India is experiencing an increase in cyber attacks.

• A major cyberattack recently crippled the country's premier medical institute, the All India Institute of Medical Sciences New Delhi (AIIMS).

More on the news:

• Most of its servers went down, as did the National Informatics Centre's (NIC) e-Hospital network.
• The critical health data of several individuals at the helm of the country's government was stored on AIIMS servers.

More Information on Cyberattacks:

• Cyberattacks are unwanted attempts to steal, expose, modify, disable, or destroy information by gaining unauthorized access to computer systems.
• Typically, ransomware-seeking entities carry out such attacks to prevent networks from functioning after encrypting data, and organizations are sent demands, which are frequently negotiated and paid without informing law enforcement.

Cyberterrorism:

• Cyberterrorism is frequently defined as any planned, politically motivated attack on information systems, programmes, or data that threatens or results in violence.

The Importance of Medical Institute Cyberattacks:

• Cyber attacks on medical institutions are becoming more common, and the pandemic has served as a watershed moment.
• During the pandemic, hackers and criminal syndicates recognised these institutes' reliance on digital systems to optimise medical functioning and store and handle large volumes of patient data, including their reports.

• Because the data available here is extremely valuable, it is an obvious target for cyber attackers and ransom seekers.

What are the causes of the increase in cyberattacks?

Growing reliance on technology:

• As we progress, more and more systems are being moved to virtual space to improve access and usability.
• The downside to this trend is that such systems are becoming more vulnerable to cyber-attacks.

Asymmetric and clandestine warfare:

• Unlike conventional warfare, which involves the loss of lives and eyeball-to-eyeball combat, cyber warfare is covert warfare with the benefit of plausible deniability, which means that governments can deny their involvement even when caught.
• As a result, cyber warfare has increasingly become the preferred venue for international conflict.

Challenges

• Health is not classified as critical information (CI) infrastructure: The health and medical sectors are not classified as critical information (CI) infrastructure in most countries.
• The health and medical sectors are not classified as critical information (CI) infrastructure in most countries.
• While an organisation such as AIIMS New Delhi could be considered a "strategic and public enterprise," health is not specifically mentioned as a CI infrastructure.

Inadequate skill set:

• Due to a lack of skills on their team, nearly two-thirds would find it difficult to respond to a cybersecurity incident.
• According to the survey, 50% of all respondents would find it difficult to respond to and recover from a cyberattack due to a lack of skills on their team, and less than 25% of companies with 5,000 to 50,000 employees have the people and skills they require today.
• Poor Prioritization: According to the survey, while approximately 85% of cyber leaders agree that cyber resilience is a business priority for their organization, one of their most significant challenges is gaining decision-makers’ support when prioritizing cyber risks over a variety of other risks.
• These contradictory findings suggest that emphasizing cyber resilience as a business priority is necessary but insufficient.

Major Government Initiatives for Cyber Security

CERT-In:

• It is an organisation of the Ministry of Electronics and Information Technology with the objective of securing Indian cyberspace.

Cyber Surakshit Bharat Initiative:

• It is an initiative from the Ministry of Electronics and Information Technology (MeitY) that aims at creating a robust cybersecurity ecosystem in India. This program was in association with the National e-Governance Division (NeGD).

National Critical Information Infrastructure Protection Centre (NCIIPC):

• NCIIPC is a central government establishment, formed to protect critical information of our country, which has an enormous impact on national security, economic growth, or public healthcare.

Indian Cyber Crime Coordination Centre (I4C):

• The MHA launched this I4C Indian Cyber Crime Coordination Centre program to combat cybercrime in the country, through a coordinated and efficient method.

Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre):

• It is an installation under the Ministry of Electronics and Information Technology (MeitY).

Information Technology Act, 2000:

• IT Act of 2000 came into effect in India on 09 June 2000. IT Act states in its preamble that the purpose of the legislation is to provide legal recognition to electronic transactions.

Way Forward

National cyber security strategy is required:

• This incident serves as a wake-up call for organizations across industries to strengthen cyber security measures; it is also critical to push for and announce a national cyber security strategy.

Cybersecurity readiness:

• That strategy will serve as a guiding document to motivate and monitor institutes' cyber readiness, as well as to improve capacity on a variety of fronts, including forensics, accurate attribution, and cooperation.

Budgetary priority:

• Significant budgets must be allocated by various ministries to ensure that cyber security measures do not fall to the bottom of the priority list.

Capacity enhancement:

• To address the emerging sophisticated nature of threats and attacks, the National Critical Information Infrastructure Protection Centre (NCIIPC) and CERTIn must be strengthened, and sectoral CERTs must be established in many areas, including health.