Cyber Crimes and Cyber Attacks have become very common these days for multiple reasons. Some engage in Cyber Crimes and Cyber Attacks for commercial reasons while others indulge in the same on behalf of other stakeholders. At times, even Nations are involved in launching of sophisticated Cyber Attacks.
Cyber Security Challenges in India are not easy to manage in the absence of a robust and resilient Cyber Security Infrastructure. The truth is that Cyber Security Infrastructure in India is inadequate to tackle sophisticated Cyber Attacks and Malware. Indian Government's pet project Digital India is also suffering from many shortcomings and weaknesses.
For instance, Smart Cities Cyber Security is still not part of the Smart Cities Policies and Strategies of India. In the absence of Cyber Breaches Disclosure Norms in India, Companies and their Directors are not following either Cyber Law Due Diligence (PDF) or reporting back the Cyber Breach Incidences to Indian Government and its Agencies.
Cyber attacks have not only become sophisticated but they have also increased significantly in terms of numbers. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc are example of the contemporary Malware that are far beyond the reach of present cyber security mechanisms. These Malware are stealth in nature and till the time they are discovered the damage is already done.
It has been reported by the ICS-CERT of United States that a U.S. public utility was cyber attacked and its control system network were compromised. Similarly, E-Bay has asked for change of passwords after breach of its database containing account information. Before that Target Corporation was targeted by cyber criminals and as a result of that Target Corporation faced litigation threats around the world.
The cyber attack scenario has shifted its nature and territorial scope from being fun and regional to become a potential tool of cyber warfare and cyber espionage. We have no globally acceptable international legal regimes for cyber attacks as on date. Thus, international legal issues of cyber attacks are yet to be resolved.
Cyberspace also put forward complex problems of authorship attribution for cyber attacks and anonymity. Cyberspace also gives rise to conflict of laws in cyberspace where multiple laws of different jurisdictions may be applicable at the same time. Thus, cyber security and international cooperation cannot be separated in these circumstances.
Meanwhile, nations around the world are streamlining their respective cyber security capabilities. We must also develop offensive and defensive cyber security capabilities of India. As per the cyber security trends and developments of India 2013 (PDF) India is lagging far behind than required cyber security initiatives. Cyber security in India is still not upto the mark in the absence of a dedicated cyber security law of India.
Even compulsory cyber security breaches notification norms are missing in India. Recently the National Security Council Secretariat (NSCS) requested Reliance Jio Infocomm to share potential cyber security threats on India’s telecom networks. India has announced that cyber security breach disclosure norm would be formulated very soon. However, till now no such disclosure norms are applicable in India against companies/telecom companies/ISPs of India and this could raise serious cyber security issues for India in the near future.
These cyber security breach disclosures are important as critical infrastructures of India like automated power grids, thermal plants, satellites, etc are vulnerable to diverse forms of cyber attacks. This is the reason why NTRO has been assigned the task of protecting the critical infrastructure of India. Till the National Cyber Coordination Centre (NCCC) is put into place, national level cyber security coordination would be missing. The cyber crisis management plan of India and the cyber security policy of India must also be made operational as soon as possible.
Strict enforcement of the license conditions (PDF) against telecom companies operating in India and the proposed national telecom security policy of India 2014 may strengthen the cyber security infrastructure of India. However, nothing is better than formulating a good cyber security law of India that can establish a regulatory regime for compulsory cyber security breach notifications on the part of companies/telecom companies/ISPs. Let us hope that the new Indian government would do the needful as soon as possible.