Cyber Security Of Banks In India Needs Strengthening

Indian Cyber Security has been ignored for many years by the previous Governments making Indian computer systems and critical infrastructures vulnerable to sophisticated cyber attacks. One of the critical infrastructures is banking sector of India that has miserable cyber security infrastructure. The Cyber Security Trends and Developments in India (PDF) have proved this point very well.

We have no dedicated cyber security laws in India and this is creating numerous troubles for various stakeholders. The banking sector of India is also neglecting cyber security in the absence of stern and effective cyber security regulatory norms in India. Some basic level guidelines and recommendations have been issued by Reserve Bank of India (RBI) but they are far from satisfactory and being effective. These include Internet banking guidelines, formation of a RBI Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, RBI Recommendation on Information Security and its implementation in India, etc.

RBI has also mandated establishment of Steering Committees on Information Security by Banks in India and appointment of Chief Information Officers (CIOs) for all banks in India.  However, banks in India have failed to comply with the directions of RBI so far and even RBI has allowed them to take this liberty. In effect, this means that there is neither a legal framework nor any compulsion to ensure cyber security of banks in India. Naturally, the online banking system of India is not at all cyber secure and banks in India are not following cyber security due diligence and cyber law due diligence (PDF) at all.

Sophisticated malware are targeting banking industry around the world. For instance, Malware Dump Memory Grabber has been targeting Indian banks and POS Terminals. Similarly, the Gameover Zeus or GOZ botnet is also capable of stealing sensitive banking and financial information and details. Recently, the US Justice Department even charged a Russian national for creation of Gameover Zeus (GOZ) Botnet.

India is considering wide scale adoption of mobile banking, Internet banking and other online banking and financial transactions methods. However, India has not considered the issues of mobile banking cyber security, internet banking cyber security, legal aspects of Internet banking, cyber security of e-governance services, etc.

There is no doubt that Indian online banking transactions are vulnerable to cyber attacks. The cyber security for banking and financial sectors of India must be ensured as soon as possible. Online payment market of India and e-commerce and online business legal compliances have further increased the requirements of banking cyber security in India. Similarly, cyber due diligence for Paypal and online payment transferors of India must also be ensured by these stakeholders. The sooner this is done the better it would be for the larger interest of banking sector of India.

Source: International Legal Issues Of Cyber Attacks.

International Legal Issues Of Cyber Attacks: Research Works Of Perry4Law

Cyber security is no more a science fiction but has become a much needed reality. World over regulatory and technical issues have vexed the legislators as cyber security is a techno legal issue. In order to effectively deal with cyber security, the legislators need to adopt a techno legal approach. Cyber security community and stakeholders are unanimous on the opinion that the international legal issues of cyber security must be resolved. Indian response vis-a-vis cyber attacks is also clear and India endorses international cooperation regarding cyber security.

Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world. The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.

The problem with cyber law and cyber security issues is that they not only involve multiple jurisdictions but they are also governed by different set of laws. A single act of cyber crime may have legal ramifications in more than one jurisdictions. It is also possible that an act or omission may be cyber crime in one jurisdiction whereas it may be allowed in another. In short, conflict of laws in cyberspace are very difficult to manage in the absence of a true global cyber law and cyber security treaty (PDF).

As far as India's readiness regarding cyber security capabilities are concerned, India is still concered a sitting duck in the cyberspace and civil liberties fields. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security very seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance.

We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies.

As on date Indian laws, policies and efforts are not sufficient enough to curb the menace of cyber crimes. Cyber attacks, etc happening at the global level. In the absence of global harmonisation of laws in the fields like cyber law and cyber security, India has no other option but to strengthen its own cyber law and cyber security capabilities.

A particular cause of concern is that many developed countries have been engaging in illegal and unconstitutional e-surveillance not only on their own citizens but upon Indian citizens as well. They would not be interested in a harmonised global legal framework for cyber law and cyber security. Unfortunately, India has also adopted the e-surveillance methods and have launched many illegal and unaccountable e-surveillance projects like Aadhaar, Natgrid, Central Monitoring System (CMS), etc. The worst has come in the form of unaccountable and unregulated Digital India project of Modi government that has become the digital panopticon of India. Instead of concentrating upon information security and data protection, Indian government is actively working against civil liberties protection in India. Till now there is no encryption policy of India (PDF) that can ensure information and data security.

In these circumstances it is really difficult for Indian government to effectively mange the international legal issues of cyber attacks. Nevertheless, a start must be made by Indian government as soon as possible. We hope Indian government would realise the importance of cyber security very soon.

Cyber Security Policy Of India 2015 Must Be Formulated By Narendra Modi Government: CECSRDI

Narendra Modi government has been trying its level best to manage the affairs of India. However, not much success has been achieved by it till now. The worst performance of Modi government pertains to cyber security field where Modi government seems to have lost the track.

If we analyse the projects already implemented by Modi government it is clear that the present BJP government seems to be suffering from “policy bankruptcy”. Till now not even a single policy decision has been taken by Modi government that has proved to be effective. All the Modi government has been able to achieve is continuance of the already left Congress government’s policies and projects.

For instance, projects and policies like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India, National Counter Terrorism Centre (NCTC) of India, Aadhaar Project of India, National Cyber Security Policy of India 2013 (NCSP 2013), Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India, Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, e-mail policy of India, etc were launched by Congress government.  

On the other hand Modi government has taken few steps that are “low hanging fruits” at the maximum. For instance, appointment of Dr. Gulshan Rai as India’s first CISO and asking Nasscom to constitute a task force to solve the growing cyber security menace in India are the two steps taken by Modi government so far. Both these steps are “declarations only" so far as their actual implementation and impact is yet to be seen.

We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. If Modi government cannot formulate even the basic cyber security policy of India 2015 there are little chances that it would be capable of protecting Indian cyberspace from sophisticated cyber attacks and malware.

We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies. 

CECSRDI wishes all the best to Modi government in its cyber security initiatives and projects and hopes that Modi government would actually start working in this direction as soon as possible.

Cyber Security And Related Issues: Comprehensive Coverage

Qualitative cyber security literature is a real treat for cyber security enthusiastics.  INSIGHTS has published one such qualitative cyber security related article that is both comprehensive and well written. The article can be accessed here that is covering both national and international perspectives.  

The scheme of the article comprises of introduction, types of security threats, conventional cyber crimes, cyber warfare and its examples, cyber terrorism and its examples, the need to regulate cyber space, tool to protect against cyber threats, cyber laws in India, ongoing efforts in India, stakeholder agencies in India, intergovernmental organizations and initiatives and much more.

Civil liberties issues like e-surveillance and accountability of intelligence agencies of India have also been covered. A very good read for all those interested in cyber security of India.

National Cyber Coordination Centre (NCCC) Of India In Pipeline

National Cyber Coordination Centre (NCCC) of India is a promising initiative of India that would help in dealing with adverse cyber activities in India. The Congress Government started this project and now it seems to have been picked up by BJP Government. As per media reports, the National Cyber Coordination Centre (NCCC) of India may finally see the light of the day and may become functional very soon.

However, BJP Government has to take a firm stand in this regard as we have already seen many promises in the cyber security field in the past. The Cyber Security Trends and Development in India 2013 (PDF) provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have marked many shortcomings of Indian cyber security initiatives.

The policy paralysis in cyber security field has continued even in the BJP Government. For instance, the cyber security policy of India 2013 is still not implemented. Similarly, neither the NCCC nor the National Critical Information Infrastructure Protection Centre (NCIPC) of India has become fully functional till now.

However, the biggest failure of both Congress and BJP Government is lack of a dedicated cyber security law of India. In addition, BJP Government has also failed to take care of outdated and draconian laws like cyber law and telegraph Act of India.

Many cyber security related projects are managed by Indian security and intelligence agencies without any parliamentary approval and oversight. The intelligence infrastructure of India needs transparency and reforms. Without this cyber immunity cannot be granted to these agencies. India must also reconcile civil liberties and national security requirements while protecting Indian cyberspace.

The ultimate solution is to formulate a techno legal framework that can safeguard Indian cyberspace in the best possible manner.

Cyber Security Compliances For Doing E-Commerce Business In India

Legal and regulatory compliances are sine quo non for the performance of any business in a legal manner. In the present times, these legal compliances have become very technical and cumbersome. This is more so when e-commerce business sis involved.

E-commerce business involves information and communication technology (ICT) for its conduct and operation. ICT introduces additional challenges like conflict of laws in cyberspace for various e-commerce stakeholders and law enforcement agencies. Cyber security challenges are also faced while doing e-commerce business.

E-commerce business is flourishing at a great speed in India. Most of the e-commerce entrepreneurs are concentrating upon commercial aspects with an eye upon profit motive. In this race they are ignoring techno legal requirements that may affect their rights in the long run.

For instance, e-commerce laws in India are spread across multiple legal frameworks and they are seldom followed by Indian e-commerce stakeholders. Even foreign e-commerce players and portals are required to be registered in India and comply with Indian laws.

Similarly, e-commerce players are required to comply with cyber law and cyber security regulatory compliances in India. A dedicated law for cyber security breaches disclosures is also in pipeline that would impose stringent obligations upon e-commerce players operating in India. Companies that would fail to comply with the cyber law due diligence requirements in India may be punished according to Indian laws.

The cyber security challenges for Indian companies are very difficult to manage in the absence of proper planning and management. Directors of Indian companies and e-commerce websites can be held liable for improper cyber security dealings in India.

Thus, cyber security regulatory compliances issues of e-commerce businesses in India cannot be ignored by various stakeholders except at the risk of litigations and heavy monetary compensations.

China Plans To Enact National Security Law

China is planning to formulate a comprehensive national security law amid rapidly changing circumstances in online and off line worlds. However, like other countries, China has also stressed too much upon regulation and intelligence dependence than balancing the national security and civil liberties requirements. China has also decided to launch its own operating system to remove dependence upon foreign operating systems.

The proposed law seeks to punish companies and individuals engaged in spying and espionage activities. It also includes provisions pertaining to sealing, seizure and confiscation of device, money, venue, supplies and other properties that are related to espionage activities. Illegal income attributable to such activities can also be confiscated.

On the other hand, the national security policy of India is grossly deficient on numerous counts. The biggest lacuna is that it lacks a techno legal orientation and implementation. There are certain essential components of national security policy of India that are still missing. Even the national cyber security policy of India is defective and is still not implemented.

India has been planning to undergo technological upgrade of border broadcast infrastructure due to Chinese broadcasts. The Telecom Commission Cellular Loop’s Proposal would also strengthen mobile based surveillance on national security grounds in India. However, absence of a techno legal national security law of India is the biggest hurdle.

Indian Directors Can Be Held Liable For Faulty Cyber Security Practices

The company law of India has been recently reformulated and notified in the form of Indian Companies Act, 2013 (Pdf). It has given rise to many novel techno legal obligations on the part of directors of various companies that were absent in the former company law framework. For instance, directors of Indian companies can now be held liable for cyber law and cyber security related lapses. Even law firms and other firms holding their client’s data can be held liable for cyber breaches.

The cyber security trends in India (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has stressed upon a need to secure participation from various stakeholders. Indian government needs to be more stringent while getting cyber security related compliances enforced by Indian companies and their directors. However, till now various companies and their directors are not complying with techno legal requirements of Indian laws.

Recently E-Bay asked for change of passwords by its users after breach of its database containing account information. Before that Target Corporation was targeted by cyber criminals and as a result of that Target Corporation faced litigation threats around the world. Indian companies and banks are also no different as cyber breaches in India have increased significantly. This is the reason that Indian government is planning to formulate a law where cyber security breaches would be required to be disclosed to designated Indian agencies.

Cyber security challenges in India are tremendous and there is an urgent need to tackle them immediately. It would take considerable amount of money and energy to establish a sound and robust cyber security infrastructure of India. The present trends have also shown that Indian companies and government is all set to increase spending on cyber security infrastructure. A good portion of it must be allocated to meet techno legal compliances so that company’s reputation and business is not affected by cyber attacks and their public disclosures. 

Cyber Security Challenges In India

Cyber security breaches are increasing world over and India is also facing serious cyber threats. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus, etc have proved that companies and governments cannot remain aloof of cyber threats anymore. There are numerous cyber security challenges before the Narendra Modi government and the same must be addressed on a priority basis.

India has been facing shortage of skilled cyber security professionals. Further, indigenous hardware and software production is also not upto the mark. The electronic system design and manufacturing (ESDM) policy of India would be a landmark achievement in this regard. With local hardware and software competence and independence, we can better focus upon cyber security skills development in India.

India needs to work at the international diplomacy and cooperation levels as well. Recently India opposed the idea of including cyber security technologies under the Wassenaar Arrangement as till date India is not self dependent in this field. However, once local competence is achieved, such issues would not bother India anymore.

The cyber security trends in India (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has stressed upon development of cyber security capabilities in India. This includes both offensive and defensive cyber security capabilities of India. Dr. APJ Abdul Kalam has reiterated the need for such capabilities on numerous counts.

India is also required to align her legal frameworks according to the contemporary developments. For instance, we need a dedicated cyber security law of India on the one hand and repeal of Indian cyber and telegraph laws on the other.

These cyber security challenges of India must be addressed as soon as possible as India has already delayed this issue for many years.

Develop Offensive Cyber Capabilities: A.P.J. Abdul Kalam

Cyberspace has become a complicated place these days. It is full of opportunities and challenges and our response should be guided by its changing nature. Cyber security trends in India (Pdf) are alarming and Indian government needs to take urgent steps to strengthen Indian cyber security. Present efforts of Indian government are insufficient to protect Indian cyberspace and has made India a sitting duck in cyberspace.

The worst affected area is offensive and defensive cyber security capabilities of India that are still missing. There is no cyber warfare policy of India (Pdf) and Indian critical infrastructures (Pdf) are also vulnerable to cyber threats and cyber threats. International legal issues of cyber security have become tremendously complex in nature due to conflict of laws in cyberspace. India has found herself in a position where she has no influence over this situation.

We need actual and implementable cyber security policy of India, cyber attacks crisis management plan of India, offensive and defensive cyber security capabilities for India, etc. Renowned scientist Dr. A.P.J. Abdul Kalam has also called for a more aggressive approach towards cyber security in India. “Offensive and defensive cyber capabilities are as important for nations to build as the nuclear capabilities. We will soon have only two types of nations – those with cyber offensive and defensive capabilities and those without,” he said.

Bitcoin Users Are Facing Increased Cyber Attacks

The Bitcoin exchanges around the world are facing numerous challenges. These include challenges from the point of view of laws, technical aspects, cyber security, etc. In India the Reserve Bank of India (RBI) issued an advisory cautioning Bitcoin users and Bitcoin exchanges of India of potential legal and security risks.

Cyber criminals have also realised the significance of Bitcoins as a potential virtual currency of the future. They have been using novel methods to steal Bitcoins from innocent users. In the absence of appropriate cyber security awareness and inadequate cyber security safeguards, Bitcoins ate stolen very frequently

Third party applications are now bundled with illegal Bitcoins miners. .Recently, the E-Sports Entertainment LLC (ESEA) entered into a consent judgment for creating ESEA Botnet and violation of U.S. laws. Cyber criminals have also infected hundreds of thousands of computers with a malware known as “Pony” to steal Bitcoins and other digital currencies.

Thus, cyber security of Bitcoins exchanges and personal computers of Bitcoin users holding their virtual currency is a real challenge. Let us see how this highly volatile virtual currency would survive the sophisticated cyber attacks in the future.

India Moves Ahead In The Direction Of Cyber Command For Armed Forces

In the present times of sophisticated cyber attacks, having a centralised cyber command for armed forces of India is a must requirement. This cyber command has been long due and announcement regarding its establishment have been made by Indian government from time to time. The latest announcement in this regard has been made by India government that a tri service cyber command for Armed Forces of India would be established very soon.

However, as has been rightly pointed out that without implementation everything is just a dream. On the implementation aspect, India is still grappling with the issues like cyber warfare, cyber espionage and cyber terrorism, etc. In these circumstances, a dedicated cyber warfare policy of India (PDF) must be formulated as soon as possible.

The Cyber Security Trends and Developments in India 2013 have shown many glaring cyber security problems (PDF) of India.  Establishment of offensive and defensive cyber security capabilities of India is one of the most prominent requirements of present times.

For too long cyber security issues have been dumped due to bureaucratic red tape. Now once again the bureaucratic process has been set in motion. For crucial issues like cyber security, the bureaucratic process and formalities should be kept at minimum.

Computer Systems Of DRDO And Security Officials Breached And Sensitive Files Leaked

Indian critical infrastructures and sensitive computer systems are regularly targeted by crackers. In many cases they are also successfully compromised and in many cases their compromise is also not known for a considerable period of time.

This has happened in the past and it would happen in the future as well. Although there is no absolute mechanism to ensure their security yet we must develop offensive and defensive cyber security capabilities of India.

There are many glaring cyber security problems of India that must be addressed on a priority basis. We must formulate the cyber security policy of India as soon as possible. Similarly, we must also ensure cyber security skills and capabilities development in India. In short, Indian cyber security problems, issues and challenges management must be properly appreciated and adequately taken care of.

In a recent media report, it has been alleged that a successful Chinese cracking attack has caused one of the biggest security breaches in India. The cyber security breach has compromised systems of hundreds of key DRDO and other security officials. The breach has also resulted in leakage of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India.

The leak was detected in the first week of March as officials from India’s technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts cracked open a file called “army cyber policy”. The file had been attached to hacked email accounts of senior DRDO officials that quickly spread through the system in a matter of seconds.

As Indian security experts began to track its origin they discovered, for the first time, that all the sensitive files stolen from the infected systems were being uploaded on a server in the Guangdong province of China.

On further and detailed probe of the breach, it was discovered that thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments. Even the e-tickets of the scientists who had travelled to Delhi in the last week of February were found on the server.

The intelligence officials also discovered documents of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU which manufactures strategic missiles and components. Some other recovered files were related to price negotiations with MBDA, a French missile manufacturing company.

At Perry4Law and Perry4Law’s techno Legal Base (PTLB) we believe that this clearly is a cyber security lapse and cyber security due diligence failure on the part of organisations and computers involved. Let us hope that Indian government would learn lessons from this episode and plug in the loopholes existing in the security of these systems.

Source: CECSRDI.

Regulations And Guidelines For Effective Investigation Of Cyber Crimes In India

Cyber crimes are increasing at a rapid speed in India. However, cyber crimes investigation in India has still to be developed to tackle these cyber crimes effectively. As on date the cyber crime investigation capabilities of law enforcement agencies of India is still deficient and they need proper training in this regard.

The legal and judicial systems of India also need to adapt as per the contemporary information technology oriented society. However, a majority of cyber crimes in India are not reported at all. Even if some cyber crimes are reported, they are not properly investigated and very few such cyber crime cases reach to the court level.

In the absence of scientific evidence and knowledge and proper cyber crime investigation, there are very few cyber crimes convictions in India. In fact, the Supreme Court of India is hearing many Public Interest Litigations (PILs) in this regard.

In one such PIL the Supreme Court of India has issued notice to Centre to seek its views in this regard. The Supreme Court has sought response from the Centre on a PIL seeking its direction to the government to frame regulations and guidelines for effective investigation of cyber crimes in India.

The notice has been issued by a Three Judge Bench of Supreme Court headed by Chief Justice Altamas Kabir. The PIL alleges that the common people are being harassed by police due to lack of procedural safeguards in the prevalent system of cyber laws.

The PIL originated out of the allegations of Pune-based businessman Dilip Kumar Tulsidas Shah who claimed that he was harassed by the police in a cyber crime case in which he was not involved.

 The petitioner seeks the remedy of issuing a writ of Mandamus, order or direction to the Centre to frame an appropriate regulatory framework of rules, regulations and guidelines for effective investigation of cyber crimes, keeping in mind the fundamental rights of citizens.

The Petitioner also contends that there is a near total lack of procedural safeguards in the prevalent system of cyber crime investigation. Police harassment of citizens, whether out of intention or ignorance, is rampant, says the Petitioner.

The Bench after hearing his arguments issued notice and clubbed his plea along with other similar PIL pending before it.

At Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) we have been working in the direction of spreading public awareness regarding cyber law on the one hand and cyber crimes investigation on the other. PTLB is managing the exclusive techno legal Centre of Excellence for Cyber Crimes Investigation in India.

PTLB is also managing the exclusive techno legal Cyber and Hi-Tech Crimes Investigation and Training Centre (CHCIT) of India. A special emphasis upon preventing and punishing cyber crimes against women in India has been undertaken by PTLB. 

PTLB has also launched a techno legal initiative named Intelligence Agencies and Law Enforcement Technology in India. The aim of this initiative is to develop the techno legal capabilities of law enforcement and intelligence agencies of India.

Intelligence agencies and law enforcement agencies of India are actively looking towards adoption and use of information and communication technology (ICT) for their functioning.

Ambitious projects like Crime And Criminal Tracking Network and Systems (CCTNS) Project Of India, National Intelligence Grid (Natgrid) Project Of India, National Counter Terrorism Centre (NCTC) Of India, Central Monitoring System (CMS) Project of India, National Cyber Coordination Centre (NCCC) Of India, etc require techno legal expertise. Law enforcement agencies of India must be aware of both technical as well as legal requirements in order to derive maximum benefits out of these projects.

If either the Supreme Court or the Centre needs our assistance regarding formulating regulations and guidelines for effective investigation of cyber crimes in India, Perry4Law and PTLB would be glad to extend the same.

Source: CECSRDI.

Cyber Security Policy Of India Would Be Formulated

Cyber security in India has now become a policy issue where top governmental official have endorsed about its importance and adoption. In fact, Indian government would soon come up with the cyber security policy of India.

As on date we have no implementable national cyber security policy of India. Even research and development in the field of cyber security is missing in India. Perry4Law Organisation is managing the exclusive techno legal cyber security research and development centre of India (CSRDCI).

Further, Perry4Law Organisation is also managing the exclusive techno legal centre of excellence for cyber security research and development in India (CECSRDI).

Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) welcome the efforts of Indian government to streamline the cyber security of the nation. At the same time we wish to stress upon the importance of critical infrastructure protection in India. Similarly, critical ICT infrastructure protection policy of India is also required to be formulated.

Presently the Indian critical infrastructures are vulnerable to cyber attacks. There are many challenges and issues that remain unredressed till date in this regard. The glaring cyber security problems of India need urgent attention of Indian government and security agencies.

The offensive and defensive cyber security capabilities of India must also be ensured to tackle growing cases of cyber attacks, cyber warfare, cyber espionage and cyber terrorism.

For those interested in further research and discussions on these topics, they may register with the cyber security forum of India and other techno legal forums of India managed by Perry4Law Organisation. We would discuss cyber security policy related issues of India at these forums.

Source: CECSRDI.

Cyber Security Forums Of India And Techno Legal Forums In India

Perry4Law Organisation has been discussing Techno Legal and Cyber Security related aspects for long. Perry4Law Law Firm is the chief Legal Division of Perry4Law Organisation that has been providing Techno Legal Services in India and abroad.

Perry4Law Organisation is managing many Blogs and Websites that are providing General and Specialised Expertise to various stakeholders. For instance, Perry4Law Organisation’s Blog is covering the general discussions whereas the blog titled Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) is covering domain specific Cyber Security related discussions.

Perry4Law Organisation is also managing many good Techno Legal Forums. Perry4Law Organisation’s Forum is the Parent Forum whereas domain specific Forums are also managed by Perry4Law Organisation. For instance, the Cyber Security Forum of Perry4Law Organisation is covering Techno Legal Aspects of cyber Security in India and abroad.

Along with the Cyber Security Forum, there are numerous other techno Legal Forums that are providing Domain Specific and Highly Expertise based discussions. These are:

(1) Cyber Security Forum Of Perry4Law Organisation

(2) Cyber Law Of India And International Cyber Law

(3) Cyber Security News And Views

(4) Techno Legal Think Tank of India

(5) Techno Legal Centre Of Excellence For Cyber Forensics In India (TLCECFI)

(6) National Cyber Security Database of India (NCSDI)

(7) Intelligence Agencies And Law Enforcement Technology In India

(8) Cyber Security Research Centre Of India (CSRCI)

(9) International Critical ICT Infrastructure Protection In India

(10) National Critical ICT Infrastructure Protection In India

(11) International Cyber Law Treaty And Cooperation

(12) International Cyber Security Treaty And Cooperation

(13) International Legal Aspects Of Cyber Security 
 
(14) National Legal Aspects Of Cyber Security In India

(15) Cyber Crimes Investigation In India

We would keep on updating on this topic from time to time. Further, we would also add more Forums and Sub Forums as well.

Perry4Law Organisation is also managing many Discussion Groups. These include:

(1)  Cyber Law Revisited

(2) Cyber Security Research Centre Of India (CSRCI)

(3) Intelligence Agencies And Law Enforcement Technology In India

(4) National Cyber Security Database of India (NCSDI)

(5) Techno Legal Centre Of Excellence For Cyber Forensics In India (TLCECFI)

(6) Techno Legal Think Tank of India

(7) Websites, Blogs And News Censorship By Google And India

Perry4Law Organisation hopes that these Forums and Discussion Groups would prove useful to all concerned.

Source: Perry4Law Organisation’s Blog.

Mobile Service Providers Of India Shall Use Indian Made SIM Cards

Cyber security issues in India are increasingly becoming part of Indian policy decisions. The cyber security policy of India is also witnessing this change. One significant shift in this regard can be found in the way India has been planning to use various hardware and software.

India has been pushing use of indigenously made hardware and software. Further, India has also declared its intention to make cyber security awareness brochures in India mandatory for hardware sale. It is clear that India is becoming serious about its national security and cyber security.

There is no second opinion that mobile banking cyber security in India and mobile cyber security in India are absolutely required. Similarly, the decision of Indian government to ban import of mobiles or cell phones in India with fake IMEI numbers is also justified.

We have no dedicated cell phone laws in India or mobile phone laws in India though they are very much required. However, some solace can be found in the form of governmental directions given from time to time.

Taking another step in ensuring mobile cyber security in India, the Indian government has now shown its concern that SIM cards, used by more than 900 million mobile users in the country, can be a major threat to national security as these might have been produced with malicious embedded software.

To ensure security, the Department of Telecommunications (DoT) has recommended that mobile service providers should manufacture the SIM cards in India with indigenously designed chips incorporating specific laid down standards. The DoT has also recommended that the clause should also be included in the proposed Cyber Security Policy.

The DoT has also proposed imposition of tax on imports of SIM cards till complete indigenous production is ensured. However, mobile companies will have to seek security clearances for such procurements.

Mobile Banking Cyber Security Is Required In India

Mobile banking in India is moving towards an acceptance level. However, till now very few people and institutions are comfortable in using mobile banking in India. Mobile banking in India is still not popular according to RBI. There are certain shortcomings of mobile banking in India that are still left unaddressed.

For instance, mobile governance in India is still not well established. M-governance in India is essential before mobile banking can be successfully implemented in India. We have no regulatory framework for m-governance in India. Even the proposed electronic delivery of services bill 2011 of India has failed to provide a mandatory legal framework for electronic delivery of services in India, including for mobile banking. In short, India is still not ready for m-governance and cloud computing especially in the absence of dedicated e-commerce laws in India.

Mobile banking in India is risky due to absence of mobile cyber security in India. Further, online banking system of India is not secure. In the absence of adequate cyber security safeguards, e-banking in India is not safe. The cyber security trends in India 2011 have also proved that Internet banking cyber security in India is in poor shape and it needs to be strengthened. Even data security, privacy and cyber security in Indian banking industry is not satisfactory.

Online banking risks in India are increasing and this is also shaking the confidence of customers in the same. Even RBI has acknowledged risks of e-banking in India. ATM frauds in India are increasing. In fact, Reserve Bank of India (RBI) has recently released the report of its working group on securing card present transaction that covers ATM security and credit card security issues as well. Internet banking risks in India cannot be effectively tackled till we have dedicated Internet banking laws in India.

Although an integrated banking law of India has been proposed yet it may take some years before it is actually enacted. In an interesting development, the RBI removed limits from mobile banking transactions limits in India. This is good for the development of mobile banking in India but is bad for the interests of mobile banking customers who have almost no safeguards against cyber crimes and technology assisted financial frauds happening in the mobile banking field.

The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. However, Indian banks are not following the guidelines of RBI prescribing mandatory cyber security requirements for banks of India. Further, banks are also liable

Even on the policy front, mobile banking has received a bad response form Indian government. For instance, absence of effective encryption laws in India and non use of robust encryption in India has made the mobile security very weak in India. Instead of making the encryption requirements redundant and weak, India must concentrate upon further strengthening the same for better and secure mobile communications. Governments of most developed countries allow the usage of strong encryption standards ranging from 128 bits to 256 bits or more to ensure the security of sensitive information exchanged via Internet and other networks. However, India is still clinging to 40 bits encryption standards for the simple reason that intelligence and security agencies of India are not capable enough to break strong encryptions.

A weak mobile banking infrastructure would also affect other projects and schemes as well. For instance, recently the Securities and Exchange Board of India (SEBI) has declared about its intentions to introduce electronic initial public offer (E-IPO) in India. This is a good step but E-IPO cannot succeed in the absence of strong mobile banking and Internet banking infrastructure. Online payments mechanisms in India must also be suitable strengthened to make such proposals workable.

India must give these considerations some serious thoughts if it wishes to encash the benefits of technology. Otherwise, concepts like Internet banking and mobile banking are more nuisance than luxury in India.

Source: ICTPS Blog.

Mobile Cyber Security In India Is Needed

Mobile phones have become ubiquitous these days. They are used for multiple purposes ranging from personal use to mobile banking. Cyber criminals have also realised the importance of mobile phones for committing cyber crimes and financial frauds. This is also the reason why malware writers are also writing mobile phone specific malware to steal confidential and sensitive information.

Mobile cyber security in India has become a cause of concern these days. Mobile phones are now proposed to be used for mobile banking and mobile governance in India. Naturally, we must ensure robust mobile cyber security in India. An electronic authentication policy of India can help in more active and secure mobile usages in India. Mobile governance and e-authentication in India are also closely related and with the proposed electronic delivery of services in India this is also a must have requirement.

For the time being we have no implementable electronic delivery of services policy of India though it may be in pipeline. Indian government is working in the direction of ensuring electronic delivery of services in India. In fact a legal framework titled electronic delivery of services bill 2011 (EDS Bill 2011) has also been proposed by Indian government.

Once the EDS Bill 2011 becomes an applicable law, governments across the India would provide electronic services through various modes, including mobile phones. This requires putting a robust and reliable mobile security infrastructure in India.

However, using of mobile phones for commercial and personal transactions in India is also risky. For instance, the mobile banking in India is risky as the present banking and other technology related legal frameworks are not conducive for mobile banking in India. Similarly, we do not have a well developed e-governance infrastructure in India. As a result India is still not ready for m-governance.

We at Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that the biggest hurdles before the mobile related uses in India pertain to use of weak encryption standards and non use of mobile cyber security mechanisms in India. Absence of encryption laws in India has further made the mobile security very weak in India.

The ever evolving mobile malware are further increasing the woes of mobile users’ world wide. Recently 50 applications within Google’s official Android Market were found to be contaminated with DroidDream malware. The malware stole sensitive information like phone’s International Mobile Equipment Identity (IMEI) Number and the SIM card’s International Mobile Subscriber Identity (IMSI) number. It then sent it to a command-and-control server. Similarly, other spyware and bugs are also infecting mobile phones worldwide.

It is high time for India to seriously work upon mobile cyber security aspects as soon as possible. The policy decisions in this regard must be taken urgently and must be implemented as soon as possible.

Source: ICTPS Blog.

Mobile Cyber Security In India

Mobile phone has become an important aspect of our daily lives. We use mobile phone for multi purposes including mobile banking and mobile governance. With the use of third generation spectrum, even better, speedier and more productive use of mobile phones is now possible.

However, of all the benefits of use of mobile, we cannot ignore the risks associated with it. For instance, the mobile banking in India is risky as the present banking and other technology related legal frameworks are not conducive for mobile banking in India.

Similarly, we do not have a well developed e-governance infrastructure in India. Naturally, India is still not ready for m-governance. India does not have any infrastructure, legal framework, policies and strategies and most importantly expertise to implement these ambitious projects.

The biggest hurdles before the mobile related uses in India pertain to use of weak encryption standards and non use of mobile cyber security mechanisms in India, informs Praveen Dalal, managing partner of New Delhi based law firm Perry4Law. Absence of encryption laws in India has further made the mobile security very weak in India, says Dalal.

Mobile viruses and worms are further increasing the woes of mobile users’ world wide, claims Dalal. Recently 50 applications within Google’s official Android Market were found to be contaminated with DroidDream malware. The malware stole sensitive information like phone’s International Mobile Equipment Identity (IMEI) Number and the SIM card’s International Mobile Subscriber Identity (IMSI) number. It then sent it to a command-and-control server, informs Dalal. Similarly, other spyware and bugs are also infecting mobile phones worldwide

Instead of making the encryption requirements redundant and weak, India must concentrate upon further strengthening the same for better and secure mobile communications. Governments of most developed countries allow the usage of strong encryption standards ranging from 128 bits to 256 bits or more to ensure the security of sensitive information exchanged via Internet and other networks. However, India is still clinging to 40 bits encryption standards for the simple reason that intelligence and security agencies of India are not capable enough to break strong encryptions.

In fact, threats have been issued by Indian government to services providers providing encrypted mobile, e-mail and VOIP services. Gmail and Skype have been asked to provide the encryption keys to Indian government and its security agencies. However, neither Google nor Skype have admitted of receiving any such communication. India is also indirectly pressurising Blackberry to help India in its e-surveillance activities. These actions of Indian government would only make mobile security weaker.

Indian population is still not interested in mobile cyber security and if the default encryption protection is also taken away, mobile usage in India is definitely going to be suffered from malware attacks and cyber attacks. India must urgently concentrate upon mobile security so that these infected mobile cannot be used by criminals.

Source: Cjnews India.