Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.
Currently, almost 70 categories of cybersecurity products have been identified. These include products used for data loss prevention, security analytics, big data analytics, web security, antivirus, mobile payments, mobile data protection, cloud security, spam free email solutions, among others
WHY WE NEED TO REGULATE CYBERSPACE?
There has been a rapid increase in the use of the online environment where millions of users have access to internet resources and are providing contents on a daily basis.
- The use of internet particularly for the distribution of obscene, indecent and pornographic content. The use of internet for child pornography and child sexual abuse and the relative ease with which the same may be accessed calls for strict regulation.
- The increasing business transaction from tangible assets to intangible assets like Intellectual Property has converted Cyberspace from being a mere info space into important commercial space. The attempt to extend and then protect intellectual property rights online will drive much of the regulatory agenda and produce many technical methods of enforcement.
- The major area of concern where some sort of regulation is desirable is data protection and data privacy so that industry, public administrators, netizens, and academics can have confidence as on-line user.
- Internet has emerged as the ‘media of the people’ as the internet spreads fast there were changes in the press environment that was centered on mass media. Unlike as in the established press, there is no editor in the Internet. People themselves produce and circulate what they want to say and this direct way of communication on internet has caused many social debates. Therefore the future of Cyberspace content demands the reconciliation of the two views of freedom of expression and concern for community standards.
- Another concern is that, money laundering, be ‘serious crime’ becomes much simpler through the use of net. The person may use a name and an electronic address, but there are no mechanisms to
- prove the association of a person with an identity so that a person can be restricted to a single identity or identity can be restricted to a single person. Therefore Cyberspace needs to be regulated to curb this phenomenon.
‘Cyber terrorism is the convergence of terrorism and cyber space. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.
Further, to qualify as cyber terrorism, an attack should result in violence against persons or property or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism depending upon their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.
Cyber-terrorism can also be understood as “the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population.” A hostile nation or group could exploit these vulnerabilities to penetrate a poorly secured computer network and disrupt or even shut down critical functions.
WHY IS THE NEED OF “DOMESTIC PROCUREMENT” BEING EMPHASIZED?
With a view to promoting domestic technology and preventing data theft by foreign entities, the government will soon announce a policy that accords preference in official procurement to ‘Made in India’ antivirus and cybersecurity solutions.
The Ministry of Electronics and Information Technology (MeitY) has issued a draft notification which states “preference shall be provided by all procuring entities to domestically manufactured/ produced cybersecurity products.”
The possibility of foreign vendors retaining some backdoor access and the risk of a third party gaining access was a key factor spurring the policy, said an official, who did not wish to be named. “So, you have to have your own solutions.”
CYBER LAWS IN INDIA
Information Technology Act, 2000
The Information Technology Act, 2000 intends to give legal recognition to e-commerce and e-governance and facilitate its development as an alternate to paper based traditional methods. The Act has adopted a functional equivalents approach in which paper based requirements such as documents, records and signatures are replaced with their electronic counterparts.
The Act seeks to protect this advancement in technology by defining crimes, prescribing punishments, laying down procedures for investigation and forming regulatory authorities. Many electronic crimes have been bought within the definition of traditional crimes too by means of amendment to the Indian Penal Code, 1860. The Evidence Act, 1872 and the Banker’s Book Evidence Act, 1891 too have been suitably amended in order to facilitate collection of evidence in fighting electronic crimes.
National Cyber security Policy, 2013
In light of the growth of IT sector in the country, the National Cyber Security Policy of India 2013 was announced by Indian Government in 2013 yet its actual implementation is still missing. As a result fields like e-governance and e-commerce are still risky and may require cyber insurance in the near future. Its important features include:
- To build secure and resilient cyber space.
- Creating a secure cyber ecosystem, generate trust in IT transactions.
- 24 x 7 NATIONAL CRITICAL INFORMATION INFRASCTRUCTURE PROTECTION CENTER (NCIIPC)
- Indigenous technological solutions (Chinese products and reliance on foreign software)
- Testing of ICT products and certifying them. Validated products
- Creating workforce of 500,000 professionals in the field
- Fiscal Benefits for businessman who accepts standard IT practices, etc.
ONGOING EFFORTS IN INDIA
The government has conducted several awareness and training programmes on cyber crimes for law enforcement agencies including those on the use of cyber Forensics Software packages and the associated procedures with it to collect digital evidence from the scene of crime.
India has already launched e-surveillance projects like National Intelligence Grid (NATGRID), Central Monitoring System (CMS), Internet Spy System Network and Traffic Analysis System (NETRA) of India, etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny. Thus, these projects are violate of Civil Liberties Protection in Cyberspace and provisions of
National Informatics Centre (NIC) has been formed which provides network backbone Manages IT services, E -GOV initiatives to central and state governments.
STAKEHOLDER AGENCIES IN INDIA
Countering cyber crimes is a coordinated effort on the part of several agencies in the Ministry of Home Affairs and in the Ministry of Communications and Information Technology.
The law enforcement agencies such as the Central Bureau of Investigation, The Intelligence Bureau, state police organizations and other specialised organizations such as the National Police Academy and the Indian Computer Emergency Response Team (CERT-In) are the prominent ones who tackle cyber crimes. We will see about of few of them:
- National Information Board (NIB)
National Information Board is an apex agency with representatives from relevant Departments and agencies that form part of the critical minimum information infrastructure in the country.
- National Crisis Management Committee (NCMC)
The National Crisis Management Committee (NCMC) is an apex body of Government of India for dealing with major crisis incidents that have serious or national ramifications. It will also deal with national crisis arising out of focused cyber-attacks.
- National Security Council Secretariat (NSCS)
National Security Council Secretariat (NSCS) is the apex agency looking into the political, economic, energy and strategic security concerns of India and acts as the secretariat to the NIB
- Department of Information Technology (DIT)
Department of Information Technology (DIT) is under the Ministry of Communications and Information Technology, Government of India. DIT strives to make India a global leading player in Information Technology and at the same time take the benefits of Information Technology to every walk of life for developing an empowered and inclusive society. It is mandated with the task of dealing with all issues related to promotion & policies in electronics & IT.
- Department of Telecommunications (DoT)
Department of Telecommunications (DoT) under the Ministry of Communications and Information Technology, Government of India, is responsible to coordinate with all ISPs and service providers with respect to cyber security incidents and response actions as deemed necessary by CERT-In and other government agencies. DoT will provide guidelines regarding roles and responsibilities of Private Service Providers and ensure that these Service Providers are able to track the critical optical fiber networks for uninterrupted availability and have arrangements of alternate routing in case of physical attacks on these networks.
- National Cyber Response Centre – Indian Computer Emergency Response Team (CERTIn)
CERT-In monitors Indian cyberspace and coordinates alerts and warning of imminent attacks and detection of malicious attacks among public and private cyber users and organizations in the country. It maintains 24×7 operations centre and has working relations/collaborations and contacts with CERTs, all over the world; and Sectoral CERTs, public, private, academia, Internet Service Providers and vendors of Information Technology products in the country
- National Information Infrastructure Protection Centre (NIIPC
NIIPC is a designated agency to protect the critical information infrastructure in the country. It gathers intelligence and keeps a watch on emerging and imminent cyber threats in strategic sectors including National Defence. They would prepare threat assessment reports and facilitate sharing of such information and analysis among members of the Intelligence, Defence and Law enforcement agencies with a view to protecting these agencies’ ability to collect, analyze and disseminate intelligence
- National Disaster Management of Authority (NDMA)
The National Disaster Management Authority (NDMA) is the Apex Body for Disaster Management in India and is responsible for creation of an enabling environment for institutional mechanisms at the State and District levels.
- The Cyber Regulations Appellate Tribunal
The Cyber Regulations Appellate Tribunal has power to entertain the cases of any person aggrieved by the Order made by the Controller of Certifying Authority or the Adjudicating Officer. It has been established by the Central Government in accordance with the provisions contained under Section 48(1) of the Information Technology Act, 2000.The body is quasi-judicial in nature
- Intergovernmental organisations and initiatives
Intergovernmental organisations and initiatives. Here we will see in brief, an overview of intergovernmental bodies and initiatives currently addressing cyber security at the policy level
- Council of Europe
The Council of Europe helps protect societies worldwide from the threat of cybercrime through the Budapest Convention on Cybercrime, the Cybercrime Convention Committee (T-CY) and the technical co-operation Programme on Cybercrime. The Budapest Convention on Cybercrime was adopted on 8 November 2001 as the first international treaty addressing crimes committed using or against network and information systems (computers). It entered into force on 1 July 2004.
- Internet Governance Forum (IGF
The IGF was established by the World Summit on the Information Society in 2006 to bring people together from various stakeholder groups in discussions on public policy issues relating to the Internet. While there is no negotiated outcome, the IGF informs and inspires those with policy making power in both the public and private sectors.
The IGF facilitates a common understanding of how to maximise Internet opportunities and address risks and challenges. It is convened under the auspices of the Secretary-General of the United Nations.
Its mandate includes the discussion of public policy issues related to key elements of Internet governance in order to foster the sustainability, robustness, security, stability and development of the Internet.
- United Nations (UN)
The International Telecommunication Union (ITU) is the specialized agency of the United Nations which is responsible for Information and Communication Technologies.
ITU deals also with adopting international standards to ensure seamless global communications and interoperability for next generation networks; building confidence and security in the use of ICTs; emergency communications to develop early warning systems and to provide access to communications during and after disasters, etc