What are the Challenges Posed by Cyber Attacks on India?

  • Critical Infrastructure Vulnerability: India’s critical infrastructure, such as power grids, transportation systems, and communication networks, is vulnerable to cyber attacks that can disrupt essential services and endanger public safety and national security.
  • Financial Sector Threats: The financial sector in India faces a high risk of cyberattacks from cybercriminals who seek to profit from stealing or extorting money. Attacks on banks, financial institutions, and online payment systems can cause financial losses, identity theft, and a loss of trust in the financial system.
    • For instance, in March 2020, a malware attack on the City Union Bank’s SWIFT system led to unauthorised transactions worth USD 2 million.
  • Data Breaches and Privacy Concerns: As India moves towards a digital economy, the amount of personal and government data stored online increases. This also increases the risk of data breaches, where hackers access and leak sensitive information. Data breaches can have serious consequences for the privacy and security of individuals and organisations.
    • For example, in May 2021, the personally identifiable information (PII) and test results of 190,000 candidates for the 2020 Common Admission Test (CAT), used to select applicants to the IIMs, were leaked and put up for sale on a cybercrime forum.
  • Cyber Espionage: Cyber espionage is the use of cyber attacks to spy on or sabotage the interests of other countries or entities. India, like other countries, is a target for cyber espionage activities that aim to steal confidential information and gain a strategic edge. Cyber espionage can affect India’s national security, foreign policy, and economic development.
    • For example, in 2020, a cyber espionage campaign called Operation SideCopy (a Pakistani threat actor) was uncovered, which targeted Indian military and diplomatic personnel with malware and phishing emails.
  • Advanced Persistent Threats (APTs): APTs are complex and prolonged cyber attacks, usually carried out by well-resourced and skilled groups. These attacks are designed to infiltrate and remain hidden in the target’s network for a long time, allowing them to steal or manipulate data, or cause damage.
    • APTs are difficult to detect and counter, as they use advanced techniques and tools to evade security measures.
    • For example, in February 2021, a cyber security firm called RedEcho revealed that a China-linked APT group had targeted 10 entities in India’s power sector, with malware that could potentially cause power outages.
  • Supply Chain Vulnerabilities: Supply chain vulnerabilities refer to the weaknesses in the software or hardware components that are used by government and businesses for their operations. Cyber attackers can exploit these vulnerabilities to compromise the systems and services that depend on these components, and cause widespread damage.
    • For example, in December 2020, a global cyberattack on SolarWinds, a US-based software company that provides network management tools, affected several Indian organisations, including the National Informatics Centre (NIC), the Ministry of Electronics and Information Technology (MeitY), and Bharat Heavy Electricals Limited (BHEL).
External File External Link