In light of Anonymous hacking into and subsequently bringing down India's cyber security site Cert-In.org for five hours recently, it begs the question: just how good is the cyber security in India?
Most Government Sites Have Been Hacked
Reports over the past year do not bode well for the country. In just three months, between December and February, government websites reported getting hacked 112 different times. Compare this with the first six months of 2011, when 117 reports of government sites getting hacked were filed, and it's clear that the country is facing a sharp increase.[1]
Unfortunately, this seems to be the norm rather than the exception around the world. Despite being a leader in offensive cyber technology, the United States has also had quite a bit of trouble defending itself. In 2006, just over 5,500 incidents of digital attacks on the federal government were recorded; in 2011, that number had risen to just under 43,000 - a jump of almost 680%![2] Now, some of that increase is due to the fact that the United States has gotten better at detecting attacks, but not much. Even worse, this rise has occurred at the same time that US-Cert deployed a process designed to resolve common weaknesses in security called Einstein (and, later, Einstein 2.0) across government agencies.[3]
And though Europe has the continent-wide agency of ENISA working on joint securitization efforts, it is still an area of the world ruled by a variety of different countries, each with their own agenda and internal agencies. This tends to create conflicts and slow things down in terms of raising the level of security - which only benefits hackers. In 2007, Estonia's infrastructure was almost leveled when three weeks of constant cyber-attacks crippled everything, [4] and just the breaches of the past year have cost the UK billions, with countless organizations reporting that they have suffered attacks.[5] Some have called for a more unified effort across countries in Europe, but so far those voices are in the minority.
Cert-In.org Still On the Low End of Cyber Security
That being said, Cert-In.org still lags behind many cyber security organizations. In fact, India has the fifth highest rate of cybercrime in the world,[6] and while Cert-In.org cannot completely be held responsible for that statistic, certainly they deserve some of the blame.
Perhaps the best thing that can be said about cyber security in the country is that the Indian government seems to realize that they need help. The Ministry of External Affairs is looking into requesting missions abroad to attempt to acquire high-end cyber security firms for use by Indian companies. In fact, the government might even set up a fund to assist companies in buying cyber security companies, as well as pay for research and development.[1]
This move is deemed necessary by many due to the lack of homegrown cyber security technology in the country. Once Indian firms have purchased this technology, the government would be able to strike deals with them and develop their own domestic version to be used for government purposes. Obviously, this would not eliminate cyber-attacks in India - far from it. But by utilizing the resources already available in other countries to help them develop and improve upon their own system, Cert-In.org might at least be able to level the playing field.
About the Author
John Dayton writes for LWG Consulting, a company that provides forensic engineering and consulting, including computer forensic investigations. John has a passionate interest in computer security.
Footnotes
- ^ a b India scouts for cyber security firms, may ask embassies to help - LiveMint.com
- ^ Cybersecurity - Threats Impacting the Nation - US Government Accountability Office
- ^ Adoption of the Einstein (US-CERT program) - Wikipedia
- ^ Protecting Europe from cyber-attacks - costly but vital - Public Service, Europe
- ^ Cyber Attacks Become A National and Global Security Issue - Informilo
- ^ India ranks fifth among cyber crime affected nations - ThinkDigit
Comments
Add new comment