1) The world is hardly wired for cyber resilience
GS 3- Cybersecurity
Context: In the given article author talks about the risks associated with cybersecurity attacks and the vulnerability of nations.
What’s the issue?
- A string of high-profile cyberattacks in recent months has exposed vulnerabilities in the critical infrastructure of even advanced nations.
- This has reinforced the need for improved defences against actual, and potential, cyberattacks by all countries across continents.
America under attack
- Several high-profile cyberattacks were reported from the United States during the past several months.
- Major cyberattack headlined ‘SolarWinds’ — and believed to have been sponsored from Russia — had rocked the U.S.
- It involved data breaches across several wings of the U.S. government, including defence, energy and state.
- In early 2021 in an cyberattack, by a Chinese group Hafnium, which had exploited serious flaws in Microsoft’s software, thus gaining remote control over affected systems.
- The U.S. has witnessed three more major attacks: an audacious ransomware attack by Russia/East Europe-based cybercriminals, styled DarkSide, on Colonial Pipeline (which is the main supplier of oil to the U.S. East Coast).
- Another Russia-backed group, Nobellium, next launched a phishing attack on 3,000 e-mail accounts, targeting USAID and several other organisations.
Now, civilian targets
- These attacks were all primarily on civilian targets, though each one was of critical importance.
- Cyber, which is often referred to as the fifth domain/dimension of warfare, is now largely being employed against civilian targets, bringing the war into our homes.
- Most nations have been concentrating till date mainly on erecting cyber defences to protect military and strategic targets, but this will now need to change.
- A whole new market currently exists for Zero day software outside the military domain, and the world must prepare for this eventuality.
- Defending civilian targets, and more so critical infrastructure, against cyberattacks such as ransomware and phishing, including spear phishing, apart from unknown Zero day software, is almost certain to stretch the capability and resources of governments across the globe.
- One related problem is that the distinction between military and civilian targets is increasingly getting erased and the consequences of this could be indeterminate.
- 2012 cyberattack on Aramco, employing the Shamoon virus, which wiped out the memories of 30,000 computers of the Saudi Aramco Oil Corporation.
- Cyber warfare is replete with several damaging methodologies. In the civilian domain, two key manifestations of the ‘cat and mouse game’ of cyber warfare today, are ransomware and phishing, including spear phishing.
- Ransomware attacks have skyrocketed, with demands and payments going into multi-millions of dollars. India figures prominently in this list, being one of the most affected.
- India, today face a catastrophic situation, if attacked, and may even have to cease operations.
- Need to be aware of the nature of the cyber threat to their businesses and take adequate precautionary measures, has become extremely vital.
- Banking and financial services were most prone to ransomware attacks till date, but oil, electricity grids, and lately, health care, have begun to figure prominently.
Zeroing in on health care
- What is specially worrisome at this time, when a pandemic is raging, is the number of cyberattacks on health-care systems. With data becoming a vital element in today’s world, personal information has become a vital commodity.
- Compromised ‘health information’ is proving to be a vital commodity for use by cybercriminals.
- All indications are that cybercriminals are increasingly targeting a nation’s health-care system and trying to gain access to patients’ data. The available data aggravates the risk not only to the individual but also to entire communities.
- Cybercriminals are becoming more sophisticated, and are now engaged in stealing sensitive data in targeted computers before launching a ransomware attack.
- This is resulting in a kind of ‘double jeopardy’ for the targeted victim.
- Many cybercriminals are known to practise ‘reverse engineering’ and employ ‘penetration testers’ to probe high secure networks.
- Motivation for cyberattacks vary: for (some) nation states, the motivation is geopolitical transformation; for cybercriminals, it is increased profits; for terror groups, the motivation remains much the same, but the risk factor may be lower.
Need for data protection
- Cybersecurity essentially hinges on data protection. As data becomes the world’s most precious commodity, attacks on data and data systems are bound to intensify.
- Ensuring data protection could, hence, prove to be a rather thankless task, complicating the lives of Information and other security professionals.
- The data life cycle can broadly be classified into data at rest (when it is being created and stored), data in motion (when it is being transmitted across insecure and uncontrolled networks), and data in use (when it is being consumed).
- Cybersecurity professionals are now engaged in building a ‘Zero Trust Based Environment’, viz., zero trust on end point devices, zero trust on identity, and zero trust on the network to protect all sensitive data.
- Few companies are using, Zero Trust Based environment employing: software defined solutions for agile perimeter security, secure gateways, cloud access security, privileged access management, threat intelligence platforms, static and dynamic data masking.
Preparation is needed
- Building deep technology in cyber is essential. New technologies such as artificial intelligence, Machine learning and quantum computing, also present new opportunities.
- Nations that are adequately prepared — conceptually and technologically — and have made rapid progress in artificial intelligence and quantum computing and the like will have a clear advantage over states that lag behind in these fields.
- Pressure also needs to be put on officials in the public domain, as also company boards, to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.
- According to, IBM Chairman, Arvind Krishna, that cybersecurity will be “the pressing issue of this decade” and that “value lies in the data and people are going to come after that data”.
2) Planning for a biosecure future
GS 3-Biotechnology, Internal Security
Context: In the given article the author talks about the need to be more secure on the national security front in the domain of technology.
What’s the matter?
- The preparedness of nation states and tenuous global security arrangements were insufficient in dealing with the COVID-19 crisis.
- The future of national security , therefore, will be forced to undergo a paradigm shift if it must retain any policy impact at all — it would need to rethink the sources of insecurity.
- The growth of exponential technologies such as synthetic biology, artificial intelligence and nanotechnology is bound to change the theory and practice of national security.
- The rapid rise of synthetic biology in the last two decades haven’t received sufficient attention from the security studies or policy communities.
- COVID-19 has further highlighted the biosecurity concerns of synthetic biology.
Synthetic biology
- That new organisms, biological parts and devices can be created or that existing natural life forms can be redesigned should ideally be the subject matter for scientists to concern themselves with or for ethicists to debate.
- There is a growing realisation that exponential technologies have hitherto unforeseen national and global security implications.
- In 2014, for instance, the U.S. Department of Defense categorised synthetic biology as one of the six ‘disruptive basic research areas’ even though linkage between national security and synthetic biology is yet to become an agenda item in mainstream national security debates.
- Synthetic biology is a revolutionary technology which can help us manipulate biological organisms and processes for human betterment, especially in treating diseases, by re-engineering cells. But it is a double-edged sword.
- There are many risks associated with the technology which must be addressed before it becomes widely accessible. For one, there is the possibility of deliberate misuse.
- There is a need to carefully review, especially in the wake of the pandemic, the biosecurity systems in place where such technologies are in use.
- Accidental leaks of experimental pathogens are another concern. Insufficiently trained staff, inadequately safeguarded facilities, and lack of proper protocols could all be behind such leaks.
- There has been very little focus on threats emanating from biological sources.
- A well-orchestrated biological attack could have serious implications even though it would be less ‘spectacular’ since its effects are less immediate.
- Unlike the nuclear domain, the fields of biology or synthetic biology are not regulated internationally despite growing military interest in synthetic biology applications and their potential misuse.
- The ‘weapon of mass destruction’ (WMD) capability of bio-weapons has been long recognised but very little has been done by the international community about it.
- Of the three types of WMD, nuclear weapons have received the maximum safety and security attention given the treaty and institutional arrangements associated with it. Chemical weapons come next.
- In case of bio-weapons, just one convention i.e. the Biological and Toxin Weapons Convention (BTWC) of 1972 with no implementing body.
- The BTWC does not have a verification clause, nor does it have clearly laid down rules and procedures to guide research in this field.
- According to Ar 1 of the treaty, while bio-weapons are banned, research for medical and bio-defence purposes are allowed.
- Pandemics have also highlighted that the traditional distinction at the international institutional level between biological weapons (a field governed by the BTWC) and diseases (a domain under the World Health Organization) may not be useful anymore.
- There needs to be more conversation between health specialists and bio-weapons/defence specialists.
- The November 2021 BTWC review conference must take stock of the advances in the field, address the thinning line between biotechnology research and bio-weapons research, and consider international measures for monitoring and verification.
India uniquely unprepared
- India is at a uniquely disadvantaged position compared to the more developed countries in this area given poor disease surveillance, insufficient coordination among various government departments dealing with biosecurity issues, and the pathetic state of the healthcare system.
- India has multiple institutions dealing with biosafety and biosecurity threats but there is no coordination among them.
- The multiplicity of bodies and ministers makes coordination difficult, especially in the absence of an empowered coordinating body.
- And, given the rising risk of diseases of zoonotic origin, the traditional ministry-wise separation might not be useful.
Conclusion:
Another important question is whether India, with its porous borders and ill-trained border control institutions, is prepared for defending against pathogens or dangerous biological organisms or agents arriving from abroad. COVID-19 should serve as a wake-up call.