The year 2015 witnessed lots of buzzing about Cyber Security in India. From political circles to corporate houses, Cyber Security was a hot topic to discuss. Nevertheless, Cyber Security is still at discussion stage and actual implementation of Cyber Security initiatives and measures in India was still missing in 2015. Perry4Law Organisation (P4LO) provided Cyber Security Developments of India 2015 for its viewers and readers. Our viewers and readers may also be interested in Indian Cyber Security Developments in 2015 provided by P4LO.
In this post we are trying to anticipate the Cyber Security Trends of India 2016. This is in continuation of the Cyber Security Trends of India 2015 as provided by us in 2015. The year 2016 may witness the following Cyber Security Trends in India:
(1) Cyber Security Infrastructure: Cyber Security Infrastructure in India could remain at nascent stage in the year 2016 as well. This is so because till now India is still trying to understand the basic concepts of Cyber Security. We believe that Indian Cyber Security Infrastructure must be urgently “Strengthened” so that sophisticated Cyber Attacks can be suitably managed in India.
(2) International Cyber Security Framework: Cyber Attacks and Cyber Security are International Issues (PDF) and they deserve to be managed at Global Level. Despite this fact we have no “Globally Acceptable” Cyber Law and Cyber Security Treaties. P4LO has been advocating for the formulation of International Cyber Law and Cyber Security Treaty (PDF) for long. Now Indian Government has also decided to stress upon formulation of International Cyber Law and Cyber Security Treaties. This emphasis upon International Legal Cyber Security Framework would further increase in the year 2016. P4LO has dedicated two web resources titled “International Legal Issues Of Cyber Attacks” and “International Legal Issues of Cyber Security” for our readers and viewers. The aim of these web resources is to help both National and International Stakeholders to frame Techno Legal Cyber Security Regulatory Framework at National and International levels respectively.
(3) Digital India And Aadhaar Cyber Security: Digital India project of Narendra Modi Government is a very ambitious technology driven initiative. It can significantly improve the delivery of Public Services in India by using Information and Communication Technology (ICT). However, Digital India is suffering from various “Shortcomings” that need to be eliminated by Modi Government on priority basis. The chief among them are disregard to Civil Liberties like Privacy Protection and Data Protection and lack of Cyber Security Infrastructure to support the Digital India project.
The worst “Illegality and Unconstitutionality” of Digital India project is its “Forceful and Deliberate Reliance” upon Aadhaar that is Not “Not Mandatory“. For instance, Aadhaar has been made compulsory for Digital Locker despite Supreme Court’s contrary directions. This makes even the Digital India project vulnerable to Constitutionality Attacks. Besides, Aadhaar has its own Data Security, Civil Liberties and Cyber Security issues that are still unresolved as on date. There is an urgent need to disassociate Digital India project from Aadhaar project.
(4) Banking Cyber Security: Cyber Security of banks in India is not satisfactory despite the fact that Reserve Bank of India (RBI) has been trying very hard in this regard since 2010. RBI has in the year 2011 mandated that a Chief Information Officers (CIOs) is mandatory for all banks in India. However, till the December 2015, this requirement has not been complied with by most banks of India. Further, banks of India have also failed to ensure Cyber Security Due Diligence that is mandatory for banks in India. Banks in India are not complying with Cyber Security requirements because RBI has not taken any “Deterrent Action” against the defaulting banks. However, the position would change in the year 2016 as RBI has decided to establish an exclusive IT Subsidiary that would manage the Cyber Security related issues of banks of India. P4LO recommends that RBI must make “Surprise Visits” at the banks in order to check their Cyber Security preparedness. Further, Techno Legal Cyber Security Audits must also be undertaken by RBI to check the Cyber Security Infrastructures of banks of India.
(5) Directors’ Cyber Security Obligations: Cyber Security obligations and Cyber Law Due Diligence (PDF) were not taken seriously by Indian Companies and their Directors in the year 2015. However, things are going to change in the year 2016 as Indian Government has been contemplating introduction of Cyber Security Breach Disclosure Norms in India. Cyber Breaches reporting would become mandatory in such circumstances. In fact, the Indian Companies Act, 2013 imposes Cyber Security Obligations upon Directors of Indian Companies. Similarly, the Information Technology Act, 2000 also imposes Cyber Law Obligations upon Directors of Indian Companies. In short, Cyber Law and Cyber Security Obligations of Directors of Indian Companies would tremendously increase in the year 2016.
(6) Botnet Protection: Indian Government announced the establishment of a Botnet cleaning centre in the year 2015 to tackle the menace of Botnet in India. The same may be established in the year 2016 and that would be a good step to strengthen the Cyber Security Infrastructure of India. This initiative would be in addtion of the initiatives like National Critical Information Infrastructure Protection Centre (NCIPC) of India and National Cyber Security And Coordination Centre (NCSC) Of India. According to a report, Botnet are causing losses upto the extent of $6 Million a month for Online Advertisement Industry alone. The exact estimates of financial and other losses caused by Botnet is not possible as many of them use Deep Web and Dynamic DNS, Fast Flux and Bullet Proof Servers that makes it very difficult to trace and remove such Botnet. Use of Anti Forensics methods coupled with absence of a conclusive Authorship Attribution results in lack of imposing of legal responsibility and criminal prosecution of stakeholders responsible for such Botnet, Malware and Cyber Attacks in majority of cases.
(7) Cloud Computing Cyber Security:Cloud Computing industry and services are still taking a shape in India. Business and Entrepreneurs are still trying to acquaint themselves with the Legal and Regulatory requirements of Cloud Computing in India. Although we have no dedicated Cloud Computing Laws in India yet there are many Techno Legal Cloud Computing Due Diligence requirements in India. Due to the Legal Risks associated with Cloud Computing in India, many believe that use of Cloud Computing is not a viable option in India. The year 2016 would bring enhanced Cyber Law, Cyber Security, Data Protection (PDF) and Privacy Protection obligations upon the Cloud Computing Companies and their Directors.
(8) E-Health Cyber Security: Digital India project of Narendra Modi Government is covering E-Health and M-Health aspects as well. Suitable Legal Framework for E-Health/M-Health is urgently required in India and the same may be done in the year 2016 by Indian Government. A National E-Health Authority (NeHA) of India has already been proposed by Indian Government. Further, Electronic Health Record (EHR) Standards in India have also been formulated by Indian Government. Cyber Security of E-Health and M-Health Applications, Devices and Infrastructure could be stressed in the year 2016 in India.
(9) Critical Infrastructure Protection: Critical Infrastructure Protection (CIP) is a big challenge for both national and international stakeholders. Internet is full of unprotected SCADA systems on which various Critical Infrastructures are blindly relying without any Cyber Security protections. Critical Infrastructure Protection in India (PDF) is not in a good condition and Indian Government needs to work real hard in this regard. Indian Government must take Cyber Security very seriously and it is high time to frame a Critical Infrastructure Policy of India.
(10) CISO Culture: The year 2016 would see an increased appointment and participation of Chief Information Security Officer (CISO) in India. Narendra Modi Government has already appointed Dr. Gulshan Rai as the first CISO of India. Further, Companies in India are increasingly becoming aware that a Chief Information Officer (CIO) is need of the hour to protect the interest of the Company in Digital World and Cyberspace. Keeping this in mind both Enterprises and Indian Government are contemplating to increase spending upon Cyber Security Infrastructures of their respective domains.
We hope this illustrative list of Cyber Security Trends in India 2016 would be informative and our readers and viewers would find it useful.