Cyber
attacks have not only become sophisticated but they have also
increased significantly in terms of numbers. Malware like Stuxnet,
Duqu, Flame,
Uroburos/Snake,
Blackshades,
FinFisher,
etc are example of the contemporary Malware that are far beyond the
reach of present cyber security mechanisms. These Malware are stealth
in nature and till the time they are discovered the damage is already
done.
It has been reported by the ICS-CERT of United
States that a U.S.
public utility was cyber attacked and its control system network
were compromised. Similarly, E-Bay has asked
for change of passwords after breach of its database containing
account information. Before that Target Corporation was targeted
by cyber criminals and as a result of that Target Corporation faced
litigation
threats around the world.
The cyber attack scenario has shifted its nature and
territorial scope from being fun and regional to become a potential
tool of cyber warfare and cyber espionage. We have no globally
acceptable international
legal regimes for cyber attacks as on date. Thus, international
legal issues of cyber attacks are yet to be resolved.
Cyberspace also put forward complex problems of
authorship
attribution for cyber attacks and anonymity. Cyberspace also
gives rise to conflict
of laws in cyberspace where multiple laws of different
jurisdictions may be applicable at the same time. Thus, cyber
security and international cooperation cannot be separated in
these circumstances.
Meanwhile, nations around the world are streamlining
their respective cyber security capabilities. We must also develop
offensive and
defensive cyber security capabilities of India. As per the cyber
security trends and developments of India 2013 (PDF) India is
lagging far behind than required cyber security initiatives.
Cyber security in India is still not upto the mark in the absence of
a dedicated cyber
security law of India.
Even compulsory cyber security breaches notification
norms are missing
in India. Recently the National Security Council Secretariat (NSCS)
requested
Reliance Jio Infocomm to share potential cyber security threats on
India’s telecom networks. India has announced that cyber
security breach disclosure norm would be formulated very soon.
However, till now no such disclosure norms are applicable in India
against companies/telecom companies/ISPs of India and this could
raise serious
cyber security issues for India in the near future.
These cyber security breach disclosures are
important as critical infrastructures of India like automated
power grids, thermal
plants, satellites,
etc are vulnerable to diverse forms of cyber attacks. This is the
reason why NTRO has been assigned
the task of protecting the critical infrastructure of India. Till the
national cyber coordination centre (NCCC) is put
into place, national level cyber security coordination would be
missing. The cyber
crisis management plan of India and the cyber
security policy of India must also be made operational as soon as
possible.
Strict enforcement of the license
conditions (PDF) against telecom companies operating in India and
the proposed national
telecom security policy of India 2014 may strengthen the cyber
security infrastructure of India. However, nothing is better than
formulating a good cyber security law of India that can establish a
regulatory regime for compulsory cyber security breach notifications
on the part of companies/telecom companies/ISPs. Let us hope
that the new Indian government would do the needful as soon as
possible.