The recent data hack at Sony Pictures that has threatened a cyber war between the US and North Korea has raised questions about the preparedness of India if faced with a similar attack.
Experts are concerned that the country may not be adequately armed to counter such attacks against its corporations or the government. A National Cyber Coordination Centre (NCCC), which was planned to monitor traffic flowing through the country and possibly fend off such attacks, has been on the drawing board for a couple of years and is still awaiting approval.
India can only find solace in the fact that its Internet penetration is still one of the lowest in the world and digitisation by corporate and governments is still limited.
“In a way, the fact that we (India) are not completely digital, which could be looked at as one of the weak points from the business perspective, is working out to be one of the strongest points when seen from the cyber security point of view as it seals business from such attacks,” said Sanjay Deshpande, co-founder and chief executive officer, Uniken, a digital security firm.
The government’s digitisation push with the Digital India project will lead to an unprecedented spike in online transactions. This will require huge investments towards securing the country’s cyber perimeter. According to officials, the NCCC, which will cost the exchequer around Rs 800 crore and will take a year’s time to be operational, will watch Internet traffic flowing across the country without snooping on the content. It will help in mitigating or warding off domestic or international attacks by building trends and analytics on incoming or outgoing traffic.
However, the project is yet to be approved.
A senior official with National Technical Research Organisation (NTRO) told Business Standard the country might have all the relevant machinery and infrastructure in place to protect against cyber crimes, but such attacks usually occurred from the most remote or the least doubted points of entry. The agency claims to have detected around 30 attacks in the last four years. Set up in 2004, the NTRO is a technical intelligence agency under the National Security Adviser in the Prime Minister’s Office.
Earlier in December, hackers infiltrated into the servers of Sony Pictures to resist the release of a comedy film called The Interview, a movie depicting the assassination of North Korean leader Kim Jong-un. The film, along with other unreleased movies, were stolen and leaked online causing significant financial damage to Sony.
Following this, Sony cancelled The Interview’s widespread Christmas release to screen it in limited theatres and on the Internet later. Details of corporate finances and private emails between producers and Hollywood figures were also hacked and released on the Internet. This led to a war of words between the US and North Korea, where President Barack Obama promised to respond “proportionately” to the cyber-attack.
The US has reportedly also sought help from China to fight off attacks from North Korea, which relies heavily on Chinese electronic equipment.
North Korea had been on the US list of state sponsors of terrorism for two decades until the White House removed it in 2008 as part of now-stalled negotiations relating to Pyongyang’s nuclear programme.
“Cyber security needs to be looked at as a full chain. More holistic solutions need to be designed to protect business. Every aspect of the chain needs equal attention, starting from putting up the right infrastructure to running it appropriately through trained staff,” Sanjoy Sen, doctoral researcher in strategic governance at the UK-based Aston Business School said.
A Forrester report predicts that at least 60 per cent of brands will discover a breach of sensitive data in 2015. But while high-profile attacks such as those against Target, Home Depot and Sony in 2014 might be the most expensive and damaging of all time, they were not the norm, said the report. A third of all breaches occur as external attacks, but the most common source of a breach (46 per cent) is an internal incident that could involve malicious intent or an accident, or both.
“More than half of business and technology decision-makers rate lack of staff as a challenge, and 53 per cent find unavailability of security employees with the right skills as a major challenge,” Forrester’s Heidi Shey and Kelley Mak said in the report.
Although sectors like banking and financial services and also pharmaceuticals were beginning to invest more in cyber security given the sensitivity of the data they handled, India still had a lot of ground to cover, said officials.