mgp cc - is Flashcards
(7 cards)
Question,Answer
- What is Cybersecurity?
Information Technology Act, 2000 (IT Act) says cybersecurity is → protecting information, equipment, devices, computer, computer resource, communication device & information stored from → unauthorized access, use, disclosure, disruption, modification or destruction.”
- What are different types of Cyber threats?
1) Cyber Espionage- use of computer networks → to access illegally → confidential information (usually held by a government/organization). Ex: 2014 hacking of US companies, NSA surveillance program. carried out by State with dedicated systems. 2) Cyber Crime/ attack- any type of offensive maneuver → by individuals /whole organizations (non-state actors) targeting → computer information systems +infrastructures + computer networks with intention to damage/destroy targeted computer network /system. 3) Cyber Terrorism- convergence of terrorism and cyberspace, acts of terrorism using cyber technologies. Includes activities → websites spreading extremist propaganda +recruiting terrorists. Carried out by non-state actors. 4) Cyber Warfare- includes the actions of nation-state or its proxies → penetrate another nation’s computers or networks → purposes of espionage+ damage + disruption. Ex: USA’s Stuxnet attack on Iran nuclear enrichment prog. The US CYBERCOM → unified combatant command → recognized as separate arena of warfare.”
- What are the different types of cyber-attacks?
1) Virus ( computer program code- corrupts data), Malware ( program/software - intent to compromise victims’ data of confidential nature) , Denial of service- DoS ( attacker limits access of legitimate users to computer systems and networks), Bluetooth hijacking - bluejacking ( private information stolen through Bluetooth), Spyware ( sends user activity info without his/her acknowledgement), Phishing (targets are lured to provide sensitive information by posing as a legitimate website), Domain name systems attack etc. 2) Examples: Chinese hacker group APT 10/ Stone Panda attacked →Covid-19 vaccine manufacturers in India. In Nov 2020, Microsoft detected cyber-attacks from Russia and North Korea targeting → Covid-19 vaccine companies in India, France, Canada, South Korea and US. February 2021, a US-based cyber company cautioned about Chinese group→ Red Echo. Red Echo→ using malware ‘ShadowPad’ to target India’s power sector. a. Other attacks: hacking at Cosmos bank, Petya Ransomware, Wannacry ransomware, data theft at Zomato.”
- Why Cyber - attacks have become common nowadays?
Cyber-attacks are ‘borderless and anonymous’, difficult to track down → source or identity of attacker + low cost of carrying out attacks; Cyber-attacks can be made from multiple sources, kilometers apart; Cyberspace → Fast changing and complex, difficult for cybersecurity measures to catch up; ‘Critical Infrastructure’ using cyberspace → makes it easy targets.”
- What are the Cybersecurity measures taken in India?
1) Legal Framework: a. Information Technology Act (IT) 2000 (amended in 2008) → primary law for dealing with cybercrime b. National Cyber Security Policy, 2013 objectives: create a secure and robust cyber-ecosystem; guide users actions → for protection in cyberspace, strengthen→ regulatory framework → to secure cyber ecosystem; develop indigenous technologies. 2) Institutional Measures: a. National Critical Information Infrastructure Protection Centre - NCIIPC (under Section 70A of the IT Act)- designated as ‘national nodal agency’ in respect of critical information infrastructure protection, aims → to protect + safeguard critical information infrastructure (CII) against cyberterrorism. b. CERT-In (Cyber Emergency Response Team – India) -under Section 70B of the IT Act. → national ‘nodal agency’ to respond against computer security threats c. National Cyber Security Coordination Centre (NCCC): perform real-time threat assessment + create situational awareness → cyber threats to the country. d. Cyber Swachchta Kendra: platform for users →analyse and clean their systems of viruses, bots/ malware, Trojans, etc. 3) Other measures: Cyber Surakshit Bharat Initiative: initiative to spread awareness + capacity building of Chief Information Security Officers (CISOs) and frontline IT staff, Indian cyber -crime coordination centre (I4C) & Cyber Warrior Police Force - tackle internet crimes. State initiatives like Cyberdome (Kerala govt)- technological R&D centre and centre for excellence for Cybersecurity, ‘cyber
