The government has informed the Lok Sabha that the number of cyber attacks in India has increased since 2018. The Ministry of Electronics and Information Technology (MeitY) revealed some data while responding to an unstarred question from MP B.B. Patil.
The government also acknowledged that adversaries are launching cyber attacks from foreign soil.
Attacks Originating from Foreign Jurisdictions
In its reply, MeitY revealed that since 2018, there has been an increase in the number of cyber attacks. Further, CERT-In’s analysis determined that attacks on Indian websites originated from jurisdictions located out of India. According to CERT-In’s reporting, the number of cyber attacks each year is as follows:
|No. of Websites Hacked
|2021 (till October)
The response added that the origin of attacks belonged to various countries including Algeria, Brazil, China, France, Germany, Hong Kong, Indonesia, Netherlands, North Korea, Pakistan, Russia, Serbia, South Korea, Taiwan, Thailand, Tunisia, Turkey, USA, Vietnam, etc.
However, the response also remarked that attackers are using masquerading techniques and hidden servers to hide the identity of actual systems from which they are launching attacks.
Cyber Crisis Management Plan
Besides the data on cyber attacks, the government also revealed that it has:
- formulated a Cyber Crisis Management Plan for counter cyber attacks & cyber-terrorism;
- issuing alerts and advisories through CERT-In;
- auditing government websites and applications prior to hosting, and even after hosting;
- conducting cybersecurity mock drills in government and critical sectors. CERT-In has conducted 61 such drills with 600 organisations so far; and
- issued National Security Policy and Guidelines (NISPG) to all Minisries and Government Departments for implementation.
No Plans for a new Cyber Security Law
In a separate reply to an unstarred question put up by MP A. Raja, MeitY said that there is no proposal for a stand-alone law for cybersecurity.
It is pertinent to note that India does not have a special law to deal with cybersecurity. Although different provisions of the Information Technology Act, Information Technology Rules touch upon the subject, they are neither comprehensive nor up-to-date. The entire policy is scattered, with different sectoral regulators issuing separate guidelines.
Meanwhile, the UK has introduced a new cybersecurity bill to toughen standards and protect consumers from data breaches.