Cyberattacks hit 26,000 Indian sites in 10 months

Contact Counsellor

Cyberattacks hit 26,000 Indian sites in 10 months

  • “CERT-In has reported that a total number of 17,560, 24,768, 26,121 and 25,870 Indian websites were hacked during the years 2018, 2019, 2020 and 2021 (up to October), respectively,” Minister of State for Electronics.
  • According to the logs analysed and made available to CERT-In, the Internet Protocol (IP) addresses of computers from where the attacks appear to originate belong to countries as varied as Algeria, Brazil, China, France, Germany, Hong Kong, Indonesia, Netherlands, North Korea, Pakistan, Russia, Serbia, South Korea, Taiwan, Thailand, Tunisia, Turkey, USA and Vietnam.

Reasons for increasing Cyber Attacks in India

  • Increasing dependency on technology: As we grow faster, more and more systems are being shifted to virtual space to promote access and ease of use.
  • However, the downside to this trend is the increased vulnerability of such systems to cyber-attacks.
  • For e.g. there is a concern of widespread damage and huge loss if hackers are able to intrude into the nuclear, financial or energy systems of a country.
  • Since almost all sectors of an economy are dependent upon power, the takedown of the power grid can substantially impact the economy.
  • Growing digital reliance in the post-COVID era has exposed digital disparities which must be bridged through capacity building.
  • There’s a sophisticated use of cyberspace by terrorists to broaden their propaganda and incite hatred.
  • Lack of robust law enforcement mechanisms: India’s approach to cyber security has so far been ad hoc and unsystematic.
  • Despite a number of agencies, policies and initiatives, their implementation has been far from satisfactory.
  • Adverse relations with China: China is considered one of the world leaders in information technology.
  • Therefore, it is expected to have capabilities to disable or partially interrupt the information technology services in another country.
  • Combined with the recent border standoff and violent incidents between the armies of the two countries, the adversity in relations is expected to spill over to attacking each other’s critical information infrastructure.
  • Asymmetric and covert warfare: Unlike conventional warfare with loss of lives and eyeball to eyeball situations, cyber warfare is covert warfare with the scope of plausible deniability, i.e. the governments can deny their involvement even when they are caught.
  • Similarly, even a small nation with advanced systems and skilled resources can launch an attack on a bigger power, without the fear of heavy losses.
  • Therefore, cyber warfare has increasingly become the chosen space for conflict between nations.
  • Lack of International Coordination: International cooperation and consensus is missing in this field.
  • Low digital literacy among the general public and digital gaps amongst nations create an unsustainable environment in the cyber domain.
  • It is often reported that people are duped easily by click-baiting them into clicking interesting content, which often has malware attached to itself.
  • Poor cybersecurity infrastructure
  • State-sponsored cyber attacks
  • Increased internet usage and technology advancement like 5G, IoT, crypto etc.

India’s Programs to Ensure Cybersecurity:

  • The government is fully cognizant and aware of various cybersecurity threats including cyber terrorism and has taken various measures to enhance the cybersecurity posture and prevent cyberattacks.
  • Banning of unsafe apps: India had banned apps that posed a threat to security.
  • India had banned many apps (mostly of Chinese origin), which were found to be unsafe for usage by Indian citizens.
  • The apps were allegedly transferring data to the servers located outside India and did not have proper safeguards to ensure that the private data of Indian citizens were protected from unauthorized access.
  • Awaited National cybersecurity strategy: Comprehensive plan in preparing & dealing with cyber-attacks (Pre, Post and During the attack).
  • Indian Cyber Crime Coordination Centre (I4C): Launched in 2018, It is an apex coordination centre to deal with cybercrimes.
  • Evolving Technology: Cyber attackers are continuously working on novel ways to sabotage the systems.
  • Human Resource: Anyone in cybersecurity needs to be an equally potent hacker.
  • CERT-In (Cyber Emergency Response Team, India): It is National Nodal Agency for Cyber Security and is Operational since 2004
  • National Cyber Security Policy, 2013: The policy provides the vision and strategic direction to protect the national cyberspace.
  • Cyber Swachhta Kendra: Cyber Swachhta Kendra helps users to analyse and keep their systems free of various viruses, bots/ malware, Trojans, etc.
  • Indian Cyber Crime Coordination Centre (I4C): Launched in 2018, It is an apex coordination centre to deal with cybercrimes.
  • Cyber Surakshit Bharat: It was launched by the Ministry of Electronics and Information Technology (MEITy) in 2018 with an aim to spread awareness about cybercrime and
  • building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
  • The Cyber Warrior Police Force: It was organised on the lines of the Central Armed Police Force in 2018.
  • Personal Data Protection Bill: The bill mandates the strengthening of data infrastructure by private companies to safeguard the data of individuals.
  • Therefore, there is a focus on including the private companies in the ambit of data protection, rather than restricting it to the government only. This is also important as the private sector may provide an entry point to the attackers compromising the integrity of the system.
  • Information Technology Act, 2000 (Amended in 2008): It is the main law for dealing with cybercrime and digital commerce in India.
  • National Critical Information Infrastructure Protection Centre (NCIIPC) was created under Section 70A of IT Act 2000 to protect Cyberinfrastructure.

International Efforts in this direction

  • Budapest Convention: 1st international treaty to address cybercrime; India is not a signatory.
  • Internet Corporation for Assigned Names and Numbers (ICANN): US-based not-for-profit organisation for coordinating & maintenance of several databases.
  • Internet Governance Forum: UN forum for multi-stakeholder policy dialogue on Internet governance issues.