Mains Paper 3: Security
Prelims level: Cybersecurity
Mains level: Challenges to internal security through communication networks, role of media and social networking sites in internal security challenges, basics of cyber security
• Cyberspace is a notional environment in which communication over computer networks occurs.
• In cyberspace, it is the best of times for some and the worst of times for others.
• Between them, Apple, Amazon and Microsoft have added more than a trillion dollars in market value, since the start of 2020.
• On the other hand, cyberattacks have grown.
• In one week in April 2020, reportedly, there were over 18 million daily malware and phishing emails related to COVID-19 monitored by a single email provider.
• There were also 240 million COVID-19-related daily spam messages.
• There is also concern about the role of states. Australia mentioned of attacks by a state actor.
Role of states:
• China has been accused of hacking health-care institutions in the United States working on novel coronavirus treatment.
• The United Kingdom has warned of hackers backed by the Russian state targeting pharmaceutical companies conducting COVID-19 vaccine research.
• The ban on specified Chinese Apps, on grounds that they are “engaged in activities prejudicial to the sovereignty and integrity of India” adds another layer of complexity to the contestation in cyberspace.
• Cyber insecurity of individuals, organisations and states is expanding amidst COVID-19.
• While we are embracing new ways of digital interaction and more of our critical infrastructure is going digital, the parameters of the transformation under way are not understood by most of us.
• Like global public health, cybersecurity is a niche area, left to experts.
• COVID-19 made us realise the role of the global public health infrastructure and need to abide by agreed rules.
• Similarly, a better understanding of the global cyberspace architecture is required.
No global commons:
• Borderless cyberspace, as a part of the “global commons” does not exist.
• The Internet depends on physical infrastructure that is under national control, and hence is subject to border controls too.
• Each state applies its laws to national networks, consistent with its international commitments.
• States are responsible for cybersecurity, enforcement of laws and protection of public good.
• States are responsible for their actions, as well as for actions taken from within their sovereign territory.
• This is easier said than done. The infrastructure on which the Internet rests falls within jurisdictions of many states with differing approaches.
• Cyberspace has multiple stakeholders, not all of which are states. Non-state actors play key roles — some benign, some malignant.
• Many networks are private, with objectives differing from those of states.
• Finally, cybertools are dual use, cheap and make attribution and verification of actions quite a task.
• Nevertheless, states alone have the rights of oversight. In short the search for cyber “rules of the road is still on.
• We are at an incipient stage of looking for “cyber norms” that can balance the competing demands of national sovereignty and transnational connectivity.
Gaps in current processes:
• It was in 1998 that Russia inscribed the issue of information and communications technologies (ICTs) in international security on the UN agenda.
• Since then six Group of Governmental Experts (GGE) with two-year terms and limited membership have functioned — the most on any issue at the United Nations.
• In addition, an Open-Ended Working Group (OEWG) began last year with a broadly similar mandate, but open to all.
• More than 100 states evinced interest.
• The discussions are narrowly focused in line with the mandate of the forum that set it up.
• Issues such as Internet governance, development, espionage, and digital privacy are kept out.
• The net result of the UN exercise has been an acceptance that international law and the UN Charter are applicable in cyberspace; a set of voluntary norms of responsible state behaviour was agreed to in 2015.
• What aspects of international law and in what circumstances will be applicable remains to be addressed.
• UN Secretary General António Guterres’s recent report, “Roadmap for Digital Cooperation”, gently calls for action.
• A few confidence building measures may follow.
• However, short of a cataclysmic event, these processes do not hold much hope in the current geopolitical circumstances.
More engagement needed:
• Generally, the growth of technology is way ahead of the development of associated norms and institutions. Cyberspace is experiencing this too.
• It provides countries such as ours some time and space to evolve our approach, in tune with the relevance of cyberspace to India’s future economic, social and political objectives.
• Despite the digital divide, the next billion smart phone users will include a significant number from India.
• As India’s cyber footprint expands, so will space for conflicts and crimes (both of a private and inter-state nature).
• Shared “rules of the road” become imperative.
• We have a very active nodal agency for cybersecurity in the Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology.
• India has had representatives on five of the six GGEs. We participate actively at the OEWG.
• The Shanghai Cooperation Organisation, of which we are a member, voiced support for a code of conduct.
• India joined the Christchurch Call which brought together countries and companies in an effort to stop the use of social media for promoting terrorism and violent extremism.
Need of intense partnerships:
• The next phase in an increasingly contested and fragmenting domain requires better arrangements and more intense partnerships, but with more safeguards.
• Domestically, we need the clarity that adoption of a data protection legislation will bring. Globally, we need to partake in shaping cybernorms.
• Acceding to the Budapest Convention, or Convention on Cybercrime of the Council of Europe (CETS No.185), which started as a European initiative but has attracted others, is an option that we should examine.
• We need to encourage our private sector to get involved more in industry-focused processes such as the Microsoft-initiated Cybersecurity Tech Accord and the Siemens-led Charter of Trust.
• Engagement in multi-stakeholder orientations such as the Paris Call (for trust and security in cyberspace) can help.
• In preparation for the larger role that cyberspace will inevitably play in Indian lives, we need a deeper public understanding of its various dimensions.
• Cyberspace is too important to be left only to the experts.
Q.1) With reference to the State of the World Population 2020 report, consider the following statements:
1. It was released by the World Economic Forum.
2. According to the report one in three girls missing globally due to sex selection, both pre- and post-natal, is from India.
Which of the statements given above is/are correct?
(a) 1 only
(b) 2 only
(c) Both 1 and 2
(d) Neither 1 nor 2
Q.1) Highlights the issue of cybersecurity. What are the recent types of cyber-attacks and their implications?