Daily Current Affairs

G20 leaders endorses Goa Roadmap and ‘Travel for LiFE’ program to provide big boost to tourism sector (GS Paper 3, Economy)

Why in news?

• A significant milestone achieved during the G20 Leaders' Summit in Delhi was the unanimous endorsement of tourism and culture's pivotal role in sustainable socio-economic development and prosperity. 

 

Details:

• The 'G20 Leaders Declaration' adopted during the summit underlined the significance of the 'Goa Roadmap’ for Tourism as a vehicle for achieving SDGs.
• Delhi Declaration provides a new direction for tourism sector with G20 Goa Roadmap outlining the challenges, objectives, opportunities and recommendations for tourism sector to achieve sustainable development goals. 

 

Goa Roadmap

• ‘GOA Roadmap’, the key deliverable of India’s G20 Tourism Track, is a pioneering initiative that provides a blueprint for sustainable global tourism.
• Goa roadmap, aligned with the theme of India’s G20 Presidency, underscores the role of tourism in society, the economy, and environmental stewardship.
• By focusing on the five interconnected priorities identified and endorsed by the G20 Tourism Working Group - Green Tourism, Digitalization, Skills, Tourism MSMEs, and Destination Management - the roadmap offers a comprehensive strategy for nations to align their tourism policies with the United Nations Sustainable Development Goals 2030.

 

G20 Tourism and SDG Dashboard:

• The Ministry of Tourism, in collaboration with the United Nations World Tourism Organization (UNWTO), has launched the G20 Tourism and SDG Dashboard.
• This pioneering initiative will serve as a global repository, showcasing the best practices and case studies of sustainable tourism practices and policies from G20 nations.
• It aims to be a comprehensive resource, aiding nations and industry stakeholders in their journey towards achieving the SDGs through tourism.

 

“Travel for LiFE” initiative:

• In another significant development, the G20 leaders’ declaration has further noted the launch of the “Travel for LiFE” initiative, emphasizing its transformative potential in promoting responsible and sustainable tourism. 
• Travel for LiFE program has been inspired by e Prime Minister’s vision of LiFE (Lifestyle for Environment), which is extremely relevant for tourism sector.
• Travel for LiFE nudges all tourists and tourist businesses to take simple actions, which have tremendous signification for environment protection and climate action.
• Ministry of Tourism has aligned its programs and initiatives for promoting sustainable tourism under ‘Travel for LiFE’ program and the campaign will cover the entire tourism ecosystem, motivating and inspiring all actors to contribute in making tourism sector sustainable and responsible
• While recognizing the LiFE actions by tourists, the Ministry will also recognize the tourism businesses as TFL certified based on STCI criteria of the Ministry. It will also encourage the tourists and tourism businesses to take a “Travel for LiFE’ pledge, which will reflect their commitment for sustainable practices.

 

How did a China-based hacking group compromise Microsoft’s cloud security?

(GS Paper 3, Science and Technology)

Why in news?

• In July, Microsoft said that a China-based hacking group breached U.S. government-linked email accounts.

Details:

• The group identified as Storm-0558, gained access to email accounts of 25 organisations, including Western European government agencies, email accounts from top American officials such as Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink.
• The attacks stemmed from the compromise of a Microsoft engineer’s corporate account. The company further explained that hackers were able to extract a cryptographic key from the engineer’s account to access into email accounts.

 

What is Storm-0558?

• Microsoft Threat Intelligence “with moderate confidence” assessed that Storm-0558 is a China-based threat actor with activities and methods consistent with espionage objectives.
• The group is thought to operate as its own distinct group and its core working hours are consistent with working hours in China, Microsoft said in a blog post.
• In the past, the group has been seen to have primarily targeted U.S. and European diplomatic, economic, and legislative governing bodies, and individuals connected to Taiwan and Uyghur geopolitical interests.
• The group has been targeting Microsoft accounts since August 2021 and had reportedly obtained credentials for initial access through phishing campaigns and exploited vulnerabilities in public-facing applications to gain access to victims’ networks.

 

How did the threat actors breach Microsoft’s security?

• The China-based threat actor was able to compromise Microsoft’s cloud security systems by using an acquired MSA key to forge tokens to access Outlook Web Access (OWA).
• MSA keys are token signing keys used by a service to validate authentication tokens for the service.
• Hackers then used the acquired key to forge a token that was used for validation issues to impersonate Azure AD users and gain access to enterprise email.

 

What is a cryptographic key?

• A cryptographic key is a string of characters used within an encryption algorithm to alter data making it illegible to someone without the correct key. Like a physical key, a cryptographic key encrypts data and is used to decrypt the encased data by the holder of the key.
• In the case of SSL encryption (HTTPS), two types of encryptions are used. They can be symmetric and asymmetric encryptions.
• In symmetric encryption, both sides of a conversation use the same key for turning plain text into cyphers (encrypted) text.
• However, in asymmetric or public key encryption, the two sides of the conversation use a different key.
• A public key and a private key, the private key is never shared by the party with anyone. When plaintext is encrypted with the public key, only the private key can decrypt it, not the public key.

 

How did hackers acquire MSA keys?

• Microsoft, after its technical investigation into the attack, revealed that the key was stolen from its corporate environment due to a series of errors.
• Threat actors compromised a Microsoft engineer’s account gaining access to the company’s network and debugging environment.
• A debugging environment is used by companies to test their products during production and fix errors and bugs in the source code before they are released to the public.

 

Why was a consumer key accessible to the engineer’s account?

• Microsoft introduced a common key metadata publishing endpoint in September 2018. Microsoft says it provided an API to help “validate the signatures cryptographically but did not update their libraries to perform this scope validation automatically”.
• The developers in the mail system incorrectly assumed libraries performed complete validation and did not add the required issuer/scope validation.
• This allowed the mail system to accept or request enterprise email using a security token signed with the consumer key. Microsoft says the issue has been corrected.

 

India-Middle East-Europe Mega Economic Corridor

(GS Paper 3, Economy)

Why in news?

• On the sidelines of the G20 Summit in New Delhi, a Memorandum of Understanding (MoU) was signed between the Governments of India, the US, Saudi Arabia, the European Union, the UAE, France, Germany and Italy to establish the India-Middle East-Europe Economic Corridor (IMEC).
• The IMEC is being envisioned as a network of transport corridors, including railway lines and sea lanes that is expected to aid economic growth through integration between Asia, the Arabian Gulf, and Europe.

 

What is the Partnership for Global Infrastructure Investment (PGII)?

• The project is a part of the Partnership for Global Infrastructure Investment (PGII), a West-led initiative for funding infrastructure projects across the world, seen as a counter to China’s Belt and Road Initiative (BRI).
• The infrastructure plan was first announced in June 2021 during the G7 (or Group of Seven) summit in the UK.
• The G7 countries include the United Kingdom, the United States, Canada, France, Germany, Italy, Japan, and the European Union (EU). US President Joe Biden had called it the Build Back Better World (B3W) framework. However, it did not register much progress.
• In 2022, during the G7 summit in Germany, the PGII was officially launched as a joint initiative to help fund infrastructure projects in developing countries through public and private investments.
• The stated purpose of both the PGII and the BRI is to help secure funding for countries to build critical infrastructure such as roads, ports, bridges, communication setups, etc. to enhance global trade and cooperation.

 

What was the need for an alternative?

BRI:

• China began the Belt and Road Initiative in 2013 under its President Xi Jinping. It aims to revive the ancient trade routes crossing to and from China–from Rome in Europe to East Asia.
• Under this, the Chinese government helped in providing loans for infrastructure projects to various countries, and in many cases, Chinese companies were awarded contracts for carrying out the work. This helped China mark its footprints at a global level.
• However, China was criticised in the West and by some other countries for providing unsustainable debts to countries that will be unable to repay them.
• According to a 2019 World Bank report, among the 43 corridor economies for which detailed data was available, 12 could face a situation where debts were not sustainable, which could lead to public assets being handed over to foreign contractors or China itself.

 

Concerns:

• India, however, opposed the BRI as it included the China-Pakistan Economic Corridor, which connected Kashgar in China with the Gwadar port in Pakistan via Pakistan-occupied Kashmir.
• Others are vary of the benefits they might reap from enhanced trade connectivity. Italy, the only G7 member that was part of the BRI, has also expressed its concerns in this regard.

 

What has been announced so far as part of PGII initiatives?

• The US government’s agency, its International Development Finance Corporation (DFC) would invest over $15 million in India’s health infrastructure, “including support for the expansion of a chain of eye clinics for conducting corrective surgery for underserved individuals, and an India-based social enterprise that manufactures safe and affordable women’s hygiene products for underserved women in non-metro areas.”
• The EU, through its Global Gateway programme, has now said it will “activate 300 billion of investments in critical connectivity projects during the period 2021-2027, half of which is destined for Africa.”
• Over 90 projects have been identified in Africa, Latin America and the Caribbean, Asia and the Pacific, and in the Western Balkans.

 

Way Forward:

• China is in the process of modifying BRI to address its criticisms.
• Further, the scale of investments that can be raised by China is higher than that of the G7, who will have to look for political consensus within their countries for pledging to such projects. They also have no control over assured private-sector participation.
• But if PGII succeeds to a certain extent and with BRI addressing its own issues given this competition of sorts, it could actually help diversify the options available to the countries who have infra requirements.