Terror outfit Al-Qaida on March 1, 2016, allegedly hacked a microsite of the Railnet page of the Indian Railway to show its cyber prowess and sinister reach. Other major instances during the last one year include the hacking of the Controller of Defence Accounts (Officers) website in March 2015 wherein besides the defacement of the web page; sensitive data pertaining to Indian Army officers was stolen and worse it was corrupted, the Indian Telecom regulator TRAI’s website in April 2015, the Home Page of the commercial arm of ISRO – the Antrix Corporation Limited in July 2015, Kerela Government website in September 2015 and JNU Library and Indian Revenue Service websites as late as in February 2016.
The cyber-attacks are not restricted to India but are taking place throughout the world – the cyber-attack on the ground computer systems of the Polish Airways leading to cancellation and delay of flights from the Warsaw Chaplin Airport, the stealing of critical personal data pertaining to the agents of the CIA allegedly by Chinese hackers from the Office of Personnel Management (OPM) network and GitHub to name a few.
Any such instance of hacking not only causes a dent to the reputation but also raises a question mark on the efficacy of security measures / systems deployed for protection of sensitive data and the critical infrastructure of a country. Such breaches assume considerable significance especially in view of the Digital India Initiative aimed to create digital infrastructure and also for delivering services digitally across India. There is a dire need to urgently review the security imperatives and India’s preparedness in protecting sensitive information and vital installations – both government and private against new methods of surveillance and espionage particularly in the cyber domain. Also, India has been the home of IT outsourcing for quite some time now and with competition from the Chinese and other Asian companies who are also trying to seek a share of the IT outsourcing market, Indian companies need to address the cyber security threats they face and to limit the damage to the brand reputation of ‘Indian IT’.
In times to come, the cyber-attacks and espionage in cyber domain is bound to see a northward trend with plethora of means and expertise available to the hackers (both state sponsored and non-state actors). It is prudent that we take stock of our data security mechanisms including the technological means, the procedures and of course the people to ensure that the possibility of such violations are minimized, if not totally obviated. With the growing threat of cyber-attack, a significant increase in high-profile data breaches and an increased awareness of cybercrime, organisations throughout India will need to bolster their cyber security posture if they are to stay afloat. India needs to put its own ‘Cyber Security Architecture’ in place and fine tune the functioning of the National Cyber Coordination Centre (NCCC) responsible for threat assessment and information sharing among various stakeholders, the Cyber Operation Centre looking after threat management and mitigation for identified critical sectors and defence besides the National Critical Information Infrastructure Protection Centre (NCIIPC) responsible for providing cover to ‘critical information infrastructure’. The government needs to come up with a legal framework addressing voids in the National Cyber Security Policy – 2013 to deal with cyber security issues.