TMCnet News
The dark side of the digital age [Financial Express (India)](Financial Express (India) Via Acquire Media NewsEdge) Cyber attacks have become common occurrences and reports of Chinese and Pakistani hackers targeting top-level Indian government websites are worrying. Instances of cyber crime continue to increase in both frequency and sophistication, and in a recent revelation, government sources have informed that more than 700 cyber attacks have been reported to the Indian Computer Emergency Response Team (CERT-IN) from various businesses and government agencies during the January to June period this year. CERT-IN is the national nodal agency for responding to computer security incidents as and when they occur. A total of 117 Indian government websites were defaced during the six month period. Among the spate of cyber attacks on Indian targets was the one on the Indian embassy in Moscow when sensitive defence as well as information relating to foreign policy issues was been stolen. Web assets of Indian Passport Office (Delhi), National Informatics Centre (NIC) and ministry of defence haven't been spared either. In fact, NIC is believed to have borne the brunt of sustained cyber attacks. China and Pakistan hackers apparently steal nearly six million files worldwide every day. Sachin Pilot, minister of state for communications & IT recently informed that a total of 117 Indian government websites were defaced during the January to June period this year. "All the affected organisations and departments were requested to provide Web server logs of hacked websites for analysis and identifying nature and type of attack and vulnerabilities exploited by the hacker," he said. At a global level, security experts at IT security firm McAfee recently discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organisations including the United Nations, governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies around the world. It seems that all of the benefits that the internet can provide, including support for the most basic and essential services that nations depend on, are subject to disruption by internet-based cyber attacks that use the global computer network to cross international boundaries with ease. Historically, attacks on a nation's essential services typically required a physical attack that crossed the nation's borders slowly enough that it was subject to recognition and interception by that nation's military. At the very least, some physical evidence would likely be left that would allow for the tracking, tracing, and identification of the perpetrators and the tools or weapons used in the attack. Today, cyber attackers use the speed and global connectivity of the internet to make national boundaries irrelevant, and sophisticated attackers leave little in the way of electronic evidence that can be used to track or trac Alarm bells are ringing because nowadays critical national infrastructures supporting such vital areas as power, transportation, communications, banking and finance, and defence are growing progressively and are more dependent upon internet-based applications. The older, often manual, closed, and proprietary methods of providing the essential services that societies depend on are gradually disappearing as they are replaced by cheaper, open, more efficient, and highly distributed internet applications. The private sector isn't spared either and the cost to businesses of dealing with cybercrime is soaring, according to a recent research undertaken by Hewlett-Packard and the Ponemon Institute. The study, which surveyed 50 organisations across a number of industry sectors, found that the median cost of dealing with cybercrime was $5.9 million per year, a 56% hike on the prior year's survey. The cost of dealing with cyber attacks ranged from $1.5 million to $36.5 million, according to the latest results. A spate of high-profile digital attacks against the likes of Lockheed Martin, Citigroup, Sony, and even the Central Intelligence Agency (CIA) has raised the profile of cyber security. "As the sophistication and frequency of cyber attacks increases, so too will the economic consequences," said Larry Ponemon, chairman of the Ponemon Institute, in a statement. "Figuring out how much to invest in security starts with understanding the real cost of cybercrime." The domestic and international implications of an increasingly critical societal dependence on the internet makes necessary the ability to deter, or otherwise minimise, the effects of cyber attacks. The capability of a nation (or a cooperating group of nations) to track and trace the source of any attacks on its infrastructures or its citizens is central to the deterrence of such attacks and hence to a nation's long-term survival and prosperity. However, in the cyber world the current state of the practice regarding the technical ability to track and trace internet-based attacks is primitive at best. Sophisticated attacks can be almost impossible to trace to their true source using current practices. Nevertheless, the Indian government has taken specific steps towards ensuring cyber security. For instance, all the new government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications will be conducted on a regular basis after hosting also. National Informatics Centre (NIC) has been directed not to host websites which are not audited with respect to cyber security. NIC, which hosts the government websites is continuously engaged in upgrading and improving the security posture of its hosting infrastructure. The existing government websites are periodically audited from security perspective and vulnerabilities found are plugged. CERT-IN and its American counterpart US-CERT recently inked a memorandum of understanding for sharing of expertise in artifact analysis (study of traces of virus and worm), network traffic analysis and exchange of information. Despite widespread awareness, cyber attacks increasingly plague businesses and government organisations and the past six months have seen massive uptick in the volume of hacker activity. Without any doubt, the virulence of such attacks requires a prompt move by the affected parties to up the ante against cyber intrusions. Copyright 2011 The Indian Express Online Media Ltd., distributed by Contify.com (c) 2011 The Indian Express Online Media Ltd., distributed by Contify.com |