Cyber Review-June 2024
Anurag Sharma, Associate Fellow, VIF

National

Estonia is looking to partner with Bharat to strengthen its cyber security infrastructure.

According to government officials, Estonia is looking forward to partnering with Bharat to strengthen the cyber security infrastructure of both countries. Estonia faces several cyber-attacks from Russia, and Bharat faces a similar threat from neighbouring China. "We are keen to work with India and to conduct cyber exercises here. Globally, there is a rise in cyber-attacks, and Estonia is also facing attacks from hackers," said Jonatan Vseviov, Secretary-General of Estonia's Ministry of Foreign Affairs (MoFA). Earlier, government officials in Bharat highlighted that New Delhi faces many cyber-attacks from Beijing, where a group of state-backed hackers have increased cyber-attacks on Bharat's critical infrastructure.

"China's army of hackers is part of the country's information warfare apparatus, and it aims to access information and primarily hold it as ransomware," said Mart Noorma, Director of the North Atlantic Treaty Organisation (NATO) Cooperative Cyber Defence Centre of Excellence (CCDCoE). "We welcome like-minded democratic nations like Bharat (India) to join us. This will help in cyber knowledge and exchanging methods to address cyber-attacks. The cooperation will help a large-scale coalition through research, training, and exercises," added Noorma.[1]

SEBI introduced a cyber security and cyber resilience framework for all registered entities

On 27 June, the SEBI (Securities and Exchange Board of India) announced that associated or registered entities must implement a framework to improve cyberinfrastructure, mainly security and resilience. The new cyber standards and practices will need to be adopted by the entities that already have the SEBI-prescribed cyber security and resilience structures by 01 January 2025 and by the rest of the entities by 01 April 2025.[2]

International

A string of cyber-attacks on the US water systems disrupted water availability in three States

In May 2024, the City of Wichita's administration witnessed a cyber-attack on their water utility systems, including water metering, billing, and payment processing systems, followed by targeting water utility systems in other States- Kansas, Texas, and Pennsylvania. According to Ryan Witt, Vice President of a cyber security firm— Proofpoint, "Despite rising fears of AI use in cyber threats, the go-to criminal way into systems remains preying on human foibles, be it via phishing, social engineering, or a system still running on a default password — 'old school' cyber-attacks." An attack in 2023, carried out by an Iranian-supported activist group against 12 water utilities in the US, reinforced how purposeful an attacker's mindset can be.[3]

Indonesia refused to pay a ransom of $8 million against compromised data from its National Data Centre

Over 200 Indonesian government agencies' cyber operations were disrupted at national and international levels after their National Data Centre was compromised by a hacking group asking for a ransom of $8 million that the government refused to pay. Some government services have returned — immigration services at airports and elsewhere are now functional — but efforts continue to restore other services, such as investment licensing. "The attackers have held data hostage and offered a key for access in return for the $8 million ransom," said PT Telkom Indonesia's Director of Network & IT solutions, Herlan Wijanarko, without giving further details. "We have tried our best to carry out recovery while the (National Cyber and Crypto Agency) is currently carrying out forensics," Communication and Informatics Minister Budi Arie Setiadi told journalists that the government won't pay the ransom.[4]

Australia's Data and Digital Ministers agreed on the National Government's approach to Artificial Intelligence

On 21 June, Australia's Data and Digital Ministers agreed to and released the "National Framework for Assurance of AI in government" in Darwin. The document is a framework that enables flexibility for individual jurisdiction's needs while defining consistent expectations for oversight of AI and people's experience of government. Minister for Finance and the Australian Public Service— Katy Gallagher said: "Trust in the community is crucial if we are going to be able to successfully integrate AI into the existing suite of services that governments of all levels provide, and this framework takes a big step forward in building that trust."[5]

CISCO will establish a cyber security centre in Taiwan

In mid-June 2024, networking equipment made CISCO announce the setting up a cyber security centre in Taiwan and work with the government to train people to work in the sector. In addition, Cisco aims to collaborate with relevant tech associations to establish a security centre in Taiwan for enhanced threat intelligence and cyber readiness. The nice thing about the digital acceleration programme is that there is no ceiling on investments. We continue to make them," he said of the project, which also covers artificial intelligence in areas like transport and sustainability operations at Kaohsiung port in southern Taiwan.[6]

Endnotes

[1]Barik, Soumyarendra. “Estonia looks at India partnership to beef up cybersecurity infrastructure”, The Indian Express, 24 June 2024, https://indianexpress.com/article/business/estonia-looks-indian-partnership-cybersecurity-infrastructure-9410636/
[2]“SEBI introduces cyber security, cyber resilience framework for all registered entities”, MoneyControl, 27 June 2024, available from: https://www.moneycontrol.com/news/business/sebi-introduces-cyber-security-and-cyber-resilience-framework-for-all-registered-entities-12757684.html
[3]Jockims, Trevor Laurence. “America’s drinking water is facing attack, with links back to China, Russia, and Iran”, CNBC, 26 June 2024, available from: https://www.cnbc.com/2024/06/26/americas-drinking-water-under-attack-china-russia-and-iran.html
[4]Karmini, Niniek. “Indonesia won't pay an $8 million ransom after a cyberattack compromised its national data center”, The Washington Post, 25 June 2024, https://www.washingtonpost.com/business/2024/06/25/indonesia-ransomware-attack-national-data-center/fb8c795a-32ad-11ef-872a-1d22f44a0d95_story.html
[5]“Data and Digital ministers agree on national govt approach to AI”, Capital Brief, 21 June 2024, available from: https://www.capitalbrief.com/briefing/data-and-digital-ministers-agree-on-national-govt-approach-to-ai-e9d32d10-619d-4e5d-976c-3221869e4de9/
[6]Reuters.”Cisco to establish cyber security centre in Taiwan”, Reuters, available from: https://www.reuters.com/technology/cybersecurity/cisco-establish-cybersecurity-centre-taiwan-2024-06-17/

Contact Us