Perry4Law Organisation (P4LO) has been providing various techno legal trends of India since 2006. The present work is discussing the cyber security trends and developments as happened in India in the year 2014. Our readers can access the cyber security trends and developments of India 2013 (PDF) as well in this regard.
The Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) has been discussing about techno legal issues of Indian and global cyber security for long. Latest updates on cyber security are available through CECSRDI Twitter account of P4LO. You may also be interested in this comprehensive coverage about Indian cyber security by INSIGHTS.
As per CECSRDI and P4LO, the cyber security trends and developments of India 2014 are as follows:
(1) Policy And Legal Framework: The year 2014 again witnessed a missed opportunity for India to formulate proper policies and laws regarding cyber security of India. For instance, neither the proposed National Cyber Security Policy of India 2013 (NCSP-2013) nor the Information Technology Act, 2000 is sufficient and adequate to cater the legal framework requirements of Indian cyber security scenario. Similarly, cyber security breaches disclosure norms of India are also missing till date. We at P4LO believe that the cyber security law of India is urgently needed.
(2) NCCC Of India: The proposed National Cyber Coordination Centre (NCCC) Of India is still to be established in India till the end of December 2014. As per the latest news, the National Cyber Security and Coordination Centre (NCSC) of India is still under consideration.
(3) Bitcoins Exchanges: The Bitcoin exchanges were very frequently targeted by cyber criminals in the year 2014. In many cases these cyber attacks proved successful as well and many Bitcoin exchanges were forced to shut down due to such cyber attacks.
(4) E-Commerce Websites: Many e-commerce websites were successfully targeted and breached by cyber criminals and data of their users was compromised. This has also raised the question whether these e-commerce websites have failed to observe cyber law due diligence (PDF) and cyber security due diligence while conducing their businesses. In fact, three U.S. States are investigating EBay’s cyber security standards and cyber security breach disclosure practices. The cyber breaches in India would raise complicated cyber law issues in the near future.
(5) Director’s Cyber Security Obligations: The Indian Companies Act, 2013 has significantly increased the cyber security obligations of directors of various companies. However, the true significance and effect of the same is yet to be appreciated by the directors. Law firms’ cyber security obligations are also increasing world over, including India.
(6) Tri Service Cyber Command: A tri service cyber command for armed forces of India has been suggested by Indian Government once again. In May 2013 a similar declaration was made by the then Government. However, it is not clear whether such tri service cyber command has been established in India or nor as on date.
(7) Crisis Management Plan: The cyber crisis management plan of India has been declared in the past but its actual implementation is still missing. As a result we have no implementable crisis management plan of India for cyber attacks and cyber terrorism and this leave our critical infrastructures vulnerable to diverse and sophisticated cyber attacks.
(8) Critical Infrastructure Protection: Protection of critical infrastructures connected to information and communication technology (ICT) is a real challenge. Internet is full of unprotected SCADA systems that can be manipulated and exploited by cyber criminals. Critical Infrastructure Protection in India (PDF) is still at the infancy stage. In a surprise event, Huawei was accused of breaching national security of India by hacking base station controller in AP. Recently, it was declared that NTRO would protect the critical ICT infrastructures of India. India is also contemplating setting up of dedicated units for specific areas governing critical infrastructures.
(9) Cyber Security Capabilities: The cyber security capabilities of India are still trying to cover the ambitious projects of Indian Government. Projects like Digital India and Internet of Things (IoT) (PDF) would require robust cyber security capabilities on the part of India. India is considered to be a sitting duck in the cyberspace and civil liberties protection regime. The offensive and defensive cyber security capabilities of India are also not impressive. The Cyber Security Challenges in India would further increase in future and India must have a sound offensive and defensive cyber security capability.
(10) Rise Of Malware: Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc have exposed India to sophisticated cyber attacks and malware infections. Cyber security breaches are increasing world over and India must be “cyber prepared” to deal with the same. The cyber security challenges before the Narendra Modi Government are not easy to manage and Indian Cyberspace must be protected on a “priority basis”.
(11) International Legal Issues Of Cyber Attacks: The international legal issues of cyber attacks have started gaining importance in the year 2014. Countries around the world have realised that international cooperation (PDF) in the field of cyber security is a must to deal with cross border cyber crimes and cyber attacks. Therefore, an international cyber security treaty is required (PDF). In the absence of such globally acceptable cyber security treaty, the conflict of laws in cyberspace would continue to make the things difficult. Cyberspace has also put forward complex problems of authorship attribution for cyber attacks and anonymity. Cyberspace also gives rise to conflict of laws in cyberspace where multiple laws of different jurisdictions may be applicable at the same time. Even the mutual legal assistance treaties (MLATs) are not helpful in every case of cyber attack and cyber breach. India recently opposed the proposal to include cyber security technologies under the Wassenaar Arrangement.
(12) Priority Areas: Some of the areas where India must ensure robust cyber security include banking industry, thermal power sector, satellites, etc. Indian insurance sector showed interest in cyber insurance in the year 2014 and this is a good sign for both the insurance companies and the insured individuals and entities. Recently, the National Security Council (NSC) proposed three pronged cyber security action plan for India. However, India still has to cover along road before it would consider itself to be even moderately cyber secure.
There are many more techno legal issues of Indian cyber security that cannot be discussed in a single trend. P4LO and CECSRDI would discuss the same from time to time at appropriate platforms and websites.
Overall the cyber security initiatives of India fell well short of a reasonable effort in this regard. Indian Government has to invest in cyber security skills development on the one hand and improving the cyber security capability on the other hand. We hope the year 2015 would be more positive via-a-vis cyber security in India.