While India was one of the first countries to come up with a promising set of cybersecurity guidelines in 2013, the new policy is yet to see the light of the day.
In what is suspected to be one of the largest coordinated cyberattacks on the US, last week, the US federal agencies announced that they had reason to believe that hackers had gained access to systems of several government agencies. While FireEye, a cybersecurity firm engaged by the government, had earlier this month announced that it had fallen prey to an attack, it had also found vulnerabilities to SolarWinds Corp that is extensively used by the government. A Bloomberg report states that more than 25 entities have been affected, but SolarWinds claims that the Trojan used may have invaded as many as 18,000 entities. A Russian group also held responsible for stealing vaccine research data, is being blamed for the attack. While this has pushed American companies to exchange information using physical drives, the US is certainly not the only country that has been affected by such attacks. Earlier this year, Australia had blamed China for waging a cyberattack on it, while, in India, a major power provider to Mumbai was attacked. Even the recent Google outage—servers stopped responding for an hour, leading to disruption in Gmail, YouTube and all Google services—is suspected by some to have been some sort of cyberattack, though the digital giant has not yet released any statement. However, Google, earlier this year, had claimed that it was able to fend off one of the largest denial of service attacks.
Reverting to exchanging information in hard disks and physical drives may be possible in specific scenarios, but given how systems are becoming increasingly interconnected and most utilities are online, staying offline cannot be an option in the long run. Moreover, governments can no longer afford to look the other way as the intensity of attacks are increasing as also the scale. A report by Cybersecurity Ventures released earlier this year had highlighted that damages related to cybercrime would reach $6 trillion by 2021. It predicts that, by the end of 2021, the world would witness one cyberattack every 11 seconds, down from 19 seconds until a year ago and 40 seconds in 2016. So, there is a need for each country to up its cybersecurity spends and lay down guidelines for firms.
Governments should also foster international co-operation on cybersecurity—India signed the Quad agreement with Australia, Japan and the US, which covers aspects of cybersecurity. While India was one of the first countries to come up with a promising set of cybersecurity guidelines in 2013, the new policy is yet to see the light of the day. The government has also not specified any guidelines or standards for connected devices like routers and IoT systems. Singapore, on the other hand, has released a detailed architecture for such devices, so that each device is rolled out with security ratings. It is time countries mandate cyber-hygiene as a necessity.