Cyber threat is the possibility of a malicious attempt to damage or disrupt a computer network or system. Issues over the recent years like petya ransomware, debit/credit card data hacking, Aadhaar data misuse etc. has raised the concern on India's ability to secure cyber space. Recently, grocery delivery platform Bigbasket faced a data breach where over 2 Cr users data was compromised and a data breach on PM Modi’s website narendramodi was also witnessed. A recent assessment report by the National Technical Research Organisation (NTRO) has highlighted that the number of cyber-attacks in India has increased due to the work from home scenario.

Various Cyber Threats

1. Cyber Crime: Cybercrimes are usually of two kinds:
   1. Those directed at computers or other devices (for example, hacking, malware, DoS attacks virus attacks etc)
      
      
   2. Those where computers or other devices are integral to the offence (for example, online fraud, identity theft, cyber bullying, distribution of child exploitation material etc)
      
      
   
   
   
2. Cyber Espionage: Cyber espionage represents the strategy of breaking into computer systems and networks in order to extract sensitive governmental or corporate information.
   
   
3. Cyber Terrorism: Actions threatening unity and security of India or striking terror in people by denying access of penetrating into a computer to cause death and destruction of property or adversely affect the critical information infrastructure.
   
   
4. Cyber Warfare: States attacking the information systems of other countries for disrupting their critical infrastructure and disrupt an adversary’s ability to function during a conflict
   
   

Measures To Counter Cyber Threats:

• Legal measures
  • Information Technology Act 2008 (as amended in 2012)
    
    
  • Relevant sections of Indian Penal Code.
    
    
  
  
  
• Administrative Measures
  • National Cyber Security Policy 2013 (NCSP) serves as an umbrella framework for defining and guiding the actions related to security of cyberspace.
    
    
  • CERT-In: A Computer Emergency Response Team –India (CERT-In) as nodal agency for cyber security incident response. It runs the 24x7 National Watch and Alert System.
    
    
  • National Cyber Coordination Centre (NCCC): NCCC is to ensure near real time threat assessment and to coordinate between intelligence agencies.
    
    
  • National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country.
    
    
  • Indian Cyber Crime Coordination Centre (I4C) for cyber crime monitoring
    
    
  • Setting up of cyber forensic units and creating trained human resources
    
    
  • Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for providing detection of malicious programmes and free tools to remove such programmes.
    
    
  
  
  
• Miscellaneous Measures
  • All organizations providing digital services have been mandated to report cyber security incidents to CERT-In expeditiously.
    
    
  • Issue of alerts and advisories regarding cyber threats and counter-measures by CERT-In.
    
    
  • Issue of guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
    
    
  • Provision for audit of the government websites and applications prior to their hosting, and thereafter at regular intervals.
    
    
  • Formulation of Crisis Management Plan for countering cyber attacks and cyber terrorism.
    
    
  • Conducting cyber security mock drills and exercises regularly to enable assessment of cyber security posture and preparedness of organizations in Government and critical sectors.
    
    
  • Conducting regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber attacks.
    
    
  
  
  

As nature of cyber space is fast evolving and transnational, the response system also needs to be constantly evolving. India needs to focus on cyber security literacy, updating cyber laws, institutionalizing transnational cooperation mechanisms and creating a dedicated cadre of cyber security personnel. The new cyber security policy acts as a guide in the right direction.