Cyber Security has finally got attention of Indian Government in the year 2016 and the year 2017 may see some more developments in this crucial fields. However, the challenges posed by Cyber Security mandates are still not addressed by India satisfactorily. These challenges were discussed by Perry4Law Organisation (P4LO) in the form of Cyber Security Trends of India 2016. In this article, P4LO would be discussing about Cyber Security Challenges of India that it may face in the year 2017. The same is as follows:
(1) Digital Payments: Demonetisation of high denomination notes in India was the biggest event of India in the year 2016. It was intended to curb black money in India as well as to encourage Digital Payments usage by Indian masses. As Indian Government would focus more on Digital Payments in the year 2017, Cyber Crimes and Cyber Security incidences would increase. We at P4LO strongly recommend establishing suitable Cyber Crime Investigation Infrastructure and Cyber Security Infrastructure in India by Indian Government on priority basis.
(2) Cyber Security Law: The year 2017 would see some positive steps in the direction of enactment of Cyber Security Norms and Laws in India. The Information Technology Act, 2000 (IT Act 2000) may be amended in this regard. However, we at P4LO strongly recommend a “Separate and Dedicated Law” for Cyber Security instead of making suitable amendments in the IT Act 2000.
(3) Cyber Breaches Disclosure Norms: Indian Companies, Banks and Organisations are not at all interested in Cyber Breach Disclosure. In the absence of “Mandatory and Implementable” Cyber Breach Disclosure Norms in India, Cyber Security in India remained in poor condition. This is natural as Indian Government and CERT-In Cannot make effective Cyber Security Policies till they are aware of actual Cyber Security threats. The year 2017 may see an increased focus upon mandatory Cyber Breach Disclosure Norms in India, especially banks.
(4) Banking Cyber Security: Cyber Security of banks in India is a major cause of concern for Indian Government. Although the Reserve Bank of India (RBI) has prescribed a Cyber Security Framework for banks of India yet almost all of them have failed to comply with the same. RBI had given a deadline of 30-09-2016 to comply with its Cyber Security Directions, but till 31st December 2016 banks have done nothing in this regard. It is also no secret that online banking, debit and credit cards and other modes of digital payments are vulnerable to sophisticated Cyber Attacks. It is only now that Indian Government has reiterated that banks of India have to report any Cyber Attack to the Government and its Authorities within 2 hours of such “Cyber Occurrence”. The year 2017 may witness an increased demand by Indian Government to ensure Cyber Security of banks by the Indian banks.
(5) Digital India: Digital India is an E-Governance project of Central Government that is supplementing the National E-Governance Plan (NEGP) of previous Government. Both Digital India and NEGP lack Cyber Security Capabilities making them vulnerable to sophisticated Cyber Attacks and Malware. In fact, Digital India project is suffering from various Shortcomings and it is heading for Troubled Waters. We at P4LO believe that Digital India project also needs urgent Regulatory Framework and Procedural Safeguards. Without removing these “Obstacles”, Digital India cannot survive in the long run. The year 2017 may see some action in this regard from the Indian Government.
(6) Crisis Management Plan: An effective and robust Cyber Crisis Management Plan is the most essential element of Digital India project of Narendra Modi Government. We may have a Crisis management Plan on papers, but its actual implementation is still missing. That is natural as well as the essential components of an effective Cyber Crisis Management Plan are still missing. These include a strong Cyber Security Law, effective Cyber Breach Disclosure Norms, robust Cyber Security Infrastructure and a “Timely and Effective Response” to various “Cyber Threats”. Clearly, India does not possess even a single of these components. Indian Government may work upon these Components in the year 2017.
(7) Malware: Malware are proving the “Biggest Nuisance” for Indian Government while implementing the Digital Services. In fact, Malware are defeating Cyber Security Safeguards with ease. Even Cyber Security Products and Services are proving “Ineffective” against Malware, especially the Zero Day Vulnerabilities. Indian Government has been working upon a Botnet Cleaning Centre and Malware Removal Centre and that would prove very handy in the year 2017.
(8) Internet Of Things (IoT): Internet of Things (IoT) has seen an exponential growth in recent times. Although India has witnessed a moderate growth in the year 2016 yet in 2017 IoT may pick up a pace in India. This growth would also give rise to novel Techno Legal issues that were unknown to India so far. For instance, Privacy, Data Protection and Cyber Security Issues of Internet of Things (IoT) in India would be required to be managed. Further, Civil Liberties Issues of IoT in India must also be addressed. Although no positive hints have been given by Indian Government in this regard in 2016 yet the year 2017 may see some positive developments in the field of IoT in India.
(9) Smart Cities: Smart Cities is an area where Indian Government has invested very well. We have good “Commercial Policies” regarding Smart Cities in India. But Privacy, Cyber Security and Data Protection Issues for Smart Cities in India are still unresolved in 2016. P4LO hopes that these issues would be resolved by Indian Government in the year 2017.
(10) Cloud Computing Norms: Cloud Computing created interest among many stakeholders in India in the year 2016. The year 2017 would definitely witness a growth in the field of Cloud Computing and Virtualisation as many national and international stakeholders have already taken steps in this direction. Of course, these stakeholders are required to comply with Cloud Computing Legal and Regulatory Requirements as prescribed by Indian Laws. Presently, stakeholders are not aware of the Cloud Computing Legal Issues in India and they consider any Legal Compliance in this regard “Redundant and Unnecessary”. This attitude of stakeholders needs to be changed for their own interests as Compliance is a much better option than Litigation.
(11) Cyber Law Due Diligence: The most ignored aspect of Indian Cyberspace is avoidance of Cyber Law Due Diligence (PDF) by various stakeholders. This is more so regarding the Directors of Indian Companies and Banks that are required to comply with Cyber Law and Cyber Security requirements under the Information Technology Act, 2000, Indian Companies Act, 2013, etc. Compliance requirements on the part of Indian Directors would increase in the year 2017 and this would also help in strengthening of Cyber Security in India.
Perry4Law Organisation (P4LO) hopes that various stakeholders would find Cyber Security Trends in India 2017 by Perry4Law Organisation (P4LO) useful. If you are interested in availing any Techno Legal Cyber Law, Cyber Security and other Regulatory Compliance services from P4LO, please establish a Client Attorney Relationship in this regard so that we may help you.