The world has moved towards the cyber-physical biological space which is globalised, and in this globalised era, international trade, investments, and technology are connected inseparably within the global supply chains. Globalisation of trade and investments means that no state can manage its economy independently. Internationalisation of culture and communication using technology is encouraging the development of mass disruption and commodification. In the 80s and 90s, there were separate global economy and cyber space which later started to merge in.
“Today, the cyberspace is overlapping the social, technological, psychological and economic domains. The intersection of these four domains demands availability and accessibility and at the same time, safety and security,” Sanjay Bahl, Director General, CERT-In asserts at the recently held Express Technology Sabha, in Kochi.
Today, the majority of data resides with private organisations. Bahl defined the ecosystem as volatile, uncertain, and ambiguous. However, it is important to consider what that means from a security perspective. “It is volatile, because there is a large attack surface, there is an emergence of vulnerabilities with no patches available. It is uncertain as the users have no idea – where do the assets and data reside. Implementation of new technologies in the existing infrastructure is creating complexities. The capacity building, the skills required in building this new digital era – will we be able to provide those skill sets or create new digital divides,” remarks Bahl.
By 2020, the value of personalised data will be 1 trillion Euros, he quoted from a research by Europian Commission. As this trend grows, there will be an increasingly growing conflict between the value of data and individual privacy.
Cybersecurity is the fundamental enabler of the digital economy and hence there is a need to have trust and confidence on the digital infrastructure and devices. Bahl points out that India is transforming itself as a digital economy built on three key areas – digital infrastructure as the utility for every citizen, governance and services on demand, and digital empowerment of citizens. Since the country is dependent on digital infrastructure and devices, which are under sophisticated attack every day. These cyber attacks have evolved from being the disruption to destruction.
The attacks erode the user’s trust, and the cost of attacks have increased by 50 per cent in the last few years. “Considering the last quarter of 2018, victims paid an average of over US$ 6,700 as ransom, and it is assumed that these ransomware attacks will happen in every 14 seconds in 2019. The global damage that is caused by cyber attacks is estimated at three trillion dollars annually. Whereas, the aggregate damages caused by natural disasters like hurricanes, floods, etc all put together are estimated at US$ 306 million,” he says.
Bahl further states statistics from a recent report; 34 per cent of business executives perceive information security as the key driver to competitive advantages, and 32 per cent of businesses perceive it as the enabler of business efficiency.
As CERT-In responds to cyber incidents in a rapid fashion, it monitors and prevents organisations, issuing vulnerability alerts, etc. “We provide cyber assurance, which is the fundamental process required to manage the operational risk and technical safeguards. We are offering cyber intelligence at a macro level,” he says.
In a world with diminishing geographies, the industry needs collaborations and co-operation to move forward in this cyber journey. He continues to discuss the challenges that CERT-In faces with high volumes and pressures. In 2015, CERT-In was looking at co-ordination and response activities in every 10 minutes; whereas, now it is in every two-and-a-half minutes, he explains.
CERT-In conducts table-top activities, where they give hypothetical situations and request the participants to react as the situation unfolds. The organisations are given a situation where they have to co-ordinate within and outside their ecosystem. They also organised awareness programmes for the board members, in order to educate them on cybersecurity and how they can support their CISOs and the organisation from a security perspective.
He further says that CERT-In is also looking at situational awareness, in order to detect and respond to intrusions to digital infrastructures. CERT-In has launched Cyber Swachhta Kendra which is the Botnet Cleaning and Malware Analysis Centre. It is on a public-private partnership model and they work along the industries, ISPs, and academia. Under this centre, CERT-In identifies the devices which can be affected with botnets and provides the free tools to clean up the systems.
Since CERT-In is only aware of the IP, and doesn’t know who is sitting behind botnets, ISP alerts the organisation about the infection. The industry provides free tools to clean the system and academia provides the research on the new cybersecurity trends. Today, they have over 200 organisations connected on Cyber Swachhta Kendra. They have also introduced National Cybersecurity Coordination for situational awareness, which is providing a detailed or macro level view for agencies to work together on the same platform.
Thus, the role of the government is to provide a widespread of e-governance services which can defend from attacks, safeguard the social and cultural fabric of the society, incentify the industry for cyber practices and understand the risks associated with the technologies and improve the services.
Also Read and watch:
We Want To Use AI To Bring In Cognitive Computing Capabilities: Dr Rajesh Narang, CTO, GeM
VIDEO: Dr Rajesh Narang, CTO, GeM | TechSabha
VIDEO: Keynote Address by Dr Sanjay Bahl, Director General, CERT-IN | TechSabha