AIIMS Cyber Attack Probe Points to Foreign State Actor

AIIMS Cyber Attack Probe Points to Foreign State Actor

Context- The Cyber incident last month had brought the online management system of the institute to a halt, and raised concerns about the data of crores of patients being compromised, including that of high profile political personalities.

Preliminary investigation into the cyber attack has found hack originated from another country and could possibly have involved a foreign state actor.

What is Cyber security?

Cyber security is the technique of protecting computers, networks, programs and data from unauthorised access or attacks that are aimed for exploitation of cyber-physical systems and critical information infrastructure.

• Cyber physical systems– It includes Robotic Systems, Smart grids etc
• Critical Information Infrastructure- The Information Technology Act (2000) defines Critical Information Infrastructureas a computer resource, the incapacitation of which shall have debilitating impact on national security, economy, public health or safety.

Situation of India–

• According to the National Crime Records Bureau (NCRB)data, India reported 52,974 cases of cybercrime in 2021, an increase of over 5 per cent from 2020 (50,035 cases)
• India has ranked 10^th in Global Cybersecurity Index (GCI) 2020 by ITU (International Telecommunication Union- A UN Specialized Agency), on the basis of performance on five parameters of cybersecurity, which are- Legal measures, technical measures, organisational measures, capacity development, and cooperation.

What are types of cyber threats?

• Malware–  Malware is a program inserted into a system to compromise the confidentiality, integrity, or availability of data.
• Ransomware–  Ransomware asks you to pay a ransom using online payment methods to regain access to your system or data.
• Distributed denial of service (DDoS) attacks– DDoS attacks make an online service unavailable by overwhelming it with excessive traffic from many locations and sources. Website response time slows down, preventing access during a DDoS attack.
• Spam and Phishing– Spam includes unwanted, unsolicited, or undesirable messages and emails. Phishing is a form of social engineering, including attempts to get sensitive information. Phishing attempts will appear to be from a trustworthy person or business
• Man in the Middle Attack– Attacker Eavesdrops between two parties
• SQL injection– A code injection to destroy database.

(Credits- StealthLabs)

What are the challenges?

• Indialacks indigenization in hardware as well as software cybersecurity This makes India’s cyberspace vulnerable to cyber threats motivated by state and non-state actors.
• India doesn’t have an ‘active cyber defence’ like the EU’sGeneral Data Protection Regulation (GDPR).
• Multiplicity of agencies operating with overlapping domains Ex- CERT-In, National Cyber Coordination Centre, National Critical Information Infrastructure Protection Centre(NCIIPC) etc.
• Lack of digital literacy and awareness.
• Lack of trained cadre of specialists dealing with cyber security issues.

Way Forward-

• Cyber Hygiene
• Zero trust model- A security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated.
• Indigenisation of Cyber Infrastructure

Syllabus- Mains; GS-3; Cyber Security; Role of State actors