Source: The post is based on the article “Strengthening cybersecurity – Govt must address vulnerabilities” published in Business Standard and “Ring Fencing Data – Ransomware attacks are rising fast. India needs to be ready. And the data bill must factor this in” published in “The Times of India” on 30th December 2022.
Syllabus: GS 3 – Cyber Security
Relevance: concerns with cyber-attacks on India
News: There has been an increase in the cyber-attacks in India which is a concern over the security of online data of citizens.
What is the present situation?
According to a report by CERT-In (India Ransomware Report), there has been a 51% year-on-year increase in ransomware incidents. A majority of attacks are on data centers.
Large databases of personal data are sold regularly. There have been lots of data breaches and leaks on smaller scales across multiple sectors. India has turned into a major hub for global cybercrime.
This has emerged as a public security challenge as India is moving towards a digital operating system for its social and economic activities.
The most serious problem comes from organized cyberattacks on large data repositories and critical public infrastructure such as AIIMS.
This problem has also become global in nature. For example, last year Ireland was forced to shut down its public healthcare service for a while due to the ransomware attack.
Moreover, India is the cheapest place in the world in terms of data tariff. It is also the nation with the highest per capita data consumption which allows it to generate a huge amount of data.
The data generation is likely to rise further after the launch of 5G and satellite broadband.
Digital platforms such as the Digital India initiative, the Unified Payments Interface and the Open Network for Digital Commerce have all caused an increase of the data online.
Therefore, there is an urgent need to look into the issue and prevent citizen’s data.
What can be the way ahead?
First, a personal data protection law needs to be implemented at the earliest. It should – a) offer the citizens both adequate protection and the chance of recompense for damaging data leaks, b) limit the data collection by all regulated entities, especially the biometrics because the government organizations who collect it may not all have high standards of cybersecurity, c) limit the discretion enjoyed by the regulated entities in deciding the time to inform the victims of the data breaches.
Second, awareness programs by agencies like the Indian Computer Emergency Response Team (CERT-In) should be made for individuals, government, and businesses.