National Security has undergone a see change these days. It is wrong to assume that the National Security Policy is confined to traditional threats alone. National Security of India is facing many challenges these days that are mainly attributable to the use and abuse of Information and Communication Technology (ICT).
For instance, Cyber Crimes, Cyber Attacks, Cyber Security Incidences, Cyber Warfare, Cyber Terrorism, Cyber Espionage, etc are some of the problems that are peculiar to the contemporary times. These threats are intimidating the National Security of India by striking at the Financial, Economic, Social and Political Environment of India.
An implementable Techno Legal Crisis Management Plan of India for Cyber Attacks and Cyber Terrorism is need of the hour. The National Cyber Coordination Centre (NCCC) of India must also be made operational immediately.
Critical Infrastructure Protection in India must also be ensured by Indian Government. For instance, Supervisory Control and Data Acquisition (SCADA) Systems is a favourite target for Cyber Criminals and Cyber Terrorists. By targeting SCADA these cyber miscreants can damage the Critical Infrastructure of India. We must ensure sufficient Cyber Protection of SCADA Systems in India in general and Critical Infrastructure in particular.
Malware like Stuxnet and Duqu have already shown how Critical Infrastructures and SCADA systems are vulnerable to Cyber Attacks. Indian Critical Infrastructures have also been targeted by these Malware. It is believed that Stuxnet was responsible for shutting down an Indian Communication Satellite. These Malware have also been targeting Indian Nuclear Systems and Facilities.
The National Critical Information Infrastructure Protection Centre (NCIIPC) of India, established under the guidance and control of Defence Research and Development Organisation (DRDO) must also play a more pro active role in this regard.
Although NCIIPC has issued the Guidelines For Protection of National Critical Information Infrastructure in India (PDF) yet the role of NCIIPC in India is still not clear due to absence of a Gazette Notification by the Government of India under section 70A of the Information Technology Act, 2000.
Recently DRDO sought Penal Provisions in National Telecom Security Policy of India for Telecom Companies violating the norms. However, recently the Computer Systems of DRDO and Security Officials were breached and Sensitive Files were leaked. Thus, DRDO must also enhance its own Cyber Security besides managing the Cyber Security of other Institutions.
We must develop Offensive and Defensive Cyber Security capabilities of India. A Cyber Command for Armed Forces of India is already in pipeline. The Cyber Command has also become necessary as Countries across the world have started utilising Cyber Attacks and Malware against others. As per a recent report, U.S. is the Biggest Buyer of Malware in the world. Similarly, Global Cyber Espionage Networks are being actively used to spy and engage in E-Surveillance on other Countries. The command and control servers of Malware FinFisher were also found in 36 countries, including India.
Indian Government must Reconcile Civil Liberties and National Security Requirements in India. While protecting the National Security, Civil Liberties Protection in Cyberspace must also be ensured. Recently, United Nations passed a resolution approving Right to Privacy in the Digital Age.
However, India is in no mood of complying with that resolution. India has launched Illegal and Unconstitutional Projects like Aadhar, Central Monitoring System (CMS), National Intelligence Grid (Natgrid), Crime and Criminal Tracking Networks and Systems (CCTNS), etc without any Parliamentary Oversight and Legal Frameworks. In fact, the Internet Spy System Network and Traffic Analysis System (NETRA) of India has been proposed by Indian Government without any Legal Framework.
There is also a lack of Cyber Security Legal Practice in India. Not many Law Firms are providing Legal Services in the field of Cyber Security as it requires Techno Legal Expertise. Indian Government is planning a Legislation mandating strict Cyber Security Disclosure Norms in India. Further, Cyber Law Due Diligence requirements in India are also going to increase in India.
Cyber Security is an essential part and component of National Security of India. Indian Government must keep this fact in mind and draft a suitable Techno Legal National Security Policy of India.