Cyber Security Trends and Development provide valuable insight into the shortcomings of Cyber Security initiatives of any Nation. Similarly, Cyber Security Trends and Developments of various Nations also help in consolidation of International Legal Issues of Cyber Security. Though we have no globally acceptable International Cyber Security Treaty (PDF), yet global Cyber Security Trends can help in consolidation of International Legal Issues of Cyber Security.
Perry4Law Organisation (P4LO) has been providing Cyber Security Trends and Developments in India for long. We have already provided the Cyber Security Trends and Developments of India 2013 (PDF) and Cyber Security Trends and Developments in India 2014. We have also provided Cyber Security Trends of India 2015 and most of our predictions and analysis were proved true by the unfolded events that took place in Indian Cyberspace and foreign Jurisdictions. Cyber Security Problems and Challenges of India were also highlighted by us.
We also dedicated an exclusive Blog on International Legal Issues of Cyber Security titled International Legal Issues Of Cyber Attacks And Cyber Security, Cyber Terrorism And Cyber Warfare. The aim of this Blog is to provide Techno Legal Cyber Security inputs and suggestions so that International Legal Issues of Cyber Security can be discussed at a single platform.
Some of the Cyber Security Developments that took place in India in the year 2015 are as follows:
(1) Constitutional Cyber Security: Indian Constitution was framed many decades ago. It was not possible to include provisions pertaining to Cyber Law and Cyber Security in the year 1950. Perry4Law Organisation (P4LO) has suggested that Cyber Security and allied fields must be suitably incorporated into the Indian Constitution keeping in mind the future requirements. We are already working in this direction and would come up with Constitutional Cyber Security Issues very soon.
(2) Protection Of School Children: The year 2015 witnessed that School Children are vulnerable to many forms of Cyber Threats. These include Social Engineering attacks, Cyber Stalking, Cyber Harassment, etc. A need was felt in India that School Children must be suitably educated about Cyber Issues.
(3) Cyber Law Due Diligence: Cyber Law Due Diligence (PDF) is not in good condition in India. Companies, Individuals and other Stakeholders did not comply with Cyber Law Due Diligence requirements in the year 2015 as prescribed by Information Technology Act, 2000 (IT Act 2000). However, the worst blow came from none other than the Supreme Court of India. Indian Supreme Court has killed Cyber Law Due Diligence to a great extent. As a matter of fact, we need a strong Cyber Law Due Diligence in India unlike the one suggested by the Supreme Court.
(4) Equation Group And NSA: It has been reported that United States National Security Agency (NSA) may have been planting surveillance software into hard drives and other essential computer equipment sold around the world for more than a decade through Equation Group. NSA has also used radio waves for E-Surveillance purposes in the past. Kaspersky Lab has also revealed that hardware based stealth spyware were also used by Intelligence Agencies in the year 2015.
(5) Cyber Security Infrastructure: Cyber Security Infrastructure in India is still not upto the mark till 2015. Indian Cyberspace is vulnerable to diverse form of Cyber Attacks. In these circumstance, it is imperative that Indian Cyber Security Infrastructure must be strengthened to maximum possible extent. Further, Narendra Modi Government must protect Indian Cyberspace on a Priority basis. As on date and till 2015, India is a Sitting Duck in Cyberspace and Civil Liberties Protection regime.
(6) Banking Cyber Security: Cyber Security of Banks in India is still not given priority by Indian Banks in the year 2015. In fact, Reserve Bank of India (RBI) has been trying to strengthen Cyber Security of Indian Banks but with little success. Now RBI has decided to establish an IT Subsidiary for looking into Cyber Security related issues of Banks of India. This can be a significant move on the part of RBI and may force the Banks in India to finally strengthen their Cyber Security in the year 2016.
(7) Smart Cities: Indian Government has announced in 2015 to establish many Smart Cities in India. Such Smart Cities would be dependent upon Information and Communication Technology (ICT) in diverse manner. Since ICT would be used, Smart Cities Cyber Security in India cannot be ignored by Indian Government. Smart Cities in India, like in foreign countries, are facing many Cyber Security problems and challenges that need to be resolved before launching of full fledged project.
(8) Digital India Cyber Security Issues: Digital India is one of the most ambitious Technology Driven projects of the World. However, its strong dependence upon Aadhaar has made it vulnerable to Legal and Constitutional Attacks. Perry4Law Organisation (P4LO) has outlined some Shortcomings of Digital India Project and we hope they would be considered by Indian Government for a better Digital India initiative of India. The most alarming shortcoming in this regard is that Digital India is suffering from lack of Cyber Security Infrastructure. Nothing is more dangerous and more worrisome than implementing the E-Governance and Digital India Projects of India without adequate Cyber Security.
(9) Cyber Security Legal Framework: All Governments need full and complete “Disclosures” of Cyber Security Breaches affecting the lives of their Citizens. Unfortunately, Cyber Security Breach Disclosure Norms in India are still missing in the year 2015. This is because we have an outdated Cyber Law and missing Cyber Security Law in India. Outdated and Unconstitutional Laws like Cyber Law and Telegraph Act must be urgently repealed and new laws must be formulated in this regard. Further, a Techno Legal Framework must be urgently formulated by Indian Government. At the same time we also need the Cyber Security Policy of India 2015 that is a must to strengthen Indian Cyber Security Capabilities. Civil Liberties Issues in Cyberspace like Privacy Protection must also be ensured by the proposed Cyber Security Policy of India 2015.
(10) E-Surveillance in India: Unconstitutional E-Surveillance issues remained intact in India in the year 2015 as well. Projects like Aadhaar, Digital India, Smart Cities, etc are still violating the Civil Liberties of Indian Citizens without any Procedural and Constitutional Safeguards. Telecom giant Vodafone has confirmed existence of Secret Wires for Indian Government E-Surveillance purposes. Although Indian Department of Telecommunication (DOT) promised investigation into this matter but the same remained an “Empty Promise” only. So far DOT has failed to make the “Investigation Report” public. In similar activities, UK’s Government admitted that it indudged in Illegal E-Surveillance over Lawyers Communications. With the combination of Aadhaar and Digital India, India has become the Biggest Digital Panopticon of the World. To make the matter worst, we have no Parliamentary Oversight over this Digital Panopticon of India. Even the Intelligence Agencies of India need Parliamentary Oversight and Reforms.
(11) Cyber Security Legal Practice: The year 2015 is the starting point for Cyber Security Legal Practice World wide. Law Firms around the World have strated exploring Cyber Security Legal Issues as possible areas of practice. However, as on date there are very few Cyber Security Law Firms in the World that are capable of managing Cyber Security Legal Practice. Perry4Law Law Firm is one of such few Law Firms that are providing Cyber Security and Cyber Forensics Legal Services in India and Foreign Jurisdictions. Some Consultancy Firms have also hired Lawyers in India so they they can provide Cyber Security Legal Services in India. However, the “Legality” of this method is yet to be ascertained as in India Lawyers cannot form Partnership with Non Legal Individuals/Firms. Along with the benefits of Cyber Security Legal Practice, Law Firm’s Cyber Security Obligations in India are also increasing.
(12) Cyber Warfare Policy: Cyber Warfare has become a reality in the present Digital Environment. However, India is not prepared to deal with Cyber Warfare that is taking place at the Global scale. Cyber Warfare against India is also happening but we are not capable of detecting the same in a timely and real time manner. Further, even in the year 2015, we have no Cyber Warfare Policy in India (PDF) that can manage the Techno Legal issues of Cyber Warfare. Even the Tallinn Manual on Cyber Warfare is not applicable to International Cyber Warfare Attacks and Defence and every Nation is free to adopt its own methods and procedures in this regard. Related fields like Cyber Terrorism and Cyber Espionage were also not taken care of by Indian Government in the year 2015.
(13) Encryption Law And Policy: In the year 2015 also Indian Government did not pay any attention to Encryption Policy of India (PDF). The net result is that we have neither a dedicated Encryption Law in India nor any Policy regarding Encryption usage in India till 2015. Although Indian Government tried to formulate an Encryption Policy in the year 2015 yet it was poorly drafted and was immediately withdrawn by Indian Government.
(14) Mobile Security: Just like the year 2014, the year 2015 also witnessed a stress upon Mobile Governance usage in India. Similarly, just like 2014, in the year 2015 also no steps were taken by Indian Government towards ensuring Mobile Security in India. This has given rise to additional Mobile Banking Cyber Security Risks before the Banking Industry of India. Fortunately, RBI has decided to set up an IT Subsidiary to look into matters pertaining to Banking Security and Mobile Banking Cyber Security can also be looked into by that IT Subsidiary.
(15) M-Health: India has also stressed upon use of Mobile Health (M-Health) concept for widespread availability of healthcare services to Indian population. Besides inadequate Cyber Security, M-Health is also suffering from lack of Legal Framework to govern the same. The position is that M-Health projects and businesses in india lacks Regulatory Compliances. Due to this Legal Loophole, M-Health service providers are violating other Indian Laws applicable to them.
(16) Cloud Computing: Cloud Computing in India has miserably failed to comply with either the Indian Laws or the absolutely essential Cyber Security requirements. In the absence of dedicated Laws regarding Privacy Protection and Data Protection (PDF), Virtualisation and Cloud Computing are “Legally Risky” and are “Landmines” for Privacy Violation in India. Further, we have no dedicated Law for Cloud Computing in India as well. The position remained the same in the year 2015.
(17) Internet of Things (IOT): Goods and services based upon Internet of Things (IOT) were introduced in India in 2015. This trend is going to increase in the year 2016 as well as Projects like Smart Cities, Digital India, etc would rely upon IOT for proper functioning. Even the draft IOT Policy of India (PDF) and Revised Draft IOT Policy of India (PDF) were released by Indian Government. However, both the IOT Policies of Indian Government failed to address the Civil Liberties issues. Privacy Rights in the Information age (PDF) have to be addressed by Indian Government for new technologies and concepts.
(18) Cyber Insurance: The year 2015 witnessed a booming Cyber Liability Insurance in India. The major reason for the growth of Cyber Insurance Policies in India is the increased numbers of Cyber Crimes and Cyber Attacks in India. However, Cyber Insurance Stakeholders in India have still to understand the technicalities of Techno Legal aspects of Cyber Insurance.
Perry4Law Organisation (P4LO) hopes that our readers would find this research report on Indian Cyber Security Development in India 2015 useful.