Ads

Ads
Center Of Excellence (CoE) For Internet Of Things (IoT) In India

Thursday, October 29, 2015

International Legal Issues Of Cyber Attacks: Research Works Of Perry4Law

Cyber security is no more a science fiction but has become a much needed reality. World over regulatory and technical issues have vexed the legislators as cyber security is a techno legal issue. In order to effectively deal with cyber security, the legislators need to adopt a techno legal approach. Cyber security community and stakeholders are unanimous on the opinion that the international legal issues of cyber security must be resolved. Indian response vis-a-vis cyber attacks is also clear and India endorses international cooperation regarding cyber security.

Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world. The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.

The problem with cyber law and cyber security issues is that they not only involve multiple jurisdictions but they are also governed by different set of laws. A single act of cyber crime may have legal ramifications in more than one jurisdictions. It is also possible that an act or omission may be cyber crime in one jurisdiction whereas it may be allowed in another. In short, conflict of laws in cyberspace are very difficult to manage in the absence of a true global cyber law and cyber security treaty (PDF).

As far as India's readiness regarding cyber security capabilities are concerned, India is still concered a sitting duck in the cyberspace and civil liberties fields. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security very seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance.

We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies.

As on date Indian laws, policies and efforts are not sufficient enough to curb the menace of cyber crimes. Cyber attacks, etc happening at the global level. In the absence of global harmonisation of laws in the fields like cyber law and cyber security, India has no other option but to strengthen its own cyber law and cyber security capabilities.

A particular cause of concern is that many developed countries have been engaging in illegal and unconstitutional e-surveillance not only on their own citizens but upon Indian citizens as well. They would not be interested in a harmonised global legal framework for cyber law and cyber security. Unfortunately, India has also adopted the e-surveillance methods and have launched many illegal and unaccountable e-surveillance projects like Aadhaar, Natgrid, Central Monitoring System (CMS), etc. The worst has come in the form of unaccountable and unregulated Digital India project of Modi government that has become the digital panopticon of India. Instead of concentrating upon information security and data protection, Indian government is actively working against civil liberties protection in India. Till now there is no encryption policy of India (PDF) that can ensure information and data security.

In these circumstances it is really difficult for Indian government to effectively mange the international legal issues of cyber attacks. Nevertheless, a start must be made by Indian government as soon as possible. We hope Indian government would realise the importance of cyber security very soon.

Tuesday, March 17, 2015

Cyber Security Policy Of India 2015 Must Be Formulated By Narendra Modi Government: CECSRDI

Narendra Modi government has been trying its level best to manage the affairs of India. However, not much success has been achieved by it till now. The worst performance of Modi government pertains to cyber security field where Modi government seems to have lost the track.

If we analyse the projects already implemented by Modi government it is clear that the present BJP government seems to be suffering from “policy bankruptcy”. Till now not even a single policy decision has been taken by Modi government that has proved to be effective. All the Modi government has been able to achieve is continuance of the already left Congress government’s policies and projects.

For instance, projects and policies like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India, National Counter Terrorism Centre (NCTC) of India, Aadhaar Project of India, National Cyber Security Policy of India 2013 (NCSP 2013), Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India, Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, e-mail policy of India, etc were launched by Congress government.  

On the other hand Modi government has taken few steps that are “low hanging fruits” at the maximum. For instance, appointment of Dr. Gulshan Rai as India’s first CISO and asking Nasscom to constitute a task force to solve the growing cyber security menace in India are the two steps taken by Modi government so far. Both these steps are “declarations only" so far as their actual implementation and impact is yet to be seen.

We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. If Modi government cannot formulate even the basic cyber security policy of India 2015 there are little chances that it would be capable of protecting Indian cyberspace from sophisticated cyber attacks and malware.

We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies

CECSRDI wishes all the best to Modi government in its cyber security initiatives and projects and hopes that Modi government would actually start working in this direction as soon as possible.

Wednesday, November 26, 2014

Cyber Security And Related Issues: Comprehensive Coverage

Qualitative cyber security literature is a real treat for cyber security enthusiastics.  INSIGHTS has published one such qualitative cyber security related article that is both comprehensive and well written. The article can be accessed here that is covering both national and international perspectives.  

The scheme of the article comprises of introduction, types of security threats, conventional cyber crimes, cyber warfare and its examples, cyber terrorism and its examples, the need to regulate cyber space, tool to protect against cyber threats, cyber laws in India, ongoing efforts in India, stakeholder agencies in India, intergovernmental organizations and initiatives and much more.

Civil liberties issues like e-surveillance and accountability of intelligence agencies of India have also been covered. A very good read for all those interested in cyber security of India.

Sunday, September 14, 2014

National Cyber Coordination Centre (NCCC) Of India In Pipeline

National Cyber Coordination Centre (NCCC) of India is a promising initiative of India that would help in dealing with adverse cyber activities in India. The Congress Government started this project and now it seems to have been picked up by BJP Government. As per media reports, the National Cyber Coordination Centre (NCCC) of India may finally see the light of the day and may become functional very soon.

However, BJP Government has to take a firm stand in this regard as we have already seen many promises in the cyber security field in the past. The Cyber Security Trends and Development in India 2013 (PDF) provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have marked many shortcomings of Indian cyber security initiatives.

The policy paralysis in cyber security field has continued even in the BJP Government. For instance, the cyber security policy of India 2013 is still not implemented. Similarly, neither the NCCC nor the National Critical Information Infrastructure Protection Centre (NCIPC) of India has become fully functional till now.

However, the biggest failure of both Congress and BJP Government is lack of a dedicated cyber security law of India. In addition, BJP Government has also failed to take care of outdated and draconian laws like cyber law and telegraph Act of India.

Many cyber security related projects are managed by Indian security and intelligence agencies without any parliamentary approval and oversight. The intelligence infrastructure of India needs transparency and reforms. Without this cyber immunity cannot be granted to these agencies. India must also reconcile civil liberties and national security requirements while protecting Indian cyberspace.

The ultimate solution is to formulate a techno legal framework that can safeguard Indian cyberspace in the best possible manner.

Monday, August 25, 2014

Cyber Security Compliances For Doing E-Commerce Business In India

Legal and regulatory compliances are sine quo non for the performance of any business in a legal manner. In the present times, these legal compliances have become very technical and cumbersome. This is more so when e-commerce business sis involved.

E-commerce business involves information and communication technology (ICT) for its conduct and operation. ICT introduces additional challenges like conflict of laws in cyberspace for various e-commerce stakeholders and law enforcement agencies. Cyber security challenges are also faced while doing e-commerce business.

E-commerce business is flourishing at a great speed in India. Most of the e-commerce entrepreneurs are concentrating upon commercial aspects with an eye upon profit motive. In this race they are ignoring techno legal requirements that may affect their rights in the long run.

For instance, e-commerce laws in India are spread across multiple legal frameworks and they are seldom followed by Indian e-commerce stakeholders. Even foreign e-commerce players and portals are required to be registered in India and comply with Indian laws.

Similarly, e-commerce players are required to comply with cyber law and cyber security regulatory compliances in India. A dedicated law for cyber security breaches disclosures is also in pipeline that would impose stringent obligations upon e-commerce players operating in India. Companies that would fail to comply with the cyber law due diligence requirements in India may be punished according to Indian laws.

The cyber security challenges for Indian companies are very difficult to manage in the absence of proper planning and management. Directors of Indian companies and e-commerce websites can be held liable for improper cyber security dealings in India.

Thus, cyber security regulatory compliances issues of e-commerce businesses in India cannot be ignored by various stakeholders except at the risk of litigations and heavy monetary compensations.

China Plans To Enact National Security Law

China is planning to formulate a comprehensive national security law amid rapidly changing circumstances in online and off line worlds. However, like other countries, China has also stressed too much upon regulation and intelligence dependence than balancing the national security and civil liberties requirements. China has also decided to launch its own operating system to remove dependence upon foreign operating systems.

The proposed law seeks to punish companies and individuals engaged in spying and espionage activities. It also includes provisions pertaining to sealing, seizure and confiscation of device, money, venue, supplies and other properties that are related to espionage activities. Illegal income attributable to such activities can also be confiscated.

On the other hand, the national security policy of India is grossly deficient on numerous counts. The biggest lacuna is that it lacks a techno legal orientation and implementation. There are certain essential components of national security policy of India that are still missing. Even the national cyber security policy of India is defective and is still not implemented.

India has been planning to undergo technological upgrade of border broadcast infrastructure due to Chinese broadcasts. The Telecom Commission Cellular Loop’s Proposal would also strengthen mobile based surveillance on national security grounds in India. However, absence of a techno legal national security law of India is the biggest hurdle.

Sunday, August 24, 2014

Indian Directors Can Be Held Liable For Faulty Cyber Security Practices

The company law of India has been recently reformulated and notified in the form of Indian Companies Act, 2013 (Pdf). It has given rise to many novel techno legal obligations on the part of directors of various companies that were absent in the former company law framework. For instance, directors of Indian companies can now be held liable for cyber law and cyber security related lapses. Even law firms and other firms holding their client’s data can be held liable for cyber breaches.

The cyber security trends in India (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has stressed upon a need to secure participation from various stakeholders. Indian government needs to be more stringent while getting cyber security related compliances enforced by Indian companies and their directors. However, till now various companies and their directors are not complying with techno legal requirements of Indian laws.

Recently E-Bay asked for change of passwords by its users after breach of its database containing account information. Before that Target Corporation was targeted by cyber criminals and as a result of that Target Corporation faced litigation threats around the world. Indian companies and banks are also no different as cyber breaches in India have increased significantly. This is the reason that Indian government is planning to formulate a law where cyber security breaches would be required to be disclosed to designated Indian agencies.

Cyber security challenges in India are tremendous and there is an urgent need to tackle them immediately. It would take considerable amount of money and energy to establish a sound and robust cyber security infrastructure of India. The present trends have also shown that Indian companies and government is all set to increase spending on cyber security infrastructure. A good portion of it must be allocated to meet techno legal compliances so that company’s reputation and business is not affected by cyber attacks and their public disclosures. 

Cyber Security Challenges In India

Cyber security breaches are increasing world over and India is also facing serious cyber threats. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus, etc have proved that companies and governments cannot remain aloof of cyber threats anymore. There are numerous cyber security challenges before the Narendra Modi government and the same must be addressed on a priority basis.

India has been facing shortage of skilled cyber security professionals. Further, indigenous hardware and software production is also not upto the mark. The electronic system design and manufacturing (ESDM) policy of India would be a landmark achievement in this regard. With local hardware and software competence and independence, we can better focus upon cyber security skills development in India.

India needs to work at the international diplomacy and cooperation levels as well. Recently India opposed the idea of including cyber security technologies under the Wassenaar Arrangement as till date India is not self dependent in this field. However, once local competence is achieved, such issues would not bother India anymore.

The cyber security trends in India (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has stressed upon development of cyber security capabilities in India. This includes both offensive and defensive cyber security capabilities of India. Dr. APJ Abdul Kalam has reiterated the need for such capabilities on numerous counts.

India is also required to align her legal frameworks according to the contemporary developments. For instance, we need a dedicated cyber security law of India on the one hand and repeal of Indian cyber and telegraph laws on the other.

These cyber security challenges of India must be addressed as soon as possible as India has already delayed this issue for many years.

Develop Offensive Cyber Capabilities: A.P.J. Abdul Kalam

Cyberspace has become a complicated place these days. It is full of opportunities and challenges and our response should be guided by its changing nature. Cyber security trends in India (Pdf) are alarming and Indian government needs to take urgent steps to strengthen Indian cyber security. Present efforts of Indian government are insufficient to protect Indian cyberspace and has made India a sitting duck in cyberspace.

The worst affected area is offensive and defensive cyber security capabilities of India that are still missing. There is no cyber warfare policy of India (Pdf) and Indian critical infrastructures (Pdf) are also vulnerable to cyber threats and cyber threats. International legal issues of cyber security have become tremendously complex in nature due to conflict of laws in cyberspace. India has found herself in a position where she has no influence over this situation.

We need actual and implementable cyber security policy of India, cyber attacks crisis management plan of India, offensive and defensive cyber security capabilities for India, etc. Renowned scientist Dr. A.P.J. Abdul Kalam has also called for a more aggressive approach towards cyber security in India. “Offensive and defensive cyber capabilities are as important for nations to build as the nuclear capabilities. We will soon have only two types of nations – those with cyber offensive and defensive capabilities and those without,” he said.

Tuesday, February 25, 2014

Bitcoin Users Are Facing Increased Cyber Attacks

The Bitcoin exchanges around the world are facing numerous challenges. These include challenges from the point of view of laws, technical aspects, cyber security, etc. In India the Reserve Bank of India (RBI) issued an advisory cautioning Bitcoin users and Bitcoin exchanges of India of potential legal and security risks.

Cyber criminals have also realised the significance of Bitcoins as a potential virtual currency of the future. They have been using novel methods to steal Bitcoins from innocent users. In the absence of appropriate cyber security awareness and inadequate cyber security safeguards, Bitcoins ate stolen very frequently

Third party applications are now bundled with illegal Bitcoins miners. .Recently, the E-Sports Entertainment LLC (ESEA) entered into a consent judgment for creating ESEA Botnet and violation of U.S. laws. Cyber criminals have also infected hundreds of thousands of computers with a malware known as “Pony” to steal Bitcoins and other digital currencies.

Thus, cyber security of Bitcoins exchanges and personal computers of Bitcoin users holding their virtual currency is a real challenge. Let us see how this highly volatile virtual currency would survive the sophisticated cyber attacks in the future.

Advertisement Space- Bid Now

Advertisement Space- Bid Now