Bhupesh Daheria, CEO, Aegis School of Data Science, speaks on the lack of implementation of Cybersecurity laws and the sectors vulnerable to cyber attacks. Edited excerpts:
How vulnerable is India as a democracy to cyber attacks?
India as a democracy is highly vulnerable to cyber attacks. Hacking or manipulating the voting machines and voting process is less likely; but influencing the political, social values of voter groups and manipulating the popularity of top leaders or tarnishing their reputations through systematic disinformation, fake news will be rampant and quite visible.
What are the main sectors where the threats are visible?
Six sectors will be most vulnerable to cyber attacks and cyber-support physical crimes - (i) BFSI (ii) Healthcare (iii) E-commerce and retail (iv) Education - Play schools to Universities (v) Hospitality / Hotels (vi) Telecommunication. The target objectives and the nature of violations will be diverse in each of these sectors - it could be harassment, bullying in education; corporate espionage. Banking, financial services, and Insurance (BFSI) sector need to be guarded against the cyber attacks. Recent heist of Cosmos bank raises this urgency alarm this need. Cybercrime is the most profitable business and attackers can smell money hidden behind weak cyber walls. No more protecting data centres and applications for a transaction is sufficient.
Is there a lack of awareness about cybersecurity at the individual and institutional level?
Inadequate awareness and trained manpower is something we have been crying wolf for long with no success.
Is the IT Act sufficient to fight cybercrime? What are its weaknesses?
While (there are) major gaps in data protection and privacy… being enacted, the bigger issue is inadequate enforcement of the IT Act. The state police departments are not having adequate capacity to register, investigate and prosecute cybercrimes. We may require specialised cyberourts to ensure speedy trial and conviction. If the speed of the cybercriminal justice system is not commensurate with the rapid pack of Cybersecurity, it will embolden cybercriminals. The biggest weakness is the inadequate regulation of Cybersecurity. Cybersecurity is a very specialised dual-use knowledge that can be put to good and bad use like medicine. Therefore, the profession of Cybersecurity needs to be regulated like doctors, pharmacy, etc. Singapore has taken the lead and implemented this model.
Is Cybersecurity a technology or a management issue?
Cybersecurity is a technology-cum-management issue. It is a very interdisciplinary subject and with many emerging areas like cyber law, cyber diplomacy, cyber insurance, etc.
Does the advent of new technologies such as IoT add complexity to the problem?
The advent of IoT certainly adds to the complexity of managing cyberattacks. With the all-pervasive implementation of IoT in Smart Cities and in critical infrastructure, the vulnerability to systemic breakdowns and social tensions will increase. The relation between Cybersecurity and IoT is two-way - IoT can be used to strengthen implementation of Cybersecurity also.
Is there a consensus evolving globally to fight cyber attacks?
Global laws are nascent or evolving - GDPR of European Union is probably the first major law. However, significant diplomatic activities are going on between major geopolitical and economic power or blocs and India is in the thick of annual dialogues in Cybersecurity with U.S., EU, Japan, ASEAN, Commonwealth, Organisation of Islamic Countries (OIC), etc.
Where does India stand in the global scenario? One of the reports by Symantec says it is ranked third in terms of a possible attack after the U.S. and China.
India is fit to be ranked in the top three for two reasons - first, as the third largest economy (on PPP basis) and second, as the largest base of vulnerable human assets - (a) women and children who can be exploited or trafficked (b) healthy, young, poor citizens who can be harvested for international organ trade (c) senior citizens who can be dispossessed of their property and assets through digital manipulation. India is seeing a big rise in conventional crimes that are perpetuated or assisted by cyber methods. India’s susceptibility to cyberterror attack by militant groups is very high.
However, India’s large base of young, technical manpower can be mobilised through large-scale training and deployment to have the largest base of homeland and global cyber-defence teams.