Basics of cyber security

WHAT IS CYBER SECURITY?

  • Cyber security can be defined as the protection of systems, networks and data in cyber space. It refers to the preventative methods used to protect information from being stolen, compromised or attacked.
  • Cyber security is a complex issue:
    • It cut across multiple domains and calls for multi-dimensional, multi-layered initiatives and responses.
    • It involves various ministries and departments. 
    • Also difficult due to diffused and varied nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators.
    • The evolving nature of the telecommunications infrastructure poses further challenges. The expanding wireless connectivity to individual computers and networks is making determination of physical and logical boundaries of networks increasingly difficult.
    • The increasing inter connectivity and accessibility to computer based systems that are critical to the country’s economy are adding to the risk.
  • Cyberspace has expanded dramatically in its brief existence due to rapid development of information technology (IT) and commercial applications associated with it. Advances in information and communications technologies have revolutionised the scientific, educational and commercial infrastructures developed by the government.
    • The IT infrastructure has become an integral part of the critical infrastructure which supports national capabilities such as energy, power grids, telecommunications, emergency communication systems, financial systems, defence systems, space, transport, land records, public essential services and utilities, law enforcement and security and air traffic control networks, to name a few. All these infrastructures increasingly depend on relay data for communication and commercial transactions.
    • The operational stability and security of critical information infrastructure is vital for the economic security of the country.

CYBER THREATS

  • Cyber threats vary from simple hacking of an email to waging a war against a state. Cyber threats can be classified broadly into two categories:
    • Cyber crime: against individuals, corporates, etc.
    • Cyber warfare: against a state
  • Cyber Crime:
    • Use of cyber space ( i.e. computer, internet, cellphone, other technical devices, etc.,) to commit a crime by an individual or organised group is called cyber crime.
    • Cyber attackers use numerous vulnerabilities in cyberspace to commit cybercrime. They exploit the weaknesses in the software and hardware design through the use of malware.
      • DoS attacks are used to overwhelm the targeted websites.
      • Hacking is a common way of piercing the defences of protected computer systems and interfering with their functioning.
      • Identity theft is also common.
    • Cyber crimes may be divided into two categories:
      • Crimes that Target Computers Directly
        • Spreading computer viruses 
        • Denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It temporarily or indefinitely interrupts or suspends services of a host connected to the internet.
        • Malware (malicious code) is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. ‘Malware’ is a general term used to refer to a variety of forms of hostile or intrusive software, for example Trojan Horses, rootkits, worms, adware, etc.
      • Crimes Facilltated by Computer Networks ar Devices, the Primary Target of which is Independent of the Computer Network or Device
        • Economic frauds to destabilise the economy of a country, attack on banking transaction system, extract money through fraud, acquisition of credit/debit card data, financial theft and intellectual theft of property
        • Challenges to Internal Security of India Impairing the operations of a website or service through data alteration, data destruction
        • Spreading pornography 
        • Copyright infringement
        • Cyber stalking, outraging modesty of women, obscene content to humiliate girls and harm their reputation 
        • Threatening e-mail
        • Assuming fake identity, virtual impersonation
        • Breach of right to privacy
        • Misuse of social media in fanning intolerance, instigating communal tensions and inciting riots. Posting inflammatory material that tends to incite hate-crimes (Even Prime Minister Manmohan Singh expressed deep concern on misuse of social media in sparking off communal sentiments)
        • Information warfare
        • Phishing scams
  • Cyber Warfare and Cyber Terror:
    • It is said that future wars will not be like traditional wars which are fought on land, water or air. Snowden revelations have shown that Cyberspace could become the theatre of warfare in the 21st century.
    • While there is no agreed definition of cyber warfare but ‘when any state initiates the use of internet based invisible force as an instrument of state policy to sabotage and espionage against another nation, it is called cyber war‘.
      • Attacking the information systems of other countries for espionage and for disrupting their critical infrastructure may be referred as cyber warfare.
      • It includes hacking of vital information, important webpages, strategic controls and intelligence.
    • The attacks on the websites of Estonia in 2007 and of Georgia in 2008 have been widely reported.
      • Although there is no clinching evidence of the involvement of a state in these attacks, it is widely held that in these attacks, non-state actors (for example, hackers) may have been used by state actors.
      • Since these cyber attacks, the issue of cyber warfare has assumed urgency in the global media.
    • When an organisation, working independently of a nation state, operates terrorist activities through the medium oft cyber space, it is generally called cyber terror.
    • Special Features of Cyber War Compared to Traditional War 
      • Independent theatre of war:
        • The development of the internet and low-cost wireless communication is the contemporary equivalent of what airplanes were a hundred years ago. Their use in economic, social and political transactions has increased at a rate that far exceeds the growth in airplane use over the last century.
        • These technologies already play an important part in military operations in the traditional spheres of land, sea, air and the newer one of space. There are signs that they have been used for aggressive purposes by some states.
        • There is also ample evidence of their use by criminals and terrorist groups.
        • It is only a matter of time, like air power a hundred years ago, before cyberspace becomes an independent theatre of war.
        • There is one important nuance in the treatment of cyberspace as a fifth potential theatre of war, along with land, sea, air and space.
          • The use of cyberspace depends on physical facilities like undersea cables, microwave and optical fibre networks, telecom exchanges, routers, data servers, and: on. Protecting or attacking these is in the domain of the traditional arms of the military.
        • Cyberspace, as an independent theatre of war, is about attacks that compromise the capability to use these facilities-they cannot be prevented by the security services in isolation.
      • An undefined space (no specific areas):
        • The defence of cyberspace has a special feature. The national territory or space that is being defended by the land, sea and air forces is well defined.
        • Outer space and cyberspace are different.
          • They are inherently international even from the perspective of national interest.
          • It is not possible for a country to ignore what is happening in any part of this space if it is to protect the functionality of the cyberspace relevant for its own nationals.
          • Moreover, a key part of this space, the global internet system, is still under the control of one country.
        • Hence, national defence and international cooperation are inevitably inter-meshed. This means that a country’s government must ensure coherence between its security policy and the diplomatic stance taken by it in multilateral and bilateral discussions on matters like internet and telecom governance, human rights related to information freedoms, trade negotiations on infotech services, and so on.
      • Disguised attackers: There is another feature of cyberspace that complicates the design of security structures and policies compared to the other theatres of conflict.
        • In cyberspace, it is very easy for an attacker to cover his tracks and even mislead the target into believing that the attack has come from somewhere else.
        • This difficulty in identifying the perpetrator makes it difficult to rely on the capacity to retaliate as a deterrent.
      • No Contact war: The evolution of technology impacts the nature of conflict and war. Amongst the recent aspects of conflict is ‘no contact war’ wherein there is no ‘physical’ or ‘kinetic’ action across borders.
        • Future world war will most likely be cyber war. Future war will not be like traditional wars which were fought on territorial borders or in air space.

Key Terms of Cyber Attack:

  • Phishing:
    • Phishing is the act of attempting to acquire information, such as usernames, passwords and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
    • Communications purporting to be from popular social websites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public.
    • Phishing emails may contain links to websites that are infected with malware.
    • Phishing is typically carried out by email spoofing or instant messaging.
  • Vishing (Voice Phishing): The term is a combination of ‘voice’ and ‘phishing’. When phishing is done with the help of telephonic system, it is called vishing.
  • Tabnabbing: Tabnabbing is one of the latest phishing technologies. It takes advantage of tabbed browsing(which uses multiple open tabs) that a user uses and silently redirects the user to the affected site. This technique operates in reverse to most phishing techniques as it does not directly take the user to the fraudulent site, but, instead, phishers load their fake page in one of the open tabs.
  • Whaling: Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.
  • Spoofing: A spoofing attack is a situation in which one person or programme successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. A spoofing attack involves one programme, system or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another programme.
    • The purpose of this is usually to fool programmes, systems or users into revealing confidential information, such as user names and passwords, to the attacker.
  • Zombies: A zombie is a computer connected to the internet that has been compromised by a hacker, computer virus or trojan horse. It can be used to perform malicious tasks under remote direction.
    • Botnets of zombie computers are often used to spread email spam and launch denial-of- service attacks.
    • Most owners of zombie computers are unaware that their system is being used in this way, Because the owner tends to be unaware, these computers are metaphorically compared to zombies.
  • Botnets: A botnet is a collection of internet-connected programmes communicating with other similar programmes in order to perform tasks.
    • Botnets sometimes compromise computers whose security defences have been breached and control conceded to a third party.
    • Each such compromised device, known as a ‘bot’, is created when a computer is penetrated by software from a malware (malicious software) distribution.
  • Pharming: It is an attack to redirect a website’s traffic to a different, fake website, where the individual’s information is then compromised.
  • Drive-by: These are opportunistic attacks against specific weaknesses within a system.
  • MITM: ‘Man in the middle attack’ is an attack where a middleman impersonates each endpoint and is thus able to manipulate both victims.
  • Spam: The unsolicited sending of bulk email for commercial purposes, is unlawful in some jurisdictions. While anti-spam laws are relatively new, limits on unsolicited electronic communications have existed for some time.


SNOWDEN REVELATIONS:

  • Edward Joseph Snowden is an American computer professional, former employee of the Central Intelligence Agency (CIA) and former contractor for the National Security Agency (NSA). He hogged international limelight when he disclosed to several media outlets thousands of classified documents.
    • Snowden’s release (in 2013) of classified material has been described as the most significant leak in US history. The US Department of Justice charged Snowden with espionage.
    • Snowden’s leaked documents uncovered the existence of numerous global surveillance programmes; many of them run by the NSA with the cooperation of telecommunication companies and European governments.
    • The massive extent of NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents.
    • In 2013, the existence of the ‘Boundless Informant’ was revealed, along with the PRISM electronic data mining programme, the XKeyscore analytical tool, the Tempora interception project, the MUSCULAR access point and the massive FASCIA database, which contains trillions of device-location records.
    • In the following year, Britain’s Joint Threat Research Intelligence Group was revealed, along with the Dishfire database, Squeaky Dolphin’s real-time monitoring of social media networks and the bulk collection of private webcam images via the Optic Nerve programme.
    • The disclosures have fuelled debates over mass surveillance, government secrecy and the balance between national security and information privacy.
    • Modus Operandi of Widespread Cyber Snooping by National Security Agenay (NSA):
      • Basically, three major players were used by the NSA:
        • Different nations
        • Domestic/foreign agencies
        • Private players within and outside the USA.
      • Data was collected through:
        • Telecom operators from Global Optic Fibre Network
        • Servers of US based internet giants like Google and Microsoft
        • Hardware manufacturers like Cisco and Juniper 
        • Large scale Malware operations and Firewall 
        • Off the Air components, including Wi-Fi, GSM, CDMA and Satellite signals in alliance with Australia, New Zealand and South Africa
        • Taps placed on undersea cables in South America, North of Africa and the Indian Ocean 
        • Monitoring international payments, banking transactions 
        • iPhones, Blackberry and Android operating system
    • Vulnerability of Indian Cyber Space:
      • Documents leaked by NSA whistle-blower Edward Snowden indicate much of the NSA surveillance was focused on India’s domestic politics and its strategic and commercial interests, exposing India’s vulnerability to cyber snooping in all sectors. India was fifth among targeted countries.
      • The US has had a major influence on the development of cyberspace by virtue of the fact that much of the initial infrastructure and use was centred in that country and it continues to be a major force in its development and use. The US has thus been in a position to fend off periodic attempts to challenge its supremacy, and those times when it could not, it has been forced to shed some of its control.
    • Impact of Snowden Revelations
      • It will pave way for the ‘Internet Governance Era‘.
        • Microsoft recently allowed foreign customers to have their personal data stored on servers outside America.
        • Hence, the consequence of Edward Snowden’s NSA leaks is that countries and companies would erect borders of sorts in cyberspace.
      • Following the shocking revelations about governments’ widespread monitoring of global communications, it is clear that all facets of the cybersecurity world have been indelibly changed, from ordinary people having their eyes opened to what is really going on, to governments becoming ever-more distrustful of each other. 
      • Some experts believe the technical details contained in documents leaked by Snowden had weakened the security situation in western countries, decreasing the level of security in the US and UK in particular.
        • They feel the leaks were a ‘gift’ to allow terrorists to ‘evade us and strike at will’. It is being said that as fallout of the revelations, Al-Qaeda has changed the way it communicates. 
      • One of the biggest impacts Snowden has had on the world is that his leaks have led to an acceleration of cyber arms race around the world.
      • There is a greater awareness among the masses about the right to privacy. People have become conscious. Even Barack Obama, President of USA, conceded that those leaks triggered a passionate and welcome debate about American snooping.

THREAT TO INDIA’S CYBER SPACE:

  • As is clear from Snowden’s revelations, India’s cyber space is almost unprotected.
    • Till now, we only have very basic security features. We have started considering advanced features only after the Snowden revelations. All our vital institutions, installations and critical infrastructure need to be protected from cyber attacks.
    • The future war will target crucial areas like:
      • Defence installations
      • Sensitive documents related to both internal and external security
      • Communication networks, including satellites
      • ATC management 
      • Railway traffic control
      • Financial services
      • Premier institutions of science, technology and research
  • Critical Infrastructure (CI) and Critical Information Infrastructure (CII):
    • In general, critical infrastructure (CI) can be defined as: ‘Those facilities, systems, or functions, whose incapacity or destruction would cause a debilitating impact on national security, governance, economy and social well-being of a nation.’
      • It broadly includes the following sectors:
        • Energy Transportation ( air, surface, rail and water)
        • Banking and finance 
        • Telecommunication 
        • Defence 
        • Space 
        • Law enforcement, security and intelligence 
        • Sensitive government organisations
        • Public health 
        • Water supply Critical manufacturing 
        • E-governance
      • Across the world, critical information infrastructure (CII) is broadly defined as including those networks which are interrelated, interconnected and interdependent’. Critical Information Infrastructure (CII) are those ICT infrastructure upon which the core functionality of critical infrastructure is dependent.
        • Under under the IT Act 2000. Section 70 of the Act defines critical information infrastructure (CII) as: “Those computer resource and incapacitation or description of which, shall have debilitating impact on national security, economy, public health or safety.’
        • CII is highly complex, distributed, interconnected and interdependent.
      • Threats to Cll: Threats to CII are classified as:
        • Internal threat: It is defined as ‘one or more individuals with the access and/or inside knowledge of a company, organisation or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products or facilities with the intent to cause harm’.
          • Insider betrayals cause losses due to IT sabotage, fraud and theft of confidential or proprietary information. This may be intentional or due to ignorance.
        • External threat: This threat arises from outside of the organisation, by individuals, hackers, organisations, terrorists, foreign government agents, non-state actors, and pose risk, like crippling CII, espionage, cyber/electronic warfare, cyber terrorism, etc.
      • Effects of cyber attacks on CII: 
        • Damage or destruction of CII 
        • Disruption or degradation of services 
        • Loss of sensitive and strategic information Widespread damage in short time
        • Cascading effects on several CII
  • STEPS TAKEN BY THE GOVERNMENT OF INDIA :
    • The government has identified a list of critical computer infrastructure which need special protection against cyber attacks. Included in this list are networks related to national security, defence, banks, stock markets, power grids, railways and airlines, weather and many others.
    • A national policy on cyber security was framed in 2013.
    • A National Critical Information Infrastructure Protection Centre (NCIIPC) is in the process of being set up to create a fool-proof firewall around these networks.
    • The National Cyber Coordination Centre is set up. It is an operational cybersecurity and e-surveillance agency in India. It is intended to screen communication metadata and co-ordinate the intelligence gathering activities of other agencies.
    • A Centre of Excellence in Cryptology, the science of encrypting data, is being established at the Indian Institute of Statistics in Kolkata.
    • Attacks on Indian networks have come mainly from computers based in 20 countries, including the US, UK, Germany, France, Brazil, Poland and the Netherlands.
      • One such attempt tried to jeopardise the Delhi Commonwealth Games in 2010. Hackers had tried to get into the computer systems to tamper with the timers and scoring machines.
    • The government had come up with a ‘roadmap on cyber security’, that has laid stress on collaboration between the government and private sector in this area.
    • The government has set up three cyber-forensic laboratories in Bangalore, Pune and Kolkata in association with the software industry group NASSCOM. 
    • CERT-In, or Computer Emergency Response Team (India), the nodal agency to deal with such crisis is being replicated on a smaller scale for specific sectors.
      • The defence establishment has already set up a sectoral CERT for itself. 
    • National Cyber Security Policy 2013:
      • The National Cyber Security Policy 2013 aims at:
        • facilitating the creation of secure computing environment
        • enabling adequate trust and confidence in electronic transactions and
        • guiding stakeholders actions for the protection of cyberspace.
      • Salient features:
        • A vision and mission statement aimed at building a secure and resilience cyberspace for citizens, businesses and Government.
        • Enabling goals aimed at reducing national vulnerability to cyber attacks, preventing cyber attacks & cyber crimes, minimising response & recovery time and effective cybercrime investigation and prosecution.
        • Focused actions at the level of Govt., public-private partnership arrangements, cyber security related technology actions, protection of critical information infrastructure and national alerts and advice mechanism, awareness & capacity building and promoting information sharing and cooperation.
        • Enhancing cooperation and coordination among all the stakeholder entities within the country.
        • Objectives and strategies in support of the National Cybersecurity vision and mission.
        • Framework and initiatives that can be pursued at the Govt. level, sectoral levels as well as in public-private partnership mode.
        • Facilitating monitoring key trends at the national level such as trends in cyber security compliance, cyber attacks, cyber crime and cyber-infrastructure growth.
    • National Critical Information Infrastructure Protection Centre (NCIIPC):
      • The Government is setting up the National Critical Information Infrastructure Protection Centre (NCIIPC) which will function as a specialised unit under the National Technical Research Organisation (NTRO).
      • Under Section 70A of the IT Act, NCIIPC, under NTRO, is being declared as the nodal agency for protection of critical information infrastructure of India.
      • The functions of NCIIPC include:
        • Identification of critical sub-sectors
        • Study of information infrastructure of identified critical sub-sectors
        • Issue of daily/monthly cyber alerts/advisories 
        • Malware analysis 
        • Tracking zombies and Malware spreading IPs 
        • Cyber forensics activities 
        • Research and development for smart and secure environment 
        • Facilitate CII owners in adoption of appropriate policies, standards, best practices for protection of CII
        • Annual CISO Conference for critical sectors
        • Awareness and training 
        • 24X7 operation and helpdesk
      • Each organisation/ministry in critical sector should nominate a Nodal Officer (CISO) for interaction with NCIIPC. CISO will be the point of contact for NCIIPC.
    • Information Technology Act 2000 (Amended in 2008):
      • It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the UNCITRAL Model Law on International Commercial Arbitration recommended by the General Assembly of United Nations by a resolution dated 30 January 1997. The Act provides a legal framework for electronic governance by giving recognition to electronic records and digital signatures. It also defines cyber crimes and prescribes penalties for them.

Leave a Comment

Your email address will not be published. Required fields are marked *

error: Content is protected !!