15-August-2024-Special-Article

DISINFORMATION, AI AND ‘CYBER CHAKRAVYUH’

The year 2024 has seen a significant rise in digital threats, with Artificial Intelligence (AI), particularly in forms like Generative AI and Artificial General Intelligence (AGI), posing new challenges.

The evolving landscape includes risks such as digital attacks, disinformation, and cyber threats, highlighted by a global disruption caused by a glitch in a Microsoft Windows update.

For India, these developments bring both challenges and opportunities, emphasizing the need for robust cybersecurity measures to protect critical infrastructure, national security, and individual privacy.

Major Cyber Threats Facing India

Ransomware Attacks:

• Ransomware incidents have surged, with sectors like healthcare being particularly targeted.
• Notable incidents include the WannaCry ransomware attack, with over 48,000 cases detected in India.
• The All India Institute of Medical Sciences (AIIMS) in Delhi was attacked in November 2022, causing significant disruptions.
• The Indian Council of Medical Research (ICMR) faced at least 6,000 hacking attempts, underscoring the vulnerability of critical medical infrastructure.

Phishing Attacks:

• In 2023, India recorded over 79 million phishing attempts, with the financial sector being the primary target.
• The State Bank of India (SBI) was heavily targeted through fake SMS messages attempting to steal customer credentials.
• These incidents highlight the importance of educating users and implementing advanced email security systems.

Cloud Security Issues:

• As cloud adoption grows, so do security concerns. The Indian Public Cloud Services market is projected to reach USD 24.2 billion by 2028.
• A significant breach at Air India in 2023 exposed the personal data of 4.5 million passengers due to a vulnerability in its cloud service provider.
• This incident emphasizes the need for strong cloud security measures, including proper configuration and continuous monitoring.

Internet of Things (IoT) Security:

• With India’s IoT market expected to grow to USD 9.28 billion by 2025, IoT device security has become critical.
• A discovered vulnerability in millions of smart meters across India could allow hackers to manipulate power data.
• Ensuring stringent security standards and regular updates for IoT devices is essential to protect both consumer and industrial systems.

Supply Chain Vulnerabilities:

• Digital supply chains in India faced increased attacks in 2023, with software supply chain vulnerabilities becoming a major concern.
• A SolarWinds-like attack on an IT services giant in 2023 highlighted the cascading effects of such breaches.
• Addressing these issues requires rigorous vendor risk management and software integrity verification processes.

Cryptocurrency Crimes:

• Cryptocurrency thefts have surged, with $3.2 billion stolen globally in 2021, a 516% increase from 2020.
• The WazirX Crypto Heist, which compromised 45% of the exchange’s assets, revealed significant security gaps in digital asset platforms.
• Strengthening regulations and enhancing cybersecurity for crypto exchanges are crucial steps in addressing these threats.

Deepfake Technology:

• India saw a 230% increase in deepfake videos in 2023, with political misinformation being a major driver.
• A viral deepfake video during the 2024 election campaign caused widespread social unrest.
• Developing deepfake detection technologies and raising public awareness are necessary to combat this growing threat.

Shortage of Cybersecurity Professionals:

• India faces a shortage of 800,000 skilled cybersecurity professionals, particularly in AI and cloud security.
• This shortage hampers the implementation of strong cybersecurity measures, making it a critical issue for India’s overall cybersecurity posture.

Honey Trapping:

• Honey trapping has emerged as a significant threat, particularly targeting government officials and military personnel.
• In 2023, the Indian Army reported a rise in honey trapping attempts, including a case involving a senior DRDO officer.
• This method involves creating fake social media profiles to lure individuals into compromising situations or divulging sensitive information.

Key Government Initiatives

• National Cyber Security Policy: Aims to protect cyberspace, develop capabilities to prevent and respond to cyber threats, and minimize damage through coordinated efforts across sectors.
• Indian Cyber Crime Coordination Centre (I4C): Provides a comprehensive framework for tackling cyber crimes, including various units like the National Cyber Crime Threat Analytics Unit and National Cyber Crime Reporting Portal.
• Computer Emergency Response Team – India (CERT-In): Under the Ministry of Electronics and Information Technology, CERT-In is responsible for handling cyber incidents and issuing threat alerts.
• Cyber Surakshit Bharat Initiative: Focuses on raising cybersecurity awareness among Chief Information Security Officers (CISOs) and IT staff across government departments.
• Cyber Swachhta Kendra: Launched in 2017, this center aims to detect and mitigate botnet infections, ensuring a secure cyberspace in India.
• National Critical Information Infrastructure Protection Centre (NCIIPC):nEstablished to safeguard critical information infrastructure in sectors like power, banking, telecom, and government.
• Defence Cyber Agency (DCyA): A tri-service command responsible for managing cybersecurity threats and conducting cyber operations.
• Digital Personal Data Protection Act 2023: Aims to protect personal digital data, with provisions for data protection, consent requirements, and security safeguards.

Measures to Enhance Cybersecurity in India

• Establish Cyber Fusion Centres: Facilitate real-time threat intelligence sharing and create a centralized incident response team.
• Launch a Digital Literacy Campaign: Promote cybersecurity awareness through education, apps, workshops, and partnerships with influencers.
• Strengthen the Data Protection Framework: Enhance the Digital Personal Data Protection Act 2023 to address AI-powered breaches and impose stricter penalties.
• Promote Secure-by-Design Initiatives: Encourage secure software and hardware development, and support innovation in cybersecurity solutions.
• Invest in AI-Powered Cyber Defense: Develop AI-driven tools for threat detection and response, tailored to India’s unique cybersecurity needs.
• Fortify Supply Chain Security: Implement a supply chain risk management framework and conduct regular security assessments of vendors.
• Enhance Cloud Security: Establish a national cloud security framework with stringent compliance requirements and mandatory encryption.
• Develop Deepfake Detection and Response: Implement content verification protocols, create a rapid response team, and raise public awareness about deepfakes.
• Launch the Cyber Warrior Initiative: Address the shortage of cybersecurity professionals by developing specialized curricula, offering scholarships, and creating a cyber reserve force.

Mains Question:
Q. Discuss the major cyber threats facing India in 2024 and evaluate the effectiveness of the government’s initiatives to mitigate these risks, particularly in the context of rising AI-driven challenges. (150 WORDS)