As India attempts a transition to a cashless society, cyber security experts raise serious concerns about India’s preparedness. As Prof. Debabrata Das, who was with the Centre’s National Information Infrastructure version 2.0 (NII 2.0), puts it: “It’s like we are fighting AK-47s with lathis.”
With the lack of sophisticated defence systems, experts say India is prone to attacks that could cause public chaos.
Gulshan Rai, the National Cyber Security Chief in the Prime Minister’s Office (PMO), admits there are several challenges. He says: “It is a mindset question but India has the wherewithal to address concerns.”
Pointing out several issues ranging from unencrypted passwords used for transactions to data theft from banks, from outdated software to high dependence on operating systems prone to attacks, experts say we have a long way to go before we have a trustworthy system.
Prof. Das says: “There is a dearth of skilled manpower and deep research. It’s not only a massive challenge but also a great opportunity.” Stating that there are only about a couple of hundreds of employable security engineers in the country, Das said: “We need at least a few lakhs and we need people with domain expertise. While attackers use sophisticated systems, we can’t even protect ourselves.” Das was also in the five-member committee the Centre set up in 2015, which made recommendations to enhance training and research in cyber security.
According to the Computer Emergency Response Team (CERT-IN), there have been 1.75 lakh cyber security incidents between January 2013 and October 2016 — ranging from phishing, scanning or probing, virus infiltration, denial of service attacks, et al. These do not include 26,907 cases reported by the National Crime Records Bureau (NCRB) in 2013-2015, which are less sophisticated.
Telecom expert Ravi Visvesvaraya Prasad says: “There are many concerns and the environment in which our transactions take place isn’t secure. The SMSes we get as one-time passwords, for example, are not encrypted. Networks cannot be trusted, which means there are chances of losing money in transition.”
Rai said: “We need to inculcate best practices and processes in our habits and we need to realise that cyber security is not entirely in the hands of the government.”
Cyber expert Mirza Faizan Asad, while criticising banks for not putting in place efficient systems, said: “Most don’t have risk managers in all branches. Also, they use outdated softwares in ATMs which increase the risk, while dependence on untrusted foreign vendors for POS (point of sale) machines and several operating systems also lead to issues like the recent debit card fraud.”
Between April 2013 and November 2016, India’s top 51 banks lost Rs. 485 crore to thefts — Rs. 212 crore was lost to 2,492 cases of ATM thefts, while another Rs. 272 crore was lost to credit/debit card cloning and net banking thefts.
Rai said: “Concerns about credit cards, vendor machines, etc. need to be dealt with seriously. We need to be cautious.”
- 1.75 lakh sophisticated cyber security cases between January 2013 and October 2016: CERT-IN
- 29,907 other cyber crime cases reported by NCRB between 2013 and 2015
- Only a few hundred security engineers in India; lakhs needed
- Rs. 485 crore lost to ATM, bank thefts in 3.5 years