President Barack Obama unveiled a new cyber-security “national action plan” calling for an overhaul of aging government networks and a high-level commission to boost security awareness.

The announcement responds to an epidemic of data breaches and cyber attacks on both government and private networks in recent years, and passage last year of a cyber-security bill that aims to facilitate better threat sharing.

CYBER SECURITY: INDIAN SCENARIO

Cyber security environment in India is fast changing, facing many sophisticated cyber security problems and challenges, due to growing realisation of threats of cyber attacks and cyber crimes.

As India progresses, its reliance on the Internet  increases at a rapid pace; moreover globalisation and governance require a wired society. Even though the Indian government was a late convert to computerisation, there has been an increasing thrust on e-governance, IT enabled services in Public services (Government to citizen services, citizen identification, public distribution systems), Healthcare (telemedicine, remote consultation, mobile clinics), Education (eLearning, virtual classrooms, etc) and Financial services (mobile banking / payment gateways), etc seen as a cost-effective way of taking public services to the masses across the country. The National Informatics Centre (NIC) was set up as early as 1975 with the goal of providing IT solutions to the government. Policies such as the New Internet Policy of 1998 paved the way for multiple Internet service providers (ISPs) and saw the Internet user base grow from 1.4 million in 1999 to over 15 million by 2003. Internet access increasingly shifts to mobile phones and tablets, with the government making a determined push to increase broadband penetration to 160 million households by 2016.

There has been a boom in e-commerce, and many activities related to e-governance are now being carried out over the Internet. As we grow more dependent on the Internet for our daily activities, we also become more vulnerable to any disruptions caused in and through cyberspace. The rise in the Internet population has meant that while the threats and vulnerabilities inherent to the Internet and cyberspace might have remained more or less the same as before, the probability of disruption has grown apace with the rise in the number of users.

Cyber threats can be disaggregated, based on the perpetrators and their motives: cyber espionage, cyber warfare, cyber terrorism, and cyber crime. Cyber attackers use numerous vulnerabilities in cyberspace to commit these acts. They exploit the weaknesses in software and hardware design through the use of malware, spam, phishing and social networking sites. Hacking is a common way of piercing the defences of protected computer systems and interfering with their functioning. Identity theft, ranging from abuse to financial frauds to cyber espionage is also common. The scope and nature of threats and vulnerabilities is multiplying with every passing day. The increasing online population has proved a happy hunting ground for cyber criminals, with losses due to cyber crime being in billions of dollars worldwide.

Cyberspace has also been used as a conduit for planning terrorist attacks, for recruitment of sympathisers, or as a new arena for attacks in pursuit of the terrorists’ political and social objectives. Terrorists have been known to have used cyberspace for communication, command and control, propaganda, recruitment, training, and funding purposes. From that perspective, the challenge of non-state actors to national security is extremely grave.
India, with respect to above context, is vulnerable to cyber espionage, cyber terrorism, cyber warfare and cyber crime and cyber security scenario in India is one of relative chaos and a sense of insecurity is arising out of the periodic reports of cyber attacks.

Moreover India’s Information Technology (IT) sectors, which has emerged as one of the most significant growth catalysts for the economy,  rides on and resides in cyberspace. In addition to fuelling India’s economy, this sector is also positively influencing the lives of its people through direct and indirect contribution to the various socio-economic parameters such as employment, standard of living and diversity among others. The sector has played a significant role in transforming India’s image to that of a global player in providing world-class technology solutions and IT business services.

GOVERNMENT INITIATIVES

National Cyber Security Policy -2013

To build a secure and resilient cyberspace for citizens, businesses and Government; to protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

Information Technology Act 2000

An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto; promote the IT industry, regulate e-commerce, facilitate e-governance and prevent cybercrime.

SUGGESTIONS

An enabling Legal Framework – Setting up of think tanks in Public-Private mode to identify gaps in the existing policy and frameworks and take action to address them. This includes addressing privacy concerns of on-line users.  As the digital world is much more complex, there is a need to train judiciary, law enforcement agencies and legal practitioners about the cyber crimes, collection of digital evidences and cyber forensics.

R&D – Creation of Centres of Excellence in identified areas of advanced Cyber Security and Centre for Technology Transfer to facilitate transition of R&D prototypes to production, supporting R&D projects in thrust areas.

Security Incident – Early Warning and Response- Comprehensive threat assessment and attack mitigation by means of net traffic analysis and deployment of honey pots, development of vulnerability database.

Security awareness, skill development and training – Launching formal Security Education, Skill Building and Awareness Programmes.  Setting up of Centres of excellence in Cryptography, Malware Research, Mobile Security and Cyber Forensics,

Collaboration – The Cyber space is borderless and actions in the cyber space can be anonymous so there is need to establish a collaborative platform, Focus on proactive and collaborative actions in Public-Private Partnership / think-tank for cyber security policy inputs, discussion and deliberations, operationalisation of security cooperation arrangements with overseas CERTs and industry, and seeking legal cooperation of international agencies on cyber crimes and cyber security. Cyber Security requirements are quite dynamic that change with the threat environment. Threat landscape needs to be updated regularly to prevent emerging attacks. Collaboration among various agencies is needed to share information regarding emerging threats and vulnerabilities, technical complexity of cyber space and availability of skilled resources, which would help in effective protection and prevention of cyber attacks.