Cybersecurity: UPSC Notes (Internal Security)

Cybersecurity involves protecting computers, networks, and data from cyber threats. As India expands digital initiatives such as e-governance, digital payments, and smart infrastructure, its growing digital footprint has also increased the risk of cyber attacks.

Cybersecurity is a highly relevant topic for the UPSC Prelims and Mains under Internal Security, Science & Technology, Governance, and Ethics.

Let’s study this topic in detail!

Cybersecurity refers to the practice of protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks, unauthorised access, theft, and damage.

It is similar to building security walls around your digital life, your computers, phones, bank accounts, and personal data, to keep thieves, hackers, and cybercriminals out.

• CERT-In (Indian Computer Emergency Response Team) is India's national nodal agency for cybersecurity incident response.
• The NCIIPC (National Critical Information Infrastructure Protection Centre) protects critical infrastructure sectors, including banking, telecommunications, power, and transportation.
• I4C (Indian Cyber Crime Coordination Centre) was established under the MHA in 2018.
• Eighty-six per cent of Indian households are now connected to the internet, reflecting rapid digital adoption across the nation.
• Cybersecurity incidents in India have more than doubled from 10.29 lakh in 2022 to 22.68 lakh in 2024.

Also read: BharatNet Project | UPSC Governance Notes

Cybersecurity has multiple objectives that work together to create a safe digital environment.

• Protect Critical Infrastructure: Safeguard essential services like electricity, water supply, transportation, and telecommunications from cyber attacks.
• Secure Personal and Financial Data: Keep your bank details, Aadhaar number, passwords, and personal photos safe from thieves.
• Reduce Vulnerabilities: Find and fix weak points in systems before attackers can exploit them.
• Build Response Capabilities: Create 24/7 teams that can detect and respond to cyber incidents immediately.
• Develop Indigenous Technology: Build India's own cybersecurity solutions instead of depending on foreign companies.
• Build Trust in Digital Systems: Ensure people feel confident using digital payments, online shopping, and e-governance services.

Also read: PM Gati Shakti National Master Plan: Government Scheme for UPSC

Cyber threats are constantly evolving, and hackers employ various tactics depending on what they aim to steal or destroy.

1. RANSOMWARE

Malware that encrypts a victim's files or locks their system, making it unusable until the attacker receives payment (ransom).

How It Works:

• The attacker sends a phishing email with a malicious attachment.
• User opens it → ransomware executes
• Files/system encrypted → becomes inaccessible
• Attacker demands ransom for decryption key.
• The modern version also threatens to leak stolen data.

Examples

• AIIMS Delhi Ransomware Attack (2022)
• WannaCry (2017)
• REvil (Kaseya Attack, 2021)

2. MALWARE

Any software intentionally designed to damage, disrupt, or exploit computer systems, networks, and data.

Main Types (Subtypes of Malware):

A. Virus

Attaches to legitimate programs, replicates when executed.

• Example: Infected Word document sent via email.
• Damage: File corruption, data deletion, system slowdown.

B. Worm

Self-replicating malware that spreads through networks without needing a host file.

• Example: Conficker worm (2008) spread through unpatched Windows vulnerabilities.
• Damage: Network congestion and excessive bandwidth consumption.

C. Trojan (Trojan Horse)

Disguises itself as legitimate software but contains hidden malicious code.

• Example: Fake antivirus software that actually steals banking credentials, like Qbot, TrickBot banking Trojans, stealing credentials in 2025.

3. PHISHING

Deceptive emails, messages, or websites that trick users into revealing passwords, credit card numbers, or other sensitive information by impersonating trusted organisations.

Phishing Variants

A. Email Phishing

• Spam emails impersonating banks, PayPal, and Gmail.
• "Your account has suspicious activity. Click here to verify".
• Takes the user to a fake website that looks identical to the real one.
• User enters credentials → attacker gains access

B. Spear Phishing

• Targeted phishing using personal information about the victim.
• Example: Email from "HR" to employee with personalised details.
• Much higher success rate than generic phishing.
• More dangerous than regular phishing.

C. Whaling

• Spear phishing targeting high-profile individuals (CEOs, ministers).
• Example: Email to the Defence Minister asking for urgent funds.
• Largest financial losses due to high-value targets.

D. Vishing (Voice Phishing)

• Phone-based phishing - attacker calls pretending to be bank support.
• "Verify your account due to suspicious activity".
• Direct credential theft over the phone.

E. AI-Powered Deepfake Phishing (2026 threat)

• Fake video call from "colleague" requesting urgent fund transfer.
• AI-generated voice clone sounds authentic.
• Emerging threat in 2026.

4. DDoS ATTACK

A Distributed Denial-of-Service (DDoS) attack floods a target server/website with massive traffic from multiple sources, making it unavailable to legitimate users.

How It Works:

• The attacker controls thousands of compromised devices (a botnet).
• All devices send traffic to the same target simultaneously.
• Server becomes overloaded → crashes or becomes very slow
• Legitimate users cannot access the service.

Real-World Example

• Mirai Botnet Attack (2016)

5. ADVANCED PERSISTENT THREAT (APT)

A sophisticated, long-term, targeted cyberattack by state-sponsored or well-funded cybercriminal groups who stay hidden in networks for months/years to steal data or prepare sabotage.

Characteristics:

• Targeted: Specific high-value organisations, not random.
• Persistent: Remains undetected for months or years.
• Stealthy: Blends into normal network activity.
• Well-funded: State or major criminal organisations behind it.
• Multi-stage: Multiple phases: initial access → persistence → lateral movement → data theft

Example:

• APT36 (Also called "Scorpion")

Also read: Artificial Intelligence: Definition, Types, India’s Initiatives, AI Action Summit 2025

Cybersecurity protection works like a layered defence; multiple strategies work together to keep systems safe. Here are the main methods:

1. Encryption

Converting data into unreadable code that can only be accessed with a special key. Common encryption methods include:

• AES (Advanced Encryption Standard): The gold standard used by governments worldwide
• RSA: Protects data transmission over the internet
• ECC (Elliptic Curve Cryptography): Used for web security and digital signatures

2. Multi-Factor Authentication (MFA) 

• Requiring multiple forms of verification before granting access.
• Instead of just a password, users provide additional proof like OTP (One-Time Password), fingerprint, or facial recognition.

3. Firewalls

• Digital barriers that monitor and control incoming and outgoing network traffic.
• They block unauthorised access while allowing legitimate data to pass through

4. Network Segmentation

• Dividing networks into smaller sections so that if one part is compromised, the attacker cannot access the entire network

5. Endpoint Detection and Response (EDR)

• Tools that continuously monitor devices (computers, phones) connected to networks for suspicious activity and respond to threats in real-time.

6. Regular Software Updates and Patch Management

• Fixing security vulnerabilities in software before hackers can exploit them.

7. Access Control (RBAC)

• Role-Based Access Control ensures that employees only have access to the information they need for their job, reducing exposure if one account is compromised.

8. Regular Backups

• Maintaining secure copies of data so that even if systems are compromised, data can be recovered.

Also read: Biotechnology Notes UPSC: Definitions, Uses & India’s BioE3 2024 Initiative

Recognising the importance of a secure digital space, India has developed laws and institutions to promote cybersecurity and ensure responsible digital governance.

1. Information Technology Act, 2000

• Forms the foundation of India’s cyber law framework.
• Addresses cyber offences such as identity theft, impersonation, online cheating, and the circulation of obscene or harmful digital content.
• Enables the prosecution of cyber fraud and financial crimes committed through digital platforms.
• Empowers authorities to block malicious websites, fraudulent apps, and unlawful online content.

2. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

• Establish accountability for social media platforms, digital intermediaries, and online marketplaces.
• Mandate the timely removal of unlawful and harmful content.
• Address emerging misuse of technologies, including artificial intelligence, deepfakes, and misinformation.
• Strengthen transparency and user grievance redressal mechanisms.

3. Digital Personal Data Protection Act, 2023

• Mandates lawful processing of personal data with informed user consent.
• Imposes strict obligations on data fiduciaries to ensure data security and privacy safeguards.
• Reduces risks of unauthorised access, data breaches, and misuse of personal information.
• As an enforcement outcome, over 9.42 lakh SIM cards and 2,63,348 IMEIs linked to fraudulent activities have been blocked.

Also read: Nanotechnology Explained: Key Concepts, Applications & Innovations

The Indian government has launched several initiatives and allocated significant resources to protect the nation's digital infrastructure.

1. Indian Cybercrime Coordination Centre (I4C)

• Established under the Ministry of Home Affairs to serve as the national nodal agency for combating cybercrime.
• Blocked 83,668 WhatsApp accounts and 3,962 Skype IDs used by cybercriminals.
• Established a National Cyber Forensic Laboratory.

2. Indian Computer Emergency Response Team (CERT-In)

• National agency for responding to cybersecurity incidents.
• Conducted 109 cybersecurity mock drills engaging 1,438 organisations to test readiness.
• Issue mandatory guidelines requiring organisations to report cyber incidents within 6 hours.

3. National Cyber Crime Reporting Portal (NCRP)

• At www.cybercrime.gov.in, citizens can directly report cybercrimes.
• Cyber Crime Helpline: 1930 provides free 24/7 assistance for cyber fraud victims.
• Helps law enforcement agencies freeze fraudulent transactions in real-time.

4. Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS)

• Allows immediate reporting of financial cyber fraud.
• Has saved over ₹5,489 crore in 17.82 lakh complaints.

5. Cyber Commandos Program (Launched 2025)

• Specialised trained cyber commandos will be established in states and Union Territories.
• Work to secure the nation's digital space and counter cyber threats.

6. Samanvaya Platform (Launched 2025)

• Provides analytics-based links between criminals and crimes.
• Its 'Pratibimb' module maps the locations of criminals and crime infrastructure.

Despite all efforts, India faces significant challenges in securing its cyberspace. These obstacles need to be addressed to strengthen the nation's digital defence.

• Rapid Digital Growth, Weak Security: Fast digitisation through smart cities and e-governance often relies on outdated security systems, especially in rural and local institutions.
• Skill Shortage: India lacks enough trained cybersecurity professionals, making systems harder to protect.
• Low Public Awareness: Many people are unaware of phishing, fake apps, and online fraud, making them easy targets.
• Cloud Security Gaps: Poorly configured cloud systems create security loopholes, as seen in data leaks from open servers.
• Supply Chain Risks: India’s IT and service hubs are attractive targets; one breach can impact global companies.
• Fragmented Governance: Multiple agencies handle cybersecurity, leading to overlap and coordination issues.
• Legacy Systems: Old government and critical infrastructure systems struggle to face modern cyber threats.
• Cross-Border Cyber Attacks: Cybercriminals operate across borders, making enforcement and prosecution difficult.

India’s cyber safety is at an important stage. The government, businesses, and citizens need to work together to create a safe and secure digital future.

• Policy Reforms: Enact a dedicated Indian Cybersecurity Act to tackle new cyber threats and improve coordination.
• Skill Development: Set up training centres and scholarships to build skilled cybersecurity professionals.
• Public Awareness: Run nationwide campaigns to educate people about cyber safety and fraud prevention.
• Better Coordination: Clearly define the roles of cybersecurity agencies for faster and more effective response.
• Technology Investment: Support AI, quantum computing, and indigenous cyber solutions through national programmes.

Elevate Your UPSC Prep with SuperKalam!

Discover SuperKalam, your Personal Super Mentor for targeted UPSC preparation. Unlock unlimited MCQs, Practice mains answers with Instant Mains Answer Evaluation, and real-time performance tracking.

Explore SuperKalam's Resources and set yourself on the path to success!