|  |  | 

India Top Headlines

Indians excel at gaming, what we don’t realize is that the electronic ecosystem doesn’t give you a second chance | India News


India has witnessed a large increase in cyberattacks by foreign entities and government agencies have not ruled out the involvement of foreign hands with the aim of disrupting India’s strong growth after the global Covid-19 lockdown.
The times of India Sanjeev singh I talk to Pavan Duggal, cyber law expert and advocate for the Supreme Court of India on how India should focus on a strong legal framework against cyberattacks that will only increase in the coming years.
Q1: The Center and the Maharashtra government seem to have different views on the reasons behind the 2020 outage in Mumbai. Your thoughts?
A1: If a cybersecurity company outside India is consciously observing incoming traffic and targeting India’s critical information infrastructure. He is updating the Indian government and submitting a report. So that report must be viewed in a holistic and objective way. There is no denying the fact that India has been the target of cyberattacks by state and non-state actors. The reason is that India is recovering from economic growth and revival. This growth has not been to the liking of various state and non-state actors. Trying to keep India’s progress seems like a logical corollary.
The issue of cyberattacks targeting India’s critical information infrastructure should be a logical priority. To say that India is completely safe, and that we will never be attacked, is something that has no connection to earthly reality. We are under attack 24/7 and we need to have a more realistic approach on how to deal with this. So far, India has only taken an open-mouthed approach to cybersecurity. Here too, there are two distinct and divergent thought processes between different sets of ministers.
Q2: The Mumbai outage was quickly fixed. Is there any reason to be concerned?
R2: Fortunately for us, the Mumbai outage was only for a couple of hours and things were restored. What if the outage had lasted another 15-16 hours? What if Ukraine’s cyberattack model had been replicated in India? The Ukrainian power grid was specifically targeted by Russian hackers in 2015. Much of Ukraine had been left in complete darkness. We still don’t know what kind of audit the energy corporation has carried out. Later, they discovered that many hackers were still sitting inside, silently watching how things happened. It is very important for us to wake up to this fundamental reality. Let us assume that what has been given in this report is factually inaccurate. But there is nothing to stop us reviewing the situation.
Q3: How has Covid-19 affected cyberattacks?
A3: Cyberattacks have become common in recent years. But the arrival of Covid-19 has ushered in the golden age of cybercrime. We have never seen this type of cyber criminal activity of this stature and frequency. It’s natural to expect these attacks to target where it hurts the most. They target the country’s critical information infrastructure, such as electricity, energy, banking, insurance, government networks, and healthcare. The two main targets are power grids and health-related services.
Q4: How do these cyberattacks operate?
A4: The modus operandi is very clear. Attackers operate from the dark web most of the time. This helps them hide their electronic fingerprints. Even if law enforcement agencies try to investigate, they may not be able to. They are very adept at erasing their electronic fingerprints. This makes it more difficult to attribute these attacks to a particular cyber actor. These groups focus on identifying those recipients who do not have a legal framework or lack adequate attention. They focus on violating vulnerable targets. Unfortunately, India has many vulnerabilities in government systems, including the critical information structure.
Q5: can we expect more attacks in the future?
A5: I hope more attacks will come. We are destined to be attacked much more. We should focus on getting ahead of this. We should have an appropriate mechanism and review the cyber security infrastructure. Countries like China are way ahead of us with three national laws on cybersecurity. India is still immersed in a historical mode. We have not yet developed a specific cybersecurity law. The India IT Act 2000 is not suitable to meet the challenges of cybersecurity. India requires an enabling legal framework. We require that stakeholders have adequate responsibility to protect and preserve cybersecurity. A large part of the critical information infrastructure is in the hands of both the public and private sectors. We will have to have a collaborative cybersecurity model. We need to create more awareness about cybersecurity.
A6: Does India have an adequate legal framework to deal with cyberattacks?
A6: We have been very soft on cyber security. We have received a data breach notification that requires all companies to report all breaches of this type since January 2017. In reality, no one reports cybersecurity breaches to the government. In February 2021, the government implemented the IT Broker Guidelines and Digital Media Code of Ethics. They have announced specific requirements for all intermediaries to mandatorily report all cybersecurity incidents. I hope things change. As of now, it is a very relaxed atmosphere. In some ways, the Indians excel at the idea of ​​the school of management played. What we don’t realize is that the electronic ecosystem doesn’t give you a second chance.

Times of India