Cyberspace is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology (ICT) devices and networks. In the light of the growth of IT sector in the country, ambitious plans for rapid social transformation & inclusive growth and India’s prominent role in the IT global market, providing right kind of focus for creating secure computing environment and adequate trust & confidence in electronic transactions, software, services, devices and networks, has become one of the compelling priorities for the country. Such a focus enables creation of a suitable cyber security eco-system in the country, in tune with globally networked environment.

Need

• Maharashtra was the most targeted state in India, according to Palo Alto Networks’ 2021 report, receiving 42 percent of all ransomware assaults.
• Because India is one of the more economically lucrative locations for hacker organisations, these hackers demand that Indian companies pay a ransom, generally in the form of cryptocurrency, in order to recover access to their data.
• In 2021, one out of every four Indian businesses will be hit by ransomware.
• Ransomware attacks increased by 218 percent in Indian businesses, outpacing the global average of 21 percent.
• Software and services (26%) were the most targeted industries, followed by capital goods (14%), and the public sector (9%).
• It’s especially important given the growing interconnection of sectors and proliferation of internet access points, which might rise even more with the implementation of 5G.
• According to statistics submitted to and maintained by the Indian Computer Emergency Response Team, there were 6.97 lakh cyber security incidents reported in the first eight months of 2020, nearly equaling the preceding four years combined (CERT-In).
• A Chinese outfit named Red Echo has increased its use of resources like malware to attack “a broad swath” of India’s power industry. Red Echo deployed ShadowPad malware, which uses a backdoor to get access to systems.
• A municipal, state, or federal government keeps a significant quantity of sensitive information on the country (geography, military-strategic assets, and so on) and its inhabitants.
• Individuals’ photos, videos, and other personal information uploaded on social networking sites can be misused by others, resulting in serious and even life-threatening situations.
• On their systems, businesses have a lot of data and information.
• A cyber assault might result in the loss of competitive information (such as patents or original work) as well as private data of workers and customers, culminating in a full loss of public faith in the organization’s integrity.

Main Components of India’s National Cyber Security Strategy

• Digital payments: Device and platform mapping and modelling, transacting entities, payment flows, interfaces, and data interchange, as well as security research and sharing of threat intelligence should all be done.
• State-level cyber security: Policies and standards for security architecture, operations, and governance must be defined at the state level.
• Large-scale digitalization of public services: All digitisation programmes should focus on security from the start, as well as creating institutional capabilities for assessment, evaluation, certification, and rating of core equipment.
• Critical information infrastructure protection: SCADA (supervisory control and data acquisition) security should be linked with corporate security to secure critical information infrastructure. It’s also a good idea to have a vulnerability database.
• Supply chain security: The supply chain for integrated circuits (ICT) and electronics goods should be closely monitored and mapped. The country’s semiconductor design talents must be utilised internationally, and product testing and certification must be ramped up.

Suggested steps

• Cyber Insurance: Because cyber insurance is a relatively new profession, it requires actuarial science in order to manage cybersecurity risks in business and technological situations and quantify threat exposures.
• Cyber diplomacy: India’s worldwide relations are heavily influenced by cyber diplomacy. As a result, significant regional blocs such as the Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC) and the Shanghai Cooperation Organisation (SCO) must maintain their cyber security preparation through programmes, exchanges, and industrial assistance. To improve diplomacy, the government should promote India’s reputation as a responsible actor in cyber security and appoint “Cyber envoys” to critical nations and areas.
• Research, innovation, skill development, and technology development: The study recommends investing in ICT modernisation and digitisation, establishing a short and long-term cyber security agenda through outcome-based initiatives, and investing in deep-tech cyber security innovation. The DSCI further suggests forming a “cyber security services” comprised of cadres drawn from the Indian Engineering Services.
• Budgetary Provisions: It is proposed that a minimum of 0.25 percent of the yearly budget, which can be increased to 1 percent, be set aside for cyber security. Separate ministries and agencies should set aside 15-20 percent of their IT/technology budgets for cybersecurity. It also proposes creating a cybersecurity Fund of Funds and allocating central financing to states to develop cybersecurity skills.
• DSCI advocates performing cybersecurity simulations that incorporate real-life situations and their repercussions in order to adequately prepare for a catastrophe.

As much as cyber defence, India must grapple with the importance and need of cyber offensive. As of now, India’s major, if not exclusive, response appears to be defensive.As a reaction, India must invest in stronger offensive cyber capabilities.

How to structure:

1. Give an intro about cyber security
2. Analyse the need for cyber security in today’s times
3. Mention the features of India’s National Cyber Security Strategy
4. Suggest further measures
5. Conclude