In light of the burgeoning Indian digital space, fast-evolving cybersecurity threats have drummed up the need to strengthen internet security in India.
In 2004, the Indian Computer Emergency Response Team (CERT-In) came into operation and is now the national nodal agency responsible for combating cybersecurity threats. It strengthens the security-related defense of the Indian Internet domain.
Table of Contents
Evolution in the Cyberthreat Ecosystem
India witnessed ambitious plans for quick transformation and rapid business growth among enterprises and this enabled cyber risks to multiply. Currently, industries and firms across all sizes are struggling to manage the bombardment of cyber threats on a daily basis.
With technology taking over human lives, cyberspace has turned out to be a complex environment. It encompasses all critical interactions between software, services, and people. It also involves global distribution of information and a network of communication technology.
Thus, the focus has shifted to the creation of a stout cybersecurity ecosystem in the country, which is in tune with the globally networked environment. Gone are the days when firewalls were enough for essential cybercrime protection. The threat landscape is becoming advanced as well as more sophisticated, and organizations need to keep up with the pace.
To safeguard the country's information infrastructure, the Indian Government introduced CERT-In to prevent cyber threats, reduce vulnerabilities, and diminish the cyber incidents' damage. Next, we discuss the vital role CERT-in plays in preventing cybercrimes.
National Cybersecurity Policy
India witnessed a rapid IT sector growth in the nation, and in light of this, the government launched the National Cyber Security Policy.
The focus of the policy is to protect the information infrastructure in today's modern cyberspace - building capabilities to protect institutional structures, processes, people, and technologies.
It provides the right kind of focus to create a secure computing environment with adequate trust and confidence in electronic transactions, services, software, devices, and networks.
The National Cyber Security Policy, drafted in consultation with relevant stakeholders and the public, aims at facilitating the creation of a robust computing environment, user entities, and building trust and confidence in electronic transactions.
The policy focuses on operating a 24x7 National Level Computer Emergency Response Team, which is CERT-In, to function as a Nodal Agency for overall coordination of all efforts for crisis management and cybersecurity emergency response. CERT-In functions as an umbrella organization to enable the creation and operationalization of sectoral CERTs for facilitating communication and coordination actions to deal with various cyber crises.
National cyber security policy revolves on establishing a secure computing environment aiming to:
Reduce supply chain risks to create and maintain testing facilities and infrastructure for IT security product evaluation and verification for compliance as per global practices and services.
Develop Human Resource to foster training, awareness, and education programs both in formal and informal sectors to aid the Nation's cybersecurity needs to build cyber capabilities.
Provide reasonable confidence and assurance to all stakeholders - Government, business, industry, the general public, and global community, about the safety, resiliency, and cyberspace security
Articulate concerns and understand priorities for all activities along with directed efforts
Adopt suitable posturing that resolves to make determined efforts to effectively deter, monitor, and deal with cybercrime and cyber attacks.
Secure e-governance services to mandate business continuity management, implement global security best practices and manage cyber risks for all e-governance initiatives in the nation.
Encourage the use of open standards to ease out the interoperability and data exchange among various products or services.
The policy implementation employs:
Actions in the collaborative PPP mode
Efforts solely by the government
Actions by the private businesses and the academia
Strengthen the regulatory framework to ensure a secure cyberspace ecosystem.
Key Area of Focus in Cyber Security Prevention
With the growing dependency on technology, ignoring the possibility of cybercrime in business is potentially harmful for the industry, employees, and customers.
Below listed are the critical areas for cybersecurity to be focused on:
Security of Internet of things (IoT)
IoT includes all critical and non-critical cyber-physical systems, which frequently enter the vulnerable state to offer minimum to no security patching.
This poses specific security challenges for all users, pushing vendors to invest in security challenges to implement more strategic solutions.
Overall, cybersecurity is essential for the governance of all conducts and manners of interacting with computer systems with suspicious behavior.
As hackers continue to adapt with the progressing technology, the IT security experts should look at data security with an advanced focus.
Security of Critical Infrastructure
Our society relies heavily on cyber-physical systems including traffic lights, hospitals, shopping centers, etc. These make up a critical infrastructure that requires a high-level of security.
Organizations responsible for all critical infrastructures should carry out assessments to comprehend the vulnerabilities. This will help them protect businesses against cyber-attacks and threats. The resilience and security of such critical infrastructure are vital to society's well-being and safety.
In firms that aren’t directly responsible for critical infrastructure, part of their businesses still depend on it in some way and helps in evaluating the criticality of various attacks.
Security of Social Media and Apps
Applications are a top target for cybercriminals making it imperative to have ample security measures. Application security relies on hardware and software tools and methods to battle external threats arising in the development phase of all applications.
A few types of application security include:
These help to prevent unauthorized access - detecting assets containing sensitive data to protect specific processes of application security.
Cloud security is taking over all industries, and the software-based security tools are getting even more critical to protect and monitor cloud data. Cloud providers are continually adopting new security tools to allow enterprise users to secure their data better.
Cloud computing security is very similar to traditional on-premise data centers, only excluding the costs and time of maintaining huge data facilities.
The network security of enterprises should effectively guard the internal networks against all unauthorized intrusion with malicious intent. Network security allows internal network security to protect the infrastructure and inhibit access to it.
Also, to handle network security monitoring better, businesses have turned to machine learning. It enables easy detection of abnormalities and provides real-time alerts.
A few examples of implementation of network security include:
Big Data Security
Big data analysis has turned out to be a significant priority for businesses through performance insights and growth detection to drive businesses forward. Big data is the best way forward considering cybersecurity, as detecting threats is easier than ever.
Role of Cert-In in Cybersecurity
CERT-In, covered under the Information Technology Amendment Act 2008, handles all the below responsibilities:
Timely forecast and alerts of cyber vulnerabilities
Collection, dissemination, analysis, and regular monitoring of cyber incident information
Issuing guidelines, vulnerabilities, advisories, and vulnerabilities related to cyber incidents
Emergency response measures for mitigating cyber risks
Coordinating the cyber response measures
The institution plays a vital role in the following areas:
Security Audit Services and Assurance framework - CERT-In carries out regular security audits of significant businesses. It involves penetration test and vulnerability assessment of the networked infrastructure of government along with other critical sector organizations.
Forensic Labs – CERT-In has well-equipped labs with mobile devices and cyber forensic analysis. Their practices facilitate the extraction and analysis of data from various digital devices involved in cybercrimes.
Network Traffic Scanning facilities – CERT-In also gathers and tracks down useful network information from various IT networks across the nation for meaningful analysis to predict and detect possibilities of cyberattacks.
CERT-In also plays a vital role in the following areas:
Computer Security Incident Response (Reactive)
- Incident tracing
- Artifact analysis
- Offer recovery procedures
- Incident response
- Share information with other cert teams, response teams, organizations and sites
- Provide 24x7 security services
Computer Security Incident Prevention (Proactive)
- Vulnerability analysis and response
- Collaborations with vendors
- Risk analysis
- Issue security guidelines, advisories and timely advice
- Profiling of attackers
- Conduct training
Security Quality Management Services
- Divided into reporting, analysis, and response
Cybersecurity Drills Followed by the CERT-In
Many organizations across the financial, transport, ISP, information and broadcasting, information and financial technology, law enforcement, defense, and private sector which depend on cybersecurity for safeguarding their organizations, focus and rightly invest in cybersecurity drills.
CERT-In focuses on cybercrime prevention under the provisions of Section 70B of the Information Technology Act, 2000 to promote cybersecurity of the users:
- Cyber Swachhta Kendra (Botnet cleaning center) - Launched back in February 2017 – for timely detection of compromised systems - to enable securing and cleaning methods of end-users to prevent malware infections.
- Malware analysis center - Security is a mission-critical concern, and the new IT platforms and processes such as cloud computing, mobile platforms have raised the need for new security requirements. Sophisticated malware, targeted attacks, hacktivism forced a rethinking of current security processes and practices.
- NCCC (National Cyber Coordination Centre) - Created to generate macroscopic perspectives of the cybersecurity breaches and threats in the Nation.
Cyberspace is vulnerable to the expanding array of incidents, whether human-made or natural, intentional or accidental, which easily gets exploited for nefarious purposes.
CERT-In prioritizes monitoring, detecting, defending, reporting, mitigating, and recovering any breach or cyberattacks.
It preserves confidentiality and ensures integrity remains the essence of a secure cyber landscape.