Cyber Security:
‘I dream of a Digital India where cyber security becomes an integral part of our national security.’ – Narendra Modi
It was in 1980s that Tim Berners Lee founded the World Wide Web (WWW) and with that, gave way to modern internet. The internet swamped the world in such a way that soon all activities undertaken in the real world penetrated into the cyber world. Quite naturally, with all good things come the bad and in case of the Internet, it was the cyber security issue. The internet soon became a commonplace for cyber crimes like theft, fraud, defamation, cyber stalking and cyber wars, bringing about a need for efficient cyber security laws.
Cyber Security is the protection of information systems from theft or damage to hardware, software or information on them and misdirection of services they provide.
Cyber Wars:
Cyber wars are usually waged against governments or military establishments using computers and the networks that connect them in order to disrupt, destroy or deny their use. It must be noted that cyber war is different from cyber espionage, cyber terrorism or cyber crimes.
There have been several instances of cyber attacks/wars like the one in 2007, when Estonia, a former Soviet Republic was a victim of one of the most crippling attacks that brought an end to their information systems and critical infrastructure like banking and power. The attack was known as Deliberate Denial of Service (DDoS). It was one of the first examples of the kind of disaster a cyber attack could could cause without any bloodbath.
Before that, United States found in late 2006, that their F-35 Joint Strike Fighter Programme was jeopardised, the source of which was way beyond the boundaries of real world attacks.
Information Technology Act:
Even though there are inestimable numbers of cyber security threats, India still does not have a framework for the same. However, India does have an Information Technology Act, 2000, amended in 2009, that provides for certain aspects of cyber security.
The Act embraces three important aspects: legal recognition of electronic documents, electronic filing of documents with government agencies and to amend certain acts such as Indian Penal Code, Indian Evidence Act. The Act also covers cyber crimes under Section 66 such as Internet fraud, pornography, data theft, phishing etc.
Loopholes in the Cyber Security Law:
However, Section 66 provides minimal punishment, has several loopholes and has largely proven to be inefficient. I have discussed extensively about the loopholes in one of my previous posts.
The Amendment Act provided the definition of cyber security under Section 4(D)(na) to mean ‘protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.’ Yet, the Act has not been efficient in dealing with cyber security issues.
Also, Section 70A and 70B introduced by the Amendment Act were crucial for cyber security issue as:
Section 70A provided for establishment of National Nodal Agency in respect of Critical Information Infrastructure Protection, which was responsible for Research and Development relating to protection of Critical Information Infrastructure.
Section 70B called for appointment of Indian Computer Emergency Response Team that had several functions in the area of cyber security.
However, it took six years to actually bring these bodies in place. It was only in 2014 that a notification was passed under which The National Critical Information Infrastructure Protection Centre (NCIIPC) was created. In spite of this, little has been done to bring the mandate in the 2014 Government notification to action.
In 2013, Government of India passed a National Cyber Security Policy with the aim of protecting information infrastructure, reducing vulnerability, increasing capability and safeguarding it from cyber attacks. However, the policy turned out to be a disappointment as it was just a compilation of statements and objectives without laying down any roadmap for implementation.
Apart from this, India does not have laws for many mainstream issues such as:
- Spamming,which is unsolicited bulk e-mails or unsolicited commercial e-mails that is not only posing threat to internet security but also causing economic problems as spams constitute significant portion of email traffic, storage space, network bandwidth etc. Whereas, countries such as USA, EU and Australia have strong anti-spamming legislation.
- Phishing, which is the process of fraudulently obtaining sensitive information such as usernames, passwords, credit card details etc is not categorically covered under the Information Technology Act. Customers of ICICI and SBI have been victims of phishing. Even though, complaints are filed under Section 43, 43A and 72A , it is pretty ineffectiveas complaints are filed against banks while the act is committed by a third party.
- Data Protection and Privacy, even though India felt the need to have Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules in 2011 that provides data protection and privacy. There is a need to have specific, stringent privacy law in order to bring a balance between interest of the people and the need to tackle cyber crimes.
An exhaustive law to deal with Cyber Security is the need of the hour in India
There is a dire need for a comprehensive framework that covers all aspects of cyber security. India has one of the highest number internet users which quite discernibly contributes as a platform to many cyber crimes, almost all of which are done anonymously.
In fact, in the last 10 years, cyber crime rate has increased by 19% in India. The country is in 2nd position in terms of source of cyber crimes worldwide. Therefore, it is important to have a cogent and stringent law in place before the situation jumps out of the ashes and into the fire.
Picture Courtesy: Flickr