The government is stepping up authority around cyber security to check the rising menace of financial frauds. Global Conference on Cyber Space (GCCS) was conducted in India for first time where the theme for the conference was Cyber4All: A Secure and Inclusive Cyberspace for Sustainable Development.
=> GCCS was launched with a view to establish internationally agreed ‘rules of the road’ for behavior in cyberspace, and create a more focused and inclusive dialogue between all stakeholders on how to implement them.
=> GCCS 2017 aims to foster a holistic view of cyber space ensuring not only empowerment of individuals but also enabling the Governments to achieve national goals of sustainable development.
=> According to a ASSOCHAM study, there has been a rise of about 350% in cybercrime cases from 2011 to 2014. This entails a relook at the National Cyber Security Policy of 2013. The types of cyber security incidents included phishing, scanning/probing, website intrusions and defacements, virus/malicious code and denial of service attacks.
What is cyber space?
Cyberspace does not have a specific and formal definition but it arrives at a common explanation that it is an electronic world created by interconnected networks of information technology and the information on those networks. The basis for cyberspace is the Internet as a universal and publicly accessible connection and transport network.
Importance of Cyber Security:
-> Cyber Security becomes a challenge as now privacy is a fundamental right as per the Supreme Court verdict and the rise in cybercrimes can lead to violation of private space and liberty of expression.
-> It becomes a vital law of cyber law today. There is need of new tools; capacity building must be done in various departments and a mechanism in place to address these challenges.
-> It is an important arena of internet when the country is moving forward towards a cashless society and digitization. Till 2013, India did not even have a cyber security policy in place. It is of paramount concern to take cyber security seriously in India with most of the transactions going online and cashless.
Challenges for India:
-> In the 21st century, especially after demonetisation, there is a push towards digitization of everything- government documents, bank accounts, RBI, SEBI details etc. Electronic form is encouraged so as to save paper as well as keep a proper track record.
-> There is now a situation where everything is interconnected. In the modern world, cyber warfare is possible situation. There is a need of technology, processes, procedure and laws and the enforcement agencies which are in turn accountable to government. At present, nothing of this sort is in place.
-> National Cyber Security Policy 2013 mandated formation of National Critical Information Infrastructure Protection Centre (NCIIPC) and CERT-In, but both are short of technical expertise and manpower to handle present cyber warfare scenario.
-> Today a large part of infrastructure of telecom network is procured from companies about whose equipment and integrity has no guarantee from cyber security point of view.
-> Many countries have made progress in quantum communication including china. India still buys equipment from foreign companies. It is time that India invests into indigenous and in telecom sector as communication is extremely crucial for country’s security.
-> India cannot afford to ignore cyber threats as information systems are an essential part of day to day functioning of government: more so with the Digital India programme which intends to empower its citizen digitally.
-> There is always a gap between technology and law. Technology changes very fast, the law takes its own time to change and the gap creates problem. This is the area where criminal elements take advantage of it. The need is to bridge the gap and that to fast. It shouldn’t happen that government brings the law and there is already a technology change.
-> The IT act is not sufficient to deal with cyber security. The POCSO Act about child harassment online has been growing but the conviction rate is only 2.5%. There have been just 11000 reporting done on cybercrime registration as per NCRB data.
-> Ransomware and cyber war and terrorism has increased. Section 66F deals with cyber terrorism but there are other aspects which need to be addressed.
-> The enforcement has to be stronger and the law has to be stricter. Mostly the three year term is given and most of the sections of IT act make them bailable which is not deterrent enough to prevent the criminals. There is no clear provision for cyber stalking, no provision against spamming in IT act, new offences like phishing, sexting, sextortion are still not covered along with others.
-> There is need for better laws and amend existing laws. For instance grooming, in the IT Act, Section 67B doesn’t speak in terms where even contact offence, where the child is contacted online and then met in person offline, is not covered. This can be seen in UK and Scotland.
-> Cyber awareness must be spread and there should be multi-stakeholder approach- technological inputs, legal inputs, strengthening law enforcements, systems and then dealing with trans-border crime involves lot of international cooperation.
-> Cyber education should start in schools. Get updated about changes in law and technology and pitfalls of it.
-> Each stakeholder in the entire industry should be made accountable and responsible for the actions they initiate. Investigation and trial courts have to be strengthened. After law making, there is law enforcement which has to keep pace with law and technology.
-> India should become signatory to cybercrime convention which puts a hurdle in dealing with trans-border crime particularly.
-> Build Capacity Centers nationally and internationally, create disaster recovery centres, monitoring command centres outside India. There is a need of cybercrime expert at important police-stations.
-> Secure our supply chain. Operating systems, applications, everything is almost outside India. Take control of India’s supply chain.
-> Effective and efficient role of National Cyber Security Coordinator who heads the National Cyber Coordination Centre which intends to screen communication metadata and co-ordinate the intelligence gathering activities of other agencies. This years’ budget has specially created a computer emergency response team for the financial sector.
In the last couple of decades India has carved a niche for itself in IT. Most of the Indian banking industry and financial institutions have embraced IT to its full optimization. Reports suggest that cyber attacks are understandably directed toward economic and financial institutions.
With innovative, technology led programmes such as Aadhaar, MyGov, GeM, Digital Locker the New India is the land of technological prowess and transformation. Government and the private sector jointly have to give cyber security some priority in their security and risk management plan.