NATIONAL SECURITY THREAT IN CYBERSPACE
By- Nikhil Vaghmarey
In security matters, there is nothing like absolute security. We are only trying
to build comfort levels because security costs money and lack of it costs
much more. Comfort level is a manifestation of efforts as well as realisation
of their effectiveness and limitation.
Cyberspace doesn’t have a specific definition but it is used to describe the whole virtual space. Cyberspace now extends to the whole world and is connected through the internet, computers, servers, etc. Thus it becomes very essential to have healthy cyberspace so that it doesn’t affect our national security. In the recent past with the rise of Information and Technology, crimes in cyberspace have risen dramatically, especially concerning a threat to national security. Controlling these national security threats in cyberspace requires a coordinated effort from various levels of government, private sectors, and even the citizens of this country.
THREAT TO NATIONAL SECURITY
In the digital age, the arena of national security is being confronted with previously unidentified risks aimed at undermining state information infrastructure. There is a simple truism that, in the globalized world, the Internet and ICT are necessary for economic and social growth, providing a crucial digital infrastructure on which communities, economies, and governments depend to perform their critical functions. The fairly accessible existence of the Internet means that the world is insecure on several levels. Thus, cybersecurity has come to encompass a wide range of issues such as critical infrastructure protection, cyber terrorism, cyber threats, privacy issues, cybercrime, and cyber warfare. Generally, cyber attackers can be classified into two types:
• Non-state actors– They are not linked to any government or country, they work in their capacity. They generally attack only individuals or property. They have criminal intentions and may be subjected to the jurisdiction of one or more sovereign countries. Terrorists can be said to a more serious set of non-state actors and constitute a much greater threat to national security.
• Sovereign state– Sometimes an attack is being carried out by a sovereign state especially on the enemy country. This can trigger the information or cyber war. A recent example of this can be the alleged Chinese cyber-attack on Australia.
Defence against these attackers is carried out by both external and internal security agencies. Some common threats include pam, spoofing, phishing, viruses, worms, Trojans, spyware, repudiation, information disclosure, and denial of service, the elevation of privilege, botnets and pirated software.
India’s cyberspace is obviously connected with the rest of the world. Carrying out defences against cyber-attacks that occur at lightning speed and differentiating between attacks originating from terrorists, non-state actors or sovereign states is not an easy task for intelligence agencies. It must always be ensured that security systems must always be secure, reliable, and resilient. The internet has become a medium for political and military espionage.
India has increasingly recognized cybersecurity as a top security concern, one that will only increase in importance as time passes. At the same time, cybersecurity has emerged as a national policy priority to be handled in a comprehensive manner, including economic, financial, educational, legal, regulatory, technological, diplomatic, and military and intelligence aspects. “Considerations of sovereignty” have become increasingly important.
CHALLENGES IN IMPLEMENTING CYBERSECURITY
• Attackers vs. Defenders– The attacker needs to exploit only one vulnerability, while the defender needs to secure all vulnerabilities. The attackers have unlimited time while the defenders are working with time and cost constraints. An attacker will use a variety of open-source data to select targets and will use widely available means of attack and system vulnerability information to identify possible approaches. The intruder would also have remained undetected during his preparatory time. The early discovery of an assault or assault strategy and the detection and recognition of the attacker’s probes are critical elements of the defence.
• Security vs. Usability– Security systems are more difficult to use since complex and complicated passwords are hard to recall. People tend to use simple passwords. Human beings are often the weakest link in this respect. They make mistakes, pick easy passwords, and are vulnerable to social engineering (for attackers to provide passwords or access to systems).
• Security as an afterthought– Management and developers do not agree that protection adds a benefit for the industry. It is often expensive to address vulnerabilities shortly before the release of a product. There may be other urgent survival issues that relegate security to the backburner. Security purchases and practices are most often dependent on certain considerations, including best practices in business, fear of attack, product ratings, revenue, consultants’ advice, and budgetary constraints, and so on.
• Addressing vulnerabilities at various levels– The different levels at which cyber vulnerabilities need to be addressed would include home users / small businesses, large enterprises, critical infrastructure, and national and global organisations. Cybersecurity, therefore, requires action at all these multiple levels and by a diverse group of actors. There are two ways in which the trend towards ubiquitous computing affects cyber security. First, there are more targets for attacking more attackers. Second, attacks can have consequences in the real world.
Cyberspace offers a forum for progress and growth as a way to boost the general health of the world. But the wide reach of a loose and lightly regulated digital infrastructure poses great risks to nations, private enterprises and individuals. The Government of India is responsible for solving these strategic challenges in order to ensure that the country and its people, along with the broader community of nations, are able to realize the full potential of the information technology revolution.
SRR Aiyenger, National Strategy for cyberspace security, Centre for Land Warfare Studies
Sushma Devi Parmar, Cybersecurity in India: An Evolving Concern for National Security.