Cyber security is no more a science fiction but has become a much needed reality. World over regulatory and technical issues have vexed the legislators as cyber security is a techno legal issue. In order to effectively deal with cyber security, the legislators need to adopt a techno legal approach. Cyber security community and stakeholders are unanimous on the opinion that the international legal issues of cyber security must be resolved. Indian response vis-a-vis cyber attacks is also clear and India endorses international cooperation regarding cyber security.
Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world. The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.
The problem with cyber law and cyber security issues is that they not only involve multiple jurisdictions but they are also governed by different set of laws. A single act of cyber crime may have legal ramifications in more than one jurisdictions. It is also possible that an act or omission may be cyber crime in one jurisdiction whereas it may be allowed in another. In short, conflict of laws in cyberspace are very difficult to manage in the absence of a true global cyber law and cyber security treaty (PDF).
As far as India's readiness regarding cyber security capabilities are concerned, India is still concered a sitting duck in the cyberspace and civil liberties fields. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security very seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance.
We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies.
As on date Indian laws, policies and efforts are not sufficient enough to curb the menace of cyber crimes. Cyber attacks, etc happening at the global level. In the absence of global harmonisation of laws in the fields like cyber law and cyber security, India has no other option but to strengthen its own cyber law and cyber security capabilities.
A particular cause of concern is that many developed countries have been engaging in illegal and unconstitutional e-surveillance not only on their own citizens but upon Indian citizens as well. They would not be interested in a harmonised global legal framework for cyber law and cyber security. Unfortunately, India has also adopted the e-surveillance methods and have launched many illegal and unaccountable e-surveillance projects like Aadhaar, Natgrid, Central Monitoring System (CMS), etc. The worst has come in the form of unaccountable and unregulated Digital India project of Modi government that has become the digital panopticon of India. Instead of concentrating upon information security and data protection, Indian government is actively working against civil liberties protection in India. Till now there is no encryption policy of India (PDF) that can ensure information and data security.
In these circumstances it is really difficult for Indian government to effectively mange the international legal issues of cyber attacks. Nevertheless, a start must be made by Indian government as soon as possible. We hope Indian government would realise the importance of cyber security very soon.