#FactCheck: Viral Video Showing Pakistan Shot Down Indian Air Force' MiG-29 Fighter Jet

On 22nd October 2024, Jyotiraditya Scindia, Union Minister for Communications, launched the (DoT) Department of Telecoms’ International Incoming Spoofed Calls Prevention System. This was introduced in light of efforts toward preventing international fraudulent calls that enable cyber crimes. A recent report as per PIB claims for the system to have been effective and played a role in a 90% reduction in the number of spoofed international calls, its instances falling from 1.35 Crore to 6 Lakhs within two months of the launch of the system.

International spoof calls are calls that masquerade as numbers originating from within the country when displayed on the target's mobile screen. This is done by manipulating the calling line identity or the CLI, commonly known as the phone number. Previous cases reported mention that such spoof calls have been used for conducting financial scams, impersonating government officials to carry out digital arrests, and inducing panic. Instances of threats of disconnecting numbers by TRAI officials, and narcotics officials on finding drugs or even contraband through couriers are also rampant. 

International Incoming Spoofed Calls Prevention System 

As was addressed in the Budget in 2024, the system was previously called the Centralised International Out Roamer (CIOR), and the DoT was allocated Rs.38.76 crore for the same. The Digital Intelligence Unit (DIU) under the DoT is another project that aims to investigate and research fraudulent use of telecom resources, including messages, scams, and spam - the budget for which has been increased from 50 to 85 crores.

The International Incoming Spoofed Calls Prevention System was implemented in two phases, the first one was at the level of the telephone companies (telcos). Telcos can verify their subscribers and Indian SIMs based on the Indian Telecom Service Providers (TSPs) international long-distance (ILD) network. When a user with an Indian number travels abroad, the roaming feature gets activated, and all calls hit the ILD network of the TSP. This allows the TSP to verify whether the numbers starting with +91 are genuinely making calls from abroad or from India. However, a TSP can only verify numbers that are issued with their TSP ILD network and not those of other TSPs. This issue was addressed in the second phase, as the DIU of DoT and the TSPs built an integrated system so that a centralised database could be used to check for genuine subscribers. 

CyberPeace Outlook

A press release on 23rd December 2024 encouraged the TSPs to label incoming International calls as International calls on the mobile screen of the receiver. Some of them have already started adding labels and are sending awareness messages informing their subscribers of tips on staying safe from scams. Apart from these, there are also applications available online that help in identifying callers and their location, however, these are at the behest of the users' efforts and have moderate trust value. At the level of the public, the practice of blocking unknown international numbers and not calling back, along with awareness regarding country codes is encouraged. Coordinated and updated efforts on the part of the Government and the TSPs are much appreciated in today's time as scammers continue to find new ways to commit cyber crimes using telecommunication resources.

References

1. https://www.hindustantimes.com/india-news/jyotiraditya-scindia-launches-dot-system-to-block-spam-international-calls-101729615441509.html
2. https://www.business-standard.com/india-news/centre-launches-system-to-block-international-spoofed-calls-curb-fraud-124102300449_1.html
3. https://www.opindia.com/2024/12/number-of-spoofed-international-calls-used-in-cyber-crimes-goes-down-by-90-in-2-months/
4. https://www.cnbctv18.com/technology/telecom/telecom-department-anti-spoofed-international-calls-19529459.htm
5. https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2067113
6. https://pib.gov.in/PressReleasePage.aspx?PRID=2087644
7. https://www.hindustantimes.com/india-news/display-international-call-for-calls-from-abroad-to-curb-scams-dot-to-telecos-101735050551449.html 

‍

Introduction

‍

With the advent of cloud computing, new information and asset delivery avenues have become possible, including Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service. With this change, the conventional paradigm of "computer as a product" is replaced with "computing as a service," which is provided to customers via the internet by big data warehouses or the cloud. Additionally, it has brought about an essential shift in how organisations function, allowing them to access computer tools and services online instead of needing to construct and manage their IT systems. As a result, organizations are now more agile, scalable, and efficient and can react swiftly to shifting consumer demands and market situations.

The Growth of Remote and Hybrid Workspaces

‍

Hybrid and remote workplaces are becoming more popular post-pandemic era. Many businesses have used regional workplace solutions to manage a more scattered workforce. IT departments are put in a difficult position since they have to make sure that branch office staff and remote workers can access the information they require safely and dependably. VPNs and Direct Internet Access links are becoming more and more popular, thus IT professionals are coming up with innovative ways for connecting distant locations to the main office while protecting the confidentiality of information.

User Portability

‍The widespread use of mobile devices for work, along with the growing Bring Your Own Device (BYOD) culture, has significantly contributed to the rise of remote work and flexible work environments. Employees can now connect to corporate systems using either personal or company-issued devices through secure methods such as Virtual Private Networks (VPNs) or cloud-based platforms. This has made teleworking, work-from-home setups, and flexible work hours increasingly common and practical, allowing for greater productivity and work-life balance.

Growing Volume of Traffic

‍

Professionals in the modern workplace must have access to private apps stored in a data centre or a multi-cloud setup. Nevertheless, these programs might not always be easily accessible from branch offices or by remote workers and staff members might not have instant support for IT. Organizations must discover solutions to this problem so that remote workers may consistently and dependably access company resources while also making the most of their current assets. It is important to note that employees need reliable and secure ways to access their work tools from anywhere, just like they would in the office.

Battling Networking and Security Issues in a Post-Pandemic Setting

‍

While many businesses have successfully adopted a cloud-first approach for new system implementations or have deployed specific Software-as-a-Service (SaaS) solutions, many are still struggling to fully reap the benefits of moving most or all of their business software to the cloud.

‍

• Conventional IT frameworks allowed for the creation of the present company applications. Because of this, these applications are frequently inflexible and configured for fixed capacity across a limited number of data facilities. Certain organizations could lack the elements required to oversee an entire cloud migration. This could be the result of things like an affinity for on-premises systems, aversion to alteration, or a lack of experience with cloud systems. 
• Although cloud computing might be a cost-effective solution for some workloads, it might not be the best choice overall. Running certain applications in a combination of cloud services or on-premises may be more cost-effective. 
• Particularly if they are regionally distributed, workloads requiring high connection speeds or low latency may not be ideal for cloud computing.
• If a corporation lacks authority over the servers in the cloud, it may be concerned about the integrity of its data stored there. Consequently, they would rather keep it inside their data facilities.
• Firms may be restricted in their ability to migrate some types of information to the cloud by legal or compliance regulations. 

Networking and Cybersecurity Consolidation: Handling Present Risks

‍

In the past, protecting a network required establishing boundaries and keeping an eye on communication between recognized devices. However, it is now required for a network's components to work together as a cohesive system due to shifting expectations. To do this, flexible network pieces must be able to communicate with one another while also protecting workflows, apps, and payments that move across different devices. The current problem is to effortlessly combine security with network capabilities and connection so that data can flow between constantly moving devices while being inspected, encrypted, and subject to regulation.

Infrastructure and security personnel must update their methods and equipment to better meet these constraints to deliver reliable, efficient, and trustworthy access across users, apps, and regions within an enterprise. Inevitably, networking and safety will eventually merge for improved organizational alignment.

Businesses may stay ahead of the competition in attracting top people in an increasingly diverse and cost-effective workplace by integrating a virtual and physical workforce. The future of security solutions lies in consolidation and platformisation; a cloud-centric Secure Access Service Edge (SASE) the capacity offering paired with network edge capabilities like secured Software-Defined Wide Area Network (SD-WAN) can improve and automate the safety measures of the company while also cutting down on the complexity and expense of managing disparate point remedies.

Safe Networking: Moving Towards This Phenomenon and Concentration of Cybersecurity

‍

Companies relying on conventional networking models often face challenges in securing modern elements, such as cloud-based applications, remote users, mobile devices, and distributed locations, because traditional networks were not designed with these factors in mind. A robust networking strategy integrates both safety and networking into one system to get around these problems. It enhances security posture and network performance. It improves the user's experience and lessens the complexities of management. It is important to combine point product providers into a risk management platform rather than implementing safety measures one at a time. Tighter cooperation, greater efficiency, and a quicker, better-coordinated reaction to network threats are made possible by this.

SASE: A Coordinated Method

‍

Secure Access Service Edge (SASE) is a cloud-based architecture that offers security and networking solutions as needed and unites all edges into a single logical connection.

SASE drivers

‍

Conventional safety measures are ill-suited to deal with the more dispersed and complicated IT environment brought about by the advent of the Internet of Things, edge computing, and telecommuting. Using SASE, security and network services may be accessed from the cloud, eliminating the need to backhaul traffic to a single data centre for safety assessment.

‍

• Distant user traffic assessment and blind spots presented difficulties for companies.
• Full oversight over hybrid network operations is provided by SASE technology, which provides network services including FWaaS, SWG, DLP, and CASB.
• Issues around abnormal port usage and policy violations have arisen as more customers access SaaS apps from different gadgets and regions.
• SASE technology reduces the cost of hiring IT staff by combining safe access to resources from one supplier.
• SASE technology consolidates secure accessibility capabilities from one vendor, hence lowering the cost of hiring IT workers.
• One major benefit of SASE technology is its ease of administration. Even when overseeing multiple offices inside a corporate network, the IT department's job is minimized because a single cloud-based administrator manages the entire system.

Recommendations

‍

• For high-risk use cases, consider utilizing Zero Trust Network Access to supplement or replace the outdated VPN for distant users.
• Take inventory of the gear and agreements in order to progressively replace the branch and perimeter hardware on-site over a few years in favour of delivering SASE functionalities via the cloud.
• Simplify and cut expenses by grouping suppliers when VPN, CASB, and encrypted web portal agreements are up for renewal. Profit from a market that has come together and integrated these security edge services.
• Limit SASE products to a couple of partnering companies.
• Irrespective of location, integrate Zero Trust Network Access (ZTNA) and methods of authorization (such as MFA) for every client, including those in the workplace or branch.
• To meet security and regulatory requirements, select SASE products that provide you control over where inspection takes place, how traffic is directed, what is recorded, and where records are kept.

Conclusion

‍

The development of cloud technology, the rise of offsite and hybrid workplaces, and the increased challenges in communication and privacy following the pandemic highlight the necessity for a comprehensive and integrated strategy. By adopting SASE (Secure Access Service Edge), a cloud-centric framework that enables secure connectivity across diverse environments, businesses can enhance cybersecurity, streamline operations, and adapt to the evolving needs of modern workplaces. This approach ultimately contributes to a safer and more efficient future for information architecture.

References

‍

• https://www.dsci.in/files/content/knowledge-centre/2023/DSCI-Fortinet%20POV%20Paper.pdf
• https://www.datacenterknowledge.com/cloud/cloud-trends-and-cybersecurity-challenges-navigating-future
• https://banagevikas.medium.com/cybersecurity-trends-2024-navigating-the-future-10383ec10efe

Authors:

‍

Soumya Gangele (Intern - Tech & Policy), CyberPeace

Neeraj Soni (Sr. Researcher), CyberPeace

‍

Pretext

On 20th October 2022, the Competition Commission of India (CCI) imposed a penalty of Rs. 1,337.76 crores on Google for abusing its dominant position in multiple markets in the Android Mobile device ecosystem, apart from issuing cease and desist orders. The CCI also directed Google to modify its conduct within a defined timeline.  Smart mobile devices need an operating system (OS) to run applications (apps) and programs. Android is one such mobile operating system that Google acquired in 2005. In the instant matter, the CCI examined various practices of Google w.r.t. licensing of this Android mobile operating system and various proprietary mobile applications of Google (e.g., Play Store, Google Search, Google Chrome, YouTube, etc.).

The Issue

Google was found to be misusing its dominant position in the tech market, and the same was the reason behind the penalty. Google argued about the competitive constraints being faced from Apple. In relation to understanding the extent of competition between Google’s Android ecosystem and Apple’s iOS ecosystem, the CCI noted the differences in the two business models, which affect the underlying incentives of business decisions. Apple’s business is primarily based on a vertically integrated smart device ecosystem that focuses on the sale of high-end smart devices with state-of-the-art software components. In contrast, Google’s business was found to be driven by the ultimate intent of increasing users on its platforms so that they interact with its revenue-earning service, i.e., online searches, which directly affects the sale of online advertising services by Google. It was seen that google had created a dominant position among the android phone manufacturers as they were made to have a set of google apps preinstalled in the device to increase the user’s dependency on google services. The CCI felt that Google had created a dominant position to which they replied that the same operations are done by Apple as well, to which the commission responded that apple is a phone and app manufacturer and they have Apple-owned apps in Apple devices only, but Google here in had made a pseudo mandate for android manufactures to have the google apps pre-installed which is, in turn, a possible way of disrupting the market equilibrium and violative of market practices. The CCI imposed a penalty of Rs. 1,337.76 for abusing its dominant position in multiple markets in India, CCI delineated the following five relevant markets in the present matter –

• The market for licensable OS for smart mobile devices in India
• The market for app store for Android smart mobile OS in India
• The market for general web search services in India
• The market for non-OS specific mobile web browsers in India
• The market for online video hosting platforms (OVHP) in India.

Supreme Courts Opinion

In October 2022, the Competition Commission of India (CCI) ruled that Google, owned by Alphabet Inc, exploited its dominant position in Android and told it to remove restrictions on device makers, including those related to the pre-installation of apps and ensuring exclusivity of its search. Google lost a challenge in the Supreme Court to block the directives, as the learned court refused to put a stay on the imposed penalty, further giving seven days to comply. The Supreme Court has said a lower tribunal—where Google first challenged the Android directives—can continue to hear the company’s appeal and must rule by March 31.

Counterpoint Research estimates that about 97% of 600 million smartphones in India run on Android. Apple has just a 3% share. Hoping to block the implementation of the CCI directives, Google challenged the CCI order in the Supreme Court by warning it could stall the growth of the Android ecosystem. It also said it would be forced to alter arrangements with more than 1,100 device manufacturers and thousands of app developers if the directives kick in. Google has been concerned about India’s decision as the steps are seen as more sweeping than those imposed in the European Commission’s 2018 ruling. There it was fined for putting in place what the Commission called unlawful restrictions on Android mobile device makers. Google is still challenging the record $4.3 billion fine in that case. In Europe, Google made changes later, including letting Android device users pick their default search engine, and said device makers would be able to license the Google mobile application suite separately from the Google Search App or the Chrome browser.

‍

Conclusion

As the world goes deeper into cyberspace, the big tech companies have more control over the industry and the markets, but the same should not turn into anarchy in the global markets. The Tech giants need to be made aware that compliance is the utmost duty for all companies, and enforcement of the law of the land will be maintained no matter what. Earlier India lacked policies and legislation to govern cyberspace, but in the recent proactive stance by the govt, a lot of new bills have been tabled, one of them being the Intermediary Rules 2021, which has laid down the obligations nand duties of the companies by setting up an intermediary in the country. Such bills coupled with such crucial judgments on tech giants will act as a test and barrier for other tech companies who try to flaunt the rules and avoid compliance.