Growing Cyber Threats in South Asia: The Need for Joint Collaboration

353

As we enter the third decade of the 21st century, through embracing and integrating information and communications technologies (ICTs) into ecosystems and infrastructures, countries across the world have undertaken a profound digital metamorphosis with a view to enhancing efficiency, effectiveness, innovation, and competitiveness in the digitization of economies, governmental functions, and societies. The South Asian nations also have placed significant emphasis on the implementation of digitization and communication as key drivers for economic expansion, skill enhancement, modernization, and the advancement of human and social progress. This accelerated process of digitization in various sectors has unfortunately led to the adoption of insecure information and communication technology (ICT) infrastructure, outdated software, and vulnerable devices.

Consequently, the surge in malicious cyber activities, with rising sophistication and scale, threatens to undermine confidence in cyberspace and stunt South Asia’s digital transformation, leaving these sectors vulnerable to substantial cyber threats and resulting in regional instability. The safety and resilience of the technological infrastructure and systems are being compromised, thereby undermining trust in the digital realm. As a result, South Asia finds itself at a critical juncture in cybersecurity. In such light of the security challenges presented by the vast amounts of data, it is noteworthy that numerous states around the world have augmented their regional cybersecurity endeavors in a collaborative manner such European Union Agency for Cybersecurity (ENISA), CERT cooperation (ASEAN), and so on. This is a testament to their recognition of the fact that collective efforts in bolstering cyber preparedness at a regional level yield a more substantial impact compared to isolated national endeavors.

State of Cybersecurity Threats in South Asia

For the last few years, the South Asian region has been a conspicuous focal point for cyber assaults, including a wide array of nefarious activities such as attacks with ransomware, phishing attempts, and data theft, among other malicious exploits. With regard to the realm of cyber security apprehensions, one of the primary factors is the absence of preparedness in terms of joint policies and institutional frameworks within South Asian nations primarily stemming from the disparate degrees of development observed among countries in their respective cyber security mechanisms.

Released by the International Telecommunication Union (ITU), the rankings of the Global Cybersecurity Index (GCI) aptly illustrate the multifaceted nature of cybersecurity on a global scale. Since GCI did not publish any cybersecurity index after 2022, based on the 2020 GCI report, we see that India has secured the 10th position, while Bangladesh holds the 53rd position. Pakistan follows at the 79th spot, with Sri Lanka trailing at 83rd. Nepal occupies the 94th position, while Bhutan finds itself at the 134th spot. Lastly, Afghanistan is positioned at the 171st rank. These rankings reflect the relative cyber resilience and preparedness of these nations in the face of evolving cyber threats and challenges.

In 2019, a malware assault infiltrated the security systems of India’s biggest nuclear power plant at Kudankulam and purportedly stole information and data. While the breach only compromised the reactor’s administrative system and wasn’t as devastating as others like Stuxnet, it still raised serious concerns about the efficacy of security protocols at nuclear facilities worldwide. Speculation and doubt highlighted the difficulties of tracing the origin of cyberattacks and the likelihood for cyber threats to worsen current strife in the region, even though the assault was ultimately ascribed to a North Korean gang. The incident at Kudankulam has brought forth the unavoidable vulnerability of South Asian nations to cyber intrusions originating from both state and non-state entities. Such attacks possess the capacity to exacerbate existing tensions between longstanding adversaries in the region.

In the year 2021, an unfortunate incident occurred wherein the Prime Minister of Pakistan, Imran Khan, became a target of a pernicious surveillance breach orchestrated by the insidious Israeli Pegasus spyware. In a parallel vein, during the same year, there was an accusation against the particular software that was employed to illicitly breach the security of intelligent devices belonging to numerous journalists and political adversaries in India and Bangladesh.

In the aftermath of the 2019 Pulwama attack, the cyber landscape witnessed notable stress between India and Pakistan, thereby instigating a consequential upsurge in the proliferation of malicious software and the perpetration of phishing endeavors. The escalating activities in cyber espionage have engendered amplified apprehensions regarding the cyber security framework in South Asia, considering the nascent state of the region’s information technology infrastructure. Therefore, it has become imperative to expeditiously undertake initiatives aimed at establishing a fortified milieu in response to the ever-changing cyber threat scenery in the South Asian region.

Major Cyber Threats Facing South Asia

Ransomware has become the most visible cyber threat facing South Asia. Check Point Research, which tracks cybersecurity trends, finds a 38% rise in worldwide threats in 2022 compared to 2021in which the South Asian region also saw a surge in ransomware attacks. Major victims include India’s AIIMS Hospital, the government of Sri Lanka, Bangladesh Railway, and diverse sectors in Pakistan. Apart from encrypting data, ransomware gangs like Conti and LockBit 2.0 have threatened to publicly leak sensitive documents. Most concerning is their shift from ‘big game’ hunting of large enterprises to targeting essential services and critical infrastructure, amplifying disruptive impact. Likewise, South Asian states are increasingly deploying state-sponsored cyber capabilities for espionage and sabotage against rivals. A notable example is the “Operation Hangover” campaign by an Indian threat group against Pakistan for over a decade, uncovered in 2013. It targeted critical infrastructure like hospitals, telecom firms, and government ministries through sophisticated, customized malware.

Moreover, South Asian citizens are falling victim to proliferating cyber frauds and scams, enabled by digitization of payments and limited public awareness. Banking trojans and credit card stealing intrusions are rampant. In India, there were 13,530 instances of fraud in the financial sector in FY2023. Nearly half of these occurrences (6,659) included electronic payment by card or the Internet. In a similar vein, in recent years, Bangladesh has seen a massive and organized cyber assault, with at least 147 public and commercial organizations, notably banks and non-bank financial institutions (NBFIs) heading Bangladesh towards a serious cyber security vulnerability. Fake donation campaigns, tech support scams, and phishing emails are netting large profits for cybercriminals. Law enforcement has struggled to contain this surge, as most victims do not report losses. Without concerted action, such predatory crimes will continue to erode citizen trust in digital engagement.

In this regard, a key challenge underpinning South Asia’s weak defenses is a dire shortage of skilled cybersecurity talent. Estimates suggest India has the second-largest number of internet users, yet it accounts for just 6% of cybersecurity positions worldwide, with a 30% demand-supply mismatch as of this May 2023. Other countries face similar human resource deficits. Lack of training, low awareness of cyber career paths, and brain drain to foreign firms hamper workforce development. Tackling the shortage and making cyber talent more inclusive must be a top priority. Thus, South Asia faces a potent mix of cyber threats that exploit poor defenses to endanger economic assets, state security, and social cohesion. From ransomware extortions to state-sponsored sabotage and organized disinformation, malicious actors operate with relative impunity. Addressing this complex challenge requires upgrading defenses and building cyber resilience. More importantly, it necessitates joint action across the region’s diverse political and strategic landscape.

Why Is There a Need for Joint Collaboration?

In the South Asian Region, it is noteworthy to highlight the presence of adequately established national Computer Emergency Response Teams (CERT) that engage in the crucial activities of monitoring and safeguarding. Specifically, India, Sri Lanka, and Afghanistan have made commendable strides in this domain, as evidenced by the existence of CERT-In, SLCERT, and AFCERT respectively. Furthermore, it is worth noting that Bangladesh, Bhutan, and Nepal have established their individual national ‘Computer Incident Response Teams (CIRT)’ to effectively evaluate and address computer-related security incidents. These teams, namely BGD e-Gov CIRT, BtCIRT, and Nepal CERT, play a crucial role in safeguarding the cyber landscape of their respective countries.

In lieu of a centralized national Computer Emergency Response Team (CERT), Pakistan has established two distinct private entities that serve as purveyors of cyber threat intelligence: Pakistan Information Security Association Computer Emergency Response Team (PISA-CERT), and the Pakistan Computer Emergency Response Team (PakCERT). In contrast, the Maldives is currently devoid of a robust cyber security apparatus that can effectively identify and counteract cyber threats, thereby rendering government websites vulnerable to unauthorized access and malicious vandalism.

In the broader context of South Asian countries, it is evident that a notable deficiency exists in the establishment of a unified regional governing body, primarily attributable to the imbalanced allocation of responsibilities across multiple cyber security agencies and the lack of strong, cohesive and synchronized countermeasure against cyber intrusions. In this regard, the instance of ASEAN’s measures against cyber-attacks and warfare can be considered to enhance the collaborative framework in the South Asian region. This accomplishment serves as a significant source of inspiration for the South Asian region, as it presents invaluable insights and lessons that can be assimilated and applied in South Asian cyber security endeavors.

Recommendations and Concluding Remarks

Realizing the benefits of joint cybersecurity action will require political willingness to pursue multi-stakeholder cooperation despite strategic distrust and rivalry. Specific steps should include:

  1. Establishment of a permanent South Asia Cybersecurity Working Group (SACWG) involving national cyber agencies, solution providers, and expert communities with a secretariat to coordinate activities.
  2. Developing a South Asia Cyber-Stability Framework with common definitions, norms of behavior, confidence building measures, and protocols for evidence sharing and dispute settlement.
  3. Launching a South Asia CERT as the operational arm of SACWG for joint incident response, monitoring and mitigation for timely threat alert sharing.
  4. Setting-up a regional Cyber Skills Partnership between governments, academia and industry to enhance workforce diversity and establish centers of training excellence.
  5. Formulation of a South Asia strategy for countering cyber-enabled gender-based violence, child sexual abuse, extremist recruitment and disinformation.
  6. Conducting regular Cybersecurity Dialogues at senior official, ministerial, and summit levels to evaluate progress, build trust, and sanction information sharing.
  7. Leveraging Track 1.5 and Track 2 diplomacy to keep collaboration by exploring synergies with platforms like BIMSTEC and IORA to expand regional coordination beyond South Asia.

Through such concrete steps, South Asian nations can set aside differences to jointly fight a common threat, while creating leadership opportunities on the global stage. Robust cooperation will boost strategic trust and digital growth for shared prosperity.

In a nutshell, as South Asia embraces the digital revolution, it finds itself under siege from an escalating wave of cyber threats. From ransomware to organized disinformation campaigns, malicious actors are exploiting the region’s vulnerabilities to pursue economic, social and strategic disruption. Tackling this potent, borderless challenge demands a coordinated regional approach to strengthen defenses, enhance resilience and prevent conflict escalation in cyberspace. The proposed South Asia Cybersecurity Working Group, underpinned by a Cyber-stability Framework and Cyber Skills Partnership, can drive this vital collaboration. Together with national capacity building and multi-stakeholder engagement, South Asia can turn the tide against cyber threats, while catalyzing secure and inclusive digital growth.

– Kawsar Uddin Mahmud is a Research Intern at the KRF Center for Bangladesh and Global Affairs (CBGA).

[Read Full Briefs as a Pdf]