Geopolitics and cybersecurity have become inextricably linked. Situations are raising the need for new cybersecurity measures
Around three weeks back, I wrote an article on how the Ukraine conflict is all set to shape the cyber threat landscape in 2023. The article spoke about a series of attacks on government and businesses, in India and across the globe.
State-sponsored threat actors have targeted over 100 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).
“Considering the serious nature of these threats; nations and organizations need to step up to prepare for disruptive cyberattacks and espionage attempts. Moving forward, geopolitics will play a major role in cyberattacks,” said Brijesh Singh, IPS, Additional Director, Maharashtra Police at the Economic Times Security Tech Summit in Mumbai.
Cyber operations are becoming part of today’s armed conflicts and can disrupt the functioning of critical infrastructure and vital services to the civilian population.
“There needs to be a broader public awareness of nation-state cyberattacks. Products, policies, and tools are not enough. The government and the industry need to invest in security at all times,” Singh said.
Disinformation and weaponisation
Two common tactics used in cyber warfare are disinformation (intended spreading of false information) and fake news (a propaganda and disinformation masquerading as real news).
Singh highlighted on how disinformation is extremely rampant in the cyber world. “Weaponization of information is witnessed across the globe. If there is a data breach, one can create number of ‘avatars’, who then start interfering with the democratic processes (like elections) of a country,” he said.
He shared an example of how hackers who stole customer data from Australia’s largest health insurer Medibank released a file of pregnancy terminations.
No rule in cyber war
Unlike conventional wars, where there are rules like the Geneva Convention, cyber war is free-for-all.
“There are no well-enforced rules surrounding the conduct of war in cyberspace. You never know how a country will react to a cyberattack,” Singh said.
He cited an instance of how a cyberattack was repelled by a kinetic attack in recent times. Palestinian terrorist organization Hamas was conducting a cyber operation against Israel. Once Israel knew of this operation, it bombed the cyber headquarters of Hamas.
Digital Personal Data Protection Bill
On 18th November, the Union government released the new version of the Digital Personal Data Protection Bill (DPDP Bill), 2022.
“As a law enforcement officer, I want the Bill passed as it would give me an opportunity to protect my citizens. Today, there are many instances where we are unable to seek information to protect the rights of the populace,” Singh said.
Drawing a parallel with the EU general data protection regulation (GDPR), Singh said that DPDP Bill is on the lines of GDPR. “We all complied with GDPR, and have an experience of the regulation in terms of customer data, cross-border data, etc. Complying with our Bill should not be a difficult task,” he said.