So far in the 21st century, the world has already seen a massive growth spurt in the communication and information technology industry. Data has become one of the most valuable assets of every organisation and the one who has the maximum monopoly over it, is described as a powerful confederation.
With the advancement in information handling and development of internet, it sure has become much easier and much less cumbersome to store and manage large quantities of data, but at the same time, the possibility of information theft and network infiltration has also become high.
Communication network is a term used to denote the pattern of directions of flow of information. This task is undertaken through various formal and informal channels which can be conventional cables as well as wireless digital networks.
The various governmental and administrative offices, the defence organisations, numerous private and public sector companies, are all dependent upon database management and IT in general for storage, update and flow of information.
Additionally schemes like ‘Digital India’ and initiatives by private companies like Reliance which introduced its low-cost 4G internet services under the banner of JIO, the extent of internet, has increased geographically in our nation.
With such a large amount of information, each of these organisations is vulnerable to cyber-attacks that can cripple the functioning of the institution if they get access to this information. India already has a multifaceted challenge of maintaining internal security and the communication networks add another dimension to this.
Cyber warfare has been described as the future of wars that nations may fight. Therefore, it is of utmost importance for India Inc. to identify the challenges that communication networking poses and take preventive measures.
Security Threats through Communication Networks
The Information Technology Act, 2000 enacted by the Government of India has designated communication networks as an integral part of the information infrastructure of our nation and has stated that any attempt of destruction or incapacitation of this computer resource will definitely have a debilitating impact on the national security, public safety and most importantly, the economy.
Broadly classifying the threats on the basis of the institution that is being affected, they can be characterised in the above three facets which work together for a country to function smoothly and develop.
Information Warfare: Gone are the days when wars were fought with soldiers and weapons. The conventional methods of fighting a battle to defend oneself have become out-dated. With the advancement in defence technology and military logistics and database, cyber warfare is emerging as the new front on which the militarise need to maintain supremacy to establish national security.
This kind of attack is inexpensive as compared to the conventional weapons and can deal a deadly blow by blocking access, taking over controls and gaining information of various locations, weaponries and data, to the targeted organisation in the most incognito Modus Operandi which makes it very difficult for those affected by it, to trace the attack back to its perpetrators.
Furthermore, the communication networks, as mundane as televisions, radio and even modern age social media, are being extensively used as a platform to promote terrorism and anti-national sentiments in the youth of our nation, effectively brainwashing them to join terror outfits. This includes influence in the Kashmir valley, spread of naxalism and other anti-India ideologies.
Cyber Terrorism: The advent of the internet in India might have provided access to many Indians to a lot of the information and knowledge available in the Netscape, but at the same time, they are prone to expose their own credentials to hawk-eyed cyber terrorists who are ready to pounce on the slightest opportunities of grabbing personal information and using it against the public. They can also target public portals, disrupting the communication networks and leaking sensitive information.
Crippling the economy: The Indian economy is a giant conglomeration of many public and private sector corporations, companies and banks. Together, they have developed a very intricate network of huge load of information. If even a single node of this complex interconnection is compromised, it will lead to a domino effect causing the entire industry to collapse.
With schemes like demonetisation and focus on digital transactions and e-commerce, it has become more and more important to protect the producers as well as the consumers. The networks are prone to hacking which can be used to divert, block and restructure transactions, wipe out data, create false data, freeze assets, stealing customer and employee credentials, creating fake credentials, etc.
The Bangladesh Bank cyber heist of February 2016 is one of the prime examples of how even the most secure systems are prone to cyber-attacks.
Method of Attacks on Communication Networks
The individuals and organisations involved in such attacks possess extensive knowledge about computer operations, coding languages and networking systems. Their main aim is to achieve information superiority, which is on the same lines as air, terrestrial and water superiority that nations hold in their regions via their armed forces.
But unlike the forces, these cyber-criminals and warriors do not directly utilise the guns and missiles, but instead use a variety of malicious programmes to infect the databases and networks of their targets. A list of various modes of attacks that threaten the communication networks are listed below.
Denial of Service (DoS): This type of attack is the most popular mode of operation and is considered very trivial method in the hacker community. DoS or distributed DoS (DDoS) attacks are not technically hacking attacks but as the name suggests, it temporarily brings down servers by overloading it with requests.
Once the websites and servers are down, the next step undertaken is to redirect the traffic on the server to another page where the perpetrators can contact with the users and explain why the website was being targeted.
Packet sniffing: Bulk information is broken down into packets for ease of flow when it is uploaded on a network. These network packets are sent from node to node without any encryption and are hence vulnerable to many applications which can pick up these packets and derive the information they consist.
These applications are called network packet sniffers. Additionally, packet sniffer applications can also be utilised in man-in-the-middle attacks in which the internet service provider (ISP) gains access to all the information on the network and implements packet sniffers, routing and transport protocols to not only interpret these information but also modify it to suit their desired goals.
Virus and Malware: The most common method of infecting a network is by using programmes and software like virus and malware. Viruses are computer programmes which are linked to other programmes and are designed to execute undesirable functions.
Trojan Horse is a type of virus which is attached to a seemingly innocent looking programme and while the user is busy operating on the carrier program, Trojan Horses work in the background making copies and sending itself to other PCs and systems on the network, bringing down the whole network.
Malware, as the name suggests, are malicious software that attack a system and its networks in various different ways. There are scare wares which makes the user undermine their own network security by pop-up messages like- ‘YOUR PC HAS 12 VIRUSES, CLICK HERE TO CLEAN!’ As soon as the user clicks on them, the malware is downloaded and harm is done.
Adware is another such programme which appears as a harmless advertisement but when clicked upon, downloads the malware in the system. Another very common type of malware is ransomware, which blocks access to important services on the network until a required amount is paid or demands of the attackers are met.
Password Attacks: It is a brute force attack in which the hackers make repeated attempts to determine the username and password of a target account and once they gain access, try to create a backdoor for future access to the account. This type of attack is common in social media accounts and can compromise personal information and security of common citizens to famous personalities.
Pretentious means: A lot of methods to gain data from networks involve the attackers pretending to be authorised/authentic users. Under the mask of these innocent identities using various codes, they are able to gain trust of the system and access the stores information in it.
Most widely used method is phishing, where the hackers pretend to be from a legitimate organisation and send e-mails trough which they can indulge in identity theft and collect information like credit card number, passwords, pins, etc. Scam mails are on the same lines.
Finally, there is a method called IP spoofing, by which the attackers pretend to be a trusted computer by using a known IP address of the system and gains access to the networks.
Four-step Plan to ensure Secure Communication Networks
The malicious organisations and individuals are always conspiring to get an upper-hand in this information warfare, so it is our duty to take a holistic approach in curbing their actions and controlling their reach inside the communication networks that help run our economy, security and our administration smoothly.
This holistic approach can only be possible if people from all the different tiers of organisation join their hands together and develop a vigilant watch over our systems and networks. The four step model is hence a very important tool to be implemented to curb the challenges posed by these kinds of attacks.
This model involves deterrence, which can be achieved by establishing multi-lateral cyber laws with stringent punishments. Next we should focus on prevention, which will act as the first line of defence against cyber-attacks. Use of more secure systems, cyber watchdogs and an efficient security system management can help enact this step.
Furthermore, it is important to timely catch any suspicious activity which can be achieved in the detection step. The policing mechanisms should be improved and online alertness and vigilance should be pro-active. And finally, proper reaction methodologies should be set up which includes stronger information infrastructures, crisis management programs, and policing and justice efforts.
Securing Communication Networks on multiple stages
As mentioned earlier, a holistic security system for the cyber network is possible with equal participation from the government, the private sector as well as the individual citizens themselves. Everyone have an important role to play when it comes to securing their communication networks.
Starting from the government, the administration and the various law enforcing bodies, enactment and enforcement of cyber laws and effective policing is their part to play. The Ministry of Communications and Information Technology should encourage upgrading the cyber security systems of the various telecom companies.
Computer Emergency Response Teams (CERTs) have been raised to protect civilian network infrastructure at local and regional levels. Emphasis should be laid upon promotion of domestic telecom services as mentioned in the National Telecom Policy, 2012.
Furthermore defence forces have come up with a special organisation under the raising of three new tri-services agencies. The Defence Cyber Agency, which will be headed by Rear Admiral Mohit Gupta will focus on improving the defence cyberspace and work to make our armed forces a dominant force in the field of cyberspace warfare.
The private and the public sector companies too should contribute from their side. The major concern here is that Indian telecom manufacturers only have 3% market share. Our companies should invest more in the Indian technology which will not only help promote the ‘Make in India’ campaign, but also keep a check on foreign technology being incorporated in the Indian systems.
This could be a major problem as the foreign technology can be used against the Indian companies as they can easily infiltrate and dominate markets in the peninsula. The companies should take an enterprising role in keeping their equipment, both hardware and software up-to-date with the dynamic nature of technology and keep evolving as suitable.
Finally, it all comes down to the common men of the country who use various platforms to stay connected to each other. While we may be ignorant to the reality, but every time we connect to the internet, are own data is prone to be stolen or monitored by a third party without our consent.
Hence it is very important for us to stay alert and take small measures to prevent any huge crisis to occur in our lives or in the lives of our loved ones and acquaintances.
These measures include being wary of spams and malware, avoid confidential transactions, not to give out personal details to unknown people, frequently changing passwords, being aware of our surroundings, never leave a computer unattended when we are signed in and various other steps. Conscious efforts to securing our own networks can help contribute a lot to the national communication network security.
As more and more Indians are getting digitally active, it has become a bulk task to secure every communication network in the country. While majority of the population use it for beneficial purposes, there are still a lot of organisations which uses these communication networks for illegal trades and works.
These criminal activities can range from data theft, illegally accessing organisational servers or cyber-spying to utilisation of the communication networks for more conventional crimes like weapons and drugs smuggling, hiring unlawful contracts, promoting anti-national propaganda and spreading fake news.
Thus, India faces a daunting challenge in establishing a holistic and effective security in the field of communication networks. The existing measures may have controlled the activities to an extent, but the technologies keep evolving and new methods of infiltration and propagation of undesirable activities are showing up in more frequency.
In such a situation, it is important for the organisations ranging from the government to private companies as well as individual citizens of India, to come together and make a combined wholesome effort to keep our networks secure and free of such activities.
As we progress further into the 21st century, technology will become an inseparable part of human lives and culture. Hence if we take adequate measures from now, we will be able to not only secure our communication networks today, but also secure the future of our nation.