Centre Proposes New Bills for Criminal Law

Introduction

The automobile business is fast expanding, with vehicles becoming sophisticated, interconnected gadgets equipped with cutting-edge digital technology. This integration improves convenience, safety, and efficiency while also exposing automobiles to a new set of cyber risks. Electric vehicles (EVs) are equipped with sophisticated computer systems that manage various functions, such as acceleration, braking, and steering. If these systems are compromised, it could result in hazardous situations, including the remote control of the vehicle or unauthorized access to sensitive data. The automotive sector is evolving with the rise of connected car stakeholders, exposing new vulnerabilities for hackers to exploit. 

Why Automotive Cybersecurity is required

Cybersecurity threats to automotives result from hardware, software and overall systems redundancy. Additional concerns include general privacy clauses that justify collecting and transferring data to “third-party vendors”, without explicitly disclosing who such third parties are and the manner of processing personal data. For example, infotainment platform data may show popular music and the user’s preferences, which may be used by the music industry to improve marketing strategies. Similarly, it is lesser known that any data relating to behavioural tracking data, such as driving patterns etc., are also logged by the original equipment manufacturer.

Hacking is not limited to attackers gaining control of an electronic automobile; it includes malicious actors hacking charging stations to manipulate the systems. In Russia, EV charging stations were hacked in Moscow to display pro-Ukraine and anti-Putin messages such as “Glory to Ukraine” and “Death to the enemy” in the backdrop of the Russia-Ukraine war. Other examples include instances from the Isle of Wight, where hackers controlled the EV monitor to show inappropriate content and display high voltage fault codes to EV owners, preventing them from charging their vehicles with empty batteries.

UN Economic Commission for Europe releases Regulation 155 for Automobiles

UN Economic Commission for Europe Regulation 155 lays down uniform provisions concerning the approval of vehicles with regard to cybersecurity and cybersecurity management systems (CSMS). This was originally a part of the Commission.s Work Paper (W.P.) 29 that aimed to harmonise vehicular regulations for vehicles and vehicle equipment. Regulation 155 has a two-prong objective; first, to ensure cybersecurity at the organisational level and second, to ensure adequate designs of the vehicle architecture. A critical aspect in this context is the implementation of a certified CSMS by all companies that bring vehicles to market. Notably, this requirement alters the perspective of manufacturers; their responsibilities no longer conclude with the start of production (SOP). Instead, manufacturers are now required to continuously monitor and assess the safety systems throughout the entire life cycle of a vehicle, including making any necessary improvements.

This Regulation reflects the highly dynamic nature of software development and assurance. Moreover, the management system is designed to ensure compliance with safety requirements across the entire supply chain. This is a significant challenge, considering that suppliers currently account for over 70 per cent of the software volume.

The Regulation, which is binding in nature for 64 member countries, came into force in 2021. UNECE countries were required to be compliant with the Regulations by July 2022 for all new vehicles and by July 2024, the Regulation was set to apply to all vehicles. It is believed that the Regulation will become a de facto global standard, since vehicles authorised in a particular country may not be brought into the global market or the market of any UNECE member country based on any other authorisation. In such a scenario, OEMs of non-member countries may be required to give a “self-declaration”, declaring the equipment’s conformity with cybersecurity standards.

Conclusion

To compete and ensure trust, global car makers must deliver a robust cybersecurity framework that meets evolving regulations. The UNECE regulations in this regard are driving this direction by requiring automotive original equipment manufacturers (OEMs) to integrate vehicle cybersecurity throughout the entire value chain. The ‘security by design' approach aims to build a connected car that is trusted by all.  Automotive cybersecurity involves measures and technologies to protect connected vehicles and their onboard systems from growing digital threats.

References:

1. “Electric vehicle cyber security risks and best practices (2023)”, Cyber Talk, 1 August 2023. https://www.cybertalk.org/2023/08/01/electric-vehicle-cyber-security-risks-and-best-practices-2023/#:~:text=EVs%20are%20equipped%20with%20complex,unauthorized%20access%20to%20sensitive%20data. 
2. Gordon, Aaron, “Russian Electric Vehicle Chargers Hacked, Tell Users “PUTIN IS A D*******D”, Vice, 28 February 2022. https://www.vice.com/en/article/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead/ 
3. “Isle of Wight: Council’s electric vehicle chargers hacked to show porn site”, BBC, 6 April 2022. https://www.bbc.com/news/uk-england-hampshire-61006816 
4. Sandler, Manuel, “UN Regulation No. 155: What You Need to Know about UN R155”, Cyres Consulting, 1 June 2022. https://www.cyres-consulting.com/un-regulation-no-155-requirements-what-you-need-to-know/?srsltid=AfmBOopV1pH1mg6M2Nn439N1-EyiU-gPwH2L4vq5tmP0Y2vUpQR-yfP7#A_short_overview_Background_knowledge_on_UN_Regulation_No_155 
5. https://unece.org/wp29-introduction?__cf_chl_tk=ZYt.Sq4MrXvTwSiYURi_essxUCGCysfPq7eSCg1oXLA-1724839918-0.0.1.1-13972

‍

In 2023, PIB reported that up to 22% of young women in India are affected by Polycystic Ovarian Syndrome (PCOS). However, access to reliable information regarding the condition and its treatment remains a challenge. A study by the PGIMER Chandigarh conducted in 2021 revealed that approximately 37% of affected women rely on the internet as their primary source of information for PCOS. However, it can be difficult to distinguish credible medical advice from misleading or inaccurate information online since the internet and social media are rife with misinformation. The uptake of misinformation can significantly delay the diagnosis and treatment of medical conditions, jeopardizing health outcomes for all.

The PCOS Misinformation Ecosystem Online

PCOS is one of the most common disorders diagnosed in the female endocrine system, characterized by the swelling of ovaries and the formation of small cysts on their outer edges. This may lead to irregular menstruation, weight gain, hirsutism, possible infertility, poor mental health, and other symptoms. However, there is limited research on its causes, leaving most medical practitioners in India ill-equipped to manage the issue effectively and pushing women to seek alternate remedies from various sources.

This creates space for the proliferation of rumours, unverified cures and superstitions,  on social media, For example, content on YouTube, Facebook, and Instagram may promote “miracle cures” like detox teas or restrictive diets, or viral myths claiming PCOS can be “cured” through extreme weight loss or herbal remedies. Such misinformation not only creates false hope for women but also delays treatment, or may worsen symptoms.

 How Tech Platforms Amplify Misinformation 

1. Engagement vs. Accuracy: Social media algorithms are designed to reward viral content, even if it’s misleading or incendiary since it generates advertisement revenue. Further, non-medical health influencers often dominate health conversations online and offer advice with promises of curing the condition.
2. Lack of Verification: Although platforms like YouTube try to provide verified health-related videos through content shelves, and label unverified content, the sheer volume of content online means that a significant chunk of content escapes the net of content moderation. 
3. Cultural Context: In India, discussions around women’s health, especially reproductive health, are stigmatized, making social media the go-to source for private, albeit unreliable, information. 

Way Forward

a. Regulating Health Content on Tech Platforms: Social media is a significant source of health information to millions who may otherwise lack access to affordable healthcare. Rather than rolling back content moderation practices as seen recently, platforms must dedicate more resources to identify and debunk misinformation, particularly health misinformation. 

b. Public Awareness Campaigns: Governments and NGOs should run nationwide campaigns in digital literacy to educate on women’s health issues in vernacular languages and utilize online platforms for culturally sensitive messaging to reach rural and semi-urban populations. This is vital for countering the stigma and lack of awareness which enables misinformation to proliferate. 

c. Empowering Healthcare Communication: Several studies suggest a widespread dissatisfaction among women in many parts of the world regarding the information and care they receive for PCOS.  This is what drives them to social media for answers. Training PCOS specialists and healthcare workers to provide accurate details and counter misinformation during patient consultations can improve the communication gaps between healthcare professionals and patients. 

d. Strengthening the Research for PCOS: The allocation of funding for research in PCOS is vital, especially in the face of its growing prevalence amongst Indian women. Academic and healthcare institutions must collaborate to produce culturally relevant, evidence-based interventions for PCOS. Information regarding this must be made available online since the internet is most often a primary source of information. An improvement in the research will inform improved communication, which will help reduce the trust deficit between women and healthcare professionals when it comes to women’s health concerns.

Conclusion 

In India, the PCOS misinformation ecosystem is shaped by a mix of local and global factors such as health communication failures, cultural stigma, and tech platform design prioritizing engagement over accuracy. With millions of women turning to the internet for guidance regarding their conditions, they are increasingly vulnerable to unverified claims and pseudoscientific remedies which can lead to delayed diagnoses, ineffective treatments, and worsened health outcomes. The rising number of PCOS cases in the country warrants the bridging of health research and communications gaps so that women can be empowered with accurate, actionable information to make the best decisions regarding their health and well-being. 

Sources

• https://pib.gov.in/PressReleasePage.aspx?PRID=1893279#:~:text=It%20is%20the%20most%20prevailing%20female%20endocrine,neuroendocrine%20system%2C%20sedentary%20lifestyle%2C%20diet%2C%20and%20obesity. 
• https://www.thinkglobalhealth.org/article/india-unprepared-pcos-crisis?utm_source=chatgpt.com 
• https://www.bbc.com/news/articles/ckgz2p0999yo ‍
• https://pmc.ncbi.nlm.nih.gov/articles/PMC9092874/

Introduction

‍
As the calendar pages turn inexorably towards 2024, a question looms large on the horizon of our collective consciousness: Are we cyber-resilient? This is not a rhetorical flourish but a pragmatic inquiry, as the digital landscape we navigate is fraught with cyberattacks and disruptions that threaten to capsize our virtual vessels.

What, then, is Cyber Resilience? It is the capacity to prepare for, respond to, and recover from these cyber squalls. Picture, if you will, a venerable oak amid a howling gale. The roots, those unseen sinews, delve deep into the earth, anchoring the tree – this is preparation. The robust trunk and flexible branches, swaying yet unbroken, embody response. And the new growth that follows the storm's rage is recovery. Cyber resilience is the digital echo of this natural strength and flexibility.

The Need for Resilience

Why, you might ask, is Cyber Resilience of such paramount importance as we approach 2024? The answer lies in the stark reality of our times:

• A staggering half of businesses have been breached by cyberattacks in the past three years.
• The financial haemorrhage from these incursions is projected to exceed a mind-numbing $10 trillion by the end of 2024.
• The relentless march of technology has not only brought innovation but also escalated the arms race against cyber threats.
• Cyber resilience transcends mere cybersecurity; it is a holistic approach that weaves recovery and continuity into the fabric of digital defenses.
• The adaptability of organisations, often through measures such as remote working protocols, is a testament to the evolving strategies of cyber resilience.

• The advent of AI and Machine Learning heralds a new era of automated cyber defense, necessitating an integrated framework that marries security with continuity protocols.
• Societal awareness, particularly of social engineering tactics, and maintaining public relations during crises are now recognised as critical elements of resilience strategies.
• Cyber threats have evolved in sophistication, paralleling the intense competition to develop new AI-driven solutions.
• As we gaze towards the future, cyber resilience is expected to be a prominent trend in both business and consumer technology sectors throughout 2024.

The Virtues 

The benefits of cyber resilience for organisations are manifold, offering a bulwark against the digital onslaught:

• A reduction in the risk of data breaches, safeguarding sensitive information and customer data.
• Business continuity, ensuring operations persist with minimal disruption.
• Protection of reputation, as companies that demonstrate effective cyber resilience engender trust.
• Compliance with data protection and privacy regulations, thus avoiding fines and legal entanglements.
• Financial stability, as the costs associated with breaches can be mitigated or even prevented.
• Enhanced customer trust, as clients feel more secure with companies that take cybersecurity seriously.
• A competitive advantage in a market rife with cyber threats.
• Innovation and agility, as cyber-resilient companies can pivot and adapt without fear of digital disruptions.
• Employee confidence, leading to improved morale and productivity.
• Long-term savings by sidestepping the expenses of frequent or major cyber incidents.

As the year wanes, it is a propitious moment to evaluate your organisation's cyber resilience. In this edition, we will guide you through the labyrinth of cyber investment buy-in, tailored discussions with stakeholders, and the quintessential security tools for your 2024 cybersecurity strategy.

How to be more Resilient 

Cyber resilience is more than a shield; it is the preparedness to withstand and recover from a cyber onslaught. Let us explore the key steps to fortify your digital defenses:

• Know your risks: Map the terrain where you are most vulnerable, identify the treasures that could be plundered, and fortify accordingly.
• Get the technology right: Invest in solutions that not only detect threats with alacrity but also facilitate rapid recovery, all the while staying one step ahead of the cyber brigands.
• Involve your people: Embed cybersecurity awareness into the fabric of every role. Train your crew in the art of recognising and repelling digital dangers.
• Test your strategies: Regularly simulate incidents to stress-test your policies and procedures, honing your ability to contain and neutralise threats.
• Plan for the worst: Develop a playbook so that everyone knows their part in the grand scheme of damage control and communication in the event of a breach.
• Continually review: The digital seas are ever-changing; adjust your sails accordingly. Cyber resilience is not a one-time endeavour but a perpetual commitment.

Conclusion 

As we stand on the precipice of 2024, let us not be daunted by the digital storms that rage on the horizon. Instead, let us embrace the imperative of cyber resilience, for it is our steadfast companion in navigating the treacherous waters of the cyber world. Civil Society Organizations such as ‘CyberPeace Foundation’ playing a crucial role in promoting cyber resilience by bridging the gap between the public and cybersecurity complexities, conducting awareness campaigns, and advocating for robust policies to safeguard collective digital interests. Their active role is imperative in fostering a culture of cyber hygiene and vigilance.

References 

• https://www.loginradius.com/blog/identity/cybersecurity-trends-2024/
• https://ciso.economictimes.indiatimes.com/news/ciso-strategies/cisos-guide-to-2024-top-10-cybersecurity-trends/106293196