Cyber security has become a priority issue for
stakeholders’ around the world. Though governments are slow to
adapt to cyber security requirements yet there is no escape from the
necessity to have a robust and resilient cyber security
infrastructure. India has been adopting technology driven project
that have little cyber security support. For instance, cyber security
for Digital India, e-governance,
e-commerce,
etc is still missing in India. Till now India is a sitting
duck in cyberspace and civil liberties fields and it must be
suitably prepared to deal with the cyber
security challenges that would further increase in India in the
near future.
There are many cyber
law and cyber
security obligations of Directors of Indian companies that are
still not fulfilled by them. Indian government is also slow in
enforcing these cyber law and cyber security obligations of Indian
directors. The recent
judgment of Supreme Court of India on Sections 66A, 69A and 79 of
Information Technology Act, 2000 has further killed
cyber law due diligence requirements in India to a great extent. This
judgment must be reviewed by the Supreme Court to remove the
unintended consequences of the same.
We at Centre
of Excellence for Cyber Security Research and Development in India
(CECSRDI) has suggested that Narendra Modi government must
formulate the Cyber
Security Policy of India 2015 as soon as possible. The Cyber
Security Policy of India 2013 is suffering from many shortcomings
that must be removed in the 2015 policy. India must also be cyber prepared to protect its cyberspace.
CECSRDI has also suggested that a dedicated cyber
security law of India is need of the hour. The same must be a
techno
legal framework keeping in mind contemporary cyber security
threats. Further cyber
security disclosure norms in India must be formulated by Modi
government. The cyber
security awareness in India must be further improved with a
special emphasis upon clearly specifying the cyber security
obligations of directors of Indian companies.
The Cyber
Security Trends of India 2015 by CECSRDI have outlined that state
sponsored cyber attacks and an increased use of malware is on the
cards. Cyber security of banks in India is need of the hour as cyber criminals
have been targeting banking and financial institutions in India for
long. Even the capital markets of India are vulnerable to
sophisticated cyber attacks. The Securities and Exchange Board of
India (SEBI) has been mandated to regulate the entire gamut of
capital markets in India and it is required to ensure cyber security
of capital markets as well.
Now it has been reported
that SEBI has expanded the ambit of its Technical Advisory Committee
(TAC) to include cyber security of the markets. CECSRDI welcomes this
move of SEBI and is committed to help it in every possible manner to
achieve this benign cyber security objective.
The five-member TAC formed in 2010 is headed by
Ashok Jhunjhunwala, faculty-member, Indian Institute of
Technology-Madras. The other members are H Krishnamurthy of the
Indian Institute of Science (Bangalore), Abhay Karandikar of
IIT-Bombay and Vibhakar Bhushan of Trignon Business Consulting and
Synchosoft.com.
The TAC advises SEBI on various policy and internal
technological safety issues. It also aids the regulator on framing
appropriate policies arising out of technological advancements in
areas such as wireless trading, co-location, algorithmic trading,
smart order routing, Application Programming Interface (API). SEBI is
particularly worried about the growing cyber crimes that have become
complicated and stealth in nature. State sponsored attacks are also a
caused of concern for various cyber security stakeholders. SEBI
believes that Indian capital market needs a framework for future plan
of action on securities market resilience.
This move of SEBI aims at securing the data,
applications, database, operating systems and network layers of
(FMIs) from various forms of cyber attacks such as Denial of Service
(DoS) attacks, phishing, hacking, man-in-the-middle attack, sniffing,
spoofing, key-logging and malware attacks. Critical
infrastructure protection in India (PDF) is still struggling to
deal with sophisticated cyber attacks and malware. In the past it was
declared that NTRO would protect
the critical ICT infrastructures of India. The National Critical
Information Infrastructure Protection Centre (NCIPC)
of India has also been established to protect Indian critical
infrastructures. Nevertheless, cyber security of critical
infrastructure of India is yet to be achieved.
CECSRDI hopes that Indian government and authorities
like SEBI would help in securing Indian critical infrastructures like
banks, capital markets, etc very soon. The starting point can be the
cyber security policy of India 2015 as already suggested by CECSRDI.
Source: Global
Techno Legal News And Views.