Tracking Cyber Security – Part 1
In a shocking revelation last week, a report by the International organization of Securities Commission (IOSCO) and the World federation of Exchange office said that around half of the world’s security exchanges were the targets of cyber attack last year and the menace was still increasing.
The survey report on 46 exchanges said that at least 53 percent of them said that the most common form of attack were denial of service which seeks to disrupt websites and other computer systems by overwhelming the targeted organizations’s network with computer traffic and viruses. Other forms of cyber crimes included website scanning, data theft and insider information theft.
According to Rohini Tenduklar of IOSCO Research department “There could be systematic impacts from cyber attacks in the securities market, especially considering that our financial system is replying more and more upon technological infrastructure.” Cyber crime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large scale damage.
A case in the point is Britain’s worry over hacking and other cyber attacks which have pushed aside the Euro Zone crisis as the top risk for UK based banks. Earlier, the US exchange Operators Nasdaq OMX group and BATS Global Markets had complained that they were targeted with the denial of service attacks. In October 2011, New York Exchange website was inaccessible for over 30 minutes. And in 2010, hackers who infiltrated Nasdaq’s computer system installed malicious software and allowed them to spy on the Directors of Publicly held companies.
Even today, many reputed companies don’t want to risk their reputation by disclosing the loss they faced from increased cyber attacks during last few years. However, a conservative estimate at the cost of cyber crime to society as a whole is pegged between USD 388 Billion to USD1 trillion. That is the reason why many of them have started investing heavily in proactive security technology by hiring state of the art firms.
Global business community is increasingly waking up to this challenge with new initiatives at various levels. As of now, the global cyber security market is dominated by North America with USA being the largest defense spender. A global cyber security market survey for 2013-2023 says that USA would be spending nothing less than USD 93.6 billion on it. Europe would remain the second largest market, with the total cyber security market valued at around USD 24.7 billion Asia Pacific is projected to be spending USD 23.2 billion on cyber security during this period followed by Middle East and Latin America with USD 22.8 billion and USD1.6 billion respectively.
One of the most important challenges for the cyber security providers is to identify the source of malware so that similar patterns can be tracked and observer for flaws and proper response to attack can be delivered without causing undue inconvenience to the entire cyberspace community. This challenge stems from the fact that the cyber security institutional eco-system which consists of a broad set of international, national and private organizations has unclear and overlapping boundaries.
It is also said that cyber weapons are at their infancy at the moment and are expected to rapidly evolve over the next decade. Therefore, many nations are currently dedicating increasing resources at the executive policy level as well as at the private sector level in order to deal with the complex nature and variety of cyber threats. So far, these resources have been by and large well utilized as could be seen in innovations in an array of new cyber defence technologies.
As these mechanisms become commercially available and their mode of operation is scrutinized, cyber attackers are likely to develop more advanced cyber weapon technologies to deal with advance defences.
During the Cyber Security World Summit held in 2011, security experts had raised credible issues such as crashing power grids, stalled air control towers or hospital infrastructure being rendered useless, national defenses being susceptible to outside attack and so on. New technologies such as cloud computing, social networking and the proliferation of mobile devices have also resulted in a substantial increase of cyber attacks. The government of UK, France, Belgium, Germany and India have already admitted and stated that their systems and networks were infiltrated by criminal networks. Such incidents are expected to augment a sustainable demand for cyber security in the coming days.
Secondly, military establishments of most of the countries have always enjoyed a certain degree of autonomy. Now, they too are not immune from economic uncertainties that face governments and that in turn, may have a negative impact.
It was in the face of these emerging challenges that the Government of India, with the rising dependence on IT and cyberspace by individuals, governments and corporate entities, unveiled national Cyber Security Policy 2013 on 2nd of this month. The policy aims to serve as an umbrella framework for defining and guiding the actions related to security of cyberspace and also gives an insight of the government’s approach and strategy. It also enables the individual sectors and organizations in designing appropriate cyber security policies to suit their needs.
Some of the salient features of the National Cyber security Policy 2013 are:-
• To develop public private partnership and collaborative engagements for enhancing security in Cyberspace.
• To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, skill development and training.
• Provision for fiscal benefits to business for adoption od standard security practice and processes.
• The indigenous development of security products and process for commercial deployment.
• To promote consortium of government and private sector for enhancing the availability of tested and certified IT products based on open standards.
• To encourage open standards and facilitate interoperability and data exchange among different It products and services.
• To designate a national nodal agency as well as sector specific agencies to enhance the protection and resilience of national critical information infrastructure which will act as a 24X7 centre to ward off cyber security threats in strategic areas such as air defence system, power infrastructure, nuclear plants and telecommunications systems since not doing so might create economic instability.
• To enable implementation of best practices in formal risk assessment and risk management.
• To enforce periodic audit and evaluation of the adequacy and effectiveness of security of information infrastructure in India.
• To engage information security professionals/ organizations to assist e-governance initiative and ensure conformity to security best practices.
• To develop bilateral and multilateral relationships in the area of cyber security with other countries.
Clearly, the task is mammoth given India’s huge size and the variety of threats from various corners. Not only India has a hostile neighbor which has been continuously probing our boundaries and hacking even many defence sites and creating even communal frenzy though cyber attacks. There have been such incidents of breach from within as well. One of the most glaring examples in the recent past has been the hacking of Council of Indian School certificates Examination and CBSE websites by a 20 year old student, demonstrating the vulnerability of public authorities in india to cyber attacks.
The crux is that cyber attacks could target anyone be that a MNC or even a small and Medium enterprise. In all these cases, companies or individuals firms that fall prey to such attacks are subjected to a high degree of reputational risk in addition to financial losses incurred due to data losses. Moreover, these attacks do not follow a common pattern or motive and thereby becomes more dangerous not only in the name of information security for companies but also for national security as a whole