From UPSC perspective, the following things are important :
Prelims level: Dark web
Mains level: cybersecurity
Central idea
The increasing frequency of data breaches in India, exemplified by the recent dark web sale of sensitive personal information of 815 million citizens, underscores a pressing cybersecurity challenge. India’s inadequate incident response strategies, lack of transparency, and failure to prioritize cybersecurity pose risks to individuals and national security. A comprehensive approach, focusing on prevention, detection, and transparency, is imperative for building a resilient and secure digital infrastructure in India.
Key Highlights:
- Resecurity, a US company, revealed the sale of sensitive personal data of around 815 million Indians on the dark web.
- The data included Aadhaar numbers, passport information, and addresses, posing a significant threat to individuals.
- Previous instances of data leaks in India, such as the CoWin website breach and AIIMS ransomware attack, highlight a recurring issue.
Key Challenges:
- India faces a rising trend of data breaches, with the potential for severe consequences like identity theft and financial scams.
- Lack of effective incident response strategies in India compared to countries like the US, where cybersecurity standards are being strengthened.
Key Terms:
- Dark web, Aadhaar, Passport number, Ransomware, Cybersecurity, Data breach, Incident response.
Key Phrases:
- “Leaking of sensitive information poses a severe threat to individuals’ financial well-being.”
- “India’s mobile phone usage, enhanced banking access, and growing market size make it an attractive target for bad actors.”
Key Quotes:
- “The constant flow of news about data breaches is normalizing massive losses of personal data.”
- “India’s response to data breaches is criticized for its lack of transparency, accountability, and effective incident response.”
Key Statements:
- “Data breaches are at an all-time high globally, and India is particularly vulnerable due to its economic growth and large population.”
- “Incident response strategies in India are characterized by denials and lack of transparent communication with affected citizens.”
Key Examples and References:
- Resecurity’s revelation of the sale of Indians’ personal data on the dark web.
- Previous data breaches in India, including the CoWin website leak and the AIIMS ransomware attack.
Key Facts:
- The data set on the dark web contained personally identifiable information of approximately 815 million Indian citizens.
- India lacks a long-term cybersecurity strategy, leading to inadequate handling of data breaches.
Key Data:
- The sensitive personal data of 815 million Indians was available on the dark web for a price of $80,000.
Critical Analysis:
- India’s response to data breaches is criticized for its lack of transparency, accountability, and effective incident response.
- The Data Protection Act in India is deemed insufficient, especially in addressing sensitive health information.
Way Forward:
- Prioritize the prevention, detection, assessment, and remediation of cyber incidents in India.
- Establish a cybersecurity board with government and private sector participation for concrete recommendations.
- Adopt a zero-trust architecture and mandate a standardized playbook for responding to cybersecurity vulnerabilities.
- Inform and empower citizens immediately, taking responsibility for their protection and remediation in the aftermath of cyber incidents.
Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024