Healthcare Cyber Security Issues In India For Businesses And Entrepreneurs

Healthcare industry of India is facing novel techno legal issues that were absent few years back. These include issues like techno legal regulatory compliances, cyber security requirements, cyber breach disclosure requirements, obligations of directors of healthcare companies for cyber law and cyber security, privacy compliance, data protection requirements (pdf), etc. This article is discussing the cyber security issues of healthcare industry of India that is equally applicable to healthcare industry of other jurisdictions.

As healthcare industry has started using information and communication technology (ICT) in the form of telemedicine, online pharmacies, e-health, m-health, etc, cyber criminals have found that this industry is a goldmine and a money minting industry. Sophisticated malware are now targeting healthcare industry in the form of ransomware and information stealing malware. These malware are so sophisticated that even cyber security products and services are ineffective against the same.

There is no doubt that ICT has enabled the healthcare industry but at the same time it is also true that there is an increasingly high risk of healthcare cyber security attacks. Healthcare companies of all sizes need to ensure that they are not only regularly reviewing policies and procedures when it comes to privacy protection and data security but also that they are implementing the right cyber security best practices to keep healthcare related information secure. Ransomware is of particular concern to healthcare industry as sensitive healthcare information is encrypted and decrypted only once the ransom is paid.

Healthcare industry is not spending adequate amount on cyber security and is also not good at acquiring cyber law and cyber crimes related knowledge. This has made the healthcare organisations vulnerable to sophisticated cyber attacks. The overall impact of cyber attacks on the hospitals and healthcare systems is estimated to be nearly six billion per year. Furthermore, these organisations face internal threats due to factors such as the use of cloud services, insecure networks, employee negligence, bring your own device (BYOD), lack of internal identification and security systems, stolen devices with unencrypted files, etc. Human beings are the weakest link in the cyber security environment and healthcare organisations are no exception to this rule.

Presently, healthcare cyber security market consists of protection against malware, ddos, advanced persistent threat, spyware, lost and stolen devices, etc. However, the list is just illustrative and the cyber security requirements are as vast as are the options available to the cyber criminals.

Perry4Law Organisation (P4LO) strongly recommends that the healthcare industry must work on three fronts i.e. formulation of techno legal policies, adoption of best cyber security practices and a mechanism to ensure cyber breach disclosure and coordination with the statutory and government authorities. If any of these three stages is missing, then the concerned healthcare organisation is at graver risk of cyber attacks and loss of sensitive healthcare information.

Cyber Security Infrastructure In India

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLB3Infrastructure is the backbone of any nation. Infrastructure’s shape and nature has been changing from time to time. With the advancement in technology, infrastructure is also dependent upon many facets of information and communication technology (ICT). This has made the task both easier and dangerous. Infrastructure utilisation has become easier with use of sophisticated technology whereas this use of technology has also made these infrastructures vulnerable to various forms of cyber attacks.

At Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) we believe that the Cyber Security Infrastructure of India must be urgently established by Indian Government. We also recommend that a Cyber Attack Crisis Management Plan of India must also be formulated as soon as possible. Further, the Cyber Security Policy of India 2015 must also be formulated by Indian Government on a priority basis as the 2013 policy is highly defective in nature.

This Cyber Security Policy must address the issues of Cyber Attacks and Cyber Terorrism, prventing Cyber Attacks on Power Utilities, Cyber Security of Indian Satellites and Critical Infrastructure, International Legal Issues of Cyber Security, Conflict of Laws in Cyberspace, formulation of a Techno Legal Framework, Cyber Security Disclosure Norms, etc.

We are living in an era of Cyber Warfare, Cyber Terrorism, Cyber Espionage, etc. To make the matter worst, we have no International Harmonisation and Regulatory Framework for areas like Cyber Law, Cyber Security, Cyber Terrorism, Cyber Warfare, Cyber Espionage, etc. Even the Tallinn Manual on the International Law is not Applicable to International Cyber Warfare Attacks and Defence. In the absence of International Harmonisation and this “Great Legal Void”, Nations are free to Interpret and Apply their own “Norms and Regulations” to International Cyber Security Issues.

As far as India is concerned, Cyber Security in India has now become an essential part of Indian Polity and Economic Affairs. For instance, the Cyber Security Policy of India would be formulated very soon. However, Cyber Security has still not been understood and applied in true perspective. We have to think about Cyber Security beyond Anti Virus, Firewalls and Hardware and Software Procurements.

To start with, Cyber Security Skills Development in India must be ensured. Without a “Capable Cyber Security Workforce”, India cannot have an Effective Cyber Security. Similarly, in the absence of adequate Skills, Offensive and Defensive Cyber Security Capabilities of India cannot be achieved.

Malware have become “Sophisticate and State Sponsored” these days. Take the examples of malware like Stuxnet, Duqu, Flame, etc that are not works of Script Kiddies but Professional Programmers and Coders hired by various Nations. Clearly, the face of Cyber Attacks and Cyber Security is changing rapidly and firewalls and Anti Virus Software stands nowhere in this scenario.

Signatures based Anti Virus Software are “Long Dead” and so are simple Firewalls. Ironically, Anti Virus Updates are Potential Tool to Install Malware, Steal Information and Launch Cyber Warfare Attacks. We need a totally different Cyber Security Infrastructure for India as on date.

Today the Malware game has reached a totally different level. Malware are not used for Fun anymore. Neither are they used for merely stealing information. Malware today are also used for rendering Computer Systems and Devices useless. The Wiper Malware overwrites the Master Boot Record (MBR) and corrupt relevant portion of the Hard Disk. When the Computer cannot be booted, it cannot serve any purpose.

Critical Infrastructure Protection in India is another aspect that must be considered “Very Seriously” by Indian Government. The National Critical Information Infrastructure Protection Centre (NCIPC) of India must be made “Operational” as soon as possible. The Internet is Full of Unprotected and Unsafe Devices, SCADA Systems and Computers. Further, SCADA has become the new Cyber Attack Battlefield for India. The Cyber Security of Power Sector in India needs to be streamlined. Power Grids Cyber Security in India and its Challenges are now well known. Similarly, Healthcare and Medical/Life Sciences Industries are under Cyber Attack thereby risking the Lives of millions.

India must also “Absolutely Ensure” Human Rights Protection in Cyberspace. While doing so Civil Liberties and National Security Requirements Must be Reconciled by India. Issues like E-Surveillance in India, Cell Site Location Based E-Surveillance in India, Surveillance of Internet Traffic in India,  Central Monitoring System (CMS) for Telephone Tapping in India, etc must be “Thoroughly Analysed” before implementing them. E-Surveillance Tools like FinFisher must be avoided at all costs.

Some “Positive Developments” have already been undertaken by Indian Government in this direction. For instance, a National Cyber Coordination Centre (NCCC) of India has been proposed to be established by Indian Government. Similarly, Regulations and Guidelines for Effective Investigation of Cyber Crimes in India may also be formulated very soon. The Indian Cyber Security Policy would be formulated very soon. The Critical Information Infrastructure Protection Agency of India may also be constituted soon. Finally, Indian Government is planning a Legislation Mandating Strict Cyber Security Disclosure Norms in India. As on date we have no dedicated Cyber Security Laws in India.

We at P4LO and PTLB wish Indian Government all the best for its Cyber Security Endeavours.

Cyber Security Disclosure Norms In India Needed: CECSRDI

Cyber Security Disclosure Norms In India Needed CECSRDICyber security is a very crucial priority of nations around the world. India is also in the process of streamlining of its cyber security infrastructure but its efforts in this regard are neither coordinated nor sufficient. For instance, we do not have a dedicated cyber security law of India that is need of the hour. Further, there is also a dire need to bring a techno legal framework keeping in mind contemporary cyber security threats and challenges.

Almost 2 years back, Indian Government decided to formulate a legislation that would ensure strict cyber security disclosure norms. As per the then proposed legislation, if a company faced cyber attack or cracking incidence, the company would be required to disclose to its clients the impact of such an incident on the safety of their data and information. The company may also be required to inform government or its agency about such incidence.

At that time there was no chief information security officer (CISO) of India and this position has been recently created by Modi Government by appointing Dr. Gulshan Rai for this post. This may be the first step towards creating a more robust cyber security regime in India. This may also be the base for introducing cyber security breaches disclosure norms in India that can be reported to the CISO or any other designated authority in this regard.

We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance.

CECSRDI also strongly recommends formulating the cyber security breaches disclosure norms in India by Indian Government as soon as possible. We also suggest that a dedicated cyber security law of India must also be enacted by India as India has launched policy initiatives like Digital India and Internet of Things (PDF) that would require strong cyber laws. CECSRDI believes that cyber security best practices must be formulated by Indian Government that must be followed in true letter and spirit by all stakeholders.

In the absence of a coordinated and holistic policy implementation, Digital India is already heading towards rough waters. There are many shortcomings of Digital India, Aadhaar and IoT policy initiatives of Indian Government and they must be removed as soon as possible. Absence of adequate cyber security is a common problem for Digital India, Aadhaar and IoT projects. It seems the worst performance of Modi Government pertains to cyber security field where Modi Government seems to have lost the track.

Recently Target Corporation faced a cyber breach and this exposed it to litigations in multiple jurisdictions. The moot question is whether target has failed to observe cyber due diligence regarding this particular breach. The cyber law due diligence (PDF) is neglected in India with impunity. Indian Government is also not pro active in taking such neglected obligations very seriously and this has made the entire concept of cyber law due diligence in India a joke only.

No body takes Indian cyber law seriously and e-commerce websites are openly flouting the cyber law of India by not following the cyber law due diligence and cyber security best practices requirements.  In order to effectively enforce cyber security relations obligations, cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies.

Cyber law and cyber security awareness at the schools level must also be ensured. School children in India must be suitably educated about cyber issues. Recently the Central Board of Secondary Education (CBSE) issued directions to curb bullying/cyber bullying and sexual abuses at schools. Without actual implementations these are mere guidelines that are issued every year with little impact. CECSRDI strongly recommends that not only these guidelines/directions must be stringently implemented by CBSE but even cyber law and cyber security awareness must be spread by CBSE among school students. Schools must also be required to notify about any cyber security breaches at their premises.

The task is difficult but not impossible to achieve. CECSRDI wishes all the best to Modi Government in its cyber security initiatives and projects and hopes that Modi government would actually start working in this direction as soon as possible.

NSA May Have Used Equation Group To Indulge In Illegal E-Surveillance: Kaspersky Lab

NSA May Have Used Equation Group To Indulge In Illegal E-Surveillance Kaspersky LabHardware and software based malware are very common these days. They have also become the favourite tool of intelligence agencies around the world to snoop upon their targets. Kaspersky Lab recently revealed that intelligence agencies used hardware based stealth malware to do eavesdropping upon targets of interest. Similarly, it has also been reported that the pre installing of Adware in laptops by Lenovo compromised the cyber security of these infected laptops.

Now Kaspersky Lab has further reveled that the U.S. National Security Agency (NSA) may have been planting surveillance software into hard drives and other essential computer equipment sold around the world for more than a decade through Equation Group. The Equation Group manipulated hard drives manufactured by Toshiba, Seagate, IBM, Western Digital and others dating back as far as 2001.

This has serious national security, telecom security and civil liberties implications around the world. For instance, Indian government has still not notified the norms for import of telecom equipments in India and has been postponing the same from time to time. This means such malware ridden hardware can be easily imported into India and they can be dangerously deployed for critical infrastructures (PDF). In fact, Huawei was accused of breaching national security of India by hacking base station controller in AP. Even the national cyber security policy of India 2013 is not at all effective in meeting the cyber security requirements of India.

Costin Raiu, Kaspersky’s lead researcher on the project, informed that while the Equation Group was able to steal files on any of the infected computers, they assumed full control only of computers used by high-value targets. Malicious firmware and BIOS are also big security threats for all stakeholders. Persistent BIOS infection using hidden rootkit is especially annoying and a major cyber security threat for India.

India needs to develop both offensive and defensive cyber security capabilities to tackle sophisticated cyber attacks. Cyber security breaches are increasing world over and India has its own share of the same. In this inter connected world, cyber security has become a major challenge for all countries. As on date the international legal issues of cyber attacks have yet to be resolved.

There are many cyber security challenges before the Narendra Modi Government. As per the cyber security trends of India 2015 by Perry4Law Organisation (P4LO), India needs to take urgent steps to strengthen its cyber security infrastructure. We believe that cyber security should be an integral part of the national security of India.

Narendra Modi Government has already started working in this direction. The Prime Minister Office (PMO) has already appointed Dr. Gulshan Rai as the first chief information security officer (CISO) of India. This is a significant step in the direction of strengthening of cyber security infrastructure of India.

Secondly, Narendra Modi has suggested to Nasscom that a task force be set up to solve the growing cyber security menace in India. According to Nasscom the taskforce would be constituted within a period of one month. We believe such a task force would provide valuable suggestions and implementation plans to strengthen Indian cyber security.

However, it would not be an easy task to ward off sophisticated and stealth malware that are the real problem for India. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) strongly recommend that indigenous capabilities in the hardware and software development must be developed by India to avoid possible malware and backdoors. We also recommend that a new cyber security policy of India 2015 must be urgently formulated by Indian Government keeping in mind the requirement and need of a techno legal framework in India.

Analysis Of National Cyber Security Policy Of India 2013 (NCSP-2013) And Indian Cyber Security Infrastructure

Analysis Of National Cyber Security Policy Of India 2013 (NCSP-2013) And Indian Cyber Security InfrastructureThe National Cyber Security Policy of India 2013 (NCSP 2013) (PDF) was announced by Indian Government in 2013. The policy aims to build a secure and resilient cyberspace for citizens, business and government. Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) welcome this initiative of Indian government that can help in strengthening of Indian cyber security infrastructure.

The mission of the policy is to protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimise damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

The objectives of the policy are:

(a) To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.

(b) To create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology & people).

(c) To strengthen the Regulatory Framework for ensuring a Secure Cyberspace Ecosystem.

(d) To enhance and create National and Sectoral level 24×7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions.

(e) To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.

(f) To create workforce for 5, 00,000 professionals skilled in next 5 years through capacity building skill development and training.

(g) To provide fiscal benefit to businesses for adoption of standard security practices and processes.

(h) To enable Protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen’s data and reducing economic losses due to cyber crime or data theft.

(i) To enable effective prevention, investigation and prosecution of cyber crime and enhancement of law enforcement capabilities through appropriate legislative intervention.

Some of the shortcomings of the policy are:

(1) The declared cyber security policy has proved to be a paper work alone with no actual implementation till date.

(2) The cyber security trends and developments in India 2013 (PDF) have listed the shortcomings of Indian cyber security policy in general and Indian cyber security initiatives in particular.

(3) Indian cyber security policy has failed to protect civil liberties of Indians including privacy rights.

(4) Civil liberties protection in cyberspace has been blatantly ignored by Indian government and e-surveillance projects have been kept intact by the Narendra Modi government.

(5) The offensive and defensive cyber security capabilities of India are still missing.

(6) India is considered to be a sitting duck in cyberspace and cyber security field and the proposed cyber security policy has failed to change this position.

In short, India is not at all cyber prepared despite the contrary claims and declared achievements and the cyber security policy is just another policy document with no actual implementation and impact so far. Nevertheless, the policy is a positive step in the right direction.

Some of the related areas where Indian cyber security initiatives needs strengthening include international cyber security cooperation (PDF), critical ICT infrastructure protection (PDF), formulation of a cyber warfare policy of India (PDF), formulation of an encryption policy of India (PDF), reenactment of Indian cyber and telegraph laws, etc.

Meanwhile, India has been witnessing some new concerns and areas in the cyber field. For instance, cyber insurance, participation at Wassenaar Arrangement, intelligence agencies reforms, modernisation of police force, cyber security of banks, etc are some of the recent areas and developments that India has witnessed. Similarly, establishment of national cyber coordination centre (NCCC) of India and national critical information infrastructure protection centre of India (NCIIPC) are also good initiatives on the part of Indian government. The National Technical Research Organisation (NTRO) has also been entrusted with the duty to protect critical infrastructures of India.

The cyber security challenges in India would increase in the future as India has adopted the Digital India initiative and India must be well prepared to deal with the same. The sooner it is done the better it would be for the interest of our nation.

National Cyber Security And Coordination Centre (NCSC) Of India Under Consideration

Shri. Ravi Shankar Prasad, Minister of Telecommunications and Information TechnologyCyber security has never been a priority for Indian government. The cyber security trends and developments in India 2013 (PDF) have depicted this sad position of India cyber security. At this stage when the national cyber security issues are ignored by India it is very difficult to manage international legal issues of cyber attacks. The conflict of laws in cyberspace has added their own techno legal complicities to this situation. As a result India is considered to be a soft target and sitting duck in cyberspace.

Now there are some positive reports that cyber security in India would be strengthened. Cyber security has been made part and parcel of a larger initiative known as “Digital India”. In the past, a National Cyber Coordination Centre (NCCC) of India was proposed by Indian government. However, it remained on books alone as it was never constituted till now.

In January 2014 the Congress Government decided to launch the NCCC. However, NCCC never saw the light of the day. Now BJP Government is planning to launch the NCCC very soon. We at Perry4Law and Perry4Law’s Techno Legal Base (PTLB) welcome this move of Narendra Modi Government. There would be inter-ministerial discussions, before sending the proposal to the Cabinet. The Government is expected to send the proposal to the Cabinet in the next 15 days.

The NCCC proposal is a significant development as both NCCC and the National Critical Information Infrastructure Protection Centre (NCIPC) of India have failed to function properly so far. This has severely impacted the critical Infrastructure Protection in India (PDF). Perhaps, this is a good time to formulate Critical ICT Infrastructure Protection Policy of India as well. As an interim measure, it has been decided in the past that NTRO would protect the Critical ICT Infrastructures of India. A Tri Service Cyber Command for Armed Forces of India is also in pipeline.

Some policy decisions in the field of cyber security have already been taken by Congress Government. These include constitution of NCCC and NCIPC, formulation of a National Cyber Security Policy of India 2013 (NCSP 2013) and National Infrastructure Protection Plan in Thermal Power Sector of India, etc. The BJP Government is not doing anything new but making the efforts to implement exiting projects of Congress Government.

Of course, BJP Government can formulate and implement a working Cyber Attacks Crisis Management Plan of India, Cyber Warfare Policy of India (PDF), etc. Internet is full of unprotected and unsafe devices, SCADA Systems and computers and India has her own share of such unprotected devices. Cross border cyber crimes are also difficult to trace and resolve. The proposed NCCC and NCIPC would come handy in many cyber situations and we welcome the move and efforts of Shri. Ravi Shankar Prasad, Minister of Telecommunications and Information Technology in this regard.

Global Crackdown On Malware Blackshades Results In 90 Arrests Globally

Global Crackdown On Malware Blackshades Results In 90 Arrests GloballyHuman beings are the weakest link in cyber security chain and this was once again proved during the latest crackdown upon crackers and cyber criminals using the malware Blackshades. There were 700,000 estimated victims, whose computers have been hijacked by criminals using the Blackshades software. The crackdown was organised by law enforcement agencies of 19 countries around the world. This has also resulted in the arrest of 90 accused for allegedly using the malware. Among those arrested, in Moldova, was a Swedish hacker who was a co-creator of Blackshades.

Blackshades is another remote administration tool (RAT) that can compromise victim’s security and covertly activate his/her webcam. The modus operendi of infecting a victim’s computer is use of age old social engineering tactics using e-mail and other forms of electronic messages. Sending of a malicious link through e-mail and luring the victim to click the same is a common form of cyber attack that is very prevalent these days. Users of Blackshades also utilised this technique besides physically installing the malware wherever possible. The malware was used to commit various cyber crimes ranging from extortion to bank fraud.

Last week, watching it all play out were about two dozen FBI cyber crime investigators holed up in the New York FBI’s special operations center, high above lower Manhattan.  Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed. The sweep, capping a two-year operation, is one of the largest global cyber crime crackdowns ever. It was coordinated so suspects didn’t have time to destroy evidence.

Malware like Blackshades are successful because many computer users do not update anti-virus software. Many click on links sent in messages on social media sites such as Facebook, or in email, without knowing what they are clicking on. In seconds, malware is downloaded. Often computer users have no idea infection has taken place.

Cyber Security Laws In India Needed

Cyber Security Laws In India NeededThe correlation between a legal framework and cyber security is not difficult to anticipate and conceptualise. Cyber security compliances require adherence to certain well established legal principles. The moment a cyber security breach occurs; many legal issues and compliance requirements are automatically invoked.

For instance, in a typical cyber attack, it becomes imperative to ascertain and find the originator of such attack. The requirements to engage in first instance analysis, e-discovery and cyber forensics also arise due to such cyber attack. The reporting requirement to the compliance and regulatory authorities also arise.

However, none of this applies to Indian companies and individuals that are facing cyber attacks no matter howsoever sophisticated and damaging such cyber attack are. In India companies and individuals are not reporting cyber security breaches and attacks to the government and its agencies. The cyber security trends and developments in India 2013 (PDF) short listed all these shortcomings of Indian cyber security initiatives.

The Indian government has in the past declared that cyber security breach disclosure norms of India would be formulated very soon. However, till now no action has been taken in this regard and companies and individuals are still not reporting cyber security breached to Indian government and its agencies.

For instance, cyber crimes and cyber attacks against banks of India is a very common phenomenon in India. However, banks of India are not only lax while maintaining cyber security but they are also not disclosing such cyber crimes and cyber attacks due to fear of adverse publicity and regulatory penalties. This is creating more problems for the bank customers in general and banking cyber security in India in particular.

The Information Technology Act, 2000 (IT Act 2000) is the sole cyber law of India. However, it is not capable of forcing the companies and individuals to disclose cyber security breaches and cyber crimes. Nevertheless, the rules under the IT Act, 2000 prescribe cyber law due diligence (PDF), internet intermediary liability, reasonable cyber security practices, etc. they indirectly cover some aspects of cyber security disclosure norms. But they are not sufficient to meet the demands of present times.

Indian Parliament needs to enact a dedicated cyber security law of India that can cater all these regulatory and compliance requirements. Such a law needs to take into consideration techno legal requirements of cyber security. The sooner such a law is enacted the better it would be for the national interest of India as cyber security is an essential and integral part of the national security policy of India.

Cyber Attacks Are Targeting Bitcoin Users And Bitcoin Exchanges

Cyber Attacks Are Targeting Bitcoin Users And Bitcoin ExchangesCyber crimes and cyber attacks have taken a professional shape unlike traditional hobby based exercises. Now we have well organised crime syndicates that try their hands on anything that is lucrative and profit making. The latest to add to this list is the Bitcoins. The Bitcoins users are facing increased cyber attacks around the world and stealing of Bitcoins has become a normal phenomenon these days.

The Bitcoin exchanges around the world are facing numerous challenges. These include challenges from the point of view of laws, technical aspects, cyber security, etc. In India the Reserve Bank of India (RBI) issued an advisory cautioning Bitcoin users and Bitcoin exchanges of India of potential legal and security risks.

Cyber criminals have also realised the significance of Bitcoins as a potential virtual currency of the future. They have been using novel methods to steal Bitcoins from innocent users. In the absence of appropriate cyber security awareness and inadequate cyber security safeguards, Bitcoins ate stolen very frequently.

Third party applications are now bundled with illegal Bitcoins miners. .Recently, the E-Sports Entertainment LLC (ESEA) entered into a consent judgment for creating ESEA Botnet and violation of U.S. laws. Cyber criminals have also infected hundreds of thousands of computers with a malware known as “Pony” to steal Bitcoins and other digital currencies.

Thus, cyber security of Bitcoins exchanges and personal computers of Bitcoin users holding their virtual currency is a real challenge. Let us see how this highly volatile virtual currency would survive the sophisticated cyber attacks in the future.

Tri Service Cyber Command For Armed Forces Of India In Pipeline

Tri Service Cyber Command For Armed Forces Of India In PipelineCyber security in India is not upto the mark and as per the expectations. While the cyber attacks are becoming very targeted and highly sophisticated yet India has not made even the most basic efforts to secure its cyberspace. The cyber security trends and developments in India 2013 provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) has also outlined many crucial issues (PDF) that are missing from Indian cyber security initiatives.

For instance, India has no cyber warfare policy. A dedicated cyber warfare policy of India (PDF) must be formulated as soon as possible. Similarly, the critical infrastructure protection in India and its problems, challenges and solutions (PDF) are still to be looked into with great priority. It is only now that India has declared that NTRO would protect the Critical ICT Infrastructures of India.

Similarly, a cyber command for Armed Forces of India was in pipeline for long. Now some progress in this regard has taken place. It has been reported that to counter various forms of cyber attacks, India would soon set up a tri-service cyber command. This development was long due but there was little progress in this regard.

The ministry of defence has a draft on the subject ready which the cabinet committee on security, headed by the prime minister, would be taking up for discussion in the days to come. A note for the cabinet committee on security has been prepared for setting up the tri-service cyber command.

Sources said the office of the chairman, chief of staff committee, has written a detailed note to defence minister AK Antony regarding setting up cyber command. Officials, privy to drafting the cabinet note, have explained that the need to have a cyber command has been felt for a long time, as the cyber security infrastructure of India is “weak”.

This is evident from recent incidents of cyber attacks on India. Last year, Chinese hackers broke into sensitive computer systems at the headquarters of the Eastern Naval Command in Visakhapatnam, where the indigenous nuclear submarine Arihant has been undergoing sea trials.

Recently, Defence Research and Development Organisation (DRDO) computer systems were breached and sensitive files were leaked. A top defence ministry officer admitted that India has delayed on the cyber security front. “Cyber command would ensure both offensive and defensive cyber security capabilities. Issues like cyber warfare, cyber espionage and cyber terrorism, etc. would be taken care of by a cyber command.

Prime Minister Manmohan Singh, while addressing the combined commanders conference in November, highlighted the need for developing capacities to counter what he described as “global surveillance operations”.

That NSA whistleblower Edward Snowden had allegedly collected information and intercepted communications in India has lent urgency to setting up a cyber command. As per a recent report, the US is the biggest buyer of malware in the world. Global cyber espionage networks are being actively used to spy on other countries. The command and control servers of malware FinFisher were also found in 36 countries, including India.