If India does not ‘WannaCry': It needs an initiative on cyber literacy, safety and law enforcement policies

By Dr. Krishnashree Achuthan As computer systems across the globe are getting more and more connected to facilitate services in sectors such as healthcare and e-governance, one of the daunting tasks is to save these computing systems from cyberthreats such as ‘WannaCry Ransomware’. The cyber-attack has infected networked computer systems, preventing users from accessing applications and services running on them. Ransomware is a notorious threat against numerous developing countries like India as it propels its way towards realizing the Digital India vision by the year 2020. Ransomware is a cyber-attack, which empowers hackers to take control of a networked system and deny access to applications until a ransom is received as payment from computing parties. Statistics show that the ‘WannaCry Ransomware’ has infected more than 45,000 computers in India. This number is projected to grow unless proper security measures are incorporated during the design phase of the computing systems. Numerous organizations in Spain and parts of Europe have been affected by this ransomware. A defense-in-depth approach is necessary. There are three challenges that need to be addressed for a defense-in-depth approach. First, we need to develop a multi-level approach to security that can protect systems at different layers. Second**,** we need to ensure prevention, detection and recovery of systems from attacks for digital security. We must develop mechanisms for software authenticity and integrity. Third, we must launch initiatives for cyber literacy, safety and law enforcement policies to educate and integrate the common man into Digital India. There have been several instances in the past when ransomwares have taken control over different national systems. Very recently, Britain’s healthcare system, National Health Service (NHS), was infected by a ransomware called ‘Wanna Decryptor’, which prevented patients from making any appointment. Further, the ransomware demanded a ransom to grant access to the system. While there were no reports of patient data being compromised, it raises concern about the privacy of medical data. While cybersecurity is an increasing concern in countries like India, there remains a need for evaluating the security of computing systems and analyzing the vulnerabilities. Often computer systems are composed of different domains each with multiple security requirements thus necessitating the need for developing cross-domain security policies to prevent the spread of malware and subvert the hackers. Further there exist a number of legacy systems with improper security measures as a result of which integration with state-of-the-art systems may lead to vulnerabilities. At Amrita we nurture next generation software developers and researchers that can build systems for a secure digital India. At a practical level, we dispense hands-on training in ethical hacking and securing systems. Alongside, the government must scale its initiatives to educate the common man on the perils of going digital. Security education must be brought into schools at an early age so that the youth can make educated decisions. The author is the Director, Center for Cybersecurity Systems and Networks, Amrita University