Cyber crime as the biggest challenge for the country, Home Minister Rajnath Singh said the cyber space is increasingly being used to radicalise young minds, addressing a security meet organised by ASSOCHAM. Earlier, the crime used to originate from land, water and air but now it emanates from cyber space too. But now days, cyber crime is showing exponential growth in its number, which is a matter of serious concern.
The year 2016 witnessed lots of buzzing about Cyber Security in India. From political circles to corporate houses, Cyber Security was a hot topic to discuss. Nevertheless, Cyber Security is still at discussion stage and actual implementation of Cyber Security initiatives and measures in India was still missing in 2016.
We are trying to anticipate the Cyber Security Trends of India 2016.
(1) Cyber Security Infrastructure: Cyber Security Infrastructure in India could remain at nascent stage in the year 2016 as well. This is so because till now India is still trying to understand the basic concepts of Cyber Security. We believe that Indian Cyber Security Infrastructure must be urgently “Strengthened” so that sophisticated Cyber Attacks can be suitably managed in India.
(2) International Cyber Security Framework: Cyber Attacks and Cyber Security are International Issues and they deserve to be managed at Global Level. Despite this fact we have no “Globally Acceptable” Cyber Law and Cyber Security Treaties. Now Indian Government has also decided to stress upon formulation of International Cyber Law and Cyber Security Treaties.
(3) Digital India And Aadhaar Cyber Security: Digital India project of Narendra Modi Government is a very ambitious technology driven initiative. It can significantly improve the delivery of Public Services in India by using Information and Communication Technology. However, Digital India is suffering from various “Shortcomings” that need to be eliminated by Modi Government on priority basis. The chief among them are disregard to Civil Liberties like Privacy Protection and Data Protection and lack of Cyber Security Infrastructure to support the Digital India project.
The worst “Illegality and Unconstitutionality” of Digital India project is its “Forceful and Deliberate Reliance” upon Aadhaar that is Not “Not Mandatory“. For instance, Aadhaar has been made compulsory for Digital Locker despite Supreme Court’s contrary directions. This makes even the Digital India project vulnerable to Constitutionality Attacks. Besides, Aadhaar has its own Data Security, Civil Liberties and Cyber Security issues that are still unresolved as on date.
(4) Banking Cyber Security: Cyber Security of banks in India is not satisfactory despite the fact that Reserve Bank of India (RBI) has been trying very hard in this regard since 2010. RBI has in the year 2011 mandated that a Chief Information Officers (CIOs) is mandatory for all banks in India. In 2016 RBI has decided to establish an exclusive IT Subsidiary that would manage the Cyber Security related issues of banks of India. Further, Techno Legal Cyber Security Audits must also be undertaken by RBI to check the Cyber Security Infrastructures of banks of India.
(5) Directors’ Cyber Security Obligations: Cyber Security obligations and Cyber Law Due Diligence were not taken seriously. In 2016 Indian Government has been contemplating introduction of Cyber Security Breach Disclosure Norms in India. Cyber Breaches reporting would become mandatory in such circumstances. In fact, the Indian Companies Act, 2013 imposes Cyber Security Obligations upon Directors of Indian Companies. Similarly, the Information Technology Act, 2000 also imposes Cyber Law Obligations upon Directors of Indian Companies.
(6) Botnet Protection: Indian Government announced the establishment of a Botnet cleaning centre in the year 2015.The same may be established in the year 2016 and that would be a good step to strengthen the Cyber Security Infrastructure of India. This initiative would be in addition of the initiatives like National Critical Information Infrastructure Protection Centre (NCIPC) of India and National Cyber Security and Coordination Centre (NCSC) Of India. According to a report, Botnet are causing losses upto the extent of $6 Million a month for Online Advertisement Industry alone. The exact estimates of financial and other losses caused by Botnet is not possible as many of them use Deep Web and Dynamic DNS, Fast Flux and Bullet Proof Servers that makes it very difficult to trace and remove such Botnet. Use of Anti Forensics methods coupled with absence of a conclusive Authorship Attribution results in lack of imposing of legal responsibility and criminal prosecution of stakeholders responsible for such Botnet, Malware and Cyber Attacks in majority of cases.
(7) Cloud Computing Cyber Security: Cloud Computing industry and services are still taking a shape in India. Although we have no dedicated Cloud Computing Laws. The year 2016 would bring enhanced Cyber Law, Cyber Security, Data Protection and Privacy Protection obligations upon the Cloud Computing Companies and their Directors.
(8) E-Health Cyber Security: Digital India project of Narendra Modi Government is covering E-Health and M-Health aspects as well. Suitable Legal Framework for E-Health/M-Health is required and the same may be done in the year 2016. A National E-Health Authority (NeHA) of India has already been proposed, Electronic Health Record (EHR) Standards in India have also been formulated by Indian Government. Cyber Security of E-Health and M-Health Applications, Devices and Infrastructure could be stressed in the year 2016 in India.
(9) Critical Infrastructure Protection: Critical Infrastructure Protection (CIP) is a big challenge for both national and international stakeholders. Internet is full of unprotected SCADA systems on which various Critical Infrastructures are blindly relying without any Cyber Security protections. CIPin India is not in a good condition. Indian Government must take Cyber Security very seriously and it is high time to frame a Critical Infrastructure Policy of India.
(10) CISO Culture: Year 2016 would see an increased appointment and participation of Chief Information Security Officer (CISO) in India. Government has already appointed Dr. Gulshan Rai as the first CISO of India. Further, Companies in India are increasingly becoming aware that a Chief Information Officer (CIO) is need of the hour to protect the interest of the Company in Digital World and Cyberspace. Keeping this in mind both Enterprises and Indian Government are contemplating to increase spending upon Cyber Security Infrastructures of their respective domains.
Ground ‘Zero’ Reality: With increasing inter-connectivity in the world, the challenges will come and we must find ways to tackle these challenges and security loopholes in the networks. View of the reach of mobile phones and internet across the globe, including the far-flung areas, the main problem with cyber crime is its detection and prosecution, as it is faceless and borderless. An expert group has been constituted in the Home Ministry to prepare a roadmap for effectively tackling cyber crimes in the country. It has recommended setting up of an Indian Cyber Crime Coordination Centre (I4C) to fight cyber crimes. A look at the open cyber security positions in India and around the world can help you understand the dearth of IT professionals worldwide.
The State of Cyber security in India: India is no exception in this regard, given the various security breaches and countless records lost during India’s ongoing digital transformation. The majority of these attacks happened in the e-commerce and banking sectors due to the high value of personally identifiable information (PII). These notable breaches in India should serve as a wake-up call for every Indian company to be better prepared for security incidents: Cybercriminals breached the Indian Railway Catering and Tourism Corporation (IRCTC) website, the country’s largest government site, and stole around 10 million customer records from the server of the e-ticketing portal. Fraudsters spoofed the email account of Binny Bansal, chief executive officer (CEO) of Flipkart, and sent two emails to the chief financial officer (CFO) demanding a transfer of $80,000. A Pakistani cybercriminal known as Faisal allegedly breached the website of Canara Bank. The attacker defaced the site by inserting a malicious page and blocked some of its payment services.
It’s a Good Beginning: According to “M-Trends 2016, Asia-Pacific Edition,” Indian organizations are more susceptible to data breaches because of poor investments in high-end security solutions. When it comes to cyber security in India, we need to focus on our belief that a security incident can happen to anyone, including us, and better prepare for future. For example, the RBI governor stated that the Central Bank is improving its security capabilities and asked other banks to follow suit. The recent Memorandum of Understanding (MoU) between the national cyber security agencies of India and the U.K. is a step in the right direction. The exchange of technical information on cyber attacks, security incidents and solutions will benefit both countries while they fight cybercrime together. The Indian government has also started to invest time and money to recruit cyber security experts and partnerships with top international cyber security firms. It’s a good beginning. Even though the pace of change seems slow for cyber security in India, better awareness and effective solutions should help India respond more successfully to security incidents in the future.
- Priyanka Dwivedi – firstname.lastname@example.org