Cyber security is a very broad field that covers multiple facets of information and communication technology (ICT). One of the segments of cyber security pertains to telecom and mobile cyber security. Mobile cyber security in India is still missing and even mobile banking cyber security in India is in a bad shape. There is an urgent need to ensure mobile cyber security in India.
Recently, the national cyber security policy of India 2013 and national telecom policy of India 2012 were released by Indian government. It would even be better if an implementable national telecom security policy of India is formulated as well as soon as possible.
As of now the telecom service providers of India are openly flouting the laws of India. They are not following the cyber law due diligence in India. For instance, Airtel and Tata Teleservices Limited are violating cyber law of India in general and Internet Intermediary Rules of India in particular. These violations must be punished by Department of Telecommunication (DoT) and Telecom Regulatory Authority of India (TRAI).
Now Business Standard has reported that Defence Research and Development Organisation (DRDO) has communicated to the Department of Telecommunications (DoT) that the proposed National Telecom Security Policy should have a framework to penalise telecom service providers if they fail to abide by the norms. This is a sensible recommendation keeping in mind the cyber security interests of India.
DRDO has said that telecom service providers should endure that user data is not revealed or duplicated or copied or shared with recipients other than those designated by the sender, and should ensure that user data is not being routed outside the infrastructure within India when the end points of communication are inside Indian territory. This means that telecom service providers of India have to comply with the proposed e-mail policy of India.
Of course, there cannot be any bar from disclosure and sharing when the laws of India and foreign jurisdictions as well as court orders warrant so. Similarly, in cases of cyber crimes and cyber security breaches there should be an obligation on the part of Indian telecom service providers to comply with Indian laws. In fact, Indian government is planning a legislation mandating strict cyber security disclosure norms in India.
Telcos will require ensuring authentication of end user, authorised access to services and attribution of activities and payloads to end users. The attribution in the form audit, forensic and tracking mechanisms should ensure tracking of inappropriate use, criminal activities and enforcement of IT and cyber security laws of the Government.
Earlier, the Government had differences with Blackberry over the encrypted message and email services the firm provides to customers. Fearing that such encrypted services can be used to plan and execute terrorist strikes, India had also threatened to ban the providers of such services if they failed to accommodate the legitimate demands of law enforcement agencies.