EU cyber sanctions

EU imposes first ever cyber sanctions to protect itself from cyber-attacks

• Taking a firm geopolitical stand, the European Union imposed sanctions on targeted individuals and entities from Russia, China and North Korea in a sign that it was tackling cyber warfare head on.
• The European Union has imposed today its first ever cyber-sanctions against six individuals and three entities involved in significant cyber-attacks or attempted cyber-attacks against the EU or its Member States.
• The sanctions include travel bans and the freezing of assets. It is also forbidden for EU persons and entities to make funds available to those individuals and entities listed.
• Since 2017, the EU has put in place a comprehensive cyber diplomacy toolbox, including an autonomous horizontal cyber sanctions regime adopted in May 2019, to prevent, deter and respond to malicious behaviour in cyberspace.
• This regime allows the EU to impose sanctions on persons or entities involved in cyber-attacks threatening the EU or its member states, or attempted cyber-attacks, regardless of the nationality or location of the perpetrator. Sanctions are also possible for cyber-attacks against third States or international organisations.
• The EU and its Member States are concerned by the rise of malicious behaviour in cyberspace by both state and non-state actors, including the abuse of Information and Communications Technologies (lCTs) for malicious purposes, including cyber-enabled theft of intellectual property.
• Malicious cyber activities threaten the integrity, security and economic competitiveness of the EU and undermine international security and stability potentially leading to destabilising and cascading effects with enhanced risks of conflict. They also threaten the very functioning of democracies, our freedoms and our values.

• Within cyberwarfare, the individual must recognize the state actors involved in committing these cyber-attacks against one another.
• There are many other state and non-state actors involved in cyberwarfare, such as Russia, Iran, Iraq, and Al Qaeda.
• China: China's People's Liberation Army (PLA) has developed a strategy called "Integrated Network Electronic Warfare" which guides computer network operations and cyberwarfare tools. This strategy helps link together network warfare tools and electronic warfare weapons against an opponent's information systems during conflict.
• Ethiopia: In an extension of a bilateral dispute between Ethiopia and Egypt over the Grand Ethiopian Renaissance Dam, Ethiopian government websites have been hacked by the Egypt-based hackers in June 2020.
• Iran: In February 2020, the telecommunication network of Iran witnessed extensive disruptions. The Ministry of Information and Communications Technology of Iran confirmed it as a Distributed Denial of Service (DDoS) attack. The Iranian authorities activated the "Digital Fortress" cyber-defense mechanism to repel. Also known as DZHAFA, it led to a drop of 75 percent in the national internet connectivity.
• Israel: In April 2020, there were attempts to hack into Israel's water infrastructure of the Sharon central region by Iran, which was thwarted by Israeli cyber defenses. The cyberattack intended to introduce dangerous levels of chlorine into the Israeli water supply. In June 2010, Iran was the victim of a cyber-attack when its nuclear facility in Natanz was infiltrated by the cyber-worm 'Stuxnet'. Reportedly a combined effort by the United States and Israel
• India: Recently, there were cyber-attacks on Kudankulam Nuclear Power Project (KKNPP), India. This spyware identified as ‘Dtrack’ is programmed to steal data and give the hacker or the ‘threat actor’ complete control over all the infected devices by exposing its credentials and passwords.

• For Individuals: Photos, videos and other personal information shared by an individual on social networking sites can be inappropriately used by others, leading to serious and even life-threatening incidents.
• For Business Organizations: Companies have a lot of data and information on their systems. A cyber attack may lead to loss of competitive information (such as patents or original work), loss of employees/customers private data resulting into complete loss of public trust on the integrity of the organization.
• For Government: A local, state or central government maintains huge amount of confidential data related to country (geographical, military strategic assets etc.) and citizens. Unauthorized access to the data can lead to serious threats on a country.
• Various programs of government such as Aadhaar, MyGov, Government eMarket, DigiLocker, Bharat Net, etc. is prompting a larger number of citizens, companies and government agencies to transact online.
• India is the third largest hub for technology-driven startups in the world and its ICT sector is estimated to reach $225 billion landmark by 2020.
• Increasing vulnerability: India the fifth-most vulnerable country in the world in terms of cyber security breaches. India saw at least one cybercrime every 10 minutes during the first half of 2017, including more sophisticated cyber threats, such as the WannaCry and Petya ransomware.
• Increasing internet users: India ranks 3rd in terms of the number of internet users after USA and China. By 2020, India is expected to have 730 million internet users with 75% of new users from rural areas.
• Increasing online transactions: For e.g., by 2020, 50% of travel transactions will be online, and 70% of e-commerce transactions will be via mobile.
• Government’s digital push: Various programs of government such as Aadhaar, MyGov, Government e- Market, DigiLocker, Bharat Net etc. are prompting a larger number of citizens, companies and government agencies to transact online.
• VhjStart-ups digital push: India is the third largest hub for technology-driven startups in the world and its ICT sector is estimated to reach $225 billion landmark by 2020.
• India accounted for 5.09 per cent of all cyber attacks such as malware, spam and phishing attacks detected globally in 2017.
• Prevent economic loss: The estimated cost of cyber-attacks in India stands at four billion dollars which is expected to reach $20 billion in the next 10 years

• To safeguard against Digital enemies, India needs to put in place a high-level Artificial Intelligence security system along with other digital security mechanisms to protect the digital borders.
• Digital enemies are very powerful and to safeguard our systems, we need to put in place a high-level Artificial Intelligence system along with other digital security mechanisms. We may be sitting at a time bomb and we must take every measure to defuse it. 

• Lack of Cyber security Workforce: The Indian military, central police organizations, law enforcement agencies and others are deficient in manpower, for software and hardware aspects integral to this field.
  • Moreover, there is a growing demand for professionals in Artificial Intelligence (AI), Block Chain Technology (BCT), Internet of Things (IoT) and Machine Learning (ML).
  • According to several estimates there is a need for at least three million cyber security professionals today.
• Lack of Active Cyber Defense: India doesn’t have the ‘active cyber defense’ like the EU's General Data Protection Regulation (GDPR) or US’ Clarifying Lawful Overseas Use of Data (CLOUD) Act.
• Dependency on Foreign Players for Cyber Security Tools: India lacks indigenization in hardware as well as software cyber security tools.
  • This makes India’s cyberspace vulnerable to cyber-attacks motivated by state and non-state actors.
• External Challenges: Challenges such as growing Chinese influence in Indian telecom space, social media is becoming a powerful tool for dissemination of “information” making it difficult to differentiate fact from fake news.

• With countries resorting to digital warfare and hackers targeting business organizations and government processes, India has to create awareness that not a single person or institution is immune to it.
• Strengthening of Existing Cyber Security Framework: National cyber security projects such as the National Cyber Coordination Centre (NCCC), National Critical Information Infrastructure Protection Centre (NCIIPC) and the Computer Emergency Response Team (CERT) need to be strengthened manifold and reviewed.
• Bringing Cyber Security in Education: Educational institutions including central universities, private universities, industry associations, Industrial Training Institutes (ITIs) must incorporate courses on cyber security.
• Integrated Approach: Given increasing dominance of mobile and telecommunication, both National cyber security policy and National Telecom Policy will have to effectively coalesce to make a comprehensive policy for 2030.

However, India is among the top few countries facing cyber-attacks. Globally, it is estimated that the cost of cyber-attacks for 2017 added up to around $600 Billion. The number mounts up every year, and by 2021 experts is suggesting a figure of $6 Trillion per year. Hence, proper coordination is needed between the countries, coordinator and respective regulators to negate this menace.