Securing India in the Cyber Era
eBook - ePub

Securing India in the Cyber Era

  1. 72 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Securing India in the Cyber Era

About this book

This book explores the geopolitics of the global cyber space to analyse India's cyber security landscape. As conflicts go more online, nation-states are manipulating the cyber space to exploit each other's dependence on information, communication and digital technologies. All the major powers have dedicated cyber units to breach computer networks, harvest sensitive data and proprietary information, and disrupt critical national infrastructure operations.

This volume reviews threats to Indian computer networks, analyses the country's policy responses to these threats, and suggests comprehensive measures to build resilience in the system. India constitutes the second largest internet user base in the world, and this expansion of the user base also saw an accompanying rise in cyber crimes. The book discusses how the country can protect this user base, the data-dependent critical infrastructure, build resilient digital payment systems, and answer the challenges of the dark net. It also explores India's cyber diplomacy, as an emerging economy with a large IT industry and a well-established technological base.

Topical and lucid, this book as part of The Gateway House Guide to India in the 2020s series, will be of interest to scholars and researchers of cyber security, digital diplomacy, foreign policy, international relations, geopolitics, strategic affairs, defence studies, South Asian politics and international politics.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Securing India in the Cyber Era by Sameer Patil in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & Regional Studies. We have over one million books available in our catalogue for you to explore.

1

The geopolitics of cyber space

DOI: 10.4324/9781003152910-1

Introduction

Cyber space has become the newest and most prominent arena for geopolitical contestations. Nation-states are exploiting each other’s dependence on information, communication and digital technologies to breach computer networks, harvest sensitive data and proprietary information, and disrupt critical national infrastructure operations. Today, all the major powers have dedicated cyber units which map out their adversaries’ vulnerabilities and capitalise on them.
Consequently, cyber attacks targeting national and commercial computer networks have surged in the last few years. However, 2020 has witnessed a significant expansion of the threat vector and attack techniques, with the outbreak of the COVID-19 pandemic.1 While global attention is focused on dealing with this unprecedented health emergency, adversarial states and cyber saboteurs have found an opportunity to crank up their offensive cyber operations. This is evident from the multiple attacks targeting critical national infrastructure engaged in fighting the pandemic, such as hospitals and other healthcare facilities and pharmaceutical companies. The absence of a global cyber security regime or agreed norms for state behaviour in cyber space has only complicated this scenario.
This introductory chapter will outline the lay of the land and identify the dynamics shaping the geopolitics of cyber space. It will then review the international community’s efforts to create the ever-elusive rules-based order in cyber space.

Cyber space as an extension of geopolitical rivalries

On 8 December 2020, FireEye, an American cyber security firm, was the target of hacking by what it described as “a nation with top-tier offensive capabilities”.2 In the last few years, the firm has proactively tracked and publicised several Chinese and Russian cyber operations called Advanced Persistent Threats (APTs).3 The hackers appeared to be interested in the details of the specific government customers of FireEye. They stole the company’s internal hacking tools, used to test cyber security preparedness of its clients. This attack was followed by a series of breaches targeting the US government agencies, including Departments of Treasury, Commerce, Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Energy Department’s National Nuclear Security Administration.4 Both FireEye and US officials have alleged that Russia was behind these breaches.5,6 These consecutive attacks mark a significant escalation of geo-political rivalry in cyber space. They are symbolic of the attacks taking place over the last few years, where nation-states have deployed advanced malware, utilised zero-day vulnerabilities and enlisted resourceful nationalistic hackers to target their adversaries’ computer networks and critical infrastructure.
Since the attack on the Estonian computer networks in 2007, alleged to have been carried out by Russia-based hackers, such attacks have become the new normal in the cyber space. A review of the attacks which have happened since then amply demonstrates the inter-weaving of geopolitical rivalries with cyber warfare. The evolution of technology has enabled the proliferation of tools required for launching such penetrating attacks.
Table 1.1 lists some of the most significant cyber attacks since the attack in Estonia. As can be seen from the list, many of the attacks have targeted critical national infrastructure – from nuclear reactors, as happened during the Stuxnet virus attack, to banks and payment systems, as seen in the Bangladesh Bank’s hacking in 2016. The problem of attribution has acted as a critical enabler for many of these attacks, since the attack is usually routed through multiple servers located in different countries. As a result, pinpointing the perpetrator of the attack is difficult. However, in recent years, utilising its technical skills and forensic capabilities, the United States has made significant progress in identifying people responsible for various cyber attacks – what is known as “naming and shaming”. For instance, in 2018, the US Department of Justice charged the “Lazarus group”, a North Korea-based hacking syndicate, as being responsible for multiple attacks, including the WannaCry Ransomware 2.0 attack, hacking of the Bangladesh Bank account and the targeting of Sony Corporation’s servers.7 Yet identifying the complicity of nation-states in such attacks has proved to be a generally difficult proposition.
Table 1.1 Major cyber security incidents worldwide since 2007 (excluding India)
Year Target Incident Implications
2007 Estonia Distributed Denial of Service (DDoS) attacks against Estonian websites The attack, suspected to have been carried out by Russia, disabled the government’s websites, political parties, news organisations and banks. While it was not a significant attack in terms of the actual damage, it demonstrated the impact caused by disruptions of internet-enabled services. Since then, Estonia has invested heavily in strengthening its digital infrastructure.
2008 Georgia DDoS attacks against Georgian computer networks The Georgian government accused Russia of launching attacks against its computer networks when both countries were fighting to control the territory of South Ossetia. The attack disabled almost 90% of official Georgian websites.
2010 Iran Discovery of Stuxnet virus targeting Iranian nuclear programme Allegedly designed by the United States and Israel, the virus slowed down the Iranian nuclear reactor at Natanz, affecting the Iranian nuclear programme. It also impacted operations at critical infrastructure facilities and manufacturing sites in many other countries.
2011 Europe Duqu virus hits European computer networks The Duqu virus, similar to Stuxnet, targeted a specific number of organisations in Europe. It was used to steal information that could be utilised to attack the Industrial Control Systems.
2012 Saudi Aramco Cyber attack against Saudi Aramco oil company In retaliation for Stuxnet, Iranian hackers reportedly launched a massive cyber attack targeting Aramco, a Saudi Arabian government flagship. It erased critical corporate data from Aramco’s 30,000 computers.
2013 Target Corporation Credit card data breach at Target Corporation The breach affected approximately 40 million consumers, forcing Target Corp to pay USD $18.5 million in the settlement.
2013–18 Worldwide Malware attack targeting banks in Brazil, North America, Europe and Asia-Pacific Carbanak, a cyber criminal gang primarily based in Europe, deployed malware in the systems of more than 100 banks, to steal upwards of USD $300 million - possibly as high as USD $1.1 billion. The malware imitated bank procedures by recording bank employees’ computer activity.
2014 Sony Corporation Data breach in the Sony Corporation’s computer networks Allegedly backed by the North Korean government, a group of hackers breached Sony Corporation’s computers in the US, stealing sensitive data including confidential emails, business plans and employee details. The attack was reportedly in response to a satirical movie based on North Korean leader Kim Jong-Un, produced by Sony Pictures. The attack reportedly cost Sony more than USD $100 million to investigate, to repair or replace computers and to take measures to prevent future attacks.
2014 North Korea Suspected DDoS attack against North Korean computer networks North Korea accused the United States of attacking its computer networks and shutting down the internet for many days. The attack was reportedly in response to the hacking of the Sony Corporation’s computers.
2014 JPMorgan Chase Data breach at American bank JPMorgan Chase The attack resulted in the data of 83 million accounts being compromised.
2014 Mt. Gox Bitcoin exchange Hackers target Mt. Gox Bitcoin exchange in Japan In an attack which persisted for years, hackers stole from Mt. Gox 850,000 bitcoins worth USD $460 million - 7% of all bitcoins in circulation. Soon after it suspended trading and filed for bankruptcy.
2015 Office of Personnel Management Data breach in the servers of the Office of Personnel Management The attack, blamed on China by the US, resulted in 21.5 million former and prospective federal employees’ data being stolen.
2015 Anthem Inc. insurance company Data breach in the Anthem insurance company in the US The breach exposed the records of approximately 78.8 million consumers. Investigations concluded the involvement of a foreign nation in the breach. The, company was forced to pay USD $115 million to settle consumer claims.
2015 Banco del Austro, Ecuador-based bank SWIFT credentials of Banco del Austro stolen by hackers Unidentified hackers secured the bank employee’s SWIFT logon credentials to steal USD $12 million. The breach was linked to the North Korea-affiliated Lazarus hacker group.
2016 Ukraine DDoS attack against Ukrainian power companies Suspected Russian hackers hacked into the three power companies’ networks in Western Ukraine, which disrupted energy supplies in eight provinces, affecting more than 80,000 people.
2016 Bangladesh, Bank Hacking of Bangladesh Bank’s account at Federal Reserve Bank, New York Computer servers were hacked to issue instructions via SWIFT network for illegally transferring USD $951 million from the Bangladesh Bank’s account in the Federal Reserve Bank. Transactions worth USD $101 million were successful. Bangladesh Bank has recovered USD $38 million so far. The attack has been linked to the Lazarus group.
2016 US election infrastructure Targeting of the American election infrastructure during the 2016 presidential elections Suspected Russia-based hackers scanned voter registration d...

Table of contents

  1. Cover Page
  2. Half Title Page
  3. Series Page
  4. Title Page
  5. Copyright Page
  6. Dedication Page
  7. Contents Page
  8. List of figures and tables Page
  9. Acknowledgements Page
  10. Abbreviations Page
  11. 1 The geopolitics of cyber space
  12. 2 India’s cyber security landscape: vulnerabilities and responses
  13. 3 Protecting India’s critical infrastructure
  14. 4 Building resilient digital payment systems
  15. 5 Murky alleys of the deep web
  16. 6 India’s lead in cyber diplomacy
  17. Bibliography
  18. Index