Editorial of the Day (26 Dec): Digital India and its issues with Cybersecurity

Context: In October 2023, Resecurity (US Firm) revealed a significant data breach, exposing the personal details of 55% of Indians on the dark web, which was offered for $80,000, leading to Delhi police arresting four individuals.

India’s Issues With Cybersecurity: An Overview

U.S Data Breach Response

• Activation of Computer Emergency Response teams post-breach.
• Public advisories and guidance for affected users.
• Implementation of both immediate and long-term response plans.

We’re now on WhatsApp. Click to Join

Contrast with Indian Approach

• Indian Government’s Handling of Breaches: Characterised by denial and unclear official responses.
• Lack of Communication: The Indian public often remains uninformed about personal data breaches. The absence of proactive measures leaves citizens vulnerable until the next breach.
• Governmental Immunity to Market Forces: Unlike businesses, the Indian government lacks a comprehensive long-term cybersecurity strategy due to the absence of market force pressures.

Challenges Cyber Security in India

• Misuse of Aadhaar: Despite the Supreme Court’s prohibition, Aadhaar registration has been made mandatory by the government and various sectors for accessing social services and benefits. This compulsion introduces a significant risk of digital data breaches to Indian citizens.
  • For e.g. Earlier leaks included personal details from the CoWin website.
• Normalisation of Data Breaches: Frequent news of data breaches, including at UIDAI, is leading to the normalisation of personal data loss.
• Criticism of UIDAI’s Regulation: Various organisations such as from Brookings Moody’s to the CAG, have called out UIDAI on its failure to properly regulate its client vendors and address security, lack of transparency and accountability.
• Limitations of Perfect Security: No government or company can guarantee absolute security for personal data.
• Gaps in India’s Data Protection Act: The Act does not adequately cover sensitive health information. Under Clause 17(4), in fact, the government is exempt from provisions of data retention and erasure of personal data.

Recommendations

• Government of India’s Required Actions:
  • Prioritise prevention, detection, assessment, and remediation of cyber incidents.
  • Recognize digital infrastructure as vital to national and economic security.
  • Enhance trust in state digital infrastructure through increased transparency and accountability.
  • Establish a cyber security board with government and private sector members.
  • Adopt zero-trust architecture and standardised response to cybersecurity issues.
  • Implement strategies to defend and modernise state networks and update incident response policies.
• Centering Policies on People:
  • Immediate information and assistance to citizens following cyber incidents.
  • Focus on building a Digital India that prioritises citizen safety and privacy.

Sharing is caring!