The recent incidents of cyber attacks launched by Chinese state-sponsored actors targeting power and transport sectors in India should push the Centre to expedite the implementation of the proposed new cybersecurity policy. The policy was announced by Prime Minister Narendra Modi during his Independence Day Speech on August 15 last year. This newspaper reported last week that the Computer Emergency Response Team (CERT-In) has observed continued targeted attacks by Chinese state-sponsored actors on transport sector entities with the possible intention of collecting intelligence and conducting cyber espionage. In October last year, large parts of Mumbai and parts of Thane district were hit by a power outage allegedly due to Chinese entities mounting a cyberattack on India’s electricity infrastructure. The country’s national cybersecurity agency has recorded a spurt in cybersecurity threats over the last few years, with 53,117 cases of cyber attacks in 2017, which rose to 2,08,456 in 2018, 3,94,499 in 2019, and 11,58,208 in 2020. These are being carried out by state-sponsored cyber-terrorism entities, non-state terrorist groups, corporate and individual hackers with the objective of espionage, theft of patents and other information assets. Nations such as Russia, China, Iran, North Korea are reportedly using cyber warfare techniques as an effective tool for espionage, propaganda attacks, to target critical infrastructure systems, and to support political and military objectives. These attacks will only increase in the future. The massive online attack in 2017 by unknown hackers using ransomware WannaCry seizing control of computers at hospitals, retail shops, logistics firms, and individuals across 100 countries is an example of how anti-social elements can create havoc.
India’s response to such attacks has so far been reactive. In some cases, authorities remain oblivious to the nature of the attack months after the incident. There are three things that policymakers should do right away. First, embed security into everything, without compromising on quality. The Centre should carve out a separate budget for cybersecurity. Second, create a central body of cyber warriors to counter state-sponsored hackers. India’s talent base in software development should be harnessed by providing career opportunities. Third, bootstrap the cybersecurity capability programme in States through central funding.
Companies, especially those in the financial sector, should accord top top priority to online security by investing in next-generation security tools. Most importantly, there is a need to build a strong perimeter around end-users through education and awareness. If left unchecked, millions of first-time Internet users would be left exposed to cyber criminals. The Centre could form a coalition with the private sector to start a new campaign around digital literacy that not only brings more people online but also teaches them to be secure from the next big attack.