India has been the Victim of Cyberterrorism

By Colonel B. S. Nagial (Retd.)

---

Cyberterrorism is a global phenomenon but not much recognised in India. However, India ranks second highest user of the Internet after China. It is estimated that about 20% of the Indian population uses Internet facilities. In contrast, in the US and UK, 90% of people use the Internet. And people who use the Internet facilities are also called ‘Netizens.’ The over-dependence on the Internet increases susceptibilities & weaknesses. Sometimes the feelings of aggression are transformed into anger and revenge, which turns them into criminals.

Most people in India aren’t sensitive to cyber threats posed by the virtual world. Information Technology (IT) has opened a plethora of opportunities for the world to develop its financial infrastructures and other e-commerce facilities. Cyber crimes are increasing daily. The ‘netizens’ are ignorant and in denial that their activities are safe and secure. We usually share our important & sensitive data & information inadvertently on social media.

The momentous growth of the cyber world has further posed the threat of cyberterrorism. Cyber attacks depict lethal and non-lethal psychological problems faced by people. Cyberterrorism is typically considered a tool that only affects the national security system. But in fact, it also affects the psyche of the people. Cyber terrorists have increased the employment of cyber attacks dramatically in the past few years. It has caused mass destruction & damage to various facilities such as health, energy, nuclear, and critical command & control facilities. Cyber professionals are at work to reinforce capacity-building measures to restrain cyber attacks on critical systems in India.

What is Cyberterrorism?

As per the dictionary, cyber-terrorism is ‘the motivated use of computers and information technology to cause extreme interruption or extensive fear in society.’ Dorothy Denning, a professor of computer science, has given the most notable definition of cyberterrorism. He has put forward an admirably unambiguous definition in numerous articles and in her testimony before the US House Armed Services Committee in May 2000 – Cyberterrorism is the conjunction of cyberspace and terrorism. It denotes illicit attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people. Also, to qualify as cyberterrorism, an attack must cause violence against persons or property or inflict sufficient harm to cause fear. Attacks which cause death or bodily injury, explosions, or severe economic loss are a few examples. Grave attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact.

Cyberterrorism is a deliberate attempt, which is a politically, socially or religiously inspired attack against information systems, programs and data. The definition is occasionally expanded to include any cyber attack that intimidates or generates fear in the target population. Attackers often do this by inflicting damage or disruption to critical infrastructure.

Cyberterrorism is also known by terms such as electronic terrorism, electronic jihad, information warfare or cyber warfare. The fact is that cyberterrorism threats can come from so many different sources, and sometimes it would seem impossible actually to defend ourselves from them.

Objectives of Cyberterrorism

The fundamental objective of a cyber-attack is hacking, generally to satisfy the ego of hackers by creating terror. Sometimes it seems too similar or overlapping, like cyber attacks and cyberterrorism.

The objective of cyberterrorism is to instil feelings of terror in the mind of cyber victims. Cyberterrorism also threatens the most vulnerable points covering physical and virtual worlds. It includes the commission of acts of destruction, alteration, acquisition and acts of transmission against the following:

1. Defence forces.
2. Internal security system.
3. Health care system.
4. Financial infrastructure.
5. Other important civilians networks.
6. Destructions of supervisory control and data acquisition system of smart cities.

Information and Communication Technology (ICT) may be used to help the commission of terrorist-related offences. It can be promoted to use, promote, support, facilitate, and engage in acts of terrorism such as spreading propaganda, recruitment, radicalisation, incitement to terrorism, terror financing, training planning and execution of terrorist attacks.

Modus Operandi of Cyberterrorism

Cyberterrorism is gaining far-fetched attention due to extensive reporting by the media and numerous other institutions, both from the public as well as private sectors. They accept that cyberterrorism is capable of rendering catastrophic impacts. Thus, it is imperative to share awareness among the general public to alleviate cyberterrorism threats effectively.

Most cyberterrorism cases have numerous common traits. It is essential to clearly define what a cyberterrorism attack looks like to avoid misunderstandings leading to confusion later on. Usually, the victims of cyberterrorism attacks are specifically targeted by the attacker(s) for predetermined reasons. There have been random cases of cyberattacks carried out in the past, such as releasing harmful viruses and worms through the Internet. However, in reality, the targets were arranged by cyber terrorists. This is because if the attacks are more focused and intended towards an explicit target, there are better chances of inflicting severe damage on the target chosen.

The most common objective of cyberterrorism is to inflict damage or destroy completely a particular target which may be an organisation, industry, sector, or economy, or to impact particular targets. These types of attacks are becoming popular. Thus, specific countermeasures will be required to prevent the targeted entities from falling victim to such attacks. One more common feature of cyber terrorism is the resolve which is to further the terrorist or terrorist groups’ own goals, such as to inflict heavy damages on the former employer due to unsettled disputes or to create chaos among the general public.

Cyber terrorists deploy various types of cyberterrorism attacks. As per the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in Monterey, California, USA, cyber terrorism capabilities can be grouped into three main categories; simple unstructured, advanced-structured and complex-coordinated.

Simple-unstructured

This is the fundamental capability to conduct hacks against individual systems employing tools created by others. This type of organisation possesses little target analysis, command and control skills, and limited learning capability.

Advanced-structured

This is the advanced competence to conduct more experienced attacks against several systems or networks and possibly to modify or create the most fundamental hacking tools. The organisation possesses an elementary target analysis, command and control skills, and relatively modest learning capability.

Complex-coordinated

Under this category, coordinated attacks are capable of causing mass disruptions against unified and diverse defences. Terrorists can create sophisticated hacking tools. They are also highly proficient in conducting target analysis and command and control. They also possess advanced organisational learning capabilities.

There are five main types of cyberterrorism attacks: incursion, destruction, disinformation, denial of service and defacement of websites. Few such attacks are more severe than others and have diverse objectives. We must recognise the various attack methods to understand how they can be countered effectively.

1. Incursion. These attacks are carried out to gain access or infiltrate computer systems and networks to get or alter information. This method is widespread and widely used, with a high success rate. Many loopholes exist in unprotected computer systems and networks, and terrorists can benefit from attaining and modifying vital information, which can inflict further damage to the organisation or for personal gain.
2. Destruction. Through this method, the attackers intrude into computer systems and networks to inflict severe damage or destroy them. The implications of such an attack can be disastrous, whereby organisations might be forced to be out of operations for the time being, depending on the harshness of the attacks. It can prove very costly for the affected organisations to get their operations up and running again. Therefore, it will affect them financially and also impair their reputation.
3. Disinformation. Generally, this technique is used to blow out rumours which can seriously affect the target chosen. Notwithstanding whether the rumours are true or false, such attacks can irresponsibly create chaos for the target. Such an attack is brutal to curb as it can be done almost suddenly without access to computer networks.
4. Denial of Services. Denial of Service attacks, or DOS attacks as popularly known, are also standard. The effect of such attacks is felt by e-commerce-enabled businesses selling products or services online. Public websites are often also the targets of such attacks by cyber terrorists. The foremost aim of DOS attacks is to disable or disrupt online operations by flooding the targeted servers with a vast number of queries which would eventually lead to the servers being unable to handle routine service requests from legitimate users. The impact of such attacks can be catastrophic from both economic as well as social perspectives, where it can cause organisations to suffer huge losses.
5. Defacement of websites. Such attacks are targeted to disfigure the websites of the targets chosen. Either the websites are changed to post messages from the cyber terrorists for propaganda or re-direct these messages to the users to other websites which may contain similar messages. However, a small number of such cases are still happening.

State of Cyberattacks in India

As per the reports, Indian government websites faced the highest number of cyber-attacks in 2022. India, the US, Indonesia, and China suffered 45% of cyberattacks on government entities worldwide in 2022. The report claims that the number of attacks on government agencies was up 95% yearon-year.4 India was the most besieged in 2022, as attacks on government agencies doubled.

In Dec 2022, India’s top government-managed hospital, All India Institute of Medical Science (AIIMS), was affected by a cyberattack disrupting online services for more than two weeks. India’s controlling agency of cyber security, Computer Emergency Response Team (CERT-In), found in its investigation that five AIIMS servers were compromised during the attack, and hackers encrypted nearly 1.3 terabytes of data.

In the year 2020, CERT-In handled 1158208 incidents. In the year 2021, Indian Computer Emergency Response Team (CERT-In) handled 1402809 incidents. The type of incidents handled were: Website Intrusion & Malware Propagation, Malicious Code, Phishing, Distributed Denial of Service attacks, Website Defacements, Unauthorised Network Scanning/ Probing activities, Ransomware attacks, Data Breaches and Vulnerable Services. Remedial measures for handling incidents were suggested and implemented in coordination with relevant stakeholders.

CERT-In is an organisation of the Ministry of Electronics and Information Technology, Government of India, intending to secure Indian cyberspace. CERT-In provides Incident Prevention and Response services and Security Quality Management Services.

Building Cyber Resilience

Cyber resilience is a perception that brings operational continuity, information systems security and organisational resilience into one place. This concept describes the ability to continue delivering intended outcomes despite experiencing threats of cyberattacks or natural disasters. In other words, a measured level of information security proficiency and resilience affects an organisation.

A cyber resilience strategy is dynamic for business sustainability. It could deliver paybacks out there, growing an enterprise’s security stance and plummeting the risk of revelation to its critical infrastructure. Cyber resilience also benefits from reducing financial loss and reputational damage. And if an organisation receives cyber resilience certification, it can instil trust in its clients and customers. Further, a cyber-resilient company can optimise the value it generates for its customers, increasing its competitive advantage through effective and efficient operations.

Cyber resilience is defined as the capability of an organisation or business process to:

Anticipate: Maintain a state of informed preparedness to forestall compromises of mission/ business functions from adversary attacks.

Withstand: Continue essential mission/ business functions despite the successful execution of an attack by an adversary.

Contain: Localise containment of crisis and isolate trusted systems from untrusted systems to continue essential business operations in the event of cyber attacks.

Recover: Restore mission/ business functions to the maximum extent possible after the successful execution of an attack by an adversary.

Evolve: To change missions/ business functions and the supporting cyber capabilities to minimise adverse impacts from actual or predicted adversary attacks.

Conclusion

Cyberspace is an intricate environment comprising communications between people, software and services, reinforced by the worldwide dispersal of information and communication technology (ICT) devices and networks.

Due to various benefits of technological advancements, cyberspace today has become a shared platform utilised by people, businesses, critical information infrastructure, the military and governments. Thus it makes it difficult to demarcate clear-cut limits among entities. Cyberspace is anticipated to be more multifaceted in the conceivable future.

Information Technology (IT) is one of the vulnerable sectors with space in cyberspace. It is the most potent growth catalytic agent for the Indian economy. Besides powering India’s economy, this sector is also positively influencing the lives of its people directly or indirectly. The IT sector has been essential in renovating India’s image worldwide. The government has been a critical driver for the increased adoption of IT-based products and IT-enabled services in Public services, Healthcare, Education, Defence and Financial services, etc. Such inventiveness have enabled increased IT adoption in various sectors.

The fast-increasing dependency of man on cyber network systems has an unrestrained generation of cyberthreat called cyberterrorism. The widely available cyberspace has provided a valuable operational space to terrorist organisations for planning and execution of cyberattacks on critical infrastructures, spreading hate propaganda over the Internet and using this platform for recruitment, planning and execution of subversive activities. Moreover, it has thrived terror arrangements and transformed how terrorists operated earlier. The most urgent requirement is to secure our cyberspace from such arduous cyber threats. Articulating a cybersecurity strategy incorporating international organisations is a prerequisite to challenging ever-increasing cyberterrorism, which poses a severe threat to global security.

1. Cyberterrorism How Real Is the Threat? https://www.usip.org ‘ sites ‘ default ‘ files. Accessed on 4 Jan 2023.
2. Cyber Terrorism in India: A Physical Reality Orvirtual Myth https:// journals.indexcopernicus.com ‘ file ‘ viewByFileId. Accessed on 4 Jan, 2023.
3. Countering Cyber Terrorism Effectively – GIAC Certifications https:// www.giac.org ‘ paper ‘ gsec ‘ countering-cy. Accesed on 5 Jan 2023.
4. India saw the highest number of cyberattacks on govt … – Mint https:// www.livemint.com ‘ technology ‘ tech-news. Accessed on 5Jan 2023.
5. Annual Report (2020) https://www.cert-in.org.in. Accessed on 5 Jan 2023.
6. Cyber Crisis Management Plan for Countering … – CERT-In https:// www.cert-in.org.in. Accessed on 5 Jan 2023.

---