Cyber Security Threat
The treat of
terrorism since cold war era , terror attack on cities , tourist places and relegios
place well known to all , Government agency took steps to control them and they might can this conventional treat
but limitation came when unconventional treat
Cyber terrorism is unconventional threat.
Cyber terrorism is unconventional threat.
Definition :-
'Cyber
terrorism is the convergence of terrorism and cyber space. It is generally
understood to mean unlawful attacks and threats of attacks against computers,
networks, and information stored therein when done to intimidate or coerce a
government or its people in furtherance of political or social objectives,
Further, to qualify as cyber terrorism, an attack should result in violence
against persons or property or at reast cause enough harm to generate fear,
Attacks that lead to death or bodily injury, explosions, plane crashes, water
contamination or severe economic loss would be examples. Serious attacks
against critical infrastructures could be acts of cyber terrorism depending
upon their impact. Attacks that disrupt non essential services or that are
mainly a costly nuisance would not
Types :-
Types :-
(a) Physical Attack. The computer infrastructure is damaged
by using conventional methods like bombs, fire etc.
(b) Syntactic Attack. The computer infrastructure is damaged by modifying the logic of
the system in order to introduce delay or make the system unpredictable.
Computer viruses and Trojans are used in this type of attack.
(c) Semantic
Attack. This is
more treacherous as it exploits the confidence of the user in the system.
During the attack the information keyed in the system during entering and
exiting the system is modified without the users knowledge in order to induce
errors,
Most common usage of Internet is by designing and uploading websites on which false propaganda can be pasted.
This comes under the category of using technology for psychological warfare.
Tools :-
(a) Hacking. The most popular method used by a terrorist. It is a generic
term used for any kind of unauthorized access to a computer or a network of
computers. Some ingredient technologies like packet sniffing, tempest attack,
password cracking and buffer outflow facilitates hacking.
(b) Trojans. Programmes which pretend to do one thing while actually the~
are meant
for Doing something different, like the wooden Trojan Horse of the 1z'
Century BC.
(c) Computer Viruses. It is a computer programme, which
infects other computer, programmes by modifying them. They spread very fast.
(d) Computer Worms. The term 'worm' in relation to computers is a self contained
programme or a set of programmes that is able to spread functional copies of
itself or its segments to other computer systems usually via network
connections.
(e) E-Mail Related Crime. Usually worms and viruses have to attach themselves to a host
programme to be injected. Certain emails are used as host by viruses and worms.
E-mails are also used for spreading disinformation, threats and defamatory
stuff.
(f) Denial of Service These attacks are aimed at denying authorized persons access to a
computer or computer network.
(g)
Cryptology. Terrorists
have started using encryption, high frequency encrypted voice/data links etc.
It would be a Herculean task to decrypt the information terrorist is sending by
using a 512 bit symmetric encryption.
Challenges to India's National Security
- India's reliance on technology also reflects from the fact that
India is shifting gears by entering into facets of e-governance.
- India has already brought sectors like income tax, passports" visa under the realm of e -governance. Sectors like police and judiciary are to follow.
- The travel sector is also heavily reliant on this.
- Most of the Indian banks have gone on full-scale computerization. This has also brought in concepts of e-commerce and e-banking.
- The stock markets have also not remained immune. To create havoc in the country these are lucrative targets to paralyze the economic and financial institutions.
The damage done can be catastrophic and irreversible
- India has already brought sectors like income tax, passports" visa under the realm of e -governance. Sectors like police and judiciary are to follow.
- The travel sector is also heavily reliant on this.
- Most of the Indian banks have gone on full-scale computerization. This has also brought in concepts of e-commerce and e-banking.
- The stock markets have also not remained immune. To create havoc in the country these are lucrative targets to paralyze the economic and financial institutions.
The damage done can be catastrophic and irreversible
Existing Counter Cyber
Security Initiatives.
1.) National Informatics Centre (NIC).
A premier organisation providing network backbone and e-governance support to the Central Government, State Governments, Union Territories, Districts and other Governments bodies. It provides wide range of information and communication technology services including nation wide communication Network for decentralized planning improvement in Government services and wider transparency of national and local governments.
A premier organisation providing network backbone and e-governance support to the Central Government, State Governments, Union Territories, Districts and other Governments bodies. It provides wide range of information and communication technology services including nation wide communication Network for decentralized planning improvement in Government services and wider transparency of national and local governments.
2.) Indian Computer Emergency Response Team (Cert-In).
Cert-In is the most important constituent of India's cyber community. Its mandate states, 'ensure security of cyber space in the country by enhancing the security communications and information infrastructure, through proactive action and effective collaboration aimed at security incident prevention and response and security assurance'.
Cert-In is the most important constituent of India's cyber community. Its mandate states, 'ensure security of cyber space in the country by enhancing the security communications and information infrastructure, through proactive action and effective collaboration aimed at security incident prevention and response and security assurance'.
3.) National Information
Security Assurance Programme (NISAP).
This is for Government and critical infrastructures, Highlights are :
This is for Government and critical infrastructures, Highlights are :
Government and critical
infrastructures should have a security policy and create a point of contact.
Mandatory for organizations to
implement security control and report any security incident to Cert-In.
Cert-In to create a panel of
auditor for IT security.
All organizations to be subject
to a third party audit from this panel once a year.
Cert-In to be reported about security compliance on periodic basis
by the organizations.
4.) Indo-US Cyber Security Forum (IUSCSF).
Under this forum (set up in 2001) high power delegations from both side met and several initiatives were announced.
Under this forum (set up in 2001) high power delegations from both side met and several initiatives were announced.
Setting up an India Information
Sharing and Analysis Centre (ISAC) for better cooperation in anti
hacking measures.
Setting up India Anti Bot
Alliance to raise awareness about the emerging threats in cyberspace by the
Confederation of Indian Industry (CII).
Ongoing cooperation between
India's Standardization Testing and Quality Certification (STQC) and the
US National Institute of Standards and Technology (NIST) would be expanded to
new areas.
The R&D group will work on the hard problems of cyber security.
Cyber forensics and anti spasm research.
Recommendations.
1.)Need to sensitize the common citizens about the dangers of
cyber terrorism. Cert-in should engage academic institutions and follow an
aggressive strategy.
2.) Joint efforts by all Government agencies including
defence forces to attract qualified skilled personnel for implementation of counter
measures.
3.) Cyber security not to be given more lip service and the
organisations dealing with the same should be given all support. No
bureaucratic dominance should be permitted.
4.) Agreements relating to cyber security should be given the
same importance as other conventional agreements.
5.) More
investment in this field in terms of finance and manpower.
6.) Indian agencies working after cyber security
should also keep a close vigil on the developments in the IT sector of our
potential adversaries.
Source – Integrated defense staff, col raghav
Comments
Post a Comment