UPSC Exam  >  UPSC Notes  >  UPSC Mains: Internal Security & Disaster Management  >  Cyber Security: Basics

Cyber Security: Basics | UPSC Mains: Internal Security & Disaster Management PDF Download

India Internal Security - Basics of cyber security

  • Cyberspace is being used for a variety of malicious activities, from crime to state-sponsored attacks on critical infrastructure.
  • The interconnectedness of cyber networks means that even the most basic responses end up having a ripple effect or unintended consequences.
  • India has been at the receiving end of various forms of cyber threats; from attacks on critical infrastructure to cybercrime and the latest manifestation of the misuse of social media.
  • While threats have existed right from the early days of cyberspace, the sporadic nature of the attacks and their targets suggested that they were largely the handiwork of hackers and low-level criminal elements.
  • The major delivery vehicles were spam mails containing viruses and malware. These were however manageable and up-to-date antivirus programmes and firewalls were deemed sufficient for keeping such risks at bay.
  • Subsequently, new forms of malware such as Worms and Trojans, which exploited the vulnerabilities of buggy software, also began to make their appearance. Phishing and Denial of Service (DoS) attacks also entered the lexicon. Whilst the former was a technique for gaining personal information for purposes of identity theft or access to e-mails or bank accounts, the latter consisted of malevolent attacks on websites with the intention of making them inaccessible.
  • The rise of an international criminal economy on the Internet with its tentacles in a variety of areas and with close linkages to a hacking community for which it provides the monetary resources and direction insofar as the kind of malware to be created and the networks to be penetrated goes, is a key component of the cyber threat.

Civil Functions of Cyber Security


Civil functions over the cyber-space have four denominators :-

  • Public Services (health, education, civil-supplies, social security schemes, essential services),
  • Financial Services (banking, subsidy funding),
  • Industry (manufacturing, service sector, R&D, trade),
  • Governance (policy, procedure, statistics, survey, records, administration).

Accordingly, civil functions of cybersecurity aim at securing the cyberspace in a manner as to prevent inimical acts of the following kinds:

  • Sabotage of ‘National Information Infrastructure’ (NII) through intrusion into electromagnetic spectrum,
  • Inducing collapse, corruption or diversion of the nation’s Information Technology (IT) driven public service, administrative, economic, technical and infrastructure.
  • Psychological subversion of the society to manipulate public opinion.

Cyber Security Mechanisms

Considering India’s policy orientations, protection of the cyber-space from manipulations and intrusions from inimical parties would mostly be sought to be passive measures; execution of pro-active disabling actions seems to be rather farfetched in our context.

Accordingly, the civil functions of cybersecurity in involve the following mechanisms:-

  • Warning and response to cyber-attacks,
  • Retrieval of cyber-assets – primary, secondary and tertiary data, protocols and processes, and,
  • Restoration of the compromised cyber driven systems – economic, industrial, technological, societal systems.

Cyber Warfare in the Military Domain

  • In the military domain, operations that are undertaken to gain information superiority fall under the ambit of ‘Information Warfare’ (IW). Within that ambit, defensive ‘Information Operations’ (IO) are waged by means of weaponized intervention, electronic warfare etc., ‘cyber warfare’ being one such mean that is cyber-space.
  • Cyberwarfare, therefore, is truly a ‘military operations of war’, to be conducted as an element of offensive and defensive IO, and waged in the same measures. It is distinguished by the predominance of offensive content and is to be prosecuted through military-dedicated IT-based satellites, data warehouses, maps, net-works, GPS, UAV, AWACs, PGM etc.
  • However, while civil functions are to be operational at all times, the military function during peace-time is to prepare and letting go at war-time to disable the opponent’s military, quasi-military and civil infrastructure. Herein lies the distinction between the civil and military functions.
  • Conversely, there are many commonalities between the two functions with respect to the above discussed civil cybersecurity mechanisms as well as the software and processes.

The Regime of Cyber Security

  • Most advanced countries have instituted robust mechanisms to protect their cyber domain.
  • In this respect, USA enjoys overwhelming superiority even if she takes elaborate activities under wraps. Besides passive measures, she secures her cyber-space by a technology driven barrage of highly complex cyber-intrusions and deliberate enticement of cyber-attacks from adversaries and friends alike to break into their algorithm. To do so, civil and military functions of cybersecurity enmeshed to produce the best results, cyber- attacks like ‘Gauss’, ‘Stuxnet’, ‘Duqu’, ‘Flame’ etc. being a few known ones.
  • China, on the other hand, depends upon mass of cyber operatives, reportedly two million strong, to support her cyber security regime, much of which is committed on internal surveillance and the rest intrusive hacking.
  • The score for the European nations stands even despite many reported hacking attacks from China and Russia, not to speak of their all-weather any case, not being at the centre-stage of a global circus, the European stakes are mainly limited to economic cyber-assets.
  • India is a novice in comparison, even if there have been some tentative attempts made to venture into the realm of cyber security. These attempts are however, confined just to work-station access-denials, blocks against hacking and back-up storage.
  • While India was among the first countries to have an Information Technology Act, set up a Computer Emergency Response team (CERT) and even locate responsibility for cybersecurity within the National Security Council, it has subsequently lagged behind other countries in responding to cybersecurity threats.

A Structure for Cyber Security

  • Having discussed the functions of civil cyber security and military cyber warfare and the differences as well as commonalities between the two, it becomes apparent there would have to be a substantial degree of congruence of resources and efforts in protecting the Indian cyber-space; and Two, when it comes to prosecution it would have to be a purely military venture.
  • Thus appears the necessity for an apex body to coordinate these primary and secondary functions at the national we may conclude the discussion with a brief look at some of the measures that might afford the desired level of protection to the indigenous cyber-space.

These be:-

  • Establishment of a ‘National Cyber Regulatory, Control and Security Authority’ (NCRCSA), to coordinate between the civil NCSP and the military ‘Cyber Incorporation of a ‘Cyber Research Department’ would also be necessary.
  • Regulation, coordination and strengthening of the civilian cyber activities of the ‘National Information Centre’, ‘National Crisis Management Centre’, Response Centre’, ‘National Information Infrastructure Protection Centre’, ‘Computer Emergency Response Teams’, NDMA, NTRO, Department of IT, DOT, and the private sector under the aegis of the proposed NCRCSA. The responsibility and wherewithal for cyber security is too diffused at present to be cyber-attack, and respond to it quickly and effectively.
  • ‘Cyber Command’ may be formed to plan and prepare prosecution of Cyber Warfare across the service barriers, and in coordination with the national A ‘Cyber Warfare Research Establishment’ must form part of this Command. NCSP and Cyber Warfare must be permanent and continuously performing with permanent set ups and flexible recruitment and training rules, and as stated, function under the overarching management of the proposed command.
The document Cyber Security: Basics | UPSC Mains: Internal Security & Disaster Management is a part of the UPSC Course UPSC Mains: Internal Security & Disaster Management.
All you need of UPSC at this link: UPSC
64 videos|106 docs|22 tests

Top Courses for UPSC

FAQs on Cyber Security: Basics - UPSC Mains: Internal Security & Disaster Management

1. What is cyber security?
Ans. Cyber security refers to the practice of protecting computer systems, networks, and data from unauthorized access, theft, damage, or disruption. It involves the implementation of measures, technologies, and processes to ensure the confidentiality, integrity, and availability of information in the digital realm.
2. Why is cyber security important in the context of India's internal security?
Ans. Cyber security is crucial for India's internal security due to the increasing reliance on digital technologies and the growing threat of cyber attacks. With the digitization of critical infrastructure, government systems, financial institutions, and communication networks, vulnerabilities arise that can be exploited by malicious actors. Effective cyber security measures are necessary to safeguard national security, protect sensitive information, and prevent disruption of essential services.
3. What are some common cyber threats faced by India's internal security?
Ans. India's internal security faces various cyber threats, including: a) Cyber espionage: Attempts by foreign intelligence agencies to gain unauthorized access to sensitive information and classified systems. b) Cyber terrorism: The use of cyber attacks to disrupt essential services, spread fear, and create chaos. c) Data breaches: Unauthorized access to databases and theft of personal, financial, or confidential information. d) Ransomware attacks: Malware that encrypts data and demands a ransom for its release. e) Phishing and social engineering: Deceptive techniques used to trick individuals into revealing sensitive information or performing malicious actions.
4. How does the government of India ensure cyber security in the country?
Ans. The Government of India takes several measures to ensure cyber security, including: a) Formulation of policies and regulations: The government formulates and implements policies, laws, and regulations related to cyber security, such as the Information Technology Act, 2000, and the National Cyber Security Policy. b) Establishment of organizations: Organizations like the National Cyber Security Coordinator's Office, Computer Emergency Response Team (CERT-In), and National Critical Information Infrastructure Protection Centre (NCIIPC) are responsible for coordinating and implementing cyber security measures. c) Capacity building and training: The government provides training programs and capacity building initiatives to enhance the skills and knowledge of cyber security professionals. d) International cooperation: India collaborates with other countries and participates in international forums to address global cyber security challenges and exchange best practices.
5. How can individuals contribute to cyber security in India?
Ans. Individuals can contribute to cyber security in India by: a) Practicing strong password hygiene: Using unique and complex passwords for different online accounts and regularly updating them. b) Being cautious of phishing attempts: Being vigilant while clicking on suspicious links or providing personal information online. c) Updating software and devices: Regularly installing updates and patches for operating systems, applications, and antivirus software to protect against known vulnerabilities. d) Using secure networks: Avoiding public Wi-Fi networks for sensitive transactions and using virtual private networks (VPNs) when accessing the internet from public locations. e) Reporting incidents: Immediately reporting any cyber security incidents, such as phishing attempts or unauthorized access, to the relevant authorities or organizations like CERT-In.
Explore Courses for UPSC exam

Top Courses for UPSC

Signup for Free!
Signup to see your scores go up within 7 days! Learn & Practice with 1000+ FREE Notes, Videos & Tests.
10M+ students study on EduRev
Related Searches

Cyber Security: Basics | UPSC Mains: Internal Security & Disaster Management

,

Extra Questions

,

Viva Questions

,

pdf

,

shortcuts and tricks

,

Important questions

,

past year papers

,

MCQs

,

Exam

,

Previous Year Questions with Solutions

,

Cyber Security: Basics | UPSC Mains: Internal Security & Disaster Management

,

Summary

,

study material

,

Objective type Questions

,

ppt

,

video lectures

,

Cyber Security: Basics | UPSC Mains: Internal Security & Disaster Management

,

Sample Paper

,

mock tests for examination

,

practice quizzes

,

Semester Notes

,

Free

;