A national cyber crime and coordination centre meant to fend off such attacks is still awaiting approval
The recent data hack at Sony Pictures that has threatened a cyber war between the US and North Korea has raised questions about the preparedness of India if faced with a similar attack. Experts are concerned that the country may not be adequately armed to counter such attacks towards its corporations or the government.
A National Cyber Coordination Centre (NCCC), which was planned to monitor traffic flowing through the country pipes and possibly fend off such attacks has been on the drawing board for a couple of years now and is still awaiting approval. The country can only find solace in the fact that its Internet penetration is still one of the lowest in the world and digitisation by corporate and governments is still limited.
“In a way, the fact that we (India) are not completely digital, which could be looked at one of the weak points from the business perspective is working out to be one of the strongest points when seen from the cyber security point of view as it seals the business from such attacks,” said Sanjay Deshpande, co-founder and chief executive officer, Uniken, a digital security firm.
The government’s current push towards digitisation with its Digital India project will lead to an unprecedented spike in online transactions. This will require huge investments towards securing the country’s cyber perimeter. According to officials, the NCCC, which will cost the exchequer around Rs 800 crore (Rs 8 billion) and will take a year’s time to be operational, will watch the Internet traffic flowing across the country without snooping on the content. It will help in mitigating or warding off domestic or international attacks by building trends and analytics on the incoming or outgoing traffic.
However, the project is yet to be approved.
A senior official with National Technical Research Organization (NTRO) told Business Standard that the country may have all the relevant machinery and infrastructure in place to protect against cyber crimes but such attacks usually occur from the most remote or the least doubted points of entry. The agency claims to have detected around 30 attacks in the last three-four years. Set up in 2004, NTRO is a technical intelligence agency under the National Security Adviser in the Prime Minister's Office.
Earlier in December, hackers infiltrated into the servers of Sony Pictures to resist the release of a comedy film called The Interview, a film depicting the assassination of a North Korean leader Kim Jong-un. The film along with other unreleased movies were stolen and leaked online causing significant financial damage to Sony. Following this, the company cancelled its widespread Christmas release to screen it in limited theatres and on the Internet later.
Details of corporate finances and private emails between producers and Hollywood figures were also hacked and released on the Internet. This led to a war of words between the US and North Korea, where president of the former promised to respond "proportionately" to the cyber-attack. The US has reportedly also sought help from China to fight off attacks from North Korea. The latter heavily relies on Chinese electronic equipment.
North Korea had been on the US list of state sponsors of terrorism for two decades until the White House removed it in 2008, as part of now-stalled negotiations relating to Pyongyang's nuclear programme.
“Cyber security needs to be looked as a full chain. More holistic solutions need to be designed to protect business. Every aspect of the chain needs equal attention starting from putting up right infrastructure to running it appropriately through trained staff,” Sanjoy Sen, doctoral researcher in Strategic Governance from UK-based Aston Business School said.
A Forrester report predicts that at least 60 per cent of brands will discover a breach of sensitive data in 2015. But while these high-profile attacks such as Target, Home Depot and Sony in 2014 may be the most expensive and damaging of all time, they're not the norm, said the report. While 33 per cent of breaches occur as an external attack, the most common source of a breach (46 per cent) is an internal incident which could involve a malicious intent or an accident, or both.
“More than half of business and technology decision-makers rate lack of staff as a challenge, and 53 per cent find unavailability of security employees with the right skills as a major challenge,” Forrester’s Heidi Shey and Kelley Mak said in the report.
While sectors such as banking and financial services and also pharmaceuticals are beginning to invest more towards cyber security given the sensitivity of the data they handle, India still has lot of ground to cover, say officials.