Syllabus: Essay and ‘Cyber Security section’ – GS-III
With information technology being applied to trade and commerce as well as to governance, cyberspace becomes a very vulnerable zone. At the same time, the issues of individual/personal privacy and other social and cultural practices are at stake. Therefore, a systematic framework of cyber laws is required to act as a facilitator.
Cybersecurity is a process, technique or procedure to ensure the information security goals. Cybersecurity includes IT security, digital security, electronic security, systems security, internet security etc.
The Global Cybersecurity Index 2017 by the International Telecommunication Union, which measured the commitment of nations to cybersecurity, ranked India 23 out of 165 nations.
Cyber Space vulnerability in India
- India’s vulnerability to cyber attacks is going to increase exponentially with the development of cyber infrastructure and programmes such as Digital India, National Optical Fibre Network, eGovernance, eCommerce, and eServices etc.
- Scorpene Submarine Data Leek Case is a reminder of India’s need to re-look at its cybersecurity norms. As the leak could provide crucial intelligence data to India’s strategic rivals, such as Pakistan or China.
- The government claimed that the potential ransomware attack had no serious impact on India, with only isolated incidents reported across the country while cybersecurity experts claim that the malware infected at least 48,000 computer systems across various organizations in India. This raises doubts as to whether ransomware attacks would even be properly understood and reported in India.
Issues in Cyberspace
- Data protection and protection of privacy of individuals and corporate entities. Hackers are breaking into computer systems without owner’s knowledge and consent.
- While Digital India can bridge the Rural- Urban Divide but the legal framework for implementing the same is not in existence. The entire framework of digital India is based on cyber security and cyber security will play a major part in ensuring the success of Digital India.
- Cyber frauds– Companies not complying with RBI guidelines of double authentication.
- Child pornography– UNICEF in its report titled ‘State of the World’s Children 2017: Children in a Digital World’, stated that “1 in every 3 internet users worldwide is a child and optimum efforts should be made to ensure that children have access to safe online content. And UNICEF has pointed out that there is need to make the digital world safer for the children.
- Terrorist Financing– Terrorist groups are using cyber networks to formulate plans, raise funds, spread propaganda etc.
- Cyber-attacks lead to heavier losses like operational disruptions, loss of sensitive information and designs, impact on brand image etc.
- Protection of copyright and other intellectual property rights.
International Cyber Scenario
It is widely believed that the 2016 US presidential election was an easy target for Russian cyberespionage, which tilted the balance in favor of Donald Trump. An year later, the French presidential election in April 2017 also saw a similar cyber attack, in which hackers attempted to sabotage the election chances of the presidential candidate, Emmanuel Macron.
The Internet now has the potential to affect the geopolitics of states as well as their geo-economics. The Snowden leak (2013) has brought into focus the extent of the mass unwarranted cyber surveillance by a single country (USA). It has raised serious concerns regarding the sovereignty and security of nation states and the violation of basic human rights such as the right to privacy. Therefore, there is an immediate need to have strong International Cyber laws to regulate such global threats.
- The Convention on Cybercrime (Budapest Convention) came into force on 1st July 2004.
- It is the first international treaty on cybercrimes.
- Its main objective, is to pursue a common criminal policy aimed at the protection of the society against cybercrime, especially by adopting appropriate legislation and fostering international co-operation.
Cyber Laws in India
Information Technology Act (IT Act), 2000
- The IT Act is an umbrella legislation that primarily aims to regulate electronic commerce as well as gradually promote a culture of e-governance in India.
- It seeks to effectuate the 1997 United Nations Commission on International Trade Law (UNCITRAL) Model Law on E-Commerce and refers to it in its preamble.
Information Technology (Amendment) Act, 2008
- IT ACT, 2000 was amended through Information Technology (Amendment) Act, 2008.
- The amendment widened the definition of Cyber Security. Act added provisions to the existing Information Technology Act, 2000 to deal with new forms of cyber-crimes like publicizing sexually explicit material in electronic form, video voyeurism, cyber terrorism, breach of confidentiality and leakage of data by intermediary and e-commerce frauds.
- The law seems to take a reasonable effort to tackle two areas of policy in need of reform: cybersecurity and data privacy.
Critical evaluation Of IT Act 2000
IT Act 2000, is inadequate to deal with the current requirements, it was amended last in 2008. The proliferation of social media, growth of e-commerce and demonetisation, etc. which has spurred the growth in the digital economy, so the IT act needs to be reconsidered in the light of these developments.
National Cyber Security Policy 2013
- This policy aims to ensure a secure and resilient cyberspace for citizens, businesses, and the government.
- To generate adequate trust & confidence in IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
- To establish a National and Sectoral level 24 x 7 mechanisms for obtaining strategic information regarding threats to ICT infrastructure.
- Provisions for fiscal benefits to businesses/organisations for adoption of standard security practices and processes.
- It aims for the creation of a 5,00,000-person workforce (cyberwarriors) skilled in cybersecurity within five years.
Need for effective Cyber Security Policy
In a cyberattack in May 2017, hackers were able to swindle about $170 million from the account of Union Bank of India. Such incidents have raised concerns about the nature and extent of cyberattacks in India and the need for appropriate policy, legal, and security responses.
International Cooperation in field of Cyber Security
Global Conference on Cyberspace (GCCS)
- It was hosted in India in 2016.
- This is a conference held biennially since 2011(London).
- It is a platform where governments, private sector and civil society gather to discuss and promote practical cooperation in cyberspace, to enhance cyber capacity building, and to discuss norms for responsible behaviour in cyberspace.
Cyber Security Cooperation between India and Israel
- The agreement envisages collaboration in the field of cyber security resilience, promoting B2B cooperation in cyber security and facilitating industrial summits.
- This is also meant to develop, promote and expand cooperation in the field of Human Resource Development.
- Training programmes, skill development in field of cyber security is a major focus.
Government initiatives to ensure safe Cybersecurity Environment
Gulshan Rai Committee on Cybersecurity
Gulshan Rai committee, report on “Roadmap for Effectively Tackling Cyber Crimes in the Country” few important recommendations are:
- An Indian Cyber Crime Coordination Centre should be established, and which should be linked to NATGRID and CCTNS (Crime and Criminal Tracking Network System)
- Along with one dedicated secure gateway for all government communication.
- Government’s dependence on foreignservers should be reduced.
- To suit the current requirements and prosecute the cybercrimes the Evidence act should be amended.
BN Srikrishna Committee for data protection framework
A committee to identify “key data protection issues” and recommend a framework for data protection law in the country.
- Indian Computer Emergency Response Team (CERT-In) is a government mandated nodal agency for information technology (IT) security.
- It was established in 2004 under the aegis of Department of Information Technology, Ministry of Electronics and IT.
- Government has set up first NIC-CERT centre to prevent, predict cyber-attacks.
- It is an initiative by the Ministry of Information Technology under Digital India to enhance the security posture of NIC and the government.
Cyber Swachhta Kendra launched in New Delhi
The Ministry of Electronics & Information Technology (MeitY) launched Cyber Swachhta Kendra a new desktop and mobile security solution for a secure cyberspace in the country. The centre is operated by the Indian Computer Emergency Response Team (CERT-In).
The Cyber Swachhta Kendra is part of the government of India’s Digital India.Three cyber protection tools were also launched.
- USB Pratirodh: It is a desktop security solution to protect from USB mass storage device threats.
- M-Kavach: It is an indigenously developed mobile application to address the security threats in mobiles
- App samvid: It aims to protect systems by preventing threats from malicious applications and allowing installation through white listing.
Indian Cyber Crime Coordination Center (I4C)
- Central Government has established Indian Cyber Crime Coordination Center (I4C) at National Level to deal with all types of cyber-crime.
- It will act a nodal point in fight against Cyber Crime also as Early Warning System for Law Enforcement Agencies.
- It will also set up a platform for victims to lodge Cyber Crime complaints.
- I4C can be used to investigate the cases of Cyber-Crime including Child Pornography and Online Abuse.
Challenges in Cyber Security
- Low level of awareness- A number of cyber security incidents go unidentified and unreported.
- The cyber infrastructure for adequate point-of-sale (POS) machines is still massively below requirement.
- Scarcity of trained manpower to counter and investigate cyber-attacks.
- Absence of any geographical barriers for cybercrime makes it difficult to locate the attackers.
- Technology in field of cyberspace is rapidly evolving which further pose challenges on the Security architecture.
- Lack of coordination: There are many counter cyber-attack agencies without effective coordination and information sharing.
Suggestion for improving Cyber Security infrastructure and to ensure protection from such threats
- Cyber education should start at school level to keep children well informed, engaged and protected online.
- Delhi High Court has ordered the internet companies to appoint the grievance officers, if this is done properly it will help the enforcement Agencies too in implementing the law.
- One misconceptions about cyber-attacks is that they restricted to the financial services and banking sector. Cybersecurity needs to be integrated in every aspect of policy and planning.
- To face the challenges due to Cyber threats or social Media, the present capabilities of specialized organization like Indian Computer Emergency Response Team (CERT-IN), Centre for Development of Advanced Computing (C-DAC) need to be strengthened.
- A ‘Cyber Wing’ in each the four divisions of the National Cadet Corps (NCC) of India can be established to train the students related to cyber security threats.
- While drafting cyber laws, there should be a mechanism to take inputs from the industry. Because the responsibility of securing the cyberspace where one is operating, lies not only with countries at large, but also with individuals and enterprises.
- Governments, private sector, children’s organizations and families should take Collective action for making digital world safer and accessible for children.
- Govt need to ensure that cyber protection becomes an attractive and viable career option for the youth.
- We should learn from international examples as European Union and United States have very strict cyber laws and they have imposed heavy penalties against the defaulting companies in the past.