Launch of Central Suspect Registry to Combat Cyber Crimes

Introduction

The land of the dragon has been significantly advanced in terms of innovation and creating self-sustaining technologies of civic and military importance. Leading nations of the West still need to understand the advancements the dragon land has made in technologies and what potential threats it poses on an international level.

Int on Dragon Land

According to a leaked US intelligence study, China is developing powerful cyber weapons to “seize control” of adversary satellites and render them worthless for data communications or surveillance during combat.

According to the US, China’s effort to build up the capacity to “deny, exploit, or hijack” hostile satellites is critical to controlling information, which Beijing views as a crucial “war-fighting domain.”^[1]

The CIA-marked document, one of hundreds purportedly given by a 21-year-old US Air Guardsman in the most influential American intelligence leaks in over a decade, was released this year and has yet to be disclosed before.

This kind of cyber capabilities would be significantly superior to what Russia has used in Ukraine, where electronic warfare troops have used a brute-force strategy to little avail.

How were the capabilities discovered?

According to a top-secret US dossier, China could use its cyber capabilities to “take control of a satellite, making it inoperable for support of communications, weapons, or intelligence, surveillance, and reconnaissance systems.” The US has never acknowledged having a comparable or superior capability.

By broadcasting related frequencies from truck-mounted jamming systems like the Tirada-2, these attacks were first developed in the 1980s to block communications between low-orbit SpaceX satellites and their on-ground terminals. China’s more ambitious cyberattacks are designed to imitate the signals that adversary satellites’ operators send out, tricking them into malfunctioning or being entirely taken over at critical points in a battle.

Implications of such military capabilities

The south Chinese island nation of Taiwan is attempting to develop a communications infrastructure that can withstand an attack from China after observing how crucial satellite communications have been to the Ukrainian military.

According to a January 2023 article in the Financial Times, it is seeking investors to launch its own satellite provider while testing with 700 non-geostationary satellite receivers around Taiwan to ensure bandwidth in the case of conflict or natural calamities. Similarly, a Russian cyber strike rendered thousands of Ukrainian military routers from US-based Viasat inoperable in the hours before it launched its invasion last year, demonstrating how important satellite communications have become in contemporary wartime. This attack was deemed to be catastrophic by the Ukraine officials as it broke down the communication between the Ukraine army and the govt.

Additionally, several hundred wind turbines in Germany, Poland, and Italy were impacted, which cut off service to thousands of Viasat users in those countries. Even though it was complex, the Viasat hack required accessing the business’ computer systems and then sending commands to the modems that made them break.

How significant is the threat?

According to the leaked assessment, China’s objectives are much more sophisticated and focused towards the future. According to analysts, they would aim to disable satellites’ ability to interact with one another, relay signals and orders to weapons systems, or give back visual and intercepted electronic data. Satellites often work in interconnected clusters and remain unmanned, thus preventing the scope of proper surveillance. Officials from the US military have warned that China has made substantial advancements in creating military space technologies, particularly satellite communications. Beijing is vigorously pursuing counter-space capabilities in an effort to realise its “space dream” of being the dominant force outside of the Earth’s atmosphere by 2045.

Threat to India?

As China aggressively invests in technology meant to disrupt, degrade, and destroy our space capabilities, a potential threat remains on the Indian satellites and spaceships. The complexity of the communication network and extended distance from the Earth can point towards a high number of vulnerabilities for the Indian Space program. Still, the Indian Space Research Organisation (ISRO) has been working tirelessly, and as of 1st January 2022, India has 21 operational satellites in Low Earth Orbit (LEO) and 28 operational satellites in Geostationary Orbit. In 2021, ISRO launched one PSLV-DL variant (PSLV-C51) mission and one GSLV-MkII variant (GSLV-F10) mission. GSLV-F10 could not accomplish the mission successfully. In 2021, India placed five satellites and 1 PSLV rocket body (PS4 stage) in Low Earth Orbits. India placed 65 rocket bodies in orbit from the first launch, of which 42 are still in orbit around the Earth, and 23 have re-entered and burnt up in the Earth’s atmosphere. The break-up event of the 4th stage of PSLV-C3 in 2001 generated 386 debris, of which 76 are still in orbit.

Conclusion

The space race is the new cold war, all nations are working towards securing their space assets while exploring new elements in outer space. It is pertinent that the national interest in space is protected, and a long awaiting space treaty for the modern age needs to be ratified by all nations with a presence in space. The future of space exploration is bright for most nations, but the threats should be eradicated, and an all-inclusive space should be promoted to maintain harmony in space.

^[1] https://www.ft.com/content/fc72d277-7fa8-4b29-9231-4feb34f43b0c

Introduction

Cert-In (Indian Computer Emergency Response Team) has recently issued the “Guidelines on Information Security Practices” for Government Entities for Safe & Trusted Internet. The guideline has come at a critical time when the Draft Digital India Bill is about to be released, which is aimed at revamping the legal aspects of Indian cyberspace. These guidelines lay down the policy framework and the requirements for critical infrastructure for all government organisations and institutions to improve the overall cyber security of the nation.

What is Cert-In?

A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organisation’s cybersecurity incidents. A CERT may focus on resolving data breaches and denial-of-service attacks and providing alerts and incident handling guidelines. CERTs also conduct ongoing public awareness campaigns and engage in research aimed at improving security systems. The Ministry of Electronics and Information Technology (MeitY) oversees CERT-In. It regularly releases alerts to help individuals and companies safeguard their data, information, and ICT (Information and Communications Technology) infrastructure.

Indian Computer Emergency Response Team (CERT-In) has been established and appointed as national agency in respect of cyber incidents and cyber security incidents in terms of the provisions of section 70B of Information Technology (IT) Act, 2000.

CERT-In requests information from service providers, intermediaries, data centres, and body corporates to coordinate reaction actions and emergency procedures regarding cyber security incidents. It is a focal point for incident reporting and offers round-the-clock security services.  It manages cyber occurrences that are tracked and reported while continuously analysing cyber risks. It strengthens the security barriers for the Indian Internet domain.

Background

India is fast becoming one of the world’s largest connected nations – with over 80 Crore Indians  (Digital Nagriks) presently connected and using the Internet and cyberspace – and with this number is expected to touch 120 Crores in the coming few years. The Digital Nagriks of the country are using the Internet for business, education, finance and various applications and services including Digital Government services. Internet provides growth and innovation and at the same time it has seen rise in cybercrimes, user harm and other challenges to online safety. The policies of the Government are aimed at ensuring an Open, Safe & Trusted and Accountable Internet for its users. Government is fully cognizant and aware of the growing cyber security threats and attacks.

It is the Government of India’s objective to ensure that Digital Nagriks experience a Safe & Trusted Internet. Along with ubiquitous applications of Information & Communication Technologies (ICT) in almost all facets of service delivery and operations, continuously evolving cyber threats have become a concern for the Government. Cyber-attacks can come in the form of malware, ransomware, phishing, data breach etc., that adversely affect an organisation’s information and systems. Cyber threats leading to cyber-attacks or incidents can compromise the confidentiality, integrity, and availability of an organisation’s information and systems and can have far reaching impact on essential services and national interests. To protect against cyber threats, it is important for government entities to implement strong  cybersecurity measures and follow best practices. As ICT infrastructure of the Government entities is one of the preferred targets of the malicious actors, responsibility of implementing good cyber security practices for protecting computers, servers, applications, electronic systems, networks, and data from digital attacks, also remain with the ICT assets’ owner i.e. Government entity.

What are the new Guidelines about?

The Government of India (distribution of business) Rules, 1961’s First Schedule lists a number of Ministries, Departments, Secretariats, and Offices, along with their affiliated and subordinate offices, which are all subject to the rules. They also comprise all governmental organisations, businesses operating in the public sector, and other governmental entities under their administrative control.

“The government has launched a number of steps to guarantee an accessible, trustworthy, and accountable digital environment. With a focus on capabilities, systems, human resources, and awareness, we are extending and speeding our work in the area of cyber security, according to Rajeev Chandrasekhar, Minister of State for Electronics, Information Technology, Skill Development, and Entrepreneurship.

The Recommendations

• Various security domains are covered in the standards, including network security, identity and access management, application security, data security, third-party outsourcing, hardening procedures, security monitoring, incident management, and security audits.
• For instance, the rules advise using only a Standard User (non-administrator) account to use computers and laptops for regular work regarding desktop, laptop, and printer security in the workplace. Users may only be granted administrative access with the CISO’s consent.
• The usage of lengthy passwords containing at least eight characters that combine capital letters, tiny letters, numerals, and special characters; Never save any usernames or passwords in your web browser. Likewise, never save any payment-related data there.
• They include guidelines created by the National Informatics Centre for Chief Information Security Officers (CISOs) and staff members of Central government Ministries/Departments to improve cyber security and cyber hygiene in addition to adhering to industry best practises.

Conclusion

The government has been proactive in the contemporary times to eradicate the menace of cybercrimes and therreats from the Indian cyberspace and hence now we have seen a series of new bills and polices introduced by the Ministry of Electronics and Information Technology, and various other government organisations like Cert-In and TRAI. These policies have been aimed towards being relevant to time and current technologies. The threats from emerging technologies like web 3.0 cannot be ignored and hence with active netizen participation and synergy between government and corporates will lead to a better and improved cyber ecosystem in India.

Introduction

Data Breaches have taken over cyberspace as one of the rising issues, these data breaches result in personal data making its way toward cybercriminals who use this data for no good. As netizens, it's our digital responsibility to be cognizant of our data and the data of one's organization. The increase in internet and technology penetration has made people move to cyberspace at a rapid pace, however, awareness regarding the same needs to be inculcated to maximise the data safety of netizens. The recent AIIMS cyber breach has got many organisations worried about their cyber safety and security. According to the HIPPA Journal, 66% of healthcare organizations reported ransomware attacks on them. Data management and security is the prime aspect of clients all across the industry and is now growing into a concern for many. The data is primarily classified into three broad terms-

• Personal Identified Information (PII) - Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
• Non-Public Information (NPI) - The personal information of an individual that is not and should not be available to the public. This includes Social Security Numbers, bank information, other personal identifiable financial information, and certain transactions with financial institutions.
• Material Non-Public Information (MNPI) - Data relating to a company that has not been made public but could have an impact on its share price. It is against the law for holders of nonpublic material information to use the information to their advantage in trading stocks.

This classification of data allows the industry to manage and secure data effectively and efficiently and at the same time, this allows the user to understand the uses of their data and its intensity in case of breach of data. Organisations process data that is a combination of the above-mentioned classifications and hence in instances of data breach this becomes a critical aspect. Coming back to the AIIMS data breach, it is a known fact that AIIMS is also an educational and research institution. So, one might assume that the reason for any attack on AIIMS could be either to exfiltrate patient data or could be to obtain hands-on the R & D data including research-related intellectual properties. If we postulate the latter, we could also imagine that other educational institutes of higher learning such as IITs, IISc, ISI, IISERs, IIITs, NITs, and some of the significant state universities could also be targeted. In 2021, the Ministry of Home Affairs through the Ministry of Education sent a directive to IITs and many other institutes to take certain steps related to cyber security measures and to create SoPs to establish efficient data management practices. The following sectors are critical in terms of data protection-

• Health sector
• Financial sector
• Education sector
• Automobile sector

These sectors are generally targeted by bad actors and often data breach from these sectors result in cyber crimes as the data is soon made available on Darkweb. These institutions need to practice compliance like any other corporate house as the end user here is the netizen and his/her data is of utmost importance in terms of protection.Organisations in today's time need to be in coherence to the advancement in cyberspace to find out keen shortcomings and vulnerabilities they may face and subsequently create safeguards for the same. The AIIMS breach is an example to learn from so that we can protect other organisations from such cyber attacks. To showcase strong and impenetrable cyber security every organisation should be able to answer these questions-

• Do you have a centralized cyber asset inventory?
• Do you have human resources that are trained to model possible cyber threats and cyber risk assessment?
• Have you ever undertaken a business continuity and resilience study of your institutional digitalized business processes?
• Do you have a formal vulnerability management system that enumerates vulnerabilities in your cyber assets and a patch management system that patches freshly discovered vulnerabilities?
• Do you have a formal configuration assessment and management system that checks the configuration of all your cyber assets and security tools (firewalls, antivirus management, proxy services) regularly to ensure they are most securely configured?
• Do have a segmented network such that your most critical assets (servers, databases, HPC resources, etc.) are in a separate network that is access-controlled and only people with proper permission can access?
• Do you have a cyber security policy that spells out the policies regarding the usage of cyber assets, protection of cyber assets, monitoring of cyber assets, authentication and access control policies, and asset lifecycle management strategies?
• Do you have a business continuity and cyber crisis management plan in place which is regularly exercised like fire drills so that in cases of exigencies such plans can easily be followed, and all stakeholders are properly trained to do their part during such emergencies?
• Do you have multi-factor authentication for all users implemented?
• Do you have a supply chain security policy for applications that are supplied by vendors? Do you have a vendor access policy that disallows providing network access to vendors for configuration, updates, etc?
• Do you have regular penetration testing of the cyberinfrastructure of the organization with proper red-teaming?
• Do you have a bug-bounty program for students who could report vulnerabilities they discover in your cyber infrastructure and get rewarded?
• Do you have an endpoint security monitoring tool mandatory for all critical endpoints such as database servers, application servers, and other important cyber assets?
• Do have a continuous network monitoring and alert generation tool installed?
• Do you have a comprehensive cyber security strategy that is reflected in your cyber security policy document?
• Do you regularly receive cyber security incidents (including small, medium, or high severity incidents, network scanning, etc) updates from your cyber security team in order to ensure that top management is aware of the situation on the ground?
• Do you have regular cyber security skills training for your cyber security team and your IT/OT engineers and employees?
• Do your top management show adequate support, and hold the cyber security team accountable on a regular basis?
• Do you have a proper and vetted backup and restoration policy and practice?

If any organisation has definite answers to these questions, it is safe to say that they have strong cyber security, these questions should not be taken as a comparison but as a checklist by various organisations to be up to date in regard to the technical measures and policies related to cyber security. Having a strong cyber security posture does not drive the cyber security risk to zero but it helps to reduce the risk and improves the fighting chance. Further, if a proper risk assessment is regularly carried out and high-risk cyber assets are properly protected, then the damages resulting from cyber attacks can be contained to a large extent.