India needs to move fast in securing its Digital Frontiers
- In Mathematics, Science & Technology
- 03:02 PM, Mar 24, 2017
- Krishna Kant Sharma
15th September 2016 was not just another day in the digital world. It was the day when global email service giant Yahoo, reported that some 500 million user accounts had gotten compromised due to a hacking incident backed by some ‘foreign government’. Things were going to turn much worse for Yahoo. In December 2016, the company reported about another hacking incident in 2013, when at least 1 billion accounts were compromised. The company requested its users to immediately change/update their security settings. However, the incident severely impacted Verizon Communications Inc.’s planned acquisition of the internet company.
December 2016, one of the world’s largest dating sites for adults; AdultFriendFinder.com reported a data breach involving about 412 million accounts. These accounts were in turned linked to global email giants like Hotmail, Yahoo & Gmail. Private lives and details of millions of people suddenly became open to public scrutiny. Many people were scarred for life. A similar incident in July 2015 with another commercial website billed as enabling extramarital affairs; Ashley Madison, had impacted about 32 million accounts. Personal details such as email details, names, contact information, and sexual preferences of the users were leaked. It had a severely traumatic effect on the users of the website. Eventually the website owners agreed to a $1.7 million settlement with several U.S. states and the federal government.
A massive DDoS (Distributed Denial of Service) attack using Mirai botnet was unleashed by hackers in October 2016. It was the biggest reported attack on DNS services & IoT devices (printers, IP cameras, DVR players, residential gateways). Unsecured IoT devices were prime target of the attack. The ensuing outage brought down internet services in large parts of Europe and North America. It also laid bare the vulnerabilities of the ‘connected world’.
International politics too wasn’t left out from cyber hacking. Reports of Russian hackers interfering in 2016 US Presidential elections gained international spotlight. So much so that President Obama admitted to having used the red phone line to contact his Russian counterpart; Vladimir Putin, and warned him against cyber attacks originating from Russia. The Russians though denied any involvement.
In this connected world, without borders, India too has been hit by the scourge of cyber attacks. Indian security establishment was rocked last year; with the leak of sensitive details about India’s highly secretive Scorpene submarine being built in collaboration with French firm DCNS. Any leakage of the stealth features of the submarine meant that they were sitting ducks for the enemy navies. Where and how, the leak happened, is yet to be established.
October 2016, saw RBI reporting a massive breach of debit card data linked with leading banks such as SBI, ICICI, HDFC, Axis, Yes bank, etc. The attack which happened between May – July 2016, was the biggest ever cyber breach in India, which compromised the country’s payment network. The Hitachi attack, as the breach came to be known as, was targeted towards stealing the PINs (personal identification numbers) of customers as and when they used their cards to withdraw money from ATMs of a private bank in India. Estimates are that more than 32 lakh debit cards were compromised. Given the lack of awareness of digital security, the incident didn’t come to light till the banks requested their users to change their PINs.
A reported 80,000 cyber attacks on Indian financial networks occurred just between Dec 9-12, in midst of government’s demonetization drive. In Parliament this year, the government admitted that approximately 707 Centre & State government websites were hit by security breaches in the last 4 years.
Just recently, Global cyber security firm Fallible reported that a massive security breach of McDonald’s India app resulted in potential exposure of sensitive details of 2.2 million users; which may have included their names, email addresses, home addresses & phone numbers. The culprit in question; poor API security.
The Digital India drive, launched with much fanfare is one of the flagship schemes of Prime Minister Modi. The demonetization drive launched by the Government on 8th Nov 2016, pushed users towards a cashless economy, and an economy where digital payments became the norm rather than an exception. This added further stress on the legacy security systems in place in the Indian ecosystem. Also the lack of awareness amongst majority of the population, about the steps required to safeguard their digital data, points to an extremely vulnerable situation, which can be exploited by professional hackers or inimical foreign governments.
Indian Computer Emergency Response Team (CERT-In) is the nodal Government organisation under Ministry of Electronics and Information Technology tasked to deal with cyber security threats like hacking and phishing. It has signed several Memorandum of Understanding (MoU) agreements with several foreign governments for cooperation in Cyber Security. The IT Act 2000 (amended in 2008), also lays down the regulations for Cyber Security in India. Meanwhile, The Payment Card Industry Data Security Standard (PCI DSS) governs the Banking Card industry.
Inspite of all the efforts by Government of India to push for technology adoption in its schemes, India continues to cut a sorry picture on the global stage. In the prestigious Networked Readiness Index (NRI) 2016 report, which is a key component of the World Economic Forum’s ‘The Global Information Technology Report 2016’, India was placed at 91 out of the 139 global economies assessed on readiness for digitised market. The report highlighted the divide which still exists between the urban & the rural India and how legacy infrastructure choked India’s digital growth. A research report released last year by SophosLabs research, ranked India amongst the top 5 countries globally, at risk for cyber attacks. Even a study released by NASSCOM last year, ranked India around 100, in terms of households which have access to Internet. Global internet security giant; Kaspersky have repeatedly commented on the poorly secured critical infrastructure in India. The hacker group Legion has openly boasted how they can take down sansad.nic.in. Dangerous signals for the government which is betting hugely on BHIM & Aadhaar.
The Indigenous digital payments app BHIM (The Bharat Interface for Money), launched in December by the government for fast and secure cashless transactions, crossed 18 million downloads.
Aadhaar; the 12 digit unique-identity number issued to all Indian residents based on their biometric and demographic data, is now the world's largest biometric ID system, with over 1.123 billion enrolled members. In February of this year UIDAI discovered illegal transactions and reported them to the Delhi Police Cyber Cell. It also led to a criminal complainant against Axis Bank, Suvidhaa Infoserve and eMudhra. Aadhaar has had a troublesome past with cards being issued to animals also. Even GODs have not been spared, with a card being issued to Lord Hanuman! The dangers of a fake Aadhaar Card were also highlighted last year with the arrest of a Pakistan High Commission staffer who was spying in India, with a fake Aadhaar Card as his identity proof. Though Aadhaar is not a proof of identity, it is increasingly used as such. Aadhaar can also be used to make other documents, which can in turn be used as proof of identity, thereby subverting the entire process. Clearly, faulty implementation and regulations are leading to its misuse. The recent statement by the Finance Minsiter Arun Jaitley that Aadhaar may become the only card in future, replacing all types of other identity cards like voter ID card, PAN card etc, has serious implications.
Data is the new gold in today’s economy. There are justifiable concerns on having one’s privacy & personal details being compromised & used for targeted marketing, profiling & other commercial uses. Data brokerage is rampant with brokers offering huge amount of personal data at dirt cheap prices.
The over 300 million Smartphone users in India coupled with over 500 million internet users, present a challenge as well as an opportunity. India is also globally acknowledged for its vast pool of ICT professionals. The proliferation of ‘Smart’ devices under IoT offers another challenge in ensuring that systems are not compromised by malware & malicious code. As India pushes towards reinventing how government services are accessed by its citizens, how citizens take part in electoral exercises, how digital platforms are used for payments & other commercial transactions, how Indians browse internet & connect with the outside world; major regulatory and structural changes are required.
The government needs to seriously invest in a slew of measures with proper checks and balances towards ensuring a truly ‘Digital India’. While no security is all pervasive, India needs to move fast in securing its digital frontiers. Some of these steps could be:
- Plug loopholes in existing IT , Security laws and introduce new laws to deal effectively with data privacy, personal privacy and cyber crime
- Make mandatory disclosure of incidents of security breach
- Invest in capacity building , skill development by improving education & awareness levels
- Introduce specific law ensuring restriction of data available under Aadhaar to be shared with any third party
- A highly encrypted & secure cloud for data storage & tackling cross border issues
- Conduct regular security audit of financial networks
- Encouraging more industry & government partnership to evolve an effective ecosystem
- Introduce security standards on the adoption & usage of devices under IoT
- Have a Cyber Security corpus as part of the Union budget
Digital India has caught the imagination of the youth and an effective rollout of its measures will no doubt truly transform India in the new millennium. What is now needed is an ecosystem which supports and encourages the various initiatives under its ambit.
As Victor Hugo famously said ‘No one can resist an idea whose time has come’. So, too has Digital India and with it, the aspirations of one billion Indians.
Comments