need to acknowledge that these attacks come from those with knowledge of the intricacies of the cyber world, and those who work within the cyberspace across the world. There are no borders in cyberspace, and these attacks occur at the speed of light.
How Can India Stay Safe?
When a supplementary question on the subject of cybersecurity was asked in Parliament, the Minister for Human Resource Development made a statement to the effect that the government is encouraging the IITs to conduct research on the subject. This gives me the impression that perhaps we are unaware of the extent of damage that such attacks can cause to mankind as a whole.
The weakest link in cyber defence is the lack of awareness, among businesses and citizens. Not many know how to protect themselves from cyber attacks and what steps to take if they suspect that their network or data is compromised. The solution to this is to increase cybersecurity awareness among employees (both in the public and private sector) by organising mandatory training sessions for all – from sales, administrative and management to engineering and technical staff.
Ordinary citizens require cyber awareness as well. A number of steps can be taken in this regard. Banks – that don’t give their customers mandatory digital safety tutorials – could educate them on using tools like two-factor authentication, and caution them about scammers. Internet Service Providers and mobile carriers can up the cybersecurity of their customers by providing simple and actionable safety checklists in the homeowner’s monthly statements. They could also encourage customers to keep up best practices by incentivising cyber awareness.
Digital India Needs Cybersecurity
India has every reason to be concerned about cyber attacks as it is advancing towards a digital society. Most cyber attacks are motivated by financial crime, making the protection of digital transactions all the more important.
The Goods and Services Tax reform is completely digitised. There are 10 million invoices per day, and 3.5 billion transactions per month, managed by one database. Can you imagine what would happen if this database is compromised, leaving all that sensitive information exposed to competitors and cyber criminals?
Time for a Separate Ministry for Cybersecurity
Internal security in the country is looked after by Ministry of Home Affairs. External security is looked after by Ministry of Defence, so the question arises: who looks after cybersecurity, which is both external and internal? This subject is too technical and specialised for either of these ministries to manage effectively.
The time has come for the government to seriously consider forming a separate ‘Ministry for Cybersecurity’ – headed by a minister in the Prime Minister’s Office. It should be given the same level of importance as the space sciences or nuclear technology. The National Security Advisor (NSA) could be the nodal agency.
After the unfortunate 9/11 attacks, the USA formed the powerful department of homeland security, which has helped the country become relatively safer, and has helped prioritise the security of citizens. The meager sum of Rs 1,000 crore allocated currently to cybersecurity in the country is not enough.
India, with its proven record of scientists (ISRO being one of the many examples), can lead and coordinate with governments and institutions around the world to find effective solutions for cybersecurity. If we don’t act, Mr Robot may soon become a reality. Our vulnerable cyberspace could also give birth to many such Mr Robots, whose misguided philosophies could be fatal for mankind.
(The writer is Lok Sabha MP and Former Railway Minister. This is an opinion piece and the views expressed above are the author’s own. The Quint neither endorses nor is responsible for the same.)
(We all love to express ourselves, but how often do we do it in our mother tongue? Here's your chance! This Independence Day, khul ke bol with BOL – Love your Bhasha. Sing, write, perform, spew poetry – whatever you like – in your mother tongue. Send us your BOL firstname.lastname@example.org or WhatsApp it to 9910181818.)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.