Adarsh's Guide to Cybersecurity, AI and CAREER Advancement

While G20 meeting is being hosted by India to discuss digital public infrastructure, a shocking revelation has unfolded—a massive data breach that triggered intense speculation. A Telegram channel purportedly offered access to a database containing personal information of individuals who had received COVID-19 vaccines. Details such as phone numbers, dates of birth, Aadhaar, and passport information were allegedly exposed. While the government denied any breach and reassured the public of data safety, security researchers were astounded by the accuracy of the leaked information. This incident raises significant concerns about cybersecurity in India and highlights the urgent need for preventive measures and accountability.

Previous incidents of data breaches in India have sparked similar debates, often marked by initial denial and subsequent admissions. The breach at the All India Institute of Medical Sciences (AIIMS) and the Kudankulam Nuclear Plant are notable examples. Denials were followed by eventual confirmation of the breaches. However, identifying the perpetrators behind these attacks has been a persistent challenge for Indian agencies, revealing a critical gap in the country’s ability to prevent cyber threats and secure its cyberspace. Denial not only allows the real culprits to evade justice but also exposes ordinary citizens to further vulnerabilities.

Unlike physical thefts, stolen data cannot be recovered or returned to its rightful owners. Once a database is breached, the compromised data remains permanently compromised. Hackers can exploit these details to target unsuspecting victims, posing ongoing threats to their privacy and security. Changing certain data, such as dates of birth or Aadhaar numbers, is impossible, leaving individuals permanently exposed. This highlights the need for proactive measures to safeguard data and prevent breaches.

India faces both technical and managerial challenges in combating cyber threats. While the country has dedicated organizations like CERT-In and NCIIPC for cybersecurity, their budget allocations fall short of the requirements for effectively protecting various systems. Insufficient resources hinder capacity building and limit their involvement during the design phase of digital governance initiatives. To address this, it is crucial to mandate allocating significantly higher budget towards cybersecurity. Additionally, providing a dedicated budget to CERT-In and NCIIPC, along with passing a privacy bill, can demonstrate the government’s commitment to safeguarding citizen data.

Cybersecurity is a shared responsibility, requiring collaboration among multiple agencies, organizations, and information security professionals. India boasts a pool of highly skilled cybersecurity experts, but their potential remains largely untapped. It is essential to harness their expertise for research and operational deployments. Breaking silos, increasing budgets, and promoting meaningful cooperation can strengthen India’s cyber defense capabilities, reducing the risk of catastrophic failures.

The recent data breach incident serves as a wake-up call for India’s digital public infrastructure. As I have mentioned before, India has become the Ransomware Capital of the world. Strengthening cybersecurity measures and holding accountable those responsible for protecting citizens’ data are crucial steps in mitigating future threats. By allocating adequate resources, engaging information security professionals, and fostering collaboration, India can enhance its cyber resilience and secure its cyberspace for the benefit of all. We are very close to a digital catastrophe otherwise.