CYBER SECURITY AND ROLE OF SOCIAL MEDIA | Internal Security
What Is Cyber and Cyber Security? | Cyber Security and Role of Social Media
- The term, ‘Cyber’ is used in relation to the culture of computers, information technology, and virtual reality. The connection between internet ecosystems forms cyberspace. The threat to cyberspace leads to an issue and gives rise to the need for cybersecurity
- Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
- Cyber security may also be referred to as information technology security.
Elements Of Cyber | Cyber Security and Role of Social Media
- Network security: The process of protecting the network from unwanted users, attacks and intrusions.
- Application security: Apps require constant updates and testing to ensure these programs are secure from attacks.
- Endpoint security: Remote access is a necessary part of business, but can also be a weak point for data. Endpoint security is the process of protecting remote access to a company’s network.
- Data security: Inside of networks and applications is data. Protecting company and customer information is a separate layer of security.
- Identity management: Essentially, this is a process of understanding the access every individual has in an organization.
- Database and infrastructure security: Everything in a network involves databases and physical equipment. Protecting these devices is equally important.
- Cloud security: Many files are in digital environments or “the cloud”. Protecting data in a 100% online environment presents a large amount of challenges.
- Mobile security: Cell phones and tablets involve virtually every type of security challenge in and of themselves.
- Disaster recovery/business continuity planning: In the event of a breach, natural disaster or other event data must be protected and business must go on. For this, you’ll need a plan.End-user education: Users may be employees accessing the network or customers logging on to a company app. Educating good habits (password changes, 2-factor authentication, etc.) is an important part of cybersecurity.
Types of Cyber Attacks | Cyber Security and Role of Social Media
- Malware, short for malicious software refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spy ware, Worms, viruses, and Trojans are all varieties of malware.
- Phishing:It is the method of trying to gather personal information using deceptive e-mails and websites.
- Denial of Service attacks:A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
- Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
- SQL Injection: SQL (pronounced “sequel”) stands for Structured Query Language, a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets such kind of servers, using malicious code to get the server to divulge information it normally wouldn’t.
- Cross-Site Scripting (XSS): Similar to an SQL injection attack, this attack also involves injecting malicious code into a website, but in this case the website itself is not being attacked. Instead the malicious code the attacker has injected, only runs in the user’s browser when they visit the attacked website, and it goes after the visitor directly, not the website.
- Social engineeringis an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.
Motives behind Cyber Attacks | Cyber Security and Role of Social Media
- To seek commercial gain by hacking banks and financial institutions.
- To attack critical assets of a nation.
- To penetrate into both corporate and military data servers to obtain plans and intelligence.
- To hack sites to virally communicate a message for some specific campaign related to politics and society.
- Edward Snowden, an intelligence analyst, working on contractual basis with the National Security Agency of the USA recently revealed that the USA has been spying on various nations of the world by secretly collecting information about patterns and manners of internet usage.
- Following are the revelations made by him
- Secret court orders allow NSA to sweep up Americans’ phone records
- PRISM: Initially, reports described PRISM as the NSA’s program to directly access the servers of U.S tech giants like Google, Facebook, Microsoft and Apple, among others. Its reality was slightly different. In reality, the NSA doesn’t have direct access to the servers, but can request user data from the companies, which are compelled by law to comply. PRISM was perhaps as controversial as the first NSA scoop, prompting technology companies to first deny any knowledge of it, then later fight for the right to be more transparent about government data requests. The companies ended up partially winning that fight, getting the government to ease some restrictions and allow for more transparency.
- Britain’s version of the NSA taps fiber optic cables around the world
- NSA spies on foreign countries and world leaders
- XKeyscore, the program that sees everything: XKeyscore is a tool the NSA uses to search “nearly everything a user does on the Internet” through data it intercepts across the world. In leaked documents, the NSA describes it as the “widest-reaching” system to search through Internet data.
- NSA efforts to crack encryption and undermine Internet security: Encryption makes data flowing through the Internet unreadable to hackers and spies, making the NSA’s surveillance programs less useful. What’s the point of tapping fiber optic cables if the data flowing through them is unreadable? That’s why the NSA has a developed a series of techniques and tricks to circumvent widely used web encryption technologies.The NSA, however, isn’t able to compromise the encryption algorithms underlying these technologies. Instead, it circumvents or undermines them, forcing companies to install backdoors, hacking into servers and computers, or promoting the use weaker algorithms.
- NSA elite hacking team techniques revealed: The NSA has at its disposal an elite hacker team codenamed “Tailored Access Operations” (TAO) that hacks into computers worldwide, infects them with malware and does the dirty job when other surveillance tactics fail.
- NSA cracks Google and Yahoo data center links
- NSA collects text messages
- NSA intercepts all phone calls in two countries: The NSA intercepts and stores all phone calls made in the Bahamas and Afghanistan through a program called MYSTIC, which has its own snazzy logo.
Threat To India’s Cyber Space | Cyber Security and Role of Social Media
- India ranks 3rd in terms of the highest number of internet users in the world after USA and China, the number has grown 6-fold between 2012-2017 with a compound annual growth rate of 44%.
- India secures a spot amongst the top 10 spam-sending countries in the world alongside USA
- Following are the main threats to indian cyber space:
- Interconnectedness of Sectors
- Increase in the number of exposure points
- Concentration of assets
- As per the NITI Aayog report, the threats to cyberspace have increased dramatically over the last 10 years. The cyber attacks lead to the exposure of:
- Sensitive information
- Personal information and
- Business information
Challenges To Cyber Security In India | Cyber Security and Role of Social Media
- Cyber terrorism: It is premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence.
- Digital Data Threat:Growing online transactions have generated bigger incentives for cybercriminals. Besides, establishments looking to mine data (customer information, results of product surveys, and generic market information), they also create intellectual property that is in itself an attractive target.
- Cyber warfare:It involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks.
- Cyber Infrastructure Concerns:Most equipment and technology systems are vulnerable to cyber threats just like any other connected system. Although the government has set up National Critical Information Infrastructure Protection Centre (NCIIPC), it is yet to identify and implement measures to protect critical information infrastructure.
- Lack of specialists:Globally, India ranks 2nd in terms of the number of Internet users after China (Internet World Stats, 2017). However, India has a negligible base of cyber-security specialists, when compared to internet user base.
- Lack of robust law enforcement mechanisms: India’s approach to cyber security has so far been ad hoc and unsystematic. Despite a number of agencies, policies and initiatives, their implementation has been far from satisfactory.
- Lack of Coordination:Due to the existence of too many agencies with overlapping functions in the field of cyber security, coordination between these agencies is poor.
Some Cyberattacks in India | Cyber Security and Role of Social Media
- July 2016: UNION BANK OF INDIA HEIST
- Through a phishing email sent to an employee, hackers accessed the credentials to execute a fund transfer, swindling Union Bank of India of $171 million, Prompt action helped the bank recover almost the entire money
- May 2017: WANNACRY RANSOMWARE
- The global ransomware attack took its toll in India with several thousands computers getting locked down by ransom-seeking hackers. The attack also impacted systems belonging to the Andhra Pradesh police and state utilities of West Bengal
- May 2017: DATA THEFT AT ZOMATO
- The food tech company discovered that data, including names, email IDs and hashed passwords, of 17 million users was stolen by an ‘ethical’ hacker-who demanded the company must acknowledge its security vulnerabilities-and put up for sale on the Dark Web
- June 2017: PETYA RANSOMWARE
- The ransomware attack made its impact felt across the world, including India, where container handling functions at a terminal operated by the Danish firm AP Moller-Maersk at Mumbai’s Jawaharlal Nehru Port Trust got affected
Steps Taken By Indian Government | Cyber Security and Role of Social Media
- Online cybercrime reporting portal has been launched to enable complainants to report complaints pertaining to Child Pornography/Child Sexual Abuse Material, rape/gang rape imageries or sexually explicit content.
- A scheme for establishment of Indian Cyber Crime Coordination Centre (I4C)has been established to handle issues related to cybercrime in the country in a comprehensive and coordinated manner.
- Establishment of National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country.
- All organizations providing digital services have been mandated to report cyber security incidents to CERT-In expeditiously.
- Cyber Swachhta Kendra(Botnet Cleaning and Malware Analysis Centre) has been launched for providing detection of malicious programmes and free tools to remove such programmes.
- Formulation of Crisis Management Plan for countering cyber attacks and cyber terrorism.
- Cyber Surakshit Bharat:Ministry of Electronics and Information Technology, launched the Cyber Surakshit Bharat initiative to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
- The Cyber Warrior Police Force: In 2018, the government announced its plans to introduce CWPF. It is proposed to be raised on lines of the Central Armed Police Force (CAPF).
- Information Act, 2000:The Information Act, 2000 (amended in 2008) is the primary law for dealing with cybercrime and digital commerce in India.
- National Cyber Security Policy, 2013: The policy provides the vision and strategic direction to protect the national cyberspace.
- Cyber-Crime Prevention against Women & Children’ Scheme: Implemented by the Ministry of Home Affairs, the scheme aims to prevent and reduce cyber crimes against women and children.
Internaltional Cooperation In Cyber Security |Cyber Security and Role of Social Media
- The International Telecommunication Union (ITU) is a specialized agency within the United Nations which plays a leading role in the standardization and development of telecommunications and cyber security issues.
- Budapest Convention on Cybercrime: It is an international treaty that seeks to address Internet and computer crime (cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It came into force on 1 July 2004. India is not a signatory to this convention.
- Internet Governance Forum (IGF): It brings together all stakeholders i.e. government, private sector and civil society on the Internet governance debate. It was first convened in October–November 2006.
- Internet Corporation for Assigned Names and Numbers (ICANN): It is a non-profit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the network’s stable and secure operation. It has its headquarters in Los Angeles, U.S.A.
Stakeholder Agencies In India | Cyber Security and Role of Social Media
- National Information Board (NIB): National Information Board is an apex agency with representatives from relevant Departments and agencies that form part of the critical minimum information infrastructure in the country.
- National Crisis Management Committee (NCMC): The National Crisis Management Committee (NCMC) is an apex body of Government of India for dealing with major crisis incidents that have serious or national ramifications. It will also deal with national crisis arising out of focused cyber-attacks.
- National Security Council Secretariat (NSCS): National Security Council Secretariat (NSCS) is the apex agency looking into the political, economic, energy and strategic security concerns of India and acts as the secretariat to the NIB
- Department of Information Technology (DIT): Department of Information Technology (DIT) is under the Ministry of Communications and Information Technology, Government of India. DIT strives to make India a global leading player in Information Technology and at the same time take the benefits of Information Technology to every walk of life for developing an empowered and inclusive society. It is mandated with the task of dealing with all issues related to promotion & policies in electronics & IT.
- Department of Telecommunications (DoT): Department of Telecommunications (DoT) under the Ministry of Communications and Information Technology, Government of India, is responsible to coordinate with all ISPs and service providers with respect to cyber security incidents and response actions as deemed necessary by CERT-In and other government agencies. DoT will provide guidelines regarding roles and responsibilities of Private Service Providers and ensure that these Service Providers are able to track the critical optical fiber networks for uninterrupted availability and have arrangements of alternate routing in case of physical attacks on these networks.
- National Cyber Response Centre – Indian Computer Emergency Response Team (CERTIn): CERT-In monitors Indian cyberspace and coordinates alerts and warning of imminent attacks and detection of malicious attacks among public and private cyber users and organizations in the country. It maintains 24×7 operations centre and has working relations/collaborations and contacts with CERTs, all over the world; and Sectoral CERTs, public, private, academia, Internet Service Providers and vendors of Information Technology products in the country
- National Information Infrastructure Protection Centre (NIIPC): NIIPC is a designated agency to protect the critical information infrastructure in the country. It gathers intelligence and keeps a watch on emerging and imminent cyber threats in strategic sectors including National Defence. They would prepare threat assessment reports and facilitate sharing of such information and analysis among members of the Intelligence, Defence and Law enforcement agencies with a view to protecting these agencies’ ability to collect, analyze and disseminate intelligence
- National Disaster Management of Authority (NDMA): The National Disaster Management Authority (NDMA) is the Apex Body for Disaster Management in India and is responsible for creation of an enabling environment for institutional mechanisms at the State and District levels.
- The Cyber Regulations Appellate Tribunal: The Cyber Regulations Appellate Tribunal has power to entertain the cases of any person aggrieved by the Order made by the Controller of Certifying Authority or the Adjudicating Officer. It has been established by the Central Government in accordance with the provisions contained under Section 48(1) of the Information Technology Act, 2000.The body is quasi-judicial in nature.
ALSO READ : https://www.brainyias.com/7th-economic-census/