India has generously
adopted technology driven projects like Digital India, Aadhaar, etc.
Technology can enable proper and timely management of issues
pertaining to these projects. However, technology would also give
rise to cyber security, cyber law and other techno legal issues in
India.
For instance, smart
cities have unique and techno legal cyber
security and civil
liberties issues that are still not managed by Indian
government. Similarly, Digital India project of Indian government is
also suffering from many shortcomings
and absence of cyber
security infrastructure is one of them. As a matter of
fact, cyber
security infrastructure of India is missing and starting
technology oriented projects in these circumstances is a big risk and
gamble.
The cyber
security trends in India 2016 by Perry4Law
Organisation (P4LO) have predicted an increased number of
cyber attacks against India. The trends have also outlined that there
would be an increase in use of malware and ransomware against various
stakeholders in India in the year 2016. As on date, malware are
defeating
cyber security products and services world wide and India is no
exception to this situation. What is most alarming is absence of
legal frameworks and guidelines regarding cyber security issues in
India.
The correlation between a
legal framework and cyber security is not difficult to anticipate and
conceptualise. Cyber security compliances require adherence to
certain well established legal principles. The moment a cyber
security breach occurs; many legal issues and compliance requirements
are automatically invoked.
For instance, in a
typical cyber attack, it becomes imperative to ascertain and find the
originator
of such attack. The requirements to engage in first instance
analysis, e-discovery and cyber forensics also arise due to such
cyber attack. The reporting requirement to the compliance and
regulatory authorities also arise.
However, none of this
applies to Indian companies and individuals that are facing cyber
attacks no matter howsoever sophisticated and damaging such cyber
attack are. In India companies and individuals are not reporting
cyber security breaches and attacks to the government and its
agencies. The cyber
security developments in India 2015 by P4LO
short listed all these shortcomings of Indian cyber security
initiatives.
The Indian government has
in the past declared that cyber
security breach disclosure norms of India would be
formulated very soon. However, till now no action has been taken in
this regard and companies and individuals are still not reporting
cyber security breached to Indian government and its agencies.
For instance, cyber
crimes and cyber attacks against banks of India is a very common
phenomenon in India. However, banks of India are not only lax while
maintaining cyber security but they are also not disclosing such
cyber crimes and cyber attacks due to fear of adverse publicity and
regulatory penalties. This is creating more problems for the bank
customers in general and banking cyber security in India in
particular.
The Information
Technology Act, 2000 (IT Act 2000) is the sole cyber law of India.
However, it is not capable of forcing the companies and individuals
to disclose cyber security breaches and cyber crimes. Nevertheless,
the rules under the IT Act, 2000 prescribe cyber
law due diligence (PDF), internet
intermediary liability, reasonable cyber security
practices, etc. they indirectly cover some aspects of cyber security
disclosure norms. But they are not sufficient to meet the demands of
present times.
Indian Parliament needs
to enact a dedicated cyber
security law of India that can cater all these regulatory
and compliance requirements. Such a law needs to take into
consideration techno
legal requirements of cyber security. The sooner such a
law is enacted the better it would be for the national interest of
India as cyber security is an essential and integral part of the
national security policy of India.
No comments:
Post a Comment
Please see https://cybersecurityofindia.blogspot.com/p/advertise.html for advertisement procedure.
Note: Only a member of this blog may post a comment.