By: Anahida Bhardwaj
The author is a second-year student pursuing her MA in Public Policy from the Jindal School of Government and Public Policy. She can be reached at 23jsgp-anahida@jgu.edu.in.
Source: Creative Commons
Introduction
On July 19, the world spiralled as CrowdStrike, an Artificial Intelligence (‘AI’)-powered cybersecurity platform, services crashed due to an update. The outage affected Microsoft, as the update was designed to protect Windows devices from malicious attacks but inadvertently triggered the dreaded ‘blue screen of death’ display for users. Indian airports were also hit by the outage, with 300 cancelled flights and slower check-ins. Airlines, including IndiGo, SpiceJet, Akasa Air, and Vistara, were also impacted, and key airports in Delhi, Mumbai, Bengaluru, and Chennai were significantly affected. The Reserve Bank of India (‘RBI’) had also advised its Regulated Entities and reported that 10 banks and Non-Banking Financial Companies in India were victims of this outage. The widespread disruptions underscored the critical dependency of global infrastructure on reliable cybersecurity solutions.
In the context of this incident, India’s rapid digital transformation, coupled with its diverse linguistic landscape, presents unique cybersecurity challenges. The country faces a relentless barrage of sophisticated cyberattacks, necessitating adopting advanced and adaptive solutions. Are we truly adept at navigating these waters? Does AI have the potential to revolutionise cybersecurity in India? In exploring these questions, we explore the intersection of technology and policy to uncover whether AI can be the game-changer in fortifying India's digital defences.
Cybersecurity measures taken in India
The Information Technology Act, 2000 (‘IT Act’) is the primary legislation to govern information technology and cybersecurity in India. Under Section 70B of the IT Act, the Indian Computer Emergency Response Team (‘CERT-In’) was established to frame data protection policies and regulate cybercrimes and cyber-attacks. Other entities involved in India’s cybersecurity endeavour include the Cyber Crime Coordination Centre (‘IC4’) and the Citizen Financial Cyber Fraud Reporting and Management Centre. The Digital Personal Data Protection Act, 2023 (‘DPDPA’) is also a legislation to safeguard an individual’s data. Still, the same has not been enacted as the administrative rules to govern have not been notified.
In collaboration with service providers, regulators, and law enforcement agencies, CERT-In also issues advisories to ministries to strengthen cybersecurity, particularly those that handle sensitive personal data, and manages audits and implements security practices for those entities that issue prepaid payment instruments for the RBI. It operates a threat exchange platform that shares alerts for cyber-attacks and lapses, such as the CrowdStrike malfunction in July 2024. It manages the Cyber Swachhta Kendra to detect and remove malware and formulates management plans to counter cyber-attacks that target the government and critical sectors. The CERT-In also conducts mock drills and workshops to spread awareness and assess organisations' readiness during a disruption.
Role of AI in Enhancing Cybersecurity
A research report published by PwC estimates that the global GDP could rise by 14% in 2030 due to AI, which amounts to $15.7 trillion. AI has proven to be a fundamental factor in computer decision-making. Applying Machine Learning (‘ML’), which refers to algorithm building with the help of collected data over time, AI is used to predict cyber-attacks and increase security. The precision and speed with which these measures can be taken prove to prepare a newer, stronger arrow in one's cybersecurity quiver.
AI enhances cybersecurity by enabling threat detection, real-time response, and robust defence mechanisms against complex cyber-attacks. Common cyber-attacks include software exploitation and malware identification, network intrusion detection, phishing, and spam detection. The ability of AI to process and analyse voluminous data allows the identification of patterns, abnormalities, and potential dangers with precision. Through leveraging data and learning from patterns, AI also can forecast cyber-attacks. This allows the implementation of expedient remedies, but not without its shortcomings. AI's threat detection capabilities have transformed cybersecurity by enabling unprecedented precision and efficiency in spotting possible threats. An example of threat-detection using AI is Microsoft Security Copilot- where generative AI assists security professionals in detecting lapses with the help of data and threat intelligence and delivers insights on how to fortify digital defences.
Reports regarding cyberattacks in India do not present a pretty picture of cybersecurity. Cybersecurity Firm Check Point, in January 2024, reported that in 2023, India was a victim of 2138 weekly cyber-attacks per organisation, seeing a 15% rise since 2022- making India the second-most targeted nation in the Asia-Pacific region. On a global scale, India ranked third for phishing attacks. The numbers are alarming and require policy intervention on the part of the government. The recent Union Budget saw an allocation of Rs. 1550 Crore for research in AI and cybersecurity. CERT-in was allocated Rs. 238 Crore, the Data Protection Board (established under the DPDPA) with Rs. 52.8 Crore; however, I4C was not provided with separate funds under the Budget. This commitment underscores the importance of research and development in enhancing the nation's cybersecurity infrastructure.
Challenges of using AI for Cybersecurity
With the rapid growth of digitisation, there is a corollary regarding increased cyber threats and cyber-attacks. Despite the aforementioned advancements, deploying AI in cybersecurity, not just in India but globally, has its fair share of challenges. Some common issues, such as data privacy, algorithmic biases, and the potential for adversaries to exploit AI systems, remain significant concerns. There is also a gap between professionals trained in cybersecurity and those trained in AI-powered security solutions.
Another apprehension, particularly from an Indian context, is multiple languages. The Constitution of India granted 22 languages the status of ‘scheduled’ languages in the Eighth Schedule. Apart from the scheduled languages, it is estimated that Indian citizens speak over 121 languages. Linguistic diversity accords AI with an opportunity and a challenge. Insufficient text and speech data for effective ML training, lack of linguistic experts for language annotation, and difficulty in interpreting and comprehending languages with non-Latin scripts hamper the development of learning language models. Thus, developing datasets like the crowdsourced AI-led language translation system BHASHINI under the Digital India Corporation, via which open-source datasets would be created, are rudimentary nascent steps.
Recommendations to integrate AI into Cybersecurity
Given the benefits discussed in this article, the next logical question is how one can integrate AI effectively into their cybersecurity plans. INDIAai, a programme by the Ministry of Electronics and Information Technology (‘MeitY’), recommended an implementation model to integrate AI into cybersecurity, which includes ‘strategy alignment, developing an action plan, execution, building scale and maturity, and learning and revising.’ The steps are explained as follows:
Stakeholders come together to outline eventual goals, values, and the impact of AI on entities (particularly business organisations) and its components.
Delineating an action plan to assess where an organisation stands now vis-à-vis cybersecurity and AI and how to cover the shortcomings and pitfalls.
Execution or implementation of AI, which could be used to build the competence of the workforce and fill the gap between security professionals and AI- security (as mentioned above).
Building scale and maturity, by which an organisation can build plans and teams for the all-around execution or implementation of the cybersecurity plan developed in consonance with or relying on AI.
Gather feedback and evaluate the plan to ensure that collective action does not lead to coordination failure.
Conclusion
Every technological development is met with apprehension, with the need to comprehensively measure the pros and cons of utilisation. AI, like many new developments, does posit the potential to be the next big thing in terms of cyber defence and cybersecurity, but it becomes imperative to question whether one even needs to use another piece of developing technology to counter the ill effects of new technological attacks. The ultimate decision of AI integration into cybersecurity has to be made, considering the benefits, risks, and needs of those who adopt it. The judicious and ethical use of AI, as is the case with any tool, should be given precedence to enhance security.
References
S, R (2023). Artificial Intelligence in Indian Languages: A Comprehensive Overview. Journal of Emerging Technologies and Innovative Research. Vol. 10, Issue 12.
Ravichandran, G (2023, June 23). The tussle with AI over language. The New Indian Express, https://www.newindianexpress.com/opinions/2024/Jun/22/the-tussle-with-ai-over-language.
(2023, December 4). How AI is helping India bring digital services in 121 languages. The Times of India, https://timesofindia.indiatimes.com/gadgets-news/how-ai-is-helping-india-bring-digital-services-in-121-languages/articleshow/105731925.cms.
PTI (2024, January 22). India witnesses 15% rise in cyber attack cases in 2023; emerges as 2nd most targeted nation. Mint, https://www.livemint.com/news/india/india-witnesses-15-rise-in-cyber-attack-cases-in-2023-emerges-as-2nd-most-targeted-nation-11705939863447.html.
PTI (2024, April 30). India Recorded 79 Million Cyber Attacks In 2023, Ranks 3rd Globally: Report. NDTV, https://www.ndtv.com/india-news/india-recorded-79-million-cyber-attacks-in-2023-ranks-3rd-globally-report-5558748.
Kapoor, C (2024, May 10). An AI-infused world needs matching cybersecurity. The Hindu, https://www.thehindu.com/opinion/op-ed/an-ai-infused-world-needs-matching-cybersecurity/article68157849.ece.
Dixit, P (2024, May 10). Rethinking threat detection with AI: A conversation with Microsoft India's cybersecurity head Anand Jethalia on safeguarding India's digital landscape. Business Today, https://www.businesstoday.in/technology/news/story/rethinking-threat-detection-with-ai-a-conversation-with-microsoft-indias-cybersecurity-head-anand-jethalia-on-safeguarding-indias-digital-landscape-428992-2024-05-10.
Aralelemath, S (2024, May 13). Guest Post- AI-Powered Sentinels are the Future of Cybersecurity. IndiaAI, https://indiaai.gov.in/article/ai-powered-sentinels-are-the-future-of-cybersecurity.
Roy, A (2024, May 22). India needs open-source AI models for cultural and linguistic representation: IBM. The Economic Times, https://economictimes.indiatimes.com/tech/technology/india-needs-open-source-ai-models-for-cultural-and-linguistic-representation-ibm/articleshow/110311591.cms?from=mdr.
(2024, July 19). Microsoft CrowdStrike outage: Only 10 banks and NBFCs had minor disruptions, says RBI. The Hindu, https://www.thehindu.com/business/Economy/microsoft-crowdstrike-outage-only-10-banks-and-nbfcs-had-minor-disruptions-says-rbi/article68422276.ece.
(2024, July 20). Crowdstrike leaves Microsoft's users and many businesses black and blue in India. The Economic Times, https://economictimes.indiatimes.com/news/india/microsofts-crowdstrike-leaves-business-black-and-blue-in-india/articleshow/111870901.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst.
The views expressed in this article are those of the author (s). They do not reflect the views or opinions of Diplomania or its members.
Comments