The Editorial Analysis: Reporting Cyber Attacks

Table of Contents

Cyber Crimes UPSC: Relevance

GS 3 Awareness in the fields of IT, Space, Computers, robotics, Nano-technology, bio-technology.

In a recently held cyber security event, the Ministry of State indicated that Ministry of Electronics and Information Technology (MeitY) is likely to come out with new cyber security regulations.

The essence of the cyber security regulation will be to put the onus on organisations to report any cyber-crime that may have happened against them, including data leaks.
Even Data Protection Bill 2021 says that data fiduciaries should report any personal and non-personal data breach incident within 72 hours of becoming aware of a breach.
Even the golden standard for data protection, namely the European Union General Data Protection Regulation (EU GDPR), speaks about reporting data breach incidents within a stringent timeline.

संपादकीय विश्लेषण: साइबर हमलों की रिपोर्टिंग

It was predicted that Cyber-crime would inflict damages totalling $6 trillion globally in 2021.
If cyber-crime would have a country, it would be the world’s third-largest economy after the U.S. and China.
The ransomware attack against the nationwide gas pipeline in 2021 in the U.S. virtually brought down the transportation of about 45% of all petrol and diesel consumed on the east coast.
Hence, it is important that government and state-owned enterprises should also report cyber-crime so that corrective actions can be taken on the security of critical infrastructure of the nation.

If incidences are reported, the Indian Computer Emergency Response Team (CERT-In) and others can alert organisations about the associated security vulnerabilities.
Also, firms not yet affected can also take precautionary measures such as deploying security patches and improving their cyber security infrastructure.

Firms are generally reluctant to notify the breach incidents to the regulators because any security or privacy breach has a negative impact on the reputation of the associated firms.
According to a study conducted by Comparitech, the share prices for firms generally fall around 3.5% on average over three months following the breach.
Moreover, in the long term, breached companies underperformed in the market.
After one year, share price of breached firms fell 8.6% on average, resulting in a poor performance in the stock market.
So, firms weigh the penalties they face for not disclosing the incidents versus the potential reputational harm due to disclosure, and decide accordingly.

Data laws: The data laws should deal with reporting of cyber-crime in a more comprehensive manner.
Cyber security audits: Third party periodic security audits should be conducted in the firms. These audits should be comprehensive enough to identify such incidents that might not have been reported by the firm, or even by the state-agencies.
Common Criteria Testing Laboratories: These bodies can be extended towards cyber security audits and assessments as well.
- Common Criteria Testing Laboratories are the bodies set up by the MeitY to evaluate and certify IT security products and protection profiles as part of cyber security assurance initiatives.
Cyber security command centre: Alike IBM in Bengaluru, other large firms can also be encouraged to set up such centres for protection of their firms’ assets.

Read current affairs for UPSC

SWIFT Ban on Russia \| Russia Ukraine War	SPARSH: System for Pension Administration	Fair and Remunerative Prices: Maharashtra Issues Resolution	Chernobyl Disaster: Russian Invasion, Causes and Consequences
EX DHARMA GUARDIAN-2022	NBFC to Implement Core Financial Services Solution by 2025	Sustainable Cities India Program	DEVAYATANAM \| Conference on Indian Temple Architecture
Brick Kilns in India: MoEFCC Releases New Guidelines	Ex Cobra Warrior 22	Draft Integrated Plant Nutrition Management Bill 2022	National Strategy on Additive Manufacturing
MILAN 2022	GOBAR DHAN Scheme: PM Inaugurates Asia’s Biggest Biogas Plant	Jal Jeevan Mission \| Har Ghar Jal by 2024	Annual Frontier Report 2022