Cyber Security And Related Issues: Comprehensive Coverage

Qualitative cyber security literature is a real treat for cyber security enthusiastics.  INSIGHTS has published one such qualitative cyber security related article that is both comprehensive and well written. The article can be accessed here that is covering both national and international perspectives.  

The scheme of the article comprises of introduction, types of security threats, conventional cyber crimes, cyber warfare and its examples, cyber terrorism and its examples, the need to regulate cyber space, tool to protect against cyber threats, cyber laws in India, ongoing efforts in India, stakeholder agencies in India, intergovernmental organizations and initiatives and much more.

Civil liberties issues like e-surveillance and accountability of intelligence agencies of India have also been covered. A very good read for all those interested in cyber security of India.

National Cyber Coordination Centre (NCCC) Of India In Pipeline

National Cyber Coordination Centre (NCCC) of India is a promising initiative of India that would help in dealing with adverse cyber activities in India. The Congress Government started this project and now it seems to have been picked up by BJP Government. As per media reports, the National Cyber Coordination Centre (NCCC) of India may finally see the light of the day and may become functional very soon.

However, BJP Government has to take a firm stand in this regard as we have already seen many promises in the cyber security field in the past. The Cyber Security Trends and Development in India 2013 (PDF) provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have marked many shortcomings of Indian cyber security initiatives.

The policy paralysis in cyber security field has continued even in the BJP Government. For instance, the cyber security policy of India 2013 is still not implemented. Similarly, neither the NCCC nor the National Critical Information Infrastructure Protection Centre (NCIPC) of India has become fully functional till now.

However, the biggest failure of both Congress and BJP Government is lack of a dedicated cyber security law of India. In addition, BJP Government has also failed to take care of outdated and draconian laws like cyber law and telegraph Act of India.

Many cyber security related projects are managed by Indian security and intelligence agencies without any parliamentary approval and oversight. The intelligence infrastructure of India needs transparency and reforms. Without this cyber immunity cannot be granted to these agencies. India must also reconcile civil liberties and national security requirements while protecting Indian cyberspace.

The ultimate solution is to formulate a techno legal framework that can safeguard Indian cyberspace in the best possible manner.

Cyber Security Compliances For Doing E-Commerce Business In India

Legal and regulatory compliances are sine quo non for the performance of any business in a legal manner. In the present times, these legal compliances have become very technical and cumbersome. This is more so when e-commerce business sis involved.

E-commerce business involves information and communication technology (ICT) for its conduct and operation. ICT introduces additional challenges like conflict of laws in cyberspace for various e-commerce stakeholders and law enforcement agencies. Cyber security challenges are also faced while doing e-commerce business.

E-commerce business is flourishing at a great speed in India. Most of the e-commerce entrepreneurs are concentrating upon commercial aspects with an eye upon profit motive. In this race they are ignoring techno legal requirements that may affect their rights in the long run.

For instance, e-commerce laws in India are spread across multiple legal frameworks and they are seldom followed by Indian e-commerce stakeholders. Even foreign e-commerce players and portals are required to be registered in India and comply with Indian laws.

Similarly, e-commerce players are required to comply with cyber law and cyber security regulatory compliances in India. A dedicated law for cyber security breaches disclosures is also in pipeline that would impose stringent obligations upon e-commerce players operating in India. Companies that would fail to comply with the cyber law due diligence requirements in India may be punished according to Indian laws.

The cyber security challenges for Indian companies are very difficult to manage in the absence of proper planning and management. Directors of Indian companies and e-commerce websites can be held liable for improper cyber security dealings in India.

Thus, cyber security regulatory compliances issues of e-commerce businesses in India cannot be ignored by various stakeholders except at the risk of litigations and heavy monetary compensations.

China Plans To Enact National Security Law

China is planning to formulate a comprehensive national security law amid rapidly changing circumstances in online and off line worlds. However, like other countries, China has also stressed too much upon regulation and intelligence dependence than balancing the national security and civil liberties requirements. China has also decided to launch its own operating system to remove dependence upon foreign operating systems.

The proposed law seeks to punish companies and individuals engaged in spying and espionage activities. It also includes provisions pertaining to sealing, seizure and confiscation of device, money, venue, supplies and other properties that are related to espionage activities. Illegal income attributable to such activities can also be confiscated.

On the other hand, the national security policy of India is grossly deficient on numerous counts. The biggest lacuna is that it lacks a techno legal orientation and implementation. There are certain essential components of national security policy of India that are still missing. Even the national cyber security policy of India is defective and is still not implemented.

India has been planning to undergo technological upgrade of border broadcast infrastructure due to Chinese broadcasts. The Telecom Commission Cellular Loop’s Proposal would also strengthen mobile based surveillance on national security grounds in India. However, absence of a techno legal national security law of India is the biggest hurdle.

Indian Directors Can Be Held Liable For Faulty Cyber Security Practices

The company law of India has been recently reformulated and notified in the form of Indian Companies Act, 2013 (Pdf). It has given rise to many novel techno legal obligations on the part of directors of various companies that were absent in the former company law framework. For instance, directors of Indian companies can now be held liable for cyber law and cyber security related lapses. Even law firms and other firms holding their client’s data can be held liable for cyber breaches.

The cyber security trends in India (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has stressed upon a need to secure participation from various stakeholders. Indian government needs to be more stringent while getting cyber security related compliances enforced by Indian companies and their directors. However, till now various companies and their directors are not complying with techno legal requirements of Indian laws.

Recently E-Bay asked for change of passwords by its users after breach of its database containing account information. Before that Target Corporation was targeted by cyber criminals and as a result of that Target Corporation faced litigation threats around the world. Indian companies and banks are also no different as cyber breaches in India have increased significantly. This is the reason that Indian government is planning to formulate a law where cyber security breaches would be required to be disclosed to designated Indian agencies.

Cyber security challenges in India are tremendous and there is an urgent need to tackle them immediately. It would take considerable amount of money and energy to establish a sound and robust cyber security infrastructure of India. The present trends have also shown that Indian companies and government is all set to increase spending on cyber security infrastructure. A good portion of it must be allocated to meet techno legal compliances so that company’s reputation and business is not affected by cyber attacks and their public disclosures. 

Cyber Security Challenges In India

Cyber security breaches are increasing world over and India is also facing serious cyber threats. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus, etc have proved that companies and governments cannot remain aloof of cyber threats anymore. There are numerous cyber security challenges before the Narendra Modi government and the same must be addressed on a priority basis.

India has been facing shortage of skilled cyber security professionals. Further, indigenous hardware and software production is also not upto the mark. The electronic system design and manufacturing (ESDM) policy of India would be a landmark achievement in this regard. With local hardware and software competence and independence, we can better focus upon cyber security skills development in India.

India needs to work at the international diplomacy and cooperation levels as well. Recently India opposed the idea of including cyber security technologies under the Wassenaar Arrangement as till date India is not self dependent in this field. However, once local competence is achieved, such issues would not bother India anymore.

The cyber security trends in India (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has stressed upon development of cyber security capabilities in India. This includes both offensive and defensive cyber security capabilities of India. Dr. APJ Abdul Kalam has reiterated the need for such capabilities on numerous counts.

India is also required to align her legal frameworks according to the contemporary developments. For instance, we need a dedicated cyber security law of India on the one hand and repeal of Indian cyber and telegraph laws on the other.

These cyber security challenges of India must be addressed as soon as possible as India has already delayed this issue for many years.

Develop Offensive Cyber Capabilities: A.P.J. Abdul Kalam

Cyberspace has become a complicated place these days. It is full of opportunities and challenges and our response should be guided by its changing nature. Cyber security trends in India (Pdf) are alarming and Indian government needs to take urgent steps to strengthen Indian cyber security. Present efforts of Indian government are insufficient to protect Indian cyberspace and has made India a sitting duck in cyberspace.

The worst affected area is offensive and defensive cyber security capabilities of India that are still missing. There is no cyber warfare policy of India (Pdf) and Indian critical infrastructures (Pdf) are also vulnerable to cyber threats and cyber threats. International legal issues of cyber security have become tremendously complex in nature due to conflict of laws in cyberspace. India has found herself in a position where she has no influence over this situation.

We need actual and implementable cyber security policy of India, cyber attacks crisis management plan of India, offensive and defensive cyber security capabilities for India, etc. Renowned scientist Dr. A.P.J. Abdul Kalam has also called for a more aggressive approach towards cyber security in India. “Offensive and defensive cyber capabilities are as important for nations to build as the nuclear capabilities. We will soon have only two types of nations – those with cyber offensive and defensive capabilities and those without,” he said.

Bitcoin Users Are Facing Increased Cyber Attacks

The Bitcoin exchanges around the world are facing numerous challenges. These include challenges from the point of view of laws, technical aspects, cyber security, etc. In India the Reserve Bank of India (RBI) issued an advisory cautioning Bitcoin users and Bitcoin exchanges of India of potential legal and security risks.

Cyber criminals have also realised the significance of Bitcoins as a potential virtual currency of the future. They have been using novel methods to steal Bitcoins from innocent users. In the absence of appropriate cyber security awareness and inadequate cyber security safeguards, Bitcoins ate stolen very frequently

Third party applications are now bundled with illegal Bitcoins miners. .Recently, the E-Sports Entertainment LLC (ESEA) entered into a consent judgment for creating ESEA Botnet and violation of U.S. laws. Cyber criminals have also infected hundreds of thousands of computers with a malware known as “Pony” to steal Bitcoins and other digital currencies.

Thus, cyber security of Bitcoins exchanges and personal computers of Bitcoin users holding their virtual currency is a real challenge. Let us see how this highly volatile virtual currency would survive the sophisticated cyber attacks in the future.

India Moves Ahead In The Direction Of Cyber Command For Armed Forces

In the present times of sophisticated cyber attacks, having a centralised cyber command for armed forces of India is a must requirement. This cyber command has been long due and announcement regarding its establishment have been made by Indian government from time to time. The latest announcement in this regard has been made by India government that a tri service cyber command for Armed Forces of India would be established very soon.

However, as has been rightly pointed out that without implementation everything is just a dream. On the implementation aspect, India is still grappling with the issues like cyber warfare, cyber espionage and cyber terrorism, etc. In these circumstances, a dedicated cyber warfare policy of India (PDF) must be formulated as soon as possible.

The Cyber Security Trends and Developments in India 2013 have shown many glaring cyber security problems (PDF) of India.  Establishment of offensive and defensive cyber security capabilities of India is one of the most prominent requirements of present times.

For too long cyber security issues have been dumped due to bureaucratic red tape. Now once again the bureaucratic process has been set in motion. For crucial issues like cyber security, the bureaucratic process and formalities should be kept at minimum.

Computer Systems Of DRDO And Security Officials Breached And Sensitive Files Leaked

Indian critical infrastructures and sensitive computer systems are regularly targeted by crackers. In many cases they are also successfully compromised and in many cases their compromise is also not known for a considerable period of time.

This has happened in the past and it would happen in the future as well. Although there is no absolute mechanism to ensure their security yet we must develop offensive and defensive cyber security capabilities of India.

There are many glaring cyber security problems of India that must be addressed on a priority basis. We must formulate the cyber security policy of India as soon as possible. Similarly, we must also ensure cyber security skills and capabilities development in India. In short, Indian cyber security problems, issues and challenges management must be properly appreciated and adequately taken care of.

In a recent media report, it has been alleged that a successful Chinese cracking attack has caused one of the biggest security breaches in India. The cyber security breach has compromised systems of hundreds of key DRDO and other security officials. The breach has also resulted in leakage of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India.

The leak was detected in the first week of March as officials from India’s technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts cracked open a file called “army cyber policy”. The file had been attached to hacked email accounts of senior DRDO officials that quickly spread through the system in a matter of seconds.

As Indian security experts began to track its origin they discovered, for the first time, that all the sensitive files stolen from the infected systems were being uploaded on a server in the Guangdong province of China.

On further and detailed probe of the breach, it was discovered that thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments. Even the e-tickets of the scientists who had travelled to Delhi in the last week of February were found on the server.

The intelligence officials also discovered documents of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU which manufactures strategic missiles and components. Some other recovered files were related to price negotiations with MBDA, a French missile manufacturing company.

At Perry4Law and Perry4Law’s techno Legal Base (PTLB) we believe that this clearly is a cyber security lapse and cyber security due diligence failure on the part of organisations and computers involved. Let us hope that Indian government would learn lessons from this episode and plug in the loopholes existing in the security of these systems.

Source: CECSRDI.