Here is a compilation of essays on ‘Cyber Security’ for class 11 and 12. Find paragraphs, long and short essays on ‘Cyber Security’ especially written for school and college students.
Essay on Cyber Security
Essay Contents:
- Essay on the Meaning of Cyber Security
- Essay on Cyber Threats
- Essay on the Snowden Revelations of Cyber Security
- Essay on the Threat to India’s Cyber Space
- Essay on the Legal Framework for Cyber Security
- Essay on International Cooperation in Cyber Security
Essay # 1. Meaning of Cyber Security:
Cyber security can be defined as the protection of systems, networks and data in cyber space. It refers to the preventative methods used to protect information from being stolen, compromised or attacked.
Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multi-layered initiatives and responses. It has proved to be a challenge for governments because it involves various ministries and departments. It is more difficult primarily due to the diffused and varied nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators.
Cyberspace has expanded dramatically in its brief existence due to rapid development of information technology (IT) and commercial applications associated with it. Advances in information and communications technologies have revolutionized the scientific, educational and commercial infrastructures developed by the government.
The IT infrastructure has become an integral part of the critical infrastructure which supports national capabilities such as energy, power grids, telecommunications, emergency communication systems, financial systems, defence systems, space, transport, land records, public essential services and utilities, law enforcement and security and air traffic control networks, to name a few.
All these infrastructures increasingly depend on relay data for communication and commercial transactions. The operational stability and security of critical information infrastructure is vital for the economic security of the country.
The evolving nature of the telecommunications infrastructure poses further challenges. The expanding wireless connectivity to individual computers and networks is making determination of physical and logical boundaries of networks increasingly difficult. The increasing inter connectivity and accessibility to computer based systems that are critical to the country’s economy are adding to the risk.
Essay # 2.
Cyber Threats:
Cyber threats vary from simple hacking of an email to waging a war against a state.
Cyber threats can be classified broadly into two categories:
1. Cybercrime – against individuals, corporates, etc.
2. Cyber warfare – against a state
1. Cyber Crime:
Use of cyber space, i.e. computer, internet, cellphone, other technical devices, etc., to commit a crime by an individual or organised group is called cyber-crime. Cyber attackers use numerous vulnerabilities in cyberspace to commit cybercrime. They exploit the weaknesses in the software and hardware design through the use of malware.
DoS attacks are used to overwhelm the targeted websites. Hacking is a common way of piercing the defenses of protected computer systems and interfering with their functioning. Identity theft is also common. The scope and nature of threats and vulnerabilities is multiplying with every passing day.
Cybercrimes may be divided into two categories:
i. Crimes that Target Computers Directly:
They include:
a. Spreading computer viruses
b. Denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It temporarily or indefinitely interrupts or suspends services of a host connected to the internet.
c. Malware (malicious code) is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. ‘Malware’ is a general term used to refer to a variety of forms of hostile or intrusive software, for example Trojan Horses, rootkits, worms, adware, etc.
ii. Crimes Facilitated by Computer Networks or Devices, the Primary Target of which is Independent of the Computer Network or Device:
This can take many forms as listed below:
a. Economic frauds to destabilize the economy of a country, attack on banking transaction system, extract money through fraud, acquisition of credit/debit card data, financial theft and intellectual theft of property
b. Impairing the operations of a website or service through data alteration, data destruction
c. Spreading pornography
d. Copyright infringement
e. Cyber stalking, outraging modesty of women, obscene content to humiliate girls and harm their reputation
f. Threatening e-mail
g. Assuming fake identity, virtual impersonation
h. Breach of right to privacy
i. Misuse of social media in fanning intolerance, instigating communal tensions and inciting riots. Posting inflammatory material that tends to incite hate-crimes.
j. Information warfare
k. Phishing scams
2. Cyber Warfare and Cyber Terror:
It is said that future wars will not be like traditional wars which are fought on land, water or air. Snowden revelations have shown that Cyberspace could become the theatre of warfare in the 21st century.
While there is no agreed definition of cyber warfare but ‘when any state initiates the use of internet based invisible force as an instrument of state policy to sabotage and espionage against another nation, it is called cyber war’. Attacking the information systems of other countries for espionage and for disrupting their critical infrastructure may be referred as cyber warfare. It includes hacking of vital information, important webpages, strategic controls and intelligence.
The attacks on the websites of Estonia in 2007 and of Georgia in 2008 have been widely reported. Although there is no clinching evidence of the involvement of a state in these attacks, it is widely held that in these attacks, non-state actors (for example, hackers) may have been used by state actors. Since these cyber-attacks, the issue of cyber warfare has assumed urgency in the global media.
When an organisation, working independently of a nation state, operates terrorist activities through the medium of cyber space, it is generally called cyber terror.
Special Features of Cyber War Compared to Traditional War:
a. Independent Theatre of War:
The development of the internet and low- cost wireless communication is the contemporary equivalent of what airplanes were a hundred years ago. Their use in economic, social and political transactions has increased at a rate that far exceeds the growth in airplane use over the last century.
These technologies already play an important part in military operations in the traditional spheres of land, sea, air and the newer one of space. There are signs that they have been used for aggressive purposes by some states. There is also ample evidence of their use by criminals and terrorist groups. It is only a matter of time, like air power a hundred years ago, before cyberspace becomes an independent theatre of war.
There is one important nuance in the treatment of cyberspace as a fifth potential theatre of war, along with land, sea, air and space. The use of cyberspace depends on physical facilities like undersea cables, microwave and optical fibre networks, telecom exchanges, routers, data servers, and so on.
Protecting or attacking these is in the domain of the traditional arms of the military. Cyberspace, as an independent theatre of war, is about attacks that compromise the capability to use these facilities—they cannot be prevented by the security services in isolation.
b. An Undefined Space (No Specific Areas):
The defence of cyberspace has a special feature. The national territory or space that is being defended by the land, sea and air forces is well defined. Outer space and cyberspace are different. They are inherently international even from the perspective of national interest. It is not possible for a country to ignore what is happening in any part of this space if it is to protect the functionality of the cyberspace relevant for its own nationals. Moreover, a key part of this space, the global internet system, is still under the control of one country.
Hence, national defence and international cooperation are inevitably intermeshed. This means that a country’s government must ensure coherence between its security policy and the diplomatic stance taken by it in multilateral and bilateral discussions on matters like internet and telecom governance, human rights related to information freedoms, trade negotiations on Infotech services, and so on.
c. Disguised Attackers:
There is another feature of cyberspace that complicates the design of security structures and policies compared to the other theatres of conflict. In cyberspace, it is very easy for an attacker to cover his tracks and even mislead the target into believing that the attack has come from somewhere else. This difficulty in identifying the perpetrator makes it difficult to rely on the capacity to retaliate as a deterrent.
d. No Contact War:
The evolution of technology impacts the nature of conflict and war. Amongst the recent aspects of conflict is ‘no contact war’ wherein there is no ‘physical’ or ‘kinetic’ action across borders. Future world war will most likely be cyber war. Future war will not be like traditional wars which were fought on territorial borders or in air space.
Essay # 3.
Snowden Revelations of Cyber Security:
Edward Joseph Snowden is an American computer professional, former employee of the Central Intelligence Agency (CIA) and former contractor for the National Security Agency (NSA).
He hogged international limelight when he disclosed to several media outlets thousands of classified documents. Snowden’s release of classified material has been described as the most significant leak in US history. The US Department of Justice charged Snowden with espionage.
Snowden’s leaked documents uncovered the existence of numerous global surveillance programmes; many of them run by the NSA with the cooperation of telecommunication companies and European governments. The massive extent of NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents.
In 2013, the existence of the ‘Boundless Informant’ was revealed, along with the PRISM electronic data mining programme, the XKeyscore analytical tool, the Temporal interception project, the MUSCULAR access point and the massive FASCIA database, which contains trillions of device-location records. In the following year, Britain’s Joint Threat Research Intelligence Group was revealed, along with the Dish fire database, Squeaky Dolphin’s real-time monitoring of social media networks and the bulk collection of private webcam images via the Optic Nerve programme.
The disclosures have fuelled debates over mass surveillance, government secrecy and the balance between national security and information privacy.
Modus Operandi of Widespread Cyber Snooping by National Security Agency (NSA):
Basically, three major players were used by the NSA:
i. Different nations
ii. Domestic/foreign agencies
iii. Private players within and outside the USA
Data was collected through:
i. Telecom operators from Global Optic Fibre Network
ii. Servers of US based internet giants like Google and Microsoft
iii. Hardware manufacturers like Cisco and Juniper
iv. Large scale Malware operations and Firewall
v. Off the Air components, including Wi-Fi, GSM, CDMA and Satellite signals in alliance with Australia, New Zealand and South Africa
vi. Taps placed on undersea cables in South America, North of Africa and the Indian Ocean
vii. Monitoring international payments, banking transactions
viii. iPhones, Blackberry and Android operating system
Vulnerability of Indian Cyber Space:
Documents leaked by NSA whistle-blower Edward Snowden indicate that much of the NSA surveillance was focused on India’s domestic politics and its strategic and commercial interests, exposing India’s vulnerability to cyber snooping in all sectors. India was fifth among targeted countries.
The US has had a major influence on the development of cyberspace by virtue of the fact that much of the initial infrastructure and use was centred in that country and it continues to be a major force in its development and use. The US has thus been in a position to fend off periodic attempts to challenge its supremacy, and those times when it could not, it has been forced to shed some of its control.
Impact of Snowden Revelations:
i. It will pave way for the ‘Internet Governance Era’. Microsoft recently allowed foreign customers to have their personal data stored on servers outside America. Hence, the consequence of Edward Snowden’s NSA leaks is that countries and companies would erect borders of sorts in cyberspace.
ii. Following the shocking revelations about governments’ widespread monitoring of global communications, it is clear that all facets of the cyber-security world have been indelibly changed, from ordinary people having their eyes opened to what is really going on, to governments becoming ever-more distrustful of each other.
iii. Some experts believe the technical details contained in documents leaked by Snowden had weakened the security situation in western countries, decreasing the level of security in the US and UK in particular. They feel the leaks were a ‘gift’ to allow terrorists to ‘evade us and strike at will’. It is being said that as fallout of the revelations, Al-Qaeda has changed the way it communicates.
iv. One of the biggest impacts Snowden has had on the world is that his leaks have led to an acceleration of cyber arms race around the world.
There is a greater awareness among the masses about the right to privacy. People have become conscious. Even Barack Obama, President of USA, conceded that those leaks triggered a passionate and welcome debate about American snooping.
Essay # 4.
Threat to India’s Cyber Space:
As is clear from Snowden’s revelations, India’s cyber space is almost unprotected. Till now, we only have very basic security features. We have started considering advanced features only after the Snowden revelations. All our vital institutions, installations and critical infrastructure need to be protected from cyber-attacks.
The future war will target crucial areas like:
i. Defence installations
ii. Sensitive documents related to both internal and external security
iii. Communication networks, including satellites
iv. ATC management
v. Railway traffic control
vi. Financial, services
vii. Premier institutions of science, technology and research
Critical infrastructure (CI) and Critical Information Infrastructure (CII):
In general, critical infrastructure (CI) can be defined as:
‘Those facilities, systems, or functions, whose incapacity or destruction would cause a debilitating impact on national security, governance, economy and social well-being of a nation.’
It broadly includes the following sectors:
i. Energy
ii. Transportation (air, surface, rail and water)
iii. Banking and finance
iv. Telecommunication
v. Defence
vi. Space
vii. Law enforcement, security and intelligence
viii. Sensitive government organisations
ix. Public health
x. Water supply
xi. Critical manufacturing
xii. E-governance
Across the world, critical information infrastructure (CII) is broadly defined as including ‘those networks which are interrelated, interconnected and interdependent’. In India, the guidelines would initially include information and communications, transportation, energy, finance, technology, law enforcement, security and law enforcement, government, space and sensitive organisations.
Critical Information Infrastructure (CII) are those ICT infrastructure upon which the core functionality of critical infrastructure is dependent.
India’s new guidelines are an extension of the legislative recognition under the IT Act 2000.
Section 70 of the Act defines critical information infrastructure (CII) as:
‘Those computer resource and incapacitation or description of which, shall have debilitating impact on national security, economy, public health or safety.’ CII is highly complex, distributed, interconnected and interdependent.
Threats to CII:
Threats to CII are classified as:
i. Internal Threat:
It is defined as ‘one or more individuals with the access and/or inside knowledge of a company, organisation or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products or facilities with the intent to cause harm’.
Insider betrayals cause losses due to IT sabotage, fraud and theft of confidential or proprietary information. This may be intentional or due to ignorance.
ii. External Threat:
This threat arises from outside of the organisation, by individuals, hackers, organisations, terrorists, foreign government agents, non-state actors, and pose risk, like crippling CII, espionage, cyber/electronic warfare, cyber terrorism, etc.
Threat may be caused by individuals, including disgruntled or former employees, rivals (industrial espionage), hackers, script kiddies, crackers, cyber criminals (organised as well as unorganised), cyber mercenaries, terrorist groups (cyber jehadis), non-state actors and hostile states.
Effects of Cyber-Attacks on CII:
i. Damage or destruction of CII
ii. Disruption or degradation of services
iii. Loss of sensitive and strategic information
iv. Widespread damage in short time
v. Cascading effects on several CII
Essay # 5.
Legal Framework for Cyber Security:
Information Technology Act 2000 (Amended in 2008):
Information technology Act 2000 consists of 94 sections segregated into 13 chapters. The Act was amended in 2008 which has now 124 sections.
Salient features of the IT Act are as follows:
i. The Act provides legal recognition to e-commerce, which facilitates commercial e-transactions.
ii. It recognises records kept in electronic form like any other documentary record. In this way, it brings electronic transactions at par with paper transactions in documentary form.
iii. The Act also provides legal recognition to digital signatures which need to be duly authenticated by the certifying authorities.
iv. Cyber Law Appellate Tribunal has been set up to hear appeal against adjudicating authorities.
v. The provisions of the IT Act have no application to negotiable instruments, power of attorney, trust, will and any contract for sale or conveyance of immovable property.
vi. The Act applies to any cyber offence or contravention committed outside India by a person irrespective of his/her nationality.
vii. As provided under Section 90 of the Act, the State Government may, by notification in ‘Official Gazette’, make rules to carry out the provisions of the Act.
viii. Consequent to the passing of this Act, the SEBI had announced that trading of securities on the internet will be valid in India, but initially there was no specific provision for protection of confidentiality and net trading. This lacuna has been removed by the IT (Amendment) Act, 2008.
Offences under the IT Act:
Sec-65. Tampering with Computer Source Documents:
Whoever knowingly or intentionally conceals, destroys, or alters any computer source code used for a computer, computer program, computer system or computer network, when the source code is required to be kept or maintained by law, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
Sec 66. Hacking with Computer System:
i. Whoever with the intent of cause or knowing that is likely to cause, wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.
ii. Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
Sec-66 A. Sending Offensive Messages through Communication Service, etc. (Introduced Vide Amendment in 2008):
Any person who sends, by means of a computer resource or a communication device:
(a) Any information that is grossly offensive or has menacing character; or
(b) Any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device, or
(c) Any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages shall be punishable with imprisonment for a term which may extend to three years and with fine.
Essay # 6.
International Cooperation in Cyber Security:
NETmundial Conference 2014:
Sau Paulo in Brazil hosted a two-day conference in April 2014 on internet governance. It included representatives from nearly 180 countries. Its theme was ‘Global Multi-stakeholder Meeting on the Future of Governance’.
A global discussion on Net governance tried to bring the vision of multiple stakeholders in line with democracy. India took this opportunity to highlight US dominance of the internet and press for equal rights and say for all nations on matters related to Internet governance and cyber security. India lamented the lack of truly representative and democratic nature of the existing systems of internet governance, including the management of critical internet resources, and called for cyber jurisprudence to ensure security of the cyberspace.
There are three major issues here:
i. Should internet governance be carried out through a multilateral model or multi-stakeholder model? The multilateral model involves primarily Governments. UN is operated by this model.
On the other hand, multi-stakeholder model recognizes that civil society groups, internet users and corporates have a say as well. Russia, India and China were in favour of multilateral model. ‘Civil society’ and Western countries are more inclined towards a multi-stakeholder set-up.
While a multi-stakeholder option seems like the more reasonable and politically correct choice, it begs the question: Who are these civil society groups, who do they claim to represent, and how do we know that they simply haven’t been hijacked by corporate interests?
ii. The second issue is the question of internet fragmentation or ‘Balkanisation’ of the internet. Western countries and civil society groups fear that as countries such as India and Russia reduce their reliance on American infrastructure, they will shatter the global unity of the internet and impose barriers that will hinder connections between users in different countries. While this fear is real, it also shuts us off to looking at a different type of Balkanisation; one where we reduce dependence on surveillance-tinged, Silicon Valley-based services while promoting local and secure digital infrastructure.
In India, these fault lines are already being drawn, for better or worse: The Election Commission recently aborted a potential partnership with Google, for voter facilitation services, on the grounds of ‘national security’. Government officials are slowly starting to shun Hotmail and Gmail as well. Technology start-ups like Wonobo, a Google Street clone, are starting to receive Government backing.
iii. Third issue is ‘net neutrality’ or the principle that telecom companies should treat all internet content equally as it flows through their cables and pipes. If net neutrality is abandoned, internet service providers would be allowed to priorities certain types of traffic, leading to disastrous consequences.
On most of these issues, and a few others such as intellectual property, NETmundial has scored poorly, mostly because vested interests often take root when the global community has to strive for ‘rough consensus’. The conference’s outcome document takes soft stances on validating the multi- stakeholder model and condemning surveillance. Net neutrality, for instance, is relegated to a ‘point of future discussion’.
The proposal for a decentralised internet assumes significance in the wake of Edward Snowden’s Wikileaks revelations of mass surveillance in recent months.
The US has had a major influence on the development of cyberspace by virtue of the fact that much of the initial infrastructure and use was centred in that country and it continues to be a major force in its development and use. The US has thus been in a position to fend off periodic attempts to challenge its supremacy, and those times when it has been forced to shed some of its control.
Bowing to the demands of Brazil and other nations following revelations last year of its massive electronic surveillance of internet users, the United States has agreed to relinquish oversight of the Internet Corporation for Assigned of Names and Numbers (ICANN), a non-profit group based in California that assigns internet domain names or addresses.
The revelations by former NSA analyst, Edward Snowden, brought worldwide calls for the United States to reduce its control of the internet, created 50 years ago to link the computers of American universities to the US defence industry.