The number of internet users in India has more than doubled in the last five years and is expected to be close to one billion by 2025. As the country marches ahead in its digital journey, which has been further accelerated by the pandemic, the challenges emancipating from cybercrime have reached unprecedented levels. According to CERT-In, the number of cybersecurity incidents observed in India jumped nearly three (3) times to 11,58,208 in 2020 when compared to 2019. This means that every minute, nearly 2.2 cybersecurity incidents were observed in the country and such incidents are expected to go up in the future as well.
Technology is another term for ease and convenience in the world we live in. From online education to e-commerce, the digital world is inundated with potential opportunities, and India is not oblivious to the same. The Indian government has been unprecedentedly quick and hands-on with web and mobile platforms, from real-time Covid-19 tracking to vaccination registrations, from e-Services to e-payments. In fact, the Government has been strongly encouraging a digital transformation towards conducting e-transactions and online payments through UPIs, integrating utility and bill payments, and undertaking paperless routes to complete regulatory compliances. It’s safe to say that India has steadily metamorphosed financially, economically and socially, towards becoming a digital nation.
While the country has embraced digital in day-to-day life, cyber attacks and cyber crimes are becoming rampant. According to the World Economic Forum, cyberattacks rank first among global human-caused risks. Cybercrime is expected to cost the world more than USD 10 trillion by 2025, which is more than the GDP of all countries except two and hence urgent attention. If we look at some of the recent instances globally, we would see that cyber attack is becoming more complicated and more threatening, impacting every facet of life. Today, attacks intend to cause physical harm (e.g. – Attempt to poison the Florida water system by increasing the amount of Sodium hydroxide) or cripple essential utilities (e.g. – ransomware attack on the largest fuel pipeline in USA) or attempt to impact safety and security (e.g. –ransomware attack on Washington’s Metropolitan Police Department). In India, we have seen examples of financial frauds, breaches of personal data (e.g. data related to passengers of Air India) among others.
The time to act against cyber crime and cyber incidents is now. The intent of the Government has been right in this aspect with Prime Minister Shri Narendra Modi highlighting the need for a robust cybersecurity framework in his Independence Day speech in 2020 and laying down the need to amend the 2013 policy to be at par with international standards in data protection and creating a safer digital community for people. While the Indian Government has taken several steps in this direction including formulating Cyber Crisis Management Plan (CCMP) for Ministries and departments, the launch of Phase 1 of the National Cyber Coordination Centre (NCCC), the launch of the ‘CyTrain’ portal for capacity building of police officers/judicial officers, however much more needs to be done. Some of the steps which can be contemplated are:
- Safeguarding our critical assets: Starting with identifying key assets (i.e., defence locations, power plants, space stations, atomic and nuclear research centres, airports and air traffic control system), projects and assets need to have dedicated cyber defence and security teams in place. With an increasing focus on defence, space technology, digital transformation and the creation of smart cities, and land, sea and air transport infrastructure, watertight regulations around cybersecurity are a must to ensure sustained progress.
- Common Command and Control Centre: Govt. of India needs to look at a common Command and Control Centre involving critical Ministries and organizations like CERT-In, Ministry of Home, NCRB, NATGRID, MeitY, Ministry of Finance, etc. to look at cyber threats and their response in an integrated fashion. The involvement of the private sector can be crucial here in providing cutting-edge technology solutions and trained personnel.
- National Mission Mode Project for tackling cyber crime: A Mission Mode project can be introduced to equip every State and UT to handle cyber crime-related challenges in their State / UT. This would also enable deployment and operation of the latest technology and solutions in tracking, monitoring, predicting and investigating cyber crime cases. The role of the private sector in bringing the latest tools, technologies and best practices shall be paramount here.
- Large scale training of Police personnel: While the Government of India has launched the CyTrain portal as a MOOC platform for training and capacity building of personnel of law enforcement agencies, however only 600 certificates have been issued from the portal to date. There is a need for giving a push to this and bring in a massive and large scale training and capacity building program, which in turn would enable Police forces to gain access to and understanding of the latest tools and technologies and fast-track investigation.
- Building a pool of cybersecurity professionals: The government, with the help of private sector, needs to help build a pool of trained cybersecurity professionals. This can be through partnering with the private sector to set up a Shared Services Center of Excellence (SS-CEO) for training cybersecurity professionals to create a more robust digital nation. Additionally, Government can look at the launch of specialized training and certification programs and the launch of Bachelor’s or Master’s program in cybersecurity.
- Fast-tracking introduction of CERT-Fin: The government of India has proposed setting up CERT-Fin, which would be similar to CERT-In, to ensure protection in the financial space. The idea was first mooted in 2017, and needs to be accelerated now to ensure safer financial transactions.