Cyber security is a
techno legal field that requires patience and techno legal expertise
to practice. India has been a late entrant in the cyber security
field and a robust and resilient cyber
security infrastructure in India is still missing. We have
a national
cyber security policy of India (NCSP) 2013 but the same
has remained on paper only so far. An analysis
of the existing cyber security policy of India would reveal that
India has still to do its homework in the cyber security field. We at
Perry4Law
Organisation (P4LO) believe that a new and proper cyber
security policy of India 2015 must be urgently formulated
by Narendra Modi government.
With fast urbanisation
and stress upon establishment of smart cities, which mainly depends
on information and communication technologies (ICT) to provide public
services, we can expect increased number of cyber attacks upon
critical infrastructure of India. The critical
infrastructure protection in India (PDF) has its own
challenges and issues. Similarly, smart
cities cyber security in India would have their own
problems
and solutions. There is no second opinion that cyber
attacks are going to increase further and this would raise
complicated international
legal issues of cyber attacks and cyber security.
For instance it was
reported in 2014 that there was a 136% increase in cyber threats and
attacks against Indian government organisations as compared to the
previous year. Similarly, there was 126% increase in attacks
targeting financial services organisations. There is no doubt that a
strong cyber security infrastructure is need of the hour in India.
Even the national cyber security policy of 2013 must be substituted
with the new cyber security policy of India 2015.
Perry4Law Organisation
(P4LO) has been suggesting formulation of the encryption
policy of India (PDF) for long. As a result Indian
government tried to bring an encryption policy recently under Section
84A of the Information Technology Act, 2000 (IT Act 2000) but it was
highly defective. The government ultimately scrapped the encryption
policy but it need to be formulated in a proper manner again.
As on date we are facing
the following cyber security challenges in India:
(1) Cyber security is not
a very easy process to manage. It requires both technological expertise and legal compliances which are lacking in the
country.
(2) There are no dedicated cyber security laws in India, except one or two sections in the the IT Act 2000 which also has its shortcomings such as lack of privacy, lack of civil liberties protection, absence of cyber security breaches disclosure norms etc.
(3) The IT Act 2000 was passed to govern legal issues of e-commerce, e-governance, cyber crimes, etc. But, according to experts, new and better techno-legal laws must be enacted in place of the old law. Techno legal experts believe that Indian laws like IT Act 2000 and telegraph act require urgent repeal and new and better techno legal laws must be enacted to replaces these laws.
(4) On 13 April 2015, the government announced that the Ministry of Home Affairs would form a committee of officials from the Central Bureau of Investigation, Intelligence Bureau, Delhi Police, National Investigation Agency and ministry itself to produce a new legal framework similar to the erstwhile Section 66A of IT Act 2000. However, it is still to be enacted as per the information available with Perry4Law Organisation (P4LO).
(5) Many critical cyber security related issues need to be taken care of such as critical infrastructure protection, cyber warfare policy (PDF), cyber terrorism, cyber espionage, e-governance cyber security, e-commerce cyber security, cyber security of banks, etc.
(6) The cyber security obligations of stakeholders like law firms, e-commerce websites, directors of companies, Government departments, thermal power sector, power and energy utilities, etc must be properly understood and effectively implemented in India.
India is presently facing
many type of cyber security threats. Thease include sophisticated
cyber attacks, cracking, child
pornography, cyber stalking, denial of service (DoS)
attacks, distributed denial of service (DdoS) attack, malware
infections, zero day vulnerabilities, phishing attacks, data theft,
etc. In June 2012, cyber attacks were reported on the Indian Navy’s
Eastern Command systems. On July 12, 2013, just few days after the
release of the National Cyber Security Policy, several high-level GOI
officials reported their emails had been hacked. A report later on
revealed that almost 12,000 systems were hacked which included
systems from the Ministry of External Affairs, Defence Research and
Development Organisation, Ministry of Home Affairs, National
Informatics Centre etc. There are also few reports of Pakistan
indulging in threatening cyber warfare. Hacker groups based out of
Karachi and Lahore have in recent years managed to hack the websites
of the Central Bureau of Investigation (CBI) and the Bharat Sanchar
Nigam Limited (BSNL) mostly to leave hate mail. It is widely believed
that regional terrorist outfits, like the Indian Mujahideen (IM) have
also made use of social media sites to communicate effectively.
Perry4Law Organisation
(P4LO) has provided the following suggestions to Indian government
from time to time:
(1) The Narendra Modi
government must take cyber security of the country seriously
considering the ever-increasing cyber
security challenges in India.
(2) It is high time that India must be cyber prepared to protect its cyberspace.
(3) Draft of the National cyber security policy of India 2015 should be formulated as soon as possible.
(4) There must be a dedicated cyber security law of India keeping in mind contemporary cyber security threats.
(5) Cyber security disclosure norms in India must be formulated as soon as possible.
(6) The cyber security awareness in India must be further improved and spread so that various stakeholders can also effectively take part to the implementation of cyber security initiatives of Indian government.
Perry4Law Organisation
(P4LO) hopes that this research report would be useful to all cyber
security stakeholders in India and foreign jurisdictions.