National

Cert-In issued “Guidelines on Information Security Practices” for government entities for safe and trusted Internet

The Bharatiya Computer Emergency Response Team (CERT-In), on 30 June 2023, released guidelines on information security practices, issued under the Section 70-B of Information Technology (IT) Act, 2000 (21 of 2000), applying to all Ministries, Departments, Secretariats, and offices specified in the First Schedule to the Government of Bharat (Allocation of Business) Rules, 1961. “The Government has taken several initiatives to ensure safe, trusted and secured cyber space. We are expanding and accelerating on cyber security— with focus on capabilities, system, human resources and awareness,” said Minister of State (MoS) for Electronics & Information Technology and Skill Development and Entrepreneurship— Rajeev Chandrasekhar.

The guidelines are a roadmap for the government entities and industries to reduce cyber risk, protect data, and continue to improve cyber security ecosystem in Bharat. These guidelines will also serve as a fundamental document for audit teams, including internal, external, and third-party auditors, to assess an organisation’s security posture against the specified cyber security requirements. “The guidelines are an important part of our larger cyber security framework being built under the leadership of our PM Narendra Modi ji as Bharat [India] takes rapid strides towards USD 1 Trillion Digital Economy,” said MoS Chandrasekhar.^[1]

Third meeting of ‘G20 Digital Economy Working Group (DEWG)’ emphasized on DPI, Digital Skilling, and Cyber Security in Digital Economy

The three-day 3rd meeting of ‘G20 Digital Economy Working Group (DEWG) concluded on 14 June 2023 in Pune, Maharashtra. The agenda of the meeting included the Global Digital Public Infrastructure (DPI) Summit and Global DPI Exhibition as the side events and close-door meetings among the G20 delegates, invited countries on the priority areas.

The summit provided the global platform to discuss sector agnostic (foundational) and sectoral DPIs that inter-alia involved leadership, policy & practitioner level insightful, thought provoking and future shaping discussions among overall 60 Global Experts on DPIs, who participated in 10 important sessions viz. ‘Overview of Digital Public Infrastructure’, ‘Digital Identities for empowering people’, ‘Digital Payments and Financial Inclusion’, ‘DPI for Judicial Systems and Regulations’, ‘Digital Document Exchange for efficient service delivery’, ‘Public Key Infrastructure (PKI) for DPI’, ‘Digital Education and Skilling’, ‘DPI for Digital Health and Climate Action’, ‘Digital Agriculture Ecosystem’, and ‘Building the Global DPI Ecosystem’.^[2]

Bharat to play key role in shaping ITU’s 6G framework

The official statement of the Ministry of Communications (MoC) released on 28 June 2023 stated that Bharat, through the Department of Telecommunications (DoT), has played an important role in the framing of the International Telecommunication Union (ITU)’s 6G framework, which was recently finalised by the UN telecom agency. The department’s efforts in 6G standardisation have successfully resulted in the adoption of global connectivity, ubiquitous intelligence, and sustainability as the elements of 6G technology.

“The National Study Group (NSG), headed by Telecommunication Engineering Centre (TEC)— DoT’s technical arm, has done extensive work in submitting regular Bharatiya contributions towards the development of the ITU 6G framework. The approach included participation of major industries, start-ups, academia, and R&D organisations,” said the statement. On 23 March this year, Bharatiya Prime Minister Narendra Modi released “Bharat 6G Vision” document which envisages Bharat to be a frontline contributor in the design, development, and deployment of 6G technology by 2030.^[3]

Karnataka government to bring new legislations and to use AI to contain fake news

On 27 June 2023, Karnataka’s Home Minister— G Parmeshwara said that the State government is all ready to take all measure to contain fake news with the use of Artificial Intelligence (AI) and to bring new laws, if none is in place under the existing legislations, to punish those involved in such cases. “Some people are involved in spreading fake news, whether it is on political issues or on those aimed at disturbing peace in the society. Photos are morphed aimed at projecting it to be linked to some sensitive issue, to which the photo is actually unrelated. We have decided to take all kinds of measures— by using technology like AI, to identify those posting such things, and finally take necessary legal action. For legal actions, we will bring in amendments, if necessary, if there are provisions in existing laws, amendments will not be required,” said Minister Parmeshwara.^[4]

International

Multiple businesses affected with MOVEit cyber-attack

On 01 June 2023, security researchers and the US government officials discovered a critical vulnerability in MOVEit’s infrastructure to break into the networks of a multitude of companies and steal their data. A cyber-attack on document transfer service MOVEit led to a series of data breaches of high-profile companies including Price Waterhouse Cooper (PwC), Ernst and Young (EY), Health Service Ireland and payroll provider— Zellis.

On the 05 June, payroll provider Zellis announced that “it had suffered a data breach related to the MOVEit cyber-attack.” As a result, the company stated that a “small number” of its customers had experienced subsequent data breaches. Initially, the British Broadcasting Corporation (BBC), the high-street health and beauty retailer Boots, and the UK flag carrier British Airways were thought to be among the victims. Clop were found to be the perpetrators of the cyber-attack after the gang attempted to exploit its victims. On 07 June, the gang posted on its Telegram channel that unless victims of the cyber-attack and subsequent data breaches paid them by16 June, their data would be released.^[5]

White House released cyber security budget priorities for FY 2025

On 27 June 2023, the Office of Management and Budget (OMB) and the Office of the National Cyber Director (ONCD) released a memorandum outlining five cyber security budget priorities for federal departments and agencies for fiscal year 2025 consistent with the US National Cyber Security Strategy. “The OMB, in coordination with the ONCD, will provide feedback to agencies on whether their submissions are adequately addressed and are consistent with overall cyber security strategy and policy, aiding agencies’ multiyear planning through regular budget process,” read the memorandum.

The five budget priorities are: i) defend Critical Infrastructure (CI), ii) disrupt and dismantle threat actors, iii) shape market forces to drive security and resilience, iv) invest in a resilient future and v) forge international partnerships to pursue shared goals. The memorandum highlighted that federal agencies need to defend CI by modernizing federal defences by implementing the federal zero-trust strategy, improving baseline cyber security requirements and scaling public-private collaboration.^[6]

Hackers responsible for ‘2020 Twitter breach’ sentenced to Prison

On 23 June 2023, the New York Federal court sentenced Joseph James O’Conner (24 years-old) to five years after pleading guilty in May to four attempts four counts of computer hacking, fraud, and cyber stalking. O’Conner, a UK citizen was extradited from Spain at the request of the US prosecutors earlier this year and has remained in the custody since.

O’Connor faced a maximum of 77 years in prison. According to the prosecutor, he used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim.”^[7]

Endnotes

^[1] “Cert-In issues ‘Guidelines on Information Security Practices” for Government Entities for Safe & Trusted Internet”, Press Information Bureau-Ministry of Electronics and IT, 30 June 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1936470
^[2] “Third Meeting of G20 Digital Economy Working Group (DEWG) concluded on 14 June 2023”, Press Information Bureau-Ministry of Electronics and IT, 14 June 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1932370 /

^[3]ETTelecom. “India plays key role in shaping ITU’s 6G framework”, ET Telecom, 28 June 2023, available from: https://telecom.economictimes.indiatimes.com/news/policy/india-plays-key-role-in-shaping-itus-6g-framework/101338287?dt=2023-06-29&em=YW51cmFnQHZpZmluZGlhLm9yZw==
^[4]PTI. “Karnataka Government to use AI to curb fake news, bring new laws”, the Economic Times, 27 June 2023, available from: https://economictimes.indiatimes.com/tech/technology/karnataka-government-to-use-ai-to-curb-fake-news-bring-new-laws/articleshow/101313377.cms
^[5]Powell, Olivia. “A full timeline of the MOVEit cyber-attack”, Cyber Security Hub, 23 June 2023, available from: https://www.cshub.com/attacks/news/iotw-a-full-timeline-of-the-moveit-cyber-attack
^[6]Vasquez, Christian. “White House releases cybersecurity budget priorities for FY 2025”, CyberScoop, 28 June 2023, available from: https://cyberscoop.com/white-house-cybersecurity-budget-2025/
^[7]Whittaker, Zack. “Hacker responsible for 2020 Twitter breach sentenced to prison”. Tech Crunch, 24 June 2023, available from: https://techcrunch.com/2023/06/23/twitter-hacker-sentenced-prison/