Ads

Ads
Center Of Excellence (CoE) For Internet Of Things (IoT) In India

Monday, November 2, 2015

Smart Cities Cyber Security In India: The Problems And Solutions

Smart cities are the future of urbanisation and population sustainability. The aim of smart cities is to provide a conductive environment for living, commercial activities, healthcare and overall development. Smart cities also predominantly rely upon use of information and communication technologies (ICT) to render public services. Wherever applicable, Internet of Things (IoT) (PDF), cloud computing and virtualisation and machine to machine (M2M) system usage is also there. However, this omnipresent usage of ICT, IoT, M2M, cloud computing, etc has a potential drawback as well in the form of indifference towards smart cities cyber security.

It is not difficult to visualise a scenario of cyber attacks against the critical infrastructures of the smart cities that are run by ICT and technology. Such a cyber attack can cripple the entire smart city if properly executed. Critical infrastructure protection in India (PDF) is still at nascent stage. The national cyber security policy of India 2013 is also very weak and even that has not been implemented by Indian government so far. The much awaited cyber security policy of India 2015 is also missing so far.

A strong cyber security infrastructure of India is need of the hour especially when there is no well settled international legal issues of cyber attacks that can be invoked in the case of a cyber incidence. It is very important that international legal issues of cyber attacks must be resolved by various government and non government stakeholders. There is no globally acceptable cyber law treaty and cyber security treaty (PDF) that can govern the relationships between various countries.  Even the Tallinn Manual on the International Law Applicable to Cyber Warfare  (PDF) is just an academic document with no legal binding obligations. The truth is that Tallinn Manual is not applicable to international cyber warfare attacks and defence and countries are free to take measures as per their own choices.

This has necessitated that cyber security related projects in India must be not only expedited but they must also be successfully implemented as soon as possible. Unfortunately, cyber projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India, National Counter Terrorism Centre (NCTC) of India, Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India, Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, etc have still not been implemented successfully by Indian government.

This raises the pertinent question as to how Indian government would ensure cyber security of smart cities in India. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved so that various stakeholders can contribute significantly to the growth and implementation of cyber security initiatives of Indian government.

Cyber Security Of Banks In India Needs Strengthening

Indian Cyber Security has been ignored for many years by the previous Governments making Indian computer systems and critical infrastructures vulnerable to sophisticated cyber attacks. One of the critical infrastructures is banking sector of India that has miserable cyber security infrastructure. The Cyber Security Trends and Developments in India (PDF) have proved this point very well.

We have no dedicated cyber security laws in India and this is creating numerous troubles for various stakeholders. The banking sector of India is also neglecting cyber security in the absence of stern and effective cyber security regulatory norms in India. Some basic level guidelines and recommendations have been issued by Reserve Bank of India (RBI) but they are far from satisfactory and being effective. These include Internet banking guidelines, formation of a RBI Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, RBI Recommendation on Information Security and its implementation in India, etc.

RBI has also mandated establishment of Steering Committees on Information Security by Banks in India and appointment of Chief Information Officers (CIOs) for all banks in India.  However, banks in India have failed to comply with the directions of RBI so far and even RBI has allowed them to take this liberty. In effect, this means that there is neither a legal framework nor any compulsion to ensure cyber security of banks in India. Naturally, the online banking system of India is not at all cyber secure and banks in India are not following cyber security due diligence and cyber law due diligence (PDF) at all.

Sophisticated malware are targeting banking industry around the world. For instance, Malware Dump Memory Grabber has been targeting Indian banks and POS Terminals. Similarly, the Gameover Zeus or GOZ botnet is also capable of stealing sensitive banking and financial information and details. Recently, the US Justice Department even charged a Russian national for creation of Gameover Zeus (GOZ) Botnet.

India is considering wide scale adoption of mobile banking, Internet banking and other online banking and financial transactions methods. However, India has not considered the issues of mobile banking cyber security, internet banking cyber security, legal aspects of Internet banking, cyber security of e-governance services, etc.

There is no doubt that Indian online banking transactions are vulnerable to cyber attacks. The cyber security for banking and financial sectors of India must be ensured as soon as possible. Online payment market of India and e-commerce and online business legal compliances have further increased the requirements of banking cyber security in India. Similarly, cyber due diligence for Paypal and online payment transferors of India must also be ensured by these stakeholders. The sooner this is done the better it would be for the larger interest of banking sector of India.

Thursday, October 29, 2015

International Legal Issues Of Cyber Attacks: Research Works Of Perry4Law

Cyber security is no more a science fiction but has become a much needed reality. World over regulatory and technical issues have vexed the legislators as cyber security is a techno legal issue. In order to effectively deal with cyber security, the legislators need to adopt a techno legal approach. Cyber security community and stakeholders are unanimous on the opinion that the international legal issues of cyber security must be resolved. Indian response vis-a-vis cyber attacks is also clear and India endorses international cooperation regarding cyber security.

Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world. The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.

The problem with cyber law and cyber security issues is that they not only involve multiple jurisdictions but they are also governed by different set of laws. A single act of cyber crime may have legal ramifications in more than one jurisdictions. It is also possible that an act or omission may be cyber crime in one jurisdiction whereas it may be allowed in another. In short, conflict of laws in cyberspace are very difficult to manage in the absence of a true global cyber law and cyber security treaty (PDF).

As far as India's readiness regarding cyber security capabilities are concerned, India is still concered a sitting duck in the cyberspace and civil liberties fields. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security very seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance.

We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies.

As on date Indian laws, policies and efforts are not sufficient enough to curb the menace of cyber crimes. Cyber attacks, etc happening at the global level. In the absence of global harmonisation of laws in the fields like cyber law and cyber security, India has no other option but to strengthen its own cyber law and cyber security capabilities.

A particular cause of concern is that many developed countries have been engaging in illegal and unconstitutional e-surveillance not only on their own citizens but upon Indian citizens as well. They would not be interested in a harmonised global legal framework for cyber law and cyber security. Unfortunately, India has also adopted the e-surveillance methods and have launched many illegal and unaccountable e-surveillance projects like Aadhaar, Natgrid, Central Monitoring System (CMS), etc. The worst has come in the form of unaccountable and unregulated Digital India project of Modi government that has become the digital panopticon of India. Instead of concentrating upon information security and data protection, Indian government is actively working against civil liberties protection in India. Till now there is no encryption policy of India (PDF) that can ensure information and data security.

In these circumstances it is really difficult for Indian government to effectively mange the international legal issues of cyber attacks. Nevertheless, a start must be made by Indian government as soon as possible. We hope Indian government would realise the importance of cyber security very soon.

Tuesday, March 17, 2015

Cyber Security Policy Of India 2015 Must Be Formulated By Narendra Modi Government: CECSRDI

Narendra Modi government has been trying its level best to manage the affairs of India. However, not much success has been achieved by it till now. The worst performance of Modi government pertains to cyber security field where Modi government seems to have lost the track.

If we analyse the projects already implemented by Modi government it is clear that the present BJP government seems to be suffering from “policy bankruptcy”. Till now not even a single policy decision has been taken by Modi government that has proved to be effective. All the Modi government has been able to achieve is continuance of the already left Congress government’s policies and projects.

For instance, projects and policies like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India, National Counter Terrorism Centre (NCTC) of India, Aadhaar Project of India, National Cyber Security Policy of India 2013 (NCSP 2013), Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India, Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, e-mail policy of India, etc were launched by Congress government.  

On the other hand Modi government has taken few steps that are “low hanging fruits” at the maximum. For instance, appointment of Dr. Gulshan Rai as India’s first CISO and asking Nasscom to constitute a task force to solve the growing cyber security menace in India are the two steps taken by Modi government so far. Both these steps are “declarations only" so far as their actual implementation and impact is yet to be seen.

We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. If Modi government cannot formulate even the basic cyber security policy of India 2015 there are little chances that it would be capable of protecting Indian cyberspace from sophisticated cyber attacks and malware.

We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies

CECSRDI wishes all the best to Modi government in its cyber security initiatives and projects and hopes that Modi government would actually start working in this direction as soon as possible.

Wednesday, November 26, 2014

Cyber Security And Related Issues: Comprehensive Coverage

Qualitative cyber security literature is a real treat for cyber security enthusiastics.  INSIGHTS has published one such qualitative cyber security related article that is both comprehensive and well written. The article can be accessed here that is covering both national and international perspectives.  

The scheme of the article comprises of introduction, types of security threats, conventional cyber crimes, cyber warfare and its examples, cyber terrorism and its examples, the need to regulate cyber space, tool to protect against cyber threats, cyber laws in India, ongoing efforts in India, stakeholder agencies in India, intergovernmental organizations and initiatives and much more.

Civil liberties issues like e-surveillance and accountability of intelligence agencies of India have also been covered. A very good read for all those interested in cyber security of India.

Sunday, September 14, 2014

National Cyber Coordination Centre (NCCC) Of India In Pipeline

National Cyber Coordination Centre (NCCC) of India is a promising initiative of India that would help in dealing with adverse cyber activities in India. The Congress Government started this project and now it seems to have been picked up by BJP Government. As per media reports, the National Cyber Coordination Centre (NCCC) of India may finally see the light of the day and may become functional very soon.

However, BJP Government has to take a firm stand in this regard as we have already seen many promises in the cyber security field in the past. The Cyber Security Trends and Development in India 2013 (PDF) provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have marked many shortcomings of Indian cyber security initiatives.

The policy paralysis in cyber security field has continued even in the BJP Government. For instance, the cyber security policy of India 2013 is still not implemented. Similarly, neither the NCCC nor the National Critical Information Infrastructure Protection Centre (NCIPC) of India has become fully functional till now.

However, the biggest failure of both Congress and BJP Government is lack of a dedicated cyber security law of India. In addition, BJP Government has also failed to take care of outdated and draconian laws like cyber law and telegraph Act of India.

Many cyber security related projects are managed by Indian security and intelligence agencies without any parliamentary approval and oversight. The intelligence infrastructure of India needs transparency and reforms. Without this cyber immunity cannot be granted to these agencies. India must also reconcile civil liberties and national security requirements while protecting Indian cyberspace.

The ultimate solution is to formulate a techno legal framework that can safeguard Indian cyberspace in the best possible manner.

Monday, August 25, 2014

Cyber Security Compliances For Doing E-Commerce Business In India

Legal and regulatory compliances are sine quo non for the performance of any business in a legal manner. In the present times, these legal compliances have become very technical and cumbersome. This is more so when e-commerce business sis involved.

E-commerce business involves information and communication technology (ICT) for its conduct and operation. ICT introduces additional challenges like conflict of laws in cyberspace for various e-commerce stakeholders and law enforcement agencies. Cyber security challenges are also faced while doing e-commerce business.

E-commerce business is flourishing at a great speed in India. Most of the e-commerce entrepreneurs are concentrating upon commercial aspects with an eye upon profit motive. In this race they are ignoring techno legal requirements that may affect their rights in the long run.

For instance, e-commerce laws in India are spread across multiple legal frameworks and they are seldom followed by Indian e-commerce stakeholders. Even foreign e-commerce players and portals are required to be registered in India and comply with Indian laws.

Similarly, e-commerce players are required to comply with cyber law and cyber security regulatory compliances in India. A dedicated law for cyber security breaches disclosures is also in pipeline that would impose stringent obligations upon e-commerce players operating in India. Companies that would fail to comply with the cyber law due diligence requirements in India may be punished according to Indian laws.

The cyber security challenges for Indian companies are very difficult to manage in the absence of proper planning and management. Directors of Indian companies and e-commerce websites can be held liable for improper cyber security dealings in India.

Thus, cyber security regulatory compliances issues of e-commerce businesses in India cannot be ignored by various stakeholders except at the risk of litigations and heavy monetary compensations.

China Plans To Enact National Security Law

China is planning to formulate a comprehensive national security law amid rapidly changing circumstances in online and off line worlds. However, like other countries, China has also stressed too much upon regulation and intelligence dependence than balancing the national security and civil liberties requirements. China has also decided to launch its own operating system to remove dependence upon foreign operating systems.

The proposed law seeks to punish companies and individuals engaged in spying and espionage activities. It also includes provisions pertaining to sealing, seizure and confiscation of device, money, venue, supplies and other properties that are related to espionage activities. Illegal income attributable to such activities can also be confiscated.

On the other hand, the national security policy of India is grossly deficient on numerous counts. The biggest lacuna is that it lacks a techno legal orientation and implementation. There are certain essential components of national security policy of India that are still missing. Even the national cyber security policy of India is defective and is still not implemented.

India has been planning to undergo technological upgrade of border broadcast infrastructure due to Chinese broadcasts. The Telecom Commission Cellular Loop’s Proposal would also strengthen mobile based surveillance on national security grounds in India. However, absence of a techno legal national security law of India is the biggest hurdle.

Sunday, August 24, 2014

Indian Directors Can Be Held Liable For Faulty Cyber Security Practices

The company law of India has been recently reformulated and notified in the form of Indian Companies Act, 2013 (Pdf). It has given rise to many novel techno legal obligations on the part of directors of various companies that were absent in the former company law framework. For instance, directors of Indian companies can now be held liable for cyber law and cyber security related lapses. Even law firms and other firms holding their client’s data can be held liable for cyber breaches.

The cyber security trends in India (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has stressed upon a need to secure participation from various stakeholders. Indian government needs to be more stringent while getting cyber security related compliances enforced by Indian companies and their directors. However, till now various companies and their directors are not complying with techno legal requirements of Indian laws.

Recently E-Bay asked for change of passwords by its users after breach of its database containing account information. Before that Target Corporation was targeted by cyber criminals and as a result of that Target Corporation faced litigation threats around the world. Indian companies and banks are also no different as cyber breaches in India have increased significantly. This is the reason that Indian government is planning to formulate a law where cyber security breaches would be required to be disclosed to designated Indian agencies.

Cyber security challenges in India are tremendous and there is an urgent need to tackle them immediately. It would take considerable amount of money and energy to establish a sound and robust cyber security infrastructure of India. The present trends have also shown that Indian companies and government is all set to increase spending on cyber security infrastructure. A good portion of it must be allocated to meet techno legal compliances so that company’s reputation and business is not affected by cyber attacks and their public disclosures. 

Cyber Security Challenges In India

Cyber security breaches are increasing world over and India is also facing serious cyber threats. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus, etc have proved that companies and governments cannot remain aloof of cyber threats anymore. There are numerous cyber security challenges before the Narendra Modi government and the same must be addressed on a priority basis.

India has been facing shortage of skilled cyber security professionals. Further, indigenous hardware and software production is also not upto the mark. The electronic system design and manufacturing (ESDM) policy of India would be a landmark achievement in this regard. With local hardware and software competence and independence, we can better focus upon cyber security skills development in India.

India needs to work at the international diplomacy and cooperation levels as well. Recently India opposed the idea of including cyber security technologies under the Wassenaar Arrangement as till date India is not self dependent in this field. However, once local competence is achieved, such issues would not bother India anymore.

The cyber security trends in India (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has stressed upon development of cyber security capabilities in India. This includes both offensive and defensive cyber security capabilities of India. Dr. APJ Abdul Kalam has reiterated the need for such capabilities on numerous counts.

India is also required to align her legal frameworks according to the contemporary developments. For instance, we need a dedicated cyber security law of India on the one hand and repeal of Indian cyber and telegraph laws on the other.

These cyber security challenges of India must be addressed as soon as possible as India has already delayed this issue for many years.

Advertisement Space- Bid Now

Advertisement Space- Bid Now