Major Essay Questions
How can states respond effectively to cyber-attacks originating beyond their own borders? Compare and evaluate responses of two or three different governments.
counts for 50% of your final grade
3000 Words (10% over and under only) No collaboration
I am attaching a document of my friend on same topic. Please get an idea from here .The assignment is for 50% of my final grade, I need good marks, can't risk to fail it.
Topic How can states respond effectively to cyber-attacks originating beyond their own borders? Compare and evaluate the responses of two or three different governments. Ankush Japra 45531498 Introduction Internet users are increasing day by day in the month of April 2020 a total of 59% of the global population is using the internet today (Clement 2020). In a country, there are individual, private and government sectors using cyberspace for most of the work, cybersecurity is the shared responsibility of individuals, private, and government sectors.(‘Australia’s 2020 Cyber Security Strategy’ March, 2020) As most of the data is being saved electronically nowadays if the computer is not protected the more chances of cyber attack increase which might affect the country. As the attack may expand from an individual to the industry and then to the country. For example, one individual loss their credential due to phishing attack, these credentials can be used by the attacker to get access to the industry where the individual is working which then leads to loss of the industry data which might be used against the country in the critical situation. So, cybersecurity is essential and needs to be effective against cyberattacks. As cyberspace has no limits and no boundaries there are many difficulties faced by countries to respond to cyberattacks originated beyond the borders. Different countries respond differently when it comes to cybersecurity as some of the countries are still developing like India, which spend less on cybersecurity because there are other sectors need immediate investment, there are many factors that depend to provide better cybersecurity like Cooperativeness among the countries, skilled cybersecurity workers with the latest tools, cyber cells, cyber courts, and many other factors. The essay will outline how the states responded to the cyber attack originated beyond the border and the enhancement which is needed for future better cybersecurity. It also includes the improvement and issues India, the US, and Australia are addressing in terms of cybersecurity. INDIA As the government of India increases the use of IT-based products and IT-based services in public services likes citizen identification, healthcare, financial services, and education. Thus the growth of the IT sector rapidly increases and to provide the safe and secure cyber ecosystem in the country India introduces “National Cyber Security Policy” on 2 July 2013 (‘National Cyber Security Policy (1).pdf’ n.d.). India also established “Computer Emergency Response Team-India(CERT-In)” which is operational since January 2004, The main task of CERT-In is to respond to the computer security incidents it recorded 208456 incidents in 2018 (‘CERT-In report’ 2018). India is increasing the cybersecurity budget every year in 2019 the budget was $1.86 billion which is an increase of 12.4% from the year 2018 where the budget is $1.66 billion and in the year 2020 the budget is increased to $3.05 billion (‘Union Budget’ 2020.). Some of the issues with responding to cyber-attack origination beyond the border of India are as follow. Cooperativeness Cyberspace has no borders so any electronic device that is connected to the internet is vulnerable and it can be attacked easily. This means all the sectors in a country including public, private, government sector, banks, and all the other sectors are vulnerable so, the attack can occur at any level and can also propagate from one sector to another sector like a virus. Cooperativeness inside all the sectors in a country and with other countries is a must to effectively defend the cyberattack. India needs organizations that are well equipped and ready to collaborate by keeping their differences aside and share resources for providing better defense to cybercrime. India lacks in cooperation with other sectors and other countries. Although now it is improving in cooperating with other countries on 4th September 2019, The third India-Australia Cyber Policy Dialogue was held in New Delhi in which both the country representative discuss the current and emerging cybersecurity issues including the Cooperation to address cybercrimes by sharing information on cybersecurity, national approach to cybersecurity policies, critical technologies like IoT, which is emerging day by day and is a need for smart cities both the countries committed to sharing information on the IoT security standards and to design a core element of IoT development (‘3rd India-Australia Cyber Dialogue’ 2019.). To more strengthen the defense against cybercrime more Cooperativeness between all the sectors in a country and with other countries is needed. Cybersecurity awareness As the number of users on the internet increasing day by day in India as the internet is cheap and people are adopting new technologies. The biggest challenge for cybersecurity awareness is the population. There is a huge number of internet users out of many who were unaware of cybersecurity. The government may be taken action against the cybercriminal but the people and companies were not aware of the security. There are thousands of companies working online using clouds but due to lack of awareness in the employees the customer’s data were lost and accessed by the hacker easily. Thus by attacking a big company attackers can get a number of customers data that can be used against them. Awareness can be spread in metro cities, urban cities but difficult where the literacy rate is low and they are using internet services without the knowledge of legal and illegal activities going on the internet, thus they accidentally commit a crime. There should be a strong strategy and action plan against cybercrime and cybercriminal, separate cyber cells, cyber courts, and layers in every big city. The more people were aware the less will they get targeted. Moreover, there should be a plan in every company for training their employees about the cybersecurity, as the employees were the weakest link for any cyber attack.(Panwar & Purohit 2018) There are many other problems also regarding lack of awareness about cybersecurity as most of the people don’t know about the cyber laws and most of the IT professional and students are not interesting for cybersecurity topics thus most of the companies also have fewer experiences and professional cybersecurity personal which leads to poor cybersecurity to the company and open gates for a more cyber attack. Thus the government has to educate people, companies have to educate their employees, an individual has to study cybersecurity so that the crime will be reduced and the cyber attack should be defended.(Singh et al. 2019) According to CERT-In attacker used COVID-19 pandemic as a cyber-attack vector for their own gain. Hackers are using various methods regarding COVID-19 to attack the users which includes legitimate corporate branding in the name of COVID-19 to send malware to the victim, trust organization for donation and get user credential using phishing emails, using promotional code, discount code for their gain and the malware family they are using are AGENT TESLA, TRICKBOT, TRICKYMOUSE, COVIDLOCK, and many others. There were also recommendations given by the CERT-In for example disable the use of Macros in Microsoft office, update antivirus software, be careful there are many phishing emails spreading during COVID-19. These all information is available on the official website but not spreading and sharing among the peoples, the government should spend money in these kinds of awareness advertisement, alert individuals and companies about the attacks going on as due to the pandemic most of the employees are working from home and are not using a secure network and as they are not in the company secure network they are vulnerable so by spreading awareness of the attack the defense become stronger.(‘Cert-In - Home Page’ 2020) Attacks on India beyond the border According to the latest report by the Indian computer emergency response team (CERT-In), 35% of the cyberattack that the Indian cyberspace witnesses came from China, 17% from the US, 15% from Russia, 7% from Pakistan, and rest from Germany and Canada. According to the NSCS 2018 report China is responsible for over 3rd of the cyber attack on official Indian websites (Mishra et al. 2019). According to “The United Services Institute of India” report there are several cyber intrusions reported in India from china targeted ministries, embassies, defense establishments, and many other departments. Although there is no official intrusion investigation report from India is available on the public domain, however, investigation report on major cyber attacks exists in which India is mentioned as one of the victims, with intrusion done by China. There is a lack of awareness in India about such kind of attacks that can harm India. Following were the few attacks on India that has been recorded in the last few years. (‘China’s Cyber Warfare Capabilities – USI’ 2019) UIDAI Aadhaar card database breach Unique Identification Authority of India(UIDAI) issued a unique 12 digit identification number to all the Indian citizens to gain the benefits and services offered by the government. Aadhaar can be used for voting, as an address proof, it contains details like name, sex, address, age, residential address, and the fingerprints of all the individuals stored in the database so that in a case to identify a person Aadhaar card will be used by the official to identify the person. Thus UIDAI store data of over 1 billion citizens of India (‘About your Aadhaar’ n.d.). In the year last year the Aadhaar system is reportedly been subjected to problems like data breach by different researchers and officials. But India lacks providing evidence and accepting claims for such news for instance a French security researcher Robert Baptiste scraped the site using 100 lines of python code, but the UIDAI call it “fake news” and the website with the breaches had been pulled down from the internet. One more security researcher from India claim that the state-owned web address is unsecured and give access to the Aadhaar database and even allowed Saini to query results, the UIDAI also denied this report on its official website.(‘BREACH OF BIOMETRIC INFORMATION’ 2019) India lack in providing evidence of a secure website and ignore and called it fake news when some researcher claims that the data is not secure. Indian lack of proper Risk management system and proper testing and launching their official websites which leads to breach data, this data contains the information of all the Indian citizen which can be used against India in a very critical situation by other countries, it is also claimed that China is also one of the attackers behind data breach of Aadhar system.(‘Aadhaar on Twitter: 2018) A case is also file in court after the investigation and after providing evidences in judicial court saying the data is